def _sign_csr(csr_text, ca_folder): with utils.tempdir() as tmpdir: inbound = os.path.join(tmpdir, 'inbound.csr') outbound = os.path.join(tmpdir, 'outbound.csr') with open(inbound, 'w') as csrfile: csrfile.write(csr_text) LOG.debug(_('Flags path: %s'), ca_folder) start = os.getcwd() # Change working dir to CA if not os.path.exists(ca_folder): os.makedirs(ca_folder) os.chdir(ca_folder) utils.execute('openssl', 'ca', '-batch', '-out', outbound, '-config', './openssl.cnf', '-infiles', inbound) out, _err = utils.execute('openssl', 'x509', '-in', outbound, '-serial', '-noout') serial = string.strip(out.rpartition('=')[2]) os.chdir(start) with open(outbound, 'r') as crtfile: return (serial, crtfile.read())
def revoke_cert(project_id, file_name): """Revoke a cert by file name.""" start = os.getcwd() os.chdir(ca_folder(project_id)) # NOTE(vish): potential race condition here utils.execute('openssl', 'ca', '-config', './openssl.cnf', '-revoke', file_name) utils.execute('openssl', 'ca', '-gencrl', '-config', './openssl.cnf', '-out', FLAGS.crl_file) os.chdir(start)
def _ensure_project_folder(project_id): if not os.path.exists(ca_path(project_id)): geninter_sh_path = os.path.join(os.path.dirname(__file__), 'CA', 'geninter.sh') start = os.getcwd() os.chdir(ca_folder()) utils.execute('sh', geninter_sh_path, project_id, _project_cert_subject(project_id)) os.chdir(start)
def generate_key_pair(bits=1024): # what is the magic 65537? with utils.tempdir() as tmpdir: keyfile = os.path.join(tmpdir, 'temp') utils.execute('ssh-keygen', '-q', '-b', bits, '-N', '', '-t', 'rsa', '-f', keyfile) fingerprint = _generate_fingerprint('%s.pub' % (keyfile)) private_key = open(keyfile).read() public_key = open(keyfile + '.pub').read() return (private_key, public_key, fingerprint)
def ensure_ca_filesystem(): """Ensure the CA filesystem exists.""" ca_dir = ca_folder() if not os.path.exists(ca_path()): genrootca_sh_path = os.path.join(os.path.dirname(__file__), 'CA', 'genrootca.sh') start = os.getcwd() if not os.path.exists(ca_dir): os.makedirs(ca_dir) os.chdir(ca_dir) utils.execute("sh", genrootca_sh_path) os.chdir(start)
def decrypt_text(project_id, text): private_key = key_path(project_id) if not os.path.exists(private_key): raise exception.ProjectNotFound(project_id=project_id) try: dec, _err = utils.execute('openssl', 'rsautl', '-decrypt', '-inkey', '%s' % private_key, process_input=text) return dec except exception.ProcessExecutionError: raise exception.DecryptionFailure()
def setup(app): print "**Autodocumenting from %s" % os.path.abspath(os.curdir) rv = utils.execute('./doc/generate_autodoc_index.sh') print rv[0]
def _generate_fingerprint(public_key_file): (out, err) = utils.execute('ssh-keygen', '-q', '-l', '-f', public_key_file) fingerprint = out.split(' ')[1] return fingerprint
def setup(app): rootdir = os.path.abspath(app.srcdir + '/..') print "**Autodocumenting from %s" % rootdir os.chdir(rootdir) rv = utils.execute('./generate_autodoc_index.sh') print rv[0]