def validate_tls_container(container_ref):
cert_container = None
lb_id = None
if curr_listener:
lb_id = curr_listener['loadbalancer_id']
else:
lb_id = listener.get('loadbalancer_id')
try:
cert_container = CERT_MANAGER_PLUGIN.CertManager.get_cert(
container_ref,
lb_id=lb_id)
except Exception as e:
if hasattr(e, 'status_code') and e.status_code == 404:
raise loadbalancerv2.TLSContainerNotFound(
container_id=container_ref)
else:
# Could be a keystone configuration error...
raise loadbalancerv2.CertManagerError(
ref=container_ref, reason=e.message
)
try:
cert_parser.validate_cert(
cert_container.get_certificate(),
private_key=cert_container.get_private_key(),
private_key_passphrase=(
cert_container.get_private_key_passphrase()),
intermediates=cert_container.get_intermediates())
except Exception as e:
CERT_MANAGER_PLUGIN.CertManager.delete_cert(
container_ref, lb_id)
raise loadbalancerv2.TLSContainerInvalid(
container_id=container_ref, reason=str(e))
def get_cert(cont_id):
try:
cert_cont = cert_mgr.get_cert(
project_id=tenant_id,
cert_ref=cont_id,
resource_ref=cert_mgr.get_service_url(lb_id),
check_only=True)
return cert_cont
except Exception as e:
if hasattr(e, 'status_code') and e.status_code == 404:
raise loadbalancerv2.TLSContainerNotFound(
container_id=cont_id)
else:
# Could be a keystone configuration error...
raise loadbalancerv2.CertManagerError(ref=cont_id,
reason=e.message)
def validate_tls_container(container_ref):
cert_container = None
try:
cert_container = CERT_MANAGER_PLUGIN.CertManager.get_cert(
container_ref, check_only=True)
except Exception:
raise loadbalancerv2.TLSContainerNotFound(
container_id=container_ref)
try:
cert_parser.validate_cert(
cert_container.get_certificate(),
private_key=cert_container.get_private_key(),
private_key_passphrase=(
cert_container.get_private_key_passphrase()),
intermediates=cert_container.get_intermediates())
except Exception as e:
raise loadbalancerv2.TLSContainerInvalid(
container_id=container_ref, reason=str(e))