← Back to branch summary

~james-sapara/charms/precise/aws-ec2-elb/trunk

« back to all changes in this revision

Viewing changes to hooks/charmhelpers/contrib/ssl/__init__.py

  • Committer: James Sapara
  • Date: 2013-10-31 17:15:50 UTC
  • Revision ID: james.sapara@gmail.com-20131031171550-ssomsmi7uyfhup67
initial commit, still some work to do

Show diffs side-by-side

added added

removed removed

Lines of Context:
hooks/charmhelpers/contrib/ssl/__init__.py
 
1
import subprocess
 
2
from charmhelpers.core import hookenv
 
3
 
 
4
 
 
5
def generate_selfsigned(keyfile, certfile, keysize="1024", config=None, subject=None, cn=None):
 
6
    """Generate selfsigned SSL keypair
 
7
 
 
8
    You must provide one of the 3 optional arguments:
 
9
    config, subject or cn
 
10
    If more than one is provided the leftmost will be used
 
11
 
 
12
    Arguments:
 
13
    keyfile -- (required) full path to the keyfile to be created
 
14
    certfile -- (required) full path to the certfile to be created
 
15
    keysize -- (optional) SSL key length
 
16
    config -- (optional) openssl configuration file
 
17
    subject -- (optional) dictionary with SSL subject variables
 
18
    cn -- (optional) cerfificate common name
 
19
 
 
20
    Required keys in subject dict:
 
21
    cn -- Common name (eq. FQDN)
 
22
 
 
23
    Optional keys in subject dict
 
24
    country -- Country Name (2 letter code)
 
25
    state -- State or Province Name (full name)
 
26
    locality -- Locality Name (eg, city)
 
27
    organization -- Organization Name (eg, company)
 
28
    organizational_unit -- Organizational Unit Name (eg, section)
 
29
    email -- Email Address
 
30
    """
 
31
 
 
32
    cmd = []
 
33
    if config:
 
34
        cmd = ["/usr/bin/openssl", "req", "-new", "-newkey",
 
35
               "rsa:{}".format(keysize), "-days", "365", "-nodes", "-x509",
 
36
               "-keyout", keyfile,
 
37
               "-out",    certfile, "-config", config]
 
38
    elif subject:
 
39
        ssl_subject = ""
 
40
        if "country" in subject:
 
41
            ssl_subject = ssl_subject + "/C={}".format(subject["country"])
 
42
        if "state" in subject:
 
43
            ssl_subject = ssl_subject + "/ST={}".format(subject["state"])
 
44
        if "locality" in subject:
 
45
            ssl_subject = ssl_subject + "/L={}".format(subject["locality"])
 
46
        if "organization" in subject:
 
47
            ssl_subject = ssl_subject + "/O={}".format(subject["organization"])
 
48
        if "organizational_unit" in subject:
 
49
            ssl_subject = ssl_subject + "/OU={}".format(subject["organizational_unit"])
 
50
        if "cn" in subject:
 
51
            ssl_subject = ssl_subject + "/CN={}".format(subject["cn"])
 
52
        else:
 
53
            hookenv.log("When using \"subject\" argument you must " \
 
54
                "provide \"cn\" field at very least")
 
55
            return False
 
56
        if "email" in subject:
 
57
            ssl_subject = ssl_subject + "/emailAddress={}".format(subject["email"])
 
58
 
 
59
        cmd = ["/usr/bin/openssl", "req", "-new", "-newkey",
 
60
               "rsa:{}".format(keysize), "-days", "365", "-nodes", "-x509",
 
61
               "-keyout", keyfile,
 
62
               "-out",    certfile, "-subj", ssl_subject]
 
63
    elif cn:
 
64
        cmd = ["/usr/bin/openssl", "req", "-new", "-newkey",
 
65
               "rsa:{}".format(keysize), "-days", "365", "-nodes", "-x509",
 
66
               "-keyout", keyfile,
 
67
               "-out",    certfile, "-subj", "/CN={}".format(cn)]
 
68
 
 
69
    if not cmd:
 
70
        hookenv.log("No config, subject or cn provided," \
 
71
                "unable to generate self signed SSL certificates")
 
72
        return False
 
73
    try:
 
74
        subprocess.check_call(cmd)
 
75
        return True
 
76
    except Exception as e:
 
77
        print "Execution of openssl command failed:\n{}".format(e)
 
78
        return False
 
79