Commit cccb5580 authored by Gabriel Monnerat's avatar Gabriel Monnerat

refactor code and add function to add a valid certificate if it is passed in partition_parameter_kw

parent 802423d8
...@@ -54,14 +54,11 @@ class Recipe(BaseSlapRecipe): ...@@ -54,14 +54,11 @@ class Recipe(BaseSlapRecipe):
self.path_list.append(self.killpidfromfile) self.path_list.append(self.killpidfromfile)
ca_conf = self.installCertificateAuthority()
# This should come from parameter. # This should come from parameter.
frontend_port_number = 4443 frontend_port_number = 4443
frontend_domain_name = self.parameter_dict.get("domain", frontend_domain_name = self.parameter_dict.get("domain",
"host.vifib.net") "host.vifib.net")
key, certificate = self.requestCertificate(frontend_domain_name)
base_varnish_port = 26009 base_varnish_port = 26009
slave_instance_list = self.parameter_dict.get("slave_instance_list", []) slave_instance_list = self.parameter_dict.get("slave_instance_list", [])
rewrite_rule_list = [] rewrite_rule_list = []
...@@ -112,9 +109,27 @@ class Recipe(BaseSlapRecipe): ...@@ -112,9 +109,27 @@ class Recipe(BaseSlapRecipe):
else: else:
rewrite_rule_list.append("%s %s" % (reference.replace("-", ""), url)) rewrite_rule_list.append("%s %s" % (reference.replace("-", ""), url))
valid_certificate_str = self.parameter_dict.get("domain_ssl_ca_cert")
valid_key_str = self.parameter_dict.get("domain_ssl_ca_key")
if valid_certificate_str is None and valid_key_str is None:
ca_conf = self.installCertificateAuthority()
key, certificate = self.requestCertificate(frontend_domain_name)
else:
ca_conf = self.installValidCertificateAuthority(
frontend_domain_name, valid_certificate_str, valid_key_str)
key = ca_conf.pop("key")
certificate = ca_conf.pop("certificate")
if service_dict != {}: if service_dict != {}:
if valid_certificate_str is not None and valid_key_str is not None:
self.installCertificateAuthority()
stunnel_key, stunnel_certificate = \
self.requestCertificate(frontend_domain_name)
else:
stunnel_key, stunnet_certificate = key, certificate
self.installStunnel(service_dict, self.installStunnel(service_dict,
certificate, key, stunnel_certificate, stunnel_key,
ca_conf["ca_crl"], ca_conf["ca_crl"],
ca_conf["certificate_authority_path"]) ca_conf["certificate_authority_path"])
...@@ -192,6 +207,23 @@ class Recipe(BaseSlapRecipe): ...@@ -192,6 +207,23 @@ class Recipe(BaseSlapRecipe):
self.path_list.append(wrapper) self.path_list.append(wrapper)
return cron_d return cron_d
def installValidCertificateAuthority(self, domain_name, certificate, key):
ca_dir = os.path.join(self.data_root_directory, 'ca')
ca_private = os.path.join(ca_dir, 'private')
ca_certs = os.path.join(ca_dir, 'certs')
ca_crl = os.path.join(ca_dir, 'crl')
self._createDirectory(ca_dir)
for path in (ca_private, ca_certs, ca_crl):
self._createDirectory(path)
key_path = os.path.join(ca_private, domain_name + ".key")
certificate_path = os.path.join(ca_certs, domain_name + ".crt")
self._writeFile(key_path, key)
self._writeFile(certificate_path, certificate)
return dict(certificate_authority_path=ca_dir,
ca_crl=ca_crl,
certificate=certificate_path,
key=key_path)
def installCertificateAuthority(self, ca_country_code='XX', def installCertificateAuthority(self, ca_country_code='XX',
ca_email='xx@example.com', ca_state='State', ca_city='City', ca_email='xx@example.com', ca_state='State', ca_city='City',
ca_company='Company'): ca_company='Company'):
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment