def create_self_signed(apps, schema_editor): CertificateKeyPair = apps.get_model("authentik_crypto", "CertificateKeyPair") db_alias = schema_editor.connection.alias from authentik.crypto.builder import CertificateBuilder builder = CertificateBuilder() builder.build() CertificateKeyPair.objects.using(db_alias).create( name="authentik Self-signed Certificate", certificate_data=builder.certificate, key_data=builder.private_key, )
def _create(self, cert: Optional[CertificateKeyPair] = None): builder = CertificateBuilder() builder.common_name = "goauthentik.io" builder.build( subject_alt_names=["goauthentik.io"], validity_days=360, ) if not cert: cert = CertificateKeyPair() cert.certificate_data = builder.certificate cert.key_data = builder.private_key cert.name = "authentik Internal JWT Certificate" cert.managed = MANAGED_KEY cert.save()
def test_discovery(self): """Test certificate discovery""" builder = CertificateBuilder() builder.common_name = "test-cert" with self.assertRaises(ValueError): builder.save() builder.build( subject_alt_names=[], validity_days=3, ) with TemporaryDirectory() as temp_dir: with open(f"{temp_dir}/foo.pem", "w+", encoding="utf-8") as _cert: _cert.write(builder.certificate) with open(f"{temp_dir}/foo.key", "w+", encoding="utf-8") as _key: _key.write(builder.private_key) makedirs(f"{temp_dir}/foo.bar", exist_ok=True) with open(f"{temp_dir}/foo.bar/fullchain.pem", "w+", encoding="utf-8") as _cert: _cert.write(builder.certificate) with open(f"{temp_dir}/foo.bar/privkey.pem", "w+", encoding="utf-8") as _key: _key.write(builder.private_key) with CONFIG.patch("cert_discovery_dir", temp_dir): # pyright: reportGeneralTypeIssues=false certificate_discovery() # pylint: disable=no-value-for-parameter keypair: CertificateKeyPair = CertificateKeyPair.objects.filter( managed=MANAGED_DISCOVERED % "foo").first() self.assertIsNotNone(keypair) self.assertIsNotNone(keypair.certificate) self.assertIsNotNone(keypair.private_key) self.assertTrue( CertificateKeyPair.objects.filter(managed=MANAGED_DISCOVERED % "foo.bar").exists())
def test_builder(self): """Test Builder""" builder = CertificateBuilder() builder.common_name = "test-cert" with self.assertRaises(ValueError): builder.save() builder.build( subject_alt_names=[], validity_days=3, ) instance = builder.save() now = datetime.datetime.today() self.assertEqual(instance.name, "test-cert") self.assertEqual((instance.certificate.not_valid_after - now).days, 2)
def create_test_cert() -> CertificateKeyPair: """Generate a certificate for testing""" CertificateKeyPair.objects.filter(name="goauthentik.io").delete() builder = CertificateBuilder() builder.common_name = "goauthentik.io" builder.build( subject_alt_names=["goauthentik.io"], validity_days=360, ) return builder.save()
def generate(self, request: Request) -> Response: """Generate a new, self-signed certificate-key pair""" data = CertificateGenerationSerializer(data=request.data) if not data.is_valid(): return Response(data.errors, status=400) builder = CertificateBuilder() builder.common_name = data.validated_data["common_name"] builder.build( subject_alt_names=data.validated_data.get("subject_alt_name", "").split(","), validity_days=int(data.validated_data["validity_days"]), ) instance = builder.save() serializer = self.get_serializer(instance) return Response(serializer.data)