experiments no longer needed
This commit is contained in:
parent
f671e1efa9
commit
12d39bb923
5 changed files with 17 additions and 35 deletions
|
@ -54,7 +54,7 @@ class EasyRSA:
|
||||||
def build_ca(
|
def build_ca(
|
||||||
self,
|
self,
|
||||||
days: int = 365 * 50,
|
days: int = 365 * 50,
|
||||||
cn: str = "kiwi-ca"
|
cn: str = "kiwi-vpn-ca"
|
||||||
) -> crypto.X509:
|
) -> crypto.X509:
|
||||||
return self.__build_cert(
|
return self.__build_cert(
|
||||||
Path("ca.crt"),
|
Path("ca.crt"),
|
||||||
|
@ -73,13 +73,16 @@ class EasyRSA:
|
||||||
f"--req-cn={cn}",
|
f"--req-cn={cn}",
|
||||||
f"--days={days}",
|
f"--days={days}",
|
||||||
|
|
||||||
|
# "--use-algo=ed",
|
||||||
|
# "--curve=ed25519",
|
||||||
|
|
||||||
"build-ca",
|
"build-ca",
|
||||||
)
|
)
|
||||||
|
|
||||||
def issue(
|
def issue(
|
||||||
self,
|
self,
|
||||||
days: int = 365 * 50,
|
days: int = 365 * 50,
|
||||||
cn: str = "kiwi-vpn",
|
cn: str = "kiwi-vpn-client",
|
||||||
cert_type: str = "client"
|
cert_type: str = "client"
|
||||||
) -> crypto.X509:
|
) -> crypto.X509:
|
||||||
return self.__build_cert(
|
return self.__build_cert(
|
||||||
|
@ -95,18 +98,18 @@ class EasyRSA:
|
||||||
|
|
||||||
|
|
||||||
if __name__ == "__main__":
|
if __name__ == "__main__":
|
||||||
rsa = EasyRSA(Path("tmp/pki"))
|
easy_rsa = EasyRSA(Path("tmp/easyrsa"))
|
||||||
rsa.init_pki()
|
easy_rsa.init_pki()
|
||||||
rsa.set_ca_password()
|
easy_rsa.set_ca_password()
|
||||||
|
|
||||||
ca = rsa.build_ca()
|
ca = easy_rsa.build_ca(cn="kiwi-vpn-ca")
|
||||||
server = rsa.issue(cert_type="server", cn="kiwi-server")
|
server = easy_rsa.issue(cert_type="server", cn="kiwi-vpn-server")
|
||||||
client = rsa.issue(cert_type="client", cn="kiwi-client")
|
client = easy_rsa.issue(cert_type="client", cn="kiwi-vpn-client")
|
||||||
|
|
||||||
print(ca.get_subject())
|
|
||||||
print(server.get_subject())
|
|
||||||
print(client.get_subject())
|
|
||||||
|
|
||||||
date_format, encoding = "%Y%m%d%H%M%SZ", "ascii"
|
date_format, encoding = "%Y%m%d%H%M%SZ", "ascii"
|
||||||
|
|
||||||
|
for cert in [ca, server, client]:
|
||||||
|
print(cert.get_subject().CN)
|
||||||
|
print(cert.get_signature_algorithm().decode(encoding))
|
||||||
print(datetime.strptime(
|
print(datetime.strptime(
|
||||||
client.get_notAfter().decode(encoding), date_format))
|
cert.get_notAfter().decode(encoding), date_format))
|
||||||
|
|
|
@ -1 +0,0 @@
|
||||||
openvpn
|
|
1
experiments/.gitignore
vendored
1
experiments/.gitignore
vendored
|
@ -1 +0,0 @@
|
||||||
openvpn/pki
|
|
|
@ -1,11 +0,0 @@
|
||||||
FROM debian:bullseye-slim
|
|
||||||
# LABEL maintainer=""
|
|
||||||
|
|
||||||
RUN set -ex; \
|
|
||||||
\
|
|
||||||
apt-get update; apt-get -y --no-install-recommends install \
|
|
||||||
easy-rsa \
|
|
||||||
; rm -rf /var/lib/apt/lists/*; \
|
|
||||||
ln -s /usr/share/easy-rsa/easyrsa /usr/local/bin;
|
|
||||||
|
|
||||||
WORKDIR "/opt/openvpn"
|
|
|
@ -1,8 +0,0 @@
|
||||||
#!/bin/sh
|
|
||||||
|
|
||||||
set -ex
|
|
||||||
|
|
||||||
easyrsa init-pki
|
|
||||||
easyrsa --batch --passout="pass:passwd" --passin="pass:passwd" --req-cn="kiwi-vpn" --days="$(( 365 * 50 ))" build-ca
|
|
||||||
easyrsa --batch --passin="pass:passwd" --days="$(( 365 * 50 ))" build-server-full bababooey nopass
|
|
||||||
|
|
Loading…
Reference in a new issue