1
0
mirror of https://github.com/ArcticFoxes-net/ONC-Converter synced 2024-11-18 01:31:32 -05:00

Split the big constructOnc function into parts

The parts are
* convertKeys
* convertToOnce
* constructOnc
This commit is contained in:
thomkeh 2018-08-03 13:26:16 +02:00
parent 225b541cb6
commit 1b2ed32529

View File

@ -158,6 +158,11 @@
(val.charAt(0) === "'" && val.slice(-1) === "'")) (val.charAt(0) === "'" && val.slice(-1) === "'"))
} }
/**
* This function is supposed to prevent any exploits via the object keys
*
* It's probably complete overkill.
*/
function makeSafe (val, doUnesc) { function makeSafe (val, doUnesc) {
val = (val || '').trim() val = (val || '').trim()
if (isQuoted(val)) { if (isQuoted(val)) {
@ -202,25 +207,28 @@
} }
/** /**
* Construct the ONC structure from the name, the parsed ovpn file and the keys * Convert the keys from the parsed OVPN file into ONC keys
* *
* @param {string} name Name of the connection
* @param {Object} ovpn The parsed OVPN file
* @param {Object} keys Strings with keys, indexed by key name * @param {Object} keys Strings with keys, indexed by key name
* @return {Object} The converted ONC structure * @param {Object} ovpn The parsed OVPN file
* @return {Object} ONC parameters and a list of converted certificates
*/ */
function constructOnc (name, ovpn, keys) { function convertKeys (keys, ovpn) {
if (!ovpn.client) {
console.warn('Is this a server file?')
}
let params = {} let params = {}
// Add certificates // Add certificates
let certs = [] let certs = []
let [cas, caGuids] = createCerts(keys, ovpn['ca'], 'Authority')
// Server certificate
// TODO: check whether the type should be 'Authority'
let [cas, caGuids] = constructCerts(keys, ovpn['ca'], 'Authority')
params['ServerCARefs'] = caGuids params['ServerCARefs'] = caGuids
certs = certs.concat(cas) certs = certs.concat(cas)
let [clientCerts, clientCertGuids] = createCerts(keys, ovpn['cert'], 'Authority')
// Client certificate
// TODO: handle other types of client certificates
let [clientCerts, clientCertGuids] = constructCerts(keys, ovpn['cert'],
'Authority')
if (clientCerts) { if (clientCerts) {
params['ClientCertType'] = 'Pattern' params['ClientCertType'] = 'Pattern'
params['ClientCertPattern'] = { params['ClientCertPattern'] = {
@ -230,6 +238,32 @@
} else { } else {
params['ClientCertType'] = 'None' params['ClientCertType'] = 'None'
} }
// TLS auth
if (ovpn['tls-auth']) {
let authKey = ovpn['tls-auth'].split(' ')
let keyString = keys[authKey[0]]
if (!keyString) {
alert("Please provide the file '" + authKey[0] + "' in 'Certificates and keys'")
}
params['TLSAuthContents'] = convertKey(keyString)
if (authKey[1]) params['KeyDirection'] = authKey[1]
}
return [params, certs]
}
/**
* Convert the parsed ovpn file into the ONC structure
*
* @param {Object} ovpn The parsed OVPN file
* @return {Array} An array with the host and an object with the parameters
*/
function convertToOnc (ovpn) {
if (!ovpn.client) {
console.warn('Is this a server file?')
}
let params = {}
// Add parameters // Add parameters
let remote = ovpn.remote.split(' ') let remote = ovpn.remote.split(' ')
@ -242,15 +276,6 @@
params['CompLZO'] = 'false' params['CompLZO'] = 'false'
} }
if (ovpn['persist-key']) params['SaveCredentials'] = true if (ovpn['persist-key']) params['SaveCredentials'] = true
if (ovpn['tls-auth']) {
let authKey = ovpn['tls-auth'].split(' ')
let keyString = keys[authKey[0]]
if (!keyString) {
alert("Please provide the file '" + authKey[0] + "' in 'Certificates and keys'")
}
params['TLSAuthContents'] = convertKey(keyString)
if (authKey[1]) params['KeyDirection'] = authKey[1]
}
if (ovpn['verify-x509-name']) { if (ovpn['verify-x509-name']) {
const x509String = ovpn['verify-x509-name'] const x509String = ovpn['verify-x509-name']
let x509 = {} let x509 = {}
@ -294,6 +319,24 @@
conditionalSet('auth', 'Auth') conditionalSet('auth', 'Auth')
conditionalSet('auth-retry', 'AuthRetry') conditionalSet('auth-retry', 'AuthRetry')
conditionalSet('reneg-sec', 'RenegSec', 'int') conditionalSet('reneg-sec', 'RenegSec', 'int')
return [host, params]
}
/**
* Construct the ONC structure from the name, the parsed ovpn file and the keys
*
* @param {string} name Name of the connection
* @param {Object} ovpn The parsed OVPN file
* @param {Object} keys Strings with keys, indexed by key name
* @return {Object} The converted ONC structure
*/
function constructOnc (name, ovpn, keys) {
let [host, params] = convertToOnc(ovpn)
let [certParams, certs] = convertKeys(keys, ovpn)
// merge parameters
params = Object.assign({}, params, certParams)
// Put together network configuration // Put together network configuration
let config = { let config = {
@ -351,8 +394,17 @@
} }
return cas return cas
} }
function createCerts (keys, certName, certType) { /**
* Construct certificates in the ONC format
*
* @param {Object} keys Strings with keys, indexed by key name
* @param {string} certName The index for the keys object
* @param {string} certType Type of the certificate: 'Authority', 'Client' or
* 'Server'
* @return {Array} An array of certificates and an array of corresponding IDs
*/
function constructCerts (keys, certName, certType) {
let certs = [] let certs = []
let certGuids = [] let certGuids = []
if (certName) { if (certName) {