The keystone.common.openssl Module

class keystone.common.openssl.ConfigurePKI(keystone_user, keystone_group, **kw)

Bases: object

Generate files for PKI signing using OpenSSL.

Signed tokens require a private key and signing certificate which itself must be signed by a CA. This class generates them with workable defaults if each of the files are not present

build_ca_cert()
build_private_key()
build_signing_cert()
build_ssl_config_file()
exec_command(command)
run()
sslconfig = '\n# OpenSSL configuration file.\n#\n\n# Establish working directory.\n\ndir = %(conf_dir)s\n[ ca ]\ndefault_ca = CA_default\n\n[ CA_default ]\nnew_certs_dir = $dir\nserial = $dir/serial\ndatabase = $dir/index.txt\ncertificate = %(ca_cert)s\nprivate_key = %(ca_private_key)s\ndefault_days = 365\ndefault_md = md5\npreserve = no\nemail_in_dn = no\nnameopt = default_ca\ncertopt = default_ca\npolicy = policy_match\n[ policy_match ]\ncountryName = match\nstateOrProvinceName = match\norganizationName = match\norganizationalUnitName = optional\ncommonName = supplied\nemailAddress = optional\n\n[ req ]\ndefault_bits = 1024 # Size of keys\ndefault_keyfile = key.pem # name of generated keys\ndefault_md = md5 # message digest algorithm\nstring_mask = nombstr # permitted characters\ndistinguished_name = req_distinguished_name\nreq_extensions = v3_req\n\n[ req_distinguished_name ]\n0.organizationName = Organization Name (company)\norganizationalUnitName = Organizational Unit Name (department, division)\nemailAddress = Email Address\nemailAddress_max = 40\nlocalityName = Locality Name (city, district)\nstateOrProvinceName = State or Province Name (full name)\ncountryName = Country Name (2 letter code)\ncountryName_min = 2\ncountryName_max = 2\ncommonName = Common Name (hostname, IP, or your name)\ncommonName_max = 64\n# Default values for the above, for consistency and less typing.\n0.organizationName_default = Openstack, Inc\nlocalityName_default = Undefined\nstateOrProvinceName_default = Undefined\ncountryName_default = US\ncommonName_default = %(ca_cert_cn)s\n\n[ v3_ca ]\nbasicConstraints = CA:TRUE\nsubjectKeyIdentifier = hash\nauthorityKeyIdentifier = keyid:always,issuer:always\n\n[ v3_req ]\nbasicConstraints = CA:FALSE\nsubjectKeyIdentifier = hash'
keystone.common.openssl.file_exists(file_path)

Previous topic

The keystone.common.models Module

Next topic

The keystone.common.router Module

This Page