nik/FreedomBox
1
0
Fork 0
mirror of https://github.com/freedombox/FreedomBox.git synced 2026-05-20 10:34:30 +00:00
Code Issues Packages Projects Releases Wiki Activity

monkeysphere: Add self-signed certificate section

Browse Source
This commit is contained in:
James Valleroy 2016-02-16 19:11:56 -05:00 committed by Sunil Mohan Adapa
parent 8c96d381e6
commit 79edbd6195
No known key found for this signature in database
GPG Key ID: 36C361440C9BC971
4 changed files with 116 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
actions/monkeysphere
View File

@ -41,6 +41,11 @@ def parse_arguments():
host_import_ssh_key.add_argument( host_import_ssh_key.add_argument(
'hostname', help='Fully-qualified hostname') 'hostname', help='Fully-qualified hostname')
host_import_https_key = subparsers.add_parser(
'host-import-https-key', help='Import host HTTPS key')
host_import_https_key.add_argument(
'hostname', help='Fully-qualified hostname')
host_publish_key = subparsers.add_parser( host_publish_key = subparsers.add_parser(
'host-publish-key', help='Push host key to keyserver') 'host-publish-key', help='Push host key to keyserver')
host_publish_key.add_argument( host_publish_key.add_argument(
@ -91,6 +96,14 @@ def subcommand_host_import_ssh_key(arguments):
print(output.decode()) print(output.decode())
def subcommand_host_import_https_key(arguments):
"""Import host HTTPS key."""
output = subprocess.check_output(
['monkeysphere-host', 'import-key',
'/etc/ssl/private/ssl-cert-snakeoil.key', arguments.hostname])
print(output.decode())
def subcommand_host_publish_key(arguments): def subcommand_host_publish_key(arguments):
"""Push host key to keyserver.""" """Push host key to keyserver."""
# setting TMPDIR as workaround for Debian bug #656750 # setting TMPDIR as workaround for Debian bug #656750

69
plinth/modules/monkeysphere/templates/monkeysphere.html
View File

@ -47,6 +47,8 @@
</p> </p>
{% endif %} {% endif %}
<h3>{% trans "Secure Shell (SSH)" %}</h3>
<div class="row"> <div class="row">
<div class="col-sm-8"> <div class="col-sm-8">
<table class="table table-bordered table-condensed table-striped"> <table class="table table-bordered table-condensed table-striped">
@ -97,4 +99,71 @@
</div> </div>
</div> </div>
<h3>{% trans "Secure Web Server (HTTPS)" %}</h3>
<p>
{% blocktrans trimmed %}
Monkeysphere can also generate an OpenPGP key for each Secure Web Server
(HTTPS) certificate installed on this machine. The OpenPGP public key can
then be uploaded to the OpenPGP keyservers. Users accessing the web
server through HTTPS can verify that they are connecting to the correct
host. To validate the certificate, the user will need to install some
software that is available on the
<a href="https://web.monkeysphere.info/download/">
Monkeysphere website</a>.
{% endblocktrans %}
</p>
<h4>{% trans "Self-signed Certificate" %}</h4>
<div class="row">
<div class="col-sm-8">
<table class="table table-bordered table-condensed table-striped">
<thead>
<tr>
<th>{% trans "Domain" %}</th>
<th>{% trans "OpenPGP Fingerprint" %}</th>
<th>{% trans "Actions" %}</th>
</tr>
</thead>
<tbody>
{% for domain in status.https_domains %}
<tr>
<td>{{ domain.name }}</td>
<td>
{% if domain.key %}
<a href="{% url 'monkeysphere:details' domain.key.pgp_fingerprint %}"
title="Show details for key {{ domain.key.pgp_fingerprint }}">
{{ domain.key.pgp_fingerprint }}
</a>
{% else %}
{% trans "Not Available" %}
{% endif %}
</td>
<td>
{% if not domain.key %}
<form class="form" method="post"
action="{% url 'monkeysphere:generate_https' domain.name %}">
{% csrf_token %}
<button type="submit" class="btn btn-primary btn-sm pull-right">
{% trans "Generate OpenPGP Key" %}</button>
</form>
{% elif not running %}
<form class="form" method="post"
action="{% url 'monkeysphere:publish' domain.key.pgp_fingerprint %}">
{% csrf_token %}
<button type="submit" class="btn btn-warning btn-sm pull-right">
{% trans "Publish Key" %}</button>
</form>
{% endif %}
</td>
</tr>
{% endfor %}
</tbody>
</table>
</div>
</div>
{% endblock %} {% endblock %}

2
plinth/modules/monkeysphere/urls.py
View File

@ -28,6 +28,8 @@ urlpatterns = [
url(r'^sys/monkeysphere/$', views.index, name='index'), url(r'^sys/monkeysphere/$', views.index, name='index'),
url(r'^sys/monkeysphere/(?P<domain>[^/]+)/generate/$', url(r'^sys/monkeysphere/(?P<domain>[^/]+)/generate/$',
views.generate, name='generate'), views.generate, name='generate'),
url(r'^sys/monkeysphere/(?P<domain>[^/]+)/generate_https/$',
views.generate_https, name='generate_https'),
url(r'^sys/monkeysphere/(?P<fingerprint>[0-9A-Fa-f]+)/details/$', url(r'^sys/monkeysphere/(?P<fingerprint>[0-9A-Fa-f]+)/details/$',
views.details, name='details'), views.details, name='details'),
url(r'^sys/monkeysphere/(?P<fingerprint>[0-9A-Fa-f]+)/publish/$', url(r'^sys/monkeysphere/(?P<fingerprint>[0-9A-Fa-f]+)/publish/$',

35
plinth/modules/monkeysphere/views.py
View File

@ -62,6 +62,22 @@ def generate(request, domain):
return redirect(reverse_lazy('monkeysphere:index')) return redirect(reverse_lazy('monkeysphere:index'))
@require_POST
def generate_https(request, domain):
"""Generate OpenPGP key for HTTPS service."""
valid_domain = any((domain in domains
for domains in names.domains.values()))
if valid_domain:
try:
actions.superuser_run(
'monkeysphere', ['host-import-https-key', 'https://' + domain])
messages.success(request, _('Generated OpenPGP key.'))
except actions.ActionError as exception:
messages.error(request, str(exception))
return redirect(reverse_lazy('monkeysphere:index'))
def details(request, fingerprint): def details(request, fingerprint):
"""Get details for an OpenPGP key.""" """Get details for an OpenPGP key."""
key = get_key(fingerprint) key = get_key(fingerprint)
@ -96,9 +112,14 @@ def get_status():
"""Get the current status.""" """Get the current status."""
output = actions.superuser_run('monkeysphere', ['host-show-keys']) output = actions.superuser_run('monkeysphere', ['host-show-keys'])
keys = {} keys = {}
https_keys = {}
for key in json.loads(output)['keys']: for key in json.loads(output)['keys']:
key['name'] = key['uid'].replace('ssh://', '') if key['uid'].startswith('ssh'):
keys[key['name']] = key key['name'] = key['uid'].replace('ssh://', '')
keys[key['name']] = key
elif key['uid'].startswith('https'):
key['name'] = key['uid'].replace('https://', '')
https_keys[key['name']] = key
domains = [] domains = []
for domains_of_a_type in names.domains.values(): for domains_of_a_type in names.domains.values():
@ -108,7 +129,15 @@ def get_status():
'key': keys.get(domain), 'key': keys.get(domain),
}) })
return {'domains': domains} https_domains = []
for domains_of_a_type in names.domains.values():
for domain in domains_of_a_type:
https_domains.append({
'name': domain,
'key': https_keys.get(domain),
})
return {'domains': domains, 'https_domains': https_domains}
def get_key(fingerprint): def get_key(fingerprint):