def check_certs(): status = _check_path(config.get_splice_server_identity_cert_path(), "[security].splice_server_identity_cert") status &= _check_path(config.get_splice_server_identity_ca_path(), "[security].splice_server_identity_ca") status &= _check_path(config.get_splice_server_identity_key_path(), "[security].splice_server_identity_key") status &= _check_path(config.get_rhic_ca_path(), "[security].rhic_ca_path") rhic_serve_cfg = config.get_rhic_serve_config_info() status &= _check_path(rhic_serve_cfg["client_key"], "[rhic_serve].client_key") status &= _check_path(rhic_serve_cfg["client_cert"], "[rhic_serve].client_cert") return status
def check_valid_identity(): global SERVER_IDENTITY_VALID # Allow override of cert/key/ca for testing. cert = config.get_splice_server_identity_cert_path() key = config.get_splice_server_identity_key_path() ca_cert = config.get_splice_server_identity_ca_path() # Verify paths exist if not _check_path(cert, "[security].splice_server_identity_cert"): return False if not _check_path(ca_cert, "[security].splice_server_identity_ca"): return False if not _check_path(key, "[security].splice_server_identity_key"): return False # Check that the identity certificate was signed by the configured identity CA certfu = CertFileUtils() if not certfu.validate_certificate(cert, ca_cert): _LOG.error("[security].splice_server_identity_cert failed validation against CA: [security].splice_server_identity_ca") return False if not certfu.validate_priv_key_to_certificate(key, cert): _LOG.error("[security].splice_server_identity_key is not matched to [security].splice_server_identity_cert") return False SERVER_IDENTITY_VALID = True return SERVER_IDENTITY_VALID
def get_splice_server_identity_cert_path(): return config.get_splice_server_identity_cert_path()