Example #1
0
def check_certs():
    status = _check_path(config.get_splice_server_identity_cert_path(), "[security].splice_server_identity_cert")
    status &= _check_path(config.get_splice_server_identity_ca_path(), "[security].splice_server_identity_ca")
    status &= _check_path(config.get_splice_server_identity_key_path(), "[security].splice_server_identity_key")
    status &= _check_path(config.get_rhic_ca_path(), "[security].rhic_ca_path")
    rhic_serve_cfg = config.get_rhic_serve_config_info()
    status &= _check_path(rhic_serve_cfg["client_key"], "[rhic_serve].client_key")
    status &= _check_path(rhic_serve_cfg["client_cert"], "[rhic_serve].client_cert")
    return status
Example #2
0
def check_valid_identity():
    global SERVER_IDENTITY_VALID
    # Allow override of cert/key/ca for testing.
    cert = config.get_splice_server_identity_cert_path()
    key = config.get_splice_server_identity_key_path()
    ca_cert = config.get_splice_server_identity_ca_path()
    # Verify paths exist
    if not _check_path(cert, "[security].splice_server_identity_cert"):
        return False
    if not _check_path(ca_cert, "[security].splice_server_identity_ca"):
        return False
    if not _check_path(key, "[security].splice_server_identity_key"):
        return False

    # Check that the identity certificate was signed by the configured identity CA
    certfu = CertFileUtils()
    if not certfu.validate_certificate(cert, ca_cert):
        _LOG.error("[security].splice_server_identity_cert failed validation against CA: [security].splice_server_identity_ca")
        return False
    if not certfu.validate_priv_key_to_certificate(key, cert):
        _LOG.error("[security].splice_server_identity_key is not matched to [security].splice_server_identity_cert")
        return False
    SERVER_IDENTITY_VALID = True
    return SERVER_IDENTITY_VALID
Example #3
0
def get_splice_server_identity_cert_path():
    return config.get_splice_server_identity_cert_path()