2007-01-21 20:14:49 +01:00
|
|
|
#
|
|
|
|
# Copyright 2007 sense.lab e.V.
|
|
|
|
#
|
|
|
|
# This file is part of the CryptoBox.
|
|
|
|
#
|
|
|
|
# The CryptoBox is free software; you can redistribute it and/or modify
|
|
|
|
# it under the terms of the GNU General Public License as published by
|
|
|
|
# the Free Software Foundation; either version 2 of the License, or
|
|
|
|
# (at your option) any later version.
|
|
|
|
#
|
|
|
|
# The CryptoBox is distributed in the hope that it will be useful,
|
|
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
# GNU General Public License for more details.
|
|
|
|
#
|
|
|
|
# You should have received a copy of the GNU General Public License
|
|
|
|
# along with the CryptoBox; if not, write to the Free Software
|
|
|
|
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
|
|
|
#
|
|
|
|
|
|
|
|
"""Create an SSL certificate to encrypt the webinterface connection via stunnel
|
|
|
|
"""
|
|
|
|
|
|
|
|
__revision__ = "$Id"
|
|
|
|
|
|
|
|
import cryptobox.plugins.base
|
|
|
|
|
|
|
|
|
|
|
|
class encrypted_webinterface(cryptobox.plugins.base.CryptoBoxPlugin):
|
|
|
|
"""Provide an encrypted webinterface connection via stunnel
|
|
|
|
"""
|
|
|
|
|
|
|
|
plugin_capabilities = [ "system" ]
|
|
|
|
plugin_visibility = []
|
|
|
|
request_auth = True
|
|
|
|
rank = 80
|
|
|
|
|
|
|
|
def do_action(self):
|
|
|
|
"""The action handler.
|
|
|
|
"""
|
|
|
|
return None
|
|
|
|
|
|
|
|
|
|
|
|
def get_status(self):
|
|
|
|
"""Retrieve the status of the feature.
|
|
|
|
"""
|
|
|
|
return "TODO"
|
|
|
|
|
2007-01-22 02:46:34 +01:00
|
|
|
|
|
|
|
def get_warnings(self):
|
|
|
|
"""check if the connection is encrypted
|
|
|
|
"""
|
|
|
|
import cherrypy, os
|
|
|
|
if cherrypy.request.scheme == "https":
|
|
|
|
return None
|
|
|
|
## check an environment setting - this is quite common behind proxies
|
|
|
|
if os.environ.has_key("HTTPS"):
|
|
|
|
return None
|
|
|
|
## this arbitrarily chosen header is documented in README.proxy
|
|
|
|
if cherrypy.request.headers.has_key("X-SSL-Request") \
|
|
|
|
and (cherrypy.request.headers["X-SSL-Request"] == "1"):
|
|
|
|
return None
|
|
|
|
## plaintext connection -> "heavy security risk" (priority=20..39)
|
|
|
|
return (25, "Plugins.%s.NoSSL" % self.get_name())
|
|
|
|
|