14
14
# You should have received a copy of the GNU Lesser General Public License
15
15
# along with charm-helpers. If not, see <http://www.gnu.org/licenses/>.
19
18
from os.path import join as path_join
20
19
from os.path import exists
24
log = logging.getLogger("service_ca")
26
logging.basicConfig(level=logging.DEBUG)
22
from charmhelpers.core.hookenv import log, DEBUG
28
24
STD_CERT = "standard"
65
log.debug("initializing service ca")
61
log("initializing service ca", level=DEBUG)
66
62
if not exists(self.ca_dir):
67
63
self._init_ca_dir(self.ca_dir)
119
115
'-keyout', self.ca_key, '-out', self.ca_cert,
120
116
'-outform', 'PEM']
121
117
output = subprocess.check_output(cmd, stderr=subprocess.STDOUT)
122
log.debug("CA Init:\n %s", output)
118
log("CA Init:\n %s" % output, level=DEBUG)
124
120
def get_conf_variables(self):
163
159
subj = '/O=%(org_name)s/OU=%(org_unit_name)s/CN=%(common_name)s' % (
166
log.debug("CA Create Cert %s", common_name)
162
log("CA Create Cert %s" % common_name, level=DEBUG)
167
163
cmd = ['openssl', 'req', '-sha1', '-newkey', 'rsa:2048',
168
164
'-nodes', '-days', self.default_expiry,
169
165
'-keyout', key_p, '-out', csr_p, '-subj', subj]
170
subprocess.check_call(cmd)
166
subprocess.check_call(cmd, stderr=subprocess.PIPE)
171
167
cmd = ['openssl', 'rsa', '-in', key_p, '-out', key_p]
172
subprocess.check_call(cmd)
168
subprocess.check_call(cmd, stderr=subprocess.PIPE)
174
log.debug("CA Sign Cert %s", common_name)
170
log("CA Sign Cert %s" % common_name, level=DEBUG)
175
171
if self.cert_type == MYSQL_CERT:
176
172
cmd = ['openssl', 'x509', '-req',
177
173
'-in', csr_p, '-days', self.default_expiry,
182
178
'-extensions', 'req_extensions',
183
179
'-days', self.default_expiry, '-notext',
184
180
'-in', csr_p, '-out', crt_p, '-subj', subj, '-batch']
185
log.debug("running %s", " ".join(cmd))
186
subprocess.check_call(cmd)
181
log("running %s" % " ".join(cmd), level=DEBUG)
182
subprocess.check_call(cmd, stderr=subprocess.PIPE)
188
184
def get_ca_bundle(self):
189
185
with open(self.ca_cert) as fh: