aboutsummaryrefslogtreecommitdiff
path: root/rpkid
diff options
context:
space:
mode:
Diffstat (limited to 'rpkid')
-rw-r--r--rpkid/rpki/gui/app/templates/base.html2
-rw-r--r--rpkid/rpki/gui/app/templates/registration/login.html2
-rw-r--r--rpkid/rpki/gui/app/views.py2
-rw-r--r--rpkid/rpki/gui/decorators.py31
-rw-r--r--rpkid/rpki/gui/urls.py4
-rw-r--r--rpkid/rpki/gui/views.py30
-rw-r--r--rpkid/rpki/x509.py12
7 files changed, 76 insertions, 7 deletions
diff --git a/rpkid/rpki/gui/app/templates/base.html b/rpkid/rpki/gui/app/templates/base.html
index 0af1d241..89aa0b9a 100644
--- a/rpkid/rpki/gui/app/templates/base.html
+++ b/rpkid/rpki/gui/app/templates/base.html
@@ -24,7 +24,7 @@
{% if user.is_authenticated %}
<li><p class="navbar-text">Logged in as {{ user }}</li>
<li class="divider-vertical"></li>
- <li><a href="{% url django.contrib.auth.views.logout %}">Log Out</a></li>
+ <li><a href="{% url rpki.gui.views.logout %}">Log Out</a></li>
{% endif %}
</ul>
</div>
diff --git a/rpkid/rpki/gui/app/templates/registration/login.html b/rpkid/rpki/gui/app/templates/registration/login.html
index 27ad21cf..d2ee9468 100644
--- a/rpkid/rpki/gui/app/templates/registration/login.html
+++ b/rpkid/rpki/gui/app/templates/registration/login.html
@@ -8,7 +8,7 @@
</div>
{% endif %}
-<form method="post" action="{% url django.contrib.auth.views.login %}">
+<form method="post" action="{% url rpki.gui.views.login %}">
{% csrf_token %}
<div class="clearfix">
diff --git a/rpkid/rpki/gui/app/views.py b/rpkid/rpki/gui/app/views.py
index 535ffe6c..2d674c95 100644
--- a/rpkid/rpki/gui/app/views.py
+++ b/rpkid/rpki/gui/app/views.py
@@ -42,6 +42,7 @@ import rpki.exceptions
from rpki.gui.cacheview.models import ROAPrefixV4, ROA
from rpki.gui.routeview.models import RouteOrigin
+from rpki.gui.decorators import tls_required
def superuser_required(f):
@@ -63,6 +64,7 @@ def handle_required(f):
"""
@login_required
+ @tls_required
def wrapped_fn(request, *args, **kwargs):
if 'handle' not in request.session:
if request.user.is_superuser:
diff --git a/rpkid/rpki/gui/decorators.py b/rpkid/rpki/gui/decorators.py
new file mode 100644
index 00000000..69d20c46
--- /dev/null
+++ b/rpkid/rpki/gui/decorators.py
@@ -0,0 +1,31 @@
+# Copyright (C) 2013 SPARTA, Inc. a Parsons Company
+#
+# Permission to use, copy, modify, and distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND SPARTA DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS. IN NO EVENT SHALL SPARTA BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+__version__ = '$Id$'
+
+from django import http
+
+
+def tls_required(f):
+ """Decorator which returns a 500 error if the connection is not secured
+ with TLS (https).
+
+ """
+ def _tls_required(request, *args, **kwargs):
+ if not request.is_secure():
+ return http.HttpResponseServerError(
+ 'This resource may only be accessed securely via https',
+ content_type='text/plain')
+ return f(request, *args, **kwargs)
+ return _tls_required
diff --git a/rpkid/rpki/gui/urls.py b/rpkid/rpki/gui/urls.py
index 52949b73..58e2ea9f 100644
--- a/rpkid/rpki/gui/urls.py
+++ b/rpkid/rpki/gui/urls.py
@@ -30,7 +30,7 @@ urlpatterns = patterns('',
(r'^cacheview/', include('rpki.gui.cacheview.urls')),
(r'^rpki/', include('rpki.gui.app.urls')),
- (r'^accounts/login/$', 'django.contrib.auth.views.login'),
- (r'^accounts/logout/$', 'django.contrib.auth.views.logout',
+ (r'^accounts/login/$', 'rpki.gui.views.login'),
+ (r'^accounts/logout/$', 'rpki.gui.views.logout',
{'next_page': '/rpki/'}),
)
diff --git a/rpkid/rpki/gui/views.py b/rpkid/rpki/gui/views.py
new file mode 100644
index 00000000..5c62cf62
--- /dev/null
+++ b/rpkid/rpki/gui/views.py
@@ -0,0 +1,30 @@
+# Copyright (C) 2013 SPARTA, Inc. a Parsons Company
+#
+# Permission to use, copy, modify, and distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND SPARTA DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS. IN NO EVENT SHALL SPARTA BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+__version__ = '$Id$'
+
+import django.contrib.auth.views
+from rpki.gui.decorators import tls_required
+
+
+@tls_required
+def login(request, *args, **kwargs):
+ "Wrapper around django.contrib.auth.views.login to force use of TLS."
+ return django.contrib.auth.views.login(request, *args, **kwargs)
+
+
+@tls_required
+def logout(request, *args, **kwargs):
+ "Wrapper around django.contrib.auth.views.logout to force use of TLS."
+ return django.contrib.auth.views.login(request, *args, **kwargs)
diff --git a/rpkid/rpki/x509.py b/rpkid/rpki/x509.py
index 6f28e6f7..9befb320 100644
--- a/rpkid/rpki/x509.py
+++ b/rpkid/rpki/x509.py
@@ -693,9 +693,15 @@ class X509(DER_object):
if resources is not None:
cert.setRFC3779(
- asn = ((r.min, r.max) for r in resources.asn),
- ipv4 = ((rpki.POW.IPAddress(r.min, 4), rpki.POW.IPAddress(r.max, 4)) for r in resources.v4),
- ipv6 = ((rpki.POW.IPAddress(r.min, 6), rpki.POW.IPAddress(r.max, 6)) for r in resources.v6))
+ asn = (("inherit" if resources.asn.inherit else
+ ((r.min, r.max) for r in resources.asn))
+ or None),
+ ipv4 = (("inherit" if resources.v4.inherit else
+ ((r.min, r.max) for r in resources.v4))
+ or None),
+ ipv6 = (("inherit" if resources.v6.inherit else
+ ((r.min, r.max) for r in resources.v6))
+ or None))
cert.sign(keypair.get_POW(), rpki.POW.SHA256_DIGEST)
generated by cgit v1.2.3 (git 2.25.1) at 2025-05-12 21:39:33 +0000