Changeset 1192

Timestamp:

12/13/06 10:43:13 (6 years ago)

Author:

mglb1

Message:

Move certificate creation code into a specific function to avoid duplication.
This allows other modules to request that the CA creates a new key/cert pair.

File:

• ccsd/trunk/crcnetd/_utils/ccsd_ca.py (modified) (2 diffs)

ccsd/trunk/crcnetd/_utils/ccsd_ca.py

@@ -660 +660 @@
         log_info("CA: %s" % message)
         
+    def ensureCertificateExists(self, name):
+        certname = "%s-cert.pem" % name
+        keyname = "%s-key.pem" % name
+        reqname = "%s-req.pem" % name
+        if self.hasfile(certname) and self.hasfile(keyname):
+            return True
+        # No cert/key in repository
+        log_info("Creating certificate for %s" % name)
+        sParams = self.getCAParameters().copy()
+        sParams["CN"] = name
+        sParams["emailAddress"] = "root@%s" % \
+                config_get_required("network", "domain")
+        # Generate the new key / request
+        (csr, key) = createKey(0, sParams)
+        # Get it signed
+        cert = self.signReq(csr)
+        # Add it to the repository for safe-keeping
+        try:
+            a = self.addfile(certname, cert)
+            b = self.addfile(keyname, key)
+            c = self.addfile(reqname, csr)
+            self.checkin("Added %s certificate and key" % name, [a, b, c])
+            return True
+        except ccs_ca_error:
+            (type, value, tb) = sys.exc_info()
+            log_error("CA: Failed to create key for %s: %s" % \
+                    (name, value), (type, value, tb))
+        
+        return False
+
     def findByCN(self, desiredCN):
         """Searches the certificate database for records with matching CNs"""
@@ -748 +778 @@
         log_fatal("CA: Unable to initialise: %s" % value, \
                 (type, value, tb))
-        
-    # Setup the default parameters for new certificates
-    certParams = ca.getCAParameters()
     
     # Ensure there is a server key, and a client key for the web interface
     # and the pxeboot scripts
     for name in ["server", "ccsweb", "pxe-scripts"]:
-        certname = "%s-cert.pem" % name
-        keyname = "%s-key.pem" % name
-        reqname = "%s-req.pem" % name
-        if ca.hasfile(certname) and ca.hasfile(keyname):
-            continue
-        # No cert/key in repository
-        log_info("Creating certificate for %s" % name)
-        sParams = certParams.copy()
-        sParams["CN"] = name
-        sParams["emailAddress"] = "root@%s" % \
-                config_get_required("network", "domain")
-        # Generate the new key / request
-        (csr, key) = createKey(0, sParams)
-        # Get it signed
-        cert = ca.signReq(csr)
-        # Add it to the repository for safe-keeping
-        try:
-            a = ca.addfile(certname, cert)
-            b = ca.addfile(keyname, key)
-            c = ca.addfile(reqname, csr)
-            ca.checkin("Added %s certificate and key" % name, [a, b, c])
-        except ccs_ca_error:
-            (type, value, tb) = sys.exc_info()
-            log_fatal("CA: Failed to create key for %s: %s" % \
-                    (name, value), (type, value, tb))
-
+        if not ca.ensureCertificateExists(name):
+            log_fatal("CA: %s is a required key. Exiting!" % name)
+