refactoring

launch config for EasyRSA script
2022-03-31 16:59:14 +00:00 · 2022-03-31 16:56:57 +00:00
3 changed files with 31 additions and 19 deletions
--- a/api/.vscode/launch.json
+++ b/api/.vscode/launch.json
@ -10,6 +10,13 @@
            "request": "launch",
            "module": "kiwi_vpn_api.main",
            "justMyCode": true
+        },
+        {
+            "name": "EasyRSA script",
+            "type": "python",
+            "request": "launch",
+            "module": "kiwi_vpn_api.easyrsa",
+            "justMyCode": true
        }
    ]
 }
--- a/api/kiwi_vpn_api/config.py
+++ b/api/kiwi_vpn_api/config.py
@ -206,7 +206,7 @@ class ServerDN(BaseModel):
    common_name: str


-class CertificateAlgo(Enum):
+class KeyAlgorithm(Enum):
    """
    Supported certificate signing algorithms
    """
@ -227,7 +227,7 @@ class CryptoConfig(BaseModel):
    schemes: list[str] = ["bcrypt"]

    # pki settings
-    cert_algo: CertificateAlgo | None
+    key_algorithm: KeyAlgorithm | None
    ca_password: str | None
    ca_expiry_days: int | None
    cert_expiry_days: int | None
--- a/api/kiwi_vpn_api/easyrsa.py
+++ b/api/kiwi_vpn_api/easyrsa.py
@ -12,7 +12,7 @@ from OpenSSL import crypto
 from passlib import pwd
 from pydantic import BaseModel

-from .config import CertificateAlgo, Config, Settings
+from .config import Config, KeyAlgorithm, Settings
 from .db import Connection, Device


@ -167,24 +167,29 @@ class EasyRSA:
        if expiry_days is not None:
            extra_args += [f"--days={expiry_days}"]

-        if (algo := config.crypto.cert_algo) is not None:
-            if algo is CertificateAlgo.rsa2048:
-                extra_args += ("--use-algo=rsa", "--keysize=2048")
+        if (algorithm := config.crypto.key_algorithm) is not None:
+            args_map = {
+                KeyAlgorithm.rsa2048: [
+                    "--use-algo=rsa", "--keysize=2048"
+                ],
+                KeyAlgorithm.rsa2048: [
+                    "--use-algo=rsa", "--keysize=2048"
+                ],
+                KeyAlgorithm.secp256r1: [
+                    "--use-algo=ec", "--curve=secp256r1"
+                ],
+                KeyAlgorithm.secp384r1: [
+                    "--use-algo=ec", "--curve=secp384r1"
+                ],
+                KeyAlgorithm.ed25519: [
+                    "--use-algo=ed", "--curve=ed25519"
+                ]
+            }

-            elif algo is CertificateAlgo.rsa4096:
-                extra_args += ("--use-algo=rsa", "--keysize=4096")
+            if algorithm not in args_map:
+                raise ValueError(f"Unexpected algorithm: {algorithm}")

-            elif algo is CertificateAlgo.secp256r1:
-                extra_args += ("--use-algo=ec", "--curve=secp256r1")
-
-            elif algo is CertificateAlgo.secp384r1:
-                extra_args += ("--use-algo=ec", "--curve=secp384r1")
-
-            elif algo is CertificateAlgo.ed25519:
-                extra_args += ("--use-algo=ed", "--curve=ed25519")
-
-            else:
-                raise ValueError(f"Unexpected algorithm: {algo}")
+            extra_args += args_map[algorithm]

        self.__easyrsa(
            *extra_args,
Author	SHA1	Message	Date
Jörn-Michael Miehe	26d171e6d3	refactoring	2022-03-31 16:59:14 +00:00
Jörn-Michael Miehe	eb2301d193	launch config for EasyRSA script	2022-03-31 16:56:57 +00:00