mirror of
https://github.com/laurivosandi/certidude
synced 2024-12-23 00:25:18 +00:00
Merge branch 'codecov' of https://github.com/plaes/certidude into plaes-codecov
Conflicts: certidude/api.py
This commit is contained in:
commit
ffd6eccd80
@ -7,10 +7,16 @@ python:
|
||||
- "3.3"
|
||||
- "3.4"
|
||||
- "3.5"
|
||||
after_success:
|
||||
- codecov
|
||||
before_install:
|
||||
# codecov.io
|
||||
- pip install codecov pytest-cov
|
||||
install:
|
||||
- pip install -r requirements.txt
|
||||
- pip install --editable .
|
||||
script: py.test
|
||||
script:
|
||||
- py.test && py.test --cov-report xml --cov=certidude tests/
|
||||
cache:
|
||||
directories:
|
||||
- $HOME/.cache/pip
|
||||
|
@ -1,6 +1,13 @@
|
||||
Certidude
|
||||
=========
|
||||
|
||||
.. image:: https://travis-ci.org/laurivosandi/certidude.svg?branch=master
|
||||
:target: https://travis-ci.org/laurivosandi/certidude
|
||||
|
||||
.. image:: http://codecov.io/github/laurivosandi/certidude/coverage.svg?branch=master
|
||||
:target: http://codecov.io/github/laurivosandi/certidude?branch=master
|
||||
|
||||
|
||||
Introduction
|
||||
------------
|
||||
|
||||
|
@ -267,7 +267,7 @@ class RequestListResource(CertificateAuthorityBase):
|
||||
# TODO: check for revoked certificates and return HTTP 410 Gone
|
||||
|
||||
# Process automatic signing if the IP address is whitelisted and autosigning was requested
|
||||
if req.get_param("autosign") in ("yes", "1", "true"):
|
||||
if req.get_param_as_bool("autosign"):
|
||||
for subnet in ca.autosign_subnets:
|
||||
if subnet.overlaps(remote_addr):
|
||||
try:
|
||||
|
@ -41,7 +41,7 @@ curl {{request.url}}/certificate/ > /etc/ipsec.d/cacerts/ca.pem
|
||||
openssl genrsa -out /etc/ipsec.d/private/$CN.pem 4096
|
||||
chmod 0600 /etc/ipsec.d/private/$CN.pem
|
||||
openssl req -new -sha256 -key /etc/ipsec.d/private/$CN.pem -out /etc/ipsec.d/reqs/$CN.pem -subj "{% if s.C %}/C={{s.C}}{% endif %}{% if s.ST %}/ST={{s.ST}}{% endif %}{% if s.L %}/L={{s.L}}{% endif %}{% if s.O %}/O={{s.O}}{% endif %}{% if s.OU %}/OU={{s.OU}}{% endif %}/CN=$CN"
|
||||
curl -L -H "Content-Type: application/pkcs10" --data-binary @/etc/ipsec.d/reqs/$CN.pem {{request.uri}}/request/?autosign=1\&wait=30 > /etc/ipsec.d/certs/$CN.pem.part
|
||||
curl -L -H "Content-Type: application/pkcs10" --data-binary @/etc/ipsec.d/reqs/$CN.pem {{request.uri}}/request/?autosign=yes\&wait=30 > /etc/ipsec.d/certs/$CN.pem.part
|
||||
if [ $? -eq 0 ]; then mv /etc/ipsec.d/certs/$CN.pem.part /etc/ipsec.d/certs/$CN.pem; fi
|
||||
openssl verify -CAfile /etc/ipsec.d/cacerts/ca.pem /etc/ipsec.d/certs/$CN.pem
|
||||
</pre>
|
||||
|
@ -124,12 +124,7 @@ class CertificateAuthorityConfig(object):
|
||||
"""
|
||||
Returns sorted list of CA-s defined in the configuration file.
|
||||
"""
|
||||
l = [s[3:] for s in self._config if s.startswith("CA_")]
|
||||
# Sanity check for duplicates (although ConfigParser fails earlier)
|
||||
if len(l) != len(set(l)):
|
||||
raise ValueError
|
||||
return sorted(l)
|
||||
|
||||
return sorted([s[3:] for s in self._config if s.startswith("CA_")])
|
||||
|
||||
def pop_certificate_authority(self):
|
||||
def wrapper(func):
|
||||
|
25
tests/test_ca.py
Normal file
25
tests/test_ca.py
Normal file
@ -0,0 +1,25 @@
|
||||
from click.testing import CliRunner
|
||||
from certidude.cli import entry_point as cli
|
||||
|
||||
|
||||
from certidude.wrappers import CertificateAuthorityConfig
|
||||
|
||||
runner = CliRunner()
|
||||
|
||||
def test_ca_config():
|
||||
# Authority setup
|
||||
with runner.isolated_filesystem():
|
||||
result = runner.invoke(cli, ['setup', 'authority', 'xca'])
|
||||
assert not result.exception
|
||||
|
||||
# Load CA
|
||||
conf = CertificateAuthorityConfig('./xca/openssl.cnf.example')
|
||||
|
||||
assert conf.ca_list == ['xca']
|
||||
|
||||
ca = conf.instantiate_authority('xca')
|
||||
|
||||
cert = ca.certificate
|
||||
|
||||
assert cert.serial_number == '0000000000000000000000000000000000000001'
|
||||
# TODO: Figure out a way to properly test cert.signed, cert.expires, cert.digest, etc
|
@ -1,19 +1,9 @@
|
||||
import os
|
||||
import pwd
|
||||
import pytest
|
||||
from click.testing import CliRunner
|
||||
from certidude.cli import entry_point as cli
|
||||
|
||||
runner = CliRunner()
|
||||
|
||||
def user_check(name='certidude'):
|
||||
try:
|
||||
pwd.getpwnam(name)
|
||||
return False
|
||||
except KeyError:
|
||||
pass
|
||||
return True
|
||||
|
||||
def test_cli_setup_authority():
|
||||
# Authority setup
|
||||
# TODO: parent, common-name, country, state, locality
|
||||
|
Loading…
Reference in New Issue
Block a user