octavia.common.tls_utils package¶

Submodules¶

build_pem(tls_container)[source]¶

Concatenate TLS container fields to create a PEM

encoded certificate file

get_cert_expiration(certificate_pem)[source]¶

Extract the expiration date from the Pem encoded X509 certificate

get_host_names(certificate)[source]¶

Extract the host names from the Pem encoded X509 certificate

Parameters:: certificate – A PEM encoded certificate
Returns:: A dictionary containing the following keys: [‘cn’, ‘dns_names’] where ‘cn’ is the CN from the SubjectName of the certificate, and ‘dns_names’ is a list of dNSNames (possibly empty) from the SubjectAltNames of the certificate.

get_intermediates_pems(intermediates=None)[source]¶

Split the input string into individual x509 text blocks

Parameters:: intermediates – PEM or PKCS7 encoded intermediate certificates
Returns:: A list of strings where each string represents an X509 pem block surrounded by BEGIN CERTIFICATE, END CERTIFICATE block tags

load_certificates_data(cert_mngr, obj, context=None)[source]¶

Load TLS certificate data from the listener/pool.

return TLS_CERT and SNI_CERTS

prepare_private_key(private_key, passphrase=None)[source]¶

Prepares an unencrypted PEM-encoded private key for printing

Parameters:: private_key – The private key in PEM format (encrypted or not)
Returns:: The unencrypted private key in PEM format

validate_cert(certificate, private_key=None, private_key_passphrase=None, intermediates=None)[source]¶

Validate that the certificate is a valid PEM encoded X509 object

Optionally verify that the private key matches the certificate. Optionally verify that the intermediates are valid X509 objects.

Parameters:

Returns:

boolean