Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
A
autoca
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Service Desk
Milestones
Merge Requests
0
Merge Requests
0
Operations
Operations
Incidents
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
ai
autoca
Commits
c378f69c
Commit
c378f69c
authored
Mar 14, 2014
by
ale
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
add a method to renew a CA certificate
parent
0bce6d0c
Changes
1
Show whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
31 additions
and
21 deletions
+31
-21
autoca/ca.py
autoca/ca.py
+31
-21
No files found.
autoca/ca.py
View file @
c378f69c
...
...
@@ -20,17 +20,7 @@ class CA(object):
self
.
_init_ca
()
self
.
_load_crl
()
def
_init_ca
(
self
):
key_str
,
crt_str
=
self
.
storage
.
get_ca
()
if
key_str
:
self
.
ca_key
=
crypto
.
load_privatekey
(
crypto
.
FILETYPE_PEM
,
key_str
)
self
.
ca_crt
=
crypto
.
load_certificate
(
crypto
.
FILETYPE_PEM
,
crt_str
)
self
.
public_ca_pem
=
crt_str
else
:
log
.
info
(
'initializing CA certificate and private key'
)
self
.
ca_key
=
certutil
.
create_rsa_key_pair
(
self
.
bits
)
def
_generate_ca_cert
(
self
):
ca_req
=
certutil
.
create_cert_request
(
self
.
ca_key
,
**
(
self
.
ca_subject
))
self
.
ca_crt
=
certutil
.
sign_certificate
(
...
...
@@ -52,6 +42,26 @@ class CA(object):
crt_str
)
self
.
public_ca_pem
=
crt_str
def
_init_ca
(
self
):
key_str
,
crt_str
=
self
.
storage
.
get_ca
()
if
key_str
:
self
.
ca_key
=
crypto
.
load_privatekey
(
crypto
.
FILETYPE_PEM
,
key_str
)
self
.
ca_crt
=
crypto
.
load_certificate
(
crypto
.
FILETYPE_PEM
,
crt_str
)
self
.
public_ca_pem
=
crt_str
else
:
log
.
info
(
'initializing CA certificate and private key'
)
self
.
ca_key
=
certutil
.
create_rsa_key_pair
(
self
.
bits
)
self
.
_generate_ca_cert
()
def
renew_ca
(
self
):
if
not
self
.
ca_key
:
log
.
error
(
'CA private key not available'
)
return
log
.
info
(
'renewing CA certificate'
)
self
.
_generate_ca_cert
()
def
get_ca
(
self
):
return
self
.
public_ca_pem
...
...
@@ -77,7 +87,7 @@ class CA(object):
crypto
.
X509Extension
(
'extendedKeyUsage'
,
False
,
server
and
'serverAuth'
or
'clientAuth'
),
crypto
.
X509Extension
(
'nsCertType'
,
False
,
server
and
'server'
or
'client'
),
server
and
'
client,
server'
or
'client'
),
]
cert
=
certutil
.
sign_certificate
(
req
,
self
.
ca_key
,
self
.
ca_crt
,
new_serial
,
days
,
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment