1
0
mirror of https://github.com/laurivosandi/certidude synced 2024-12-23 00:25:18 +00:00

tests: Generate DH params file in single location

This commit is contained in:
Lauri Võsandi 2017-05-03 21:12:51 +00:00
parent 189c604832
commit aeb5d81aa6

View File

@ -31,7 +31,7 @@ logger = logging.getLogger(__name__)
NOW = datetime.utcnow().replace(tzinfo=None) NOW = datetime.utcnow().replace(tzinfo=None)
def setup_client(prefix="client_"): def setup_client(prefix="client_", dh=False):
# Create section in /etc/certidude/client.conf # Create section in /etc/certidude/client.conf
def wrapper(func): def wrapper(func):
def wrapped(**arguments): def wrapped(**arguments):
@ -39,6 +39,14 @@ def setup_client(prefix="client_"):
common_name = arguments.get("common_name") common_name = arguments.get("common_name")
authority = arguments.get("authority") authority = arguments.get("authority")
b = os.path.join(const.STORAGE_PATH, authority) b = os.path.join(const.STORAGE_PATH, authority)
if dh:
path = os.path.join(const.STORAGE_PATH, "dh.pem")
if not os.path.exists(path):
rpm("openssl")
apt("openssl")
cmd = "openssl", "dhparam", "-out", path, ("1024" if os.getenv("TRAVIS") else "2048")
subprocess.check_call(cmd)
arguments["dhparam_path"] = path
# Create corresponding section in Certidude client configuration file # Create corresponding section in Certidude client configuration file
client_config = ConfigParser() client_config = ConfigParser()
@ -62,25 +70,12 @@ def setup_client(prefix="client_"):
for j in ("key", "request", "certificate", "authority", "revocations"): for j in ("key", "request", "certificate", "authority", "revocations"):
arguments["%s_path" % j] = client_config.get(authority, "%s path" % j) arguments["%s_path" % j] = client_config.get(authority, "%s path" % j)
return func(**arguments) return func(**arguments)
return wrapped return wrapped
return wrapper return wrapper
def generate_dhparam(path):
# Prevent logjam etc for OpenVPN and nginx server
def wrapper(func):
def wrapped(**arguments):
if not os.path.exists(path):
rpm("openssl")
apt("openssl")
cmd = "openssl", "dhparam", "-out", path, ("1024" if os.getenv("TRAVIS") else "2048")
subprocess.check_call(cmd)
arguments["dhparam_path"] = path
return func(**arguments)
return wrapped
return wrapper
@click.command("request", help="Run processes for requesting certificates and configuring services") @click.command("request", help="Run processes for requesting certificates and configuring services")
@click.option("-r", "--renew", default=False, is_flag=True, help="Renew now") @click.option("-r", "--renew", default=False, is_flag=True, help="Renew now")
@click.option("-f", "--fork", default=False, is_flag=True, help="Fork to background") @click.option("-f", "--fork", default=False, is_flag=True, help="Fork to background")
@ -388,8 +383,7 @@ def certidude_request(fork, renew, no_wait):
default="/etc/openvpn/site-to-client.conf", default="/etc/openvpn/site-to-client.conf",
type=click.File(mode="w", atomic=True, lazy=True), type=click.File(mode="w", atomic=True, lazy=True),
help="OpenVPN configuration file") help="OpenVPN configuration file")
@generate_dhparam("/etc/openvpn/dh.pem") @setup_client(prefix="server_", dh=True)
@setup_client(prefix="server_")
def certidude_setup_openvpn_server(authority, common_name, config, subnet, route, local, proto, port, **paths): def certidude_setup_openvpn_server(authority, common_name, config, subnet, route, local, proto, port, **paths):
# Install dependencies # Install dependencies
apt("openvpn") apt("openvpn")
@ -449,8 +443,7 @@ def certidude_setup_openvpn_server(authority, common_name, config, subnet, route
type=click.File(mode="w", atomic=True, lazy=True), type=click.File(mode="w", atomic=True, lazy=True),
help="Site configuration file of nginx, /etc/nginx/sites-available/%s.conf by default" % const.HOSTNAME) help="Site configuration file of nginx, /etc/nginx/sites-available/%s.conf by default" % const.HOSTNAME)
@click.option("--verify-client", "-vc", default="optional", type=click.Choice(['optional', 'on', 'off'])) @click.option("--verify-client", "-vc", default="optional", type=click.Choice(['optional', 'on', 'off']))
@generate_dhparam("/etc/nginx/ssl/dh.pem") @setup_client(prefix="server_", dh=True)
@setup_client(prefix="server_")
def certidude_setup_nginx(authority, common_name, site_config, tls_config, verify_client, **paths): def certidude_setup_nginx(authority, common_name, site_config, tls_config, verify_client, **paths):
apt("nginx") apt("nginx")
rpm("nginx") rpm("nginx")