octavia.common.tls_utils package

octavia.common.tls_utils package

Submodules

octavia.common.tls_utils.cert_parser module

build_pem(tls_container)[source]

Concatenate TLS container fields to create a PEM

encoded certificate file

Parameters:tls_container – Object container TLS certificates
Returns:Pem encoded certificate file
get_cert_expiration(certificate_pem)[source]

Extract the expiration date from the Pem encoded X509 certificate

Parameters:certificate_pem – Certificate in PEM format
Returns:Expiration date of certificate_pem
get_host_names(certificate)[source]

Extract the host names from the Pem encoded X509 certificate

Parameters:certificate – A PEM encoded certificate
Returns:A dictionary containing the following keys: [‘cn’, ‘dns_names’] where ‘cn’ is the CN from the SubjectName of the certificate, and ‘dns_names’ is a list of dNSNames (possibly empty) from the SubjectAltNames of the certificate.
get_intermediates_pems(intermediates=None)[source]

Split the input string into individual x509 text blocks

Parameters:intermediates – PEM or PKCS7 encoded intermediate certificates
Returns:A list of strings where each string represents an X509 pem block surrounded by BEGIN CERTIFICATE, END CERTIFICATE block tags
get_primary_cn(tls_cert)[source]

Returns primary CN for Certificate.

load_certificates_data(cert_mngr, listener)[source]

Load TLS certificate data from the listener.

return TLS_CERT and SNI_CERTS

prepare_private_key(private_key, passphrase=None)[source]

Prepares an unencrypted PEM-encoded private key for printing

Parameters:private_key – The private key in PEM format (encrypted or not)
Returns:The unencrypted private key in PEM format
validate_cert(certificate, private_key=None, private_key_passphrase=None, intermediates=None)[source]

Validate that the certificate is a valid PEM encoded X509 object

Optionally verify that the private key matches the certificate. Optionally verify that the intermediates are valid X509 objects.

Parameters:
  • certificate – A PEM encoded certificate
  • private_key – The private key for the certificate
  • private_key_passphrase – Passphrase for accessing the private key
  • intermediates – PEM or PKCS7 encoded intermediate certificates
Returns:

boolean

Module contents

Creative Commons Attribution 3.0 License

Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.