def validate_environment(self): if not pathutil.is_absolute_path(self.basedir): raise IncompatibleEnvironment( "Base directory setting is not absolute") pathutil.ensure_dir_exists(self.basedir, "base") pathutil.ensure_dir_exists(self.gtdir, "GT container") # check that we have some java javautil.check(self.basedir, log)
def _createCA(ca_name, basedir, cadir, log): javautil.check(basedir, log) # mkdir $cadir # mkdir $cadir/ca-certs # mkdir $cadir/trusted-certs # mkdir $cadir/user-certs os.mkdir(cadir) pathutil.ensure_dir_exists(cadir, "New CA directory") log.debug("Created %s" % cadir) cacertdir = pathutil.pathjoin(cadir, "ca-certs") os.mkdir(cacertdir) pathutil.ensure_dir_exists(cacertdir, "New CA certs directory") log.debug("Created %s" % cacertdir) trustedcertdir = pathutil.pathjoin(cadir, "trusted-certs") os.mkdir(trustedcertdir) pathutil.ensure_dir_exists(trustedcertdir, "New CA trusted certs directory") log.debug("Created %s" % trustedcertdir) usercertdir = pathutil.pathjoin(cadir, "user-certs") os.mkdir(usercertdir) pathutil.ensure_dir_exists(usercertdir, "New CA user certs directory") log.debug("Created %s" % usercertdir) # Create the cert via autocommon args = [cacertdir, ca_name] (exitcode, stdout, stderr) = javautil.run(basedir, log, EXE_CREATE_NEW_CA, args=args) runutil.generic_bailout("Problem creating CA.", exitcode, stdout, stderr) # Make the private key owner-readable only privkeyname = "private-key-" + ca_name + ".pem" cakeyfile = pathutil.pathjoin(cacertdir, privkeyname) pathutil.ensure_file_exists(cakeyfile, "New CA key") log.debug("file exists: %s" % cakeyfile) pathutil.make_path_rw_private(cakeyfile) pathutil.ensure_path_private(cakeyfile, "New CA key") log.debug("file made private: %s" % cakeyfile) # Copy the new certificate file to the "hash.0" version that some toolings # will expect. cacertfile = pathutil.pathjoin(cacertdir, ca_name + ".pem") pathutil.ensure_file_exists(cacertfile, "New CA cert") log.debug("file exists: %s" % cacertfile) args = [cacertfile] (exitcode, stdout, stderr) = javautil.run(basedir, log, EXE_GET_HASHED_CERT_NAME, args=args) runutil.generic_bailout("Problem finding hashed cert name.", exitcode, stdout, stderr) cacertfilehash = stdout.strip() log.debug("cert file hash is '%s'" % cacertfilehash) newpath = pathutil.pathjoin(cacertdir, cacertfilehash + ".0") shutil.copyfile(cacertfile, newpath) pathutil.ensure_file_exists(newpath, "New CA cert (hashed #1)") log.debug("file exists: %s" % newpath) newpath = pathutil.pathjoin(trustedcertdir, cacertfilehash + ".0") shutil.copyfile(cacertfile, newpath) pathutil.ensure_file_exists(newpath, "New CA cert (hashed #2)") log.debug("file exists: %s" % newpath) # Signing policy signing1 = pathutil.pathjoin(cacertdir, cacertfilehash + ".signing_policy") args = [cacertfile, signing1] (exitcode, stdout, stderr) = javautil.run(basedir, log, EXE_WRITE_SIGNING_POLICY, args=args) runutil.generic_bailout("Problem creating signing_policy file.", exitcode, stdout, stderr) pathutil.ensure_file_exists(signing1, "signing_policy file #1") log.debug("file exists: %s" % signing1) signing2 = pathutil.pathjoin(trustedcertdir, cacertfilehash + ".signing_policy") shutil.copyfile(signing1, signing2) pathutil.ensure_file_exists(signing2, "signing_policy file #2") log.debug("file exists: %s" % signing2) # CRL crl1 = pathutil.pathjoin(cacertdir, cacertfilehash + ".r0") args = [crl1, cacertfile, cakeyfile] (exitcode, stdout, stderr) = javautil.run(basedir, log, EXE_CREATE_CRL, args=args) runutil.generic_bailout("Problem creating revocation file.", exitcode, stdout, stderr) pathutil.ensure_file_exists(crl1, "revocation file #1") log.debug("file exists: %s" % crl1) crl2 = pathutil.pathjoin(trustedcertdir, cacertfilehash + ".r0") shutil.copyfile(crl1, crl2) pathutil.ensure_file_exists(crl2, "revocation file #2") log.debug("file exists: %s" % crl2)