Browse Source

minica cert now works with <keygen>, some general cleanup

phryk phryksen 1 year ago
parent
commit
6c431b0809
7 changed files with 26 additions and 84 deletions
  1. 6
    4
      .gitignore
  2. 0
    18
      example.ini
  3. 0
    17
      example_freebsd.ini
  4. 0
    35
      nginx.conf
  5. 12
    8
      poobrains/__init__.py
  6. 1
    0
      poobrains/auth/__init__.py
  7. 7
    2
      poobrains/cli/__init__.py

+ 6
- 4
.gitignore View File

@@ -5,11 +5,13 @@
5 5
 *.swo
6 6
 *.core
7 7
 *.log
8
-ssl
9 8
 /gnupg
10 9
 /upload
10
+/bin
11
+/include
12
+/lib
13
+/tls
11 14
 config.py
12
-bin
13
-include
14
-lib
15 15
 pip-selfcheck.json
16
+example.ini
17
+example.nginx.conf

+ 0
- 18
example.ini View File

@@ -1,18 +0,0 @@
1
-[uwsgi]
2
-
3
-# env = DEBUG=true # doesn't work for whatever reason
4
-
5
-# HOME needed only for pudb debugger
6
-env = HOME=/var/www/poobrains
7
-
8
-if-env = DEBUG
9
-honour-stdin = true
10
-endif =
11
-
12
-chdir = /var/www/poobrains
13
-socket = /tmp/poo.sock
14
-#logger = file:uwsgi_poobrains.log
15
-#logger = file:/dev/stderr
16
-wsgi = example:app
17
-uid = nginx
18
-gid = nginx

+ 0
- 17
example_freebsd.ini View File

@@ -1,17 +0,0 @@
1
-[uwsgi]
2
-
3
-# env = DEBUG=true # doesn't work for whatever reason
4
-# HOME needed only for pudb debugger
5
-env = HOME=/usr/local/www/poobrains 
6
-virtualenv = /usr/local/www/poobrains
7
-if-env = DEBUG
8
-honour-stdin = true
9
-endif =
10
-
11
-chdir = /usr/local/www/poobrains
12
-socket = /tmp/poo.sock
13
-#logger = file:uwsgi_poobrains.log
14
-wsgi = example:app
15
-uid = www
16
-gid = www
17
-#home = /usr/local/www/poobrains

+ 0
- 35
nginx.conf View File

@@ -1,35 +0,0 @@
1
-user nginx nginx;
2
-worker_processes 1;
3
-
4
-error_log /var/log/nginx/error_log debug;
5
-
6
-events {
7
-    worker_connections 1024;
8
-    use epoll;
9
-}
10
-
11
-http {
12
-
13
-    server {
14
-
15
-        access_log /var/log/nginx/poobrains_access.log;
16
-
17
-        listen 80;
18
-        listen 443 ssl;
19
-
20
-        ssl_trusted_certificate /var/www/poobrains/ssl/root.crt;
21
-        ssl_certificate /var/www/poobrains/ssl/websrv.crt;
22
-        ssl_certificate_key /var/www/poobrains/ssl/websrv.key;
23
-        ssl_client_certificate /var/www/poobrains/ssl/webca.crt;
24
-        ssl_verify_client optional;
25
-        ssl_verify_depth 2;
26
-
27
-        location / {
28
-            root /var/www/poobrains;
29
-            uwsgi_pass unix:/tmp/poo.sock;
30
-            uwsgi_param SSL_CLIENT_VERIFY $ssl_client_verify;
31
-            uwsgi_param SSL_CLIENT_CERT $ssl_client_raw_cert;
32
-            include uwsgi_params;
33
-        }
34
-    }
35
-}

+ 12
- 8
poobrains/__init__.py View File

@@ -2,6 +2,7 @@
2 2
 
3 3
 import os
4 4
 import sys
5
+import types
5 6
 import collections
6 7
 import copy
7 8
 import functools
@@ -24,21 +25,24 @@ import defaults
24 25
 
25 26
 db_url.schemes['sqlite'] = db_url.schemes['sqliteext'] # Make sure we get the extensible sqlite database, so we can make regular expressions case-sensitive. see https://github.com/coleifer/peewee/issues/1221
26 27
 
28
+import __main__ # to look up project name
29
+
30
+if hasattr(__main__, '__file__'):
31
+    project_name = os.path.splitext(os.path.basename(__main__.__file__))[0] # basically filename of called file - extension
32
+else:
33
+    project_name = "REPL" # We're probably in a REPL, right?
34
+
27 35
 try:
28 36
     import config # imports config relative to main project
29 37
 
30 38
 
31 39
 except ImportError as e:
32 40
 
33
-    config = False
41
+    #config = False
34 42
 
43
+    config = types.ModuleType('config')
44
+    config.DATABASE = "sqlite:///%s.db" % project_name # NOTE: If you change this, you'll also have to change the --database default in cli/__init__.py or else install will fuck up
35 45
 
36
-import __main__ # to look up project name
37
-
38
-if hasattr(__main__, '__file__'):
39
-    project_name = os.path.splitext(os.path.basename(__main__.__file__))[0] # basically filename of called file - extension
40
-else:
41
-    project_name = "REPL" # We're probably in a REPL, right?
42 46
 
43 47
 
44 48
 def is_renderable(x):
@@ -316,7 +320,7 @@ class Poobrain(flask.Flask):
316 320
 
317 321
 
318 322
     def request_setup(self):
319
-        
323
+       
320 324
         flask.g.boxes = {}
321 325
         flask.g.forms = {}
322 326
         #self.db.close() # fails first request and thus always on sqlite

+ 1
- 0
poobrains/auth/__init__.py View File

@@ -397,6 +397,7 @@ class ClientCertForm(poobrains.form.Form):
397 397
         
398 398
         if self.controls['keygen_submit'].value:
399 399
 
400
+            app.debugger.set_trace()
400 401
             try:
401 402
                 client_cert = token.user.gen_clientcert_from_spkac(token.cert_name, self.fields['key'].value, flask.session['key_challenge'])
402 403
                 del flask.session['key_challenge']

+ 7
- 2
poobrains/cli/__init__.py View File

@@ -37,7 +37,7 @@ def test():
37 37
 
38 38
 @app.cli.command()
39 39
 @click.option('--domain', prompt="Domain this site will be run under?", default="localhost")
40
-@click.option('--database', default="sqlite:///%s.db" % project_name)
40
+@click.argument('--database', default="sqlite:///%s.db" % project_name)
41 41
 @click.option('--keylength', prompt="Length for cryptographic keys (in bits)", default=4096)
42 42
 @click.option('--deployment', prompt="Please choose your way of deployment for automatic config generation", type=click.Choice(['uwsgi+nginx', 'custom']), default='uwsgi+nginx')
43 43
 @click.option('--deployment-os', prompt="What OS are you deploying to?", type=click.Choice(['linux', 'freebsd']), default=lambda: os.uname()[0].lower())
@@ -186,7 +186,12 @@ def minica(lifetime):
186 186
     click.echo("Generating certificate")
187 187
     cert = OpenSSL.crypto.X509()
188 188
     cert.get_issuer().commonName = app.config['DOMAIN'] # srsly pyOpenSSL?
189
-    cert.get_subject().commonName = app.config['DOMAIN'] # srsly pyOpenSSL?
189
+    cert.get_issuer().C = 'AQ'
190
+    cert.get_issuer().L = 'Fnordpol'
191
+    cert.get_issuer().O = 'Erisian Liberation Front'
192
+    cert.get_issuer().OU = 'Cyber Confusion Center'
193
+    #cert.get_subject().commonName = app.config['DOMAIN'] # srsly pyOpenSSL?
194
+    cert.set_subject(cert.get_issuer())
190 195
     cert.set_pubkey(keypair)
191 196
     cert.gmtime_adj_notBefore(0)
192 197
     cert.gmtime_adj_notAfter(lifetime)

Loading…
Cancel
Save