1
# Copyright 2014-2015 Canonical Limited.
3
# This file is part of charm-helpers.
5
# charm-helpers is free software: you can redistribute it and/or modify
6
# it under the terms of the GNU Lesser General Public License version 3 as
7
# published by the Free Software Foundation.
9
# charm-helpers is distributed in the hope that it will be useful,
10
# but WITHOUT ANY WARRANTY; without even the implied warranty of
11
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12
# GNU Lesser General Public License for more details.
14
# You should have received a copy of the GNU Lesser General Public License
15
# along with charm-helpers. If not, see <http://www.gnu.org/licenses/>.
18
from charmhelpers.core import hookenv
21
def generate_selfsigned(keyfile, certfile, keysize="1024", config=None, subject=None, cn=None):
22
"""Generate selfsigned SSL keypair
24
You must provide one of the 3 optional arguments:
26
If more than one is provided the leftmost will be used
29
keyfile -- (required) full path to the keyfile to be created
30
certfile -- (required) full path to the certfile to be created
31
keysize -- (optional) SSL key length
32
config -- (optional) openssl configuration file
33
subject -- (optional) dictionary with SSL subject variables
34
cn -- (optional) cerfificate common name
36
Required keys in subject dict:
37
cn -- Common name (eq. FQDN)
39
Optional keys in subject dict
40
country -- Country Name (2 letter code)
41
state -- State or Province Name (full name)
42
locality -- Locality Name (eg, city)
43
organization -- Organization Name (eg, company)
44
organizational_unit -- Organizational Unit Name (eg, section)
45
email -- Email Address
50
cmd = ["/usr/bin/openssl", "req", "-new", "-newkey",
51
"rsa:{}".format(keysize), "-days", "365", "-nodes", "-x509",
53
"-out", certfile, "-config", config]
56
if "country" in subject:
57
ssl_subject = ssl_subject + "/C={}".format(subject["country"])
58
if "state" in subject:
59
ssl_subject = ssl_subject + "/ST={}".format(subject["state"])
60
if "locality" in subject:
61
ssl_subject = ssl_subject + "/L={}".format(subject["locality"])
62
if "organization" in subject:
63
ssl_subject = ssl_subject + "/O={}".format(subject["organization"])
64
if "organizational_unit" in subject:
65
ssl_subject = ssl_subject + "/OU={}".format(subject["organizational_unit"])
67
ssl_subject = ssl_subject + "/CN={}".format(subject["cn"])
69
hookenv.log("When using \"subject\" argument you must "
70
"provide \"cn\" field at very least")
72
if "email" in subject:
73
ssl_subject = ssl_subject + "/emailAddress={}".format(subject["email"])
75
cmd = ["/usr/bin/openssl", "req", "-new", "-newkey",
76
"rsa:{}".format(keysize), "-days", "365", "-nodes", "-x509",
78
"-out", certfile, "-subj", ssl_subject]
80
cmd = ["/usr/bin/openssl", "req", "-new", "-newkey",
81
"rsa:{}".format(keysize), "-days", "365", "-nodes", "-x509",
83
"-out", certfile, "-subj", "/CN={}".format(cn)]
86
hookenv.log("No config, subject or cn provided,"
87
"unable to generate self signed SSL certificates")
90
subprocess.check_call(cmd)
92
except Exception as e:
93
print("Execution of openssl command failed:\n{}".format(e))
added
removed
hooks/charmhelpers/contrib/ssl/__init__.py
