From 26d171e6d3e27370fb529ee0cc059a4b577cd0cc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rn-Michael=20Miehe?=
 <40151420+ldericher@users.noreply.github.com>
Date: Thu, 31 Mar 2022 16:59:14 +0000
Subject: [PATCH] refactoring

---
 api/kiwi_vpn_api/config.py  |  4 ++--
 api/kiwi_vpn_api/easyrsa.py | 39 +++++++++++++++++++++----------------
 2 files changed, 24 insertions(+), 19 deletions(-)

diff --git a/api/kiwi_vpn_api/config.py b/api/kiwi_vpn_api/config.py
index 1d4d01e..783a0d8 100644
--- a/api/kiwi_vpn_api/config.py
+++ b/api/kiwi_vpn_api/config.py
@@ -206,7 +206,7 @@ class ServerDN(BaseModel):
     common_name: str
 
 
-class CertificateAlgo(Enum):
+class KeyAlgorithm(Enum):
     """
     Supported certificate signing algorithms
     """
@@ -227,7 +227,7 @@ class CryptoConfig(BaseModel):
     schemes: list[str] = ["bcrypt"]
 
     # pki settings
-    cert_algo: CertificateAlgo | None
+    key_algorithm: KeyAlgorithm | None
     ca_password: str | None
     ca_expiry_days: int | None
     cert_expiry_days: int | None
diff --git a/api/kiwi_vpn_api/easyrsa.py b/api/kiwi_vpn_api/easyrsa.py
index 6322af0..7232234 100644
--- a/api/kiwi_vpn_api/easyrsa.py
+++ b/api/kiwi_vpn_api/easyrsa.py
@@ -12,7 +12,7 @@ from OpenSSL import crypto
 from passlib import pwd
 from pydantic import BaseModel
 
-from .config import CertificateAlgo, Config, Settings
+from .config import Config, KeyAlgorithm, Settings
 from .db import Connection, Device
 
 
@@ -167,24 +167,29 @@ class EasyRSA:
         if expiry_days is not None:
             extra_args += [f"--days={expiry_days}"]
 
-        if (algo := config.crypto.cert_algo) is not None:
-            if algo is CertificateAlgo.rsa2048:
-                extra_args += ("--use-algo=rsa", "--keysize=2048")
+        if (algorithm := config.crypto.key_algorithm) is not None:
+            args_map = {
+                KeyAlgorithm.rsa2048: [
+                    "--use-algo=rsa", "--keysize=2048"
+                ],
+                KeyAlgorithm.rsa2048: [
+                    "--use-algo=rsa", "--keysize=2048"
+                ],
+                KeyAlgorithm.secp256r1: [
+                    "--use-algo=ec", "--curve=secp256r1"
+                ],
+                KeyAlgorithm.secp384r1: [
+                    "--use-algo=ec", "--curve=secp384r1"
+                ],
+                KeyAlgorithm.ed25519: [
+                    "--use-algo=ed", "--curve=ed25519"
+                ]
+            }
 
-            elif algo is CertificateAlgo.rsa4096:
-                extra_args += ("--use-algo=rsa", "--keysize=4096")
+            if algorithm not in args_map:
+                raise ValueError(f"Unexpected algorithm: {algorithm}")
 
-            elif algo is CertificateAlgo.secp256r1:
-                extra_args += ("--use-algo=ec", "--curve=secp256r1")
-
-            elif algo is CertificateAlgo.secp384r1:
-                extra_args += ("--use-algo=ec", "--curve=secp384r1")
-
-            elif algo is CertificateAlgo.ed25519:
-                extra_args += ("--use-algo=ed", "--curve=ed25519")
-
-            else:
-                raise ValueError(f"Unexpected algorithm: {algo}")
+            extra_args += args_map[algorithm]
 
         self.__easyrsa(
             *extra_args,