experiments no longer needed

2022-03-22 00:57:09 +00:00 · 2022-03-22 00:57:09 +00:00 · 12d39bb923
commit 12d39bb923
parent f671e1efa9
5 changed files with 17 additions and 35 deletions
--- a/api/kiwi_vpn_api/easyrsa.py
+++ b/api/kiwi_vpn_api/easyrsa.py
@ -54,7 +54,7 @@ class EasyRSA:
    def build_ca(
        self,
        days: int = 365 * 50,
-        cn: str = "kiwi-ca"
+        cn: str = "kiwi-vpn-ca"
    ) -> crypto.X509:
        return self.__build_cert(
            Path("ca.crt"),
@ -73,13 +73,16 @@ class EasyRSA:
            f"--req-cn={cn}",
            f"--days={days}",

+            # "--use-algo=ed",
+            # "--curve=ed25519",
+
            "build-ca",
        )

    def issue(
        self,
        days: int = 365 * 50,
-        cn: str = "kiwi-vpn",
+        cn: str = "kiwi-vpn-client",
        cert_type: str = "client"
    ) -> crypto.X509:
        return self.__build_cert(
@ -95,18 +98,18 @@ class EasyRSA:


 if __name__ == "__main__":
-    rsa = EasyRSA(Path("tmp/pki"))
-    rsa.init_pki()
-    rsa.set_ca_password()
+    easy_rsa = EasyRSA(Path("tmp/easyrsa"))
+    easy_rsa.init_pki()
+    easy_rsa.set_ca_password()

-    ca = rsa.build_ca()
-    server = rsa.issue(cert_type="server", cn="kiwi-server")
-    client = rsa.issue(cert_type="client", cn="kiwi-client")
-
-    print(ca.get_subject())
-    print(server.get_subject())
-    print(client.get_subject())
+    ca = easy_rsa.build_ca(cn="kiwi-vpn-ca")
+    server = easy_rsa.issue(cert_type="server", cn="kiwi-vpn-server")
+    client = easy_rsa.issue(cert_type="client", cn="kiwi-vpn-client")

    date_format, encoding = "%Y%m%d%H%M%SZ", "ascii"
+
+    for cert in [ca, server, client]:
+        print(cert.get_subject().CN)
+        print(cert.get_signature_algorithm().decode(encoding))
        print(datetime.strptime(
-        client.get_notAfter().decode(encoding), date_format))
+            cert.get_notAfter().decode(encoding), date_format))
--- a/experiments/.dockerignore
+++ b/experiments/.dockerignore
@ -1 +0,0 @@
-openvpn
--- a/experiments/.gitignore
+++ b/experiments/.gitignore
@ -1 +0,0 @@
-openvpn/pki
--- a/experiments/Dockerfile
+++ b/experiments/Dockerfile
@ -1,11 +0,0 @@
-FROM debian:bullseye-slim
-# LABEL maintainer=""
-
-RUN set -ex; \
-    \
-    apt-get update; apt-get -y --no-install-recommends install \
-      easy-rsa \
-    ; rm -rf /var/lib/apt/lists/*; \
-    ln -s /usr/share/easy-rsa/easyrsa /usr/local/bin;
-
-WORKDIR "/opt/openvpn"
--- a/experiments/openvpn/build_ca.sh
+++ b/experiments/openvpn/build_ca.sh
@ -1,8 +0,0 @@
-#!/bin/sh
-
-set -ex
-
-easyrsa init-pki
-easyrsa --batch --passout="pass:passwd" --passin="pass:passwd" --req-cn="kiwi-vpn" --days="$(( 365 * 50 ))" build-ca
-easyrsa --batch --passin="pass:passwd" --days="$(( 365 * 50 ))" build-server-full bababooey nopass
-