def genCaRpm_dependencies(d): """ generates ssl cert RPM. """ gendir(d['--dir']) ca_cert_name = os.path.basename(d['--ca-cert']) ca_cert = os.path.join(d['--dir'], ca_cert_name) dependencyCheck(ca_cert)
def genServerCertReq_dependencies(d): """ private server cert request generation """ serverKeyPairDir = os.path.join(d['--dir'], d['--set-hostname']) gendir(serverKeyPairDir) server_key = os.path.join(serverKeyPairDir, os.path.basename(d['--server-key'])) dependencyCheck(server_key)
def genPrivateCaKey(password, d, verbosity=0, forceYN=0): """ private CA key generation """ gendir(d['--dir']) ca_key = os.path.join(d['--dir'], os.path.basename(d['--ca-key'])) if not forceYN and os.path.exists(ca_key): sys.stderr.write("""\ ERROR: a CA private key already exists: %s If you wish to generate a new one, use the --force option. """ % ca_key) sys.exit(errnoGeneralError) args = ("/usr/bin/openssl genrsa -passout pass:%s %s -out %s 4096" % ('%s', CRYPTO, repr(cleanupAbsPath(ca_key)))) if verbosity >= 0: print("Generating private CA key: %s" % ca_key) if verbosity > 1: print("Commandline:", args % "PASSWORD") try: rotated = rotateFile(filepath=ca_key, verbosity=verbosity) if verbosity >= 0 and rotated: print("Rotated: %s --> %s" % (d['--ca-key'], os.path.basename(rotated))) except ValueError: pass cwd = chdir(_getWorkDir()) try: ret, out_stream, err_stream = rhn_popen(args % repr(password)) finally: chdir(cwd) out = out_stream.read().decode('utf-8') out_stream.close() err = err_stream.read().decode('utf-8') err_stream.close() if ret: raise GenPrivateCaKeyException("Certificate Authority private SSL " "key generation failed:\n%s\n%s" % (out, err)) if verbosity > 2: if out: print("STDOUT:", out) if err: print("STDERR:", err) # permissions: os.chmod(ca_key, 0o600)
def genServerKey(d, verbosity=0): """ private server key generation """ serverKeyPairDir = os.path.join(d['--dir'], d['--set-hostname']) gendir(serverKeyPairDir) server_key = os.path.join(serverKeyPairDir, os.path.basename(d['--server-key'])) args = ("/usr/bin/openssl genrsa -out %s 2048" % (repr(cleanupAbsPath(server_key)))) # generate the server key if verbosity >= 0: print("\nGenerating the web server's SSL private key: %s" % server_key) if verbosity > 1: print("Commandline:", args) try: rotated = rotateFile(filepath=server_key, verbosity=verbosity) if verbosity >= 0 and rotated: print("Rotated: %s --> %s" % (d['--server-key'], os.path.basename(rotated))) except ValueError: pass cwd = chdir(_getWorkDir()) try: ret, out_stream, err_stream = rhn_popen(args) finally: chdir(cwd) out = out_stream.read().decode('utf-8') out_stream.close() err = err_stream.read().decode('utf-8') err_stream.close() if ret: raise GenServerKeyException("web server's SSL key generation failed:\n%s\n%s" % (out, err)) if verbosity > 2: if out: print("STDOUT:", out) if err: print("STDERR:", err) # permissions: os.chmod(server_key, 0o600)
def genProxyServerTarball_dependencies(d): """ dependency check for the step that generates RHN Proxy Server's tar archive containing its SSL key set + CA certificate. """ serverKeySetDir = os.path.join(d['--dir'], d['--set-hostname']) gendir(serverKeySetDir) ca_cert = pathJoin(d['--dir'], d['--ca-cert']) server_key = pathJoin(serverKeySetDir, d['--server-key']) server_cert = pathJoin(serverKeySetDir, d['--server-cert']) server_cert_req = pathJoin(serverKeySetDir, d['--server-cert-req']) dependencyCheck(ca_cert) dependencyCheck(server_key) dependencyCheck(server_cert) dependencyCheck(server_cert_req)
def genServerRpm_dependencies(d): """ generates server's SSL key set RPM - dependencies check """ serverKeyPairDir = os.path.join(d['--dir'], d['--set-hostname']) gendir(serverKeyPairDir) server_key_name = os.path.basename(d['--server-key']) server_key = os.path.join(serverKeyPairDir, server_key_name) server_cert_name = os.path.basename(d['--server-cert']) server_cert = os.path.join(serverKeyPairDir, server_cert_name) server_cert_req_name = os.path.basename(d['--server-cert-req']) server_cert_req = os.path.join(serverKeyPairDir, server_cert_req_name) dependencyCheck(server_key) dependencyCheck(server_cert) dependencyCheck(server_cert_req)
def genPublicCaCert_dependencies(password, d, forceYN=0): """ public CA certificate (client-side) generation """ gendir(d['--dir']) ca_key = os.path.join(d['--dir'], os.path.basename(d['--ca-key'])) ca_cert = os.path.join(d['--dir'], os.path.basename(d['--ca-cert'])) if not forceYN and os.path.exists(ca_cert): sys.stderr.write("""\ ERROR: a CA public certificate already exists: %s If you wish to generate a new one, use the --force option. """ % ca_cert) sys.exit(errnoGeneralError) dependencyCheck(ca_key) if password is None: sys.stderr.write('ERROR: a CA password must be supplied.\n') sys.exit(errnoGeneralError)
def genServerCert_dependencies(password, d): """ server cert generation and signing dependency check """ if password is None: sys.stderr.write('ERROR: a CA password must be supplied.\n') sys.exit(errnoGeneralError) serverKeyPairDir = os.path.join(d['--dir'], d['--set-hostname']) gendir(serverKeyPairDir) ca_key = os.path.join(d['--dir'], os.path.basename(d['--ca-key'])) ca_cert = os.path.join(d['--dir'], os.path.basename(d['--ca-cert'])) server_cert_req = os.path.join(serverKeyPairDir, os.path.basename(d['--server-cert-req'])) ca_openssl_cnf = os.path.join(d['--dir'], CA_OPENSSL_CNF_NAME) dependencyCheck(ca_openssl_cnf) dependencyCheck(ca_key) dependencyCheck(ca_cert) dependencyCheck(server_cert_req)