def _update_certificates(self): """Delete and insert certificates needed for syncing from CDN repositories.""" # Remove all previously used certs/keys self._remove_certificates() # Read RHSM cert f = open(constants.CA_CERT_PATH, 'r') try: ca_cert = f.read() finally: if f is not None: f.close() if not satCerts.verify_certificate_dates(str(ca_cert)): log2(0, 0, "WARNING: '%s' certificate is not valid." % constants.CA_CERT_PATH, stream=sys.stderr) # Insert RHSM cert and certs from manifest into DB satCerts.store_rhnCryptoKey( constants.CA_CERT_NAME, ca_cert, None) for entitlement in self.manifest.get_all_entitlements(): creds = entitlement.get_credentials() cert_name = constants.CLIENT_CERT_PREFIX + creds.get_id() key_name = constants.CLIENT_KEY_PREFIX + creds.get_id() if not satCerts.verify_certificate_dates(str(creds.get_cert())): log2(0, 0, "WARNING: '%s' certificate is not valid." % cert_name, stream=sys.stderr) satCerts.store_rhnCryptoKey(cert_name, creds.get_cert(), None) satCerts.store_rhnCryptoKey(key_name, creds.get_key(), None)
def get_single_ssl_set(keys, check_dates=False): """Picks one of available SSL sets for given repository.""" if check_dates: for ssl_set in keys: if verify_certificate_dates(str(ssl_set['ca_cert'])) and \ (not ssl_set['client_cert'] or verify_certificate_dates(str(ssl_set['client_cert']))): return ssl_set # Get first else: return keys[0] return None
def get_crypto_keys(self, check_dates=False): ssl_query = rhnSQL.prepare(""" select description, key from rhnCryptoKey where id = :id """) keys = {} ssl_query.execute(id=self.ca_cert) row = ssl_query.fetchone_dict() keys['ca_cert'] = (str(row['description']), str(row['key'])) ssl_query.execute(id=self.client_cert) row = ssl_query.fetchone_dict() keys['client_cert'] = (str(row['description']), str(row['key'])) ssl_query.execute(id=self.client_key) row = ssl_query.fetchone_dict() keys['client_key'] = (str(row['description']), str(row['key'])) # Check if SSL certificates are usable if check_dates: failed = 0 for key in (keys['ca_cert'], keys['client_cert']): if not verify_certificate_dates(key[1]): log( 1, "WARNING: Problem with dates in certificate '%s'. " "Please check validity of this certificate." % key[0]) failed += 1 if failed: return {} return keys
def get_crypto_keys(self, check_dates=False): ssl_query = rhnSQL.prepare(""" select description, key, org_id from rhnCryptoKey where id = :id """) keys = {} ssl_query.execute(id=self.ca_cert) row = ssl_query.fetchone_dict() keys['ca_cert'] = (str(row['description']), str(row['key']), row['org_id']) ssl_query.execute(id=self.client_cert) row = ssl_query.fetchone_dict() keys['client_cert'] = (str(row['description']), str(row['key']), row['org_id']) ssl_query.execute(id=self.client_key) row = ssl_query.fetchone_dict() keys['client_key'] = (str(row['description']), str(row['key']), row['org_id']) # Check if SSL certificates are usable if check_dates: failed = 0 for key in (keys['ca_cert'], keys['client_cert']): if not verify_certificate_dates(key[1]): log(1, "WARNING: Problem with dates in certificate '%s'. " "Please check validity of this certificate." % key[0]) failed += 1 if failed: return {} return keys
def print_cdn_certificates_info(self, repos=False): keys = self._get_cdn_certificate_keys_and_certs() if not keys: log2( 0, 0, "No SSL certificates were found. Is your %s activated for CDN?" % PRODUCT_NAME, stream=sys.stderr) sys.exit(1) for key in keys: log(0, "======================================") log(0, "| Certificate/Key: %s" % key['description']) log(0, "======================================") if constants.CA_CERT_NAME == key[ 'description'] or constants.CLIENT_CERT_PREFIX in key[ 'description']: if not verify_certificate_dates(str(key['key'])): log(0, "WARNING: This certificate is not valid.") cn, serial_number, not_before, not_after = get_certificate_info( str(key['key'])) log(0, "Common name: %s" % str(cn)) log(0, "Serial number: %s" % str(serial_number)) log(0, "Valid from: %s" % str(not_before)) log(0, "Valid to: %s" % str(not_after)) if constants.CLIENT_CERT_PREFIX in key['description']: manager = CdnRepositoryManager(client_cert_id=int(key['id'])) self.cdn_repository_manager = manager log(0, "Provided channels:") channel_tree, not_available_channels = self._tree_available_channels( ) if not channel_tree: log(0, " NONE") for base_channel in sorted(channel_tree): if base_channel not in not_available_channels: log(0, " * %s" % base_channel) elif channel_tree[base_channel]: log( 0, " * %s (only child channels provided)" % base_channel) for child_channel in sorted(channel_tree[base_channel]): log(0, " * %s" % child_channel) if repos: log(0, "Provided repositories:") provided_repos = self.cdn_repository_manager.list_provided_repos( key['id']) for repo in sorted(provided_repos): log(0, " %s" % repo) log(0, "")
def print_cdn_certificates_info(self, repos=False): h = rhnSQL.prepare(""" SELECT ck.id, ck.description, ck.key FROM rhnCryptoKeyType ckt, rhnCryptoKey ck WHERE ckt.label = 'SSL' AND ckt.id = ck.crypto_key_type_id AND ck.description LIKE 'CDN_%' AND ck.org_id is NULL ORDER BY ck.description """) h.execute() keys = h.fetchall_dict() or [] if not keys: log2(0, 0, "No SSL certificates were found. Is your %s activated for CDN?" % PRODUCT_NAME, stream=sys.stderr) return for key in keys: log(0, "======================================") log(0, "| Certificate/Key: %s" % key['description']) log(0, "======================================") if constants.CA_CERT_NAME == key['description'] or constants.CLIENT_CERT_PREFIX in key['description']: if not verify_certificate_dates(str(key['key'])): log(0, "WARNING: This certificate is not valid.") cn, serial_number, not_before, not_after = get_certificate_info(str(key['key'])) log(0, "Common name: %s" % str(cn)) log(0, "Serial number: %s" % str(serial_number)) log(0, "Valid from: %s" % str(not_before)) log(0, "Valid to: %s" % str(not_after)) if constants.CLIENT_CERT_PREFIX in key['description']: manager = CdnRepositoryManager(client_cert_id=int(key['id'])) self.cdn_repository_manager = manager log(0, "Provided channels:") channel_tree, not_available_channels = self._tree_available_channels() if not channel_tree: log(0, " NONE") for base_channel in sorted(channel_tree): if base_channel not in not_available_channels: log(0, " * %s" % base_channel) elif channel_tree[base_channel]: log(0, " * %s (only child channels provided)" % base_channel) for child_channel in sorted(channel_tree[base_channel]): log(0, " * %s" % child_channel) if repos: log(0, "Provided repositories:") provided_repos = self.cdn_repository_manager.list_provided_repos(key['id']) for repo in sorted(provided_repos): log(0, " %s" % repo) log(0, "")
def _msg_array_if_not_activated(self): error_messages = [] keys = self._get_cdn_certificate_keys_and_certs() if not keys: error_messages.append("ERROR: Your %s is not activated for CDN\n" "(to see details about currently used SSL certificates for accessing CDN:" " /usr/bin/cdn-sync --cdn-certs)" % PRODUCT_NAME) else: found_valid_key = False for key in keys: if not found_valid_key: if (constants.CA_CERT_NAME == key['description'] or constants.CLIENT_CERT_PREFIX in key['description']): if verify_certificate_dates(str(key['key'])): found_valid_key = True if not found_valid_key: error_messages.append("ERROR: Your %s has no valid SSL certificates for accessing CDN\n" "(to see details about currently used SSL certificates for accessing CDN:" " /usr/bin/cdn-sync --cdn-certs)" % PRODUCT_NAME) return error_messages
def _msg_array_if_not_activated(self): error_messages = [] keys = self._get_cdn_certificate_keys_and_certs() if not keys: error_messages.append("ERROR: Your %s is not activated for CDN\n" "(to see details about currently used SSL certificates for accessing CDN:" " /usr/bin/cdn-sync --cdn-certs)" % PRODUCT_NAME) else: found_valid_key = False for key in keys: if not found_valid_key: if (constants.CA_CERT_NAME == key['description'] or constants.CLIENT_CERT_PREFIX in key['description']): if verify_certificate_dates(str(key['key'])): found_valid_key = True if not found_valid_key: error_messages.append("ERROR: Your %s has no valid SSL certificates for accessing CDN\n" "(to see details about currently used SSL certificates for accessing CDN:" " /usr/bin/cdn-sync --cdn-certs)" % PRODUCT_NAME) return error_messages
def print_cdn_certificates_info(self, repos=False): keys = self._get_cdn_certificate_keys_and_certs() if not keys: log2(0, 0, "No SSL certificates were found. Is your %s activated for CDN?" % PRODUCT_NAME, stream=sys.stderr) sys.exit(1) for key in keys: log(0, "======================================") log(0, "| Certificate/Key: %s" % key['description']) log(0, "======================================") if constants.CA_CERT_NAME == key['description'] or constants.CLIENT_CERT_PREFIX in key['description']: if not verify_certificate_dates(str(key['key'])): log(0, "WARNING: This certificate is not valid.") cn, serial_number, not_before, not_after = get_certificate_info(str(key['key'])) log(0, "Common name: %s" % str(cn)) log(0, "Serial number: %s" % str(serial_number)) log(0, "Valid from: %s" % str(not_before)) log(0, "Valid to: %s" % str(not_after)) if constants.CLIENT_CERT_PREFIX in key['description']: manager = CdnRepositoryManager(client_cert_id=int(key['id'])) self.cdn_repository_manager = manager log(0, "Provided channels:") channel_tree, not_available_channels = self._tree_available_channels() if not channel_tree: log(0, " NONE") for base_channel in sorted(channel_tree): if base_channel not in not_available_channels: log(0, " * %s" % base_channel) elif channel_tree[base_channel]: log(0, " * %s (only child channels provided)" % base_channel) for child_channel in sorted(channel_tree[base_channel]): log(0, " * %s" % child_channel) if repos: log(0, "Provided repositories:") provided_repos = self.cdn_repository_manager.list_provided_repos(key['id']) for repo in sorted(provided_repos): log(0, " %s" % repo) log(0, "")
def print_cdn_certificates_info(self, repos=False): h = rhnSQL.prepare(""" SELECT ck.id, ck.description, ck.key FROM rhnCryptoKeyType ckt, rhnCryptoKey ck WHERE ckt.label = 'SSL' AND ckt.id = ck.crypto_key_type_id AND ck.description LIKE 'CDN_%' AND ck.org_id is NULL ORDER BY ck.description """) h.execute() keys = h.fetchall_dict() or [] if not keys: log2( 0, 0, "No SSL certificates were found. Is your %s activated for CDN?" % PRODUCT_NAME, stream=sys.stderr) return for key in keys: log(0, "======================================") log(0, "| Certificate/Key: %s" % key['description']) log(0, "======================================") if constants.CA_CERT_NAME == key[ 'description'] or constants.CLIENT_CERT_PREFIX in key[ 'description']: if not verify_certificate_dates(str(key['key'])): log(0, "WARNING: This certificate is not valid.") cn, serial_number, not_before, not_after = get_certificate_info( str(key['key'])) log(0, "Common name: %s" % str(cn)) log(0, "Serial number: %s" % str(serial_number)) log(0, "Valid from: %s" % str(not_before)) log(0, "Valid to: %s" % str(not_after)) if constants.CLIENT_CERT_PREFIX in key['description']: manager = CdnRepositoryManager(client_cert_id=int(key['id'])) self.cdn_repository_manager = manager log(0, "Provided channels:") channel_tree, not_available_channels = self._tree_available_channels( ) if not channel_tree: log(0, " NONE") for base_channel in sorted(channel_tree): if base_channel not in not_available_channels: log(0, " * %s" % base_channel) elif channel_tree[base_channel]: log( 0, " * %s (only child channels provided)" % base_channel) for child_channel in sorted(channel_tree[base_channel]): log(0, " * %s" % child_channel) if repos: log(0, "Provided repositories:") provided_repos = self.cdn_repository_manager.list_provided_repos( key['id']) for repo in sorted(provided_repos): log(0, " %s" % repo) log(0, "")