comments
This commit is contained in:
parent
26d171e6d3
commit
ae16c884d6
1 changed files with 7 additions and 1 deletions
|
@ -119,6 +119,7 @@ class EasyRSA:
|
||||||
config = Config._
|
config = Config._
|
||||||
|
|
||||||
if (ca_password := config.crypto.ca_password) is None:
|
if (ca_password := config.crypto.ca_password) is None:
|
||||||
|
# generate and save new CA password
|
||||||
ca_password = pwd.genword(
|
ca_password = pwd.genword(
|
||||||
length=32,
|
length=32,
|
||||||
charset="ascii_62",
|
charset="ascii_62",
|
||||||
|
@ -159,14 +160,17 @@ class EasyRSA:
|
||||||
|
|
||||||
config = Config._
|
config = Config._
|
||||||
|
|
||||||
|
# always include password options
|
||||||
extra_args: list[str] = [
|
extra_args: list[str] = [
|
||||||
f"--passout=pass:{self.ca_password}",
|
f"--passout=pass:{self.ca_password}",
|
||||||
f"--passin=pass:{self.ca_password}",
|
f"--passin=pass:{self.ca_password}",
|
||||||
]
|
]
|
||||||
|
|
||||||
|
# if given, include expiry option
|
||||||
if expiry_days is not None:
|
if expiry_days is not None:
|
||||||
extra_args += [f"--days={expiry_days}"]
|
extra_args += [f"--days={expiry_days}"]
|
||||||
|
|
||||||
|
# if configured, include algorithm option
|
||||||
if (algorithm := config.crypto.key_algorithm) is not None:
|
if (algorithm := config.crypto.key_algorithm) is not None:
|
||||||
args_map = {
|
args_map = {
|
||||||
KeyAlgorithm.rsa2048: [
|
KeyAlgorithm.rsa2048: [
|
||||||
|
@ -191,11 +195,13 @@ class EasyRSA:
|
||||||
|
|
||||||
extra_args += args_map[algorithm]
|
extra_args += args_map[algorithm]
|
||||||
|
|
||||||
|
# call easyrsa
|
||||||
self.__easyrsa(
|
self.__easyrsa(
|
||||||
*extra_args,
|
*extra_args,
|
||||||
*easyrsa_args
|
*easyrsa_args
|
||||||
)
|
)
|
||||||
|
|
||||||
|
# parse the new certificate
|
||||||
with open(
|
with open(
|
||||||
self.output_directory.joinpath(cert_filename), "rb"
|
self.output_directory.joinpath(cert_filename), "rb"
|
||||||
) as cert_file:
|
) as cert_file:
|
||||||
|
@ -205,7 +211,7 @@ class EasyRSA:
|
||||||
|
|
||||||
def init_pki(self) -> None:
|
def init_pki(self) -> None:
|
||||||
"""
|
"""
|
||||||
Clean the working directory
|
Clean working directory
|
||||||
"""
|
"""
|
||||||
|
|
||||||
self.__easyrsa("init-pki")
|
self.__easyrsa("init-pki")
|
||||||
|
|
Loading…
Reference in a new issue