Remove 'certidude' group requirement for creating CA configuration
We shouldn't require user to have 'certidude' user/group in system in order to just create initial CA setup.
This commit is contained in:
parent
5dc9ce46a2
commit
c68c5d2a07
|
|
@ -444,7 +444,6 @@ def certidude_setup_production(username, hostname, push_server, nginx_config, uw
|
|||
|
||||
|
||||
@click.command("authority", help="Set up Certificate Authority in a directory")
|
||||
@click.option("--group", "-g", default="certidude", help="Group for file permissions, certidude by default")
|
||||
@click.option("--parent", "-p", help="Parent CA, none by default")
|
||||
@click.option("--common-name", "-cn", default=HOSTNAME, help="Common name, hostname by default")
|
||||
@click.option("--country", "-c", default="ee", help="Country, Estonia by default")
|
||||
|
|
@ -462,11 +461,7 @@ def certidude_setup_production(username, hostname, push_server, nginx_config, uw
|
|||
@click.option("--inbox", default="imap://user:pass@host:port/INBOX", help="Inbound e-mail server")
|
||||
@click.option("--outbox", default="smtp://localhost", help="Outbound e-mail server")
|
||||
@click.argument("directory")
|
||||
def certidude_setup_authority(parent, country, state, locality, organization, organizational_unit, common_name, directory, certificate_lifetime, authority_lifetime, revocation_list_lifetime, pkcs11, group, crl_distribution_url, ocsp_responder_url, email_address, inbox, outbox):
|
||||
logging.info("Creating certificate authority in %s", directory)
|
||||
_, _, uid, gid, gecos, root, shell = pwd.getpwnam(group)
|
||||
os.setgid(gid)
|
||||
|
||||
def certidude_setup_authority(parent, country, state, locality, organization, organizational_unit, common_name, directory, certificate_lifetime, authority_lifetime, revocation_list_lifetime, pkcs11, crl_distribution_url, ocsp_responder_url, email_address, inbox, outbox):
|
||||
slug = os.path.basename(directory[:-1] if directory.endswith('/') else directory)
|
||||
if not slug:
|
||||
raise click.ClickException("Please supply proper target path")
|
||||
|
|
@ -575,7 +570,6 @@ def certidude_setup_authority(parent, country, state, locality, organization, or
|
|||
with open(ca_crt, "wb") as fh:
|
||||
fh.write(crypto.dump_certificate(crypto.FILETYPE_PEM, ca))
|
||||
|
||||
|
||||
os.umask(0o077)
|
||||
with open(ca_key, "wb") as fh:
|
||||
fh.write(crypto.dump_privatekey(crypto.FILETYPE_PEM, key))
|
||||
|
|
@ -586,7 +580,6 @@ def certidude_setup_authority(parent, country, state, locality, organization, or
|
|||
click.echo("You need to copy the contents of the 'openssl.cnf.example'")
|
||||
click.echo("to system-wide OpenSSL configuration file, usually located")
|
||||
click.echo("at /etc/ssl/openssl.cnf")
|
||||
click.echo()
|
||||
|
||||
click.echo()
|
||||
click.echo("Use following commands to inspect the newly created files:")
|
||||
|
|
|
|||
|
|
@ -14,11 +14,9 @@ def user_check(name='certidude'):
|
|||
pass
|
||||
return True
|
||||
|
||||
@pytest.mark.skipif(user_check(), reason="Missing certidude user")
|
||||
def test_cli():
|
||||
|
||||
def test_cli_setup_authority():
|
||||
# Authority setup
|
||||
# TODO: group, parent, common-name, country, state, locality
|
||||
# TODO: parent, common-name, country, state, locality
|
||||
# {authority,certificate,revocation-list}-lifetime
|
||||
# organization, organizational-unit
|
||||
# pkcs11
|
||||
|
|
@ -36,7 +34,7 @@ def test_cli():
|
|||
for d in ('requests', 'revoked', 'signed'):
|
||||
assert os.path.isdir(os.path.join('ca', d))
|
||||
|
||||
def test_cli_setup_authority_slug_name():
|
||||
def test_cli_setup_authority_invalid_name():
|
||||
with runner.isolated_filesystem():
|
||||
result = runner.invoke(cli, ['setup', 'authority'])
|
||||
assert result.exception
|
||||
|
|
|
|||
Loading…
Reference in New Issue