lauri/certidude
1
0
Fork 0
mirror of https://github.com/laurivosandi/certidude synced 2025-10-31 09:29:13 +00:00
Code Issues Activity

Various web frontend fixes

Browse Source
This commit is contained in:
Lauri Võsandi
2018-05-24 08:48:58 +03:00
parent ef16bac80f
commit f21417a214
11 changed files with 33 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
certidude/builder/common.sh
View File

@@ -81,7 +81,7 @@ config setup
ca $AUTHORITY
auto=add
cacert=/etc/certidude/authority/$AUTHORITY/ca_cert.pem
ocspuri = http://$AUTHORITY/api/ocsp/
# OCSP and CRL URL-s embedded in certificates
conn %default
keyingtries=%forever
@@ -94,7 +94,7 @@ conn %default
leftca="$AUTHORITY_CERTIFICATE_DISTINGUISHED_NAME"
rightca="$AUTHORITY_CERTIFICATE_DISTINGUISHED_NAME"
conn client-to-site
conn c2s
auto=start
right="$ROUTER"
rightsubnet="$SUBNETS"
@@ -103,7 +103,4 @@ conn client-to-site
EOF
cat << EOF > $OVERLAY/etc/uci-defaults/99-uhttpd-disable-https
uci delete uhttpd.main.listen_https
uci delete uhttpd.main.redirect_https
EOF
# Note that auto=route is not supported at the moment with libipsec

0
certidude/builder/overlay/etc/uci-defaults/40-hostname Normal file → Executable file
View File

3
certidude/builder/overlay/etc/uci-defaults/60-cron Normal file → Executable file
View File

@@ -1,5 +1,7 @@
#!/bin/sh
/etc/init.d/ipsec enable
# Randomize restart time
OFFSET=$(awk -v min=1 -v max=59 'BEGIN{srand(); print int(min+rand()*(max-min+1))}')
@@ -14,3 +16,4 @@ chmod 0600 /etc/crontabs/root
/etc/init.d/cron enable
exit 0

0
certidude/builder/overlay/etc/uci-defaults/90-certidude-sysupgrade Normal file → Executable file
View File

3
certidude/builder/overlay/etc/uci-defaults/99-uhttpd-disable-https Executable file
View File

@@ -0,0 +1,3 @@
uci delete uhttpd.main.listen_https
uci delete uhttpd.main.redirect_https
exit 0

1
certidude/builder/overlay/usr/bin/certidude-enroll
View File

@@ -126,5 +126,4 @@ mv $CERTIFICATE_PATH.part $CERTIFICATE_PATH
# Start services
logger -t certidude -s "Starting IPSec IKEv2 daemon..."
/etc/init.d/ipsec enable
/etc/init.d/ipsec restart

4
certidude/static/index.html
View File

@@ -26,9 +26,9 @@
<a class="nav-link" href="#">Log</a>
</li>
</ul>
<form class="form-inline my-2 my-lg-0">
<div class="form-inline my-2 my-lg-0">
<input id="search" class="form-control mr-sm-2" style="display:none;" type="search" placeholder="🔍">
</form>
</div>
</div>
</nav>
<div id="view-dashboard" class="container-fluid" style="margin: 5em 0 0 0;">

2
certidude/static/js/certidude.js
View File

@@ -155,7 +155,7 @@ function onEnroll(encoding) {
gateway: query.router,
p12_uuid: blobToUuid(p12),
p12: forge.util.encode64(p12),
ca_uuid: blobToUuid(forge.pki.certificateToAsn1(ca)).getBytes()),
ca_uuid: blobToUuid(forge.asn1.toDer(forge.pki.certificateToAsn1(ca)).getBytes()),
ca: forge.util.encode64(forge.asn1.toDer(forge.pki.certificateToAsn1(ca)).getBytes())
});
var mimetype = "application/x-apple-aspen-config";

10
certidude/static/snippets/strongswan-server.sh
View File

@@ -16,18 +16,22 @@ conn default-{{ session.authority.hostname }}
leftupdown=/etc/certidude/authority/{{ session.authority.hostname }}/updown
leftcert=/etc/certidude/authority/{{ session.authority.hostname }}/host_cert.pem
leftsubnet=$(uci get network.lan.ipaddr | cut -d . -f 1-3).0/24 # Subnets pushed to roadwarriors
leftdns=$(uci get network.lan.ipaddr) # IP of DNS server advertised to roadwarriors
leftca="{{ session.authority.certificate.distinguished_name }}"
rightca="{{ session.authority.certificate.distinguished_name }}"
rightsourceip=172.21.0.0/24 # Roadwarrior virtual IP pool
dpddelay=0
dpdaction=clear
fragmentation=yes
reauth=no
rekey=no
leftsendcert=always
conn site-to-clients
conn s2c-rw
auto=add
also=default-{{ session.authority.hostname }}
rightdns=$(uci get network.lan.ipaddr) # IP of DNS server advertised to roadwarriors
conn site-to-client1
conn s2c-client1
auto=ignore
also=default-{{ session.authority.hostname }}
rightid="CN=*, OU=IP Camera, O=*, DC=*, DC=*, DC=*"

7
certidude/static/snippets/update-trust.sh
View File

@@ -7,3 +7,10 @@ test -e /etc/pki/ca-trust/source/anchors \
test -e /usr/local/share/ca-certificates/ \
&& ln -s /etc/certidude/authority/{{ session.authority.hostname }}/ca_cert.pem /usr/local/share/ca-certificates/{{ session.authority.hostname }}.crt \
&& update-ca-certificates
# Patch Firefox trust store on Ubuntu
if [ ! -h /usr/lib/firefox/libnssckbi.so ]; then
apt install p11-kit p11-kit-modules
mv /usr/lib/firefox/libnssckbi.so /usr/lib/firefox/libnssckbi.so.bak
ln -s /usr/lib/x86_64-linux-gnu/pkcs11/p11-kit-trust.so /usr/lib/firefox/libnssckbi.so
fi

13
certidude/static/views/authority.html
View File

@@ -192,7 +192,7 @@ curl http://{{ session.authority.hostname }}/api/revoked/?wait=yes -L -H "Accept
<div class="row">
<div class="col-sm-6 col-lg-4 col-xl-3">
<h1>Signed certificates</h1>
<h3>Signed certificates</h3>
<p>Authority administration
{% if session.authority.certificate.organization %}of {{ session.authority.certificate.organization }}{% endif %}
allowed for
@@ -213,7 +213,7 @@ curl http://{{ session.authority.hostname }}/api/revoked/?wait=yes -L -H "Accept
<div class="col-sm-6 col-lg-4 col-xl-3">
{% if session.authority %}
{% if session.features.token %}
<h1>Tokens</h1>
<h3>Tokens</h3>
<p>Tokens allow enrolling smartphones and third party devices.</p>
<ul>
<li>You can issue yourself a token to be used on a mobile device</li>
@@ -241,7 +241,8 @@ curl http://{{ session.authority.hostname }}/api/revoked/?wait=yes -L -H "Accept
{% endif %}
{% if session.authorization.request_subnets %}
<h1>Pending requests</h1>
<p>&nbsp;</p>
<h3>Pending requests</h3>
<p>Use Certidude client to apply for a certificate.
@@ -291,7 +292,7 @@ curl http://{{ session.authority.hostname }}/api/revoked/?wait=yes -L -H "Accept
{% endif %}
{% if session.builder.profiles %}
<h2>LEDE imagebuilder</h2>
<h3>LEDE imagebuilder</h3>
<p>Hit a link to generate machine specific image. Note that this might take couple minutes to finish.</p>
<ul>
{% for name, title, filename in session.builder.profiles %}
@@ -303,7 +304,7 @@ curl http://{{ session.authority.hostname }}/api/revoked/?wait=yes -L -H "Accept
</div>
<div class="col-sm-6 col-lg-4 col-xl-3">
<h1>Revoked certificates</h1>
<h3>Revoked certificates</h3>
<p>Following certificates have been revoked{% if session.features.crl %}, for more information click
<a href="#revocation_list_modal" data-toggle="modal">here</a>{% endif %}.</p>
@@ -317,7 +318,7 @@ curl http://{{ session.authority.hostname }}/api/revoked/?wait=yes -L -H "Accept
<p>Loading logs, this might take a while...</p>
</div>
<div class="content" style="display:none;">
<h1>Log</h1>
<h3>Log</h3>
<div class="btn-group" data-toggle="buttons">
<label class="btn btn-primary active"><input id="log-level-critical" type="checkbox" autocomplete="off" checked>Critical</label>
<label class="btn btn-primary active"><input id="log-level-error" type="checkbox" autocomplete="off" checked>Error</label>