def generate(self, subject, key_size=2048, valid_for_days=3650,
signature_alg='sha256', node_id=None):
"""Generate new certificate and register it in the system
Generate certificate with RSA key based on arguments provided,
register and associate it to principal identity on backend,
and store it in storage. If certificate already exists, fail.
"""
self._validate_empty()
cert, key = generate_self_signed_cert_pair(key_size,
valid_for_days,
signature_alg,
subject)
# register on backend
self._register_cert(cert, node_id or uuid.uuid4())
# save in storage
cert_pem = crypto.dump_certificate(crypto.FILETYPE_PEM, cert)
key_pem = crypto.dump_privatekey(crypto.FILETYPE_PEM, key)
self._storage_driver.store_cert(self._identity, cert_pem, key_pem)
LOG.debug("Client certificate generated successfully")
评论列表
文章目录
