CertificateType instead of str
This commit is contained in:
parent
72fc209349
commit
78e0515042
1 changed files with 23 additions and 4 deletions
|
@ -6,6 +6,7 @@ from __future__ import annotations
|
||||||
|
|
||||||
import subprocess
|
import subprocess
|
||||||
from datetime import datetime
|
from datetime import datetime
|
||||||
|
from enum import Enum, auto
|
||||||
from pathlib import Path
|
from pathlib import Path
|
||||||
|
|
||||||
from OpenSSL import crypto
|
from OpenSSL import crypto
|
||||||
|
@ -97,6 +98,19 @@ class DistinguishedName(BaseModel):
|
||||||
]
|
]
|
||||||
|
|
||||||
|
|
||||||
|
class CertificateType(Enum):
|
||||||
|
"""
|
||||||
|
Possible types of certificates
|
||||||
|
"""
|
||||||
|
|
||||||
|
ca = auto()
|
||||||
|
client = auto()
|
||||||
|
server = auto()
|
||||||
|
|
||||||
|
def __str__(self) -> str:
|
||||||
|
return self._name_
|
||||||
|
|
||||||
|
|
||||||
class EasyRSA:
|
class EasyRSA:
|
||||||
"""
|
"""
|
||||||
Represents an EasyRSA PKI.
|
Represents an EasyRSA PKI.
|
||||||
|
@ -225,6 +239,7 @@ class EasyRSA:
|
||||||
Path("ca.crt"),
|
Path("ca.crt"),
|
||||||
Config._.crypto.ca_expiry_days,
|
Config._.crypto.ca_expiry_days,
|
||||||
|
|
||||||
|
"--dn-mode=cn_only",
|
||||||
"--req-cn=kiwi-vpn-ca",
|
"--req-cn=kiwi-vpn-ca",
|
||||||
|
|
||||||
"build-ca",
|
"build-ca",
|
||||||
|
@ -236,13 +251,17 @@ class EasyRSA:
|
||||||
|
|
||||||
def issue(
|
def issue(
|
||||||
self,
|
self,
|
||||||
cert_type: str = "client",
|
cert_type: CertificateType = CertificateType.client,
|
||||||
dn: DistinguishedName = DistinguishedName.build(),
|
dn: DistinguishedName = DistinguishedName.build(),
|
||||||
) -> crypto.X509:
|
) -> crypto.X509 | None:
|
||||||
"""
|
"""
|
||||||
Issue a client or server certificate
|
Issue a client or server certificate
|
||||||
"""
|
"""
|
||||||
|
|
||||||
|
if not (cert_type is CertificateType.client
|
||||||
|
or cert_type is CertificateType.server):
|
||||||
|
return None
|
||||||
|
|
||||||
return self.__build_cert(
|
return self.__build_cert(
|
||||||
Path(f"issued/{dn.common_name}.crt"),
|
Path(f"issued/{dn.common_name}.crt"),
|
||||||
Config._.crypto.cert_expiry_days,
|
Config._.crypto.cert_expiry_days,
|
||||||
|
@ -262,7 +281,7 @@ if __name__ == "__main__":
|
||||||
easy_rsa.init_pki()
|
easy_rsa.init_pki()
|
||||||
|
|
||||||
ca = easy_rsa.build_ca()
|
ca = easy_rsa.build_ca()
|
||||||
server = easy_rsa.issue("server")
|
server = easy_rsa.issue(CertificateType.server)
|
||||||
client = None
|
client = None
|
||||||
|
|
||||||
# check if configured
|
# check if configured
|
||||||
|
@ -275,7 +294,7 @@ if __name__ == "__main__":
|
||||||
db.add(device)
|
db.add(device)
|
||||||
dn = DistinguishedName.build(device)
|
dn = DistinguishedName.build(device)
|
||||||
|
|
||||||
client = easy_rsa.issue("client", dn)
|
client = easy_rsa.issue(dn=dn)
|
||||||
|
|
||||||
date_format, encoding = "%Y%m%d%H%M%SZ", "ascii"
|
date_format, encoding = "%Y%m%d%H%M%SZ", "ascii"
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue