Class: Net::Openvpn::Generators::Keys::Base

Inherits:

Object

• Object
• Net::Openvpn::Generators::Keys::Base

Defined in:

lib/net/openvpn/generators/keys/base.rb

Direct Known Subclasses

Authority, Client, Server

Instance Method Summary

• #exist? ⇒ Boolean

  Returns true if all the generated keys exist or false if not.

• #generate ⇒ Object
• #initialize(name, props) ⇒ Base constructor

  A new instance of Base.

• #revoke! ⇒ Object

  Revokes the keys.

• #valid? ⇒ Boolean

  Returns true if the generated keys are valid by checking the key index and then checking the pemfile against the crt file.

Constructor Details

#initialize(name, props) ⇒ Base

Returns a new instance of Base.

# File 'lib/net/openvpn/generators/keys/base.rb', line 6

def initialize(name, props)
  @name = name
  @props = Openvpn.props.merge props
  @props[:key_cn] = @name
  @key_dir = Directory.new(@props)

  Properties.validate! @props
end

Instance Method Details

#exist? ⇒ Boolean

Returns true if all the generated keys exist or false if not

Returns:

• (Boolean)

# File 'lib/net/openvpn/generators/keys/base.rb', line 20

def exist?
  filepaths.each do |file|
    return false if !File.exist? file
  end
  true
end

#generate ⇒ Object

Raises:

• (NotImplementedError)

# File 'lib/net/openvpn/generators/keys/base.rb', line 15

def generate
  raise NotImplementedError
end

#revoke! ⇒ Object

Revokes the keys

Returns true if the keys were revoked or false if the keys do not exist or are not valid

raises ‘Net::Openvpn::Errors::CertificateRevocation` if the key failed to be revoked

# File 'lib/net/openvpn/generators/keys/base.rb', line 53

def revoke!
  return false unless exist? and valid?

  FileUtils.cd(Openvpn.props[:easy_rsa]) do
    output = %x[#{cli_prop_vars} ./revoke-full #{@name}]
    raise Errors::CertificateRevocation, "Revoke command failed" if !output.include? "error 23" # error 23 means key was revoked
  end

  !valid? or raise Errors::CertificateRevocation, "Certificates were still valid after being revoked"

  true
end

#valid? ⇒ Boolean

Returns true if the generated keys are valid by checking the key index and then checking the pemfile against the crt file.

Returns:

• (Boolean)

# File 'lib/net/openvpn/generators/keys/base.rb', line 30

def valid?
  # read the index file
  m = File.read(Openvpn.props[:key_index]).match /^V.*CN=#{@name}.*$/

  return false if m.nil?

  # get the pem number and build the paths
  pem = m[0].split("\t")[3]
  pem_path = "#{Openvpn.props[:key_dir]}/#{pem}.pem"
  crt_path = "#{Openvpn.props[:key_dir]}/#{@name}.crt"

  # Check the pem against the current cert for the name
  File.read(pem_path) == File.read(crt_path)
end