octavia.common.tls_utils package

Submodules

octavia.common.tls_utils.cert_parser module

build_pem(tls_container)[source]

Concatenate TLS container fields to create a PEM

encoded certificate file

Parameters:

tls_container – Object container TLS certificates

Returns:

Pem encoded certificate file

get_cert_expiration(certificate_pem)[source]

Extract the expiration date from the Pem encoded X509 certificate

Parameters:

certificate_pem – Certificate in PEM format

Returns:

Expiration date of certificate_pem

get_host_names(certificate)[source]

Extract the host names from the Pem encoded X509 certificate

Parameters:

certificate – A PEM encoded certificate

Returns:

A dictionary containing the following keys: [‘cn’, ‘dns_names’] where ‘cn’ is the CN from the SubjectName of the certificate, and ‘dns_names’ is a list of dNSNames (possibly empty) from the SubjectAltNames of the certificate.

get_intermediates_pems(intermediates=None)[source]

Split the input string into individual x509 text blocks

Parameters:

intermediates – PEM or PKCS7 encoded intermediate certificates

Returns:

A list of strings where each string represents an X509 pem block surrounded by BEGIN CERTIFICATE, END CERTIFICATE block tags

get_primary_cn(tls_cert)[source]

Returns primary CN for Certificate.

load_certificates_data(cert_mngr, obj, context=None)[source]

Load TLS certificate data from the listener/pool.

return TLS_CERT and SNI_CERTS

prepare_private_key(private_key, passphrase=None)[source]

Prepares an unencrypted PEM-encoded private key for printing

Parameters:

private_key – The private key in PEM format (encrypted or not)

Returns:

The unencrypted private key in PEM format

validate_cert(certificate, private_key=None, private_key_passphrase=None, intermediates=None)[source]

Validate that the certificate is a valid PEM encoded X509 object

Optionally verify that the private key matches the certificate. Optionally verify that the intermediates are valid X509 objects.

Parameters:
  • certificate – A PEM encoded certificate

  • private_key – The private key for the certificate

  • private_key_passphrase – Passphrase for accessing the private key

  • intermediates – PEM or PKCS7 encoded intermediate certificates

Returns:

boolean

Module contents