comments

api/kiwi_vpn_api/easyrsa.py

@@ -119,6 +119,7 @@ class EasyRSA:
         config = Config._
 
         if (ca_password := config.crypto.ca_password) is None:
+            # generate and save new CA password
             ca_password = pwd.genword(
                 length=32,
                 charset="ascii_62",
@@ -159,14 +160,17 @@ class EasyRSA:
 
         config = Config._
 
+        # always include password options
         extra_args: list[str] = [
             f"--passout=pass:{self.ca_password}",
             f"--passin=pass:{self.ca_password}",
         ]
 
+        # if given, include expiry option
         if expiry_days is not None:
             extra_args += [f"--days={expiry_days}"]
 
+        # if configured, include algorithm option
         if (algorithm := config.crypto.key_algorithm) is not None:
             args_map = {
                 KeyAlgorithm.rsa2048: [
@@ -191,11 +195,13 @@ class EasyRSA:
 
             extra_args += args_map[algorithm]
 
+        # call easyrsa
         self.__easyrsa(
             *extra_args,
             *easyrsa_args
         )
 
+        # parse the new certificate
         with open(
             self.output_directory.joinpath(cert_filename), "rb"
         ) as cert_file:
@@ -205,7 +211,7 @@ class EasyRSA:
 
     def init_pki(self) -> None:
         """
-        Clean the working directory
+        Clean working directory
         """
 
         self.__easyrsa("init-pki")