experiments no longer needed

This commit is contained in:
Jörn-Michael Miehe 2022-03-22 00:57:09 +00:00
parent f671e1efa9
commit 12d39bb923
5 changed files with 17 additions and 35 deletions

View file

@ -54,7 +54,7 @@ class EasyRSA:
def build_ca( def build_ca(
self, self,
days: int = 365 * 50, days: int = 365 * 50,
cn: str = "kiwi-ca" cn: str = "kiwi-vpn-ca"
) -> crypto.X509: ) -> crypto.X509:
return self.__build_cert( return self.__build_cert(
Path("ca.crt"), Path("ca.crt"),
@ -73,13 +73,16 @@ class EasyRSA:
f"--req-cn={cn}", f"--req-cn={cn}",
f"--days={days}", f"--days={days}",
# "--use-algo=ed",
# "--curve=ed25519",
"build-ca", "build-ca",
) )
def issue( def issue(
self, self,
days: int = 365 * 50, days: int = 365 * 50,
cn: str = "kiwi-vpn", cn: str = "kiwi-vpn-client",
cert_type: str = "client" cert_type: str = "client"
) -> crypto.X509: ) -> crypto.X509:
return self.__build_cert( return self.__build_cert(
@ -95,18 +98,18 @@ class EasyRSA:
if __name__ == "__main__": if __name__ == "__main__":
rsa = EasyRSA(Path("tmp/pki")) easy_rsa = EasyRSA(Path("tmp/easyrsa"))
rsa.init_pki() easy_rsa.init_pki()
rsa.set_ca_password() easy_rsa.set_ca_password()
ca = rsa.build_ca() ca = easy_rsa.build_ca(cn="kiwi-vpn-ca")
server = rsa.issue(cert_type="server", cn="kiwi-server") server = easy_rsa.issue(cert_type="server", cn="kiwi-vpn-server")
client = rsa.issue(cert_type="client", cn="kiwi-client") client = easy_rsa.issue(cert_type="client", cn="kiwi-vpn-client")
print(ca.get_subject())
print(server.get_subject())
print(client.get_subject())
date_format, encoding = "%Y%m%d%H%M%SZ", "ascii" date_format, encoding = "%Y%m%d%H%M%SZ", "ascii"
for cert in [ca, server, client]:
print(cert.get_subject().CN)
print(cert.get_signature_algorithm().decode(encoding))
print(datetime.strptime( print(datetime.strptime(
client.get_notAfter().decode(encoding), date_format)) cert.get_notAfter().decode(encoding), date_format))

View file

@ -1 +0,0 @@
openvpn

View file

@ -1 +0,0 @@
openvpn/pki

View file

@ -1,11 +0,0 @@
FROM debian:bullseye-slim
# LABEL maintainer=""
RUN set -ex; \
\
apt-get update; apt-get -y --no-install-recommends install \
easy-rsa \
; rm -rf /var/lib/apt/lists/*; \
ln -s /usr/share/easy-rsa/easyrsa /usr/local/bin;
WORKDIR "/opt/openvpn"

View file

@ -1,8 +0,0 @@
#!/bin/sh
set -ex
easyrsa init-pki
easyrsa --batch --passout="pass:passwd" --passin="pass:passwd" --req-cn="kiwi-vpn" --days="$(( 365 * 50 ))" build-ca
easyrsa --batch --passin="pass:passwd" --days="$(( 365 * 50 ))" build-server-full bababooey nopass