the plugin 'encrypted_webinterface' creates a valid certificate now
fixed some pylint warnings for 'date' plugin fixed a syntax mistake in the 'date' plugin
This commit is contained in:
parent
ad3de60dd1
commit
6d3286acd0
2 changed files with 54 additions and 18 deletions
|
@ -52,13 +52,13 @@ class date(cryptobox.plugins.base.CryptoBoxPlugin):
|
|||
except ValueError:
|
||||
self.hdf["Data.Warning"] = "Plugins.date.InvalidDate"
|
||||
else:
|
||||
date = "%02d%02d%02d%02d%d" % (month, day, hour, minute, year)
|
||||
if self.__set_date(date):
|
||||
self.cbox.log.info("changed date to: %s" % date)
|
||||
new_date = "%02d%02d%02d%02d%d" % (month, day, hour, minute, year)
|
||||
if self.__set_date(new_date):
|
||||
self.cbox.log.info("changed date to: %s" % new_date)
|
||||
self.hdf["Data.Success"] = "Plugins.date.DateChanged"
|
||||
else:
|
||||
## a failure should usually be an invalid date (we do not check it really)
|
||||
self.cbox.log.info("failed to set date: %s" % date)
|
||||
self.cbox.log.info("failed to set date: %s" % new_date)
|
||||
self.hdf["Data.Warning"] = "Plugins.date.InvalidDate"
|
||||
self.__prepare_form_data()
|
||||
return "form_date"
|
||||
|
@ -73,6 +73,7 @@ class date(cryptobox.plugins.base.CryptoBoxPlugin):
|
|||
|
||||
|
||||
def get_warnings(self):
|
||||
import os
|
||||
warnings = []
|
||||
if not os.path.isfile(self.root_action.DATE_BIN):
|
||||
warnings.append((48, "Plugins.%s.MissingProgramDate" % self.get_name()))
|
||||
|
@ -97,7 +98,7 @@ class date(cryptobox.plugins.base.CryptoBoxPlugin):
|
|||
return datetime.datetime(2000, 1, 1).now()
|
||||
|
||||
|
||||
def __set_date(self, date):
|
||||
def __set_date(self, new_date):
|
||||
"""Set a new date and time.
|
||||
"""
|
||||
import subprocess
|
||||
|
@ -109,7 +110,7 @@ class date(cryptobox.plugins.base.CryptoBoxPlugin):
|
|||
self.cbox.prefs["Programs"]["CryptoBoxRootActions"],
|
||||
"plugin",
|
||||
os.path.join(self.plugin_dir, "root_action.py"),
|
||||
date])
|
||||
new_date])
|
||||
proc.wait()
|
||||
return proc.returncode == 0
|
||||
|
||||
|
|
|
@ -33,17 +33,23 @@ import os
|
|||
import cherrypy
|
||||
|
||||
CERT_FILENAME = 'cryptobox-ssl-certificate.pem'
|
||||
KEY_BITS = 409
|
||||
KEY_BITS = 1024
|
||||
ISSUER_INFOS = {
|
||||
"ST": "SomeIssuerState",
|
||||
"L": "SomeIssuerLocality",
|
||||
"O": "SomeIssuerOrganization",
|
||||
"OU": "CryptoBox-ServerIssuer",
|
||||
"CN": "cryptoboxIssuer",
|
||||
"emailAddress": "infoIssuer@cryptobox.org"}
|
||||
CERT_INFOS = {
|
||||
"C": "SomeCountry",
|
||||
"ST": "SomeState",
|
||||
"L": "SomeLocality",
|
||||
"O": "SomeOrganization",
|
||||
"OU": "CryptoBox-Server",
|
||||
"CN": "*",
|
||||
"emailAddress": ""}
|
||||
EXPIRE_TIME = 60*60*24*365*20 # 20 years
|
||||
SIGN_DIGEST = "sha256"
|
||||
"emailAddress": "info@cryptobox.org"}
|
||||
EXPIRE_TIME = 60*60*24*365*20 # 20 years forward and backward
|
||||
SIGN_DIGEST = "md5"
|
||||
PID_FILE = os.path.join("/tmp/cryptobox-stunnel.pid")
|
||||
|
||||
|
||||
|
@ -81,9 +87,12 @@ class encrypted_webinterface(cryptobox.plugins.base.CryptoBoxPlugin):
|
|||
warnings.append((44, "Plugins.%s.MissingProgramStunnel" % self.get_name()))
|
||||
## perform some checks for encrypted connections
|
||||
## check an environment setting - this is quite common behind proxies
|
||||
## check if it is a local connection (or via stunnel)
|
||||
## the arbitrarily chosen header is documented in README.proxy
|
||||
if (cherrypy.request.scheme != "https") \
|
||||
and (not os.environ.has_key("HTTPS")) \
|
||||
and (not (cherrypy.request.headers.has_key("Remote-Host") \
|
||||
and (cherrypy.request.headers["Remote-Host"] == "127.0.0.1"))) \
|
||||
and (not (cherrypy.request.headers.has_key("X-SSL-Request") \
|
||||
and (cherrypy.request.headers["X-SSL-Request"] == "1"))):
|
||||
## plaintext connection -> "heavy security risk" (priority=20..39)
|
||||
|
@ -114,7 +123,8 @@ class encrypted_webinterface(cryptobox.plugins.base.CryptoBoxPlugin):
|
|||
"""try to kill a running stunnel daemon
|
||||
"""
|
||||
if not os.path.isfile(PID_FILE):
|
||||
self.cbox.log.warn("Could not find the pid file of a running stunnel daemon: %s" % PID_FILE)
|
||||
self.cbox.log.warn("Could not find the pid file of a running stunnel " \
|
||||
+ "daemon: %s" % PID_FILE)
|
||||
return
|
||||
try:
|
||||
pfile = open(PID_FILE, "r")
|
||||
|
@ -135,8 +145,15 @@ class encrypted_webinterface(cryptobox.plugins.base.CryptoBoxPlugin):
|
|||
try:
|
||||
## SIGTERM = 15
|
||||
os.kill(pid, 15)
|
||||
except OSError:
|
||||
pass
|
||||
self.cbox.log.info("Successfully stopped stunnel")
|
||||
try:
|
||||
os.remove(PID_FILE)
|
||||
except OSError, err_msg:
|
||||
self.cbox.log.warn("Failed to remove the pid file (%s) of stunnel: %s" \
|
||||
% (PID_FILE, err_msg))
|
||||
except OSError, err_msg:
|
||||
self.cbox.log.warn("Failed to kill stunnel process (PID: %d): %s" % \
|
||||
(pid, err_msg))
|
||||
|
||||
|
||||
def __run_stunnel(self, cert_name, dest_port=443):
|
||||
|
@ -165,28 +182,46 @@ class encrypted_webinterface(cryptobox.plugins.base.CryptoBoxPlugin):
|
|||
|
||||
|
||||
def __create_certificate(self, filename):
|
||||
"""Create a self-signed certificate and store it in a file
|
||||
|
||||
The code is mainly inspired by:
|
||||
https://dev.tribler.org/browser/m2crypto/trunk/contrib/SimpleX509create.py
|
||||
"""
|
||||
import M2Crypto
|
||||
import time
|
||||
string_type = 0x1000 | 1 # see http://www.koders.com/python/..
|
||||
# ../fid07A99E089F55187896A06CD4E0B6F21B9B8F5B0B.aspx?s=bavaria
|
||||
key_gen_number = 0x10001 # commonly used for key generation: 65537
|
||||
rsa_key = M2Crypto.RSA.gen_key(KEY_BITS, key_gen_number, callback=lambda: None)
|
||||
rsa_key2 = M2Crypto.RSA.gen_key(KEY_BITS, key_gen_number, callback=lambda: None)
|
||||
pkey = M2Crypto.EVP.PKey(md=SIGN_DIGEST)
|
||||
pkey.assign_rsa(rsa_key)
|
||||
issuer = M2Crypto.X509.X509_Name()
|
||||
sign_key = M2Crypto.EVP.PKey(md=SIGN_DIGEST)
|
||||
sign_key.assign_rsa(rsa_key2)
|
||||
subject = M2Crypto.X509.X509_Name()
|
||||
for (key, value) in CERT_INFOS.items():
|
||||
issuer.add_entry_by_txt(key, string_type, value, 1, 1, 0)
|
||||
subject.add_entry_by_txt(key, string_type, value, -1, -1, 0)
|
||||
issuer = M2Crypto.X509.X509_Name(M2Crypto.m2.x509_name_new())
|
||||
for (key, value) in ISSUER_INFOS.items():
|
||||
issuer.add_entry_by_txt(key, string_type, value, -1, -1, 0)
|
||||
## time object
|
||||
asn_time1 = M2Crypto.ASN1.ASN1_UTCTIME()
|
||||
asn_time1.set_time(long(time.time()) - EXPIRE_TIME)
|
||||
asn_time2 = M2Crypto.ASN1.ASN1_UTCTIME()
|
||||
asn_time2.set_time(long(time.time()) + EXPIRE_TIME)
|
||||
request = M2Crypto.X509.Request()
|
||||
request.set_subject_name(subject)
|
||||
request.set_pubkey(pkey)
|
||||
request.sign(pkey=pkey, md=SIGN_DIGEST)
|
||||
cert = M2Crypto.X509.X509()
|
||||
cert.set_issuer(issuer)
|
||||
cert.set_subject(issuer)
|
||||
## always create a unique version number
|
||||
cert.set_version(0)
|
||||
cert.set_serial_number(long(time.time()))
|
||||
cert.set_pubkey(pkey)
|
||||
cert.set_not_before(asn_time1)
|
||||
cert.set_not_after(asn_time2)
|
||||
cert.set_subject_name(request.get_subject())
|
||||
cert.set_issuer_name(issuer)
|
||||
cert.sign(pkey, SIGN_DIGEST)
|
||||
result = ""
|
||||
result += cert.as_pem()
|
||||
|
|
Loading…
Reference in a new issue