refactoring

launch config for EasyRSA script
2022-03-31 16:59:14 +00:00 · 2022-03-31 16:56:57 +00:00
3 changed files with 31 additions and 19 deletions
--- a/api/.vscode/launch.json
+++ b/api/.vscode/launch.json
@ -10,6 +10,13 @@
            "request": "launch",
            "module": "kiwi_vpn_api.main",
            "justMyCode": true
        },
        {
            "name": "EasyRSA script",
            "type": "python",
            "request": "launch",
            "module": "kiwi_vpn_api.easyrsa",
            "justMyCode": true
        }
    ]
 }
--- a/api/kiwi_vpn_api/config.py
+++ b/api/kiwi_vpn_api/config.py
@ -206,7 +206,7 @@ class ServerDN(BaseModel):
    common_name: str
-class CertificateAlgo(Enum):
+class KeyAlgorithm(Enum):
    """
    Supported certificate signing algorithms
    """
@ -227,7 +227,7 @@ class CryptoConfig(BaseModel):
    schemes: list[str] = ["bcrypt"]
    # pki settings
-    cert_algo: CertificateAlgo | None
+    key_algorithm: KeyAlgorithm | None
    ca_password: str | None
    ca_expiry_days: int | None
    cert_expiry_days: int | None
--- a/api/kiwi_vpn_api/easyrsa.py
+++ b/api/kiwi_vpn_api/easyrsa.py
@ -12,7 +12,7 @@ from OpenSSL import crypto
 from passlib import pwd
 from pydantic import BaseModel
-from .config import CertificateAlgo, Config, Settings
+from .config import Config, KeyAlgorithm, Settings
 from .db import Connection, Device
@ -167,24 +167,29 @@ class EasyRSA:
        if expiry_days is not None:
            extra_args += [f"--days={expiry_days}"]
-        if (algo := config.crypto.cert_algo) is not None:
+        if (algorithm := config.crypto.key_algorithm) is not None:
-            if algo is CertificateAlgo.rsa2048:
+            args_map = {
-                extra_args += ("--use-algo=rsa", "--keysize=2048")
+                KeyAlgorithm.rsa2048: [
                    "--use-algo=rsa", "--keysize=2048"
                ],
                KeyAlgorithm.rsa2048: [
                    "--use-algo=rsa", "--keysize=2048"
                ],
                KeyAlgorithm.secp256r1: [
                    "--use-algo=ec", "--curve=secp256r1"
                ],
                KeyAlgorithm.secp384r1: [
                    "--use-algo=ec", "--curve=secp384r1"
                ],
                KeyAlgorithm.ed25519: [
                    "--use-algo=ed", "--curve=ed25519"
                ]
            }
-            elif algo is CertificateAlgo.rsa4096:
+            if algorithm not in args_map:
-                extra_args += ("--use-algo=rsa", "--keysize=4096")
+                raise ValueError(f"Unexpected algorithm: {algorithm}")
-            elif algo is CertificateAlgo.secp256r1:
+            extra_args += args_map[algorithm]
                extra_args += ("--use-algo=ec", "--curve=secp256r1")
            elif algo is CertificateAlgo.secp384r1:
                extra_args += ("--use-algo=ec", "--curve=secp384r1")
            elif algo is CertificateAlgo.ed25519:
                extra_args += ("--use-algo=ed", "--curve=ed25519")
            else:
                raise ValueError(f"Unexpected algorithm: {algo}")
        self.__easyrsa(
            *extra_args,
Author	SHA1	Message	Date
Jörn-Michael Miehe	26d171e6d3	refactoring	2022-03-31 16:59:14 +00:00
Jörn-Michael Miehe	eb2301d193	launch config for EasyRSA script	2022-03-31 16:56:57 +00:00