summaryrefslogtreecommitdiff
path: root/smoketest/scripts/cli/test_vpn_openconnect.py
diff options
context:
space:
mode:
Diffstat (limited to 'smoketest/scripts/cli/test_vpn_openconnect.py')
-rwxr-xr-xsmoketest/scripts/cli/test_vpn_openconnect.py34
1 files changed, 27 insertions, 7 deletions
diff --git a/smoketest/scripts/cli/test_vpn_openconnect.py b/smoketest/scripts/cli/test_vpn_openconnect.py
index 492d01c4d..ccac0820d 100755
--- a/smoketest/scripts/cli/test_vpn_openconnect.py
+++ b/smoketest/scripts/cli/test_vpn_openconnect.py
@@ -17,13 +17,16 @@
import unittest
from base_vyostest_shim import VyOSUnitTestSHIM
-
from vyos.util import process_named_running
+from vyos.util import cmd
+from os import path, mkdir
OCSERV_CONF = '/run/ocserv/ocserv.conf'
-base_path = ['vpn', 'openconnect']
-cert = '/etc/ssl/certs/ssl-cert-snakeoil.pem'
-cert_key = '/etc/ssl/private/ssl-cert-snakeoil.key'
+base_path = ['vpn', 'openconnect']
+cert_dir = '/config/auth/'
+ca_cert = f'{cert_dir}ca.crt'
+ssl_cert = f'{cert_dir}server.crt'
+ssl_key = f'{cert_dir}server.key'
class TestVpnOpenconnect(VyOSUnitTestSHIM.TestCase):
def tearDown(self):
@@ -38,9 +41,9 @@ class TestVpnOpenconnect(VyOSUnitTestSHIM.TestCase):
self.cli_set(base_path + ["authentication", "local-users", "username", user, "password", password])
self.cli_set(base_path + ["authentication", "mode", "local"])
self.cli_set(base_path + ["network-settings", "client-ip-settings", "subnet", "192.0.2.0/24"])
- self.cli_set(base_path + ["ssl", "ca-cert-file", cert])
- self.cli_set(base_path + ["ssl", "cert-file", cert])
- self.cli_set(base_path + ["ssl", "key-file", cert_key])
+ self.cli_set(base_path + ["ssl", "ca-cert-file", ca_cert])
+ self.cli_set(base_path + ["ssl", "cert-file", ssl_cert])
+ self.cli_set(base_path + ["ssl", "key-file", ssl_key])
self.cli_commit()
@@ -48,4 +51,21 @@ class TestVpnOpenconnect(VyOSUnitTestSHIM.TestCase):
self.assertTrue(process_named_running('ocserv-main'))
if __name__ == '__main__':
+ if not path.exists(cert_dir):
+ mkdir(cert_dir)
+
+ # Our SSL certificates need a subject ...
+ subject = '/C=DE/ST=BY/O=VyOS/localityName=Cloud/commonName=vyos/' \
+ 'organizationalUnitName=VyOS/emailAddress=maintainers@vyos.io/'
+
+ # Generate mandatory SSL certificate
+ tmp = f'openssl req -newkey rsa:4096 -new -nodes -x509 -days 3650 '\
+ f'-keyout {ssl_key} -out {ssl_cert} -subj {subject}'
+ cmd(tmp)
+
+ # Generate "CA"
+ tmp = f'openssl req -new -x509 -key {ssl_key} -out {ca_cert} '\
+ f'-subj {subject}'
+ cmd(tmp)
+
unittest.main(verbosity=2)