Merge branch 'master' of https://github.com/gdhagger/bcfg2

author: Sol Jerome <sol.jerome@gmail.com> 2011-01-26 15:58:51 -0600
committer: Sol Jerome <sol.jerome@gmail.com> 2011-01-26 15:58:51 -0600
commit: bd535d36fc017000e5c2d0642a058e0ca679818e (patch)
tree: d68d4ae70b10c01d09606da60c3e47270a265ebf
parent: 8f756274886982b370bc440f16d799675f8d83de (diff)
parent: bbc27db7def9b8b1243f54f59339cc83f57ccf0e (diff)
download: bcfg2-bd535d36fc017000e5c2d0642a058e0ca679818e.tar.gz
bcfg2-bd535d36fc017000e5c2d0642a058e0ca679818e.tar.bz2
bcfg2-bd535d36fc017000e5c2d0642a058e0ca679818e.zip
1 files changed, 27 insertions, 2 deletions
diff --git a/src/lib/Server/Plugins/SSLCA.py b/src/lib/Server/Plugins/SSLCA.py
index 4125cd498..1c9e1b59d 100644
--- a/src/lib/Server/Plugins/SSLCA.py
+++ b/src/lib/Server/Plugins/SSLCA.py
@@ -104,6 +104,8 @@ class SSLCA(Bcfg2.Server.Plugin.GroupSpool):
             key = self.build_key(filename, entry, metadata)
             open(self.data + filename, 'w').write(key)
             entry.text = key
+            self.entries[filename] = self.__child__("%s%s" % (self.data, filename))
+            self.entries[filename].HandleEvent()
         else:
             entry.text = self.entries[filename].data
 
@@ -144,14 +146,22 @@ class SSLCA(Bcfg2.Server.Plugin.GroupSpool):
             self.core.Bind(e, metadata)
 
         # check if we have a valid hostfile
-        if filename in self.entries.keys() and self.verify_cert(filename, entry):
+        if filename in self.entries.keys() and self.verify_cert(filename, key_filename, entry):
             entry.text = self.entries[filename].data
         else:
             cert = self.build_cert(key_filename, entry, metadata)
             open(self.data + filename, 'w').write(cert)
+            self.entries[filename] = self.__child__("%s%s" % (self.data, filename))
+            self.entries[filename].HandleEvent()
             entry.text = cert
 
-    def verify_cert(self, filename, entry):
+    def verify_cert(self, filename, key_filename, entry):
+        if self.verify_cert_against_ca(filename, entry):
+            if self.verify_cert_against_key(filename, key_filename):
+                return True
+        return False
+
+    def verify_cert_against_ca(self, filename, entry):
         """
         check that a certificate validates against the ca cert,
         and that it has not expired.
@@ -164,6 +174,21 @@ class SSLCA(Bcfg2.Server.Plugin.GroupSpool):
             return True
         return False
 
+    def verify_cert_against_key(self, filename, key_filename):
+        """
+        check that a certificate validates against its private key.
+        """
+        cert = self.data + filename
+        key = self.data + key_filename
+        cmd = "openssl x509 -noout -modulus -in %s | openssl md5" % cert
+        cert_md5 = Popen(cmd, shell=True, stdout=PIPE, stderr=STDOUT).stdout.read()
+        cmd = "openssl rsa -noout -modulus -in %s | openssl md5" % key
+        key_md5 = Popen(cmd, shell=True, stdout=PIPE, stderr=STDOUT).stdout.read()
+        if cert_md5 == key_md5:
+            return True
+        return False
+
+
     def build_cert(self, key_filename, entry, metadata):
         """
         creates a new certificate according to the specification
author	Sol Jerome <sol.jerome@gmail.com>	2011-01-26 15:58:51 -0600
committer	Sol Jerome <sol.jerome@gmail.com>	2011-01-26 15:58:51 -0600
commit	bd535d36fc017000e5c2d0642a058e0ca679818e (patch)
tree	d68d4ae70b10c01d09606da60c3e47270a265ebf
parent	8f756274886982b370bc440f16d799675f8d83de (diff)
parent	bbc27db7def9b8b1243f54f59339cc83f57ccf0e (diff)
download	bcfg2-bd535d36fc017000e5c2d0642a058e0ca679818e.tar.gz bcfg2-bd535d36fc017000e5c2d0642a058e0ca679818e.tar.bz2 bcfg2-bd535d36fc017000e5c2d0642a058e0ca679818e.zip