def generate_server_cert(): server_cert_path = os.path.join(settings.conf.temp_path, SERVER_CERT_NAME) server_key_path = os.path.join(settings.conf.temp_path, SERVER_KEY_NAME) check_output_logged([ 'openssl', 'ecparam', '-name', 'prime256v1', '-genkey', '-noout', '-out', server_key_path, ]) check_output_logged([ 'openssl', 'req', '-new', '-batch', '-x509', '-days', '3652', '-key', server_key_path, '-out', server_cert_path, ]) os.chmod(server_key_path, 0600) return server_cert_path, server_key_path
def generate_server_cert(server_cert_path, server_key_path): check_output_logged([ 'openssl', 'req', '-batch', '-x509', '-nodes', '-sha256', '-newkey', 'rsa:4096', '-days', '3652', '-keyout', server_key_path, '-out', server_cert_path, ]) os.chmod(server_key_path, 0600)
def generate_server_dh_params(dh_size): server_dh_path = os.path.join(settings.conf.temp_path, SERVER_DH_NAME) check_output_logged([ 'openssl', 'dhparam', str(dh_size), '-out', server_dh_path, ]) os.chmod(server_dh_path, 0600) return server_dh_path
def generate_csr(private_key, domain): private_key_path = get_temp_path() + '.key' with open(private_key_path, 'w') as private_key_file: os.chmod(private_key_path, 0600) private_key_file.write(private_key) csr = check_output_logged([ 'openssl', 'req', '-new', '-batch', '-sha256', '-key', private_key_path, '-subj', '/CN=%s' % domain, ]) try: os.remove(private_key_path) except: pass return csr
def generate_server_cert(): server_cert_path = os.path.join(settings.conf.temp_path, SERVER_CERT_NAME) server_key_path = os.path.join(settings.conf.temp_path, SERVER_KEY_NAME) check_output_logged([ 'openssl', 'ecparam', '-name', 'secp384r1', '-genkey', '-noout', '-out', server_key_path, ]) check_output_logged([ 'openssl', 'req', '-new', '-batch', '-x509', '-days', '3652', '-key', server_key_path, '-out', server_cert_path, ]) os.chmod(server_key_path, 0600) return server_cert_path, server_key_path
def generate_private_ec_key(): return check_output_logged([ 'openssl', 'ecparam', '-name', 'prime256v1', '-genkey', '-noout', ])
def get_interfaces(): gateway = get_gateway() if not gateway: from pritunl import logger logger.error('Failed to find gateway address', 'utils') gateway_inf, gateway_addr = gateway output = check_output_logged(['ifconfig']) interfaces = {} for interface in output.split('\n\n'): data = {} interface_name = re.findall(r'[a-z0-9]+', interface, re.IGNORECASE) if not interface_name: continue interface_name = interface_name[0] data['interface'] = interface_name addr = re.findall(r'inet.{0,10}' + IP_REGEX, interface, re.IGNORECASE) if not addr: continue addr = re.findall(IP_REGEX, addr[0], re.IGNORECASE) if not addr: continue data['address'] = addr[0] netmask = re.findall(r'mask.{0,10}' + IP_REGEX, interface, re.IGNORECASE) if not netmask: continue netmask = re.findall(IP_REGEX, netmask[0], re.IGNORECASE) if not netmask: continue data['netmask'] = netmask[0] broadcast = re.findall(r'broadcast.{0,10}' + IP_REGEX, interface, re.IGNORECASE) if not broadcast: broadcast = re.findall(r'bcast.{0,10}' + IP_REGEX, interface, re.IGNORECASE) if not broadcast: continue broadcast = re.findall(IP_REGEX, broadcast[0], re.IGNORECASE) if not broadcast: continue data['broadcast'] = broadcast[0] if data['interface'] == gateway_inf: data['gateway'] = gateway_addr else: data['gateway'] = None interfaces[interface_name] = data return interfaces
def get_gateway(): routes_output = check_output_logged(['route', '-n']) for line in routes_output.splitlines(): line_split = line.split() if len(line_split) < 8 or not re.match(IP_REGEX, line_split[0]) or \ not re.match(IP_REGEX, line_split[1]): continue if line_split[0] == '0.0.0.0': return (line_split[7], line_split[1])
def get_routes(): routes_output = check_output_logged(['route', '-n']) routes = {} for line in routes_output.splitlines(): line_split = line.split() if len(line_split) < 8 or not re.match(IP_REGEX, line_split[0]): continue routes[line_split[0]] = line_split[7] return routes
def get_interfaces(): output = check_output_logged(['ifconfig']) interfaces = {} for interface in output.split('\n\n'): data = {} interface_name = re.findall(r'[a-z0-9]+', interface, re.IGNORECASE) if not interface_name: continue interface_name = interface_name[0] data['interface'] = interface_name addr = re.findall(r'inet.{0,10}' + IP_REGEX, interface, re.IGNORECASE) if not addr: continue addr = re.findall(IP_REGEX, addr[0], re.IGNORECASE) if not addr: continue data['address'] = addr[0] netmask = re.findall(r'mask.{0,10}' + IP_REGEX, interface, re.IGNORECASE) if not netmask: continue netmask = re.findall(IP_REGEX, netmask[0], re.IGNORECASE) if not netmask: continue data['netmask'] = netmask[0] broadcast = re.findall(r'broadcast.{0,10}' + IP_REGEX, interface, re.IGNORECASE) if not broadcast: broadcast = re.findall(r'bcast.{0,10}' + IP_REGEX, interface, re.IGNORECASE) if not broadcast: continue broadcast = re.findall(IP_REGEX, broadcast[0], re.IGNORECASE) if not broadcast: continue data['broadcast'] = broadcast[0] interfaces[interface_name] = data return interfaces
def get_interfaces(): output = check_output_logged(["ifconfig"]) interfaces = {} for interface in output.split("\n\n"): data = {} interface_name = re.findall(r"[a-z0-9]+", interface, re.IGNORECASE) if not interface_name: continue interface_name = interface_name[0] data["interface"] = interface_name addr = re.findall(r"inet.{0,10}" + IP_REGEX, interface, re.IGNORECASE) if not addr: continue addr = re.findall(IP_REGEX, addr[0], re.IGNORECASE) if not addr: continue data["address"] = addr[0] netmask = re.findall(r"mask.{0,10}" + IP_REGEX, interface, re.IGNORECASE) if not netmask: continue netmask = re.findall(IP_REGEX, netmask[0], re.IGNORECASE) if not netmask: continue data["netmask"] = netmask[0] broadcast = re.findall(r"broadcast.{0,10}" + IP_REGEX, interface, re.IGNORECASE) if not broadcast: broadcast = re.findall(r"bcast.{0,10}" + IP_REGEX, interface, re.IGNORECASE) if not broadcast: continue broadcast = re.findall(IP_REGEX, broadcast[0], re.IGNORECASE) if not broadcast: continue data["broadcast"] = broadcast[0] interfaces[interface_name] = data return interfaces
def generate_csr(private_key, domain): private_key_path = get_temp_path() + '.key' with open(private_key_path, 'w') as private_key_file: os.chmod(private_key_path, 0600) private_key_file.write(private_key) csr = check_output_logged([ 'openssl', 'req', '-new', '-sha256', '-key', private_key_path, '-subj', '/CN=%s' % domain, ]) try: os.remove(private_key_path) except: pass return csr
def get_local_networks(): addresses = [] output = check_output_logged(['ifconfig']) for interface in output.split('\n\n'): interface_name = re.findall(r'[a-z0-9]+', interface, re.IGNORECASE) if not interface_name: continue interface_name = interface_name[0] if re.search(r'tun[0-9]+', interface_name) or interface_name == 'lo': continue addr = re.findall(r'inet.{0,10}' + IP_REGEX, interface, re.IGNORECASE) if not addr: continue addr = re.findall(IP_REGEX, addr[0], re.IGNORECASE) if not addr: continue mask = re.findall(r'mask.{0,10}' + IP_REGEX, interface, re.IGNORECASE) if not mask: continue mask = re.findall(IP_REGEX, mask[0], re.IGNORECASE) if not mask: continue addr = addr[0] mask = mask[0] if addr.split('.')[0] == '127': continue addresses.append(network_addr(addr, mask)) return addresses
def get_local_networks(): addresses = [] output = check_output_logged(["ifconfig"]) for interface in output.split("\n\n"): interface_name = re.findall(r"[a-z0-9]+", interface, re.IGNORECASE) if not interface_name: continue interface_name = interface_name[0] if re.search(r"tun[0-9]+", interface_name) or interface_name == "lo": continue addr = re.findall(r"inet.{0,10}" + IP_REGEX, interface, re.IGNORECASE) if not addr: continue addr = re.findall(IP_REGEX, addr[0], re.IGNORECASE) if not addr: continue mask = re.findall(r"mask.{0,10}" + IP_REGEX, interface, re.IGNORECASE) if not mask: continue mask = re.findall(IP_REGEX, mask[0], re.IGNORECASE) if not mask: continue addr = addr[0] mask = mask[0] if addr.split(".")[0] == "127": continue addresses.append(network_addr(addr, mask)) return addresses
def generate_private_ec_key(): return check_output_logged([ 'openssl', 'ecparam', '-name', 'secp384r1', '-genkey', '-noout', ])
def generate_server_dh_params_inline(dh_size): return check_output_logged([ 'openssl', 'dhparam', str(dh_size), ])
def generate_private_key(): return check_output_logged([ 'openssl', 'genrsa', '4096', ])