mirror of
https://github.com/netbox-community/netbox.git
synced 2024-05-10 07:54:54 +00:00
128 lines
4.3 KiB
Python
128 lines
4.3 KiB
Python
from Crypto.Cipher import PKCS1_OAEP
|
|
from Crypto.PublicKey import RSA
|
|
|
|
from django import forms
|
|
|
|
from dcim.models import Device
|
|
from utilities.forms import (
|
|
BootstrapMixin, BulkImportForm, CSVDataField, FilterChoiceField, SlugField, get_filter_choices,
|
|
)
|
|
|
|
from .models import Secret, SecretRole, UserKey
|
|
|
|
|
|
def validate_rsa_key(key, is_secret=True):
|
|
"""
|
|
Validate the format and type of an RSA key.
|
|
"""
|
|
try:
|
|
key = RSA.importKey(key)
|
|
except ValueError:
|
|
raise forms.ValidationError("Invalid RSA key. Please ensure that your key is in PEM (base64) format.")
|
|
except Exception as e:
|
|
raise forms.ValidationError("Invalid key detected: {}".format(e))
|
|
if is_secret and not key.has_private():
|
|
raise forms.ValidationError("This looks like a public key. Please provide your private RSA key.")
|
|
elif not is_secret and key.has_private():
|
|
raise forms.ValidationError("This looks like a private key. Please provide your public RSA key.")
|
|
try:
|
|
PKCS1_OAEP.new(key)
|
|
except:
|
|
raise forms.ValidationError("Error validating RSA key. Please ensure that your key supports PKCS#1 OAEP.")
|
|
|
|
|
|
#
|
|
# Secret roles
|
|
#
|
|
|
|
class SecretRoleForm(forms.ModelForm, BootstrapMixin):
|
|
slug = SlugField()
|
|
|
|
class Meta:
|
|
model = SecretRole
|
|
fields = ['name', 'slug']
|
|
|
|
|
|
#
|
|
# Secrets
|
|
#
|
|
|
|
class SecretForm(forms.ModelForm, BootstrapMixin):
|
|
private_key = forms.CharField(required=False, widget=forms.HiddenInput())
|
|
plaintext = forms.CharField(max_length=65535, required=False, label='Plaintext',
|
|
widget=forms.TextInput(attrs={'class': 'requires-private-key'}))
|
|
plaintext2 = forms.CharField(max_length=65535, required=False, label='Plaintext (verify)')
|
|
|
|
class Meta:
|
|
model = Secret
|
|
fields = ['role', 'name', 'plaintext', 'plaintext2']
|
|
|
|
def clean(self):
|
|
if self.cleaned_data['plaintext']:
|
|
validate_rsa_key(self.cleaned_data['private_key'])
|
|
|
|
def clean_plaintext2(self):
|
|
plaintext = self.cleaned_data['plaintext']
|
|
plaintext2 = self.cleaned_data['plaintext2']
|
|
if plaintext != plaintext2:
|
|
raise forms.ValidationError("The two given plaintext values do not match. Please check your input.")
|
|
|
|
|
|
class SecretFromCSVForm(forms.ModelForm):
|
|
device = forms.ModelChoiceField(queryset=Device.objects.all(), required=False, to_field_name='name',
|
|
error_messages={'invalid_choice': 'Device not found.'})
|
|
role = forms.ModelChoiceField(queryset=SecretRole.objects.all(), to_field_name='name',
|
|
error_messages={'invalid_choice': 'Invalid secret role.'})
|
|
plaintext = forms.CharField()
|
|
|
|
class Meta:
|
|
model = Secret
|
|
fields = ['device', 'role', 'name', 'plaintext']
|
|
|
|
def save(self, *args, **kwargs):
|
|
s = super(SecretFromCSVForm, self).save(*args, **kwargs)
|
|
s.plaintext = str(self.cleaned_data['plaintext'])
|
|
return s
|
|
|
|
|
|
class SecretImportForm(BulkImportForm, BootstrapMixin):
|
|
private_key = forms.CharField(widget=forms.HiddenInput())
|
|
csv = CSVDataField(csv_form=SecretFromCSVForm, widget=forms.Textarea(attrs={'class': 'requires-private-key'}))
|
|
|
|
|
|
class SecretBulkEditForm(forms.Form, BootstrapMixin):
|
|
pk = forms.ModelMultipleChoiceField(queryset=Secret.objects.all(), widget=forms.MultipleHiddenInput)
|
|
role = forms.ModelChoiceField(queryset=SecretRole.objects.all())
|
|
name = forms.CharField(max_length=100, required=False)
|
|
|
|
|
|
class SecretFilterForm(forms.Form, BootstrapMixin):
|
|
role = FilterChoiceField(choices=get_filter_choices(SecretRole, id_field='slug', count_field='secrets'))
|
|
|
|
|
|
#
|
|
# UserKeys
|
|
#
|
|
|
|
class UserKeyForm(forms.ModelForm, BootstrapMixin):
|
|
|
|
class Meta:
|
|
model = UserKey
|
|
fields = ['public_key']
|
|
help_texts = {
|
|
'public_key': "Enter your public RSA key. Keep the private one with you; you'll need it for decryption.",
|
|
}
|
|
|
|
def clean_public_key(self):
|
|
key = self.cleaned_data['public_key']
|
|
|
|
# Validate the RSA key format.
|
|
validate_rsa_key(key, is_secret=False)
|
|
|
|
return key
|
|
|
|
|
|
class ActivateUserKeyForm(forms.Form):
|
|
_selected_action = forms.ModelMultipleChoiceField(queryset=UserKey.objects.all(), label='User Keys')
|
|
secret_key = forms.CharField(label='Your private key', widget=forms.Textarea(attrs={'class': 'vLargeTextField'}))
|