def certidude_setup_strongswan_client(url, config, secrets, email_address,
common_name, org_unit, directory,
key_path, request_path, certificate_path,
authority_path, remote, auto, dpdaction):
retval = certidude_request_certificate(url,
key_path,
request_path,
certificate_path,
authority_path,
common_name,
org_unit,
email_address,
wait=True)
if retval:
return retval
# TODO: Add dhparam
config.write(
env.get_template("strongswan-client-to-site.conf").render(locals()))
click.echo("Generated %s" % config.name)
click.echo()
click.echo("Inspect newly created %s and start strongSwan service:" %
config.name)
click.echo()
click.echo(" apt-get install strongswan strongswan-starter")
click.echo(" service strongswan restart")
click.echo()
def certidude_setup_openvpn_client(url, config, email_address, common_name,
org_unit, directory, key_path, request_path,
certificate_path, authority_path, proto,
remote):
retval = certidude_request_certificate(url,
key_path,
request_path,
certificate_path,
authority_path,
common_name,
org_unit,
email_address,
wait=True)
if retval:
return retval
# TODO: Add dhparam
config.write(
env.get_template("openvpn-client-to-site.ovpn").render(locals()))
click.echo("Generated %s" % config.name)
click.echo()
click.echo("Inspect newly created %s and start OpenVPN service:" %
config.name)
click.echo()
click.echo(" service openvpn restart")
click.echo()
def certidude_setup_strongswan_client(url, config, secrets, email_address, common_name, org_unit, directory, key_path, request_path, certificate_path, authority_path, remote, auto, dpdaction):
retval = certidude_request_certificate(
url,
key_path,
request_path,
certificate_path,
authority_path,
common_name,
org_unit,
email_address,
wait=True)
if retval:
return retval
# TODO: Add dhparam
config.write(env.get_template("strongswan-client-to-site.conf").render(locals()))
click.echo("Generated %s" % config.name)
click.echo()
click.echo("Inspect newly created %s and start strongSwan service:" % config.name)
click.echo()
click.echo(" apt-get install strongswan strongswan-starter")
click.echo(" service strongswan restart")
click.echo()
def certidude_setup_openvpn_client(url, config, email_address, common_name, org_unit, directory, key_path, request_path, certificate_path, authority_path, proto, remote):
retval = certidude_request_certificate(
url,
key_path,
request_path,
certificate_path,
authority_path,
common_name,
org_unit,
email_address,
wait=True)
if retval:
return retval
# TODO: Add dhparam
config.write(env.get_template("openvpn-client-to-site.ovpn").render(locals()))
click.echo("Generated %s" % config.name)
click.echo()
click.echo("Inspect newly created %s and start OpenVPN service:" % config.name)
click.echo()
click.echo(" service openvpn restart")
click.echo()
def certidude_setup_openvpn_server(url, config, subnet, route, email_address,
common_name, org_unit, directory, key_path,
request_path, certificate_path,
authority_path, dhparam_path, local, proto,
port):
# TODO: Intelligent way of getting last IP address in the subnet
subnet_first = None
subnet_last = None
subnet_second = None
for addr in subnet.hosts():
if not subnet_first:
subnet_first = addr
continue
if not subnet_second:
subnet_second = addr
subnet_last = addr
if not os.path.exists(certificate_path):
click.echo(
"As OpenVPN server certificate needs specific key usage extensions please"
)
click.echo(
"use following command to sign on Certidude server instead of web interface:"
)
click.echo()
click.echo(" certidude sign %s" % common_name)
retval = certidude_request_certificate(
url,
key_path,
request_path,
certificate_path,
authority_path,
common_name,
org_unit,
email_address,
key_usage="nonRepudiation,digitalSignature,keyEncipherment",
extended_key_usage="serverAuth,ikeIntermediate",
wait=True)
if not os.path.exists(dhparam_path):
cmd = "openssl", "dhparam", "-out", dhparam_path, "2048"
subprocess.check_call(cmd)
if retval:
return retval
# TODO: Add dhparam
config.write(
env.get_template("openvpn-site-to-client.ovpn").render(locals()))
click.echo("Generated %s" % config.name)
click.echo()
click.echo("Inspect newly created %s and start OpenVPN service:" %
config.name)
click.echo()
click.secho(" service openvpn restart", bold=True)
click.echo()
def certidude_setup_openvpn_server(url, config, subnet, route, email_address, common_name, org_unit, directory, key_path, request_path, certificate_path, authority_path, dhparam_path, local, proto, port):
# TODO: Intelligent way of getting last IP address in the subnet
subnet_first = None
subnet_last = None
subnet_second = None
for addr in subnet.hosts():
if not subnet_first:
subnet_first = addr
continue
if not subnet_second:
subnet_second = addr
subnet_last = addr
if not os.path.exists(certificate_path):
click.echo("As OpenVPN server certificate needs specific key usage extensions please")
click.echo("use following command to sign on Certidude server instead of web interface:")
click.echo()
click.echo(" certidude sign %s" % common_name)
retval = certidude_request_certificate(
url,
key_path,
request_path,
certificate_path,
authority_path,
common_name,
org_unit,
email_address,
key_usage="nonRepudiation,digitalSignature,keyEncipherment",
extended_key_usage="serverAuth,ikeIntermediate",
wait=True)
if not os.path.exists(dhparam_path):
cmd = "openssl", "dhparam", "-out", dhparam_path, "2048"
subprocess.check_call(cmd)
if retval:
return retval
# TODO: Add dhparam
config.write(env.get_template("openvpn-site-to-client.ovpn").render(locals()))
click.echo("Generated %s" % config.name)
click.echo()
click.echo("Inspect newly created %s and start OpenVPN service:" % config.name)
click.echo()
click.secho(" service openvpn restart", bold=True)
click.echo()
def certidude_setup_strongswan_server(url, config, secrets, subnet, route,
email_address, common_name, org_unit,
directory, key_path, request_path,
certificate_path, authority_path, local,
ip_address, fqdn):
config.write(
env.get_template("strongswan-site-to-client.conf").render(locals()))
if not os.path.exists(certificate_path):
click.echo(
"As strongSwan server certificate needs specific key usage extensions please"
)
click.echo(
"use following command to sign on Certidude server instead of web interface:"
)
click.echo()
click.echo(" certidude sign %s" % common_name)
retval = certidude_request_certificate(
url,
key_path,
request_path,
certificate_path,
authority_path,
common_name,
org_unit,
email_address,
key_usage="nonRepudiation,digitalSignature,keyEncipherment",
extended_key_usage="serverAuth,ikeIntermediate",
ipv4_address=None if local.is_private else local,
dns=None if local.is_private or "." not in fdqn else fdqn,
wait=True)
if retval:
return retval
click.echo("Generated %s" % config.name)
click.echo()
click.echo("Inspect newly created %s and start strongSwan service:" %
config.name)
click.echo()
click.echo(
" apt-get install strongswan strongswan-starter strongswan-ikev2")
click.secho(" service strongswan restart", bold=True)
click.echo()
def certidude_setup_strongswan_server(url, config, secrets, subnet, route, email_address, common_name, org_unit, directory, key_path, request_path, certificate_path, authority_path, local, ip_address, fqdn):
config.write(env.get_template("strongswan-site-to-client.conf").render(locals()))
if not os.path.exists(certificate_path):
click.echo("As strongSwan server certificate needs specific key usage extensions please")
click.echo("use following command to sign on Certidude server instead of web interface:")
click.echo()
click.echo(" certidude sign %s" % common_name)
retval = certidude_request_certificate(
url,
key_path,
request_path,
certificate_path,
authority_path,
common_name,
org_unit,
email_address,
key_usage="nonRepudiation,digitalSignature,keyEncipherment",
extended_key_usage="serverAuth,ikeIntermediate",
ipv4_address=None if local.is_private else local,
dns=None if local.is_private or "." not in fdqn else fdqn,
wait=True)
if retval:
return retval
click.echo("Generated %s" % config.name)
click.echo()
click.echo("Inspect newly created %s and start strongSwan service:" % config.name)
click.echo()
click.echo(" apt-get install strongswan strongswan-starter strongswan-ikev2")
click.secho(" service strongswan restart", bold=True)
click.echo()
def certidude_setup_client(quiet, **kwargs):
return certidude_request_certificate(**kwargs)
def certidude_setup_client(quiet, **kwargs):
return certidude_request_certificate(**kwargs)
