Revision bdd5e420 lib/utils.py
b/lib/utils.py | ||
---|---|---|
43 | 43 |
import logging |
44 | 44 |
import logging.handlers |
45 | 45 |
import signal |
46 |
import OpenSSL |
|
46 | 47 |
|
47 | 48 |
from cStringIO import StringIO |
48 | 49 |
|
... | ... | |
2371 | 2372 |
wait_fn(current_delay) |
2372 | 2373 |
|
2373 | 2374 |
|
2374 |
def GenerateSelfSignedSslCert(file_name, validity=(365 * 5)):
|
|
2375 |
"""Generates a self-signed SSL certificate.
|
|
2375 |
def GetClosedTempfile(*args, **kwargs):
|
|
2376 |
"""Creates a temporary file and returns its path.
|
|
2376 | 2377 |
|
2377 |
@type file_name: str |
|
2378 |
@param file_name: Path to output file |
|
2378 |
""" |
|
2379 |
(fd, path) = tempfile.mkstemp(*args, **kwargs) |
|
2380 |
_CloseFDNoErr(fd) |
|
2381 |
return path |
|
2382 |
|
|
2383 |
|
|
2384 |
def GenerateSelfSignedX509Cert(common_name, validity): |
|
2385 |
"""Generates a self-signed X509 certificate. |
|
2386 |
|
|
2387 |
@type common_name: string |
|
2388 |
@param common_name: commonName value |
|
2379 | 2389 |
@type validity: int |
2380 |
@param validity: Validity for certificate in days
|
|
2390 |
@param validity: Validity for certificate in seconds
|
|
2381 | 2391 |
|
2382 | 2392 |
""" |
2383 |
(fd, tmp_file_name) = tempfile.mkstemp(dir=os.path.dirname(file_name)) |
|
2384 |
try: |
|
2385 |
try: |
|
2386 |
# Set permissions before writing key |
|
2387 |
os.chmod(tmp_file_name, 0600) |
|
2388 |
|
|
2389 |
result = RunCmd([constants.OPENSSL_PATH, "req", |
|
2390 |
"-new", "-newkey", "rsa:1024", |
|
2391 |
"-days", str(validity), "-nodes", "-x509", |
|
2392 |
"-keyout", tmp_file_name, "-out", tmp_file_name, |
|
2393 |
"-batch"]) |
|
2394 |
if result.failed: |
|
2395 |
raise errors.OpExecError("Could not generate SSL certificate, command" |
|
2396 |
" %s had exitcode %s and error message %s" % |
|
2397 |
(result.cmd, result.exit_code, result.output)) |
|
2398 |
|
|
2399 |
# Make read-only |
|
2400 |
os.chmod(tmp_file_name, 0400) |
|
2401 |
|
|
2402 |
os.rename(tmp_file_name, file_name) |
|
2403 |
finally: |
|
2404 |
RemoveFile(tmp_file_name) |
|
2405 |
finally: |
|
2406 |
os.close(fd) |
|
2393 |
# Create private and public key |
|
2394 |
key = OpenSSL.crypto.PKey() |
|
2395 |
key.generate_key(OpenSSL.crypto.TYPE_RSA, constants.RSA_KEY_BITS) |
|
2396 |
|
|
2397 |
# Create self-signed certificate |
|
2398 |
cert = OpenSSL.crypto.X509() |
|
2399 |
if common_name: |
|
2400 |
cert.get_subject().CN = common_name |
|
2401 |
cert.set_serial_number(1) |
|
2402 |
cert.gmtime_adj_notBefore(0) |
|
2403 |
cert.gmtime_adj_notAfter(validity) |
|
2404 |
cert.set_issuer(cert.get_subject()) |
|
2405 |
cert.set_pubkey(key) |
|
2406 |
cert.sign(key, constants.X509_CERT_SIGN_DIGEST) |
|
2407 |
|
|
2408 |
key_pem = OpenSSL.crypto.dump_privatekey(OpenSSL.crypto.FILETYPE_PEM, key) |
|
2409 |
cert_pem = OpenSSL.crypto.dump_certificate(OpenSSL.crypto.FILETYPE_PEM, cert) |
|
2410 |
|
|
2411 |
return (key_pem, cert_pem) |
|
2412 |
|
|
2413 |
|
|
2414 |
def GenerateSelfSignedSslCert(filename, validity=(5 * 365)): |
|
2415 |
"""Legacy function to generate self-signed X509 certificate. |
|
2416 |
|
|
2417 |
""" |
|
2418 |
(key_pem, cert_pem) = GenerateSelfSignedX509Cert(None, |
|
2419 |
validity * 24 * 60 * 60) |
|
2420 |
|
|
2421 |
WriteFile(filename, mode=0400, data=key_pem + cert_pem) |
|
2407 | 2422 |
|
2408 | 2423 |
|
2409 | 2424 |
class FileLock(object): |
Also available in: Unified diff