def request_cert(
self,
csr_server,
fully_qualified_local_identity,
discovery_info
):
"""
Get a signed csr from the csr_server endpoint
This method will create a csr request that is going to be sent to the
signing server.
:param csr_server: the http(s) location of the server to connect to.
:return:
"""
if get_messagebus() != "rmq":
raise ValueError(
"Only can create csr for rabbitmq based platform in ssl mode."
)
# from volttron.platform.web import DiscoveryInfo
config = RMQConfig()
if not config.is_ssl:
raise ValueError(
"Only can create csr for rabbitmq based platform in ssl mode."
)
# info = discovery_info
# if info is None:
# info = DiscoveryInfo.request_discovery_info(csr_server)
certs = Certs()
csr_request = certs.create_csr(
fully_qualified_local_identity, discovery_info.instance_name
)
# The csr request requires the fully qualified identity that is
# going to be connected to the external instance.
#
# The remote instance id is the instance name of the remote platform
# concatenated with the identity of the local fully quallified
# identity.
remote_cert_name = "{}.{}".format(
discovery_info.instance_name, fully_qualified_local_identity
)
remote_ca_name = discovery_info.instance_name + "_ca"
# if certs.cert_exists(remote_cert_name, True):
# return certs.cert(remote_cert_name, True)
json_request = dict(
csr=csr_request.decode("utf-8"),
identity=remote_cert_name,
# get_platform_instance_name()+"."+self._core().identity,
hostname=config.hostname,
)
request = grequests.post(
csr_server + "/csr/request_new",
json=jsonapi.dumps(json_request),
verify=False,
)
response = grequests.map([request])
if response and isinstance(response, list):
response[0].raise_for_status()
response = response[0]
# response = requests.post(csr_server + "/csr/request_new",
# json=jsonapi.dumps(json_request),
# verify=False)
_log.debug("The response: %s", response)
j = response.json()
status = j.get("status")
cert = j.get("cert")
message = j.get("message", "")
remote_certs_dir = self.get_remote_certs_dir()
if status == "SUCCESSFUL" or status == "APPROVED":
certs.save_agent_remote_info(
remote_certs_dir,
fully_qualified_local_identity,
remote_cert_name,
cert.encode("utf-8"),
remote_ca_name,
discovery_info.rmq_ca_cert.encode("utf-8"),
)
os.environ["REQUESTS_CA_BUNDLE"] = os.path.join(
remote_certs_dir, "requests_ca_bundle"
)
_log.debug(
"Set os.environ requests ca bundle to %s",
os.environ["REQUESTS_CA_BUNDLE"],
)
elif status == "PENDING":
_log.debug("Pending CSR request for {}".format(remote_cert_name))
elif status == "DENIED":
_log.error("Denied from remote machine. Shutting down agent.")
status = Status.build(
BAD_STATUS,
context="Administrator denied remote "
"connection. "
"Shutting down",
)
self._owner.vip.health.set_status(status.status, status.context)
self._owner.vip.health.send_alert(
self._core().identity + "_DENIED", status
)
self._core().stop()
return None
elif status == "ERROR":
err = "Error retrieving certificate from {}\n".format(
config.hostname
)
err += "{}".format(message)
raise ValueError(err)
else: # No resposne
return None
certfile = os.path.join(remote_certs_dir, remote_cert_name + ".crt")
if os.path.exists(certfile):
return certfile
else:
return status, message
def request_cert(self, csr_server, fully_qualified_local_identity,
discovery_info):
""" Get a signed csr from the csr_server endpoint
This method will create a csr request that is going to be sent to the
signing server.
:param csr_server: the http(s) location of the server to connect to.
:return:
"""
if get_messagebus() != 'rmq':
raise ValueError(
"Only can create csr for rabbitmq based platform in ssl mode.")
# from volttron.platform.web import DiscoveryInfo
config = RMQConfig()
if not config.is_ssl:
raise ValueError(
"Only can create csr for rabbitmq based platform in ssl mode.")
# info = discovery_info
# if info is None:
# info = DiscoveryInfo.request_discovery_info(csr_server)
certs = Certs()
csr_request = certs.create_csr(fully_qualified_local_identity,
discovery_info.instance_name)
# The csr request requires the fully qualified identity that is
# going to be connected to the external instance.
#
# The remote instance id is the instance name of the remote platform
# concatenated with the identity of the local fully quallified identity.
remote_cert_name = "{}.{}".format(discovery_info.instance_name,
fully_qualified_local_identity)
remote_ca_name = discovery_info.instance_name + "_ca"
# if certs.cert_exists(remote_cert_name, True):
# return certs.cert(remote_cert_name, True)
json_request = dict(
csr=csr_request,
identity=
remote_cert_name, # get_platform_instance_name()+"."+self._core().identity,
hostname=config.hostname)
response = requests.post(csr_server + "/csr/request_new",
json=json.dumps(json_request),
verify=False)
_log.debug("The response: {}".format(response))
# from pprint import pprint
# pprint(response.json())
j = response.json()
status = j.get('status')
cert = j.get('cert')
message = j.get('message', '')
if status == 'SUCCESSFUL' or status == 'APPROVED':
certs.save_remote_info(fully_qualified_local_identity,
remote_cert_name, cert, remote_ca_name,
discovery_info.rmq_ca_cert)
elif status == 'PENDING':
_log.debug("Pending CSR request for {}".format(remote_cert_name))
elif status == 'DENIED':
_log.error("Denied from remote machine. Shutting down agent.")
status = Status.build(
BAD_STATUS,
context="Administrator denied remote connection. Shutting down"
)
self._owner.vip.health.set_status(status.status, status.context)
self._owner.vip.health.send_alert(
self._core().identity + "_DENIED", status)
self._core().stop()
return None
elif status == 'ERROR':
err = "Error retrieving certificate from {}\n".format(
config.hostname)
err += "{}".format(message)
raise ValueError(err)
else: # No resposne
return None
certfile = certs.cert_file(remote_cert_name, remote=True)
if certs.cert_exists(remote_cert_name, remote=True):
return certfile
else:
return status, message