Revision 0602cef3 lib/tools/prepare_node_join.py
b/lib/tools/prepare_node_join.py | ||
---|---|---|
27 | 27 |
import optparse |
28 | 28 |
import sys |
29 | 29 |
import logging |
30 |
import errno |
|
31 | 30 |
import OpenSSL |
32 | 31 |
|
33 | 32 |
from ganeti import cli |
... | ... | |
94 | 93 |
return opts |
95 | 94 |
|
96 | 95 |
|
97 |
def _VerifyCertificate(cert, _noded_cert_file=pathutils.NODED_CERT_FILE):
|
|
96 |
def _VerifyCertificate(cert_pem, _check_fn=utils.CheckNodeCertificate):
|
|
98 | 97 |
"""Verifies a certificate against the local node daemon certificate. |
99 | 98 |
|
100 |
@type cert: string |
|
101 |
@param cert: Certificate in PEM format (no key) |
|
99 |
@type cert_pem: string
|
|
100 |
@param cert_pem: Certificate in PEM format (no key)
|
|
102 | 101 |
|
103 | 102 |
""" |
104 | 103 |
try: |
105 |
OpenSSL.crypto.load_privatekey(OpenSSL.crypto.FILETYPE_PEM, cert) |
|
104 |
OpenSSL.crypto.load_privatekey(OpenSSL.crypto.FILETYPE_PEM, cert_pem)
|
|
106 | 105 |
except OpenSSL.crypto.Error, err: |
107 | 106 |
pass |
108 | 107 |
else: |
109 | 108 |
raise JoinError("No private key may be given") |
110 | 109 |
|
111 | 110 |
try: |
112 |
cert = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM, cert) |
|
111 |
cert = \ |
|
112 |
OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM, cert_pem) |
|
113 | 113 |
except Exception, err: |
114 | 114 |
raise errors.X509CertError("(stdin)", |
115 | 115 |
"Unable to load certificate: %s" % err) |
116 | 116 |
|
117 |
try: |
|
118 |
noded_pem = utils.ReadFile(_noded_cert_file) |
|
119 |
except EnvironmentError, err: |
|
120 |
if err.errno != errno.ENOENT: |
|
121 |
raise |
|
122 |
|
|
123 |
logging.debug("Local node certificate was not found (file %s)", |
|
124 |
_noded_cert_file) |
|
125 |
return |
|
126 |
|
|
127 |
try: |
|
128 |
key = OpenSSL.crypto.load_privatekey(OpenSSL.crypto.FILETYPE_PEM, noded_pem) |
|
129 |
except Exception, err: |
|
130 |
raise errors.X509CertError(_noded_cert_file, |
|
131 |
"Unable to load private key: %s" % err) |
|
132 |
|
|
133 |
check_fn = utils.PrepareX509CertKeyCheck(cert, key) |
|
134 |
try: |
|
135 |
check_fn() |
|
136 |
except OpenSSL.SSL.Error: |
|
137 |
raise JoinError("Given cluster certificate does not match local key") |
|
117 |
_check_fn(cert) |
|
138 | 118 |
|
139 | 119 |
|
140 | 120 |
def VerifyCertificate(data, _verify_fn=_VerifyCertificate): |
Also available in: Unified diff