diff --git a/api/kiwi_vpn_api/easyrsa.py b/api/kiwi_vpn_api/easyrsa.py index e769450..816d0a8 100644 --- a/api/kiwi_vpn_api/easyrsa.py +++ b/api/kiwi_vpn_api/easyrsa.py @@ -54,7 +54,7 @@ class EasyRSA: def build_ca( self, days: int = 365 * 50, - cn: str = "kiwi-ca" + cn: str = "kiwi-vpn-ca" ) -> crypto.X509: return self.__build_cert( Path("ca.crt"), @@ -73,13 +73,16 @@ class EasyRSA: f"--req-cn={cn}", f"--days={days}", + # "--use-algo=ed", + # "--curve=ed25519", + "build-ca", ) def issue( self, days: int = 365 * 50, - cn: str = "kiwi-vpn", + cn: str = "kiwi-vpn-client", cert_type: str = "client" ) -> crypto.X509: return self.__build_cert( @@ -95,18 +98,18 @@ class EasyRSA: if __name__ == "__main__": - rsa = EasyRSA(Path("tmp/pki")) - rsa.init_pki() - rsa.set_ca_password() + easy_rsa = EasyRSA(Path("tmp/easyrsa")) + easy_rsa.init_pki() + easy_rsa.set_ca_password() - ca = rsa.build_ca() - server = rsa.issue(cert_type="server", cn="kiwi-server") - client = rsa.issue(cert_type="client", cn="kiwi-client") - - print(ca.get_subject()) - print(server.get_subject()) - print(client.get_subject()) + ca = easy_rsa.build_ca(cn="kiwi-vpn-ca") + server = easy_rsa.issue(cert_type="server", cn="kiwi-vpn-server") + client = easy_rsa.issue(cert_type="client", cn="kiwi-vpn-client") date_format, encoding = "%Y%m%d%H%M%SZ", "ascii" - print(datetime.strptime( - client.get_notAfter().decode(encoding), date_format)) + + for cert in [ca, server, client]: + print(cert.get_subject().CN) + print(cert.get_signature_algorithm().decode(encoding)) + print(datetime.strptime( + cert.get_notAfter().decode(encoding), date_format)) diff --git a/experiments/.dockerignore b/experiments/.dockerignore deleted file mode 100644 index 0d13a98..0000000 --- a/experiments/.dockerignore +++ /dev/null @@ -1 +0,0 @@ -openvpn \ No newline at end of file diff --git a/experiments/.gitignore b/experiments/.gitignore deleted file mode 100644 index 9f5760a..0000000 --- a/experiments/.gitignore +++ /dev/null @@ -1 +0,0 @@ -openvpn/pki \ No newline at end of file diff --git a/experiments/Dockerfile b/experiments/Dockerfile deleted file mode 100644 index 79b45d2..0000000 --- a/experiments/Dockerfile +++ /dev/null @@ -1,11 +0,0 @@ -FROM debian:bullseye-slim -# LABEL maintainer="" - -RUN set -ex; \ - \ - apt-get update; apt-get -y --no-install-recommends install \ - easy-rsa \ - ; rm -rf /var/lib/apt/lists/*; \ - ln -s /usr/share/easy-rsa/easyrsa /usr/local/bin; - -WORKDIR "/opt/openvpn" diff --git a/experiments/openvpn/build_ca.sh b/experiments/openvpn/build_ca.sh deleted file mode 100755 index 6adf3c2..0000000 --- a/experiments/openvpn/build_ca.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/sh - -set -ex - -easyrsa init-pki -easyrsa --batch --passout="pass:passwd" --passin="pass:passwd" --req-cn="kiwi-vpn" --days="$(( 365 * 50 ))" build-ca -easyrsa --batch --passin="pass:passwd" --days="$(( 365 * 50 ))" build-server-full bababooey nopass -