mirror of
https://github.com/laurivosandi/certidude
synced 2024-12-23 00:25:18 +00:00
tests: Generate DH params file in single location
This commit is contained in:
parent
189c604832
commit
aeb5d81aa6
@ -31,7 +31,7 @@ logger = logging.getLogger(__name__)
|
|||||||
|
|
||||||
NOW = datetime.utcnow().replace(tzinfo=None)
|
NOW = datetime.utcnow().replace(tzinfo=None)
|
||||||
|
|
||||||
def setup_client(prefix="client_"):
|
def setup_client(prefix="client_", dh=False):
|
||||||
# Create section in /etc/certidude/client.conf
|
# Create section in /etc/certidude/client.conf
|
||||||
def wrapper(func):
|
def wrapper(func):
|
||||||
def wrapped(**arguments):
|
def wrapped(**arguments):
|
||||||
@ -39,6 +39,14 @@ def setup_client(prefix="client_"):
|
|||||||
common_name = arguments.get("common_name")
|
common_name = arguments.get("common_name")
|
||||||
authority = arguments.get("authority")
|
authority = arguments.get("authority")
|
||||||
b = os.path.join(const.STORAGE_PATH, authority)
|
b = os.path.join(const.STORAGE_PATH, authority)
|
||||||
|
if dh:
|
||||||
|
path = os.path.join(const.STORAGE_PATH, "dh.pem")
|
||||||
|
if not os.path.exists(path):
|
||||||
|
rpm("openssl")
|
||||||
|
apt("openssl")
|
||||||
|
cmd = "openssl", "dhparam", "-out", path, ("1024" if os.getenv("TRAVIS") else "2048")
|
||||||
|
subprocess.check_call(cmd)
|
||||||
|
arguments["dhparam_path"] = path
|
||||||
|
|
||||||
# Create corresponding section in Certidude client configuration file
|
# Create corresponding section in Certidude client configuration file
|
||||||
client_config = ConfigParser()
|
client_config = ConfigParser()
|
||||||
@ -62,25 +70,12 @@ def setup_client(prefix="client_"):
|
|||||||
|
|
||||||
for j in ("key", "request", "certificate", "authority", "revocations"):
|
for j in ("key", "request", "certificate", "authority", "revocations"):
|
||||||
arguments["%s_path" % j] = client_config.get(authority, "%s path" % j)
|
arguments["%s_path" % j] = client_config.get(authority, "%s path" % j)
|
||||||
|
|
||||||
return func(**arguments)
|
return func(**arguments)
|
||||||
return wrapped
|
return wrapped
|
||||||
return wrapper
|
return wrapper
|
||||||
|
|
||||||
|
|
||||||
def generate_dhparam(path):
|
|
||||||
# Prevent logjam etc for OpenVPN and nginx server
|
|
||||||
def wrapper(func):
|
|
||||||
def wrapped(**arguments):
|
|
||||||
if not os.path.exists(path):
|
|
||||||
rpm("openssl")
|
|
||||||
apt("openssl")
|
|
||||||
cmd = "openssl", "dhparam", "-out", path, ("1024" if os.getenv("TRAVIS") else "2048")
|
|
||||||
subprocess.check_call(cmd)
|
|
||||||
arguments["dhparam_path"] = path
|
|
||||||
return func(**arguments)
|
|
||||||
return wrapped
|
|
||||||
return wrapper
|
|
||||||
|
|
||||||
@click.command("request", help="Run processes for requesting certificates and configuring services")
|
@click.command("request", help="Run processes for requesting certificates and configuring services")
|
||||||
@click.option("-r", "--renew", default=False, is_flag=True, help="Renew now")
|
@click.option("-r", "--renew", default=False, is_flag=True, help="Renew now")
|
||||||
@click.option("-f", "--fork", default=False, is_flag=True, help="Fork to background")
|
@click.option("-f", "--fork", default=False, is_flag=True, help="Fork to background")
|
||||||
@ -388,8 +383,7 @@ def certidude_request(fork, renew, no_wait):
|
|||||||
default="/etc/openvpn/site-to-client.conf",
|
default="/etc/openvpn/site-to-client.conf",
|
||||||
type=click.File(mode="w", atomic=True, lazy=True),
|
type=click.File(mode="w", atomic=True, lazy=True),
|
||||||
help="OpenVPN configuration file")
|
help="OpenVPN configuration file")
|
||||||
@generate_dhparam("/etc/openvpn/dh.pem")
|
@setup_client(prefix="server_", dh=True)
|
||||||
@setup_client(prefix="server_")
|
|
||||||
def certidude_setup_openvpn_server(authority, common_name, config, subnet, route, local, proto, port, **paths):
|
def certidude_setup_openvpn_server(authority, common_name, config, subnet, route, local, proto, port, **paths):
|
||||||
# Install dependencies
|
# Install dependencies
|
||||||
apt("openvpn")
|
apt("openvpn")
|
||||||
@ -449,8 +443,7 @@ def certidude_setup_openvpn_server(authority, common_name, config, subnet, route
|
|||||||
type=click.File(mode="w", atomic=True, lazy=True),
|
type=click.File(mode="w", atomic=True, lazy=True),
|
||||||
help="Site configuration file of nginx, /etc/nginx/sites-available/%s.conf by default" % const.HOSTNAME)
|
help="Site configuration file of nginx, /etc/nginx/sites-available/%s.conf by default" % const.HOSTNAME)
|
||||||
@click.option("--verify-client", "-vc", default="optional", type=click.Choice(['optional', 'on', 'off']))
|
@click.option("--verify-client", "-vc", default="optional", type=click.Choice(['optional', 'on', 'off']))
|
||||||
@generate_dhparam("/etc/nginx/ssl/dh.pem")
|
@setup_client(prefix="server_", dh=True)
|
||||||
@setup_client(prefix="server_")
|
|
||||||
def certidude_setup_nginx(authority, common_name, site_config, tls_config, verify_client, **paths):
|
def certidude_setup_nginx(authority, common_name, site_config, tls_config, verify_client, **paths):
|
||||||
apt("nginx")
|
apt("nginx")
|
||||||
rpm("nginx")
|
rpm("nginx")
|
||||||
|
Loading…
Reference in New Issue
Block a user