Separated codebase from development repo

helpers/openvpn-client-connect.py

@@ -0,0 +1,15 @@
+#!/usr/bin/python3
+import os
+import sys
+from pinecrypt.server import db
+
+# This implements OCSP like functionality
+
+obj = db.certificates.find_one({
+    # TODO: use digest instead
+    "serial_number": "%x" % int(os.environ["tls_serial_0"]),
+    "status":"signed",
+})
+
+if not obj:
+    sys.exit(1)

helpers/openvpn-learn-address.py

@@ -0,0 +1,28 @@
+#!/usr/bin/python3
+import os
+import sys
+from pinecrypt.server import db
+from datetime import datetime
+
+operation, addr = sys.argv[1:3]
+if operation == "delete":
+    pass
+else:
+    common_name = sys.argv[3]
+    db.certificates.update_one({
+        # TODO: use digest instead
+        "serial_number": "%x" % int(os.environ["tls_serial_0"]),
+        "status":"signed",
+    }, {
+        "$set": {
+            "last_seen": datetime.utcnow(),
+            "instance": os.environ["instance"],
+            "remote": {
+                "port": int(os.environ["untrusted_port"]),
+                "addr": os.environ["untrusted_ip"],
+            }
+        },
+        "$addToSet": {
+            "ip": addr
+        }
+    })

helpers/updown.py

@@ -0,0 +1,31 @@
+#!/usr/bin/python3
+import sys
+import os
+from pinecrypt.server import db
+from datetime import datetime
+
+addrs = set()
+for key, value in os.environ.items():
+    if key.startswith("PLUTO_PEER_SOURCEIP"):
+        addrs.add(value)
+
+with open("/instance") as fh:
+    instance = fh.read().strip()
+
+db.certificates.update_one({
+    "distinguished_name": os.environ["PLUTO_PEER_ID"],
+    "status":"signed",
+}, {
+    "$set": {
+        "last_seen": datetime.utcnow(),
+        "instance": instance,
+        "remote": {
+            "addr": os.environ["PLUTO_PEER"]
+        }
+    },
+    "$addToSet": {
+        "ip": {
+            "$each": list(addrs)
+        }
+    }
+})