Add support for custom certificate (partially)
This commit is contained in:
parent
00434b9a25
commit
c9a53833e2
|
@ -52,3 +52,7 @@ class FindingWithoutDetailsError(Exception):
|
|||
|
||||
class DomainControllerNameFetchError(FailedExploitationError):
|
||||
""" Raise on failed attempt to extract domain controller's name """
|
||||
|
||||
|
||||
class InsecurePermissionsError(Exception):
|
||||
""" Raise when a file does not have permissions that are secure enough """
|
||||
|
|
|
@ -22,13 +22,13 @@ from monkey_island.cc.arg_parser import IslandCmdArgs # noqa: E402
|
|||
from monkey_island.cc.arg_parser import parse_cli_args # noqa: E402
|
||||
from monkey_island.cc.resources.monkey_download import MonkeyDownload # noqa: E402
|
||||
from monkey_island.cc.server_utils.bootloader_server import BootloaderHttpServer # noqa: E402
|
||||
from monkey_island.cc.server_utils.consts import MONKEY_ISLAND_ABS_PATH # noqa: E402
|
||||
from monkey_island.cc.server_utils.encryptor import initialize_encryptor # noqa: E402
|
||||
from monkey_island.cc.server_utils.island_logger import reset_logger, setup_logging # noqa: E402
|
||||
from monkey_island.cc.services.initialize import initialize_services # noqa: E402
|
||||
from monkey_island.cc.services.reporting.exporter_init import populate_exporter_list # noqa: E402
|
||||
from monkey_island.cc.services.utils.network_utils import local_ip_addresses # noqa: E402
|
||||
from monkey_island.cc.setup.island_config_options import IslandConfigOptions # noqa: E402
|
||||
from monkey_island.cc.setup.certificate.certificate_setup import setup_certificate # noqa: E402
|
||||
from monkey_island.cc.setup.mongo.database_initializer import init_collections # noqa: E402
|
||||
from monkey_island.cc.setup.mongo.mongo_setup import ( # noqa: E402
|
||||
MONGO_URL,
|
||||
|
@ -83,8 +83,7 @@ def _start_island_server(should_setup_only, config_options: IslandConfigOptions)
|
|||
populate_exporter_list()
|
||||
app = init_app(MONGO_URL)
|
||||
|
||||
crt_path = str(Path(MONKEY_ISLAND_ABS_PATH, "cc", "server.crt"))
|
||||
key_path = str(Path(MONKEY_ISLAND_ABS_PATH, "cc", "server.key"))
|
||||
crt_path, key_path = setup_certificate(config_options)
|
||||
|
||||
init_collections()
|
||||
|
||||
|
|
|
@ -46,3 +46,6 @@ DEFAULT_DEVELOP_SERVER_CONFIG_PATH = os.path.join(
|
|||
|
||||
DEFAULT_LOG_LEVEL = "INFO"
|
||||
DEFAULT_START_MONGO_DB = True
|
||||
|
||||
DEFAULT_CRT_PATH = str(Path(MONKEY_ISLAND_ABS_PATH, "cc", "server.crt"))
|
||||
DEFAULT_KEY_PATH = str(Path(MONKEY_ISLAND_ABS_PATH, "cc", "server.key"))
|
||||
|
|
|
@ -0,0 +1,23 @@
|
|||
import os
|
||||
|
||||
from common.utils.exceptions import InsecurePermissionsError
|
||||
from monkey_island.setup.island_config_options import IslandConfigOptions
|
||||
|
||||
|
||||
def setup_certificate(config_options: IslandConfigOptions) -> (str, str):
|
||||
crt_path = config_options.crt_path
|
||||
key_path = config_options.key_path
|
||||
|
||||
# check paths
|
||||
for file in [crt_path, key_path]:
|
||||
if not os.path.exists(file):
|
||||
raise FileNotFoundError(f"File not found at {file}. Exiting.")
|
||||
|
||||
if not has_sufficient_permissions(file):
|
||||
raise InsecurePermissionsError(f"{file} has insecure permissions. Exiting.")
|
||||
|
||||
return crt_path, key_path
|
||||
|
||||
|
||||
def has_sufficient_permissions():
|
||||
pass
|
|
@ -3,7 +3,9 @@ from __future__ import annotations
|
|||
import os
|
||||
|
||||
from monkey_island.cc.server_utils.consts import (
|
||||
DEFAULT_CRT_PATH,
|
||||
DEFAULT_DATA_DIR,
|
||||
DEFAULT_KEY_PATH,
|
||||
DEFAULT_LOG_LEVEL,
|
||||
DEFAULT_START_MONGO_DB,
|
||||
)
|
||||
|
@ -14,8 +16,12 @@ class IslandConfigOptions:
|
|||
self.data_dir = os.path.expandvars(
|
||||
os.path.expanduser(config_contents.get("data_dir", DEFAULT_DATA_DIR))
|
||||
)
|
||||
|
||||
self.log_level = config_contents.get("log_level", DEFAULT_LOG_LEVEL)
|
||||
|
||||
self.start_mongodb = config_contents.get(
|
||||
"mongodb", {"start_mongodb": DEFAULT_START_MONGO_DB}
|
||||
).get("start_mongodb", DEFAULT_START_MONGO_DB)
|
||||
|
||||
self.crt_path = config_contents.get("cert_path", DEFAULT_CRT_PATH)
|
||||
self.key_path = config_contents.get("cert_path", DEFAULT_KEY_PATH)
|
||||
|
|
Loading…
Reference in New Issue