lauri/certidude
1
0
Fork 0
mirror of https://github.com/laurivosandi/certidude synced 2025-10-31 17:39:12 +00:00
Code Issues Activity

Merge branch 'codecov' of https://github.com/plaes/certidude into plaes-codecov

Browse Source 
Conflicts:
	certidude/api.py
This commit is contained in:
Lauri Võsandi
2015-11-06 09:08:00 +02:00
parent a413a15854 9a845fc009
commit ffd6eccd80
7 changed files with 42 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
.travis.yml
View File

@@ -7,10 +7,16 @@ python:
- "3.3" - "3.3"
- "3.4" - "3.4"
- "3.5" - "3.5"
after_success:
- codecov
before_install:
# codecov.io
- pip install codecov pytest-cov
install: install:
- pip install -r requirements.txt - pip install -r requirements.txt
- pip install --editable . - pip install --editable .
script: py.test script:
- py.test && py.test --cov-report xml --cov=certidude tests/
cache: cache:
directories: directories:
- $HOME/.cache/pip - $HOME/.cache/pip

7
README.rst
View File

@@ -1,6 +1,13 @@
Certidude Certidude
========= =========
.. image:: https://travis-ci.org/laurivosandi/certidude.svg?branch=master
:target: https://travis-ci.org/laurivosandi/certidude
.. image:: http://codecov.io/github/laurivosandi/certidude/coverage.svg?branch=master
:target: http://codecov.io/github/laurivosandi/certidude?branch=master
Introduction Introduction
------------ ------------

2
certidude/api.py
View File

@@ -267,7 +267,7 @@ class RequestListResource(CertificateAuthorityBase):
# TODO: check for revoked certificates and return HTTP 410 Gone # TODO: check for revoked certificates and return HTTP 410 Gone
# Process automatic signing if the IP address is whitelisted and autosigning was requested # Process automatic signing if the IP address is whitelisted and autosigning was requested
if req.get_param("autosign") in ("yes", "1", "true"): if req.get_param_as_bool("autosign"):
for subnet in ca.autosign_subnets: for subnet in ca.autosign_subnets:
if subnet.overlaps(remote_addr): if subnet.overlaps(remote_addr):
try: try:

2
certidude/templates/index.html
View File

@@ -41,7 +41,7 @@ curl {{request.url}}/certificate/ > /etc/ipsec.d/cacerts/ca.pem
openssl genrsa -out /etc/ipsec.d/private/$CN.pem 4096 openssl genrsa -out /etc/ipsec.d/private/$CN.pem 4096
chmod 0600 /etc/ipsec.d/private/$CN.pem chmod 0600 /etc/ipsec.d/private/$CN.pem
openssl req -new -sha256 -key /etc/ipsec.d/private/$CN.pem -out /etc/ipsec.d/reqs/$CN.pem -subj "{% if s.C %}/C={{s.C}}{% endif %}{% if s.ST %}/ST={{s.ST}}{% endif %}{% if s.L %}/L={{s.L}}{% endif %}{% if s.O %}/O={{s.O}}{% endif %}{% if s.OU %}/OU={{s.OU}}{% endif %}/CN=$CN" openssl req -new -sha256 -key /etc/ipsec.d/private/$CN.pem -out /etc/ipsec.d/reqs/$CN.pem -subj "{% if s.C %}/C={{s.C}}{% endif %}{% if s.ST %}/ST={{s.ST}}{% endif %}{% if s.L %}/L={{s.L}}{% endif %}{% if s.O %}/O={{s.O}}{% endif %}{% if s.OU %}/OU={{s.OU}}{% endif %}/CN=$CN"
curl -L -H "Content-Type: application/pkcs10" --data-binary @/etc/ipsec.d/reqs/$CN.pem {{request.uri}}/request/?autosign=1\&wait=30 > /etc/ipsec.d/certs/$CN.pem.part curl -L -H "Content-Type: application/pkcs10" --data-binary @/etc/ipsec.d/reqs/$CN.pem {{request.uri}}/request/?autosign=yes\&wait=30 > /etc/ipsec.d/certs/$CN.pem.part
if [ $? -eq 0 ]; then mv /etc/ipsec.d/certs/$CN.pem.part /etc/ipsec.d/certs/$CN.pem; fi if [ $? -eq 0 ]; then mv /etc/ipsec.d/certs/$CN.pem.part /etc/ipsec.d/certs/$CN.pem; fi
openssl verify -CAfile /etc/ipsec.d/cacerts/ca.pem /etc/ipsec.d/certs/$CN.pem openssl verify -CAfile /etc/ipsec.d/cacerts/ca.pem /etc/ipsec.d/certs/$CN.pem
</pre> </pre>

7
certidude/wrappers.py
View File

@@ -124,12 +124,7 @@ class CertificateAuthorityConfig(object):
""" """
Returns sorted list of CA-s defined in the configuration file. Returns sorted list of CA-s defined in the configuration file.
""" """
l = [s[3:] for s in self._config if s.startswith("CA_")] return sorted([s[3:] for s in self._config if s.startswith("CA_")])
# Sanity check for duplicates (although ConfigParser fails earlier)
if len(l) != len(set(l)):
raise ValueError
return sorted(l)
def pop_certificate_authority(self): def pop_certificate_authority(self):
def wrapper(func): def wrapper(func):

25
tests/test_ca.py Normal file
View File

@@ -0,0 +1,25 @@
from click.testing import CliRunner
from certidude.cli import entry_point as cli
from certidude.wrappers import CertificateAuthorityConfig
runner = CliRunner()
def test_ca_config():
# Authority setup
with runner.isolated_filesystem():
result = runner.invoke(cli, ['setup', 'authority', 'xca'])
assert not result.exception
# Load CA
conf = CertificateAuthorityConfig('./xca/openssl.cnf.example')
assert conf.ca_list == ['xca']
ca = conf.instantiate_authority('xca')
cert = ca.certificate
assert cert.serial_number == '0000000000000000000000000000000000000001'
# TODO: Figure out a way to properly test cert.signed, cert.expires, cert.digest, etc

10
tests/test_cli.py
View File

@@ -1,19 +1,9 @@
import os import os
import pwd
import pytest
from click.testing import CliRunner from click.testing import CliRunner
from certidude.cli import entry_point as cli from certidude.cli import entry_point as cli
runner = CliRunner() runner = CliRunner()
def user_check(name='certidude'):
try:
pwd.getpwnam(name)
return False
except KeyError:
pass
return True
def test_cli_setup_authority(): def test_cli_setup_authority():
# Authority setup # Authority setup
# TODO: parent, common-name, country, state, locality # TODO: parent, common-name, country, state, locality