def generate_certificate(cert_dir, uid, sid, role, email, cn, org, ca_cert=None):
"""Generates a new x509 certificate for a manager from scratch.
Creates a key, a request and then the certificate."""
# Get CA cert
if ca_cert is None:
ca_cert = file_get_contents(os.path.join(cert_dir, "ca_cert.pem"))
# Generate keypair
req_key = x509.gen_rsa_keypair()
# Generate certificate request
x509_req = x509.create_x509_req(req_key, userId=uid, serviceLocator=sid,
O=org, emailAddress=email, CN=cn, role=role)
# Sign the request
certificate = create_x509_cert(cert_dir, x509_req)
return { 'ca_cert': ca_cert,
'key': crypto.dump_privatekey(crypto.FILETYPE_PEM, req_key),
'cert': certificate }
def generate_certificate(cert_dir,
uid,
sid,
role,
email,
cn,
org,
ca_cert=None):
"""Generates a new x509 certificate for a manager from scratch.
Creates a key, a request and then the certificate."""
# Get CA cert
if ca_cert is None:
ca_cert = file_get_contents(os.path.join(cert_dir, "ca_cert.pem"))
# Generate keypair
req_key = x509.gen_rsa_keypair()
# Generate certificate request
x509_req = x509.create_x509_req(req_key,
userId=uid,
serviceLocator=sid,
O=org,
emailAddress=email,
CN=cn,
role=role)
# Sign the request
certificate = create_x509_cert(cert_dir, x509_req)
return {
'ca_cert': ca_cert,
'key': crypto.dump_privatekey(crypto.FILETYPE_PEM, req_key),
'cert': certificate
}
else:
# If DIRECTOR_URL does not exist, just trust platform.node()
hostname = platform.node()
#try:
# hostname = sys.argv[1]
#except IndexError:
# hostname = rlinput('Please enter your host ip: ', hostname)
# create CA keypair
cakey = x509.gen_rsa_keypair()
# save ca_key.pem to filesystem
open(os.path.join(CERT_DIR, 'ca_key.pem'), 'w').write(x509.key_as_pem(cakey))
# create cert request
req = x509.create_x509_req(cakey, CN='CA', emailAddress='*****@*****.**',
O='ConPaaS')
five_years = 60 * 60 * 24 * 365 * 5
# create ca certificate, valid for five years
cacert = x509.create_cert(
req=req,
issuer_cert=req,
issuer_key=cakey,
serial=random.randint(1, sys.maxint),
not_before=0,
not_after=five_years)
# save ca_cert.pem to filesystem
open(os.path.join(CERT_DIR, 'ca_cert.pem'), 'w').write(
x509.cert_as_pem(cacert))
hostname = platform.node()
try:
hostname = sys.argv[1]
except IndexError:
hostname = rlinput('Please enter your hostname: ', hostname)
# create CA keypair
cakey = x509.gen_rsa_keypair()
# save ca_key.pem to filesystem
open(os.path.join(CERT_DIR, 'ca_key.pem'), 'w').write(x509.key_as_pem(cakey))
# create cert request
req = x509.create_x509_req(cakey,
CN='CA',
emailAddress='*****@*****.**',
O='ConPaaS')
five_years = 60 * 60 * 24 * 365 * 5
# create ca certificate, valid for five years
cacert = x509.create_cert(req=req,
issuer_cert=req,
issuer_key=cakey,
serial=random.randint(1, sys.maxint),
not_before=0,
not_after=five_years)
# save ca_cert.pem to filesystem
open(os.path.join(CERT_DIR, 'ca_cert.pem'),
'w').write(x509.cert_as_pem(cacert))