Revision 0602cef3 lib/tools/prepare_node_join.py

b/lib/tools/prepare_node_join.py
27 27 
import optparse
28 28 
import sys
29 29 
import logging
30 
import errno
31 30 
import OpenSSL
32 31 

  		





  33
  32
  
    
from ganeti import cli


  		





  ......




  94
  93
  
    
  return opts


  		





  95
  94
  
    

  		





  96
  95
  
    

  		





  97
  
  
    
def _VerifyCertificate(cert, _noded_cert_file=pathutils.NODED_CERT_FILE):


  		





  
  96
  
    
def _VerifyCertificate(cert_pem, _check_fn=utils.CheckNodeCertificate):


  		





  98
  97
  
    
  """Verifies a certificate against the local node daemon certificate.


  		





  99
  98
  
    

  		





  100
  
  
    
  @type cert: string


  		





  101
  
  
    
  @param cert: Certificate in PEM format (no key)


  		





  
  99
  
    
  @type cert_pem: string


  		





  
  100
  
    
  @param cert_pem: Certificate in PEM format (no key)


  		





  102
  101
  
    

  		





  103
  102
  
    
  """


  		





  104
  103
  
    
  try:


  		





  105
  
  
    
    OpenSSL.crypto.load_privatekey(OpenSSL.crypto.FILETYPE_PEM, cert)


  		





  
  104
  
    
    OpenSSL.crypto.load_privatekey(OpenSSL.crypto.FILETYPE_PEM, cert_pem)


  		





  106
  105
  
    
  except OpenSSL.crypto.Error, err:


  		





  107
  106
  
    
    pass


  		





  108
  107
  
    
  else:


  		





  109
  108
  
    
    raise JoinError("No private key may be given")


  		





  110
  109
  
    

  		





  111
  110
  
    
  try:


  		





  112
  
  
    
    cert = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM, cert)


  		





  
  111
  
    
    cert = \


  		





  
  112
  
    
      OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM, cert_pem)


  		





  113
  113
  
    
  except Exception, err:


  		





  114
  114
  
    
    raise errors.X509CertError("(stdin)",


  		





  115
  115
  
    
                               "Unable to load certificate: %s" % err)


  		





  116
  116
  
    

  		





  117
  
  
    
  try:


  		





  118
  
  
    
    noded_pem = utils.ReadFile(_noded_cert_file)


  		





  119
  
  
    
  except EnvironmentError, err:


  		





  120
  
  
    
    if err.errno != errno.ENOENT:


  		





  121
  
  
    
      raise


  		





  122
  
  
    

  		





  123
  
  
    
    logging.debug("Local node certificate was not found (file %s)",


  		





  124
  
  
    
                  _noded_cert_file)


  		





  125
  
  
    
    return


  		





  126
  
  
    

  		





  127
  
  
    
  try:


  		





  128
  
  
    
    key = OpenSSL.crypto.load_privatekey(OpenSSL.crypto.FILETYPE_PEM, noded_pem)


  		





  129
  
  
    
  except Exception, err:


  		





  130
  
  
    
    raise errors.X509CertError(_noded_cert_file,


  		





  131
  
  
    
                               "Unable to load private key: %s" % err)


  		





  132
  
  
    

  		





  133
  
  
    
  check_fn = utils.PrepareX509CertKeyCheck(cert, key)


  		





  134
  
  
    
  try:


  		





  135
  
  
    
    check_fn()


  		





  136
  
  
    
  except OpenSSL.SSL.Error:


  		





  137
  
  
    
    raise JoinError("Given cluster certificate does not match local key")


  		





  
  117
  
    
  _check_fn(cert)


  		





  138
  118
  
    

  		





  139
  119
  
    

  		





  140
  120
  
    
def VerifyCertificate(data, _verify_fn=_VerifyCertificate):


  		












Also available in:
  Unified diff