From: John Mulligan Date: Thu, 24 Apr 2025 18:55:38 +0000 (-0400) Subject: python-common/cryptotools: add caller module for base class X-Git-Url: http://git.apps.os.sepia.ceph.com/?a=commitdiff_plain;h=c3dc34a0d55e65694a1b7f2c0d423c4f2f0ed252;p=ceph.git python-common/cryptotools: add caller module for base class Signed-off-by: John Mulligan --- diff --git a/src/python-common/ceph/cryptotools/caller.py b/src/python-common/ceph/cryptotools/caller.py new file mode 100644 index 0000000000000..42147e5573b8e --- /dev/null +++ b/src/python-common/ceph/cryptotools/caller.py @@ -0,0 +1,48 @@ +from typing import Dict, Tuple + +import abc + + +class CryptoCallError(ValueError): + pass + + +class CryptoCaller(abc.ABC): + """Abstract base class for `CryptoCaller`s - an interface that + encapsulates basic password and TLS cert related functions + needed by the Ceph MGR. + """ + + @abc.abstractmethod + def create_private_key(self) -> str: + """Create a new TLS private key, returning it as a string.""" + + @abc.abstractmethod + def create_self_signed_cert( + self, dname: Dict[str, str], pkey: str + ) -> str: + """Given TLS certificate subject parameters and a private key, + create a new self signed certificate - returned as a string. + """ + + @abc.abstractmethod + def verify_tls(self, crt: str, key: str) -> None: + """Given a TLS certificate and a private key raise an error + if the combination is not valid. + """ + + @abc.abstractmethod + def certificate_days_to_expire(self, crt: str) -> int: + """Return the number of days until the given TLS certificate expires.""" + + @abc.abstractmethod + def get_cert_issuer_info(self, crt: str) -> Tuple[str, str]: + """Basic validation of a ca cert""" + + @abc.abstractmethod + def password_hash(self, password: str, salt_password: str) -> str: + """Hash a password. Returns the hashed password as a string.""" + + @abc.abstractmethod + def verify_password(self, password: str, hashed_password: str) -> bool: + """Return true if a password and hash match."""