diff options
| author | Ted Trask <ttrask01@yahoo.com> | 2008-11-21 20:23:50 +0000 |
|---|---|---|
| committer | Ted Trask <ttrask01@yahoo.com> | 2008-11-21 20:23:50 +0000 |
| commit | a62da60076e0499cba0828f0e1dde658589d7e0e (patch) | |
| tree | 2bb174ca1d6d2bfcf8c37551e833654629b5f69c /ipsectools-model.lua | |
| parent | a5e6a9ba2d9f713362fdab6c28ab53d17832d3d0 (diff) | |
| download | acf-ipsec-tools-a62da60076e0499cba0828f0e1dde658589d7e0e.tar.bz2 acf-ipsec-tools-a62da60076e0499cba0828f0e1dde658589d7e0e.tar.xz | |
Modified ipsectools to add ability to manage certificates.
git-svn-id: svn://svn.alpinelinux.org/acf/ipsec-tools/trunk@1608 ab2d0c66-481e-0410-8bed-d214d4d58bed
Diffstat (limited to 'ipsectools-model.lua')
| -rw-r--r-- | ipsectools-model.lua | 99 |
1 files changed, 99 insertions, 0 deletions
diff --git a/ipsectools-model.lua b/ipsectools-model.lua index 978125e..5497bd0 100644 --- a/ipsectools-model.lua +++ b/ipsectools-model.lua @@ -12,6 +12,8 @@ local processname = "racoon" local packagename = "ipsec-tools" local baseurl = "/etc/racoon/" +local path = "PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/sbin:/usr/sbin:/sbin " + local descr = { state={ ['9']="Established", @@ -145,3 +147,100 @@ end function update_ipsecfiledetails(filedetails) return modelfunctions.setfiledetails(filedetails, {configfile2}) end + +function list_certs() + local list = {} + for file in fs.find(".*%.pem", baseurl) do + list[#list+1] = basename(file) + end + return cfe({ type="list", value=list, label="IPSEC Certificates" }) +end + +function delete_cert(certname) + local list = list_certs() + local retval = cfe({ label="Delete Certificate result", errtxt="Invalid cert name" }) + for i,cert in ipairs(list.value) do + if cert == certname then + os.remove(baseurl..certname) + retval.value = "Certificate deleted" + retval.errtxt = nil + break + end + end + return retval +end + +function new_upload_cert() + local value = {} + value.cert = cfe({ type="raw", value=0, label="Certificate", descr='File must be a password protected ".pfx" file' }) + value.password = cfe({ label="Certificate Password" }) + value.name = cfe({ label="Certificate Local Name" }) + return cfe({ type="group", value=value }) +end + +function upload_cert(newcert) + local success = true + -- Trying to upload a cert/key + -- The way haserl works, cert contains the temporary file name + -- First, get the cert + local cmd = path .. "openssl pkcs12 -in "..newcert.value.cert.value.." -out "..newcert.value.cert.value.."cert.pem -password pass:"..newcert.value.password.value.." -nokeys -clcerts 2>&1" + local f = io.popen(cmd) + local cmdresult = f:read("*a") + f:close() + local filestats = posix.stat(newcert.value.cert.value.."cert.pem") + if not filestats or filestats.size == 0 then + newcert.value.cert.errtxt = "Could not open certificate\n"..cmdresult + success = false + end + + -- Now, get the key and the ca certs + if success then + cmd = path .. "openssl pkcs12 -in "..newcert.value.cert.value.." -out "..newcert.value.cert.value.."key.pem -password pass:"..newcert.value.password.value.." -nocerts -nodes 2>&1" + f = io.popen(cmd) + cmdresult = f:read("*a") + f:close() + filestats = posix.stat(newcert.value.cert.value.."key.pem") + if not filestats or filestats.size == 0 then + newcert.value.cert.errtxt = "Could not find key\n"..cmdresult + success = false + end + + cmd = path .. "openssl pkcs12 -in "..newcert.value.cert.value.." -out "..newcert.value.cert.value.."ca.pem -password pass:"..newcert.value.password.value.." -nokeys -cacerts 2>&1" + f = io.popen(cmd) + cmdresult = f:read("*a") + f:close() + filestats = posix.stat(newcert.value.cert.value.."ca.pem") + if not filestats or filestats.size == 0 then + newcert.value.cert.errtxt = "Could not find CA certs\n"..cmdresult + success = false + end + end + + if newcert.value.name.value == "" then + newcert.value.name.errtxt = "Cannot be blank" + success = false + elseif posix.stat(baseurl..newcert.value.name.value.."-cert.pem") or posix.stat(baseurl..newcert.value.name.value.."-key.pem") or posix.stat(baseurl..newcert.value.name.value.."-ca.pem") then + newcert.value.name.errtxt = "Certificate of this name already exists" + success = false + end + + if success then + if not posix.stat(baseurl) then + posix.mkdir(baseurl) + end + -- copy the keys + os.rename(newcert.value.cert.value.."cert.pem", baseurl..newcert.value.name.value.."-cert.pem") + os.rename(newcert.value.cert.value.."key.pem", baseurl..newcert.value.name.value.."-key.pem") + os.rename(newcert.value.cert.value.."ca.pem", baseurl..newcert.value.name.value.."-ca.pem") + posix.chmod(baseurl..newcert.value.name.value.."-key.pem", "rw-------") + else + newcert.errtxt = "Failed to upload certificate" + end + + -- Delete the temporary files + cmd = "rm "..newcert.value.cert.value.."*" + f = io.popen(cmd) + f:close() + + return newcert +end |