diff --git a/.travis.yml b/.travis.yml index ec6bf7e..479ef3f 100644 --- a/.travis.yml +++ b/.travis.yml @@ -7,10 +7,16 @@ python: - "3.3" - "3.4" - "3.5" +after_success: + - codecov +before_install: + # codecov.io + - pip install codecov pytest-cov install: - pip install -r requirements.txt - pip install --editable . -script: py.test +script: + - py.test && py.test --cov-report xml --cov=certidude tests/ cache: directories: - $HOME/.cache/pip diff --git a/README.rst b/README.rst index 17d12fc..125bae9 100644 --- a/README.rst +++ b/README.rst @@ -1,6 +1,13 @@ Certidude ========= +.. image:: https://travis-ci.org/laurivosandi/certidude.svg?branch=master + :target: https://travis-ci.org/laurivosandi/certidude + +.. image:: http://codecov.io/github/laurivosandi/certidude/coverage.svg?branch=master + :target: http://codecov.io/github/laurivosandi/certidude?branch=master + + Introduction ------------ diff --git a/certidude/api.py b/certidude/api.py index 895cb9d..f30d553 100644 --- a/certidude/api.py +++ b/certidude/api.py @@ -267,7 +267,7 @@ class RequestListResource(CertificateAuthorityBase): # TODO: check for revoked certificates and return HTTP 410 Gone # Process automatic signing if the IP address is whitelisted and autosigning was requested - if req.get_param("autosign") in ("yes", "1", "true"): + if req.get_param_as_bool("autosign"): for subnet in ca.autosign_subnets: if subnet.overlaps(remote_addr): try: diff --git a/certidude/templates/index.html b/certidude/templates/index.html index 049cec3..eeef271 100644 --- a/certidude/templates/index.html +++ b/certidude/templates/index.html @@ -41,7 +41,7 @@ curl {{request.url}}/certificate/ > /etc/ipsec.d/cacerts/ca.pem openssl genrsa -out /etc/ipsec.d/private/$CN.pem 4096 chmod 0600 /etc/ipsec.d/private/$CN.pem openssl req -new -sha256 -key /etc/ipsec.d/private/$CN.pem -out /etc/ipsec.d/reqs/$CN.pem -subj "{% if s.C %}/C={{s.C}}{% endif %}{% if s.ST %}/ST={{s.ST}}{% endif %}{% if s.L %}/L={{s.L}}{% endif %}{% if s.O %}/O={{s.O}}{% endif %}{% if s.OU %}/OU={{s.OU}}{% endif %}/CN=$CN" -curl -L -H "Content-Type: application/pkcs10" --data-binary @/etc/ipsec.d/reqs/$CN.pem {{request.uri}}/request/?autosign=1\&wait=30 > /etc/ipsec.d/certs/$CN.pem.part +curl -L -H "Content-Type: application/pkcs10" --data-binary @/etc/ipsec.d/reqs/$CN.pem {{request.uri}}/request/?autosign=yes\&wait=30 > /etc/ipsec.d/certs/$CN.pem.part if [ $? -eq 0 ]; then mv /etc/ipsec.d/certs/$CN.pem.part /etc/ipsec.d/certs/$CN.pem; fi openssl verify -CAfile /etc/ipsec.d/cacerts/ca.pem /etc/ipsec.d/certs/$CN.pem diff --git a/certidude/wrappers.py b/certidude/wrappers.py index 19715b5..35778c5 100644 --- a/certidude/wrappers.py +++ b/certidude/wrappers.py @@ -124,12 +124,7 @@ class CertificateAuthorityConfig(object): """ Returns sorted list of CA-s defined in the configuration file. """ - l = [s[3:] for s in self._config if s.startswith("CA_")] - # Sanity check for duplicates (although ConfigParser fails earlier) - if len(l) != len(set(l)): - raise ValueError - return sorted(l) - + return sorted([s[3:] for s in self._config if s.startswith("CA_")]) def pop_certificate_authority(self): def wrapper(func): diff --git a/tests/test_ca.py b/tests/test_ca.py new file mode 100644 index 0000000..c61a763 --- /dev/null +++ b/tests/test_ca.py @@ -0,0 +1,25 @@ +from click.testing import CliRunner +from certidude.cli import entry_point as cli + + +from certidude.wrappers import CertificateAuthorityConfig + +runner = CliRunner() + +def test_ca_config(): + # Authority setup + with runner.isolated_filesystem(): + result = runner.invoke(cli, ['setup', 'authority', 'xca']) + assert not result.exception + + # Load CA + conf = CertificateAuthorityConfig('./xca/openssl.cnf.example') + + assert conf.ca_list == ['xca'] + + ca = conf.instantiate_authority('xca') + + cert = ca.certificate + + assert cert.serial_number == '0000000000000000000000000000000000000001' + # TODO: Figure out a way to properly test cert.signed, cert.expires, cert.digest, etc diff --git a/tests/test_cli.py b/tests/test_cli.py index 23d3be9..92b1e4f 100644 --- a/tests/test_cli.py +++ b/tests/test_cli.py @@ -1,19 +1,9 @@ import os -import pwd -import pytest from click.testing import CliRunner from certidude.cli import entry_point as cli runner = CliRunner() -def user_check(name='certidude'): - try: - pwd.getpwnam(name) - return False - except KeyError: - pass - return True - def test_cli_setup_authority(): # Authority setup # TODO: parent, common-name, country, state, locality