diff options
author | Ted Trask <ttrask01@yahoo.com> | 2016-08-10 16:03:22 +0000 |
---|---|---|
committer | Ted Trask <ttrask01@yahoo.com> | 2016-08-10 16:03:22 +0000 |
commit | 3cc4b96091a2d42a8e8881f21751efbc17fbb646 (patch) | |
tree | d002e784efef37197f5692ea91a30047b507ec7c | |
parent | 79874d7c8b114634f7f336bf68179c27cc8eac28 (diff) | |
download | acf-openssl-master.tar.bz2 acf-openssl-master.tar.xz |
-rw-r--r-- | Makefile | 6 | ||||
-rw-r--r-- | openssl-controller.lua | 2 | ||||
-rw-r--r-- | openssl-model.lua | 40 | ||||
-rw-r--r-- | openssl-read-html.lsp | 2 |
4 files changed, 25 insertions, 25 deletions
@@ -10,11 +10,11 @@ APP_DIST=\ ETC_DIST=\ openssl-ca-acf.cnf - + EXTRA_DIST=README Makefile config.mk -DISTFILES=$(APP_DIST) $(EXTRA_DIST) $(ETC_DIST) +DISTFILES=$(APP_DIST) $(EXTRA_DIST) $(ETC_DIST) TAR=tar @@ -32,7 +32,7 @@ install: mkdir -p "$(install_dir)" cp -a $(APP_DIST) "$(install_dir)" mkdir -p "$(DESTDIR)/etc/ssl" - cp $(ETC_DIST) $(DESTDIR)/etc/ssl/ + cp $(ETC_DIST) $(DESTDIR)/etc/ssl/ $(tarball): $(DISTFILES) rm -rf $(P) diff --git a/openssl-controller.lua b/openssl-controller.lua index ace61bd..3be27ce 100644 --- a/openssl-controller.lua +++ b/openssl-controller.lua @@ -108,7 +108,7 @@ end mymodule.downloadcacert = function(self) return self.model.getca(self, self.clientdata) end - + -- Generate a self-signed CA mymodule.generatecacert = function(self) return self.handle_form(self, self.model.getnewcarequest, self.model.generateca, self.clientdata, "Generate", "Generate CA Certificate", "Certificate Generated") diff --git a/openssl-model.lua b/openssl-model.lua index a355d98..4e8686c 100644 --- a/openssl-model.lua +++ b/openssl-model.lua @@ -10,7 +10,7 @@ validator = require("acf.validator") -- There are two options of how to allow users to specify the type of certificate they want - the request extensions -- and the ca signing extensions. We have opted for making all requests look the same (same extensions) and defining -- different ca sections for the different types of certificates. The ca section to use when signing the request is --- actually stored in the request filename. The request filename is in the following format: +-- actually stored in the request filename. The request filename is in the following format: -- 'username'.'ca section name'.'common name'.csr local packagename = "openssl" @@ -303,10 +303,10 @@ local listcerts = function(user) local crtlist = {} for i,x in ipairs(files) do local name = string.gsub(posix.basename(x), ".pfx$", "") - local a,b,c,d = string.match(name, + local a,b,c,d = string.match(name, "([^%.]*)%.([^%.]*)%.([^%.]*).([^%.]*)") - list[#list + 1] = {cert=name, user=a, certtype=b, - commonName=unhashname(c), serial=d, enddate=enddate, + list[#list + 1] = {cert=name, user=a, certtype=b, + commonName=unhashname(c), serial=d, enddate=enddate, daysremaining=time} crtlist[#crtlist+1] = "x509 -in "..basedir..certdir..name..".crt -noout -enddate" end @@ -316,9 +316,9 @@ local listcerts = function(user) for i,x in ipairs(files) do local enddate = string.match(outtab[i] or "", "notAfter=(.*)") or "Jan 1 00:00:01 1970 GMT" - local month, day, year = + local month, day, year = string.match(enddate, "(%a+)%s+(%d+)%s+%S+%s+(%d+)") - + local reversemonth = {Jan=1,Feb=2,Mar=3,Apr=4,May=5,Jun=6, Jul=7,Aug=8,Sep=9,Oct=10,Nov=11,Dec=12} local time = os.time({year=year, month=reversemonth[month], day=day}) @@ -350,7 +350,7 @@ end local checkenvironment = function() local errtxt = {} local cmdline = {} - + -- First check for the openssl, req, and cert directories errtxt[#errtxt+1], cmdline[#cmdline+1] = checkdir("openssl directory", basedir) errtxt[#errtxt+1], cmdline[#cmdline+1] = checkdir("new certificate directory", basedir..certdir) @@ -366,16 +366,16 @@ local checkenvironment = function() local file = getconfigentry(config.ca.default_ca, "certificate") chkpath = posix.dirname(file) errtxt[#errtxt+1], cmdline[#cmdline+1] = checkdir("certificate directory", chkpath) - + file = getconfigentry(config.ca.default_ca, "private_key") chkpath = posix.dirname(file) errtxt[#errtxt+1], cmdline[#cmdline+1] = checkdir("private_key directory", chkpath) - + file = getconfigentry(config.ca.default_ca, "database") chkpath = posix.dirname(file) errtxt[#errtxt+1], cmdline[#cmdline+1] = checkdir("database directory", chkpath) errtxt[#errtxt+1], cmdline[#cmdline+1] = checkfile("database", file) - + file = getconfigentry(config.ca.default_ca, "serial") chkpath = posix.dirname(file) errtxt[#errtxt+1], cmdline[#cmdline+1] = checkdir("serial directory", chkpath) @@ -460,13 +460,13 @@ mymodule.getreqdefaults = function(self, clientdata) --Add in the encryption bit default local encryption = config.req.default_bits defaults.value.encryption = cfe({ type="select", label="Encryption Bits", value=encryption, option={"2048", "4096"}, seq=94 }) - + -- Add in the default days local validdays = getconfigentry(config.ca.default_ca, "default_days") defaults.value.validdays = cfe({ type="text", label="Period of Validity (Days)", value=validdays, descr="Number of days this certificate is valid for", seq=95 }) - + -- Add in the ca type default - defaults.value.certtype = cfe({ type="select", label="Certificate Type", + defaults.value.certtype = cfe({ type="select", label="Certificate Type", value=config.ca.default_ca, option=find_ca_sections(), seq=96 }) -- Add in the extensions local extensions = "" @@ -476,7 +476,7 @@ mymodule.getreqdefaults = function(self, clientdata) extensions = format.get_ini_section(content, config.req.req_extensions) end defaults.value.extensions = cfe({ type="longtext", label="Additional x509 Extensions", value=extensions, descr="These extensions can be overridden by the Certificate Type", seq=97 }) - + return defaults end @@ -541,7 +541,7 @@ mymodule.submitrequest = function(self, defaults, submit, user) defaults.errtxt = "Failed to submit request\nRequest already exists" success = false end - + if not tonumber(defaults.value.validdays.value) then defaults.value.validdays.errtxt = "Period of Validity is not a number" success = false @@ -566,13 +566,13 @@ mymodule.submitrequest = function(self, defaults, submit, user) end end end - + fileval = format.update_ini_file(fileval, "req","default_bits",defaults.value.encryption.value) - fileval = format.update_ini_file(fileval, "","default_days",defaults.value.validdays.value) + fileval = format.update_ini_file(fileval, "","default_days",defaults.value.validdays.value) fileval = format.set_ini_section(fileval, ext_section, content) fileval = format.update_ini_file(fileval, "req", "req_extensions", ext_section) fs.write_file(reqname..".cfg", fileval) - + defaults.descr, defaults.errtxt = modelfunctions.run_executable({"openssl", "req", "-nodes", "-new", "-config", reqname..".cfg", "-keyout", reqname..".pem", "-out", reqname..".csr", "-subj", subject}, true) local certfilestats = posix.stat(reqname..".csr") local keyfilestats = posix.stat(reqname..".pem") @@ -641,7 +641,7 @@ mymodule.approverequest = function(self, apprequest) local serialfile = fs.read_file(serialpath) or "" local serial = string.match(serialfile, "%x+") local certname = basedir..certdir..apprequest.value.request.value.."."..serial - + -- Now, sign the certificate apprequest.descr, apprequest.errtxt = modelfunctions.run_executable({"openssl", "ca", "-config", reqpath..".cfg", "-in", reqpath..".csr", "-out", certname..".crt", "-name", certtype, "-batch"}, true) @@ -897,7 +897,7 @@ mymodule.putca = function(self, newca) success = false end end - + -- Now, get the key if success then cmdresult = modelfunctions.run_executable({"openssl", "pkcs12", "-in", newca.value.ca.value, "-out", newca.value.ca.value.."key.pem", "-password", "pass:"..newca.value.password.value, "-nocerts", "-nodes"}, true) diff --git a/openssl-read-html.lsp b/openssl-read-html.lsp index 27c31f2..94c043b 100644 --- a/openssl-read-html.lsp +++ b/openssl-read-html.lsp @@ -99,7 +99,7 @@ if view.value.revoked and #view.value.revoked.value > 0 then else approved = view.value.approved.value end %> - + <% htmlviewfunctions.displaysectionstart(cfe({label="Approved certificate requests"..label}), page_info, header_level) %> <% if #approved == 0 then %> <p>No certificates approved</p> |