lauri
/
certidude
mirror of https://github.com/laurivosandi/certidude
1
0
Fork 0
Code Issues Activity

tests: Cleanups

This commit is contained in:
Lauri Võsandi 2017-05-01 22:32:55 +00:00
parent 3c8aef4fd2
commit 58491e7933
8 changed files with 44 additions and 44 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.travis.yml
View File

@ -9,7 +9,7 @@ virtualenv:
system_site_packages: true system_site_packages: true
install: install:
- echo "127.0.0.1 localhost" | sudo tee /etc/hosts - echo "127.0.0.1 localhost" | sudo tee /etc/hosts
- echo "127.0.0.1 ca.example.lan ca" | sudo tee -a /etc/hosts - echo "127.0.1.1 ca.example.lan ca" | sudo tee -a /etc/hosts
- echo "127.0.0.1 vpn.koodur.lan" | sudo tee -a /etc/hosts - echo "127.0.0.1 vpn.koodur.lan" | sudo tee -a /etc/hosts
- sudo mkdir -p /etc/systemd/system - sudo mkdir -p /etc/systemd/system
- sudo pip install -r requirements.txt - sudo pip install -r requirements.txt

2
MANIFEST.in
View File

@ -7,6 +7,8 @@ include certidude/templates/*.ini
include certidude/templates/mail/*.md include certidude/templates/mail/*.md
include certidude/templates/client/*.timer include certidude/templates/client/*.timer
include certidude/templates/client/*.service include certidude/templates/client/*.service
include certidude/templates/server/*.service
include certidude/templates/server/*.conf
include certidude/static/js/*.js include certidude/static/js/*.js
include certidude/static/css/*.css include certidude/static/css/*.css
include certidude/static/fonts/*.woff2 include certidude/static/fonts/*.woff2

10
certidude/authority.py
View File

@ -204,11 +204,11 @@ def delete_request(common_name):
def generate_ovpn_bundle(common_name, owner=None): def generate_ovpn_bundle(common_name, owner=None):
# Construct private key # Construct private key
click.echo("Generating 4096-bit RSA key...") click.echo("Generating %d-bit RSA key..." % const.KEY_SIZE)
key = rsa.generate_private_key( key = rsa.generate_private_key(
public_exponent=65537, public_exponent=65537,
key_size=4096, key_size=const.KEY_SIZE,
backend=default_backend() backend=default_backend()
) )
@ -234,17 +234,17 @@ def generate_ovpn_bundle(common_name, owner=None):
servers = list_server_names()) servers = list_server_names())
return bundle, cert return bundle, cert
def generate_pkcs12_bundle(common_name, key_size=4096, owner=None): def generate_pkcs12_bundle(common_name, owner=None):
""" """
Generate private key, sign certificate and return PKCS#12 bundle Generate private key, sign certificate and return PKCS#12 bundle
""" """
# Construct private key # Construct private key
click.echo("Generating %d-bit RSA key..." % key_size) click.echo("Generating %d-bit RSA key..." % const.KEY_SIZE)
key = rsa.generate_private_key( key = rsa.generate_private_key(
public_exponent=65537, public_exponent=65537,
key_size=4096, key_size=const.KEY_SIZE,
backend=default_backend() backend=default_backend()
) )

32
certidude/cli.py
View File

@ -921,11 +921,11 @@ def certidude_setup_authority(username, kerberos_keytab, nginx_config, country,
else: else:
click.echo("CA configuration files are saved to: {}".format(directory)) click.echo("CA configuration files are saved to: {}".format(directory))
click.echo("Generating 4096-bit RSA key...") click.echo("Generating %d-bit RSA key..." % const.KEY_SIZE)
key = rsa.generate_private_key( key = rsa.generate_private_key(
public_exponent=65537, public_exponent=65537,
key_size=4096, key_size=const.KEY_SIZE,
backend=default_backend() backend=default_backend()
) )
@ -1145,7 +1145,7 @@ def certidude_cron():
click.echo("Moved %s to %s" % (path, expired_path)) click.echo("Moved %s to %s" % (path, expired_path))
@click.command("serve", help="Run server") @click.command("serve", help="Run server")
@click.option("-p", "--port", default=8080 if os.getuid() else 80, help="Listen port") @click.option("-p", "--port", default=80, help="Listen port")
@click.option("-l", "--listen", default="0.0.0.0", help="Listen address") @click.option("-l", "--listen", default="0.0.0.0", help="Listen address")
@click.option("-f", "--fork", default=False, is_flag=True, help="Fork to background") @click.option("-f", "--fork", default=False, is_flag=True, help="Fork to background")
def certidude_serve(port, listen, fork): def certidude_serve(port, listen, fork):
@ -1158,21 +1158,19 @@ def certidude_serve(port, listen, fork):
from certidude import config from certidude import config
# Fetch UID, GID of certidude user # Process directories
if os.getuid() == 0: if not os.path.exists(const.RUN_DIR):
# Process directories click.echo("Creating: %s" % const.RUN_DIR)
if not os.path.exists(const.RUN_DIR): os.makedirs(const.RUN_DIR)
click.echo("Creating: %s" % const.RUN_DIR)
os.makedirs(const.RUN_DIR)
import pwd import pwd
_, _, uid, gid, gecos, root, shell = pwd.getpwnam("certidude") _, _, uid, gid, gecos, root, shell = pwd.getpwnam("certidude")
restricted_groups = [] restricted_groups = []
restricted_groups.append(gid) restricted_groups.append(gid)
from logging.handlers import RotatingFileHandler from logging.handlers import RotatingFileHandler
rh = RotatingFileHandler("/var/log/certidude.log", maxBytes=1048576*5, backupCount=5) rh = RotatingFileHandler("/var/log/certidude.log", maxBytes=1048576*5, backupCount=5)
rh.setFormatter(logging.Formatter("%(asctime)s - %(name)s - %(levelname)s - %(message)s")) rh.setFormatter(logging.Formatter("%(asctime)s - %(name)s - %(levelname)s - %(message)s"))
log_handlers.append(rh) log_handlers.append(rh)
""" """

1
certidude/const.py
View File

@ -4,6 +4,7 @@ import os
import socket import socket
import sys import sys
KEY_SIZE = 1024 if os.getenv("TRAVIS") else 4096
RUN_DIR = "/run/certidude" RUN_DIR = "/run/certidude"
CONFIG_DIR = os.path.expanduser("~/.certidude") if os.getuid() else "/etc/certidude" CONFIG_DIR = os.path.expanduser("~/.certidude") if os.getuid() else "/etc/certidude"
CONFIG_PATH = os.path.join(CONFIG_DIR, "server.conf") CONFIG_PATH = os.path.join(CONFIG_DIR, "server.conf")

4
certidude/helpers.py
View File

@ -134,10 +134,10 @@ def certidude_request_certificate(server, system_keytab_required, key_path, requ
except EnvironmentError: except EnvironmentError:
# Construct private key # Construct private key
click.echo("Generating 4096-bit RSA key...") click.echo("Generating %d-bit RSA key..." % const.KEY_SIZE)
key = rsa.generate_private_key( key = rsa.generate_private_key(
public_exponent=65537, public_exponent=65537,
key_size=4096, key_size=const.KEY_SIZE,
backend=default_backend() backend=default_backend()
) )

35
certidude/relational.py
View File

@ -16,24 +16,11 @@ class RelationalMixin(object):
def __init__(self, uri): def __init__(self, uri):
self.uri = urlparse(uri) self.uri = urlparse(uri)
if self.SQL_CREATE_TABLES and self.SQL_CREATE_TABLES not in SCRIPTS:
conn = self.sql_connect()
cur = conn.cursor()
with open(self.sql_resolve_script(self.SQL_CREATE_TABLES)) as fh:
click.echo("Executing: %s" % fh.name)
if self.uri.scheme == "sqlite":
cur.executescript(fh.read())
else:
cur.execute(fh.read(), multi=True)
conn.commit()
cur.close()
conn.close()
def sql_connect(self): def sql_connect(self):
if self.uri.scheme == "mysql": if self.uri.scheme == "mysql":
import mysql.connector import mysql.connector
return mysql.connector.connect( conn = mysql.connector.connect(
user=self.uri.username, user=self.uri.username,
password=self.uri.password, password=self.uri.password,
host=self.uri.hostname, host=self.uri.hostname,
@ -42,10 +29,21 @@ class RelationalMixin(object):
if self.uri.netloc: if self.uri.netloc:
raise ValueError("Malformed database URI %s" % self.uri) raise ValueError("Malformed database URI %s" % self.uri)
import sqlite3 import sqlite3
return sqlite3.connect(self.uri.path) conn = sqlite3.connect(self.uri.path)
else: else:
raise NotImplementedError("Unsupported database scheme %s, currently only mysql://user:pass@host/database or sqlite:///path/to/database.sqlite is supported" % o.scheme) raise NotImplementedError("Unsupported database scheme %s, currently only mysql://user:pass@host/database or sqlite:///path/to/database.sqlite is supported" % o.scheme)
if self.SQL_CREATE_TABLES and self.SQL_CREATE_TABLES not in SCRIPTS:
cur = conn.cursor()
buf, path = self.sql_load(self.SQL_CREATE_TABLES)
click.echo("Executing: %s" % path)
if self.uri.scheme == "sqlite":
cur.executescript(buf)
else:
cur.execute(buf, multi=True)
conn.commit()
cur.close()
return conn
def sql_resolve_script(self, filename): def sql_resolve_script(self, filename):
return os.path.realpath(os.path.join(os.path.dirname(__file__), return os.path.realpath(os.path.join(os.path.dirname(__file__),
@ -59,16 +57,17 @@ class RelationalMixin(object):
fh = open(self.sql_resolve_script(filename)) fh = open(self.sql_resolve_script(filename))
click.echo("Caching SQL script: %s" % fh.name) click.echo("Caching SQL script: %s" % fh.name)
buf = re.sub("\s*\n\s*", " ", fh.read()) buf = re.sub("\s*\n\s*", " ", fh.read())
SCRIPTS[filename] = buf SCRIPTS[filename] = buf, fh.name
fh.close() fh.close()
return buf return buf, fh.name
def sql_execute(self, script, *args): def sql_execute(self, script, *args):
conn = self.sql_connect() conn = self.sql_connect()
cursor = conn.cursor() cursor = conn.cursor()
click.echo("Executing %s with %s" % (script, args)) click.echo("Executing %s with %s" % (script, args))
cursor.execute(self.sql_load(script), args) buf, path = self.sql_load(script)
cursor.execute(buf, args)
rowid = cursor.lastrowid rowid = cursor.lastrowid
conn.commit() conn.commit()
cursor.close() cursor.close()

2
tests/test_cli.py
View File

@ -78,7 +78,7 @@ def test_cli_setup_authority():
assert authority.ca_cert.not_valid_after > datetime.now() + timedelta(days=7000) assert authority.ca_cert.not_valid_after > datetime.now() + timedelta(days=7000)
# Start server before any signing operations are performed # Start server before any signing operations are performed
result = runner.invoke(cli, ['serve', '-f']) result = runner.invoke(cli, ['serve', '-f', '-p', '80', '-l', '127.0.1.1'])
assert not result.exception, result.output assert not result.exception, result.output
import requests import requests