octavia.certificates.generator package

octavia.certificates.generator package

Submodules

octavia.certificates.generator.anchor module

class AnchorCertGenerator[source]

Bases: octavia.certificates.generator.local.LocalCertGenerator

Cert Generator Interface that signs certs with Anchor.

classmethod sign_cert(csr, validity=None, **kwargs)[source]

Signs a certificate using Anchor based on the specified CSR

Parameters:
  • csr – A Certificate Signing Request
  • validity – Will be ignored for now
  • kwargs – Will be ignored for now
Returns:

Signed certificate

Raises:

Exception – if certificate signing fails

exception AnchorException(*args, **kwargs)[source]

Bases: octavia.common.exceptions.CertificateGenerationException

octavia.certificates.generator.cert_gen module

Certificate Generator API

class CertGenerator[source]

Bases: object

Base Cert Generator Interface

A Certificate Generator is responsible for generating private keys, generating CSRs, and signing TLS certificates.

generate_cert_key_pair(cn, validity, bit_length, passphrase)[source]

Generates a private key and certificate pair

Parameters:
  • cn – Common name to use for the Certificate
  • validity – Validity period for the Certificate
  • bit_length – Private key bit length
  • passphrase – Passphrase to use for encrypting the private key
Returns:

octavia.certificates.common.Cert representation of the certificate data

Raises:

Exception – If generation fails

sign_cert(csr, validity)[source]

Generates a signed certificate from the provided CSR

This call is designed to block until a signed certificate can be returned.

Parameters:
  • csr – A Certificate Signing Request
  • validity – Valid for <validity> seconds from the current time
Returns:

PEM Encoded Signed certificate

Raises:

Exception – If certificate signing fails

octavia.certificates.generator.local module

class LocalCertGenerator[source]

Bases: octavia.certificates.generator.cert_gen.CertGenerator

Cert Generator Interface that signs certs locally.

classmethod generate_cert_key_pair(cn, validity, bit_length=2048, passphrase=None, **kwargs)[source]
classmethod sign_cert(csr, validity, ca_cert=None, ca_key=None, ca_key_pass=None, ca_digest=None)[source]

Signs a certificate using our private CA based on the specified CSR

The signed certificate will be valid from now until <validity> seconds from now.

Parameters:
  • csr – A Certificate Signing Request
  • validity – Valid for <validity> seconds from the current time
  • ca_cert – Signing Certificate (default: config)
  • ca_key – Signing Certificate Key (default: config)
  • ca_key_pass – Signing Certificate Key Pass (default: config)
  • ca_digest – Digest method to use for signing (default: config)
Returns:

Signed certificate

Raises:

Exception – if certificate signing fails

Module contents

Creative Commons Attribution 3.0 License

Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.