feat(logjam): removed logjam scanner

api/desecapi/tests/testlogjamscanner.py

@@ -1,16 +0,0 @@
-from django.core.urlresolvers import reverse
-from rest_framework import status
-from rest_framework.test import APITestCase
-from utils import utils
-from django.db import transaction
-from desecapi.models import Domain
-from django.core import mail
-import httpretty
-from django.conf import settings
-
-
-class LogjamScannerTest(APITestCase):
-    def testBasicSubprocess(self):
-        url = reverse('scan-logjam')
-        response = self.client.get(url, {'host':'google.com', 'port':'443', 'starttls':'none'}, format='json')
-        self.assertEqual(response.status_code, status.HTTP_200_OK)

api/desecapi/urls.py

@@ -9,7 +9,6 @@ apiurls = [
     url(r'^domains/(?P<pk>[0-9]+)/$', DomainDetail.as_view(), name='domain-detail'),
     url(r'^domains/(?P<name>[a-zA-Z\.\-0-9]+)/$', DomainDetailByName.as_view(), name='domain-detail/byName'),
     url(r'^dns$', DnsQuery.as_view(), name='dns-query'),
-    url(r'^scan/logjam$', ScanLogjam.as_view(), name='scan-logjam'),
     url(r'^dyndns/update$', DynDNS12Update.as_view(), name='dyndns12update'),
     url(r'^donation/', DonationList.as_view(), name='donation'),
 ]

api/desecapi/views.py

@@ -130,82 +130,6 @@ class DnsQuery(APIView):
             '_nameserver': desecio.nameservers
         })
 
-class ScanLogjam(APIView):
-    def get(self, request, format=None):
-        # retrieve address to connect to
-        addr = str(request.GET['host']) + ':' + str(int(request.GET['port']))
-        starttls = str(request.GET['starttls'])
-
-        def getOpenSSLOutput(cipher, connect, starttls=None, openssl='openssl-1.0.2a'):
-            if starttls not in ['smtp', 'pop3', 'imap', 'ftp', 'xmpp']:
-                starttls = None
-
-            if starttls:
-                starttlsparams = ['-starttls', starttls]
-            else:
-                starttlsparams = []
-
-            if cipher:
-                cipherparams = ['-cipher', cipher]
-            else:
-                cipherparams = []
-
-            cmd = [
-                      openssl,
-                      's_client',
-                      '-connect',
-                      connect
-                  ] + starttlsparams + cipherparams
-            p_openssl = subprocess.Popen(cmd,
-                                         stdin=subprocess.PIPE,
-                                         stdout=subprocess.PIPE,
-                                         stderr=subprocess.PIPE)
-            stdout, stderr = p_openssl.communicate()
-
-            return (stdout, stderr)
-
-        # check if there is an SSL-enabled host
-        output = getOpenSSLOutput(None, addr, openssl='openssl')
-        if (not re.search('SSL-Session:', output[0])):
-            raise Http404('Can\'t connect via SSL/TLS')
-
-        # find DH size
-        dhsize = None
-        output = getOpenSSLOutput('EDH', addr, starttls)
-        res = re.search('Server Temp Key: DH, ([0-9]+) bits', output[0])
-        if res:
-            dhsize = int(res.group(1))
-        else:
-            if (re.search('handshake failure:', output[1])):
-                # server does not accept EDH connections, or no connections at all
-                pass
-            else:
-                raise Http404('Failed to determine DH key size.')
-
-        # check EXP cipher suits
-        exp = True
-        output = getOpenSSLOutput('EXP', addr, starttls)
-        res = re.search('handshake failure:', output[1])
-        if res:
-            exp = False
-        else:
-            if (re.search('SSL-Session:', output[0])):
-                # connection was established
-                exp = True
-            else:
-                raise Exception('Failed to check for EXP cipher suits.')
-
-        return Response({
-            'openssl': {
-                'addr': addr,
-                'logjam': {
-                    'dhsize': dhsize,
-                    'expcipher': exp
-                },
-                'version': 'openssl-1.0.2a',
-            }
-        })
-
 
 class DynDNS12Update(APIView):
     authentication_classes = (TokenAuthentication, BasicTokenAuthentication, URLParamAuthentication,)