mirror of
https://github.com/laurivosandi/certidude
synced 2024-12-23 00:25:18 +00:00
Merge branch 'plaes-codecov'
This commit is contained in:
commit
34636a2abc
@ -7,10 +7,16 @@ python:
|
|||||||
- "3.3"
|
- "3.3"
|
||||||
- "3.4"
|
- "3.4"
|
||||||
- "3.5"
|
- "3.5"
|
||||||
|
after_success:
|
||||||
|
- codecov
|
||||||
|
before_install:
|
||||||
|
# codecov.io
|
||||||
|
- pip install codecov pytest-cov
|
||||||
install:
|
install:
|
||||||
- pip install -r requirements.txt
|
- pip install -r requirements.txt
|
||||||
- pip install --editable .
|
- pip install --editable .
|
||||||
script: py.test
|
script:
|
||||||
|
- py.test && py.test --cov-report xml --cov=certidude tests/
|
||||||
cache:
|
cache:
|
||||||
directories:
|
directories:
|
||||||
- $HOME/.cache/pip
|
- $HOME/.cache/pip
|
||||||
|
@ -1,6 +1,13 @@
|
|||||||
Certidude
|
Certidude
|
||||||
=========
|
=========
|
||||||
|
|
||||||
|
.. image:: https://travis-ci.org/laurivosandi/certidude.svg?branch=master
|
||||||
|
:target: https://travis-ci.org/laurivosandi/certidude
|
||||||
|
|
||||||
|
.. image:: http://codecov.io/github/laurivosandi/certidude/coverage.svg?branch=master
|
||||||
|
:target: http://codecov.io/github/laurivosandi/certidude?branch=master
|
||||||
|
|
||||||
|
|
||||||
Introduction
|
Introduction
|
||||||
------------
|
------------
|
||||||
|
|
||||||
|
@ -267,7 +267,7 @@ class RequestListResource(CertificateAuthorityBase):
|
|||||||
# TODO: check for revoked certificates and return HTTP 410 Gone
|
# TODO: check for revoked certificates and return HTTP 410 Gone
|
||||||
|
|
||||||
# Process automatic signing if the IP address is whitelisted and autosigning was requested
|
# Process automatic signing if the IP address is whitelisted and autosigning was requested
|
||||||
if req.get_param("autosign") in ("yes", "1", "true"):
|
if req.get_param_as_bool("autosign"):
|
||||||
for subnet in ca.autosign_subnets:
|
for subnet in ca.autosign_subnets:
|
||||||
if subnet.overlaps(remote_addr):
|
if subnet.overlaps(remote_addr):
|
||||||
try:
|
try:
|
||||||
|
@ -41,7 +41,7 @@ curl {{request.url}}/certificate/ > /etc/ipsec.d/cacerts/ca.pem
|
|||||||
openssl genrsa -out /etc/ipsec.d/private/$CN.pem 4096
|
openssl genrsa -out /etc/ipsec.d/private/$CN.pem 4096
|
||||||
chmod 0600 /etc/ipsec.d/private/$CN.pem
|
chmod 0600 /etc/ipsec.d/private/$CN.pem
|
||||||
openssl req -new -sha256 -key /etc/ipsec.d/private/$CN.pem -out /etc/ipsec.d/reqs/$CN.pem -subj "{% if s.C %}/C={{s.C}}{% endif %}{% if s.ST %}/ST={{s.ST}}{% endif %}{% if s.L %}/L={{s.L}}{% endif %}{% if s.O %}/O={{s.O}}{% endif %}{% if s.OU %}/OU={{s.OU}}{% endif %}/CN=$CN"
|
openssl req -new -sha256 -key /etc/ipsec.d/private/$CN.pem -out /etc/ipsec.d/reqs/$CN.pem -subj "{% if s.C %}/C={{s.C}}{% endif %}{% if s.ST %}/ST={{s.ST}}{% endif %}{% if s.L %}/L={{s.L}}{% endif %}{% if s.O %}/O={{s.O}}{% endif %}{% if s.OU %}/OU={{s.OU}}{% endif %}/CN=$CN"
|
||||||
curl -L -H "Content-Type: application/pkcs10" --data-binary @/etc/ipsec.d/reqs/$CN.pem {{request.uri}}/request/?autosign=1\&wait=30 > /etc/ipsec.d/certs/$CN.pem.part
|
curl -L -H "Content-Type: application/pkcs10" --data-binary @/etc/ipsec.d/reqs/$CN.pem {{request.uri}}/request/?autosign=yes\&wait=30 > /etc/ipsec.d/certs/$CN.pem.part
|
||||||
if [ $? -eq 0 ]; then mv /etc/ipsec.d/certs/$CN.pem.part /etc/ipsec.d/certs/$CN.pem; fi
|
if [ $? -eq 0 ]; then mv /etc/ipsec.d/certs/$CN.pem.part /etc/ipsec.d/certs/$CN.pem; fi
|
||||||
openssl verify -CAfile /etc/ipsec.d/cacerts/ca.pem /etc/ipsec.d/certs/$CN.pem
|
openssl verify -CAfile /etc/ipsec.d/cacerts/ca.pem /etc/ipsec.d/certs/$CN.pem
|
||||||
</pre>
|
</pre>
|
||||||
|
@ -124,12 +124,7 @@ class CertificateAuthorityConfig(object):
|
|||||||
"""
|
"""
|
||||||
Returns sorted list of CA-s defined in the configuration file.
|
Returns sorted list of CA-s defined in the configuration file.
|
||||||
"""
|
"""
|
||||||
l = [s[3:] for s in self._config if s.startswith("CA_")]
|
return sorted([s[3:] for s in self._config if s.startswith("CA_")])
|
||||||
# Sanity check for duplicates (although ConfigParser fails earlier)
|
|
||||||
if len(l) != len(set(l)):
|
|
||||||
raise ValueError
|
|
||||||
return sorted(l)
|
|
||||||
|
|
||||||
|
|
||||||
def pop_certificate_authority(self):
|
def pop_certificate_authority(self):
|
||||||
def wrapper(func):
|
def wrapper(func):
|
||||||
|
25
tests/test_ca.py
Normal file
25
tests/test_ca.py
Normal file
@ -0,0 +1,25 @@
|
|||||||
|
from click.testing import CliRunner
|
||||||
|
from certidude.cli import entry_point as cli
|
||||||
|
|
||||||
|
|
||||||
|
from certidude.wrappers import CertificateAuthorityConfig
|
||||||
|
|
||||||
|
runner = CliRunner()
|
||||||
|
|
||||||
|
def test_ca_config():
|
||||||
|
# Authority setup
|
||||||
|
with runner.isolated_filesystem():
|
||||||
|
result = runner.invoke(cli, ['setup', 'authority', 'xca'])
|
||||||
|
assert not result.exception
|
||||||
|
|
||||||
|
# Load CA
|
||||||
|
conf = CertificateAuthorityConfig('./xca/openssl.cnf.example')
|
||||||
|
|
||||||
|
assert conf.ca_list == ['xca']
|
||||||
|
|
||||||
|
ca = conf.instantiate_authority('xca')
|
||||||
|
|
||||||
|
cert = ca.certificate
|
||||||
|
|
||||||
|
assert cert.serial_number == '0000000000000000000000000000000000000001'
|
||||||
|
# TODO: Figure out a way to properly test cert.signed, cert.expires, cert.digest, etc
|
@ -1,19 +1,9 @@
|
|||||||
import os
|
import os
|
||||||
import pwd
|
|
||||||
import pytest
|
|
||||||
from click.testing import CliRunner
|
from click.testing import CliRunner
|
||||||
from certidude.cli import entry_point as cli
|
from certidude.cli import entry_point as cli
|
||||||
|
|
||||||
runner = CliRunner()
|
runner = CliRunner()
|
||||||
|
|
||||||
def user_check(name='certidude'):
|
|
||||||
try:
|
|
||||||
pwd.getpwnam(name)
|
|
||||||
return False
|
|
||||||
except KeyError:
|
|
||||||
pass
|
|
||||||
return True
|
|
||||||
|
|
||||||
def test_cli_setup_authority():
|
def test_cli_setup_authority():
|
||||||
# Authority setup
|
# Authority setup
|
||||||
# TODO: parent, common-name, country, state, locality
|
# TODO: parent, common-name, country, state, locality
|
||||||
|
Loading…
Reference in New Issue
Block a user