Source code for octavia.certificates.common.local

# Copyright (c) 2014 Rackspace US, Inc
# All Rights Reserved.
#
#    Licensed under the Apache License, Version 2.0 (the "License"); you may
#    not use this file except in compliance with the License. You may obtain
#    a copy of the License at
#
#         http://www.apache.org/licenses/LICENSE-2.0
#
#    Unless required by applicable law or agreed to in writing, software
#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
#    License for the specific language governing permissions and limitations
#    under the License.

"""
Common classes for local filesystem certificate handling
"""
import os

from oslo_config import cfg

from octavia.certificates.common import cert

TLS_CERT_DEFAULT = os.environ.get(
    'OS_OCTAVIA_TLS_CA_CERT', '/etc/ssl/certs/ssl-cert-snakeoil.pem'
)
TLS_KEY_DEFAULT = os.environ.get(
    'OS_OCTAVIA_TLS_CA_KEY', '/etc/ssl/private/ssl-cert-snakeoil.key'
)
TLS_PKP_DEFAULT = os.environ.get('OS_OCTAVIA_CA_KEY_PASS')
TLS_PASS_AMPS_DEFAULT = os.environ.get('TLS_PASS_AMPS_DEFAULT',
                                       'insecure-key-do-not-use-this-key')

TLS_DIGEST_DEFAULT = os.environ.get('OS_OCTAVIA_CA_SIGNING_DIGEST', 'sha256')
TLS_STORAGE_DEFAULT = os.environ.get(
    'OS_OCTAVIA_TLS_STORAGE', '/var/lib/octavia/certificates/'
)

certgen_opts = [
    cfg.StrOpt('ca_certificate',
               default=TLS_CERT_DEFAULT,
               help='Absolute path to the CA Certificate for signing. Defaults'
                    ' to env[OS_OCTAVIA_TLS_CA_CERT].'),
    cfg.StrOpt('ca_private_key',
               default=TLS_KEY_DEFAULT,
               help='Absolute path to the Private Key for signing. Defaults'
                    ' to env[OS_OCTAVIA_TLS_CA_KEY].'),
    cfg.StrOpt('ca_private_key_passphrase',
               default=TLS_PKP_DEFAULT,
               help='Passphrase for the Private Key. Defaults'
                    ' to env[OS_OCTAVIA_CA_KEY_PASS] or None.',
               secret=True),
    cfg.StrOpt('server_certs_key_passphrase',
               default=TLS_PASS_AMPS_DEFAULT,
               help='Passphrase for encrypting Amphora Certificates and '
                    'Private Keys. Must be 32, base64(url) compatible, '
                    'characters long. Defaults to env[TLS_PASS_AMPS_DEFAULT] '
                    'or insecure-key-do-not-use-this-key',
               regex=r'^[A-Za-z0-9\-_=]{32}$',
               required=True,
               secret=True),
    cfg.StrOpt('signing_digest',
               default=TLS_DIGEST_DEFAULT,
               help='Certificate signing digest. Defaults'
                    ' to env[OS_OCTAVIA_CA_SIGNING_DIGEST] or "sha256".'),
    cfg.IntOpt('cert_validity_time',
               default=30 * 24 * 60 * 60,
               help="The validity time for the Amphora Certificates "
                    "(in seconds)."),
]

certmgr_opts = [
    cfg.StrOpt('storage_path',
               default=TLS_STORAGE_DEFAULT,
               help='Absolute path to the certificate storage directory. '
                    'Defaults to env[OS_OCTAVIA_TLS_STORAGE].')
]


[docs] class LocalCert(cert.Cert): """Representation of a Cert for local storage.""" def __init__(self, certificate, private_key, intermediates=None, private_key_passphrase=None): self.certificate = certificate self.intermediates = intermediates self.private_key = private_key self.private_key_passphrase = private_key_passphrase
[docs] def get_certificate(self): return self.certificate
[docs] def get_intermediates(self): return self.intermediates
[docs] def get_private_key(self): return self.private_key
[docs] def get_private_key_passphrase(self): return self.private_key_passphrase