mirror of
https://github.com/laurivosandi/certidude
synced 2025-10-31 17:39:12 +00:00
Merge branch 'master' of github.com:laurivosandi/certidude
This commit is contained in:
@@ -16,7 +16,7 @@ from certidude.decorators import serialize, event_source, csrf_protection
|
|||||||
from cryptography.x509.oid import NameOID
|
from cryptography.x509.oid import NameOID
|
||||||
from certidude import const, config
|
from certidude import const, config
|
||||||
|
|
||||||
logger = logging.getLogger("api")
|
logger = logging.getLogger(__name__)
|
||||||
|
|
||||||
class CertificateStatusResource(object):
|
class CertificateStatusResource(object):
|
||||||
"""
|
"""
|
||||||
|
|||||||
@@ -7,7 +7,7 @@ from datetime import datetime
|
|||||||
from certidude import config, authority
|
from certidude import config, authority
|
||||||
from certidude.decorators import serialize
|
from certidude.decorators import serialize
|
||||||
|
|
||||||
logger = logging.getLogger("api")
|
logger = logging.getLogger(__name__)
|
||||||
|
|
||||||
class AttributeResource(object):
|
class AttributeResource(object):
|
||||||
@serialize
|
@serialize
|
||||||
|
|||||||
@@ -3,7 +3,7 @@ import hashlib
|
|||||||
from certidude import config, authority
|
from certidude import config, authority
|
||||||
from certidude.auth import login_required
|
from certidude.auth import login_required
|
||||||
|
|
||||||
logger = logging.getLogger("api")
|
logger = logging.getLogger(__name__)
|
||||||
|
|
||||||
KEYWORDS = (
|
KEYWORDS = (
|
||||||
(u"Android", u"android"),
|
(u"Android", u"android"),
|
||||||
|
|||||||
@@ -9,8 +9,7 @@ from certidude.decorators import serialize
|
|||||||
from certidude.relational import RelationalMixin
|
from certidude.relational import RelationalMixin
|
||||||
from jinja2 import Environment, FileSystemLoader
|
from jinja2 import Environment, FileSystemLoader
|
||||||
|
|
||||||
logger = logging.getLogger("api")
|
logger = logging.getLogger(__name__)
|
||||||
|
|
||||||
env = Environment(loader=FileSystemLoader("/etc/certidude/scripts"), trim_blocks=True)
|
env = Environment(loader=FileSystemLoader("/etc/certidude/scripts"), trim_blocks=True)
|
||||||
|
|
||||||
SQL_SELECT_INHERITED = """
|
SQL_SELECT_INHERITED = """
|
||||||
|
|||||||
@@ -1,5 +1,6 @@
|
|||||||
|
|
||||||
import click
|
import click
|
||||||
|
import logging
|
||||||
import xattr
|
import xattr
|
||||||
from datetime import datetime
|
from datetime import datetime
|
||||||
from pyasn1.codec.der import decoder
|
from pyasn1.codec.der import decoder
|
||||||
@@ -7,6 +8,8 @@ from certidude import config, authority, push
|
|||||||
from certidude.auth import login_required, authorize_admin
|
from certidude.auth import login_required, authorize_admin
|
||||||
from certidude.decorators import serialize
|
from certidude.decorators import serialize
|
||||||
|
|
||||||
|
logger = logging.getLogger(__name__)
|
||||||
|
|
||||||
# TODO: lease namespacing (?)
|
# TODO: lease namespacing (?)
|
||||||
|
|
||||||
class LeaseDetailResource(object):
|
class LeaseDetailResource(object):
|
||||||
|
|||||||
@@ -19,7 +19,7 @@ from cryptography.exceptions import InvalidSignature
|
|||||||
from cryptography.x509.oid import NameOID
|
from cryptography.x509.oid import NameOID
|
||||||
from datetime import datetime
|
from datetime import datetime
|
||||||
|
|
||||||
logger = logging.getLogger("api")
|
logger = logging.getLogger(__name__)
|
||||||
|
|
||||||
class RequestListResource(object):
|
class RequestListResource(object):
|
||||||
@login_optional
|
@login_optional
|
||||||
|
|||||||
@@ -9,7 +9,7 @@ from cryptography import x509
|
|||||||
from cryptography.hazmat.backends import default_backend
|
from cryptography.hazmat.backends import default_backend
|
||||||
from cryptography.hazmat.primitives.serialization import Encoding
|
from cryptography.hazmat.primitives.serialization import Encoding
|
||||||
|
|
||||||
logger = logging.getLogger("api")
|
logger = logging.getLogger(__name__)
|
||||||
|
|
||||||
class RevocationListResource(object):
|
class RevocationListResource(object):
|
||||||
def on_get(self, req, resp):
|
def on_get(self, req, resp):
|
||||||
|
|||||||
@@ -7,7 +7,7 @@ from certidude import authority
|
|||||||
from certidude.auth import login_required, authorize_admin
|
from certidude.auth import login_required, authorize_admin
|
||||||
from certidude.decorators import csrf_protection
|
from certidude.decorators import csrf_protection
|
||||||
|
|
||||||
logger = logging.getLogger("api")
|
logger = logging.getLogger(__name__)
|
||||||
|
|
||||||
class SignedCertificateDetailResource(object):
|
class SignedCertificateDetailResource(object):
|
||||||
def on_get(self, req, resp, cn):
|
def on_get(self, req, resp, cn):
|
||||||
|
|||||||
@@ -5,7 +5,7 @@ from certidude import authority, push
|
|||||||
from certidude.auth import login_required, authorize_admin
|
from certidude.auth import login_required, authorize_admin
|
||||||
from certidude.decorators import serialize, csrf_protection
|
from certidude.decorators import serialize, csrf_protection
|
||||||
|
|
||||||
logger = logging.getLogger("api")
|
logger = logging.getLogger(__name__)
|
||||||
|
|
||||||
class TagResource(object):
|
class TagResource(object):
|
||||||
@serialize
|
@serialize
|
||||||
|
|||||||
@@ -29,6 +29,7 @@ from jinja2 import Environment, PackageLoader
|
|||||||
from setproctitle import setproctitle
|
from setproctitle import setproctitle
|
||||||
import const
|
import const
|
||||||
|
|
||||||
|
logger = logging.getLogger(__name__)
|
||||||
env = Environment(loader=PackageLoader("certidude", "templates"), trim_blocks=True)
|
env = Environment(loader=PackageLoader("certidude", "templates"), trim_blocks=True)
|
||||||
|
|
||||||
# http://www.mad-hacking.net/documentation/linux/security/ssl-tls/creating-ca.xml
|
# http://www.mad-hacking.net/documentation/linux/security/ssl-tls/creating-ca.xml
|
||||||
@@ -863,7 +864,10 @@ def certidude_setup_authority(username, kerberos_keytab, nginx_config, country,
|
|||||||
).not_valid_before(datetime.utcnow()
|
).not_valid_before(datetime.utcnow()
|
||||||
).not_valid_after(
|
).not_valid_after(
|
||||||
datetime.utcnow() + timedelta(days=authority_lifetime)
|
datetime.utcnow() + timedelta(days=authority_lifetime)
|
||||||
).serial_number(1
|
).serial_number(
|
||||||
|
random.randint(
|
||||||
|
0x100000000000000000000000000000000000000,
|
||||||
|
0xfffffffffffffffffffffffffffffffffffffff)
|
||||||
).add_extension(x509.BasicConstraints(ca=True, path_length=0), critical=True,
|
).add_extension(x509.BasicConstraints(ca=True, path_length=0), critical=True,
|
||||||
).add_extension(x509.KeyUsage(
|
).add_extension(x509.KeyUsage(
|
||||||
digital_signature=server_flags,
|
digital_signature=server_flags,
|
||||||
@@ -956,7 +960,6 @@ def certidude_list(verbose, show_key_type, show_extensions, show_path, show_sign
|
|||||||
# r - revoked
|
# r - revoked
|
||||||
|
|
||||||
from certidude import authority
|
from certidude import authority
|
||||||
from pycountry import countries
|
|
||||||
|
|
||||||
def dump_common(common_name, path, cert):
|
def dump_common(common_name, path, cert):
|
||||||
click.echo("certidude revoke %s" % common_name)
|
click.echo("certidude revoke %s" % common_name)
|
||||||
@@ -980,7 +983,7 @@ def certidude_list(verbose, show_key_type, show_extensions, show_path, show_sign
|
|||||||
click.echo("=" * len(common_name))
|
click.echo("=" * len(common_name))
|
||||||
click.echo("State: ? " + click.style("submitted", fg="yellow") + " " + naturaltime(created) + click.style(", %s" %created, fg="white"))
|
click.echo("State: ? " + click.style("submitted", fg="yellow") + " " + naturaltime(created) + click.style(", %s" %created, fg="white"))
|
||||||
click.echo("openssl req -in %s -text -noout" % path)
|
click.echo("openssl req -in %s -text -noout" % path)
|
||||||
dump_common(common_name, path, cert)
|
dump_common(common_name, path, csr)
|
||||||
|
|
||||||
|
|
||||||
if show_signed:
|
if show_signed:
|
||||||
@@ -1061,6 +1064,7 @@ def certidude_serve(port, listen, fork):
|
|||||||
from certidude import const
|
from certidude import const
|
||||||
click.echo("Using configuration from: %s" % const.CONFIG_PATH)
|
click.echo("Using configuration from: %s" % const.CONFIG_PATH)
|
||||||
|
|
||||||
|
log_handlers = []
|
||||||
|
|
||||||
from certidude import config
|
from certidude import config
|
||||||
|
|
||||||
@@ -1070,6 +1074,11 @@ def certidude_serve(port, listen, fork):
|
|||||||
_, _, uid, gid, gecos, root, shell = pwd.getpwnam("certidude")
|
_, _, uid, gid, gecos, root, shell = pwd.getpwnam("certidude")
|
||||||
restricted_groups = []
|
restricted_groups = []
|
||||||
restricted_groups.append(gid)
|
restricted_groups.append(gid)
|
||||||
|
from logging.handlers import RotatingFileHandler
|
||||||
|
rh = RotatingFileHandler("/var/log/certidude.log", maxBytes=1048576*5, backupCount=5)
|
||||||
|
rh.setFormatter(logging.Formatter("%(asctime)s - %(name)s - %(levelname)s - %(message)s"))
|
||||||
|
log_handlers.append(rh)
|
||||||
|
|
||||||
|
|
||||||
"""
|
"""
|
||||||
Spawn signer process
|
Spawn signer process
|
||||||
@@ -1168,8 +1177,6 @@ def certidude_serve(port, listen, fork):
|
|||||||
|
|
||||||
|
|
||||||
# Set up log handlers
|
# Set up log handlers
|
||||||
log_handlers = []
|
|
||||||
|
|
||||||
if config.LOGGING_BACKEND == "sql":
|
if config.LOGGING_BACKEND == "sql":
|
||||||
from certidude.mysqllog import LogHandler
|
from certidude.mysqllog import LogHandler
|
||||||
from certidude.api.log import LogResource
|
from certidude.api.log import LogResource
|
||||||
@@ -1187,18 +1194,19 @@ def certidude_serve(port, listen, fork):
|
|||||||
from certidude.push import EventSourceLogHandler
|
from certidude.push import EventSourceLogHandler
|
||||||
log_handlers.append(EventSourceLogHandler())
|
log_handlers.append(EventSourceLogHandler())
|
||||||
|
|
||||||
for facility in "api", "cli":
|
for j in logging.Logger.manager.loggerDict.values():
|
||||||
logger = logging.getLogger(facility)
|
if isinstance(j, logging.Logger): # PlaceHolder is what?
|
||||||
logger.setLevel(logging.DEBUG)
|
if j.name.startswith("certidude."):
|
||||||
for handler in log_handlers:
|
j.setLevel(logging.DEBUG)
|
||||||
logger.addHandler(handler)
|
for handler in log_handlers:
|
||||||
|
j.addHandler(handler)
|
||||||
|
|
||||||
|
|
||||||
def exit_handler():
|
def exit_handler():
|
||||||
logging.getLogger("cli").debug("Shutting down Certidude")
|
logger.debug("Shutting down Certidude")
|
||||||
import atexit
|
import atexit
|
||||||
atexit.register(exit_handler)
|
atexit.register(exit_handler)
|
||||||
logging.getLogger("cli").debug("Started Certidude at %s", const.FQDN)
|
logger.debug("Started Certidude at %s", const.FQDN)
|
||||||
|
|
||||||
if not fork or not os.fork():
|
if not fork or not os.fork():
|
||||||
httpd.serve_forever()
|
httpd.serve_forever()
|
||||||
|
|||||||
@@ -13,7 +13,8 @@ def test_cli_setup_authority():
|
|||||||
from certidude import const, config
|
from certidude import const, config
|
||||||
|
|
||||||
from certidude import authority
|
from certidude import authority
|
||||||
assert authority.ca_cert.serial_number == 1
|
assert authority.ca_cert.serial_number >= 0x100000000000000000000000000000000000000
|
||||||
|
assert authority.ca_cert.serial_number <= 0xfffffffffffffffffffffffffffffffffffffff
|
||||||
assert authority.ca_cert.not_valid_before < datetime.now()
|
assert authority.ca_cert.not_valid_before < datetime.now()
|
||||||
assert authority.ca_cert.not_valid_after > datetime.now() + timedelta(days=7000)
|
assert authority.ca_cert.not_valid_after > datetime.now() + timedelta(days=7000)
|
||||||
|
|
||||||
@@ -36,6 +37,9 @@ def test_cli_setup_authority():
|
|||||||
authority.store_request(
|
authority.store_request(
|
||||||
csr.sign(key, hashes.SHA256(), default_backend()).public_bytes(serialization.Encoding.PEM))
|
csr.sign(key, hashes.SHA256(), default_backend()).public_bytes(serialization.Encoding.PEM))
|
||||||
|
|
||||||
|
result = runner.invoke(cli, ['list', '-srv'])
|
||||||
|
assert not result.exception
|
||||||
|
|
||||||
result = runner.invoke(cli, ['sign', 'test', '-o'])
|
result = runner.invoke(cli, ['sign', 'test', '-o'])
|
||||||
assert not result.exception
|
assert not result.exception
|
||||||
|
|
||||||
@@ -44,3 +48,9 @@ def test_cli_setup_authority():
|
|||||||
|
|
||||||
authority.generate_ovpn_bundle(u"test2")
|
authority.generate_ovpn_bundle(u"test2")
|
||||||
authority.generate_pkcs12_bundle(u"test3")
|
authority.generate_pkcs12_bundle(u"test3")
|
||||||
|
|
||||||
|
result = runner.invoke(cli, ['list', '-srv'])
|
||||||
|
assert not result.exception
|
||||||
|
|
||||||
|
result = runner.invoke(cli, ['cron'])
|
||||||
|
assert not result.exception
|
||||||
|
|||||||
Reference in New Issue
Block a user