Yavook.de/kiwi-vpn
1
0
Fork 1
Code Issues Pull requests Projects Releases Wiki Activity

Compare commits

base: Yavook.de:26d171e6d3e27370fb529ee0cc059a4b577cd0cc
Branches Tags
Yavook.de:master
Yavook.de:develop
Yavook.de:permission_exceptions
..
compare: Yavook.de:583d1de06ac5c1f38ed9a33ec6a7a2e0f6cf72b2
Branches Tags
Yavook.de:develop
Yavook.de:permission_exceptions
Yavook.de:master

No commits in common. "26d171e6d3e27370fb529ee0cc059a4b577cd0cc" and "583d1de06ac5c1f38ed9a33ec6a7a2e0f6cf72b2" have entirely different histories.
26d171e6d3 ... 583d1de06a

3 changed files with 19 additions and 31 deletions
Show stats Expand all files Collapse all files

7
api/.vscode/launch.json vendored
View file

@ -10,13 +10,6 @@
"request": "launch", "request": "launch",
"module": "kiwi_vpn_api.main", "module": "kiwi_vpn_api.main",
"justMyCode": true "justMyCode": true
},
{
"name": "EasyRSA script",
"type": "python",
"request": "launch",
"module": "kiwi_vpn_api.easyrsa",
"justMyCode": true
} }
] ]
} }

4
api/kiwi_vpn_api/config.py
View file

@ -206,7 +206,7 @@ class ServerDN(BaseModel):
common_name: str common_name: str
class KeyAlgorithm(Enum): class CertificateAlgo(Enum):
""" """
Supported certificate signing algorithms Supported certificate signing algorithms
""" """
@ -227,7 +227,7 @@ class CryptoConfig(BaseModel):
schemes: list[str] = ["bcrypt"] schemes: list[str] = ["bcrypt"]
# pki settings # pki settings
key_algorithm: KeyAlgorithm | None cert_algo: CertificateAlgo | None
ca_password: str | None ca_password: str | None
ca_expiry_days: int | None ca_expiry_days: int | None
cert_expiry_days: int | None cert_expiry_days: int | None

39
api/kiwi_vpn_api/easyrsa.py
View file

@ -12,7 +12,7 @@ from OpenSSL import crypto
from passlib import pwd from passlib import pwd
from pydantic import BaseModel from pydantic import BaseModel
from .config import Config, KeyAlgorithm, Settings from .config import CertificateAlgo, Config, Settings
from .db import Connection, Device from .db import Connection, Device
@ -167,29 +167,24 @@ class EasyRSA:
if expiry_days is not None: if expiry_days is not None:
extra_args += [f"--days={expiry_days}"] extra_args += [f"--days={expiry_days}"]
if (algorithm := config.crypto.key_algorithm) is not None: if (algo := config.crypto.cert_algo) is not None:
args_map = { if algo is CertificateAlgo.rsa2048:
KeyAlgorithm.rsa2048: [ extra_args += ("--use-algo=rsa", "--keysize=2048")
"--use-algo=rsa", "--keysize=2048"
],
KeyAlgorithm.rsa2048: [
"--use-algo=rsa", "--keysize=2048"
],
KeyAlgorithm.secp256r1: [
"--use-algo=ec", "--curve=secp256r1"
],
KeyAlgorithm.secp384r1: [
"--use-algo=ec", "--curve=secp384r1"
],
KeyAlgorithm.ed25519: [
"--use-algo=ed", "--curve=ed25519"
]
}
if algorithm not in args_map: elif algo is CertificateAlgo.rsa4096:
raise ValueError(f"Unexpected algorithm: {algorithm}") extra_args += ("--use-algo=rsa", "--keysize=4096")
extra_args += args_map[algorithm] elif algo is CertificateAlgo.secp256r1:
extra_args += ("--use-algo=ec", "--curve=secp256r1")
elif algo is CertificateAlgo.secp384r1:
extra_args += ("--use-algo=ec", "--curve=secp384r1")
elif algo is CertificateAlgo.ed25519:
extra_args += ("--use-algo=ed", "--curve=ed25519")
else:
raise ValueError(f"Unexpected algorithm: {algo}")
self.__easyrsa( self.__easyrsa(
*extra_args, *extra_args,