schleuder 2.2.4 → 3.2.2

data/lib/schleuder/cli/cert.rb

@@ -0,0 +1,24 @@
+module Schleuder
+  class Cert < Thor
+    extend SubcommandFix
+
+    desc 'generate', 'Generate a new TLS-certificate.'
+    def generate
+      key = Conf.api['tls_key_file']
+      cert = Conf.api['tls_cert_file']
+      fingerprint = SchleuderCertManager.generate('schleuder', key, cert)
+      puts "Fingerprint of generated certificate: #{fingerprint}"
+      puts "Have this fingerprint included into the configuration-file of all clients that want to connect to your Schleuder API."
+      if Process.euid == 0
+        puts "! Warning: this process was run as root — please make sure the above files are accessible by the user that is running `schleuder-api-daemon`."
+      end
+    end
+
+    desc 'fingerprint', 'Show fingerprint of configured certificate.'
+    def fingerprint
+      cert = Conf.api['tls_cert_file']
+      fingerprint = SchleuderCertManager.fingerprint(cert)
+      say "Fingerprint of #{Conf.api['tls_cert_file']}: #{fingerprint}"
+    end
+  end
+end

data/lib/schleuder/cli/schleuder_cert_manager.rb

@@ -0,0 +1,84 @@
+require 'openssl'
+require 'pathname'
+
+class SchleuderCertManager
+  def self.generate(project_name, filename_key, filename_cert)
+    keysize = 2048
+    subject = "/C=MW/O=Schleuder/OU=#{project_name}"
+    filename_key = Pathname.new(filename_key).expand_path
+    filename_cert = Pathname.new(filename_cert).expand_path
+
+    key = OpenSSL::PKey::RSA.new(keysize)
+    cert = OpenSSL::X509::Certificate.new
+    cert.subject = OpenSSL::X509::Name.parse(subject)
+    cert.issuer = cert.subject
+    cert.not_before = Time.now
+    cert.not_after = Time.now + 10 * 365 * 24 * 60 * 60
+    cert.public_key = key.public_key
+    cert.serial = 0x0
+    cert.version = 2
+
+    ef = OpenSSL::X509::ExtensionFactory.new
+    ef.subject_certificate = cert
+    ef.issuer_certificate = cert
+    cert.extensions = [
+      ef.create_extension("basicConstraints","CA:TRUE", true),
+      ef.create_extension("subjectKeyIdentifier", "hash"),
+    ]
+    cert.add_extension ef.create_extension("authorityKeyIdentifier",
+                                           "keyid:always,issuer:always")
+
+    cert.sign key, OpenSSL::Digest::SHA256.new
+
+    filename_key = prepare_writing(filename_key)
+    filename_cert = prepare_writing(filename_cert)
+
+    filename_key.open('w', 400) do |fd|
+      fd.puts key
+    end
+    puts "Private key written to: #{filename_key}"
+
+    filename_cert.open('w') do |fd|
+      fd.puts cert.to_pem
+    end
+    puts "Certificate written to: #{filename_cert}"
+
+    fingerprint(cert)
+  rescue => exc
+    error exc.message
+  end
+
+  def self.fingerprint(cert)
+    if ! cert.is_a?(OpenSSL::X509::Certificate)
+      path = Pathname.new(cert).expand_path
+      if ! path.readable?
+        error "Error: Not a readable file: #{path}"
+      end
+      cert = OpenSSL::X509::Certificate.new(path.read)
+    end
+    OpenSSL::Digest::SHA256.new(cert.to_der).to_s
+  end
+
+  def self.error(msg)
+    $stderr.puts "Error: #{msg}"
+    exit 1
+  end
+
+  def self.note(msg)
+    $stdout.puts "Note: #{msg}"
+  end
+
+  def self.prepare_writing(filename)
+    if filename.exist?
+      note "File exists: #{filename} — writing to current directory, you should move the file manually or change the configuration file."
+      if filename.basename.exist?
+        error "File exists: #{filename.basename} — (re)move it or fix previous error and try again."
+      end
+      filename = filename.basename
+    end
+    if ! filename.dirname.exist?
+      filename.dirname.mkpath
+    end
+    filename
+  end
+end

data/lib/schleuder/cli/subcommand_fix.rb

@@ -0,0 +1,11 @@
+module Schleuder
+  module SubcommandFix
+
+    # Fixing a bug in Thor where the actual subcommand wouldn't show up
+    # with some invokations of the help-output.
+    def banner(task, namespace = true, subcommand = true)
+      "#{basename} #{task.formatted_usage(self, true, subcommand).split(':').join(' ')}"
+    end
+
+  end
+end

data/lib/schleuder/conf.rb

@@ -0,0 +1,131 @@
+require 'erb'
+
+module Schleuder
+  class Conf
+    include Singleton
+
+    EMAIL_REGEXP = /\A.+@[[:alnum:]_.-]+\z/i
+    FINGERPRINT_REGEXP = /\A(0x)?[a-f0-9]{32,}\z/i
+
+    DEFAULTS = {
+      'lists_dir' => '/var/lib/schleuder/lists',
+      'listlogs_dir' => '/var/lib/schleuder/lists',
+      'plugins_dir' => '/etc/schleuder/plugins',
+      'log_level' => 'warn',
+      'superadmin' => 'root@localhost',
+      'keyserver' => 'hkp://pool.sks-keyservers.net',
+      'smtp_settings' => {
+        'address' => 'localhost',
+        'port' => 25,
+        'domain' => 'localhost',
+        'enable_starttls_auto' => true,
+        # Don't verify by default because most smtp servers don't include
+        # 'localhost' into their TLS-certificates.
+        'openssl_verify_mode' => 'none',
+        'authentication' => nil,
+        'user_name' => nil,
+        'password' => nil,
+      },
+      'database' => {
+        'production' => {
+          'adapter' =>  'sqlite3',
+          'database' => '/var/lib/schleuder/db.sqlite',
+          'timeout' => 5000
+        }
+      },
+      'api' => {
+        'host' => 'localhost',
+        'port' => 4443,
+        'tls_cert_file' => '/etc/schleuder/schleuder-certificate.pem',
+        'tls_key_file' => '/etc/schleuder/schleuder-private-key.pem',
+        'valid_api_keys' => []
+      }
+    }
+
+    def config
+      @config ||= load_config(ENV['SCHLEUDER_CONFIG'])
+    end
+
+    def self.lists_dir
+      instance.config['lists_dir']
+    end
+
+    def self.listlogs_dir
+      instance.config['listlogs_dir']
+    end
+
+    def self.plugins_dir
+      instance.config['plugins_dir']
+    end
+
+    def self.database
+      instance.config['database'][ENV['SCHLEUDER_ENV']]
+    end
+
+    def self.databases
+      instance.config['database']
+    end
+
+    def self.superadmin
+      instance.config['superadmin']
+    end
+
+    def self.log_level
+      instance.config['log_level'] || 'WARN'
+    end
+
+    def self.api
+      instance.config['api'] || {}
+    end
+
+    def self.api_valid_api_keys
+      Array(api['valid_api_keys'])
+    end
+
+    # Three legacy options
+    def self.smtp_host
+      instance.config['smtp_host']
+    end
+
+    def self.smtp_port
+      instance.config['smtp_port']
+    end
+
+    def self.smtp_helo_domain
+      instance.config['smtp_helo_domain']
+    end
+
+    def self.smtp_settings
+      settings = instance.config['smtp_settings'] || {}
+      # Support previously used config-options.
+      # Remove this in future versions.
+      {smtp_host: :address, smtp_port: :port, smtp_helo_domain: :domain}.each do |old, new|
+        value = self.send(old)
+        if value.present?
+          Schleuder.logger.warn "Deprecation warning: In schleuder.yml #{old} should be changed to smtp_settings[#{new}]."
+          settings[new] = value
+        end
+      end
+      settings
+    end
+
+    def self.keyserver
+      instance.config['keyserver']
+    end
+
+    private
+
+    def load_config(filename)
+      DEFAULTS.deep_merge(load_config_file(filename))
+    end
+
+    def load_config_file(filename)
+      file = Pathname.new(filename)
+      if file.readable?
+        YAML.load(ERB.new(file.read).result)
+      else
+        {}
+      end
+    end
+  end
+end

data/lib/schleuder/errors/active_model_error.rb

@@ -0,0 +1,15 @@
+module Schleuder
+  module Errors
+    class ActiveModelError < Base
+      def initialize(errors)
+        @errors = errors
+      end
+
+      def message
+        @errors.messages.map do |message|
+          message.join(' ')
+        end.join("\n")
+      end
+    end
+  end
+end

data/lib/schleuder/errors/base.rb

@@ -0,0 +1,17 @@
+module Schleuder
+  module Errors
+    class Base < StandardError
+      def t(*args)
+        I18n.t(*args)
+      end
+
+      def to_s
+        super + t('errors.signoff')
+      end
+
+      def set_default_locale
+        I18n.locale = I18n.default_locale
+      end
+    end
+  end
+end

data/lib/schleuder/errors/decryption_failed.rb

@@ -0,0 +1,16 @@
+module Schleuder
+  module Errors
+    class DecryptionFailed < Base
+      def initialize(list)
+        set_default_locale
+        @list = list
+      end
+
+      def message
+        t('errors.decryption_failed',
+          { key: @list.key.to_s,
+            email: @list.sendkey_address })
+      end
+    end
+  end
+end

data/lib/schleuder/errors/fatal_error.rb

@@ -0,0 +1,13 @@
+module Schleuder
+  module Errors
+    class FatalError < Base
+      def initialize
+      end
+
+      def to_s
+        t("errors.fatalerror")
+      end
+    end
+  end
+end
+

data/lib/schleuder/errors/file_not_found.rb

@@ -0,0 +1,14 @@
+module Schleuder
+  module Errors
+    class FileNotFound < Base
+      def initialize(file)
+        @file = file
+      end
+
+      def message
+        t('errors.file_not_found', file: @file)
+      end
+    end
+  end
+end
+

data/lib/schleuder/errors/invalid_listname.rb

@@ -0,0 +1,13 @@
+module Schleuder
+  module Errors
+    class InvalidListname < Base
+      def initialize(listname)
+        @listname = listname
+      end
+
+      def message
+        t('errors.invalid_listname', email: @listname)
+      end
+    end
+  end
+end

data/lib/schleuder/errors/key_adduid_failed.rb

@@ -0,0 +1,13 @@
+module Schleuder
+  module Errors
+    class KeyAdduidFailed < Base
+      def initialize(errmsg)
+        @errmsg = errmsg
+      end
+
+      def message
+        t('errors.key_adduid_failed', { errmsg: @errmsg })
+      end
+    end
+  end
+end

data/lib/schleuder/errors/key_generation_failed.rb

@@ -0,0 +1,16 @@
+module Schleuder
+  module Errors
+    class KeyGenerationFailed < Base
+      def initialize(listdir, listname)
+        @listdir = listdir
+        @listname = listname
+      end
+
+      def message
+        t('errors.key_generation_failed',
+          { listdir: @listdir,
+            listname: @listname })
+      end
+    end
+  end
+end

data/lib/schleuder/errors/keyword_admin_only.rb

@@ -0,0 +1,13 @@
+module Schleuder
+  module Errors
+    class KeywordAdminOnly < Base
+      def initialize(keyword)
+        @keyword = keyword
+      end
+
+      def message
+        t('errors.keyword_admin_only', keyword: @keyword)
+      end
+    end
+  end
+end

data/lib/schleuder/errors/list_exists.rb

@@ -0,0 +1,13 @@
+module Schleuder
+  module Errors
+    class ListExists < Base
+      def initialize(listname)
+        @listname = listname
+      end
+
+      def message
+        t('errors.list_exists', email: @listname)
+      end
+    end
+  end
+end

data/lib/schleuder/errors/list_not_found.rb

@@ -0,0 +1,14 @@
+module Schleuder
+  module Errors
+    class ListNotFound < Base
+      def initialize(recipient)
+        @recipient = recipient
+      end
+
+      def message
+        t('errors.list_not_found', email: @recipient)
+      end
+    end
+  end
+end
+

data/lib/schleuder/errors/list_property_missing.rb

@@ -0,0 +1,14 @@
+module Schleuder
+  module Errors
+    class ListPropertyMissing < Base
+      def initialize(listdir, property)
+        @listdir = listdir
+        @property = property
+      end
+
+      def to_s
+        t("errors.list_#{@property}_missing", listdir: @listdir)
+      end
+    end
+  end
+end

data/lib/schleuder/errors/listdir_problem.rb

@@ -0,0 +1,16 @@
+module Schleuder
+  module Errors
+    class ListdirProblem < Base
+      def initialize(dir, problem)
+        @dir = dir
+        @problem = problem
+      end
+
+      def message
+        problem = t("errors.listdir_problem.#{@problem}")
+        t('errors.listdir_problem.message', dir: @dir, problem: problem)
+      end
+    end
+  end
+end
+