2016-09-17 21:00:14 +00:00
|
|
|
|
|
|
|
import click
|
|
|
|
import os
|
|
|
|
import socket
|
2017-04-13 20:30:28 +00:00
|
|
|
import sys
|
2018-05-15 07:45:29 +00:00
|
|
|
from datetime import timedelta
|
2016-09-17 21:00:14 +00:00
|
|
|
|
2018-05-17 09:00:13 +00:00
|
|
|
KEY_SIZE = 1024 if os.getenv("COVERAGE_PROCESS_START") else 4096
|
2018-04-09 13:08:12 +00:00
|
|
|
CURVE_NAME = "secp384r1"
|
2018-04-27 07:48:15 +00:00
|
|
|
RE_FQDN = "^(([a-z0-9]|[a-z0-9][a-z0-9\-_]*[a-z0-9])\.)+([a-z0-9]|[a-z0-9][a-z0-9\-_]*[a-z0-9])?$"
|
|
|
|
RE_HOSTNAME = "^[a-z0-9]([a-z0-9\-_]{0,61}[a-z0-9])?$"
|
|
|
|
RE_COMMON_NAME = "^[A-Za-z0-9\-\.\_@]+$"
|
2018-05-15 07:45:29 +00:00
|
|
|
CLOCK_SKEW_TOLERANCE = timedelta(minutes=5) # Kerberos-like clock skew tolerance
|
2018-04-09 13:08:12 +00:00
|
|
|
|
2017-05-01 16:20:50 +00:00
|
|
|
RUN_DIR = "/run/certidude"
|
2017-05-03 07:04:52 +00:00
|
|
|
CONFIG_DIR = "/etc/certidude"
|
2018-01-03 22:12:02 +00:00
|
|
|
SERVER_CONFIG_PATH = os.path.join(CONFIG_DIR, "server.conf")
|
|
|
|
BUILDER_CONFIG_PATH = os.path.join(CONFIG_DIR, "builder.conf")
|
2018-05-15 07:45:29 +00:00
|
|
|
SCRIPT_DIR = os.path.join(CONFIG_DIR, "script")
|
|
|
|
BUILDER_SITE_SCRIPT = os.path.join(SCRIPT_DIR, "site.sh")
|
2018-04-16 12:13:31 +00:00
|
|
|
PROFILE_CONFIG_PATH = os.path.join(CONFIG_DIR, "profile.conf")
|
2016-09-17 21:00:14 +00:00
|
|
|
CLIENT_CONFIG_PATH = os.path.join(CONFIG_DIR, "client.conf")
|
|
|
|
SERVICES_CONFIG_PATH = os.path.join(CONFIG_DIR, "services.conf")
|
2017-05-03 07:04:52 +00:00
|
|
|
SERVER_PID_PATH = os.path.join(RUN_DIR, "server.pid")
|
2017-05-06 21:07:41 +00:00
|
|
|
STORAGE_PATH = "/var/lib/certidude/"
|
2016-09-17 21:00:14 +00:00
|
|
|
|
2017-05-01 16:20:50 +00:00
|
|
|
try:
|
|
|
|
FQDN = socket.getaddrinfo(socket.gethostname(), 0, socket.AF_INET, 0, 0, socket.AI_CANONNAME)[0][3]
|
|
|
|
except socket.gaierror:
|
2017-06-04 14:33:47 +00:00
|
|
|
FQDN = socket.gethostname()
|
2018-04-27 07:48:15 +00:00
|
|
|
if hasattr(FQDN, "decode"): # Keep client backwards compatible with Python 2.x
|
|
|
|
FQDN = FQDN.decode("ascii")
|
2016-09-17 21:00:14 +00:00
|
|
|
|
2017-05-27 18:17:21 +00:00
|
|
|
try:
|
|
|
|
HOSTNAME, DOMAIN = FQDN.split(".", 1)
|
|
|
|
except ValueError: # If FQDN is not configured
|
|
|
|
HOSTNAME = FQDN
|
|
|
|
DOMAIN = None
|
2016-09-17 21:00:14 +00:00
|
|
|
|
2017-04-14 17:21:31 +00:00
|
|
|
# TODO: lazier, otherwise gets evaluated before installing package
|
2017-04-13 23:49:11 +00:00
|
|
|
if os.path.exists("/etc/strongswan/ipsec.conf"): # fedora dafuq?!
|
|
|
|
STRONGSWAN_PREFIX = "/etc/strongswan"
|
|
|
|
else:
|
|
|
|
STRONGSWAN_PREFIX = "/etc"
|