1
0
mirror of https://github.com/laurivosandi/certidude synced 2024-12-23 00:25:18 +00:00

cli: Authority setup script fixes

This commit is contained in:
Lauri Võsandi 2016-03-30 22:01:02 +03:00
parent 456fe586c3
commit ec2dea7a13
3 changed files with 11 additions and 16 deletions

View File

@ -716,7 +716,7 @@ def certidude_setup_openvpn_networkmanager(server, email_address, common_name, o
@click.option("--organizational-unit", "-ou", default=None) @click.option("--organizational-unit", "-ou", default=None)
@click.option("--revoked-url", default=None, help="CRL distribution URL") @click.option("--revoked-url", default=None, help="CRL distribution URL")
@click.option("--certificate-url", default=None, help="Authority certificate URL") @click.option("--certificate-url", default=None, help="Authority certificate URL")
@click.option("--push-server", default="http://push.%s" % constants.DOMAIN, help="Push server, http://push.%s by default" % constants.DOMAIN) @click.option("--push-server", default="http://" + constants.FQDN, help="Push server, by default http://%s" % constants.FQDN)
@click.option("--email-address", default="certidude@" + FQDN, help="E-mail address of the CA") @click.option("--email-address", default="certidude@" + FQDN, help="E-mail address of the CA")
@click.option("--directory", default=os.path.join("/var/lib/certidude", FQDN), help="Directory for authority files, /var/lib/certidude/%s/ by default" % FQDN) @click.option("--directory", default=os.path.join("/var/lib/certidude", FQDN), help="Directory for authority files, /var/lib/certidude/%s/ by default" % FQDN)
@click.option("--server-flags", is_flag=True, help="Add TLS Server and IKE Intermediate extended key usage flags") @click.option("--server-flags", is_flag=True, help="Add TLS Server and IKE Intermediate extended key usage flags")
@ -724,6 +724,10 @@ def certidude_setup_openvpn_networkmanager(server, email_address, common_name, o
def certidude_setup_authority(username, static_path, kerberos_keytab, nginx_config, uwsgi_config, parent, country, state, locality, organization, organizational_unit, common_name, directory, certificate_lifetime, authority_lifetime, revocation_list_lifetime, revoked_url, certificate_url, push_server, email_address, outbox, server_flags): def certidude_setup_authority(username, static_path, kerberos_keytab, nginx_config, uwsgi_config, parent, country, state, locality, organization, organizational_unit, common_name, directory, certificate_lifetime, authority_lifetime, revocation_list_lifetime, revoked_url, certificate_url, push_server, email_address, outbox, server_flags):
# Expand variables # Expand variables
if not revoked_url:
revoked_url = "http://%s/api/revoked/" % common_name
if not certificate_url:
certificate_url = "http://%s/api/certificate/" % common_name
ca_key = os.path.join(directory, "ca_key.pem") ca_key = os.path.join(directory, "ca_key.pem")
ca_crt = os.path.join(directory, "ca_crt.pem") ca_crt = os.path.join(directory, "ca_crt.pem")
if not static_path.endswith("/"): if not static_path.endswith("/"):
@ -816,11 +820,6 @@ def certidude_setup_authority(username, static_path, kerberos_keytab, nginx_conf
backend=default_backend() backend=default_backend()
) )
if not revoked_url:
revoked_url = "http://%s/api/revoked/" % common_name
if not certificate_url:
certificate_url = "http://%s/api/certificate/" % common_name
subject = issuer = x509.Name([ subject = issuer = x509.Name([
x509.NameAttribute(o, value) for o, value in ( x509.NameAttribute(o, value) for o, value in (
(NameOID.COUNTRY_NAME, country), (NameOID.COUNTRY_NAME, country),

View File

@ -53,15 +53,9 @@ PUSH_TOKEN = "".join([choice(string.ascii_letters + string.digits) for j in rang
PUSH_TOKEN = "ca" PUSH_TOKEN = "ca"
try: PUSH_EVENT_SOURCE = cp.get("push", "event source")
PUSH_EVENT_SOURCE = cp.get("push", "event source") PUSH_LONG_POLL = cp.get("push", "long poll")
PUSH_LONG_POLL = cp.get("push", "long poll") PUSH_PUBLISH = cp.get("push", "publish")
PUSH_PUBLISH = cp.get("push", "publish")
except configparser.NoOptionError:
PUSH_SERVER = cp.get("push", "server") or "http://localhost"
PUSH_EVENT_SOURCE = PUSH_SERVER + "/ev/%s"
PUSH_LONG_POLL = PUSH_SERVER + "/lp/%s"
PUSH_PUBLISH = PUSH_SERVER + "/pub?id=%s"
TAGGING_BACKEND = cp.get("tagging", "backend") TAGGING_BACKEND = cp.get("tagging", "backend")
LOGGING_BACKEND = cp.get("logging", "backend") LOGGING_BACKEND = cp.get("logging", "backend")

View File

@ -66,7 +66,9 @@ certificate url = {{ certificate_url }}
revoked url = {{ revoked_url }} revoked url = {{ revoked_url }}
[push] [push]
server = {{ push_server }} event source = {{ push_server }}/ev/%s
long poll = {{ push_server }}/lp/%s
publish = {{ push_server }}/pub?id=%s
[authority] [authority]
private key path = {{ ca_key }} private key path = {{ ca_key }}