Added the Anchor Driver

Anchor is the evolution of eca. It has a different API
and different rulesets.

Patch tested against the current Anchor Master and docker
container

Change-Id: I6b04ae50fb7e4e81dc414ef4ea361b3a673bffaa

cathead/drivers/anchor.py

@@ -0,0 +1,58 @@
+#   (c) Copyright 2015 Hewlett-Packard Development Company, L.P.
+#
+#   Licensed under the Apache License, Version 2.0 (the "License");
+#   you may not use this file except in compliance with the License.
+#   You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#   Unless required by applicable law or agreed to in writing, software
+#   distributed under the License is distributed on an "AS IS" BASIS,
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#   See the License for the specific language governing permissions and
+#   limitations under the License.
+
+import datetime
+import logging
+
+import requests
+
+from cathead import cadriver
+from cathead import x509
+
+LOG = logging.getLogger(__name__)
+
+class AnchorDriver(cadriver.CaDriver):
+
+    def __init__(self, host, port,
+                 user, secret, root='default', scheme='http'):
+        self.host = host
+        self.port = port
+        self.user = user
+        self.secret = secret
+        self.scheme = scheme
+        self.root = root
+
+    def sign(self, csr):
+        url = "{scheme}://{host}:{port}/v1/sign/{root}".format(**self.__dict__)
+        LOG.info("Sending CSR to %s" % url)
+        params = {"user": self.user,
+                  "secret": self.secret,
+                  "encoding": "pem",
+                  "csr": csr,
+                  "root": self.root}
+        r = requests.post(url, data=params)
+        cert = r.text
+        LOG.debug("Received from Anchor server:\n%s" % cert)
+        if self._is_valid_cert(cert):
+            return cert
+        else:
+            LOG.info("Received invalid certificate from Anchor")
+
+    def _is_valid_cert(self, cert):
+        try:
+            expire = x509.get_expire_date(cert)
+            return expire > datetime.datetime.now()
+        except Exception as e:
+            LOG.info("invalid cert, failed check date with:\n%s", e)
+            return False

example_config.py

@@ -12,6 +12,9 @@
 #   See the License for the specific language governing permissions and
 #   limitations under the License.
 
+# The anchor driver is setup to use the default configuration
+# of anchor when running in a container
+
 CONF = {
     'failure_refresh_timeout': 10,
     'drivers': [
@@ -21,20 +24,21 @@ CONF = {
             'ca_key_file': 'ca.p.key',
         },
         {
-            'name': 'eca',
-            'driver': 'cathead.drivers.eca.EcaDriver',
-            'host': '127.0.0.1',
-            'port': 5000,
+            'name': 'anchor',
+            'driver': 'cathead.drivers.anchor.AnchorDriver',
+            'host': '192.168.99.100',
+            'port': 5016,
             'user': 'woot',
             'secret': 'woot',
+            'root': 'default'
         }
     ],
     'certs': [
         {
-            'driver': 'eca',
-            'key': 'ca.p.key',
-            'cert': 'newcrt.crt',
-            'refresh_window': None,
+            'driver': 'anchor',
+            'key': 'tmp/anchor-test.example.com.key',
+            'cert': 'tmp/anchor-test.example.com.crt',
+            'refresh_window': 1,
             'common_name': '127.0.0.1',
             'on_refresh_success': 'hello_system',
         }

tests/test_anchordriver.py

@@ -0,0 +1,13 @@
+import unittest
+
+from cathead import cadriver
+from cathead.drivers import anchor
+
+
+class AnchorDriverTestCase(unittest.TestCase):
+
+    def test_sign(self):
+        driver = anchor.AnchorDriver("host", "port", "user", "password",root="default")
+        self.assertTrue(isinstance(driver, cadriver.CaDriver))
+
+    #TODO(hyakuhei) functional tests - spin up anchor container maybe?