monkeysphere: Add self-signed certificate section

2026-01-21 07:55:00 +00:00 · 2016-02-16 19:11:56 -05:00 · 2016-02-16 19:11:56 -05:00 · 79edbd6195
commit 79edbd6195
parent 8c96d381e6
4 changed files with 116 additions and 3 deletions
--- a/actions/monkeysphere
+++ b/actions/monkeysphere
@ -41,6 +41,11 @@ def parse_arguments():
    host_import_ssh_key.add_argument(
        'hostname', help='Fully-qualified hostname')

+    host_import_https_key = subparsers.add_parser(
+        'host-import-https-key', help='Import host HTTPS key')
+    host_import_https_key.add_argument(
+        'hostname', help='Fully-qualified hostname')
+
    host_publish_key = subparsers.add_parser(
        'host-publish-key', help='Push host key to keyserver')
    host_publish_key.add_argument(
@ -91,6 +96,14 @@ def subcommand_host_import_ssh_key(arguments):
    print(output.decode())


+def subcommand_host_import_https_key(arguments):
+    """Import host HTTPS key."""
+    output = subprocess.check_output(
+        ['monkeysphere-host', 'import-key',
+         '/etc/ssl/private/ssl-cert-snakeoil.key', arguments.hostname])
+    print(output.decode())
+
+
 def subcommand_host_publish_key(arguments):
    """Push host key to keyserver."""
    # setting TMPDIR as workaround for Debian bug #656750
--- a/plinth/modules/monkeysphere/templates/monkeysphere.html
+++ b/plinth/modules/monkeysphere/templates/monkeysphere.html
@ -47,6 +47,8 @@
    </p>
  {% endif %}

+  <h3>{% trans "Secure Shell (SSH)" %}</h3>
+
  <div class="row">
    <div class="col-sm-8">
      <table class="table table-bordered table-condensed table-striped">
@ -97,4 +99,71 @@
    </div>
  </div>

+  <h3>{% trans "Secure Web Server (HTTPS)" %}</h3>
+
+  <p>
+    {% blocktrans trimmed %}
+      Monkeysphere can also generate an OpenPGP key for each Secure Web Server
+      (HTTPS) certificate installed on this machine. The OpenPGP public key can
+      then be uploaded to the OpenPGP keyservers. Users accessing the web
+      server through HTTPS can verify that they are connecting to the correct
+      host. To validate the certificate, the user will need to install some
+      software that is available on the
+      <a href="https://web.monkeysphere.info/download/">
+      Monkeysphere website</a>.
+    {% endblocktrans %}
+  </p>
+
+  <h4>{% trans "Self-signed Certificate" %}</h4>
+
+  <div class="row">
+    <div class="col-sm-8">
+      <table class="table table-bordered table-condensed table-striped">
+        <thead>
+          <tr>
+            <th>{% trans "Domain" %}</th>
+            <th>{% trans "OpenPGP Fingerprint" %}</th>
+            <th>{% trans "Actions" %}</th>
+          </tr>
+        </thead>
+        <tbody>
+          {% for domain in status.https_domains %}
+            <tr>
+              <td>{{ domain.name }}</td>
+              <td>
+                {% if domain.key %}
+		  <a href="{% url 'monkeysphere:details' domain.key.pgp_fingerprint %}"
+		     title="Show details for key {{ domain.key.pgp_fingerprint }}">
+                    {{ domain.key.pgp_fingerprint }}
+		  </a>
+                {% else %}
+                  {% trans "Not Available" %}
+                {% endif %}
+              </td>
+              <td>
+                {% if not domain.key %}
+                  <form class="form" method="post"
+                        action="{% url 'monkeysphere:generate_https' domain.name %}">
+                    {% csrf_token %}
+
+                    <button type="submit" class="btn btn-primary btn-sm pull-right">
+                      {% trans "Generate OpenPGP Key" %}</button>
+                  </form>
+                {% elif not running %}
+                  <form class="form" method="post"
+                        action="{% url 'monkeysphere:publish' domain.key.pgp_fingerprint %}">
+                    {% csrf_token %}
+
+                    <button type="submit" class="btn btn-warning btn-sm pull-right">
+                      {% trans "Publish Key" %}</button>
+                  </form>
+                {% endif %}
+              </td>
+            </tr>
+          {% endfor %}
+        </tbody>
+      </table>
+    </div>
+  </div>
+
 {% endblock %}
--- a/plinth/modules/monkeysphere/urls.py
+++ b/plinth/modules/monkeysphere/urls.py
@ -28,6 +28,8 @@ urlpatterns = [
    url(r'^sys/monkeysphere/$', views.index, name='index'),
    url(r'^sys/monkeysphere/(?P<domain>[^/]+)/generate/$',
        views.generate, name='generate'),
+    url(r'^sys/monkeysphere/(?P<domain>[^/]+)/generate_https/$',
+        views.generate_https, name='generate_https'),
    url(r'^sys/monkeysphere/(?P<fingerprint>[0-9A-Fa-f]+)/details/$',
        views.details, name='details'),
    url(r'^sys/monkeysphere/(?P<fingerprint>[0-9A-Fa-f]+)/publish/$',
--- a/plinth/modules/monkeysphere/views.py
+++ b/plinth/modules/monkeysphere/views.py
@ -62,6 +62,22 @@ def generate(request, domain):
    return redirect(reverse_lazy('monkeysphere:index'))


+@require_POST
+def generate_https(request, domain):
+    """Generate OpenPGP key for HTTPS service."""
+    valid_domain = any((domain in domains
+                        for domains in names.domains.values()))
+    if valid_domain:
+        try:
+            actions.superuser_run(
+                'monkeysphere', ['host-import-https-key', 'https://' + domain])
+            messages.success(request, _('Generated OpenPGP key.'))
+        except actions.ActionError as exception:
+            messages.error(request, str(exception))
+
+    return redirect(reverse_lazy('monkeysphere:index'))
+
+
 def details(request, fingerprint):
    """Get details for an OpenPGP key."""
    key = get_key(fingerprint)
@ -96,9 +112,14 @@ def get_status():
    """Get the current status."""
    output = actions.superuser_run('monkeysphere', ['host-show-keys'])
    keys = {}
+    https_keys = {}
    for key in json.loads(output)['keys']:
-        key['name'] = key['uid'].replace('ssh://', '')
-        keys[key['name']] = key
+        if key['uid'].startswith('ssh'):
+            key['name'] = key['uid'].replace('ssh://', '')
+            keys[key['name']] = key
+        elif key['uid'].startswith('https'):
+            key['name'] = key['uid'].replace('https://', '')
+            https_keys[key['name']] = key

    domains = []
    for domains_of_a_type in names.domains.values():
@ -108,7 +129,15 @@ def get_status():
                'key': keys.get(domain),
            })

-    return {'domains': domains}
+    https_domains = []
+    for domains_of_a_type in names.domains.values():
+        for domain in domains_of_a_type:
+            https_domains.append({
+                'name': domain,
+                'key': https_keys.get(domain),
+            })
+
+    return {'domains': domains, 'https_domains': https_domains}


 def get_key(fingerprint):