summaryrefslogtreecommitdiffstats
path: root/ipsectools-model.lua
diff options
context:
space:
mode:
Diffstat (limited to 'ipsectools-model.lua')
-rw-r--r--ipsectools-model.lua99
1 files changed, 99 insertions, 0 deletions
diff --git a/ipsectools-model.lua b/ipsectools-model.lua
index 978125e..5497bd0 100644
--- a/ipsectools-model.lua
+++ b/ipsectools-model.lua
@@ -12,6 +12,8 @@ local processname = "racoon"
local packagename = "ipsec-tools"
local baseurl = "/etc/racoon/"
+local path = "PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/sbin:/usr/sbin:/sbin "
+
local descr = {
state={
['9']="Established",
@@ -145,3 +147,100 @@ end
function update_ipsecfiledetails(filedetails)
return modelfunctions.setfiledetails(filedetails, {configfile2})
end
+
+function list_certs()
+ local list = {}
+ for file in fs.find(".*%.pem", baseurl) do
+ list[#list+1] = basename(file)
+ end
+ return cfe({ type="list", value=list, label="IPSEC Certificates" })
+end
+
+function delete_cert(certname)
+ local list = list_certs()
+ local retval = cfe({ label="Delete Certificate result", errtxt="Invalid cert name" })
+ for i,cert in ipairs(list.value) do
+ if cert == certname then
+ os.remove(baseurl..certname)
+ retval.value = "Certificate deleted"
+ retval.errtxt = nil
+ break
+ end
+ end
+ return retval
+end
+
+function new_upload_cert()
+ local value = {}
+ value.cert = cfe({ type="raw", value=0, label="Certificate", descr='File must be a password protected ".pfx" file' })
+ value.password = cfe({ label="Certificate Password" })
+ value.name = cfe({ label="Certificate Local Name" })
+ return cfe({ type="group", value=value })
+end
+
+function upload_cert(newcert)
+ local success = true
+ -- Trying to upload a cert/key
+ -- The way haserl works, cert contains the temporary file name
+ -- First, get the cert
+ local cmd = path .. "openssl pkcs12 -in "..newcert.value.cert.value.." -out "..newcert.value.cert.value.."cert.pem -password pass:"..newcert.value.password.value.." -nokeys -clcerts 2>&1"
+ local f = io.popen(cmd)
+ local cmdresult = f:read("*a")
+ f:close()
+ local filestats = posix.stat(newcert.value.cert.value.."cert.pem")
+ if not filestats or filestats.size == 0 then
+ newcert.value.cert.errtxt = "Could not open certificate\n"..cmdresult
+ success = false
+ end
+
+ -- Now, get the key and the ca certs
+ if success then
+ cmd = path .. "openssl pkcs12 -in "..newcert.value.cert.value.." -out "..newcert.value.cert.value.."key.pem -password pass:"..newcert.value.password.value.." -nocerts -nodes 2>&1"
+ f = io.popen(cmd)
+ cmdresult = f:read("*a")
+ f:close()
+ filestats = posix.stat(newcert.value.cert.value.."key.pem")
+ if not filestats or filestats.size == 0 then
+ newcert.value.cert.errtxt = "Could not find key\n"..cmdresult
+ success = false
+ end
+
+ cmd = path .. "openssl pkcs12 -in "..newcert.value.cert.value.." -out "..newcert.value.cert.value.."ca.pem -password pass:"..newcert.value.password.value.." -nokeys -cacerts 2>&1"
+ f = io.popen(cmd)
+ cmdresult = f:read("*a")
+ f:close()
+ filestats = posix.stat(newcert.value.cert.value.."ca.pem")
+ if not filestats or filestats.size == 0 then
+ newcert.value.cert.errtxt = "Could not find CA certs\n"..cmdresult
+ success = false
+ end
+ end
+
+ if newcert.value.name.value == "" then
+ newcert.value.name.errtxt = "Cannot be blank"
+ success = false
+ elseif posix.stat(baseurl..newcert.value.name.value.."-cert.pem") or posix.stat(baseurl..newcert.value.name.value.."-key.pem") or posix.stat(baseurl..newcert.value.name.value.."-ca.pem") then
+ newcert.value.name.errtxt = "Certificate of this name already exists"
+ success = false
+ end
+
+ if success then
+ if not posix.stat(baseurl) then
+ posix.mkdir(baseurl)
+ end
+ -- copy the keys
+ os.rename(newcert.value.cert.value.."cert.pem", baseurl..newcert.value.name.value.."-cert.pem")
+ os.rename(newcert.value.cert.value.."key.pem", baseurl..newcert.value.name.value.."-key.pem")
+ os.rename(newcert.value.cert.value.."ca.pem", baseurl..newcert.value.name.value.."-ca.pem")
+ posix.chmod(baseurl..newcert.value.name.value.."-key.pem", "rw-------")
+ else
+ newcert.errtxt = "Failed to upload certificate"
+ end
+
+ -- Delete the temporary files
+ cmd = "rm "..newcert.value.cert.value.."*"
+ f = io.popen(cmd)
+ f:close()
+
+ return newcert
+end
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-23 07:58:07 +0000