def generate_certificate(self, key, commit=False, user=None):
if user is None:
# We pick one pseudo-random admin
assert self.group.admins.exists()
user = self.group.admins[0]
if not key:
# restore stored private key
key = self.keys.private or self.keys.tinc
assert key, 'A private key should be provided to generate a certificate.'
addr = str(self.mgmt_net.addr)
key = str(key)
bob = Bob(key=key)
scr = bob.create_request(Email=user.email, CN=addr)
signed_cert = self.mgmt_net.sign_cert_request(scr)
# Keep current certificate if node API has been customized
# (e.g. API delegated to a gateway)
if commit:
if self.api is None:
self.api = NodeApi.objects.create_default(node=self)
# Check if node API base_uri refers node mgmt_net addr
if url_on_mgmt_net(self.api.base_uri, self.mgmt_net.addr):
self.api.cert = signed_cert
self.api.save()
return signed_cert
def handle(self, *args, **options):
# TODO correct key file permissions
override = options.get('override')
bob = Bob()
key_path = MAINTENANCE_KEY_PATH
pub_key_path = MAINTENANCE_PUB_KEY_PATH
try:
bob.load_key(key_path)
except:
override = True
if override:
bob.gen_key()
self.stdout.write('Writing new key to \'%s\'' %
MAINTENANCE_KEY_PATH)
bob.store_key(MAINTENANCE_KEY_PATH)
self.stdout.write('Writing new public key to \'%s\'' %
MAINTENANCE_PUB_KEY_PATH)
with open(MAINTENANCE_PUB_KEY_PATH, 'w+') as pub_key_path:
pub_key_path.write(bob.get_pub_key(format='OpenSSH'))
return
self.stdout.write('\nYour keys are already in place.\n'
' Use --override in order to override them.\n\n')
def generate_key(self, commit=False):
if self.content_type.model == 'server':
raise TypeError("Cannot generate_key from a server.")
bob = Bob()
bob.gen_key()
if commit:
self.pubkey = bob.get_pub_key(format='X.501')
self.save()
return bob.get_key(format='X.501')
