lauri/certidude
1
0
Fork 0
mirror of https://github.com/laurivosandi/certidude synced 2025-10-31 09:29:13 +00:00
Code Issues Activity

tests: More verbose output while setting up CA

Browse Source
This commit is contained in:
Lauri Võsandi
2017-05-01 18:06:47 +00:00
parent e0eb3ee471
commit f7a27c6044
1 changed files with 10 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
certidude/cli.py
View File

@@ -792,11 +792,13 @@ def certidude_setup_openvpn_networkmanager(authority, remote):
def certidude_setup_authority(username, kerberos_keytab, nginx_config, country, state, locality, organization, organizational_unit, common_name, directory, authority_lifetime, push_server, outbox, server_flags): def certidude_setup_authority(username, kerberos_keytab, nginx_config, country, state, locality, organization, organizational_unit, common_name, directory, authority_lifetime, push_server, outbox, server_flags):
if "." not in common_name: if "." not in common_name:
raise ValueError("No FQDN configured on this system!") raise ValueError("No FQDN configured on this system!")
click.echo("Using fully qualified hostname: %s" % common_name)
# Install only rarely changing stuff from OS package management # Install only rarely changing stuff from OS package management
apt("python-setproctitle cython python-dev libkrb5-dev libldap2-dev libffi-dev libssl-dev") apt("python-setproctitle cython python-dev libkrb5-dev libldap2-dev libffi-dev libssl-dev")
apt("python-mimeparse python-markdown python-xattr python-jinja2 python-cffi python-openssl") apt("python-mimeparse python-markdown python-xattr python-jinja2 python-cffi python-openssl")
pip("gssapi falcon cryptography humanize ipaddress simplepam humanize requests") pip("gssapi falcon cryptography humanize ipaddress simplepam humanize requests")
click.echo("Software dependencies installed")
from cryptography import x509 from cryptography import x509
from cryptography.x509.oid import NameOID, ExtendedKeyUsageOID from cryptography.x509.oid import NameOID, ExtendedKeyUsageOID
from cryptography.hazmat.backends import default_backend from cryptography.hazmat.backends import default_backend
@@ -810,16 +812,20 @@ def certidude_setup_authority(username, kerberos_keytab, nginx_config, country,
token_secret = ''.join(random.choice(string.letters + string.digits + '!@#$%^&*()') for i in range(50)) token_secret = ''.join(random.choice(string.letters + string.digits + '!@#$%^&*()') for i in range(50))
template_path = os.path.join(os.path.dirname(os.path.realpath(__file__)), "templates") template_path = os.path.join(os.path.dirname(os.path.realpath(__file__)), "templates")
click.echo("Using templates from %s" % template_path)
if not directory: if not directory:
if os.getuid(): if os.getuid():
directory = os.path.join(os.path.expanduser("~/.certidude"), const.FQDN) directory = os.path.join(os.path.expanduser("~/.certidude"), common_name)
else: else:
directory = os.path.join("/var/lib/certidude", const.FQDN) directory = os.path.join("/var/lib/certidude", common_name)
click.echo("Placing authority files in %s" % directory)
click.echo("Using fully qualified hostname: %s" % common_name)
certificate_url = "http://%s/api/certificate/" % common_name certificate_url = "http://%s/api/certificate/" % common_name
click.echo("Setting CA certificate URL to %s" % certificate_url)
revoked_url = "http://%s/api/revoked/" % common_name revoked_url = "http://%s/api/revoked/" % common_name
click.echo("Setting revocation list URL to %s" % revoked_url)
# Expand variables # Expand variables
ca_key = os.path.join(directory, "ca_key.pem") ca_key = os.path.join(directory, "ca_key.pem")