From 9bb89460ca26a0abee9d517c5857904f03d5e3a9 Mon Sep 17 00:00:00 2001 From: Priit Laes Date: Thu, 8 Oct 2015 13:46:12 +0300 Subject: [PATCH 1/5] Add codecov.io service support --- .travis.yml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index ec6bf7e..479ef3f 100644 --- a/.travis.yml +++ b/.travis.yml @@ -7,10 +7,16 @@ python: - "3.3" - "3.4" - "3.5" +after_success: + - codecov +before_install: + # codecov.io + - pip install codecov pytest-cov install: - pip install -r requirements.txt - pip install --editable . -script: py.test +script: + - py.test && py.test --cov-report xml --cov=certidude tests/ cache: directories: - $HOME/.cache/pip From 8caf917d755ebd18ac3b76330d9524b29df3af45 Mon Sep 17 00:00:00 2001 From: Priit Laes Date: Thu, 8 Oct 2015 14:23:33 +0300 Subject: [PATCH 2/5] Add travis and codecov status badges --- README.rst | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/README.rst b/README.rst index 53d26ef..8315419 100644 --- a/README.rst +++ b/README.rst @@ -1,6 +1,13 @@ Certidude ========= +.. image:: https://travis-ci.org/laurivosandi/certidude.svg?branch=master + :target: https://travis-ci.org/laurivosandi/certidude + +.. image:: http://codecov.io/github/laurivosandi/certidude/coverage.svg?branch=master + :target: http://codecov.io/github/laurivosandi/certidude?branch=master + + Introduction ------------ From 6dec1eebd9bbb2078ad543fc3634acf14f9e0230 Mon Sep 17 00:00:00 2001 From: Priit Laes Date: Thu, 8 Oct 2015 14:47:22 +0300 Subject: [PATCH 3/5] Fix traceback when no 'autosign' parameter was supplied --- certidude/api.py | 2 +- certidude/templates/index.html | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/certidude/api.py b/certidude/api.py index 67ed433..c4e0b18 100644 --- a/certidude/api.py +++ b/certidude/api.py @@ -257,7 +257,7 @@ class RequestListResource(CertificateAuthorityBase): # TODO: check for revoked certificates and return HTTP 410 Gone # Process automatic signing if the IP address is whitelisted and autosigning was requested - if req.get_param("autosign").lower() in ("yes", "1", "true"): + if req.get_param_as_bool("autosign"): for subnet in ca.autosign_subnets: if subnet.overlaps(remote_addr): try: diff --git a/certidude/templates/index.html b/certidude/templates/index.html index 5dbd024..b119ac2 100644 --- a/certidude/templates/index.html +++ b/certidude/templates/index.html @@ -40,7 +40,7 @@ curl {{request.url}}/certificate/ > /etc/ipsec.d/cacerts/ca.pem openssl genrsa -out /etc/ipsec.d/private/$CN.pem 4096 chmod 0600 /etc/ipsec.d/private/$CN.pem openssl req -new -sha256 -key /etc/ipsec.d/private/$CN.pem -out /etc/ipsec.d/reqs/$CN.pem -subj "{% if s.C %}/C={{s.C}}{% endif %}{% if s.ST %}/ST={{s.ST}}{% endif %}{% if s.L %}/L={{s.L}}{% endif %}{% if s.O %}/O={{s.O}}{% endif %}{% if s.OU %}/OU={{s.OU}}{% endif %}/CN=$CN" -curl -L -H "Content-Type: application/pkcs10" --data-binary @/etc/ipsec.d/reqs/$CN.pem {{request.uri}}/request/?autosign=1\&wait=30 > /etc/ipsec.d/certs/$CN.pem.part +curl -L -H "Content-Type: application/pkcs10" --data-binary @/etc/ipsec.d/reqs/$CN.pem {{request.uri}}/request/?autosign=yes\&wait=30 > /etc/ipsec.d/certs/$CN.pem.part if [ $? -eq 0 ]; then mv /etc/ipsec.d/certs/$CN.pem.part /etc/ipsec.d/certs/$CN.pem; fi openssl verify -CAfile /etc/ipsec.d/cacerts/ca.pem /etc/ipsec.d/certs/$CN.pem From 244919ba9250ebcf0b3d42d1abe9f51d4be3a934 Mon Sep 17 00:00:00 2001 From: Priit Laes Date: Fri, 9 Oct 2015 09:37:54 +0300 Subject: [PATCH 4/5] tests: Remove unused function --- tests/test_cli.py | 8 -------- 1 file changed, 8 deletions(-) diff --git a/tests/test_cli.py b/tests/test_cli.py index 23d3be9..93fef10 100644 --- a/tests/test_cli.py +++ b/tests/test_cli.py @@ -6,14 +6,6 @@ from certidude.cli import entry_point as cli runner = CliRunner() -def user_check(name='certidude'): - try: - pwd.getpwnam(name) - return False - except KeyError: - pass - return True - def test_cli_setup_authority(): # Authority setup # TODO: parent, common-name, country, state, locality From 9a845fc009ebc51074896696a23fe3fcf13552e3 Mon Sep 17 00:00:00 2001 From: Priit Laes Date: Fri, 9 Oct 2015 10:46:40 +0300 Subject: [PATCH 5/5] Add basic tests for CA --- certidude/wrappers.py | 7 +------ tests/test_ca.py | 25 +++++++++++++++++++++++++ tests/test_cli.py | 2 -- 3 files changed, 26 insertions(+), 8 deletions(-) create mode 100644 tests/test_ca.py diff --git a/certidude/wrappers.py b/certidude/wrappers.py index 3dc0e07..59b528e 100644 --- a/certidude/wrappers.py +++ b/certidude/wrappers.py @@ -123,12 +123,7 @@ class CertificateAuthorityConfig(object): """ Returns sorted list of CA-s defined in the configuration file. """ - l = [s[3:] for s in self._config if s.startswith("CA_")] - # Sanity check for duplicates (although ConfigParser fails earlier) - if len(l) != len(set(l)): - raise ValueError - return sorted(l) - + return sorted([s[3:] for s in self._config if s.startswith("CA_")]) def pop_certificate_authority(self): def wrapper(func): diff --git a/tests/test_ca.py b/tests/test_ca.py new file mode 100644 index 0000000..c61a763 --- /dev/null +++ b/tests/test_ca.py @@ -0,0 +1,25 @@ +from click.testing import CliRunner +from certidude.cli import entry_point as cli + + +from certidude.wrappers import CertificateAuthorityConfig + +runner = CliRunner() + +def test_ca_config(): + # Authority setup + with runner.isolated_filesystem(): + result = runner.invoke(cli, ['setup', 'authority', 'xca']) + assert not result.exception + + # Load CA + conf = CertificateAuthorityConfig('./xca/openssl.cnf.example') + + assert conf.ca_list == ['xca'] + + ca = conf.instantiate_authority('xca') + + cert = ca.certificate + + assert cert.serial_number == '0000000000000000000000000000000000000001' + # TODO: Figure out a way to properly test cert.signed, cert.expires, cert.digest, etc diff --git a/tests/test_cli.py b/tests/test_cli.py index 93fef10..92b1e4f 100644 --- a/tests/test_cli.py +++ b/tests/test_cli.py @@ -1,6 +1,4 @@ import os -import pwd -import pytest from click.testing import CliRunner from certidude.cli import entry_point as cli