2
from charmhelpers.core import hookenv
5
def generate_selfsigned(keyfile, certfile, keysize="1024", config=None, subject=None, cn=None):
6
"""Generate selfsigned SSL keypair
8
You must provide one of the 3 optional arguments:
10
If more than one is provided the leftmost will be used
13
keyfile -- (required) full path to the keyfile to be created
14
certfile -- (required) full path to the certfile to be created
15
keysize -- (optional) SSL key length
16
config -- (optional) openssl configuration file
17
subject -- (optional) dictionary with SSL subject variables
18
cn -- (optional) cerfificate common name
20
Required keys in subject dict:
21
cn -- Common name (eq. FQDN)
23
Optional keys in subject dict
24
country -- Country Name (2 letter code)
25
state -- State or Province Name (full name)
26
locality -- Locality Name (eg, city)
27
organization -- Organization Name (eg, company)
28
organizational_unit -- Organizational Unit Name (eg, section)
29
email -- Email Address
34
cmd = ["/usr/bin/openssl", "req", "-new", "-newkey",
35
"rsa:{}".format(keysize), "-days", "365", "-nodes", "-x509",
37
"-out", certfile, "-config", config]
40
if "country" in subject:
41
ssl_subject = ssl_subject + "/C={}".format(subject["country"])
42
if "state" in subject:
43
ssl_subject = ssl_subject + "/ST={}".format(subject["state"])
44
if "locality" in subject:
45
ssl_subject = ssl_subject + "/L={}".format(subject["locality"])
46
if "organization" in subject:
47
ssl_subject = ssl_subject + "/O={}".format(subject["organization"])
48
if "organizational_unit" in subject:
49
ssl_subject = ssl_subject + "/OU={}".format(subject["organizational_unit"])
51
ssl_subject = ssl_subject + "/CN={}".format(subject["cn"])
53
hookenv.log("When using \"subject\" argument you must " \
54
"provide \"cn\" field at very least")
56
if "email" in subject:
57
ssl_subject = ssl_subject + "/emailAddress={}".format(subject["email"])
59
cmd = ["/usr/bin/openssl", "req", "-new", "-newkey",
60
"rsa:{}".format(keysize), "-days", "365", "-nodes", "-x509",
62
"-out", certfile, "-subj", ssl_subject]
64
cmd = ["/usr/bin/openssl", "req", "-new", "-newkey",
65
"rsa:{}".format(keysize), "-days", "365", "-nodes", "-x509",
67
"-out", certfile, "-subj", "/CN={}".format(cn)]
70
hookenv.log("No config, subject or cn provided," \
71
"unable to generate self signed SSL certificates")
74
subprocess.check_call(cmd)
76
except Exception as e:
77
print "Execution of openssl command failed:\n{}".format(e)