• Search by Module
• Search by Words
• Search Projects

• Java
• Python
• JavaScript
• TypeScript
• C++
• Scala
• Blog

• pylxd-master
  • .mailmap
  • .coveragerc
  • migration
    • testing.py
    • busybox.py
    • test_containers.py
    • run_migration_integration_tests-18-04
    • __init__.py
  • integration
    • testing.py
    • test_networks.py
    • busybox.py
    • test_containers.py
    • test_profiles.py
    • test_images.py
    • test_client.py
    • run-integration-tests-in-lxd
    • __init__.py
    • test_storage.py
    • run-integration-tests
    • test_cluster_members.py
  • .testr.conf
  • LICENSE
  • test-requirements.txt
  • pylxd
    • exceptions.py
    • deprecated
      • operation.py
      • container.py
      • exceptions.py
      • image.py
      • api.py
      • profiles.py
      • connection.py
      • certificate.py
      • __init__.py
      • utils.py
      • tests
        • test_network.py
        • test_image_alias.py
        • test_container.py
        • test_host.py
        • fake_api.py
        • test_image.py
        • test_profiles.py
        • test_operation.py
        • test_connection.py
        • test_certificate.py
        • __init__.py
        • utils.py
      • network.py
      • hosts.py
      • base.py
    • managers.py
    • client.py
    • models
      • operation.py
      • _model.py
      • container.py
      • image.py
      • profile.py
      • certificate.py
      • instance.py
      • __init__.py
      • cluster.py
      • storage_pool.py
      • network.py
      • virtual_machine.py
    • deprecation.py
    • __init__.py
    • tests
      • testing.py
      • lxd.crt
      • lxd.key
      • models
        • test_cluster.py
        • test_network.py
        • test_image.py
        • test_operation.py
        • test_model.py
        • test_certificate.py
        • test_instance.py
        • test_cluster_member.py
        • test_profile.py
        • __init__.py
        • test_storage.py
      • test_client.py
      • mock_lxd.py
      • __init__.py
  • README.rst
  • setup.py
  • blacklist
  • CONTRIBUTORS.rst
  • setup.cfg
  • .travis.yml
  • openstack-common.conf
  • .gitreview
  • requirements.txt
  • .gitignore
  • MANIFEST.in
  • babel.cfg
  • doc
    • source
      • operations.rst
      • authentication.rst
      • usage.rst
      • storage-pools.rst
      • api.rst
      • images.rst
      • profiles.rst
      • clustering.rst
      • index.rst
      • conf.py
      • containers.rst
      • contributing.rst
      • installation.rst
      • events.rst
      • certificates.rst
      • networks.rst
  • tox.ini
  • contrib_testing
    • remote-test.py
    • local-unix-test.py
    • README.md
    • local-http-test.py

# Copyright (c) 2016 Canonical Ltd
#
#    Licensed under the Apache License, Version 2.0 (the "License"); you may
#    not use this file except in compliance with the License. You may obtain
#    a copy of the License at
#
#         http://www.apache.org/licenses/LICENSE-2.0
#
#    Unless required by applicable law or agreed to in writing, software
#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
#    License for the specific language governing permissions and limitations
#    under the License.
import binascii

from cryptography import x509
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives.serialization import Encoding

from pylxd.models import _model as model


class Certificate(model.Model):
    """A LXD certificate."""

    certificate = model.Attribute()
    fingerprint = model.Attribute()
    type = model.Attribute()
    name = model.Attribute()

    @classmethod
    def get(cls, client, fingerprint):
        """Get a certificate by fingerprint."""
        response = client.api.certificates[fingerprint].get()

        return cls(client, **response.json()['metadata'])

    @classmethod
    def all(cls, client):
        """Get all certificates."""
        response = client.api.certificates.get()

        certs = []
        for cert in response.json()['metadata']:
            fingerprint = cert.split('/')[-1]
            certs.append(cls(client, fingerprint=fingerprint))
        return certs

    @classmethod
    def create(cls, client, password, cert_data):
        """Create a new certificate."""
        cert = x509.load_pem_x509_certificate(cert_data, default_backend())
        base64_cert = cert.public_bytes(Encoding.PEM).decode('utf-8')
        # STRIP OUT CERT META "-----BEGIN CERTIFICATE-----"
        base64_cert = '\n'.join(base64_cert.split('\n')[1:-2])
        data = {
            'type': 'client',
            'certificate': base64_cert,
            'password': password,
        }
        client.api.certificates.post(json=data)

        # XXX: rockstar (08 Jun 2016) - Please see the open lxd bug here:
        # https://github.com/lxc/lxd/issues/2092
        fingerprint = binascii.hexlify(
            cert.fingerprint(hashes.SHA256())).decode('utf-8')
        return cls.get(client, fingerprint)

    @property
    def api(self):
        return self.client.api.certificates[self.fingerprint]