26
26
from vyos .utils .process import call
27
27
from vyos .utils .network import check_port_availability
28
28
from vyos .utils .network import is_listen_port_bind_service
29
- from vyos .pki import wrap_certificate
30
- from vyos .pki import wrap_private_key
31
29
from vyos .pki import find_chain
32
30
from vyos .pki import load_certificate
31
+ from vyos .pki import load_private_key
33
32
from vyos .pki import encode_certificate
33
+ from vyos .pki import encode_private_key
34
34
from vyos .template import render
35
35
from vyos .utils .file import write_file
36
36
from vyos import ConfigError
@@ -128,6 +128,9 @@ def generate(lb):
128
128
if not os .path .isdir (load_balancing_dir ):
129
129
os .mkdir (load_balancing_dir )
130
130
131
+ loaded_ca_certs = {load_certificate (c ['certificate' ])
132
+ for c in lb ['pki' ]['ca' ].values ()} if 'ca' in lb ['pki' ] else {}
133
+
131
134
# SSL Certificates for frontend
132
135
for front , front_config in lb ['service' ].items ():
133
136
if 'ssl' not in front_config :
@@ -141,12 +144,16 @@ def generate(lb):
141
144
cert_file_path = os .path .join (load_balancing_dir , f'{ cert_name } .pem' )
142
145
cert_key_path = os .path .join (load_balancing_dir , f'{ cert_name } .pem.key' )
143
146
144
- with open (cert_file_path , 'w' ) as f :
145
- f .write (wrap_certificate (pki_cert ['certificate' ]))
147
+ loaded_pki_cert = load_certificate (pki_cert ['certificate' ])
148
+ cert_full_chain = find_chain (loaded_pki_cert , loaded_ca_certs )
149
+
150
+ write_file (cert_file_path ,
151
+ '\n ' .join (encode_certificate (c ) for c in cert_full_chain ))
146
152
147
153
if 'private' in pki_cert and 'key' in pki_cert ['private' ]:
148
- with open (cert_key_path , 'w' ) as f :
149
- f .write (wrap_private_key (pki_cert ['private' ]['key' ]))
154
+ loaded_key = load_private_key (pki_cert ['private' ]['key' ], passphrase = None , wrap_tags = True )
155
+ key_pem = encode_private_key (loaded_key , passphrase = None )
156
+ write_file (cert_key_path , key_pem )
150
157
151
158
# SSL Certificates for backend
152
159
for back , back_config in lb ['backend' ].items ():
@@ -158,9 +165,6 @@ def generate(lb):
158
165
ca_cert_file_path = os .path .join (load_balancing_dir , f'{ ca_name } .pem' )
159
166
ca_chains = []
160
167
161
- loaded_ca_certs = {load_certificate (c ['certificate' ])
162
- for c in lb ['pki' ]['ca' ].values ()} if 'ca' in lb ['pki' ] else {}
163
-
164
168
pki_ca_cert = lb ['pki' ]['ca' ][ca_name ]
165
169
loaded_ca_cert = load_certificate (pki_ca_cert ['certificate' ])
166
170
ca_full_chain = find_chain (loaded_ca_cert , loaded_ca_certs )
@@ -172,7 +176,6 @@ def generate(lb):
172
176
173
177
return None
174
178
175
-
176
179
def apply (lb ):
177
180
call ('systemctl daemon-reload' )
178
181
if not lb :
0 commit comments