def test_generate_certs(self):
attachment_point = AttachmentPoint.objects.first()
user_as = create_user_as(attachment_point)
vpn_client = user_as.hosts.first().vpn_clients.first()
config = generate_vpn_client_config(vpn_client)
# check ca cert
ca_cert_string_match = re.findall('<ca>\n(.*?)\n</ca>',
config,
flags=re.DOTALL)
self.assertTrue(len(ca_cert_string_match) == 1)
ca_cert = ca_cert_string_match[0]
config_ca_cert = x509.load_pem_x509_certificate(
ca_cert.encode(), backend=default_backend())
self.assertEqual(
load_ca_cert().public_bytes(serialization.Encoding.PEM).decode(),
config_ca_cert.public_bytes(serialization.Encoding.PEM).decode())
# check client cert
client_cert_string_match = re.findall('<cert>\n(.*?)\n</cert>',
config,
flags=re.DOTALL)
self.assertTrue(len(client_cert_string_match) == 1)
client_cert = client_cert_string_match[0]
config_client_cert = x509.load_pem_x509_certificate(
client_cert.encode(), backend=default_backend())
self.assertEqual(
vpn_client.cert,
config_client_cert.public_bytes(
serialization.Encoding.PEM).decode())
# check client key
client_key_string_match = re.findall('<key>\n(.*?)\n</key>',
config,
flags=re.DOTALL)
self.assertTrue(len(client_key_string_match) == 1)
client_key = client_key_string_match[0]
config_client_key = serialization.load_pem_private_key(
client_key.encode(), password=None, backend=default_backend())
self.assertEqual(
vpn_client.private_key,
config_client_key.private_bytes(
encoding=serialization.Encoding.PEM,
format=serialization.PrivateFormat.TraditionalOpenSSL,
encryption_algorithm=serialization.NoEncryption()).decode())
# check public key for private key matches public key in certificate
self.assertEqual(
config_client_cert.public_key().public_bytes(
encoding=serialization.Encoding.PEM,
format=serialization.PublicFormat.PKCS1).decode(),
config_client_key.public_key().public_bytes(
encoding=serialization.Encoding.PEM,
format=serialization.PublicFormat.PKCS1).decode())
def _add_vpn_client_configs(host, archive):
"""
Generate the VPN config files and add them to the tar.
"""
# Each host can run at most one VPN-Client per VPN
clients = host.vpn_clients.filter(active=True).select_related('vpn__server__AS').all()
configs = dict()
for client in clients:
name = client.vpn.server.AS.isd_as_path_str()
configs[name] = generate_vpn_client_config(client)
for name, config in configs.items():
archive.write_text("client-scionlab-{}.conf".format(name), config)
def _add_vpn_client_configs(host, archive):
"""
Generate the VPN config files and add them to the tar.
"""
vpn_dir = OPENVPN_CONFIG_DIR.lstrip(
"/") # don't use absolute paths in the archive
# Each host can run at most one VPN-Client per VPN
clients = host.vpn_clients.filter(
active=True).select_related('vpn__server__AS').all()
configs = dict()
for client in clients:
name = client.vpn.server.AS.isd_as_path_str()
configs[name] = generate_vpn_client_config(client)
for name, config in configs.items():
archive.write_text((vpn_dir, "client-scionlab-{}.conf".format(name)),
config)
def _add_vpn_config(host, tar):
"""
Generate the VPN config files and add them to the tar.
"""
vpn_clients = list(host.vpn_clients.filter(active=True))
for vpn_client in vpn_clients:
client_config = generate_vpn_client_config(vpn_client)
tar_add_textfile(tar, "client.conf", client_config)
vpn_servers = list(host.vpn_servers.all())
for vpn_server in vpn_servers:
tar_add_textfile(tar, "server.conf",
generate_vpn_server_config(vpn_server))
tar_add_dir(tar, 'ccd')
for vpn_client in vpn_server.clients.iterator():
common_name, config_string = ccd_config(vpn_client)
tar_add_textfile(tar, 'ccd/' + common_name, config_string)
def _add_vpn_config(host, archive):
"""
Generate the VPN config files and add them to the tar.
"""
vpn_clients = list(host.vpn_clients.filter(active=True))
for vpn_client in vpn_clients:
client_config = generate_vpn_client_config(vpn_client)
archive.write_text("client.conf", client_config)
vpn_servers = list(host.vpn_servers.all())
for vpn_server in vpn_servers:
archive.write_text("server.conf",
generate_vpn_server_config(vpn_server))
archive.add_dir("ccd")
for vpn_client in vpn_server.clients.iterator():
common_name, config_string = ccd_config(vpn_client)
archive.write_text("ccd/" + common_name, config_string)