Exemple #1
0
def db_acme_cert_issuance(store):
    priv_fact = PrivateFactory(store)
    hostname = State.tenant_cache[1].hostname

    raw_accnt_key = priv_fact.get_val(u'acme_accnt_key')
    accnt_key = serialization.load_pem_private_key(str(raw_accnt_key),
                                                   password=None,
                                                   backend=default_backend())

    priv_key = priv_fact.get_val(u'https_priv_key')
    regr_uri = priv_fact.get_val(u'acme_accnt_uri')

    csr_fields = {'CN': hostname}
    # NOTE sha256 is always employed as hash fnc here.
    csr = tls.gen_x509_csr(priv_key, csr_fields, 256)

    # Run ACME registration all the way to resolution
    cert_str, chain_str = letsencrypt.run_acme_reg_to_finish(
        hostname, regr_uri, accnt_key, priv_key, csr, tmp_chall_dict,
        Settings.acme_directory_url)

    priv_fact.set_val(u'https_cert', cert_str)
    priv_fact.set_val(u'https_chain', chain_str)
    State.tenant_cache[1].private.https_cert = cert_str
    State.tenant_cache[1].private.https_chain = chain_str
Exemple #2
0
def serialize_https_config_summary(store):
    prv_fact = PrivateFactory(store)

    file_summaries = {}
    for key, file_res_cls in FileHandler.mapped_file_resources.items():
        file_summaries[key] = file_res_cls.db_serialize(store)

    return {
        'enabled': prv_fact.get_val(u'https_enabled'),
        'running': State.process_supervisor.is_running(),
        'status': State.process_supervisor.get_status(),
        'files': file_summaries,
        'acme': prv_fact.get_val(u'acme')
    }
Exemple #3
0
    def db_serialize(store):
        prv_fact = PrivateFactory(store)

        return {
            'set': prv_fact.get_val('https_priv_key') != u'',
            'gen': prv_fact.get_val('https_priv_gen')
        }
Exemple #4
0
    def db_maybe_launch_https_workers(self, store):
        privFact = PrivateFactory(store)

        on = privFact.get_val(u'https_enabled')
        if not on:
            log.info("Not launching workers")
            return defer.succeed(None)

        site_cfgs = load_tls_dict_list(store)

        valid_cfgs, err = [], None
        # Determine which site_cfgs are valid and only pass those to the child.
        for db_cfg in site_cfgs:
            chnv = tls.ChainValidator()
            ok, err = chnv.validate(db_cfg,
                                    must_be_disabled=False,
                                    check_expiration=False)
            if ok and err is None:
                valid_cfgs.append(db_cfg)

        self.tls_cfg['site_cfgs'] = valid_cfgs

        if not valid_cfgs:
            log.info("Not launching https workers due to %s", err)
            return defer.fail(err)

        log.info("Decided to launch https workers")
        return self.launch_https_workers()
Exemple #5
0
def get_onion_service_info(store):
    node_fact = NodeFactory(store)
    hostname = node_fact.get_val(u'onionservice')

    priv_fact = PrivateFactory(store)
    key = priv_fact.get_val(u'tor_onion_key')

    return hostname, key
Exemple #6
0
def db_admin_serialize_node(store, language):
    node_dict = NodeFactory(store).admin_export()
    priv_dict = PrivateFactory(store)

    # Contexts and Receivers relationship
    configured = store.find(models.ReceiverContext).count() > 0

    misc_dict = {
        'version': priv_dict.get_val(u'version'),
        'latest_version': priv_dict.get_val(u'latest_version'),
        'languages_supported': LANGUAGES_SUPPORTED,
        'languages_enabled': EnabledLanguage.list(store),
        'configured': configured
    }

    l10n_dict = NodeL10NFactory(store).localized_dict(language)

    return utils.sets.merge_dicts(node_dict, misc_dict, l10n_dict)
Exemple #7
0
def evaluate_update_notification(store, latest_version):
    priv_fact = PrivateFactory(store)
    stored_latest = priv_fact.get_val(u'latest_version')

    if V(stored_latest) < V(latest_version):
        priv_fact.set_val(u'latest_version', latest_version)

        for user_desc in db_get_admin_users(store):
            lang = user_desc['language']
            template_vars = {
                'type': 'software_update_available',
                'latest_version': latest_version,
                'node': db_admin_serialize_node(store, lang),
                'notification': db_get_notification(store, lang),
                'user': user_desc,
            }

            format_and_send(store, user_desc, template_vars)
Exemple #8
0
def db_perform_data_update(store):
    prv = PrivateFactory(store)

    stored_ver = prv.get_val('version')
    t = (stored_ver, __version__)

    # Catch all failures
    if stored_ver != __version__:
        prv.set_val('version', __version__)

        appdata = db_update_appdata(store)
        config.update_defaults(store)
        l10n.update_defaults(store, appdata)
        db_fix_fields_attrs(store)

    ok = config.is_cfg_valid(store)
    if not ok:
        m = 'Error: the system is not stable, update failed from %s to %s' % t
        raise DatabaseIntegrityError(m)
Exemple #9
0
def db_perform_data_update(store):
    prv = PrivateFactory(store)

    stored_ver = prv.get_val('version')
    t = (stored_ver, __version__)

    if stored_ver != __version__:
        prv.set_val('version', __version__)

        # The below commands can change the current store based on the what is
        # currently stored in the DB.
        appdata = db_update_appdata(store)
        l10n.update_defaults(store, appdata)
        config.update_defaults(store)
        db_fix_fields_attrs(store)

    ok = config.is_cfg_valid(store)
    if not ok:
        m = 'Error: the system is not stable, update failed from %s to %s' % t
        raise Exception(m)
Exemple #10
0
def db_perform_data_update(store):
    prv = PrivateFactory(store)

    stored_ver = prv.get_val('version')
    t = (stored_ver, __version__)

    if stored_ver != __version__:
        prv.set_val('version', __version__)

        # The below commands can change the current store based on the what is
        # currently stored in the DB.
        appdata = db_update_appdata(store)
        l10n.update_defaults(store, appdata)
        config.update_defaults(store)
        db_fix_fields_attrs(store)

    ok = config.is_cfg_valid(store)
    if not ok:
        m = 'Error: the system is not stable, update failed from %s to %s' % t
        raise Exception(m)
Exemple #11
0
    def db_maybe_launch_https_workers(self, store):
        privFact = PrivateFactory(store)

        on = privFact.get_val('https_enabled')
        if not on:
            log.info("Not launching workers")
            yield defer.succeed(None)
            return

        db_cfg = load_tls_dict(store)
        self.tls_cfg.update(db_cfg)

        chnv = tls.ChainValidator()
        ok, err = chnv.validate(db_cfg, must_be_disabled=False)

        if ok and err is None:
            log.info("Decided to launch https workers")
            yield self.launch_https_workers()
        else:
            log.info("Not launching https workers due to %s" % err)
            yield defer.fail(err)
Exemple #12
0
 def get_file(store):
     prv_fact = PrivateFactory(store)
     return prv_fact.get_val('https_csr')
Exemple #13
0
def is_acme_configured(store):
    prv_fact = PrivateFactory(store)
    acme = prv_fact.get_val('acme')
    cert_set = prv_fact.get_val('https_cert') != u''
    return acme and cert_set
Exemple #14
0
def can_perform_acme_run(store):
    prv_fact = PrivateFactory(store)
    acme = prv_fact.get_val('acme')
    no_cert_set = prv_fact.get_val('https_cert') == u''
    return acme and no_cert_set
Exemple #15
0
def can_perform_acme_renewal(store):
    priv_fact = PrivateFactory(store)
    a = is_acme_configured(store)
    b = priv_fact.get_val(u'https_enabled')
    c = priv_fact.get_val(u'https_cert')
    return a and b and c