write_file!(cert_file, root.to_pem)
end
+ #
+ # returns true if the certs associated with +node+ need to be regenerated.
+ #
def cert_needs_updating?(node)
if !file_exists?([:node_x509_cert, node.name], [:node_x509_key, node.name])
return true
write_file!([:node_x509_cert, node.name], cert.to_pem)
end
- def generate_test_client_cert
+ #
+ # yields client key and cert suitable for testing
+ #
+ def generate_test_client_cert(prefix=nil)
cert = CertificateAuthority::Certificate.new
cert.serial_number.number = cert_serial_number(provider.domain)
- cert.subject.common_name = random_common_name(provider.domain)
+ cert.subject.common_name = [prefix, random_common_name(provider.domain)].join
cert.not_before = yesterday
cert.not_after = years_from_yesterday(1)
cert.key_material.generate_key(1024) # just for testing, remember!
cert.parent = client_ca_root
cert.sign! client_test_signing_profile
- write_file! :test_client_key, cert.key_material.private_key.to_pem
- write_file! :test_client_cert, cert.to_pem
+ yield cert.key_material.private_key.to_pem, cert.to_pem
end
def ca_root
test.desc 'Creates files needed to run tests.'
test.command :init do |init|
init.action do |global_options,options,args|
- generate_test_client_cert
- generate_test_client_openvpn_config
+ generate_test_client_openvpn_configs
end
end
private
- def generate_test_client_openvpn_config
+ #
+ # generates a whole bunch of openvpn configs that can be used to connect to different openvpn gateways
+ #
+ def generate_test_client_openvpn_configs
+ assert_config! 'provider.ca.client_certificates.unlimited_prefix'
+ assert_config! 'provider.ca.client_certificates.limited_prefix'
template = read_file! Path.find_file(:test_client_openvpn_template)
-
['production', 'testing', 'local', 'development'].each do |env|
- vpn_nodes = manager.nodes[:environment => env][:services => 'openvpn']
+ vpn_nodes = manager.nodes[:environment => env][:services => 'openvpn']['openvpn.allow_limited' => true]
+ if vpn_nodes.any?
+ generate_test_client_cert(provider.ca.client_certificates.limited_prefix) do |key, cert|
+ write_file! [:test_openvpn_config, env+'_limited'], Util.erb_eval(template, binding)
+ end
+ end
+ vpn_nodes = manager.nodes[:environment => env][:services => 'openvpn']['openvpn.allow_unlimited' => true]
if vpn_nodes.any?
- config = Util.erb_eval(template, binding)
- write_file! [:test_openvpn_config, env], config
+ generate_test_client_cert(provider.ca.client_certificates.unlimited_prefix) do |key, cert|
+ write_file! [:test_openvpn_config, env+'_unlimited'], Util.erb_eval(template, binding)
+ end
end
end
end
"provider.ca.server_certificates.digest",
"provider.ca.name",
"provider.ca.bit_size",
- "provider.ca.life_span"
+ "provider.ca.life_span",
+ "provider.ca.client_certificates.unlimited_prefix",
+ "provider.ca.client_certificates.limited_prefix"
]
end
projects / leap / leap_cli.git / commitdiff