diff options
author | Seth Vidal <skvidal@fedoraproject.org> | 2007-09-21 00:05:52 -0400 |
---|---|---|
committer | Seth Vidal <skvidal@fedoraproject.org> | 2007-09-21 00:05:52 -0400 |
commit | 182953df4760b72e3b1b58e00ea1cfa93396d570 (patch) | |
tree | df98dd375519be8f76ab55106a4633d71c4db68b /certs | |
parent | 8d168259f1cb0af25a7ee342bd1c32cd5bfdd424 (diff) | |
download | third_party-func-182953df4760b72e3b1b58e00ea1cfa93396d570.tar.gz third_party-func-182953df4760b72e3b1b58e00ea1cfa93396d570.tar.xz third_party-func-182953df4760b72e3b1b58e00ea1cfa93396d570.zip |
add func/certs.py
add __init__.py to make importing from func easier
Diffstat (limited to 'certs')
-rw-r--r-- | certs/master-keys.py | 44 | ||||
-rw-r--r-- | certs/slave-keys.py | 65 |
2 files changed, 49 insertions, 60 deletions
diff --git a/certs/master-keys.py b/certs/master-keys.py new file mode 100644 index 0000000..f576b77 --- /dev/null +++ b/certs/master-keys.py @@ -0,0 +1,44 @@ +#!/usr/bin/python -tt +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Library General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. +# Copyright (c) 2007 Red Hat, inc +#- Written by Seth Vidal skvidal @ fedoraproject.org + +import sys +import os +import os.path +import func.certs + + +cadir = '/etc/pki/func/ca' +ca_key_file = '%s/funcmaster.key' % cadir +ca_cert_file = '%s/funcmaster.crt' % cadir + + +def main(): + keypair = None + try: + if not os.path.exists(cadir): + os.makedirs(cadir) + if not os.path.exists(ca_key_file): + func.certs.create_ca(ca_key_file=ca_key_file, ca_cert_file=ca_cert_file) + except: + return 1 + + return 0 + + +if __name__ == "__main__": + sys.exit(main()) + diff --git a/certs/slave-keys.py b/certs/slave-keys.py index 5ac3227..e1f6a45 100644 --- a/certs/slave-keys.py +++ b/certs/slave-keys.py @@ -18,67 +18,12 @@ import sys import os import os.path -from OpenSSL import crypto -import socket - - -def_country = 'UN' -def_state = 'FC' -def_local = 'Func-ytown' -def_org = 'func' -def_ou = 'slave-key' +import func.certs cert_dir = '/etc/pki/func' key_file = '%s/slave.pem' % cert_dir csr_file = '%s/slave.csr' % cert_dir - -def make_cert(dest=None): - pkey = crypto.PKey() - pkey.generate_key(crypto.TYPE_RSA, 2048) - if dest: - destfo = open(dest, 'w') - destfo.write(crypto.dump_privatekey(crypto.FILETYPE_PEM, pkey)) - destfo.close() - - return pkey - -def make_csr(pkey, dest=None, cn=None): - req = crypto.X509Req() - req.get_subject() - subj = req.get_subject() - subj.C = def_country - subj.ST = def_state - subj.L = def_local - subj.O = def_org - subj.OU = def_ou - if cn: - subj.CN = cn - else: - subj.CN = socket.getfqdn() - subj.emailAddress = 'root@%s' % subj.CN - - req.set_pubkey(pkey) - req.sign(pkey, 'md5') - if dest: - destfo = open(dest, 'w') - destfo.write(crypto.dump_certificate_request(crypto.FILETYPE_PEM, req)) - destfo.close() - - return req - -def retrieve_key_from_file(keyfile): - fo = open(keyfile, 'r') - buf = fo.read() - keypair = crypto.load_privatekey(crypto.FILETYPE_PEM, buf) - return keypair - -def retrieve_csr_from_file(csrfile) - fo = open(csrfile, 'r') - buf = fo.read() - csrreq = crypto.load_certificate_request(crypto.FILETYPE_PEM, buf) - return csrreq - def submit_csr_to_master(csrfile, master): # stuff happens here - I can just cram the csr in a POST if need be pass @@ -89,12 +34,12 @@ def main(): if not os.path.exists(cert_dir): os.makedirs(cert_dir) if not os.path.exists(key_file): - keypair = make_cert(dest=key_file) + keypair = func.certs.make_cert(dest=key_file) if not os.path.exists(csr_file): if not keypair: - keypair = retrieve_key_from_file(key_file) - csr = make_csr(keypair, dest=csr_file) - except: + keypair = func.certs.retrieve_key_from_file(key_file) + csr = func.certs.make_csr(keypair, dest=csr_file) + except: # need a little more specificity here return 1 return 0 |