net-openvpn 0.8 → 0.8.7

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 160d6e02e9cd14fa4f008f6a606ec2108a29cc55
-  data.tar.gz: 6b170ccc82aec4b434f689e65774b45210f77817
+  metadata.gz: 633bb26e297d2b0e773773ad7fb82dfb9a832789
+  data.tar.gz: ab2732d96900e530d1ba279dccafcfb66a864700
 SHA512:
-  metadata.gz: 103124d60d54401a50f90ee13960edaf26b64f416a81f6851d70f0c09736a1849b2bb279ebd92cb8523542e3501d6c491c0135481cf4a534f505e67b48f198ce
-  data.tar.gz: c8b78600a977150ecd8a5376f20d6e8bb32b0c8ba0314831f8403bc68698252f4a9a705ab05eb1d10c71998a32bff90b5ec44fdce56bb4502c0c20920013900c
+  metadata.gz: 9f3315e63797e7deabc8a7dbb6e82e7ec61b9e54c7e87057ad9bddc45db982904978b8657f098233b958933d22710c54a34498e7b922d8e99a64be0e72803ff5
+  data.tar.gz: e98fac962d3b9bccc8faf0d1717937a2f448732e1c8704d30ad5a09566a3ae9aa5b578d9e897cd15e27edd0b2b91bbff99c6340a4e28c80dccdd969f718d4416

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    net-openvpn (0.8)
+    net-openvpn (0.8.7)
 
 GEM
   remote: https://rubygems.org/

data/README.md

@@ -4,6 +4,8 @@ Net-Openvpn is a gem for configuring a local OpenVPN installation.
 
 ## Requirements
 
+You will need these packages.
+
 * openvpn
 * easy-rsa
 
@@ -13,9 +15,25 @@ You can install these on Debian based systems by running this command:
 apt-get install openvpn easy-rsa
 ```
 
+### Easy RSA
+
+Easy RSA is only needed for key generation, so if you are not doing any of that then you don't need to worry.
+
 Sometimes `easy-rsa` is packaged with `openvpn` so if you can't find the `easy-rsa` package anywhere have a
-look in `/usr/share/doc/openvpn/examples` for the `easy-rsa` folder.  Then you can just globally override 
-the property for `:easy_rsa`  (see below).
+look in `/usr/share/doc/openvpn/examples` for the `easy-rsa` folder.
+
+```sh
+sudo cp /usr/share/doc/openvpn/examples/easy-rsa/2.0 /usr/local/easy-rsa
+```
+
+You could also clone the `release/2.x` branch from the `easy-rsa` repo at `https://github.com/OpenVPN/easy-rsa.git` then copy the `easy-rsa/2.0` folder to wherever you want.
+
+```sh
+git clone https://github.com/OpenVPN/easy-rsa.git -b release/2.x
+sudo cp easy-rsa/easy-rsa/2.0 /usr/local/easy-rsa
+```
+
+Then you can just globally override the property for `:easy_rsa` to specify the location of the scripts folder (see below).
 
 ## Usage
 
@@ -193,7 +211,6 @@ ca.exist?
 
 This should generate the following files/folders:
 
-* /etc/openvpn/keys
 * /etc/openvpn/keys/ca.crt
 * /etc/openvpn/keys/ca.key
 * /etc/openvpn/keys/dh1024.pem
@@ -210,7 +227,6 @@ keys.valid?  # returns true if the keys are valid in the index
 
 This should generate the following files/folders:
 
-* /etc/openvpn/keys
 * /etc/openvpn/keys/swzvpn04.key
 * /etc/openvpn/keys/swzvpn04.crt
 
@@ -226,7 +242,6 @@ keys.valid?  # returns true if the keys are valid in the index
 
 This should generate the following files/folders:
 
-* /etc/openvpn/keys
 * /etc/openvpn/keys/fred.key
 * /etc/openvpn/keys/fred.crt
 
@@ -258,4 +273,4 @@ Then override the following properties in your `/etc/openvpn/props.yml` file:
 ---
 :key_dir_group: "openvpn"
 :key_dir_permission: 0700
-```
+```

data/lib/net/openvpn.rb

@@ -1,3 +1,4 @@
+require 'yaml'
 require 'fileutils'
 
 require 'net/openvpn/server'

data/lib/net/openvpn/generators/keys/base.rb

@@ -3,6 +3,8 @@ module Net
     module Generators
       module Keys
         class Base
+          attr_reader :props
+
           def initialize(name, props)
             @name = name
             @props = Openvpn.props.merge props
@@ -28,6 +30,8 @@ module Net
           # the key index and then checking the pemfile against the crt
           # file.
           def valid?
+            return false unless @key_dir.exist?
+
             # read the index file
             m = File.read(Openvpn.props[:key_index]).match /^V.*CN=#{@name}.*$/
 

data/lib/net/openvpn/generators/keys/client.rb

@@ -18,7 +18,7 @@ module Net
             @key_dir.exist?  or raise Errors::KeyGeneration, "Key directory has not been generated yet"
             Authority.exist? or raise Errors::KeyGeneration, "Certificate Authority has not been created"
 
-            revoke! if exist? and valid?
+            revoke! if valid?
 
             FileUtils.cd(@props[:easy_rsa]) do
               system "#{cli_prop_vars} ./pkitool #{@name}"
@@ -32,10 +32,15 @@ module Net
 
           # Returns an array containing the paths to the generated keys
           def filepaths
-            [
-              "#{@props[:key_dir]}/#{@name}.key",
-              "#{@props[:key_dir]}/#{@name}.crt"
-            ]
+            [ key, certificate ]
+          end
+
+          def certificate
+            "#{@props[:key_dir]}/#{@name}.crt"
+          end
+
+          def key
+            "#{@props[:key_dir]}/#{@name}.key"
           end
 
         end

data/lib/net/openvpn/generators/keys/server.rb

@@ -12,7 +12,7 @@ module Net
             @key_dir.exist?  or raise Errors::KeyGeneration, "Key directory has not been generated yet"
             Authority.exist? or raise Errors::KeyGeneration, "Certificate Authority has not been created"
             
-            revoke! if exist? and valid?
+            revoke! if valid?
 
             FileUtils.cd(@props[:easy_rsa]) do
               system "#{cli_prop_vars} ./pkitool --server #{@name}"
@@ -23,11 +23,17 @@ module Net
 
           end
 
+          # Returns an array containing the paths to the generated keys
           def filepaths
-            [
-              "#{@props[:key_dir]}/#{@name}.key",
-              "#{@props[:key_dir]}/#{@name}.crt"
-            ]
+            [ key, certificate ]
+          end
+
+          def certificate
+            "#{@props[:key_dir]}/#{@name}.crt"
+          end
+
+          def key
+            "#{@props[:key_dir]}/#{@name}.key"
           end
 
         end

data/lib/net/openvpn/version.rb

@@ -1,5 +1,5 @@
 module Net
   module Openvpn
-    VERSION = "0.8"
+    VERSION = "0.8.7"
   end
 end

data/spec/lib/net/openvpn/generators/keys/client_spec.rb

@@ -10,10 +10,18 @@ describe Net::Openvpn::Generators::Keys::Client do
   before(:each) { setup_filesystem(:tmp) }
   after(:each)  { destroy_filesystem(:tmp) }
 
+  it "should set the CN to the name" do
+    expect(client.props[:key_cn]).to eq name
+  end
+
   context "when a client has not been generated" do
     it "should not exist" do
       expect(client).to_not exist
-    end 
+    end
+
+    it "should not be valid" do
+      expect(client).to_not be_valid
+    end
   end
 
   context "when the key directory has not been generated" do
@@ -58,9 +66,7 @@ describe Net::Openvpn::Generators::Keys::Client do
       end
 
       context "and the client has been generated" do
-        before(:each) do
-          client.generate
-        end
+        before(:each) { client.generate }
 
         it "should exist" do
           expect(client).to exist
@@ -69,6 +75,20 @@ describe Net::Openvpn::Generators::Keys::Client do
         it "should be valid" do
           expect(client).to be_valid
         end
+
+        it "should allow revocation" do
+          expect(client.revoke!).to be_true
+          expect(client).to_not be_valid
+        end
+
+        context "and the common name was changed" do
+          let(:name) { "test2" }
+
+          it "should not be valid" do
+            puts client.props
+            expect(client).to_not be_valid
+          end
+        end
       end
     end
 

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: net-openvpn
 version: !ruby/object:Gem::Version
-  version: '0.8'
+  version: 0.8.7
 platform: ruby
 authors:
 - Robert McLeod