def figureDEFS_CA(options):
""" figure out the defaults (after options being at least parsed once) for
the CA key-pair(set) variables.
"""
global DEFS
if not getOption(options, 'ca_key'):
# the various default names for CA keys (a hierarchy)
for possibility in (CA_KEY_NAME, 'ca.key', 'cakey.pem'):
if os.path.exists(os.path.join(DEFS['--dir'], possibility)):
DEFS['--ca-key'] = possibility
break
DEFS['--ca-key'] = os.path.basename(
getOption(options, 'ca_key') or DEFS['--ca-key'])
DEFS['--ca-cert'] = os.path.basename(
getOption(options, 'ca_cert') or DEFS['--ca-cert'])
# the various default names for CA keys and certs
if not getOption(options, 'ca_cert'):
if DEFS['--ca-key'] == CA_KEY_NAME:
DEFS['--ca-cert'] = CA_CRT_NAME
elif DEFS['--ca-key'] == 'ca.key':
DEFS['--ca-cert'] = 'ca.crt'
elif DEFS['--ca-key'] == 'cakey.pem':
DEFS['--ca-cert'] = 'cacert.pem'
else:
DEFS['--ca-cert'] = 'ca.crt'
DEFS['--cert-expiration'] = getOption(options, 'cert_expiration') \
or int(daysTil18Jan2038())
DEFS['--ca-cert-rpm'] = getOption(options, 'ca_cert_rpm') \
or CA_CRT_RPM_NAME
DEFS['--rpm-packager'] = getOption(options, 'rpm_packager')
DEFS['--rpm-vendor'] = getOption(options, 'rpm_vendor')
if '--cert-expiration' in DEFS:
# nothing under 1 day or over # days til 18Jan2038
if DEFS['--cert-expiration'] < 1:
DEFS['--cert-expiration'] = 1
_maxdays = int(daysTil18Jan2038()) # already rounded
if DEFS['--cert-expiration'] > _maxdays:
DEFS['--cert-expiration'] = _maxdays
# remap to options object
setOption(options, 'ca_key', DEFS['--ca-key'])
setOption(options, 'ca_cert', DEFS['--ca-cert'])
setOption(options, 'cert_expiration', DEFS['--cert-expiration'])
setOption(options, 'ca_cert_rpm', DEFS['--ca-cert-rpm'])
def figureDEFS_CA(options):
""" figure out the defaults (after options being at least parsed once) for
the CA key-pair(set) variables.
"""
global DEFS
if not getOption(options, 'ca_key'):
# the various default names for CA keys (a hierarchy)
for possibility in (CA_KEY_NAME, 'ca.key', 'cakey.pem'):
if os.path.exists(os.path.join(DEFS['--dir'], possibility)):
DEFS['--ca-key'] = possibility
break
DEFS['--ca-key'] = os.path.basename(getOption(options, 'ca_key') or DEFS['--ca-key'])
DEFS['--ca-cert'] = os.path.basename(getOption(options, 'ca_cert') or DEFS['--ca-cert'])
# the various default names for CA keys and certs
if not getOption(options, 'ca_cert'):
if DEFS['--ca-key'] == CA_KEY_NAME:
DEFS['--ca-cert'] = CA_CRT_NAME
elif DEFS['--ca-key'] == 'ca.key':
DEFS['--ca-cert'] = 'ca.crt'
elif DEFS['--ca-key'] == 'cakey.pem':
DEFS['--ca-cert'] = 'cacert.pem'
else:
DEFS['--ca-cert'] = 'ca.crt'
DEFS['--cert-expiration'] = getOption(options, 'cert_expiration') \
or int(daysTil18Jan2038())
DEFS['--ca-cert-rpm'] = getOption(options, 'ca_cert_rpm') \
or CA_CRT_RPM_NAME
DEFS['--rpm-packager'] = getOption(options, 'rpm_packager')
DEFS['--rpm-vendor'] = getOption(options, 'rpm_vendor')
if '--cert-expiration' in DEFS:
# nothing under 1 day or over # days til 18Jan2038
if DEFS['--cert-expiration'] < 1:
DEFS['--cert-expiration'] = 1
_maxdays = int(daysTil18Jan2038()) # already rounded
if DEFS['--cert-expiration'] > _maxdays:
DEFS['--cert-expiration'] = _maxdays
# remap to options object
setOption(options, 'ca_key', DEFS['--ca-key'])
setOption(options, 'ca_cert', DEFS['--ca-cert'])
setOption(options, 'cert_expiration', DEFS['--cert-expiration'])
setOption(options, 'ca_cert_rpm', DEFS['--ca-cert-rpm'])
def processCommandline():
options = optionParse()
_maxDays = daysTil18Jan2038()
cert_expiration = getOption(options, 'cert_expiration')
if cert_expiration:
if cert_expiration < 1:
raise CertExpTooShortException(
"certificate expiration must be at least 1 day")
if cert_expiration > _maxDays:
raise CertExpTooLongException(
"certificate expiration cannot exceed %s days "
"(~%.2f years)\n" % (int(_maxDays), yearsTil18Jan2038()))
country = getOption(options, 'set_country')
if country is not None and (country == '' or len(country) != 2):
raise InvalidCountryCodeException(
"country code must be exactly two characters, such as 'US'")
if options.quiet:
options.verbose = -1
if not options.verbose:
options.verbose = 0
return options
def processCommandline():
options = optionParse()
_maxDays = daysTil18Jan2038()
cert_expiration = getOption(options, 'cert_expiration')
if cert_expiration:
if cert_expiration < 1:
raise CertExpTooShortException(
"certificate expiration must be at least 1 day")
if cert_expiration > _maxDays:
raise CertExpTooLongException(
"certificate expiration cannot exceed %s days "
"(~%.2f years)\n"
% (int(_maxDays), yearsTil18Jan2038()))
country = getOption(options, 'set_country')
if country is not None and (country == '' or len(country) != 2):
raise InvalidCountryCodeException(
"country code must be exactly two characters, such as 'US'")
if options.quiet:
options.verbose = -1
if not options.verbose:
options.verbose = 0
return options
def figureDEFS_server(options):
""" figure out the defaults (after options being at least parsed once) for
the server key-pair(set) variables.
"""
global DEFS
DEFS['--server-key'] = os.path.basename(getOption(options, 'server_key') \
or DEFS['--server-key'] or 'server.key')
DEFS['--server-cert-req'] = \
os.path.basename(getOption(options, 'server_cert_req') \
or DEFS['--server-cert-req'] or 'server.csr')
DEFS['--server-cert'] = os.path.basename(getOption(options, 'server_cert')\
or DEFS['--server-cert'] or 'server.crt')
DEFS['--cert-expiration'] = getOption(options, 'cert_expiration') \
or int(daysTil18Jan2038()) # already rounded
DEFS['--server-rpm'] = getOption(options, 'server_rpm') \
or BASE_SERVER_RPM_NAME+'-'+MACHINENAME
DEFS['--server-tar'] = getOption(options, 'server_tar') \
or BASE_SERVER_TAR_NAME+'-'+MACHINENAME
DEFS['--rpm-packager'] = getOption(options, 'rpm_packager')
DEFS['--rpm-vendor'] = getOption(options, 'rpm_vendor')
if '--cert-expiration' in DEFS:
# nothing under 1 day or over # days til 18Jan2038
if DEFS['--cert-expiration'] < 1:
DEFS['--cert-expiration'] = 1
_maxdays = int(daysTil18Jan2038()) # already rounded
if DEFS['--cert-expiration'] > _maxdays:
DEFS['--cert-expiration'] = _maxdays
# remap to options object
setOption(options, 'server_key', DEFS['--server-key'])
setOption(options, 'server_cert_req', DEFS['--server-cert-req'])
setOption(options, 'server_cert', DEFS['--server-cert'])
setOption(options, 'cert_expiration', DEFS['--cert-expiration'])
setOption(options, 'server_rpm', DEFS['--server-rpm'])
setOption(options, 'server_tar', DEFS['--server-tar'])
def figureDEFS_server(options):
""" figure out the defaults (after options being at least parsed once) for
the server key-pair(set) variables.
"""
global DEFS
DEFS['--server-key'] = os.path.basename(getOption(options, 'server_key') \
or DEFS['--server-key'] or 'server.key')
DEFS['--server-cert-req'] = \
os.path.basename(getOption(options, 'server_cert_req') \
or DEFS['--server-cert-req'] or 'server.csr')
DEFS['--server-cert'] = os.path.basename(getOption(options, 'server_cert')\
or DEFS['--server-cert'] or 'server.crt')
DEFS['--cert-expiration'] = getOption(options, 'cert_expiration') \
or int(daysTil18Jan2038()) # already rounded
DEFS['--server-rpm'] = getOption(options, 'server_rpm') \
or BASE_SERVER_RPM_NAME+'-'+MACHINENAME
DEFS['--server-tar'] = getOption(options, 'server_tar') \
or BASE_SERVER_TAR_NAME+'-'+MACHINENAME
DEFS['--rpm-packager'] = getOption(options, 'rpm_packager')
DEFS['--rpm-vendor'] = getOption(options, 'rpm_vendor')
if '--cert-expiration' in DEFS:
# nothing under 1 day or over # days til 18Jan2038
if DEFS['--cert-expiration'] < 1:
DEFS['--cert-expiration'] = 1
_maxdays = int(daysTil18Jan2038()) # already rounded
if DEFS['--cert-expiration'] > _maxdays:
DEFS['--cert-expiration'] = _maxdays
# remap to options object
setOption(options, 'server_key', DEFS['--server-key'])
setOption(options, 'server_cert_req', DEFS['--server-cert-req'])
setOption(options, 'server_cert', DEFS['--server-cert'])
setOption(options, 'cert_expiration', DEFS['--cert-expiration'])
setOption(options, 'server_rpm', DEFS['--server-rpm'])
setOption(options, 'server_tar', DEFS['--server-tar'])
""" for SSL cert/key generation, returns now, minus 1 week
just in case weird time zone issues get in the way of a working
cert/key.
format: YYMMDDHHMMSSZ where Z is the capital letter Z
"""
aweek = 24*60*60*7
return time.strftime("%y%m%d%H%M%S", time.gmtime(time.time()-aweek)) + 'Z'
_defs = \
{
'--dir' : BUILD_DIR,
'--ca-key' : 'RHN-ORG-PRIVATE-SSL-KEY',
'--ca-cert' : 'RHN-ORG-TRUSTED-SSL-CERT',
'--cert-expiration' : int(daysTil18Jan2038()),
'--startdate' : getStartDate_aWeekAgo(),
'--server-key' : 'server.key',
'--server-cert-req' : 'server.csr',
'--server-cert' : 'server.crt',
'--jabberd-ssl-cert': 'server.pem',
'--set-country' : 'US',
'--set-common-name' : "", # these two will never appear
'--set-hostname' : HOSTNAME, # at the same time on the CLI
'--ca-cert-rpm' : CA_CRT_RPM_NAME,
'--server-rpm' : BASE_SERVER_RPM_NAME+'-'+MACHINENAME,
'--server-tar' : BASE_SERVER_TAR_NAME+'-'+MACHINENAME,
just in case weird time zone issues get in the way of a working
cert/key.
format: YYMMDDHHMMSSZ where Z is the capital letter Z
"""
aweek = 24 * 60 * 60 * 7
return time.strftime("%y%m%d%H%M%S",
time.gmtime(time.time() - aweek)) + 'Z'
_defs = \
{
'--dir' : BUILD_DIR,
'--ca-key' : 'RHN-ORG-PRIVATE-SSL-KEY',
'--ca-cert' : 'RHN-ORG-TRUSTED-SSL-CERT',
'--cert-expiration' : int(daysTil18Jan2038()),
'--startdate' : getStartDate_aWeekAgo(),
'--server-key' : 'server.key',
'--server-cert-req' : 'server.csr',
'--server-cert' : 'server.crt',
'--jabberd-ssl-cert': 'server.pem',
'--set-country' : 'US',
'--set-common-name' : "", # these two will never appear
'--set-hostname' : HOSTNAME, # at the same time on the CLI
'--ca-cert-rpm' : CA_CRT_RPM_NAME,
'--server-rpm' : BASE_SERVER_RPM_NAME+'-'+MACHINENAME,
'--server-tar' : BASE_SERVER_TAR_NAME+'-'+MACHINENAME,