From 702aefc6e3ff05e691de3f47cfced6f5efd78078 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rn-Michael=20Miehe?= <40151420+ldericher@users.noreply.github.com> Date: Thu, 7 Apr 2022 11:37:36 +0000 Subject: [PATCH] CertificateType rework --- api/kiwi_vpn_api/easyrsa.py | 14 +++----------- api/kiwi_vpn_api/routers/_common.py | 4 ++-- 2 files changed, 5 insertions(+), 13 deletions(-) diff --git a/api/kiwi_vpn_api/easyrsa.py b/api/kiwi_vpn_api/easyrsa.py index 3edae71..5d6f05d 100644 --- a/api/kiwi_vpn_api/easyrsa.py +++ b/api/kiwi_vpn_api/easyrsa.py @@ -102,7 +102,6 @@ class CertificateType(Enum): Possible types of certificates """ - ca = auto() client = auto() server = auto() @@ -238,20 +237,16 @@ class EasyRSA: def get_certificate( self, *, - cert_type: CertificateType | None = None, dn: DistinguishedName | None = None, ) -> x509.Certificate | None: """ Get a certificate from the PKI directory """ - if cert_type is CertificateType.ca: + if dn is None: cert_filename = self.output_directory.joinpath("ca.crt") else: - if dn is None: - dn = DistinguishedName.build() - cert_filename = (self.output_directory.joinpath("issued") .joinpath(f"{dn.common_name}.crt")) @@ -284,7 +279,7 @@ class EasyRSA: EASYRSA_REQ_CN="kiwi-vpn-ca", ) - cert = self.get_certificate(cert_type=CertificateType.ca) + cert = self.get_certificate() assert cert is not None # # this takes long! @@ -315,10 +310,7 @@ class EasyRSA: **dn.easyrsa_env, ) - return self.get_certificate( - cert_type=cert_type, - dn=dn, - ) + return self.get_certificate(dn=dn) def renew( self, diff --git a/api/kiwi_vpn_api/routers/_common.py b/api/kiwi_vpn_api/routers/_common.py index d44dd3d..c5a3ce8 100644 --- a/api/kiwi_vpn_api/routers/_common.py +++ b/api/kiwi_vpn_api/routers/_common.py @@ -7,7 +7,7 @@ from fastapi.security import OAuth2PasswordBearer from ..config import SETTINGS, Config from ..db import Device, User -from ..easyrsa import EASYRSA, CertificateType, EasyRSA +from ..easyrsa import EASYRSA, EasyRSA oauth2_scheme = OAuth2PasswordBearer( tokenUrl=f"{SETTINGS.api_v1_prefix}/user/authenticate" @@ -145,7 +145,7 @@ async def get_pki() -> EasyRSA: - 425: EasyRSA not initialized """ - if EASYRSA.get_certificate(cert_type=CertificateType.ca) is None: + if EASYRSA.get_certificate() is None: raise HTTPException(status_code=status.HTTP_425_TOO_EARLY) return EASYRSA