def get_keypair(config = None): if not config: config = SfaConfig() hierarchy = Hierarchy() key_dir= hierarchy.basedir data_dir = config.data_path keyfile =data_dir + os.sep + "server.key" certfile = data_dir + os.sep + "server.cert" # check if files already exist if os.path.exists(keyfile) and os.path.exists(certfile): return (keyfile, certfile) # create temp keypair server key and certificate (_, tmp_keyfile) = tempfile.mkstemp(suffix='.pkey', prefix='tmpkey', dir='/tmp') (_, tmp_certfile) = tempfile.mkstemp(suffix='.cert', prefix='tmpcert', dir='/tmp') tmp_key = Keypair(create=True) tmp_key.save_to_file(tmp_keyfile) tmp_cert = Certificate(subject='subject') tmp_cert.set_issuer(key=tmp_key, subject='subject') tmp_cert.set_pubkey(tmp_key) tmp_cert.save_to_file(tmp_certfile, save_parents=True) # request real pkey from registry api = ComponentAPI(key_file=tmp_keyfile, cert_file=tmp_certfile) registry = api.get_registry() registry.get_key() key = Keypair(filename=keyfile) cert = Certificate(subject=hrn) cert.set_issuer(key=key, subject=hrn) cert.set_pubkey(key) cert.sign() cert.save_to_file(certfile, save_parents=True) return (keyfile, certfile)
def get_cert_file(self, key_file): cert_file = os.path.join(self.options.sfi_dir, self.user.replace(self.authority + '.', '') + ".cert") if (os.path.isfile(cert_file)): # we'd perfer to use Registry issued certs instead of self signed certs. # if this is a Registry cert (GID) then we are done gid = GID(filename=cert_file) if gid.get_urn(): return cert_file # generate self signed certificate k = Keypair(filename=key_file) cert = Certificate(subject=self.user) cert.set_pubkey(k) cert.set_issuer(k, self.user) cert.sign() self.logger.info("Writing self-signed certificate to %s"%cert_file) cert.save_to_file(cert_file) self.cert = cert # try to get registry issued cert try: self.logger.info("Getting Registry issued cert") self.read_config() # *hack. need to set registyr before _get_gid() is called self.registry = xmlrpcprotocol.get_server(self.reg_url, key_file, cert_file, timeout=self.options.timeout, verbose=self.options.debug) gid = self._get_gid(type='user') self.registry = None self.logger.info("Writing certificate to %s"%cert_file) gid.save_to_file(cert_file) except: self.logger.info("Failed to download Registry issued cert") return cert_file
def init_self_signed_cert(hrn, key, server_cert_file): logger.debug("generating self signed cert") # generate self signed certificate cert = Certificate(subject=hrn) cert.set_issuer(key=key, subject=hrn) cert.set_pubkey(key) cert.sign() cert.save_to_file(server_cert_file)
def create_server_keypair(keyfile=None, certfile=None, hrn="component", verbose=False): """ create the server key/cert pair in the right place """ key = Keypair(filename=keyfile) key.save_to_file(keyfile) cert = Certificate(subject=hrn) cert.set_issuer(key=key, subject=hrn) cert.set_pubkey(key) cert.sign() cert.save_to_file(certfile, save_parents=True)
def self_signed_cert_produce(self, output): self.assert_private_key() private_key_filename = self.private_key_filename() keypair = Keypair(filename=private_key_filename) self_signed = Certificate(subject=self.hrn) self_signed.set_pubkey(keypair) self_signed.set_issuer(keypair, self.hrn) self_signed.sign() self_signed.save_to_file(output) #self.logger.debug("SfaClientBootstrap: Created self-signed certificate for %s in %s"%\ #(self.hrn,output)) return output
def self_signed_cert_produce (self,output): self.assert_private_key() private_key_filename = self.private_key_filename() keypair=Keypair(filename=private_key_filename) self_signed = Certificate (subject = self.hrn) self_signed.set_pubkey (keypair) self_signed.set_issuer (keypair, self.hrn) self_signed.sign () self_signed.save_to_file (output) self.logger.debug("SfaClientBootstrap: Created self-signed certificate for %s in %s"%\ (self.hrn,output)) return output
def create_server_keypair(keyfile=None, certfile=None, hrn="component", verbose=False): """ create the server key/cert pair in the right place """ key = Keypair(filename=keyfile) key.save_to_file(keyfile) cert = Certificate(subject=hrn) cert.set_issuer(key=key, subject=hrn) cert.set_pubkey(key) cert.sign() cert.save_to_file(certfile, save_parents=True)
def get_node_key(registry=None, verbose=False): # this call requires no authentication, # so we can generate a random keypair here subject="component" (kfd, keyfile) = tempfile.mkstemp() (cfd, certfile) = tempfile.mkstemp() key = Keypair(create=True) key.save_to_file(keyfile) cert = Certificate(subject=subject) cert.set_issuer(key=key, subject=subject) cert.set_pubkey(key) cert.sign() cert.save_to_file(certfile) registry = server_proxy(url = registry, keyfile=keyfile, certfile=certfile) registry.get_key_from_incoming_ip()
def get_node_key(self): # this call requires no authentication, # so we can generate a random keypair here subject="component" (kfd, keyfile) = tempfile.mkstemp() (cfd, certfile) = tempfile.mkstemp() key = Keypair(create=True) key.save_to_file(keyfile) cert = Certificate(subject=subject) cert.set_issuer(key=key, subject=subject) cert.set_pubkey(key) cert.sign() cert.save_to_file(certfile) registry = self.get_registry() # the registry will scp the key onto the node registry.get_key()
def get_node_key(registry=None, verbose=False): # this call requires no authentication, # so we can generate a random keypair here subject = "component" (kfd, keyfile) = tempfile.mkstemp() (cfd, certfile) = tempfile.mkstemp() key = Keypair(create=True) key.save_to_file(keyfile) cert = Certificate(subject=subject) cert.set_issuer(key=key, subject=subject) cert.set_pubkey(key) cert.sign() cert.save_to_file(certfile) registry = server_proxy(url=registry, keyfile=keyfile, certfile=certfile) registry.get_key_from_incoming_ip()
def get_node_key(self): # this call requires no authentication, # so we can generate a random keypair here subject = "component" (kfd, keyfile) = tempfile.mkstemp() (cfd, certfile) = tempfile.mkstemp() key = Keypair(create=True) key.save_to_file(keyfile) cert = Certificate(subject=subject) cert.set_issuer(key=key, subject=subject) cert.set_pubkey(key) cert.sign() cert.save_to_file(certfile) registry = self.get_registry() # the registry will scp the key onto the node registry.get_key_from_incoming_ip()