From ec2dea7a13de0b7cd8459ae5d29675f65546414d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lauri=20V=C3=B5sandi?= Date: Wed, 30 Mar 2016 22:01:02 +0300 Subject: [PATCH] cli: Authority setup script fixes --- certidude/cli.py | 11 +++++------ certidude/config.py | 12 +++--------- certidude/templates/certidude.conf | 4 +++- 3 files changed, 11 insertions(+), 16 deletions(-) diff --git a/certidude/cli.py b/certidude/cli.py index b81bd9b..9ba95ab 100755 --- a/certidude/cli.py +++ b/certidude/cli.py @@ -716,7 +716,7 @@ def certidude_setup_openvpn_networkmanager(server, email_address, common_name, o @click.option("--organizational-unit", "-ou", default=None) @click.option("--revoked-url", default=None, help="CRL distribution URL") @click.option("--certificate-url", default=None, help="Authority certificate URL") -@click.option("--push-server", default="http://push.%s" % constants.DOMAIN, help="Push server, http://push.%s by default" % constants.DOMAIN) +@click.option("--push-server", default="http://" + constants.FQDN, help="Push server, by default http://%s" % constants.FQDN) @click.option("--email-address", default="certidude@" + FQDN, help="E-mail address of the CA") @click.option("--directory", default=os.path.join("/var/lib/certidude", FQDN), help="Directory for authority files, /var/lib/certidude/%s/ by default" % FQDN) @click.option("--server-flags", is_flag=True, help="Add TLS Server and IKE Intermediate extended key usage flags") @@ -724,6 +724,10 @@ def certidude_setup_openvpn_networkmanager(server, email_address, common_name, o def certidude_setup_authority(username, static_path, kerberos_keytab, nginx_config, uwsgi_config, parent, country, state, locality, organization, organizational_unit, common_name, directory, certificate_lifetime, authority_lifetime, revocation_list_lifetime, revoked_url, certificate_url, push_server, email_address, outbox, server_flags): # Expand variables + if not revoked_url: + revoked_url = "http://%s/api/revoked/" % common_name + if not certificate_url: + certificate_url = "http://%s/api/certificate/" % common_name ca_key = os.path.join(directory, "ca_key.pem") ca_crt = os.path.join(directory, "ca_crt.pem") if not static_path.endswith("/"): @@ -816,11 +820,6 @@ def certidude_setup_authority(username, static_path, kerberos_keytab, nginx_conf backend=default_backend() ) - if not revoked_url: - revoked_url = "http://%s/api/revoked/" % common_name - if not certificate_url: - certificate_url = "http://%s/api/certificate/" % common_name - subject = issuer = x509.Name([ x509.NameAttribute(o, value) for o, value in ( (NameOID.COUNTRY_NAME, country), diff --git a/certidude/config.py b/certidude/config.py index 8da160e..63aedac 100644 --- a/certidude/config.py +++ b/certidude/config.py @@ -53,15 +53,9 @@ PUSH_TOKEN = "".join([choice(string.ascii_letters + string.digits) for j in rang PUSH_TOKEN = "ca" -try: - PUSH_EVENT_SOURCE = cp.get("push", "event source") - PUSH_LONG_POLL = cp.get("push", "long poll") - PUSH_PUBLISH = cp.get("push", "publish") -except configparser.NoOptionError: - PUSH_SERVER = cp.get("push", "server") or "http://localhost" - PUSH_EVENT_SOURCE = PUSH_SERVER + "/ev/%s" - PUSH_LONG_POLL = PUSH_SERVER + "/lp/%s" - PUSH_PUBLISH = PUSH_SERVER + "/pub?id=%s" +PUSH_EVENT_SOURCE = cp.get("push", "event source") +PUSH_LONG_POLL = cp.get("push", "long poll") +PUSH_PUBLISH = cp.get("push", "publish") TAGGING_BACKEND = cp.get("tagging", "backend") LOGGING_BACKEND = cp.get("logging", "backend") diff --git a/certidude/templates/certidude.conf b/certidude/templates/certidude.conf index 95ae843..8d54dd1 100644 --- a/certidude/templates/certidude.conf +++ b/certidude/templates/certidude.conf @@ -66,7 +66,9 @@ certificate url = {{ certificate_url }} revoked url = {{ revoked_url }} [push] -server = {{ push_server }} +event source = {{ push_server }}/ev/%s +long poll = {{ push_server }}/lp/%s +publish = {{ push_server }}/pub?id=%s [authority] private key path = {{ ca_key }}