def _process_tls_certificates(self, listener): """Processes TLS data from the listener. Converts and uploads PEM data to the Amphora API return TLS_CERT and SNI_CERTS """ data = [] certs = cert_parser.load_certificates_data( self.cert_manager, listener) sni_containers = certs['sni_certs'] tls_cert = certs['tls_cert'] if certs['tls_cert'] is not None: data.append(cert_parser.build_pem(tls_cert)) if sni_containers: for sni_cont in sni_containers: data.append(cert_parser.build_pem(sni_cont)) if data: cert_dir = os.path.join(self.amp_config.base_cert_dir, listener.id) listener_cert = '{0}/{1}.pem'.format(cert_dir, tls_cert.primary_cn) self._exec_on_amphorae( listener.load_balancer.amphorae, [ 'chmod 600 {0}/*.pem'.format(cert_dir)], make_dir=cert_dir, data=data, upload_dir=listener_cert) return certs
def _process_tls_certificates(self, listener): """Processes TLS data from the listener. Converts and uploads PEM data to the Amphora API return TLS_CERT and SNI_CERTS """ data = [] certs = cert_parser.load_certificates_data(self.cert_manager, listener) sni_containers = certs['sni_certs'] tls_cert = certs['tls_cert'] if certs['tls_cert'] is not None: data.append(cert_parser.build_pem(tls_cert)) if sni_containers: for sni_cont in sni_containers: data.append(cert_parser.build_pem(sni_cont)) if data: cert_dir = os.path.join(self.amp_config.base_cert_dir, listener.id) listener_cert = '{0}/{1}.pem'.format(cert_dir, tls_cert.primary_cn) self._exec_on_amphorae(listener.load_balancer.amphorae, ['chmod 600 {0}/*.pem'.format(cert_dir)], make_dir=cert_dir, data=data, upload_dir=listener_cert) return certs
def _process_tls_certificates(self, listener): """Processes TLS data from the listener. Converts and uploads PEM data to the Amphora API return TLS_CERT and SNI_CERTS """ tls_cert = None sni_certs = [] certs = [] data = cert_parser.load_certificates_data( self.cert_manager, listener) if data['tls_cert'] is not None: tls_cert = data['tls_cert'] certs.append(tls_cert) if data['sni_certs']: sni_certs = data['sni_certs'] certs.extend(sni_certs) for cert in certs: pem = cert_parser.build_pem(cert) md5 = hashlib.md5(six.b(pem)).hexdigest() name = '{cn}.pem'.format(cn=cert.primary_cn) self._apply(self._upload_cert, listener, pem, md5, name) return {'tls_cert': tls_cert, 'sni_certs': sni_certs}
def _process_pool_certs(self, listener, pool, amphora=None, obj_id=None): pool_cert_dict = dict() # Handle the client cert(s) and key if pool.tls_certificate_id: data = cert_parser.load_certificates_data(self.cert_manager, pool) pem = cert_parser.build_pem(data) try: pem = pem.encode('utf-8') except AttributeError: pass md5 = hashlib.md5(pem).hexdigest() # nosec name = '{id}.pem'.format(id=data.id) if amphora and obj_id: self._upload_cert(amphora, obj_id, pem=pem, md5=md5, name=name) pool_cert_dict['client_cert'] = os.path.join( CONF.haproxy_amphora.base_cert_dir, listener.id, name) if pool.ca_tls_certificate_id: name = self._process_secret(listener, pool.ca_tls_certificate_id, amphora, obj_id) pool_cert_dict['ca_cert'] = os.path.join( CONF.haproxy_amphora.base_cert_dir, listener.id, name) if pool.crl_container_id: name = self._process_secret(listener, pool.crl_container_id, amphora, obj_id) pool_cert_dict['crl'] = os.path.join( CONF.haproxy_amphora.base_cert_dir, listener.id, name) return pool_cert_dict
def _process_tls_certificates(self, listener, amphora=None, obj_id=None): """Processes TLS data from the listener. Converts and uploads PEM data to the Amphora API return TLS_CERT and SNI_CERTS """ tls_cert = None sni_certs = [] certs = [] data = cert_parser.load_certificates_data(self.cert_manager, listener) if data['tls_cert'] is not None: tls_cert = data['tls_cert'] certs.append(tls_cert) if data['sni_certs']: sni_certs = data['sni_certs'] certs.extend(sni_certs) if amphora and obj_id: for cert in certs: pem = cert_parser.build_pem(cert) md5 = hashlib.md5(pem).hexdigest() # nosec name = '{id}.pem'.format(id=cert.id) self._upload_cert(amphora, obj_id, pem, md5, name) return {'tls_cert': tls_cert, 'sni_certs': sni_certs}
def test_build_pem(self): expected = b'imacert\nimakey\nimainter\nimainter2\n' tls_tuple = sample_configs_combined.sample_tls_container_tuple( certificate=b'imacert', private_key=b'imakey', intermediates=[b'imainter', b'imainter2']) self.assertEqual(expected, cert_parser.build_pem(tls_tuple))
def _process_tls_certificates(self, listener): """Processes TLS data from the listener. Converts and uploads PEM data to the Amphora API return TLS_CERT and SNI_CERTS """ tls_cert = None sni_certs = [] certs = [] data = cert_parser.load_certificates_data(self.cert_manager, listener) if data['tls_cert'] is not None: tls_cert = data['tls_cert'] certs.append(tls_cert) if data['sni_certs']: sni_certs = data['sni_certs'] certs.extend(sni_certs) for cert in certs: pem = cert_parser.build_pem(cert) md5 = hashlib.md5(six.b(pem)).hexdigest() name = '{cn}.pem'.format(cn=cert.primary_cn) self._apply(self._upload_cert, listener, pem, md5, name) return {'tls_cert': tls_cert, 'sni_certs': sni_certs}
def _process_pool_certs(self, listener, pool): pool_cert_dict = dict() # Handle the cleint cert(s) and key if pool.tls_certificate_id: data = cert_parser.load_certificates_data(self.cert_manager, pool) pem = cert_parser.build_pem(data) try: pem = pem.encode('utf-8') except AttributeError: pass md5 = hashlib.md5(pem).hexdigest() # nosec name = '{id}.pem'.format(id=data.id) self._apply(self._upload_cert, listener, None, pem, md5, name) pool_cert_dict['client_cert'] = os.path.join( CONF.haproxy_amphora.base_cert_dir, listener.id, name) if pool.ca_tls_certificate_id: name = self._process_secret(listener, pool.ca_tls_certificate_id) pool_cert_dict['ca_cert'] = os.path.join( CONF.haproxy_amphora.base_cert_dir, listener.id, name) if pool.crl_container_id: name = self._process_secret(listener, pool.crl_container_id) pool_cert_dict['crl'] = os.path.join( CONF.haproxy_amphora.base_cert_dir, listener.id, name) return pool_cert_dict
def _process_tls_certificates(self, listener, amphora=None, obj_id=None): """Processes TLS data from the listener. Converts and uploads PEM data to the Amphora API return TLS_CERT and SNI_CERTS """ tls_cert = None sni_certs = [] certs = [] cert_filename_list = [] data = cert_parser.load_certificates_data(self.cert_manager, listener) if data['tls_cert'] is not None: tls_cert = data['tls_cert'] # Note, the first cert is the TLS default cert certs.append(tls_cert) if data['sni_certs']: sni_certs = data['sni_certs'] certs.extend(sni_certs) if amphora and obj_id: for cert in certs: pem = cert_parser.build_pem(cert) md5 = hashlib.md5(pem).hexdigest() # nosec name = '{id}.pem'.format(id=cert.id) cert_filename_list.append( os.path.join(CONF.haproxy_amphora.base_cert_dir, obj_id, name)) self._upload_cert(amphora, obj_id, pem, md5, name) if certs: # Build and upload the crt-list file for haproxy crt_list = "\n".join(cert_filename_list) crt_list = f'{crt_list}\n'.encode('utf-8') md5 = hashlib.md5(crt_list).hexdigest() # nosec name = '{id}.pem'.format(id=listener.id) self._upload_cert(amphora, obj_id, crt_list, md5, name) return {'tls_cert': tls_cert, 'sni_certs': sni_certs}
def test_build_pem(self): expected = 'imainter\nimainter2\nimacert\nimakey' tls_tupe = sample_configs.sample_tls_container_tuple( certificate='imacert', private_key='imakey', intermediates=['imainter', 'imainter2']) self.assertEqual(expected, cert_parser.build_pem(tls_tupe))