예제 #1
0
    def db_maybe_launch_https_workers(self, session):
        config = ConfigFactory(session, 1)

        # If root_tenant is disabled do not start https
        on = config.get_val(u'https_enabled')
        if not on:
            log.info("Not launching workers")
            return defer.succeed(None)

        site_cfgs = load_tls_dict_list(session)

        valid_cfgs, err = [], None
        # Determine which site_cfgs are valid and only pass those to the child.
        for db_cfg in site_cfgs:
            chnv = tls.ChainValidator()
            ok, err = chnv.validate(db_cfg,
                                    must_be_disabled=False,
                                    check_expiration=False)
            if ok and err is None:
                valid_cfgs.append(db_cfg)

        self.tls_cfg['site_cfgs'] = valid_cfgs

        if not valid_cfgs:
            log.info("Not launching https workers due to %s", err)
            return defer.fail(err)

        log.info("Decided to launch https workers")

        return self.launch_https_workers()
예제 #2
0
    def test_duplicated_cert_as_chain(self):
        chn_v = tls.ChainValidator()

        self.cfg['ssl_key'] = self.valid_setup['key'].encode()
        self.cfg['ssl_cert'] = self.valid_setup['cert'].encode()

        self.cfg['ssl_intermediate'] = self.valid_setup['cert'].encode('utf-8')

        ok, err = chn_v.validate(self.cfg)
        self.assertFalse(ok)
        self.assertIsNotNone(err)
예제 #3
0
    def test_check_expiration(self):
        chn_v = tls.ChainValidator()

        self.cfg['ssl_key'] = self.valid_setup['key'].encode()

        p = os.path.join(self.test_data_dir, 'invalid/expired_cert_with_valid_prv.pem')
        with open(p, 'rb') as f:
            self.cfg['ssl_cert'] = f.read()

        ok, err = chn_v.validate(self.cfg, check_expiration=True)
        self.assertFalse(ok)
        self.assertTrue(isinstance(err, tls.ValidationException))
예제 #4
0
def try_to_enable_https(store):
    prv_fact = PrivateFactory(store)

    cv = tls.ChainValidator()
    db_cfg = load_tls_dict(store)
    db_cfg['https_enabled'] = False

    ok, err = cv.validate(db_cfg)
    if ok:
        prv_fact.set_val('https_enabled', True)
        GLSettings.memory_copy.private.https_enabled = True
    else:
        raise err
예제 #5
0
파일: https.py 프로젝트: og3niuz/GlobaLeaks 
def try_to_enable_https(session, tid):
    config = ConfigFactory(session, tid)

    cv = tls.ChainValidator()
    db_cfg = load_tls_dict(session, tid)
    db_cfg['https_enabled'] = False

    ok, _ = cv.validate(db_cfg)
    if not ok:
        raise errors.InputValidationError()

    config.set_val(u'https_enabled', True)
    State.tenant_cache[tid].https_enabled = True
예제 #6
0
def try_to_enable_https(session, tid):
    config = ConfigFactory(session, tid, 'node')

    cv = tls.ChainValidator()
    db_cfg = load_tls_dict(session, tid)
    db_cfg['https_enabled'] = False

    ok, err = cv.validate(db_cfg)
    if ok:
        config.set_val(u'https_enabled', True)
        State.tenant_cache[tid].https_enabled = True
    else:
        raise err
예제 #7
0
def try_to_enable_https(store):
    prv_fact = PrivateFactory(store)

    cv = tls.ChainValidator()
    db_cfg = load_tls_dict(store)
    db_cfg['https_enabled'] = False

    ok, err = cv.validate(db_cfg)
    if ok:
        prv_fact.set_val(u'https_enabled', True)
        State.tenant_cache[1].private.https_enabled = True
    else:
        raise err
예제 #8
0
    def test_chain_valid(self):
        chn_v = tls.ChainValidator()

        self.cfg['ssl_key'] = self.valid_setup['key'].encode()
        self.cfg['ssl_cert'] = self.valid_setup['cert'].encode()

        p = os.path.join(self.test_data_dir, 'valid', 'chains/comodo.pem')
        with open(p, 'rb') as f:
            self.cfg['ssl_intermediate'] = f.read()

        ok, err = chn_v.validate(self.cfg)
        self.assertTrue(ok)
        self.assertIsNone(err)
예제 #9
0
    def test_chain_invalid(self):
        chn_v = tls.ChainValidator()

        self.cfg['ssl_dh'] = self.valid_setup['dh_params']
        self.cfg['ssl_key'] = self.valid_setup['key']
        self.cfg['ssl_cert'] = self.valid_setup['cert']

        exceptions_from_validation = {'empty.txt'}

        for fname in self.invalid_files:
            p = os.path.join(self.test_data_dir, 'invalid', fname)
            with open(p, 'r') as f:
                self.cfg['ssl_intermediate'] = f.read()
            ok, err = chn_v.validate(self.cfg)
            if not fname in exceptions_from_validation:
                self.assertFalse(ok)
                self.assertIsNotNone(err)
            else:
                self.assertTrue(ok)
                self.assertIsNone(err)
예제 #10
0
    def db_maybe_launch_https_workers(self, store):
        privFact = PrivateFactory(store)

        on = privFact.get_val('https_enabled')
        if not on:
            log.info("Not launching workers")
            yield defer.succeed(None)
            return

        db_cfg = load_tls_dict(store)
        self.tls_cfg.update(db_cfg)

        chnv = tls.ChainValidator()
        ok, err = chnv.validate(db_cfg, must_be_disabled=False)

        if ok and err is None:
            log.info("Decided to launch https workers")
            yield self.launch_https_workers()
        else:
            log.info("Not launching https workers due to %s" % err)
            yield defer.fail(err)