From ae16c884d675b0c50eed084f6f28cf74740ce971 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rn-Michael=20Miehe?= <40151420+ldericher@users.noreply.github.com> Date: Thu, 31 Mar 2022 23:15:49 +0000 Subject: [PATCH] comments --- api/kiwi_vpn_api/easyrsa.py | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/api/kiwi_vpn_api/easyrsa.py b/api/kiwi_vpn_api/easyrsa.py index 7232234..d242757 100644 --- a/api/kiwi_vpn_api/easyrsa.py +++ b/api/kiwi_vpn_api/easyrsa.py @@ -119,6 +119,7 @@ class EasyRSA: config = Config._ if (ca_password := config.crypto.ca_password) is None: + # generate and save new CA password ca_password = pwd.genword( length=32, charset="ascii_62", @@ -159,14 +160,17 @@ class EasyRSA: config = Config._ + # always include password options extra_args: list[str] = [ f"--passout=pass:{self.ca_password}", f"--passin=pass:{self.ca_password}", ] + # if given, include expiry option if expiry_days is not None: extra_args += [f"--days={expiry_days}"] + # if configured, include algorithm option if (algorithm := config.crypto.key_algorithm) is not None: args_map = { KeyAlgorithm.rsa2048: [ @@ -191,11 +195,13 @@ class EasyRSA: extra_args += args_map[algorithm] + # call easyrsa self.__easyrsa( *extra_args, *easyrsa_args ) + # parse the new certificate with open( self.output_directory.joinpath(cert_filename), "rb" ) as cert_file: @@ -205,7 +211,7 @@ class EasyRSA: def init_pki(self) -> None: """ - Clean the working directory + Clean working directory """ self.__easyrsa("init-pki")