From fd2b3403b5b2e1c2b3b59f03568da36e5b0386e6 Mon Sep 17 00:00:00 2001
From: Christian Poessinger <christian@poessinger.com>
Date: Sat, 30 Jan 2021 15:58:17 +0100
Subject: Testsuite: generate required OpenVPN key(s)

Now all the loaded configs will support OpenVPN based interfaces, too.
All required keys are now generated so the loaded configurations can use:

- /config/auth/ovpn_test_ca.pem
- /config/auth/ovpn_test_server.pem
- /config/auth/ovpn_test_server.key
- /config/auth/ovpn_test_dh.pem
- /config/auth/ovpn_test_site2site.key
- /config/auth/ovpn_test_tls_auth.key

(cherry picked from commit 08d6937f9cbca47b0506086002401baebd021e16)
---
 scripts/check-qemu-install | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)

(limited to 'scripts')

diff --git a/scripts/check-qemu-install b/scripts/check-qemu-install
index aa65740f..b28c000f 100755
--- a/scripts/check-qemu-install
+++ b/scripts/check-qemu-install
@@ -354,6 +354,32 @@ try:
         c.sendline('generate wireguard default-keypair')
         c.expect(r'vyos@vyos:~\$')
 
+        log.info('Generating some OpenVPN keys')
+        subject = '/C=DE/ST=BY/O=VyOS/localityName=Cloud/commonName=vyos/' \
+                  'organizationalUnitName=VyOS/emailAddress=maintainers@vyos.io/'
+        ca_cert  = '/config/auth/ovpn_test_ca.pem'
+        ssl_cert = '/config/auth/ovpn_test_server.pem'
+        ssl_key  = '/config/auth/ovpn_test_server.key'
+        dh_pem   = '/config/auth/ovpn_test_dh.pem'
+        s2s_key  = '/config/auth/ovpn_test_site2site.key'
+        auth_key = '/config/auth/ovpn_test_tls_auth.key'
+
+        c.sendline(f'openssl req -newkey rsa:4096 -new -nodes -x509 -days 3650 '\
+                   f'-keyout {ssl_key} -out {ssl_cert} -subj {subject}')
+        c.expect(r'vyos@vyos:~\$', timeout=600)
+        c.sendline(f'openssl req -new -x509 -key {ssl_key} -out {ca_cert} -subj {subject}')
+        c.expect(r'vyos@vyos:~\$', timeout=600)
+        c.sendline(f'openssl dhparam -out {dh_pem} 2048')
+        c.expect(r'vyos@vyos:~\$', timeout=600)
+        c.sendline(f'openvpn --genkey --secret {s2s_key}')
+        c.expect(r'vyos@vyos:~\$', timeout=600)
+        c.sendline(f'openvpn --genkey --secret {auth_key}')
+        c.expect(r'vyos@vyos:~\$', timeout=600)
+
+        for file in [ca_cert, ssl_cert, ssl_key, dh_pem, s2s_key, auth_key]:
+            c.sendline(f'sudo chown openvpn:openvpn {file}')
+            c.expect(r'vyos@vyos:~\$')
+
         log.info('Executing load config tests')
         c.sendline('/usr/bin/vyos-configtest')
         i = c.expect(['\n +Invalid command:', 'No such file or directory',
-- 
cgit v1.2.3