CertificateType rework

This commit is contained in:
Jörn-Michael Miehe 2022-04-07 11:37:36 +00:00
parent f21029e15b
commit 702aefc6e3
2 changed files with 5 additions and 13 deletions

View file

@ -102,7 +102,6 @@ class CertificateType(Enum):
Possible types of certificates Possible types of certificates
""" """
ca = auto()
client = auto() client = auto()
server = auto() server = auto()
@ -238,20 +237,16 @@ class EasyRSA:
def get_certificate( def get_certificate(
self, self,
*, *,
cert_type: CertificateType | None = None,
dn: DistinguishedName | None = None, dn: DistinguishedName | None = None,
) -> x509.Certificate | None: ) -> x509.Certificate | None:
""" """
Get a certificate from the PKI directory Get a certificate from the PKI directory
""" """
if cert_type is CertificateType.ca: if dn is None:
cert_filename = self.output_directory.joinpath("ca.crt") cert_filename = self.output_directory.joinpath("ca.crt")
else: else:
if dn is None:
dn = DistinguishedName.build()
cert_filename = (self.output_directory.joinpath("issued") cert_filename = (self.output_directory.joinpath("issued")
.joinpath(f"{dn.common_name}.crt")) .joinpath(f"{dn.common_name}.crt"))
@ -284,7 +279,7 @@ class EasyRSA:
EASYRSA_REQ_CN="kiwi-vpn-ca", EASYRSA_REQ_CN="kiwi-vpn-ca",
) )
cert = self.get_certificate(cert_type=CertificateType.ca) cert = self.get_certificate()
assert cert is not None assert cert is not None
# # this takes long! # # this takes long!
@ -315,10 +310,7 @@ class EasyRSA:
**dn.easyrsa_env, **dn.easyrsa_env,
) )
return self.get_certificate( return self.get_certificate(dn=dn)
cert_type=cert_type,
dn=dn,
)
def renew( def renew(
self, self,

View file

@ -7,7 +7,7 @@ from fastapi.security import OAuth2PasswordBearer
from ..config import SETTINGS, Config from ..config import SETTINGS, Config
from ..db import Device, User from ..db import Device, User
from ..easyrsa import EASYRSA, CertificateType, EasyRSA from ..easyrsa import EASYRSA, EasyRSA
oauth2_scheme = OAuth2PasswordBearer( oauth2_scheme = OAuth2PasswordBearer(
tokenUrl=f"{SETTINGS.api_v1_prefix}/user/authenticate" tokenUrl=f"{SETTINGS.api_v1_prefix}/user/authenticate"
@ -145,7 +145,7 @@ async def get_pki() -> EasyRSA:
- 425: EasyRSA not initialized - 425: EasyRSA not initialized
""" """
if EASYRSA.get_certificate(cert_type=CertificateType.ca) is None: if EASYRSA.get_certificate() is None:
raise HTTPException(status_code=status.HTTP_425_TOO_EARLY) raise HTTPException(status_code=status.HTTP_425_TOO_EARLY)
return EASYRSA return EASYRSA