summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorTed Trask <ttrask01@yahoo.com>2013-01-01 22:46:36 +0000
committerTed Trask <ttrask01@yahoo.com>2013-01-01 22:46:36 +0000
commit29248160e70e123e5fae479344b8bc69d58034bf (patch)
treebe1b5d66e8b84c77cb299eaca0af68e2d22eb55d
parent0b5914ae86262efd87a9ae38a0dfa9a33296fc27 (diff)
downloadacf-openssl-29248160e70e123e5fae479344b8bc69d58034bf.tar.bz2
acf-openssl-29248160e70e123e5fae479344b8bc69d58034bf.tar.xz
Replace io.popen with modelfunctions.run_executable
-rw-r--r--openssl-model.lua95
1 files changed, 25 insertions, 70 deletions
diff --git a/openssl-model.lua b/openssl-model.lua
index d998664..b9c48a7 100644
--- a/openssl-model.lua
+++ b/openssl-model.lua
@@ -18,7 +18,6 @@ local configfile = "/etc/ssl/openssl-ca-acf.cnf"
local requestdir = "/etc/ssl/req/"
local certdir = "/etc/ssl/cert/"
local openssldir = "/etc/ssl/"
-local path = "PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/sbin:/usr/sbin:/sbin "
-- Save the config in a variable so isn't loaded each and every time needed
local config = nil
@@ -279,10 +278,7 @@ getstatus = function()
if not fs.is_file(cacert.value) then
cacert.errtxt="File not found"
else
- local cmd = path .. "openssl x509 -in "..format.escapespecialcharacters(cacert.value).." -noout -text"
- local f = io.popen(cmd)
- cacertcontents.value = f:read("*a")
- f:close()
+ cacertcontents.value, cacertcontents.errtxt = modelfunctions.run_executable({"openssl", "x509", "-in", cacert.value, "-noout", "-text"})
local enddate = string.match(cacertcontents.value, "Not After : (.*)")
local month, day, year = string.match(enddate, "(%a+)%s+(%d+)%s+%S+%s+(%d+)")
@@ -430,11 +426,7 @@ submitrequest = function(defaults, user)
fileval = format.update_ini_file(fileval, "req", "req_extensions", ext_section)
fs.write_file(reqname..".cfg", fileval)
- local cmd = path .. "openssl req -nodes -new -config "..format.escapespecialcharacters(reqname)..".cfg -keyout "..format.escapespecialcharacters(reqname)..".pem -out "..format.escapespecialcharacters(reqname)..'.csr -subj "'..subject..'" 2>&1'
- local f = io.popen(cmd)
- local cmdresult = f:read("*a")
- f:close()
- defaults.descr = cmdresult
+ defaults.descr, defaults.errtxt = modelfunctions.run_executable({"openssl", "req", "-nodes", "-new", "-config", reqname..".cfg", "-keyout", reqname..".pem", "-out", reqname..".csr", "-subj", subject}, true)
local certfilestats = posix.stat(reqname..".csr")
local keyfilestats = posix.stat(reqname..".pem")
if not certfilestats or certfilestats.size == 0 or not keyfilestats or keyfilestats.size == 0 then
@@ -469,10 +461,7 @@ end
viewrequest = function(request)
local reqpath = requestdir .. request
- local cmd = path .. "openssl req -in "..format.escapespecialcharacters(reqpath)..".csr -text -noout"
- local f = io.popen(cmd)
- local cmdresult = f:read("*a")
- f:close()
+ local cmdresult = modelfunctions.run_executable({"openssl", "req", "-in", reqpath..".csr", "-text", "-noout"})
local a,b,c = string.match(request, "([^%.]*)%.([^%.]*)%.([^%.]*)")
local request = cfe({ type="table", value={name=name, user=a, certtype=b, commonName=c, value=cmdresult}, label="Request" })
return request
@@ -497,20 +486,19 @@ approverequest = function(self, apprequest)
local certname = certdir..apprequest.value.request.value.."."..serial
-- Now, sign the certificate
- local cmd = path .. "openssl ca -config "..format.escapespecialcharacters(reqpath)..".cfg -in "..format.escapespecialcharacters(reqpath)..".csr -out "..format.escapespecialcharacters(certname)..".crt -name "..format.escapespecialcharacters(certtype).." -batch 2>&1"
- local f = io.popen(cmd)
- apprequest.descr = f:read("*a")
- f:close()
+ apprequest.descr, apprequest.errtxt = modelfunctions.run_executable({"openssl", "ca", "-config", reqpath..".cfg", "-in", reqpath..".csr", "-out", certname..".crt", "-name", certtype, "-batch"}, true)
-- If certificate created, create the wrapped up pkcs12
local filestats = posix.stat(certname..".crt")
if filestats and filestats.size > 0 then
-- We're wrapping up the key, the cert, and the CA cert (and whatever came with it)
- cmd = path .. "openssl pkcs12 -export -inkey "..format.escapespecialcharacters(reqpath)..".pem -in "..format.escapespecialcharacters(certname)..".crt -out "..format.escapespecialcharacters(certname)..".pfx -passout file:"..format.escapespecialcharacters(reqpath)..".pwd -certfile "..format.escapespecialcharacters(getconfigentry(certtype, "certificate")).." 2>&1"
- f = io.popen(cmd)
- local newcmdresult = f:read("*a")
- f:close()
+ local newcmdresult, newerrtxt = modelfunctions.run_executable({"openssl", "pkcs12", "-export", "-inkey", reqpath..".pem", "-in", certname..".crt", "-out", certname..".pfx", "-passout", "file:"..reqpath..".pwd", "-certfile", getconfigentry(certtype, "certificate")}, true)
apprequest.descr = apprequest.descr .. newcmdresult
+ if apprequest.errtxt then
+ apprequest.errtxt = apprequest.errtxt .. (newerrtxt or "")
+ else
+ apprequest.errtxt = newerrtxt
+ end
end
-- Finally, remove the request
@@ -561,8 +549,7 @@ listcerts = function(user)
local files = posix.glob(certdir..user..".*\\.pfx") or {}
-- Do this in two steps - saves forking openssl for each cert, which
-- speeds things up noticably for > 100 certs
- local crtlist = "cat <<-EOF | openssl\n"
- local crttab = {}
+ local crtlist = {}
for i,x in ipairs(files) do
local name = string.gsub(posix.basename(x), ".pfx$", "")
local a,b,c,d = string.match(name,
@@ -570,17 +557,14 @@ listcerts = function(user)
list[#list + 1] = {name=name, user=a, certtype=b,
commonName=unhashname(c), serial=d, enddate=enddate,
daysremaining=time}
- crtlist = crtlist .. "x509 -in " ..
- certdir..format.escapespecialcharacters(name) ..
- ".crt -noout -enddate\n"
+ crtlist[#crtlist+1] = "x509 -in "..certdir..name..".crt -noout -enddate"
end
- crtlist = crtlist .. "EOF\n"
- local fh=io.popen(crtlist)
+ local out = modelfunctions.run_executable({"openssl"}, false, table.concat(crtlist, "\n").."\nexit\n")
+ local outtab = format.string_to_table(out, "\n")
for i,x in ipairs(files) do
- local enddate = fh:read("*l") or "notAfter=Jan 1 00:00:01 1970 GMT"
- enddate = string.match(enddate, "notAfter=(.*)")
+ local enddate = string.match(outtab[i] or "", "notAfter=(.*)") or "Jan 1 00:00:01 1970 GMT"
local month, day, year =
string.match(enddate, "(%a+)%s+(%d+)%s+%S+%s+(%d+)")
@@ -596,16 +580,11 @@ listcerts = function(user)
list[i].daysremaining = time
end
- fh:close()
-
return cfe({ type="list", value=list, label="List of approved certificates" })
end
viewcert = function(cert)
- local cmd = path .. "openssl x509 -in "..certdir..format.escapespecialcharacters(cert)..".crt -noout -text"
- local f = io.popen(cmd)
- local cmdresult = f:read("*a")
- f:close()
+ local cmdresult = modelfunctions.run_executable({"openssl", "x509", "-in", certdir..cert..".crt", "-noout", "-text"})
local a,b,c,d = string.match(cert, "([^%.]*)%.([^%.]*)%.([^%.]*).([^%.]*)")
return cfe({ type="table", value={name=name, user=a, certtype=b, commonName=c, serial=d, value=cmdresult}, label="Certificate" })
end
@@ -624,10 +603,7 @@ getrevokecert = function(self, clientdata)
end
revokecert = function(self, revreq)
- local cmd = path .. "openssl ca -config "..configfile.." -revoke "..certdir .. format.escapespecialcharacters(revreq.value.cert.value)..".crt -batch 2>&1"
- local f = io.popen(cmd)
- revreq.descr = f:read("*a")
- f:close()
+ revreq.descr, revreq.errtxt = modelfunctions.run_executable({"openssl", "ca", "-config", configfile, "-revoke", certdir..revreq.value.cert.value..".crt", "-batch"}, true)
return revreq
end
@@ -677,10 +653,7 @@ renewcert = function(self, recert, submit, approve)
local subject = string.gsub(fs.read_file(reqname..".sbj") or "", "\n", "")
-- Next, submit the request (new key)
- cmd = path .. "openssl req -nodes -new -config "..format.escapespecialcharacters(reqname)..".cfg -keyout "..format.escapespecialcharacters(reqname)..".pem -out "..format.escapespecialcharacters(reqname)..'.csr -subj "'..subject..'" 2>&1'
- f = io.popen(cmd)
- recert.descr = f:read("*a")
- f:close()
+ recert.descr, recert.errtxt = modelfunctions.run_executable({"openssl", "req", "-nodes", "-new", "-config", reqname..".cfg", "-keyout", reqname..".pem", "-out", reqname..".csr", "-subj", subject}, true)
local filestats = posix.stat(reqname..".csr")
if not filestats or filestats.size == 0 then
recert.errtxt = "Failed to submit request\n"..recert.descr
@@ -723,12 +696,8 @@ end
getcrl = function(crltype)
local crlfile = cfe({ type="raw", option="application/pkix-crl" })
- local cmd = path .. "openssl ca -config "..configfile.." -gencrl -out "..openssldir.."ca-crl.crl"
- local f = io.popen(cmd)
- f:close()
- local cmd = path .. "openssl crl -in "..openssldir.."ca-crl.crl -out "..openssldir.."ca-der-crl.crl -outform DER"
- local f = io.popen(cmd)
- f:close()
+ modelfunctions.run_executable({"openssl", "ca", "-config", configfile, "-gencrl", "-out", openssldir.."ca-crl.crl"})
+ modelfunctions.run_executable({"openssl", "crl", "-in", openssldir.."ca-crl.crl", "-out", openssldir.."ca-der-crl.crl", "-outform", "DER"})
if string.lower(crltype or "") == "der" then
crlfile.label = "ca-der-crl.crl"
crlfile.value = fs.read_file(crlfile.label) or ""
@@ -745,9 +714,7 @@ getca = function(certtype)
local result = cfe({ type="raw", option="application/x-x509-ca-cert" })
local fname = "cacert."
if string.lower(certtype or "") == "der" then
- local cmd = path .. "openssl x509 -in "..openssldir.."cacert.pem -outform der -out "..openssldir.."cacert.der"
- local f = io.popen(cmd)
- f:close()
+ modelfunctions.run_executable({"openssl", "x509", "-in", openssldir.."cacert.pem", "-outform", "der", "-out", openssldir.."cacert.der"})
fname = fname.."der"
result.label = fname
elseif string.lower(certtype or "") == "pem" then
@@ -773,10 +740,7 @@ putca = function(self, newca)
-- First, get the cert
local cmd, f, cmdresult
if validator.is_valid_filename(newca.value.ca.value, "/tmp/") and fs.is_file(newca.value.ca.value) then
- cmd = path .. "openssl pkcs12 -in "..format.escapespecialcharacters(newca.value.ca.value).." -out "..format.escapespecialcharacters(newca.value.ca.value).."cert.pem -password pass:"..format.escapespecialcharacters(newca.value.password.value).." -nokeys 2>&1"
- f = io.popen(cmd)
- cmdresult = f:read("*a")
- f:close()
+ cmdresult = modelfunctions.run_executable({"openssl", "pkcs12", "-in", newca.value.ca.value, "-out", newca.value.ca.value.."cert.pem", "-password", "pass:"..newca.value.password.value, "-nokeys"}, true)
local filestats = posix.stat(newca.value.ca.value.."cert.pem")
if not filestats or filestats.size == 0 then
newca.value.ca.errtxt = "Could not open certificate\n"..cmdresult
@@ -789,10 +753,7 @@ putca = function(self, newca)
-- Check to make sure we got a CA cert
if success then
- cmd = path .. "openssl x509 -in "..format.escapespecialcharacters(newca.value.ca.value).."cert.pem -noout -text"
- f = io.popen(cmd)
- cmdresult = f:read("*a")
- f:close()
+ cmdresult = modelfunctions.run_executable({"openssl", "x509", "-in", newca.value.ca.value.."cert.pem", "-noout","-text"})
if not string.find(cmdresult, "CA:TRUE") then
newca.value.ca.errtxt = "Could not find CA Certificate"
success = false
@@ -801,10 +762,7 @@ putca = function(self, newca)
-- Now, get the key
if success then
- cmd = path .. "openssl pkcs12 -in "..format.escapespecialcharacters(newca.value.ca.value).." -out "..format.escapespecialcharacters(newca.value.ca.value).."key.pem -password pass:"..format.escapespecialcharacters(newca.value.password.value).." -nocerts -nodes 2>&1"
- f = io.popen(cmd)
- cmdresult = f:read("*a")
- f:close()
+ cmdresult = modelfunctions.run_executable({"openssl", "pkcs12", "-in", newca.value.ca.value, "-out", newca.value.ca.value.."key.pem", "-password", "pass:"..newca.value.password.value, "-nocerts", "-nodes"}, true)
filestats = posix.stat(newca.value.ca.value.."key.pem")
if not filestats or filestats.size == 0 then
newca.value.ca.errtxt = "Could not find CA key\n"..cmdresult
@@ -853,10 +811,7 @@ generateca = function(self, defaults)
-- Submit the request
local subject = create_subject_string(defaults, {"days"})
- local cmd = path .. "openssl req -x509 -nodes -new -config "..configfile..' -keyout /tmp/cakey.pem -out /tmp/cacert.pem -subj "'..subject..'" -days '..format.escapespecialcharacters(defaults.value.days.value).." 2>&1"
- local f = io.popen(cmd)
- local cmdresult = f:read("*a")
- f:close()
+ local cmdresult = modelfunctions.run_executable({"openssl", "req", "-x509", "-nodes", "-new", "-config", configfile, "-keyout", "/tmp/cakey.pem", "-out", "/tmp/cacert.pem", "-subj", subject, "-days", defaults.value.days.value}, true)
local certfilestats = posix.stat("/tmp/cacert.pem")
local keyfilestats = posix.stat("/tmp/cakey.pem")
if not certfilestats or certfilestats.size == 0 or not keyfilestats or keyfilestats.size == 0 then