def test_generate_certs(self): attachment_point = AttachmentPoint.objects.first() user_as = create_user_as(attachment_point) vpn_client = user_as.hosts.first().vpn_clients.first() config = generate_vpn_client_config(vpn_client) # check ca cert ca_cert_string_match = re.findall('<ca>\n(.*?)\n</ca>', config, flags=re.DOTALL) self.assertTrue(len(ca_cert_string_match) == 1) ca_cert = ca_cert_string_match[0] config_ca_cert = x509.load_pem_x509_certificate( ca_cert.encode(), backend=default_backend()) self.assertEqual( load_ca_cert().public_bytes(serialization.Encoding.PEM).decode(), config_ca_cert.public_bytes(serialization.Encoding.PEM).decode()) # check client cert client_cert_string_match = re.findall('<cert>\n(.*?)\n</cert>', config, flags=re.DOTALL) self.assertTrue(len(client_cert_string_match) == 1) client_cert = client_cert_string_match[0] config_client_cert = x509.load_pem_x509_certificate( client_cert.encode(), backend=default_backend()) self.assertEqual( vpn_client.cert, config_client_cert.public_bytes( serialization.Encoding.PEM).decode()) # check client key client_key_string_match = re.findall('<key>\n(.*?)\n</key>', config, flags=re.DOTALL) self.assertTrue(len(client_key_string_match) == 1) client_key = client_key_string_match[0] config_client_key = serialization.load_pem_private_key( client_key.encode(), password=None, backend=default_backend()) self.assertEqual( vpn_client.private_key, config_client_key.private_bytes( encoding=serialization.Encoding.PEM, format=serialization.PrivateFormat.TraditionalOpenSSL, encryption_algorithm=serialization.NoEncryption()).decode()) # check public key for private key matches public key in certificate self.assertEqual( config_client_cert.public_key().public_bytes( encoding=serialization.Encoding.PEM, format=serialization.PublicFormat.PKCS1).decode(), config_client_key.public_key().public_bytes( encoding=serialization.Encoding.PEM, format=serialization.PublicFormat.PKCS1).decode())
def _add_vpn_client_configs(host, archive): """ Generate the VPN config files and add them to the tar. """ # Each host can run at most one VPN-Client per VPN clients = host.vpn_clients.filter(active=True).select_related('vpn__server__AS').all() configs = dict() for client in clients: name = client.vpn.server.AS.isd_as_path_str() configs[name] = generate_vpn_client_config(client) for name, config in configs.items(): archive.write_text("client-scionlab-{}.conf".format(name), config)
def _add_vpn_client_configs(host, archive): """ Generate the VPN config files and add them to the tar. """ vpn_dir = OPENVPN_CONFIG_DIR.lstrip( "/") # don't use absolute paths in the archive # Each host can run at most one VPN-Client per VPN clients = host.vpn_clients.filter( active=True).select_related('vpn__server__AS').all() configs = dict() for client in clients: name = client.vpn.server.AS.isd_as_path_str() configs[name] = generate_vpn_client_config(client) for name, config in configs.items(): archive.write_text((vpn_dir, "client-scionlab-{}.conf".format(name)), config)
def _add_vpn_config(host, tar): """ Generate the VPN config files and add them to the tar. """ vpn_clients = list(host.vpn_clients.filter(active=True)) for vpn_client in vpn_clients: client_config = generate_vpn_client_config(vpn_client) tar_add_textfile(tar, "client.conf", client_config) vpn_servers = list(host.vpn_servers.all()) for vpn_server in vpn_servers: tar_add_textfile(tar, "server.conf", generate_vpn_server_config(vpn_server)) tar_add_dir(tar, 'ccd') for vpn_client in vpn_server.clients.iterator(): common_name, config_string = ccd_config(vpn_client) tar_add_textfile(tar, 'ccd/' + common_name, config_string)
def _add_vpn_config(host, archive): """ Generate the VPN config files and add them to the tar. """ vpn_clients = list(host.vpn_clients.filter(active=True)) for vpn_client in vpn_clients: client_config = generate_vpn_client_config(vpn_client) archive.write_text("client.conf", client_config) vpn_servers = list(host.vpn_servers.all()) for vpn_server in vpn_servers: archive.write_text("server.conf", generate_vpn_server_config(vpn_server)) archive.add_dir("ccd") for vpn_client in vpn_server.clients.iterator(): common_name, config_string = ccd_config(vpn_client) archive.write_text("ccd/" + common_name, config_string)