+ raise error.Error("host %s already defined for psk" % host)
+
+ if "certificate" not in vals:
+ raise error.Error("'certificate' not defined for %s" % host)
+ elif "private_key" not in vals:
+ # Assume the private key is stored in the same PEM file as
+ # the certificate. We make a copy of "vals" so that we don't
+ # modify the original "vals", which would cause the script
+ # to constantly think that the configuration has changed
+ # in the database.
+ vals = vals.copy()
+ vals["private_key"] = vals["certificate"]
+
+ self._verify_certs(vals)
+
+ # The peer's certificate comes to us in PEM format as a string.
+ # Write that string to a file for Racoon to use.
+ peer_cert_file = "%s/ovs-%s.pem" % (self.cert_dir, host)
+ f = open(peer_cert_file, "w")
+ f.write(vals["peer_cert"])
+ f.close()
+
+ vals["peer_cert_file"] = peer_cert_file
+
+ self.cert_hosts[host] = vals
+ self.commit()
+
+ def _del_cert(self, host):
+ peer_cert_file = self.cert_hosts[host]["peer_cert_file"]
+ del self.cert_hosts[host]
+ self.commit()
+ try:
+ os.remove(peer_cert_file)
+ except OSError:
+ pass
+
+ def add_entry(self, host, vals):
+ if vals["peer_cert"]:
+ self._add_cert(host, vals)
+ elif vals["psk"]:
+ self._add_psk(host, vals)
+
+ def del_entry(self, host):
+ if host in self.cert_hosts:
+ self._del_cert(host)
+ elif host in self.psk_hosts: