diff options
Diffstat (limited to 'smoketest/scripts/cli/test_vpn_openconnect.py')
-rwxr-xr-x | smoketest/scripts/cli/test_vpn_openconnect.py | 34 |
1 files changed, 27 insertions, 7 deletions
diff --git a/smoketest/scripts/cli/test_vpn_openconnect.py b/smoketest/scripts/cli/test_vpn_openconnect.py index 492d01c4d..ccac0820d 100755 --- a/smoketest/scripts/cli/test_vpn_openconnect.py +++ b/smoketest/scripts/cli/test_vpn_openconnect.py @@ -17,13 +17,16 @@ import unittest from base_vyostest_shim import VyOSUnitTestSHIM - from vyos.util import process_named_running +from vyos.util import cmd +from os import path, mkdir OCSERV_CONF = '/run/ocserv/ocserv.conf' -base_path = ['vpn', 'openconnect'] -cert = '/etc/ssl/certs/ssl-cert-snakeoil.pem' -cert_key = '/etc/ssl/private/ssl-cert-snakeoil.key' +base_path = ['vpn', 'openconnect'] +cert_dir = '/config/auth/' +ca_cert = f'{cert_dir}ca.crt' +ssl_cert = f'{cert_dir}server.crt' +ssl_key = f'{cert_dir}server.key' class TestVpnOpenconnect(VyOSUnitTestSHIM.TestCase): def tearDown(self): @@ -38,9 +41,9 @@ class TestVpnOpenconnect(VyOSUnitTestSHIM.TestCase): self.cli_set(base_path + ["authentication", "local-users", "username", user, "password", password]) self.cli_set(base_path + ["authentication", "mode", "local"]) self.cli_set(base_path + ["network-settings", "client-ip-settings", "subnet", "192.0.2.0/24"]) - self.cli_set(base_path + ["ssl", "ca-cert-file", cert]) - self.cli_set(base_path + ["ssl", "cert-file", cert]) - self.cli_set(base_path + ["ssl", "key-file", cert_key]) + self.cli_set(base_path + ["ssl", "ca-cert-file", ca_cert]) + self.cli_set(base_path + ["ssl", "cert-file", ssl_cert]) + self.cli_set(base_path + ["ssl", "key-file", ssl_key]) self.cli_commit() @@ -48,4 +51,21 @@ class TestVpnOpenconnect(VyOSUnitTestSHIM.TestCase): self.assertTrue(process_named_running('ocserv-main')) if __name__ == '__main__': + if not path.exists(cert_dir): + mkdir(cert_dir) + + # Our SSL certificates need a subject ... + subject = '/C=DE/ST=BY/O=VyOS/localityName=Cloud/commonName=vyos/' \ + 'organizationalUnitName=VyOS/emailAddress=maintainers@vyos.io/' + + # Generate mandatory SSL certificate + tmp = f'openssl req -newkey rsa:4096 -new -nodes -x509 -days 3650 '\ + f'-keyout {ssl_key} -out {ssl_cert} -subj {subject}' + cmd(tmp) + + # Generate "CA" + tmp = f'openssl req -new -x509 -key {ssl_key} -out {ca_cert} '\ + f'-subj {subject}' + cmd(tmp) + unittest.main(verbosity=2) |