octavia.certificates.generator package

Submodules

octavia.certificates.generator.cert_gen module

Certificate Generator API

class CertGenerator[source]

Bases: object

Base Cert Generator Interface

A Certificate Generator is responsible for generating private keys, generating CSRs, and signing TLS certificates.

abstract generate_cert_key_pair(cn, validity, bit_length, passphrase)[source]

Generates a private key and certificate pair

Parameters:

  • cn – Common name to use for the Certificate

  • validity – Validity period for the Certificate

  • bit_length – Private key bit length

  • passphrase – Passphrase to use for encrypting the private key

Returns:

octavia.certificates.common.Cert representation of the certificate data

Raises:

Exception – If generation fails

abstract sign_cert(csr, validity)[source]

Generates a signed certificate from the provided CSR

This call is designed to block until a signed certificate can be returned.

Parameters:

  • csr – A Certificate Signing Request

  • validity – Valid for <validity> seconds from the current time

Returns:

PEM Encoded Signed certificate

Raises:

Exception – If certificate signing fails

octavia.certificates.generator.local module

class LocalCertGenerator[source]

Bases: CertGenerator

Cert Generator Interface that signs certs locally.

classmethod generate_cert_key_pair(cn, validity, bit_length=2048, passphrase=None, **kwargs)[source]

Generates a private key and certificate pair

Parameters:

  • cn – Common name to use for the Certificate

  • validity – Validity period for the Certificate

  • bit_length – Private key bit length

  • passphrase – Passphrase to use for encrypting the private key

Returns:

octavia.certificates.common.Cert representation of the certificate data

Raises:

Exception – If generation fails

classmethod sign_cert(csr, validity, ca_cert=None, ca_key=None, ca_key_pass=None, ca_digest=None)[source]

Signs a certificate using our private CA based on the specified CSR

The signed certificate will be valid from now until <validity> seconds from now.

Parameters:

  • csr – A Certificate Signing Request

  • validity – Valid for <validity> seconds from the current time

  • ca_cert – Signing Certificate (default: config)

  • ca_key – Signing Certificate Key (default: config)

  • ca_key_pass – Signing Certificate Key Pass (default: config)

  • ca_digest – Digest method to use for signing (default: config)

Returns:

Signed certificate

Raises:

Exception – if certificate signing fails

Module contents