CertificateType instead of str

This commit is contained in:
Jörn-Michael Miehe 2022-04-01 15:39:48 +00:00
parent 72fc209349
commit 78e0515042

View file

@ -6,6 +6,7 @@ from __future__ import annotations
import subprocess import subprocess
from datetime import datetime from datetime import datetime
from enum import Enum, auto
from pathlib import Path from pathlib import Path
from OpenSSL import crypto from OpenSSL import crypto
@ -97,6 +98,19 @@ class DistinguishedName(BaseModel):
] ]
class CertificateType(Enum):
"""
Possible types of certificates
"""
ca = auto()
client = auto()
server = auto()
def __str__(self) -> str:
return self._name_
class EasyRSA: class EasyRSA:
""" """
Represents an EasyRSA PKI. Represents an EasyRSA PKI.
@ -225,6 +239,7 @@ class EasyRSA:
Path("ca.crt"), Path("ca.crt"),
Config._.crypto.ca_expiry_days, Config._.crypto.ca_expiry_days,
"--dn-mode=cn_only",
"--req-cn=kiwi-vpn-ca", "--req-cn=kiwi-vpn-ca",
"build-ca", "build-ca",
@ -236,13 +251,17 @@ class EasyRSA:
def issue( def issue(
self, self,
cert_type: str = "client", cert_type: CertificateType = CertificateType.client,
dn: DistinguishedName = DistinguishedName.build(), dn: DistinguishedName = DistinguishedName.build(),
) -> crypto.X509: ) -> crypto.X509 | None:
""" """
Issue a client or server certificate Issue a client or server certificate
""" """
if not (cert_type is CertificateType.client
or cert_type is CertificateType.server):
return None
return self.__build_cert( return self.__build_cert(
Path(f"issued/{dn.common_name}.crt"), Path(f"issued/{dn.common_name}.crt"),
Config._.crypto.cert_expiry_days, Config._.crypto.cert_expiry_days,
@ -262,7 +281,7 @@ if __name__ == "__main__":
easy_rsa.init_pki() easy_rsa.init_pki()
ca = easy_rsa.build_ca() ca = easy_rsa.build_ca()
server = easy_rsa.issue("server") server = easy_rsa.issue(CertificateType.server)
client = None client = None
# check if configured # check if configured
@ -275,7 +294,7 @@ if __name__ == "__main__":
db.add(device) db.add(device)
dn = DistinguishedName.build(device) dn = DistinguishedName.build(device)
client = easy_rsa.issue("client", dn) client = easy_rsa.issue(dn=dn)
date_format, encoding = "%Y%m%d%H%M%SZ", "ascii" date_format, encoding = "%Y%m%d%H%M%SZ", "ascii"