def ca_credentials_error(self): try: pki.validate_certificate_common_name(self.ca_credentials.cert, self.name) pki.validate_ca_certificate_constraints(self.ca_credentials.cert) except pki.InvalidCertificate as e: return str(e)
def credentials_error(self): try: pki.verify_certificate_chain(self.cluster.ca_credentials.cert, self.credentials.cert) pki.validate_certificate_common_name(self.credentials.cert, self.name) if self.groups: pki.validate_certificate_organizations(self.credentials.cert, self.groups.split(',')) pki.validate_certificate_key_usage(self.credentials.cert, is_web_server=False, is_web_client=True) except pki.InvalidCertificate as e: return str(e)
def credentials_error(self): try: pki.verify_certificate_chain(self.cluster.ca_credentials.cert, self.credentials.cert) pki.validate_certificate_common_name(self.credentials.cert, 'system:node:' + self.fqdn) pki.validate_certificate_hosts( self.credentials.cert, self.certificate_alternative_dns_names) pki.validate_certificate_organizations(self.credentials.cert, ['system:nodes']) pki.validate_certificate_key_usage(self.credentials.cert, is_web_server=True, is_web_client=True) except pki.InvalidCertificate as e: return str(e)