App-CamelPKI
11 results

 view release on metacpan or  search on metacpan

lib/App/CamelPKI/Model/CA.pm  view on Meta::CPAN 


=cut

sub db_dir { shift->{db_dir} }

=head2 do_ceremony($privdir, $webserver)

Runs the B<Key Ceremony> for the Camel-PKI Certificate Authority. The
Operational CA and Root CA certificates are recorded in the private
directory configured with the I<db_dir> key (see L</CONFIGURATION>).
The Root CA certificate and key, and the administrator credentials are
written into $privdir, under the respective names C<ca0.key>,
C<ca0.crt>, C<admin.key> and C<admin.pem>. Last but not least, the Web
server certificate and key are installed in $webserver, an
L<App::CamelPKI::SysV::Apache> instance.

=cut

sub do_ceremony {
    use File::Slurp;
    use File::Spec::Functions qw(catfile);

lib/App/CamelPKI/Model/CA.pm  view on Meta::CPAN 

    	 $self->{dns_webserver} : "undef";
    $ca->issue
        ("App::CamelPKI::CertTemplate::PKI1", $webserverkey->get_public_key,
         dns => $web_dns);
    my ($webservercert) = $ca->commit;
    $webserver->set_keys
        (-certificate => $webservercert,
         -key => $webserverkey,
         -certification_chain => [ $CA1, $CA0 ]);

    my ($admincert, $adminkey) = $self->make_admin_credentials;
    write_file(catfile($privdir, "admin.pem"), $admincert->serialize);
    write_file(catfile($privdir, "admin.key"), $adminkey->serialize);

    return $self;
}

=head2 make_admin_credentials

Regenerate an initial administrator certificate and private key, and
returns a pair ($cert, $key) which are respectively
L<App::CamelPKI::Certificate> and L<App::CamelPKI::PrivateKey> instances. Old
administrator certificates are revoked.

=cut

sub make_admin_credentials {
    my ($self) = @_;

    my $ca = $self->instance;
    my $adminkey = App::CamelPKI::PrivateKey->genrsa($self->{keysize});
    my $admintemplate = "App::CamelPKI::CertTemplate::PKI2";
    $ca->issue($admintemplate, $adminkey->get_public_key);
    $ca->revoke($admintemplate, $_)
        for $ca->database->search(template => $admintemplate);
    my ($admincert) = $ca->commit;
    return ($admincert, $adminkey);

lib/App/CamelPKI/Model/CA.pm  view on Meta::CPAN 

    ok($adminkey->isa("App::CamelPKI::PrivateKey"));
    ok($admincert->isa("App::CamelPKI::Certificate"));
    ok($adminkey->get_public_key->equals($admincert->get_public_key));
    my @certchain = ($model_ca->instance->certificate->serialize,
                     $ca0cert->serialize);
    certificate_chain_ok($admincert->serialize, \@certchain);

    certificate_chain_ok($webserver->certificate->serialize, \@certchain);
};

test "->make_admin_credentials" => sub {
    mkdir(my $dir = catdir(My::Tests::Below->tempdir, "ceremony1"));
    my $model_ca = bless { db_dir => $dir, keysize => 512 },
        "App::CamelPKI::Model::CA";
    $model_ca->do_ceremony($dir, App::CamelPKI::SysV::Apache->load($dir));
    my $admincert = App::CamelPKI::Certificate->load
        (catfile($dir, "admin.pem"));
    ok(! $model_ca->instance->issue_crl->is_member($admincert));

    my ($anotheradmincert, $anotheradminkey) =
        $model_ca->make_admin_credentials();
    ok($anotheradminkey->get_public_key
       ->equals($anotheradmincert->get_public_key));
    ok(! $anotheradmincert->get_public_key
       ->equals($admincert->get_public_key));
    ok(! $model_ca->instance->issue_crl->is_member($anotheradmincert));
    ok($model_ca->instance->issue_crl->is_member($admincert),
       "implicit revocation of previous admin certificates");
};

=end internals

script/camel_pki_keyceremony.pl  view on Meta::CPAN 


B<camel_pki_keyceremony.pl> - The Camel-PKI Key Ceremony.

=head1 SYNOPSIS

    camel_pki_keyceremony.pl <directory of secrets>

=head1 DESCRIPTION

This script run the Camel-PKI B<Key Ceremony>, and write the associated
secret components (private key and admin credentials) in I<directory
of secrets>.

=cut

use App::CamelPKI;
use App::CamelPKI::Model::CA;
use App::CamelPKI::CA;
use App::CamelPKI::CADB;
use App::CamelPKI::Error;

script/camel_pki_keyceremony.pl  view on Meta::CPAN 

MESSAGE
} catch App::CamelPKI::Error::State with {
    1;
};

$camodel->do_ceremony($ARGV[0], $webservermodel->apache);

warn <<"SUCCESS";

The Key Ceremony was successful. $ARGV[0] contains the secret data (private
key and certificate of the Root CA, admin credentials).

SUCCESS

exit 0;

t/02-SSLRequestByForm.t  view on Meta::CPAN 

		"role" => "bar")
};

=pod

The expected response is also laid out in
L<App::CamelPKI::CertTemplate::SSL/certify>.

=cut

my ($CAcert, $CAkey) = App::CamelPKI->model("CA")->make_admin_credentials;

test "SSL Server Certificate request" => sub {
	my $response1 = formcall_remote
   		("https://localhost:$port/ca/template/ssl/certifyForm", $reqSSLServer, "Submit",
   	 	-certificate => $CAcert, -key => $CAkey);
	
	like($response1, qr/-----BEGIN CERTIFICATE-----/, "Certificate is in response (SSLServer)");
	like($response1, qr/-----BEGIN RSA PRIVATE KEY-----/, "Private key is in the response (SSLServer)");

	my ($cert, $key) = split(/-----END CERTIFICATE-----\n/,$response1);

t/03-VPNRequestByForm.t  view on Meta::CPAN 


=pod

The expected response is also laid out in
L<App::CamelPKI::CertTemplate::VPN/certify>.

=cut
sub get_vpn_certificate {
	my ($params) = @_;

	my ($certCA, $keyCA) = App::CamelPKI->model("CA")->make_admin_credentials;
	my $response = formcall_remote
   		("https://localhost:$port/ca/template/vpn/certifyForm", $params,  "Submit",
   	 	-certificate => $certCA, -key => $keyCA);
	
	like($response, qr/-----BEGIN CERTIFICATE-----/, "a certificate is in the answer (VPN)");
	like($response, qr/-----BEGIN RSA PRIVATE KEY-----/, "a private Key is in the answer (VPN)");


	my ($cert, $key) = split(/-----END CERTIFICATE-----\n/,$response);
	$cert = $cert."-----END CERTIFICATE-----";

t/04-RevokeByForm.t  view on Meta::CPAN 

		("dns" => "test.foo.bar.com")
};

=pod

The expected response is also laid out in
L<App::CamelPKI::CertTemplate::SSL/certify>.

=cut

my ($CAcert, $CAkey) = App::CamelPKI->model("CA")->make_admin_credentials;

test "Revocation SSLServer" => sub {
	
	my $certSSL = certify("ssl", "SSLServer", "dns", "test.foo.com");
	
	ok(! cert_is_revoked($certSSL), "Certificate not inserted ?");
	
	revoke("ssl", "dns", "test.foo.com");

	ok(cert_is_revoked($certSSL), "Certificate not revoked !");

t/04-RevokeByJSON.t  view on Meta::CPAN 

		("dns" => 'pki@pki.com')
};

=pod

The expected response is also laid out in
L<App::CamelPKI::CertTemplate::SSL/certify>.

=cut

my ($CAcert, $CAkey) = App::CamelPKI->model("CA")->make_admin_credentials;

test "Revocation SSLServer" => sub {
	
	my $certSSL = certify("ssl", "SSLServer", "dns", "test.foo.com");
	
	ok(! cert_is_revoked($certSSL), "Certificate not inserted ?");
	
	revoke("ssl", {"dns", "test.foo.com"});

	ok(cert_is_revoked($certSSL), "Certificate not revoked !");

t/CRL.t  view on Meta::CPAN 

if ($webserver->is_installed_and_has_perl_support && $webserver->is_operational) {
	plan tests => 2;
} else {
	plan skip_all => "Apache is not insalled or Key Ceremnoy has not been done !";
}
$webserver->start(); END { $webserver->stop(); }
$webserver->tail_error_logfile();

my $port = $webserver->https_port();

my ($CAcert, $CAkey) = App::CamelPKI->model("CA")->make_admin_credentials;

test "CRL in plain text" => sub {
	my $response = call_remote
   		("https://localhost:$port/ca/gen_crl",
   			-certificate => $CAcert, -key => $CAkey);
	like($response, qr/-----BEGIN X509 CRL-----/);
	like($response, qr/-----END X509 CRL-----/);
};

SKIP: {

t/acceptance-issue-certificatesJSON.t  view on Meta::CPAN 

     ],
   };

=pod

The expected response is also laid out in
L<App::CamelPKI::CertTemplate::VPN/certifyJSON>.

=cut

my ($cert, $key) = App::CamelPKI->model("CA")->make_admin_credentials;

my $response = jsoncall_remote
    ("https://localhost:$port/ca/template/vpn/certifyJSON", $req,
     -certificate => $cert, -key => $key);
is(scalar(@{$response->{keys}}), 4, "four answers");
map {
    is(App::CamelPKI::Certificate->parse($_->[0])->get_public_key->serialize,
       App::CamelPKI::PrivateKey->parse($_->[1])->get_public_key->serialize,
       "keys match");
} @{$response->{keys}};

t/acceptance-permissions.t  view on Meta::CPAN 

#!perl -w

use strict;

=head1 NAME

acceptance-permissions.t - Try to access Camel-PKI using the wrong
credentials, and fail (hopefully)

=cut

use Test::More;
use Test::Group;
use App::CamelPKI;
use App::CamelPKI::Test qw(jsonreq_remote);
use File::Slurp;

my $webserver = App::CamelPKI->model("WebServer")->apache;

t/acceptance-revoke-certificatesJSON.t  view on Meta::CPAN 

} else {
	plan skip_all => "Apache is not insalled or Key Ceremnoy has not been done !";
}
$webserver->start(); END { $webserver->stop(); }
$webserver->tail_error_logfile();

my $port = $webserver->https_port();



our ($cert, $key) = App::CamelPKI->model("CA")->make_admin_credentials;

=head1 TEST OVERVIEW

First, make the certificates for the tests.

=cut

our @certs;

my $testhost1 = "foo.example.com";

t/lib/App/CamelPKI/Test.pm  view on Meta::CPAN 


=cut

sub create_camel_pki_conf_php {
    require App::CamelPKI;
    my $webserver = App::CamelPKI->model("WebServer")->apache;
    my $host = $webserver->certificate->get_subject_CN();
    my $port = $webserver->https_port();

    my ($admincert, $adminkey) = App::CamelPKI->model("CA")
        ->make_admin_credentials;

    my $admin_key_pem = $adminkey->serialize;
    my $admin_cert_pem = $admincert->serialize;
	#TODO créer le répertoire si il existe pas !!
	if (! -d "t/php/tmp"){
		 mkdir ("t/php/tmp") or die "Could not create t/php/tmp directory. Tests will fail.";
	}
    write_file("t/php/tmp/camel_pki_conf.inc.php", <<"CONF_DEFINES");
<?php



( run in 0.483 second using v1.01-cache-2.11-cpan-4d50c553e7e )