1
0
mirror of https://github.com/laurivosandi/certidude synced 2024-12-22 16:25:17 +00:00

Various web frontend fixes

This commit is contained in:
Lauri Võsandi 2018-05-24 08:48:58 +03:00
parent ef16bac80f
commit f21417a214
11 changed files with 33 additions and 19 deletions

View File

@ -81,7 +81,7 @@ config setup
ca $AUTHORITY ca $AUTHORITY
auto=add auto=add
cacert=/etc/certidude/authority/$AUTHORITY/ca_cert.pem cacert=/etc/certidude/authority/$AUTHORITY/ca_cert.pem
ocspuri = http://$AUTHORITY/api/ocsp/ # OCSP and CRL URL-s embedded in certificates
conn %default conn %default
keyingtries=%forever keyingtries=%forever
@ -94,7 +94,7 @@ conn %default
leftca="$AUTHORITY_CERTIFICATE_DISTINGUISHED_NAME" leftca="$AUTHORITY_CERTIFICATE_DISTINGUISHED_NAME"
rightca="$AUTHORITY_CERTIFICATE_DISTINGUISHED_NAME" rightca="$AUTHORITY_CERTIFICATE_DISTINGUISHED_NAME"
conn client-to-site conn c2s
auto=start auto=start
right="$ROUTER" right="$ROUTER"
rightsubnet="$SUBNETS" rightsubnet="$SUBNETS"
@ -103,7 +103,4 @@ conn client-to-site
EOF EOF
cat << EOF > $OVERLAY/etc/uci-defaults/99-uhttpd-disable-https # Note that auto=route is not supported at the moment with libipsec
uci delete uhttpd.main.listen_https
uci delete uhttpd.main.redirect_https
EOF

0
certidude/builder/overlay/etc/uci-defaults/40-hostname Normal file → Executable file
View File

3
certidude/builder/overlay/etc/uci-defaults/60-cron Normal file → Executable file
View File

@ -1,5 +1,7 @@
#!/bin/sh #!/bin/sh
/etc/init.d/ipsec enable
# Randomize restart time # Randomize restart time
OFFSET=$(awk -v min=1 -v max=59 'BEGIN{srand(); print int(min+rand()*(max-min+1))}') OFFSET=$(awk -v min=1 -v max=59 'BEGIN{srand(); print int(min+rand()*(max-min+1))}')
@ -14,3 +16,4 @@ chmod 0600 /etc/crontabs/root
/etc/init.d/cron enable /etc/init.d/cron enable
exit 0

View File

View File

@ -0,0 +1,3 @@
uci delete uhttpd.main.listen_https
uci delete uhttpd.main.redirect_https
exit 0

View File

@ -126,5 +126,4 @@ mv $CERTIFICATE_PATH.part $CERTIFICATE_PATH
# Start services # Start services
logger -t certidude -s "Starting IPSec IKEv2 daemon..." logger -t certidude -s "Starting IPSec IKEv2 daemon..."
/etc/init.d/ipsec enable
/etc/init.d/ipsec restart /etc/init.d/ipsec restart

View File

@ -26,9 +26,9 @@
<a class="nav-link" href="#">Log</a> <a class="nav-link" href="#">Log</a>
</li> </li>
</ul> </ul>
<form class="form-inline my-2 my-lg-0"> <div class="form-inline my-2 my-lg-0">
<input id="search" class="form-control mr-sm-2" style="display:none;" type="search" placeholder="🔍"> <input id="search" class="form-control mr-sm-2" style="display:none;" type="search" placeholder="🔍">
</form> </div>
</div> </div>
</nav> </nav>
<div id="view-dashboard" class="container-fluid" style="margin: 5em 0 0 0;"> <div id="view-dashboard" class="container-fluid" style="margin: 5em 0 0 0;">

View File

@ -155,7 +155,7 @@ function onEnroll(encoding) {
gateway: query.router, gateway: query.router,
p12_uuid: blobToUuid(p12), p12_uuid: blobToUuid(p12),
p12: forge.util.encode64(p12), p12: forge.util.encode64(p12),
ca_uuid: blobToUuid(forge.pki.certificateToAsn1(ca)).getBytes()), ca_uuid: blobToUuid(forge.asn1.toDer(forge.pki.certificateToAsn1(ca)).getBytes()),
ca: forge.util.encode64(forge.asn1.toDer(forge.pki.certificateToAsn1(ca)).getBytes()) ca: forge.util.encode64(forge.asn1.toDer(forge.pki.certificateToAsn1(ca)).getBytes())
}); });
var mimetype = "application/x-apple-aspen-config"; var mimetype = "application/x-apple-aspen-config";

View File

@ -16,18 +16,22 @@ conn default-{{ session.authority.hostname }}
leftupdown=/etc/certidude/authority/{{ session.authority.hostname }}/updown leftupdown=/etc/certidude/authority/{{ session.authority.hostname }}/updown
leftcert=/etc/certidude/authority/{{ session.authority.hostname }}/host_cert.pem leftcert=/etc/certidude/authority/{{ session.authority.hostname }}/host_cert.pem
leftsubnet=$(uci get network.lan.ipaddr | cut -d . -f 1-3).0/24 # Subnets pushed to roadwarriors leftsubnet=$(uci get network.lan.ipaddr | cut -d . -f 1-3).0/24 # Subnets pushed to roadwarriors
leftdns=$(uci get network.lan.ipaddr) # IP of DNS server advertised to roadwarriors
leftca="{{ session.authority.certificate.distinguished_name }}" leftca="{{ session.authority.certificate.distinguished_name }}"
rightca="{{ session.authority.certificate.distinguished_name }}" rightca="{{ session.authority.certificate.distinguished_name }}"
rightsourceip=172.21.0.0/24 # Roadwarrior virtual IP pool rightsourceip=172.21.0.0/24 # Roadwarrior virtual IP pool
dpddelay=0 dpddelay=0
dpdaction=clear dpdaction=clear
fragmentation=yes
reauth=no
rekey=no
leftsendcert=always
conn site-to-clients conn s2c-rw
auto=add auto=add
also=default-{{ session.authority.hostname }} also=default-{{ session.authority.hostname }}
rightdns=$(uci get network.lan.ipaddr) # IP of DNS server advertised to roadwarriors
conn site-to-client1 conn s2c-client1
auto=ignore auto=ignore
also=default-{{ session.authority.hostname }} also=default-{{ session.authority.hostname }}
rightid="CN=*, OU=IP Camera, O=*, DC=*, DC=*, DC=*" rightid="CN=*, OU=IP Camera, O=*, DC=*, DC=*, DC=*"

View File

@ -7,3 +7,10 @@ test -e /etc/pki/ca-trust/source/anchors \
test -e /usr/local/share/ca-certificates/ \ test -e /usr/local/share/ca-certificates/ \
&& ln -s /etc/certidude/authority/{{ session.authority.hostname }}/ca_cert.pem /usr/local/share/ca-certificates/{{ session.authority.hostname }}.crt \ && ln -s /etc/certidude/authority/{{ session.authority.hostname }}/ca_cert.pem /usr/local/share/ca-certificates/{{ session.authority.hostname }}.crt \
&& update-ca-certificates && update-ca-certificates
# Patch Firefox trust store on Ubuntu
if [ ! -h /usr/lib/firefox/libnssckbi.so ]; then
apt install p11-kit p11-kit-modules
mv /usr/lib/firefox/libnssckbi.so /usr/lib/firefox/libnssckbi.so.bak
ln -s /usr/lib/x86_64-linux-gnu/pkcs11/p11-kit-trust.so /usr/lib/firefox/libnssckbi.so
fi

View File

@ -192,7 +192,7 @@ curl http://{{ session.authority.hostname }}/api/revoked/?wait=yes -L -H "Accept
<div class="row"> <div class="row">
<div class="col-sm-6 col-lg-4 col-xl-3"> <div class="col-sm-6 col-lg-4 col-xl-3">
<h1>Signed certificates</h1> <h3>Signed certificates</h3>
<p>Authority administration <p>Authority administration
{% if session.authority.certificate.organization %}of {{ session.authority.certificate.organization }}{% endif %} {% if session.authority.certificate.organization %}of {{ session.authority.certificate.organization }}{% endif %}
allowed for allowed for
@ -213,7 +213,7 @@ curl http://{{ session.authority.hostname }}/api/revoked/?wait=yes -L -H "Accept
<div class="col-sm-6 col-lg-4 col-xl-3"> <div class="col-sm-6 col-lg-4 col-xl-3">
{% if session.authority %} {% if session.authority %}
{% if session.features.token %} {% if session.features.token %}
<h1>Tokens</h1> <h3>Tokens</h3>
<p>Tokens allow enrolling smartphones and third party devices.</p> <p>Tokens allow enrolling smartphones and third party devices.</p>
<ul> <ul>
<li>You can issue yourself a token to be used on a mobile device</li> <li>You can issue yourself a token to be used on a mobile device</li>
@ -241,7 +241,8 @@ curl http://{{ session.authority.hostname }}/api/revoked/?wait=yes -L -H "Accept
{% endif %} {% endif %}
{% if session.authorization.request_subnets %} {% if session.authorization.request_subnets %}
<h1>Pending requests</h1> <p>&nbsp;</p>
<h3>Pending requests</h3>
<p>Use Certidude client to apply for a certificate. <p>Use Certidude client to apply for a certificate.
@ -291,7 +292,7 @@ curl http://{{ session.authority.hostname }}/api/revoked/?wait=yes -L -H "Accept
{% endif %} {% endif %}
{% if session.builder.profiles %} {% if session.builder.profiles %}
<h2>LEDE imagebuilder</h2> <h3>LEDE imagebuilder</h3>
<p>Hit a link to generate machine specific image. Note that this might take couple minutes to finish.</p> <p>Hit a link to generate machine specific image. Note that this might take couple minutes to finish.</p>
<ul> <ul>
{% for name, title, filename in session.builder.profiles %} {% for name, title, filename in session.builder.profiles %}
@ -303,7 +304,7 @@ curl http://{{ session.authority.hostname }}/api/revoked/?wait=yes -L -H "Accept
</div> </div>
<div class="col-sm-6 col-lg-4 col-xl-3"> <div class="col-sm-6 col-lg-4 col-xl-3">
<h1>Revoked certificates</h1> <h3>Revoked certificates</h3>
<p>Following certificates have been revoked{% if session.features.crl %}, for more information click <p>Following certificates have been revoked{% if session.features.crl %}, for more information click
<a href="#revocation_list_modal" data-toggle="modal">here</a>{% endif %}.</p> <a href="#revocation_list_modal" data-toggle="modal">here</a>{% endif %}.</p>
@ -317,7 +318,7 @@ curl http://{{ session.authority.hostname }}/api/revoked/?wait=yes -L -H "Accept
<p>Loading logs, this might take a while...</p> <p>Loading logs, this might take a while...</p>
</div> </div>
<div class="content" style="display:none;"> <div class="content" style="display:none;">
<h1>Log</h1> <h3>Log</h3>
<div class="btn-group" data-toggle="buttons"> <div class="btn-group" data-toggle="buttons">
<label class="btn btn-primary active"><input id="log-level-critical" type="checkbox" autocomplete="off" checked>Critical</label> <label class="btn btn-primary active"><input id="log-level-critical" type="checkbox" autocomplete="off" checked>Critical</label>
<label class="btn btn-primary active"><input id="log-level-error" type="checkbox" autocomplete="off" checked>Error</label> <label class="btn btn-primary active"><input id="log-level-error" type="checkbox" autocomplete="off" checked>Error</label>