general: remove obsolete certificate handling (#6224)
This commit is contained in:
parent
e9a3d66c8d
commit
5c2401012b
|
@ -1140,7 +1140,6 @@ def test_settings():
|
|||
app.get('/admin/settings/identification')
|
||||
app.get('/admin/settings/sitename')
|
||||
app.get('/admin/settings/sms')
|
||||
app.get('/admin/settings/certificates')
|
||||
app.get('/admin/settings/session')
|
||||
app.get('/admin/settings/admin-permissions')
|
||||
|
||||
|
|
|
@ -38,7 +38,6 @@ from qommon.form import *
|
|||
from qommon.sms import SMS
|
||||
|
||||
from qommon.admin.menu import html_top, error_page
|
||||
from qommon.admin.certificates import CertificatesDirectory, m2crypto
|
||||
from qommon.admin.cfg import cfg_submit
|
||||
from qommon.admin.emails import EmailsDirectory
|
||||
from qommon.admin.texts import TextsDirectory
|
||||
|
@ -255,7 +254,6 @@ class SettingsDirectory(QommonSettingsDirectory):
|
|||
('admin-permissions', 'admin_permissions'),
|
||||
'theme_preview']
|
||||
|
||||
certificates = CertificatesDirectory()
|
||||
emails = EmailsDirectory()
|
||||
identification = IdentificationDirectory()
|
||||
users = UsersDirectory()
|
||||
|
@ -300,9 +298,6 @@ class SettingsDirectory(QommonSettingsDirectory):
|
|||
r += htmltext('<dl> <dt><a href="admin-permissions">%s</a></dt> <dd>%s</dd>') % (
|
||||
_('Admin Permissions'), _('Configure access to the administration interface'))
|
||||
|
||||
if m2crypto:
|
||||
r += htmltext('<dl> <dt><a href="certificates/">%s</a></dt> <dd>%s</dd>') % (
|
||||
_('Certificates'), _('Configure certificate authorities'))
|
||||
r += htmltext('</div>')
|
||||
|
||||
r += htmltext('<div class="bo-block">')
|
||||
|
|
|
@ -1,122 +0,0 @@
|
|||
# w.c.s. - web application for online forms
|
||||
# Copyright (C) 2005-2010 Entr'ouvert
|
||||
#
|
||||
# This program is free software; you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation; either version 2 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# This program is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program; if not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
from quixote import redirect
|
||||
from quixote.directory import Directory
|
||||
from quixote.html import TemplateIO, htmltext
|
||||
|
||||
from qommon.form import *
|
||||
from qommon.admin.menu import html_top, command_icon
|
||||
|
||||
try:
|
||||
from qommon.certificate import CertificateAuthorities
|
||||
from M2Crypto import X509
|
||||
m2crypto = True
|
||||
except ImportError:
|
||||
m2crypto = False
|
||||
|
||||
class CertificatePage(Directory):
|
||||
_q_exports = ['', 'delete']
|
||||
|
||||
def __init__(self, component):
|
||||
self.certificate = CertificateAuthorities.get(component)
|
||||
|
||||
def _q_index(self):
|
||||
html_top('settings', title = _('Certificate %s') % self.certificate.id)
|
||||
r = TemplateIO(html=True)
|
||||
r += htmltext('<h2>%s</h2>') % (_('Certificate %s' % self.certificate.id))
|
||||
r += htmltext('<div>%s</div>') % (self.certificate.cert)
|
||||
return r.getvalue()
|
||||
|
||||
def delete(self):
|
||||
form = Form(enctype='multipart/form-data')
|
||||
form.widgets.append(HtmlWidget('<p>%s</p>' % _(
|
||||
"You are about to delete this certificate.")))
|
||||
form.add_submit("submit", _("Submit"))
|
||||
form.add_submit("cancel", _("Cancel"))
|
||||
if form.get_widget('cancel').parse():
|
||||
return redirect('..')
|
||||
if not form.is_submitted() or form.has_errors():
|
||||
get_response().breadcrumb.append(('delete', _('Delete')))
|
||||
html_top('settings', title = _('certificates'))
|
||||
return form.render()
|
||||
else:
|
||||
self.certificate.remove_self()
|
||||
return redirect('..')
|
||||
|
||||
class CertificatesDirectory(Directory):
|
||||
_q_exports = ['', 'add']
|
||||
|
||||
def index(self):
|
||||
get_response().breadcrumb.append( ('certificates/', _('Certificates')) )
|
||||
html_top('settings', title = _('certificates'))
|
||||
r = TemplateIO(html=True)
|
||||
r += htmltext('<h2>%s</h2>') % _('Certificate Authorities')
|
||||
|
||||
r += htmltext('<ul id="nav-forms-admin">')
|
||||
r += htmltext(' <li><a href="add">%s</a></li>') % _('Add Certificate Authority')
|
||||
r += htmltext('</ul>')
|
||||
|
||||
r += htmltext('<ul class="biglist">')
|
||||
for ca in CertificateAuthorities.select(lambda x: x.ca == True):
|
||||
r += htmltext('<li>')
|
||||
r += htmltext('<strong class="label">%s</strong>') % ca.issuer
|
||||
r += htmltext('<p class="commands">')
|
||||
r += command_icon('%s/delete' % ca.id, 'remove', popup = True)
|
||||
r += htmltext('</p></li>')
|
||||
r += htmltext('</ul>')
|
||||
return r.getvalue()
|
||||
|
||||
def _q_index(self):
|
||||
if not m2crypto:
|
||||
get_response().breadcrumb.append( ('certificates/', _('Certificates')) )
|
||||
html_top('settings', title = _('certificates'))
|
||||
return htmltext('<div class=errornotice>%s</div>') % \
|
||||
_("You need to install M2Crypto to use this feature")
|
||||
else:
|
||||
return self.index()
|
||||
|
||||
def add(self):
|
||||
get_response().breadcrumb.append( ('certificates/', _('Certificates')) )
|
||||
get_response().breadcrumb.append( ('add', _('Add')) )
|
||||
html_top('settings', title = _('Add Certificate Authority'))
|
||||
form = Form(enctype='multipart/form-data')
|
||||
form.add(FileWidget, 'ca', title = _('Certificate'), required = True)
|
||||
form.add_submit('submit', _('Submit'))
|
||||
form.add_submit('cancel', _('Cancel'))
|
||||
if form.get_widget('cancel').parse():
|
||||
return redirect('.')
|
||||
if not form.is_submitted() or form.has_errors():
|
||||
return form.render()
|
||||
else:
|
||||
f = form.get_widget('ca').parse().fp
|
||||
ca_str = f.read()
|
||||
f.close()
|
||||
try:
|
||||
c = CertificateAuthorities(ca_str)
|
||||
c.ca = True
|
||||
c.store()
|
||||
return redirect('.')
|
||||
except X509.X509Error:
|
||||
form.set_error("ca", _("Bad certificate"))
|
||||
return form.render()
|
||||
|
||||
def _q_lookup(self, component):
|
||||
get_response().breadcrumb.append( ('certificates/', _('Certificates')) )
|
||||
try:
|
||||
return CertificatePage(component)
|
||||
except KeyError:
|
||||
raise errors.TraversalError()
|
|
@ -1,103 +0,0 @@
|
|||
# w.c.s. - web application for online forms
|
||||
# Copyright (C) 2005-2010 Entr'ouvert
|
||||
#
|
||||
# This program is free software; you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation; either version 2 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# This program is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program; if not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
import tempfile
|
||||
import os
|
||||
|
||||
from M2Crypto import X509, SMIME, BIO
|
||||
|
||||
from qommon.storage import StorableObject
|
||||
|
||||
class Certificate(object):
|
||||
|
||||
def __init__(self, cert, type = 'x509'):
|
||||
"""type : x509 or pkcs7"""
|
||||
self.cert = cert
|
||||
self.type = type
|
||||
self.issuer = ""
|
||||
self.subject = ""
|
||||
if self.type == "pkcs7":
|
||||
self.__init_p7()
|
||||
elif self.type == 'x509':
|
||||
self.__init_x509()
|
||||
|
||||
def __init_p7(self):
|
||||
signers = []
|
||||
name = self.__create_tmpfile(self.cert)
|
||||
p7 = SMIME.load_pkcs7(name)
|
||||
os.remove(name)
|
||||
sk = p7.get0_signers(X509.X509_Stack())
|
||||
while len(sk):
|
||||
x509 = sk.pop()
|
||||
self.issuer += x509.get_issuer().as_text()
|
||||
self.subject += x509.get_subject().as_text()
|
||||
|
||||
def __init_x509(self):
|
||||
x509 = X509.load_cert_string(self.cert)
|
||||
self.issuer += x509.get_issuer().as_text()
|
||||
self.subject += x509.get_subject().as_text()
|
||||
|
||||
def __create_tmpfile(self, data):
|
||||
"""Return the file name"""
|
||||
fd, name = tempfile.mkstemp()
|
||||
file = open(name, "w+b")
|
||||
file.write(data)
|
||||
file.close()
|
||||
return name
|
||||
|
||||
def __validate_p7(self, data):
|
||||
"""data: string
|
||||
"""
|
||||
res = False
|
||||
s = SMIME.SMIME()
|
||||
# Load the cert
|
||||
tmpfile = self.__create_tmpfile(self.cert)
|
||||
p7 = SMIME.load_pkcs7(tmpfile)
|
||||
os.remove(tmpfile)
|
||||
|
||||
text = data
|
||||
data_bio = BIO.MemoryBuffer(text)
|
||||
sk = p7.get0_signers(X509.X509_Stack())
|
||||
s.set_x509_stack(sk)
|
||||
|
||||
# Load CAs cert
|
||||
cas = CertificateAuthorities.select(lambda x: x.ca == True)
|
||||
st = X509.X509_Store()
|
||||
for ca in cas:
|
||||
tmpfile = self.__create_tmpfile(ca.cert)
|
||||
st.load_info(tmpfile)
|
||||
os.remove(tmpfile)
|
||||
s.set_x509_store(st)
|
||||
|
||||
try:
|
||||
s.verify(p7, data_bio)
|
||||
return True
|
||||
except SMIME.PKCS7_Error:
|
||||
return False
|
||||
|
||||
def validate(self, data):
|
||||
""" Return a boolean """
|
||||
if self.type == "pkcs7":
|
||||
return self.__validate_p7(data)
|
||||
return False
|
||||
|
||||
class CertificateAuthorities(StorableObject, Certificate):
|
||||
_names = 'cas'
|
||||
|
||||
def __init__(self, cert):
|
||||
StorableObject.__init__(self)
|
||||
Certificate.__init__(self, cert)
|
||||
|
Loading…
Reference in New Issue