mirror of
https://github.com/laurivosandi/certidude
synced 2024-12-23 00:25:18 +00:00
cli: Authority setup script fixes
This commit is contained in:
parent
456fe586c3
commit
ec2dea7a13
@ -716,7 +716,7 @@ def certidude_setup_openvpn_networkmanager(server, email_address, common_name, o
|
||||
@click.option("--organizational-unit", "-ou", default=None)
|
||||
@click.option("--revoked-url", default=None, help="CRL distribution URL")
|
||||
@click.option("--certificate-url", default=None, help="Authority certificate URL")
|
||||
@click.option("--push-server", default="http://push.%s" % constants.DOMAIN, help="Push server, http://push.%s by default" % constants.DOMAIN)
|
||||
@click.option("--push-server", default="http://" + constants.FQDN, help="Push server, by default http://%s" % constants.FQDN)
|
||||
@click.option("--email-address", default="certidude@" + FQDN, help="E-mail address of the CA")
|
||||
@click.option("--directory", default=os.path.join("/var/lib/certidude", FQDN), help="Directory for authority files, /var/lib/certidude/%s/ by default" % FQDN)
|
||||
@click.option("--server-flags", is_flag=True, help="Add TLS Server and IKE Intermediate extended key usage flags")
|
||||
@ -724,6 +724,10 @@ def certidude_setup_openvpn_networkmanager(server, email_address, common_name, o
|
||||
def certidude_setup_authority(username, static_path, kerberos_keytab, nginx_config, uwsgi_config, parent, country, state, locality, organization, organizational_unit, common_name, directory, certificate_lifetime, authority_lifetime, revocation_list_lifetime, revoked_url, certificate_url, push_server, email_address, outbox, server_flags):
|
||||
|
||||
# Expand variables
|
||||
if not revoked_url:
|
||||
revoked_url = "http://%s/api/revoked/" % common_name
|
||||
if not certificate_url:
|
||||
certificate_url = "http://%s/api/certificate/" % common_name
|
||||
ca_key = os.path.join(directory, "ca_key.pem")
|
||||
ca_crt = os.path.join(directory, "ca_crt.pem")
|
||||
if not static_path.endswith("/"):
|
||||
@ -816,11 +820,6 @@ def certidude_setup_authority(username, static_path, kerberos_keytab, nginx_conf
|
||||
backend=default_backend()
|
||||
)
|
||||
|
||||
if not revoked_url:
|
||||
revoked_url = "http://%s/api/revoked/" % common_name
|
||||
if not certificate_url:
|
||||
certificate_url = "http://%s/api/certificate/" % common_name
|
||||
|
||||
subject = issuer = x509.Name([
|
||||
x509.NameAttribute(o, value) for o, value in (
|
||||
(NameOID.COUNTRY_NAME, country),
|
||||
|
@ -53,15 +53,9 @@ PUSH_TOKEN = "".join([choice(string.ascii_letters + string.digits) for j in rang
|
||||
|
||||
PUSH_TOKEN = "ca"
|
||||
|
||||
try:
|
||||
PUSH_EVENT_SOURCE = cp.get("push", "event source")
|
||||
PUSH_LONG_POLL = cp.get("push", "long poll")
|
||||
PUSH_PUBLISH = cp.get("push", "publish")
|
||||
except configparser.NoOptionError:
|
||||
PUSH_SERVER = cp.get("push", "server") or "http://localhost"
|
||||
PUSH_EVENT_SOURCE = PUSH_SERVER + "/ev/%s"
|
||||
PUSH_LONG_POLL = PUSH_SERVER + "/lp/%s"
|
||||
PUSH_PUBLISH = PUSH_SERVER + "/pub?id=%s"
|
||||
PUSH_EVENT_SOURCE = cp.get("push", "event source")
|
||||
PUSH_LONG_POLL = cp.get("push", "long poll")
|
||||
PUSH_PUBLISH = cp.get("push", "publish")
|
||||
|
||||
TAGGING_BACKEND = cp.get("tagging", "backend")
|
||||
LOGGING_BACKEND = cp.get("logging", "backend")
|
||||
|
@ -66,7 +66,9 @@ certificate url = {{ certificate_url }}
|
||||
revoked url = {{ revoked_url }}
|
||||
|
||||
[push]
|
||||
server = {{ push_server }}
|
||||
event source = {{ push_server }}/ev/%s
|
||||
long poll = {{ push_server }}/lp/%s
|
||||
publish = {{ push_server }}/pub?id=%s
|
||||
|
||||
[authority]
|
||||
private key path = {{ ca_key }}
|
||||
|
Loading…
Reference in New Issue
Block a user