onc-creator's People
onc-creator's Issues
No TLS-Auth support
TLS-Auth certs are currently interpreted as a certificate due to it's tagged nature, however the ONC spec has them as part of the network configuration.
https://docs.google.com/document/d/18TU22gueH5OKYHZVJ5nXuqHnk2GN6nDvfu2Hbrb4YLE/pub#h.oimioyixntt3 advises:
TLS_AUTH_KEY: This one is the TLS auth key, but there is a catch.
We need to remove the comment lines, but DO need to include the header and footer lines “-----BEGIN >OpenVPN Static Key V1-----” and the footer line “-----END OpenVPN Static Key V1-----”, but we replace >all the newlines with literal “\n” characters. This is not documented, but can be seen in the test cases for >the ChromeOS VPN support.
You can do this with this shell command:
grep -v '#' ta-demo.key | perl -p -e 's/\n/\\n/' -
Prompt when processing OVPN with external files
OVPN files can hold certificates either inline or externally. Inline file support is already implemented, but if an external file is specified, the app should display the cert window and allow an upload of the cert.
No PKCS12 Support
Generally OpenVPN uses three certificate files for a connection:
https://community.openvpn.net/openvpn/wiki/GettingStartedwithOVPN
The files you need to copy out from a CA are just 3 files for each client and server.
Private key (often a .key or .pem file)
Certificate (often a .crt or .pem file)
CA certificate (also a .crt or .pem file)"
The ONC format doesnt seem to support this configuration as it supports only a single client certificate. so currently the onc files produced by the app do not allow a connection to an OpenVPN server (despite being processed into a valid onc which can be imported into chromeOS)
To resolve this issue:
https://docs.google.com/document/d/18TU22gueH5OKYHZVJ5nXuqHnk2GN6nDvfu2Hbrb4YLE/pub
Advises that
ChromeOS needs the pkcs12 format key, you can generate that from the separate files created by the >“build-key” script, or you can use the build-key-pkcs12 script directly to save time.
If you have already generated the separate ca.crt, client.crt and client.key files, no problem, you can >generate the pkcs bundle like this:
openssl pkcs12 -export -in client.crt -inkey client.key -certfile ca.crt -name MyClient -out client.p12
since OVPN files generally contain <cert>
and <key>
tags we need to parse these into pkcs12 using JS
https://github.com/digitalbazaar/forge/blob/master/js/pkcs12.js
Does this in p12.toPkcs12Asn1
So this will need to be implemented, and possibly replace the CryptoJS usage throughout the script
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.