diff options
author | Ted Trask <ttrask01@yahoo.com> | 2015-01-31 10:38:01 -0500 |
---|---|---|
committer | Ted Trask <ttrask01@yahoo.com> | 2015-01-31 10:38:01 -0500 |
commit | aac2c6c96fe4be58b4ad7de8840542471903e806 (patch) | |
tree | 3c9e7ab788b9d740253bc6c4cd71bbd4ebe1e25b | |
parent | 81a6cd86d633eb166d47d6581a113b56d51b63f1 (diff) | |
download | acf-openssl-aac2c6c96fe4be58b4ad7de8840542471903e806.tar.bz2 acf-openssl-aac2c6c96fe4be58b4ad7de8840542471903e806.tar.xz |
Modify several functions to move logic into the model and use cfes more properly for non-forms
-rw-r--r-- | openssl-controller.lua | 20 | ||||
-rw-r--r-- | openssl-model.lua | 174 | ||||
-rw-r--r-- | openssl-read-html.lsp | 6 | ||||
-rw-r--r-- | openssl-viewcert-html.lsp | 2 | ||||
-rw-r--r-- | openssl-viewrequest-html.lsp | 2 |
5 files changed, 109 insertions, 95 deletions
diff --git a/openssl-controller.lua b/openssl-controller.lua index e7af93e..994c00b 100644 --- a/openssl-controller.lua +++ b/openssl-controller.lua @@ -7,8 +7,7 @@ local sslstatus mymodule.mvc={} mymodule.mvc.pre_exec = function(self) - self.model.set_umask() - sslstatus = self.model.getstatus() + sslstatus = self.model.getstatus(self, self.clientdata) if not self.redirect then return end @@ -28,21 +27,12 @@ end -- View all pending and approved requests and revoked certificates mymodule.readall = function(self) - local pending = self.model.listrequests() - local approved = self.model.listcerts() - local revoked = self.model.listrevoked() - local result = cfe({ type="list", value={pending=pending, approved=approved, revoked=revoked} }) - return result + return self.model.readall(self, self.clientdata) end -- Return all certificates (pending, approved, and revoked) for this user mymodule.read = function(self) - local user = cfe({ value=self.sessiondata.userinfo.userid, label="User Name" }) - local pending = self.model.listrequests(self.sessiondata.userinfo.userid) - local approved = self.model.listcerts(self.sessiondata.userinfo.userid) - local revoked = self.model.listrevoked() - local result = cfe({ type="list", value={user=user, pending=pending, approved=approved, revoked=revoked} }) - return result + return self.model.readuser(self, self.clientdata, self.sessiondata.userinfo.userid) end -- Form to request a new cert @@ -57,7 +47,7 @@ end -- View request details mymodule.viewrequest = function(self) - return self.model.viewrequest(self.clientdata.request) + return self.model.viewrequest(self, self.clientdata) end -- Approve the specified request @@ -77,7 +67,7 @@ end -- View certificate details mymodule.viewcert = function(self) - return self.model.viewcert(self.clientdata.cert) + return self.model.viewcert(self, self.clientdata) end -- Get the specified cert diff --git a/openssl-model.lua b/openssl-model.lua index d15c358..5dd159f 100644 --- a/openssl-model.lua +++ b/openssl-model.lua @@ -4,6 +4,7 @@ posix = require("posix") modelfunctions = require("modelfunctions") fs = require("acf.fs") format = require("acf.format") +processinfo = require("acf.processinfo") validator = require("acf.validator") -- There are two options of how to allow users to specify the type of certificate they want - the request extensions @@ -250,9 +251,74 @@ local unhashname = function(hashstring) return string.char(unpack(hash)) end -mymodule.getstatus = function() - processinfo = require("acf.processinfo") - -- set the working directory once for model +local listrequests = function(user) + user = user or "*" + local list={} + local files = posix.glob(openssldir..requestdir..user..".*\\.csr") or {} + for i,x in ipairs(files) do + local name = string.gsub(posix.basename(x), ".csr$", "") + local a,b,c = string.match(name, "([^%.]*)%.([^%.]*)%.([^%.]*)") + list[#list + 1] = {request=name, user=a, certtype=b, commonName=unhashname(c)} + end + return cfe({ type="list", value=list, label="List of pending requests" }) +end + +local listcerts = function(user) + user = user or "*" + local list={} + local files = posix.glob(openssldir..certdir..user..".*\\.pfx") or {} + -- Do this in two steps - saves forking openssl for each cert, which + -- speeds things up noticably for > 100 certs + local crtlist = {} + for i,x in ipairs(files) do + local name = string.gsub(posix.basename(x), ".pfx$", "") + local a,b,c,d = string.match(name, + "([^%.]*)%.([^%.]*)%.([^%.]*).([^%.]*)") + list[#list + 1] = {cert=name, user=a, certtype=b, + commonName=unhashname(c), serial=d, enddate=enddate, + daysremaining=time} + crtlist[#crtlist+1] = "x509 -in "..openssldir..certdir..name..".crt -noout -enddate" + end + + local out = modelfunctions.run_executable({"openssl"}, false, table.concat(crtlist, "\n").."\nexit\n") + local outtab = format.string_to_table(out, "\n") + + for i,x in ipairs(files) do + local enddate = string.match(outtab[i] or "", "notAfter=(.*)") or "Jan 1 00:00:01 1970 GMT" + local month, day, year = + string.match(enddate, "(%a+)%s+(%d+)%s+%S+%s+(%d+)") + + local reversemonth = {Jan=1,Feb=2,Mar=3,Apr=4,May=5,Jun=6, + Jul=7,Aug=8,Sep=9,Oct=10,Nov=11,Dec=12} + local time = os.time({year=year, month=reversemonth[month], day=day}) + if os.time() > time then + time = 0 + else + time = (time-os.time())/86400 + end + list[i].enddate = enddate + list[i].daysremaining = time + end + + return cfe({ type="list", value=list, label="List of approved certificates" }) +end + +local listrevoked = function() + config = config or format.parse_ini_file(fs.read_file(openssldir..configfile) or "") + local databasepath = getconfigentry(config.ca.default_ca, "database") + local revoked = {} + local database = fs.read_file_as_array(databasepath) or {} + for x,line in ipairs(database) do + if string.sub(line,1,1) == "R" then + revoked[#revoked + 1] = string.match(line, "^%S+%s+%S+%s+%S+%s+(%S+)") + end + end + return cfe({ type="list", value=revoked, label="Revoked serial numbers" }) +end + +mymodule.getstatus = function(self, clientdata) + -- set the working directory and umask once for model + posix.umask("rw-------") posix.chdir(openssldir) local value,errtxt=processinfo.package_version(packagename) local version = cfe({ value=value, errtxt=errtxt, label="Program version", name=packagename }) @@ -301,11 +367,6 @@ mymodule.getstatus = function() return cfe({ type="group", value={version=version, conffile=conffile, environment=environment, cacert=cacert, cacertcontents=cacertcontents, cakey=cakey}, label="OpenSSL status" }) end -mymodule.set_umask = function() - return posix.umask("rw-------") -end - - mymodule.getreqdefaults = function() local defaults = getdefaults() @@ -446,24 +507,34 @@ mymodule.submitrequest = function(defaults, user) return defaults end -mymodule.listrequests = function(user) - user = user or "*" - local list={} - local files = posix.glob(openssldir..requestdir..user..".*\\.csr") or {} - for i,x in ipairs(files) do - local name = string.gsub(posix.basename(x), ".csr$", "") - local a,b,c = string.match(name, "([^%.]*)%.([^%.]*)%.([^%.]*)") - list[#list + 1] = {name=name, user=a, certtype=b, commonName=unhashname(c)} - end - return cfe({ type="list", value=list, label="List of pending requests" }) +mymodule.readall = function(self, clientdata) + local result = cfe({ type="group", value={}, label="All Certificates" }) + result.value.pending = listrequests() + result.value.approved = listcerts() + result.value.revoked = listrevoked() + return result +end + +mymodule.readuser = function(self, clientdata, user) + local result = cfe({ type="group", value={}, label="Certificates for "..user }) + result.value.user = cfe({ value=user, label="User Name" }) + result.value.pending = listrequests(user) + result.value.approved = listcerts(user) + result.value.revoked = listrevoked() + return result end -mymodule.viewrequest = function(request) +mymodule.viewrequest = function(self, clientdata) + local retval = cfe({ type="group", value={}, label="Request" }) + retval.value.request = cfe({ label="Request", key=true }) + self.handle_clientdata(retval, clientdata) + + local request = retval.value.request.value local reqpath = openssldir..requestdir .. request local cmdresult = modelfunctions.run_executable({"openssl", "req", "-in", reqpath..".csr", "-text", "-noout"}) local a,b,c = string.match(request, "([^%.]*)%.([^%.]*)%.([^%.]*)") - local request = cfe({ type="table", value={name=name, user=a, certtype=b, commonName=c, value=cmdresult}, label="Request Details" }) - return request + retval.value.details = cfe({ type="table", value={request=request, user=a, certtype=b, commonName=unhashname(c), value=cmdresult}, label="Request Details" }) + return retval end mymodule.getapproverequest = function(self, clientdata) @@ -542,50 +613,16 @@ mymodule.deleterequest = function(self, delrequest, user) return delrequest end -mymodule.listcerts = function(user) - user = user or "*" - local list={} - local files = posix.glob(openssldir..certdir..user..".*\\.pfx") or {} - -- Do this in two steps - saves forking openssl for each cert, which - -- speeds things up noticably for > 100 certs - local crtlist = {} - for i,x in ipairs(files) do - local name = string.gsub(posix.basename(x), ".pfx$", "") - local a,b,c,d = string.match(name, - "([^%.]*)%.([^%.]*)%.([^%.]*).([^%.]*)") - list[#list + 1] = {name=name, user=a, certtype=b, - commonName=unhashname(c), serial=d, enddate=enddate, - daysremaining=time} - crtlist[#crtlist+1] = "x509 -in "..openssldir..certdir..name..".crt -noout -enddate" - end - - local out = modelfunctions.run_executable({"openssl"}, false, table.concat(crtlist, "\n").."\nexit\n") - local outtab = format.string_to_table(out, "\n") +mymodule.viewcert = function(self, clientdata) + local retval = cfe({ type="group", value={}, label="Certificate" }) + retval.value.cert = cfe({ label="Certificate", key=true }) + self.handle_clientdata(retval, clientdata) - for i,x in ipairs(files) do - local enddate = string.match(outtab[i] or "", "notAfter=(.*)") or "Jan 1 00:00:01 1970 GMT" - local month, day, year = - string.match(enddate, "(%a+)%s+(%d+)%s+%S+%s+(%d+)") - - local reversemonth = {Jan=1,Feb=2,Mar=3,Apr=4,May=5,Jun=6, - Jul=7,Aug=8,Sep=9,Oct=10,Nov=11,Dec=12} - local time = os.time({year=year, month=reversemonth[month], day=day}) - if os.time() > time then - time = 0 - else - time = (time-os.time())/86400 - end - list[i].enddate = enddate - list[i].daysremaining = time - end - - return cfe({ type="list", value=list, label="List of approved certificates" }) -end - -mymodule.viewcert = function(cert) + local cert = retval.value.cert.value local cmdresult = modelfunctions.run_executable({"openssl", "x509", "-in", openssldir..certdir..cert..".crt", "-noout", "-text"}) local a,b,c,d = string.match(cert, "([^%.]*)%.([^%.]*)%.([^%.]*).([^%.]*)") - return cfe({ type="table", value={name=name, user=a, certtype=b, commonName=c, serial=d, value=cmdresult}, label="Certificate Details" }) + retval.value.details = cfe({ type="table", value={cert=cert, user=a, certtype=b, commonName=unhashname(c), serial=d, value=cmdresult}, label="Certificate Details" }) + return retval end mymodule.getcert = function(cert) @@ -680,19 +717,6 @@ mymodule.renewcert = function(self, recert, submit, approve) return recert end -mymodule.listrevoked = function() - config = config or format.parse_ini_file(fs.read_file(openssldir..configfile) or "") - local databasepath = getconfigentry(config.ca.default_ca, "database") - local revoked = {} - local database = fs.read_file_as_array(databasepath) or {} - for x,line in ipairs(database) do - if string.sub(line,1,1) == "R" then - revoked[#revoked + 1] = string.match(line, "^%S+%s+%S+%s+%S+%s+(%S+)") - end - end - return cfe({ type="list", value=revoked, label="Revoked serial numbers" }) -end - mymodule.getcrl = function(crltype) local crlfile = cfe({ type="raw", option="application/pkix-crl" }) modelfunctions.run_executable({"openssl", "ca", "-config", openssldir..configfile, "-gencrl", "-out", openssldir.."ca-crl.crl"}) diff --git a/openssl-read-html.lsp b/openssl-read-html.lsp index 3f4693a..f8b96e9 100644 --- a/openssl-read-html.lsp +++ b/openssl-read-html.lsp @@ -49,7 +49,7 @@ local header_level = htmlviewfunctions.displaysectionstart(cfe({label="Pending c <tr> <td> <% - req.value = request.name + req.value = request.request if viewlibrary.check_permission("viewrequest") then htmlviewfunctions.displayitem(cfe({type="link", value={request=req}, label="", option="View", action="viewrequest"}), page_info, -1) end @@ -114,7 +114,7 @@ end %> <tr <% if cert.daysremaining < 14 then %>class='error'<% end %>> <td> <% - crt.value = cert.name + crt.value = cert.cert if viewlibrary.check_permission("viewcert") then htmlviewfunctions.displayitem(cfe({type="link", value={cert=crt}, label="", option="View", action="viewcert"}), page_info, -1) end @@ -166,7 +166,7 @@ end %> <tr> <td> <% - crt.value = cert.name + crt.value = cert.cert if viewlibrary.check_permission("viewcert") then htmlviewfunctions.displayitem(cfe({type="link", value={cert=crt}, label="", option="View", action="viewcert"}), page_info, -1) end diff --git a/openssl-viewcert-html.lsp b/openssl-viewcert-html.lsp index 0774c4e..c43dc80 100644 --- a/openssl-viewcert-html.lsp +++ b/openssl-viewcert-html.lsp @@ -3,5 +3,5 @@ <% html = require("acf.html") %> <% local header_level = htmlviewfunctions.displaysectionstart(view, page_info) %> -<pre><%= html.html_escape(view.value.value) %></pre> +<pre><%= html.html_escape(view.value.details.value.value) %></pre> <% htmlviewfunctions.displaysectionend(header_level) %> diff --git a/openssl-viewrequest-html.lsp b/openssl-viewrequest-html.lsp index 0774c4e..c43dc80 100644 --- a/openssl-viewrequest-html.lsp +++ b/openssl-viewrequest-html.lsp @@ -3,5 +3,5 @@ <% html = require("acf.html") %> <% local header_level = htmlviewfunctions.displaysectionstart(view, page_info) %> -<pre><%= html.html_escape(view.value.value) %></pre> +<pre><%= html.html_escape(view.value.details.value.value) %></pre> <% htmlviewfunctions.displaysectionend(header_level) %> |