add support script for generating client file

util/client/generate_client.py

@@ -3,6 +3,7 @@ Utility for generating OpenVPN client configuration files.
 """
 
 import os
+import subprocess
 
 def generate_client_config(username: str):
     """
@@ -11,19 +12,42 @@ def generate_client_config(username: str):
     Args:
         username: The username for which to generate the config.
     """
+    easyrsa_dir = "/etc/openvpn/easy-rsa/"
     ca_path = "/home/arthur/openvpn-ca/pki/ca.crt"
     ta_path = "/home/arthur/openvpn-ca/ta.key"
     client_crt_path = f"/home/arthur/openvpn-ca/pki/issued/{username}.crt"
     client_key_path = f"/home/arthur/openvpn-ca/pki/private/{username}.key"
     output_path = f"/etc/openvpn/client/{username}.ovpn"
 
-    # Verify that all required files exist
+    # Step 1: Generate the client certificate
+    print(f"Generating certificate for user: {username}...")
+    try:
+        command = ["./easyrsa", "build-client-full", username, "nopass"]
+        process = subprocess.run(
+            command,
+            cwd=easyrsa_dir,
+            check=True,
+            capture_output=True,
+            text=True
+        )
+        print(process.stdout)
+        print("Certificate generated successfully.")
+    except FileNotFoundError:
+        print(f"Error: 'easyrsa' script not found in {easyrsa_dir}. Please check the path.")
+        return
+    except subprocess.CalledProcessError as e:
+        print(f"Error generating certificate for user: {username}")
+        print(f"Return code: {e.returncode}")
+        print(f"Stderr: {e.stderr}")
+        return
+
+    # Step 2: Verify that all required files exist
     for f in [ca_path, ta_path, client_crt_path, client_key_path]:
         if not os.path.isfile(f):
-            print(f"Error: Cannot read file '{f}'.")
+            print(f"Error: Cannot read file '{f}'. File not found after generation.")
             return
 
-    # Read the content of the files
+    # Step 3: Read the content of the files
     try:
         with open(ca_path, 'r') as f:
             ca_content = f.read()
@@ -37,7 +61,7 @@ def generate_client_config(username: str):
         print(f"Error reading files: {e}")
         return
 
-    # Assemble the .ovpn configuration
+    # Step 4: Assemble the .ovpn configuration
     ovpn_config = f"""
 client
 dev tun
@@ -71,19 +95,25 @@ verb 3
 key-direction 1
 """
 
-    # Write the configuration to the output file
+    # Step 5: Write the configuration to the output file
     try:
-        # Ensure the output directory exists
         output_dir = os.path.dirname(output_path)
-        if not os.path.exists(output_dir):
+        # Check if dir exists and if we have write permission
-            # This part is tricky because of permissions.
+        if not os.path.isdir(output_dir) or not os.access(output_dir, os.W_OK):
-            # For now, we assume the directory exists.
+            print(f"Error: Output directory '{output_dir}' does not exist or is not writable.")
-            # On a real server, this would be handled by deployment scripts.
+            print("Please ensure you have the correct permissions to write to this directory.")
-            pass
+            # As a fallback, save to a local directory
+            local_output_dir = "generated-clients"
+            if not os.path.exists(local_output_dir):
+                os.makedirs(local_output_dir)
+            local_output_path = os.path.join(local_output_dir, f"{username}.ovpn")
+            with open(local_output_path, 'w') as f:
+                f.write(ovpn_config)
+            print(f"Could not write to server path. Saved config locally to: {local_output_path}")
+            return
 
         with open(output_path, 'w') as f:
             f.write(ovpn_config)
         print(f"Successfully generated client config: {output_path}")
     except IOError as e:
         print(f"Error writing to file: {e}")
-