diff options
Diffstat (limited to 'lib')
-rw-r--r-- | lib/leap_cli/commands/ca.rb | 43 | ||||
-rw-r--r-- | lib/leap_cli/commands/test.rb | 26 | ||||
-rw-r--r-- | lib/leap_cli/path.rb | 76 | ||||
-rw-r--r-- | lib/leap_cli/util.rb | 9 |
4 files changed, 113 insertions, 41 deletions
diff --git a/lib/leap_cli/commands/ca.rb b/lib/leap_cli/commands/ca.rb index 5aa0cde..05bdb2b 100644 --- a/lib/leap_cli/commands/ca.rb +++ b/lib/leap_cli/commands/ca.rb @@ -144,7 +144,7 @@ module LeapCli; module Commands cert.not_before = today cert.not_after = years_from_today(1) cert.parent = ca_root - cert.sign! test_cert_signing_profile + cert.sign! domain_test_signing_profile write_file! [:commercial_cert, manager.provider.domain], cert.to_pem log "please replace this file with the real certificate you get from a CA using #{Path.relative_path([:commercial_csr, manager.provider.domain])}" end @@ -217,6 +217,19 @@ module LeapCli; module Commands write_file!([:node_x509_cert, node.name], cert.to_pem) end + def generate_test_client_cert + cert = CertificateAuthority::Certificate.new + cert.serial_number.number = cert_serial_number(manager.provider.domain) + cert.subject.common_name = random_common_name(manager.provider.domain) + cert.not_before = today + cert.not_after = years_from_today(1) + cert.key_material.generate_key(1024) # just for testing, remember! + cert.parent = ca_root + cert.sign! client_test_signing_profile + write_file! :test_client_key, cert.key_material.private_key.to_pem + write_file! :test_client_cert, cert.to_pem + end + def ca_root @ca_root ||= begin load_certificate_file(:ca_cert, :ca_key) @@ -277,7 +290,7 @@ module LeapCli; module Commands # with our own CA (for testing purposes). Typically, this cert would # be purchased from a commercial CA, and not signed this way. # - def test_cert_signing_profile + def domain_test_signing_profile { "digest" => "SHA256", "extensions" => { @@ -291,6 +304,24 @@ module LeapCli; module Commands } end + # + # This is used when signing a dummy client certificate that is only to be + # used for testing. + # + def client_test_signing_profile + { + "digest" => "SHA256", + "extensions" => { + "keyUsage" => { + "usage" => ["digitalSignature", "keyAgreement"] + }, + "extendedKeyUsage" => { + "usage" => ["clientAuth"] + } + } + } + end + def dns_names_for_node(node) names = [node.domain.internal] if node['dns'] && node.dns['aliases'] && node.dns.aliases.any? @@ -310,6 +341,14 @@ module LeapCli; module Commands Digest::MD5.hexdigest("#{domain_name} -- #{Time.now}").to_i(16) end + # + # for the random common name, we need a text string that will be unique across all certs. + # ruby 1.8 doesn't have a built-in uuid generator, or we would use SecureRandom.uuid + # + def random_common_name(domain_name) + cert_serial_number(domain_name).to_s(36) + end + def today t = Time.now Time.utc t.year, t.month, t.day diff --git a/lib/leap_cli/commands/test.rb b/lib/leap_cli/commands/test.rb new file mode 100644 index 0000000..dc08652 --- /dev/null +++ b/lib/leap_cli/commands/test.rb @@ -0,0 +1,26 @@ +module LeapCli; module Commands + + desc 'Creates files needed to run tests' + command :'init-test' do |c| + c.action do |global_options,options,args| + generate_test_client_cert + generate_test_client_openvpn_config + end + end + + desc 'Run tests' + command :test do |c| + c.action do |global_options,options,args| + log 'not yet implemented' + end + end + + private + + def generate_test_client_openvpn_config + template = read_file! Path.find_file(:test_client_openvpn_template) + config = Util.erb_eval(template, binding) + write_file! :test_client_openvpn_config, config + end + +end; end diff --git a/lib/leap_cli/path.rb b/lib/leap_cli/path.rb index 98f4f99..27ffcce 100644 --- a/lib/leap_cli/path.rb +++ b/lib/leap_cli/path.rb @@ -19,6 +19,10 @@ module LeapCli; module Path :service_config => 'services/#{arg}.json', :tag_config => 'tags/#{arg}.json', + # input templates + :provider_json_template => 'files/service-definitions/provider.json.erb', + :eip_service_json_template => 'files/service-definitions/eip-service.json.erb', + # input data files :commercial_cert => 'files/cert/#{arg}.crt', :commercial_key => 'files/cert/#{arg}.key', @@ -38,9 +42,15 @@ module LeapCli; module Path :commercial_csr => 'files/cert/#{arg}.csr', :commercial_cert => 'files/cert/#{arg}.crt', :commercial_ca_cert => 'files/cert/commercial_ca.crt', - :node_x509_key => 'files/nodes/#{arg}/#{arg}.key', - :node_x509_cert => 'files/nodes/#{arg}/#{arg}.crt', - :vagrantfile => 'test/Vagrantfile' + :node_x509_key => 'files/nodes/#{arg}/#{arg}.key', + :node_x509_cert => 'files/nodes/#{arg}/#{arg}.crt', + :vagrantfile => 'test/Vagrantfile', + + # testing files + :test_client_key => 'test/cert/client.key', + :test_client_cert => 'test/cert/client.crt', + :test_client_openvpn_config => 'test/openvpn/client.ovpn', + :test_client_openvpn_template => 'test/openvpn/client.ovpn.erb' } # @@ -103,42 +113,30 @@ module LeapCli; module Path # all the places we search for a file when using find_file. # this is perhaps too many places. # - def self.search_path - @search_path ||= begin - search_path = [] - [Path.provider_base, Path.provider].each do |provider| - files_dir = named_path(:files_dir, provider) - search_path << provider - search_path << named_path(:files_dir, provider) - search_path << named_path(:nodes_dir, files_dir) - search_path << named_path(:services_dir, files_dir) - search_path << named_path(:tags_dir, files_dir) - end - search_path - end - end - - # - # tries to find a file somewhere with 'filename' (which is probably in the form [node.name, filename]) - # - def self.find_file(filename) - # named path? - if filename.is_a? Array - path = named_path(filename, Path.provider_base) - return path if File.exists?(path) - path = named_path(filename, provider) - return path if File.exists?(path) - end - - # otherwise, lets search - search_path.each do |path_root| - path = [path_root, name, filename].join('/') - return path if File.exists?(path) - end - search_path.each do |path_root| - path = [path_root, filename].join('/') - return path if File.exists?(path) - end + # def self.search_path + # @search_path ||= begin + # search_path = [] + # [Path.provider_base, Path.provider].each do |provider| + # #files_dir = named_path(:files_dir, provider) + # search_path << provider + # #search_path << named_path(:files_dir, provider) + # #search_path << named_path(:nodes_dir, files_dir) + # #search_path << named_path(:services_dir, files_dir) + # #search_path << named_path(:tags_dir, files_dir) + # end + # search_path + # end + # end + + # + # tries to find a file somewhere + # + def self.find_file(arg) + file_path = named_path(arg, Path.provider) + return file_path if File.exists?(file_path) + + file_path = named_path(arg, Path.provider_base) + return file_path if File.exists?(file_path) # give up return nil diff --git a/lib/leap_cli/util.rb b/lib/leap_cli/util.rb index 0b0fb9e..c3adbdc 100644 --- a/lib/leap_cli/util.rb +++ b/lib/leap_cli/util.rb @@ -1,6 +1,7 @@ require 'digest/md5' require 'paint' require 'fileutils' +require 'erb' module LeapCli @@ -276,6 +277,14 @@ module LeapCli STDOUT.puts end + ## + ## ERB + ## + + def erb_eval(string, binding=nil) + ERB.new(string, nil, '%<>-').result(binding) + end + end end |