easyrsa 0.8.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 9ada5a7e2f566650ae8026337014a26b49edbdab
+  data.tar.gz: 65e56567acfec259aaa97c4316ce120e6efeea02
+SHA512:
+  metadata.gz: 4f6cd1854b8cf83e0eff3b076949fc2749356b8f59c0be413cc29bc1ce376d685f66d6dff8333c126692f0ff7f1629d93d9b2cab68b1bca4bb525ed5813bc2d1
+  data.tar.gz: 7a03dc59b07b8b892870f358c00f8a6f2732f04738e089e502f3ca73a816074c4ee991b16394c959d4863bfa0374292a320f84d5506b5d10c827cba364c7fa90

data/.gitignore

@@ -0,0 +1,4 @@
+/.bundle/
+/vendor/
+Gemfile.lock
+*.gem

data/.rock.yml

@@ -0,0 +1,5 @@
+runtime: ruby21
+build_gem: |
+  rm -rf *.gem
+  gem build easyrsa.gemspec
+  gem push *.gem

data/Gemfile

@@ -0,0 +1,3 @@
+source 'https://rubygems.org'
+
+gemspec

data/LICENSE.txt

@@ -0,0 +1,22 @@
+Copyright (c) 2015 Mike Mackintosh
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/Rakefile

@@ -0,0 +1,17 @@
+#encoding: utf-8 
+require "bundler/gem_tasks"
+require 'rspec/core/rake_task'
+
+task default: :test
+
+RSpec::Core::RakeTask.new do |spec|
+  spec.verbose = false
+  spec.pattern = './spec/{*/**/}*_spec.rb'
+end
+
+task :test do
+  ENV['RACK_ENV'] = 'test'
+
+  require './spec/spec_helper'
+  Rake::Task['spec'].invoke
+end

data/easyrsa.gemspec

@@ -0,0 +1,34 @@
+# Created by hand, like a real man
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'easyrsa/version'
+
+Gem::Specification.new do |s|
+
+  s.name        = 'easyrsa'
+  s.version     = EasyRSA::VERSION
+  s.date        = '2015-04-07'
+  s.summary     = "EasyRSA interface for generating OpenVPN certificates"
+  s.description = "Easily generate OpenVPN certificates without needing the easyrsa packaged scripts"
+  s.authors     = ["Mike Mackintosh"]
+  s.email       = 'm@zyp.io'
+  s.homepage    =
+    'http://github.com/mikemackintosh/ruby-easyrsa'
+
+  s.license       = 'MIT'
+  
+  s.require_paths = ["lib"]
+  s.files         = `git ls-files -z`.split("\x0")
+  s.executables   = s.files.grep(%r{^bin/}) { |f| File.basename(f) }
+  s.test_files    = s.files.grep(%r{^(test|spec|features)/})
+
+  s.add_dependency 'openssl'
+  s.add_dependency 'fattr'
+
+  s.add_development_dependency "bundler"
+  s.add_development_dependency "rake"
+  s.add_development_dependency "rspec"
+  s.add_development_dependency "webmock"
+
+end

data/lib/easyrsa.rb

@@ -0,0 +1,24 @@
+require 'openssl'
+require 'fattr'
+
+require 'easyrsa/version'
+require 'easyrsa/config'
+require 'easyrsa/certificate'
+
+module EasyRSA
+
+  extend self
+
+  def configure
+    block_given? ? yield(Config) : Config
+    %w(email server country city company orgunit).each do |key|
+      if EasyRSA::Config.instance_variable_get("@#{key}").nil?
+        raise EasyRSA::Config::RequiredOptionMissing,
+          "Configuration parameter missing: '#{key}'. " +
+          "Please add it to the EasyRSA.configure block"
+      end
+    end
+  end
+  alias_method :config, :configure
+
+end

data/lib/easyrsa/certificate.rb

@@ -0,0 +1,136 @@
+module EasyRSA
+  class Certificate
+
+    class UnableToReadCACert < RuntimeError ; end
+    class UnableToReadCAKey < RuntimeError ; end
+    class BitLengthToWeak < RuntimeError ; end
+    class MissingParameter < RuntimeError ; end
+
+    def initialize(ca_crt, ca_key, id=nil, email=nil, bits=4096, &block)
+
+      # ID to generate cert for
+      if id.eql? nil
+        raise EasyRSA::Certificate::MissingParameter,
+          "Please provide an 'id', also known as a subject, for the certificates' CN field."
+      end
+      @id = id
+
+       # ID to generate cert for
+      if email.eql? nil
+        raise EasyRSA::Certificate::MissingParameter,
+          "Please provide an 'email', also known as a subject, for the certificates' emailAddress field."
+      end
+      @email = email
+
+      # Validate the existence of the ca_cert file
+      unless File.exist? ca_crt
+        raise EasyRSA::Certificate::UnableToReadCACert,
+          "Certificate Authority Certificate does not exist or is not readable: '#{ca_crt}'. " +
+          "Please check it's existence and permissions"
+      end
+      @ca_cert = OpenSSL::X509::Certificate.new File.read ca_crt
+
+      # Validate the existence of the ca_key file
+      unless File.exist? ca_key
+        raise EasyRSA::Certificate::UnableToReadCAKey,
+          "Certificate Authority Key does not exist or is not readable: '#{ca_key}'. " +
+          "Please check it's existence and permissions"
+      end
+      @ca_key = OpenSSL::PKey::RSA.new File.read ca_key
+      
+      # Generate Private Key and new Certificate
+      if bits < 2048
+        raise EasyRSA::Certificate::BitLengthToWeak,
+          "Please select a bit length greater than 2048. Default is 4096. You chose '#{bits}'"
+      end      
+      @key = OpenSSL::PKey::RSA.new(bits)
+
+      # Instantiate a new certificate
+      @cert = OpenSSL::X509::Certificate.new
+
+      # This cert should never be valid before now
+      @cert.not_before = Time.now
+
+      # Set it to version
+      @cert.version = 2     
+
+      instance_eval(&block) if block_given?
+    end
+
+    def generate(validfor=10)
+  
+      # Set the expiration date
+      @cert.not_after = years_from_now(validfor)
+
+      # Add the public key
+      @cert.public_key = @key.public_key
+
+      # Generate and assign the serial
+      @cert.serial = gen_serial
+      
+      # Generate subject
+      gen_subject
+
+      # Generate issuer
+      gen_issuer
+
+      # Add extensions
+      add_extensions
+
+      # Sign the cert
+      sign_cert_with_ca
+
+      { key: @key.to_pem, crt: @cert.to_pem }
+
+    end
+
+    private
+
+      # Cert subject for End-User
+      def gen_subject
+        @cert.subject = OpenSSL::X509::Name.parse("/C=#{EasyRSA::Config.country}/" \
+          "L=#{EasyRSA::Config.city}/O=#{EasyRSA::Config.company}/OU=#{EasyRSA::Config.orgunit}/CN=#{@id}/" \
+          "name=#{@id}/emailAddress=#{@email}")
+      end
+     
+      # Cert issuer details
+      def gen_issuer
+        @cert.issuer = OpenSSL::X509::Name.parse("/C=#{EasyRSA::Config.country}/" \
+          "L=#{EasyRSA::Config.city}/O=#{EasyRSA::Config.company}/OU=#{EasyRSA::Config.orgunit}/" \
+          "CN=#{EasyRSA::Config.server}/name=#{EasyRSA::Config.orgunit}/" \
+          "emailAddress=#{EasyRSA::Config.email}")
+      end
+
+      def add_extensions
+        ef = OpenSSL::X509::ExtensionFactory.new
+        ef.subject_certificate = @cert
+        ef.issuer_certificate = @ca_cert
+
+        @cert.extensions = [
+          ef.create_extension('basicConstraints', 'CA:FALSE'),
+          ef.create_extension('nsCertType', 'client, objsign'),
+          ef.create_extension('nsComment', 'Easy-RSA Generated Certificate'),
+          ef.create_extension('subjectKeyIdentifier', 'hash'),
+          ef.create_extension('extendedKeyUsage', 'clientAuth'),
+          ef.create_extension('keyUsage', 'digitalSignature')
+        ]
+
+        @cert.add_extension ef.create_extension('authorityKeyIdentifier',
+                                                'keyid,issuer:always')
+      end
+
+      def gen_serial
+        # Must always be unique, so we do date and @id's chars
+        "#{Time.now.strftime("%Y%m%d%H%M%S")}#{@id.unpack('c*').join.to_i}".to_i
+      end
+
+      def years_from_now(i = 10)
+        Time.now + i * 365 * 24 * 60 * 60
+      end
+
+      def sign_cert_with_ca
+        @cert.sign @ca_key, OpenSSL::Digest::SHA256.new
+      end
+
+  end
+end

data/lib/easyrsa/config.rb

@@ -0,0 +1,37 @@
+module EasyRSA
+  module Config
+
+    class RequiredOptionMissing < RuntimeError ; end
+    
+    extend self
+
+    attr_accessor :email, :server, :country, :city, :company, :orgunit
+
+    # Configure easyrsa from a hash. This is usually called after parsing a
+    # yaml config file such as easyrsa.yaml.
+    #
+    # @example Configure easyrsa.
+    #   config.from_hash({})
+    #
+    # @param [ Hash ] options The settings to use.
+    def from_hash(options = {})
+      options.each_pair do |name, value|
+        send("#{name}=", value) if respond_to?("#{name}=")
+      end
+    end
+
+    # Load the settings from a compliant easyrsa.yml file. This can be used for
+    # easy setup with frameworks other than Rails.
+    #
+    # @example Configure easyrsa.
+    #   easyrsa.load!("/path/to/easyrsa.yml")
+    #
+    # @param [ String ] path The path to the file.
+    def load!(path)
+      settings = YAML.load(ERB.new(File.new(path).read).result)
+      if settings.present?
+        from_hash(settings)
+      end
+    end
+  end
+end

data/lib/easyrsa/version.rb

@@ -0,0 +1,3 @@
+module EasyRSA
+  VERSION = '0.8.0'
+end

data/spec/cacert.pem

@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC4TCCAkqgAwIBAgIJANYWnRgYyYmsMA0GCSqGSIb3DQEBBQUAMFUxCzAJBgNV
+BAYTAlVTMREwDwYDVQQIEwhOZXcgWW9yazEYMBYGA1UEChMPTWlrZSBNYWNraW50
+b3NoMRkwFwYDVQQLExBSdWJ5IEVhc3lSU0EgR2VtMB4XDTE1MDQwODAzMjYxOVoX
+DTI1MDQwNTAzMjYxOVowVTELMAkGA1UEBhMCVVMxETAPBgNVBAgTCE5ldyBZb3Jr
+MRgwFgYDVQQKEw9NaWtlIE1hY2tpbnRvc2gxGTAXBgNVBAsTEFJ1YnkgRWFzeVJT
+QSBHZW0wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANN0bDqnyWMKNsLgC9Sf
+QW/3mZHrAnuptkYaGcj3b3MHqVbtijYyCD9EtbSsFKftFjJeXNJiRQuWTvEfGl2C
+c8wZMDfrA19TpXyfeLYOFfnZb1U3TK1a6tDvrHjbhhiPAQDTfS1mr9bgeac40EiJ
+kYtptF4vcphyCOUC2QOi/nhZAgMBAAGjgbgwgbUwHQYDVR0OBBYEFAJpK6ilbgsM
+NM38fl/HSlCBr9njMIGFBgNVHSMEfjB8gBQCaSuopW4LDDTN/H5fx0pQga/Z46FZ
+pFcwVTELMAkGA1UEBhMCVVMxETAPBgNVBAgTCE5ldyBZb3JrMRgwFgYDVQQKEw9N
+aWtlIE1hY2tpbnRvc2gxGTAXBgNVBAsTEFJ1YnkgRWFzeVJTQSBHZW2CCQDWFp0Y
+GMmJrDAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAHOVU2vP1a+E/DOf
+Jy0UUTuK5hPO1IaT1byN5rWaTFRftpHLsFLnZLTeJkXKd7IcYkwvRFYmUHDHlm7O
+4WQiErwmstW967IZbCuUoYKYBEtFlGGzoy2tHdhPVCT8egjqQMs99HaMObNa3kgh
+UMxNUqagZQTruqWTDUOXycX/7QXA
+-----END CERTIFICATE-----

data/spec/cakey.pem

@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXAIBAAKBgQDTdGw6p8ljCjbC4AvUn0Fv95mR6wJ7qbZGGhnI929zB6lW7Yo2
+Mgg/RLW0rBSn7RYyXlzSYkULlk7xHxpdgnPMGTA36wNfU6V8n3i2DhX52W9VN0yt
+WurQ76x424YYjwEA030tZq/W4HmnONBIiZGLabReL3KYcgjlAtkDov54WQIDAQAB
+AoGAB6c7E5RnEZKZEMyTIQryj17izAk5echWtIrVTBTIj91DH8ZRLkz5R3DxMqzX
+wowuNXx815B+90BlcwyxI5lJH5Ug5ClUDUhATsrLEnGR+Eg5NLG5K4oXgnQUGTN7
+t7MKVUTzRWPc8p9V9Z7asIOMXax+cyaEGVixz9JJfYP8pEECQQDuleHAjZtWA/X/
+UhOY3RjYdSSsb5MkDtpPo5WovAgH/7Ek6hx90/FKw5YynGTeskqDvlXlLEMKT1Cl
+9s05kCq1AkEA4uOWQAWsNuA54SMMJ+cWTF1h30a7wD5VNmx5C2e5dRX/5Oknc512
+m0Ky0zpu3bfWLL8+lJvTYHoQQD/p10hJlQJBAOptlUvJGGeVLsK4WA8suDwAJo/U
+dgTJH1N/Tg9k6pNJdzrpWiN8/CtVMSD7sNVs5HC8tdOgASOBOaJJde9oq70CQGp/
+fUUr5HwVn9VniAsq0zKhGpGdN/+ywni7Tc3msAyfeO/P6O7B2KxkEGBJq0RzSBrU
+4eELi5pbcUlXNsIQckkCQCVQSfWFNkgax/tHFSALdOUkZl+Gy84bGmXPgw4TzQTr
+49egzjRvMks+Ej0vO1m8+Zff+9s8qPpeiQI78aY4VLI=
+-----END RSA PRIVATE KEY-----

data/spec/easyrsa/01_config_spec.rb

@@ -0,0 +1,35 @@
+require File.join(File.dirname(__FILE__), '..', 'spec_helper')
+
+describe EasyRSA::Config, 'Should' do
+  include_context "shared environment"
+
+  it 'throw error when missing required configure parameters' do
+
+    expect {
+      EasyRSA.configure do |issuer|
+        issuer.email = @email
+        issuer.server = @server
+        issuer.city = @city
+        issuer.company = @company
+        issuer.orgunit = @orgunit
+      end
+    }.to raise_error(EasyRSA::Config::RequiredOptionMissing)
+
+  end
+
+  it 'configure correctly' do
+
+    expect {
+      EasyRSA.configure do |issuer|
+        issuer.email = @email
+        issuer.server = @server
+        issuer.country = @country
+        issuer.city = @city
+        issuer.company = @company
+        issuer.orgunit = @orgunit
+      end
+    }.not_to raise_error
+
+  end
+
+end

data/spec/easyrsa/02_certificate_spec.rb

@@ -0,0 +1,76 @@
+require File.join(File.dirname(__FILE__), '..', 'spec_helper')
+
+describe EasyRSA::Certificate, 'Should' do
+  include_context "shared environment"
+
+  before do
+    EasyRSA.configure do |issuer|
+      issuer.email = @email
+      issuer.server = @server
+      issuer.country = @country
+      issuer.city = @city
+      issuer.company = @company
+      issuer.orgunit = @orgunit
+    end
+  end
+
+  it 'throw error when arguments are missing' do
+
+    expect {
+      EasyRSA::Certificate.new('ca.crt', 'ca.key')
+    }.to raise_error(EasyRSA::Certificate::MissingParameter)
+
+  end
+
+  it 'throw error when invalid ca cert is passed' do
+
+    expect {
+      EasyRSA::Certificate.new('ca.crt', 'ca.key', 'blah', 'blah@blah')
+    }.to raise_error(EasyRSA::Certificate::UnableToReadCACert)
+
+  end
+
+  it 'throw error when invalid ca key is passed' do
+
+    expect {
+      EasyRSA::Certificate.new('ca.crt', 'ca.key', 'blah', 'blah@blah')
+    }.to raise_error(EasyRSA::Certificate::UnableToReadCACert)
+
+  end
+
+  it 'throw error when invalid ca key is passed' do
+
+    expect {
+      EasyRSA::Certificate.new(@ca_cert, @ca_key, 'blah', 'blah@blah', 512)
+    }.to raise_error(EasyRSA::Certificate::BitLengthToWeak)
+
+  end
+
+  it 'return keys successfully' do
+
+    easyrsa = EasyRSA::Certificate.new(@ca_cert, @ca_key, 'mike', 'mike@ruby-easyrsa.gem')
+    g = easyrsa.generate
+
+    expect(g[:key]).to include('BEGIN RSA PRIVATE KEY')
+    expect(g[:crt]).to include('BEGIN CERTIFICATE')    
+
+  end
+
+
+  it 'return successful in a block as well' do
+    g = {}
+    EasyRSA::Certificate.new(@ca_cert, @ca_key, 'mike', 'mike@ruby-easyrsa.gem') do |c|
+      c.generate.each do |k, v|
+        g[k] = v
+      end
+    end
+
+    expect(g[:key]).to include('BEGIN RSA PRIVATE KEY')
+    expect(g[:crt]).to include('BEGIN CERTIFICATE')    
+
+  end
+
+end
+
+@client_id = "sexyhorse"
+    @client_email = "sexyhorse@zyp.io"

data/spec/spec_helper.rb

@@ -0,0 +1,36 @@
+require 'rspec/core'
+
+require File.join(File.dirname(__FILE__), '..', 'lib', 'easyrsa')
+
+# Create the share API context
+# so we can pass stuff between
+# the different tests
+RSpec.shared_context "shared environment", :a => :b do
+
+  before(:all) do
+
+    @email = 'm@zyp.io'
+    @server = 'easyrsa-gem-test'
+    @country = 'US'
+    @city = 'New York'
+    @company = 'Mike Mackintosh'
+    @orgunit = 'EasyRSA Gem Test'
+
+    @ca_key = File.join(File.dirname(__FILE__), 'cakey.pem')
+    @ca_key_pass = 'aaaa'
+    @ca_cert = File.join(File.dirname(__FILE__), 'cacert.pem')
+
+    @client_id = "sexyhorse"
+    @client_email = "sexyhorse@zyp.io"
+
+  end
+
+end
+
+# Seems to run tests more than once if we do RSpec.configure more than once
+#unless RSpec.configuration.color_enabled == true
+  RSpec.configure do |config|
+    config.color = true
+    config.formatter = :documentation
+  end
+#end

metadata

@@ -0,0 +1,148 @@
+--- !ruby/object:Gem::Specification
+name: easyrsa
+version: !ruby/object:Gem::Version
+  version: 0.8.0
+platform: ruby
+authors:
+- Mike Mackintosh
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2015-04-07 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: openssl
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: fattr
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: webmock
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+description: Easily generate OpenVPN certificates without needing the easyrsa packaged
+  scripts
+email: m@zyp.io
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- .gitignore
+- .rock.yml
+- Gemfile
+- LICENSE.txt
+- Rakefile
+- easyrsa.gemspec
+- lib/easyrsa.rb
+- lib/easyrsa/certificate.rb
+- lib/easyrsa/config.rb
+- lib/easyrsa/version.rb
+- spec/cacert.pem
+- spec/cakey.pem
+- spec/easyrsa/01_config_spec.rb
+- spec/easyrsa/02_certificate_spec.rb
+- spec/spec_helper.rb
+homepage: http://github.com/mikemackintosh/ruby-easyrsa
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.0.14
+signing_key: 
+specification_version: 4
+summary: EasyRSA interface for generating OpenVPN certificates
+test_files:
+- spec/cacert.pem
+- spec/cakey.pem
+- spec/easyrsa/01_config_spec.rb
+- spec/easyrsa/02_certificate_spec.rb
+- spec/spec_helper.rb