fix(ci): convert to pytest

.github/workflows/python-app.yml

@@ -24,12 +24,12 @@ jobs:
       run: |
         python -m pip install --upgrade pip
         pip install -r requirements-dev.txt
-    #- name: Lint with flake8
-    #  run: |
-    #    # stop the build if there are Python syntax errors or undefined names
-    #    flake8 . --count --select=E9,F63,F7,F82 --show-source --statistics
-    #    # exit-zero treats all errors as warnings. The GitHub editor is 127 chars wide
-    #    flake8 . --count --exit-zero --max-complexity=10 --max-line-length=127 --statistics
-    - name: Test with nosetests
+    - name: Lint with flake8
       run: |
-        nosetests
+        # stop the build if there are Python syntax errors or undefined names
+        flake8 . --count --select=E9,F63,F7,F82 --show-source --statistics
+        # exit-zero treats all errors as warnings. The GitHub editor is 127 chars wide
+        flake8 . --count --exit-zero --max-complexity=10 --max-line-length=127 --statistics
+    - name: Test with pytest
+      run: |
+        pytest tests.py

Dockerfile

@@ -1,16 +1,6 @@
-FROM jazzdd/alpine-flask:python3
+FROM unit:1.31.1-python3.11
 LABEL maintainer="David Wittman"
-
-RUN apk add --no-cache \
-        gcc \
-        python3-dev \
-        musl-dev \
-        libffi-dev \
-        openssl \
-        openssl-dev
-
-ADD . /app/
-
-RUN export CRYPTOGRAPHY_DONT_BUILD_RUST=1 && \
-    pip install -r requirements.txt && \
-    apk del gcc git python3-dev musl-dev libffi-dev openssl-dev
+EXPOSE 8080
+COPY config.json /docker-entrypoint.d/config.json
+COPY . /www/
+RUN pip install -r /www/requirements.txt

Makefile

@@ -7,17 +7,16 @@ lint:
 requirements: requirements.txt requirements-dev.txt
 
 requirements-dev.txt: Pipfile.lock
-	echo "-r requirements.txt" > requirements-dev.txt
-	pipenv lock --dev-only --requirements >> requirements-dev.txt
+	pipenv requirements --dev > requirements-dev.txt
 
 requirements.txt: Pipfile.lock
-	pipenv lock --requirements > requirements.txt
+	pipenv requirements > requirements.txt
 
 clean:
 	-find . -type f -name '*.pyc' -delete
 	-rm -rf build dist *.egg-info
 
 docker:
-	docker build -t wittman/csrgenerator.com .
+	docker build --platform linux/amd64 -t wittman/csrgenerator.com .
 
 .PHONY: clean test

Pipfile

@@ -4,17 +4,17 @@ url = "https://pypi.org/simple"
 verify_ssl = true
 
 [dev-packages]
-nose = "*"
+pytest = "*"
 flake8 = "*"
 
 [packages]
 Flask = "*"
-pyOpenSSL = "*"
-gunicorn = "*"
+# X509Extension is deprecated in 23.3.0+
+pyOpenSSL = "23.2.*"
 
 [requires]
-python_version = "3.8"
+python_version = "3.11"
 
 [scripts]
-test = "nosetests"
-check = "flake8 --max-line-length=120 *.py"
+test = "pytest tests.py"
+check = "flake8 --max-line-length=120"

config.json

@@ -0,0 +1,15 @@
+{
+  "listeners": {
+    "*:8080": {
+      "pass": "applications/flask"
+    }
+  },
+  "applications": {
+    "flask": {
+      "type": "python",
+      "path": "/www/",
+      "module": "app",
+      "callable": "app"
+    }
+  }
+}

csr.py

@@ -5,7 +5,7 @@
  csr.py
  CSR Generator for csrgenerator.com
 
- Copyright (c) 2022 David Wittman <[email protected]>
+ Copyright (c) 2024 David Wittman <[email protected]>
 
  This program is free software: you can redistribute it and/or modify
  it under the terms of the GNU General Public License as published by
@@ -33,11 +33,24 @@ class CsrGenerator(object):
     def __init__(self, form_values):
         self.csr_info = self._validate(form_values)
         key_size = self.csr_info.pop('keySize')
+
+        if 'subjectAltNames' in self.csr_info:
+            # The SAN list should contain the CN as well
+            # TODO(dw): do list(set())
+            sans = f"{self.csr_info['CN']},{self.csr_info.pop('subjectAltNames')}"
+        else:
+            sans = self.csr_info['CN']
+            if sans.count('.') == 1:
+                # root domain, add www. as well
+                sans += ",www.{}".format(sans)
+
+        self.subjectAltNames = list(map(lambda d: "DNS:{}".format(d.strip()), sans.split(',')))
+
         self.keypair = self.generate_rsa_keypair(key_size)
 
     def _validate(self, form_values):
         valid = {}
-        fields = ('C', 'ST', 'L', 'O', 'OU', 'CN', 'keySize')
+        fields = ('C', 'ST', 'L', 'O', 'OU', 'CN', 'keySize', 'subjectAltNames')
         required = ('CN',)
 
         for field in fields:
@@ -82,6 +95,13 @@ def csr(self):
         for (k, v) in self.csr_info.items():
             setattr(subject, k, v)
 
+        request.add_extensions([
+            crypt.X509Extension(
+                "subjectAltName".encode('utf8'),
+                False,
+                ", ".join(self.subjectAltNames).encode('utf8')
+            )
+        ])
         request.set_pubkey(self.keypair)
         request.sign(self.keypair, self.DIGEST)
         return crypt.dump_certificate_request(crypt.FILETYPE_PEM, request)

requirements-dev.txt

@@ -1,14 +1,24 @@
--r requirements.txt
-#
-# These requirements were autogenerated by pipenv
-# To regenerate from the project's Pipfile, run:
-#
-#    pipenv lock --requirements --dev-only
-#
-
 -i https://pypi.org/simple
-flake8==4.0.1
-mccabe==0.6.1
-nose==1.3.7
-pycodestyle==2.8.0; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4'
-pyflakes==2.4.0; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3'
+exceptiongroup==1.2.0; python_version < '3.11'
+flake8==7.0.0; python_full_version >= '3.8.1'
+iniconfig==2.0.0; python_version >= '3.7'
+mccabe==0.7.0; python_version >= '3.6'
+packaging==23.2; python_version >= '3.7'
+pluggy==1.3.0; python_version >= '3.8'
+pycodestyle==2.11.1; python_version >= '3.8'
+pyflakes==3.2.0; python_version >= '3.8'
+pytest==7.4.4; python_version >= '3.7'
+tomli==2.0.1; python_version < '3.11'
+blinker==1.7.0; python_version >= '3.8'
+cffi==1.16.0; python_version >= '3.8'
+click==8.1.7; python_version >= '3.7'
+cryptography==41.0.7; python_version >= '3.7'
+flask==3.0.0; python_version >= '3.8'
+importlib-metadata==7.0.1; python_version < '3.10'
+itsdangerous==2.1.2; python_version >= '3.7'
+jinja2==3.1.2; python_version >= '3.7'
+markupsafe==2.1.3; python_version >= '3.7'
+pycparser==2.21
+pyopenssl==23.2.0; python_version >= '3.6'
+werkzeug==3.0.1; python_version >= '3.8'
+zipp==3.17.0; python_version >= '3.8'

requirements.txt

@@ -1,21 +1,14 @@
-#
-# These requirements were autogenerated by pipenv
-# To regenerate from the project's Pipfile, run:
-#
-#    pipenv lock --requirements
-#
-
 -i https://pypi.org/simple
-cffi==1.15.0
-click==8.0.3; python_version >= '3.6'
-cryptography==36.0.1; python_version >= '3.6'
-flask==2.0.2
-gunicorn==20.1.0
-itsdangerous==2.0.1; python_version >= '3.6'
-jinja2==3.0.3; python_version >= '3.6'
-markupsafe==2.0.1; python_version >= '3.6'
+blinker==1.7.0; python_version >= '3.8'
+cffi==1.16.0; python_version >= '3.8'
+click==8.1.7; python_version >= '3.7'
+cryptography==41.0.7; python_version >= '3.7'
+flask==3.0.0; python_version >= '3.8'
+importlib-metadata==7.0.1; python_version < '3.10'
+itsdangerous==2.1.2; python_version >= '3.7'
+jinja2==3.1.2; python_version >= '3.7'
+markupsafe==2.1.3; python_version >= '3.7'
 pycparser==2.21
-pyopenssl==21.0.0
-setuptools==60.3.1; python_version >= '3.7'
-six==1.16.0; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3'
-werkzeug==2.0.2; python_version >= '3.6'
+pyopenssl==23.2.0; python_version >= '3.6'
+werkzeug==3.0.1; python_version >= '3.8'
+zipp==3.17.0; python_version >= '3.8'

templates/index.html

@@ -31,6 +31,10 @@ <h4>Generate a Certificate Signing Request</h4>
               <label class="form-label tooltip tooltip-left" data-tooltip="The FQDN for your domain" for="CN">Common Name</label>
               <input class="form-input input-lg" type="text" placeholder="example.com" name="CN" required />
             </div>
+            <div class="form-group">
+              <label class="form-label tooltip tooltip-left" data-tooltip="Comma-separated list of alternative DNS names" for="subjectAltNames">Alternative Names</label>
+              <input class="form-input input-lg" type="text" placeholder="foo.example.com, bar.example.com" name="subjectAltNames" />
+            </div>
             <div class="form-group">
               <label class="form-label tooltip tooltip-left" data-tooltip="Size of the RSA modulus in bits">Key Size</label>
               <label class="form-radio">