diff options
author | elijah <elijah@riseup.net> | 2013-03-17 13:34:30 -0700 |
---|---|---|
committer | elijah <elijah@riseup.net> | 2013-03-17 13:34:30 -0700 |
commit | 24ca5c6bc02ff03168d72cf3fcd2b757ab4f741c (patch) | |
tree | 80281376243fd32c29d641d5aedfd6b848a65893 | |
parent | 35229e4c4eecbe3a79e66dd8cf81d4103921cb7b (diff) | |
download | leap_cli-24ca5c6bc02ff03168d72cf3fcd2b757ab4f741c.tar.gz leap_cli-24ca5c6bc02ff03168d72cf3fcd2b757ab4f741c.tar.bz2 |
updated `leap test init` to work with openvpn service levels.
-rw-r--r-- | lib/leap_cli/commands/ca.rb | 13 | ||||
-rw-r--r-- | lib/leap_cli/commands/test.rb | 24 | ||||
-rw-r--r-- | lib/leap_cli/requirements.rb | 4 |
3 files changed, 29 insertions, 12 deletions
diff --git a/lib/leap_cli/commands/ca.rb b/lib/leap_cli/commands/ca.rb index 07e0f10..2df7c97 100644 --- a/lib/leap_cli/commands/ca.rb +++ b/lib/leap_cli/commands/ca.rb @@ -177,6 +177,9 @@ module LeapCli; module Commands write_file!(cert_file, root.to_pem) end + # + # returns true if the certs associated with +node+ need to be regenerated. + # def cert_needs_updating?(node) if !file_exists?([:node_x509_cert, node.name], [:node_x509_key, node.name]) return true @@ -237,17 +240,19 @@ module LeapCli; module Commands write_file!([:node_x509_cert, node.name], cert.to_pem) end - def generate_test_client_cert + # + # yields client key and cert suitable for testing + # + def generate_test_client_cert(prefix=nil) cert = CertificateAuthority::Certificate.new cert.serial_number.number = cert_serial_number(provider.domain) - cert.subject.common_name = random_common_name(provider.domain) + cert.subject.common_name = [prefix, random_common_name(provider.domain)].join cert.not_before = yesterday cert.not_after = years_from_yesterday(1) cert.key_material.generate_key(1024) # just for testing, remember! cert.parent = client_ca_root cert.sign! client_test_signing_profile - write_file! :test_client_key, cert.key_material.private_key.to_pem - write_file! :test_client_cert, cert.to_pem + yield cert.key_material.private_key.to_pem, cert.to_pem end def ca_root diff --git a/lib/leap_cli/commands/test.rb b/lib/leap_cli/commands/test.rb index 1da4f6d..3f0feb0 100644 --- a/lib/leap_cli/commands/test.rb +++ b/lib/leap_cli/commands/test.rb @@ -5,8 +5,7 @@ module LeapCli; module Commands test.desc 'Creates files needed to run tests.' test.command :init do |init| init.action do |global_options,options,args| - generate_test_client_cert - generate_test_client_openvpn_config + generate_test_client_openvpn_configs end end @@ -22,14 +21,25 @@ module LeapCli; module Commands private - def generate_test_client_openvpn_config + # + # generates a whole bunch of openvpn configs that can be used to connect to different openvpn gateways + # + def generate_test_client_openvpn_configs + assert_config! 'provider.ca.client_certificates.unlimited_prefix' + assert_config! 'provider.ca.client_certificates.limited_prefix' template = read_file! Path.find_file(:test_client_openvpn_template) - ['production', 'testing', 'local', 'development'].each do |env| - vpn_nodes = manager.nodes[:environment => env][:services => 'openvpn'] + vpn_nodes = manager.nodes[:environment => env][:services => 'openvpn']['openvpn.allow_limited' => true] + if vpn_nodes.any? + generate_test_client_cert(provider.ca.client_certificates.limited_prefix) do |key, cert| + write_file! [:test_openvpn_config, env+'_limited'], Util.erb_eval(template, binding) + end + end + vpn_nodes = manager.nodes[:environment => env][:services => 'openvpn']['openvpn.allow_unlimited' => true] if vpn_nodes.any? - config = Util.erb_eval(template, binding) - write_file! [:test_openvpn_config, env], config + generate_test_client_cert(provider.ca.client_certificates.unlimited_prefix) do |key, cert| + write_file! [:test_openvpn_config, env+'_unlimited'], Util.erb_eval(template, binding) + end end end end diff --git a/lib/leap_cli/requirements.rb b/lib/leap_cli/requirements.rb index aa3be50..f1f0952 100644 --- a/lib/leap_cli/requirements.rb +++ b/lib/leap_cli/requirements.rb @@ -12,6 +12,8 @@ module LeapCli "provider.ca.server_certificates.digest", "provider.ca.name", "provider.ca.bit_size", - "provider.ca.life_span" + "provider.ca.life_span", + "provider.ca.client_certificates.unlimited_prefix", + "provider.ca.client_certificates.limited_prefix" ] end |