class Net::Openvpn::Generators::Keys::Base

Attributes

props[R]

Public Class Methods

new(name, props) click to toggle source
# File lib/net/openvpn/generators/keys/base.rb, line 8
def initialize(name, props)
  @name = name
  @props = Openvpn.props.merge props
  @props[:key_cn] = @name
  @key_dir = Directory.new(@props)

  Properties.validate! @props
end

Public Instance Methods

exist?() click to toggle source

Returns true if all the generated keys exist or false if not

# File lib/net/openvpn/generators/keys/base.rb, line 22
def exist?
  filepaths.each do |file|
    return false if !File.exist? file
  end
  true
end
generate() click to toggle source
# File lib/net/openvpn/generators/keys/base.rb, line 17
def generate
  raise NotImplementedError
end
revoke!() click to toggle source

Revokes the keys

Returns true if the keys were revoked or false if the keys do not exist or are not valid

raises ‘Net::Openvpn::Errors::CertificateRevocation` if the key failed to be revoked

# File lib/net/openvpn/generators/keys/base.rb, line 57
def revoke!
  return false unless exist? and valid?

  FileUtils.cd(Openvpn.props[:easy_rsa]) do
    output = %x[#{cli_prop_vars} ./revoke-full #{@name}]
    raise Errors::CertificateRevocation, "Revoke command failed" if !output.include? "error 23" # error 23 means key was revoked
  end

  !valid? or raise Errors::CertificateRevocation, "Certificates were still valid after being revoked"

  true
end
valid?() click to toggle source

Returns true if the generated keys are valid by checking the key index and then checking the pemfile against the crt file.

# File lib/net/openvpn/generators/keys/base.rb, line 32
def valid?
  return false unless @key_dir.exist?

  # read the index file
  m = File.read(Openvpn.props[:key_index]).match /^V.*CN=#{@name}.*$/

  return false if m.nil?

  # get the pem number and build the paths
  pem = m[0].split("\t")[3]
  pem_path = "#{Openvpn.props[:key_dir]}/#{pem}.pem"
  crt_path = "#{Openvpn.props[:key_dir]}/#{@name}.crt"

  # Check the pem against the current cert for the name
  File.read(pem_path) == File.read(crt_path)
end

Private Instance Methods

cli_prop_vars() click to toggle source

Generates the variable string of key properties to preceed easy-rsa script calls

An example with just two properties:

EASY_RSA="/usr/share/easy-rsa" KEY_CN="fred" build-key ...
# File lib/net/openvpn/generators/keys/base.rb, line 79
def cli_prop_vars
  Properties.to_cli_vars(@props)
end
filepaths() click to toggle source
# File lib/net/openvpn/generators/keys/base.rb, line 83
def filepaths
  raise NotImplementedError
end