summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorelijah <elijah@riseup.net>2012-11-06 23:46:57 -0800
committerelijah <elijah@riseup.net>2012-11-06 23:46:57 -0800
commit96634bb77059ca074a4713e0d143c99266b4d55f (patch)
tree75b172b5478c5cb29b356dd025492cf2a21268f9
parent68674e6d2d85ca42e0d56a63f3ea2441c7e7e992 (diff)
updated test/provider and added configurable life_span to CA.
-rw-r--r--lib/leap_cli/commands/ca.rb23
-rw-r--r--test/provider/common.json14
-rw-r--r--test/provider/provider.json7
-rw-r--r--test/provider/secrets.json4
-rw-r--r--test/provider/services/couchdb.json6
-rw-r--r--test/provider/services/webapp.json3
6 files changed, 38 insertions, 19 deletions
diff --git a/lib/leap_cli/commands/ca.rb b/lib/leap_cli/commands/ca.rb
index ff24058..94a173c 100644
--- a/lib/leap_cli/commands/ca.rb
+++ b/lib/leap_cli/commands/ca.rb
@@ -11,6 +11,7 @@ module LeapCli; module Commands
assert_files_missing! :ca_cert, :ca_key
assert_config! 'provider.ca.name'
assert_config! 'provider.ca.bit_size'
+ assert_config! 'provider.ca.life_span'
provider = manager.provider
root = CertificateAuthority::Certificate.new
@@ -25,10 +26,8 @@ module LeapCli; module Commands
end
# set expiration
- years = 2
- today = Date.today
- root.not_before = Time.gm today.year, today.month, today.day
- root.not_after = root.not_before + years * 60 * 60 * 24 * 365
+ root.not_before = today
+ root.not_after = years_from_today(provider.ca.life_span.to_i)
# generate private key
root.serial_number.number = 1
@@ -65,10 +64,8 @@ module LeapCli; module Commands
cert.subject.common_name = node.domain.full
# set expiration
- years = provider.ca.server_certificates.life_span.to_i
- today = Date.today
- cert.not_before = Time.gm today.year, today.month, today.day
- cert.not_after = cert.not_before + years * 60 * 60 * 24 * 365
+ cert.not_before = today
+ cert.not_after = years_from_today(provider.ca.server_certificates.life_span.to_i)
# generate key
cert.serial_number.number = cert_serial_number(node.domain.full)
@@ -162,4 +159,14 @@ module LeapCli; module Commands
Digest::MD5.hexdigest("#{domain_name} -- #{Time.now}").to_i(16)
end
+ def today
+ t = Time.now
+ Time.utc t.year, t.month, t.day
+ end
+
+ def years_from_today(num)
+ t = Time.now
+ Time.utc t.year + num, t.month, t.day
+ end
+
end; end
diff --git a/test/provider/common.json b/test/provider/common.json
index 9e19836..7504e86 100644
--- a/test/provider/common.json
+++ b/test/provider/common.json
@@ -3,8 +3,8 @@
#
{
"domain": {
- "full_suffix": "rewire.co",
- "internal_suffix": "rewire",
+ "full_suffix": "= global.provider.domain",
+ "internal_suffix": "= global.provider.internal_domain",
"full": "= node.name + '.' + domain.full_suffix",
"internal": "= node.name + '.' + domain.internal_suffix",
"name": "= node.name + '.' + (dns.public ? domain.full_suffix : domain.internal_suffix)"
@@ -16,10 +16,10 @@
"authorized_keys": "= file :authorized_keys",
"known_hosts": "= file :known_hosts",
"port": 22
+ },
+ "x509": {
+ "use": false,
+ "cert": "= x509.use ? file(:node_x509_cert) : nil",
+ "key": "= x509.use ? file(:node_x509_key) : nil"
}
- #"x509": {
- # "use": false,
- # "cert": "= x509.use ? file(:node_x509_cert) : nil",
- # "key": "= x509.use ? file(:node_x509_key) : nil"
- #}
}
diff --git a/test/provider/provider.json b/test/provider/provider.json
index d4153a6..e65eebe 100644
--- a/test/provider/provider.json
+++ b/test/provider/provider.json
@@ -2,8 +2,10 @@
# General service provider configuration.
#
{
+ "domain": "bitmask.net",
+ "internal_domain": "= domain.sub(/\\..*$/,'.i')",
"name": {
- "en": "The Rewire Company"
+ "en": "Bitmask"
},
"description": {
"en": "A demonstration service provider using the LEAP platform"
@@ -12,10 +14,11 @@
"default_language": "en",
"enrollment_policy": "open",
"ca": {
- "name": "Rewire Root CA",
+ "name": "= global.provider.ca.organization + ' Root CA'",
"organization": "= global.provider.name[global.provider.default_language]",
"organizational_unit": "= 'https://' + global.common.domain.full_suffix",
"bit_size": 4096,
+ "life_span": "10y",
"server_certificates": {
"bit_size": 3248,
"life_span": "1y"
diff --git a/test/provider/secrets.json b/test/provider/secrets.json
new file mode 100644
index 0000000..3654472
--- /dev/null
+++ b/test/provider/secrets.json
@@ -0,0 +1,4 @@
+{
+ "couch_admin_password": "Wf@W&@fQeK@qcItm-9fH~9ve8A4V5Dua",
+ "couch_webapp_password": "rXYr3RfJyqutsLZ6zQZ=&@WPXWnvdMpe"
+}
diff --git a/test/provider/services/couchdb.json b/test/provider/services/couchdb.json
index 9024aa0..1cbc84e 100644
--- a/test/provider/services/couchdb.json
+++ b/test/provider/services/couchdb.json
@@ -1,3 +1,7 @@
{
- "service_type": "internal_service"
+ "service_type": "internal_service",
+ "users": {
+ "admin": {"username":"admin", "password":"= secret :couch_admin_password"},
+ "webapp": {"username":"webapp", "password":"= secret :couch_webapp_password"}
+ }
} \ No newline at end of file
diff --git a/test/provider/services/webapp.json b/test/provider/services/webapp.json
index 0e5b2f9..247df49 100644
--- a/test/provider/services/webapp.json
+++ b/test/provider/services/webapp.json
@@ -1,7 +1,8 @@
{
"webapp": {
"modules": ["user", "billing", "help"],
- "couchdb_hosts": "= nodes[:services => :couchdb].field('domain.name')"
+ "couchdb_hosts": "= nodes[:services => :couchdb].field('domain.name')",
+ "couchdb_users": "= global.services['couchdb'].users['admin']"
},
"definition_files": {
"provider": "= file('service-definitions/provider.json.erb')",