def setUp(self): self.vici_wrapper = ViciWrapper() self.vici_wrapper.session.clear_creds() self.vici_wrapper.unload_all_connections() self.connection = Connection(profile='rw', auth='pubkey', version=1) self.connection.save() Authentication(name='local-1', auth='pubkey', local=self.connection).save()
def start(self): self.load() if self.initiate: vici_wrapper = ViciWrapper() for child in self.server_children.all(): logs = vici_wrapper.initiate(child.name, self.profile) for log in logs: LogMessage(connection=self, message=log['message']).save()
def state(self): try: vici_wrapper = ViciWrapper() state = vici_wrapper.get_connection_state(self.profile) if state == State.DOWN.value: return State.DOWN.value elif state == State.ESTABLISHED.value: return State.ESTABLISHED.value elif state == State.CONNECTING.value: return State.CONNECTING.value except: return State.DOWN.value
def handle(self): connection = Connection.objects.get(id=self.id).subclass() try: vici_wrapper = ViciWrapper() if vici_wrapper.is_connection_loaded(connection.profile) is True: vici_wrapper.unload_connection(connection.profile) except ViciException as e: messages.warning(self.request, str(e)) profilname = connection.profile connection.delete() messages.info(self.request, "Connection " + profilname + " deleted.") return HttpResponseRedirect(reverse("server_connections:index"))
def reload_certs(cls): ''' Deletes all ViciCertificates, reads the vici interface and save all Certificates there :return None ''' ViciCertificate.objects.all().delete() wrapper = ViciWrapper() vici_certs = wrapper.get_certificates() for dic in vici_certs: try: cls._add_x509(dic) except CertificateManagerException: pass
def handle(self): connection = Connection.objects.get(id=self.id).subclass() try: vici_wrapper = ViciWrapper() if vici_wrapper.is_connection_loaded(connection.profile) is True: vici_wrapper.unload_connection(connection.profile) except ViciException as e: messages.warning(self.request, str(e)) profilname = connection.profile connection.delete() messages.info(self.request, "Connection " + profilname + " deleted.") return HttpResponseRedirect(reverse("connections:index"))
def _render_page(self, form=PasswordChangeForm()): context = OrderedDict() try: vici_wrapper = ViciWrapper() context = vici_wrapper.get_version() plugins = vici_wrapper.get_plugins() plugins.sort() context['plugins'] = plugins except ViciLoadException as e: messages.warning(self.request, str(e)) except ViciSocketException as e: pass context["pw_form"] = form return render(self.request, 'about.html', context)
def handle(self): response = dict(id=self.connection.id, success=False) try: vici_wrapper = ViciWrapper() sa = vici_wrapper.get_sas_by(self.connection.profile) if sa: child = ChildSA(sa[0], self.connection.profile) response['child'] = child.__dict__ response['success'] = True except ViciException as e: response['message'] = str(e) except Exception as e: print(e) return JsonResponse(response)
def handle(self): if self.request.method == 'GET': return render(self.request, 'eap_secrets/add.html', {"form": AddOrEditForm()}) elif self.request.method == 'POST': self.form = AddOrEditForm(self.request.POST) if not self.form.is_valid(): return render(self.request, 'eap_secrets/add.html', {"form": self.form}) else: try: secret = Secret(username=self.form.my_username, type='EAP', password=self.form.my_salted_password, salt=self.form.my_salt) secret.save() except IntegrityError: messages.add_message( self.request, messages.ERROR, 'An EAP Secret with this Username does already exist') return render(self.request, 'eap_secrets/add.html', {"form": self.form}) ViciWrapper().load_secret(secret.dict()) messages.add_message(self.request, messages.SUCCESS, 'Successfully created EAP Secret') return redirect(reverse("eap_secrets:overview"))
def _render(self): dhcpdbvalue = Pool.objects.all().filter(poolname__contains='dhcp') if not dhcpdbvalue: dhcppool = Pool(poolname='dhcp') dhcppool.clean() dhcppool.save() radiusdbvalue = Pool.objects.all().filter(poolname__contains='radius') if not radiusdbvalue: radiuspool = Pool(poolname='radius') radiuspool.clean() radiuspool.save() queryset = Pool.objects.exclude(poolname__contains='dhcp').exclude( poolname__contains='radius') pools = ViciWrapper().get_pools({'leases': "yes"}) table = tables.PoolsTable(queryset, request=self.request, pools=pools) RequestConfig(self.request, paginate={ "per_page": self.ENTRIES_PER_PAGE }).configure(table) if len(queryset) == 0: table = None return render(self.request, 'pools/overview.html', {'table': table})
def handle(self): if self.request.method == "GET": return self.load_edit_form() elif self.request.method == "POST": self.form = AddOrEditForm(self.parameter_dict) vici = ViciWrapper() if "remove_pool" in self.request.POST: return self.delete_pool(vici) return self.update_pool(vici)
def handle(self): response = dict(id=self.connection.id, success=False) try: vici_wrapper = ViciWrapper() sas = vici_wrapper.get_sas_by(self.connection.profile) if sas: ikesas = [] for sa in sas: sa = sa[self.connection.profile] ikesas.append(IkeSA(sa)) sadict = [] for ikesa in ikesas: sadict.append(ikesa.__dict__) response['child'] = sadict response['success'] = True except ViciException as e: response['message'] = str(e) except Exception as e: print(e) return JsonResponse(response)
def handle(self): try: connection = Connection.objects.get(id=self.conn_id).subclass() vici_wrapper = ViciWrapper() logs = None if hasattr(self, 'sa_id'): logs = vici_wrapper.terminate_ike_sa(self.sa_id) elif hasattr(self, 'child_sa_id'): logs = vici_wrapper.terminate_child_sa(self.child_sa_id) for log in logs: LogMessage(connection=connection, message=log['message']).save() if hasattr(self, 'sa_id'): messages.info(self.request, "Ike SA terminated.") elif hasattr(self, 'child_sa_id'): messages.info(self.request, "Child SA terminated.") except ViciException as e: messages.warning(self.request, str(e)) return HttpResponseRedirect(reverse("server_connections:index"))
def state(self): vici_wrapper = ViciWrapper() if self.is_remote_access() or self.is_site_to_site() and not self.initiate: try: loaded = vici_wrapper.is_connection_loaded(self.profile) if loaded: return State.LOADED.value else: return State.UNLOADED.value except: return State.UNLOADED.value else: try: state = vici_wrapper.get_connection_state(self.profile) if state == State.DOWN.value: return State.DOWN.value elif state == State.ESTABLISHED.value: return State.ESTABLISHED.value elif state == State.CONNECTING.value: return State.CONNECTING.value except: return State.DOWN.value
def state(self): vici_wrapper = ViciWrapper() if self.is_remote_access( ) or self.is_site_to_site() and not self.initiate: try: loaded = vici_wrapper.is_connection_loaded(self.profile) if loaded: return State.LOADED.value else: return State.UNLOADED.value except: return State.UNLOADED.value else: try: state = vici_wrapper.get_connection_state(self.profile) if state == State.DOWN.value: return State.DOWN.value elif state == State.ESTABLISHED.value: return State.ESTABLISHED.value elif state == State.CONNECTING.value: return State.CONNECTING.value except: return State.DOWN.value
def setUp(self): self.client = Client() self.user = User.objects.create(username='******') self.user.set_password('12345') self.user.save() self.client.login(username='******', password='******') ca_cert = TestCertificates.strongSwan_cert.read() cert = TestCertificates.carol_cert.read() key = TestCertificates.carol_key.read() manager = UserCertificateManager() manager.add_keycontainer(cert) manager.add_keycontainer(key) manager.add_keycontainer(ca_cert) for c in Certificate.objects.all(): if "carol@strongswan" in str(c.der_container): self.carol_cert = c else: self.ca_cert = c for i in self.carol_cert.identities: if str(i.subclass()) == '*****@*****.**': self.carol_ident = i.subclass() self.vici_wrapper = ViciWrapper() self.vici_wrapper.unload_all_connections()
def reload_secrets(self): vici = ViciWrapper() vici.clear_creds() for secret in Secret.objects.all(): vici.load_secret(secret.dict())
def stop(self): vici_wrapper = ViciWrapper() vici_wrapper.unload_connection(self.profile) logs = vici_wrapper.terminate_connection(self.profile) for log in logs: LogMessage(connection=self, message=log['message']).save()
class ViciWrapperTest(TestCase): def setUp(self): self.vici_wrapper = ViciWrapper() self.vici_wrapper.session.clear_creds() self.vici_wrapper.unload_all_connections() self.connection = Connection(profile='rw', auth='pubkey', version=1) self.connection.save() Authentication(name='local-1', auth='pubkey', local=self.connection).save() def test_vici_socket(self): with self.assertRaises(ViciPathNotASocketException): ViciWrapper(socket_path="/") def test_vici_get_verion(self): version = self.vici_wrapper.get_version() self.assertTrue(bool(version)) def test_vici_get_plugin(self): plugins = self.vici_wrapper.get_plugins() self.assertTrue(bool(plugins)) def test_vici_get_status(self): status = self.vici_wrapper.get_status() self.assertTrue(bool(status)) def test_vici_load_connection(self): self.assertEquals(0, self.vici_wrapper.get_connections_names().__len__()) self.vici_wrapper.load_connection(self.connection.dict()) self.assertEquals(1, self.vici_wrapper.get_connections_names().__len__()) def test_vici_is_active(self): self.assertEquals(0, self.vici_wrapper.get_connections_names().__len__()) self.vici_wrapper.load_connection(self.connection.dict()) self.assertEquals(1, self.vici_wrapper.get_connections_names().__len__()) self.assertTrue(self.vici_wrapper.is_connection_loaded(self.connection.profile)) def test_vici_unload_connection(self): self.assertEquals(0, self.vici_wrapper.get_connections_names().__len__()) self.vici_wrapper.load_connection(self.connection.dict()) self.assertEquals(1, self.vici_wrapper.get_connections_names().__len__()) self.vici_wrapper.unload_connection(self.connection.profile) self.assertEquals(0, self.vici_wrapper.get_connections_names().__len__()) def test_vici_unload_all_connection(self): self.assertEquals(0, self.vici_wrapper.get_connections_names().__len__()) self.vici_wrapper.load_connection(self.connection.dict()) self.connection.profile = 'test' self.vici_wrapper.load_connection(self.connection.dict()) self.assertEquals(2, self.vici_wrapper.get_connections_names().__len__()) self.vici_wrapper.unload_all_connections() self.assertEquals(0, self.vici_wrapper.get_connections_names().__len__()) def test_vici_get_connection_names(self): self.vici_wrapper.load_connection(self.connection.dict()) self.assertEquals(self.vici_wrapper.get_connections_names()[0], 'rw')
def unload(self): self.enabled = False self.save() vici_wrapper = ViciWrapper() vici_wrapper.unload_connection(self.profile)
def handle(self): self.form = AddOrEditForm(self.request.POST) if not self.form.is_valid(): return self._render(self.form) if self.form.my_poolname.lower( ) == 'dhcp' or self.form.my_poolname.lower() == 'radius': messages.add_message( self.request, messages.ERROR, 'Poolname "' + self.form.my_poolname + '" not allowed in pool creation. To ' 'use this name, please reference it directly from the connection wizard.' ) return self._render(self.form) else: if self.form.my_attribute == 'None': if self.form.my_attributevalues != "": messages.add_message( self.request, messages.ERROR, 'Can\'t add pool: Attribute values unclear for Attribute "None"' ) return self._render(self.form) pool = Pool(poolname=self.form.my_poolname, addresses=self.form.my_addresses) vici_pool = { self.form.my_poolname: { 'addrs': self.form.my_addresses } } else: if self.form.my_attributevalues == "": messages.add_message( self.request, messages.ERROR, 'Can\'t add pool: Attribute values mandatory if attribute is set.' ) return self._render(self.form) attr = self.form.my_attribute pool = Pool(poolname=self.form.my_poolname, addresses=self.form.my_addresses, attribute=attr, attributevalues=self.form.my_attributevalues) vici_pool = { self.form.my_poolname: { 'addrs': self.form.my_addresses, attr: [self.form.my_attributevalues] } } try: pool.clean() pool.save() vici = ViciWrapper() vici.load_pool(vici_pool) except ViciException as e: messages.add_message(self.request, messages.ERROR, str(e)) pool.delete() return self._render(self.form) except IntegrityError: messages.add_message(self.request, messages.ERROR, 'Poolname already in use.') return self._render(self.form) messages.add_message(self.request, messages.SUCCESS, 'Successfully added pool') if self.is_add_form: return render(self.request, 'pools/add_form.html', {"form": AddOrEditForm()}) else: return redirect(reverse("pools:index"))
def load(self): self.enabled = True self.save() vici_wrapper = ViciWrapper() vici_wrapper.unload_connection(self.profile) connection_dict = self.subclass().dict() vici_wrapper.load_connection(connection_dict) for local in self.server_local.all(): local = local.subclass() if local.has_private_key(): vici_wrapper.load_key(local.get_key_dict()) for remote in self.server_remote.all(): remote = remote.subclass() if remote.has_private_key(): vici_wrapper.load_key(remote.get_key_dict()) for cert in Certificate.objects.all(): vici_wrapper.load_certificate(OrderedDict(type=cert.type, flag='None', data=cert.der_container))
def main(): vici = ViciWrapper() load_credentials(vici) load_pools(vici) load_connections()
def _render(self): pooldetails = ViciWrapper().get_pools({'leases': "yes"}) table = {"pools": pooldetails} return render(self.request, 'pools/widgets/detailPoolTable.html', {'table': table, 'is_refresh': True})
def load_pools(vici=ViciWrapper()): for pool in Pool.objects.all(): vici.load_pool(pool.dict())
def load_credentials(vici=ViciWrapper()): load_secrets(vici) load_keys(vici) load_certificates(vici)
class IntegrationTest(TestCase): def setUp(self): self.client = Client() self.user = User.objects.create(username='******') self.user.set_password('12345') self.user.save() self.client.login(username='******', password='******') ca_cert = TestCertificates.strongSwan_cert.read() cert = TestCertificates.carol_cert.read() key = TestCertificates.carol_key.read() manager = UserCertificateManager() manager.add_keycontainer(cert) manager.add_keycontainer(key) manager.add_keycontainer(ca_cert) for c in Certificate.objects.all(): if "carol@strongswan" in str(c.der_container): self.carol_cert = c else: self.ca_cert = c for i in self.carol_cert.identities: if str(i.subclass()) == '*****@*****.**': self.carol_ident = i.subclass() self.vici_wrapper = ViciWrapper() self.vici_wrapper.unload_all_connections() def test_certificates_are_loaded(self): certificates = self.vici_wrapper.get_certificates() self.assertTrue(len(certificates) > 0) def test_Ike2EapIntegration(self): url_create = '/connections/add/' response = self.client.post(url_create, {'current_form': 'Ike2EapForm', 'gateway': 'gateway', 'profile': 'EAP', 'certificate_ca': self.ca_cert.pk, 'identity_ca': "moon.strongswan.org", 'username': "******", 'password': "******"}) print(response.content.decode('utf-8')) self.assertEquals(1, Connection.objects.count()) self.assertEquals(1, Child.objects.count()) connection = Connection.objects.first().subclass() toggle_url = '/connections/toggle/' self.client.post(toggle_url, {'id': connection.id}) self.assertEqual(self.vici_wrapper.get_connections_names().__len__(), 1) self.assertEqual(self.vici_wrapper.get_sas().__len__(), 1) self.client.post(toggle_url, {'id': connection.id}) self.assertEqual(self.vici_wrapper.get_sas().__len__(), 0) def test_Ike2Eap_auto_ca(self): url_create = '/connections/add/' response = self.client.post(url_create, {'current_form': 'Ike2EapForm', 'gateway': 'gateway', 'profile': 'EAP', 'certificate_ca_auto': True, 'identity_ca': "moon.strongswan.org", 'username': "******", 'password': "******"}) print(response.content.decode('utf-8')) self.assertEquals(1, Connection.objects.count()) self.assertEquals(1, Child.objects.count()) connection = Connection.objects.first().subclass() toggle_url = '/connections/toggle/' self.client.post(toggle_url, {'id': connection.id}) self.assertEqual(self.vici_wrapper.get_connections_names().__len__(), 1) self.assertEqual(self.vici_wrapper.get_sas().__len__(), 1) self.client.post(toggle_url, {'id': connection.id}) self.assertEqual(self.vici_wrapper.get_sas().__len__(), 0) def test_Ike2CertificateIntegration(self): url_create = '/connections/add/' self.client.post(url_create, {'gateway': 'gateway', 'profile': 'Cert', 'certificate': self.carol_cert.pk, 'identity': self.carol_ident.pk, 'certificate_ca': self.ca_cert.pk, 'identity_ca': "moon.strongswan.org", 'current_form': 'Ike2CertificateForm'}) self.assertEquals(1, Connection.objects.count()) self.assertEquals(1, Child.objects.count()) connection = Connection.objects.first().subclass() toggle_url = '/connections/toggle/' self.client.post(toggle_url, {'id': connection.id}) self.assertEqual(self.vici_wrapper.get_connections_names().__len__(), 1) self.assertEqual(self.vici_wrapper.get_sas().__len__(), 1) self.client.post(toggle_url, {'id': connection.id}) self.assertEqual(self.vici_wrapper.get_sas().__len__(), 0) def test_Ike2EapCertificateIntegration(self): url_create = '/connections/add/' self.client.post(url_create, {'gateway': 'gateway', 'profile': 'Eap+Cert', 'username': "******", 'password': "******", 'certificate': self.carol_cert.pk, 'identity': self.carol_cert.identities.first().pk, 'certificate_ca': self.ca_cert.pk, 'identity_ca': "moon.strongswan.org", 'current_form': 'Ike2EapCertificateForm'}) self.assertEquals(1, Connection.objects.count()) self.assertEquals(1, Child.objects.count()) connection = Connection.objects.first().subclass() toggle_url = '/connections/toggle/' self.client.post(toggle_url, {'id': connection.id}) self.assertEqual(self.vici_wrapper.get_connections_names().__len__(), 1) self.assertEqual(self.vici_wrapper.get_sas().__len__(), 1) self.client.post(toggle_url, {'id': connection.id}) self.assertEqual(self.vici_wrapper.get_sas().__len__(), 0) def test_Ike2EapTlsIntegration(self): url_create = '/connections/add/' self.client.post(url_create, {'gateway': 'gateway', 'profile': 'Eap+Tls', 'certificate': self.carol_cert.pk, 'identity': self.carol_cert.identities.first().pk, 'certificate_ca': self.ca_cert.pk, 'identity_ca': "moon.strongswan.org", 'current_form': 'Ike2EapTlsForm'}) self.assertEquals(1, Connection.objects.count()) self.assertEquals(1, Child.objects.count()) connection = Connection.objects.first().subclass() toggle_url = '/connections/toggle/' self.client.post(toggle_url, {'id': connection.id}) self.assertEqual(self.vici_wrapper.get_connections_names().__len__(), 1) self.assertEqual(self.vici_wrapper.get_sas().__len__(), 1) self.client.post(toggle_url, {'id': connection.id}) self.assertEqual(self.vici_wrapper.get_sas().__len__(), 0) def test_logs(self): self._start_connection() logs = self.client.post('/connections/log/', {'id': -1}) self.assertTrue(len(logs._container) > 0) def test_logs(self): self._start_connection() url = '/connections/log/' logs = self.client.post(url, {'id': -1}) self.assertTrue(len(logs._container) > 0) def test_sa_info(self): self._start_connection() url = '/connections/info/' connection = Connection.objects.first().subclass() info = self.client.post(url, {'id': connection.id}) self.assertTrue(len(info._container) > 0) def test_overview(self): self._start_connection() url = '/connections/' overview = self.client.get(url) self.assertEqual(overview.status_code, 200) def test_state(self): self._start_connection() connection = Connection.objects.first().subclass() url = '/connections/state/' + str(connection.id) + '/' state = self.client.post(url) self.assertEqual(state.status_code, 200) def _start_connection(self): url_create = '/connections/add/' self.client.post(url_create, {'gateway': 'gateway', 'profile': 'Eap+Tls', 'certificate': self.carol_cert.pk, 'identity': self.carol_cert.identities.first().pk, 'certificate_ca': self.ca_cert.pk, 'identity_ca': "moon.strongswan.org", 'current_form': 'Ike2EapTlsForm'}) self.assertEquals(1, Connection.objects.count()) self.assertEquals(1, Child.objects.count()) connection = Connection.objects.first().subclass() toggle_url = '/connections/toggle/' self.client.post(toggle_url, {'id': connection.id})
def load_secrets(vici=ViciWrapper()): for secret in Secret.objects.all(): vici.load_secret(secret.dict())
def start(self): vici_wrapper = ViciWrapper() vici_wrapper.unload_connection(self.profile) connection_dict = self.subclass().dict() vici_wrapper.load_connection(connection_dict) for local in self.local.all(): local = local.subclass() if local.has_private_key(): vici_wrapper.load_key(local.get_key_dict()) for secret in Secret.objects.filter(authentication=local): vici_wrapper.load_secret(secret.dict()) for remote in self.remote.all(): remote = remote.subclass() if remote.has_private_key(): vici_wrapper.load_key(remote.get_key_dict()) for secret in Secret.objects.filter(authentication=remote): vici_wrapper.load_secret(secret.dict()) for child in self.children.all(): logs = vici_wrapper.initiate(child.name, self.profile) for log in logs: LogMessage(connection=self, message=log['message']).save()
def stop(self): self.unload() vici_wrapper = ViciWrapper() logs = vici_wrapper.terminate_connection(self.profile) for log in logs: LogMessage(connection=self, message=log['message']).save()
def load(self): self.enabled = True self.save() vici_wrapper = ViciWrapper() vici_wrapper.unload_connection(self.profile) connection_dict = self.subclass().dict() vici_wrapper.load_connection(connection_dict) for local in self.server_local.all(): local = local.subclass() if local.has_private_key(): vici_wrapper.load_key(local.get_key_dict()) for remote in self.server_remote.all(): remote = remote.subclass() if remote.has_private_key(): vici_wrapper.load_key(remote.get_key_dict()) for cert in Certificate.objects.all(): vici_wrapper.load_certificate( OrderedDict(type=cert.type, flag='None', data=cert.der_container))
def load_keys(vici=ViciWrapper()): for key in PrivateKey.objects.all(): vici.load_key( OrderedDict(type=key.get_algorithm_type(), data=key.der_container))
def test_vici_socket(self): with self.assertRaises(ViciPathNotASocketException): ViciWrapper(socket_path="/")
def load_certificates(vici=ViciWrapper()): for cert in Certificate.objects.all(): vici.load_certificate( OrderedDict(type=cert.type, flag='None', data=cert.der_container))