Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Display details in a scrollable widget - Display hints how to install the certificate manually - 4.1.18
- Loading branch information
Showing
12 changed files
with
345 additions
and
62 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,48 @@ | ||
#! /usr/bin/env ruby | ||
|
||
# ------------------------------------------------------------------------------ | ||
# Copyright (c) 2019 SUSE LLC | ||
# | ||
# This program is free software; you can redistribute it and/or modify it under | ||
# the terms of version 2 of the GNU General Public License as published by the | ||
# Free Software Foundation. | ||
# | ||
# This program is distributed in the hope that it will be useful, but WITHOUT | ||
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS | ||
# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. | ||
# | ||
# ------------------------------------------------------------------------------ | ||
# | ||
|
||
# This is a helper script which to import the SSL certificates into inst-sys | ||
# during installation. (But is should work also in installed system.) | ||
# | ||
# It is intended for user convenience, this script just call the YaST | ||
# functions, it not used by YaST itself. | ||
|
||
require "English" | ||
require "yast" | ||
require "registration/ssl_certificate" | ||
|
||
dir = Registration::SslCertificate::INSTSYS_CERT_DIR | ||
if Dir.empty?(dir) | ||
puts "ERROR: Empty #{dir} directory, put your SSL certificate there." | ||
exit 1 | ||
end | ||
|
||
# in installed system just call the update-ca-certificates script | ||
if ENV["YAST_IS_RUNNING"] != "instsys" | ||
puts "Updating the installed SSL certificates..." | ||
system("/usr/sbin/update-ca-certificates") | ||
puts $CHILD_STATUS.success? ? "Done" : "Failed!" | ||
exit $CHILD_STATUS.exitstatus | ||
end | ||
|
||
# import into the inst-sys | ||
puts "Updating the inst-sys SSL certificates..." | ||
if Registration::SslCertificate.update_instsys_ca | ||
puts "Done" | ||
else | ||
puts "Failed!" | ||
exit 1 | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,56 @@ | ||
# ------------------------------------------------------------------------------ | ||
# Copyright (c) 2019 SUSE LLC | ||
# | ||
# This program is free software; you can redistribute it and/or modify it under | ||
# the terms of version 2 of the GNU General Public License as published by the | ||
# Free Software Foundation. | ||
# | ||
# This program is distributed in the hope that it will be useful, but WITHOUT | ||
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS | ||
# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. | ||
# | ||
# ------------------------------------------------------------------------------ | ||
# | ||
|
||
require "yast" | ||
|
||
module Registration | ||
# This class defines constants and translations for the most common OpenSSL errors | ||
# @see https://www.openssl.org/docs/apps/verify.html | ||
# @see https://github.com/openssl/openssl/blob/2c75f03b39de2fa7d006bc0f0d7c58235a54d9bb/include/openssl/x509_vfy.h#L99-L189 | ||
class SslErrorCodes | ||
extend Yast::I18n | ||
textdomain "registration" | ||
|
||
# "certificate has expired" | ||
EXPIRED = 10 | ||
# "self signed certificate" | ||
SELF_SIGNED_CERT = 18 | ||
# "self signed certificate in certificate chain" | ||
SELF_SIGNED_CERT_IN_CHAIN = 19 | ||
# "unable to get local issuer certificate" | ||
NO_LOCAL_ISSUER_CERTIFICATE = 20 | ||
|
||
# openSSL error codes for which the import SSL certificate dialog is shown, | ||
# for the other error codes just the error message is displayed | ||
# (importing the certificate would not help) | ||
IMPORT_ERROR_CODES = [ | ||
SELF_SIGNED_CERT, | ||
SELF_SIGNED_CERT_IN_CHAIN | ||
].freeze | ||
|
||
# error code => translatable error message | ||
# @note the text messages need to be translated at runtime via _() call | ||
# @note we do not translate every possible OpenSSL error message, just the most common ones | ||
OPENSSL_ERROR_MESSAGES = { | ||
# TRANSLATORS: SSL error message | ||
EXPIRED => N_("Certificate has expired"), | ||
# TRANSLATORS: SSL error message | ||
SELF_SIGNED_CERT => N_("Self signed certificate"), | ||
# TRANSLATORS: SSL error message | ||
SELF_SIGNED_CERT_IN_CHAIN => N_("Self signed certificate in certificate chain"), | ||
# TRANSLATORS: SSL error message | ||
NO_LOCAL_ISSUER_CERTIFICATE => N_("Unable to get local issuer certificate") | ||
}.freeze | ||
end | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,87 @@ | ||
# ------------------------------------------------------------------------------ | ||
# Copyright (c) 2019 SUSE LLC | ||
# | ||
# This program is free software; you can redistribute it and/or modify it under | ||
# the terms of version 2 of the GNU General Public License as published by the | ||
# Free Software Foundation. | ||
# | ||
# This program is distributed in the hope that it will be useful, but WITHOUT | ||
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS | ||
# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. | ||
# | ||
# ------------------------------------------------------------------------------ | ||
# | ||
|
||
require "erb" | ||
require "yast" | ||
|
||
require "registration/helpers" | ||
require "registration/ssl_certificate" | ||
require "registration/ssl_certificate_details" | ||
require "registration/ssl_error_codes" | ||
require "registration/url_helpers" | ||
|
||
module Registration | ||
module UI | ||
# This class displays a popup with a SSL certificate error | ||
class FailedCertificatePopup | ||
include Yast::I18n | ||
include ERB::Util | ||
|
||
attr_accessor :certificate, :error_code, :message | ||
|
||
Yast.import "Report" | ||
Yast.import "Stage" | ||
Yast.import "Directory" | ||
|
||
# create a display the error popup | ||
# @param cert [Registration::SslCertitificate] certificate to display | ||
def self.show(msg, cert, error_code) | ||
popup = FailedCertificatePopup.new(msg, cert, error_code) | ||
popup.show | ||
end | ||
|
||
# the constructor | ||
# @param msg [String,nil] the original OpenSSL error message | ||
# (used as a fallback when a translated message is not found) | ||
# @param cert [Registration::SslCertitificate] certificate to display | ||
# @param error_code [Integer] OpenSSL error code | ||
def initialize(msg, cert, error_code) | ||
textdomain "registration" | ||
|
||
@certificate = cert | ||
@message = msg | ||
@error_code = error_code | ||
end | ||
|
||
# display the popup and wait for clicking the [OK] button | ||
def show | ||
# this uses a RichText message format | ||
Yast::Report.LongError(ssl_error_message) | ||
end | ||
|
||
private | ||
|
||
# Build the message displayed in the popup | ||
# @return [String] message in RichText format | ||
def ssl_error_message | ||
# try to use a translatable message first, if not found then use | ||
# the original error message from openSSL | ||
@url = UrlHelpers.registration_url || SUSE::Connect::YaST::DEFAULT_URL | ||
@msg = _(SslErrorCodes::OPENSSL_ERROR_MESSAGES[error_code]) || message | ||
|
||
Helpers.render_erb_template("certificate_error.erb", binding) | ||
end | ||
|
||
# the command which needs to be called to import the SSL certificate | ||
# @return [String] command | ||
def import_command | ||
if Yast::Stage.initial | ||
File.join(Yast::Directory.bindir, "install_ssl_certificates") | ||
else | ||
"update-ca-certificates" | ||
end | ||
end | ||
end | ||
end | ||
end |
Oops, something went wrong.