From 79edbd6195dd2b8ff8a6bafacf0933ccb0224069 Mon Sep 17 00:00:00 2001
From: James Valleroy <jvalleroy@mailbox.org>
Date: Tue, 16 Feb 2016 19:11:56 -0500
Subject: [PATCH] monkeysphere: Add self-signed certificate section

---
 actions/monkeysphere                          | 13 ++++
 .../monkeysphere/templates/monkeysphere.html  | 69 +++++++++++++++++++
 plinth/modules/monkeysphere/urls.py           |  2 +
 plinth/modules/monkeysphere/views.py          | 35 +++++++++-
 4 files changed, 116 insertions(+), 3 deletions(-)

diff --git a/actions/monkeysphere b/actions/monkeysphere
index 31ad6f937..f2e403d6d 100755
--- a/actions/monkeysphere
+++ b/actions/monkeysphere
@@ -41,6 +41,11 @@ def parse_arguments():
     host_import_ssh_key.add_argument(
         'hostname', help='Fully-qualified hostname')
 
+    host_import_https_key = subparsers.add_parser(
+        'host-import-https-key', help='Import host HTTPS key')
+    host_import_https_key.add_argument(
+        'hostname', help='Fully-qualified hostname')
+
     host_publish_key = subparsers.add_parser(
         'host-publish-key', help='Push host key to keyserver')
     host_publish_key.add_argument(
@@ -91,6 +96,14 @@ def subcommand_host_import_ssh_key(arguments):
     print(output.decode())
 
 
+def subcommand_host_import_https_key(arguments):
+    """Import host HTTPS key."""
+    output = subprocess.check_output(
+        ['monkeysphere-host', 'import-key',
+         '/etc/ssl/private/ssl-cert-snakeoil.key', arguments.hostname])
+    print(output.decode())
+
+
 def subcommand_host_publish_key(arguments):
     """Push host key to keyserver."""
     # setting TMPDIR as workaround for Debian bug #656750
diff --git a/plinth/modules/monkeysphere/templates/monkeysphere.html b/plinth/modules/monkeysphere/templates/monkeysphere.html
index 2244096f6..c28bea719 100644
--- a/plinth/modules/monkeysphere/templates/monkeysphere.html
+++ b/plinth/modules/monkeysphere/templates/monkeysphere.html
@@ -47,6 +47,8 @@
     </p>
   {% endif %}
 
+  <h3>{% trans "Secure Shell (SSH)" %}</h3>
+
   <div class="row">
     <div class="col-sm-8">
       <table class="table table-bordered table-condensed table-striped">
@@ -97,4 +99,71 @@
     </div>
   </div>
 
+  <h3>{% trans "Secure Web Server (HTTPS)" %}</h3>
+
+  <p>
+    {% blocktrans trimmed %}
+      Monkeysphere can also generate an OpenPGP key for each Secure Web Server
+      (HTTPS) certificate installed on this machine. The OpenPGP public key can
+      then be uploaded to the OpenPGP keyservers. Users accessing the web
+      server through HTTPS can verify that they are connecting to the correct
+      host. To validate the certificate, the user will need to install some
+      software that is available on the
+      <a href="https://web.monkeysphere.info/download/">
+      Monkeysphere website</a>.
+    {% endblocktrans %}
+  </p>
+
+  <h4>{% trans "Self-signed Certificate" %}</h4>
+
+  <div class="row">
+    <div class="col-sm-8">
+      <table class="table table-bordered table-condensed table-striped">
+        <thead>
+          <tr>
+            <th>{% trans "Domain" %}</th>
+            <th>{% trans "OpenPGP Fingerprint" %}</th>
+            <th>{% trans "Actions" %}</th>
+          </tr>
+        </thead>
+        <tbody>
+          {% for domain in status.https_domains %}
+            <tr>
+              <td>{{ domain.name }}</td>
+              <td>
+                {% if domain.key %}
+		  <a href="{% url 'monkeysphere:details' domain.key.pgp_fingerprint %}"
+		     title="Show details for key {{ domain.key.pgp_fingerprint }}">
+                    {{ domain.key.pgp_fingerprint }}
+		  </a>
+                {% else %}
+                  {% trans "Not Available" %}
+                {% endif %}
+              </td>
+              <td>
+                {% if not domain.key %}
+                  <form class="form" method="post"
+                        action="{% url 'monkeysphere:generate_https' domain.name %}">
+                    {% csrf_token %}
+
+                    <button type="submit" class="btn btn-primary btn-sm pull-right">
+                      {% trans "Generate OpenPGP Key" %}</button>
+                  </form>
+                {% elif not running %}
+                  <form class="form" method="post"
+                        action="{% url 'monkeysphere:publish' domain.key.pgp_fingerprint %}">
+                    {% csrf_token %}
+
+                    <button type="submit" class="btn btn-warning btn-sm pull-right">
+                      {% trans "Publish Key" %}</button>
+                  </form>
+                {% endif %}
+              </td>
+            </tr>
+          {% endfor %}
+        </tbody>
+      </table>
+    </div>
+  </div>
+
 {% endblock %}
diff --git a/plinth/modules/monkeysphere/urls.py b/plinth/modules/monkeysphere/urls.py
index c80f16714..c4a61ed78 100644
--- a/plinth/modules/monkeysphere/urls.py
+++ b/plinth/modules/monkeysphere/urls.py
@@ -28,6 +28,8 @@ urlpatterns = [
     url(r'^sys/monkeysphere/$', views.index, name='index'),
     url(r'^sys/monkeysphere/(?P<domain>[^/]+)/generate/$',
         views.generate, name='generate'),
+    url(r'^sys/monkeysphere/(?P<domain>[^/]+)/generate_https/$',
+        views.generate_https, name='generate_https'),
     url(r'^sys/monkeysphere/(?P<fingerprint>[0-9A-Fa-f]+)/details/$',
         views.details, name='details'),
     url(r'^sys/monkeysphere/(?P<fingerprint>[0-9A-Fa-f]+)/publish/$',
diff --git a/plinth/modules/monkeysphere/views.py b/plinth/modules/monkeysphere/views.py
index 30160c54a..81ac9edcd 100644
--- a/plinth/modules/monkeysphere/views.py
+++ b/plinth/modules/monkeysphere/views.py
@@ -62,6 +62,22 @@ def generate(request, domain):
     return redirect(reverse_lazy('monkeysphere:index'))
 
 
+@require_POST
+def generate_https(request, domain):
+    """Generate OpenPGP key for HTTPS service."""
+    valid_domain = any((domain in domains
+                        for domains in names.domains.values()))
+    if valid_domain:
+        try:
+            actions.superuser_run(
+                'monkeysphere', ['host-import-https-key', 'https://' + domain])
+            messages.success(request, _('Generated OpenPGP key.'))
+        except actions.ActionError as exception:
+            messages.error(request, str(exception))
+
+    return redirect(reverse_lazy('monkeysphere:index'))
+
+
 def details(request, fingerprint):
     """Get details for an OpenPGP key."""
     key = get_key(fingerprint)
@@ -96,9 +112,14 @@ def get_status():
     """Get the current status."""
     output = actions.superuser_run('monkeysphere', ['host-show-keys'])
     keys = {}
+    https_keys = {}
     for key in json.loads(output)['keys']:
-        key['name'] = key['uid'].replace('ssh://', '')
-        keys[key['name']] = key
+        if key['uid'].startswith('ssh'):
+            key['name'] = key['uid'].replace('ssh://', '')
+            keys[key['name']] = key
+        elif key['uid'].startswith('https'):
+            key['name'] = key['uid'].replace('https://', '')
+            https_keys[key['name']] = key
 
     domains = []
     for domains_of_a_type in names.domains.values():
@@ -108,7 +129,15 @@ def get_status():
                 'key': keys.get(domain),
             })
 
-    return {'domains': domains}
+    https_domains = []
+    for domains_of_a_type in names.domains.values():
+        for domain in domains_of_a_type:
+            https_domains.append({
+                'name': domain,
+                'key': https_keys.get(domain),
+            })
+
+    return {'domains': domains, 'https_domains': https_domains}
 
 
 def get_key(fingerprint):