def sslCertView(request):
if request.method == "POST":
try:
keyobj = DomainAttr.getAttrObj(item="ssl_privatekey")
certobj = DomainAttr.getAttrObj(item="ssl_certificate")
privkey = keyobj.value
if not privkey:
messages.add_message(request, messages.ERROR,
u'私钥不存在,请先生成或导入!')
return HttpResponseRedirect(reverse("ssl_maintain"))
fileobj = request.FILES['certfile']
certificate = fileobj.read()
T = sslopts.checkCert(bytes(privkey), bytes(certificate))
if not T:
messages.add_message(request, messages.ERROR,
u'证书与私钥不匹配,无法导入!')
return HttpResponseRedirect(reverse("ssl_maintain"))
certobj.value = certificate
certobj.save()
messages.add_message(request, messages.SUCCESS, u'导入证书成功!')
return HttpResponseRedirect(reverse("ssl_maintain"))
except BaseException as e:
messages.add_message(request, messages.ERROR, u'无法解析证书,请检测证书文件!')
return HttpResponseRedirect(reverse("ssl_maintain"))
raise Http404
def save(self):
instance = DomainAttr.getAttrObj(domain_id=0,
type="system",
item=u'cf_moving_default')
instance.value = json.dumps(self.value)
instance.save()
return instance
def cfilter_config(request):
obj = DomainAttr.getAttrObj(domain_id=0,
type="system",
item='sw_use_cfilter_new')
form = ExtCfilterConfigForm(instance=obj)
if request.method == "POST":
form = ExtCfilterConfigForm(post=request.POST)
if form.is_valid():
form.save()
messages.add_message(request, messages.SUCCESS, u'修改开关成功')
return HttpResponseRedirect(reverse("cfilter_config"))
return render(request,
"setting/cfilter_config.html",
context={
"form": form,
})
def sslPrivateView(request):
if request.method == "POST":
status = request.POST.get("sslkey_status", "")
obj = DomainAttr.getAttrObj(item="ssl_privatekey")
value = obj.value
if status == "import":
keywd = request.POST.get("sslkey_passwd_import", "").strip()
keywd = keywd or None
if value:
messages.add_message(request, messages.ERROR, u'私钥已存在,设置私钥失败!')
return HttpResponseRedirect(reverse("ssl_maintain"))
else:
try:
fileobj = request.FILES['sslkeyfile']
privkey = fileobj.read()
privkey = sslopts.importPrivKey(privkey, passwd=keywd)
obj.value = privkey
obj.save()
messages.add_message(request, messages.SUCCESS, u'导入私钥成功')
return HttpResponseRedirect(reverse("ssl_maintain"))
except BaseException as e:
messages.add_message(request, messages.ERROR,
u'导入私钥失败(保护密码错误、非密钥文件等), 请重新导入!')
return HttpResponseRedirect(reverse("ssl_maintain"))
if status == "export":
keywd = request.POST.get("sslkey_passwd_export", "").strip()
keywd = keywd or None
if value:
try:
privkey = sslopts.exportPrivKey(bytes(value), passwd=keywd)
wrapper = FileWrapper(StringIO.StringIO(privkey))
response = HttpResponse(
wrapper, content_type='application/octet-stream')
response['Content-Length'] = sslopts.getPrivateKeySize(
bytes(value))
response[
'Content-Disposition'] = 'attachment; filename=%s' % "ssl_private.key"
return response
except BaseException as e:
messages.add_message(request, messages.ERROR,
u'私钥不正确,请重新生成私钥导出!')
return HttpResponseRedirect(reverse("ssl_maintain"))
else:
messages.add_message(request, messages.ERROR, u'私钥不存在,导出失败!')
return HttpResponseRedirect(reverse("ssl_maintain"))
return HttpResponseRedirect(reverse("ssl_maintain"))
raise Http404
def mailTransferSender(request):
obj = DomainAttr.getAttrObj(domain_id=0,
type="system",
item='deliver_transfer_sender')
form = MailTransferSenderForm(instance=obj)
if request.method == "POST":
form = MailTransferSenderForm(post=request.POST)
if form.is_valid():
form.save()
messages.add_message(request, messages.SUCCESS, u'添加数据成功')
return HttpResponseRedirect(reverse('mail_transfer_sender'))
return render(request,
"setting/mail_transfer_sender.html",
context={
"form": form,
})
def sslView(request):
# ssl开关
sslobj = CoreConfig.getFuctionObj('ssl')
# 私钥数据
keyobj = DomainAttr.getAttrObj(item="ssl_privatekey")
value = keyobj.value or None
# 签名请求数据
sigobj = DomainAttr.getAttrObj(item="ssl_signrequest")
# 证书
certobj = DomainAttr.getAttrObj(item="ssl_certificate")
if request.method == "POST":
status = request.POST.get("status", "")
if status == "generate":
# 系统生成私钥
if value:
messages.add_message(request, messages.ERROR, u'私钥已存在,设置私钥失败!')
return HttpResponseRedirect(reverse("ssl_maintain"))
else:
try:
privkey = sslopts.genPrivKey()
keyobj.value = privkey
keyobj.save()
messages.add_message(request, messages.SUCCESS, u'生成私钥成功')
return HttpResponseRedirect(reverse("ssl_maintain"))
except:
messages.add_message(request, messages.ERROR,
u'生成私钥失败,请重新生成')
return HttpResponseRedirect(reverse("ssl_maintain"))
if status == "clear":
# 清除私钥
keyobj.value = ""
keyobj.save()
# 清空证书签名请求
DomainAttr.emptyAttrObjValue(item="ssl_signrequest")
# 清除证书
DomainAttr.emptyAttrObjValue(item="ssl_certificate")
messages.add_message(request, messages.SUCCESS, u'清除私钥成功')
return HttpResponseRedirect(reverse("ssl_maintain"))
if status == "export-signature":
# 导出签名请求
sigvalue = sigobj.value or None
if not sigvalue:
messages.add_message(request, messages.ERROR, u'签名请求 不存在')
return HttpResponseRedirect(reverse("ssl_maintain"))
else:
try:
wrapper = FileWrapper(StringIO.StringIO(sigvalue))
response = HttpResponse(
wrapper, content_type='application/octet-stream')
response['Content-Length'] = len(value)
response[
'Content-Disposition'] = 'attachment; filename=%s' % "ssl_signrequest.csr"
return response
except:
messages.add_message(request, messages.ERROR,
u'导出签名请求失败,请重新导出')
return HttpResponseRedirect(reverse("ssl_maintain"))
if status == "clear-signature":
# 清除签名请求
DomainAttr.emptyAttrObjValue(item="ssl_signrequest")
messages.add_message(request, messages.SUCCESS, u'清除签名请求成功')
return HttpResponseRedirect(reverse("ssl_maintain"))
if status == "cert-export":
# 导出证书
certvalue = certobj.value or None
if not certvalue:
messages.add_message(request, messages.ERROR, u'证书 不存在')
return HttpResponseRedirect(reverse("ssl_maintain"))
else:
try:
wrapper = FileWrapper(StringIO.StringIO(certvalue))
response = HttpResponse(
wrapper, content_type='application/octet-stream')
response['Content-Length'] = len(value)
response[
'Content-Disposition'] = 'attachment; filename=%s' % "ssl_certificate.crt"
return response
except:
messages.add_message(request, messages.ERROR,
u'导出证书失败,请重新导出')
return HttpResponseRedirect(reverse("ssl_maintain"))
if status == "cert-clear":
# 清除证书
DomainAttr.emptyAttrObjValue(item="ssl_certificate")
messages.add_message(request, messages.SUCCESS, u'清除证书成功成功')
return HttpResponseRedirect(reverse("ssl_maintain"))
is_verify = False
signature = DomainAttr.getSignatureCache()
if sigobj.value:
is_verify, signature2 = sslopts.parseSignature(sigobj.value)
if is_verify: signature = signature2
is_ca = False
cert_subject, sert_issuer = None, None
if certobj.value:
is_ca = True
cert_subject, sert_issuer = sslopts.parseCert(certobj.value)
return render(
request,
"maintain/ssl.html",
context={
"sslobj": sslobj,
"keyValue":
sslopts.getPrivateKeySize(bytes(value)) if value else None,
"is_verify": is_verify,
"signature": signature,
"is_ca": is_ca,
"cert_subject": cert_subject,
"sert_issuer": sert_issuer,
})
def sslSignatureView(request):
if request.method == "POST":
obj = DomainAttr.getAttrObj(item="ssl_signrequest")
keyobj = DomainAttr.getAttrObj(item="ssl_privatekey")
keyvalue = keyobj.value
if obj.value:
messages.add_message(request, messages.ERROR,
u'证书签名请求已存在,生成证书签名请求失败!')
return HttpResponseRedirect(reverse("ssl_maintain"))
else:
sig_domain = request.POST.get("sig_domain", "").strip()
sig_organization = request.POST.get("sig_organization", "").strip()
sig_depart = request.POST.get("sig_depart", "").strip()
sig_province = request.POST.get("sig_province", "").strip()
sig_locale = request.POST.get("sig_locale", "").strip()
j = {}
msg = []
if not validators.check_domain(u"@{}".format(sig_domain)):
msg.append(u"域名 填写错误")
j.update(sig_domain=sig_domain)
if not sig_organization:
msg.append(u"单位/组织 不能为空")
elif not validators.check_English(sig_organization):
msg.append(u"单位/组织 只能填写英文字符")
j.update(sig_organization=sig_organization)
if sig_depart and not validators.check_English(sig_depart):
msg.append(u"部门 只能填写英文字符")
j.update(sig_depart=sig_depart)
if not sig_province:
msg.append(u"省/市/自治区 不能为空")
elif not validators.check_English(sig_province):
msg.append(u"省/市/自治区 只能填写英文字符")
j.update(sig_province=sig_province)
if not sig_locale:
msg.append(u"所在地 不能为空")
elif not validators.check_English(sig_locale):
msg.append(u"所在地 只能填写英文字符")
j.update(sig_locale=sig_locale)
DomainAttr.saveAttrObjValue(item="ssl_signrequest_cache",
value=json.dumps(j))
if not keyvalue:
messages.add_message(request, messages.ERROR, u'私钥不存在,请先设置私钥!')
return HttpResponseRedirect(reverse("ssl_maintain"))
if msg:
messages.add_message(request, messages.ERROR, u",".join(msg))
return HttpResponseRedirect(reverse("ssl_maintain"))
else:
signature = sslopts.genSignature(
privkey=bytes(keyvalue),
sig_domain=sig_domain,
sig_depart=sig_depart,
sig_organization=sig_organization,
sig_province=sig_province,
sig_locale=sig_locale)
obj.value = signature
obj.save()
messages.add_message(request, messages.SUCCESS, u'生成证书签名请求成功')
return HttpResponseRedirect(reverse("ssl_maintain"))
return HttpResponseRedirect(reverse("ssl_maintain"))
raise Http404
def __initialize(self):
self.spf_old = ""
self.spf_new = ""
default = constants.SPAMSET_PARAM_DEFAULT
if self.instance:
self.domain_id = self.instance.domain_id
value = json.loads(self.instance.value)
if "spf" in value:
self.spf_old = value["spf"]
elif "open_spf" in value:
self.spf_old = value["open_spf"]
else:
value = copy.copy(default)
data = self.post if self.post else self.get
if data:
for k in constants.SPAMSET_PARAM_DEFAULT.keys():
if k in data:
value[k] = data[k]
elif k in value:
del value[k]
self.domain_id = data.get("domain_id", 0)
for k, v in constants.SPAMSET_PARAM_DEFAULT.items():
if not k in value:
value[k] = v
if not value.get("host", "").strip() and self.request:
value["host"] = get_client_request(self.request)
#删除一个废弃的key
if "open_spf" in value:
flag = value.pop("open_spf")
value["spf"] = "1" if flag == "1" else "-1"
if "spf" in value:
self.spf_new = value["spf"]
#检测等级在 app 2.2.54 后废弃
if "check_level" in value:
level = value.pop("check_level")
#兼容一下旧数据
if level == "senior":
value["spf"] = "1"
value["sender_blacklist"] = "1"
value["subject_blacklist"] = "1"
value["content_blacklist"] = "1"
value["high_risk_attachment"] = "1"
value["low_risk_attachment"] = "1"
value["dspam"] = "1"
value["ctasd"] = "-1"
value["spamassassin"] = "1"
elif level == "intermediate":
value["sender_blacklist"] = "1"
value["subject_blacklist"] = "1"
value["content_blacklist"] = "1"
value["high_risk_attachment"] = "1"
value["low_risk_attachment"] = "1"
value["dspam"] = "1"
value["ctasd"] = "-1"
value["spamassassin"] = "1"
else:
value["dspam"] = "1"
value["spamassassin"] = "1"
value["sender_blacklist"] = "1"
value["subject_blacklist"] = "1"
value["content_blacklist"] = "1"
value["low_risk_attachment"] = "1"
for k, v in value.iteritems():
self[k] = BaseFied(value=get_unicode(v), error=None)
self.value = BaseFied(value=value, error=None)
#sw_antispam、sw_antivirus的值保存在core_domain表中
instance = Domain.objects.filter(id=self.domain_id).first()
self.instance_domain = instance
if instance:
self.sw_antispam = BaseFied(value=get_unicode(instance.antispam),
error=None)
self.sw_antivirus = BaseFied(value=get_unicode(instance.antivirus),
error=None)
else:
self.sw_antispam = BaseFied(value='-1', error=None)
self.sw_antivirus = BaseFied(value='-1', error=None)
if data:
self.sw_antispam = BaseFied(value=data.get("sw_antispam", '-1'),
error=None)
self.sw_antivirus = BaseFied(value=data.get("sw_antivirus", '-1'),
error=None)
SPAM_TARGET_DEFAULT = {
"spam_check_local": "-1",
"spam_check_outside": "1",
"spam_check_local_spam": "1",
"spam_check_local_virus": "1",
"spam_check_outside_spam": "1",
"spam_check_outside_virus": "1",
}
for k, default in SPAM_TARGET_DEFAULT.items():
key = item = "sw_%s" % k
obj = DomainAttr.objects.filter(domain_id=self.domain_id,
type="webmail",
item=key).first()
if not obj:
DomainAttr.saveAttrObjValue(domain_id=self.domain_id,
type="webmail",
item=key,
value=default)
obj = DomainAttr.getAttrObj(domain_id=self.domain_id,
type="webmail",
item=key)
setattr(self, k, BaseFied(value=obj.value, error=None))
if data:
if k in data:
setattr(self, k, BaseFied(value=data[k], error=None))
else:
setattr(self, k, BaseFied(value="-1", error=None))