def get_intermediates(self): if self._cert_container.intermediates: intermediates = self._cert_container.intermediates.payload return [ imd for imd in cert_parser.get_intermediates_pems(intermediates) ]
def get_intermediates(self): if self._cert_container.intermediates: intermediates = encodeutils.to_utf8( self._cert_container.intermediates.payload) return [ imd for imd in cert_parser.get_intermediates_pems(intermediates) ]
def get_cert(context, cert_ref, **kwargs): """Retrieves the specified cert. :param context: Ignored in this implementation :param cert_ref: the UUID of the cert to retrieve :return: octavia.certificates.common.Cert representation of the certificate data :raises CertificateStorageException: if certificate retrieval fails """ LOG.info("Loading certificate %s from the local filesystem.", cert_ref) filename_base = os.path.join(CONF.certificates.storage_path, cert_ref) filename_certificate = "{0}.crt".format(filename_base) filename_private_key = "{0}.key".format(filename_base) filename_intermediates = "{0}.int".format(filename_base) filename_pkp = "{0}.pass".format(filename_base) cert_data = dict() flags = os.O_RDONLY try: with os.fdopen(os.open(filename_certificate, flags)) as cert_file: cert_data['certificate'] = cert_file.read() except IOError: LOG.error("Failed to read certificate for %s.", cert_ref) raise exceptions.CertificateStorageException( msg="Certificate could not be read.") try: with os.fdopen(os.open(filename_private_key, flags)) as key_file: cert_data['private_key'] = key_file.read() except IOError: LOG.error("Failed to read private key for %s", cert_ref) raise exceptions.CertificateStorageException( msg="Private Key could not be read.") try: with os.fdopen(os.open(filename_intermediates, flags)) as int_file: cert_data['intermediates'] = int_file.read() cert_data['intermediates'] = list( cert_parser.get_intermediates_pems(cert_data['intermediates'])) except IOError: pass try: with os.fdopen(os.open(filename_pkp, flags)) as pass_file: cert_data['private_key_passphrase'] = pass_file.read() except IOError: pass return local_common.LocalCert(**cert_data)
def store_cert(self, context, certificate, private_key, intermediates=None, private_key_passphrase=None, expiration=None, name="PKCS12 Certificate Bundle"): """Stores a certificate in the certificate manager. :param context: Oslo context of the request :param certificate: PEM encoded TLS certificate :param private_key: private key for the supplied certificate :param intermediates: ordered and concatenated intermediate certs :param private_key_passphrase: optional passphrase for the supplied key :param expiration: the expiration time of the cert in ISO 8601 format :param name: a friendly name for the cert :returns: the container_ref of the stored cert :raises Exception: if certificate storage fails """ connection = self.auth.get_barbican_client(context.project_id) LOG.info("Storing certificate secret '%s' in Barbican.", name) p12 = crypto.PKCS12() p12.set_friendlyname(encodeutils.to_utf8(name)) x509_cert = crypto.load_certificate(crypto.FILETYPE_PEM, certificate) p12.set_certificate(x509_cert) x509_pk = crypto.load_privatekey(crypto.FILETYPE_PEM, private_key) p12.set_privatekey(x509_pk) if intermediates: cert_ints = list(cert_parser.get_intermediates_pems(intermediates)) x509_ints = [ crypto.load_certificate(crypto.FILETYPE_PEM, ci) for ci in cert_ints ] p12.set_ca_certificates(x509_ints) if private_key_passphrase: raise exceptions.CertificateStorageException( "Passphrase protected PKCS12 certificates are not supported.") try: certificate_secret = connection.secrets.create( payload=p12.export(), expiration=expiration, name=name) certificate_secret.store() return certificate_secret.secret_ref except Exception as e: with excutils.save_and_reraise_exception(): LOG.error('Error storing certificate data: %s', str(e)) return None
def store_cert(self, context, certificate, private_key, intermediates=None, private_key_passphrase=None, expiration=None, name="PKCS12 Certificate Bundle"): """Stores a certificate in the certificate manager. :param context: Oslo context of the request :param certificate: PEM encoded TLS certificate :param private_key: private key for the supplied certificate :param intermediates: ordered and concatenated intermediate certs :param private_key_passphrase: optional passphrase for the supplied key :param expiration: the expiration time of the cert in ISO 8601 format :param name: a friendly name for the cert :returns: the container_ref of the stored cert :raises Exception: if certificate storage fails """ connection = self.auth.get_barbican_client(context.project_id) LOG.info("Storing certificate secret '%s' in Barbican.", name) p12 = crypto.PKCS12() p12.set_friendlyname(encodeutils.to_utf8(name)) x509_cert = crypto.load_certificate(crypto.FILETYPE_PEM, certificate) p12.set_certificate(x509_cert) x509_pk = crypto.load_privatekey(crypto.FILETYPE_PEM, private_key) p12.set_privatekey(x509_pk) if intermediates: cert_ints = list(cert_parser.get_intermediates_pems(intermediates)) x509_ints = [ crypto.load_certificate(crypto.FILETYPE_PEM, ci) for ci in cert_ints] p12.set_ca_certificates(x509_ints) if private_key_passphrase: raise exceptions.CertificateStorageException( "Passphrase protected PKCS12 certificates are not supported.") try: certificate_secret = connection.secrets.create( payload=p12.export(), expiration=expiration, name=name ) certificate_secret.store() return certificate_secret.secret_ref except Exception as e: with excutils.save_and_reraise_exception(): LOG.error('Error storing certificate data: %s', e)
def test_get_intermediates_pkcs7_der_bad(self): self.assertRaises( exceptions.UnreadableCert, lambda: list( cert_parser.get_intermediates_pems(b'\xfe\xfe\xff\xff')))
def test_get_intermediates_pkcs7_der(self): self.assertEqual( sample_certs.X509_IMDS_LIST, list(cert_parser.get_intermediates_pems(sample_certs.PKCS7_DER)))
def test_get_intermediates_pkcs7_pem_bad(self): self.assertRaises( exceptions.UnreadableCert, lambda: list( cert_parser.get_intermediates_pems( b'-----BEGIN PKCS7-----\nbad data\n-----END PKCS7-----')))
def test_get_intermediates_pem_chain(self): self.assertEqual( sample_certs.X509_IMDS_LIST, list(cert_parser.get_intermediates_pems(sample_certs.X509_IMDS)))
def test_get_intermediates_pem_chain(self): self.assertEqual( sample_certs.X509_IMDS_LIST, [c for c in cert_parser.get_intermediates_pems(sample_certs.X509_IMDS)])
def test_get_intermediates_pkcs7_der_bad(self): self.assertRaises( exceptions.UnreadableCert, lambda: list(cert_parser.get_intermediates_pems( '\xfe\xfe\xff\xff')))
def test_get_intermediates_pkcs7_der(self): self.assertEqual( sample_certs.X509_IMDS_LIST, [c for c in cert_parser.get_intermediates_pems(sample_certs.PKCS7_DER)])
def test_get_intermediates_pkcs7_pem_bad(self): self.assertRaises( exceptions.UnreadableCert, lambda: list(cert_parser.get_intermediates_pems( '-----BEGIN PKCS7-----\nbad data\n-----END PKCS7-----')))
def get_intermediates(self): if self._cert_container.intermediates: intermediates = encodeutils.to_utf8( self._cert_container.intermediates.payload) return list(cert_parser.get_intermediates_pems(intermediates)) return None
def test_get_intermediates_pkcs7_pem(self): self.assertEqual(sample_certs.X509_IMDS_LIST, [ c for c in cert_parser.get_intermediates_pems(sample_certs.PKCS7_PEM) ])
def get_intermediates(self): if self._cert_container.intermediates: intermediates = self._cert_container.intermediates.payload return [imd for imd in cert_parser.get_intermediates_pems( intermediates)]