Move code to pinecrypt.client Python package

Dockerfile

@@ -0,0 +1,20 @@
+FROM ubuntu:20.04 as build
+ENV PYTHONUNBUFFERED=1
+ENV LC_ALL C.UTF-8
+ENV DEBIAN_FRONTEND noninteractive
+
+# Make apt faster
+RUN echo force-unsafe-io > /etc/dpkg/dpkg.cfg.d/docker-apt-speedup
+RUN echo "Dpkg::Use-Pty=0;" > /etc/apt/apt.conf.d/99quieter
+
+RUN apt-get update -qq
+RUN apt-get install -y -qq \
+  python3-pip
+
+COPY pinecrypt/client/. /src/pinecrypt/client
+COPY setup.py /src/
+COPY README.md /src/
+COPY misc/ /src/misc/
+WORKDIR /src
+RUN pip3 install .
+

README.md

@@ -0,0 +1,3 @@
+# Background
+
+Certidude is the VPN connectivity client for Pinecrypt Gateway

misc/certidude

@@ -0,0 +1,6 @@
+#!/usr/bin/env python
+
+from pinecrypt.client.cli import entry_point
+
+if __name__ == "__main__":
+    entry_point()

cli.py → pinecrypt/client/cli.py

@@ -1,7 +1,6 @@
 # coding: utf-8
 
 import click
-import const
 import hashlib
 import logging
 import os
@@ -13,7 +12,6 @@
 import subprocess
 import sys
 import requests
-from jinja2 import Environment, PackageLoader
 from ipsecparse import loads
 from asn1crypto import pem, x509
 from asn1crypto.csr import CertificationRequest
@@ -22,6 +20,7 @@
 from configparser import ConfigParser, NoOptionError
 from datetime import datetime, timedelta
 from oscrypto import asymmetric
+from pinecrypt.client import const
 
 class ConfigTreeParser(ConfigParser):
     def __init__(self, path, *args, **kwargs):
@@ -43,6 +42,7 @@ def __init__(self, path, *args, **kwargs):
 @click.argument("authority")
 def certidude_provision(authority):
     client_config = ConfigParser()
+    os.makedirs(os.path.dirname(const.CLIENT_CONFIG_PATH))
     if os.path.exists(const.CLIENT_CONFIG_PATH):
         client_config.read_file(open(const.CLIENT_CONFIG_PATH))
     if client_config.has_section(authority):
@@ -60,7 +60,7 @@ def certidude_provision(authority):
         with open(const.CLIENT_CONFIG_PATH + ".part", 'w') as fh:
             client_config.write(fh)
         os.rename(const.CLIENT_CONFIG_PATH + ".part", const.CLIENT_CONFIG_PATH)
-
+    os.system("certidude enroll")
 
 @click.command("enroll", help="Run processes for requesting certificates and configuring services")
 @click.option("-k", "--kerberos", default=False, is_flag=True, help="Offer system keytab for auth")

setup.py

@@ -0,0 +1,43 @@
+#!/usr/bin/env python3
+# coding: utf-8
+import os
+from setuptools import setup
+
+setup(
+    name = "certidude",
+    version = "0.2.1",
+    author = u"Pinecrypt Labs",
+    author_email = "[email protected]",
+    description = "Certidude provisions VPN connections to Pinecrypt Gateway",
+    license = "MIT",
+    keywords = "falcon http jinja2 x509 pkcs11 webcrypto kerberos ldap",
+    url = "https://git.k-space.ee/pinecrypt/certidude",
+    packages=[
+        "pinecrypt.client",
+    ],
+    long_description=open("README.md").read(),
+    install_requires=[
+        "asn1crypto",
+        "certbuilder",
+        "click",
+        "csrbuilder",
+        "ipsecparse",
+        "requests",
+    ],
+    scripts=[
+        "misc/certidude"
+    ],
+    classifiers=[
+        "Development Status :: 4 - Beta",
+        "Environment :: Console",
+        "Intended Audience :: Developers",
+        "Intended Audience :: System Administrators",
+        "License :: Freely Distributable",
+        "License :: OSI Approved :: MIT License",
+        "Natural Language :: English",
+        "Operating System :: POSIX :: Linux",
+        "Programming Language :: Python",
+        "Programming Language :: Python :: 3 :: Only",
+    ],
+)
+