#!/usr/bin/env python3
#
# Copyright VyOS maintainers and contributors <maintainers@vyos.io>
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2 or later as
# published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.

from os import system
from vyos.pki import create_private_key
from vyos.pki import create_certificate_request
from vyos.pki import create_certificate
from vyos.pki import create_certificate_revocation_list
from vyos.pki import create_dh_parameters
from vyos.pki import encode_certificate
from vyos.pki import encode_dh_parameters
from vyos.pki import encode_private_key
from vyos.utils.file import write_file

subject = {'country': 'DE', 'state': 'BY', 'locality': 'Cloud', 'organization': 'VyOS', 'common_name': 'VyOS'}
ca_subject = {'country': 'DE', 'state': 'BY', 'locality': 'Cloud', 'organization': 'VyOS', 'common_name': 'VyOS CA'}
subca_subject = {'country': 'DE', 'state': 'BY', 'locality': 'Cloud', 'organization': 'VyOS', 'common_name': 'VyOS SubCA'}

ca_cert = '/config/auth/ovpn_test_ca.pem'
ca_key = '/config/auth/ovpn_test_ca.key'
ca_cert_chain = '/config/auth/ovpn_test_chain.pem'
ca_crl = '/config/auth/ovpn_test_ca.crl'
subca_cert = '/config/auth/ovpn_test_subca.pem'
subca_csr = '/tmp/subca.csr'
subca_key = '/config/auth/ovpn_test_subca.key'
ssl_cert = '/config/auth/ovpn_test_server.pem'
ssl_key  = '/config/auth/ovpn_test_server.key'
dh_pem   = '/config/auth/ovpn_test_dh.pem'
s2s_key  = '/config/auth/ovpn_test_site2site.key'
auth_key = '/config/auth/ovpn_test_tls_auth.key'

rpki_ssh_priv_key = """
-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABFwAAAAdzc2gtcn
NhAAAAAwEAAQAAAQEAweDyflDFR4qyEwETbJkZ2ZZc+sJNiDTvYpwGsWIkju49lJSxHe1x
Kf8FhwfyMu40Snt1yDlRmmmz4CsbLgbuZGMPvXG11e34+C0pSVUvpF6aqRTeLl1pDRK7Rn
jgm3su+I8SRLQR4qbLG6VXWOFuVpwiqbExLaU0hFYTPNP+dArNpsWEEKsohk6pTXdhg3Vz
Wp3vCMjl2JTshDa3lD7p2xISSAReEY0fnfEAmQzH4Z6DIwwGdFuMWoQIg+oFBM9ARrO2/F
IjRsz6AecR/WeU72JEw4aJic1/cAJQA6PiQBHwkuo3Wll1tbpxeRZoB2NQG22ETyJLvhfT
aooNLT9HpQAAA8joU5dM6FOXTAAAAAdzc2gtcnNhAAABAQDB4PJ+UMVHirITARNsmRnZll
z6wk2INO9inAaxYiSO7j2UlLEd7XEp/wWHB/Iy7jRKe3XIOVGaabPgKxsuBu5kYw+9cbXV
7fj4LSlJVS+kXpqpFN4uXWkNErtGeOCbey74jxJEtBHipssbpVdY4W5WnCKpsTEtpTSEVh
M80/50Cs2mxYQQqyiGTqlNd2GDdXNane8IyOXYlOyENreUPunbEhJIBF4RjR+d8QCZDMfh
noMjDAZ0W4xahAiD6gUEz0BGs7b8UiNGzPoB5xH9Z5TvYkTDhomJzX9wAlADo+JAEfCS6j
daWXW1unF5FmgHY1AbbYRPIku+F9Nqig0tP0elAAAAAwEAAQAAAQACkDlUjzfUhtJs6uY5
WNrdJB5NmHUS+HQzzxFNlhkapK6+wKqI1UNaRUtq6iF7J+gcFf7MK2nXS098BsXguWm8fQ
zPuemoDvHsQhiaJhyvpSqRUrvPTB/f8t/0AhQiKiJIWgfpTaIw53inAGwjujNNxNm2eafH
TThhCYxOkRT7rsT6bnSio6yeqPy5QHg7IKFztp5FXDUyiOS3aX3SvzQcDUkMXALdvzX50t
1XIk+X48Rgkq72dL4VpV2oMNDu3hM6FqBUplf9Mv3s51FNSma/cibCQoVufrIfoqYjkNTj
IpYFUcq4zZ0/KvgXgzSsy9VN/4TtbalrOuu7X/SHJbvhAAAAgGPFsXgONYQvXxCnK1dIue
ozgaZg1I/n522E2ZCOXBW4dYJVyNpppwRreDzuFzTDEe061MpNHfScjVBJCCulivFYWscL
6oaGsryDbFxO3QmB4I98UBqrds2yan9/JGc6EYe299yvaHy7Y64+NC0+fN8H2RAZ61T4w1
0JrCaJRyvzAAAAgQDvBfuV1U7o9k/fbU+U7W2UYnWblpOZAMfi1XQP6IJJeyWs90PdTdXh
+l0eIQrCawIiRJytNfxMmbD4huwTf77fWiyCcPznmALQ7ex/yJ+W5Z0V4dPGF3h7o1uiS2
36JhQ7mfcliCkhp/1PIklBIMPcCp0zl+s9wMv2hX7w1Pah9QAAAIEAz6YgU9Xute+J+dBw
oWxEQ+igR6KE55Um7O9AvSrqnCm9r7lSFsXC2ErYOxoDSJ3yIBEV0b4XAGn6tbbVIs3jS8
BnLHxclAHQecOx1PGn7PKbnPW0oJRq/X9QCIEelKYvlykpayn7uZooTXqcDaPZxfPpmPdy
e8chVJvdygi7kPEAAAAMY3BvQExSMS53dWUzAQIDBAUGBw==
-----END OPENSSH PRIVATE KEY-----
"""

rpki_ssh_pub_key = """
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDB4PJ+UMVHirITARNsmRnZllz6wk2INO9inAaxYiSO7j2UlLEd7XEp/wWHB/Iy7jRKe3XIOVGaabPgKxsuBu5kYw+9cbXV7fj4LSlJVS+kXpqpFN4uXWkNErtGeOCbey74jxJEtBHipssbpVdY4W5WnCKpsTEtpTSEVhM80/50Cs2mxYQQqyiGTqlNd2GDdXNane8IyOXYlOyENreUPunbEhJIBF4RjR+d8QCZDMfhnoMjDAZ0W4xahAiD6gUEz0BGs7b8UiNGzPoB5xH9Z5TvYkTDhomJzX9wAlADo+JAEfCS6jdaWXW1unF5FmgHY1AbbYRPIku+F9Nqig0tP0el vyos@vyos
"""

### All OpenVPN related pub/priv keys generated on VyOS 1.3.8 using easyrsa
openvpn_ca_1 = """
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgIULRXlIT+yqqWW/OCBGnOtDtxmeJowDQYJKoZIhvcNAQEL
BQAwgasxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMQ4wDAYDVQQH
DAVQb3dheTEWMBQGA1UECgwNVnlPUyBOZXR3b3JrczEgMB4GA1UECwwXVnlPUyBO
ZXR3b3JrcyBUZXN0IENBIDExFDASBgNVBAMMC0Vhc3ktUlNBIENBMScwJQYJKoZI
hvcNAQkBFhh0ZXN0LWNhLm5vcmVwbHlAdnlvcy5kZXYwHhcNMjUxMjAxMDc0NDU4
WhcNMzUxMTI5MDc0NDU4WjCBqzELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlm
b3JuaWExDjAMBgNVBAcMBVBvd2F5MRYwFAYDVQQKDA1WeU9TIE5ldHdvcmtzMSAw
HgYDVQQLDBdWeU9TIE5ldHdvcmtzIFRlc3QgQ0EgMTEUMBIGA1UEAwwLRWFzeS1S
U0EgQ0ExJzAlBgkqhkiG9w0BCQEWGHRlc3QtY2Eubm9yZXBseUB2eW9zLmRldjCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALQHJWBuKQrFvX6pOhpk3FlJ
aCiwDxPWib0EfMZWeF+CsvHxYH1W/WZfhVW2PcL8Zti0ppoqRsIQpyUDygtwWLjw
MCVnQtD9yaA6rUImisQfNsR/ePrFaFK+8fSrGGS4poUnKFueNKzq4V9K7xMFb6+T
recvoclYDEeBMOpCt3dOSCwNlKa2CboUA0mbATXMiIm9lW/1K8bJ7UwRydiEIU9e
wi3ZCFXNw7FWj1h3cR1JwxwMPcL9jzm+jlhBTLCy7yiOkdCw7vVFBRa+OaxQ+tTv
S+IpPv5f4/9Hr19IqmsR5HBOHJrYvgD3LDGFZZ1uuKeG4CM8N8G7K9DxqXvEl7EC
AwEAAaOCASwwggEoMB0GA1UdDgQWBBTh+x9ektMHGHxAY/+cZMng8fuGpTCB6wYD
VR0jBIHjMIHggBTh+x9ektMHGHxAY/+cZMng8fuGpaGBsaSBrjCBqzELMAkGA1UE
BhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExDjAMBgNVBAcMBVBvd2F5MRYwFAYD
VQQKDA1WeU9TIE5ldHdvcmtzMSAwHgYDVQQLDBdWeU9TIE5ldHdvcmtzIFRlc3Qg
Q0EgMTEUMBIGA1UEAwwLRWFzeS1SU0EgQ0ExJzAlBgkqhkiG9w0BCQEWGHRlc3Qt
Y2Eubm9yZXBseUB2eW9zLmRldoIULRXlIT+yqqWW/OCBGnOtDtxmeJowDAYDVR0T
BAUwAwEB/zALBgNVHQ8EBAMCAQYwDQYJKoZIhvcNAQELBQADggEBACgqIP4xZo6i
oKnlNLhix4WRp0tRkveAKJ144ylCzzzP5+pdPQKS5hlydDcNxrJB6EYlkmaWBsvY
t7NO9oII4wwD7uvD7Tnad31ANc9lkD8qEksoVy5Sc9HpYQvo+a8ZH/Co8ciTse/e
UAIWzp8GHTH40HeqGtJGvLF4pHXxHYBO8vuZAL0Bs8hl7ihyOrRE5fkwjmWH3Rcs
avTF5jhAOsRsInUiqLUafFChvte3z739irjCaIK0lt0ZWfKvWVeV+JeNgwl0mqNq
78FZRQa7rC72x3UJJwV1xRcPp4Y+WW7Xb8gTZqkuMzBW3xgYuKlOmHOz1Ta2ktEt
eDdS5PF/c+g=
-----END CERTIFICATE-----
"""

openvpn_ca_2 = """
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgIUCKOAES495hrgXHMl0IQb1nkcWsEwDQYJKoZIhvcNAQEL
BQAwgasxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMQ4wDAYDVQQH
DAVQb3dheTEWMBQGA1UECgwNVnlPUyBOZXR3b3JrczEgMB4GA1UECwwXVnlPUyBO
ZXR3b3JrcyBUZXN0IENBIDIxFDASBgNVBAMMC0Vhc3ktUlNBIENBMScwJQYJKoZI
hvcNAQkBFhh0ZXN0LWNhLm5vcmVwbHlAdnlvcy5kZXYwHhcNMjUxMjAxMDc1MzE5
WhcNMzUxMTI5MDc1MzE5WjCBqzELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlm
b3JuaWExDjAMBgNVBAcMBVBvd2F5MRYwFAYDVQQKDA1WeU9TIE5ldHdvcmtzMSAw
HgYDVQQLDBdWeU9TIE5ldHdvcmtzIFRlc3QgQ0EgMjEUMBIGA1UEAwwLRWFzeS1S
U0EgQ0ExJzAlBgkqhkiG9w0BCQEWGHRlc3QtY2Eubm9yZXBseUB2eW9zLmRldjCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMxcxr7KKqKuUOWpyE/GZ2BY
vMxXEdDavQS3Ok2n5hFAnCAqtjCx63z26P18xJdqkpWpsyTxN5aEGgXyFUIL6kic
eL4D9vIO52swI8QaRi/4V7X86wJQqUaQYg7FMboeyBsLXFMl+TX1vkX/bgFiGSfq
S0oTPZt68GO6jHxbE1tqqhS2qQSVt/4WJMyZ3BFjQpz0szwcVh2tHKqSSuhpS0MY
8MKpeITo6LhPPphfpdBn6fizydj1IEdXD22YJK+YUYv2AFY5V6GzYYQpO2oGe9CG
W68a/Q+OtocZYvjpCIm21UFnfkxz4vdW7vNgBSXvfKOEZ+ZhKzaNL6Ftj0afJdsC
AwEAAaOCASwwggEoMB0GA1UdDgQWBBTaP0CGONZGw8I/Bze7xjO1p3dKszCB6wYD
VR0jBIHjMIHggBTaP0CGONZGw8I/Bze7xjO1p3dKs6GBsaSBrjCBqzELMAkGA1UE
BhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExDjAMBgNVBAcMBVBvd2F5MRYwFAYD
VQQKDA1WeU9TIE5ldHdvcmtzMSAwHgYDVQQLDBdWeU9TIE5ldHdvcmtzIFRlc3Qg
Q0EgMjEUMBIGA1UEAwwLRWFzeS1SU0EgQ0ExJzAlBgkqhkiG9w0BCQEWGHRlc3Qt
Y2Eubm9yZXBseUB2eW9zLmRldoIUCKOAES495hrgXHMl0IQb1nkcWsEwDAYDVR0T
BAUwAwEB/zALBgNVHQ8EBAMCAQYwDQYJKoZIhvcNAQELBQADggEBADjhWXjaR5EZ
oqHBD+H2F+YFg4oxf5vTr37JrsDINZG2cDprGQUl/8MrjziuVobtFzFLMlYwI+s8
ASV1eYa+8yGrZFspsaJ3FkvWLx1CRCbP+jH+rJu+PzkcNRf5RinNxRVt/TnZlWKG
AACsoGyzQJ3bg0NQKb47W0vD6PZ4nKK3SWvLdLBPW0bYpe62S3fE188fq4gr4Ig4
J0Egi2aZhX/MHpT9bYGvQih+FgY33aQiGQphX1FX2n4kC7fwcJlzlp+mMhmnjWwu
WSxRMFGAp6aJlPBvWbE3GyRx0b7skH7xmbRpV3DYbzxAxpzXw5o2xUx/tyQKW76X
p8nKZtK7jQM=
-----END CERTIFICATE-----
"""

openvpn_crl_1 = """
-----BEGIN X509 CRL-----
MIIDDzCCAfcCAQEwDQYJKoZIhvcNAQELBQAwgasxCzAJBgNVBAYTAlVTMRMwEQYD
VQQIDApDYWxpZm9ybmlhMQ4wDAYDVQQHDAVQb3dheTEWMBQGA1UECgwNVnlPUyBO
ZXR3b3JrczEgMB4GA1UECwwXVnlPUyBOZXR3b3JrcyBUZXN0IENBIDExFDASBgNV
BAMMC0Vhc3ktUlNBIENBMScwJQYJKoZIhvcNAQkBFhh0ZXN0LWNhLm5vcmVwbHlA
dnlvcy5kZXYXDTI1MTIwMTA5MjYwOFoXDTI2MDUzMDA5MjYwOFowIzAhAhAQ70nB
plg7b4g0yD0jTde6Fw0yNTEyMDEwOTI2MDBaoIHxMIHuMIHrBgNVHSMEgeMwgeCA
FOH7H16S0wcYfEBj/5xkyeDx+4aloYGxpIGuMIGrMQswCQYDVQQGEwJVUzETMBEG
A1UECAwKQ2FsaWZvcm5pYTEOMAwGA1UEBwwFUG93YXkxFjAUBgNVBAoMDVZ5T1Mg
TmV0d29ya3MxIDAeBgNVBAsMF1Z5T1MgTmV0d29ya3MgVGVzdCBDQSAxMRQwEgYD
VQQDDAtFYXN5LVJTQSBDQTEnMCUGCSqGSIb3DQEJARYYdGVzdC1jYS5ub3JlcGx5
QHZ5b3MuZGV2ghQtFeUhP7KqpZb84IEac60O3GZ4mjANBgkqhkiG9w0BAQsFAAOC
AQEAFVgGK+EIWsTO1d3PGeh+Sxp9etu60opYYcvtlEqZsyLOp8oJYslo62BNcrxz
LIoRTViEVqyFjxyl2+mTk9q/REZqcSSesBpdkzErdVLixCEeIfSgmBd3yoqih2gG
R+fEibG6ETbYAc4fzZN761F5Z7Wurm65s5Xgl4X6Vl989kskiw8C0ESeSUKciINP
mwWbwTRvJRStJve5NtkqpM6Rdq0SoTA0XWQqRcc7Aicv3/SI5aPpEGTLFKuRoCgG
GhnTQywaNACU/BykbjGiiFcwNWpfHrYj3lCFm2Gyw9Sw70PT1RGBDq9yBSa0Px2r
i1WjhnYF58PjrW3m1laoI+LkIg==
-----END X509 CRL-----
"""

openvpn_crl_2 = """
-----BEGIN X509 CRL-----
MIIDEDCCAfgCAQEwDQYJKoZIhvcNAQELBQAwgasxCzAJBgNVBAYTAlVTMRMwEQYD
VQQIDApDYWxpZm9ybmlhMQ4wDAYDVQQHDAVQb3dheTEWMBQGA1UECgwNVnlPUyBO
ZXR3b3JrczEgMB4GA1UECwwXVnlPUyBOZXR3b3JrcyBUZXN0IENBIDIxFDASBgNV
BAMMC0Vhc3ktUlNBIENBMScwJQYJKoZIhvcNAQkBFhh0ZXN0LWNhLm5vcmVwbHlA
dnlvcy5kZXYXDTI1MTIwMTA5MjYzMVoXDTI2MDUzMDA5MjYzMVowJDAiAhEAir2a
GfQlPIE/ohldfFbqRRcNMjUxMjAxMDkyNjI1WqCB8TCB7jCB6wYDVR0jBIHjMIHg
gBTaP0CGONZGw8I/Bze7xjO1p3dKs6GBsaSBrjCBqzELMAkGA1UEBhMCVVMxEzAR
BgNVBAgMCkNhbGlmb3JuaWExDjAMBgNVBAcMBVBvd2F5MRYwFAYDVQQKDA1WeU9T
IE5ldHdvcmtzMSAwHgYDVQQLDBdWeU9TIE5ldHdvcmtzIFRlc3QgQ0EgMjEUMBIG
A1UEAwwLRWFzeS1SU0EgQ0ExJzAlBgkqhkiG9w0BCQEWGHRlc3QtY2Eubm9yZXBs
eUB2eW9zLmRldoIUCKOAES495hrgXHMl0IQb1nkcWsEwDQYJKoZIhvcNAQELBQAD
ggEBAGgW8FkCVtFsmvnQcUuKtYEVco+xbl+DT++TTNuKneAIkqpDCtGNYG4GgV5X
isEa443ubxaIL7uAvKu4gAixT7wegLQV4x/+vFgzrCeTlktyGUH2P+53Dta0sBn0
A8X4onbe1dDciosMhh4cm4Rj6z8p3xom9aNq/R4hbPm0r2DZi5cfXAW3nuM/pmoi
9I8lU5UoA7oSw2/nvSt2NDbW5XusP7SwvLL3wtn8MBpa8Y91yjFGCGsruu9MkMwv
1KLb4v8RSDZqHmPeZP+hSPLl/CIzb1rQLEtjD9tbwigNLCVcnH1ZzveA5+B2o+q8
QwyETyzWdV4Y7JUsCGgTNVvpyJ4=
-----END X509 CRL-----
"""

openvpn_crypt_file = """
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
5f48386b6d3f5aa8c828d88fe5c6791f
a7cd0a72b283e2c8c3d8d7171ce4dcd9
3c33e06b3b99cf1868ddc90e803d2eaa
e3278e9f9bcb937482e1b01be85a2df5
ea1f1a83d07af10c9ae821655d332649
37d49eedcee1b2a4f742283ebeaa7524
5a3d0687c0122ed7d10bfeaff97885e8
9514573cc566de8d7effbe0fff50e01e
3d966ca8e5d5e7d756871aed46aafe4b
1d20c8ef6df39c07198dcf957661aefa
76e212078b7a4c2165b72929b15a1dd9
c540e71a50718d3e7d1a70e85b29481e
05636b9df49d2e018af79ec052dfdb99
f26da65bae32923a00eeb6a1e764630c
35b2a89da6092cff6cc438d4086f7679
2a1580af158f0b25ae41034933424d36
-----END OpenVPN Static key V1-----
"""

openvpn_dh_1 = """
-----BEGIN DH PARAMETERS-----
MIIBCAKCAQEA86ThynzIp1h5XN5YcVNUg+1G4EYqF81lypzqfx6zlD9eVSm6Sa1E
8sOtiMg1eAnz/tJYMmStJDJRnD62oxs/dgK4Imoz5clnZd0tq/ligwG1Qt54TuQ+
tlRBvQLa9r49kBRQRCka+R0YbQSaQGkwfD3VZfFX2CKeklcOnEVF5yXkaev10cBL
OEXYEbdGO+WPmdkY0VXr6dzRZjkATSG+BIaKJ78y6o5sIiyxjLzJFYUQm9Kx/s+n
JZLywufeycIycieMwGDyW6jewfBmdDPNgSiaDhbDpDcd7t/Qmoj01Y+z35YTnKuf
DCMzCfBxuV/+GM+XcbhRVFdRrgWOnnlQswIBAg==
-----END DH PARAMETERS-----
"""

openvpn_dh_2 = """
-----BEGIN DH PARAMETERS-----
MIIBCAKCAQEAle+JFVmEsawtaiX0AFEwAOhoVb6L7BY2Nh6tiVzFYiZEQoa6yMr5
vi7ZGIv9n0gbaMtW+L6e7E4gJXPDSL15VW16UfNg1mXm05jpuZPpXBZndk2CtFvV
ZHKzH1jnpO/E4oBjgJ2H4tVjIhPhgjk/oTc8yoQuluDnkhIcBcFqkdjS/vpAzfmA
xGtvcYseDS6/ZZI7z9qkYRKCm6v/i2xk+zEI9IqnmowCt+n51psMdfHSYPqXFJxf
S3ok//GvcJ7f4EEYUIVFsr+FbljlNN37FDauEgNa/eOGh9DIjsoY+EWoyhbzvw2r
M3Ij0zoYsc99E5+MPdXlfkSe0NesBHaK8wIBAg==
-----END DH PARAMETERS-----
"""

openvpn_hub_1_pub = """
-----BEGIN CERTIFICATE-----
MIIFPjCCBCagAwIBAgIQezkarqdV2mnNk8+FGw3WuTANBgkqhkiG9w0BAQsFADCB
qzELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExDjAMBgNVBAcMBVBv
d2F5MRYwFAYDVQQKDA1WeU9TIE5ldHdvcmtzMSAwHgYDVQQLDBdWeU9TIE5ldHdv
cmtzIFRlc3QgQ0EgMTEUMBIGA1UEAwwLRWFzeS1SU0EgQ0ExJzAlBgkqhkiG9w0B
CQEWGHRlc3QtY2Eubm9yZXBseUB2eW9zLmRldjAeFw0yNTEyMDEwNzQ1NDJaFw0y
ODExMTUwNzQ1NDJaMIGtMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5p
YTEOMAwGA1UEBwwFUG93YXkxFjAUBgNVBAoMDVZ5T1MgTmV0d29ya3MxIDAeBgNV
BAsMF1Z5T1MgTmV0d29ya3MgVGVzdCBDQSAxMRYwFAYDVQQDDA1vcGVudnBuLWh1
Yi0xMScwJQYJKoZIhvcNAQkBFhh0ZXN0LWNhLm5vcmVwbHlAdnlvcy5kZXYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDiS7M12I5D2Y+3GSNx2oNVFBEx
557FUUaV9Rf/OyN65HZ47qhQE6Kd5aEHJTIAFIALbzZwiZxYtFUGDD60p/lwB6si
B2/7YHQtHiu0dF0VHq+N2nTzMhQK+ORaMLbnpHnxEa4Amcof/IkopZF+FdL8D5y9
tNDwFQRFNg4XU5Lnumb5f5974KlWV2qvwLEmkyklpzf0oPS2rUzb1L3TZzsjwXzg
TGzxWgaOd9W3APeuxBQDznQfTA6Byj+vZEEqTSJLFwROJ33+G46CLoAJAk+aXpZg
Mzrzk/KG0F+W3hvtVDPmkFN/bxqM5R/NjRvJWhthILOh10bI+eC3mc7kT2RlAgMB
AAGjggFYMIIBVDAJBgNVHRMEAjAAMB0GA1UdDgQWBBQujCWJeWPGu1pXOZ7Y9vr6
lWSkcTCB6wYDVR0jBIHjMIHggBTh+x9ektMHGHxAY/+cZMng8fuGpaGBsaSBrjCB
qzELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExDjAMBgNVBAcMBVBv
d2F5MRYwFAYDVQQKDA1WeU9TIE5ldHdvcmtzMSAwHgYDVQQLDBdWeU9TIE5ldHdv
cmtzIFRlc3QgQ0EgMTEUMBIGA1UEAwwLRWFzeS1SU0EgQ0ExJzAlBgkqhkiG9w0B
CQEWGHRlc3QtY2Eubm9yZXBseUB2eW9zLmRldoIULRXlIT+yqqWW/OCBGnOtDtxm
eJowEwYDVR0lBAwwCgYIKwYBBQUHAwEwCwYDVR0PBAQDAgWgMBgGA1UdEQQRMA+C
DW9wZW52cG4taHViLTEwDQYJKoZIhvcNAQELBQADggEBAF/ndor0WZHcHgwSQTd9
f4heYHMmy2CNBuodaEhFfszgT5s3Cxu3rmiTkciffzlF9P25QupW73XqZ0brKYn7
NR/StUjzWafcJL+0HO3Mcc14sFY3S+CW2iHgDlhOlOIdkHvkCmG27oBRkp2wAOb8
Bxc2nnV4Bn6n2DF3HYS+8YwGB1nlrkeRVIT4zBIpCofWMO4PRXFceksGxxZ1Acna
wlLaL0lmZZFKTrueVY5JePUPqO2awxiy9uh83szZ5j6ZQKEYkVl6tMc+/fS+ZrQe
WU7WBESg7WQ+UNFy4GdubmMEIReolEWvuUcEQlhWcLCeP4H4yvXoM21M1i/q28M7
wZI=
-----END CERTIFICATE-----
"""

openvpn_hub_1_priv = """
-----BEGIN PRIVATE KEY-----
MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDiS7M12I5D2Y+3
GSNx2oNVFBEx557FUUaV9Rf/OyN65HZ47qhQE6Kd5aEHJTIAFIALbzZwiZxYtFUG
DD60p/lwB6siB2/7YHQtHiu0dF0VHq+N2nTzMhQK+ORaMLbnpHnxEa4Amcof/Iko
pZF+FdL8D5y9tNDwFQRFNg4XU5Lnumb5f5974KlWV2qvwLEmkyklpzf0oPS2rUzb
1L3TZzsjwXzgTGzxWgaOd9W3APeuxBQDznQfTA6Byj+vZEEqTSJLFwROJ33+G46C
LoAJAk+aXpZgMzrzk/KG0F+W3hvtVDPmkFN/bxqM5R/NjRvJWhthILOh10bI+eC3
mc7kT2RlAgMBAAECggEBAM3J5YkcDBPrr2PkunT5L+GYxCJL7fimdrg8ELyMPTGu
vYYwEmPv1zwb7Jog2x1zhxXe5vTkT4fjRkafsA59irq0Xo4tkUpaZov5GemawGNK
an9noF7gtZVczdyu3EY/Lp1pZIErWcJI1zpdhrfQhPOwBuwFmNQbaKzAAYR4/ek3
xkl76aLFjgf4Zo/+1VeDdmuvCXxLIc/3XEssirDGnKDPn1CSAcKKDEPX23MMHCAK
VnjmocrgfJd3g2ST0GsWtWjO2sn5twCN7EZNClF/jYbCOTUdgGbzQFkX3apkIrMG
FkNvxNZzo2ZtqPDZIhCvIGyoVX/bF+yTwgU2KBj2yqkCgYEA9ENeYV9oDe2Uq4TN
63FvKkHcP1hjhj3vK0zuWmiPSUAcd+uCtpBcyfn+UP3sq5WN/TYCFOPIiFck9k2b
m5OJzduUVJ7VvE56B/semvTkZOmHX3pVPQSNwZ5BuJ+osAqwVG1oD6nG9ewrf7eQ
zERUbpbMT+wZdEdESvouktkhmO8CgYEA7StRPmRLYZPOzlrRwqXR0MKo/TfItOUj
Nd1h/HD2l1XKbG7Dq+4UCI3TJnfpIa9CAKAf2MLnsAWIVObnLuStdIzoSuAw1zaz
mxN3Ssrc5YAj1jXUALcXIqMxhg+6Wip5SnvEzpoye5w+pA19JySpXqGfa/KhlcDY
W7ixcTmeD+sCgYEAvxmJ2HJ1DRiHzNzc4cvgZdYbAzAaxSblXCIXBIJzP6K54xRN
MpmlDpvYXPMcW21pJeZAIKnI9OoAz/YNvNzj3jthRAb0PxvCm0XbPu5DVbPipk8m
KtPKN+Whk1jN99SU+aiS1lZEg5gevBAYZ8c5qz+tXwXfMDqlcmdjUp4vi98CgYAM
0WiErLr+PRTSRkpL8NZUKBEmDlvEmxW6FYr0L87EAxj7n0joA+gFRlUBIT3yWhyB
GCZgerg25TWnEQuxlx5gzDTJxzAckZJHcVfjLO+fX7uQGjypBTw03QkSK8twkBca
FXJfkCnmUF16VFhNQ0f8G1QYa3acN136JxNAAVMvnQKBgQDodAp0BcUFcfeEHtK5
FzGJ57m4cXk4wMf0QcChCrxJwS5AIdAf4pjqKgjAd5OOqUJzcwPf8TEMWJRbUAOd
mnvB3fsLQaJMdq9y/h+GremZIdkXnM0SjmJfBnF9OOhCii3tR/xXVDj71JChkoeM
vQ1ROCMubFrRl2Kkt6i7sOq/UQ==
-----END PRIVATE KEY-----
"""

openvpn_hub_2_pub = """
-----BEGIN CERTIFICATE-----
MIIFPzCCBCegAwIBAgIRAN9Hxz6M0Vkcc+MHyj5ojKEwDQYJKoZIhvcNAQELBQAw
gasxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMQ4wDAYDVQQHDAVQ
b3dheTEWMBQGA1UECgwNVnlPUyBOZXR3b3JrczEgMB4GA1UECwwXVnlPUyBOZXR3
b3JrcyBUZXN0IENBIDIxFDASBgNVBAMMC0Vhc3ktUlNBIENBMScwJQYJKoZIhvcN
AQkBFhh0ZXN0LWNhLm5vcmVwbHlAdnlvcy5kZXYwHhcNMjUxMjAxMDc1MzQzWhcN
MjgxMTE1MDc1MzQzWjCBrTELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3Ju
aWExDjAMBgNVBAcMBVBvd2F5MRYwFAYDVQQKDA1WeU9TIE5ldHdvcmtzMSAwHgYD
VQQLDBdWeU9TIE5ldHdvcmtzIFRlc3QgQ0EgMjEWMBQGA1UEAwwNb3BlbnZwbi1o
dWItMjEnMCUGCSqGSIb3DQEJARYYdGVzdC1jYS5ub3JlcGx5QHZ5b3MuZGV2MIIB
IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAphlrcl3zMmzYQfVnlRTg66rJ
Uxx3bSwHkL66ZrUN8eScLSnW0Qz4s1PluZhvOKMf9v0sOEEXPouAf9UzAhQztYlU
6yc10F0CWKwjeNGVSDSLf6Uyc1Y2sYWXLQTIUg5t0wNaT9zBUH6Nzgocb5nrMYOV
6nvkdm/MrT+AxzJwow+l/if780anFgCXZNsmwt0Qxai1BAgQbIjSOyfXbhhzd7lP
cbdlXB3loW6f1JQc9pNbR0ZPj2vEFv1lHzya54cbNWQ510yGBqSi1YK4o8sxCNca
8nltH8skkkqugtG8hmk3Lzc3IxCiyXVSvTszsS5hQtQT+xioEKmh05yo4mIFbQID
AQABo4IBWDCCAVQwCQYDVR0TBAIwADAdBgNVHQ4EFgQUgp3Kp12Gk0cvFlUnzsRL
tv5qdOswgesGA1UdIwSB4zCB4IAU2j9AhjjWRsPCPwc3u8Yztad3SrOhgbGkga4w
gasxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMQ4wDAYDVQQHDAVQ
b3dheTEWMBQGA1UECgwNVnlPUyBOZXR3b3JrczEgMB4GA1UECwwXVnlPUyBOZXR3
b3JrcyBUZXN0IENBIDIxFDASBgNVBAMMC0Vhc3ktUlNBIENBMScwJQYJKoZIhvcN
AQkBFhh0ZXN0LWNhLm5vcmVwbHlAdnlvcy5kZXaCFAijgBEuPeYa4FxzJdCEG9Z5
HFrBMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAsGA1UdDwQEAwIFoDAYBgNVHREEETAP
gg1vcGVudnBuLWh1Yi0yMA0GCSqGSIb3DQEBCwUAA4IBAQC8flK1UfwCtj79Jv5/
z/vyIwsNObTxQHag2eZmlJyMeX40T51uuSIifxPKqmyNk+7lk3nuqJkrRxFc63WV
wo2IIAVQmOz0D3zm2A/21Cree/wqyXpl4H05qfZ4J9NULFCNswQEUSSje9WpEp5v
ti5Qa88hFMzGS6C23FDL9A0LBeY9lsEieyVkEB3CRXHlkX/Mttg9DjbGRxjQX+VF
W3DLlHZjuONSs3nRKypHMRVNP0SqTtG4TQv5BqArDyJHon/N/mepwNR0zDT3ksUo
3WW3uGI9CGcZoVCAPo0+LrjaBUvJVPwG1kqr++bKndozLuy/68hit8cuEcc2Np43
Nqqd
-----END CERTIFICATE-----
"""

openvpn_hub_2_priv = """
-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCmGWtyXfMybNhB
9WeVFODrqslTHHdtLAeQvrpmtQ3x5JwtKdbRDPizU+W5mG84ox/2/Sw4QRc+i4B/
1TMCFDO1iVTrJzXQXQJYrCN40ZVINIt/pTJzVjaxhZctBMhSDm3TA1pP3MFQfo3O
Chxvmesxg5Xqe+R2b8ytP4DHMnCjD6X+J/vzRqcWAJdk2ybC3RDFqLUECBBsiNI7
J9duGHN3uU9xt2VcHeWhbp/UlBz2k1tHRk+Pa8QW/WUfPJrnhxs1ZDnXTIYGpKLV
grijyzEI1xryeW0fyySSSq6C0byGaTcvNzcjEKLJdVK9OzOxLmFC1BP7GKgQqaHT
nKjiYgVtAgMBAAECggEAFmWVFG3Qrjr5CiPSHMsc7QoxbXCINgNa3cyqC9FcGQLv
gDOFENlD68JjVpxUWvm8BKzsuoUkYj2jTRltcFlTA6aJ+c9mtTrlZxmHCvKPw5W6
PbMD04OLinJuCRb8//uMGYj5M42bz4PREThRz0ac7SdGHsEn9ERs/+txLOsDPylU
ZL4NrpYYespz45/AzgYflxk476l0IJhtLTY5N3XuJ7aonVZttDNA9Ds9W329spOE
hvQKVKtmzMEddTAPRuk15lq+qM8qdZb+h/cmx72zCegsuKNXrMhvemcZdOqjqZGC
li0p2hQawtKFzLhQUEYglUb/4lIB0Aihu84OHDchDQKBgQDSKUjW827NRQ6mysOB
a7SZBreSklkXArfLc/4nasQcdeoFGO6xHGo6MR78LHuuTC2O/MDeMZ0A5PAhB5Tr
WxVa9FSbbLk8Ytkm9VTZjdtaVDID0RuV7fcSgvpG+msrcC238uMo2rAtE7mNWJK4
COxy6vlAygt3SwXNVjh9GEBFQwKBgQDKU9v5f4uhlydW1Oj21kbPQU7vfaLt4dkz
znOTSOizqRyZdihNCuvdgyKphCRVR4x/bCNQ9VpScXe4p8LnOmPDr2K7FGW2It6D
WdRkqlTrFROtG9xPh1eNwzl3B+QSt7OC8+muL2gcv3V5V55mm9EojzKnlXYrs4V6
Jsef3GeHjwKBgF9+eOWLGZbWQTESw0FEgnxiK/nC3A5zorYkz6BziAbyoVKNoLAD
nFUyysSFJfHuFWl6edy8qH2miWJIwqcq7Qo2KVeyUH0a4VctdM+iAMELrupDEwjO
Z00XDMhBs366a1vBVuzSaekhpFeQnqJXE7GoCXgiFpGvGkTSX7qf0VxnAoGBAIjk
BiAfuKRi9X3dXaWsQop1gGevFG5ocSGJHE9ZdAAiejQmaov9yKm90NTqj/6XAysv
ShG7fxnqpXrtHoR90AQVBPLYkRyTKQOr4nUdfYj0YLSt9fhk9Mr4fEfZseksGyuN
xdxRPNq+e0fXDVgVMoWDpV0XVbWpp7SGymeRowZnAoGBAJXAgnKIVch/fXdoIjWF
ShPkZLa+784TTtg8XdYyyC/IEdgvWgNAZ71YBlIpupcORQwKFHR8wrQYj69f8U9c
pkFIqB20DQr2ZG7fxLA6kCwcCt33Qx5dC0pTvKROHUyO5riuL0UOTYDmHkwNBUC+
Gmcr5OJhN9KqJaAXkyekr3Xc
-----END PRIVATE KEY-----
"""

openvpn_shared_secret_1 = """
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
44a5889380ec775d952d94071f719bc1
282e4156c9e778895892302dcfafc233
e0d881e38393c033ab3067493dfbe234
4c58b3c22e1ae103b12a68c00df64ca7
2d30e49f2b19c0ac764120ede85af5a1
f9ade1752530ee7bafbf8512540d0379
75042d485a3661c0c70f292436bcdd9a
f410ce0b487ee2d717317414b659fe9d
8ba892eec8c7e7816110461784a40b91
8d98254e7a84cd06925124887bbf6a07
cc4eba384063a4dfb890ce0b76a56f55
df0dc4162f653c60858c3810d01071c8
22cac29e77840f0dad62776202073350
3d7c2cb9818096ed7b16f43cafd3963f
ac2b95a20540ed2f4e5d46298e107baa
0b3bdd0453edc82acbbb61eff4e43242
-----END OpenVPN Static key V1-----
"""

openvpn_shared_secret_2 = """
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
25f54b2c5bfc25adcd54c2107ded69fc
f79fdfb80dc95272a3591ac0cf298738
4beda01f91a4a6bbc8dd3123356f3d4a
e53a68e6fced4542066c257f8a45e754
16edee612e81dc723042e248ed408245
d67d15434a98df50caa039476868f7d5
23088f11dcef832abb037999102abdeb
d1454daa4dcc58f7fa6279ea1d8c7f2f
9c9fc1e155238b1a3fb011b2ef0c096a
fa268b08dbaf88f8a887240568118047
25857423a5b634e7859596075fdbd809
657bcbc912535c55d6dcda4043336bed
d6cb91560a0d15f38983a498e3085a9e
fe4c82ebe9003161619a475f16355127
a14824a1e66b8327bd7e8d6e7882b3ec
89b5fd1f3008ff9f79569f0d368cfb3d
-----END OpenVPN Static key V1-----
"""

openvpn_tls_auth_1 = """
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
5c4fea2d9db3314af54aab7dfcf9b50c
b540a015bf67aa1000e03fad65e78566
4fef8910c7c219a7568c77e1b51eebe3
8dd794e7d3718298ad1aceb02740949a
65a22283df2962e1c61abee62ee9107d
8572ee8e9bc15a43cda9647386c32f36
0002e1c3835fef4a1cb9439f8e56e93d
2808102d57d2709ba2302a2b9f1ab5fe
684edf584fb010e6cae580df30466355
3b662fb91dba47e8573870ab52511e99
e59c42bce8631dfb9200fb37652efd15
8e656b9ed4b9b4f3e73ce8e8f918e194
02b80f6b5a36239bb6a3ca6f8b09e0cb
9620126d171659161615790bbf441a54
4911724f1b08e7d6d327cd87eeb0edfa
5a2cbdd8a2e07bde2251d65b6f609439
-----END OpenVPN Static key V1-----
"""

openvpn_tls_auth_2 = """
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
9d530ed1da7696eb75afa37520adeecb
510e3e7506ce5d73d30eaffd6b2abc52
7f1ccf20ae28e0834490d5fb4ef34b06
979707bc0dc1950d66e051a2c5232062
0465e879c3278af05ba892be9c5a320a
1bba19b46eff1fd13a61699d9ec5b677
5d3ce3f3ba141885ee0276f2a8d54550
4eddd028762c4343258fa5ba9722b0d8
0a06571d4f6a20527ddfb63d40e58821
2158ed154d0a244e238274426369b256
d6ac7c2161a2931f2e4afad77df7aa3f
84e3728c5794fa18bb592647db77d1eb
4d3a91127f3f91dcff527a5995b3f3c7
1cc745f27aa69659472ef337f6b4432b
01792a720b9722da5bf5d9d2a6e8601f
191750d6c331be9049240f1a292b370e
-----END OpenVPN Static key V1-----
"""

def create_cert(subject, cert_path, key_path, sign_by=None, sign_by_key=None, ca=False, sub_ca=False):
    priv_key = create_private_key('rsa', 2048)
    cert_req = create_certificate_request(subject, priv_key)
    cert = create_certificate(
        cert_req,
        sign_by if sign_by else cert_req,
        sign_by_key if sign_by_key else priv_key,
        is_ca=ca, is_sub_ca=sub_ca)

    with open(cert_path, 'w') as f:
        f.write(encode_certificate(cert))

    with open(key_path, 'w') as f:
        f.write(encode_private_key(priv_key))

    return cert, priv_key

def create_empty_crl(crl_path, sign_by, sign_by_key):
    crl = create_certificate_revocation_list(sign_by, sign_by_key, [1])

    with open(crl_path, 'w') as f:
        f.write(encode_certificate(crl))

    return crl

if __name__ == '__main__':
    # Create Root CA
    ca_cert_obj, ca_key_obj = create_cert(ca_subject, ca_cert, ca_key, ca=True)

    # Create Empty CRL
    create_empty_crl(ca_crl, ca_cert_obj, ca_key_obj)

    # Create Intermediate CA
    subca_cert_obj, subca_key_obj = create_cert(
        subca_subject, subca_cert, subca_key,
        sign_by=ca_cert_obj, sign_by_key=ca_key_obj,
        ca=True, sub_ca=True)

    # Create Chain
    with open(ca_cert_chain, 'w') as f:
        f.write(encode_certificate(subca_cert_obj) + "\n")
        f.write(encode_certificate(ca_cert_obj) + "\n")

    # Create Server Cert
    create_cert(subject, ssl_cert, ssl_key, sign_by=subca_cert_obj, sign_by_key=subca_key_obj)

    # Create DH params
    dh_params = create_dh_parameters()

    with open(dh_pem, 'w') as f:
        f.write(encode_dh_parameters(dh_params))

    # OpenVPN S2S Key
    system(f'openvpn --genkey secret {s2s_key}')

    # OpenVPN Auth Key
    system(f'openvpn --genkey secret {auth_key}')

    write_file('/config/id_rsa', rpki_ssh_priv_key.strip())
    write_file('/config/id_rsa.pub', rpki_ssh_pub_key.strip())
    write_file('/config/known-hosts-file', '')

    # Testcases for improved config migrator T7738
    write_file('/config/auth/openvpn/ca-1.crt', openvpn_ca_1)
    write_file('/config/auth/openvpn/ca-2.crt', openvpn_ca_2)
    write_file('/config/auth/openvpn/crl-1.pem', openvpn_crl_1)
    write_file('/config/auth/openvpn/crl-2.pem', openvpn_crl_2)
    write_file('/config/auth/openvpn/crypt-file.key', openvpn_crypt_file)
    write_file('/config/auth/openvpn/dh-1.pem', openvpn_dh_1)
    write_file('/config/auth/openvpn/dh-2.pem', openvpn_dh_2)
    write_file('/config/auth/openvpn/openvpn-hub-1.crt', openvpn_hub_1_pub)
    write_file('/config/auth/openvpn/openvpn-hub-1.key', openvpn_hub_1_priv)
    write_file('/config/auth/openvpn/openvpn-hub-2.crt', openvpn_hub_2_pub)
    write_file('/config/auth/openvpn/openvpn-hub-2.key', openvpn_hub_2_priv)
    write_file('/config/auth/openvpn/shared-secret-1.key', openvpn_shared_secret_1)
    write_file('/config/auth/openvpn/shared-secret-2.key', openvpn_shared_secret_2)
    write_file('/config/auth/openvpn/tls-auth-1.key', openvpn_tls_auth_1)
    write_file('/config/auth/openvpn/tls-auth-2.key', openvpn_tls_auth_2)
