cli: Authority setup script fixes

certidude/cli.py

@@ -716,7 +716,7 @@ def certidude_setup_openvpn_networkmanager(server, email_address, common_name, o
 @click.option("--organizational-unit", "-ou", default=None)
 @click.option("--revoked-url", default=None, help="CRL distribution URL")
 @click.option("--certificate-url", default=None, help="Authority certificate URL")
-@click.option("--push-server", default="http://push.%s" % constants.DOMAIN, help="Push server, http://push.%s by default" % constants.DOMAIN)
+@click.option("--push-server", default="http://" + constants.FQDN, help="Push server, by default http://%s" % constants.FQDN)
 @click.option("--email-address", default="certidude@" + FQDN, help="E-mail address of the CA")
 @click.option("--directory", default=os.path.join("/var/lib/certidude", FQDN), help="Directory for authority files, /var/lib/certidude/%s/ by default" % FQDN)
 @click.option("--server-flags", is_flag=True, help="Add TLS Server and IKE Intermediate extended key usage flags")
@@ -724,6 +724,10 @@ def certidude_setup_openvpn_networkmanager(server, email_address, common_name, o
 def certidude_setup_authority(username, static_path, kerberos_keytab, nginx_config, uwsgi_config, parent, country, state, locality, organization, organizational_unit, common_name, directory, certificate_lifetime, authority_lifetime, revocation_list_lifetime, revoked_url, certificate_url, push_server, email_address, outbox, server_flags):
 
     # Expand variables
+    if not revoked_url:
+        revoked_url = "http://%s/api/revoked/" % common_name
+    if not certificate_url:
+        certificate_url = "http://%s/api/certificate/" % common_name
     ca_key = os.path.join(directory, "ca_key.pem")
     ca_crt = os.path.join(directory, "ca_crt.pem")
     if not static_path.endswith("/"):
@@ -816,11 +820,6 @@ def certidude_setup_authority(username, static_path, kerberos_keytab, nginx_conf
         backend=default_backend()
     )
 
-    if not revoked_url:
-        revoked_url = "http://%s/api/revoked/" % common_name
-    if not certificate_url:
-        certificate_url = "http://%s/api/certificate/" % common_name
-
     subject = issuer = x509.Name([
         x509.NameAttribute(o, value) for o, value in (
             (NameOID.COUNTRY_NAME, country),

certidude/config.py

@@ -53,15 +53,9 @@ PUSH_TOKEN = "".join([choice(string.ascii_letters + string.digits) for j in rang
 
 PUSH_TOKEN = "ca"
 
-try:
 PUSH_EVENT_SOURCE = cp.get("push", "event source")
 PUSH_LONG_POLL = cp.get("push", "long poll")
 PUSH_PUBLISH = cp.get("push", "publish")
-except configparser.NoOptionError:
-    PUSH_SERVER = cp.get("push", "server") or "http://localhost"
-    PUSH_EVENT_SOURCE = PUSH_SERVER + "/ev/%s"
-    PUSH_LONG_POLL = PUSH_SERVER + "/lp/%s"
-    PUSH_PUBLISH = PUSH_SERVER + "/pub?id=%s"
 
 TAGGING_BACKEND = cp.get("tagging", "backend")
 LOGGING_BACKEND = cp.get("logging", "backend")

certidude/templates/certidude.conf

@@ -66,7 +66,9 @@ certificate url = {{ certificate_url }}
 revoked url = {{ revoked_url }}
 
 [push]
-server = {{ push_server }}
+event source = {{ push_server }}/ev/%s
+long poll = {{ push_server }}/lp/%s
+publish = {{ push_server }}/pub?id=%s
 
 [authority]
 private key path = {{ ca_key }}