Change all actions to include a basedir action as a first stop for supporting multiple CAs

author: Ted Trask <ttrask01@yahoo.com> 2015-01-31 22:24:01 -0500
committer: Ted Trask <ttrask01@yahoo.com> 2015-01-31 22:24:01 -0500
commit: 168f8e45c8d83372e8786dbca2d076555100a5ea (patch)
tree: 971edf186f4d4ef3592136d28f0a41863a3414ed
parent: 97c66e10c5bc12415eeb6b0f2c6470d6e5b7f9a1 (diff)
download: acf-openssl-168f8e45c8d83372e8786dbca2d076555100a5ea.tar.bz2
acf-openssl-168f8e45c8d83372e8786dbca2d076555100a5ea.tar.xz
1 files changed, 144 insertions, 127 deletions
diff --git a/openssl-model.lua b/openssl-model.lua
index 2c1a54a..86bc3e7 100644
--- a/openssl-model.lua
+++ b/openssl-model.lua
@@ -31,9 +31,19 @@ local extensions = { "basicConstraints", "nsCertType", "nsComment", "keyUsage",
 -- list of entries that must be found in ca section (used to define our certificate types)
 local ca_mandatory_entries = { "new_certs_dir", "certificate", "private_key", "default_md", "database", "serial", "policy", "default_days" }
 
+local initializecfe = function(self, clientdata, label)
+	local retval = cfe({ type="group", value={}, label=label or "" })
+	retval.value.basedir = cfe({ label="Base Directory", key=true })
+	self.handle_clientdata(retval, clientdata)
+	if retval.value.basedir.value ~= "" then
+		openssldir = retval.value.basedir.value
+	end
+	return retval
+end
+
 -- Create a cfe with the distinguished name defaults
-local getdefaults = function()
-	local defaults = cfe({ type="group", value={} })
+local getdefaults = function(self, clientdata)
+	local defaults = initializecfe(self, clientdata, "OpenSSL Request")
 	config = config or format.parse_ini_file(fs.read_file(openssldir..configfile) or "")
 	local distinguished_name = config.req.distinguished_name or ""
 
@@ -316,68 +326,124 @@ local listrevoked = function()
 	return cfe({ type="list", value=revoked, label="Revoked serial numbers" })
 end
 
+local checkenvironment = function()
+	local errtxt = {}
+	local cmdline = {}
+	
+	-- First check for the openssl, req, and cert directories
+	errtxt[#errtxt+1], cmdline[#cmdline+1] = checkdir("openssl directory", openssldir)
+	errtxt[#errtxt+1], cmdline[#cmdline+1] = checkdir("new certificate directory", openssldir..certdir)
+	errtxt[#errtxt+1], cmdline[#cmdline+1] = checkdir("request directory", openssldir..requestdir)
+
+	-- Then check for the config file entries
+	config = config or format.parse_ini_file(fs.read_file(openssldir..configfile) or "")
+
+	if config then
+		local chkpath = getconfigentry(config.ca.default_ca, "new_certs_dir")
+		errtxt[#errtxt+1], cmdline[#cmdline+1] = checkdir("new_certs_dir", chkpath)
+
+		local file = getconfigentry(config.ca.default_ca, "certificate")
+		chkpath = posix.dirname(file)
+		errtxt[#errtxt+1], cmdline[#cmdline+1] = checkdir("certificate directory", chkpath)
+	
+		file = getconfigentry(config.ca.default_ca, "private_key")
+		chkpath = posix.dirname(file)
+		errtxt[#errtxt+1], cmdline[#cmdline+1] = checkdir("private_key directory", chkpath)
+	
+		file = getconfigentry(config.ca.default_ca, "database")
+		chkpath = posix.dirname(file)
+		errtxt[#errtxt+1], cmdline[#cmdline+1] = checkdir("database directory", chkpath)
+		errtxt[#errtxt+1], cmdline[#cmdline+1] = checkfile("database", file)
+	
+		file = getconfigentry(config.ca.default_ca, "serial")
+		chkpath = posix.dirname(file)
+		errtxt[#errtxt+1], cmdline[#cmdline+1] = checkdir("serial directory", chkpath)
+		errtxt[#errtxt+1], cmdline[#cmdline+1] = checkfile("serial", file, "01")
+
+		file = getconfigentry(config.ca.default_ca, "crlnumber")
+		if file ~= "" then
+			chkpath = posix.dirname(file)
+			errtxt[#errtxt+1], cmdline[#cmdline+1] = checkdir("crlnumber directory", chkpath)
+			errtxt[#errtxt+1], cmdline[#cmdline+1] = checkfile("crlnumber", file, "01")
+		end
+	else
+		errtxt[#errtxt+1] = "Configuration invalid"
+	end
+
+	errtxt = table.concat(errtxt, '\n')
+	local value
+	if errtxt == "" then
+		errtxt = nil
+		value = "Environment ready"
+	else
+		value = "Environment not ready"
+	end
+	return cfe({ value=value, errtxt=errtxt, cmdline=cmdline, label="Environment" })
+end
+
 mymodule.getstatus = function(self, clientdata)
 	-- set the working directory and umask once for model
 	posix.umask("rw-------")
 	posix.chdir(openssldir)
+	local retval = initializecfe(self, clientdata, "OpenSSL status")
 	local value,errtxt=processinfo.package_version(packagename)
-	local version = cfe({ value=value, errtxt=errtxt, label="Program version", name=packagename })
-	local conffile = cfe({ value=openssldir..configfile, label="Configuration file" })
-	local cacert = cfe({ label="CA Certificate" })
-	local cacertcontents = cfe({ type="longtext", label="CA Certificate contents" })
-	local cakey = cfe({ label="CA Key" })
+	retval.value.version = cfe({ value=value, errtxt=errtxt, label="Program version", name=packagename })
+	retval.value.conffile = cfe({ value=openssldir..configfile, label="Configuration file" })
+	retval.value.cacert = cfe({ label="CA Certificate" })
+	retval.value.cacertcontents = cfe({ type="longtext", label="CA Certificate contents" })
+	retval.value.cakey = cfe({ label="CA Key" })
 	if not fs.is_file(openssldir..configfile) then
-		conffile.errtxt="File not found"
-		cacert.errtxt="File not defined"
-		cacertcontents.errtxt=""
-		cakey.errtxt="File not defined"
+		retval.value.conffile.errtxt="File not found"
+		retval.value.cacert.errtxt="File not defined"
+		retval.value.cacertcontents.errtxt=""
+		retval.value.cakey.errtxt="File not defined"
 	else
 		config = config or format.parse_ini_file(fs.read_file(openssldir..configfile) or "")
 		if (not config) or (not config.ca) or (not config.ca.default_ca) then
-			conffile.errtxt="Invalid config file"
-			cacert.errtxt="File not defined"
-			cacertcontents.errtxt=""
-			cakey.errtxt="File not defined"
+			retval.value.conffile.errtxt="Invalid config file"
+			retval.value.cacert.errtxt="File not defined"
+			retval.value.cacertcontents.errtxt=""
+			retval.value.cakey.errtxt="File not defined"
 		else
-			cacert.value = getconfigentry(config.ca.default_ca, "certificate")
-			if not fs.is_file(cacert.value) then
-				cacert.errtxt="File not found"
+			retval.value.cacert.value = getconfigentry(config.ca.default_ca, "certificate")
+			if not fs.is_file(retval.value.cacert.value) then
+				retval.value.cacert.errtxt="File not found"
 			else
-				cacertcontents.value, cacertcontents.errtxt = modelfunctions.run_executable({"openssl", "x509", "-in", cacert.value, "-noout", "-text"})
-				local enddate = string.match(cacertcontents.value, "Not After : (.*)")
+				retval.value.cacertcontents.value, retval.value.cacertcontents.errtxt = modelfunctions.run_executable({"openssl", "x509", "-in", retval.value.cacert.value, "-noout", "-text"})
+				local enddate = string.match(retval.value.cacertcontents.value, "Not After : (.*)")
 				local month, day, year = string.match(enddate, "(%a+)%s+(%d+)%s+%S+%s+(%d+)")
 
 				local reversemonth = {Jan=1,Feb=2,Mar=3,Apr=4,May=5,Jun=6,Jul=7,Aug=8,Sep=9,Oct=10,Nov=11,Dec=12}
 				local time = os.time({year=year, month=reversemonth[month], day=day})
 				if os.time() > time then
 					time = 0
-					cacert.errtxt="Certificate expired"
+					retval.value.cacert.errtxt="Certificate expired"
 				else
 					time = (time-os.time())/86400
 				end
-				cacert.daysremaining=time
+				retval.value.cacert.daysremaining=time
 			end
-			cakey.value = getconfigentry(config.ca.default_ca, "private_key")
-			if not fs.is_file(cakey.value) then
-				cakey.errtxt="File not found"
+			retval.value.cakey.value = getconfigentry(config.ca.default_ca, "private_key")
+			if not fs.is_file(retval.value.cakey.value) then
+				retval.value.cakey.errtxt="File not found"
 			end
 		end
 	end
-	local environment = mymodule.checkenvironment()
-	return cfe({ type="group", value={version=version, conffile=conffile, environment=environment, cacert=cacert, cacertcontents=cacertcontents, cakey=cakey}, label="OpenSSL status" })
+	retval.value.environment = checkenvironment()
+	return retval
 end
 
-mymodule.getreqdefaults = function()
-	local defaults = getdefaults()
-
-	 --Add in the encryption bit default
-         local encryption = config.req.default_bits
-         defaults.value.encryption = cfe({ type="select", label="Encryption Bits", value=encryption, option={"2048", "4096"}, seq=94 })
-
-         -- Add in the default days
-         local validdays = getconfigentry(config.ca.default_ca, "default_days")
-         defaults.value.validdays = cfe({ type="text", label="Period of Validity (Days)", value=validdays, descr="Number of days this certificate is valid for", seq=95 })
+mymodule.getreqdefaults = function(self, clientdata)
+	local defaults = getdefaults(self, clientdata)
 
+	--Add in the encryption bit default
+	local encryption = config.req.default_bits
+	defaults.value.encryption = cfe({ type="select", label="Encryption Bits", value=encryption, option={"2048", "4096"}, seq=94 })
+	
+	-- Add in the default days
+	local validdays = getconfigentry(config.ca.default_ca, "default_days")
+	defaults.value.validdays = cfe({ type="text", label="Period of Validity (Days)", value=validdays, descr="Number of days this certificate is valid for", seq=95 })
+	
 	-- Add in the ca type default
 	defaults.value.certtype = cfe({ type="select", label="Certificate Type", 
 		value=config.ca.default_ca, option=find_ca_sections(), seq=96 })
@@ -389,7 +455,7 @@ mymodule.getreqdefaults = function()
 		extensions = format.get_ini_section(content, config.req.req_extensions)
 	end
 	defaults.value.extensions = cfe({ type="longtext", label="Additional x509 Extensions", value=extensions, descr="These extensions can be overridden by the Certificate Type", seq=97 })
-
+	
 	return defaults
 end
 
@@ -508,7 +574,7 @@ mymodule.submitrequest = function(self, defaults, submit, user)
 end
 
 mymodule.readall = function(self, clientdata)
-	local result = cfe({ type="group", value={}, label="All Certificates" })
+	local result = initializecfe(self, clientdata, "All Certificates")
 	result.value.pending = listrequests()
 	result.value.approved = listcerts()
 	result.value.revoked = listrevoked()
@@ -516,7 +582,7 @@ mymodule.readall = function(self, clientdata)
 end
 
 mymodule.readuser = function(self, clientdata, user)
-	local result = cfe({ type="group", value={}, label="Certificates for "..user })
+	local result = initializecfe(self, clientdata, "Certificates for "..user)
 	result.value.user = cfe({ value=user, label="User Name" })
 	result.value.pending = listrequests(user)
 	result.value.approved = listcerts(user)
@@ -525,7 +591,7 @@ mymodule.readuser = function(self, clientdata, user)
 end
 
 mymodule.viewrequest = function(self, clientdata)
-	local retval = cfe({ type="group", value={}, label="Request" })
+	local retval = initializecfe(self, clientdata, "Request")
 	retval.value.request = cfe({ label="Request", key=true })
         self.handle_clientdata(retval, clientdata)
 
@@ -538,9 +604,9 @@ mymodule.viewrequest = function(self, clientdata)
 end
 
 mymodule.getapproverequest = function(self, clientdata)
-	local retval = {}
-	retval.request = cfe({ value=clientdata.request or "", label="Request" })
-	return cfe({ type="group", value=retval, label="Approve Request" })
+	local retval = initializecfe(self, clientdata, "Approve Request")
+	retval.value.request = cfe({ value=clientdata.request or "", label="Request" })
+	return retval
 end
 
 mymodule.approverequest = function(self, apprequest)
@@ -592,9 +658,9 @@ mymodule.approverequest = function(self, apprequest)
 end
 
 mymodule.getdeleterequest = function(self, clientdata)
-	local retval = {}
-	retval.request = cfe({ value=clientdata.request or "", label="Request" })
-	return cfe({ type="group", value=retval, label="Delete Request" })
+	local retval = initializecfe(self, clientdata, "Delete Request")
+	retval.value.request = cfe({ value=clientdata.request or "", label="Request" })
+	return retval
 end
 
 mymodule.deleterequest = function(self, delrequest, submit, user)
@@ -614,7 +680,7 @@ mymodule.deleterequest = function(self, delrequest, submit, user)
 end
 
 mymodule.viewcert = function(self, clientdata)
-	local retval = cfe({ type="group", value={}, label="Certificate" })
+	local retval = initializecfe(self, clientdata, "Certificate")
 	retval.value.cert = cfe({ label="Certificate", key=true })
         self.handle_clientdata(retval, clientdata)
 
@@ -626,7 +692,7 @@ mymodule.viewcert = function(self, clientdata)
 end
 
 mymodule.getcert = function(self, clientdata)
-	local retval = cfe({ type="group", value={}, label="Certificate" })
+	local retval = initializecfe(self, clientdata, "Certificate")
 	retval.value.cert = cfe({ label="Certificate", key=true })
 	self.handle_clientdata(retval, clientdata)
 
@@ -642,9 +708,9 @@ mymodule.getcert = function(self, clientdata)
 end
 
 mymodule.getrevokecert = function(self, clientdata)
-	retval = {}
-	retval.cert = cfe({ value=clientdata.cert or "", label="Certificate" })
-	return cfe({ type="group", value=retval, label="Revoke Certificate" })
+	local retval = initializecfe(self, clientdata, "Revoke Certificate")
+	retval.value.cert = cfe({ value=clientdata.cert or "", label="Certificate" })
+	return retval
 end
 
 mymodule.revokecert = function(self, revreq)
@@ -653,9 +719,9 @@ mymodule.revokecert = function(self, revreq)
 end
 
 mymodule.getdeletecert = function(self, clientdata)
-	retval = {}
-	retval.cert = cfe({ value=clientdata.cert or "", label="Certificate" })
-	return cfe({ type="group", value=retval, label="Delete Certificate" })
+	local retval = initializecfe(self, clientdata, "Delete Certificate")
+	retval.value.cert = cfe({ value=clientdata.cert or "", label="Certificate" })
+	return retval
 end
 
 mymodule.deletecert = function(self, delcert)
@@ -671,9 +737,9 @@ mymodule.deletecert = function(self, delcert)
 end
 
 mymodule.getrenewcert = function(self, clientdata)
-	retval = {}
-	retval.cert = cfe({ value=clientdata.cert or "", label="Certificate" })
-	return cfe({ type="group", value=retval, label="Renew Certificate" })
+	local retval = initializecfe(self, clientdata, "Renew Certificate")
+	retval.value.cert = cfe({ value=clientdata.cert or "", label="Certificate" })
+	return retval
 end
 
 mymodule.renewcert = function(self, recert, submit, approve)
@@ -727,7 +793,7 @@ mymodule.renewcert = function(self, recert, submit, approve)
 end
 
 mymodule.getcrl = function(self, clientdata)
-	local retval = cfe({ type="group", value={}, label="Certificate Revocation List" })
+	local retval = initializecfe(self, clientdata, "Certificate Revocation List")
 	retval.value.crltype = cfe({ type="select", value="", option={"", "DER", "PEM"}, label="CRL Type", key=true })
 	self.handle_clientdata(retval, clientdata)
 
@@ -751,7 +817,7 @@ mymodule.getcrl = function(self, clientdata)
 end
 
 mymodule.getca = function(self, clientdata)
-	local retval = cfe({ type="group", value={}, label="CA Certificate" })
+	local retval = initializecfe(self, clientdata, "CA Certificate")
 	retval.value.certtype = cfe({ type="select", value="", option={"", "DER", "PEM"}, label="Certificate Type", key=true })
 	self.handle_clientdata(retval, clientdata)
 
@@ -777,10 +843,11 @@ mymodule.getca = function(self, clientdata)
 	return retval
 end
 
-mymodule.getnewputca = function()
-	local ca = cfe({ type="raw", value=0, label="CA Certificate", descr='File must be a password protected ".pfx" file', seq=1 })
-	local password = cfe({ type="password", label="Certificate Password", seq=2 })
-	return cfe({ type="group", value={ca=ca, password=password} })
+mymodule.getnewputca = function(self, clientdata)
+	local retval = initializecfe(self, clientdata, "Upload CA Certificate")
+	retval.value.ca = cfe({ type="raw", value=0, label="CA Certificate", descr='File must be a password protected ".pfx" file', seq=1 })
+	retval.value.password = cfe({ type="password", label="Certificate Password", seq=2 })
+	return retval
 end
 
 mymodule.putca = function(self, newca)
@@ -840,8 +907,8 @@ mymodule.putca = function(self, newca)
 	return newca
 end
 
-mymodule.getnewcarequest = function()
-	request = getdefaults()
+mymodule.getnewcarequest = function(self, clientdata)
+	request = getdefaults(self, clientdata)
 	-- In addition to the distinguished name defaults, we need days
 	request.value.days = cfe({ value="365", label="Number of days to certify", seq=95 })
 	return request
@@ -886,8 +953,13 @@ mymodule.generateca = function(self, defaults)
 	return defaults
 end
 
-mymodule.getconfigfile = function()
-	return modelfunctions.getfiledetails(openssldir..configfile)
+mymodule.getconfigfile = function(self, clientdata)
+	local retval = initializecfe(self, clientdata, "")
+	local retval2 = modelfunctions.getfiledetails(openssldir..configfile)
+	for name,value in pairs(retval.value) do
+		retval2.value.name = value
+	end
+	return retval2
 end
 
 mymodule.setconfigfile = function(self, filedetails)
@@ -896,9 +968,9 @@ mymodule.setconfigfile = function(self, filedetails)
 end
 
 mymodule.getenvironment = function(self, clientdata)
-	local retval = {}
-	retval.status = mymodule.checkenvironment()
-	return cfe({ type="group", value=retval, label="Check Environment" })
+	local retval = initializecfe(self, clientdata, "Check Environment")
+	retval.value.status = checkenvironment()
+	return retval
 end
 
 mymodule.setenvironment = function(self, setenv)
@@ -906,66 +978,11 @@ mymodule.setenvironment = function(self, setenv)
 	for x,cmd in ipairs(setenv.value.status.cmdline) do
 		cmd()
 	end
-	setenv.value.status = mymodule.checkenvironment()
+	setenv.value.status = checkenvironment()
 	if setenv.value.status.errtxt then
 		setenv.errtxt = "Failed to Configure Environment"
 	end
 	return setenv
 end
 
-mymodule.checkenvironment = function()
-	local errtxt = {}
-	local cmdline = {}
-	
-	-- First check for the openssl, req, and cert directories
-	errtxt[#errtxt+1], cmdline[#cmdline+1] = checkdir("openssl directory", openssldir)
-	errtxt[#errtxt+1], cmdline[#cmdline+1] = checkdir("new certificate directory", openssldir..certdir)
-	errtxt[#errtxt+1], cmdline[#cmdline+1] = checkdir("request directory", openssldir..requestdir)
-
-	-- Then check for the config file entries
-	config = config or format.parse_ini_file(fs.read_file(openssldir..configfile) or "")
-
-	if config then
-		local chkpath = getconfigentry(config.ca.default_ca, "new_certs_dir")
-		errtxt[#errtxt+1], cmdline[#cmdline+1] = checkdir("new_certs_dir", chkpath)
-
-		local file = getconfigentry(config.ca.default_ca, "certificate")
-		chkpath = posix.dirname(file)
-		errtxt[#errtxt+1], cmdline[#cmdline+1] = checkdir("certificate directory", chkpath)
-	
-		file = getconfigentry(config.ca.default_ca, "private_key")
-		chkpath = posix.dirname(file)
-		errtxt[#errtxt+1], cmdline[#cmdline+1] = checkdir("private_key directory", chkpath)
-	
-		file = getconfigentry(config.ca.default_ca, "database")
-		chkpath = posix.dirname(file)
-		errtxt[#errtxt+1], cmdline[#cmdline+1] = checkdir("database directory", chkpath)
-		errtxt[#errtxt+1], cmdline[#cmdline+1] = checkfile("database", file)
-	
-		file = getconfigentry(config.ca.default_ca, "serial")
-		chkpath = posix.dirname(file)
-		errtxt[#errtxt+1], cmdline[#cmdline+1] = checkdir("serial directory", chkpath)
-		errtxt[#errtxt+1], cmdline[#cmdline+1] = checkfile("serial", file, "01")
-
-		file = getconfigentry(config.ca.default_ca, "crlnumber")
-		if file ~= "" then
-			chkpath = posix.dirname(file)
-			errtxt[#errtxt+1], cmdline[#cmdline+1] = checkdir("crlnumber directory", chkpath)
-			errtxt[#errtxt+1], cmdline[#cmdline+1] = checkfile("crlnumber", file, "01")
-		end
-	else
-		errtxt[#errtxt+1] = "Configuration invalid"
-	end
-
-	errtxt = table.concat(errtxt, '\n')
-	local value
-	if errtxt == "" then
-		errtxt = nil
-		value = "Environment ready"
-	else
-		value = "Environment not ready"
-	end
-	return cfe({ value=value, errtxt=errtxt, cmdline=cmdline, label="Environment" })
-end
-
 return mymodule
author	Ted Trask <ttrask01@yahoo.com>	2015-01-31 22:24:01 -0500
committer	Ted Trask <ttrask01@yahoo.com>	2015-01-31 22:24:01 -0500
commit	168f8e45c8d83372e8786dbca2d076555100a5ea (patch)
tree	971edf186f4d4ef3592136d28f0a41863a3414ed
parent	97c66e10c5bc12415eeb6b0f2c6470d6e5b7f9a1 (diff)
download	acf-openssl-168f8e45c8d83372e8786dbca2d076555100a5ea.tar.bz2 acf-openssl-168f8e45c8d83372e8786dbca2d076555100a5ea.tar.xz