# Copyright 2018 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. import base64 import json import OpenSSL import random from password import GeneratePassword def generate_password(config): """Generate password value for SchemaXPassword config.""" pw = GeneratePassword(config.length, config.include_symbols) if config.base64: pw = base64.b64encode(pw.encode('utf-8')).decode() return pw def generate_tls_certificate(): """Generate TLS value, a json string.""" cert_seconds_to_expiry = 60 * 60 * 24 * 365 # one year key = OpenSSL.crypto.PKey() key.generate_key(OpenSSL.crypto.TYPE_RSA, 2048) cert = OpenSSL.crypto.X509() cert.get_subject().OU = 'GCP Marketplace K8s App Tools' cert.get_subject().CN = 'Temporary Certificate' cert.gmtime_adj_notBefore(0) cert.gmtime_adj_notAfter(cert_seconds_to_expiry) cert.set_serial_number(random.getrandbits(64)) cert.set_issuer(cert.get_subject()) cert.set_pubkey(key) cert.sign(key, 'sha256') return json.dumps({ 'private_key': OpenSSL.crypto.dump_privatekey(OpenSSL.crypto.FILETYPE_PEM, key).decode('ascii'), 'certificate': OpenSSL.crypto.dump_certificate(OpenSSL.crypto.FILETYPE_PEM, cert).decode('ascii') })