def figureDEFS_server(options):
""" figure out the defaults (after options being at least parsed once) for
the server key-pair(set) variables.
"""
global DEFS
DEFS["--server-key"] = os.path.basename(getOption(options, "server_key") or DEFS["--server-key"] or "server.key")
DEFS["--server-cert-req"] = os.path.basename(
getOption(options, "server_cert_req") or DEFS["--server-cert-req"] or "server.csr"
)
DEFS["--server-cert"] = os.path.basename(getOption(options, "server_cert") or DEFS["--server-cert"] or "server.crt")
DEFS["--cert-expiration"] = getOption(options, "cert_expiration") or int(daysTil18Jan2038()) # already rounded
DEFS["--server-rpm"] = getOption(options, "server_rpm") or BASE_SERVER_RPM_NAME + "-" + MACHINENAME
DEFS["--server-tar"] = getOption(options, "server_tar") or BASE_SERVER_TAR_NAME + "-" + MACHINENAME
DEFS["--rpm-packager"] = getOption(options, "rpm_packager")
DEFS["--rpm-vendor"] = getOption(options, "rpm_vendor")
if DEFS.has_key("--cert-expiration"):
# nothing under 1 day or over # days til 18Jan2038
if DEFS["--cert-expiration"] < 1:
DEFS["--cert-expiration"] = 1
_maxdays = int(daysTil18Jan2038()) # already rounded
if DEFS["--cert-expiration"] > _maxdays:
DEFS["--cert-expiration"] = _maxdays
# remap to options object
setOption(options, "server_key", DEFS["--server-key"])
setOption(options, "server_cert_req", DEFS["--server-cert-req"])
setOption(options, "server_cert", DEFS["--server-cert"])
setOption(options, "cert_expiration", DEFS["--cert-expiration"])
setOption(options, "server_rpm", DEFS["--server-rpm"])
setOption(options, "server_tar", DEFS["--server-tar"])
def figureDEFS_CA(options):
""" figure out the defaults (after options being at least parsed once) for
the CA key-pair(set) variables.
"""
if not getOption(options, 'ca_key'):
# the various default names for CA keys (a hierarchy)
for possibility in (CA_KEY_NAME, 'ca.key', 'cakey.pem'):
if os.path.exists(os.path.join(DEFS['--dir'], possibility)):
DEFS['--ca-key'] = possibility
break
DEFS['--ca-key'] = os.path.basename(
getOption(options, 'ca_key') or DEFS['--ca-key'])
DEFS['--ca-cert'] = os.path.basename(
getOption(options, 'ca_cert') or DEFS['--ca-cert'])
DEFS['--ca-cert-dir'] = getOption(options,
'ca_cert_dir') or DEFS['--ca-cert-dir']
DEFS['--other-ca-certs'] = getOption(
options, 'other_ca_certs') or DEFS['--other-ca-certs']
# the various default names for CA keys and certs
if not getOption(options, 'ca_cert'):
if DEFS['--ca-key'] == CA_KEY_NAME:
DEFS['--ca-cert'] = CA_CRT_NAME
elif DEFS['--ca-key'] == 'ca.key':
DEFS['--ca-cert'] = 'ca.crt'
elif DEFS['--ca-key'] == 'cakey.pem':
DEFS['--ca-cert'] = 'cacert.pem'
else:
DEFS['--ca-cert'] = 'ca.crt'
DEFS['--cert-expiration'] = getOption(options, 'cert_expiration') \
or int(daysTil18Jan2038())
DEFS['--ca-cert-rpm'] = getOption(options, 'ca_cert_rpm') \
or CA_CRT_RPM_NAME
DEFS['--rpm-packager'] = getOption(options, 'rpm_packager')
DEFS['--rpm-vendor'] = getOption(options, 'rpm_vendor')
if DEFS.has_key('--cert-expiration'):
# nothing under 1 day or over # days til 18Jan2038
if DEFS['--cert-expiration'] < 1:
DEFS['--cert-expiration'] = 1
_maxdays = int(daysTil18Jan2038()) # already rounded
if DEFS['--cert-expiration'] > _maxdays:
DEFS['--cert-expiration'] = _maxdays
# remap to options object
setOption(options, 'ca_key', DEFS['--ca-key'])
setOption(options, 'ca_cert', DEFS['--ca-cert'])
setOption(options, 'ca_cert_dir', DEFS['--ca-cert-dir'])
setOption(options, 'cert_expiration', DEFS['--cert-expiration'])
setOption(options, 'ca_cert_rpm', DEFS['--ca-cert-rpm'])
setOption(options, 'other_ca_certs', DEFS['--other-ca-certs'])
def figureDEFS_CA(options):
""" figure out the defaults (after options being at least parsed once) for
the CA key-pair(set) variables.
"""
if not getOption(options, 'ca_key'):
# the various default names for CA keys (a hierarchy)
for possibility in (CA_KEY_NAME, 'ca.key', 'cakey.pem'):
if os.path.exists(os.path.join(DEFS['--dir'], possibility)):
DEFS['--ca-key'] = possibility
break
DEFS['--ca-key'] = os.path.basename(getOption(options, 'ca_key') or DEFS['--ca-key'])
DEFS['--ca-cert'] = os.path.basename(getOption(options, 'ca_cert') or DEFS['--ca-cert'])
DEFS['--ca-cert-dir'] = getOption(options, 'ca_cert_dir') or DEFS['--ca-cert-dir']
# the various default names for CA keys and certs
if not getOption(options, 'ca_cert'):
if DEFS['--ca-key'] == CA_KEY_NAME:
DEFS['--ca-cert'] = CA_CRT_NAME
elif DEFS['--ca-key'] == 'ca.key':
DEFS['--ca-cert'] = 'ca.crt'
elif DEFS['--ca-key'] == 'cakey.pem':
DEFS['--ca-cert'] = 'cacert.pem'
else:
DEFS['--ca-cert'] = 'ca.crt'
DEFS['--cert-expiration'] = getOption(options, 'cert_expiration') \
or int(daysTil18Jan2038())
DEFS['--ca-cert-rpm'] = getOption(options, 'ca_cert_rpm') \
or CA_CRT_RPM_NAME
DEFS['--rpm-packager'] = getOption(options, 'rpm_packager')
DEFS['--rpm-vendor'] = getOption(options, 'rpm_vendor')
if DEFS.has_key('--cert-expiration'):
# nothing under 1 day or over # days til 18Jan2038
if DEFS['--cert-expiration'] < 1:
DEFS['--cert-expiration'] = 1
_maxdays = int(daysTil18Jan2038()) # already rounded
if DEFS['--cert-expiration'] > _maxdays:
DEFS['--cert-expiration'] = _maxdays
# remap to options object
setOption(options, 'ca_key', DEFS['--ca-key'])
setOption(options, 'ca_cert', DEFS['--ca-cert'])
setOption(options, 'ca_cert_dir', DEFS['--ca-cert-dir'])
setOption(options, 'cert_expiration', DEFS['--cert-expiration'])
setOption(options, 'ca_cert_rpm', DEFS['--ca-cert-rpm'])
def processCommandline():
options = optionParse()
_maxDays = daysTil18Jan2038()
cert_expiration = getOption(options, 'cert_expiration')
if cert_expiration:
if cert_expiration < 1:
raise CertExpTooShortException(
"certificate expiration must be at least 1 day")
if cert_expiration > _maxDays:
raise CertExpTooLongException(
"certificate expiration cannot exceed %s days "
"(~%.2f years)\n"
% (int(_maxDays), yearsTil18Jan2038()))
country = getOption(options, 'set_country')
if country is not None and (country == '' or len(country) != 2):
raise InvalidCountryCodeException(
"country code must be exactly two characters, such as 'US'")
if options.quiet:
options.verbose = -1
if not options.verbose:
options.verbose = 0
return options
def processCommandline():
options = optionParse()
_maxDays = daysTil18Jan2038()
cert_expiration = getOption(options, 'cert_expiration')
if cert_expiration:
if cert_expiration < 1:
raise CertExpTooShortException(
"certificate expiration must be at least 1 day")
if cert_expiration > _maxDays:
raise CertExpTooLongException(
"certificate expiration cannot exceed %s days "
"(~%.2f years)\n" % (int(_maxDays), yearsTil18Jan2038()))
country = getOption(options, 'set_country')
if country is not None and (country == '' or len(country) != 2):
raise InvalidCountryCodeException(
"country code must be exactly two characters, such as 'US'")
if options.quiet:
options.verbose = -1
if not options.verbose:
options.verbose = 0
return options
def figureDEFS_CA(options):
""" figure out the defaults (after options being at least parsed once) for
the CA key-pair(set) variables.
"""
global DEFS
if not getOption(options, "ca_key"):
# the various default names for CA keys (a hierarchy)
for possibility in (CA_KEY_NAME, "ca.key", "cakey.pem"):
if os.path.exists(os.path.join(DEFS["--dir"], possibility)):
DEFS["--ca-key"] = possibility
break
DEFS["--ca-key"] = os.path.basename(getOption(options, "ca_key") or DEFS["--ca-key"])
DEFS["--ca-cert"] = os.path.basename(getOption(options, "ca_cert") or DEFS["--ca-cert"])
# the various default names for CA keys and certs
if not getOption(options, "ca_cert"):
if DEFS["--ca-key"] == CA_KEY_NAME:
DEFS["--ca-cert"] = CA_CRT_NAME
elif DEFS["--ca-key"] == "ca.key":
DEFS["--ca-cert"] = "ca.crt"
elif DEFS["--ca-key"] == "cakey.pem":
DEFS["--ca-cert"] = "cacert.pem"
else:
DEFS["--ca-cert"] = "ca.crt"
DEFS["--cert-expiration"] = getOption(options, "cert_expiration") or int(daysTil18Jan2038())
DEFS["--ca-cert-rpm"] = getOption(options, "ca_cert_rpm") or CA_CRT_RPM_NAME
DEFS["--rpm-packager"] = getOption(options, "rpm_packager")
DEFS["--rpm-vendor"] = getOption(options, "rpm_vendor")
if DEFS.has_key("--cert-expiration"):
# nothing under 1 day or over # days til 18Jan2038
if DEFS["--cert-expiration"] < 1:
DEFS["--cert-expiration"] = 1
_maxdays = int(daysTil18Jan2038()) # already rounded
if DEFS["--cert-expiration"] > _maxdays:
DEFS["--cert-expiration"] = _maxdays
# remap to options object
setOption(options, "ca_key", DEFS["--ca-key"])
setOption(options, "ca_cert", DEFS["--ca-cert"])
setOption(options, "cert_expiration", DEFS["--cert-expiration"])
setOption(options, "ca_cert_rpm", DEFS["--ca-cert-rpm"])
def figureDEFS_server(options):
""" figure out the defaults (after options being at least parsed once) for
the server key-pair(set) variables.
"""
global DEFS
DEFS['--server-key'] = os.path.basename(getOption(options, 'server_key') \
or DEFS['--server-key'] or 'server.key')
DEFS['--server-cert-req'] = \
os.path.basename(getOption(options, 'server_cert_req') \
or DEFS['--server-cert-req'] or 'server.csr')
DEFS['--server-cert'] = os.path.basename(getOption(options, 'server_cert')\
or DEFS['--server-cert'] or 'server.crt')
DEFS['--cert-expiration'] = getOption(options, 'cert_expiration') \
or int(daysTil18Jan2038()) # already rounded
DEFS['--server-rpm'] = getOption(options, 'server_rpm') \
or BASE_SERVER_RPM_NAME+'-'+MACHINENAME
DEFS['--server-tar'] = getOption(options, 'server_tar') \
or BASE_SERVER_TAR_NAME+'-'+MACHINENAME
DEFS['--rpm-packager'] = getOption(options, 'rpm_packager')
DEFS['--rpm-vendor'] = getOption(options, 'rpm_vendor')
if getOption(options, 'now') is not None:
DEFS['--now'] = True
DEFS['--startdate'] = getStartDate(now=True)
if DEFS.has_key('--cert-expiration'):
# nothing under 1 day or over # days til 18Jan2038
if DEFS['--cert-expiration'] < 1:
DEFS['--cert-expiration'] = 1
_maxdays = int(daysTil18Jan2038()) # already rounded
if DEFS['--cert-expiration'] > _maxdays:
DEFS['--cert-expiration'] = _maxdays
# remap to options object
setOption(options, 'server_key', DEFS['--server-key'])
setOption(options, 'server_cert_req', DEFS['--server-cert-req'])
setOption(options, 'server_cert', DEFS['--server-cert'])
setOption(options, 'cert_expiration', DEFS['--cert-expiration'])
setOption(options, 'server_rpm', DEFS['--server-rpm'])
setOption(options, 'server_tar', DEFS['--server-tar'])
def figureDEFS_server(options):
""" figure out the defaults (after options being at least parsed once) for
the server key-pair(set) variables.
"""
DEFS['--server-key'] = os.path.basename(getOption(options, 'server_key') \
or DEFS['--server-key'] or 'server.key')
DEFS['--server-cert-req'] = \
os.path.basename(getOption(options, 'server_cert_req') \
or DEFS['--server-cert-req'] or 'server.csr')
DEFS['--server-cert'] = os.path.basename(getOption(options, 'server_cert')\
or DEFS['--server-cert'] or 'server.crt')
DEFS['--cert-expiration'] = getOption(options, 'cert_expiration') \
or int(daysTil18Jan2038()) # already rounded
DEFS['--server-rpm'] = getOption(options, 'server_rpm') \
or BASE_SERVER_RPM_NAME+'-'+MACHINENAME
DEFS['--server-tar'] = getOption(options, 'server_tar') \
or BASE_SERVER_TAR_NAME+'-'+MACHINENAME
DEFS['--server-cert-dir'] = getOption(
options, 'server_cert_dir') or DEFS['--server-cert-dir']
DEFS['--rpm-packager'] = getOption(options, 'rpm_packager')
DEFS['--rpm-vendor'] = getOption(options, 'rpm_vendor')
if DEFS.has_key('--cert-expiration'):
# nothing under 1 day or over # days til 18Jan2038
if DEFS['--cert-expiration'] < 1:
DEFS['--cert-expiration'] = 1
_maxdays = int(daysTil18Jan2038()) # already rounded
if DEFS['--cert-expiration'] > _maxdays:
DEFS['--cert-expiration'] = _maxdays
# remap to options object
setOption(options, 'server_key', DEFS['--server-key'])
setOption(options, 'server_cert_req', DEFS['--server-cert-req'])
setOption(options, 'server_cert', DEFS['--server-cert'])
setOption(options, 'cert_expiration', DEFS['--cert-expiration'])
setOption(options, 'server_rpm', DEFS['--server-rpm'])
setOption(options, 'server_tar', DEFS['--server-tar'])
setOption(options, 'server_cert_dir', DEFS['--server-cert-dir'])
""" for SSL cert/key generation, returns now, minus 1 week
just in case weird time zone issues get in the way of a working
cert/key.
format: YYMMDDHHMMSSZ where Z is the capital letter Z
"""
aweek = 24*60*60*7
return time.strftime("%y%m%d%H%M%S", time.gmtime(time.time()-aweek)) + 'Z'
_defs = \
{
'--dir' : BUILD_DIR,
'--ca-key' : 'RHN-ORG-PRIVATE-SSL-KEY',
'--ca-cert' : 'RHN-ORG-TRUSTED-SSL-CERT',
'--cert-expiration' : int(daysTil18Jan2038()),
'--startdate' : getStartDate_aWeekAgo(),
'--server-key' : 'server.key',
'--server-cert-req' : 'server.csr',
'--server-cert' : 'server.crt',
'--jabberd-ssl-cert': 'server.pem',
'--set-country' : 'US',
'--set-common-name' : "", # these two will never appear
'--set-hostname' : HOSTNAME, # at the same time on the CLI
'--ca-cert-rpm' : CA_CRT_RPM_NAME,
'--server-rpm' : BASE_SERVER_RPM_NAME+'-'+MACHINENAME,
'--server-tar' : BASE_SERVER_TAR_NAME+'-'+MACHINENAME,
just in case weird time zone issues get in the way of a working
cert/key.
format: YYMMDDHHMMSSZ where Z is the capital letter Z
"""
aweek = 24 * 60 * 60 * 7
return time.strftime("%y%m%d%H%M%S",
time.gmtime(time.time() - aweek)) + 'Z'
_defs = \
{
'--dir' : BUILD_DIR,
'--ca-key' : 'RHN-ORG-PRIVATE-SSL-KEY',
'--ca-cert' : 'RHN-ORG-TRUSTED-SSL-CERT',
'--cert-expiration' : int(daysTil18Jan2038()),
'--startdate' : getStartDate_aWeekAgo(),
'--server-key' : 'server.key',
'--server-cert-req' : 'server.csr',
'--server-cert' : 'server.crt',
'--jabberd-ssl-cert': 'server.pem',
'--set-country' : 'US',
'--set-common-name' : "", # these two will never appear
'--set-hostname' : HOSTNAME, # at the same time on the CLI
'--ca-cert-rpm' : CA_CRT_RPM_NAME,
'--server-rpm' : BASE_SERVER_RPM_NAME+'-'+MACHINENAME,
'--server-tar' : BASE_SERVER_TAR_NAME+'-'+MACHINENAME,
