#
# Copyright 2007 sense.lab e.V.
# 
# This file is part of the CryptoBox.
#
# The CryptoBox is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
# 
# The CryptoBox is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with the CryptoBox; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
#

"""Create an SSL certificate to encrypt the webinterface connection via stunnel
"""

__revision__ = "$Id"

import cryptobox.plugins.base


class encrypted_webinterface(cryptobox.plugins.base.CryptoBoxPlugin):
	"""Provide an encrypted webinterface connection via stunnel
	"""

	plugin_capabilities = [ "system" ]
	plugin_visibility = []
	request_auth = True
	rank = 80

	def do_action(self):
		"""The action handler.
		"""
		return None


	def get_status(self):
		"""Retrieve the status of the feature.
		"""
		return "TODO"


	def get_warnings(self):
		"""check if the connection is encrypted
		"""
		import cherrypy, os
		if cherrypy.request.scheme == "https":
			return None
		## check an environment setting - this is quite common behind proxies
		if os.environ.has_key("HTTPS"):
			return None
		## this arbitrarily chosen header is documented in README.proxy
		if cherrypy.request.headers.has_key("X-SSL-Request") \
				and (cherrypy.request.headers["X-SSL-Request"] == "1"):
			return None
		## plaintext connection -> "heavy security risk" (priority=20..39)
		return (25, "Plugins.%s.NoSSL" % self.get_name())