commit 30bdab9e6de03cb73affaa80bb6bdb6d09e35aa5
author Jeremy Mowery <jermowery@email.arizona.edu> Tue Mar 29 23:52:46 2016 -0700
committer Jeremy Mowery <jermowery@email.arizona.edu> Tue Mar 29 23:52:46 2016 -0700
tree 979a11ee0447d7bc18c2e81ca3ca1684d36b1bbe
parent abccb8af48c325070fe87d1060ec493cec0cb0a1

Move to using a PKI per server

xos/services/vpn/models.py

diff --git a/xos/services/vpn/models.py b/xos/services/vpn/models.py
index 94e62b6..72a6407 100644
--- a/xos/services/vpn/models.py
+++ b/xos/services/vpn/models.py
@@ -1,6 +1,6 @@
 from core.models import Service, TenantWithContainer
 from django.db import transaction
-from xos.exceptions import XOSConfigurationError, XOSValidationError
+from xos.exceptions import XOSValidationError
 
 VPN_KIND = "vpn"
 
@@ -28,7 +28,7 @@
 
     def get_next_available_port(self, protocol):
         if protocol != "udp" and protocol != "tcp":
-            raise XOSConfigurationError("Port protocol must be udp or tcp")
+            raise XOSValidationError("Port protocol must be udp or tcp")
         if not self.exposed_ports[protocol]:
             raise XOSValidationError("No availble ports for protocol: " + protocol)
         tenants = [tenant for tenant in VPNTenant.get_tenant_objects.all() if tenant.protocol == protocol]
@@ -198,10 +198,10 @@
             script += (line.rstrip() + r"\n")
         script += ("\" > ca.crt\n")
         script += ("printf \"%b\" \"")
-        for line in self.generate_client_cert(client_name):
+        for line in self.get_client_cert(client_name):
             script += (line.rstrip() + r"\n")
         script += ("\" > " + client_name + ".crt\n")
-        for line in self.generate_client_key(client_name):
+        for line in self.get_client_key(client_name):
             script += (line.rstrip() + r"\n")
         script += ("\" > " + client_name + ".key\n")
         # make sure openvpn is installed
@@ -211,11 +211,11 @@
         # close the script
         return script
 
-    def generate_client_cert(self, client_name):
-        return open("/opt/openvpn/easyrsa3/pki/issued/" + client_name + ".crt").readlines()
+    def get_client_cert(self, client_name):
+        return open("/opt/openvpn/easyrsa3/server-" + self.id + "/issued/" + client_name + ".crt").readlines()
 
-    def generate_client_key(self, client_name):
-        return open("/opt/openvpn/easyrsa3/pki/private/" + client_name + ".key").readlines()
+    def get_client_key(self, client_name):
+        return open("/opt/openvpn/easyrsa3/server-" + self.id + "/private/" + client_name + ".key").readlines()
 
     def generate_client_conf(self, client_name):
         """str: Generates the client configuration to use to connect to this VPN server.