← Back to branch summary

~nottrobin/charms/trusty/wsgi-app/trunk

« back to all changes in this revision

Viewing changes to hooks/charmhelpers/contrib/ssl/__init__.py

  • Committer: Robin Winslow
  • Date: 2014-12-02 22:54:40 UTC
  • Revision ID: robin@robinwinslow.co.uk-20141202225440-ruuctvfe7pdh1dd8
Try reverting most of charmhelpers to the old version

Show diffs side-by-side

added added

removed removed

Lines of Context:
hooks/charmhelpers/contrib/ssl/__init__.py
1
 
import subprocess
2
 
from charmhelpers.core import hookenv
3
 
 
4
 
 
5
 
def generate_selfsigned(keyfile, certfile, keysize="1024", config=None, subject=None, cn=None):
6
 
    """Generate selfsigned SSL keypair
7
 
 
8
 
    You must provide one of the 3 optional arguments:
9
 
    config, subject or cn
10
 
    If more than one is provided the leftmost will be used
11
 
 
12
 
    Arguments:
13
 
    keyfile -- (required) full path to the keyfile to be created
14
 
    certfile -- (required) full path to the certfile to be created
15
 
    keysize -- (optional) SSL key length
16
 
    config -- (optional) openssl configuration file
17
 
    subject -- (optional) dictionary with SSL subject variables
18
 
    cn -- (optional) cerfificate common name
19
 
 
20
 
    Required keys in subject dict:
21
 
    cn -- Common name (eq. FQDN)
22
 
 
23
 
    Optional keys in subject dict
24
 
    country -- Country Name (2 letter code)
25
 
    state -- State or Province Name (full name)
26
 
    locality -- Locality Name (eg, city)
27
 
    organization -- Organization Name (eg, company)
28
 
    organizational_unit -- Organizational Unit Name (eg, section)
29
 
    email -- Email Address
30
 
    """
31
 
 
32
 
    cmd = []
33
 
    if config:
34
 
        cmd = ["/usr/bin/openssl", "req", "-new", "-newkey",
35
 
               "rsa:{}".format(keysize), "-days", "365", "-nodes", "-x509",
36
 
               "-keyout", keyfile,
37
 
               "-out", certfile, "-config", config]
38
 
    elif subject:
39
 
        ssl_subject = ""
40
 
        if "country" in subject:
41
 
            ssl_subject = ssl_subject + "/C={}".format(subject["country"])
42
 
        if "state" in subject:
43
 
            ssl_subject = ssl_subject + "/ST={}".format(subject["state"])
44
 
        if "locality" in subject:
45
 
            ssl_subject = ssl_subject + "/L={}".format(subject["locality"])
46
 
        if "organization" in subject:
47
 
            ssl_subject = ssl_subject + "/O={}".format(subject["organization"])
48
 
        if "organizational_unit" in subject:
49
 
            ssl_subject = ssl_subject + "/OU={}".format(subject["organizational_unit"])
50
 
        if "cn" in subject:
51
 
            ssl_subject = ssl_subject + "/CN={}".format(subject["cn"])
52
 
        else:
53
 
            hookenv.log("When using \"subject\" argument you must "
54
 
                        "provide \"cn\" field at very least")
55
 
            return False
56
 
        if "email" in subject:
57
 
            ssl_subject = ssl_subject + "/emailAddress={}".format(subject["email"])
58
 
 
59
 
        cmd = ["/usr/bin/openssl", "req", "-new", "-newkey",
60
 
               "rsa:{}".format(keysize), "-days", "365", "-nodes", "-x509",
61
 
               "-keyout", keyfile,
62
 
               "-out", certfile, "-subj", ssl_subject]
63
 
    elif cn:
64
 
        cmd = ["/usr/bin/openssl", "req", "-new", "-newkey",
65
 
               "rsa:{}".format(keysize), "-days", "365", "-nodes", "-x509",
66
 
               "-keyout", keyfile,
67
 
               "-out", certfile, "-subj", "/CN={}".format(cn)]
68
 
 
69
 
    if not cmd:
70
 
        hookenv.log("No config, subject or cn provided,"
71
 
                    "unable to generate self signed SSL certificates")
72
 
        return False
73
 
    try:
74
 
        subprocess.check_call(cmd)
75
 
        return True
76
 
    except Exception as e:
77
 
        print("Execution of openssl command failed:\n{}".format(e))
78
 
        return False