mirror of
https://github.com/laurivosandi/certidude
synced 2024-12-23 00:25:18 +00:00
tests: Cleanups
This commit is contained in:
parent
3c8aef4fd2
commit
58491e7933
@ -9,7 +9,7 @@ virtualenv:
|
|||||||
system_site_packages: true
|
system_site_packages: true
|
||||||
install:
|
install:
|
||||||
- echo "127.0.0.1 localhost" | sudo tee /etc/hosts
|
- echo "127.0.0.1 localhost" | sudo tee /etc/hosts
|
||||||
- echo "127.0.0.1 ca.example.lan ca" | sudo tee -a /etc/hosts
|
- echo "127.0.1.1 ca.example.lan ca" | sudo tee -a /etc/hosts
|
||||||
- echo "127.0.0.1 vpn.koodur.lan" | sudo tee -a /etc/hosts
|
- echo "127.0.0.1 vpn.koodur.lan" | sudo tee -a /etc/hosts
|
||||||
- sudo mkdir -p /etc/systemd/system
|
- sudo mkdir -p /etc/systemd/system
|
||||||
- sudo pip install -r requirements.txt
|
- sudo pip install -r requirements.txt
|
||||||
|
@ -7,6 +7,8 @@ include certidude/templates/*.ini
|
|||||||
include certidude/templates/mail/*.md
|
include certidude/templates/mail/*.md
|
||||||
include certidude/templates/client/*.timer
|
include certidude/templates/client/*.timer
|
||||||
include certidude/templates/client/*.service
|
include certidude/templates/client/*.service
|
||||||
|
include certidude/templates/server/*.service
|
||||||
|
include certidude/templates/server/*.conf
|
||||||
include certidude/static/js/*.js
|
include certidude/static/js/*.js
|
||||||
include certidude/static/css/*.css
|
include certidude/static/css/*.css
|
||||||
include certidude/static/fonts/*.woff2
|
include certidude/static/fonts/*.woff2
|
||||||
|
@ -204,11 +204,11 @@ def delete_request(common_name):
|
|||||||
|
|
||||||
def generate_ovpn_bundle(common_name, owner=None):
|
def generate_ovpn_bundle(common_name, owner=None):
|
||||||
# Construct private key
|
# Construct private key
|
||||||
click.echo("Generating 4096-bit RSA key...")
|
click.echo("Generating %d-bit RSA key..." % const.KEY_SIZE)
|
||||||
|
|
||||||
key = rsa.generate_private_key(
|
key = rsa.generate_private_key(
|
||||||
public_exponent=65537,
|
public_exponent=65537,
|
||||||
key_size=4096,
|
key_size=const.KEY_SIZE,
|
||||||
backend=default_backend()
|
backend=default_backend()
|
||||||
)
|
)
|
||||||
|
|
||||||
@ -234,17 +234,17 @@ def generate_ovpn_bundle(common_name, owner=None):
|
|||||||
servers = list_server_names())
|
servers = list_server_names())
|
||||||
return bundle, cert
|
return bundle, cert
|
||||||
|
|
||||||
def generate_pkcs12_bundle(common_name, key_size=4096, owner=None):
|
def generate_pkcs12_bundle(common_name, owner=None):
|
||||||
"""
|
"""
|
||||||
Generate private key, sign certificate and return PKCS#12 bundle
|
Generate private key, sign certificate and return PKCS#12 bundle
|
||||||
"""
|
"""
|
||||||
|
|
||||||
# Construct private key
|
# Construct private key
|
||||||
click.echo("Generating %d-bit RSA key..." % key_size)
|
click.echo("Generating %d-bit RSA key..." % const.KEY_SIZE)
|
||||||
|
|
||||||
key = rsa.generate_private_key(
|
key = rsa.generate_private_key(
|
||||||
public_exponent=65537,
|
public_exponent=65537,
|
||||||
key_size=4096,
|
key_size=const.KEY_SIZE,
|
||||||
backend=default_backend()
|
backend=default_backend()
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@ -921,11 +921,11 @@ def certidude_setup_authority(username, kerberos_keytab, nginx_config, country,
|
|||||||
else:
|
else:
|
||||||
click.echo("CA configuration files are saved to: {}".format(directory))
|
click.echo("CA configuration files are saved to: {}".format(directory))
|
||||||
|
|
||||||
click.echo("Generating 4096-bit RSA key...")
|
click.echo("Generating %d-bit RSA key..." % const.KEY_SIZE)
|
||||||
|
|
||||||
key = rsa.generate_private_key(
|
key = rsa.generate_private_key(
|
||||||
public_exponent=65537,
|
public_exponent=65537,
|
||||||
key_size=4096,
|
key_size=const.KEY_SIZE,
|
||||||
backend=default_backend()
|
backend=default_backend()
|
||||||
)
|
)
|
||||||
|
|
||||||
@ -1145,7 +1145,7 @@ def certidude_cron():
|
|||||||
click.echo("Moved %s to %s" % (path, expired_path))
|
click.echo("Moved %s to %s" % (path, expired_path))
|
||||||
|
|
||||||
@click.command("serve", help="Run server")
|
@click.command("serve", help="Run server")
|
||||||
@click.option("-p", "--port", default=8080 if os.getuid() else 80, help="Listen port")
|
@click.option("-p", "--port", default=80, help="Listen port")
|
||||||
@click.option("-l", "--listen", default="0.0.0.0", help="Listen address")
|
@click.option("-l", "--listen", default="0.0.0.0", help="Listen address")
|
||||||
@click.option("-f", "--fork", default=False, is_flag=True, help="Fork to background")
|
@click.option("-f", "--fork", default=False, is_flag=True, help="Fork to background")
|
||||||
def certidude_serve(port, listen, fork):
|
def certidude_serve(port, listen, fork):
|
||||||
@ -1158,8 +1158,6 @@ def certidude_serve(port, listen, fork):
|
|||||||
|
|
||||||
from certidude import config
|
from certidude import config
|
||||||
|
|
||||||
# Fetch UID, GID of certidude user
|
|
||||||
if os.getuid() == 0:
|
|
||||||
# Process directories
|
# Process directories
|
||||||
if not os.path.exists(const.RUN_DIR):
|
if not os.path.exists(const.RUN_DIR):
|
||||||
click.echo("Creating: %s" % const.RUN_DIR)
|
click.echo("Creating: %s" % const.RUN_DIR)
|
||||||
|
@ -4,6 +4,7 @@ import os
|
|||||||
import socket
|
import socket
|
||||||
import sys
|
import sys
|
||||||
|
|
||||||
|
KEY_SIZE = 1024 if os.getenv("TRAVIS") else 4096
|
||||||
RUN_DIR = "/run/certidude"
|
RUN_DIR = "/run/certidude"
|
||||||
CONFIG_DIR = os.path.expanduser("~/.certidude") if os.getuid() else "/etc/certidude"
|
CONFIG_DIR = os.path.expanduser("~/.certidude") if os.getuid() else "/etc/certidude"
|
||||||
CONFIG_PATH = os.path.join(CONFIG_DIR, "server.conf")
|
CONFIG_PATH = os.path.join(CONFIG_DIR, "server.conf")
|
||||||
|
@ -134,10 +134,10 @@ def certidude_request_certificate(server, system_keytab_required, key_path, requ
|
|||||||
except EnvironmentError:
|
except EnvironmentError:
|
||||||
|
|
||||||
# Construct private key
|
# Construct private key
|
||||||
click.echo("Generating 4096-bit RSA key...")
|
click.echo("Generating %d-bit RSA key..." % const.KEY_SIZE)
|
||||||
key = rsa.generate_private_key(
|
key = rsa.generate_private_key(
|
||||||
public_exponent=65537,
|
public_exponent=65537,
|
||||||
key_size=4096,
|
key_size=const.KEY_SIZE,
|
||||||
backend=default_backend()
|
backend=default_backend()
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@ -16,24 +16,11 @@ class RelationalMixin(object):
|
|||||||
|
|
||||||
def __init__(self, uri):
|
def __init__(self, uri):
|
||||||
self.uri = urlparse(uri)
|
self.uri = urlparse(uri)
|
||||||
if self.SQL_CREATE_TABLES and self.SQL_CREATE_TABLES not in SCRIPTS:
|
|
||||||
conn = self.sql_connect()
|
|
||||||
cur = conn.cursor()
|
|
||||||
with open(self.sql_resolve_script(self.SQL_CREATE_TABLES)) as fh:
|
|
||||||
click.echo("Executing: %s" % fh.name)
|
|
||||||
if self.uri.scheme == "sqlite":
|
|
||||||
cur.executescript(fh.read())
|
|
||||||
else:
|
|
||||||
cur.execute(fh.read(), multi=True)
|
|
||||||
conn.commit()
|
|
||||||
cur.close()
|
|
||||||
conn.close()
|
|
||||||
|
|
||||||
|
|
||||||
def sql_connect(self):
|
def sql_connect(self):
|
||||||
if self.uri.scheme == "mysql":
|
if self.uri.scheme == "mysql":
|
||||||
import mysql.connector
|
import mysql.connector
|
||||||
return mysql.connector.connect(
|
conn = mysql.connector.connect(
|
||||||
user=self.uri.username,
|
user=self.uri.username,
|
||||||
password=self.uri.password,
|
password=self.uri.password,
|
||||||
host=self.uri.hostname,
|
host=self.uri.hostname,
|
||||||
@ -42,10 +29,21 @@ class RelationalMixin(object):
|
|||||||
if self.uri.netloc:
|
if self.uri.netloc:
|
||||||
raise ValueError("Malformed database URI %s" % self.uri)
|
raise ValueError("Malformed database URI %s" % self.uri)
|
||||||
import sqlite3
|
import sqlite3
|
||||||
return sqlite3.connect(self.uri.path)
|
conn = sqlite3.connect(self.uri.path)
|
||||||
else:
|
else:
|
||||||
raise NotImplementedError("Unsupported database scheme %s, currently only mysql://user:pass@host/database or sqlite:///path/to/database.sqlite is supported" % o.scheme)
|
raise NotImplementedError("Unsupported database scheme %s, currently only mysql://user:pass@host/database or sqlite:///path/to/database.sqlite is supported" % o.scheme)
|
||||||
|
|
||||||
|
if self.SQL_CREATE_TABLES and self.SQL_CREATE_TABLES not in SCRIPTS:
|
||||||
|
cur = conn.cursor()
|
||||||
|
buf, path = self.sql_load(self.SQL_CREATE_TABLES)
|
||||||
|
click.echo("Executing: %s" % path)
|
||||||
|
if self.uri.scheme == "sqlite":
|
||||||
|
cur.executescript(buf)
|
||||||
|
else:
|
||||||
|
cur.execute(buf, multi=True)
|
||||||
|
conn.commit()
|
||||||
|
cur.close()
|
||||||
|
return conn
|
||||||
|
|
||||||
def sql_resolve_script(self, filename):
|
def sql_resolve_script(self, filename):
|
||||||
return os.path.realpath(os.path.join(os.path.dirname(__file__),
|
return os.path.realpath(os.path.join(os.path.dirname(__file__),
|
||||||
@ -59,16 +57,17 @@ class RelationalMixin(object):
|
|||||||
fh = open(self.sql_resolve_script(filename))
|
fh = open(self.sql_resolve_script(filename))
|
||||||
click.echo("Caching SQL script: %s" % fh.name)
|
click.echo("Caching SQL script: %s" % fh.name)
|
||||||
buf = re.sub("\s*\n\s*", " ", fh.read())
|
buf = re.sub("\s*\n\s*", " ", fh.read())
|
||||||
SCRIPTS[filename] = buf
|
SCRIPTS[filename] = buf, fh.name
|
||||||
fh.close()
|
fh.close()
|
||||||
return buf
|
return buf, fh.name
|
||||||
|
|
||||||
|
|
||||||
def sql_execute(self, script, *args):
|
def sql_execute(self, script, *args):
|
||||||
conn = self.sql_connect()
|
conn = self.sql_connect()
|
||||||
cursor = conn.cursor()
|
cursor = conn.cursor()
|
||||||
click.echo("Executing %s with %s" % (script, args))
|
click.echo("Executing %s with %s" % (script, args))
|
||||||
cursor.execute(self.sql_load(script), args)
|
buf, path = self.sql_load(script)
|
||||||
|
cursor.execute(buf, args)
|
||||||
rowid = cursor.lastrowid
|
rowid = cursor.lastrowid
|
||||||
conn.commit()
|
conn.commit()
|
||||||
cursor.close()
|
cursor.close()
|
||||||
|
@ -78,7 +78,7 @@ def test_cli_setup_authority():
|
|||||||
assert authority.ca_cert.not_valid_after > datetime.now() + timedelta(days=7000)
|
assert authority.ca_cert.not_valid_after > datetime.now() + timedelta(days=7000)
|
||||||
|
|
||||||
# Start server before any signing operations are performed
|
# Start server before any signing operations are performed
|
||||||
result = runner.invoke(cli, ['serve', '-f'])
|
result = runner.invoke(cli, ['serve', '-f', '-p', '80', '-l', '127.0.1.1'])
|
||||||
assert not result.exception, result.output
|
assert not result.exception, result.output
|
||||||
|
|
||||||
import requests
|
import requests
|
||||||
|
Loading…
Reference in New Issue
Block a user