This commit is contained in:
Jörn-Michael Miehe 2022-03-31 23:15:49 +00:00
parent 26d171e6d3
commit ae16c884d6

View file

@ -119,6 +119,7 @@ class EasyRSA:
config = Config._ config = Config._
if (ca_password := config.crypto.ca_password) is None: if (ca_password := config.crypto.ca_password) is None:
# generate and save new CA password
ca_password = pwd.genword( ca_password = pwd.genword(
length=32, length=32,
charset="ascii_62", charset="ascii_62",
@ -159,14 +160,17 @@ class EasyRSA:
config = Config._ config = Config._
# always include password options
extra_args: list[str] = [ extra_args: list[str] = [
f"--passout=pass:{self.ca_password}", f"--passout=pass:{self.ca_password}",
f"--passin=pass:{self.ca_password}", f"--passin=pass:{self.ca_password}",
] ]
# if given, include expiry option
if expiry_days is not None: if expiry_days is not None:
extra_args += [f"--days={expiry_days}"] extra_args += [f"--days={expiry_days}"]
# if configured, include algorithm option
if (algorithm := config.crypto.key_algorithm) is not None: if (algorithm := config.crypto.key_algorithm) is not None:
args_map = { args_map = {
KeyAlgorithm.rsa2048: [ KeyAlgorithm.rsa2048: [
@ -191,11 +195,13 @@ class EasyRSA:
extra_args += args_map[algorithm] extra_args += args_map[algorithm]
# call easyrsa
self.__easyrsa( self.__easyrsa(
*extra_args, *extra_args,
*easyrsa_args *easyrsa_args
) )
# parse the new certificate
with open( with open(
self.output_directory.joinpath(cert_filename), "rb" self.output_directory.joinpath(cert_filename), "rb"
) as cert_file: ) as cert_file:
@ -205,7 +211,7 @@ class EasyRSA:
def init_pki(self) -> None: def init_pki(self) -> None:
""" """
Clean the working directory Clean working directory
""" """
self.__easyrsa("init-pki") self.__easyrsa("init-pki")