From 0181d0a635332cb59c15b686ef9bd3fcb3c0910b Mon Sep 17 00:00:00 2001
From: github-actions <41898282+github-actions[bot]@users.noreply.github.com>
Date: Thu, 12 Oct 2023 13:09:31 +0000
Subject: [PATCH] Updated pylint badge

---
 Dockerfile            |   7 +++++++
 README.md             |  14 +++++++++++++-
 docker-emit.sh        |  10 ++++++++++
 pki_playground.py     |  25 +++++++++++++++++++------
 pkis/cert_template.j2 | Bin 0 -> 253 bytes
 5 files changed, 49 insertions(+), 7 deletions(-)
 create mode 100644 Dockerfile
 create mode 100755 docker-emit.sh
 create mode 100644 pkis/cert_template.j2

diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..95c8dda
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,7 @@
+FROM ubuntu:23.04
+
+RUN DEBIAN_FRONTEND=noninteractive \
+  apt-get update \
+  && apt-get install -y python3 python3-jinja2 openssl openjdk-17-jdk
+
+WORKDIR /pki_playground
diff --git a/README.md b/README.md
index 8b3eec8..686a288 100644
--- a/README.md
+++ b/README.md
@@ -1,4 +1,4 @@
-![pylint](https://img.shields.io/badge/pylint-9.86-yellow?logo=python&logoColor=white)
+![pylint](https://img.shields.io/badge/pylint-9.93-yellow?logo=python&logoColor=white)
 
 # PKI-Playground README.md
 
@@ -22,6 +22,18 @@ sudo python3 pki_playground.py --unlock KEY
 This command will decrypt the shipped with this repository git-crypt key and
 unlock the pkis/ directory.
 
+## Setting up the docker environment
+If you don't want to install the required packages on your host machine,
+there's an option to build the docker environment:
+
+```shell
+$ docker build . -t sirin_pki_playground
+$ ./docker-emit.sh
+```
+
+Will launch the interactive session in the docker container, and mount
+the root of this repository.
+
 ### Initialing the PKI
 After this, you need to initialize the PKI toolchain by entering the following command:
 ```shell
diff --git a/docker-emit.sh b/docker-emit.sh
new file mode 100755
index 0000000..776ac57
--- /dev/null
+++ b/docker-emit.sh
@@ -0,0 +1,10 @@
+#!/bin/bash
+
+DOCKER_IMAGE="sirin_pki_playground"
+if ! docker image inspect "$DOCKER_IMAGE" &> /dev/null; then
+  echo "Docker image '$DOCKER_IMAGE' does not exist. Please build it first with 'docker build . -t $DOCKER_IMAGE'"
+  exit 1
+fi
+
+docker run -it -v "$(pwd)":/pki_playground "$DOCKER_IMAGE" /bin/sh
+
diff --git a/pki_playground.py b/pki_playground.py
index 453488d..8f51e34 100755
--- a/pki_playground.py
+++ b/pki_playground.py
@@ -97,7 +97,7 @@ def _parser_register_arguments(parser: argparse.ArgumentParser) -> None:
 
     parser.add_argument(
         "--start-deployment",
-        metavar=("pki_name"),
+        metavar=("deployment_name"),
         type=str,
         help=ARG_STR_DEP_HELP_MESSAGE,
     )
@@ -129,6 +129,9 @@ def _generate_root_certs(pki_name: str) -> None:
 
     if not os.path.exists(working_directory):
         os.mkdir(working_directory)
+    else:
+        print(f"Error: PKI with the name {pki_name} already exists")
+        sys.exit(1)
 
     # Generate root privatekey and certificate
     openssl_root_command = [
@@ -261,6 +264,8 @@ def _generate_server_certs(pki_name: str, server_domain: str) -> None:
         f"../../{pki_name}.crt",
         "-CAkey",
         f"../../{pki_name}.key",
+        "-subj", 
+        f"/C=UA/ST=Kiev Oblast/L=?/O=A? Corp/OU=IT Dept/CN={server_domain}",
         "-CAcreateserial",
         "-out",
         f"{server_domain}.crt",
@@ -440,8 +445,13 @@ def _git_crypt_unlock(key: str) -> None:
         f"pass:{key}",
         "-pbkdf2"
     ]
-    subprocess.run(openssl_decrypt_aes256, check=True)
-    subprocess.run(["git-crypt", "unlock", "./git-crypt-key"], check=True)
+    
+    try:
+        subprocess.run(openssl_decrypt_aes256, check=True)
+        subprocess.run(["git-crypt", "unlock", "./git-crypt-key"], check=False)
+    except subprocess.CalledProcessError:
+        subprocess.run(["rm", "git-crypt-key"], check=False)
+        print("Error: Unlocking failed")
 
 
 def _handle_cli_arguments(args: typing.Any) -> None:
@@ -451,7 +461,7 @@ def _handle_cli_arguments(args: typing.Any) -> None:
     :param args: args object that is produces by the argpare's parser
     :returns: None
     """
-
+    
     if args.pki_init:
         _generate_root_certs(args.pki_init)
 
@@ -472,7 +482,7 @@ def _handle_cli_arguments(args: typing.Any) -> None:
 
     if args.unlock:
         _git_crypt_unlock(args.unlock)
-
+    
 
 def handle_cli_arguments() -> None:
     """
@@ -488,6 +498,10 @@ def handle_cli_arguments() -> None:
     args = parser.parse_args()
     _handle_cli_arguments(args)
 
+    if len(sys.argv) == 1:
+        parser.print_help(sys.stderr)
+        sys.exit(1)
+
 
 def main() -> None:
     """
@@ -505,4 +519,3 @@ def main() -> None:
 
 if __name__ == "__main__":
     main()
-
diff --git a/pkis/cert_template.j2 b/pkis/cert_template.j2
new file mode 100644
index 0000000000000000000000000000000000000000..44b45f69a631bf32ca150dd9e5d55b476d7ed8ef
GIT binary patch
literal 253
zcmV<Z00RF2M@dveQdv+`04gQ&_9=V|<16qwQHu*|ZHfM%<^1gNEzOD>BVyc#XdP!G
z8(c(R>Gz?rOYpR^hikA<0hB_gr=lo}-nA)R*v00YN^mY`wJanZgt68gq?eXWAqCP)
zhJb<yCSXr=8-I(1Z{m#MtyYe|WnkG`?ty`QMw?q+LfiKDQ0`)l?~)~bJ_hE~0*FaP
zlyCB;1db#J1h~!wh;s27ZZZ3&1Tixf$u{deP#qxPv{x%S7D=fJn65LvcW8b@@KaSo
z9~2u9A$Um#vF>@-+a|iAqyi^HB1>8{WA!IG+d50nKej6RKy{29#}@lt^MmemdoTi_
D|7LR{

literal 0
HcmV?d00001