Forum Discussion

Steve_Brown_882's avatar
Steve_Brown_882
Historic F5 Account
Dec 30, 2010

pycontrol 2 and key_generate

Hey Guys,

 

I just started playing with pycontrol 2 and I am also trying to generate an ssl key and csr using icontrol. I have a bit of code, but I just can't seem to make it all work. Anyone want to take a peak and let me know what you think? This is cut from ipython so I left out the basics.

 

 

key_types = b.Management.KeyCertificate.typefactory.create('Management.

 

KeyCertificate.KeySequence')

 

key_types.id = 'testkey.domain.com'

 

key_types.key_type = 'KTYPE_RSA_PRIVATE'

 

key_types.bit_length = 1024

 

key_types.security = 'STYPE_NORMAL'

 

x509data = b.Management.KeyCertificate.typefactory.create('Management.K

 

eyCertificate.X509DataSequence')

 

x509data.common_name = 'testkey.deloitte.com'

 

x509data.country_name = 'US'

 

x509data.state_name = 'New York'

 

x509data.locality_name = 'New York'

 

x509data.organization_name = 'Company'

 

x509data.division_name = 'Team'

 

b.Management.KeyCertificate.key_generate( mode = ['MANAGEMENT_MODE_DEFAULT'], keys = [key_types], x509_data = [x509data], create_optional_cert_csr = True, overwrite = False)

 

  • Ok, this should get you working. Notice a few things - if a kwarg is singular, it's not a list. So 'mode' here doesn't expect to be a list. Also, for simply 'Sequence' types like these, you don't have to create that type explicitly. Just wrap it in a list bracket and you're off and rolling. Anyhow, here's the way to generate this, with some notes added.

    
    In [58]: km.key_generate.params  Let's check out the params we expect to pass in. Notice that the "mode" param isn't a sequence, so it's not a list...
    Out[58]:
    [(mode, u'Management.KeyCertificate.ManagementModeType'),
     (keys, u'Management.KeyCertificate.KeySequence'),
     (x509_data, u'Management.KeyCertificate.X509DataSequence'),
     (create_optional_cert_csr, u'boolean'),
     (overwrite, u'boolean')]
     Cool, now let's start creating some objects to pass into the keys, x509_data kwargs.
    In [62]: key = km.typefactory.create('Management.KeyCertificate.Key')  NOTE: I didn't create the sequence. If you do a dir() on this key object, you'll see all of the attributes listed in the SDK. Let's set them now.
    In [63]: key.id = 'tetkey.domain.com'
    In [65]: key.key_type = 'KTYPE_RSA_PRIVATE'
    In [66]: key.bit_length = 1024
    In [67]: key.security = 'STYPE_NORMAL'
    
     Same routine exactly for the x509 stuff. Notice I didn't create the 'Sequence' object here either...The actual XML data is marshalled into the object below as attributes.
    In [68]: x509data = km.typefactory.create('Management.KeyCertificate.X509Data')
    In [69]: x509data.common_name = 'testkey.deloitte.com'
    In [70]: x509data.country_name = 'US'
    In [71]: x509data.state_name = 'New York'
    In [72]: x509data.locality_name = 'New York'
    In [73]: x509data.organization_name = 'Company'
    In [75]: x509data.division_name = 'Team'
    
     Let's see what happens with the generation now!
    In [76]:  km.key_generate(mode = 'MANAGEMENT_MODE_DEFAULT',keys = [key],x509_data = [x509data],create_optional_cert_csr = True,overwrite = False)
    
     Let's confirm:
    In [79]: km.get_certificate_request_list(mode = 'MANAGEMENT_MODE_DEFAULT')
    Out[79]:[(Management.KeyCertificate.CertificateRequestInformation){
       csr_info =
          (Management.KeyCertificate.CertificateRequest){
             id = "default"
             email = None
             challenge_password = None
          }
       title = None
       serial_number = None
       file_name = "/config/ssl/ssl.csr/default.csr"
       key_type = "KTYPE_RSA_PUBLIC"
       bit_length = 1024
       subject =
          (Management.KeyCertificate.X509Data){
             common_name = "localhost.localdomain"
             country_name = "US"
             state_name = "WA"
             locality_name = "Seattle"
             organization_name = "MyCompany"
             division_name = "IT"
          }
     },
     (Management.KeyCertificate.CertificateRequestInformation){
       csr_info =
          (Management.KeyCertificate.CertificateRequest){
             id = "tetkey.domain.com"
             email = None
             challenge_password = None
          }
       title = None
       serial_number = None
       file_name = "/config/ssl/ssl.csr/tetkey.domain.com.csr"
       key_type = "KTYPE_RSA_PUBLIC"
       bit_length = 1024
       subject =
          (Management.KeyCertificate.X509Data){
             common_name = "testkey.deloitte.com"
             country_name = "US"
             state_name = "New York"
             locality_name = "New York"
             organization_name = "Company"
             division_name = "Team"
          }
     }]
     Ding!
    

    Hope this helps. Please post back any questions you've got as it relates to the types. Also, if you've not had a look at the pycontrol tutorial videos it may be worth looking; I go into a little bit of how the types work, as well as the SDK's semantics.

    -Matt

  • Steve_Brown_882's avatar
    Steve_Brown_882
    Historic F5 Account
    Thanks for helping me out with this, makes me feel like I accomplished soemthing the day before New Years. The comments really helped straighten some of it our in general.

     

    Before last week I was running the old pycontrol but I blew my enviroment up so I switched to '2'. I have to say that I really like this version better so far.