First Public Release

Commit history contains internal information, hence omitted. Historical
data is available upon request.

README.rst

@@ -0,0 +1 @@
+docs/index.rst

bin/serles

@@ -0,0 +1,3 @@
+#!/bin/sh
+
+gunicorn -c /etc/serles/gunicorn_config.py 'serles:create_app()'

config.ini.example

@@ -0,0 +1,65 @@
+[serles]
+# Database to use, given as a URI understood by SQLAlchemy.
+# Note: The database stores the Account id-to-key mapping. Some clients (e.g.
+# certbot) will after registering assume their public key is known to Serles
+# and only identify themselves through their account id. Hence, the database
+# should be persistent. All other data can be ephemeral, and is purged by
+# Serles regularly (/// is relative path, //// absolute. yes, really.).
+# If you don't care about account keys, and given that you are running only 1
+# process and 1 thread, you can use an in-memory database by setting it to
+# "sqlite:///:memory:".
+database = sqlite:////etc/serles/db.sqlite
+# Mariadb is also supported, but you will need to install pymysql from pypi.
+#database = mysql+pymysql://user:passwd@localhost/db_acmeproxy
+
+# <module>[:<classname>] of the backend to load. if classname is not given,
+# defaults to Backend. supports relative imports.
+backend = serles.backends.ejbca:EjbcaBackend
+
+# if you only want to issue certificates for a few subnets, define them in CIDR
+# notation here (newline-seperated):
+allowedServerIpRanges =
+	::1/128
+	127.0.0.0/8
+	10.0.0.0/8
+excludeServerIpRanges =
+	127.0.0.2/32
+
+# if allowedServerIpRanges are set, whether to also verify that a correct PTR
+# record exists:
+verifyPTR = false
+
+# if the CSR does not set a Subject Name, fill it in with this template (you
+# can use the special variable {SAN} to access subjectAltName.dnsName values
+# and {MAIL} to access the requesting user's email address):
+subjectNameTemplate = CN={SAN[0]}
+
+# if set to true, ignore DN from CSR and always create it from the
+# subjectNameTemplate above:
+forceTemplateDN = true
+
+# Backend configuration depends on the loaded backend. This is an example for
+# EJBCABackend.
+[backend]
+# URL of the API endpoint (must be served over TLS):
+apiUrl = https://localhost:9443/ejbca/ejbcaws/ejbcaws?wsdl
+
+# the path to a custom CA bundle to verify the API's certificate, the constants
+# 'default' (built-in certifi bundle) or 'none' (disable verification):
+caBundle = none
+
+# client certificate of the EJBCA-user with permission to issue certificates.
+# This is expected to be a concatenation of both public and private key in PEM
+# format:
+clientCertificate = /etc/serles/client01-privpub.pem
+
+# name of the Certificate Authority, End Entity Profile and Certificate Profile
+# for to-be-generated certs:
+caName = ACMECA
+endEntityProfileName = ACMEEndEntityProfile
+certificateProfileName = ACMEServerProfile
+
+# Username and Enrollment Code for the End Entity. available parameters are
+# {random} (32 chars of [0-9a-f]) and those from the certificate's DN.
+entityUsernameScheme = {CN}
+entityPasswordScheme = {random}

docs/Makefile

@@ -0,0 +1,19 @@
+# Minimal makefile for Sphinx documentation
+#
+
+# You can set these variables from the command line.
+SPHINXOPTS    =
+SPHINXBUILD   = sphinx-build
+SOURCEDIR     = .
+BUILDDIR      = _build
+
+# Put it first so that "make" without argument is like "make help".
+help:
+	@$(SPHINXBUILD) -M help "$(SOURCEDIR)" "$(BUILDDIR)" $(SPHINXOPTS) $(O)
+
+.PHONY: help Makefile
+
+# Catch-all target: route all unknown targets to Sphinx using the new
+# "make mode" option.  $(O) is meant as a shortcut for $(SPHINXOPTS).
+%: Makefile
+	@$(SPHINXBUILD) -M $@ "$(SOURCEDIR)" "$(BUILDDIR)" $(SPHINXOPTS) $(O)

docs/api.rst

@@ -0,0 +1,34 @@
+Internal Documentation
+======================
+
+See also: :ref:`modindex`
+
+.. automodule:: serles
+    :members:
+
+.. automodule:: serles.backends.ejbca
+    :members:
+
+.. automodule:: serles.backends.base
+    :members:
+
+.. automodule:: serles.models
+    :members:
+
+.. automodule:: serles.challenge
+    :members:
+
+.. automodule:: serles.configloader
+    :members:
+
+.. automodule:: serles.exceptions
+    :members:
+
+.. automodule:: serles.flask_handlers
+    :members:
+
+.. automodule:: serles.utils
+    :members:
+
+.. automodule:: serles.views
+    :members:

docs/conf.py

@@ -0,0 +1,187 @@
+# -*- coding: utf-8 -*-
+#
+# Configuration file for the Sphinx documentation builder.
+#
+# This file does only contain a selection of the most common options. For a
+# full list see the documentation:
+# http://www.sphinx-doc.org/en/master/config
+
+# -- Path setup --------------------------------------------------------------
+
+# If extensions (or modules to document with autodoc) are in another directory,
+# add these directories to sys.path here. If the directory is relative to the
+# documentation root, use os.path.abspath to make it absolute, like shown here.
+#
+import os
+import sys
+
+sys.path.insert(0, os.path.abspath(".."))
+
+
+# -- Project information -----------------------------------------------------
+
+project = "serles"
+copyright = "2020, Daten-Verarbeitung-Tirol GmbH"
+author = "Daten-Verarbeitung-Tirol GmbH"
+
+# The short X.Y version
+version = ""
+# The full version, including alpha/beta/rc tags
+release = ""
+
+
+# -- General configuration ---------------------------------------------------
+
+# If your documentation needs a minimal Sphinx version, state it here.
+#
+# needs_sphinx = '1.0'
+
+# Add any Sphinx extension module names here, as strings. They can be
+# extensions coming with Sphinx (named 'sphinx.ext.*') or your custom
+# ones.
+extensions = [
+    "sphinx.ext.autodoc",
+    "sphinx.ext.napoleon",
+    "sphinx.ext.extlinks",
+]
+
+# Add any paths that contain templates here, relative to this directory.
+templates_path = ["_templates"]
+
+# The suffix(es) of source filenames.
+# You can specify multiple suffix as a list of string:
+#
+# source_suffix = ['.rst', '.md']
+source_suffix = ".rst"
+
+# The master toctree document.
+master_doc = "index"
+
+# The language for content autogenerated by Sphinx. Refer to documentation
+# for a list of supported languages.
+#
+# This is also used if you do content translation via gettext catalogs.
+# Usually you set "language" from the command line for these cases.
+language = None
+
+# List of patterns, relative to source directory, that match files and
+# directories to ignore when looking for source files.
+# This pattern also affects html_static_path and html_extra_path.
+exclude_patterns = ["_build", "Thumbs.db", ".DS_Store"]
+
+# The name of the Pygments (syntax highlighting) style to use.
+pygments_style = None
+
+
+# -- Options for HTML output -------------------------------------------------
+
+# The theme to use for HTML and HTML Help pages.  See the documentation for
+# a list of builtin themes.
+#
+html_theme = "alabaster"
+
+# Theme options are theme-specific and customize the look and feel of a theme
+# further.  For a list of options available for each theme, see the
+# documentation.
+#
+# html_theme_options = {}
+
+# Add any paths that contain custom static files (such as style sheets) here,
+# relative to this directory. They are copied after the builtin static files,
+# so a file named "default.css" will overwrite the builtin "default.css".
+html_static_path = ["_static"]
+
+# Custom sidebar templates, must be a dictionary that maps document names
+# to template names.
+#
+# The default sidebars (for documents that don't match any pattern) are
+# defined by theme itself.  Builtin themes are using these templates by
+# default: ``['localtoc.html', 'relations.html', 'sourcelink.html',
+# 'searchbox.html']``.
+#
+# html_sidebars = {}
+
+
+# -- Options for HTMLHelp output ---------------------------------------------
+
+# Output file base name for HTML help builder.
+htmlhelp_basename = "serles_doc"
+
+
+# -- Options for LaTeX output ------------------------------------------------
+
+latex_elements = {
+    # The paper size ('letterpaper' or 'a4paper').
+    #
+    # 'papersize': 'letterpaper',
+    # The font size ('10pt', '11pt' or '12pt').
+    #
+    # 'pointsize': '10pt',
+    # Additional stuff for the LaTeX preamble.
+    #
+    # 'preamble': '',
+    # Latex figure (float) alignment
+    #
+    # 'figure_align': 'htbp',
+}
+
+# Grouping the document tree into LaTeX files. List of tuples
+# (source start file, target name, title,
+#  author, documentclass [howto, manual, or own class]).
+latex_documents = [
+    (
+        master_doc,
+        "serles.tex",
+        "Serles ACME Server Documentation",
+        "Daten-Verarbeitung-Tirol GmbH",
+        "manual",
+    ),
+]
+
+
+# -- Options for manual page output ------------------------------------------
+
+# One entry per manual page. List of tuples
+# (source start file, name, description, authors, manual section).
+man_pages = [(master_doc, "serles", "Serles ACME Server Documentation", [author], 1)]
+
+
+# -- Options for Texinfo output ----------------------------------------------
+
+# Grouping the document tree into Texinfo files. List of tuples
+# (source start file, target name, title, author,
+#  dir menu entry, description, category)
+texinfo_documents = [
+    (
+        master_doc,
+        "serles",
+        "Serles ACME Server Documentation",
+        author,
+        "serles",
+        "Serles: An Extensible ACME Server",
+        "Miscellaneous",
+    ),
+]
+
+
+# -- Options for Epub output -------------------------------------------------
+
+# Bibliographic Dublin Core info.
+epub_title = project
+
+# The unique identifier of the text. This can be a ISBN number
+# or the project homepage.
+#
+# epub_identifier = ''
+
+# A unique identification for the text.
+#
+# epub_uid = ''
+
+# A list of files that should not be packed into the epub file.
+epub_exclude_files = ["search.html"]
+
+
+# -- Extension configuration -------------------------------------------------
+
+extlinks = {"ejbca": ("https://localhost:9443/ejbca/%s", None)}