pki: openvpn: T3642: Migrate OpenVPN to PKI and refactor

2 files changed, 34 insertions, 0 deletions

diff --git a/python/vyos/pki.py b/python/vyos/pki.py
index 1c6282d84..68ad73bf2 100644
--- a/python/vyos/pki.py
+++ b/python/vyos/pki.py
@@ -43,6 +43,8 @@ CSR_BEGIN='-----BEGIN CERTIFICATE REQUEST-----\n'
 CSR_END='\n-----END CERTIFICATE REQUEST-----'
 DH_BEGIN='-----BEGIN DH PARAMETERS-----\n'
 DH_END='\n-----END DH PARAMETERS-----'
+OVPN_BEGIN = '-----BEGIN OpenVPN Static key V{0}-----\n'
+OVPN_END = '\n-----END OpenVPN Static key V{0}-----'
 
 # Print functions
 
@@ -227,6 +229,9 @@ def wrap_crl(raw_data):
 def wrap_dh_parameters(raw_data):
     return DH_BEGIN + raw_data + DH_END
 
+def wrap_openvpn_key(raw_data, version='1'):
+    return OVPN_BEGIN.format(version) + raw_data + OVPN_END.format(version)
+
 # Load functions
 
 def load_public_key(raw_data, wrap_tags=True):
diff --git a/python/vyos/template.py b/python/vyos/template.py
index 0d2bd39e7..6902d3720 100644
--- a/python/vyos/template.py
+++ b/python/vyos/template.py
@@ -439,3 +439,32 @@ def get_uuid(interface):
     """ Get interface IP addresses"""
     from uuid import uuid1
     return uuid1()
+
+openvpn_translate = {
+    'des': 'des-cbc',
+    '3des': 'des-ede3-cbc',
+    'bf128': 'bf-cbc',
+    'bf256': 'bf-cbc',
+    'aes128gcm': 'aes-128-gcm',
+    'aes128': 'aes-128-cbc',
+    'aes192gcm': 'aes-192-gcm',
+    'aes192': 'aes-192-cbc',
+    'aes256gcm': 'aes-256-gcm',
+    'aes256': 'aes-256-cbc'
+}
+
+@register_filter('openvpn_cipher')
+def get_openvpn_cipher(cipher):
+    if cipher in openvpn_translate:
+        return openvpn_translate[cipher].upper()
+    return cipher.upper()
+
+@register_filter('openvpn_ncp_ciphers')
+def get_openvpn_ncp_ciphers(ciphers):
+    out = []
+    for cipher in ciphers:
+        if cipher in openvpn_translate:
+            out.append(openvpn_translate[cipher])
+        else:
+            out.append(cipher)
+    return ':'.join(out).upper()