Refactor CertificateAuthorityConfig to accept single configuration file

certidude/cli.py

@@ -43,7 +43,7 @@ assert hasattr(crypto.X509Req(), "get_extensions"), "You're running too old vers
 # keyUsage, extendedKeyUsage - https://www.openssl.org/docs/apps/x509v3_config.html
 # strongSwan key paths - https://wiki.strongswan.org/projects/1/wiki/SimpleCA
 
-config = CertificateAuthorityConfig("/etc/ssl/openssl.cnf")
+config = CertificateAuthorityConfig()
 
 # Parse command-line argument defaults from environment
 HOSTNAME = socket.gethostname()

certidude/wrappers.py

@@ -61,13 +61,19 @@ def subject2dn(subject):
 
 class CertificateAuthorityConfig(object):
     """
-    Attempt to parse CA-s from openssl.cnf
+    Certificate Authority configuration
+
+    :param path: Absolute path to configuration file.
+                 Defaults to /etc/ssl/openssl.cnf
     """
 
-    def __init__(self, *args):
+    def __init__(self, path='/etc/ssl/openssl.cnf', *args):
+
+        #: Path to file where current configuration is loaded from.
+        self.path = path
+
         self._config = RawConfigParser()
-        for arg in args:
+        self._config.readfp(itertools.chain(["[global]"], open(self.path)))
-            self._config.readfp(itertools.chain(["[global]"], open(os.path.expanduser(arg))))
 
     def get(self, section, key, default=""):
         if self._config.has_option(section, key):

certidude/wsgi.py

@@ -11,7 +11,7 @@ from certidude.api import CertificateAuthorityResource, \
 # TODO: deduplicate routing code
 # TODO: set up /run/certidude/api paths and permissions
 
-config = CertificateAuthorityConfig("/etc/ssl/openssl.cnf")
+config = CertificateAuthorityConfig()
 
 assert os.getenv("PUSH_SUBSCRIBE"), "Please set PUSH_SUBSCRIBE to your web server's subscription URL"
 assert os.getenv("PUSH_PUBLISH"), "Please set PUSH_PUBLISH to your web server's publishing URL"