Commit dac2c055 authored by Alain Takoudjou's avatar Alain Takoudjou

re6st registry: generate dh parameters file

parent 2140b3ce
......@@ -71,9 +71,13 @@ class Recipe(GenericBaseRecipe):
def generateCertificate(self):
key_file = self.options['key-file'].strip()
cert_file = self.options['cert-file'].strip()
dh_file = self.options['dh-file'].strip()
if not os.path.exists(key_file):
serial = self.getSerialFromIpv6(self.options['ipv6-prefix'].strip())
dh_command = [self.options['openssl-bin'], 'dhparam', '-out',
'%s' % dh_file, self.options['key-size']]
key_command = [self.options['openssl-bin'], 'genrsa', '-out',
'%s' % key_file, self.options['key-size']]
......@@ -82,6 +86,7 @@ class Recipe(GenericBaseRecipe):
'-x509', '-batch', '-key', '%s' % key_file, '-set_serial',
'%s' % serial, '-days', '3650', '-out', '%s' % cert_file]
subprocess.check_call(dh_command)
subprocess.check_call(key_command)
subprocess.check_call(cert_command)
......
......@@ -24,6 +24,7 @@ class Re6stnetTest(unittest.TestCase):
'openssl-bin': '/usr/bin/openssl',
'key-file': os.path.join(self.ssl_dir, 'cert.key'),
'cert-file': os.path.join(self.ssl_dir, 'cert.crt'),
'dh-file': os.path.join(self.ssl_dir, 'dh.pem'),
'key-size': '2048',
'conf-dir': self.conf_dir,
'token-dir': self.token_dir,
......@@ -98,6 +99,9 @@ class Re6stnetTest(unittest.TestCase):
content = f.read()
self.assertIn("@%s" % config_file, content)
def fake_generateCertificates(self):
return
def test_generateCertificates(self):
self.options['ipv6-prefix'] = '2001:db8:24::/48'
......@@ -107,8 +111,8 @@ class Re6stnetTest(unittest.TestCase):
recipe.generateCertificate()
self.assertTrue(os.path.exists(self.options['key-file']))
self.assertTrue(os.path.exists(self.options['cert-file']))
self.assertItemsEqual(os.listdir(self.ssl_dir),
['cert.key', 'cert.crt', 'dh.pem'])
last_time = time.ctime(os.stat(self.options['key-file'])[7])
......@@ -119,19 +123,23 @@ class Re6stnetTest(unittest.TestCase):
self.assertEqual(last_time, this_time)
def test_generateCertificates_other_ipv6(self):
def test_getSerialFromIpv6(self):
self.options['ipv6-prefix'] = 'be28:db8:fe6a:d85:4fe:54a:ae:aea/64'
ipv6 = 'be28:db8:fe6a:d85:4fe:54a:ae:aea/64'
recipe = self.new_recipe()
serial = recipe.getSerialFromIpv6(ipv6)
recipe.generateCertificate()
self.assertEqual(serial, '0x1be280db8fe6a0d8504fe054a00ae0aea')
self.assertTrue(os.path.exists(self.options['key-file']))
self.assertTrue(os.path.exists(self.options['cert-file']))
ipv6 = '2001:db8:24::/48'
serial = recipe.getSerialFromIpv6(ipv6)
self.assertEqual(serial, '0x120010db80024')
def test_install(self):
recipe = self.new_recipe()
recipe.generateCertificate = self.fake_generateCertificates
recipe.options.update({
'ipv6-prefix': '2001:db8:24::/48',
......@@ -148,9 +156,6 @@ class Re6stnetTest(unittest.TestCase):
# Recipe will raise not found error when trying to publish slave informations
pass
self.assertItemsEqual(os.listdir(self.ssl_dir),
['cert.key', 'cert.crt'])
token_file = os.path.join(self.options['conf-dir'], 'token.json')
self.assertTrue(os.path.exists(token_file))
......@@ -200,6 +205,7 @@ class Re6stnetTest(unittest.TestCase):
def test_install_empty_slave(self):
recipe = self.new_recipe()
recipe.generateCertificate = self.fake_generateCertificates
recipe.options.update({
'ipv6-prefix': '2001:db8:24::/48'
......@@ -207,9 +213,6 @@ class Re6stnetTest(unittest.TestCase):
recipe.install()
self.assertItemsEqual(os.listdir(self.ssl_dir),
['cert.key', 'cert.crt'])
token_file = os.path.join(self.options['conf-dir'], 'token.json')
self.assertTrue(os.path.exists(token_file))
......
......@@ -106,6 +106,7 @@ ipv6 = {{ ipv6 }}
db = ${re6stnet-dirs:registry}/registry.db
ca = ${re6stnet-dirs:ssl}/re6stnet.crt
key = ${re6stnet-dirs:ssl}/re6stnet.key
dh = ${re6stnet-dirs:ssl}/dh.pem
mailhost = 127.0.0.1
prefix-length = 16
anonymous-prefix-length = 32
......@@ -140,6 +141,7 @@ ipv4 = ${re6st-registry-conf-dict:ipv4}
db-path = ${re6st-registry-conf-dict:db}
key-file = ${re6st-registry-conf-dict:key}
cert-file = ${re6st-registry-conf-dict:ca}
dh-file = ${re6st-registry-conf-dict:dh}
slave-instance-list = ${slap-parameter:slave_instance_list}
......
......@@ -4,6 +4,7 @@ port {{ parameter_dict['port'] }}
db {{ parameter_dict['db'] }}
ca {{ parameter_dict['ca'] }}
key {{ parameter_dict['key'] }}
dh {{ parameter_dict['dh'] }}
mailhost {{ parameter_dict['mailhost'] }}
prefix-length {{ parameter_dict['prefix-length'] }}
anonymous-prefix-length {{ parameter_dict['anonymous-prefix-length'] }}
......
......@@ -93,7 +93,7 @@ extra-context =
[template-re6stnet]
< = download-base
filename = instance-re6stnet.cfg.in
md5sum = e0f4857750bfd55f154c448ad56edaec
md5sum = 2449dd8f7438072ac8a9a3b3c67f7179
[template-logrotate-base]
< = template-jinja2-base
......@@ -112,7 +112,7 @@ md5sum = c220229ee37866c8cc404d602edd389d
[template-re6st-registry-conf]
< = download-base
filename = re6st-registry.conf.in
md5sum = 19a5827512cfecc25992fc152c995551
md5sum = 7760a213896755e707993d67d8d980bb
[check-recipe]
recipe = plone.recipe.command
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment