mirror of
https://github.com/goharbor/harbor.git
synced 2024-11-22 02:05:41 +01:00
parent
4ea881564e
commit
642d56041d
@ -52,8 +52,12 @@ def create_root_cert(subj, key_path="./k.key", cert_path="./cert.crt"):
|
||||
return subprocess.call(["/usr/bin/openssl", "req", "-new", "-x509", "-key", key_path,\
|
||||
"-out", cert_path, "-days", "3650", "-subj", subj], stdout=DEVNULL, stderr=subprocess.STDOUT)
|
||||
|
||||
def create_ext_file(cn, ext_filename):
|
||||
with open(ext_filename, 'w') as f:
|
||||
f.write("subjectAltName = DNS.1:{}".format(cn))
|
||||
|
||||
@stat_decorator
|
||||
def create_cert(subj, ca_key, ca_cert, key_path="./k.key", cert_path="./cert.crt"):
|
||||
def create_cert(subj, ca_key, ca_cert, key_path="./k.key", cert_path="./cert.crt", extfile='extfile.cnf'):
|
||||
cert_dir = os.path.dirname(cert_path)
|
||||
csr_path = os.path.join(cert_dir, "tmp.csr")
|
||||
rc = subprocess.call(["/usr/bin/openssl", "req", "-newkey", "rsa:4096", "-nodes","-sha256","-keyout", key_path,\
|
||||
@ -61,7 +65,8 @@ def create_cert(subj, ca_key, ca_cert, key_path="./k.key", cert_path="./cert.crt
|
||||
if rc != 0:
|
||||
return rc
|
||||
return subprocess.call(["/usr/bin/openssl", "x509", "-req", "-days", "3650", "-in", csr_path, "-CA", \
|
||||
ca_cert, "-CAkey", ca_key, "-CAcreateserial", "-out", cert_path], stdout=DEVNULL, stderr=subprocess.STDOUT)
|
||||
ca_cert, "-CAkey", ca_key, "-CAcreateserial", "-extfile", extfile ,"-out", cert_path],
|
||||
stdout=DEVNULL, stderr=subprocess.STDOUT)
|
||||
|
||||
|
||||
def openssl_installed():
|
||||
|
@ -1,6 +1,6 @@
|
||||
import os, shutil, pathlib
|
||||
from g import templates_dir, config_dir, root_crt_path, secret_key_dir, secret_dir, DEFAULT_UID, DEFAULT_GID
|
||||
from .cert import openssl_installed, create_cert, create_root_cert, get_alias
|
||||
from .cert import openssl_installed, create_cert, create_root_cert, get_alias, create_ext_file
|
||||
from .jinja import render_jinja
|
||||
from .misc import mark_file, prepare_dir
|
||||
|
||||
@ -56,6 +56,7 @@ def prepare_env_notary(nginx_config_dir):
|
||||
signer_cert_path = os.path.join(temp_cert_dir, "notary-signer.crt")
|
||||
signer_key_path = os.path.join(temp_cert_dir, "notary-signer.key")
|
||||
create_root_cert(ca_subj, key_path=signer_ca_key, cert_path=signer_ca_cert)
|
||||
create_ext_file('notarysigner', 'extfile.cnf')
|
||||
create_cert(cert_subj, signer_ca_key, signer_ca_cert, key_path=signer_key_path, cert_path=signer_cert_path)
|
||||
print("Copying certs for notary signer")
|
||||
shutil.copy2(signer_cert_path, signer_cert_secret_path)
|
||||
|
Loading…
Reference in New Issue
Block a user