Commit 00fbbfe9 authored by Julien Muchembled's avatar Julien Muchembled

New --is-needed option to test whether re6st should be setup or not

parent 3493e13b
......@@ -17,6 +17,10 @@ def main():
_ = parser.add_argument
_('--registry', required=True, metavar='URL',
help="HTTP URL of the server delivering certificates.")
_('--is-needed', action='store_true',
help="Exit immediately after asking the registry CA. Status code is"
" non-zero if we're already part of the network, which means"
" re6st is already running or we're behind a re6st router.")
_('--ca-only', action='store_true',
help='Only fetch CA from registry and exit.')
_('-d', '--dir',
......@@ -46,8 +50,16 @@ def main():
s = xmlrpclib.ServerProxy(config.registry, allow_none=True)
# Get CA
create(ca_path, s.getCa())
ca = s.getCa()
network = utils.networkFromCa(ca)
if config.is_needed:
route, err = subprocess.Popen(('ip', '-6', '-o', 'route', 'get',
sys.exit(err or route and
create(ca_path, ca)
if config.ca_only:
......@@ -145,8 +157,8 @@ dh %s
""" % (config.registry, ca_path, cert_path, key_path, dh_path))
print "Sample configuration file created."
cn = utils.subnetFromCert(cert_path)
subnet = utils.networkFromCa(ca_path) + utils.binFromSubnet(cn)
cn = utils.subnetFromCert(cert)
subnet = network + utils.binFromSubnet(cn)
print "Your subnet: %s/%u (CN=%s)" \
% (utils.ipFromBin(subnet), len(subnet), cn)
......@@ -127,17 +127,13 @@ def ipFromBin(ip, suffix=''):
return socket.inet_ntop(socket.AF_INET6,
struct.pack('>QQ', int(ip[:64], 2), int(ip[64:], 2)))
def networkFromCa(ca_path):
# Get network prefix from ca.crt
with open(ca_path, 'r') as f:
ca = crypto.load_certificate(crypto.FILETYPE_PEM,
return bin(ca.get_serial_number())[3:]
def subnetFromCert(cert_path):
# Get ip from cert.crt
with open(cert_path, 'r') as f:
cert = crypto.load_certificate(crypto.FILETYPE_PEM,
return cert.get_subject().CN
def networkFromCa(ca):
ca = crypto.load_certificate(crypto.FILETYPE_PEM, ca)
return bin(ca.get_serial_number())[3:]
def subnetFromCert(cert):
cert = crypto.load_certificate(crypto.FILETYPE_PEM, cert)
return cert.get_subject().CN
def dump_address(address):
return ';'.join(map(','.join, address))
......@@ -111,8 +111,10 @@ def getConfig():
def main():
# Get arguments
config = getConfig()
network = utils.networkFromCa(
prefix = utils.binFromSubnet(utils.subnetFromCert(config.cert))
with open( as f:
network = utils.networkFromCa(
with open(config.cert) as f:
prefix = utils.binFromSubnet(utils.subnetFromCert(
config.openvpn_args += (
'--cert', config.cert,
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment