1
0
mirror of https://github.com/laurivosandi/certidude synced 2024-12-23 00:25:18 +00:00

Remove 'certidude' group requirement for creating CA configuration

We shouldn't require user to have 'certidude' user/group in system
in order to just create initial CA setup.
This commit is contained in:
Priit Laes 2015-09-29 14:44:31 +03:00
parent 5dc9ce46a2
commit c68c5d2a07
2 changed files with 4 additions and 13 deletions

View File

@ -444,7 +444,6 @@ def certidude_setup_production(username, hostname, push_server, nginx_config, uw
@click.command("authority", help="Set up Certificate Authority in a directory")
@click.option("--group", "-g", default="certidude", help="Group for file permissions, certidude by default")
@click.option("--parent", "-p", help="Parent CA, none by default")
@click.option("--common-name", "-cn", default=HOSTNAME, help="Common name, hostname by default")
@click.option("--country", "-c", default="ee", help="Country, Estonia by default")
@ -462,11 +461,7 @@ def certidude_setup_production(username, hostname, push_server, nginx_config, uw
@click.option("--inbox", default="imap://user:pass@host:port/INBOX", help="Inbound e-mail server")
@click.option("--outbox", default="smtp://localhost", help="Outbound e-mail server")
@click.argument("directory")
def certidude_setup_authority(parent, country, state, locality, organization, organizational_unit, common_name, directory, certificate_lifetime, authority_lifetime, revocation_list_lifetime, pkcs11, group, crl_distribution_url, ocsp_responder_url, email_address, inbox, outbox):
logging.info("Creating certificate authority in %s", directory)
_, _, uid, gid, gecos, root, shell = pwd.getpwnam(group)
os.setgid(gid)
def certidude_setup_authority(parent, country, state, locality, organization, organizational_unit, common_name, directory, certificate_lifetime, authority_lifetime, revocation_list_lifetime, pkcs11, crl_distribution_url, ocsp_responder_url, email_address, inbox, outbox):
slug = os.path.basename(directory[:-1] if directory.endswith('/') else directory)
if not slug:
raise click.ClickException("Please supply proper target path")
@ -575,7 +570,6 @@ def certidude_setup_authority(parent, country, state, locality, organization, or
with open(ca_crt, "wb") as fh:
fh.write(crypto.dump_certificate(crypto.FILETYPE_PEM, ca))
os.umask(0o077)
with open(ca_key, "wb") as fh:
fh.write(crypto.dump_privatekey(crypto.FILETYPE_PEM, key))
@ -586,7 +580,6 @@ def certidude_setup_authority(parent, country, state, locality, organization, or
click.echo("You need to copy the contents of the 'openssl.cnf.example'")
click.echo("to system-wide OpenSSL configuration file, usually located")
click.echo("at /etc/ssl/openssl.cnf")
click.echo()
click.echo()
click.echo("Use following commands to inspect the newly created files:")

View File

@ -14,11 +14,9 @@ def user_check(name='certidude'):
pass
return True
@pytest.mark.skipif(user_check(), reason="Missing certidude user")
def test_cli():
def test_cli_setup_authority():
# Authority setup
# TODO: group, parent, common-name, country, state, locality
# TODO: parent, common-name, country, state, locality
# {authority,certificate,revocation-list}-lifetime
# organization, organizational-unit
# pkcs11
@ -36,7 +34,7 @@ def test_cli():
for d in ('requests', 'revoked', 'signed'):
assert os.path.isdir(os.path.join('ca', d))
def test_cli_setup_authority_slug_name():
def test_cli_setup_authority_invalid_name():
with runner.isolated_filesystem():
result = runner.invoke(cli, ['setup', 'authority'])
assert result.exception