cli: Authority setup script fixes

2024-12-22 16:25:17 +00:00 · 2016-03-30 22:01:02 +03:00 · 2016-03-30 22:01:02 +03:00 · ec2dea7a13
commit ec2dea7a13
parent 456fe586c3
3 changed files with 11 additions and 16 deletions
--- a/certidude/cli.py
+++ b/certidude/cli.py
@ -716,7 +716,7 @@ def certidude_setup_openvpn_networkmanager(server, email_address, common_name, o
@click.option("--organizational-unit", "-ou", default=None)
@click.option("--revoked-url", default=None, help="CRL distribution URL")
@click.option("--certificate-url", default=None, help="Authority certificate URL")
-@click.option("--push-server", default="http://push.%s" % constants.DOMAIN, help="Push server, http://push.%s by default" % constants.DOMAIN)
+@click.option("--push-server", default="http://" + constants.FQDN, help="Push server, by default http://%s" % constants.FQDN)
@click.option("--email-address", default="certidude@" + FQDN, help="E-mail address of the CA")
@click.option("--directory", default=os.path.join("/var/lib/certidude", FQDN), help="Directory for authority files, /var/lib/certidude/%s/ by default" % FQDN)
@click.option("--server-flags", is_flag=True, help="Add TLS Server and IKE Intermediate extended key usage flags")
@ -724,6 +724,10 @@ def certidude_setup_openvpn_networkmanager(server, email_address, common_name, o
 def certidude_setup_authority(username, static_path, kerberos_keytab, nginx_config, uwsgi_config, parent, country, state, locality, organization, organizational_unit, common_name, directory, certificate_lifetime, authority_lifetime, revocation_list_lifetime, revoked_url, certificate_url, push_server, email_address, outbox, server_flags):

    # Expand variables
+    if not revoked_url:
+        revoked_url = "http://%s/api/revoked/" % common_name
+    if not certificate_url:
+        certificate_url = "http://%s/api/certificate/" % common_name
    ca_key = os.path.join(directory, "ca_key.pem")
    ca_crt = os.path.join(directory, "ca_crt.pem")
    if not static_path.endswith("/"):
@ -816,11 +820,6 @@ def certidude_setup_authority(username, static_path, kerberos_keytab, nginx_conf
        backend=default_backend()
    )

-    if not revoked_url:
-        revoked_url = "http://%s/api/revoked/" % common_name
-    if not certificate_url:
-        certificate_url = "http://%s/api/certificate/" % common_name
-
    subject = issuer = x509.Name([
        x509.NameAttribute(o, value) for o, value in (
            (NameOID.COUNTRY_NAME, country),
--- a/certidude/config.py
+++ b/certidude/config.py
@ -53,15 +53,9 @@ PUSH_TOKEN = "".join([choice(string.ascii_letters + string.digits) for j in rang

 PUSH_TOKEN = "ca"

-try:
-    PUSH_EVENT_SOURCE = cp.get("push", "event source")
-    PUSH_LONG_POLL = cp.get("push", "long poll")
-    PUSH_PUBLISH = cp.get("push", "publish")
-except configparser.NoOptionError:
-    PUSH_SERVER = cp.get("push", "server") or "http://localhost"
-    PUSH_EVENT_SOURCE = PUSH_SERVER + "/ev/%s"
-    PUSH_LONG_POLL = PUSH_SERVER + "/lp/%s"
-    PUSH_PUBLISH = PUSH_SERVER + "/pub?id=%s"
+PUSH_EVENT_SOURCE = cp.get("push", "event source")
+PUSH_LONG_POLL = cp.get("push", "long poll")
+PUSH_PUBLISH = cp.get("push", "publish")

 TAGGING_BACKEND = cp.get("tagging", "backend")
 LOGGING_BACKEND = cp.get("logging", "backend")
--- a/certidude/templates/certidude.conf
+++ b/certidude/templates/certidude.conf
@ -66,7 +66,9 @@ certificate url = {{ certificate_url }}
 revoked url = {{ revoked_url }}

 [push]
-server = {{ push_server }}
+event source = {{ push_server }}/ev/%s
+long poll = {{ push_server }}/lp/%s
+publish = {{ push_server }}/pub?id=%s

 [authority]
 private key path = {{ ca_key }}