Merge branch 'master' of github.com:laurivosandi/certidude

.travis.yml

@@ -7,10 +7,16 @@ python:
   - "3.3"
   - "3.4"
   - "3.5"
+after_success:
+  - codecov
+before_install:
+  # codecov.io
+  - pip install codecov pytest-cov
 install:
   - pip install -r requirements.txt
   - pip install --editable .
-script: py.test
+script:
+  - py.test && py.test --cov-report xml --cov=certidude tests/
 cache:
   directories:
     - $HOME/.cache/pip

README.rst

@@ -1,6 +1,13 @@
 Certidude
 =========
 
+.. image:: https://travis-ci.org/laurivosandi/certidude.svg?branch=master
+    :target: https://travis-ci.org/laurivosandi/certidude
+
+.. image:: http://codecov.io/github/laurivosandi/certidude/coverage.svg?branch=master
+    :target: http://codecov.io/github/laurivosandi/certidude?branch=master
+
+
 Introduction
 ------------
 

certidude/api.py

@@ -310,7 +310,7 @@ class RequestListResource(CertificateAuthorityBase):
         # TODO: check for revoked certificates and return HTTP 410 Gone
 
         # Process automatic signing if the IP address is whitelisted and autosigning was requested
-        if req.get_param("autosign") in ("yes", "1", "true"):
+        if req.get_param_as_bool("autosign"):
             for subnet in ca.autosign_subnets:
                 if subnet.overlaps(remote_addr):
                     try:

certidude/templates/index.html

@@ -41,7 +41,7 @@ curl {{request.url}}/certificate/ > /etc/ipsec.d/cacerts/ca.pem
 openssl genrsa -out /etc/ipsec.d/private/$CN.pem 4096
 chmod 0600 /etc/ipsec.d/private/$CN.pem
 openssl req -new -sha256 -key /etc/ipsec.d/private/$CN.pem -out /etc/ipsec.d/reqs/$CN.pem -subj "{% if s.C %}/C={{s.C}}{% endif %}{% if s.ST %}/ST={{s.ST}}{% endif %}{% if s.L %}/L={{s.L}}{% endif %}{% if s.O %}/O={{s.O}}{% endif %}{% if s.OU %}/OU={{s.OU}}{% endif %}/CN=$CN"
-curl -L -H "Content-Type: application/pkcs10" --data-binary @/etc/ipsec.d/reqs/$CN.pem {{request.uri}}/request/?autosign=1\&wait=30 > /etc/ipsec.d/certs/$CN.pem.part
+curl -L -H "Content-Type: application/pkcs10" --data-binary @/etc/ipsec.d/reqs/$CN.pem {{request.uri}}/request/?autosign=yes\&wait=30 > /etc/ipsec.d/certs/$CN.pem.part
 if [ $? -eq 0 ]; then mv /etc/ipsec.d/certs/$CN.pem.part /etc/ipsec.d/certs/$CN.pem; fi
 openssl verify -CAfile /etc/ipsec.d/cacerts/ca.pem /etc/ipsec.d/certs/$CN.pem
 </pre>

certidude/wrappers.py

@@ -124,12 +124,7 @@ class CertificateAuthorityConfig(object):
         """
         Returns sorted list of CA-s defined in the configuration file.
         """
-        l = [s[3:] for s in self._config if s.startswith("CA_")]
-        # Sanity check for duplicates (although ConfigParser fails earlier)
-        if len(l) != len(set(l)):
-            raise ValueError
-        return sorted(l)
-
+        return sorted([s[3:] for s in self._config if s.startswith("CA_")])
 
     def pop_certificate_authority(self):
         def wrapper(func):

tests/test_ca.py

@@ -0,0 +1,25 @@
+from click.testing import CliRunner
+from certidude.cli import entry_point as cli
+
+
+from certidude.wrappers import CertificateAuthorityConfig
+
+runner = CliRunner()
+
+def test_ca_config():
+    # Authority setup
+    with runner.isolated_filesystem():
+        result = runner.invoke(cli, ['setup', 'authority', 'xca'])
+        assert not result.exception
+
+        # Load CA
+        conf = CertificateAuthorityConfig('./xca/openssl.cnf.example')
+
+        assert conf.ca_list == ['xca']
+
+        ca = conf.instantiate_authority('xca')
+
+        cert = ca.certificate
+
+        assert cert.serial_number == '0000000000000000000000000000000000000001'
+        # TODO: Figure out a way to properly test cert.signed, cert.expires, cert.digest, etc

tests/test_cli.py

@@ -1,19 +1,9 @@
 import os
-import pwd
-import pytest
 from click.testing import CliRunner
 from certidude.cli import entry_point as cli
 
 runner = CliRunner()
 
-def user_check(name='certidude'):
-    try:
-        pwd.getpwnam(name)
-        return False
-    except KeyError:
-        pass
-    return True
-
 def test_cli_setup_authority():
     # Authority setup
     # TODO: parent, common-name, country, state, locality