class OpenvpnPlugin::OpenvpnUserRevoke

Public Instance Methods

add_user_to_crl(ca_cert, ca_key, old_crl, revoke_info) click to toggle source
# File lib/chef/knife/openvpn.rb, line 497
def add_user_to_crl(ca_cert, ca_key, old_crl, revoke_info)
  new_crl = issue_crl(revoke_info, old_crl.version + 1, Time.at(Time.now.to_i), Time.at(Time.now.to_i) + 3600, [], ca_cert, ca_key, OpenSSL::Digest::SHA256.new)
  new_crl
end
check_arguments() click to toggle source
# File lib/chef/knife/openvpn.rb, line 502
def check_arguments
  unless name_args.size == 2
    fail_with 'Specify SERVERNAME and USERNAME for existing openvpn user!'
  end
end
revoke_user(server_name, user_name) click to toggle source
# File lib/chef/knife/openvpn.rb, line 475
def revoke_user(server_name, user_name)
  now = Time.at(Time.now.to_i)
  databag_name = get_databag_name server_name
  ca_item = load_databag_item(databag_name, 'openvpn-ca')
  ca_cert, ca_key = load_cert_and_key ca_item['cert'], ca_item['key']
  begin
    crl_item = load_databag_item(databag_name, 'openvpn-crl')
    old_crl = OpenSSL::X509::CRL.new crl_item['crl']
    revoke_info = crl_item['revoke_info']
  rescue
    old_crl = issue_crl([], 1, now, now + 3600, [], ca_cert, ca_key, OpenSSL::Digest::SHA256.new)
    revoke_info = []
  end
  user_item = load_databag_item(databag_name, user_name)
  user_cert, _user_key = load_cert_and_key user_item['cert'], user_item['key'], config[:force]
  user_revoke_info = [[user_cert.serial, now, 0]]
  new_revoke_info = revoke_info + user_revoke_info
  new_crl = add_user_to_crl ca_cert, ca_key, old_crl, new_revoke_info
  save_databag_item('openvpn-crl', server_name, { 'crl' => new_crl.to_pem, 'revoke_info' => new_revoke_info }, true)
  ui.info "revoked #{user_name}, do not forget to upload CRL databag item"
end
run() click to toggle source
# File lib/chef/knife/openvpn.rb, line 466
def run
  check_arguments
  server_name = name_args[0]
  user_name = name_args[1]
  check_existing_databag server_name, false
  check_databag_secret
  revoke_user server_name, user_name
end