Added code to save newly created key and csr, save_key_csr() - needs to be tested

2026-06-09 08:42:57 -04:00 · 2012-08-12 01:44:41 -04:00 · 2012-08-12 01:44:41 -04:00 · 8db9b8bd1d
commit 8db9b8bd1d
parent c84bfb8759 b8d3aab7a5
19 changed files with 30 additions and 49 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,3 +1,3 @@
 *.pyc
-chocolate_protocol_pb2.py
+trustify/protocol/chocolate_pb2.py
 m3
--- a/client-webserver/README
+++ b/client-webserver/README
@ -1,10 +0,0 @@
-In this directory are tools that will run on webservers for sysadmins to
-automatically obtain their certs
-
-
-Set CHOCOLATESERVER environment variable for client.py, or pass the server
-name as a command line argument!
-
-client.py - experimental tool for making requests and parsing replies
-configurator.py - edits Apache config files using Augeas
-sni_challenge.py - sets up the Apache server for the DV SNI cert challenge
--- a/client-webserver/hashcash.py
+++ b/client-webserver/hashcash.py
@ -1 +0,0 @@
-../server-ca/hashcash.py
--- a/client.py
+++ b/client.py
@ -0,0 +1,6 @@
+#!/usr/bin/env python
+
+from trustify.client import client
+
+if __name__ == "__main__":
+    client.authenticate()
--- a/server-ca/Makefile
+++ b/server-ca/Makefile
@ -4,9 +4,5 @@
 #	rsync -av --delete sni_challenge demoCA ${CHOCOLATESERVER}:
 #	ssh ${CHOCOLATESERVER} make -C sni_challenge clean all

-chocolate_protocol_pb2.py: chocolate_protocol.proto
-	protoc chocolate_protocol.proto --python_out=.
-	cp -p chocolate_protocol_pb2.py ../client-webserver/
-
 clean:
 	rm -f *.pyc
--- a/server-ca/chocolate.py
+++ b/server-ca/chocolate.py
@ -2,10 +2,10 @@

 import web, redis, time, binascii, re, urllib2
 import CSR
-import hashcash
+from trustify.protocol import hashcash
 from CSR import M2Crypto
 from Crypto import Random
-from chocolate_protocol_pb2 import chocolatemessage
+from trustify.protocol.chocolate_pb2 import chocolatemessage
 from google.protobuf.message import DecodeError

 from CONFIG import chocolate_server_name, min_keysize, difficulty, polldelay
--- a/trustify/init.py
+++ b/trustify/init.py
--- a/client-webserver/.gitignore
+++ b/client-webserver/.gitignore
--- a/client-webserver/CONFIG.py
+++ b/client-webserver/CONFIG.py
--- a/trustify/client/init.py
+++ b/trustify/client/init.py
--- a/client-webserver/choc_cert_extensions.cnf
+++ b/client-webserver/choc_cert_extensions.cnf
--- a/client-webserver/client.py
+++ b/client-webserver/client.py
@ -1,25 +1,19 @@
 #!/usr/bin/env python

-from chocolate_protocol_pb2 import chocolatemessage
 import M2Crypto
 # It is OK to use the upstream M2Crypto here instead of our modified
 # version.
-import urllib2, os, grp, pwd, sys, time, random, sys, hashlib, subprocess
+import urllib2
+import os, grp, pwd, sys, time, random, sys
+import hashlib
+import subprocess
 import getopt
 # TODO: support a mode where use of interactive prompting is forbidden

-import sni_challenge
-import configurator
-#from trustify import sni_challenge
-#from trustify import configurator
-
-# bits of hashcash to generate
-from CONFIG import difficulty
-#from trustify.CONFIG import difficulty
-
-#Trustify certificate and chain files
-from CONFIG import SERVER_ROOT, cert_file, chain_file
-#from trustify.CONFIG import cert_file, chain_file
+from trustify.protocol.chocolate_pb2 import chocolatemessage
+from trustify.client import sni_challenge
+from trustify.client import configurator
+from trustify.client.CONFIG import difficulty, cert_file, chain_file

 # it's weird to point to chocolate servers via raw IPv6 addresses, and such
 # addresses can be %SCARY in some contexts, so out of paranoia let's disable
@ -346,7 +340,4 @@ def authenticate():
        print "Server reported failure."
        sys.exit(1)

-    # vim: set expandtab tabstop=4 shiftwidth=4
-
-if __name__ == "__main__":
-    authenticate()
+# vim: set expandtab tabstop=4 shiftwidth=4
--- a/client-webserver/configurator.py
+++ b/client-webserver/configurator.py
@ -5,8 +5,7 @@ import os
 import sys
 import socket

-from CONFIG import SERVER_ROOT, CONFIG_DIR
-#from trustify.CONFIG import SERVER_ROOT
+from trustify.client.CONFIG import SERVER_ROOT

 class VH(object):
    def __init__(self, vh_path, vh_addrs):
--- a/client-webserver/options-ssl.conf
+++ b/client-webserver/options-ssl.conf
--- a/client-webserver/sni_challenge.py
+++ b/client-webserver/sni_challenge.py
@ -10,18 +10,11 @@ from os import remove, close, path
 import binascii
 import augeas

-import configurator
-#from trustify import configurator
-
-from CONFIG import CONFIG_DIR, WORK_DIR, SERVER_ROOT
-from CONFIG import CHOC_CERT_CONF, OPTIONS_SSL_CONF, APACHE_CHALLENGE_CONF
-from CONFIG import S_SIZE, NONCE_SIZE
-#Once directory changes to trustify and becomes package
-#from trustify.CONFIG import CONFIG_DIR, WORK_DIR, SERVER_ROOT
-#from trustify.CONFIG import CHOC_CERT_CONF, OPTIONS_SSL_CONF
-#from trustify.CONFIG import APACHE_CHALLENGE_CONF
-#from trustify.CONFIG import S_SIZE, NONCE_SIZE
+from trustify.client import configurator

+from trustify.client.CONFIG import CONFIG_DIR, WORK_DIR, SERVER_ROOT
+from trustify.client.CONFIG import CHOC_CERT_CONF, OPTIONS_SSL_CONF, APACHE_CHALLENGE_CONF
+from trustify.client.CONFIG import S_SIZE, NONCE_SIZE

 def getChocCertFile(nonce):
    """
--- a/trustify/protocol/Makefile
+++ b/trustify/protocol/Makefile
@ -0,0 +1,7 @@
+proto = chocolate.proto
+
+$(proto:.proto=_pb2.py): $(proto)
+	protoc $^ --python_out=.
+
+clean:
+	rm -f *_pb2.py *_pb2.pyc
--- a/trustify/protocol/init.py
+++ b/trustify/protocol/init.py
--- a/server-ca/chocolate_protocol.proto
+++ b/server-ca/chocolate_protocol.proto
--- a/trustify/protocol/hashcash.py
+++ b/trustify/protocol/hashcash.py