From 51d7dffa9be5e975554f9d5d53030a78bf766fce Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Lauri=20V=C3=B5sandi?= <lauri.vosandi@gmail.com>
Date: Wed, 12 Apr 2017 13:56:29 +0000
Subject: [PATCH] Bugfixes

---
 certidude/api/signed.py                   | 2 +-
 certidude/authority.py                    | 4 ++--
 certidude/cli.py                          | 4 +++-
 certidude/helpers.py                      | 2 +-
 certidude/sql/mysql/log_tables.sql        | 2 +-
 certidude/templates/certidude-server.conf | 6 ++++++
 6 files changed, 14 insertions(+), 6 deletions(-)

diff --git a/certidude/api/signed.py b/certidude/api/signed.py
index ae185a1..3757e4c 100644
--- a/certidude/api/signed.py
+++ b/certidude/api/signed.py
@@ -31,7 +31,7 @@ class SignedCertificateDetailResource(object):
                 resp.set_header("Content-Disposition", ("attachment; filename=%s.json" % cn))
                 resp.body = json.dumps(dict(
                     common_name = cn,
-                    serial_number = "%x" % cert.serial_number,
+                    serial_number = "%x" % cert.serial,
                     signed = cert.not_valid_before.strftime("%Y-%m-%dT%H:%M:%S.%f")[:-3] + "Z",
                     expires = cert.not_valid_after.strftime("%Y-%m-%dT%H:%M:%S.%f")[:-3] + "Z",
                     sha256sum = hashlib.sha256(buf).hexdigest()))
diff --git a/certidude/authority.py b/certidude/authority.py
index 7a8db2d..80bc30c 100644
--- a/certidude/authority.py
+++ b/certidude/authority.py
@@ -106,7 +106,7 @@ def revoke(common_name):
     Revoke valid certificate
     """
     path, buf, cert = get_signed(common_name)
-    revoked_path = os.path.join(config.REVOKED_DIR, "%x.pem" % cert.serial_number)
+    revoked_path = os.path.join(config.REVOKED_DIR, "%x.pem" % cert.serial)
     signed_path = os.path.join(config.SIGNED_DIR, "%s.pem" % common_name)
     os.rename(signed_path, revoked_path)
     push.publish("certificate-revoked", common_name)
@@ -314,7 +314,7 @@ def _sign(csr, buf, overwrite=False):
         if overwrite:
             if renew:
                 # TODO: is this the best approach?
-                revoked_path = os.path.join(config.REVOKED_DIR, "%x.pem" % prev.serial_number)
+                revoked_path = os.path.join(config.REVOKED_DIR, "%x.pem" % prev.serial)
                 os.rename(signed_path, revoked_path)
             else:
                 revoke(common_name.value)
diff --git a/certidude/cli.py b/certidude/cli.py
index 7cc84db..ef17beb 100755
--- a/certidude/cli.py
+++ b/certidude/cli.py
@@ -289,6 +289,7 @@ def certidude_request(fork, renew):
             # IPSec set up with NetworkManager
             elif service_config.get(endpoint, "service") == "network-manager/strongswan":
                 client_config = ConfigParser()
+                nm_config = ConfigParser()
                 nm_config.add_section("connection")
                 nm_config.set("connection", "id", endpoint)
                 nm_config.set("connection", "uuid", uuid)
@@ -745,6 +746,7 @@ def certidude_setup_openvpn_networkmanager(authority, remote):
 @click.option("--outbox", default="smtp://smtp.%s" % const.DOMAIN, help="SMTP server, smtp://smtp.%s by default" % const.DOMAIN)
 def certidude_setup_authority(username, kerberos_keytab, nginx_config, country, state, locality, organization, organizational_unit, common_name, directory, authority_lifetime, push_server, outbox, server_flags):
     openvpn_profile_template_path = os.path.join(os.path.dirname(os.path.realpath(__file__)), "templates", "openvpn-client.conf")
+    bootstrap_template_path = os.path.join(os.path.dirname(os.path.realpath(__file__)), "templates", "bootstrap.conf")
 
     if not directory:
         if os.getuid():
@@ -1007,7 +1009,7 @@ def certidude_list(verbose, show_key_type, show_extensions, show_path, show_sign
                     click.echo("y " + path)
                 continue
 
-            click.echo(click.style(common_name, fg="blue") + " " + click.style("%x" % cert.serial_number, fg="white"))
+            click.echo(click.style(common_name, fg="blue") + " " + click.style("%x" % cert.serial, fg="white"))
             click.echo("="*(len(common_name)+60))
             expires = 0 # TODO
             if cert.not_valid_before < NOW and cert.not_valid_after > NOW:
diff --git a/certidude/helpers.py b/certidude/helpers.py
index 80f5813..bcaa15a 100644
--- a/certidude/helpers.py
+++ b/certidude/helpers.py
@@ -94,7 +94,7 @@ def certidude_request_certificate(server, key_path, request_path, certificate_pa
         for revocation in x509.load_pem_x509_crl(open(revocations_path).read(), default_backend()):
             extension, = revocation.extensions
 
-            if revocation.serial_number == cert.serial_number:
+            if revocation.serial_number == cert.serial:
                 if extension.value.reason == x509.ReasonFlags.certificate_hold:
                     # Don't do anything for now
                     # TODO: disable service
diff --git a/certidude/sql/mysql/log_tables.sql b/certidude/sql/mysql/log_tables.sql
index f5dba49..66fe6d0 100644
--- a/certidude/sql/mysql/log_tables.sql
+++ b/certidude/sql/mysql/log_tables.sql
@@ -5,7 +5,7 @@ create table if not exists log (
     severity varchar(10),
     message text,
     module varchar(20),
-    func varchar(20),
+    func varchar(50),
     lineno int,
     exception text,
     process int,
diff --git a/certidude/templates/certidude-server.conf b/certidude/templates/certidude-server.conf
index 1dc7453..71b1554 100644
--- a/certidude/templates/certidude-server.conf
+++ b/certidude/templates/certidude-server.conf
@@ -143,3 +143,9 @@ owner/string = Owner
 location/string = Location
 phone/string = Phone
 other/ = Other
+
+[bootstrap]
+# Following can be used to set up clients easily: certidude bootstrap ca.example.lan
+# Services template is rendered on certidude server with relevant variables and
+# placed to /etc/certidude/services.conf on the client
+services template = {{ bootstrap_template_path }}