ó oBú]c@sƒdZddlZddlmZdZdZdZdZejj eeƒZ dd gZ d „Z d „Z d „Zd „ZdS(s8 CA Certs -------- **Summary:** add ca certificates This module adds CA certificates to ``/etc/ca-certificates.conf`` and updates the ssl cert cache using ``update-ca-certificates``. The default certificates can be removed from the system with the configuration option ``remove-defaults``. .. note:: certificates must be specified using valid yaml. in order to specify a multiline certificate, the yaml multiline list syntax must be used **Internal name:** ``cc_ca_certs`` **Module frequency:** per instance **Supported distros:** ubuntu, debian **Config keys**:: ca-certs: remove-defaults: trusted: - - | -----BEGIN CERTIFICATE----- YOUR-ORGS-TRUSTED-CA-CERT-HERE -----END CERTIFICATE----- iÿÿÿÿN(tutils/usr/share/ca-certificates/scloud-init-ca-certs.crts/etc/ca-certificates.confs/etc/ssl/certs/tubuntutdebiancCstjdgdtƒdS(sB Updates the CA certificate cache on the current machine. supdate-ca-certificatestcaptureN(RtsubptFalse(((s@/usr/lib/python2.7/site-packages/cloudinit/config/cc_ca_certs.pytupdate_ca_certs2scCsº|r¶djg|D]}t|ƒ^qƒ}tjt|ddƒtjtƒ}djg|jƒD]}|tkrf|^qfƒ}d|j ƒtf}tjt|ddƒndS(s® Adds certificates to the system. To actually apply the new certificates you must also call L{update_ca_certs}. @param certs: A list of certificate strings. s tmodei¤s%s %s tomodetwbN( tjointstrRt write_filetCA_CERT_FULL_PATHt load_filetCA_CERT_CONFIGt splitlinestCA_CERT_FILENAMEtrstrip(tcertstctcert_file_contentstorigtlinetcur_conttout((s@/usr/lib/python2.7/site-packages/cloudinit/config/cc_ca_certs.pyt add_ca_certs9s(cCsJtjtƒtjtƒtjtdddƒd}tjd|ƒdS( sŽ Removes all default trusted CA certificates from the system. To actually apply the change you must also call L{update_ca_certs}. tRi¤s8ca-certificates ca-certificates/trust_new_crts select nosdebconf-set-selectionst-N(sdebconf-set-selectionsR(Rtdelete_dir_contentst CA_CERT_PATHtCA_CERT_SYSTEM_PATHR RR(t debconf_sel((s@/usr/lib/python2.7/site-packages/cloudinit/config/cc_ca_certs.pytremove_default_ca_certsOs   cCs¶d|kr |jd|ƒdS|d}|jdtƒrS|jdƒtƒnd|kržtj|dƒ}|rž|jdt|ƒƒt|ƒqžn|jdƒtƒdS( su Call to handle ca-cert sections in cloud-config file. @param name: The module name "ca-cert" from cloud.cfg @param cfg: A nested dict containing the entire cloud config contents. @param cloud: The L{CloudInit} object in use. @param log: Pre-initialized Python logger object to use for logging. @param args: Any module arguments from cloud.cfg sca-certss<Skipping module named %s, no 'ca-certs' key in configurationNsremove-defaultssRemoving default certificatesttrustedsAdding %d certificatessUpdating certificates( tdebugtgetRR!Rtget_cfg_option_listtlenRR(tnametcfgt_cloudtlogt_argst ca_cert_cfgt trusted_certs((s@/usr/lib/python2.7/site-packages/cloudinit/config/cc_ca_certs.pythandle[s       (t__doc__tost cloudinitRRRRRtpathR R tdistrosRRR!R.(((s@/usr/lib/python2.7/site-packages/cloudinit/config/cc_ca_certs.pyt#s