62 lines
2.2 KiB
Python
62 lines
2.2 KiB
Python
# Copyright 2016-2017 Canonical Ltd.
|
|
#
|
|
# This file is part of the tls-client layer for Juju.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
from charmhelpers.core.hookenv import log
|
|
from charmhelpers.core import unitdata
|
|
|
|
from charms.reactive import remove_state
|
|
from charms.reactive import endpoint_from_flag
|
|
|
|
|
|
def reset_certificate_write_flag(cert_type):
|
|
"""
|
|
Reset the certificate written flag so notification will work on the next
|
|
write cert_type must be 'server', 'client', or 'ca' to indicate type of
|
|
certificate
|
|
"""
|
|
if cert_type not in ['server', 'client', 'ca']:
|
|
log('Unknown certificate type!')
|
|
else:
|
|
remove_state('tls_client.{0}.certificate.written'.format(cert_type))
|
|
|
|
|
|
def request_server_cert(common_name, sans=None, crt_path=None, key_path=None):
|
|
tls = endpoint_from_flag('certificates.available')
|
|
tls.request_server_cert(common_name, sans)
|
|
if not crt_path and not key_path:
|
|
return
|
|
kv = unitdata.kv()
|
|
cert_paths = kv.get('layer.tls-client.cert-paths', {})
|
|
cert_paths.setdefault('server', {})[common_name] = {
|
|
'crt': str(crt_path),
|
|
'key': str(key_path),
|
|
}
|
|
kv.set('layer.tls-client.cert-paths', cert_paths)
|
|
|
|
|
|
def request_client_cert(common_name, sans=None, crt_path=None, key_path=None):
|
|
tls = endpoint_from_flag('certificates.available')
|
|
tls.request_client_cert(common_name, sans)
|
|
if not crt_path and not key_path:
|
|
return
|
|
kv = unitdata.kv()
|
|
cert_paths = kv.get('layer.tls-client.cert-paths', {})
|
|
cert_paths.setdefault('client', {})[common_name] = {
|
|
'crt': str(crt_path),
|
|
'key': str(key_path),
|
|
}
|
|
kv.set('layer.tls-client.cert-paths', cert_paths)
|