def get_cert(project_id, cert_ref, **kwargs): """Retrieves the specified cert. :param project_id: Project ID for the owner of the certificate :param cert_ref: the UUID of the cert to retrieve :return: octavia.certificates.common.Cert representation of the certificate data :raises CertificateStorageException: if certificate retrieval fails """ LOG.info( _LI("Loading certificate {0} from the local filesystem.").format( cert_ref)) filename_base = os.path.join(CONF.certificates.storage_path, cert_ref) filename_certificate = "{0}.crt".format(filename_base, cert_ref) filename_private_key = "{0}.key".format(filename_base, cert_ref) filename_intermediates = "{0}.int".format(filename_base, cert_ref) filename_pkp = "{0}.pass".format(filename_base, cert_ref) cert_data = dict() try: with open(filename_certificate, 'r') as cert_file: cert_data['certificate'] = cert_file.read() except IOError: LOG.error( _LE("Failed to read certificate for {0}.").format(cert_ref)) raise exceptions.CertificateStorageException( msg="Certificate could not be read.") try: with open(filename_private_key, 'r') as key_file: cert_data['private_key'] = key_file.read() except IOError: LOG.error( _LE("Failed to read private key for {0}.").format(cert_ref)) raise exceptions.CertificateStorageException( msg="Private Key could not be read.") try: with open(filename_intermediates, 'r') as int_file: cert_data['intermediates'] = int_file.read() except IOError: pass try: with open(filename_pkp, 'r') as pass_file: cert_data['private_key_passphrase'] = pass_file.read() except IOError: pass return local_common.LocalCert(**cert_data)
def get_cert(context, cert_ref, **kwargs): """Retrieves the specified cert. :param context: Ignored in this implementation :param cert_ref: the UUID of the cert to retrieve :return: octavia.certificates.common.Cert representation of the certificate data :raises CertificateStorageException: if certificate retrieval fails """ LOG.info("Loading certificate %s from the local filesystem.", cert_ref) filename_base = os.path.join(CONF.certificates.storage_path, cert_ref) filename_certificate = "{0}.crt".format(filename_base) filename_private_key = "{0}.key".format(filename_base) filename_intermediates = "{0}.int".format(filename_base) filename_pkp = "{0}.pass".format(filename_base) cert_data = dict() flags = os.O_RDONLY try: with os.fdopen(os.open(filename_certificate, flags)) as cert_file: cert_data['certificate'] = cert_file.read() except IOError: LOG.error("Failed to read certificate for %s.", cert_ref) raise exceptions.CertificateStorageException( msg="Certificate could not be read.") try: with os.fdopen(os.open(filename_private_key, flags)) as key_file: cert_data['private_key'] = key_file.read() except IOError: LOG.error("Failed to read private key for %s", cert_ref) raise exceptions.CertificateStorageException( msg="Private Key could not be read.") try: with os.fdopen(os.open(filename_intermediates, flags)) as int_file: cert_data['intermediates'] = int_file.read() cert_data['intermediates'] = list( cert_parser.get_intermediates_pems(cert_data['intermediates'])) except IOError: pass try: with os.fdopen(os.open(filename_pkp, flags)) as pass_file: cert_data['private_key_passphrase'] = pass_file.read() except IOError: pass return local_common.LocalCert(**cert_data)
def delete_cert(project_id, cert_ref, **kwargs): """Deletes the specified cert. :param project_id: Ignored in this implementation :param cert_ref: the UUID of the cert to delete :raises CertificateStorageException: if certificate deletion fails """ LOG.info("Deleting certificate %s from the local filesystem.", cert_ref) filename_base = os.path.join(CONF.certificates.storage_path, cert_ref) filename_certificate = "{0}.crt".format(filename_base) filename_private_key = "{0}.key".format(filename_base) filename_intermediates = "{0}.int".format(filename_base) filename_pkp = "{0}.pass".format(filename_base) try: os.remove(filename_certificate) os.remove(filename_private_key) os.remove(filename_intermediates) os.remove(filename_pkp) except IOError as ioe: LOG.error("Failed to delete certificate %s", cert_ref) raise exceptions.CertificateStorageException(message=ioe.message)
def delete_cert(project_id, cert_ref, **kwargs): """Deletes the specified cert. :param project_id: Project ID for the owner of the certificate :param cert_ref: the UUID of the cert to delete :raises CertificateStorageException: if certificate deletion fails """ LOG.info( _LI("Deleting certificate {0} from the local filesystem.").format( cert_ref)) filename_base = os.path.join(CONF.certificates.storage_path, cert_ref) filename_certificate = "{0}.crt".format(filename_base, cert_ref) filename_private_key = "{0}.key".format(filename_base, cert_ref) filename_intermediates = "{0}.int".format(filename_base, cert_ref) filename_pkp = "{0}.pass".format(filename_base, cert_ref) try: os.remove(filename_certificate) os.remove(filename_private_key) if os.path.exists(filename_intermediates): os.remove(filename_intermediates) if os.path.exists(filename_pkp): os.remove(filename_pkp) except IOError as ioe: LOG.error( _LE("Failed to delete certificate {0}.").format(cert_ref)) raise exceptions.CertificateStorageException(message=ioe.message)
def store_cert(context, certificate, private_key, intermediates=None, private_key_passphrase=None, **kwargs): """Stores (i.e., registers) a cert with the cert manager. This method stores the specified cert to the filesystem and returns a UUID that can be used to retrieve it. :param context: Ignored in this implementation :param certificate: PEM encoded TLS certificate :param private_key: private key for the supplied certificate :param intermediates: ordered and concatenated intermediate certs :param private_key_passphrase: optional passphrase for the supplied key :returns: the UUID of the stored cert :raises CertificateStorageException: if certificate storage fails """ cert_ref = str(uuid.uuid4()) filename_base = os.path.join(CONF.certificates.storage_path, cert_ref) if type(certificate) == six.binary_type: certificate = certificate.decode('utf-8') if type(private_key) == six.binary_type: private_key = private_key.decode('utf-8') LOG.info("Storing certificate data on the local filesystem.") try: filename_certificate = "{0}.crt".format(filename_base) flags = os.O_WRONLY | os.O_CREAT mode = stat.S_IRUSR | stat.S_IWUSR # mode 0600 with os.fdopen(os.open( filename_certificate, flags, mode), 'w') as cert_file: cert_file.write(certificate) filename_private_key = "{0}.key".format(filename_base) with os.fdopen(os.open( filename_private_key, flags, mode), 'w') as key_file: key_file.write(private_key) if intermediates: filename_intermediates = "{0}.int".format(filename_base) if type(intermediates) == six.binary_type: intermediates = intermediates.decode('utf-8') with os.fdopen(os.open( filename_intermediates, flags, mode), 'w') as int_file: int_file.write(intermediates) if private_key_passphrase: filename_pkp = "{0}.pass".format(filename_base) if type(private_key_passphrase) == six.binary_type: private_key_passphrase = private_key_passphrase.decode( 'utf-8') with os.fdopen(os.open( filename_pkp, flags, mode), 'w') as pass_file: pass_file.write(private_key_passphrase) except IOError as ioe: LOG.error("Failed to store certificate.") raise exceptions.CertificateStorageException(message=ioe.message) return cert_ref
def store_cert(self, context, certificate, private_key, intermediates=None, private_key_passphrase=None, expiration=None, name="PKCS12 Certificate Bundle"): """Stores a certificate in the certificate manager. :param context: Oslo context of the request :param certificate: PEM encoded TLS certificate :param private_key: private key for the supplied certificate :param intermediates: ordered and concatenated intermediate certs :param private_key_passphrase: optional passphrase for the supplied key :param expiration: the expiration time of the cert in ISO 8601 format :param name: a friendly name for the cert :returns: the container_ref of the stored cert :raises Exception: if certificate storage fails """ connection = self.auth.get_barbican_client(context.project_id) LOG.info("Storing certificate secret '%s' in Barbican.", name) p12 = crypto.PKCS12() p12.set_friendlyname(encodeutils.to_utf8(name)) x509_cert = crypto.load_certificate(crypto.FILETYPE_PEM, certificate) p12.set_certificate(x509_cert) x509_pk = crypto.load_privatekey(crypto.FILETYPE_PEM, private_key) p12.set_privatekey(x509_pk) if intermediates: cert_ints = list(cert_parser.get_intermediates_pems(intermediates)) x509_ints = [ crypto.load_certificate(crypto.FILETYPE_PEM, ci) for ci in cert_ints ] p12.set_ca_certificates(x509_ints) if private_key_passphrase: raise exceptions.CertificateStorageException( "Passphrase protected PKCS12 certificates are not supported.") try: certificate_secret = connection.secrets.create( payload=p12.export(), expiration=expiration, name=name) certificate_secret.store() return certificate_secret.secret_ref except Exception as e: with excutils.save_and_reraise_exception(): LOG.error('Error storing certificate data: %s', str(e)) return None
def store_cert(self, context, certificate, private_key, intermediates=None, private_key_passphrase=None, expiration=None, name="PKCS12 Certificate Bundle"): p12 = crypto.PKCS12() p12.set_certificate(certificate) p12.set_privatekey(private_key) if intermediates: p12.set_ca_certificates(intermediates) if private_key_passphrase: raise exceptions.CertificateStorageException( "Passphrases protected PKCS12 certificates are not supported.") p12_data = opaque_data.OpaqueData(p12.export(), name=name) self.manager.store(context, p12_data)
def store_cert(project_id, certificate, private_key, intermediates=None, private_key_passphrase=None, **kwargs): """Stores (i.e., registers) a cert with the cert manager. This method stores the specified cert to the filesystem and returns a UUID that can be used to retrieve it. :param project_id: Project ID for the owner of the certificate :param certificate: PEM encoded TLS certificate :param private_key: private key for the supplied certificate :param intermediates: ordered and concatenated intermediate certs :param private_key_passphrase: optional passphrase for the supplied key :returns: the UUID of the stored cert :raises CertificateStorageException: if certificate storage fails """ cert_ref = str(uuid.uuid4()) filename_base = os.path.join(CONF.certificates.storage_path, cert_ref) LOG.info(_LI("Storing certificate data on the local filesystem.")) try: filename_certificate = "{0}.crt".format(filename_base, cert_ref) with open(filename_certificate, 'w') as cert_file: cert_file.write(certificate) filename_private_key = "{0}.key".format(filename_base, cert_ref) with open(filename_private_key, 'w') as key_file: key_file.write(private_key) if intermediates: filename_intermediates = "{0}.int".format( filename_base, cert_ref) with open(filename_intermediates, 'w') as int_file: int_file.write(intermediates) if private_key_passphrase: filename_pkp = "{0}.pass".format(filename_base, cert_ref) with open(filename_pkp, 'w') as pass_file: pass_file.write(private_key_passphrase) except IOError as ioe: LOG.error(_LE("Failed to store certificate.")) raise exceptions.CertificateStorageException(message=ioe.message) return cert_ref