60 lines
2.0 KiB
Python
60 lines
2.0 KiB
Python
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
|
|
import os
|
|
import subprocess
|
|
import uuid
|
|
|
|
|
|
def random_uuid():
|
|
return str(uuid.uuid4())
|
|
|
|
|
|
def generateCert(auth_key, entity_key, hostname=None, principals='root'):
|
|
# Temporarily write the authority private key and entity public key to files
|
|
prefix = uuid.uuid4().hex
|
|
# Todo: make the temporary directory configurable or secure it.
|
|
dir = '/tmp/sshaas'
|
|
ca_file = ''.join([dir, prefix])
|
|
pub_file = ''.join([dir, prefix, '.pub'])
|
|
cert_file = ''.join([dir, prefix, '-cert.pub'])
|
|
cert = ''
|
|
try:
|
|
fd = os.open(ca_file, os.O_WRONLY | os.O_CREAT, 0o600)
|
|
os.close(fd)
|
|
with open(ca_file, "w") as text_file:
|
|
text_file.write(auth_key)
|
|
with open(pub_file, "w", 0o644) as text_file:
|
|
text_file.write(entity_key)
|
|
args = ['ssh-keygen', '-s', ca_file, '-I', 'testID', '-V',
|
|
'-1d:+365d']
|
|
if hostname is None:
|
|
args.extend(['-n', principals, pub_file])
|
|
else:
|
|
args.extend(['-h', pub_file])
|
|
subprocess.check_output(args, stderr=subprocess.STDOUT)
|
|
# Read the contents of the certificate file
|
|
cert = ''
|
|
with open(cert_file, 'r') as text_file:
|
|
cert = text_file.read()
|
|
except Exception as e:
|
|
print e
|
|
finally:
|
|
# Delete temporary files
|
|
for file in [ca_file, pub_file, cert_file]:
|
|
try:
|
|
os.remove(file)
|
|
pass
|
|
except:
|
|
pass
|
|
return cert
|