Beispiel #1
0
    def setup_apache2(self):
        os.makedirs('/etc/apache2/ssl', exist_ok=True)
        ssl.generate_selfsigned(keyfile='/etc/apache2/ssl/private.key',
                                certfile='/etc/apache2/ssl/cert.crt',
                                keysize=2048,
                                cn=get_unit_hostname())

        ctxt_gens = [{
            'template': 'apache2/ports.conf.j2',
            'output': '/etc/apache2/ports.conf',
            'context': {
                'http_port': self.config['http-port'],
                'https_port': self.config['https-port']
            }
        }, {
            'template': 'apache2/simplesamlphp.conf.j2',
            'output': '/etc/apache2/sites-available/simplesamlphp.conf',
            'context': {
                'http_port': self.config['http-port'],
                'https_port': self.config['https-port']
            }
        }]
        render_configs(ctxt_gens)

        subprocess.check_call(['a2enmod', 'ssl'])
        subprocess.check_call(
            ['a2dissite', '000-default.conf', 'default-ssl.conf'])
        subprocess.check_call(['a2ensite', 'simplesamlphp.conf'])

        service_restart('apache2')
Beispiel #2
0
 def test_generate_selfsigned_file(self, mock_call):
     ssl.generate_selfsigned("mykey.key", "mycert.crt", config="test.cnf")
     mock_call.assert_called_with([
         '/usr/bin/openssl', 'req', '-new', '-newkey', 'rsa:1024', '-days',
         '365', '-nodes', '-x509', '-keyout', 'mykey.key', '-out',
         'mycert.crt', '-config', 'test.cnf'
     ])
Beispiel #3
0
 def test_generate_selfsigned_cn_key(self, mock_call):
     ssl.generate_selfsigned("mykey.key",
                             "mycert.crt",
                             keysize="2048",
                             cn="mysite.example.com")
     mock_call.assert_called_with([
         '/usr/bin/openssl', 'req', '-new', '-newkey', 'rsa:2048', '-days',
         '365', '-nodes', '-x509', '-keyout', 'mykey.key', '-out',
         'mycert.crt', '-subj', '/CN=mysite.example.com'
     ])
Beispiel #4
0
def generate_cert(common_name=None,
                  key='/srv/kubernetes/apiserver.key',
                  cert='/srv/kubernetes/apiserver.crt'):
    """
    Create the certificate and key for the Kubernetes tls enablement.
    """
    hookenv.log('Generating new self signed certificate and key', 'INFO')
    if not common_name:
        common_name = hookenv.unit_get('public-address')
    if os.path.isfile(key) or os.path.isfile(cert):
        hookenv.log('Overwriting the existing certificate or key', 'WARNING')
    hookenv.log('Generating certificate for {0}'.format(common_name), 'INFO')
    # Generate the self signed certificate with the public address as CN.
    # https://pythonhosted.org/charmhelpers/api/charmhelpers.contrib.ssl.html
    ssl.generate_selfsigned(key, cert, cn=common_name)
Beispiel #5
0
def generate_cert(common_name=None,
                  key='/srv/kubernetes/apiserver.key',
                  cert='/srv/kubernetes/apiserver.crt'):
    """
    Create the certificate and key for the Kubernetes tls enablement.
    """
    hookenv.log('Generating new self signed certificate and key', 'INFO')
    if not common_name:
        common_name = hookenv.unit_get('public-address')
    if os.path.isfile(key) or os.path.isfile(cert):
        hookenv.log('Overwriting the existing certificate or key', 'WARNING')
    hookenv.log('Generating certificate for {0}'.format(common_name), 'INFO')
    # Generate the self signed certificate with the public address as CN.
    # https://pythonhosted.org/charmhelpers/api/charmhelpers.contrib.ssl.html
    ssl.generate_selfsigned(key, cert, cn=common_name)
Beispiel #6
0
    def test_generate_selfsigned_failure(self, mock_log):
        # This is NOT enough, function requires cn key
        subject = {"country": "UK", "locality": "my_locality"}

        result = ssl.generate_selfsigned("mykey.key",
                                         "mycert.crt",
                                         subject=subject)
        self.assertFalse(result)
Beispiel #7
0
    def test_generate_selfsigned_dict(self, mock_call):
        subject = {
            "country": "UK",
            "locality": "my_locality",
            "state": "my_state",
            "organization": "my_organization",
            "organizational_unit": "my_unit",
            "cn": "mysite.example.com",
            "email": "*****@*****.**"
        }

        ssl.generate_selfsigned("mykey.key", "mycert.crt", subject=subject)
        mock_call.assert_called_with([
            '/usr/bin/openssl', 'req', '-new', '-newkey', 'rsa:1024', '-days',
            '365', '-nodes', '-x509', '-keyout', 'mykey.key', '-out',
            'mycert.crt', '-subj', '/C=UK/ST=my_state/L=my_locality'
            '/O=my_organization/OU=my_unit'
            '/CN=mysite.example.com'
            '/[email protected]'
        ])
Beispiel #8
0
    def setup_simplesamlphp(self):
        if os.path.exists(self.DEST_DIR):
            os.rmdir(self.DEST_DIR)

        version = self.config.get('simple-saml-php-version')
        archive_handler = ArchiveUrlFetchHandler()
        retry_on_error()(archive_handler.install)(
            source='{0}/v{1}/simplesamlphp-{1}.tar.gz'.format(
                self.BASE_DOWNLOAD_URL, version),
            dest=os.path.dirname(self.DEST_DIR))
        os.rename('{0}-{1}'.format(self.DEST_DIR, version), self.DEST_DIR)

        key_file = '{0}/cert/server.pem'.format(self.DEST_DIR)
        cert_file = '{0}/cert/server.crt'.format(self.DEST_DIR)
        ssl.generate_selfsigned(keyfile=key_file,
                                certfile=cert_file,
                                keysize=2048,
                                cn=get_unit_hostname())
        uid = pwd.getpwnam(self.APACHE_USER).pw_uid
        gid = grp.getgrnam(self.APACHE_GROUP).gr_gid
        os.chown(key_file, uid, gid)
        os.chown(cert_file, uid, gid)