| 
									
										
										
										
											2019-11-06 18:39:14 +01:00
										 |  |  | import ./make-test-python.nix ({ pkgs, ...} : { | 
					
						
							| 
									
										
										
										
											2018-07-26 16:25:34 +02:00
										 |  |  |   name = "cfssl"; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |   machine = { config, lib, pkgs, ... }: | 
					
						
							|  |  |  |   { | 
					
						
							|  |  |  |     networking.firewall.allowedTCPPorts = [ config.services.cfssl.port ]; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     services.cfssl.enable = true; | 
					
						
							|  |  |  |     systemd.services.cfssl.after = [ "cfssl-init.service" ]; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     systemd.services.cfssl-init = { | 
					
						
							|  |  |  |       description = "Initialize the cfssl CA"; | 
					
						
							|  |  |  |       wantedBy    = [ "multi-user.target" ]; | 
					
						
							|  |  |  |       serviceConfig = { | 
					
						
							|  |  |  |         User             = "cfssl"; | 
					
						
							|  |  |  |         Type             = "oneshot"; | 
					
						
							|  |  |  |         WorkingDirectory = config.services.cfssl.dataDir; | 
					
						
							|  |  |  |       }; | 
					
						
							|  |  |  |       script = with pkgs; ''
 | 
					
						
							|  |  |  |         ${cfssl}/bin/cfssl genkey -initca ${pkgs.writeText "ca.json" (builtins.toJSON { | 
					
						
							|  |  |  |           hosts = [ "ca.example.com" ]; | 
					
						
							|  |  |  |           key = { | 
					
						
							|  |  |  |             algo = "rsa"; size = 4096; }; | 
					
						
							|  |  |  |             names = [ | 
					
						
							|  |  |  |               { | 
					
						
							|  |  |  |                 C = "US"; | 
					
						
							|  |  |  |                 L = "San Francisco"; | 
					
						
							|  |  |  |                 O = "Internet Widgets, LLC"; | 
					
						
							|  |  |  |                 OU = "Certificate Authority"; | 
					
						
							|  |  |  |                 ST = "California"; | 
					
						
							|  |  |  |               } | 
					
						
							|  |  |  |             ]; | 
					
						
							|  |  |  |         })} | ${cfssl}/bin/cfssljson -bare ca | 
					
						
							|  |  |  |       '';
 | 
					
						
							|  |  |  |     }; | 
					
						
							|  |  |  |   }; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |   testScript = | 
					
						
							|  |  |  |   let | 
					
						
							|  |  |  |     cfsslrequest = with pkgs; writeScript "cfsslrequest" ''
 | 
					
						
							| 
									
										
										
										
											2020-09-16 09:03:28 -07:00
										 |  |  |       curl -f -X POST -H "Content-Type: application/json" -d @${csr} \ | 
					
						
							| 
									
										
										
										
											2018-07-26 16:25:34 +02:00
										 |  |  |         http://localhost:8888/api/v1/cfssl/newkey | ${cfssl}/bin/cfssljson /tmp/certificate | 
					
						
							|  |  |  |     '';
 | 
					
						
							|  |  |  |     csr = pkgs.writeText "csr.json" (builtins.toJSON { | 
					
						
							|  |  |  |       CN = "www.example.com"; | 
					
						
							|  |  |  |       hosts = [ "example.com" "www.example.com" ]; | 
					
						
							|  |  |  |       key = { | 
					
						
							|  |  |  |         algo = "rsa"; | 
					
						
							|  |  |  |         size = 2048; | 
					
						
							|  |  |  |       }; | 
					
						
							|  |  |  |       names = [ | 
					
						
							|  |  |  |         { | 
					
						
							|  |  |  |           C = "US"; | 
					
						
							|  |  |  |           L = "San Francisco"; | 
					
						
							|  |  |  |           O = "Example Company, LLC"; | 
					
						
							|  |  |  |           OU = "Operations"; | 
					
						
							|  |  |  |           ST = "California"; | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  |       ]; | 
					
						
							|  |  |  |     }); | 
					
						
							|  |  |  |   in | 
					
						
							|  |  |  |     ''
 | 
					
						
							| 
									
										
										
										
											2019-11-06 18:39:14 +01:00
										 |  |  |       machine.wait_for_unit("cfssl.service") | 
					
						
							|  |  |  |       machine.wait_until_succeeds("${cfsslrequest}") | 
					
						
							|  |  |  |       machine.succeed("ls /tmp/certificate-key.pem") | 
					
						
							| 
									
										
										
										
											2018-07-26 16:25:34 +02:00
										 |  |  |     '';
 | 
					
						
							|  |  |  | }) |