Exemplo n.º 1
0
 def validate_environment(self):
     if not pathutil.is_absolute_path(self.basedir):
         raise IncompatibleEnvironment(
                 "Base directory setting is not absolute")
     pathutil.ensure_dir_exists(self.basedir, "base")
     pathutil.ensure_dir_exists(self.gtdir, "GT container")
     
     # check that we have some java
     javautil.check(self.basedir, log)
Exemplo n.º 2
0
    def validate_environment(self):
        if not pathutil.is_absolute_path(self.basedir):
            raise IncompatibleEnvironment(
                "Base directory setting is not absolute")
        pathutil.ensure_dir_exists(self.basedir, "base")
        pathutil.ensure_dir_exists(self.gtdir, "GT container")

        # check that we have some java
        javautil.check(self.basedir, log)
Exemplo n.º 3
0
def _createCA(ca_name, basedir, cadir, log):

    javautil.check(basedir, log)

    # mkdir $cadir
    # mkdir $cadir/ca-certs
    # mkdir $cadir/trusted-certs
    # mkdir $cadir/user-certs

    os.mkdir(cadir)
    pathutil.ensure_dir_exists(cadir, "New CA directory")
    log.debug("Created %s" % cadir)

    cacertdir = pathutil.pathjoin(cadir, "ca-certs")
    os.mkdir(cacertdir)
    pathutil.ensure_dir_exists(cacertdir, "New CA certs directory")
    log.debug("Created %s" % cacertdir)

    trustedcertdir = pathutil.pathjoin(cadir, "trusted-certs")
    os.mkdir(trustedcertdir)
    pathutil.ensure_dir_exists(trustedcertdir,
                               "New CA trusted certs directory")
    log.debug("Created %s" % trustedcertdir)

    usercertdir = pathutil.pathjoin(cadir, "user-certs")
    os.mkdir(usercertdir)
    pathutil.ensure_dir_exists(usercertdir, "New CA user certs directory")
    log.debug("Created %s" % usercertdir)

    # Create the cert via autocommon

    args = [cacertdir, ca_name]
    (exitcode, stdout, stderr) = javautil.run(basedir,
                                              log,
                                              EXE_CREATE_NEW_CA,
                                              args=args)
    runutil.generic_bailout("Problem creating CA.", exitcode, stdout, stderr)

    # Make the private key owner-readable only

    privkeyname = "private-key-" + ca_name + ".pem"
    cakeyfile = pathutil.pathjoin(cacertdir, privkeyname)
    pathutil.ensure_file_exists(cakeyfile, "New CA key")
    log.debug("file exists: %s" % cakeyfile)
    pathutil.make_path_rw_private(cakeyfile)
    pathutil.ensure_path_private(cakeyfile, "New CA key")
    log.debug("file made private: %s" % cakeyfile)

    # Copy the new certificate file to the "hash.0" version that some toolings
    # will expect.

    cacertfile = pathutil.pathjoin(cacertdir, ca_name + ".pem")
    pathutil.ensure_file_exists(cacertfile, "New CA cert")
    log.debug("file exists: %s" % cacertfile)

    args = [cacertfile]
    (exitcode, stdout, stderr) = javautil.run(basedir,
                                              log,
                                              EXE_GET_HASHED_CERT_NAME,
                                              args=args)
    runutil.generic_bailout("Problem finding hashed cert name.", exitcode,
                            stdout, stderr)
    cacertfilehash = stdout.strip()
    log.debug("cert file hash is '%s'" % cacertfilehash)

    newpath = pathutil.pathjoin(cacertdir, cacertfilehash + ".0")
    shutil.copyfile(cacertfile, newpath)
    pathutil.ensure_file_exists(newpath, "New CA cert (hashed #1)")
    log.debug("file exists: %s" % newpath)

    newpath = pathutil.pathjoin(trustedcertdir, cacertfilehash + ".0")
    shutil.copyfile(cacertfile, newpath)
    pathutil.ensure_file_exists(newpath, "New CA cert (hashed #2)")
    log.debug("file exists: %s" % newpath)

    # Signing policy

    signing1 = pathutil.pathjoin(cacertdir, cacertfilehash + ".signing_policy")
    args = [cacertfile, signing1]
    (exitcode, stdout, stderr) = javautil.run(basedir,
                                              log,
                                              EXE_WRITE_SIGNING_POLICY,
                                              args=args)
    runutil.generic_bailout("Problem creating signing_policy file.", exitcode,
                            stdout, stderr)
    pathutil.ensure_file_exists(signing1, "signing_policy file #1")
    log.debug("file exists: %s" % signing1)

    signing2 = pathutil.pathjoin(trustedcertdir,
                                 cacertfilehash + ".signing_policy")
    shutil.copyfile(signing1, signing2)
    pathutil.ensure_file_exists(signing2, "signing_policy file #2")
    log.debug("file exists: %s" % signing2)

    # CRL

    crl1 = pathutil.pathjoin(cacertdir, cacertfilehash + ".r0")
    args = [crl1, cacertfile, cakeyfile]
    (exitcode, stdout, stderr) = javautil.run(basedir,
                                              log,
                                              EXE_CREATE_CRL,
                                              args=args)
    runutil.generic_bailout("Problem creating revocation file.", exitcode,
                            stdout, stderr)
    pathutil.ensure_file_exists(crl1, "revocation file #1")
    log.debug("file exists: %s" % crl1)

    crl2 = pathutil.pathjoin(trustedcertdir, cacertfilehash + ".r0")
    shutil.copyfile(crl1, crl2)
    pathutil.ensure_file_exists(crl2, "revocation file #2")
    log.debug("file exists: %s" % crl2)
Exemplo n.º 4
0
def _createCA(ca_name, basedir, cadir, log):
    
    javautil.check(basedir, log)
    
    # mkdir $cadir
    # mkdir $cadir/ca-certs
    # mkdir $cadir/trusted-certs
    # mkdir $cadir/user-certs
    
    os.mkdir(cadir)
    pathutil.ensure_dir_exists(cadir, "New CA directory")
    log.debug("Created %s" % cadir)
    
    cacertdir = pathutil.pathjoin(cadir, "ca-certs")
    os.mkdir(cacertdir)
    pathutil.ensure_dir_exists(cacertdir, "New CA certs directory")
    log.debug("Created %s" % cacertdir)
    
    trustedcertdir = pathutil.pathjoin(cadir, "trusted-certs")
    os.mkdir(trustedcertdir)
    pathutil.ensure_dir_exists(trustedcertdir, "New CA trusted certs directory")
    log.debug("Created %s" % trustedcertdir)
    
    usercertdir = pathutil.pathjoin(cadir, "user-certs")
    os.mkdir(usercertdir)
    pathutil.ensure_dir_exists(usercertdir, "New CA user certs directory")
    log.debug("Created %s" % usercertdir)
    
    # Create the cert via autocommon
    
    args = [cacertdir, ca_name]
    (exitcode, stdout, stderr) = javautil.run(basedir, log, EXE_CREATE_NEW_CA, args=args)
    runutil.generic_bailout("Problem creating CA.", exitcode, stdout, stderr)
    
    
    # Make the private key owner-readable only
    
    privkeyname = "private-key-" + ca_name + ".pem"
    cakeyfile = pathutil.pathjoin(cacertdir, privkeyname)
    pathutil.ensure_file_exists(cakeyfile, "New CA key")
    log.debug("file exists: %s" % cakeyfile)
    pathutil.make_path_rw_private(cakeyfile)
    pathutil.ensure_path_private(cakeyfile, "New CA key")
    log.debug("file made private: %s" % cakeyfile)
    
    
    # Copy the new certificate file to the "hash.0" version that some toolings
    # will expect.
    
    cacertfile = pathutil.pathjoin(cacertdir, ca_name + ".pem")
    pathutil.ensure_file_exists(cacertfile, "New CA cert")
    log.debug("file exists: %s" % cacertfile)
    
    args = [cacertfile]
    (exitcode, stdout, stderr) = javautil.run(basedir, log, EXE_GET_HASHED_CERT_NAME, args=args)
    runutil.generic_bailout("Problem finding hashed cert name.", exitcode, stdout, stderr)
    cacertfilehash = stdout.strip()
    log.debug("cert file hash is '%s'" % cacertfilehash)
    
    newpath = pathutil.pathjoin(cacertdir, cacertfilehash + ".0")
    shutil.copyfile(cacertfile, newpath)
    pathutil.ensure_file_exists(newpath, "New CA cert (hashed #1)")
    log.debug("file exists: %s" % newpath)
    
    newpath = pathutil.pathjoin(trustedcertdir, cacertfilehash + ".0")
    shutil.copyfile(cacertfile, newpath)
    pathutil.ensure_file_exists(newpath, "New CA cert (hashed #2)")
    log.debug("file exists: %s" % newpath)
    
    # Signing policy
    
    signing1 = pathutil.pathjoin(cacertdir, cacertfilehash + ".signing_policy")
    args = [cacertfile, signing1]
    (exitcode, stdout, stderr) = javautil.run(basedir, log, EXE_WRITE_SIGNING_POLICY, args=args)
    runutil.generic_bailout("Problem creating signing_policy file.", exitcode, stdout, stderr)
    pathutil.ensure_file_exists(signing1, "signing_policy file #1")
    log.debug("file exists: %s" % signing1)
    
    signing2 = pathutil.pathjoin(trustedcertdir, cacertfilehash + ".signing_policy")
    shutil.copyfile(signing1, signing2)
    pathutil.ensure_file_exists(signing2, "signing_policy file #2")
    log.debug("file exists: %s" % signing2)
        
    # CRL
    
    crl1 = pathutil.pathjoin(cacertdir, cacertfilehash + ".r0")
    args = [crl1, cacertfile, cakeyfile]
    (exitcode, stdout, stderr) = javautil.run(basedir, log, EXE_CREATE_CRL, args=args)
    runutil.generic_bailout("Problem creating revocation file.", exitcode, stdout, stderr)
    pathutil.ensure_file_exists(crl1, "revocation file #1")
    log.debug("file exists: %s" % crl1)
    
    crl2 = pathutil.pathjoin(trustedcertdir, cacertfilehash + ".r0")
    shutil.copyfile(crl1, crl2)
    pathutil.ensure_file_exists(crl2, "revocation file #2")
    log.debug("file exists: %s" % crl2)