def gencert(self, name, vars, hostname):
# Make sure our folders are in place
if not os.path.exists('/etc/ssl/certs/genesis'):
os.mkdir('/etc/ssl/certs/genesis')
if not os.path.exists('/etc/ssl/private/genesis'):
os.mkdir('/etc/ssl/private/genesis')
# If system time is way off, raise an error
try:
st = SystemTime.get_offset()
if st < -3600 or st > 3600:
raise SystemTimeError(st)
except:
raise SystemTimeError('UNKNOWN')
# Check to see that we have a CA ready
ca_cert_path = '/etc/ssl/certs/genesis/ca/' + hostname + '.pem'
ca_key_path = '/etc/ssl/private/genesis/ca/' + hostname + '.key'
if not os.path.exists(ca_cert_path) and not os.path.exists(
ca_key_path):
self.create_authority(hostname)
ca_cert = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM,
open(ca_cert_path).read())
ca_key = OpenSSL.crypto.load_privatekey(OpenSSL.crypto.FILETYPE_PEM,
open(ca_key_path).read())
# Generate a key, then use it to sign a new cert
# We'll use 2048-bit RSA until pyOpenSSL supports ECC
keytype = OpenSSL.crypto.TYPE_DSA if self.app.get_config(
self).keytype == 'DSA' else OpenSSL.crypto.TYPE_RSA
keylength = int(self.app.get_config(self).keylength)
try:
key = OpenSSL.crypto.PKey()
key.generate_key(keytype, keylength)
crt = OpenSSL.crypto.X509()
crt.set_version(3)
if vars.getvalue('certcountry', ''):
crt.get_subject().C = vars.getvalue('certcountry')
if vars.getvalue('certsp', ''):
crt.get_subject().ST = vars.getvalue('certsp')
if vars.getvalue('certlocale', ''):
crt.get_subject().L = vars.getvalue('certlocale')
if vars.getvalue('certcn', ''):
crt.get_subject().CN = vars.getvalue('certcn')
if vars.getvalue('certemail', ''):
crt.get_subject().emailAddress = vars.getvalue('certemail')
crt.get_subject().O = 'arkOS Servers'
crt.set_serial_number(int(SystemTime.get_serial_time()))
crt.gmtime_adj_notBefore(0)
crt.gmtime_adj_notAfter(2 * 365 * 24 * 60 * 60)
crt.set_issuer(ca_cert.get_subject())
crt.set_pubkey(key)
crt.sign(ca_key, 'sha1')
except Exception, e:
raise Exception('Error generating self-signed certificate: ' +
str(e))
def get_ui(self):
ui = self.app.inflate('sysconfig:main')
systime = SystemTime.get_datetime('%s, %s' \
% (self.app.gconfig.get('genesis', 'dformat', '%d %b %Y'),
self.app.gconfig.get('genesis', 'tformat', '%H:%M')))
offset = 0
try:
offset = SystemTime.get_offset()
except Exception, e:
self.app.log.error('Could not get Internet time. Please check your connection. Error: %s' % str(e))
self.put_message('err', 'Could not get Internet time. Please check your connection.')
def gencert(self, name, vars, keytype, keylength, hostname):
# Make sure our folders are in place
if not os.path.exists('/etc/ssl/certs/genesis'):
os.mkdir('/etc/ssl/certs/genesis')
if not os.path.exists('/etc/ssl/private/genesis'):
os.mkdir('/etc/ssl/private/genesis')
# If system time is way off, raise an error
try:
st = SystemTime.get_offset()
if st < -3600 or st > 3600:
raise SystemTimeError(st)
except:
raise SystemTimeError('UNKNOWN')
# Check to see that we have a CA ready
ca_cert_path = '/etc/ssl/certs/genesis/ca/'+hostname+'.pem'
ca_key_path = '/etc/ssl/private/genesis/ca/'+hostname+'.key'
if not os.path.exists(ca_cert_path) and not os.path.exists(ca_key_path):
self.create_authority(hostname)
ca_cert = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM, open(ca_cert_path).read())
ca_key = OpenSSL.crypto.load_privatekey(OpenSSL.crypto.FILETYPE_PEM, open(ca_key_path).read())
# Generate a key, then use it to sign a new cert
# We'll use 2048-bit RSA until pyOpenSSL supports ECC
keytype = OpenSSL.crypto.TYPE_DSA if keytype == 'DSA' else OpenSSL.crypto.TYPE_RSA
keylength = int(keylength)
try:
key = OpenSSL.crypto.PKey()
key.generate_key(keytype, keylength)
crt = OpenSSL.crypto.X509()
crt.set_version(3)
if vars.getvalue('certcountry', ''):
crt.get_subject().C = vars.getvalue('certcountry')
if vars.getvalue('certsp', ''):
crt.get_subject().ST = vars.getvalue('certsp')
if vars.getvalue('certlocale', ''):
crt.get_subject().L = vars.getvalue('certlocale')
if vars.getvalue('certcn', ''):
crt.get_subject().CN = vars.getvalue('certcn')
if vars.getvalue('certemail', ''):
crt.get_subject().emailAddress = vars.getvalue('certemail')
crt.get_subject().O = 'arkOS Servers'
crt.set_serial_number(int(SystemTime.get_serial_time()))
crt.gmtime_adj_notBefore(0)
crt.gmtime_adj_notAfter(2*365*24*60*60)
crt.set_issuer(ca_cert.get_subject())
crt.set_pubkey(key)
crt.sign(ca_key, 'sha1')
except Exception, e:
raise Exception('Error generating self-signed certificate: '+str(e))
def get_ui(self):
ui = self.app.inflate('sysconfig:main')
systime = SystemTime.get_datetime('%s, %s' \
% (self.app.gconfig.get('genesis', 'dformat', '%d %b %Y'),
self.app.gconfig.get('genesis', 'tformat', '%H:%M')))
offset = 0
try:
offset = SystemTime.get_offset()
except Exception, e:
self.app.log.error(
'Could not get Internet time. Please check your connection. Error: %s'
% str(e))
self.put_message(
'err',
'Could not get Internet time. Please check your connection.')
def create_authority(self, hostname):
key = OpenSSL.crypto.PKey()
key.generate_key(OpenSSL.crypto.TYPE_RSA, 2048)
ca = OpenSSL.crypto.X509()
ca.set_version(3)
ca.set_serial_number(int(SystemTime.get_serial_time()))
ca.get_subject().O = 'arkOS Servers'
ca.get_subject().CN = hostname
ca.gmtime_adj_notBefore(0)
ca.gmtime_adj_notAfter(5*365*24*60*60)
ca.set_issuer(ca.get_subject())
ca.set_pubkey(key)
ca.add_extensions([
OpenSSL.crypto.X509Extension("basicConstraints", True, "CA:TRUE, pathlen:0"),
OpenSSL.crypto.X509Extension("keyUsage", True, "keyCertSign, cRLSign"),
OpenSSL.crypto.X509Extension("subjectKeyIdentifier", False, "hash", subject=ca),
])
ca.sign(key, 'sha1')
open('/etc/ssl/certs/genesis/ca/'+hostname+'.pem', "wt").write(
OpenSSL.crypto.dump_certificate(
OpenSSL.crypto.FILETYPE_PEM, ca)
)
os.chmod('/etc/ssl/certs/genesis/ca/'+hostname+'.pem', 0660)
open('/etc/ssl/private/genesis/ca/'+hostname+'.key', "wt").write(
OpenSSL.crypto.dump_privatekey(
OpenSSL.crypto.FILETYPE_PEM, key)
)
def create_authority(self, hostname):
key = OpenSSL.crypto.PKey()
key.generate_key(OpenSSL.crypto.TYPE_RSA, 2048)
ca = OpenSSL.crypto.X509()
ca.set_version(3)
ca.set_serial_number(int(SystemTime().get_serial_time()))
ca.get_subject().CN = hostname
ca.gmtime_adj_notBefore(0)
ca.gmtime_adj_notAfter(5 * 365 * 24 * 60 * 60)
ca.set_issuer(ca.get_subject())
ca.set_pubkey(key)
ca.add_extensions([
OpenSSL.crypto.X509Extension("basicConstraints", True,
"CA:TRUE, pathlen:0"),
OpenSSL.crypto.X509Extension("keyUsage", True,
"keyCertSign, cRLSign"),
OpenSSL.crypto.X509Extension("subjectKeyIdentifier",
False,
"hash",
subject=ca),
])
ca.sign(key, 'sha1')
open('/etc/ssl/certs/genesis/ca/' + hostname + '.pem', "wt").write(
OpenSSL.crypto.dump_certificate(OpenSSL.crypto.FILETYPE_PEM, ca))
os.chmod('/etc/ssl/certs/genesis/ca/' + hostname + '.pem', 0660)
open('/etc/ssl/private/genesis/ca/' + hostname + '.key', "wt").write(
OpenSSL.crypto.dump_privatekey(OpenSSL.crypto.FILETYPE_PEM, key))
def on_click(self, event, params, vars=None):
if params[0] == 'svc':
if params[2] == 'start':
self._mgr.start(params[1])
elif params[2] == 'stop':
self._mgr.stop(params[1])
elif params[2] == 'enable':
self._mgr.enable(params[1])
elif params[2] == 'disable':
self._mgr.disable(params[1])
if params[0] == 'settime':
try:
SystemTime.set_datetime()
self.put_message('success', 'System time updated successfully')
except Exception, e:
self.app.log.error('Could not set time. Please check your connection. Error: %s' % str(e))
self.put_message('err', 'Could not set time. Please check your connection.')
def on_click(self, event, params, vars=None):
if params[0] == 'svc':
if params[2] == 'start':
self._mgr.start(params[1])
elif params[2] == 'stop':
self._mgr.stop(params[1])
elif params[2] == 'enable':
self._mgr.enable(params[1])
elif params[2] == 'disable':
self._mgr.disable(params[1])
if params[0] == 'settime':
try:
SystemTime.set_datetime()
self.put_message('success', 'System time updated successfully')
except Exception, e:
self.app.log.error(
'Could not set time. Please check your connection. Error: %s'
% str(e))
self.put_message(
'err', 'Could not set time. Please check your connection.')
def gencert(self, name, vars):
# Make sure our folders are in place
if not os.path.exists('/etc/ssl/certs/genesis'):
os.mkdir('/etc/ssl/certs/genesis')
if not os.path.exists('/etc/ssl/private/genesis'):
os.mkdir('/etc/ssl/private/genesis')
# If system time is way off, raise an error
try:
st = SystemTime().get_offset()
if st < -3600 or st > 3600:
raise SystemTimeError(st)
except:
raise SystemTimeError('UNKNOWN')
# Generate a key, then use it to sign a new cert
# We'll use 2048-bit RSA until pyOpenSSL supports ECC
try:
key = OpenSSL.crypto.PKey()
key.generate_key(OpenSSL.crypto.TYPE_RSA, 2048)
crt = OpenSSL.crypto.X509()
if vars.getvalue('certcountry', '') != '':
crt.get_subject().C = vars.getvalue('certcountry')
if vars.getvalue('certsp', '') != '':
crt.get_subject().ST = vars.getvalue('certsp')
if vars.getvalue('certlocale', '') != '':
crt.get_subject().L = vars.getvalue('certlocale')
if vars.getvalue('certcn', '') != '':
crt.get_subject().CN = vars.getvalue('certcn')
if vars.getvalue('certemail', '') != '':
crt.get_subject().emailAddress = vars.getvalue('certemail')
crt.set_serial_number(int(SystemTime().get_serial_time()))
crt.gmtime_adj_notBefore(0)
crt.gmtime_adj_notAfter(2 * 365 * 24 * 60 * 60)
crt.set_pubkey(key)
crt.sign(key, 'sha1')
except Exception, e:
raise Exception('Error generating self-signed certificate: ' +
str(e))
def on_init(self):
self._mgr = self.app.get_backend(apis.services.IServiceManager)
self._be = backend.Config(self.app)
self._st = SystemTime()
self.hostname = self._be.gethostname()
class SysConfigPlugin(CategoryPlugin):
text = 'System Settings'
iconfont = 'gen-cog'
folder = False
def on_init(self):
self._mgr = self.app.get_backend(apis.services.IServiceManager)
self._be = backend.Config(self.app)
self._st = SystemTime()
self.hostname = self._be.gethostname()
def get_ui(self):
ui = self.app.inflate('sysconfig:main')
systime = self._st.get_datetime('%d %B %Y, %H:%M:%S')
offset = 0
try:
offset = self._st.get_offset()
except Exception, e:
self.app.log.error('Could not get Internet time. Please check your connection. Error: %s' % str(e))
self.put_message('err', 'Could not get Internet time. Please check your connection.')
# General
ui.find('hostname').set('value', self.hostname)
if os.path.exists('/etc/localtime'):
tz_active = os.path.realpath('/etc/localtime').split('/usr/share/zoneinfo/')[1]
tz_sel = [UI.SelectOption(text=x, value=x,
selected=True if tz_active in x else False)
for x in zonelist.zones]
ui.appendAll('zoneselect', *tz_sel)
# Time
ui.find('systime').set('text', systime)
ui.find('offset').set('text', '%s seconds' % offset)
# Tools
if shell_cs('which logrunnerd')[0] != 0:
lrstat = 'Not installed'
else:
if self._mgr.get_status('logrunner') == 'running':
lrstat = 'Running'
ui.find('fllogrunner').append(UI.Button(text="Stop", id="svc/logrunner/stop"))
else:
lrstat = 'Not running'
ui.find('fllogrunner').append(UI.Button(text="Start", id="svc/logrunner/start"))
if self._mgr.get_enabled('logrunner') == 'enabled':
lrstat += ' and enabled on boot'
ui.find('fllogrunner').append(UI.Button(text="Disable on boot", id="svc/logrunner/disable"))
else:
lrstat += ' and not enabled on boot'
ui.find('fllogrunner').append(UI.Button(text="Enable on boot", id="svc/logrunner/enable"))
if shell_cs('which beacond')[0] != 0:
bestat = 'Not installed'
else:
if self._mgr.get_status('beacon') == 'running':
lrstat = 'Running'
ui.find('flbeacon').append(UI.Button(text="Stop", id="svc/beacon/stop"))
else:
lrstat = 'Not running'
ui.find('flbeacon').append(UI.Button(text="Start", id="svc/beacon/start"))
if self._mgr.get_enabled('beacon') == 'enabled':
lrstat += ' and enabled on boot'
ui.find('flbeacon').append(UI.Button(text="Disable on boot", id="svc/beacon/disable"))
else:
lrstat += ' and not enabled on boot'
ui.find('flbeacon').append(UI.Button(text="Enable on boot", id="svc/beacon/enable"))
ui.find('logrunner').set('text', lrstat)
ui.find('beacon').set('text', bestat)
if self._changed:
self.put_message('warn', 'A restart is required for this setting change to take effect.')
return ui
def get_ui(self):
ui = self.app.inflate('certificates:main')
ui.find('tabs').set('active', self._tab)
ui.find('kl'+self._cfg.keylength).set('selected', True)
ui.find('kt'+self._cfg.keytype.lower()).set('selected', True)
ui.find('ciphers').set('value', self._cfg.ciphers)
for s in self.certs:
ui.find('certlist').append(
UI.TblBtn(
id='info/'+str(self.certs.index(s)),
icon='gen-certificate',
name=s.name,
subtext="%s-bit %s" % (s.keylength, s.keytype)
)
)
ui.find('certlist').append(
UI.TblBtn(
id='gen',
icon='gen-plus-circle',
name='Generate certificate'
)
)
ui.find('certlist').append(
UI.TblBtn(
id='upl',
icon='gen-file-upload',
name='Upload certificate'
)
)
lst = ui.find('certauth')
if not self.cas:
lst.append(UI.Btn(text="Generate New", id="cagen"))
for s in self.cas:
exp = SystemTime.convert(s['expiry'], '%Y%m%d%H%M%SZ', self.app.gconfig.get('genesis', 'dformat', '%d %b %Y'))
lst.append(UI.FormLine(
UI.HContainer(
UI.Label(text='Expires '+exp),
UI.TipIcon(iconfont='gen-download', text='Download',
id='cadl',
onclick='window.open("/certificates/dl", "_blank")'),
UI.TipIcon(iconfont='gen-close', text='Delete',
id='cadel/' + str(self.cas.index(s))),
), text=s['name'], horizontal=True
))
if self._gen:
ui.find('certcn').set('value', self._hostname)
self._wal, self._pal = self._cc.get_ssl_capable()
alist, wlist, plist = [], [], []
for cert in self.certs:
for i in cert.assign:
alist.append(i)
if not {'type': 'genesis'} in alist:
ui.find('certassign').append(
UI.FormLine(
UI.Checkbox(text='Genesis SSL', name='genesis', value='genesis', checked=False),
checkbox=True)
)
for x in self._wal:
if not {'type': 'website', 'name': x.name} in alist:
ui.find('certassign').append(
UI.FormLine(
UI.Checkbox(text=x.name, name='wassign[]', value=x.name, checked=False),
checkbox=True)
)
wlist.append(x)
self._wal = wlist
for x in self._pal:
if not {'type': 'plugin', 'name': x.text} in alist:
ui.find('certassign').append(
UI.FormLine(
UI.Checkbox(text=x.text, name='passign[]', value=x.text, checked=False),
checkbox=True)
)
plist.append(x)
self._pal = plist
else:
ui.remove('dlgGen')
if self._cinfo:
self._wal, self._pal = self._cc.get_ssl_capable()
ui.find('certname').set('text', self._cinfo.name)
ui.find('domain').set('text', self._cinfo.domain)
ui.find('ikeytype').set('text', '%s-bit %s' % (self._cinfo.keylength, self._cinfo.keytype))
exp = SystemTime.convert(self._cinfo.expiry, '%Y%m%d%H%M%SZ', self.app.gconfig.get('genesis', 'dformat', '%d %b %Y'))
ui.find('expires').set('text', exp)
ui.find('sha1').set('text', self._cinfo.sha1)
ui.find('md5').set('text', self._cinfo.md5)
alist = []
for cert in self.certs:
if cert != self._cinfo:
for i in cert.assign:
alist.append(i)
if not 'genesis' in [x['type'] for x in alist]:
if 'genesis' in [x['type'] for x in self._cinfo.assign]:
ic, ict, show = 'gen-checkmark-circle', 'Assigned', 'd'
else:
ic, ict, show = None, None, 'e'
ui.find('certassign').append(
UI.DTR(
UI.IconFont(iconfont=ic, text=ict),
UI.IconFont(iconfont='gen-arkos-round'),
UI.Label(text='Genesis'),
UI.HContainer(
(UI.TipIcon(iconfont='gen-checkmark-circle',
text='Assign', id='ac/'+self._cinfo.name+'/g') if show == 'e' else None),
(UI.TipIcon(iconfont='gen-close',
text='Unassign', id='uc/'+self._cinfo.name+'/g',
warning=('Are you sure you wish to unassign this certificate? '
'SSL on this service will be disabled, and you will need to '
'reload Genesis for changes to take place.')) if show == 'd' else None),
),
)
)
for x in self._wal:
if not x.name in [y['name'] for y in alist if y['type'] == 'website']:
if x.name in [y['name'] for y in self._cinfo.assign if y['type'] == 'website']:
ic, ict, show = 'gen-checkmark-circle', 'Assigned', 'd'
else:
ic, ict, show = None, None, 'e'
ui.find('certassign').append(
UI.DTR(
UI.IconFont(iconfont=ic, text=ict),
UI.IconFont(iconfont='gen-earth'),
UI.Label(text=x.name),
UI.HContainer(
(UI.TipIcon(iconfont='gen-checkmark-circle',
text='Assign', id='ac/'+self._cinfo.name+'/w/'+str(self._wal.index(x))) if show == 'e' else None),
(UI.TipIcon(iconfont='gen-close',
text='Unassign', id='uc/'+self._cinfo.name+'/w/'+str(self._wal.index(x)),
warning=('Are you sure you wish to unassign this certificate? '
'SSL on this service will be disabled.')) if show == 'd' else None),
),
)
)
for x in self._pal:
if not x.pid in [y['id'] for y in alist if y['type'] == 'plugin']:
if x.pid in [y['id'] for y in self._cinfo.assign if y['type'] == 'plugin']:
ic, ict, show = 'gen-checkmark-circle', 'Assigned', 'd'
else:
ic, ict, show = None, None, 'e'
ui.find('certassign').append(
UI.DTR(
UI.IconFont(iconfont=ic, text=ict),
UI.IconFont(iconfont=x.iconfont),
UI.Label(text=x.text),
UI.HContainer(
(UI.TipIcon(iconfont='gen-checkmark-circle',
text='Assign', id='ac/'+self._cinfo.name+'/p/'+str(self._pal.index(x))) if show == 'e' else None),
(UI.TipIcon(iconfont='gen-close',
text='Unassign', id='uc/'+self._cinfo.name+'/p/'+str(self._pal.index(x)),
warning=('Are you sure you wish to unassign this certificate? '
'SSL on this service will be disabled.')) if show == 'd' else None),
),
)
)
else:
ui.remove('dlgInfo')
if self._upload:
ui.append('main', UI.DialogBox(
UI.FormLine(UI.TextInput(name='certname'), text='Name'),
UI.FormLine(UI.FileInput(id='certfile'), text='Certificate file'),
UI.FormLine(UI.FileInput(id='keyfile'), text='Certificate keyfile'),
UI.FormLine(UI.FileInput(id='chainfile'), text='Certificate chainfile',
help='This is optional, only put it if you know you need one.'),
id='dlgUpload', mp=True))
return ui
def on_init(self):
self._mgr = self.app.get_backend(apis.services.IServiceManager)
self._be = backend.Config(self.app)
self._st = SystemTime()
self.hostname = self._be.gethostname()
class SysConfigPlugin(CategoryPlugin):
text = 'System Settings'
iconfont = 'gen-cog'
folder = False
def on_init(self):
self._mgr = self.app.get_backend(apis.services.IServiceManager)
self._be = backend.Config(self.app)
self._st = SystemTime()
self.hostname = self._be.gethostname()
def get_ui(self):
ui = self.app.inflate('sysconfig:main')
systime = self._st.get_datetime('%s, %s' \
% (self.app.gconfig.get('genesis', 'dformat', '%d %b %Y'),
self.app.gconfig.get('genesis', 'tformat', '%H:%M')))
offset = 0
try:
offset = self._st.get_offset()
except Exception, e:
self.app.log.error(
'Could not get Internet time. Please check your connection. Error: %s'
% str(e))
self.put_message(
'err',
'Could not get Internet time. Please check your connection.')
# General
ui.find('hostname').set('value', self.hostname)
tz_active = os.path.realpath('/etc/localtime').split(
'/usr/share/zoneinfo/')[1] if os.path.exists(
'/etc/localtime') else ''
tz_sel = [
UI.SelectOption(text=x,
value=x,
selected=True if tz_active in x else False)
for x in zonelist.zones
]
ui.appendAll('zoneselect', *tz_sel)
# Time
ui.find('systime').set('text', systime)
ui.find('offset').set('text', '%s seconds' % offset)
# Tools
if shell_cs('which logrunnerd')[0] != 0:
lrstat = 'Not installed'
else:
if self._mgr.get_status('logrunner') == 'running':
lrstat = 'Running'
ui.find('fllogrunner').append(
UI.Button(text="Stop", id="svc/logrunner/stop"))
else:
lrstat = 'Not running'
ui.find('fllogrunner').append(
UI.Button(text="Start", id="svc/logrunner/start"))
if self._mgr.get_enabled('logrunner') == 'enabled':
lrstat += ' and enabled on boot'
ui.find('fllogrunner').append(
UI.Button(text="Disable on boot",
id="svc/logrunner/disable"))
else:
lrstat += ' and not enabled on boot'
ui.find('fllogrunner').append(
UI.Button(text="Enable on boot",
id="svc/logrunner/enable"))
if shell_cs('which beacond')[0] != 0:
bestat = 'Not installed'
else:
if self._mgr.get_status('beacon') == 'running':
bestat = 'Running'
ui.find('flbeacon').append(
UI.Button(text="Stop", id="svc/beacon/stop"))
else:
bestat = 'Not running'
ui.find('flbeacon').append(
UI.Button(text="Start", id="svc/beacon/start"))
if self._mgr.get_enabled('beacon') == 'enabled':
bestat += ' and enabled on boot'
ui.find('flbeacon').append(
UI.Button(text="Disable on boot", id="svc/beacon/disable"))
else:
bestat += ' and not enabled on boot'
ui.find('flbeacon').append(
UI.Button(text="Enable on boot", id="svc/beacon/enable"))
ui.find('logrunner').set('text', lrstat)
ui.find('beacon').set('text', bestat)
if self._changed:
self.put_message(
'warn',
'A restart is required for this setting change to take effect.'
)
return ui
def get_ui(self):
ui = self.app.inflate('certificates:main')
ui.find('tabs').set('active', self._tab)
cfg = self.app.get_config(CertControl(self.app))
ui.find('kl'+cfg.keylength).set('selected', True)
ui.find('kt'+cfg.keytype.lower()).set('selected', True)
ui.find('ciphers').set('value', cfg.ciphers)
for s in self.certs:
ui.find('certlist').append(
UI.TblBtn(
id='info/'+str(self.certs.index(s)),
icon='gen-certificate',
name=s['name'],
subtext=s['keylength']+'-bit '+s['keytype']
)
)
ui.find('certlist').append(
UI.TblBtn(
id='gen',
icon='gen-plus-circle',
name='Generate certificate'
)
)
ui.find('certlist').append(
UI.TblBtn(
id='upl',
icon='gen-file-upload',
name='Upload certificate'
)
)
lst = ui.find('certauth')
if not self.cas:
lst.append(UI.Btn(text="Generate New", id="cagen"))
for s in self.cas:
exp = SystemTime.convert(s['expiry'], '%Y%m%d%H%M%SZ', self.app.gconfig.get('genesis', 'dformat', '%d %b %Y'))
lst.append(UI.FormLine(
UI.HContainer(
UI.Label(text='Expires '+exp),
UI.TipIcon(iconfont='gen-download', text='Download',
id='cadl',
onclick='window.open("/certificates/dl", "_blank")'),
UI.TipIcon(iconfont='gen-close', text='Delete',
id='cadel/' + str(self.cas.index(s))),
), text=s['name'], horizontal=True
))
if self._gen:
ui.find('certcn').set('value', self._hostname)
self._wal, self._pal = self._cc.get_ssl_capable()
alist, wlist, plist = [], [], []
for cert in self.certs:
for i in cert['assign']:
alist.append(i)
if not {'type': 'genesis'} in alist:
ui.find('certassign').append(
UI.FormLine(
UI.Checkbox(text='Genesis SSL', name='genesis', value='genesis', checked=False),
checkbox=True)
)
for x in self._wal:
if not {'type': 'website', 'name': x.name} in alist:
ui.find('certassign').append(
UI.FormLine(
UI.Checkbox(text=x.name, name='wassign[]', value=x.name, checked=False),
checkbox=True)
)
wlist.append(x)
self._wal = wlist
for x in self._pal:
if not {'type': 'plugin', 'name': x.text} in alist:
ui.find('certassign').append(
UI.FormLine(
UI.Checkbox(text=x.text, name='passign[]', value=x.text, checked=False),
checkbox=True)
)
plist.append(x)
self._pal = plist
else:
ui.remove('dlgGen')
if self._cinfo:
self._wal, self._pal = self._cc.get_ssl_capable()
ui.find('certname').set('text', self._cinfo['name'])
ui.find('domain').set('text', self._cinfo['domain'])
ui.find('ikeytype').set('text', self._cinfo['keylength']+'-bit '+self._cinfo['keytype'])
exp = SystemTime.convert(self._cinfo['expiry'], '%Y%m%d%H%M%SZ', self.app.gconfig.get('genesis', 'dformat', '%d %b %Y'))
ui.find('expires').set('text', exp)
ui.find('sha1').set('text', self._cinfo['sha1'])
ui.find('md5').set('text', self._cinfo['md5'])
ui.find('dlgInfo').set('miscbtnid', 'del/' + str(self.certs.index(self._cinfo)))
alist = []
for cert in self.certs:
if cert != self._cinfo:
for i in cert['assign']:
alist.append(i)
if not 'genesis' in [x['type'] for x in alist]:
if 'genesis' in [x['type'] for x in self._cinfo['assign']]:
ic, ict, show = 'gen-checkmark-circle', 'Assigned', 'd'
else:
ic, ict, show = None, None, 'e'
ui.find('certassign').append(
UI.DTR(
UI.IconFont(iconfont=ic, text=ict),
UI.IconFont(iconfont='gen-arkos-round'),
UI.Label(text='Genesis'),
UI.HContainer(
(UI.TipIcon(iconfont='gen-checkmark-circle',
text='Assign', id='ac/'+self._cinfo['name']+'/g') if show == 'e' else None),
(UI.TipIcon(iconfont='gen-close',
text='Unassign', id='uc/'+self._cinfo['name']+'/g',
warning=('Are you sure you wish to unassign this certificate? '
'SSL on this service will be disabled, and you will need to '
'reload Genesis for changes to take place.')) if show == 'd' else None),
),
)
)
for x in self._wal:
if not x.name in [y['name'] for y in alist if y['type'] == 'website']:
if x.name in [y['name'] for y in self._cinfo['assign'] if y['type'] == 'website']:
ic, ict, show = 'gen-checkmark-circle', 'Assigned', 'd'
else:
ic, ict, show = None, None, 'e'
ui.find('certassign').append(
UI.DTR(
UI.IconFont(iconfont=ic, text=ict),
UI.IconFont(iconfont='gen-earth'),
UI.Label(text=x.name),
UI.HContainer(
(UI.TipIcon(iconfont='gen-checkmark-circle',
text='Assign', id='ac/'+self._cinfo['name']+'/w/'+str(self._wal.index(x))) if show == 'e' else None),
(UI.TipIcon(iconfont='gen-close',
text='Unassign', id='uc/'+self._cinfo['name']+'/w/'+str(self._wal.index(x)),
warning=('Are you sure you wish to unassign this certificate? '
'SSL on this service will be disabled.')) if show == 'd' else None),
),
)
)
for x in self._pal:
if not x.pid in [y['id'] for y in alist if y['type'] == 'plugin']:
if x.pid in [y['id'] for y in self._cinfo['assign'] if y['type'] == 'plugin']:
ic, ict, show = 'gen-checkmark-circle', 'Assigned', 'd'
else:
ic, ict, show = None, None, 'e'
ui.find('certassign').append(
UI.DTR(
UI.IconFont(iconfont=ic, text=ict),
UI.IconFont(iconfont=x.iconfont),
UI.Label(text=x.text),
UI.HContainer(
(UI.TipIcon(iconfont='gen-checkmark-circle',
text='Assign', id='ac/'+self._cinfo['name']+'/p/'+str(self._pal.index(x))) if show == 'e' else None),
(UI.TipIcon(iconfont='gen-close',
text='Unassign', id='uc/'+self._cinfo['name']+'/p/'+str(self._pal.index(x)),
warning=('Are you sure you wish to unassign this certificate? '
'SSL on this service will be disabled.')) if show == 'd' else None),
),
)
)
else:
ui.remove('dlgInfo')
if self._upload:
ui.append('main', UI.DialogBox(
UI.FormLine(UI.TextInput(name='certname'), text='Name'),
UI.FormLine(UI.FileInput(id='certfile'), text='Certificate file'),
UI.FormLine(UI.FileInput(id='keyfile'), text='Certificate keyfile'),
UI.FormLine(UI.FileInput(id='chainfile'), text='Certificate chainfile',
help='This is optional, only put it if you know you need one.'),
id='dlgUpload', mp=True))
return ui
