Hot-keys on this page

r m x p   toggle line displays

j k   next/prev highlighted chunk

0   (zero) top of page

1   (one) first highlighted chunk

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

59

60

61

62

63

64

65

66

67

68

69

70

71

72

73

74

75

76

77

78

79

80

81

82

83

""" 

Copyright (c) 2012-2013 RockStor, Inc. <http://rockstor.com> 

This file is part of RockStor. 

 

RockStor is free software; you can redistribute it and/or modify 

it under the terms of the GNU General Public License as published 

by the Free Software Foundation; either version 2 of the License, 

or (at your option) any later version. 

 

RockStor is distributed in the hope that it will be useful, but 

WITHOUT ANY WARRANTY; without even the implied warranty of 

MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU 

General Public License for more details. 

 

You should have received a copy of the GNU General Public License 

along with this program. If not, see <http://www.gnu.org/licenses/>. 

""" 

 

from rest_framework.response import Response 

from django.db import transaction 

from storageadmin.models import TLSCertificate 

from storageadmin.serializers import TLSCertificateSerializer 

from storageadmin.util import handle_exception 

import rest_framework_custom as rfc 

from system.osi import run_command 

from shutil import move 

from tempfile import mkstemp 

from django.conf import settings 

from system.services import superctl 

import logging 

logger = logging.getLogger(__name__) 

 

OPENSSL = '/usr/bin/openssl' 

 

 

class TLSCertificateView(rfc.GenericView): 

    serializer_class = TLSCertificateSerializer 

 

    def get_queryset(self, *args, **kwargs): 

        return TLSCertificate.objects.all() 

 

    @transaction.atomic 

    def post(self, request): 

        with self._handle_exception(request): 

            name = request.data.get('name') 

            cert = request.data.get('cert') 

            key = request.data.get('key') 

            TLSCertificate.objects.filter().exclude(name=name).delete() 

            co, created = TLSCertificate.objects.get_or_create( 

                name=name, defaults={'certificate': cert, 'key': key}) 

            if (not created): 

                co.certificate = cert 

                co.key = key 

                co.save() 

            fo, kpath = mkstemp() 

            fo, cpath = mkstemp() 

            with open(kpath, 'w') as kfo, open(cpath, 'w') as cfo: 

                kfo.write(key) 

                cfo.write(cert) 

            try: 

                o, e, rc = run_command([OPENSSL, 'rsa', '-noout', '-modulus', 

                                        '-in', kpath]) 

            except Exception as e: 

                logger.exception(e) 

                e_msg = ('RSA key modulus could not be verified for the given ' 

                         'Private Key. Correct your input and try again') 

                handle_exception(Exception(e_msg), request) 

            try: 

                o2, e, rc = run_command([OPENSSL, 'x509', '-noout', 

                                         '-modulus', '-in', cpath]) 

            except Exception as e: 

                logger.exception(e) 

                e_msg = ('RSA key modulus could not be verified for the given ' 

                         'Certificate. Correct your input and try again') 

                handle_exception(Exception(e_msg), request) 

            if (o[0] != o2[0]): 

                e_msg = ('Given Certificate and the Private Key do not match. ' 

                         'Correct your input and try again') 

                handle_exception(Exception(e_msg), request) 

            move(cpath, '%s/rockstor.cert' % settings.CERTDIR) 

            move(kpath, '%s/rockstor.key' % settings.CERTDIR) 

            superctl('nginx', 'restart') 

            return Response(TLSCertificateSerializer(co).data)