mirror of
https://github.com/laurivosandi/certidude
synced 2024-12-23 00:25:18 +00:00
Bugfixes
This commit is contained in:
parent
0201a84a64
commit
51d7dffa9b
@ -31,7 +31,7 @@ class SignedCertificateDetailResource(object):
|
|||||||
resp.set_header("Content-Disposition", ("attachment; filename=%s.json" % cn))
|
resp.set_header("Content-Disposition", ("attachment; filename=%s.json" % cn))
|
||||||
resp.body = json.dumps(dict(
|
resp.body = json.dumps(dict(
|
||||||
common_name = cn,
|
common_name = cn,
|
||||||
serial_number = "%x" % cert.serial_number,
|
serial_number = "%x" % cert.serial,
|
||||||
signed = cert.not_valid_before.strftime("%Y-%m-%dT%H:%M:%S.%f")[:-3] + "Z",
|
signed = cert.not_valid_before.strftime("%Y-%m-%dT%H:%M:%S.%f")[:-3] + "Z",
|
||||||
expires = cert.not_valid_after.strftime("%Y-%m-%dT%H:%M:%S.%f")[:-3] + "Z",
|
expires = cert.not_valid_after.strftime("%Y-%m-%dT%H:%M:%S.%f")[:-3] + "Z",
|
||||||
sha256sum = hashlib.sha256(buf).hexdigest()))
|
sha256sum = hashlib.sha256(buf).hexdigest()))
|
||||||
|
@ -106,7 +106,7 @@ def revoke(common_name):
|
|||||||
Revoke valid certificate
|
Revoke valid certificate
|
||||||
"""
|
"""
|
||||||
path, buf, cert = get_signed(common_name)
|
path, buf, cert = get_signed(common_name)
|
||||||
revoked_path = os.path.join(config.REVOKED_DIR, "%x.pem" % cert.serial_number)
|
revoked_path = os.path.join(config.REVOKED_DIR, "%x.pem" % cert.serial)
|
||||||
signed_path = os.path.join(config.SIGNED_DIR, "%s.pem" % common_name)
|
signed_path = os.path.join(config.SIGNED_DIR, "%s.pem" % common_name)
|
||||||
os.rename(signed_path, revoked_path)
|
os.rename(signed_path, revoked_path)
|
||||||
push.publish("certificate-revoked", common_name)
|
push.publish("certificate-revoked", common_name)
|
||||||
@ -314,7 +314,7 @@ def _sign(csr, buf, overwrite=False):
|
|||||||
if overwrite:
|
if overwrite:
|
||||||
if renew:
|
if renew:
|
||||||
# TODO: is this the best approach?
|
# TODO: is this the best approach?
|
||||||
revoked_path = os.path.join(config.REVOKED_DIR, "%x.pem" % prev.serial_number)
|
revoked_path = os.path.join(config.REVOKED_DIR, "%x.pem" % prev.serial)
|
||||||
os.rename(signed_path, revoked_path)
|
os.rename(signed_path, revoked_path)
|
||||||
else:
|
else:
|
||||||
revoke(common_name.value)
|
revoke(common_name.value)
|
||||||
|
@ -289,6 +289,7 @@ def certidude_request(fork, renew):
|
|||||||
# IPSec set up with NetworkManager
|
# IPSec set up with NetworkManager
|
||||||
elif service_config.get(endpoint, "service") == "network-manager/strongswan":
|
elif service_config.get(endpoint, "service") == "network-manager/strongswan":
|
||||||
client_config = ConfigParser()
|
client_config = ConfigParser()
|
||||||
|
nm_config = ConfigParser()
|
||||||
nm_config.add_section("connection")
|
nm_config.add_section("connection")
|
||||||
nm_config.set("connection", "id", endpoint)
|
nm_config.set("connection", "id", endpoint)
|
||||||
nm_config.set("connection", "uuid", uuid)
|
nm_config.set("connection", "uuid", uuid)
|
||||||
@ -745,6 +746,7 @@ def certidude_setup_openvpn_networkmanager(authority, remote):
|
|||||||
@click.option("--outbox", default="smtp://smtp.%s" % const.DOMAIN, help="SMTP server, smtp://smtp.%s by default" % const.DOMAIN)
|
@click.option("--outbox", default="smtp://smtp.%s" % const.DOMAIN, help="SMTP server, smtp://smtp.%s by default" % const.DOMAIN)
|
||||||
def certidude_setup_authority(username, kerberos_keytab, nginx_config, country, state, locality, organization, organizational_unit, common_name, directory, authority_lifetime, push_server, outbox, server_flags):
|
def certidude_setup_authority(username, kerberos_keytab, nginx_config, country, state, locality, organization, organizational_unit, common_name, directory, authority_lifetime, push_server, outbox, server_flags):
|
||||||
openvpn_profile_template_path = os.path.join(os.path.dirname(os.path.realpath(__file__)), "templates", "openvpn-client.conf")
|
openvpn_profile_template_path = os.path.join(os.path.dirname(os.path.realpath(__file__)), "templates", "openvpn-client.conf")
|
||||||
|
bootstrap_template_path = os.path.join(os.path.dirname(os.path.realpath(__file__)), "templates", "bootstrap.conf")
|
||||||
|
|
||||||
if not directory:
|
if not directory:
|
||||||
if os.getuid():
|
if os.getuid():
|
||||||
@ -1007,7 +1009,7 @@ def certidude_list(verbose, show_key_type, show_extensions, show_path, show_sign
|
|||||||
click.echo("y " + path)
|
click.echo("y " + path)
|
||||||
continue
|
continue
|
||||||
|
|
||||||
click.echo(click.style(common_name, fg="blue") + " " + click.style("%x" % cert.serial_number, fg="white"))
|
click.echo(click.style(common_name, fg="blue") + " " + click.style("%x" % cert.serial, fg="white"))
|
||||||
click.echo("="*(len(common_name)+60))
|
click.echo("="*(len(common_name)+60))
|
||||||
expires = 0 # TODO
|
expires = 0 # TODO
|
||||||
if cert.not_valid_before < NOW and cert.not_valid_after > NOW:
|
if cert.not_valid_before < NOW and cert.not_valid_after > NOW:
|
||||||
|
@ -94,7 +94,7 @@ def certidude_request_certificate(server, key_path, request_path, certificate_pa
|
|||||||
for revocation in x509.load_pem_x509_crl(open(revocations_path).read(), default_backend()):
|
for revocation in x509.load_pem_x509_crl(open(revocations_path).read(), default_backend()):
|
||||||
extension, = revocation.extensions
|
extension, = revocation.extensions
|
||||||
|
|
||||||
if revocation.serial_number == cert.serial_number:
|
if revocation.serial_number == cert.serial:
|
||||||
if extension.value.reason == x509.ReasonFlags.certificate_hold:
|
if extension.value.reason == x509.ReasonFlags.certificate_hold:
|
||||||
# Don't do anything for now
|
# Don't do anything for now
|
||||||
# TODO: disable service
|
# TODO: disable service
|
||||||
|
@ -5,7 +5,7 @@ create table if not exists log (
|
|||||||
severity varchar(10),
|
severity varchar(10),
|
||||||
message text,
|
message text,
|
||||||
module varchar(20),
|
module varchar(20),
|
||||||
func varchar(20),
|
func varchar(50),
|
||||||
lineno int,
|
lineno int,
|
||||||
exception text,
|
exception text,
|
||||||
process int,
|
process int,
|
||||||
|
@ -143,3 +143,9 @@ owner/string = Owner
|
|||||||
location/string = Location
|
location/string = Location
|
||||||
phone/string = Phone
|
phone/string = Phone
|
||||||
other/ = Other
|
other/ = Other
|
||||||
|
|
||||||
|
[bootstrap]
|
||||||
|
# Following can be used to set up clients easily: certidude bootstrap ca.example.lan
|
||||||
|
# Services template is rendered on certidude server with relevant variables and
|
||||||
|
# placed to /etc/certidude/services.conf on the client
|
||||||
|
services template = {{ bootstrap_template_path }}
|
||||||
|
Loading…
Reference in New Issue
Block a user