def generate_x509_cert(user_id, project_id, bits=1024): """Generate and sign a cert for user in project.""" subject = _user_cert_subject(user_id, project_id) tmpdir = tempfile.mkdtemp() keyfile = os.path.abspath(os.path.join(tmpdir, 'temp.key')) csrfile = os.path.join(tmpdir, 'temp.csr') utils.execute('openssl', 'genrsa', '-out', keyfile, str(bits)) utils.execute('openssl', 'req', '-new', '-key', keyfile, '-out', csrfile, '-batch', '-subj', subject) private_key = open(keyfile).read() csr = open(csrfile).read() shutil.rmtree(tmpdir) (serial, signed_csr) = sign_csr(csr, project_id) fname = os.path.join(ca_folder(project_id), 'newcerts/%s.pem' % serial) cert = {'user_id': user_id, 'project_id': project_id, 'file_name': fname} db.certificate_create(context.get_admin_context(), cert) return (private_key, signed_csr)
def generate_x509_cert(user_id, project_id, bits=2048): """Generate and sign a cert for user in project.""" subject = _user_cert_subject(user_id, project_id) with utils.tempdir() as tmpdir: keyfile = os.path.abspath(os.path.join(tmpdir, "temp.key")) csrfile = os.path.abspath(os.path.join(tmpdir, "temp.csr")) utils.execute("openssl", "genrsa", "-out", keyfile, str(bits)) utils.execute("openssl", "req", "-new", "-key", keyfile, "-out", csrfile, "-batch", "-subj", subject) with open(keyfile) as f: private_key = f.read() with open(csrfile) as f: csr = f.read() (serial, signed_csr) = sign_csr(csr, project_id) fname = os.path.join(ca_folder(project_id), "newcerts/%s.pem" % serial) cert = {"user_id": user_id, "project_id": project_id, "file_name": fname} db.certificate_create(context.get_admin_context(), cert) return (private_key, signed_csr)
def generate_x509_cert(user_id, project_id, bits=2048): """Generate and sign a cert for user in project.""" subject = _user_cert_subject(user_id, project_id) with utils.tempdir() as tmpdir: keyfile = os.path.abspath(os.path.join(tmpdir, 'temp.key')) csrfile = os.path.abspath(os.path.join(tmpdir, 'temp.csr')) utils.execute('openssl', 'genrsa', '-out', keyfile, str(bits)) utils.execute('openssl', 'req', '-new', '-key', keyfile, '-out', csrfile, '-batch', '-subj', subject) with open(keyfile) as f: private_key = f.read() with open(csrfile) as f: csr = f.read() (serial, signed_csr) = sign_csr(csr, project_id) fname = os.path.join(ca_folder(project_id), 'newcerts/{0!s}.pem'.format(serial)) cert = {'user_id': user_id, 'project_id': project_id, 'file_name': fname} db.certificate_create(context.get_admin_context(), cert) return (private_key, signed_csr)
utils.execute('openssl', 'req', '-new', '-key', keyfile, '-out', csrfile, '-batch', '-subj', subject) private_key = open(keyfile).read() csr = open(csrfile).read() try: shutil.rmtree(tmpdir) except OSError, e: LOG.debug(_('Could not remove tmpdir: %s'), str(e)) (serial, signed_csr) = sign_csr(csr, project_id) fname = os.path.join(ca_folder(project_id), 'newcerts/%s.pem' % serial) cert = {'user_id': user_id, 'project_id': project_id, 'file_name': fname} db.certificate_create(context.get_admin_context(), cert) return (private_key, signed_csr) def _ensure_project_folder(project_id): if not os.path.exists(ca_path(project_id)): geninter_sh_path = os.path.join(os.path.dirname(__file__), 'CA', 'geninter.sh') start = os.getcwd() os.chdir(ca_folder()) utils.execute('sh', geninter_sh_path, project_id, _project_cert_subject(project_id)) os.chdir(start)
csrfile = os.path.join(tmpdir, 'temp.csr') utils.execute('openssl', 'genrsa', '-out', keyfile, str(bits)) utils.execute('openssl', 'req', '-new', '-key', keyfile, '-out', csrfile, '-batch', '-subj', subject) private_key = open(keyfile).read() csr = open(csrfile).read() try: shutil.rmtree(tmpdir) except OSError, e: LOG.debug(_('Could not remove tmpdir: %s'), str(e)) (serial, signed_csr) = sign_csr(csr, project_id) fname = os.path.join(ca_folder(project_id), 'newcerts/%s.pem' % serial) cert = {'user_id': user_id, 'project_id': project_id, 'file_name': fname} db.certificate_create(context.get_admin_context(), cert) return (private_key, signed_csr) def _ensure_project_folder(project_id): if not os.path.exists(ca_path(project_id)): geninter_sh_path = os.path.join(os.path.dirname(__file__), 'CA', 'geninter.sh') start = os.getcwd() os.chdir(ca_folder()) utils.execute('sh', geninter_sh_path, project_id, _project_cert_subject(project_id)) os.chdir(start) def generate_vpn_files(project_id):