config_maker.py 4.37 KB
Newer Older
1
import os, configparser
2 3 4 5
from tempfile import NamedTemporaryFile
from subprocess import Popen

# domain with server.py running on it for testing
6 7
DOMAIN = os.getenv("GITLABCI_DOMAIN")
CAURL = os.getenv("GITLABCI_CAURL", "https://acme-staging.api.letsencrypt.org")
8
CHALLENGEDELAY = os.getenv("GITLABCI_CHALLENGEDELAY", "3")
9
DNSHOST = os.getenv("GITLABCI_DNSHOST")
10
DNSHOSTIP = os.getenv("GITLABCI_DNSHOSTIP")
11 12 13 14 15
DNSZONE = os.getenv("GITLABCI_DNSZONE")
DNSPORT = os.getenv("GITLABCI_DNSPORT", "53")
TSIGKEYNAME = os.getenv("GITLABCI_TSIGKEYNAME")
TSIGKEYVALUE = os.getenv("GITLABCI_TSIGKEYVALUE")
TSIGALGORITHM = os.getenv("GITLABCI_TSIGALGORITHM")
16 17

# generate account and domain keys
18
def gen_config():
19 20 21 22
    # good account key
    account_key = NamedTemporaryFile()
    Popen(["openssl", "genrsa", "-out", account_key.name, "2048"]).wait()

Daniel Roesler's avatar
Daniel Roesler committed
23 24 25 26
    # weak 1024 bit key
    weak_key = NamedTemporaryFile()
    Popen(["openssl", "genrsa", "-out", weak_key.name, "1024"]).wait()

27 28 29 30 31
    # good domain key
    domain_key = NamedTemporaryFile()
    domain_csr = NamedTemporaryFile()
    Popen(["openssl", "req", "-newkey", "rsa:2048", "-nodes", "-keyout", domain_key.name,
        "-subj", "/CN={0}".format(DOMAIN), "-out", domain_csr.name]).wait()
Daniel Roesler's avatar
Daniel Roesler committed
32 33 34 35 36

    # subject alt-name domain
    san_csr = NamedTemporaryFile()
    san_conf = NamedTemporaryFile()
    san_conf.write(open("/etc/ssl/openssl.cnf").read().encode("utf8"))
37
    san_conf.write("\n[SAN]\nsubjectAltName=DNS:{0},DNS:www.{0}\n".format(DOMAIN).encode("utf8"))
Daniel Roesler's avatar
Daniel Roesler committed
38 39 40 41 42 43 44 45 46
    san_conf.seek(0)
    Popen(["openssl", "req", "-new", "-sha256", "-key", domain_key.name,
        "-subj", "/", "-reqexts", "SAN", "-config", san_conf.name,
        "-out", san_csr.name]).wait()

    # account-signed domain csr
    account_csr = NamedTemporaryFile()
    Popen(["openssl", "req", "-new", "-sha256", "-key", account_key.name,
        "-subj", "/CN={0}".format(DOMAIN), "-out", account_csr.name]).wait()
47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65
    
    # Default test configuration
    config = configparser.ConfigParser()
    config.read("./example.ini".format(DOMAIN))
    config["acmednstiny"]["CAUrl"] = CAURL
    config["acmednstiny"]["CheckChallengeDelay"] = CHALLENGEDELAY
    config["TSIGKeyring"]["KeyName"] = TSIGKEYNAME
    config["TSIGKeyring"]["KeyValue"] = TSIGKEYVALUE
    config["TSIGKeyring"]["Algorithm"] = TSIGALGORITHM
    config["DNS"]["Host"] = DNSHOST
    config["DNS"]["Port"] = DNSPORT
    config["DNS"]["Zone"] = DNSZONE
    
    goodCName = NamedTemporaryFile()
    config["acmednstiny"]["AccountKeyFile"] = account_key.name
    config["acmednstiny"]["CSRFile"] = domain_csr.name
    with open(goodCName.name, 'w') as configfile:
        config.write(configfile)
    
66 67 68 69 70 71
    dnsHostIP = NamedTemporaryFile()
    config["DNS"]["Host"] = DNSHOSTIP
    with open(dnsHostIP.name, 'w') as configfile:
        config.write(configfile)
    config["DNS"]["Host"] = DNSHOST
    
72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88
    goodSAN = NamedTemporaryFile()
    config["acmednstiny"]["AccountKeyFile"] = account_key.name
    config["acmednstiny"]["CSRFile"] = san_csr.name
    with open(goodSAN.name, 'w') as configfile:
        config.write(configfile)
    
    weakKey = NamedTemporaryFile()
    config["acmednstiny"]["AccountKeyFile"] = weak_key.name
    config["acmednstiny"]["CSRFile"] = domain_csr.name
    with open(weakKey.name, 'w') as configfile:
        config.write(configfile)
        
    accountAsDomain = NamedTemporaryFile()
    config["acmednstiny"]["AccountKeyFile"] = account_key.name
    config["acmednstiny"]["CSRFile"] = account_csr.name
    with open(accountAsDomain.name, 'w') as configfile:
        config.write(configfile)
89
    
90 91 92 93 94
    invalidTSIGName = NamedTemporaryFile()
    config["TSIGKeyring"]["KeyName"] = "{0}.invalid".format(TSIGKEYNAME)
    with open(invalidTSIGName.name, 'w') as configfile:
        config.write(configfile)
    
95 96 97 98 99
    missingDNS = NamedTemporaryFile()
    config["DNS"] = {}
    with open(missingDNS.name, 'w') as configfile:
        config.write(configfile)
    
100
    return {
101
        "goodCName": goodCName,
102
        "dnsHostIP": dnsHostIP,
103 104 105
        "goodSAN": goodSAN,
        "weakKey": weakKey,
        "accountAsDomain": accountAsDomain,
106
        "invalidTSIGName": invalidTSIGName,
107
        "missingDNS": missingDNS,
108 109 110 111 112 113
        "key": {"accountkey": account_key,
                 "weakkey": weak_key,
                 "domainkey": domain_key},
        "csr" : {"domaincsr": domain_csr,
                 "sancsr": san_csr,
                 "accountcsr": account_csr}
114 115
    }