Beispiel #1
0
def create_self_signed(apps, schema_editor):
    CertificateKeyPair = apps.get_model("authentik_crypto", "CertificateKeyPair")
    db_alias = schema_editor.connection.alias
    from authentik.crypto.builder import CertificateBuilder

    builder = CertificateBuilder()
    builder.build()
    CertificateKeyPair.objects.using(db_alias).create(
        name="authentik Self-signed Certificate",
        certificate_data=builder.certificate,
        key_data=builder.private_key,
    )
Beispiel #2
0
 def _create(self, cert: Optional[CertificateKeyPair] = None):
     builder = CertificateBuilder()
     builder.common_name = "goauthentik.io"
     builder.build(
         subject_alt_names=["goauthentik.io"],
         validity_days=360,
     )
     if not cert:
         cert = CertificateKeyPair()
     cert.certificate_data = builder.certificate
     cert.key_data = builder.private_key
     cert.name = "authentik Internal JWT Certificate"
     cert.managed = MANAGED_KEY
     cert.save()
Beispiel #3
0
 def test_discovery(self):
     """Test certificate discovery"""
     builder = CertificateBuilder()
     builder.common_name = "test-cert"
     with self.assertRaises(ValueError):
         builder.save()
     builder.build(
         subject_alt_names=[],
         validity_days=3,
     )
     with TemporaryDirectory() as temp_dir:
         with open(f"{temp_dir}/foo.pem", "w+", encoding="utf-8") as _cert:
             _cert.write(builder.certificate)
         with open(f"{temp_dir}/foo.key", "w+", encoding="utf-8") as _key:
             _key.write(builder.private_key)
         makedirs(f"{temp_dir}/foo.bar", exist_ok=True)
         with open(f"{temp_dir}/foo.bar/fullchain.pem",
                   "w+",
                   encoding="utf-8") as _cert:
             _cert.write(builder.certificate)
         with open(f"{temp_dir}/foo.bar/privkey.pem",
                   "w+",
                   encoding="utf-8") as _key:
             _key.write(builder.private_key)
         with CONFIG.patch("cert_discovery_dir", temp_dir):
             # pyright: reportGeneralTypeIssues=false
             certificate_discovery()  # pylint: disable=no-value-for-parameter
     keypair: CertificateKeyPair = CertificateKeyPair.objects.filter(
         managed=MANAGED_DISCOVERED % "foo").first()
     self.assertIsNotNone(keypair)
     self.assertIsNotNone(keypair.certificate)
     self.assertIsNotNone(keypair.private_key)
     self.assertTrue(
         CertificateKeyPair.objects.filter(managed=MANAGED_DISCOVERED %
                                           "foo.bar").exists())
Beispiel #4
0
 def test_builder(self):
     """Test Builder"""
     builder = CertificateBuilder()
     builder.common_name = "test-cert"
     with self.assertRaises(ValueError):
         builder.save()
     builder.build(
         subject_alt_names=[],
         validity_days=3,
     )
     instance = builder.save()
     now = datetime.datetime.today()
     self.assertEqual(instance.name, "test-cert")
     self.assertEqual((instance.certificate.not_valid_after - now).days, 2)
Beispiel #5
0
def create_test_cert() -> CertificateKeyPair:
    """Generate a certificate for testing"""
    CertificateKeyPair.objects.filter(name="goauthentik.io").delete()
    builder = CertificateBuilder()
    builder.common_name = "goauthentik.io"
    builder.build(
        subject_alt_names=["goauthentik.io"],
        validity_days=360,
    )
    return builder.save()
Beispiel #6
0
 def generate(self, request: Request) -> Response:
     """Generate a new, self-signed certificate-key pair"""
     data = CertificateGenerationSerializer(data=request.data)
     if not data.is_valid():
         return Response(data.errors, status=400)
     builder = CertificateBuilder()
     builder.common_name = data.validated_data["common_name"]
     builder.build(
         subject_alt_names=data.validated_data.get("subject_alt_name",
                                                   "").split(","),
         validity_days=int(data.validated_data["validity_days"]),
     )
     instance = builder.save()
     serializer = self.get_serializer(instance)
     return Response(serializer.data)