def update_keys_provider(uuid, cert, key): # type: (str, str, str) -> None """ Update the key pare in the network manager configuration. Typically called when the keypair is expired. args: uuid (str): unique ID of the network manager connection cert (str): key (str): """ logger.info(u"updating key pare for uuid {}".format(uuid)) write_cert(cert, 'cert', uuid) write_cert(key, 'key', uuid)
def ovpn_to_nm(config, meta, display_name, username=None): # type: (dict, Metadata, str, Optional[str]) -> object """Generate a NetworkManager style config dict from a parsed ovpn config dict.""" logger.info("generating config for {} ({})".format(display_name, meta.uuid)) settings = {'connection': {'id': display_name, 'type': 'vpn', 'uuid': meta.uuid}, 'ipv4': {'method': 'auto'}, 'ipv6': {'method': 'auto'}, 'vpn': {'data': {'auth': config.get('auth', 'SHA256'), 'cipher': config.get('cipher', 'AES-256-CBC'), 'connection-type': config.get('connection-type', 'tls'), 'dev': 'tun', 'remote': ",".join(":".join(r) for r in config['remote']), 'remote-cert-tls': 'server', # 'tls-cipher' is not supported on older nm (like ubuntu 16.04) # 'tls-cipher': config.get('tls-cipher', 'TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384') }, 'service-type': 'org.freedesktop.NetworkManager.openvpn'} } # issue #138, not supported by older network-manager-openvpn # if 'server-poll-timeout' in config: # settings['vpn']['data']['connect-timeout'] = config['server-poll-timeout'] if 'comp-lzo' in config: settings['vpn']['data']['comp-lzo'] = config['comp-lzo'] or 'adaptive' # 2 factor auth enabled if 'auth-user-pass' in config: if not username: raise EduvpnException("You need to enroll for 2FA in the user portal " "first before being able to connect to this profile.") logger.info("looks like 2 factor authentication is enabled, enabling this in NM config") settings['vpn']['data']['cert-pass-flags'] = '0' settings['vpn']['data']['connection-type'] = 'password-tls' settings['vpn']['data']['password-flags'] = '2' settings['vpn']['data']['username'] = username if 'ca' in config: ca_path = write_cert(config.get('ca'), 'ca', meta.uuid) settings['vpn']['data']['ca'] = ca_path if 'tls-auth' in config: settings['vpn']['data']['ta'] = write_cert(config.get('tls-auth'), 'ta', meta.uuid) settings['vpn']['data']['ta-dir'] = config.get('key-direction', '1') elif 'tls-crypt' in config: settings['vpn']['data']['tls-crypt'] = write_cert(config.get('tls-crypt'), 'tc', meta.uuid) else: logging.info("'tls-crypt' and 'tls-auth' not found in configuration returned by server") return settings
def store_provider(meta): """Store the eduVPN configuration""" logger.info("storing profile with name {} using NetworkManager".format(meta.display_name)) meta.uuid = make_unique_id() ovpn_text = format_like_ovpn(meta.config, meta.cert, meta.key) config_dict = parse_ovpn(ovpn_text) cert_path = write_cert(meta.cert, 'cert', meta.uuid) key_path = write_cert(meta.key, 'key', meta.uuid) ca_path = write_cert(config_dict.pop('ca'), 'ca', meta.uuid) ta_path = write_cert(config_dict.pop('tls-auth'), 'ta', meta.uuid) nm_config = ovpn_to_nm(config_dict, uuid=meta.uuid, display_name=meta.display_name, username=meta.username) nm_config['vpn']['data'].update({'cert': cert_path, 'key': key_path, 'ca': ca_path, 'ta': ta_path}) insert_config(nm_config) meta.write() return meta.uuid
def store_provider(meta, config_dict): """Store the eduVPN configuration""" logger.info("storing profile with name {} using NetworkManager".format(meta.display_name)) new = False if not meta.uuid: meta.uuid = make_unique_id() new = True cert_path = write_cert(meta.cert, 'cert', meta.uuid) key_path = write_cert(meta.key, 'key', meta.uuid) nm_config = ovpn_to_nm(config_dict, meta=meta, display_name=meta.display_name, username=meta.username) nm_config['vpn']['data'].update({'cert': cert_path, 'key': key_path}) if new: insert_config(nm_config) else: update_config_provider(meta, config_dict) meta.write() return meta.uuid
def update_config_provider(meta): """ Update an existing network manager configuration args: uuid (str): the unique ID of the network manager configuration display_name (str): The new display name of the configuration config (str): The new OpenVPN configuration """ logger.info("updating config for {} ({})".format(meta.display_name, meta.uuid)) config_dict = parse_ovpn(meta.config) ca_path = write_cert(config_dict.pop('ca'), 'ca', meta.uuid) ta_path = write_cert(config_dict.pop('tls-auth'), 'ta', meta.uuid) if have_dbus(): nm_config = ovpn_to_nm(config_dict, uuid=meta.uuid, display_name=meta.display_name, username=meta.username) old_conn = NetworkManager.Settings.GetConnectionByUuid(meta.uuid) old_settings = old_conn.GetSettings() nm_config['vpn']['data'].update({'cert': old_settings['vpn']['data']['cert'], 'key': old_settings['vpn']['data']['key'], 'ca': ca_path, 'ta': ta_path}) old_conn.Delete() insert_config(nm_config)
def test_write_cert(self): write_cert(content='test', type_='test', unique_name='test')