mirror of
https://github.com/laurivosandi/certidude
synced 2024-12-23 00:25:18 +00:00
Remove 'certidude' group requirement for creating CA configuration
We shouldn't require user to have 'certidude' user/group in system in order to just create initial CA setup.
This commit is contained in:
parent
5dc9ce46a2
commit
c68c5d2a07
@ -444,7 +444,6 @@ def certidude_setup_production(username, hostname, push_server, nginx_config, uw
|
|||||||
|
|
||||||
|
|
||||||
@click.command("authority", help="Set up Certificate Authority in a directory")
|
@click.command("authority", help="Set up Certificate Authority in a directory")
|
||||||
@click.option("--group", "-g", default="certidude", help="Group for file permissions, certidude by default")
|
|
||||||
@click.option("--parent", "-p", help="Parent CA, none by default")
|
@click.option("--parent", "-p", help="Parent CA, none by default")
|
||||||
@click.option("--common-name", "-cn", default=HOSTNAME, help="Common name, hostname by default")
|
@click.option("--common-name", "-cn", default=HOSTNAME, help="Common name, hostname by default")
|
||||||
@click.option("--country", "-c", default="ee", help="Country, Estonia by default")
|
@click.option("--country", "-c", default="ee", help="Country, Estonia by default")
|
||||||
@ -462,11 +461,7 @@ def certidude_setup_production(username, hostname, push_server, nginx_config, uw
|
|||||||
@click.option("--inbox", default="imap://user:pass@host:port/INBOX", help="Inbound e-mail server")
|
@click.option("--inbox", default="imap://user:pass@host:port/INBOX", help="Inbound e-mail server")
|
||||||
@click.option("--outbox", default="smtp://localhost", help="Outbound e-mail server")
|
@click.option("--outbox", default="smtp://localhost", help="Outbound e-mail server")
|
||||||
@click.argument("directory")
|
@click.argument("directory")
|
||||||
def certidude_setup_authority(parent, country, state, locality, organization, organizational_unit, common_name, directory, certificate_lifetime, authority_lifetime, revocation_list_lifetime, pkcs11, group, crl_distribution_url, ocsp_responder_url, email_address, inbox, outbox):
|
def certidude_setup_authority(parent, country, state, locality, organization, organizational_unit, common_name, directory, certificate_lifetime, authority_lifetime, revocation_list_lifetime, pkcs11, crl_distribution_url, ocsp_responder_url, email_address, inbox, outbox):
|
||||||
logging.info("Creating certificate authority in %s", directory)
|
|
||||||
_, _, uid, gid, gecos, root, shell = pwd.getpwnam(group)
|
|
||||||
os.setgid(gid)
|
|
||||||
|
|
||||||
slug = os.path.basename(directory[:-1] if directory.endswith('/') else directory)
|
slug = os.path.basename(directory[:-1] if directory.endswith('/') else directory)
|
||||||
if not slug:
|
if not slug:
|
||||||
raise click.ClickException("Please supply proper target path")
|
raise click.ClickException("Please supply proper target path")
|
||||||
@ -575,7 +570,6 @@ def certidude_setup_authority(parent, country, state, locality, organization, or
|
|||||||
with open(ca_crt, "wb") as fh:
|
with open(ca_crt, "wb") as fh:
|
||||||
fh.write(crypto.dump_certificate(crypto.FILETYPE_PEM, ca))
|
fh.write(crypto.dump_certificate(crypto.FILETYPE_PEM, ca))
|
||||||
|
|
||||||
|
|
||||||
os.umask(0o077)
|
os.umask(0o077)
|
||||||
with open(ca_key, "wb") as fh:
|
with open(ca_key, "wb") as fh:
|
||||||
fh.write(crypto.dump_privatekey(crypto.FILETYPE_PEM, key))
|
fh.write(crypto.dump_privatekey(crypto.FILETYPE_PEM, key))
|
||||||
@ -586,7 +580,6 @@ def certidude_setup_authority(parent, country, state, locality, organization, or
|
|||||||
click.echo("You need to copy the contents of the 'openssl.cnf.example'")
|
click.echo("You need to copy the contents of the 'openssl.cnf.example'")
|
||||||
click.echo("to system-wide OpenSSL configuration file, usually located")
|
click.echo("to system-wide OpenSSL configuration file, usually located")
|
||||||
click.echo("at /etc/ssl/openssl.cnf")
|
click.echo("at /etc/ssl/openssl.cnf")
|
||||||
click.echo()
|
|
||||||
|
|
||||||
click.echo()
|
click.echo()
|
||||||
click.echo("Use following commands to inspect the newly created files:")
|
click.echo("Use following commands to inspect the newly created files:")
|
||||||
|
@ -14,11 +14,9 @@ def user_check(name='certidude'):
|
|||||||
pass
|
pass
|
||||||
return True
|
return True
|
||||||
|
|
||||||
@pytest.mark.skipif(user_check(), reason="Missing certidude user")
|
def test_cli_setup_authority():
|
||||||
def test_cli():
|
|
||||||
|
|
||||||
# Authority setup
|
# Authority setup
|
||||||
# TODO: group, parent, common-name, country, state, locality
|
# TODO: parent, common-name, country, state, locality
|
||||||
# {authority,certificate,revocation-list}-lifetime
|
# {authority,certificate,revocation-list}-lifetime
|
||||||
# organization, organizational-unit
|
# organization, organizational-unit
|
||||||
# pkcs11
|
# pkcs11
|
||||||
@ -36,7 +34,7 @@ def test_cli():
|
|||||||
for d in ('requests', 'revoked', 'signed'):
|
for d in ('requests', 'revoked', 'signed'):
|
||||||
assert os.path.isdir(os.path.join('ca', d))
|
assert os.path.isdir(os.path.join('ca', d))
|
||||||
|
|
||||||
def test_cli_setup_authority_slug_name():
|
def test_cli_setup_authority_invalid_name():
|
||||||
with runner.isolated_filesystem():
|
with runner.isolated_filesystem():
|
||||||
result = runner.invoke(cli, ['setup', 'authority'])
|
result = runner.invoke(cli, ['setup', 'authority'])
|
||||||
assert result.exception
|
assert result.exception
|
||||||
|
Loading…
Reference in New Issue
Block a user