Beispiel #1
0
def configure_pki(name, keylen=2048):
    if 'vpn_state' in g.config and g.config['vpn_state'] == 'running':
        raise ValueError, 'cannot regen keys for running VPN'
    g.config['vpn_name'] = name
    ca_key, ca_cert = pki.make_ca(name, keylen=keylen)
    server_key = pki.make_key()
    server_cert = pki.make_cert(server_key, 'server.%s' % name, ca_key, ca_cert)
    g.config['ca_key'] = ca_key
    g.config['ca_cert'] = ca_cert
    g.config['server_key'] = server_key
    g.config['server_cert'] = server_cert
    if 'server_dhparam' not in g.config:
        g.config['server_dhparam'] = pki.make_dhparam()
Beispiel #2
0
 def create(self, username, password):
     if 'ca_key' not in g.config:
         # CA not configured
         return False
     pass_salt = os.urandom(8)
     pass_hash = scrypt.hash(password.encode('utf-8'), pass_salt)
     user_key = pki.make_key(password=password)
     user_cert = pki.make_cert(user_key, username+'.'+g.config['vpn_name'],
                               g.config['ca_key'], g.config['ca_cert'], 
                               key_password=password)
     c = g.db.cursor()
     c.execute('''
     INSERT INTO users (username, pass_hash, pass_salt, key, cert)
     VALUES (?, ?, ?, ?, ?)
     ''', (username, buffer(pass_hash), buffer(pass_salt), user_key, user_cert)
     )
     g.db.commit()
     self._user_list.append(username)
     return True