lauri/certidude
1
0
Fork 0
mirror of https://github.com/laurivosandi/certidude synced 2024-12-22 16:25:17 +00:00
Code Issues Activity

tests: More coverage

Browse Source
This commit is contained in:
Lauri Võsandi 2017-07-06 09:29:02 +00:00
parent 34c72aaa9e
commit 39363a57c7
4 changed files with 40 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
certidude/cli.py
View File

@ -122,6 +122,7 @@ def certidude_request(fork, renew, no_wait, kerberos):
context = globals() context = globals()
context.update(locals()) context.update(locals())
# TODO: Create per-authority timers
if not os.path.exists("/etc/systemd/system/certidude.timer"): if not os.path.exists("/etc/systemd/system/certidude.timer"):
click.echo("Creating systemd timer...") click.echo("Creating systemd timer...")
with open("/etc/systemd/system/certidude.timer", "w") as fh: with open("/etc/systemd/system/certidude.timer", "w") as fh:
@ -233,6 +234,15 @@ def certidude_request(fork, renew, no_wait, kerberos):
# curl on Fedora ? # curl on Fedora ?
# pip # pip
# Firefox (?) on Debian, Ubuntu
if os.path.exists("/usr/bin/update-ca-certificates"):
link_path = "/usr/local/share/ca-certificates/%s" % authority_name
if not os.path.lexists(link_path):
os.symlink(authority_path, link_path)
os.system("update-ca-certificates")
# TODO: test for curl, wget
############### ###############
### Get CRL ### ### Get CRL ###

7
certidude/common.py
View File

@ -7,10 +7,9 @@ def selinux_fixup(path):
""" """
Fix OpenVPN credential store security context on Fedora Fix OpenVPN credential store security context on Fedora
""" """
if not os.path.exists("/usr/bin/chcon"): if os.path.exists("/usr/bin/chcon"):
return cmd = "chcon", "--type=home_cert_t", path
cmd = "chcon", "--type=home_cert_t", path subprocess.call(cmd)
subprocess.call(cmd)
def drop_privileges(): def drop_privileges():
from certidude import config from certidude import config

4
certidude/templates/script/default.sh
View File

@ -1,5 +1,6 @@
#!/bin/sh #!/bin/sh
{% if named_tags or other_tags %}
# Tags: # Tags:
{% for key, value in named_tags.items() %} {% for key, value in named_tags.items() %}
# {{ key }} -> {{ value }} # {{ key }} -> {{ value }}
@ -7,6 +8,9 @@
{% for tag in other_tags %} {% for tag in other_tags %}
# {{ tag }} # {{ tag }}
{% endfor %} {% endfor %}
{% else %}
# No tags
{% endif %}
# Submit some stats to CA # Submit some stats to CA
curl http://{{ authority_name }}/api/signed/{{ common_name }}/attr -X POST -d "\ curl http://{{ authority_name }}/api/signed/{{ common_name }}/attr -X POST -d "\

38
tests/test_cli.py
View File

@ -153,12 +153,16 @@ def test_cli_setup_authority():
assert not os.environ.get("KRB5CCNAME"), "Environment contaminated" assert not os.environ.get("KRB5CCNAME"), "Environment contaminated"
assert not os.environ.get("KRB5_KTNAME"), "Environment contaminated" assert not os.environ.get("KRB5_KTNAME"), "Environment contaminated"
# Mock SELinux # Mock Fedora
with open("/usr/bin/chcon", "w") as fh: for util in "/usr/bin/chcon", "/usr/bin/dnf", "/usr/bin/update-ca-trust":
fh.write("#!/bin/bash\n") with open(util, "w") as fh:
fh.write("exit 0\n") fh.write("#!/bin/bash\n")
os.chmod("/usr/bin/chcon", 0755) fh.write("exit 0\n")
os.chmod(util, 0755)
if not os.path.exists("/etc/pki/ca-trust/source/anchors/"):
os.makedirs("/etc/pki/ca-trust/source/anchors/")
# Back up original DNS server
if not os.path.exists("/etc/resolv.conf.orig"): if not os.path.exists("/etc/resolv.conf.orig"):
shutil.copyfile("/etc/resolv.conf", "/etc/resolv.conf.orig") shutil.copyfile("/etc/resolv.conf", "/etc/resolv.conf.orig")
@ -565,16 +569,6 @@ def test_cli_setup_authority():
assert r.status_code == 200, r.text # script render ok assert r.status_code == 200, r.text # script render ok
assert "uci set " in r.text, r.text assert "uci set " in r.text, r.text
# Test lease update
r = client().simulate_post("/api/lease/",
query_string = "client=test&inner_address=127.0.0.1&outer_address=8.8.8.8&serial=0",
headers={"Authorization":admintoken})
assert r.status_code == 403, r.text # invalid serial number supplied
r = client().simulate_post("/api/lease/",
query_string = "client=test&inner_address=1.2.3.4&outer_address=8.8.8.8",
headers={"Authorization":admintoken})
assert r.status_code == 200, r.text # lease update ok
# Test lease retrieval # Test lease retrieval
r = client().simulate_get("/api/signed/test/lease/") r = client().simulate_get("/api/signed/test/lease/")
assert r.status_code == 401, r.text assert r.status_code == 401, r.text
@ -603,6 +597,20 @@ def test_cli_setup_authority():
assert r.status_code == 200, r.text assert r.status_code == 200, r.text
assert r.text == "[]", r.text assert r.text == "[]", r.text
# Test script without tags
r = client().simulate_get("/api/signed/test/script/")
assert r.status_code == 200, r.text # script render ok
assert "# No tags" in r.text, r.text
# Test lease update
r = client().simulate_post("/api/lease/",
query_string = "client=test&inner_address=127.0.0.1&outer_address=8.8.8.8&serial=0",
headers={"Authorization":admintoken})
assert r.status_code == 403, r.text # invalid serial number supplied
r = client().simulate_post("/api/lease/",
query_string = "client=test&inner_address=1.2.3.4&outer_address=8.8.8.8",
headers={"Authorization":admintoken})
assert r.status_code == 200, r.text # lease update ok
# Test revocation # Test revocation
r = client().simulate_delete("/api/signed/test/") r = client().simulate_delete("/api/signed/test/")