예제 #1
0
    def _process_tls_certificates(self, listener):
        """Processes TLS data from the listener.

        Converts and uploads PEM data to the Amphora API

        return TLS_CERT and SNI_CERTS
        """
        data = []

        certs = cert_parser.load_certificates_data(
            self.cert_manager, listener)
        sni_containers = certs['sni_certs']
        tls_cert = certs['tls_cert']
        if certs['tls_cert'] is not None:
            data.append(cert_parser.build_pem(tls_cert))
        if sni_containers:
            for sni_cont in sni_containers:
                data.append(cert_parser.build_pem(sni_cont))

        if data:
            cert_dir = os.path.join(self.amp_config.base_cert_dir, listener.id)
            listener_cert = '{0}/{1}.pem'.format(cert_dir, tls_cert.primary_cn)
            self._exec_on_amphorae(
                listener.load_balancer.amphorae, [
                    'chmod 600 {0}/*.pem'.format(cert_dir)],
                make_dir=cert_dir,
                data=data, upload_dir=listener_cert)

        return certs
예제 #2
0
    def _process_tls_certificates(self, listener):
        """Processes TLS data from the listener.

        Converts and uploads PEM data to the Amphora API

        return TLS_CERT and SNI_CERTS
        """
        data = []

        certs = cert_parser.load_certificates_data(self.cert_manager, listener)
        sni_containers = certs['sni_certs']
        tls_cert = certs['tls_cert']
        if certs['tls_cert'] is not None:
            data.append(cert_parser.build_pem(tls_cert))
        if sni_containers:
            for sni_cont in sni_containers:
                data.append(cert_parser.build_pem(sni_cont))

        if data:
            cert_dir = os.path.join(self.amp_config.base_cert_dir, listener.id)
            listener_cert = '{0}/{1}.pem'.format(cert_dir, tls_cert.primary_cn)
            self._exec_on_amphorae(listener.load_balancer.amphorae,
                                   ['chmod 600 {0}/*.pem'.format(cert_dir)],
                                   make_dir=cert_dir,
                                   data=data,
                                   upload_dir=listener_cert)

        return certs
예제 #3
0
    def _process_tls_certificates(self, listener):
        """Processes TLS data from the listener.

        Converts and uploads PEM data to the Amphora API

        return TLS_CERT and SNI_CERTS
        """
        tls_cert = None
        sni_certs = []
        certs = []

        data = cert_parser.load_certificates_data(
            self.cert_manager, listener)
        if data['tls_cert'] is not None:
            tls_cert = data['tls_cert']
            certs.append(tls_cert)
        if data['sni_certs']:
            sni_certs = data['sni_certs']
            certs.extend(sni_certs)

        for cert in certs:
            pem = cert_parser.build_pem(cert)
            md5 = hashlib.md5(six.b(pem)).hexdigest()
            name = '{cn}.pem'.format(cn=cert.primary_cn)
            self._apply(self._upload_cert, listener, pem, md5, name)

        return {'tls_cert': tls_cert, 'sni_certs': sni_certs}
예제 #4
0
    def _process_pool_certs(self, listener, pool, amphora=None, obj_id=None):
        pool_cert_dict = dict()

        # Handle the client cert(s) and key
        if pool.tls_certificate_id:
            data = cert_parser.load_certificates_data(self.cert_manager, pool)
            pem = cert_parser.build_pem(data)
            try:
                pem = pem.encode('utf-8')
            except AttributeError:
                pass
            md5 = hashlib.md5(pem).hexdigest()  # nosec
            name = '{id}.pem'.format(id=data.id)
            if amphora and obj_id:
                self._upload_cert(amphora, obj_id, pem=pem, md5=md5, name=name)
            pool_cert_dict['client_cert'] = os.path.join(
                CONF.haproxy_amphora.base_cert_dir, listener.id, name)
        if pool.ca_tls_certificate_id:
            name = self._process_secret(listener, pool.ca_tls_certificate_id,
                                        amphora, obj_id)
            pool_cert_dict['ca_cert'] = os.path.join(
                CONF.haproxy_amphora.base_cert_dir, listener.id, name)
        if pool.crl_container_id:
            name = self._process_secret(listener, pool.crl_container_id,
                                        amphora, obj_id)
            pool_cert_dict['crl'] = os.path.join(
                CONF.haproxy_amphora.base_cert_dir, listener.id, name)

        return pool_cert_dict
예제 #5
0
    def _process_tls_certificates(self, listener, amphora=None, obj_id=None):
        """Processes TLS data from the listener.

        Converts and uploads PEM data to the Amphora API

        return TLS_CERT and SNI_CERTS
        """
        tls_cert = None
        sni_certs = []
        certs = []

        data = cert_parser.load_certificates_data(self.cert_manager, listener)
        if data['tls_cert'] is not None:
            tls_cert = data['tls_cert']
            certs.append(tls_cert)
        if data['sni_certs']:
            sni_certs = data['sni_certs']
            certs.extend(sni_certs)

        if amphora and obj_id:
            for cert in certs:
                pem = cert_parser.build_pem(cert)
                md5 = hashlib.md5(pem).hexdigest()  # nosec
                name = '{id}.pem'.format(id=cert.id)
                self._upload_cert(amphora, obj_id, pem, md5, name)
        return {'tls_cert': tls_cert, 'sni_certs': sni_certs}
예제 #6
0
 def test_build_pem(self):
     expected = b'imacert\nimakey\nimainter\nimainter2\n'
     tls_tuple = sample_configs_combined.sample_tls_container_tuple(
         certificate=b'imacert',
         private_key=b'imakey',
         intermediates=[b'imainter', b'imainter2'])
     self.assertEqual(expected, cert_parser.build_pem(tls_tuple))
예제 #7
0
    def _process_tls_certificates(self, listener):
        """Processes TLS data from the listener.

        Converts and uploads PEM data to the Amphora API

        return TLS_CERT and SNI_CERTS
        """
        tls_cert = None
        sni_certs = []
        certs = []

        data = cert_parser.load_certificates_data(self.cert_manager, listener)
        if data['tls_cert'] is not None:
            tls_cert = data['tls_cert']
            certs.append(tls_cert)
        if data['sni_certs']:
            sni_certs = data['sni_certs']
            certs.extend(sni_certs)

        for cert in certs:
            pem = cert_parser.build_pem(cert)
            md5 = hashlib.md5(six.b(pem)).hexdigest()
            name = '{cn}.pem'.format(cn=cert.primary_cn)
            self._apply(self._upload_cert, listener, pem, md5, name)

        return {'tls_cert': tls_cert, 'sni_certs': sni_certs}
예제 #8
0
    def _process_pool_certs(self, listener, pool):
        pool_cert_dict = dict()

        # Handle the cleint cert(s) and key
        if pool.tls_certificate_id:
            data = cert_parser.load_certificates_data(self.cert_manager, pool)
            pem = cert_parser.build_pem(data)
            try:
                pem = pem.encode('utf-8')
            except AttributeError:
                pass
            md5 = hashlib.md5(pem).hexdigest()  # nosec
            name = '{id}.pem'.format(id=data.id)
            self._apply(self._upload_cert, listener, None, pem, md5, name)
            pool_cert_dict['client_cert'] = os.path.join(
                CONF.haproxy_amphora.base_cert_dir, listener.id, name)
        if pool.ca_tls_certificate_id:
            name = self._process_secret(listener, pool.ca_tls_certificate_id)
            pool_cert_dict['ca_cert'] = os.path.join(
                CONF.haproxy_amphora.base_cert_dir, listener.id, name)
        if pool.crl_container_id:
            name = self._process_secret(listener, pool.crl_container_id)
            pool_cert_dict['crl'] = os.path.join(
                CONF.haproxy_amphora.base_cert_dir, listener.id, name)

        return pool_cert_dict
예제 #9
0
    def _process_tls_certificates(self, listener, amphora=None, obj_id=None):
        """Processes TLS data from the listener.

        Converts and uploads PEM data to the Amphora API

        return TLS_CERT and SNI_CERTS
        """
        tls_cert = None
        sni_certs = []
        certs = []
        cert_filename_list = []

        data = cert_parser.load_certificates_data(self.cert_manager, listener)
        if data['tls_cert'] is not None:
            tls_cert = data['tls_cert']
            # Note, the first cert is the TLS default cert
            certs.append(tls_cert)
        if data['sni_certs']:
            sni_certs = data['sni_certs']
            certs.extend(sni_certs)

        if amphora and obj_id:
            for cert in certs:
                pem = cert_parser.build_pem(cert)
                md5 = hashlib.md5(pem).hexdigest()  # nosec
                name = '{id}.pem'.format(id=cert.id)
                cert_filename_list.append(
                    os.path.join(CONF.haproxy_amphora.base_cert_dir, obj_id,
                                 name))
                self._upload_cert(amphora, obj_id, pem, md5, name)

            if certs:
                # Build and upload the crt-list file for haproxy
                crt_list = "\n".join(cert_filename_list)
                crt_list = f'{crt_list}\n'.encode('utf-8')
                md5 = hashlib.md5(crt_list).hexdigest()  # nosec
                name = '{id}.pem'.format(id=listener.id)
                self._upload_cert(amphora, obj_id, crt_list, md5, name)
        return {'tls_cert': tls_cert, 'sni_certs': sni_certs}
예제 #10
0
 def test_build_pem(self):
     expected = 'imainter\nimainter2\nimacert\nimakey'
     tls_tupe = sample_configs.sample_tls_container_tuple(
         certificate='imacert', private_key='imakey',
         intermediates=['imainter', 'imainter2'])
     self.assertEqual(expected, cert_parser.build_pem(tls_tupe))