summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorelijah <elijah@riseup.net>2013-03-17 13:34:30 -0700
committerelijah <elijah@riseup.net>2013-03-17 13:34:30 -0700
commit24ca5c6bc02ff03168d72cf3fcd2b757ab4f741c (patch)
tree80281376243fd32c29d641d5aedfd6b848a65893
parent35229e4c4eecbe3a79e66dd8cf81d4103921cb7b (diff)
updated `leap test init` to work with openvpn service levels.
-rw-r--r--lib/leap_cli/commands/ca.rb13
-rw-r--r--lib/leap_cli/commands/test.rb24
-rw-r--r--lib/leap_cli/requirements.rb4
3 files changed, 29 insertions, 12 deletions
diff --git a/lib/leap_cli/commands/ca.rb b/lib/leap_cli/commands/ca.rb
index 07e0f10..2df7c97 100644
--- a/lib/leap_cli/commands/ca.rb
+++ b/lib/leap_cli/commands/ca.rb
@@ -177,6 +177,9 @@ module LeapCli; module Commands
write_file!(cert_file, root.to_pem)
end
+ #
+ # returns true if the certs associated with +node+ need to be regenerated.
+ #
def cert_needs_updating?(node)
if !file_exists?([:node_x509_cert, node.name], [:node_x509_key, node.name])
return true
@@ -237,17 +240,19 @@ module LeapCli; module Commands
write_file!([:node_x509_cert, node.name], cert.to_pem)
end
- def generate_test_client_cert
+ #
+ # yields client key and cert suitable for testing
+ #
+ def generate_test_client_cert(prefix=nil)
cert = CertificateAuthority::Certificate.new
cert.serial_number.number = cert_serial_number(provider.domain)
- cert.subject.common_name = random_common_name(provider.domain)
+ cert.subject.common_name = [prefix, random_common_name(provider.domain)].join
cert.not_before = yesterday
cert.not_after = years_from_yesterday(1)
cert.key_material.generate_key(1024) # just for testing, remember!
cert.parent = client_ca_root
cert.sign! client_test_signing_profile
- write_file! :test_client_key, cert.key_material.private_key.to_pem
- write_file! :test_client_cert, cert.to_pem
+ yield cert.key_material.private_key.to_pem, cert.to_pem
end
def ca_root
diff --git a/lib/leap_cli/commands/test.rb b/lib/leap_cli/commands/test.rb
index 1da4f6d..3f0feb0 100644
--- a/lib/leap_cli/commands/test.rb
+++ b/lib/leap_cli/commands/test.rb
@@ -5,8 +5,7 @@ module LeapCli; module Commands
test.desc 'Creates files needed to run tests.'
test.command :init do |init|
init.action do |global_options,options,args|
- generate_test_client_cert
- generate_test_client_openvpn_config
+ generate_test_client_openvpn_configs
end
end
@@ -22,14 +21,25 @@ module LeapCli; module Commands
private
- def generate_test_client_openvpn_config
+ #
+ # generates a whole bunch of openvpn configs that can be used to connect to different openvpn gateways
+ #
+ def generate_test_client_openvpn_configs
+ assert_config! 'provider.ca.client_certificates.unlimited_prefix'
+ assert_config! 'provider.ca.client_certificates.limited_prefix'
template = read_file! Path.find_file(:test_client_openvpn_template)
-
['production', 'testing', 'local', 'development'].each do |env|
- vpn_nodes = manager.nodes[:environment => env][:services => 'openvpn']
+ vpn_nodes = manager.nodes[:environment => env][:services => 'openvpn']['openvpn.allow_limited' => true]
+ if vpn_nodes.any?
+ generate_test_client_cert(provider.ca.client_certificates.limited_prefix) do |key, cert|
+ write_file! [:test_openvpn_config, env+'_limited'], Util.erb_eval(template, binding)
+ end
+ end
+ vpn_nodes = manager.nodes[:environment => env][:services => 'openvpn']['openvpn.allow_unlimited' => true]
if vpn_nodes.any?
- config = Util.erb_eval(template, binding)
- write_file! [:test_openvpn_config, env], config
+ generate_test_client_cert(provider.ca.client_certificates.unlimited_prefix) do |key, cert|
+ write_file! [:test_openvpn_config, env+'_unlimited'], Util.erb_eval(template, binding)
+ end
end
end
end
diff --git a/lib/leap_cli/requirements.rb b/lib/leap_cli/requirements.rb
index aa3be50..f1f0952 100644
--- a/lib/leap_cli/requirements.rb
+++ b/lib/leap_cli/requirements.rb
@@ -12,6 +12,8 @@ module LeapCli
"provider.ca.server_certificates.digest",
"provider.ca.name",
"provider.ca.bit_size",
- "provider.ca.life_span"
+ "provider.ca.life_span",
+ "provider.ca.client_certificates.unlimited_prefix",
+ "provider.ca.client_certificates.limited_prefix"
]
end