def configure_pki(name, keylen=2048):
if 'vpn_state' in g.config and g.config['vpn_state'] == 'running':
raise ValueError, 'cannot regen keys for running VPN'
g.config['vpn_name'] = name
ca_key, ca_cert = pki.make_ca(name, keylen=keylen)
server_key = pki.make_key()
server_cert = pki.make_cert(server_key, 'server.%s' % name, ca_key, ca_cert)
g.config['ca_key'] = ca_key
g.config['ca_cert'] = ca_cert
g.config['server_key'] = server_key
g.config['server_cert'] = server_cert
if 'server_dhparam' not in g.config:
g.config['server_dhparam'] = pki.make_dhparam()
def create(self, username, password):
if 'ca_key' not in g.config:
# CA not configured
return False
pass_salt = os.urandom(8)
pass_hash = scrypt.hash(password.encode('utf-8'), pass_salt)
user_key = pki.make_key(password=password)
user_cert = pki.make_cert(user_key, username+'.'+g.config['vpn_name'],
g.config['ca_key'], g.config['ca_cert'],
key_password=password)
c = g.db.cursor()
c.execute('''
INSERT INTO users (username, pass_hash, pass_salt, key, cert)
VALUES (?, ?, ?, ?, ?)
''', (username, buffer(pass_hash), buffer(pass_salt), user_key, user_cert)
)
g.db.commit()
self._user_list.append(username)
return True