Add documentation for the self service system
[cacert-infradocs.git] / tools / ssh_host_keys.py
1 #!/usr/bin/env python3
2
3 import argparse
4 import os.path
5 import subprocess
6 from glob import glob
7
8 SUPPORTED_SSH_KEY_TYPES = ("RSA", "DSA", "ECDSA", "ED25519")
9 HASH_ALGORITHMS = ("SHA256", "MD5")
10
11
12 if __name__ == "__main__":
13 parser = argparse.ArgumentParser(
14 description=(
15 "Convert a set of ssh host keys to the syntax expected by the "
16 "sshkeys directive of the CAcert infrastructure documentation"
17 )
18 )
19 parser.add_argument("root", metavar="ROOT", type=str, help="root directory")
20 args = parser.parse_args()
21
22 keys = {}
23 for host_key in glob(os.path.join(args.root, "etc/ssh", "ssh_host_*key.pub")):
24 for algorithm in HASH_ALGORITHMS:
25 fp = (
26 subprocess.check_output(
27 ["ssh-keygen", "-l", "-E", algorithm, "-f", host_key]
28 )
29 .decode("ascii")
30 .strip()
31 .split()
32 )
33 key_type = fp[3][1:-1]
34 keys.setdefault(key_type, {})
35 keys[key_type][algorithm] = fp[1]
36
37 max_length = max(
38 [len(key) for key in keys.keys() if key in SUPPORTED_SSH_KEY_TYPES]
39 )
40
41 print(".. sshkeys::")
42 for typ, key_dict in [
43 (typ, keys[typ]) for typ in SUPPORTED_SSH_KEY_TYPES if typ in keys
44 ]:
45 print(
46 " :{}:{} {}".format(
47 typ,
48 " " * (max_length - len(typ)),
49 " ".join([key_dict[algorithm] for algorithm in HASH_ALGORITHMS]),
50 )
51 )