def run(self):
"""
naSetup hook.
"""
randgen = random.SystemRandom()
# Create the initial nixAuth CA with a randomly generated password
self.ca.fromTemplate('nixAuth Default', "%x" %randgen.getrandbits(256) )
# TODO: Fix these once the SSL libraries are completed
# Create SSL key and CSR
from lib.ssl import openssl
from conf.SSL import CA_Config
from data.SSL import CA_Roots
config_file = CA_Config.getPath('nixAuth Default')
ssl = openssl.OpenSSL()
ca_root = CA_Roots.getCARoot(CA_Config.getFSName('nixAuth Default'))
key_name = "%s.%s" %(self.na_setup_config['hostName'],self.na_setup_config['dnsDomain'])
key_loc = "%s/keys/%s.key" %(ca_root,key_name)
key_cmd = "genrsa -config \"%s\" -out \"%s\" 2048 " %(config_file,key_loc)
key_info = ssl.runOpenSSL(key_cmd)
if key_info['return_value']:
raise SSLSetupError('Error creating SSL key: %s' %key_info['stderr'])
csr_loc = "%s/keys/%s.%s.csr" %(ca_root,self.na_setup_config['hostName'],self.na_setup_config['dnsDomain'])
csr_cmd = "req -config \"%s\" -new -batch -key \"%s\" -out \"%s\"" %(config_file,key_loc,csr_loc)
csr_info = ssl.runOpenSSL(csr_cmd)
if csr_info['return_value']:
raise SSLSetupError('Error creating SSL CSR: %s' %csr_info['stderr'])
# Sign the CSR using the CA
try:
self.ca.signCSR('nixAuthDefault', key_name)
except:
raise
return self.my_na_setup_config_fragment
