1
0
mirror of https://github.com/laurivosandi/certidude synced 2024-12-22 16:25:17 +00:00

Merge branch 'codecov' of https://github.com/plaes/certidude into plaes-codecov

Conflicts:
	certidude/api.py
This commit is contained in:
Lauri Võsandi 2015-11-06 09:08:00 +02:00
commit ffd6eccd80
7 changed files with 42 additions and 19 deletions

View File

@ -7,10 +7,16 @@ python:
- "3.3"
- "3.4"
- "3.5"
after_success:
- codecov
before_install:
# codecov.io
- pip install codecov pytest-cov
install:
- pip install -r requirements.txt
- pip install --editable .
script: py.test
script:
- py.test && py.test --cov-report xml --cov=certidude tests/
cache:
directories:
- $HOME/.cache/pip

View File

@ -1,6 +1,13 @@
Certidude
=========
.. image:: https://travis-ci.org/laurivosandi/certidude.svg?branch=master
:target: https://travis-ci.org/laurivosandi/certidude
.. image:: http://codecov.io/github/laurivosandi/certidude/coverage.svg?branch=master
:target: http://codecov.io/github/laurivosandi/certidude?branch=master
Introduction
------------

View File

@ -267,7 +267,7 @@ class RequestListResource(CertificateAuthorityBase):
# TODO: check for revoked certificates and return HTTP 410 Gone
# Process automatic signing if the IP address is whitelisted and autosigning was requested
if req.get_param("autosign") in ("yes", "1", "true"):
if req.get_param_as_bool("autosign"):
for subnet in ca.autosign_subnets:
if subnet.overlaps(remote_addr):
try:

View File

@ -41,7 +41,7 @@ curl {{request.url}}/certificate/ > /etc/ipsec.d/cacerts/ca.pem
openssl genrsa -out /etc/ipsec.d/private/$CN.pem 4096
chmod 0600 /etc/ipsec.d/private/$CN.pem
openssl req -new -sha256 -key /etc/ipsec.d/private/$CN.pem -out /etc/ipsec.d/reqs/$CN.pem -subj "{% if s.C %}/C={{s.C}}{% endif %}{% if s.ST %}/ST={{s.ST}}{% endif %}{% if s.L %}/L={{s.L}}{% endif %}{% if s.O %}/O={{s.O}}{% endif %}{% if s.OU %}/OU={{s.OU}}{% endif %}/CN=$CN"
curl -L -H "Content-Type: application/pkcs10" --data-binary @/etc/ipsec.d/reqs/$CN.pem {{request.uri}}/request/?autosign=1\&wait=30 > /etc/ipsec.d/certs/$CN.pem.part
curl -L -H "Content-Type: application/pkcs10" --data-binary @/etc/ipsec.d/reqs/$CN.pem {{request.uri}}/request/?autosign=yes\&wait=30 > /etc/ipsec.d/certs/$CN.pem.part
if [ $? -eq 0 ]; then mv /etc/ipsec.d/certs/$CN.pem.part /etc/ipsec.d/certs/$CN.pem; fi
openssl verify -CAfile /etc/ipsec.d/cacerts/ca.pem /etc/ipsec.d/certs/$CN.pem
</pre>

View File

@ -124,12 +124,7 @@ class CertificateAuthorityConfig(object):
"""
Returns sorted list of CA-s defined in the configuration file.
"""
l = [s[3:] for s in self._config if s.startswith("CA_")]
# Sanity check for duplicates (although ConfigParser fails earlier)
if len(l) != len(set(l)):
raise ValueError
return sorted(l)
return sorted([s[3:] for s in self._config if s.startswith("CA_")])
def pop_certificate_authority(self):
def wrapper(func):

25
tests/test_ca.py Normal file
View File

@ -0,0 +1,25 @@
from click.testing import CliRunner
from certidude.cli import entry_point as cli
from certidude.wrappers import CertificateAuthorityConfig
runner = CliRunner()
def test_ca_config():
# Authority setup
with runner.isolated_filesystem():
result = runner.invoke(cli, ['setup', 'authority', 'xca'])
assert not result.exception
# Load CA
conf = CertificateAuthorityConfig('./xca/openssl.cnf.example')
assert conf.ca_list == ['xca']
ca = conf.instantiate_authority('xca')
cert = ca.certificate
assert cert.serial_number == '0000000000000000000000000000000000000001'
# TODO: Figure out a way to properly test cert.signed, cert.expires, cert.digest, etc

View File

@ -1,19 +1,9 @@
import os
import pwd
import pytest
from click.testing import CliRunner
from certidude.cli import entry_point as cli
runner = CliRunner()
def user_check(name='certidude'):
try:
pwd.getpwnam(name)
return False
except KeyError:
pass
return True
def test_cli_setup_authority():
# Authority setup
# TODO: parent, common-name, country, state, locality