Utilities

This module module is used to generate the CAs and CRLs (revoked certificates)

Example:

from DIRAC.Core.Security import Utilities

retVal = Utilities.generateRevokedCertsFile()
if retVal['OK']:
  cl = Elasticsearch( self.__url,
                      timeout = self.__timeout,
                      use_ssl = True,
                      verify_certs = True,
                      ca_certs = retVal['Value'] )

or:

retVal = Utilities.generateCAFile('/WebApp/HTTPS/Cert')
if retVal['OK']:
  sslops = dict( certfile = CertificateMgmt.getCert(/WebApp/HTTPS/Cert),
                 keyfile = CertificateMgmt.getCert(/WebApp/HTTPS/Key),
                 cert_reqs = ssl.CERT_OPTIONAL,
                 ca_certs = retVal['Value'],
                 ssl_version = ssl.PROTOCOL_TLSv1 )

srv = tornado.httpserver.HTTPServer( self.__app, ssl_options = sslops, xheaders = True )

Note: If you wan to make sure that the CA is up to date, better to use the BundleDeliveryClient.

DIRAC.Core.Security.Utilities.generateCAFile(location=None)

Generate/find a single CA file with all the PEMs

Parameters:

location (str) – we can specify a specific CS location where it’s written a directory where to find the CAs and CRLs

Returns:

directory where the file cas.pem which contains all certificates is found/created

DIRAC.Core.Security.Utilities.generateRevokedCertsFile(location=None)

Generate a single CA file with all the PEMs

Parameters:

location (str) – we can specify a specific CS location where it’s written a directory where to find the CAs and CRLs

Returns:

directory where the file crls.pem which contains all CRLs is created