├── README.md ├── dispatcher ├── LICENSE ├── client │ ├── dispatcher_client.py │ └── launch_client.py ├── dispatcher_ctrl.py └── server │ ├── dispatcher_server.py │ └── launch_server.py ├── openvpn_config ├── README.md ├── rcs_robots.conf ├── rcs_users.conf └── rsa_generator │ ├── easy-rsa │ ├── robotclient.conf │ ├── robotside │ │ ├── build-ca │ │ ├── build-dh │ │ ├── build-inter │ │ ├── build-key │ │ ├── build-key-pass │ │ ├── build-key-pkcs12 │ │ ├── build-key-server │ │ ├── build-req │ │ ├── build-req-pass │ │ ├── clean-all │ │ ├── inherit-inter │ │ ├── list-crl │ │ ├── openssl-0.9.6.cnf │ │ ├── openssl-0.9.8.cnf │ │ ├── openssl-1.0.0.cnf │ │ ├── pkitool │ │ ├── revoke-full │ │ ├── sign-req │ │ ├── vars │ │ └── whichopensslcnf │ ├── userclient.conf │ └── userside │ │ ├── build-ca │ │ ├── build-dh │ │ ├── build-inter │ │ ├── build-key │ │ ├── build-key-pass │ │ ├── build-key-pkcs12 │ │ ├── build-key-server │ │ ├── build-req │ │ ├── build-req-pass │ │ ├── clean-all │ │ ├── inherit-inter │ │ ├── list-crl │ │ ├── openssl-0.9.6.cnf │ │ ├── openssl-0.9.8.cnf │ │ ├── openssl-1.0.0.cnf │ │ ├── pkitool │ │ ├── revoke-full │ │ ├── sign-req │ │ ├── vars │ │ └── whichopensslcnf │ ├── generate_config.sh │ └── generate_key_only.sh └── rms_extension ├── LICENSE ├── README.md └── app ├── Config └── bootstrap.php ├── Controller ├── AppointmentsController.php ├── DispatcherController.php ├── EnvironmentsController.php ├── IfacesController.php ├── MjpegsController.php ├── RosbridgesController.php └── UsersController.php ├── Model └── DispatcherClient.php ├── View ├── BasicInterface │ └── view.ctp ├── Dispatcher │ ├── admin_index.ctp │ └── index.ctp ├── Elements │ └── menu.ctp ├── Environments │ └── admin_index.ctp ├── Mjpegs │ ├── admin_index.ctp │ └── admin_view.ctp ├── Rosbridges │ ├── admin_index.ctp │ └── admin_view.ctp └── Users │ └── view.ctp └── webroot ├── css └── dispatcher.css ├── ext └── getData.php └── js └── jquery.min.js /README.md: -------------------------------------------------------------------------------- 1 | # Robot Management Cloud Server 2 | 3 | ## About the project 4 | This software solution enables you to control, manage and supervise ROS-based robots. It allows you secure remote access, and is compatible with any third party application protocol, as it offers routing and port mapping independent on the payload or type of packet. 5 | 6 | The possible usage of this software is very wide, ranging from home use, while making a single robot accessible from network, to remote lab management, where you can control robots in the lab, deploy software on them, connect through SSH and all of that from the comfort of your home. 7 | The protocol, which is used for configuration of the routing tables in the reverse proxy server is simple enough to be used in any other application that you might have developed, or might want to, as it is completely independent of the RMS system, which was simply chosen as a tested and rich UI with user authentication. 8 | 9 | The project can be found on ROS wiki as well ([link](http://wiki.ros.org/robotcloudserver)). 10 | 11 | The whole system consists of several parts: 12 | * OpenVPN network 13 | * RMS (Robot Management System) and it's extension 14 | * Dispatcher 15 | 16 | ## OpenVPN 17 | [Get OpenVPN](https://openvpn.net/index.php/open-source/downloads.html) 18 | 19 | The VPN network should be set up first, you can either make your own configuration, or use the one supplied in **openvpn_config** folder, in **user_client**, **robot_client** and **server** subfolders respectively. 20 | 21 | If you are to use your own configuration, keep in mind that client isolation is strongly advised, as well as no routing being set. 22 | Since the robots and user clients need to communicate only with the server, adding these options would only cause security risk. 23 | 24 | One VPN network should be sufficient, given the client isolation, but two is strongly recommended, so a user cannot create a fake robot connection, 25 | which would not cause any security issues, but could cause conflicts in robot identification. 26 | 27 | There are tools for OpenVPN configuration and key generation available in the **openvpn_config** folder. More information is also available in the readme file in that folder. 28 | 29 | ## RMS extension 30 | [Get RMS](http://wiki.ros.org/rms) 31 | 32 | RMS setup is to be done exactly as described on the RMS webpage, with the addition of copying and overwriting the files in **app** folder by the ones 33 | supplied from this repository (**rms_extension/app**), after the installation is complete. 34 | 35 | Once you complete the installation and copy the required files, you need to navigate to the installation folder and modify file located in **RMS_FOLDER/app/config/bootstrap.php** 36 | You will find a line containing **"VPN_SERVER_IP"** and change the IP address there to the address of the VPN server, to which user clients will connect. 37 | 38 | Also, RMS requires rosbrdige to be installed and running on the side of the robots. How to install and run rosbridge on the robots running ROS is described on the [official website](http://wiki.ros.org/rosbridge_suite). 39 | 40 | ## Dispatcher 41 | 42 | Once the VPN and RMS with the extension are set up, you need to configure and run **launch_server.py** on the server side, and **launch_client.py** on the side of the robot. 43 | 44 | On the client, all you need to do is to edit the address of the server, you will find at the end of the script, simply change the **"cloudServerIP"** to the IP address 45 | of the VPN server for robots. 46 | 47 | On the server side, you may want to again navigate to the bottom lines of the script, and modify the listening ports or addresses for server threads, 48 | or add another network service by adding another line with the **"addTunnel"** method. 49 | 50 | Details of both server and client configurations for Dispatcher can be found in corresponding launch files. 51 | 52 | ## Docker 53 | The server part of the application is also available as a Docker image, information on running it is available in it's Docker repository - [mjezersky/robotcloudserver](https://hub.docker.com/r/mjezersky/robotcloudserver/). 54 | -------------------------------------------------------------------------------- /dispatcher/LICENSE: -------------------------------------------------------------------------------- 1 | Software License Agreement (BSD License) 2 | 3 | Copyright (c) 2016, Matouš Jezerský 4 | All rights reserved. 5 | 6 | Redistribution and use in source and binary forms, with or without 7 | modification, are permitted provided that the following conditions 8 | are met: 9 | 10 | * Redistributions of source code must retain the above copyright 11 | notice, this list of conditions and the following disclaimer. 12 | * Redistributions in binary form must reproduce the above 13 | copyright notice, this list of conditions and the following 14 | disclaimer in the documentation and/or other materials provided 15 | with the distribution. 16 | * Neither the name of the author nor the 17 | names of the contributors may be used to endorse or promote 18 | products derived from this software without specific prior 19 | written permission. 20 | 21 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 22 | "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 23 | LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 24 | FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 25 | COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, 26 | INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 27 | BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 28 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 29 | CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30 | LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN 31 | ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 32 | POSSIBILITY OF SUCH DAMAGE. -------------------------------------------------------------------------------- /dispatcher/client/dispatcher_client.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | 3 | ## -------------------------------------------------------------- 4 | ## Dispatcher client 5 | ## Author: Matous Jezersky - xjezer01@stud.fit.vutbr.cz 6 | ## All rights reserved 7 | ## -------------------------------------------------------------- 8 | 9 | #client ver 1.1.0 10 | 11 | import socket, threading, time, random, signal, sys 12 | 13 | # SIGINT handler (only active if rospy is enabled) 14 | def sigint_handler(signal, frame): 15 | print '\nInterrupted\n' 16 | sys.exit(0) 17 | 18 | # check for rospy availability 19 | try: 20 | import rospy 21 | from std_msgs.msg import String 22 | ROSPY_AVAILABLE = True 23 | signal.signal(signal.SIGINT, sigint_handler) 24 | except ImportError: 25 | ROSPY_AVAILABLE = False 26 | print "Warning: rospy module unavailable - Functions using it have been disabled." 27 | 28 | # socket buffer size 29 | BUFSIZE = 1024 30 | 31 | # the main and only class of the client 32 | class DispatcherClient(): 33 | def __init__(self, idStr, dispServerIp, dispServerPort=2107, batteryTopic = None): 34 | self.dispServerIp = dispServerIp 35 | self.dispServerPort = dispServerPort 36 | 37 | self.idStr = idStr 38 | self.data = {"message":"N/A", "battery":"N/A", "conn_quality":"N/A"} 39 | self.socket = None 40 | self.dataSem = threading.Semaphore() 41 | self.msgFunction = None 42 | self.batteryTopic = batteryTopic 43 | self.batteryState = "N/A" 44 | print "This client's ID:", self.idStr 45 | print "Attempting to connect..." 46 | 47 | # get battery information from the set source 48 | def getBatteryInfo(self): 49 | global ROSPY_AVAILABLE 50 | if (self.batteryTopic == None) or (not ROSPY_AVAILABLE): 51 | f = open("/sys/class/power_supply/BAT0/capacity", "r") 52 | batState = f.read()+"%" 53 | f.close() 54 | return batState 55 | else: 56 | return self.batteryState 57 | 58 | # rospy callback 59 | def updateBattery(self, newState): 60 | # semaphore is unnecessary as we don't mind getting slightly outdated value 61 | self.batteryState = str(newState.data) 62 | 63 | # update data that is sent to the dispatcher - battery info and message 64 | def updateData(self): 65 | self.dataSem.acquire() 66 | try: # battery info 67 | self.data["battery"] = self.getBatteryInfo() 68 | except: 69 | self.data["battery"] = "N/A" 70 | 71 | if self.msgFunction != None: 72 | self.data["message"] = self.msgFunction() 73 | self.dataSem.release() 74 | 75 | # change data that is sent to the dispatcher 76 | def setData(self, data): 77 | self.dataSem.acquire() 78 | self.data = data 79 | self.dataSem.release() 80 | 81 | # get data that is sent to the dispatcher 82 | def getData(self): 83 | self.dataSem.acquire() 84 | retVal = str(self.data) 85 | self.dataSem.release() 86 | return retVal 87 | 88 | # method for initialization and establishing of a connection 89 | def establishConnection(self): 90 | try: 91 | self.sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) 92 | self.sock.connect((self.dispServerIp, self.dispServerPort)) 93 | msg = self.sock.recv(128) # receive HELLO 94 | if msg != "HELLO": 95 | self.sock.send("NACK") 96 | self.sock.close() 97 | raise Exception("bad data") 98 | self.sock.send("TUNNEL_CLIENT") # respond with TUNNEL_CLIENT 99 | msg = self.sock.recv(128) # receive ACK 100 | if msg != "ID_REQUEST": 101 | self.sock.send("NACK") 102 | self.sock.close() 103 | raise Exception("bad data") 104 | self.sock.send(self.idStr) # respond with id 105 | return True 106 | except KeyboardInterrupt: 107 | exit() 108 | except Exception as err: 109 | print err, "- establish failed at", self.dispServerIp, self.dispServerPort 110 | return False 111 | 112 | # main method of the client - it handles connecting to the server and also responds to the requests 113 | def mainloop(self): 114 | global ROSPY_AVAILABLE 115 | if ROSPY_AVAILABLE and self.batteryTopic != None: 116 | rospy.init_node('dclnt_bat_reader', anonymous=True) 117 | rospy.Subscriber(self.batteryTopic, String, self.updateBattery) 118 | while 1: 119 | # try to establish connection 120 | if self.establishConnection(): 121 | print "Connected" 122 | try: 123 | while 1: 124 | inData = self.sock.recv(128) # request from dispatcher server 125 | if "DISPATCHER_DATA_REQUEST" in inData: 126 | self.updateData() 127 | self.sock.send(self.getData()) 128 | elif "ECHO" in inData: # echo for RTT measurement 129 | self.sock.send("ECHO") 130 | else: 131 | self.sock.send("NACK") 132 | except KeyboardInterrupt: break 133 | # IOError is thrown by both sockets on unexpected closure and by rospy 134 | except IOError as err: 135 | print err 136 | print "Lost connection with dispatcher server" 137 | except Exception as err: 138 | print err 139 | print "Lost connection with dispatcher server" 140 | try: 141 | time.sleep(1) 142 | print "Reconnecting..." 143 | except: 144 | print "\nExiting..." 145 | self.sock.close() 146 | exit() 147 | self.sock.close() 148 | -------------------------------------------------------------------------------- /dispatcher/client/launch_client.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | 3 | ## Dispatcher client launch script 4 | ## (for client version 1.x) 5 | 6 | from dispatcher_client import * 7 | 8 | ## Demo function for message content 9 | def demoFunction(): 10 | return str(time.ctime()) 11 | 12 | ## IP address of dispatcher server to connect to 13 | dispatcherServerIP = "10.8.0.1" 14 | 15 | ## Unique ID (name) of the dispatcher client 16 | clientName = socket.gethostname() 17 | 18 | ## Create dispatcher client instance - required arguments: 19 | ## idStr ... unique string for easier client identification, name or similar 20 | ## dispServerIp ... IP address of the dispatcher server to connect to 21 | ## Optional arguments: 22 | ## dispServerPort ... port of the dispatcher server to connect to (default 2107) 23 | ## batteryTopic ... ROS topic for reading battery state, should be a std_msgs/String with data containing the battery percentage 24 | ## if rospy module is not available, this argument is ignored 25 | ## if set to None or ignored, /sys/class/power_supply/BAT0/capacity is used 26 | ## (default None) 27 | dispClnt = DispatcherClient(clientName, dispatcherServerIP) 28 | 29 | ## Or launch the client, getting battery info from the topic /battery 30 | # dispClnt = DispatcherClient(clientName, dispatcherServerIP, batteryTopic="/battery") 31 | 32 | ## Custom function for the message, that will be displayed in dispatcher interface 33 | ## Return value of the function has to be string 34 | dispClnt.msgFunction = demoFunction 35 | 36 | ## Launch the client 37 | dispClnt.mainloop() 38 | -------------------------------------------------------------------------------- /dispatcher/dispatcher_ctrl.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | 3 | ## -------------------------------------------------------------- 4 | ## Dispatcher demo app client 5 | ## Author: Matous Jezersky - xjezer01@stud.fit.vutbr.cz 6 | ## All rights reserved 7 | ## -------------------------------------------------------------- 8 | 9 | 10 | ## Example of a client for dispatcher control protocol. 11 | ## This is a line client, allowing the user to enter the commands manually 12 | 13 | ## Dispatcher control protocol commands: 14 | ## Bclient_ip#server_ip#bind_time ... bind client_ip to server_ip for amount of seconds specified in bind_time 15 | ## ( example: link 10.8.0.10 to 10.7.0.5 for 1 minute: B10.8.0.1#10.7.0.5#60 ) 16 | ## GET_ALL_DATA ... returns the JSON object containing information about connected clients ) 17 | ## BINDINGS ... displays information about all bound IPs 18 | 19 | import socket 20 | 21 | try: 22 | 23 | data = "testdata"#raw_input("data=") 24 | 25 | print "mini debug app protocol type 'exit' to exit" 26 | 27 | 28 | 29 | sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) 30 | sock.connect(("localhost", 2107)) 31 | print "connected" 32 | msg = sock.recv(128) # prijmu HELLO 33 | if msg != "HELLO": 34 | sock.close() 35 | raise Exception("NO HELLO") 36 | sock.send("APP_CLIENT") # odeslu APP_CLIENT 37 | msg = sock.recv(128) # prijmu ACK 38 | if msg != "ACK": 39 | sock.close() 40 | raise Exception("NO ACK") 41 | while 1: 42 | data = raw_input("data>>>") 43 | if data == "exit": exit() 44 | sock.send(str(len(data))+"#") # odeslu delku dat 45 | sock.send(data) # odeslu data 46 | lenStr = "" 47 | lastch = "" 48 | while 1: 49 | lastch = sock.recv(1) 50 | if lastch == "#": break 51 | lenStr += lastch 52 | dataLen = int(lenStr) 53 | inData = sock.recv(dataLen) 54 | print inData 55 | if not inData: break 56 | sock.close() 57 | 58 | 59 | 60 | 61 | 62 | except Exception as err: 63 | print err 64 | 65 | raw_input("press enter to exit") 66 | -------------------------------------------------------------------------------- /dispatcher/server/launch_server.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | 3 | ## Dispatcher server launch script 4 | ## (for dispatcher_server version 1.x) 5 | 6 | from dispatcher_server import * 7 | 8 | ## Create Dispatcher with following optional arguments: 9 | ## listenOnIP ... bind dispatcher server to listen on ip - for dispatcher clients (default "0.0.0.0") 10 | ## listenOnPort ... listen on specific port (default 2107) 11 | ## interruptOnRebind ... when the bindings change for a client, interrupt all their connections (default True) 12 | disp = Dispatcher(listenOnPort=2107) 13 | 14 | ## Map ports from user clients to dispatcher clients, required arguments: 15 | ## appListenPort ... source port - the port to which user clients connect 16 | ## serverPort ... destination port - the port of the server application on dispatcher clients 17 | ## Optional arguments: 18 | ## appListenIP ... bind the server to listen on specific IP/interface (default "0.0.0.0") 19 | ## udp ... if set to True, protocol used will be UDP instead of TCP (default False) 20 | disp.addTunnel(9090, 9090) 21 | 22 | ## map 2222 (on cloud server) to 22 (on robot), so you can connect over SSH with port 2222 23 | disp.addTunnel(2222, 22) 24 | 25 | ## Example of an UDP tunnel: 26 | #disp.addTunnel(20000, 20001, udp=True) 27 | 28 | # Launch the server 29 | disp.startServer() 30 | -------------------------------------------------------------------------------- /openvpn_config/README.md: -------------------------------------------------------------------------------- 1 | #Robot Management Cloud Server 2 | 3 | ## OpenVPN configuration 4 | In this folder, you can find two files that can be used for server configuration - one of them handles robots on port 2105, and the other handles users on port 2106. 5 | 6 | To get this setup to work, you first need to generate keys, which is what an open-source tool **easy-rsa** [(link)](https://openvpn.net/index.php/open-source/documentation/miscellaneous/77-rsa-key-management.html) can be used for. 7 | 8 | ## RSA keys and certificates 9 | To make this process easier, a bash script has been made, utilizing OpenVPN's easy-rsa. 10 | Fist of all, however, you need to set up both user-side easy-rsa and the robot-side one. You do this by navigating into the folders **rsa_generator/easy-rsa/robotside** and **rsa_generator/easy-rsa/userside**, and setting up and copying server keys and certificates, 11 | renaming them accorting to the configuration files. 12 | Manual for easy-rsa is available [here](https://openvpn.net/index.php/open-source/documentation/miscellaneous/77-rsa-key-management.html). 13 | 14 | Once the basic setup is done, you are ready to generate keys for user and robot clients, which is described in the following section. 15 | 16 | ## Generating client keys 17 | 18 | First of all, you need to edit the following files: **rsa_generator/easy-rsa/userclient.conf** and **rsa_generator/easy-rsa/robotclient.conf**. 19 | In these files, you need to find a line with "remote" settings, which describes the IP address and the port of the VPN server, there you put the public IP of your server. 20 | 21 | For example, if you have a server at 123.456.789.012, and you use the supplied server configuration, you change the line to the following: 22 | **remote 123.456.789.012 2105** for rsa_generator/easy-rsa/robotclient.conf 23 | and 24 | **remote 123.456.789.012 2106** for rsa_generator/easy-rsa/userclient.conf 25 | 26 | Once you have edited these two files, you are ready to generate client-side configurations. 27 | When you launch **generate_config.sh**, you will be given an option, where you choose whether to generate configuration for a robot or for a user. 28 | Then you select a name for the configuration package. Once this is done, easy-rsa will launch and you need to confirm all the prompts. If you have 29 | set up your easy-rsa correctly, all you need to do is leave everything blank and confirm it with enter key, with the exception of the last two lines, 30 | which need to be confirmed by "y" and enter. 31 | 32 | Once the script is finished, you can find tarballs in the folders of **rsa_generator/keys/userside** and **rsa_generator/keys/robotside**. 33 | If everything was set up according to this manual and to the one on easy-rsa, this tar archive should be a fully functional Open-VPN client configuration. All you need to do 34 | is to extract the archive into **/etc/openvpn/** and restart OpenVPN with **service openvpn restart** (might need sudo priveleges). VPN should report launching successfully, 35 | and if your server is running and reachable, it should connect in few seconds. This can be verified with **ifconfig**, and in case something went wrong, the errors can be seen in **syslog**. 36 | -------------------------------------------------------------------------------- /openvpn_config/rcs_robots.conf: -------------------------------------------------------------------------------- 1 | ################################################# 2 | # Sample OpenVPN 2.0 config file for # 3 | # multi-client server. # 4 | # # 5 | # This file is for the server side # 6 | # of a many-clients <-> one-server # 7 | # OpenVPN configuration. # 8 | # # 9 | # OpenVPN also supports # 10 | # single-machine <-> single-machine # 11 | # configurations (See the Examples page # 12 | # on the web site for more info). # 13 | # # 14 | # This config should work on Windows # 15 | # or Linux/BSD systems. Remember on # 16 | # Windows to quote pathnames and use # 17 | # double backslashes, e.g.: # 18 | # "C:\\Program Files\\OpenVPN\\config\\foo.key" # 19 | # # 20 | # Comments are preceded with '#' or ';' # 21 | ################################################# 22 | 23 | # Which local IP address should OpenVPN 24 | # listen on? (optional) 25 | ;local a.b.c.d 26 | 27 | # Which TCP/UDP port should OpenVPN listen on? 28 | # If you want to run multiple OpenVPN instances 29 | # on the same machine, use a different port 30 | # number for each one. You will need to 31 | # open up this port on your firewall. 32 | port 2105 33 | 34 | # TCP or UDP server? 35 | ;proto tcp 36 | proto udp 37 | 38 | # "dev tun" will create a routed IP tunnel, 39 | # "dev tap" will create an ethernet tunnel. 40 | # Use "dev tap0" if you are ethernet bridging 41 | # and have precreated a tap0 virtual interface 42 | # and bridged it with your ethernet interface. 43 | # If you want to control access policies 44 | # over the VPN, you must create firewall 45 | # rules for the the TUN/TAP interface. 46 | # On non-Windows systems, you can give 47 | # an explicit unit number, such as tun0. 48 | # On Windows, use "dev-node" for this. 49 | # On most systems, the VPN will not function 50 | # unless you partially or fully disable 51 | # the firewall for the TUN/TAP interface. 52 | ;dev tap 53 | dev tun 54 | 55 | # Windows needs the TAP-Win32 adapter name 56 | # from the Network Connections panel if you 57 | # have more than one. On XP SP2 or higher, 58 | # you may need to selectively disable the 59 | # Windows firewall for the TAP adapter. 60 | # Non-Windows systems usually don't need this. 61 | ;dev-node MyTap 62 | 63 | # SSL/TLS root certificate (ca), certificate 64 | # (cert), and private key (key). Each client 65 | # and the server must have their own cert and 66 | # key file. The server and all clients will 67 | # use the same ca file. 68 | # 69 | # See the "easy-rsa" directory for a series 70 | # of scripts for generating RSA certificates 71 | # and private keys. Remember to use 72 | # a unique Common Name for the server 73 | # and each of the client certificates. 74 | # 75 | # Any X509 key management system can be used. 76 | # OpenVPN can also use a PKCS #12 formatted key file 77 | # (see "pkcs12" directive in man page). 78 | ca ca.crt 79 | cert server.crt 80 | key server.key # This file should be kept secret 81 | 82 | # Diffie hellman parameters. 83 | # Generate your own with: 84 | # openssl dhparam -out dh1024.pem 1024 85 | # Substitute 2048 for 1024 if you are using 86 | # 2048 bit keys. 87 | dh dh2048.pem 88 | 89 | # Configure server mode and supply a VPN subnet 90 | # for OpenVPN to draw client addresses from. 91 | # The server will take 10.8.0.1 for itself, 92 | # the rest will be made available to clients. 93 | # Each client will be able to reach the server 94 | # on 10.8.0.1. Comment this line out if you are 95 | # ethernet bridging. See the man page for more info. 96 | server 10.8.0.0 255.255.255.0 97 | 98 | # Maintain a record of client <-> virtual IP address 99 | # associations in this file. If OpenVPN goes down or 100 | # is restarted, reconnecting clients can be assigned 101 | # the same virtual IP address from the pool that was 102 | # previously assigned. 103 | ifconfig-pool-persist ipp.txt 104 | 105 | # Configure server mode for ethernet bridging. 106 | # You must first use your OS's bridging capability 107 | # to bridge the TAP interface with the ethernet 108 | # NIC interface. Then you must manually set the 109 | # IP/netmask on the bridge interface, here we 110 | # assume 10.8.0.4/255.255.255.0. Finally we 111 | # must set aside an IP range in this subnet 112 | # (start=10.8.0.50 end=10.8.0.100) to allocate 113 | # to connecting clients. Leave this line commented 114 | # out unless you are ethernet bridging. 115 | ;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100 116 | 117 | # Configure server mode for ethernet bridging 118 | # using a DHCP-proxy, where clients talk 119 | # to the OpenVPN server-side DHCP server 120 | # to receive their IP address allocation 121 | # and DNS server addresses. You must first use 122 | # your OS's bridging capability to bridge the TAP 123 | # interface with the ethernet NIC interface. 124 | # Note: this mode only works on clients (such as 125 | # Windows), where the client-side TAP adapter is 126 | # bound to a DHCP client. 127 | ;server-bridge 128 | 129 | # Push routes to the client to allow it 130 | # to reach other private subnets behind 131 | # the server. Remember that these 132 | # private subnets will also need 133 | # to know to route the OpenVPN client 134 | # address pool (10.8.0.0/255.255.255.0) 135 | # back to the OpenVPN server. 136 | ;push "route 192.168.10.0 255.255.255.0" 137 | ;push "route 192.168.20.0 255.255.255.0" 138 | 139 | # To assign specific IP addresses to specific 140 | # clients or if a connecting client has a private 141 | # subnet behind it that should also have VPN access, 142 | # use the subdirectory "ccd" for client-specific 143 | # configuration files (see man page for more info). 144 | 145 | # EXAMPLE: Suppose the client 146 | # having the certificate common name "Thelonious" 147 | # also has a small subnet behind his connecting 148 | # machine, such as 192.168.40.128/255.255.255.248. 149 | # First, uncomment out these lines: 150 | ;client-config-dir ccd 151 | ;route 192.168.40.128 255.255.255.248 152 | # Then create a file ccd/Thelonious with this line: 153 | # iroute 192.168.40.128 255.255.255.248 154 | # This will allow Thelonious' private subnet to 155 | # access the VPN. This example will only work 156 | # if you are routing, not bridging, i.e. you are 157 | # using "dev tun" and "server" directives. 158 | 159 | # EXAMPLE: Suppose you want to give 160 | # Thelonious a fixed VPN IP address of 10.9.0.1. 161 | # First uncomment out these lines: 162 | ;client-config-dir ccd 163 | ;route 10.9.0.0 255.255.255.252 164 | # Then add this line to ccd/Thelonious: 165 | # ifconfig-push 10.9.0.1 10.9.0.2 166 | 167 | # Suppose that you want to enable different 168 | # firewall access policies for different groups 169 | # of clients. There are two methods: 170 | # (1) Run multiple OpenVPN daemons, one for each 171 | # group, and firewall the TUN/TAP interface 172 | # for each group/daemon appropriately. 173 | # (2) (Advanced) Create a script to dynamically 174 | # modify the firewall in response to access 175 | # from different clients. See man 176 | # page for more info on learn-address script. 177 | ;learn-address ./script 178 | 179 | # If enabled, this directive will configure 180 | # all clients to redirect their default 181 | # network gateway through the VPN, causing 182 | # all IP traffic such as web browsing and 183 | # and DNS lookups to go through the VPN 184 | # (The OpenVPN server machine may need to NAT 185 | # or bridge the TUN/TAP interface to the internet 186 | # in order for this to work properly). 187 | ;push "redirect-gateway def1 bypass-dhcp" 188 | 189 | # Certain Windows-specific network settings 190 | # can be pushed to clients, such as DNS 191 | # or WINS server addresses. CAVEAT: 192 | # http://openvpn.net/faq.html#dhcpcaveats 193 | # The addresses below refer to the public 194 | # DNS servers provided by opendns.com. 195 | ;push "dhcp-option DNS 208.67.222.222" 196 | ;push "dhcp-option DNS 208.67.220.220" 197 | 198 | # Uncomment this directive to allow different 199 | # clients to be able to "see" each other. 200 | # By default, clients will only see the server. 201 | # To force clients to only see the server, you 202 | # will also need to appropriately firewall the 203 | # server's TUN/TAP interface. 204 | ;client-to-client 205 | 206 | # Uncomment this directive if multiple clients 207 | # might connect with the same certificate/key 208 | # files or common names. This is recommended 209 | # only for testing purposes. For production use, 210 | # each client should have its own certificate/key 211 | # pair. 212 | # 213 | # IF YOU HAVE NOT GENERATED INDIVIDUAL 214 | # CERTIFICATE/KEY PAIRS FOR EACH CLIENT, 215 | # EACH HAVING ITS OWN UNIQUE "COMMON NAME", 216 | # UNCOMMENT THIS LINE OUT. 217 | ;duplicate-cn 218 | 219 | # The keepalive directive causes ping-like 220 | # messages to be sent back and forth over 221 | # the link so that each side knows when 222 | # the other side has gone down. 223 | # Ping every 10 seconds, assume that remote 224 | # peer is down if no ping received during 225 | # a 120 second time period. 226 | keepalive 10 120 227 | 228 | # For extra security beyond that provided 229 | # by SSL/TLS, create an "HMAC firewall" 230 | # to help block DoS attacks and UDP port flooding. 231 | # 232 | # Generate with: 233 | # openvpn --genkey --secret ta.key 234 | # 235 | # The server and each client must have 236 | # a copy of this key. 237 | # The second parameter should be '0' 238 | # on the server and '1' on the clients. 239 | ;tls-auth ta.key 0 # This file is secret 240 | 241 | # Select a cryptographic cipher. 242 | # This config item must be copied to 243 | # the client config file as well. 244 | ;cipher BF-CBC # Blowfish (default) 245 | ;cipher AES-128-CBC # AES 246 | ;cipher DES-EDE3-CBC # Triple-DES 247 | 248 | # Enable compression on the VPN link. 249 | # If you enable it here, you must also 250 | # enable it in the client config file. 251 | comp-lzo 252 | 253 | # The maximum number of concurrently connected 254 | # clients we want to allow. 255 | ;max-clients 100 256 | 257 | # It's a good idea to reduce the OpenVPN 258 | # daemon's privileges after initialization. 259 | # 260 | # You can uncomment this out on 261 | # non-Windows systems. 262 | ;user nobody 263 | ;group nogroup 264 | 265 | # The persist options will try to avoid 266 | # accessing certain resources on restart 267 | # that may no longer be accessible because 268 | # of the privilege downgrade. 269 | persist-key 270 | persist-tun 271 | 272 | # Output a short status file showing 273 | # current connections, truncated 274 | # and rewritten every minute. 275 | status openvpn-status.log 276 | 277 | # By default, log messages will go to the syslog (or 278 | # on Windows, if running as a service, they will go to 279 | # the "\Program Files\OpenVPN\log" directory). 280 | # Use log or log-append to override this default. 281 | # "log" will truncate the log file on OpenVPN startup, 282 | # while "log-append" will append to it. Use one 283 | # or the other (but not both). 284 | ;log openvpn.log 285 | ;log-append openvpn.log 286 | 287 | # Set the appropriate level of log 288 | # file verbosity. 289 | # 290 | # 0 is silent, except for fatal errors 291 | # 4 is reasonable for general usage 292 | # 5 and 6 can help to debug connection problems 293 | # 9 is extremely verbose 294 | verb 3 295 | 296 | # Silence repeating messages. At most 20 297 | # sequential messages of the same message 298 | # category will be output to the log. 299 | ;mute 20 300 | 301 | -------------------------------------------------------------------------------- /openvpn_config/rcs_users.conf: -------------------------------------------------------------------------------- 1 | ################################################# 2 | # Sample OpenVPN 2.0 config file for # 3 | # multi-client server. # 4 | # # 5 | # This file is for the server side # 6 | # of a many-clients <-> one-server # 7 | # OpenVPN configuration. # 8 | # # 9 | # OpenVPN also supports # 10 | # single-machine <-> single-machine # 11 | # configurations (See the Examples page # 12 | # on the web site for more info). # 13 | # # 14 | # This config should work on Windows # 15 | # or Linux/BSD systems. Remember on # 16 | # Windows to quote pathnames and use # 17 | # double backslashes, e.g.: # 18 | # "C:\\Program Files\\OpenVPN\\config\\foo.key" # 19 | # # 20 | # Comments are preceded with '#' or ';' # 21 | ################################################# 22 | 23 | # Which local IP address should OpenVPN 24 | # listen on? (optional) 25 | ;local a.b.c.d 26 | 27 | # Which TCP/UDP port should OpenVPN listen on? 28 | # If you want to run multiple OpenVPN instances 29 | # on the same machine, use a different port 30 | # number for each one. You will need to 31 | # open up this port on your firewall. 32 | port 2106 33 | 34 | # TCP or UDP server? 35 | ;proto tcp 36 | proto udp 37 | 38 | # "dev tun" will create a routed IP tunnel, 39 | # "dev tap" will create an ethernet tunnel. 40 | # Use "dev tap0" if you are ethernet bridging 41 | # and have precreated a tap0 virtual interface 42 | # and bridged it with your ethernet interface. 43 | # If you want to control access policies 44 | # over the VPN, you must create firewall 45 | # rules for the the TUN/TAP interface. 46 | # On non-Windows systems, you can give 47 | # an explicit unit number, such as tun0. 48 | # On Windows, use "dev-node" for this. 49 | # On most systems, the VPN will not function 50 | # unless you partially or fully disable 51 | # the firewall for the TUN/TAP interface. 52 | ;dev tap 53 | dev tun 54 | 55 | # Windows needs the TAP-Win32 adapter name 56 | # from the Network Connections panel if you 57 | # have more than one. On XP SP2 or higher, 58 | # you may need to selectively disable the 59 | # Windows firewall for the TAP adapter. 60 | # Non-Windows systems usually don't need this. 61 | ;dev-node MyTap 62 | 63 | # SSL/TLS root certificate (ca), certificate 64 | # (cert), and private key (key). Each client 65 | # and the server must have their own cert and 66 | # key file. The server and all clients will 67 | # use the same ca file. 68 | # 69 | # See the "easy-rsa" directory for a series 70 | # of scripts for generating RSA certificates 71 | # and private keys. Remember to use 72 | # a unique Common Name for the server 73 | # and each of the client certificates. 74 | # 75 | # Any X509 key management system can be used. 76 | # OpenVPN can also use a PKCS #12 formatted key file 77 | # (see "pkcs12" directive in man page). 78 | ca userca.crt 79 | cert rcs_users.crt 80 | key rcs_users.key # This file should be kept secret 81 | 82 | # Diffie hellman parameters. 83 | # Generate your own with: 84 | # openssl dhparam -out dh1024.pem 1024 85 | # Substitute 2048 for 1024 if you are using 86 | # 2048 bit keys. 87 | dh rcs_users_dh2048.pem 88 | 89 | # Configure server mode and supply a VPN subnet 90 | # for OpenVPN to draw client addresses from. 91 | # The server will take 10.8.0.1 for itself, 92 | # the rest will be made available to clients. 93 | # Each client will be able to reach the server 94 | # on 10.8.0.1. Comment this line out if you are 95 | # ethernet bridging. See the man page for more info. 96 | server 10.9.0.0 255.255.255.0 97 | 98 | # Maintain a record of client <-> virtual IP address 99 | # associations in this file. If OpenVPN goes down or 100 | # is restarted, reconnecting clients can be assigned 101 | # the same virtual IP address from the pool that was 102 | # previously assigned. 103 | ifconfig-pool-persist ipp_robots.txt 104 | 105 | # Configure server mode for ethernet bridging. 106 | # You must first use your OS's bridging capability 107 | # to bridge the TAP interface with the ethernet 108 | # NIC interface. Then you must manually set the 109 | # IP/netmask on the bridge interface, here we 110 | # assume 10.8.0.4/255.255.255.0. Finally we 111 | # must set aside an IP range in this subnet 112 | # (start=10.8.0.50 end=10.8.0.100) to allocate 113 | # to connecting clients. Leave this line commented 114 | # out unless you are ethernet bridging. 115 | ;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100 116 | 117 | # Configure server mode for ethernet bridging 118 | # using a DHCP-proxy, where clients talk 119 | # to the OpenVPN server-side DHCP server 120 | # to receive their IP address allocation 121 | # and DNS server addresses. You must first use 122 | # your OS's bridging capability to bridge the TAP 123 | # interface with the ethernet NIC interface. 124 | # Note: this mode only works on clients (such as 125 | # Windows), where the client-side TAP adapter is 126 | # bound to a DHCP client. 127 | ;server-bridge 128 | 129 | # Push routes to the client to allow it 130 | # to reach other private subnets behind 131 | # the server. Remember that these 132 | # private subnets will also need 133 | # to know to route the OpenVPN client 134 | # address pool (10.8.0.0/255.255.255.0) 135 | # back to the OpenVPN server. 136 | ;push "route 192.168.10.0 255.255.255.0" 137 | ;push "route 192.168.20.0 255.255.255.0" 138 | 139 | # To assign specific IP addresses to specific 140 | # clients or if a connecting client has a private 141 | # subnet behind it that should also have VPN access, 142 | # use the subdirectory "ccd" for client-specific 143 | # configuration files (see man page for more info). 144 | 145 | # EXAMPLE: Suppose the client 146 | # having the certificate common name "Thelonious" 147 | # also has a small subnet behind his connecting 148 | # machine, such as 192.168.40.128/255.255.255.248. 149 | # First, uncomment out these lines: 150 | ;client-config-dir ccd 151 | ;route 192.168.40.128 255.255.255.248 152 | # Then create a file ccd/Thelonious with this line: 153 | # iroute 192.168.40.128 255.255.255.248 154 | # This will allow Thelonious' private subnet to 155 | # access the VPN. This example will only work 156 | # if you are routing, not bridging, i.e. you are 157 | # using "dev tun" and "server" directives. 158 | 159 | # EXAMPLE: Suppose you want to give 160 | # Thelonious a fixed VPN IP address of 10.9.0.1. 161 | # First uncomment out these lines: 162 | ;client-config-dir ccd 163 | ;route 10.9.0.0 255.255.255.252 164 | # Then add this line to ccd/Thelonious: 165 | # ifconfig-push 10.9.0.1 10.9.0.2 166 | 167 | # Suppose that you want to enable different 168 | # firewall access policies for different groups 169 | # of clients. There are two methods: 170 | # (1) Run multiple OpenVPN daemons, one for each 171 | # group, and firewall the TUN/TAP interface 172 | # for each group/daemon appropriately. 173 | # (2) (Advanced) Create a script to dynamically 174 | # modify the firewall in response to access 175 | # from different clients. See man 176 | # page for more info on learn-address script. 177 | ;learn-address ./script 178 | 179 | # If enabled, this directive will configure 180 | # all clients to redirect their default 181 | # network gateway through the VPN, causing 182 | # all IP traffic such as web browsing and 183 | # and DNS lookups to go through the VPN 184 | # (The OpenVPN server machine may need to NAT 185 | # or bridge the TUN/TAP interface to the internet 186 | # in order for this to work properly). 187 | ;push "redirect-gateway def1 bypass-dhcp" 188 | 189 | # Certain Windows-specific network settings 190 | # can be pushed to clients, such as DNS 191 | # or WINS server addresses. CAVEAT: 192 | # http://openvpn.net/faq.html#dhcpcaveats 193 | # The addresses below refer to the public 194 | # DNS servers provided by opendns.com. 195 | ;push "dhcp-option DNS 208.67.222.222" 196 | ;push "dhcp-option DNS 208.67.220.220" 197 | 198 | # Uncomment this directive to allow different 199 | # clients to be able to "see" each other. 200 | # By default, clients will only see the server. 201 | # To force clients to only see the server, you 202 | # will also need to appropriately firewall the 203 | # server's TUN/TAP interface. 204 | ;client-to-client 205 | 206 | # Uncomment this directive if multiple clients 207 | # might connect with the same certificate/key 208 | # files or common names. This is recommended 209 | # only for testing purposes. For production use, 210 | # each client should have its own certificate/key 211 | # pair. 212 | # 213 | # IF YOU HAVE NOT GENERATED INDIVIDUAL 214 | # CERTIFICATE/KEY PAIRS FOR EACH CLIENT, 215 | # EACH HAVING ITS OWN UNIQUE "COMMON NAME", 216 | # UNCOMMENT THIS LINE OUT. 217 | ;duplicate-cn 218 | 219 | # The keepalive directive causes ping-like 220 | # messages to be sent back and forth over 221 | # the link so that each side knows when 222 | # the other side has gone down. 223 | # Ping every 10 seconds, assume that remote 224 | # peer is down if no ping received during 225 | # a 120 second time period. 226 | keepalive 10 120 227 | 228 | # For extra security beyond that provided 229 | # by SSL/TLS, create an "HMAC firewall" 230 | # to help block DoS attacks and UDP port flooding. 231 | # 232 | # Generate with: 233 | # openvpn --genkey --secret ta.key 234 | # 235 | # The server and each client must have 236 | # a copy of this key. 237 | # The second parameter should be '0' 238 | # on the server and '1' on the clients. 239 | ;tls-auth ta.key 0 # This file is secret 240 | 241 | # Select a cryptographic cipher. 242 | # This config item must be copied to 243 | # the client config file as well. 244 | ;cipher BF-CBC # Blowfish (default) 245 | ;cipher AES-128-CBC # AES 246 | ;cipher DES-EDE3-CBC # Triple-DES 247 | 248 | # Enable compression on the VPN link. 249 | # If you enable it here, you must also 250 | # enable it in the client config file. 251 | comp-lzo 252 | 253 | # The maximum number of concurrently connected 254 | # clients we want to allow. 255 | ;max-clients 100 256 | 257 | # It's a good idea to reduce the OpenVPN 258 | # daemon's privileges after initialization. 259 | # 260 | # You can uncomment this out on 261 | # non-Windows systems. 262 | ;user nobody 263 | ;group nogroup 264 | 265 | # The persist options will try to avoid 266 | # accessing certain resources on restart 267 | # that may no longer be accessible because 268 | # of the privilege downgrade. 269 | persist-key 270 | persist-tun 271 | 272 | # Output a short status file showing 273 | # current connections, truncated 274 | # and rewritten every minute. 275 | status openvpn-status.log 276 | 277 | # By default, log messages will go to the syslog (or 278 | # on Windows, if running as a service, they will go to 279 | # the "\Program Files\OpenVPN\log" directory). 280 | # Use log or log-append to override this default. 281 | # "log" will truncate the log file on OpenVPN startup, 282 | # while "log-append" will append to it. Use one 283 | # or the other (but not both). 284 | ;log openvpn.log 285 | ;log-append openvpn.log 286 | 287 | # Set the appropriate level of log 288 | # file verbosity. 289 | # 290 | # 0 is silent, except for fatal errors 291 | # 4 is reasonable for general usage 292 | # 5 and 6 can help to debug connection problems 293 | # 9 is extremely verbose 294 | verb 3 295 | 296 | # Silence repeating messages. At most 20 297 | # sequential messages of the same message 298 | # category will be output to the log. 299 | ;mute 20 300 | 301 | -------------------------------------------------------------------------------- /openvpn_config/rsa_generator/easy-rsa/robotclient.conf: -------------------------------------------------------------------------------- 1 | ############################################## 2 | # Sample client-side OpenVPN 2.0 config file # 3 | # for connecting to multi-client server. # 4 | # # 5 | # This configuration can be used by multiple # 6 | # clients, however each client should have # 7 | # its own cert and key files. # 8 | # # 9 | # On Windows, you might want to rename this # 10 | # file so it has a .ovpn extension # 11 | ############################################## 12 | 13 | # Specify that we are a client and that we 14 | # will be pulling certain config file directives 15 | # from the server. 16 | client 17 | 18 | # Use the same setting as you are using on 19 | # the server. 20 | # On most systems, the VPN will not function 21 | # unless you partially or fully disable 22 | # the firewall for the TUN/TAP interface. 23 | ;dev tap 24 | dev tun 25 | 26 | # Windows needs the TAP-Win32 adapter name 27 | # from the Network Connections panel 28 | # if you have more than one. On XP SP2, 29 | # you may need to disable the firewall 30 | # for the TAP adapter. 31 | ;dev-node MyTap 32 | 33 | # Are we connecting to a TCP or 34 | # UDP server? Use the same setting as 35 | # on the server. 36 | ;proto tcp 37 | proto udp 38 | 39 | # The hostname/IP and port of the server. 40 | # You can have multiple remote entries 41 | # to load balance between the servers. 42 | remote robotvpn 2105 43 | ;remote my-server-2 1194 44 | 45 | # Choose a random host from the remote 46 | # list for load-balancing. Otherwise 47 | # try hosts in the order specified. 48 | ;remote-random 49 | 50 | # Keep trying indefinitely to resolve the 51 | # host name of the OpenVPN server. Very useful 52 | # on machines which are not permanently connected 53 | # to the internet such as laptops. 54 | resolv-retry infinite 55 | 56 | # Most clients don't need to bind to 57 | # a specific local port number. 58 | nobind 59 | 60 | # Downgrade privileges after initialization (non-Windows only) 61 | ;user nobody 62 | ;group nogroup 63 | 64 | # Try to preserve some state across restarts. 65 | persist-key 66 | persist-tun 67 | 68 | # If you are connecting through an 69 | # HTTP proxy to reach the actual OpenVPN 70 | # server, put the proxy server/IP and 71 | # port number here. See the man page 72 | # if your proxy server requires 73 | # authentication. 74 | ;http-proxy-retry # retry on connection failures 75 | ;http-proxy [proxy server] [proxy port #] 76 | 77 | # Wireless networks often produce a lot 78 | # of duplicate packets. Set this flag 79 | # to silence duplicate packet warnings. 80 | ;mute-replay-warnings 81 | 82 | # SSL/TLS parms. 83 | # See the server config file for more 84 | # description. It's best to use 85 | # a separate .crt/.key file pair 86 | # for each client. A single ca 87 | # file can be used for all clients. 88 | ca ca.crt 89 | cert client.crt 90 | key client.key 91 | 92 | # Verify server certificate by checking 93 | # that the certicate has the nsCertType 94 | # field set to "server". This is an 95 | # important precaution to protect against 96 | # a potential attack discussed here: 97 | # http://openvpn.net/howto.html#mitm 98 | # 99 | # To use this feature, you will need to generate 100 | # your server certificates with the nsCertType 101 | # field set to "server". The build-key-server 102 | # script in the easy-rsa folder will do this. 103 | ns-cert-type server 104 | 105 | # If a tls-auth key is used on the server 106 | # then every client must also have the key. 107 | ;tls-auth ta.key 1 108 | 109 | # Select a cryptographic cipher. 110 | # If the cipher option is used on the server 111 | # then you must also specify it here. 112 | ;cipher x 113 | 114 | # Enable compression on the VPN link. 115 | # Don't enable this unless it is also 116 | # enabled in the server config file. 117 | comp-lzo 118 | 119 | # Set log file verbosity. 120 | verb 3 121 | 122 | # Silence repeating messages 123 | ;mute 20 124 | -------------------------------------------------------------------------------- /openvpn_config/rsa_generator/easy-rsa/robotside/build-ca: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # 4 | # Build a root certificate 5 | # 6 | 7 | export EASY_RSA="${EASY_RSA:-.}" 8 | "$EASY_RSA/pkitool" --interact --initca $* 9 | -------------------------------------------------------------------------------- /openvpn_config/rsa_generator/easy-rsa/robotside/build-dh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # Build Diffie-Hellman parameters for the server side 4 | # of an SSL/TLS connection. 5 | 6 | if [ -d $KEY_DIR ] && [ $KEY_SIZE ]; then 7 | $OPENSSL dhparam -out ${KEY_DIR}/dh${KEY_SIZE}.pem ${KEY_SIZE} 8 | else 9 | echo 'Please source the vars script first (i.e. "source ./vars")' 10 | echo 'Make sure you have edited it to reflect your configuration.' 11 | fi 12 | -------------------------------------------------------------------------------- /openvpn_config/rsa_generator/easy-rsa/robotside/build-inter: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # Make an intermediate CA certificate/private key pair using a locally generated 4 | # root certificate. 5 | 6 | export EASY_RSA="${EASY_RSA:-.}" 7 | "$EASY_RSA/pkitool" --interact --inter $* 8 | -------------------------------------------------------------------------------- /openvpn_config/rsa_generator/easy-rsa/robotside/build-key: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # Make a certificate/private key pair using a locally generated 4 | # root certificate. 5 | 6 | export EASY_RSA="${EASY_RSA:-.}" 7 | "$EASY_RSA/pkitool" --interact $* 8 | -------------------------------------------------------------------------------- /openvpn_config/rsa_generator/easy-rsa/robotside/build-key-pass: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # Similar to build-key, but protect the private key 4 | # with a password. 5 | 6 | export EASY_RSA="${EASY_RSA:-.}" 7 | "$EASY_RSA/pkitool" --interact --pass $* 8 | -------------------------------------------------------------------------------- /openvpn_config/rsa_generator/easy-rsa/robotside/build-key-pkcs12: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # Make a certificate/private key pair using a locally generated 4 | # root certificate and convert it to a PKCS #12 file including the 5 | # the CA certificate as well. 6 | 7 | export EASY_RSA="${EASY_RSA:-.}" 8 | "$EASY_RSA/pkitool" --interact --pkcs12 $* 9 | -------------------------------------------------------------------------------- /openvpn_config/rsa_generator/easy-rsa/robotside/build-key-server: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # Make a certificate/private key pair using a locally generated 4 | # root certificate. 5 | # 6 | # Explicitly set nsCertType to server using the "server" 7 | # extension in the openssl.cnf file. 8 | 9 | export EASY_RSA="${EASY_RSA:-.}" 10 | "$EASY_RSA/pkitool" --interact --server $* 11 | -------------------------------------------------------------------------------- /openvpn_config/rsa_generator/easy-rsa/robotside/build-req: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # Build a certificate signing request and private key. Use this 4 | # when your root certificate and key is not available locally. 5 | 6 | export EASY_RSA="${EASY_RSA:-.}" 7 | "$EASY_RSA/pkitool" --interact --csr $* 8 | -------------------------------------------------------------------------------- /openvpn_config/rsa_generator/easy-rsa/robotside/build-req-pass: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # Like build-req, but protect your private key 4 | # with a password. 5 | 6 | export EASY_RSA="${EASY_RSA:-.}" 7 | "$EASY_RSA/pkitool" --interact --csr --pass $* 8 | -------------------------------------------------------------------------------- /openvpn_config/rsa_generator/easy-rsa/robotside/clean-all: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # Initialize the $KEY_DIR directory. 4 | # Note that this script does a 5 | # rm -rf on $KEY_DIR so be careful! 6 | 7 | if [ "$KEY_DIR" ]; then 8 | rm -rf "$KEY_DIR" 9 | mkdir "$KEY_DIR" && \ 10 | chmod go-rwx "$KEY_DIR" && \ 11 | touch "$KEY_DIR/index.txt" && \ 12 | echo 01 >"$KEY_DIR/serial" 13 | else 14 | echo 'Please source the vars script first (i.e. "source ./vars")' 15 | echo 'Make sure you have edited it to reflect your configuration.' 16 | fi 17 | -------------------------------------------------------------------------------- /openvpn_config/rsa_generator/easy-rsa/robotside/inherit-inter: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # Build a new PKI which is rooted on an intermediate certificate generated 4 | # by ./build-inter or ./pkitool --inter from a parent PKI. The new PKI should 5 | # have independent vars settings, and must use a different KEY_DIR directory 6 | # from the parent. This tool can be used to generate arbitrary depth 7 | # certificate chains. 8 | # 9 | # To build an intermediate CA, follow the same steps for a regular PKI but 10 | # replace ./build-key or ./pkitool --initca with this script. 11 | 12 | # The EXPORT_CA file will contain the CA certificate chain and should be 13 | # referenced by the OpenVPN "ca" directive in config files. The ca.crt file 14 | # will only contain the local intermediate CA -- it's needed by the easy-rsa 15 | # scripts but not by OpenVPN directly. 16 | EXPORT_CA="export-ca.crt" 17 | 18 | if [ $# -ne 2 ]; then 19 | echo "usage: $0 " 20 | echo "parent-key-dir: the KEY_DIR directory of the parent PKI" 21 | echo "common-name: the common name of the intermediate certificate in the parent PKI" 22 | exit 1; 23 | fi 24 | 25 | if [ "$KEY_DIR" ]; then 26 | cp "$1/$2.crt" "$KEY_DIR/ca.crt" 27 | cp "$1/$2.key" "$KEY_DIR/ca.key" 28 | 29 | if [ -e "$1/$EXPORT_CA" ]; then 30 | PARENT_CA="$1/$EXPORT_CA" 31 | else 32 | PARENT_CA="$1/ca.crt" 33 | fi 34 | cp "$PARENT_CA" "$KEY_DIR/$EXPORT_CA" 35 | cat "$KEY_DIR/ca.crt" >> "$KEY_DIR/$EXPORT_CA" 36 | else 37 | echo 'Please source the vars script first (i.e. "source ./vars")' 38 | echo 'Make sure you have edited it to reflect your configuration.' 39 | fi 40 | -------------------------------------------------------------------------------- /openvpn_config/rsa_generator/easy-rsa/robotside/list-crl: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # list revoked certificates 4 | 5 | CRL="${1:-crl.pem}" 6 | 7 | if [ "$KEY_DIR" ]; then 8 | cd "$KEY_DIR" && \ 9 | $OPENSSL crl -text -noout -in "$CRL" 10 | else 11 | echo 'Please source the vars script first (i.e. "source ./vars")' 12 | echo 'Make sure you have edited it to reflect your configuration.' 13 | fi 14 | -------------------------------------------------------------------------------- /openvpn_config/rsa_generator/easy-rsa/robotside/openssl-0.9.6.cnf: -------------------------------------------------------------------------------- 1 | # For use with easy-rsa version 2.0 2 | 3 | # 4 | # OpenSSL example configuration file. 5 | # This is mostly being used for generation of certificate requests. 6 | # 7 | 8 | # This definition stops the following lines choking if HOME isn't 9 | # defined. 10 | HOME = . 11 | RANDFILE = $ENV::HOME/.rnd 12 | 13 | # Extra OBJECT IDENTIFIER info: 14 | #oid_file = $ENV::HOME/.oid 15 | oid_section = new_oids 16 | 17 | # To use this configuration file with the "-extfile" option of the 18 | # "openssl x509" utility, name here the section containing the 19 | # X.509v3 extensions to use: 20 | # extensions = 21 | # (Alternatively, use a configuration file that has only 22 | # X.509v3 extensions in its main [= default] section.) 23 | 24 | [ new_oids ] 25 | 26 | # We can add new OIDs in here for use by 'ca' and 'req'. 27 | # Add a simple OID like this: 28 | # testoid1=1.2.3.4 29 | # Or use config file substitution like this: 30 | # testoid2=${testoid1}.5.6 31 | 32 | #################################################################### 33 | [ ca ] 34 | default_ca = CA_default # The default ca section 35 | 36 | #################################################################### 37 | [ CA_default ] 38 | 39 | dir = $ENV::KEY_DIR # Where everything is kept 40 | certs = $dir # Where the issued certs are kept 41 | crl_dir = $dir # Where the issued crl are kept 42 | database = $dir/index.txt # database index file. 43 | new_certs_dir = $dir # default place for new certs. 44 | 45 | certificate = $dir/ca.crt # The CA certificate 46 | serial = $dir/serial # The current serial number 47 | crl = $dir/crl.pem # The current CRL 48 | private_key = $dir/ca.key # The private key 49 | RANDFILE = $dir/.rand # private random number file 50 | 51 | x509_extensions = usr_cert # The extentions to add to the cert 52 | 53 | # Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs 54 | # so this is commented out by default to leave a V1 CRL. 55 | # crl_extensions = crl_ext 56 | 57 | default_days = 3650 # how long to certify for 58 | default_crl_days= 30 # how long before next CRL 59 | default_md = sha256 # which md to use. 60 | preserve = no # keep passed DN ordering 61 | 62 | # A few difference way of specifying how similar the request should look 63 | # For type CA, the listed attributes must be the same, and the optional 64 | # and supplied fields are just that :-) 65 | policy = policy_anything 66 | 67 | # For the CA policy 68 | [ policy_match ] 69 | countryName = match 70 | stateOrProvinceName = match 71 | organizationName = match 72 | organizationalUnitName = optional 73 | commonName = supplied 74 | emailAddress = optional 75 | 76 | # For the 'anything' policy 77 | # At this point in time, you must list all acceptable 'object' 78 | # types. 79 | [ policy_anything ] 80 | countryName = optional 81 | stateOrProvinceName = optional 82 | localityName = optional 83 | organizationName = optional 84 | organizationalUnitName = optional 85 | commonName = supplied 86 | emailAddress = optional 87 | 88 | #################################################################### 89 | [ req ] 90 | default_bits = $ENV::KEY_SIZE 91 | default_keyfile = privkey.pem 92 | default_md = sha256 93 | distinguished_name = req_distinguished_name 94 | attributes = req_attributes 95 | x509_extensions = v3_ca # The extentions to add to the self signed cert 96 | 97 | # Passwords for private keys if not present they will be prompted for 98 | # input_password = secret 99 | # output_password = secret 100 | 101 | # This sets a mask for permitted string types. There are several options. 102 | # default: PrintableString, T61String, BMPString. 103 | # pkix : PrintableString, BMPString. 104 | # utf8only: only UTF8Strings. 105 | # nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings). 106 | # MASK:XXXX a literal mask value. 107 | # WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings 108 | # so use this option with caution! 109 | string_mask = nombstr 110 | 111 | # req_extensions = v3_req # The extensions to add to a certificate request 112 | 113 | [ req_distinguished_name ] 114 | countryName = Country Name (2 letter code) 115 | countryName_default = $ENV::KEY_COUNTRY 116 | countryName_min = 2 117 | countryName_max = 2 118 | 119 | stateOrProvinceName = State or Province Name (full name) 120 | stateOrProvinceName_default = $ENV::KEY_PROVINCE 121 | 122 | localityName = Locality Name (eg, city) 123 | localityName_default = $ENV::KEY_CITY 124 | 125 | 0.organizationName = Organization Name (eg, company) 126 | 0.organizationName_default = $ENV::KEY_ORG 127 | 128 | # we can do this but it is not needed normally :-) 129 | #1.organizationName = Second Organization Name (eg, company) 130 | #1.organizationName_default = World Wide Web Pty Ltd 131 | 132 | organizationalUnitName = Organizational Unit Name (eg, section) 133 | #organizationalUnitName_default = 134 | 135 | commonName = Common Name (eg, your name or your server\'s hostname) 136 | commonName_max = 64 137 | 138 | emailAddress = Email Address 139 | emailAddress_default = $ENV::KEY_EMAIL 140 | emailAddress_max = 40 141 | 142 | # JY -- added for batch mode 143 | organizationalUnitName_default = $ENV::KEY_OU 144 | commonName_default = $ENV::KEY_CN 145 | 146 | # SET-ex3 = SET extension number 3 147 | 148 | [ req_attributes ] 149 | challengePassword = A challenge password 150 | challengePassword_min = 4 151 | challengePassword_max = 20 152 | 153 | unstructuredName = An optional company name 154 | 155 | [ usr_cert ] 156 | 157 | # These extensions are added when 'ca' signs a request. 158 | 159 | # This goes against PKIX guidelines but some CAs do it and some software 160 | # requires this to avoid interpreting an end user certificate as a CA. 161 | 162 | basicConstraints=CA:FALSE 163 | 164 | # Here are some examples of the usage of nsCertType. If it is omitted 165 | # the certificate can be used for anything *except* object signing. 166 | 167 | # This is OK for an SSL server. 168 | # nsCertType = server 169 | 170 | # For an object signing certificate this would be used. 171 | # nsCertType = objsign 172 | 173 | # For normal client use this is typical 174 | # nsCertType = client, email 175 | 176 | # and for everything including object signing: 177 | # nsCertType = client, email, objsign 178 | 179 | # This is typical in keyUsage for a client certificate. 180 | # keyUsage = nonRepudiation, digitalSignature, keyEncipherment 181 | 182 | # This will be displayed in Netscape's comment listbox. 183 | nsComment = "Easy-RSA Generated Certificate" 184 | 185 | # PKIX recommendations harmless if included in all certificates. 186 | subjectKeyIdentifier=hash 187 | authorityKeyIdentifier=keyid,issuer:always 188 | extendedKeyUsage=clientAuth 189 | keyUsage = digitalSignature 190 | 191 | # This stuff is for subjectAltName and issuerAltname. 192 | # Import the email address. 193 | # subjectAltName=email:copy 194 | subjectAltName=$ENV::KEY_ALTNAMES 195 | 196 | # Copy subject details 197 | # issuerAltName=issuer:copy 198 | 199 | #nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem 200 | #nsBaseUrl 201 | #nsRevocationUrl 202 | #nsRenewalUrl 203 | #nsCaPolicyUrl 204 | #nsSslServerName 205 | 206 | [ server ] 207 | 208 | # JY ADDED -- Make a cert with nsCertType set to "server" 209 | basicConstraints=CA:FALSE 210 | nsCertType = server 211 | nsComment = "Easy-RSA Generated Server Certificate" 212 | subjectKeyIdentifier=hash 213 | authorityKeyIdentifier=keyid,issuer:always 214 | extendedKeyUsage=serverAuth 215 | keyUsage = digitalSignature, keyEncipherment 216 | subjectAltName=$ENV::KEY_ALTNAMES 217 | 218 | [ v3_req ] 219 | 220 | # Extensions to add to a certificate request 221 | 222 | basicConstraints = CA:FALSE 223 | keyUsage = nonRepudiation, digitalSignature, keyEncipherment 224 | 225 | [ v3_ca ] 226 | 227 | 228 | # Extensions for a typical CA 229 | 230 | 231 | # PKIX recommendation. 232 | 233 | subjectKeyIdentifier=hash 234 | 235 | authorityKeyIdentifier=keyid:always,issuer:always 236 | 237 | # This is what PKIX recommends but some broken software chokes on critical 238 | # extensions. 239 | #basicConstraints = critical,CA:true 240 | # So we do this instead. 241 | basicConstraints = CA:true 242 | 243 | # Key usage: this is typical for a CA certificate. However since it will 244 | # prevent it being used as an test self-signed certificate it is best 245 | # left out by default. 246 | # keyUsage = cRLSign, keyCertSign 247 | 248 | # Some might want this also 249 | # nsCertType = sslCA, emailCA 250 | 251 | # Include email address in subject alt name: another PKIX recommendation 252 | # subjectAltName=email:copy 253 | # Copy issuer details 254 | # issuerAltName=issuer:copy 255 | 256 | # DER hex encoding of an extension: beware experts only! 257 | # obj=DER:02:03 258 | # Where 'obj' is a standard or added object 259 | # You can even override a supported extension: 260 | # basicConstraints= critical, DER:30:03:01:01:FF 261 | 262 | [ crl_ext ] 263 | 264 | # CRL extensions. 265 | # Only issuerAltName and authorityKeyIdentifier make any sense in a CRL. 266 | 267 | # issuerAltName=issuer:copy 268 | authorityKeyIdentifier=keyid:always,issuer:always 269 | -------------------------------------------------------------------------------- /openvpn_config/rsa_generator/easy-rsa/robotside/openssl-0.9.8.cnf: -------------------------------------------------------------------------------- 1 | # For use with easy-rsa version 2.0 2 | 3 | # 4 | # OpenSSL example configuration file. 5 | # This is mostly being used for generation of certificate requests. 6 | # 7 | 8 | # This definition stops the following lines choking if HOME isn't 9 | # defined. 10 | HOME = . 11 | RANDFILE = $ENV::HOME/.rnd 12 | openssl_conf = openssl_init 13 | 14 | [ openssl_init ] 15 | # Extra OBJECT IDENTIFIER info: 16 | #oid_file = $ENV::HOME/.oid 17 | oid_section = new_oids 18 | engines = engine_section 19 | 20 | # To use this configuration file with the "-extfile" option of the 21 | # "openssl x509" utility, name here the section containing the 22 | # X.509v3 extensions to use: 23 | # extensions = 24 | # (Alternatively, use a configuration file that has only 25 | # X.509v3 extensions in its main [= default] section.) 26 | 27 | [ new_oids ] 28 | 29 | # We can add new OIDs in here for use by 'ca' and 'req'. 30 | # Add a simple OID like this: 31 | # testoid1=1.2.3.4 32 | # Or use config file substitution like this: 33 | # testoid2=${testoid1}.5.6 34 | 35 | #################################################################### 36 | [ ca ] 37 | default_ca = CA_default # The default ca section 38 | 39 | #################################################################### 40 | [ CA_default ] 41 | 42 | dir = $ENV::KEY_DIR # Where everything is kept 43 | certs = $dir # Where the issued certs are kept 44 | crl_dir = $dir # Where the issued crl are kept 45 | database = $dir/index.txt # database index file. 46 | new_certs_dir = $dir # default place for new certs. 47 | 48 | certificate = $dir/ca.crt # The CA certificate 49 | serial = $dir/serial # The current serial number 50 | crl = $dir/crl.pem # The current CRL 51 | private_key = $dir/ca.key # The private key 52 | RANDFILE = $dir/.rand # private random number file 53 | 54 | x509_extensions = usr_cert # The extentions to add to the cert 55 | 56 | # Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs 57 | # so this is commented out by default to leave a V1 CRL. 58 | # crl_extensions = crl_ext 59 | 60 | default_days = 3650 # how long to certify for 61 | default_crl_days= 30 # how long before next CRL 62 | default_md = sha256 # which md to use. 63 | preserve = no # keep passed DN ordering 64 | 65 | # A few difference way of specifying how similar the request should look 66 | # For type CA, the listed attributes must be the same, and the optional 67 | # and supplied fields are just that :-) 68 | policy = policy_anything 69 | 70 | # For the CA policy 71 | [ policy_match ] 72 | countryName = match 73 | stateOrProvinceName = match 74 | organizationName = match 75 | organizationalUnitName = optional 76 | commonName = supplied 77 | name = optional 78 | emailAddress = optional 79 | 80 | # For the 'anything' policy 81 | # At this point in time, you must list all acceptable 'object' 82 | # types. 83 | [ policy_anything ] 84 | countryName = optional 85 | stateOrProvinceName = optional 86 | localityName = optional 87 | organizationName = optional 88 | organizationalUnitName = optional 89 | commonName = supplied 90 | name = optional 91 | emailAddress = optional 92 | 93 | #################################################################### 94 | [ req ] 95 | default_bits = $ENV::KEY_SIZE 96 | default_keyfile = privkey.pem 97 | default_md = sha256 98 | distinguished_name = req_distinguished_name 99 | attributes = req_attributes 100 | x509_extensions = v3_ca # The extentions to add to the self signed cert 101 | 102 | # Passwords for private keys if not present they will be prompted for 103 | # input_password = secret 104 | # output_password = secret 105 | 106 | # This sets a mask for permitted string types. There are several options. 107 | # default: PrintableString, T61String, BMPString. 108 | # pkix : PrintableString, BMPString. 109 | # utf8only: only UTF8Strings. 110 | # nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings). 111 | # MASK:XXXX a literal mask value. 112 | # WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings 113 | # so use this option with caution! 114 | string_mask = nombstr 115 | 116 | # req_extensions = v3_req # The extensions to add to a certificate request 117 | 118 | [ req_distinguished_name ] 119 | countryName = Country Name (2 letter code) 120 | countryName_default = $ENV::KEY_COUNTRY 121 | countryName_min = 2 122 | countryName_max = 2 123 | 124 | stateOrProvinceName = State or Province Name (full name) 125 | stateOrProvinceName_default = $ENV::KEY_PROVINCE 126 | 127 | localityName = Locality Name (eg, city) 128 | localityName_default = $ENV::KEY_CITY 129 | 130 | 0.organizationName = Organization Name (eg, company) 131 | 0.organizationName_default = $ENV::KEY_ORG 132 | 133 | # we can do this but it is not needed normally :-) 134 | #1.organizationName = Second Organization Name (eg, company) 135 | #1.organizationName_default = World Wide Web Pty Ltd 136 | 137 | organizationalUnitName = Organizational Unit Name (eg, section) 138 | #organizationalUnitName_default = 139 | 140 | commonName = Common Name (eg, your name or your server\'s hostname) 141 | commonName_max = 64 142 | 143 | name = Name 144 | name_max = 64 145 | 146 | emailAddress = Email Address 147 | emailAddress_default = $ENV::KEY_EMAIL 148 | emailAddress_max = 40 149 | 150 | # JY -- added for batch mode 151 | organizationalUnitName_default = $ENV::KEY_OU 152 | commonName_default = $ENV::KEY_CN 153 | name_default = $ENV::KEY_NAME 154 | 155 | # SET-ex3 = SET extension number 3 156 | 157 | [ req_attributes ] 158 | challengePassword = A challenge password 159 | challengePassword_min = 4 160 | challengePassword_max = 20 161 | 162 | unstructuredName = An optional company name 163 | 164 | [ usr_cert ] 165 | 166 | # These extensions are added when 'ca' signs a request. 167 | 168 | # This goes against PKIX guidelines but some CAs do it and some software 169 | # requires this to avoid interpreting an end user certificate as a CA. 170 | 171 | basicConstraints=CA:FALSE 172 | 173 | # Here are some examples of the usage of nsCertType. If it is omitted 174 | # the certificate can be used for anything *except* object signing. 175 | 176 | # This is OK for an SSL server. 177 | # nsCertType = server 178 | 179 | # For an object signing certificate this would be used. 180 | # nsCertType = objsign 181 | 182 | # For normal client use this is typical 183 | # nsCertType = client, email 184 | 185 | # and for everything including object signing: 186 | # nsCertType = client, email, objsign 187 | 188 | # This is typical in keyUsage for a client certificate. 189 | # keyUsage = nonRepudiation, digitalSignature, keyEncipherment 190 | 191 | # This will be displayed in Netscape's comment listbox. 192 | nsComment = "Easy-RSA Generated Certificate" 193 | 194 | # PKIX recommendations harmless if included in all certificates. 195 | subjectKeyIdentifier=hash 196 | authorityKeyIdentifier=keyid,issuer:always 197 | extendedKeyUsage=clientAuth 198 | keyUsage = digitalSignature 199 | 200 | # This stuff is for subjectAltName and issuerAltname. 201 | # Import the email address. 202 | # subjectAltName=email:copy 203 | subjectAltName=$ENV::KEY_ALTNAMES 204 | 205 | # Copy subject details 206 | # issuerAltName=issuer:copy 207 | 208 | #nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem 209 | #nsBaseUrl 210 | #nsRevocationUrl 211 | #nsRenewalUrl 212 | #nsCaPolicyUrl 213 | #nsSslServerName 214 | 215 | [ server ] 216 | 217 | # JY ADDED -- Make a cert with nsCertType set to "server" 218 | basicConstraints=CA:FALSE 219 | nsCertType = server 220 | nsComment = "Easy-RSA Generated Server Certificate" 221 | subjectKeyIdentifier=hash 222 | authorityKeyIdentifier=keyid,issuer:always 223 | extendedKeyUsage=serverAuth 224 | keyUsage = digitalSignature, keyEncipherment 225 | subjectAltName=$ENV::KEY_ALTNAMES 226 | 227 | [ v3_req ] 228 | 229 | # Extensions to add to a certificate request 230 | 231 | basicConstraints = CA:FALSE 232 | keyUsage = nonRepudiation, digitalSignature, keyEncipherment 233 | 234 | [ v3_ca ] 235 | 236 | 237 | # Extensions for a typical CA 238 | 239 | 240 | # PKIX recommendation. 241 | 242 | subjectKeyIdentifier=hash 243 | 244 | authorityKeyIdentifier=keyid:always,issuer:always 245 | 246 | # This is what PKIX recommends but some broken software chokes on critical 247 | # extensions. 248 | #basicConstraints = critical,CA:true 249 | # So we do this instead. 250 | basicConstraints = CA:true 251 | 252 | # Key usage: this is typical for a CA certificate. However since it will 253 | # prevent it being used as an test self-signed certificate it is best 254 | # left out by default. 255 | # keyUsage = cRLSign, keyCertSign 256 | 257 | # Some might want this also 258 | # nsCertType = sslCA, emailCA 259 | 260 | # Include email address in subject alt name: another PKIX recommendation 261 | # subjectAltName=email:copy 262 | # Copy issuer details 263 | # issuerAltName=issuer:copy 264 | 265 | # DER hex encoding of an extension: beware experts only! 266 | # obj=DER:02:03 267 | # Where 'obj' is a standard or added object 268 | # You can even override a supported extension: 269 | # basicConstraints= critical, DER:30:03:01:01:FF 270 | 271 | [ crl_ext ] 272 | 273 | # CRL extensions. 274 | # Only issuerAltName and authorityKeyIdentifier make any sense in a CRL. 275 | 276 | # issuerAltName=issuer:copy 277 | authorityKeyIdentifier=keyid:always,issuer:always 278 | 279 | [ engine_section ] 280 | # 281 | # If you are using PKCS#11 282 | # Install engine_pkcs11 of opensc (www.opensc.org) 283 | # And uncomment the following 284 | # verify that dynamic_path points to the correct location 285 | # 286 | #pkcs11 = pkcs11_section 287 | 288 | [ pkcs11_section ] 289 | engine_id = pkcs11 290 | dynamic_path = /usr/lib/engines/engine_pkcs11.so 291 | MODULE_PATH = $ENV::PKCS11_MODULE_PATH 292 | PIN = $ENV::PKCS11_PIN 293 | init = 0 294 | -------------------------------------------------------------------------------- /openvpn_config/rsa_generator/easy-rsa/robotside/openssl-1.0.0.cnf: -------------------------------------------------------------------------------- 1 | # For use with easy-rsa version 2.0 and OpenSSL 1.0.0* 2 | 3 | # This definition stops the following lines choking if HOME isn't 4 | # defined. 5 | HOME = . 6 | RANDFILE = $ENV::HOME/.rnd 7 | openssl_conf = openssl_init 8 | 9 | [ openssl_init ] 10 | # Extra OBJECT IDENTIFIER info: 11 | #oid_file = $ENV::HOME/.oid 12 | oid_section = new_oids 13 | engines = engine_section 14 | 15 | # To use this configuration file with the "-extfile" option of the 16 | # "openssl x509" utility, name here the section containing the 17 | # X.509v3 extensions to use: 18 | # extensions = 19 | # (Alternatively, use a configuration file that has only 20 | # X.509v3 extensions in its main [= default] section.) 21 | 22 | [ new_oids ] 23 | 24 | # We can add new OIDs in here for use by 'ca' and 'req'. 25 | # Add a simple OID like this: 26 | # testoid1=1.2.3.4 27 | # Or use config file substitution like this: 28 | # testoid2=${testoid1}.5.6 29 | 30 | #################################################################### 31 | [ ca ] 32 | default_ca = CA_default # The default ca section 33 | 34 | #################################################################### 35 | [ CA_default ] 36 | 37 | dir = $ENV::KEY_DIR # Where everything is kept 38 | certs = $dir # Where the issued certs are kept 39 | crl_dir = $dir # Where the issued crl are kept 40 | database = $dir/index.txt # database index file. 41 | new_certs_dir = $dir # default place for new certs. 42 | 43 | certificate = $dir/ca.crt # The CA certificate 44 | serial = $dir/serial # The current serial number 45 | crl = $dir/crl.pem # The current CRL 46 | private_key = $dir/ca.key # The private key 47 | RANDFILE = $dir/.rand # private random number file 48 | 49 | x509_extensions = usr_cert # The extentions to add to the cert 50 | 51 | # Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs 52 | # so this is commented out by default to leave a V1 CRL. 53 | # crl_extensions = crl_ext 54 | 55 | default_days = 3650 # how long to certify for 56 | default_crl_days= 30 # how long before next CRL 57 | default_md = sha256 # use public key default MD 58 | preserve = no # keep passed DN ordering 59 | 60 | # A few difference way of specifying how similar the request should look 61 | # For type CA, the listed attributes must be the same, and the optional 62 | # and supplied fields are just that :-) 63 | policy = policy_anything 64 | 65 | # For the CA policy 66 | [ policy_match ] 67 | countryName = match 68 | stateOrProvinceName = match 69 | organizationName = match 70 | organizationalUnitName = optional 71 | commonName = supplied 72 | name = optional 73 | emailAddress = optional 74 | 75 | # For the 'anything' policy 76 | # At this point in time, you must list all acceptable 'object' 77 | # types. 78 | [ policy_anything ] 79 | countryName = optional 80 | stateOrProvinceName = optional 81 | localityName = optional 82 | organizationName = optional 83 | organizationalUnitName = optional 84 | commonName = supplied 85 | name = optional 86 | emailAddress = optional 87 | 88 | #################################################################### 89 | [ req ] 90 | default_bits = $ENV::KEY_SIZE 91 | default_keyfile = privkey.pem 92 | default_md = sha256 93 | distinguished_name = req_distinguished_name 94 | attributes = req_attributes 95 | x509_extensions = v3_ca # The extentions to add to the self signed cert 96 | 97 | # Passwords for private keys if not present they will be prompted for 98 | # input_password = secret 99 | # output_password = secret 100 | 101 | # This sets a mask for permitted string types. There are several options. 102 | # default: PrintableString, T61String, BMPString. 103 | # pkix : PrintableString, BMPString (PKIX recommendation after 2004). 104 | # utf8only: only UTF8Strings (PKIX recommendation after 2004). 105 | # nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings). 106 | # MASK:XXXX a literal mask value. 107 | string_mask = nombstr 108 | 109 | # req_extensions = v3_req # The extensions to add to a certificate request 110 | 111 | [ req_distinguished_name ] 112 | countryName = Country Name (2 letter code) 113 | countryName_default = $ENV::KEY_COUNTRY 114 | countryName_min = 2 115 | countryName_max = 2 116 | 117 | stateOrProvinceName = State or Province Name (full name) 118 | stateOrProvinceName_default = $ENV::KEY_PROVINCE 119 | 120 | localityName = Locality Name (eg, city) 121 | localityName_default = $ENV::KEY_CITY 122 | 123 | 0.organizationName = Organization Name (eg, company) 124 | 0.organizationName_default = $ENV::KEY_ORG 125 | 126 | # we can do this but it is not needed normally :-) 127 | #1.organizationName = Second Organization Name (eg, company) 128 | #1.organizationName_default = World Wide Web Pty Ltd 129 | 130 | organizationalUnitName = Organizational Unit Name (eg, section) 131 | #organizationalUnitName_default = 132 | 133 | commonName = Common Name (eg, your name or your server\'s hostname) 134 | commonName_max = 64 135 | 136 | name = Name 137 | name_max = 64 138 | 139 | emailAddress = Email Address 140 | emailAddress_default = $ENV::KEY_EMAIL 141 | emailAddress_max = 40 142 | 143 | # JY -- added for batch mode 144 | organizationalUnitName_default = $ENV::KEY_OU 145 | commonName_default = $ENV::KEY_CN 146 | name_default = $ENV::KEY_NAME 147 | 148 | 149 | # SET-ex3 = SET extension number 3 150 | 151 | [ req_attributes ] 152 | challengePassword = A challenge password 153 | challengePassword_min = 4 154 | challengePassword_max = 20 155 | 156 | unstructuredName = An optional company name 157 | 158 | [ usr_cert ] 159 | 160 | # These extensions are added when 'ca' signs a request. 161 | 162 | # This goes against PKIX guidelines but some CAs do it and some software 163 | # requires this to avoid interpreting an end user certificate as a CA. 164 | 165 | basicConstraints=CA:FALSE 166 | 167 | # Here are some examples of the usage of nsCertType. If it is omitted 168 | # the certificate can be used for anything *except* object signing. 169 | 170 | # This is OK for an SSL server. 171 | # nsCertType = server 172 | 173 | # For an object signing certificate this would be used. 174 | # nsCertType = objsign 175 | 176 | # For normal client use this is typical 177 | # nsCertType = client, email 178 | 179 | # and for everything including object signing: 180 | # nsCertType = client, email, objsign 181 | 182 | # This is typical in keyUsage for a client certificate. 183 | # keyUsage = nonRepudiation, digitalSignature, keyEncipherment 184 | 185 | # This will be displayed in Netscape's comment listbox. 186 | nsComment = "Easy-RSA Generated Certificate" 187 | 188 | # PKIX recommendations harmless if included in all certificates. 189 | subjectKeyIdentifier=hash 190 | authorityKeyIdentifier=keyid,issuer:always 191 | extendedKeyUsage=clientAuth 192 | keyUsage = digitalSignature 193 | 194 | 195 | # This stuff is for subjectAltName and issuerAltname. 196 | # Import the email address. 197 | # subjectAltName=email:copy 198 | subjectAltName=$ENV::KEY_ALTNAMES 199 | 200 | # Copy subject details 201 | # issuerAltName=issuer:copy 202 | 203 | #nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem 204 | #nsBaseUrl 205 | #nsRevocationUrl 206 | #nsRenewalUrl 207 | #nsCaPolicyUrl 208 | #nsSslServerName 209 | 210 | [ server ] 211 | 212 | # JY ADDED -- Make a cert with nsCertType set to "server" 213 | basicConstraints=CA:FALSE 214 | nsCertType = server 215 | nsComment = "Easy-RSA Generated Server Certificate" 216 | subjectKeyIdentifier=hash 217 | authorityKeyIdentifier=keyid,issuer:always 218 | extendedKeyUsage=serverAuth 219 | keyUsage = digitalSignature, keyEncipherment 220 | subjectAltName=$ENV::KEY_ALTNAMES 221 | 222 | [ v3_req ] 223 | 224 | # Extensions to add to a certificate request 225 | 226 | basicConstraints = CA:FALSE 227 | keyUsage = nonRepudiation, digitalSignature, keyEncipherment 228 | 229 | [ v3_ca ] 230 | 231 | 232 | # Extensions for a typical CA 233 | 234 | 235 | # PKIX recommendation. 236 | 237 | subjectKeyIdentifier=hash 238 | 239 | authorityKeyIdentifier=keyid:always,issuer:always 240 | 241 | # This is what PKIX recommends but some broken software chokes on critical 242 | # extensions. 243 | #basicConstraints = critical,CA:true 244 | # So we do this instead. 245 | basicConstraints = CA:true 246 | 247 | # Key usage: this is typical for a CA certificate. However since it will 248 | # prevent it being used as an test self-signed certificate it is best 249 | # left out by default. 250 | # keyUsage = cRLSign, keyCertSign 251 | 252 | # Some might want this also 253 | # nsCertType = sslCA, emailCA 254 | 255 | # Include email address in subject alt name: another PKIX recommendation 256 | # subjectAltName=email:copy 257 | # Copy issuer details 258 | # issuerAltName=issuer:copy 259 | 260 | # DER hex encoding of an extension: beware experts only! 261 | # obj=DER:02:03 262 | # Where 'obj' is a standard or added object 263 | # You can even override a supported extension: 264 | # basicConstraints= critical, DER:30:03:01:01:FF 265 | 266 | [ crl_ext ] 267 | 268 | # CRL extensions. 269 | # Only issuerAltName and authorityKeyIdentifier make any sense in a CRL. 270 | 271 | # issuerAltName=issuer:copy 272 | authorityKeyIdentifier=keyid:always,issuer:always 273 | 274 | [ engine_section ] 275 | # 276 | # If you are using PKCS#11 277 | # Install engine_pkcs11 of opensc (www.opensc.org) 278 | # And uncomment the following 279 | # verify that dynamic_path points to the correct location 280 | # 281 | #pkcs11 = pkcs11_section 282 | 283 | [ pkcs11_section ] 284 | engine_id = pkcs11 285 | dynamic_path = /usr/lib/engines/engine_pkcs11.so 286 | MODULE_PATH = $ENV::PKCS11_MODULE_PATH 287 | PIN = $ENV::PKCS11_PIN 288 | init = 0 289 | -------------------------------------------------------------------------------- /openvpn_config/rsa_generator/easy-rsa/robotside/revoke-full: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # revoke a certificate, regenerate CRL, 4 | # and verify revocation 5 | 6 | CRL="crl.pem" 7 | RT="revoke-test.pem" 8 | 9 | if [ $# -ne 1 ]; then 10 | echo "usage: revoke-full "; 11 | exit 1 12 | fi 13 | 14 | if [ "$KEY_DIR" ]; then 15 | cd "$KEY_DIR" 16 | rm -f "$RT" 17 | 18 | # set defaults 19 | export KEY_CN="" 20 | export KEY_OU="" 21 | export KEY_NAME="" 22 | 23 | # required due to hack in openssl.cnf that supports Subject Alternative Names 24 | export KEY_ALTNAMES="" 25 | 26 | # revoke key and generate a new CRL 27 | $OPENSSL ca -revoke "$1.crt" -config "$KEY_CONFIG" 28 | 29 | # generate a new CRL -- try to be compatible with 30 | # intermediate PKIs 31 | $OPENSSL ca -gencrl -out "$CRL" -config "$KEY_CONFIG" 32 | if [ -e export-ca.crt ]; then 33 | cat export-ca.crt "$CRL" >"$RT" 34 | else 35 | cat ca.crt "$CRL" >"$RT" 36 | fi 37 | 38 | # verify the revocation 39 | $OPENSSL verify -CAfile "$RT" -crl_check "$1.crt" 40 | else 41 | echo 'Please source the vars script first (i.e. "source ./vars")' 42 | echo 'Make sure you have edited it to reflect your configuration.' 43 | fi 44 | -------------------------------------------------------------------------------- /openvpn_config/rsa_generator/easy-rsa/robotside/sign-req: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # Sign a certificate signing request (a .csr file) 4 | # with a local root certificate and key. 5 | 6 | export EASY_RSA="${EASY_RSA:-.}" 7 | "$EASY_RSA/pkitool" --interact --sign $* 8 | -------------------------------------------------------------------------------- /openvpn_config/rsa_generator/easy-rsa/robotside/vars: -------------------------------------------------------------------------------- 1 | # easy-rsa parameter settings 2 | 3 | # NOTE: If you installed from an RPM, 4 | # don't edit this file in place in 5 | # /usr/share/openvpn/easy-rsa -- 6 | # instead, you should copy the whole 7 | # easy-rsa directory to another location 8 | # (such as /etc/openvpn) so that your 9 | # edits will not be wiped out by a future 10 | # OpenVPN package upgrade. 11 | 12 | # This variable should point to 13 | # the top level of the easy-rsa 14 | # tree. 15 | export EASY_RSA="`pwd`" 16 | 17 | # 18 | # This variable should point to 19 | # the requested executables 20 | # 21 | export OPENSSL="openssl" 22 | export PKCS11TOOL="pkcs11-tool" 23 | export GREP="grep" 24 | 25 | 26 | # This variable should point to 27 | # the openssl.cnf file included 28 | # with easy-rsa. 29 | export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA` 30 | 31 | # Edit this variable to point to 32 | # your soon-to-be-created key 33 | # directory. 34 | # 35 | # WARNING: clean-all will do 36 | # a rm -rf on this directory 37 | # so make sure you define 38 | # it correctly! 39 | export KEY_DIR="$EASY_RSA/keys" 40 | 41 | # Issue rm -rf warning 42 | echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR 43 | 44 | # PKCS11 fixes 45 | export PKCS11_MODULE_PATH="dummy" 46 | export PKCS11_PIN="dummy" 47 | 48 | # Increase this to 2048 if you 49 | # are paranoid. This will slow 50 | # down TLS negotiation performance 51 | # as well as the one-time DH parms 52 | # generation process. 53 | export KEY_SIZE=2048 54 | 55 | # In how many days should the root CA key expire? 56 | export CA_EXPIRE=3650 57 | 58 | # In how many days should certificates expire? 59 | export KEY_EXPIRE=3650 60 | 61 | # These are the default values for fields 62 | # which will be placed in the certificate. 63 | # Don't leave any of these fields blank. 64 | export KEY_COUNTRY="CZ" 65 | export KEY_PROVINCE="CZ" 66 | export KEY_CITY="None" 67 | export KEY_ORG="None" 68 | export KEY_EMAIL="email@demo.demo" 69 | export KEY_OU="DemoOU" 70 | 71 | # X509 Subject Field 72 | export KEY_NAME="EasyRSA" 73 | 74 | # PKCS11 Smart Card 75 | # export PKCS11_MODULE_PATH="/usr/lib/changeme.so" 76 | # export PKCS11_PIN=1234 77 | 78 | # If you'd like to sign all keys with the same Common Name, uncomment the KEY_CN export below 79 | # You will also need to make sure your OpenVPN server config has the duplicate-cn option set 80 | # export KEY_CN="CommonName" 81 | -------------------------------------------------------------------------------- /openvpn_config/rsa_generator/easy-rsa/robotside/whichopensslcnf: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | cnf="$1/openssl.cnf" 4 | 5 | if [ "$OPENSSL" ]; then 6 | if $OPENSSL version | grep -E "0\.9\.6[[:alnum:]]?" > /dev/null; then 7 | cnf="$1/openssl-0.9.6.cnf" 8 | elif $OPENSSL version | grep -E "0\.9\.8[[:alnum:]]?" > /dev/null; then 9 | cnf="$1/openssl-0.9.8.cnf" 10 | elif $OPENSSL version | grep -E "1\.0\.[[:digit:]][[:alnum:]]?" > /dev/null; then 11 | cnf="$1/openssl-1.0.0.cnf" 12 | else 13 | cnf="$1/openssl.cnf" 14 | fi 15 | fi 16 | 17 | echo $cnf 18 | 19 | if [ ! -r $cnf ]; then 20 | echo "**************************************************************" >&2 21 | echo " No $cnf file could be found" >&2 22 | echo " Further invocations will fail" >&2 23 | echo "**************************************************************" >&2 24 | fi 25 | 26 | exit 0 27 | -------------------------------------------------------------------------------- /openvpn_config/rsa_generator/easy-rsa/userclient.conf: -------------------------------------------------------------------------------- 1 | ############################################## 2 | # Sample client-side OpenVPN 2.0 config file # 3 | # for connecting to multi-client server. # 4 | # # 5 | # This configuration can be used by multiple # 6 | # clients, however each client should have # 7 | # its own cert and key files. # 8 | # # 9 | # On Windows, you might want to rename this # 10 | # file so it has a .ovpn extension # 11 | ############################################## 12 | 13 | # Specify that we are a client and that we 14 | # will be pulling certain config file directives 15 | # from the server. 16 | client 17 | 18 | # Use the same setting as you are using on 19 | # the server. 20 | # On most systems, the VPN will not function 21 | # unless you partially or fully disable 22 | # the firewall for the TUN/TAP interface. 23 | ;dev tap 24 | dev tun 25 | 26 | # Windows needs the TAP-Win32 adapter name 27 | # from the Network Connections panel 28 | # if you have more than one. On XP SP2, 29 | # you may need to disable the firewall 30 | # for the TAP adapter. 31 | ;dev-node MyTap 32 | 33 | # Are we connecting to a TCP or 34 | # UDP server? Use the same setting as 35 | # on the server. 36 | ;proto tcp 37 | proto udp 38 | 39 | # The hostname/IP and port of the server. 40 | # You can have multiple remote entries 41 | # to load balance between the servers. 42 | remote uservpn 2106 43 | ;remote my-server-2 1194 44 | 45 | # Choose a random host from the remote 46 | # list for load-balancing. Otherwise 47 | # try hosts in the order specified. 48 | ;remote-random 49 | 50 | # Keep trying indefinitely to resolve the 51 | # host name of the OpenVPN server. Very useful 52 | # on machines which are not permanently connected 53 | # to the internet such as laptops. 54 | resolv-retry infinite 55 | 56 | # Most clients don't need to bind to 57 | # a specific local port number. 58 | nobind 59 | 60 | # Downgrade privileges after initialization (non-Windows only) 61 | ;user nobody 62 | ;group nogroup 63 | 64 | # Try to preserve some state across restarts. 65 | persist-key 66 | persist-tun 67 | 68 | # If you are connecting through an 69 | # HTTP proxy to reach the actual OpenVPN 70 | # server, put the proxy server/IP and 71 | # port number here. See the man page 72 | # if your proxy server requires 73 | # authentication. 74 | ;http-proxy-retry # retry on connection failures 75 | ;http-proxy [proxy server] [proxy port #] 76 | 77 | # Wireless networks often produce a lot 78 | # of duplicate packets. Set this flag 79 | # to silence duplicate packet warnings. 80 | ;mute-replay-warnings 81 | 82 | # SSL/TLS parms. 83 | # See the server config file for more 84 | # description. It's best to use 85 | # a separate .crt/.key file pair 86 | # for each client. A single ca 87 | # file can be used for all clients. 88 | ca ca.crt 89 | cert client.crt 90 | key client.key 91 | 92 | # Verify server certificate by checking 93 | # that the certicate has the nsCertType 94 | # field set to "server". This is an 95 | # important precaution to protect against 96 | # a potential attack discussed here: 97 | # http://openvpn.net/howto.html#mitm 98 | # 99 | # To use this feature, you will need to generate 100 | # your server certificates with the nsCertType 101 | # field set to "server". The build-key-server 102 | # script in the easy-rsa folder will do this. 103 | ns-cert-type server 104 | 105 | # If a tls-auth key is used on the server 106 | # then every client must also have the key. 107 | ;tls-auth ta.key 1 108 | 109 | # Select a cryptographic cipher. 110 | # If the cipher option is used on the server 111 | # then you must also specify it here. 112 | ;cipher x 113 | 114 | # Enable compression on the VPN link. 115 | # Don't enable this unless it is also 116 | # enabled in the server config file. 117 | comp-lzo 118 | 119 | # Set log file verbosity. 120 | verb 3 121 | 122 | # Silence repeating messages 123 | ;mute 20 124 | -------------------------------------------------------------------------------- /openvpn_config/rsa_generator/easy-rsa/userside/build-ca: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # 4 | # Build a root certificate 5 | # 6 | 7 | export EASY_RSA="${EASY_RSA:-.}" 8 | "$EASY_RSA/pkitool" --interact --initca $* 9 | -------------------------------------------------------------------------------- /openvpn_config/rsa_generator/easy-rsa/userside/build-dh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # Build Diffie-Hellman parameters for the server side 4 | # of an SSL/TLS connection. 5 | 6 | if [ -d $KEY_DIR ] && [ $KEY_SIZE ]; then 7 | $OPENSSL dhparam -out ${KEY_DIR}/dh${KEY_SIZE}.pem ${KEY_SIZE} 8 | else 9 | echo 'Please source the vars script first (i.e. "source ./vars")' 10 | echo 'Make sure you have edited it to reflect your configuration.' 11 | fi 12 | -------------------------------------------------------------------------------- /openvpn_config/rsa_generator/easy-rsa/userside/build-inter: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # Make an intermediate CA certificate/private key pair using a locally generated 4 | # root certificate. 5 | 6 | export EASY_RSA="${EASY_RSA:-.}" 7 | "$EASY_RSA/pkitool" --interact --inter $* 8 | -------------------------------------------------------------------------------- /openvpn_config/rsa_generator/easy-rsa/userside/build-key: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # Make a certificate/private key pair using a locally generated 4 | # root certificate. 5 | 6 | export EASY_RSA="${EASY_RSA:-.}" 7 | "$EASY_RSA/pkitool" --interact $* 8 | -------------------------------------------------------------------------------- /openvpn_config/rsa_generator/easy-rsa/userside/build-key-pass: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # Similar to build-key, but protect the private key 4 | # with a password. 5 | 6 | export EASY_RSA="${EASY_RSA:-.}" 7 | "$EASY_RSA/pkitool" --interact --pass $* 8 | -------------------------------------------------------------------------------- /openvpn_config/rsa_generator/easy-rsa/userside/build-key-pkcs12: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # Make a certificate/private key pair using a locally generated 4 | # root certificate and convert it to a PKCS #12 file including the 5 | # the CA certificate as well. 6 | 7 | export EASY_RSA="${EASY_RSA:-.}" 8 | "$EASY_RSA/pkitool" --interact --pkcs12 $* 9 | -------------------------------------------------------------------------------- /openvpn_config/rsa_generator/easy-rsa/userside/build-key-server: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # Make a certificate/private key pair using a locally generated 4 | # root certificate. 5 | # 6 | # Explicitly set nsCertType to server using the "server" 7 | # extension in the openssl.cnf file. 8 | 9 | export EASY_RSA="${EASY_RSA:-.}" 10 | "$EASY_RSA/pkitool" --interact --server $* 11 | -------------------------------------------------------------------------------- /openvpn_config/rsa_generator/easy-rsa/userside/build-req: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # Build a certificate signing request and private key. Use this 4 | # when your root certificate and key is not available locally. 5 | 6 | export EASY_RSA="${EASY_RSA:-.}" 7 | "$EASY_RSA/pkitool" --interact --csr $* 8 | -------------------------------------------------------------------------------- /openvpn_config/rsa_generator/easy-rsa/userside/build-req-pass: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # Like build-req, but protect your private key 4 | # with a password. 5 | 6 | export EASY_RSA="${EASY_RSA:-.}" 7 | "$EASY_RSA/pkitool" --interact --csr --pass $* 8 | -------------------------------------------------------------------------------- /openvpn_config/rsa_generator/easy-rsa/userside/clean-all: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # Initialize the $KEY_DIR directory. 4 | # Note that this script does a 5 | # rm -rf on $KEY_DIR so be careful! 6 | 7 | if [ "$KEY_DIR" ]; then 8 | rm -rf "$KEY_DIR" 9 | mkdir "$KEY_DIR" && \ 10 | chmod go-rwx "$KEY_DIR" && \ 11 | touch "$KEY_DIR/index.txt" && \ 12 | echo 01 >"$KEY_DIR/serial" 13 | else 14 | echo 'Please source the vars script first (i.e. "source ./vars")' 15 | echo 'Make sure you have edited it to reflect your configuration.' 16 | fi 17 | -------------------------------------------------------------------------------- /openvpn_config/rsa_generator/easy-rsa/userside/inherit-inter: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # Build a new PKI which is rooted on an intermediate certificate generated 4 | # by ./build-inter or ./pkitool --inter from a parent PKI. The new PKI should 5 | # have independent vars settings, and must use a different KEY_DIR directory 6 | # from the parent. This tool can be used to generate arbitrary depth 7 | # certificate chains. 8 | # 9 | # To build an intermediate CA, follow the same steps for a regular PKI but 10 | # replace ./build-key or ./pkitool --initca with this script. 11 | 12 | # The EXPORT_CA file will contain the CA certificate chain and should be 13 | # referenced by the OpenVPN "ca" directive in config files. The ca.crt file 14 | # will only contain the local intermediate CA -- it's needed by the easy-rsa 15 | # scripts but not by OpenVPN directly. 16 | EXPORT_CA="export-ca.crt" 17 | 18 | if [ $# -ne 2 ]; then 19 | echo "usage: $0 " 20 | echo "parent-key-dir: the KEY_DIR directory of the parent PKI" 21 | echo "common-name: the common name of the intermediate certificate in the parent PKI" 22 | exit 1; 23 | fi 24 | 25 | if [ "$KEY_DIR" ]; then 26 | cp "$1/$2.crt" "$KEY_DIR/ca.crt" 27 | cp "$1/$2.key" "$KEY_DIR/ca.key" 28 | 29 | if [ -e "$1/$EXPORT_CA" ]; then 30 | PARENT_CA="$1/$EXPORT_CA" 31 | else 32 | PARENT_CA="$1/ca.crt" 33 | fi 34 | cp "$PARENT_CA" "$KEY_DIR/$EXPORT_CA" 35 | cat "$KEY_DIR/ca.crt" >> "$KEY_DIR/$EXPORT_CA" 36 | else 37 | echo 'Please source the vars script first (i.e. "source ./vars")' 38 | echo 'Make sure you have edited it to reflect your configuration.' 39 | fi 40 | -------------------------------------------------------------------------------- /openvpn_config/rsa_generator/easy-rsa/userside/list-crl: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # list revoked certificates 4 | 5 | CRL="${1:-crl.pem}" 6 | 7 | if [ "$KEY_DIR" ]; then 8 | cd "$KEY_DIR" && \ 9 | $OPENSSL crl -text -noout -in "$CRL" 10 | else 11 | echo 'Please source the vars script first (i.e. "source ./vars")' 12 | echo 'Make sure you have edited it to reflect your configuration.' 13 | fi 14 | -------------------------------------------------------------------------------- /openvpn_config/rsa_generator/easy-rsa/userside/openssl-0.9.6.cnf: -------------------------------------------------------------------------------- 1 | # For use with easy-rsa version 2.0 2 | 3 | # 4 | # OpenSSL example configuration file. 5 | # This is mostly being used for generation of certificate requests. 6 | # 7 | 8 | # This definition stops the following lines choking if HOME isn't 9 | # defined. 10 | HOME = . 11 | RANDFILE = $ENV::HOME/.rnd 12 | 13 | # Extra OBJECT IDENTIFIER info: 14 | #oid_file = $ENV::HOME/.oid 15 | oid_section = new_oids 16 | 17 | # To use this configuration file with the "-extfile" option of the 18 | # "openssl x509" utility, name here the section containing the 19 | # X.509v3 extensions to use: 20 | # extensions = 21 | # (Alternatively, use a configuration file that has only 22 | # X.509v3 extensions in its main [= default] section.) 23 | 24 | [ new_oids ] 25 | 26 | # We can add new OIDs in here for use by 'ca' and 'req'. 27 | # Add a simple OID like this: 28 | # testoid1=1.2.3.4 29 | # Or use config file substitution like this: 30 | # testoid2=${testoid1}.5.6 31 | 32 | #################################################################### 33 | [ ca ] 34 | default_ca = CA_default # The default ca section 35 | 36 | #################################################################### 37 | [ CA_default ] 38 | 39 | dir = $ENV::KEY_DIR # Where everything is kept 40 | certs = $dir # Where the issued certs are kept 41 | crl_dir = $dir # Where the issued crl are kept 42 | database = $dir/index.txt # database index file. 43 | new_certs_dir = $dir # default place for new certs. 44 | 45 | certificate = $dir/ca.crt # The CA certificate 46 | serial = $dir/serial # The current serial number 47 | crl = $dir/crl.pem # The current CRL 48 | private_key = $dir/ca.key # The private key 49 | RANDFILE = $dir/.rand # private random number file 50 | 51 | x509_extensions = usr_cert # The extentions to add to the cert 52 | 53 | # Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs 54 | # so this is commented out by default to leave a V1 CRL. 55 | # crl_extensions = crl_ext 56 | 57 | default_days = 3650 # how long to certify for 58 | default_crl_days= 30 # how long before next CRL 59 | default_md = sha256 # which md to use. 60 | preserve = no # keep passed DN ordering 61 | 62 | # A few difference way of specifying how similar the request should look 63 | # For type CA, the listed attributes must be the same, and the optional 64 | # and supplied fields are just that :-) 65 | policy = policy_anything 66 | 67 | # For the CA policy 68 | [ policy_match ] 69 | countryName = match 70 | stateOrProvinceName = match 71 | organizationName = match 72 | organizationalUnitName = optional 73 | commonName = supplied 74 | emailAddress = optional 75 | 76 | # For the 'anything' policy 77 | # At this point in time, you must list all acceptable 'object' 78 | # types. 79 | [ policy_anything ] 80 | countryName = optional 81 | stateOrProvinceName = optional 82 | localityName = optional 83 | organizationName = optional 84 | organizationalUnitName = optional 85 | commonName = supplied 86 | emailAddress = optional 87 | 88 | #################################################################### 89 | [ req ] 90 | default_bits = $ENV::KEY_SIZE 91 | default_keyfile = privkey.pem 92 | default_md = sha256 93 | distinguished_name = req_distinguished_name 94 | attributes = req_attributes 95 | x509_extensions = v3_ca # The extentions to add to the self signed cert 96 | 97 | # Passwords for private keys if not present they will be prompted for 98 | # input_password = secret 99 | # output_password = secret 100 | 101 | # This sets a mask for permitted string types. There are several options. 102 | # default: PrintableString, T61String, BMPString. 103 | # pkix : PrintableString, BMPString. 104 | # utf8only: only UTF8Strings. 105 | # nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings). 106 | # MASK:XXXX a literal mask value. 107 | # WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings 108 | # so use this option with caution! 109 | string_mask = nombstr 110 | 111 | # req_extensions = v3_req # The extensions to add to a certificate request 112 | 113 | [ req_distinguished_name ] 114 | countryName = Country Name (2 letter code) 115 | countryName_default = $ENV::KEY_COUNTRY 116 | countryName_min = 2 117 | countryName_max = 2 118 | 119 | stateOrProvinceName = State or Province Name (full name) 120 | stateOrProvinceName_default = $ENV::KEY_PROVINCE 121 | 122 | localityName = Locality Name (eg, city) 123 | localityName_default = $ENV::KEY_CITY 124 | 125 | 0.organizationName = Organization Name (eg, company) 126 | 0.organizationName_default = $ENV::KEY_ORG 127 | 128 | # we can do this but it is not needed normally :-) 129 | #1.organizationName = Second Organization Name (eg, company) 130 | #1.organizationName_default = World Wide Web Pty Ltd 131 | 132 | organizationalUnitName = Organizational Unit Name (eg, section) 133 | #organizationalUnitName_default = 134 | 135 | commonName = Common Name (eg, your name or your server\'s hostname) 136 | commonName_max = 64 137 | 138 | emailAddress = Email Address 139 | emailAddress_default = $ENV::KEY_EMAIL 140 | emailAddress_max = 40 141 | 142 | # JY -- added for batch mode 143 | organizationalUnitName_default = $ENV::KEY_OU 144 | commonName_default = $ENV::KEY_CN 145 | 146 | # SET-ex3 = SET extension number 3 147 | 148 | [ req_attributes ] 149 | challengePassword = A challenge password 150 | challengePassword_min = 4 151 | challengePassword_max = 20 152 | 153 | unstructuredName = An optional company name 154 | 155 | [ usr_cert ] 156 | 157 | # These extensions are added when 'ca' signs a request. 158 | 159 | # This goes against PKIX guidelines but some CAs do it and some software 160 | # requires this to avoid interpreting an end user certificate as a CA. 161 | 162 | basicConstraints=CA:FALSE 163 | 164 | # Here are some examples of the usage of nsCertType. If it is omitted 165 | # the certificate can be used for anything *except* object signing. 166 | 167 | # This is OK for an SSL server. 168 | # nsCertType = server 169 | 170 | # For an object signing certificate this would be used. 171 | # nsCertType = objsign 172 | 173 | # For normal client use this is typical 174 | # nsCertType = client, email 175 | 176 | # and for everything including object signing: 177 | # nsCertType = client, email, objsign 178 | 179 | # This is typical in keyUsage for a client certificate. 180 | # keyUsage = nonRepudiation, digitalSignature, keyEncipherment 181 | 182 | # This will be displayed in Netscape's comment listbox. 183 | nsComment = "Easy-RSA Generated Certificate" 184 | 185 | # PKIX recommendations harmless if included in all certificates. 186 | subjectKeyIdentifier=hash 187 | authorityKeyIdentifier=keyid,issuer:always 188 | extendedKeyUsage=clientAuth 189 | keyUsage = digitalSignature 190 | 191 | # This stuff is for subjectAltName and issuerAltname. 192 | # Import the email address. 193 | # subjectAltName=email:copy 194 | subjectAltName=$ENV::KEY_ALTNAMES 195 | 196 | # Copy subject details 197 | # issuerAltName=issuer:copy 198 | 199 | #nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem 200 | #nsBaseUrl 201 | #nsRevocationUrl 202 | #nsRenewalUrl 203 | #nsCaPolicyUrl 204 | #nsSslServerName 205 | 206 | [ server ] 207 | 208 | # JY ADDED -- Make a cert with nsCertType set to "server" 209 | basicConstraints=CA:FALSE 210 | nsCertType = server 211 | nsComment = "Easy-RSA Generated Server Certificate" 212 | subjectKeyIdentifier=hash 213 | authorityKeyIdentifier=keyid,issuer:always 214 | extendedKeyUsage=serverAuth 215 | keyUsage = digitalSignature, keyEncipherment 216 | subjectAltName=$ENV::KEY_ALTNAMES 217 | 218 | [ v3_req ] 219 | 220 | # Extensions to add to a certificate request 221 | 222 | basicConstraints = CA:FALSE 223 | keyUsage = nonRepudiation, digitalSignature, keyEncipherment 224 | 225 | [ v3_ca ] 226 | 227 | 228 | # Extensions for a typical CA 229 | 230 | 231 | # PKIX recommendation. 232 | 233 | subjectKeyIdentifier=hash 234 | 235 | authorityKeyIdentifier=keyid:always,issuer:always 236 | 237 | # This is what PKIX recommends but some broken software chokes on critical 238 | # extensions. 239 | #basicConstraints = critical,CA:true 240 | # So we do this instead. 241 | basicConstraints = CA:true 242 | 243 | # Key usage: this is typical for a CA certificate. However since it will 244 | # prevent it being used as an test self-signed certificate it is best 245 | # left out by default. 246 | # keyUsage = cRLSign, keyCertSign 247 | 248 | # Some might want this also 249 | # nsCertType = sslCA, emailCA 250 | 251 | # Include email address in subject alt name: another PKIX recommendation 252 | # subjectAltName=email:copy 253 | # Copy issuer details 254 | # issuerAltName=issuer:copy 255 | 256 | # DER hex encoding of an extension: beware experts only! 257 | # obj=DER:02:03 258 | # Where 'obj' is a standard or added object 259 | # You can even override a supported extension: 260 | # basicConstraints= critical, DER:30:03:01:01:FF 261 | 262 | [ crl_ext ] 263 | 264 | # CRL extensions. 265 | # Only issuerAltName and authorityKeyIdentifier make any sense in a CRL. 266 | 267 | # issuerAltName=issuer:copy 268 | authorityKeyIdentifier=keyid:always,issuer:always 269 | -------------------------------------------------------------------------------- /openvpn_config/rsa_generator/easy-rsa/userside/openssl-0.9.8.cnf: -------------------------------------------------------------------------------- 1 | # For use with easy-rsa version 2.0 2 | 3 | # 4 | # OpenSSL example configuration file. 5 | # This is mostly being used for generation of certificate requests. 6 | # 7 | 8 | # This definition stops the following lines choking if HOME isn't 9 | # defined. 10 | HOME = . 11 | RANDFILE = $ENV::HOME/.rnd 12 | openssl_conf = openssl_init 13 | 14 | [ openssl_init ] 15 | # Extra OBJECT IDENTIFIER info: 16 | #oid_file = $ENV::HOME/.oid 17 | oid_section = new_oids 18 | engines = engine_section 19 | 20 | # To use this configuration file with the "-extfile" option of the 21 | # "openssl x509" utility, name here the section containing the 22 | # X.509v3 extensions to use: 23 | # extensions = 24 | # (Alternatively, use a configuration file that has only 25 | # X.509v3 extensions in its main [= default] section.) 26 | 27 | [ new_oids ] 28 | 29 | # We can add new OIDs in here for use by 'ca' and 'req'. 30 | # Add a simple OID like this: 31 | # testoid1=1.2.3.4 32 | # Or use config file substitution like this: 33 | # testoid2=${testoid1}.5.6 34 | 35 | #################################################################### 36 | [ ca ] 37 | default_ca = CA_default # The default ca section 38 | 39 | #################################################################### 40 | [ CA_default ] 41 | 42 | dir = $ENV::KEY_DIR # Where everything is kept 43 | certs = $dir # Where the issued certs are kept 44 | crl_dir = $dir # Where the issued crl are kept 45 | database = $dir/index.txt # database index file. 46 | new_certs_dir = $dir # default place for new certs. 47 | 48 | certificate = $dir/ca.crt # The CA certificate 49 | serial = $dir/serial # The current serial number 50 | crl = $dir/crl.pem # The current CRL 51 | private_key = $dir/ca.key # The private key 52 | RANDFILE = $dir/.rand # private random number file 53 | 54 | x509_extensions = usr_cert # The extentions to add to the cert 55 | 56 | # Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs 57 | # so this is commented out by default to leave a V1 CRL. 58 | # crl_extensions = crl_ext 59 | 60 | default_days = 3650 # how long to certify for 61 | default_crl_days= 30 # how long before next CRL 62 | default_md = sha256 # which md to use. 63 | preserve = no # keep passed DN ordering 64 | 65 | # A few difference way of specifying how similar the request should look 66 | # For type CA, the listed attributes must be the same, and the optional 67 | # and supplied fields are just that :-) 68 | policy = policy_anything 69 | 70 | # For the CA policy 71 | [ policy_match ] 72 | countryName = match 73 | stateOrProvinceName = match 74 | organizationName = match 75 | organizationalUnitName = optional 76 | commonName = supplied 77 | name = optional 78 | emailAddress = optional 79 | 80 | # For the 'anything' policy 81 | # At this point in time, you must list all acceptable 'object' 82 | # types. 83 | [ policy_anything ] 84 | countryName = optional 85 | stateOrProvinceName = optional 86 | localityName = optional 87 | organizationName = optional 88 | organizationalUnitName = optional 89 | commonName = supplied 90 | name = optional 91 | emailAddress = optional 92 | 93 | #################################################################### 94 | [ req ] 95 | default_bits = $ENV::KEY_SIZE 96 | default_keyfile = privkey.pem 97 | default_md = sha256 98 | distinguished_name = req_distinguished_name 99 | attributes = req_attributes 100 | x509_extensions = v3_ca # The extentions to add to the self signed cert 101 | 102 | # Passwords for private keys if not present they will be prompted for 103 | # input_password = secret 104 | # output_password = secret 105 | 106 | # This sets a mask for permitted string types. There are several options. 107 | # default: PrintableString, T61String, BMPString. 108 | # pkix : PrintableString, BMPString. 109 | # utf8only: only UTF8Strings. 110 | # nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings). 111 | # MASK:XXXX a literal mask value. 112 | # WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings 113 | # so use this option with caution! 114 | string_mask = nombstr 115 | 116 | # req_extensions = v3_req # The extensions to add to a certificate request 117 | 118 | [ req_distinguished_name ] 119 | countryName = Country Name (2 letter code) 120 | countryName_default = $ENV::KEY_COUNTRY 121 | countryName_min = 2 122 | countryName_max = 2 123 | 124 | stateOrProvinceName = State or Province Name (full name) 125 | stateOrProvinceName_default = $ENV::KEY_PROVINCE 126 | 127 | localityName = Locality Name (eg, city) 128 | localityName_default = $ENV::KEY_CITY 129 | 130 | 0.organizationName = Organization Name (eg, company) 131 | 0.organizationName_default = $ENV::KEY_ORG 132 | 133 | # we can do this but it is not needed normally :-) 134 | #1.organizationName = Second Organization Name (eg, company) 135 | #1.organizationName_default = World Wide Web Pty Ltd 136 | 137 | organizationalUnitName = Organizational Unit Name (eg, section) 138 | #organizationalUnitName_default = 139 | 140 | commonName = Common Name (eg, your name or your server\'s hostname) 141 | commonName_max = 64 142 | 143 | name = Name 144 | name_max = 64 145 | 146 | emailAddress = Email Address 147 | emailAddress_default = $ENV::KEY_EMAIL 148 | emailAddress_max = 40 149 | 150 | # JY -- added for batch mode 151 | organizationalUnitName_default = $ENV::KEY_OU 152 | commonName_default = $ENV::KEY_CN 153 | name_default = $ENV::KEY_NAME 154 | 155 | # SET-ex3 = SET extension number 3 156 | 157 | [ req_attributes ] 158 | challengePassword = A challenge password 159 | challengePassword_min = 4 160 | challengePassword_max = 20 161 | 162 | unstructuredName = An optional company name 163 | 164 | [ usr_cert ] 165 | 166 | # These extensions are added when 'ca' signs a request. 167 | 168 | # This goes against PKIX guidelines but some CAs do it and some software 169 | # requires this to avoid interpreting an end user certificate as a CA. 170 | 171 | basicConstraints=CA:FALSE 172 | 173 | # Here are some examples of the usage of nsCertType. If it is omitted 174 | # the certificate can be used for anything *except* object signing. 175 | 176 | # This is OK for an SSL server. 177 | # nsCertType = server 178 | 179 | # For an object signing certificate this would be used. 180 | # nsCertType = objsign 181 | 182 | # For normal client use this is typical 183 | # nsCertType = client, email 184 | 185 | # and for everything including object signing: 186 | # nsCertType = client, email, objsign 187 | 188 | # This is typical in keyUsage for a client certificate. 189 | # keyUsage = nonRepudiation, digitalSignature, keyEncipherment 190 | 191 | # This will be displayed in Netscape's comment listbox. 192 | nsComment = "Easy-RSA Generated Certificate" 193 | 194 | # PKIX recommendations harmless if included in all certificates. 195 | subjectKeyIdentifier=hash 196 | authorityKeyIdentifier=keyid,issuer:always 197 | extendedKeyUsage=clientAuth 198 | keyUsage = digitalSignature 199 | 200 | # This stuff is for subjectAltName and issuerAltname. 201 | # Import the email address. 202 | # subjectAltName=email:copy 203 | subjectAltName=$ENV::KEY_ALTNAMES 204 | 205 | # Copy subject details 206 | # issuerAltName=issuer:copy 207 | 208 | #nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem 209 | #nsBaseUrl 210 | #nsRevocationUrl 211 | #nsRenewalUrl 212 | #nsCaPolicyUrl 213 | #nsSslServerName 214 | 215 | [ server ] 216 | 217 | # JY ADDED -- Make a cert with nsCertType set to "server" 218 | basicConstraints=CA:FALSE 219 | nsCertType = server 220 | nsComment = "Easy-RSA Generated Server Certificate" 221 | subjectKeyIdentifier=hash 222 | authorityKeyIdentifier=keyid,issuer:always 223 | extendedKeyUsage=serverAuth 224 | keyUsage = digitalSignature, keyEncipherment 225 | subjectAltName=$ENV::KEY_ALTNAMES 226 | 227 | [ v3_req ] 228 | 229 | # Extensions to add to a certificate request 230 | 231 | basicConstraints = CA:FALSE 232 | keyUsage = nonRepudiation, digitalSignature, keyEncipherment 233 | 234 | [ v3_ca ] 235 | 236 | 237 | # Extensions for a typical CA 238 | 239 | 240 | # PKIX recommendation. 241 | 242 | subjectKeyIdentifier=hash 243 | 244 | authorityKeyIdentifier=keyid:always,issuer:always 245 | 246 | # This is what PKIX recommends but some broken software chokes on critical 247 | # extensions. 248 | #basicConstraints = critical,CA:true 249 | # So we do this instead. 250 | basicConstraints = CA:true 251 | 252 | # Key usage: this is typical for a CA certificate. However since it will 253 | # prevent it being used as an test self-signed certificate it is best 254 | # left out by default. 255 | # keyUsage = cRLSign, keyCertSign 256 | 257 | # Some might want this also 258 | # nsCertType = sslCA, emailCA 259 | 260 | # Include email address in subject alt name: another PKIX recommendation 261 | # subjectAltName=email:copy 262 | # Copy issuer details 263 | # issuerAltName=issuer:copy 264 | 265 | # DER hex encoding of an extension: beware experts only! 266 | # obj=DER:02:03 267 | # Where 'obj' is a standard or added object 268 | # You can even override a supported extension: 269 | # basicConstraints= critical, DER:30:03:01:01:FF 270 | 271 | [ crl_ext ] 272 | 273 | # CRL extensions. 274 | # Only issuerAltName and authorityKeyIdentifier make any sense in a CRL. 275 | 276 | # issuerAltName=issuer:copy 277 | authorityKeyIdentifier=keyid:always,issuer:always 278 | 279 | [ engine_section ] 280 | # 281 | # If you are using PKCS#11 282 | # Install engine_pkcs11 of opensc (www.opensc.org) 283 | # And uncomment the following 284 | # verify that dynamic_path points to the correct location 285 | # 286 | #pkcs11 = pkcs11_section 287 | 288 | [ pkcs11_section ] 289 | engine_id = pkcs11 290 | dynamic_path = /usr/lib/engines/engine_pkcs11.so 291 | MODULE_PATH = $ENV::PKCS11_MODULE_PATH 292 | PIN = $ENV::PKCS11_PIN 293 | init = 0 294 | -------------------------------------------------------------------------------- /openvpn_config/rsa_generator/easy-rsa/userside/openssl-1.0.0.cnf: -------------------------------------------------------------------------------- 1 | # For use with easy-rsa version 2.0 and OpenSSL 1.0.0* 2 | 3 | # This definition stops the following lines choking if HOME isn't 4 | # defined. 5 | HOME = . 6 | RANDFILE = $ENV::HOME/.rnd 7 | openssl_conf = openssl_init 8 | 9 | [ openssl_init ] 10 | # Extra OBJECT IDENTIFIER info: 11 | #oid_file = $ENV::HOME/.oid 12 | oid_section = new_oids 13 | engines = engine_section 14 | 15 | # To use this configuration file with the "-extfile" option of the 16 | # "openssl x509" utility, name here the section containing the 17 | # X.509v3 extensions to use: 18 | # extensions = 19 | # (Alternatively, use a configuration file that has only 20 | # X.509v3 extensions in its main [= default] section.) 21 | 22 | [ new_oids ] 23 | 24 | # We can add new OIDs in here for use by 'ca' and 'req'. 25 | # Add a simple OID like this: 26 | # testoid1=1.2.3.4 27 | # Or use config file substitution like this: 28 | # testoid2=${testoid1}.5.6 29 | 30 | #################################################################### 31 | [ ca ] 32 | default_ca = CA_default # The default ca section 33 | 34 | #################################################################### 35 | [ CA_default ] 36 | 37 | dir = $ENV::KEY_DIR # Where everything is kept 38 | certs = $dir # Where the issued certs are kept 39 | crl_dir = $dir # Where the issued crl are kept 40 | database = $dir/index.txt # database index file. 41 | new_certs_dir = $dir # default place for new certs. 42 | 43 | certificate = $dir/ca.crt # The CA certificate 44 | serial = $dir/serial # The current serial number 45 | crl = $dir/crl.pem # The current CRL 46 | private_key = $dir/ca.key # The private key 47 | RANDFILE = $dir/.rand # private random number file 48 | 49 | x509_extensions = usr_cert # The extentions to add to the cert 50 | 51 | # Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs 52 | # so this is commented out by default to leave a V1 CRL. 53 | # crl_extensions = crl_ext 54 | 55 | default_days = 3650 # how long to certify for 56 | default_crl_days= 30 # how long before next CRL 57 | default_md = sha256 # use public key default MD 58 | preserve = no # keep passed DN ordering 59 | 60 | # A few difference way of specifying how similar the request should look 61 | # For type CA, the listed attributes must be the same, and the optional 62 | # and supplied fields are just that :-) 63 | policy = policy_anything 64 | 65 | # For the CA policy 66 | [ policy_match ] 67 | countryName = match 68 | stateOrProvinceName = match 69 | organizationName = match 70 | organizationalUnitName = optional 71 | commonName = supplied 72 | name = optional 73 | emailAddress = optional 74 | 75 | # For the 'anything' policy 76 | # At this point in time, you must list all acceptable 'object' 77 | # types. 78 | [ policy_anything ] 79 | countryName = optional 80 | stateOrProvinceName = optional 81 | localityName = optional 82 | organizationName = optional 83 | organizationalUnitName = optional 84 | commonName = supplied 85 | name = optional 86 | emailAddress = optional 87 | 88 | #################################################################### 89 | [ req ] 90 | default_bits = $ENV::KEY_SIZE 91 | default_keyfile = privkey.pem 92 | default_md = sha256 93 | distinguished_name = req_distinguished_name 94 | attributes = req_attributes 95 | x509_extensions = v3_ca # The extentions to add to the self signed cert 96 | 97 | # Passwords for private keys if not present they will be prompted for 98 | # input_password = secret 99 | # output_password = secret 100 | 101 | # This sets a mask for permitted string types. There are several options. 102 | # default: PrintableString, T61String, BMPString. 103 | # pkix : PrintableString, BMPString (PKIX recommendation after 2004). 104 | # utf8only: only UTF8Strings (PKIX recommendation after 2004). 105 | # nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings). 106 | # MASK:XXXX a literal mask value. 107 | string_mask = nombstr 108 | 109 | # req_extensions = v3_req # The extensions to add to a certificate request 110 | 111 | [ req_distinguished_name ] 112 | countryName = Country Name (2 letter code) 113 | countryName_default = $ENV::KEY_COUNTRY 114 | countryName_min = 2 115 | countryName_max = 2 116 | 117 | stateOrProvinceName = State or Province Name (full name) 118 | stateOrProvinceName_default = $ENV::KEY_PROVINCE 119 | 120 | localityName = Locality Name (eg, city) 121 | localityName_default = $ENV::KEY_CITY 122 | 123 | 0.organizationName = Organization Name (eg, company) 124 | 0.organizationName_default = $ENV::KEY_ORG 125 | 126 | # we can do this but it is not needed normally :-) 127 | #1.organizationName = Second Organization Name (eg, company) 128 | #1.organizationName_default = World Wide Web Pty Ltd 129 | 130 | organizationalUnitName = Organizational Unit Name (eg, section) 131 | #organizationalUnitName_default = 132 | 133 | commonName = Common Name (eg, your name or your server\'s hostname) 134 | commonName_max = 64 135 | 136 | name = Name 137 | name_max = 64 138 | 139 | emailAddress = Email Address 140 | emailAddress_default = $ENV::KEY_EMAIL 141 | emailAddress_max = 40 142 | 143 | # JY -- added for batch mode 144 | organizationalUnitName_default = $ENV::KEY_OU 145 | commonName_default = $ENV::KEY_CN 146 | name_default = $ENV::KEY_NAME 147 | 148 | 149 | # SET-ex3 = SET extension number 3 150 | 151 | [ req_attributes ] 152 | challengePassword = A challenge password 153 | challengePassword_min = 4 154 | challengePassword_max = 20 155 | 156 | unstructuredName = An optional company name 157 | 158 | [ usr_cert ] 159 | 160 | # These extensions are added when 'ca' signs a request. 161 | 162 | # This goes against PKIX guidelines but some CAs do it and some software 163 | # requires this to avoid interpreting an end user certificate as a CA. 164 | 165 | basicConstraints=CA:FALSE 166 | 167 | # Here are some examples of the usage of nsCertType. If it is omitted 168 | # the certificate can be used for anything *except* object signing. 169 | 170 | # This is OK for an SSL server. 171 | # nsCertType = server 172 | 173 | # For an object signing certificate this would be used. 174 | # nsCertType = objsign 175 | 176 | # For normal client use this is typical 177 | # nsCertType = client, email 178 | 179 | # and for everything including object signing: 180 | # nsCertType = client, email, objsign 181 | 182 | # This is typical in keyUsage for a client certificate. 183 | # keyUsage = nonRepudiation, digitalSignature, keyEncipherment 184 | 185 | # This will be displayed in Netscape's comment listbox. 186 | nsComment = "Easy-RSA Generated Certificate" 187 | 188 | # PKIX recommendations harmless if included in all certificates. 189 | subjectKeyIdentifier=hash 190 | authorityKeyIdentifier=keyid,issuer:always 191 | extendedKeyUsage=clientAuth 192 | keyUsage = digitalSignature 193 | 194 | 195 | # This stuff is for subjectAltName and issuerAltname. 196 | # Import the email address. 197 | # subjectAltName=email:copy 198 | subjectAltName=$ENV::KEY_ALTNAMES 199 | 200 | # Copy subject details 201 | # issuerAltName=issuer:copy 202 | 203 | #nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem 204 | #nsBaseUrl 205 | #nsRevocationUrl 206 | #nsRenewalUrl 207 | #nsCaPolicyUrl 208 | #nsSslServerName 209 | 210 | [ server ] 211 | 212 | # JY ADDED -- Make a cert with nsCertType set to "server" 213 | basicConstraints=CA:FALSE 214 | nsCertType = server 215 | nsComment = "Easy-RSA Generated Server Certificate" 216 | subjectKeyIdentifier=hash 217 | authorityKeyIdentifier=keyid,issuer:always 218 | extendedKeyUsage=serverAuth 219 | keyUsage = digitalSignature, keyEncipherment 220 | subjectAltName=$ENV::KEY_ALTNAMES 221 | 222 | [ v3_req ] 223 | 224 | # Extensions to add to a certificate request 225 | 226 | basicConstraints = CA:FALSE 227 | keyUsage = nonRepudiation, digitalSignature, keyEncipherment 228 | 229 | [ v3_ca ] 230 | 231 | 232 | # Extensions for a typical CA 233 | 234 | 235 | # PKIX recommendation. 236 | 237 | subjectKeyIdentifier=hash 238 | 239 | authorityKeyIdentifier=keyid:always,issuer:always 240 | 241 | # This is what PKIX recommends but some broken software chokes on critical 242 | # extensions. 243 | #basicConstraints = critical,CA:true 244 | # So we do this instead. 245 | basicConstraints = CA:true 246 | 247 | # Key usage: this is typical for a CA certificate. However since it will 248 | # prevent it being used as an test self-signed certificate it is best 249 | # left out by default. 250 | # keyUsage = cRLSign, keyCertSign 251 | 252 | # Some might want this also 253 | # nsCertType = sslCA, emailCA 254 | 255 | # Include email address in subject alt name: another PKIX recommendation 256 | # subjectAltName=email:copy 257 | # Copy issuer details 258 | # issuerAltName=issuer:copy 259 | 260 | # DER hex encoding of an extension: beware experts only! 261 | # obj=DER:02:03 262 | # Where 'obj' is a standard or added object 263 | # You can even override a supported extension: 264 | # basicConstraints= critical, DER:30:03:01:01:FF 265 | 266 | [ crl_ext ] 267 | 268 | # CRL extensions. 269 | # Only issuerAltName and authorityKeyIdentifier make any sense in a CRL. 270 | 271 | # issuerAltName=issuer:copy 272 | authorityKeyIdentifier=keyid:always,issuer:always 273 | 274 | [ engine_section ] 275 | # 276 | # If you are using PKCS#11 277 | # Install engine_pkcs11 of opensc (www.opensc.org) 278 | # And uncomment the following 279 | # verify that dynamic_path points to the correct location 280 | # 281 | #pkcs11 = pkcs11_section 282 | 283 | [ pkcs11_section ] 284 | engine_id = pkcs11 285 | dynamic_path = /usr/lib/engines/engine_pkcs11.so 286 | MODULE_PATH = $ENV::PKCS11_MODULE_PATH 287 | PIN = $ENV::PKCS11_PIN 288 | init = 0 289 | -------------------------------------------------------------------------------- /openvpn_config/rsa_generator/easy-rsa/userside/revoke-full: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # revoke a certificate, regenerate CRL, 4 | # and verify revocation 5 | 6 | CRL="crl.pem" 7 | RT="revoke-test.pem" 8 | 9 | if [ $# -ne 1 ]; then 10 | echo "usage: revoke-full "; 11 | exit 1 12 | fi 13 | 14 | if [ "$KEY_DIR" ]; then 15 | cd "$KEY_DIR" 16 | rm -f "$RT" 17 | 18 | # set defaults 19 | export KEY_CN="" 20 | export KEY_OU="" 21 | export KEY_NAME="" 22 | 23 | # required due to hack in openssl.cnf that supports Subject Alternative Names 24 | export KEY_ALTNAMES="" 25 | 26 | # revoke key and generate a new CRL 27 | $OPENSSL ca -revoke "$1.crt" -config "$KEY_CONFIG" 28 | 29 | # generate a new CRL -- try to be compatible with 30 | # intermediate PKIs 31 | $OPENSSL ca -gencrl -out "$CRL" -config "$KEY_CONFIG" 32 | if [ -e export-ca.crt ]; then 33 | cat export-ca.crt "$CRL" >"$RT" 34 | else 35 | cat ca.crt "$CRL" >"$RT" 36 | fi 37 | 38 | # verify the revocation 39 | $OPENSSL verify -CAfile "$RT" -crl_check "$1.crt" 40 | else 41 | echo 'Please source the vars script first (i.e. "source ./vars")' 42 | echo 'Make sure you have edited it to reflect your configuration.' 43 | fi 44 | -------------------------------------------------------------------------------- /openvpn_config/rsa_generator/easy-rsa/userside/sign-req: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # Sign a certificate signing request (a .csr file) 4 | # with a local root certificate and key. 5 | 6 | export EASY_RSA="${EASY_RSA:-.}" 7 | "$EASY_RSA/pkitool" --interact --sign $* 8 | -------------------------------------------------------------------------------- /openvpn_config/rsa_generator/easy-rsa/userside/vars: -------------------------------------------------------------------------------- 1 | # easy-rsa parameter settings 2 | 3 | # NOTE: If you installed from an RPM, 4 | # don't edit this file in place in 5 | # /usr/share/openvpn/easy-rsa -- 6 | # instead, you should copy the whole 7 | # easy-rsa directory to another location 8 | # (such as /etc/openvpn) so that your 9 | # edits will not be wiped out by a future 10 | # OpenVPN package upgrade. 11 | 12 | # This variable should point to 13 | # the top level of the easy-rsa 14 | # tree. 15 | export EASY_RSA="`pwd`" 16 | 17 | # 18 | # This variable should point to 19 | # the requested executables 20 | # 21 | export OPENSSL="openssl" 22 | export PKCS11TOOL="pkcs11-tool" 23 | export GREP="grep" 24 | 25 | 26 | # This variable should point to 27 | # the openssl.cnf file included 28 | # with easy-rsa. 29 | export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA` 30 | 31 | # Edit this variable to point to 32 | # your soon-to-be-created key 33 | # directory. 34 | # 35 | # WARNING: clean-all will do 36 | # a rm -rf on this directory 37 | # so make sure you define 38 | # it correctly! 39 | export KEY_DIR="$EASY_RSA/keys" 40 | 41 | # Issue rm -rf warning 42 | echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR 43 | 44 | # PKCS11 fixes 45 | export PKCS11_MODULE_PATH="dummy" 46 | export PKCS11_PIN="dummy" 47 | 48 | # Increase this to 2048 if you 49 | # are paranoid. This will slow 50 | # down TLS negotiation performance 51 | # as well as the one-time DH parms 52 | # generation process. 53 | export KEY_SIZE=2048 54 | 55 | # In how many days should the root CA key expire? 56 | export CA_EXPIRE=3650 57 | 58 | # In how many days should certificates expire? 59 | export KEY_EXPIRE=3650 60 | 61 | # These are the default values for fields 62 | # which will be placed in the certificate. 63 | # Don't leave any of these fields blank. 64 | export KEY_COUNTRY="CZ" 65 | export KEY_PROVINCE="CZ" 66 | export KEY_CITY="None" 67 | export KEY_ORG="None" 68 | export KEY_EMAIL="email@demo.demo" 69 | export KEY_OU="DemoOU" 70 | 71 | # X509 Subject Field 72 | export KEY_NAME="EasyRSA" 73 | 74 | # PKCS11 Smart Card 75 | # export PKCS11_MODULE_PATH="/usr/lib/changeme.so" 76 | # export PKCS11_PIN=1234 77 | 78 | # If you'd like to sign all keys with the same Common Name, uncomment the KEY_CN export below 79 | # You will also need to make sure your OpenVPN server config has the duplicate-cn option set 80 | # export KEY_CN="CommonName" 81 | -------------------------------------------------------------------------------- /openvpn_config/rsa_generator/easy-rsa/userside/whichopensslcnf: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | cnf="$1/openssl.cnf" 4 | 5 | if [ "$OPENSSL" ]; then 6 | if $OPENSSL version | grep -E "0\.9\.6[[:alnum:]]?" > /dev/null; then 7 | cnf="$1/openssl-0.9.6.cnf" 8 | elif $OPENSSL version | grep -E "0\.9\.8[[:alnum:]]?" > /dev/null; then 9 | cnf="$1/openssl-0.9.8.cnf" 10 | elif $OPENSSL version | grep -E "1\.0\.[[:digit:]][[:alnum:]]?" > /dev/null; then 11 | cnf="$1/openssl-1.0.0.cnf" 12 | else 13 | cnf="$1/openssl.cnf" 14 | fi 15 | fi 16 | 17 | echo $cnf 18 | 19 | if [ ! -r $cnf ]; then 20 | echo "**************************************************************" >&2 21 | echo " No $cnf file could be found" >&2 22 | echo " Further invocations will fail" >&2 23 | echo "**************************************************************" >&2 24 | fi 25 | 26 | exit 0 27 | -------------------------------------------------------------------------------- /openvpn_config/rsa_generator/generate_config.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | echo "[1] Generate config for users" 4 | echo "[2] Generate config for robots" 5 | 6 | read -p ">" userinput 7 | read -p "Client name:" fname 8 | 9 | 10 | if [ $userinput -eq 1 ] ; then folder="userside"; conf="userclient.conf" 11 | elif [ $userinput -eq 2 ] ; then folder="robotside"; conf="robotclient.conf" 12 | else 13 | echo "Incorrect value" 14 | exit -1 15 | fi 16 | 17 | CWD=$(pwd) 18 | 19 | cd ./easy-rsa/$folder/ 20 | source ./vars 21 | ./build-key $fname 22 | cd $CWD 23 | mv ./easy-rsa/$folder/keys/$fname.crt ./easy-rsa/$folder/keys/$fname.key ./keys/$folder/ 24 | cp ./easy-rsa/$folder/keys/ca.crt ./keys/$folder/ 25 | rm ./easy-rsa/$folder/keys/$fname.csr 26 | cp ./easy-rsa/$conf ./keys/$folder/ 27 | 28 | mv ./keys/$folder/$fname.crt ./keys/$folder/client.crt 29 | mv ./keys/$folder/$fname.key ./keys/$folder/client.key 30 | 31 | cd ./keys/$folder/ 32 | tar -cf $fname.tar client.key client.crt ca.crt $conf 33 | rm client.key client.crt ca.crt $conf 34 | cd $CWD 35 | -------------------------------------------------------------------------------- /openvpn_config/rsa_generator/generate_key_only.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | echo "[1] Generate key for users" 4 | echo "[2] Generate key for robots" 5 | 6 | read -p "Key type: " userinput 7 | read -p "Key file name: " fname 8 | 9 | 10 | if [ $userinput -eq 1 ] ; then folder="userside" 11 | elif [ $userinput -eq 2 ] ; then folder="robotside" 12 | else 13 | echo "Incorrect value" 14 | exit -1 15 | fi 16 | 17 | CWD=$(pwd) 18 | 19 | cd ./easy-rsa/$folder/ 20 | source ./vars 21 | ./build-key $fname 22 | cd $CWD 23 | mv ./easy-rsa/$folder/keys/$fname.crt ./easy-rsa/$folder/keys/$fname.key ./keys/$folder/ 24 | rm ./easy-rsa/$folder/keys/$fname.csr 25 | -------------------------------------------------------------------------------- /rms_extension/LICENSE: -------------------------------------------------------------------------------- 1 | Software License Agreement (BSD License) 2 | Copyright (c) 2014, Worcester Polytechnic Institute 3 | All rights reserved. 4 | 5 | Redistribution and use in source and binary forms, with or without 6 | modification, are permitted provided that the following conditions 7 | are met: 8 | 9 | * Redistributions of source code must retain the above copyright 10 | notice, this list of conditions and the following disclaimer. 11 | * Redistributions in binary form must reproduce the above 12 | copyright notice, this list of conditions and the following 13 | disclaimer in the documentation and/or other materials provided 14 | with the distribution. 15 | * Neither the name of the Worcester Polytechnic Institute nor the 16 | names of its contributors may be used to endorse or promote 17 | products derived from this software without specific prior 18 | written permission. 19 | 20 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 21 | "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 22 | LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 23 | FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 24 | COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, 25 | INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 26 | BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 27 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 28 | CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29 | LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN 30 | ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 31 | POSSIBILITY OF SUCH DAMAGE. -------------------------------------------------------------------------------- /rms_extension/README.md: -------------------------------------------------------------------------------- 1 | # Robot Management System - Dispatcher extension 2 | 3 | Installation is described in README.md of the root folder. 4 | 5 | All files present here are under the license in LICENSE file. The changes to the original version therefore fall under the same license. 6 | -------------------------------------------------------------------------------- /rms_extension/app/Config/bootstrap.php: -------------------------------------------------------------------------------- 1 | 'File')); 21 | 22 | // event listeners (different dispatcher) 23 | Configure::write('Dispatcher.filters', array('AssetDispatcher', 'CacheDispatcher')); 24 | 25 | // configures default file logging options 26 | App::uses('CakeLog', 'Log'); 27 | CakeLog::config('debug', array('engine' => 'File', 'types' => array('notice', 'info', 'debug'), 'file' => 'debug')); 28 | CakeLog::config( 29 | 'error', 30 | array('engine' => 'File', 'types' => array('warning', 'error', 'critical', 'alert', 'emergency'), 'file' => 'error') 31 | ); 32 | 33 | // configures authentication globally 34 | App::uses('AuthComponent', 'Controller/Component'); 35 | -------------------------------------------------------------------------------- /rms_extension/app/Controller/AppointmentsController.php: -------------------------------------------------------------------------------- 1 | array('authorize' => 'Controller')); 22 | 23 | /** 24 | * The used models for the controller. 25 | * 26 | * @var array 27 | */ 28 | public $uses = array('Appointment', 'Slot'); 29 | 30 | /** 31 | * Define the actions which can be used by any user, authorized or not. 32 | * 33 | * @return null 34 | */ 35 | public function beforeFilter() { 36 | // only allow unauthenticated account creation 37 | parent::beforeFilter(); 38 | $this->Auth->allow('begin'); 39 | } 40 | 41 | /** 42 | * The book action allows a user to book a user study appointment. 43 | * 44 | * @throws MethodNotAllowedException Thrown if a post request is made. 45 | * @return null 46 | */ 47 | public function book() { 48 | // only work for POST requests 49 | if ($this->request->is(array('appointment', 'post'))) { 50 | // grab the slot we are interested in 51 | $this->Slot->recursive = 3; 52 | $slot = $this->Slot->findById($this->request->data['Appointment']['slot_id']); 53 | 54 | $appointments = $this->Appointment->find( 55 | 'all', 56 | array('recursive' => 3, 'conditions' => array('Appointment.user_id' => $this->Auth->user('id'))) 57 | ); 58 | 59 | $next = null; 60 | foreach ($appointments as $appointment) { 61 | if ($appointment['Slot']['Condition']['Study']['id'] === $slot['Condition']['Study']['id']) { 62 | // pick the latest 63 | if (!$next || strtotime($slot['Slot']['start']) > strtotime($next['Slot']['start'])) { 64 | $next = $appointment; 65 | } 66 | } 67 | } 68 | 69 | // verify that we can book this appointment 70 | if ($next && strtotime($next['Slot']['end']) > strtotime('now')) { 71 | $this->Session->setFlash('Error: you already booked this study.'); 72 | } elseif ($next && !$slot['Condition']['Study']['repeatable']) { 73 | $this->Session->setFlash('Error: you already completed this study.'); 74 | } else { 75 | // create a new entry 76 | $this->Appointment->create(); 77 | // set the current timestamp for creation and modification 78 | $this->Appointment->data['Appointment']['created'] = date('Y-m-d H:i:s'); 79 | $this->Appointment->data['Appointment']['modified'] = date('Y-m-d H:i:s'); 80 | // set the user ID 81 | $this->Appointment->data['Appointment']['user_id'] = $this->Auth->user('id'); 82 | // attempt to save the entry 83 | if ($this->Appointment->save($this->request->data)) { 84 | $this->Session->setFlash('Your study appointment has been booked.'); 85 | } else { 86 | $this->Session->setFlash('Error: unable to book your appointment.'); 87 | } 88 | } 89 | 90 | return $this->redirect(array('controller' => 'users', 'action' => 'view')); 91 | } else { 92 | throw new MethodNotAllowedException(); 93 | } 94 | } 95 | 96 | /** 97 | * The delete action. This allows the user to delete an existing appointment that they own. 98 | * 99 | * @param int $id The ID of the entry to delete. 100 | * @throws MethodNotAllowedException Thrown if a GET request is made. 101 | * @return null 102 | */ 103 | public function delete($id = null) { 104 | // do not allow GET requests 105 | if ($this->request->is('get')) { 106 | throw new MethodNotAllowedException(); 107 | } 108 | 109 | // verify the entry 110 | $appointment = $this->Appointment->findById($id); 111 | if (!$appointment || $appointment['Appointment']['user_id'] !== $this->Auth->user('id')) { 112 | $this->Session->setFlash('Error: Unable to delete your appointment.'); 113 | } elseif ($this->Appointment->delete($id)) { 114 | $this->Session->setFlash('The appointment has been deleted.'); 115 | } 116 | return $this->redirect(array('controller' => 'users', 'action' => 'view')); 117 | } 118 | 119 | /** 120 | * Begin the scheduled appointment. This will verify the appointment and redirect the user to the interface. 121 | * 122 | * @param int $id The ID of the appointment. 123 | * @throws NotFoundException Thrown if the appointment is not found. 124 | * @throws ForbiddenException Thrown if the user does not have access to the appointment at this time. 125 | * @return null 126 | */ 127 | public function begin($id = null) { 128 | // find the appointment 129 | $this->Appointment->recursive = 2; 130 | $appointment = $this->Appointment->findById($id); 131 | if (!$appointment) { 132 | throw new NotFoundException('Invalid appointment.'); 133 | } 134 | 135 | // check for matching users 136 | if ($appointment['Appointment']['user_id'] !== $this->Auth->user('id')) { 137 | throw new ForbiddenException(); 138 | } 139 | 140 | // check the time 141 | if (strtotime($appointment['Slot']['start']) > strtotime('now') 142 | || strtotime($appointment['Slot']['end']) <= strtotime('now')) { 143 | throw new ForbiddenException(); 144 | } 145 | 146 | // good to go -- notify the interface that we are approved 147 | $this->Session->write('appointment_id', $id); 148 | return $this->redirect( 149 | array( 150 | 'controller' => 'ifaces', 151 | 'action' => 'view', 152 | $appointment['Slot']['Condition']['iface_id'], 153 | $appointment['Slot']['Condition']['environment_id'], 154 | strtotime($appointment['Slot']['end']) - strtotime('now') 155 | ) 156 | ); 157 | } 158 | } 159 | -------------------------------------------------------------------------------- /rms_extension/app/Controller/DispatcherController.php: -------------------------------------------------------------------------------- 1 | array( 12 | 'authorize' => 'Controller', 13 | 'loginRedirect' => array('controller' => 'dispatcher', 'action' => 'view'), 14 | 'logoutRedirect' => array('controller' => 'pages', 'action' => 'view'), 15 | 'authenticate' => array( 16 | 'Form' => array('passwordHasher' => array('className' => 'Simple', 'hashType' => 'sha256')) 17 | ) 18 | ) 19 | ); 20 | 21 | public function beforeFilter() { 22 | // only allow unauthenticated account creation 23 | parent::beforeFilter(); 24 | $this->Auth->allow('signup', 'login', 'username', 'reset'); 25 | } 26 | 27 | public function admin_vpn() { 28 | $this->Auth->allow("logo"); 29 | } 30 | 31 | public function index() { 32 | $this->Auth->allow("logo"); 33 | // find the ID 34 | $id = $this->Auth->user('id'); 35 | // grab the entry 36 | $user = $this->User->findById($id); 37 | if (!$user) { 38 | // no valid entry found for the given ID 39 | throw new NotFoundException('Invalid user.'); 40 | } 41 | // search for interfaces 42 | if ($this->viewVars['admin']) { 43 | $this->set('ifaces', $this->Iface->find('all', array('recursive' => 3))); 44 | } else { 45 | // only show the unrestricted interfaces 46 | $ifaces = $this->Iface->find( 47 | 'all', 48 | array('conditions' => array('Iface.unrestricted' => 1), 'recursive' => 3) 49 | ); 50 | $this->set('ifaces', $ifaces); 51 | } 52 | // search for studies 53 | $studies = $this->Study->find( 54 | 'all', 55 | array( 56 | 'recursive' => 3, 57 | 'conditions' => array('Study.start <= CURDATE()', 'Study.end >= CURDATE()') 58 | ) 59 | ); 60 | $this->set('studies', $studies); 61 | // do NOT attempt to load all of the logs 62 | $this->Appointment->hasMany = array(); 63 | $appointments = $this->Appointment->find( 64 | 'all', 65 | array( 66 | 'recursive' => 3, 67 | 'conditions' => array( 68 | 'Appointment.user_id' => $id, 69 | 'Slot.end >= NOW()', 70 | 'Slot.end < "2038-01-18 22:14:07"' 71 | ), 72 | 'order' => array('Slot.start'), 73 | ) 74 | ); 75 | $allAppointments = $this->Appointment->find( 76 | 'all', 77 | array( 78 | 'recursive' => 3, 79 | 'conditions' => array('Appointment.user_id' => $id, 'Slot.end < "2038-01-18 22:14:07"'), 80 | 'order' => array('Slot.start'), 81 | ) 82 | ); 83 | 84 | // === parovani slotu a environmentu === 85 | 86 | $environments = $this->Environment->find('all'); 87 | $environList = array(); 88 | foreach($environments as $env) { 89 | $environList[$env['Environment']['id']] = $env['Rosbridge']['host']; 90 | } 91 | //$this->set('environments', $environList); 92 | 93 | $slots = $this->Slot->find('all'); 94 | $slotList = array(); 95 | foreach($slots as $slot) { 96 | $slotList[$slot['Slot']['id']] = $environList[$slot['Condition']['environment_id']]; 97 | } 98 | 99 | 100 | if (count($appointments)>0) { 101 | if (strtotime($appointments[0]['Slot']['start']) <= strtotime('now') && strtotime($appointments[0]['Slot']['end']) > strtotime('now')) { 102 | $currAppointmentIP = $slotList[$appointments[0]['Slot']['id']]; 103 | } 104 | } 105 | else { $currAppointmentIP = "none"; } 106 | 107 | $this->set('currAppointmentIP', $currAppointmentIP); 108 | 109 | $this->loadModel('DispatcherClient'); 110 | 111 | if (isset($_POST["target"])) { 112 | $client = $_SERVER['REMOTE_ADDR']; 113 | $server = htmlspecialchars($_POST["target"]); 114 | $bindTime = strtotime($appointments[0]['Slot']['end']) - strtotime('now'); 115 | if ($currAppointmentIP == $server || $server == "") { $this->DispatcherClient->bindIP($client, $server, $bindTime); } 116 | } 117 | 118 | $this->set('boundip', $this->DispatcherClient->getBoundIP()); 119 | } 120 | 121 | public function admin_index() { 122 | $this->Auth->allow("logo"); 123 | 124 | $this->loadModel('DispatcherClient'); 125 | 126 | if (isset($_POST["target"])) { 127 | $client = $_SERVER['REMOTE_ADDR']; 128 | $server = htmlspecialchars($_POST["target"]); 129 | $this->DispatcherClient->bindIP($client, $server, 86400); // admin bind 24h 130 | } 131 | } 132 | 133 | } 134 | 135 | ?> 136 | -------------------------------------------------------------------------------- /rms_extension/app/Controller/EnvironmentsController.php: -------------------------------------------------------------------------------- 1 | array('authorize' => 'Controller')); 29 | 30 | /** 31 | * The admin index action lists information about all environments. This allows the admin to add, edit, or delete 32 | * entries. 33 | * 34 | * @return null 35 | */ 36 | public function admin_index() { 37 | // grab all the entries 38 | $this->set('environments', $this->Environment->find('all', array('recursive' => 2))); 39 | // we will need some RWT libraries 40 | $this->set('rwt', array('roslibjs' => 'current')); 41 | 42 | $this->loadModel('DispatcherClient'); 43 | $this->set('bound_ip', $this->DispatcherClient->getBoundIP()); 44 | } 45 | 46 | /** 47 | * The admin add action. This will allow the admin to create a new entry. 48 | * 49 | * @return null 50 | */ 51 | public function admin_add() { 52 | // grab the list of interfaces 53 | $this->set('ifaces', $this->Environment->Iface->find('list')); 54 | // load the rosbridge and MJPEG server lists 55 | $this->__setServerLists(); 56 | 57 | // only work for POST requests 58 | if ($this->request->is('post')) { 59 | // create a new entry 60 | $this->Environment->create(); 61 | // set the current timestamp for creation and modification 62 | $this->Environment->data['Environment']['created'] = date('Y-m-d H:i:s'); 63 | $this->Environment->data['Environment']['modified'] = date('Y-m-d H:i:s'); 64 | 65 | // check for null values 66 | if ($this->request->data['Environment']['rosbridge_id'] === '-1') { 67 | $this->request->data['Environment']['rosbridge_id'] = null; 68 | } 69 | if ($this->request->data['Environment']['mjpeg_id'] === '-1') { 70 | $this->request->data['Environment']['mjpeg_id'] = null; 71 | } 72 | 73 | // attempt to save the entry 74 | if ($this->Environment->save($this->request->data)) { 75 | $this->Session->setFlash('The environment has been saved.'); 76 | return $this->redirect(array('action' => 'index')); 77 | } 78 | $this->Session->setFlash('Unable to add the environment.'); 79 | } 80 | 81 | $this->set('title_for_layout', 'Add Environment'); 82 | } 83 | 84 | /** 85 | * The admin edit action. This allows the admin to edit an existing entry. 86 | * 87 | * @param int $id The ID of the entry to edit. 88 | * @throws NotFoundException Thrown if an entry with the given ID is not found. 89 | * @return null 90 | */ 91 | public function admin_edit($id = null) { 92 | // grab the list of interfaces 93 | $this->set('ifaces', $this->Environment->Iface->find('list')); 94 | // load the rosbridge and MJPEG server lists 95 | $this->__setServerLists(); 96 | 97 | if (!$id) { 98 | // no ID provided 99 | throw new NotFoundException('Invalid environment.'); 100 | } 101 | 102 | $environment = $this->Environment->findById($id); 103 | if (!$environment) { 104 | // no valid entry found for the given ID 105 | throw new NotFoundException('Invalid environment.'); 106 | } 107 | 108 | // only work for PUT requests 109 | if ($this->request->is(array('environment', 'put'))) { 110 | // set the ID 111 | $this->Environment->id = $id; 112 | 113 | // check for null values 114 | if ($this->request->data['Environment']['rosbridge_id'] === '-1') { 115 | $this->request->data['Environment']['rosbridge_id'] = null; 116 | } 117 | if ($this->request->data['Environment']['mjpeg_id'] === '-1') { 118 | $this->request->data['Environment']['mjpeg_id'] = null; 119 | } 120 | 121 | // set the current timestamp for modification 122 | $this->Environment->data['Environment']['modified'] = date('Y-m-d H:i:s'); 123 | // attempt to save the entry 124 | if ($this->Environment->save($this->request->data)) { 125 | $this->Session->setFlash('The environment has been updated.'); 126 | return $this->redirect(array('action' => 'index')); 127 | } 128 | $this->Session->setFlash('Unable to update the environment.'); 129 | } 130 | 131 | // store the entry data if it was not a PUT request 132 | if (!$this->request->data) { 133 | $this->request->data = $environment; 134 | } 135 | 136 | $this->set('title_for_layout', __('Edit Environment - %s', $environment['Environment']['name'])); 137 | } 138 | 139 | /** 140 | * Set the custom server lists fields. This will be the name and the URI combined as well as a 'None' option. 141 | * 142 | * @return null 143 | */ 144 | private function __setServerLists() { 145 | // load the rosbridge and MJPEG server lists 146 | $rosbridges = $this->Environment->Rosbridge->find('all'); 147 | $rosbridgesList = array(-1 => 'None'); 148 | foreach ($rosbridges as $rosbridge) { 149 | $rosbridgesList[$rosbridge['Rosbridge']['id']] = __( 150 | '%s - %s://%s:%s', 151 | h($rosbridge['Rosbridge']['name']), 152 | h($rosbridge['Protocol']['name']), 153 | h($rosbridge['Rosbridge']['host']), 154 | h($rosbridge['Rosbridge']['port']) 155 | ); 156 | } 157 | $this->set('rosbridges', $rosbridgesList); 158 | 159 | $mjpegs = $this->Environment->Mjpeg->find('all'); 160 | $mjpegsList = array(-1 => 'None'); 161 | foreach ($mjpegs as $mjpeg) { 162 | $mjpegsList[$mjpeg['Mjpeg']['id']] = __( 163 | '%s - http://%s:%s', 164 | h($mjpeg['Mjpeg']['name']), 165 | h($mjpeg['Mjpeg']['host']), 166 | h($mjpeg['Mjpeg']['port']) 167 | ); 168 | } 169 | $this->set('mjpegs', $mjpegsList); 170 | } 171 | 172 | /** 173 | * The admin delete action. This allows the admin to delete an existing entry. 174 | * 175 | * @param int $id The ID of the entry to delete. 176 | * @throws MethodNotAllowedException Thrown if a GET request is made. 177 | * @return null 178 | */ 179 | public function admin_delete($id = null) { 180 | // do not allow GET requests 181 | if ($this->request->is('get')) { 182 | throw new MethodNotAllowedException(); 183 | } 184 | 185 | // attempt to delete the entry 186 | if ($this->Environment->delete($id)) { 187 | $this->Session->setFlash('The environment has been deleted.'); 188 | return $this->redirect(array('action' => 'index')); 189 | } 190 | } 191 | 192 | /** 193 | * View the given entry. 194 | * 195 | * @param int $id The ID of the entry to view. 196 | * @throws NotFoundException Thrown if an entry with the given ID is not found. 197 | * @return null 198 | */ 199 | public function admin_view($id = null) { 200 | if (!$id) { 201 | // no ID provided 202 | throw new NotFoundException('Invalid environment.'); 203 | } 204 | 205 | $this->Environment->recursive = 2; 206 | $environment = $this->Environment->findById($id); 207 | if (!$environment) { 208 | // no valid entry found for the given ID 209 | throw new NotFoundException('Invalid environment.'); 210 | } 211 | 212 | // store the entry 213 | $this->set('environment', $environment); 214 | $this->set('title_for_layout', $environment['Environment']['name']); 215 | // we will need some RWT libraries 216 | $this->set('rwt', array('roslibjs' => 'current')); 217 | } 218 | } 219 | -------------------------------------------------------------------------------- /rms_extension/app/Controller/IfacesController.php: -------------------------------------------------------------------------------- 1 | array('authorize' => 'Controller')); 31 | 32 | /** 33 | * Define the actions which can be used by any user, authorized or not. 34 | * 35 | * @return null 36 | */ 37 | public function beforeFilter() { 38 | // allow anyone to view an interface (interface authorization will check this better) 39 | parent::beforeFilter(); 40 | $this->Auth->allow('view'); 41 | } 42 | 43 | /** 44 | * The admin index action lists information about all interfaces. This allows the admin to add, edit, or delete 45 | * entries. 46 | * 47 | * @return null 48 | */ 49 | public function admin_index() { 50 | // grab all the entries 51 | $this->set('ifaces', $this->Iface->find('all')); 52 | $this->set('title_for_layout', 'Interfaces'); 53 | } 54 | 55 | /** 56 | * The admin add action. This will allow the admin to create a new entry. 57 | * 58 | * @return null 59 | */ 60 | public function admin_add() { 61 | // grab the list of environments 62 | $this->set('environments', $this->Iface->Environment->find('list')); 63 | 64 | // only work for POST requests 65 | if ($this->request->is('post')) { 66 | // create a new entry 67 | $this->Iface->create(); 68 | // set the current timestamp for creation and modification 69 | $this->Iface->data['Iface']['created'] = date('Y-m-d H:i:s'); 70 | $this->Iface->data['Iface']['modified'] = date('Y-m-d H:i:s'); 71 | // attempt to save the entry 72 | if ($this->Iface->save($this->request->data)) { 73 | $this->Session->setFlash('The interface has been saved.'); 74 | return $this->redirect(array('action' => 'index')); 75 | } 76 | $this->Session->setFlash('Unable to add the interface.'); 77 | } 78 | 79 | $this->set('title_for_layout', 'Add Interface'); 80 | } 81 | 82 | /** 83 | * The admin edit action. This allows the admin to edit an existing entry. 84 | * 85 | * @param int $id The ID of the entry to edit. 86 | * @throws NotFoundException Thrown if an entry with the given ID is not found. 87 | * @return null 88 | */ 89 | public function admin_edit($id = null) { 90 | // grab the list of environments 91 | $this->set('environments', $this->Iface->Environment->find('list')); 92 | 93 | if (!$id) { 94 | // no ID provided 95 | throw new NotFoundException('Invalid interface.'); 96 | } 97 | 98 | $iface = $this->Iface->findById($id); 99 | if (!$iface) { 100 | // no valid entry found for the given ID 101 | throw new NotFoundException('Invalid interface.'); 102 | } 103 | 104 | // only work for PUT requests 105 | if ($this->request->is(array('iface', 'put'))) { 106 | // set the ID 107 | $this->Iface->id = $id; 108 | // set the current timestamp for modification 109 | $this->Iface->data['Iface']['modified'] = date('Y-m-d H:i:s'); 110 | // attempt to save the entry 111 | if ($this->Iface->save($this->request->data)) { 112 | $this->Session->setFlash('The interface has been updated.'); 113 | return $this->redirect(array('action' => 'index')); 114 | } 115 | $this->Session->setFlash('Unable to update the interface.'); 116 | } 117 | 118 | // store the entry data if it was not a PUT request 119 | if (!$this->request->data) { 120 | $this->request->data = $iface; 121 | } 122 | 123 | $this->set('title_for_layout', __('Edit Interface - %s', $iface['Iface']['name'])); 124 | } 125 | 126 | /** 127 | * The admin delete action. This allows the admin to delete an existing entry. 128 | * 129 | * @param int $id The ID of the entry to delete. 130 | * @throws MethodNotAllowedException Thrown if a GET request is made. 131 | * @return null 132 | */ 133 | public function admin_delete($id = null) { 134 | // do not allow GET requests 135 | if ($this->request->is('get')) { 136 | throw new MethodNotAllowedException(); 137 | } 138 | 139 | // attempt to delete the entry 140 | if ($this->Iface->delete($id)) { 141 | $this->Session->setFlash('The interface has been deleted.'); 142 | return $this->redirect(array('action' => 'index')); 143 | } 144 | } 145 | 146 | /** 147 | * Request to view the given interface with the given environment. This will make the correct redirect. 148 | * 149 | * @param int $id The ID of the interface to view. 150 | * @param int $environmentID The environment ID to use. 151 | * @throws NotFoundException Thrown if an entry with the given IDs is not found. 152 | * @return null 153 | */ 154 | public function view($id = null, $environmentID = null, $bindTime = null) { 155 | if (!$id) { 156 | // no ID provided 157 | throw new NotFoundException('Invalid interface.'); 158 | } 159 | if (!$environmentID) { 160 | // no environment ID provided 161 | throw new NotFoundException('Invalid environment.'); 162 | } 163 | if (!$bindTime) { 164 | // no environment ID provided 165 | throw new NotFoundException('No bind time given.'); 166 | } 167 | 168 | $this->Iface->recursive = 2; 169 | $iface = $this->Iface->findById($id); 170 | if (!$iface) { 171 | // no valid entry found for the given ID 172 | throw new NotFoundException('Invalid interface.'); 173 | } 174 | $environment = null; 175 | foreach ($iface['Environment'] as $env) { 176 | if ($env['id'] === $environmentID) { 177 | $environment = $env; 178 | } 179 | } 180 | if (!$environment) { 181 | // no valid entry found for the given environment ID 182 | throw new NotFoundException('Invalid environment.'); 183 | } 184 | 185 | // call the correct controller 186 | 187 | $this->loadModel('DispatcherClient'); 188 | $this->DispatcherClient->bindToMe($env['Rosbridge']['host'], $bindTime); 189 | 190 | $controller = __('%sInterface', str_replace(' ', '', ucwords(h($iface['Iface']['name'])))); 191 | return $this->redirect(array('controller' => $controller, 'action' => 'view', $environmentID)); 192 | } 193 | } 194 | -------------------------------------------------------------------------------- /rms_extension/app/Controller/MjpegsController.php: -------------------------------------------------------------------------------- 1 | array('authorize' => 'Controller')); 29 | 30 | /** 31 | * The admin index action lists information about all MJPEG servers. This allows the admin to add, edit, or delete 32 | * entries. 33 | * 34 | * @return null 35 | */ 36 | public function admin_index() { 37 | // grab all the entries 38 | $this->set('mjpegs', $this->Mjpeg->find('all', array('recursive' => 2))); 39 | $this->set('title_for_layout', 'MJPEG Servers'); 40 | 41 | $this->loadModel('DispatcherClient'); 42 | $this->set('bound_ip', $this->DispatcherClient->getBoundIP()); 43 | } 44 | 45 | /** 46 | * The admin add action. This will allow the admin to create a new entry. 47 | * 48 | * @return null 49 | */ 50 | public function admin_add() { 51 | // only work for POST requests 52 | if ($this->request->is('post')) { 53 | // create a new entry 54 | $this->Mjpeg->create(); 55 | // set the current timestamp for creation and modification 56 | $this->Mjpeg->data['Mjpeg']['created'] = date('Y-m-d H:i:s'); 57 | $this->Mjpeg->data['Mjpeg']['modified'] = date('Y-m-d H:i:s'); 58 | // attempt to save the entry 59 | if ($this->Mjpeg->save($this->request->data)) { 60 | $this->Session->setFlash('The MJPEG server has been saved.'); 61 | return $this->redirect(array('action' => 'index')); 62 | } 63 | $this->Session->setFlash('Unable to add the MJPEG server.'); 64 | } 65 | 66 | $this->set('title_for_layout', 'Add MJPEG Server'); 67 | } 68 | 69 | /** 70 | * The admin edit action. This allows the admin to edit an existing entry. 71 | * 72 | * @param int $id The ID of the entry to edit. 73 | * @throws NotFoundException Thrown if an entry with the given ID is not found. 74 | * @return null 75 | */ 76 | public function admin_edit($id = null) { 77 | if (!$id) { 78 | // no ID provided 79 | throw new NotFoundException('Invalid mjpeg.'); 80 | } 81 | 82 | $mjpeg = $this->Mjpeg->findById($id); 83 | if (!$mjpeg) { 84 | // no valid entry found for the given ID 85 | throw new NotFoundException('Invalid mjpeg.'); 86 | } 87 | 88 | // only work for PUT requests 89 | if ($this->request->is(array('mjpeg', 'put'))) { 90 | // set the ID 91 | $this->Mjpeg->id = $id; 92 | // set the current timestamp for modification 93 | $this->Mjpeg->data['Mjpeg']['modified'] = date('Y-m-d H:i:s'); 94 | // attempt to save the entry 95 | if ($this->Mjpeg->save($this->request->data)) { 96 | $this->Session->setFlash('The MJPEG server has been updated.'); 97 | return $this->redirect(array('action' => 'index')); 98 | } 99 | $this->Session->setFlash('Unable to update the MJPEG server.'); 100 | } 101 | 102 | // store the entry data if it was not a PUT request 103 | if (!$this->request->data) { 104 | $this->request->data = $mjpeg; 105 | } 106 | 107 | $this->set('title_for_layout', __('Edit MJPEG Server - %s', $mjpeg['Mjpeg']['name'])); 108 | } 109 | 110 | /** 111 | * The admin delete action. This allows the admin to delete an existing entry. 112 | * 113 | * @param int $id The ID of the entry to delete. 114 | * @throws MethodNotAllowedException Thrown if a GET request is made. 115 | * @return null 116 | */ 117 | public function admin_delete($id = null) { 118 | // do not allow GET requests 119 | if ($this->request->is('get')) { 120 | throw new MethodNotAllowedException(); 121 | } 122 | 123 | // attempt to delete the entry 124 | if ($this->Mjpeg->delete($id)) { 125 | $this->Session->setFlash('The MJPEG server has been deleted.'); 126 | return $this->redirect(array('action' => 'index')); 127 | } 128 | } 129 | 130 | /** 131 | * View the given entry. 132 | * 133 | * @param intl $id The ID of the entry to view. 134 | * @throws NotFoundException Thrown if an entry with the given ID is not found. 135 | * @return null 136 | */ 137 | public function admin_view($id = null) { 138 | if (!$id) { 139 | // no ID provided 140 | throw new NotFoundException('Invalid mjpeg.'); 141 | } 142 | 143 | $this->Mjpeg->recursive = 2; 144 | $mjpeg = $this->Mjpeg->findById($id); 145 | if (!$mjpeg) { 146 | // no valid entry found for the given ID 147 | throw new NotFoundException('Invalid mjpeg.'); 148 | } 149 | 150 | // store the entry 151 | $this->set('mjpeg', $mjpeg); 152 | $this->set('title_for_layout', $mjpeg['Mjpeg']['name']); 153 | } 154 | } 155 | -------------------------------------------------------------------------------- /rms_extension/app/Controller/RosbridgesController.php: -------------------------------------------------------------------------------- 1 | array('authorize' => 'Controller')); 30 | 31 | //public $uses = array('Interface'); 32 | 33 | /** 34 | * The admin index action lists information about all environments. This allows the admin to add, edit, or delete 35 | * entries. 36 | * 37 | * @return null 38 | */ 39 | public function admin_index() { 40 | // grab all the entries 41 | $this->set('rosbridges', $this->Rosbridge->find('all')); 42 | // we will need some RWT libraries 43 | $this->set('rwt', array('roslibjs' => 'current')); 44 | $this->set('title_for_layout', 'rosbridge Servers'); 45 | 46 | $this->loadModel('DispatcherClient'); 47 | $this->set('bound_ip', $this->DispatcherClient->getBoundIP()); 48 | } 49 | 50 | /** 51 | * The admin add action. This will allow the admin to create a new entry. 52 | * 53 | * @return null 54 | */ 55 | public function admin_add() { 56 | // load the protocols list 57 | $protocols = $this->Rosbridge->Protocol->find('list'); 58 | $this->set('protocols', $protocols); 59 | 60 | // only work for POST requests 61 | if ($this->request->is('post')) { 62 | // create a new entry 63 | $this->Rosbridge->create(); 64 | // check for empty key 65 | if (strlen($this->request->data['Rosbridge']['rosauth']) === 0) { 66 | $this->request->data['Rosbridge']['rosauth'] = null; 67 | } 68 | // set the current timestamp for creation and modification 69 | $this->Rosbridge->data['Rosbridge']['created'] = date('Y-m-d H:i:s'); 70 | $this->Rosbridge->data['Rosbridge']['modified'] = date('Y-m-d H:i:s'); 71 | // attempt to save the entry 72 | if ($this->Rosbridge->save($this->request->data)) { 73 | $this->Session->setFlash('The rosbridge server has been saved.'); 74 | return $this->redirect(array('action' => 'index')); 75 | } 76 | $this->Session->setFlash('Unable to add the rosbridge server.'); 77 | } 78 | 79 | $this->set('title_for_layout', 'Add rosbridge Server'); 80 | } 81 | 82 | /** 83 | * The admin edit action. This allows the admin to edit an existing entry. 84 | * 85 | * @param int $id The ID of the entry to edit. 86 | * @throws NotFoundException Thrown if an entry with the given ID is not found. 87 | * @return null 88 | */ 89 | public function admin_edit($id = null) { 90 | // load the protocols list 91 | $protocols = $this->Rosbridge->Protocol->find('list'); 92 | $this->set('protocols', $protocols); 93 | 94 | if (!$id) { 95 | // no ID provided 96 | throw new NotFoundException('Invalid rosbridge.'); 97 | } 98 | 99 | $rosbridge = $this->Rosbridge->findById($id); 100 | if (!$rosbridge) { 101 | // no valid entry found for the given ID 102 | throw new NotFoundException('Invalid rosbridge.'); 103 | } 104 | 105 | // only work for PUT requests 106 | if ($this->request->is(array('rosbridge', 'put'))) { 107 | // set the ID 108 | $this->Rosbridge->id = $id; 109 | // check for empty key 110 | if (strlen($this->request->data['Rosbridge']['rosauth']) === 0) { 111 | $this->request->data['Rosbridge']['rosauth'] = null; 112 | } 113 | // set the current timestamp for modification 114 | $this->Rosbridge->data['Rosbridge']['modified'] = date('Y-m-d H:i:s'); 115 | // attempt to save the entry 116 | if ($this->Rosbridge->save($this->request->data)) { 117 | $this->Session->setFlash('The rosbridge server has been updated.'); 118 | return $this->redirect(array('action' => 'index')); 119 | } 120 | $this->Session->setFlash('Unable to update the rosbridge server.'); 121 | } 122 | 123 | // store the entry data if it was not a PUT request 124 | if (!$this->request->data) { 125 | $this->request->data = $rosbridge; 126 | } 127 | 128 | $this->set('title_for_layout', __('Edit rosbridge Server - %s', $rosbridge['Rosbridge']['name'])); 129 | } 130 | 131 | /** 132 | * The admin delete action. This allows the admin to delete an existing entry. 133 | * 134 | * @param int $id The ID of the entry to delete. 135 | * @throws MethodNotAllowedException Thrown if a GET request is made. 136 | * @return null 137 | */ 138 | public function admin_delete($id = null) { 139 | // do not allow GET requests 140 | if ($this->request->is('get')) { 141 | throw new MethodNotAllowedException(); 142 | } 143 | 144 | // attempt to delete the entry 145 | if ($this->Rosbridge->delete($id)) { 146 | $this->Session->setFlash('The rosbridge server has been deleted.'); 147 | return $this->redirect(array('action' => 'index')); 148 | } 149 | } 150 | 151 | /** 152 | * View the given entry. 153 | * 154 | * @param int $id The ID of the entry to view. 155 | * @throws NotFoundException Thrown if an entry with the given ID is not found. 156 | * @return null 157 | */ 158 | public function admin_view($id = null) { 159 | if (!$id) { 160 | // no ID provided 161 | throw new NotFoundException('Invalid rosbridge.'); 162 | } 163 | 164 | $rosbridge = $this->Rosbridge->findById($id); 165 | if (!$rosbridge) { 166 | // no valid entry found for the given ID 167 | throw new NotFoundException('Invalid rosbridge.'); 168 | } 169 | 170 | // store the entry 171 | $this->set('rosbridge', $rosbridge); 172 | $this->set('title_for_layout', $rosbridge['Rosbridge']['name']); 173 | // we will need some RWT libraries 174 | $this->set('rwt', array('roslibjs' => 'current')); 175 | } 176 | } 177 | -------------------------------------------------------------------------------- /rms_extension/app/Model/DispatcherClient.php: -------------------------------------------------------------------------------- 1 | 65 | -------------------------------------------------------------------------------- /rms_extension/app/View/BasicInterface/view.ctp: -------------------------------------------------------------------------------- 1 | 15 | 16 | Rms->ros($uri, $environment['Rosbridge']['rosauth']); 21 | } 22 | echo $this->Rms->initStudy(); 23 | ?> 24 | 25 | 28 | 29 |
30 | 31 |

Basic Interface

32 |
33 | 34 |
35 |
36 |
37 |
38 |

Use the W, A, S, D, Q, E keys to drive your robot.

39 |
40 |
41 |
42 | 43 | 0): ?> 44 | Rms->mjpegStream( 46 | $environment['Mjpeg']['host'], 47 | $environment['Mjpeg']['port'], 48 | $environment['Stream'][0]['topic'], 49 | $environment['Stream'][0] 50 | ); 51 | ?> 52 | 53 |

No Associated MJPEG Streams Found

54 | 55 | 56 |

No Associated MJPEG Server Found

57 | 58 |
59 |
60 | 61 | 0): ?> 62 | Rms->keyboardTeleop($environment['Teleop'][0]['topic']); ?> 63 | 
Awaiting data...
64 | 73 | 74 |

No Associated Telop Settings Found

75 | 76 | 77 |

No Associated rosbridge Server Found

78 | 79 |
80 |
81 |
82 |
83 |
84 | -------------------------------------------------------------------------------- /rms_extension/app/View/Dispatcher/admin_index.ctp: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 |
9 | 10 |
11 | 12 |
13 | 14 |
15 |
16 | 17 |
18 | 19 | 89 | 90 | 91 | 92 | 93 | -------------------------------------------------------------------------------- /rms_extension/app/View/Dispatcher/index.ctp: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 |
9 | 10 | '.$currAppointmentIP.''?> 11 | 12 |
13 | 14 |
15 | 16 |
17 |
18 | 19 |
20 | 21 | 95 | 96 | 97 | 98 | 99 | -------------------------------------------------------------------------------- /rms_extension/app/View/Elements/menu.ctp: -------------------------------------------------------------------------------- 1 | 16 | 17 | 18 | 19 | 20 | 111 | -------------------------------------------------------------------------------- /rms_extension/app/View/Environments/admin_index.ctp: -------------------------------------------------------------------------------- 1 | 16 | 17 |
18 | 19 |

Environments

20 |
21 | 22 |
23 |
24 |
25 |
26 |

27 | Environments are the central component of the RMS. A robot environment can consist of a rosbridge 28 | and MJPEG server, as well as associated topics and image streams. An interface can be linked 29 | together with an environment to gain access to this information. 30 |

31 |
32 | Html->link('Create New Entry', array('action' => 'add'), array('class' => 'button')); ?> 33 |

34 | 35 | 36 | 37 |
38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 64 | 67 | 75 | 82 | 89 | 92 | 93 | 94 |
IDNameHtml->link('rosbridge Server', array('controller' => 'rosbridges')); ?>Html->link('MJPEG Server', array('controller' => 'mjpegs')); ?>Html->link('Interfaces', array('controller' => 'ifaces')); ?>
49 | Form->postLink( 51 | '', 52 | array('action' => 'delete', $env['Environment']['id']), 53 | array('class' => 'icon fa-trash-o', 'confirm' => 'Are you sure?') 54 | ); 55 | ?> 56 | Html->link( 58 | '', 59 | array('action' => 'edit', $env['Environment']['id']), 60 | array('class' => 'icon fa-edit') 61 | ); 62 | ?> 63 | 65 | 66 | 68 | Html->link( 70 | $env['Environment']['name'], 71 | array('action' => 'view', $env['Environment']['id']) 72 | ); 73 | ?> 74 | 76 | 77 | N/A 78 | 79 | 80 | 81 | 83 | 84 | N/A 85 | 86 | 87 | 88 | 90 | 91 |
95 |
96 |
97 |
98 | -------------------------------------------------------------------------------- /rms_extension/app/View/Mjpegs/admin_index.ctp: -------------------------------------------------------------------------------- 1 | 16 | 17 |
18 | 19 |

MJPEG Servers

20 |
21 | 22 |
23 |
24 |
25 |
26 |

27 | MJPEG server is a streaming server that subscribes to requested image topics in ROS and publishes 28 | those topics as MJPEG streams via HTTP. 29 |

30 |
31 | Html->link('Create New Entry', array('action' => 'add'), array('class' => 'button')); ?> 32 |

33 | 34 | 35 | 36 | 37 | 38 | '; 44 | echo $mjpeg['Mjpeg']['id']; 45 | echo ''; 62 | $found = true; 63 | break; 64 | } 65 | } 66 | if (!$found) { 67 | echo ''; 68 | } 69 | ?> 70 | 71 |
ID Name URI Status
Bound MJPEG status '; 46 | echo $mjpeg['Mjpeg']['name']; 47 | echo ' '; 48 | echo $this->Html->link( 49 | __( 50 | 'http://%s:%s', 51 | Configure::read('VPN_SERVER_IP'), 52 | h($mjpeg['Mjpeg']['port']) 53 | ), 54 | array('action' => 'view', $mjpeg['Mjpeg']['id']) 55 | ); 56 | echo ' '; 57 | echo $this->Rms->mjpegServerStatus( 58 | Configure::read('VPN_SERVER_IP'), 59 | $mjpeg['Mjpeg']['port'] 60 | ); 61 | echo 'N/AN/A
72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 100 | 103 | 106 | 111 | 114 | 123 | 124 | 125 |
IDNameIPHtml->link('Environments', array('controller' => 'environments')); ?>Html->link('Streams', array('controller' => 'streams')); ?>
85 | Form->postLink( 87 | '', 88 | array('action' => 'delete', $mjpeg['Mjpeg']['id']), 89 | array('class' => 'icon fa-trash-o', 'confirm' => 'Are you sure?') 90 | ); 91 | ?> 92 | Html->link( 94 | '', 95 | array('action' => 'edit', $mjpeg['Mjpeg']['id']), 96 | array('class' => 'icon fa-edit') 97 | ); 98 | ?> 99 | 101 | 102 | 104 | 105 | 107 | 110 | 112 | 113 | 115 | 122 |
126 |
127 |
128 |
129 | -------------------------------------------------------------------------------- /rms_extension/app/View/Mjpegs/admin_view.ctp: -------------------------------------------------------------------------------- 1 | 15 | 16 |
17 | 18 |

19 |

20 | 21 |

22 |
23 | 24 |
25 |
26 | Rms->mjpegPanel($mjpeg['Mjpeg']['host'], $mjpeg['Mjpeg']['port'], $topics); 34 | ?> 35 |
36 |
37 | -------------------------------------------------------------------------------- /rms_extension/app/View/Rosbridges/admin_index.ctp: -------------------------------------------------------------------------------- 1 | 16 | 17 |
18 | 19 |

rosbridge Servers

20 |
21 | 22 |
23 |
24 |
25 |
26 |

27 | rosbridge provides a JSON interface to ROS, allowing any client to send JSON to publish or subscribe 28 | to ROS topics, call ROS services, and more. 29 |

30 |
31 | Html->link('Create New Entry', array('action' => 'add'), array('class' => 'button')); ?> 32 |

33 | 34 | 35 | 36 | 37 | 38 | '; 44 | echo $rosbridge['Rosbridge']['id']; 45 | echo ''; 64 | $found = true; 65 | break; 66 | } 67 | } 68 | if (!$found) { 69 | echo ''; 70 | } 71 | ?> 72 | 73 |
ID Name URI Status
Bound rosbridge status '; 46 | echo $rosbridge['Rosbridge']['name']; 47 | echo ' '; 48 | echo $this->Html->link( 49 | __( 50 | '%s://%s:%s', 51 | h($rosbridge['Protocol']['name']), 52 | Configure::read('VPN_SERVER_IP'), 53 | h($rosbridge['Rosbridge']['port']) 54 | ), 55 | array('action' => 'view', $rosbridge['Rosbridge']['id']) 56 | ); 57 | echo ' '; 58 | echo $this->Rms->rosbridgeStatus( 59 | $rosbridge['Protocol']['name'], 60 | Configure::read('VPN_SERVER_IP'), 61 | $rosbridge['Rosbridge']['port'] 62 | ); 63 | echo 'N/AN/AN/AN/A
74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 102 | 105 | 108 | 113 | 114 | 119 | 122 | 123 | 124 |
IDNameIProsauth KeyHtml->link('Environments', array('controller' => 'environments')); ?>
87 | Form->postLink( 89 | '', 90 | array('action' => 'delete', $rosbridge['Rosbridge']['id']), 91 | array('class' => 'icon fa-trash-o', 'confirm' => 'Are you sure?') 92 | ); 93 | ?> 94 | Html->link( 96 | '', 97 | array('action' => 'edit', $rosbridge['Rosbridge']['id']), 98 | array('class' => 'icon fa-edit') 99 | ); 100 | ?> 101 | 103 | 104 | 106 | 107 | 109 | 112 | 115 | 118 | 120 | 121 |
125 |
126 |
127 |
128 | -------------------------------------------------------------------------------- /rms_extension/app/View/Rosbridges/admin_view.ctp: -------------------------------------------------------------------------------- 1 | 15 | 16 |
17 | 18 |

19 |

20 | 29 |

30 |
31 | 32 |
33 |
34 | Rms->rosbridgePanel( 36 | $rosbridge['Protocol']['name'], 37 | Configure::read('VPN_SERVER_IP'), 38 | $rosbridge['Rosbridge']['port'] 39 | ); 40 | ?> 41 |
42 |
43 | -------------------------------------------------------------------------------- /rms_extension/app/View/Users/view.ctp: -------------------------------------------------------------------------------- 1 | 15 | 16 |
17 | 18 |

19 |

20 |
21 | 22 | 0): ?> 23 |
24 |
25 |
26 | strtotime('now')): ?> 28 | Html->link( 30 | 'Begin my Study Now', 31 | array( 32 | 'controller' => 'appointments', 33 | 'action' => 'begin', 34 | $appointments[0]['Appointment']['id'] 35 | ), 36 | array('class' => 'button') 37 | ); 38 | ?> 39 | 40 | Next Scheduled Study 41 |
42 | Time->format('F jS, Y g:i A T', $appointments[0]['Slot']['start']); ?> 43 | 44 |
45 |
46 |
47 | 48 | 49 |
50 |
51 |
52 |
53 | 0) ? '4u' : '6u'; ?> 54 |
55 | Available Studies 56 |
57 |
58 | Scheduled Studies 59 |
60 | 0): ?> 61 |
62 | Interfaces 63 |
64 | 65 |
66 |
67 |
68 |
69 | 70 | 71 |
72 |
73 |
74 |
75 | Use the following menu items to view and edit your account settings. 76 |
77 |
78 |
79 |
80 | Html->link( 82 | ' Edit Information', 83 | array('action' => 'edit'), 84 | array('class' => 'icon fa-pencil') 85 | ); 86 | ?> 87 |
88 |
89 | Html->link( ' Email Subscriptions', 91 | array('controller' => 'subscriptions', 'action' => 'view'), 92 | array('class' => 'icon fa-envelope-o') 93 | ); 94 | ?> 95 |
96 |
97 | Html->link( 99 | ' Change Password', 100 | array('action' => 'password'), 101 | array('class' => 'icon fa-lock') 102 | ); 103 | ?> 104 |
105 |
106 | Form->postLink( 108 | ' Deactivate My Account', 109 | array('action' => 'delete'), 110 | array( 111 | 'class' => 'icon fa-trash-o', 112 | 'confirm' => 'Warning: You cannot undo this action. Continue?' 113 | ) 114 | ); 115 | ?> 116 |
117 |
118 |
119 |
120 |
121 | 122 |
123 |
124 |
125 |
126 |
127 |

Available User Studies

128 |

Click on a study below to sign up for a slot.

129 |
130 | 0) { 132 | foreach ($studies as $study) { 133 | 134 | echo '
'; 135 | echo '
'; 136 | echo '
'; 137 | if ($study['Study']['length'] > 0) { 138 | echo __( 139 | '%s (%d min.)', h($study['Study']['name']), h($study['Study']['length']) 140 | ); 141 | } else { 142 | echo __('%s', h($study['Study']['name'])); 143 | } 144 | echo '
'; 145 | 146 | // check if we have an appointment 147 | $next = null; 148 | foreach ($allAppointments as $appointment) { 149 | if ($appointment['Slot']['Condition']['Study']['id'] === $study['Study']['id']) { 150 | // pick the latest 151 | if(!$next || strtotime($appointment['Slot']['start']) > strtotime($next['Slot']['start'])) { 152 | $next = $appointment; 153 | } 154 | } 155 | } 156 | 157 | // find slots with no appointment 158 | $free = array(); 159 | foreach ($study['Condition'] as $condition) { 160 | foreach ($condition['Slot'] as $slot) { 161 | if (!isset($slot['Appointment']['id']) 162 | && strtotime($slot['start']) > strtotime('now')) { 163 | $free[$slot['id']] = $this->Time->format('F jS, Y g:i A T', $slot['start']); 164 | } 165 | } 166 | } 167 | 168 | if ($next && strtotime($next['Slot']['end']) > strtotime('now')) { 169 | echo '
'; 170 | echo 'Next Appointment: '; 171 | echo $this->Time->format('F jS, Y g:i A T', $next['Slot']['start']); 172 | echo '
'; 173 | } else if ($next && !$study['Study']['repeatable']) { 174 | echo '
'; 175 | echo 'You Have Completed This Study '; 176 | echo '
'; 177 | } else if (count($free) > 0) { 178 | echo '
'; 179 | echo $this->Form->create('Appointment', array('action' => 'book')); 180 | echo $this->Form->input( 181 | 'slot_id', array('label' => 'Time Slot: ', 'options' => $free) 182 | ); 183 | echo '
'; 184 | echo '
'; 185 | echo $this->Form->end(array('label' => 'Book', 'class' => 'button small')); 186 | echo '
'; 187 | } else if (!$study['Study']['otf']) { 188 | echo '
'; 189 | echo 'No Free Reservation Slots Available'; 190 | echo '
'; 191 | } 192 | echo '
'; 193 | 194 | // check for on-the-fly creation 195 | if ($study['Study']['otf']) { 196 | // check for if the robot is free 197 | $available = true; 198 | // check for parallel sessions 199 | if (!$study['Study']['parallel']) { 200 | foreach ($study['Condition'] as $condition) { 201 | foreach ($condition['Slot'] as $slot) { 202 | if (strtotime($slot['start']) > strtotime('now')) { 203 | $free[$slot['id']] = $slot['start']; 204 | } 205 | } 206 | } 207 | } 208 | if ($available) { 209 | echo '
'; 210 | echo '
'; 211 | echo $this->Html->link( 212 | 'Begin this Study Now', 213 | array('controller' => 'studies', 'action' => 'otf', $study['Study']['id']), 214 | array('class' => 'button') 215 | ); 216 | echo '
'; 217 | echo '
'; 218 | } 219 | } 220 | echo '
'; 221 | } 222 | } else { 223 | echo '

No Studies are Available at this Time

'; 224 | } 225 | ?> 226 |
227 |
228 |
229 |
230 |
231 |
232 |
233 |
234 |

Scheduled User Studies

235 |

The list below indicates the studies you are scheduled for.

236 |
237 | 0): ?> 238 | 239 |
240 |
241 | 242 | 0): ?> 243 | ( Minute Study) 244 | 245 |
246 | strtotime('now')): ?> 248 |
249 | Html->link( 251 | 'Begin this Study Now', 252 | array( 253 | 'controller' => 'appointments', 254 | 'action' => 'begin', 255 | $appointment['Appointment']['id'] 256 | ), 257 | array('class' => 'button special') 258 | ); 259 | ?> 260 |
261 | 262 |
263 | Time->format('F jS, Y g:i A T', $appointment['Slot']['start']); ?> 264 | Form->postLink( 266 | 'Cancel', 267 | array( 268 | 'controller' => 'appointments', 269 | 'action' => 'delete', 270 | $appointment['Appointment']['id'] 271 | ), 272 | array('class' => 'icon fa-trash-o', 'confirm' => 'Are you sure?') 273 | ); 274 | ?> 275 |
276 | 277 |
278 |
279 | 280 | 281 |

You Currently Have No Pending Studies

282 | 283 |
284 |
285 |
286 | 287 | 0): ?> 288 |
289 |
290 |
291 |
292 |
293 |

Interface Menu

294 |
295 |
296 | 297 | 298 | 299 | 300 | 301 | '; 307 | echo $rosbridge['Rosbridge']['id']; 308 | echo ''; 327 | $found = true; 328 | break; 329 | } 330 | } 331 | if (!$found) { 332 | echo ''; 333 | } 334 | ?> 335 | 336 | 337 |
ID Name URI Status
Bound rosbridge status '; 309 | echo $rosbridge['Rosbridge']['name']; 310 | echo ' '; 311 | echo $this->Html->link( 312 | __( 313 | '%s://%s:%s', 314 | h($rosbridge['Protocol']['name']), 315 | Configure::read('VPN_SERVER_IP'), 316 | h($rosbridge['Rosbridge']['port']) 317 | ), 318 | array('action' => 'view', $rosbridge['Rosbridge']['id']) 319 | ); 320 | echo ' '; 321 | echo $this->Rms->rosbridgeStatus( 322 | $rosbridge['Protocol']['name'], 323 | Configure::read('VPN_SERVER_IP'), 324 | $rosbridge['Rosbridge']['port'] 325 | ); 326 | echo 'N/AN/AN/AN/A
338 | 339 | 340 |
341 |
342 | 343 |
344 | 345 |
346 | 349 |
350 |
351 | 352 | N/A 353 | 354 | 357 | 358 |
359 |
360 | 361 | N/A 362 | 363 | 366 |
367 | 368 |
369 | 370 |
371 |
372 | 373 |
374 |
375 |
376 | 377 | -------------------------------------------------------------------------------- /rms_extension/app/webroot/css/dispatcher.css: -------------------------------------------------------------------------------- 1 | 2 | #dispatcher_target { 3 | width: 30em; 4 | margin: 0 auto; 5 | margin-top: 3em; 6 | display: none; 7 | } 8 | 9 | #dispatcher_content { 10 | text-align: center; 11 | } 12 | 13 | #dispatcher_content table { 14 | margin: 0 auto; 15 | width: 95%; 16 | border: 1px solid #C0C0C0; 17 | border-radius: 5px; 18 | border-spacing: 0; 19 | overflow: hidden; 20 | box-shadow: 1px 1px 3px #A0A0A0; 21 | 22 | } 23 | 24 | #hidden_ip_container { 25 | visibility: hidden; 26 | } 27 | 28 | /* kazdy lichy (indexovano od 0) radek bude sedy */ 29 | #dispatcher_content table tr:nth-child(odd) { 30 | background-color: rgb(243, 243, 255); 31 | } 32 | #dispatcher_content table tr:nth-child(even) { 33 | background-color: #FFF; 34 | } 35 | 36 | /* barevny prvni radek s nadpisy */ 37 | #dispatcher_content table th { 38 | background-color: rgba(55, 95, 183, 0.64); 39 | color: #FFF; 40 | height: 2.3em; 41 | vertical-align: middle; 42 | } 43 | 44 | /* zvyrazneni nabindovaneho */ 45 | #dispatcher_content table tr#boundToMe { 46 | background-color: #B6FFB6; 47 | } 48 | 49 | #dispatcher_content table tr { 50 | padding: 0.3em; 51 | color: #323232; 52 | vertical-align: middle; 53 | 54 | } 55 | 56 | #dispatcher_content table td { 57 | vertical-align: middle; 58 | border: none; 59 | height: 2.3em; 60 | } 61 | 62 | /* bunky v prvnim radku a posledni bunka v kazdem radku nema pravy okraj */ 63 | #dispatcher_content table td:last-child { 64 | border: none; 65 | } 66 | #dispatcher_content table tr:first-child td { 67 | border: none; 68 | } 69 | 70 | 71 | #dispatcher_content a { 72 | display: block; 73 | border: 1px solid rgba(55, 95, 183, 0.64); 74 | color: rgba(55, 95, 183, 0.64); 75 | background: #FFF; 76 | text-decoration: none; 77 | text-transform: uppercase; 78 | -webkit-transition: all 0.3s ease-in-out; 79 | -moz-transition: all 0.3s ease-in-out; 80 | -o-transition: all 0.3s ease-in-out; 81 | -ms-transition: all 0.3s ease-in-out; 82 | transition: all 0.3s ease-in-out; 83 | width: 7em; 84 | margin: 0 auto; 85 | } 86 | 87 | #dispatcher_content a.pressed { 88 | background-color: rgba(55, 95, 183, 0.64); 89 | color: #FFF; 90 | } 91 | 92 | -------------------------------------------------------------------------------- /rms_extension/app/webroot/ext/getData.php: -------------------------------------------------------------------------------- 1 | 56 | --------------------------------------------------------------------------------