def initialize(self): temp_path = utils.get_temp_path() index_path = os.path.join(temp_path, INDEX_NAME) index_attr_path = os.path.join(temp_path, INDEX_ATTR_NAME) serial_path = os.path.join(temp_path, SERIAL_NAME) ssl_conf_path = os.path.join(temp_path, OPENSSL_NAME) reqs_path = os.path.join(temp_path, '%s.csr' % self.id) key_path = os.path.join(temp_path, '%s.key' % self.id) cert_path = os.path.join(temp_path, '%s.crt' % self.id) ca_name = self.id if self.type == CERT_CA else 'ca' ca_cert_path = os.path.join(temp_path, '%s.crt' % ca_name) ca_key_path = os.path.join(temp_path, '%s.key' % ca_name) self.org.queue_com.wait_status() try: os.makedirs(temp_path) with open(index_path, 'a'): os.utime(index_path, None) with open(index_attr_path, 'a'): os.utime(index_attr_path, None) with open(serial_path, 'w') as serial_file: serial_hex = ('%x' % utils.fnv64a(str(self.id))).upper() if len(serial_hex) % 2: serial_hex = '0' + serial_hex serial_file.write('%s\n' % serial_hex) with open(ssl_conf_path, 'w') as conf_file: conf_file.write(CERT_CONF % ( settings.user.cert_key_bits, settings.user.cert_message_digest, self.org.id, self.id, index_path, serial_path, temp_path, ca_cert_path, ca_key_path, settings.user.cert_message_digest, )) self.org.queue_com.wait_status() if self.type != CERT_CA: self.org.write_file('ca_certificate', ca_cert_path, chmod=0600) self.org.write_file('ca_private_key', ca_key_path, chmod=0600) self.generate_otp_secret() try: args = [ 'openssl', 'req', '-new', '-batch', '-config', ssl_conf_path, '-out', reqs_path, '-keyout', key_path, '-reqexts', '%s_req_ext' % self.type.replace('_pool', ''), ] self.org.queue_com.popen(args) except (OSError, ValueError): logger.exception('Failed to create user cert requests', 'user', org_id=self.org.id, user_id=self.id, ) raise self.read_file('private_key', key_path) try: args = ['openssl', 'ca', '-batch'] if self.type == CERT_CA: args += ['-selfsign'] args += [ '-config', ssl_conf_path, '-in', reqs_path, '-out', cert_path, '-extensions', '%s_ext' % self.type.replace('_pool', ''), ] self.org.queue_com.popen(args) except (OSError, ValueError): logger.exception('Failed to create user cert', 'user', org_id=self.org.id, user_id=self.id, ) raise self.read_file('certificate', cert_path) finally: try: utils.rmtree(temp_path) except subprocess.CalledProcessError: pass self.org.queue_com.wait_status() # If assign ip addr fails it will be corrected in ip sync task try: self.assign_ip_addr() except: logger.exception('Failed to assign users ip address', 'user', org_id=self.org.id, user_id=self.id, )
def initialize(self): temp_path = utils.get_temp_path() index_path = os.path.join(temp_path, INDEX_NAME) index_attr_path = os.path.join(temp_path, INDEX_ATTR_NAME) serial_path = os.path.join(temp_path, SERIAL_NAME) ssl_conf_path = os.path.join(temp_path, OPENSSL_NAME) reqs_path = os.path.join(temp_path, '%s.csr' % self.id) key_path = os.path.join(temp_path, '%s.key' % self.id) cert_path = os.path.join(temp_path, '%s.crt' % self.id) ca_name = self.id if self.type == CERT_CA else 'ca' ca_cert_path = os.path.join(temp_path, '%s.crt' % ca_name) ca_key_path = os.path.join(temp_path, '%s.key' % ca_name) self.org.queue_com.wait_status() try: os.makedirs(temp_path) with open(index_path, 'a'): os.utime(index_path, None) with open(index_attr_path, 'a'): os.utime(index_attr_path, None) with open(serial_path, 'w') as serial_file: serial_hex = ('%x' % utils.fnv64a(str(self.id))).upper() if len(serial_hex) % 2: serial_hex = '0' + serial_hex serial_file.write('%s\n' % serial_hex) with open(ssl_conf_path, 'w') as conf_file: conf_file.write(CERT_CONF % ( settings.user.cert_key_bits, settings.user.cert_message_digest, self.org.id, self.id, index_path, serial_path, temp_path, ca_cert_path, ca_key_path, settings.user.cert_message_digest, )) self.org.queue_com.wait_status() if self.type != CERT_CA: self.org.write_file('ca_certificate', ca_cert_path, chmod=0600) self.org.write_file('ca_private_key', ca_key_path, chmod=0600) self.generate_otp_secret() try: args = [ 'openssl', 'req', '-new', '-batch', '-config', ssl_conf_path, '-out', reqs_path, '-keyout', key_path, '-reqexts', '%s_req_ext' % self.type.replace('_pool', ''), ] self.org.queue_com.popen(args) except (OSError, ValueError): logger.exception( 'Failed to create user cert requests', 'user', org_id=self.org.id, user_id=self.id, ) raise self.read_file('private_key', key_path) try: args = ['openssl', 'ca', '-batch'] if self.type == CERT_CA: args += ['-selfsign'] args += [ '-config', ssl_conf_path, '-in', reqs_path, '-out', cert_path, '-extensions', '%s_ext' % self.type.replace('_pool', ''), ] self.org.queue_com.popen(args) except (OSError, ValueError): logger.exception( 'Failed to create user cert', 'user', org_id=self.org.id, user_id=self.id, ) raise self.read_file('certificate', cert_path) finally: try: utils.rmtree(temp_path) except subprocess.CalledProcessError: pass self.org.queue_com.wait_status() # If assign ip addr fails it will be corrected in ip sync task try: self.assign_ip_addr() except: logger.exception( 'Failed to assign users ip address', 'user', org_id=self.org.id, user_id=self.id, )
def initialize(self): temp_path = utils.get_temp_path() index_path = os.path.join(temp_path, INDEX_NAME) index_attr_path = os.path.join(temp_path, INDEX_ATTR_NAME) serial_path = os.path.join(temp_path, SERIAL_NAME) ssl_conf_path = os.path.join(temp_path, OPENSSL_NAME) reqs_path = os.path.join(temp_path, "%s.csr" % self.id) key_path = os.path.join(temp_path, "%s.key" % self.id) cert_path = os.path.join(temp_path, "%s.crt" % self.id) ca_name = self.id if self.type == CERT_CA else "ca" ca_cert_path = os.path.join(temp_path, "%s.crt" % ca_name) ca_key_path = os.path.join(temp_path, "%s.key" % ca_name) self.org.queue_com.wait_status() try: os.makedirs(temp_path) with open(index_path, "a"): os.utime(index_path, None) with open(index_attr_path, "a"): os.utime(index_attr_path, None) with open(serial_path, "w") as serial_file: serial_hex = ("%x" % utils.fnv64a(str(self.id))).upper() if len(serial_hex) % 2: serial_hex = "0" + serial_hex serial_file.write("%s\n" % serial_hex) with open(ssl_conf_path, "w") as conf_file: conf_file.write( CERT_CONF % ( settings.user.cert_key_bits, settings.user.cert_message_digest, self.org.id, self.id, index_path, serial_path, temp_path, ca_cert_path, ca_key_path, settings.user.cert_message_digest, ) ) self.org.queue_com.wait_status() if self.type != CERT_CA: self.org.write_file("ca_certificate", ca_cert_path, chmod=0600) self.org.write_file("ca_private_key", ca_key_path, chmod=0600) self.generate_otp_secret() try: args = [ "openssl", "req", "-new", "-batch", "-config", ssl_conf_path, "-out", reqs_path, "-keyout", key_path, "-reqexts", "%s_req_ext" % self.type.replace("_pool", ""), ] self.org.queue_com.popen(args) except (OSError, ValueError): logger.exception("Failed to create user cert requests", "user", org_id=self.org.id, user_id=self.id) raise self.read_file("private_key", key_path) try: args = ["openssl", "ca", "-batch"] if self.type == CERT_CA: args += ["-selfsign"] args += [ "-config", ssl_conf_path, "-in", reqs_path, "-out", cert_path, "-extensions", "%s_ext" % self.type.replace("_pool", ""), ] self.org.queue_com.popen(args) except (OSError, ValueError): logger.exception("Failed to create user cert", "user", org_id=self.org.id, user_id=self.id) raise self.read_file("certificate", cert_path) finally: try: utils.rmtree(temp_path) except subprocess.CalledProcessError: pass self.org.queue_com.wait_status() # If assign ip addr fails it will be corrected in ip sync task try: self.assign_ip_addr() except: logger.exception("Failed to assign users ip address", "user", org_id=self.org.id, user_id=self.id)