diff options
author | Ted Trask <ttrask01@yahoo.com> | 2015-02-02 22:29:46 -0500 |
---|---|---|
committer | Ted Trask <ttrask01@yahoo.com> | 2015-02-02 22:29:46 -0500 |
commit | fb3cc9787652312ac452372d3a8e8efb893c4a0f (patch) | |
tree | d786ff29e7f62043e94d000d6af1e12598747629 | |
parent | 7fa6abdb25ee1ea7dda9b3771d139788c120940f (diff) | |
download | acf-openssl-fb3cc9787652312ac452372d3a8e8efb893c4a0f.tar.bz2 acf-openssl-fb3cc9787652312ac452372d3a8e8efb893c4a0f.tar.xz |
Added getcachain action to show the parent CAs when we are in a child, modified all views to display it
This includes adding a generic HTML view to display cadir and then display the cfe
-rw-r--r-- | openssl-checkenvironment-html.lsp | 6 | ||||
-rw-r--r-- | openssl-controller.lua | 6 | ||||
-rw-r--r-- | openssl-editconfigfile-html.lsp | 6 | ||||
-rw-r--r-- | openssl-getcachain-html.lsp | 18 | ||||
-rw-r--r-- | openssl-html.lsp | 12 | ||||
-rw-r--r-- | openssl-model.lua | 66 | ||||
-rw-r--r-- | openssl-putcacert-html.lsp | 6 | ||||
-rw-r--r-- | openssl-read-html.lsp | 6 | ||||
-rw-r--r-- | openssl-status-html.lsp | 6 | ||||
-rw-r--r-- | openssl-viewcert-html.lsp | 6 | ||||
-rw-r--r-- | openssl-viewrequest-html.lsp | 6 | ||||
-rw-r--r-- | openssl.roles | 8 |
12 files changed, 144 insertions, 8 deletions
diff --git a/openssl-checkenvironment-html.lsp b/openssl-checkenvironment-html.lsp index 34dede9..54e90f8 100644 --- a/openssl-checkenvironment-html.lsp +++ b/openssl-checkenvironment-html.lsp @@ -3,6 +3,12 @@ <% html = require("acf.html") %> <% +if viewlibrary and viewlibrary.dispatch_component and viewlibrary.check_permission("getcachain") and page_info.orig_action == page_info.prefix..page_info.controller.."/"..page_info.action then + viewlibrary.dispatch_component("getcachain", {cadir=form.value.cadir.value}) +end +%> + +<% local header_level = htmlviewfunctions.displaysectionstart(form, page_info) if form.value.status.errtxt then htmlviewfunctions.displayformstart(form, page_info) diff --git a/openssl-controller.lua b/openssl-controller.lua index 25805bf..5c72c95 100644 --- a/openssl-controller.lua +++ b/openssl-controller.lua @@ -8,7 +8,7 @@ local sslstatus mymodule.mvc={} mymodule.mvc.pre_exec = function(self) sslstatus = self.model.getstatus(self, self.clientdata) - if not self.redirect then + if not self.redirect or self.conf.component == true then return end if (sslstatus.value.version.errtxt and self.conf.action ~= "status") @@ -122,4 +122,8 @@ mymodule.checkenvironment = function(self) return self.handle_form(self, self.model.getenvironment, self.model.setenvironment, self.clientdata, "Configure", "Configure Environment", "Environment Configured") end +mymodule.getcachain = function(self) + return self.model.get_ca_chain(self, self.clientdata) +end + return mymodule diff --git a/openssl-editconfigfile-html.lsp b/openssl-editconfigfile-html.lsp index 46aa4d4..28ea11a 100644 --- a/openssl-editconfigfile-html.lsp +++ b/openssl-editconfigfile-html.lsp @@ -4,6 +4,12 @@ <% htmlviewfunctions.displaycommandresults({"checkenvironment"}, session, true) %> <% +if viewlibrary and viewlibrary.dispatch_component and viewlibrary.check_permission("getcachain") and page_info.orig_action == page_info.prefix..page_info.controller.."/"..page_info.action then + viewlibrary.dispatch_component("getcachain", {cadir=form.value.cadir.value}) +end +%> + +<% local pattern = string.gsub(page_info.prefix..page_info.controller, "[%(%)%.%%%+%-%*%?%[%]%^%$]", "%%%1") local func = haserl.loadfile(page_info.viewfile:gsub(pattern..".*$", "/") .. "filedetails-html.lsp") func(form, viewlibrary, page_info, session) diff --git a/openssl-getcachain-html.lsp b/openssl-getcachain-html.lsp new file mode 100644 index 0000000..104950e --- /dev/null +++ b/openssl-getcachain-html.lsp @@ -0,0 +1,18 @@ +<% local view, viewlibrary, page_info, session = ... %> +<% htmlviewfunctions = require("htmlviewfunctions") %> +<% format = require("acf.format") %> +<% html = require("acf.html") %> + +<% +if view.value.commonnames and #view.value.commonnames.value > 1 then + local header_level = htmlviewfunctions.displaysectionstart(view, page_info) + local cadirs = format.string_to_table(view.value.cadir.value, "/") + for i,v in ipairs(view.value.commonnames.value) do + if i == #view.value.commonnames.value then break end + print("<a href='"..page_info.script..page_info.prefix..page_info.controller.."/status?cadir="..html.html_escape(table.concat(cadirs, "/", 1, i-1)).."'> <big>"..html.html_escape(view.value.commonnames.value[i]).."</big></a> -> ") + end + print("<big>"..html.html_escape(view.value.commonnames.value[#view.value.commonnames.value]).."</big>") + htmlviewfunctions.displaysectionend(header_level) +end +%> + diff --git a/openssl-html.lsp b/openssl-html.lsp new file mode 100644 index 0000000..6501c7b --- /dev/null +++ b/openssl-html.lsp @@ -0,0 +1,12 @@ +<% local form, viewlibrary, page_info, session = ... %> +<% htmlviewfunctions = require("htmlviewfunctions") %> + +<% +if viewlibrary and viewlibrary.dispatch_component and viewlibrary.check_permission("getcachain") and page_info.orig_action == page_info.prefix..page_info.controller.."/"..page_info.action then + viewlibrary.dispatch_component("getcachain", {cadir=form.value.cadir.value}) +end +%> + +<% +htmlviewfunctions.displayitem(form, page_info) +%> diff --git a/openssl-model.lua b/openssl-model.lua index 13eafc9..a564954 100644 --- a/openssl-model.lua +++ b/openssl-model.lua @@ -34,13 +34,30 @@ local ca_mandatory_entries = { "new_certs_dir", "certificate", "private_key", "d local initializecfe = function(self, clientdata, label) local retval = cfe({ type="group", value={}, label=label or "" }) - retval.value.cadir = cfe({ type="hidden", label="CA Directory", key=true }) + -- use a table as a dummy value to indicate it has not been overridden + retval.value.cadir = cfe({ type="hidden", value={}, label="CA Directory", key=true }) self.handle_clientdata(retval, clientdata) + -- Restore the cadir from the sessiondata in order to make it persistent + if type(retval.value.cadir.value) == "table" then + if self.sessiondata and self.sessiondata.openssl_cadir then + retval.value.cadir.value = self.sessiondata.openssl_cadir + else + retval.value.cadir.value = "" + end + end + basedir = openssldir + -- Make sure cadir does not contain ".." to ensure stays within openssldir if string.find(retval.value.cadir.value, "%.%.") then retval.value.cadir.errtxt = "Invalid Directory" elseif retval.value.cadir.value ~= "" then - basedir = string.gsub(basedir..retval.value.cadir.value.."/", "//", "/") + basedir = string.gsub(basedir..retval.value.cadir.value.."/", "/+", "/") + -- Report back cleaned up value + retval.value.cadir.value = string.match(basedir, openssldir.."(.*)/$") or "" + end + -- Save the cadir in the sessiondata in order to make it persistent + if self.sessiondata then + self.sessiondata.openssl_cadir = retval.value.cadir.value end return retval end @@ -968,7 +985,12 @@ end mymodule.setconfigfile = function(self, filedetails) -- validate - return modelfunctions.setfiledetails(self, filedetails, {basedir..configfile}) + -- setfiledetails does not return the same cfe, so have to copy any missing ones + local retval2 = modelfunctions.setfiledetails(self, filedetails, {basedir..configfile}) + for name,value in pairs(filedetails.value) do + retval2.value[name] = value + end + return retval2 end mymodule.getenvironment = function(self, clientdata) @@ -989,4 +1011,42 @@ mymodule.setenvironment = function(self, setenv) return setenv end +mymodule.get_ca_chain = function(self, clientdata) + -- determine the CommonNames for each CA in the chain from cadir back to openssldir + local retval = initializecfe(self, clientdata, "CA Chain Information") + retval.value.commonnames = cfe({ type="list", value={}, label="CA Common Names" }) + local cadir,count = string.gsub(retval.value.cadir.value, "/", "/") + if retval.value.cadir.value == "" then count=-1 end + local matchstring = "" + for i=1, (count+2) do + local basedir = openssldir + if matchstring ~= "" then + basedir = basedir..string.match(cadir, matchstring).."/" + end + matchstring = matchstring.."/?[^/]*" + -- This messes with the global, but it will be correct again at the end of the loop + config = format.parse_ini_file(fs.read_file(basedir..configfile) or "") + if (not config) or (not config.ca) or (not config.ca.default_ca) then + --error "Invalid config" + retval.value.commonnames.value[i] = "error" + else + local cacert = getconfigentry(config.ca.default_ca, "certificate") + if not fs.is_file(cacert) then + --error "File not found" + retval.value.commonnames.value[i] = "error" + else + cacertsubject, errtxt = modelfunctions.run_executable({"openssl", "x509", "-in", cacert, "-noout", "-subject"}) + if errtxt or not string.find(cacertsubject, "CN=") then + --error "CommonName not found" + retval.value.commonnames.value[i] = "error" + else + retval.value.commonnames.value[i] = string.match(cacertsubject, "CN=([^/%W]*)") + end + end + end + end + + return retval +end + return mymodule diff --git a/openssl-putcacert-html.lsp b/openssl-putcacert-html.lsp index 35d39b6..df29145 100644 --- a/openssl-putcacert-html.lsp +++ b/openssl-putcacert-html.lsp @@ -2,6 +2,12 @@ <% htmlviewfunctions = require("htmlviewfunctions") %> <% +if viewlibrary and viewlibrary.dispatch_component and viewlibrary.check_permission("getcachain") and page_info.orig_action == page_info.prefix..page_info.controller.."/"..page_info.action then + viewlibrary.dispatch_component("getcachain", {cadir=form.value.cadir.value}) +end +%> + +<% form.enctype = "multipart/form-data" form.value.ca.type="file" htmlviewfunctions.displayitem(form, page_info) diff --git a/openssl-read-html.lsp b/openssl-read-html.lsp index 4691b13..21fa0c0 100644 --- a/openssl-read-html.lsp +++ b/openssl-read-html.lsp @@ -24,6 +24,12 @@ <% htmlviewfunctions.displaycommandresults({"approve", "deleterequest", "deletemyrequest", "renewcert", "requestrenewcert", "revoke", "deletecert"}, session) %> +<% +if viewlibrary and viewlibrary.dispatch_component and viewlibrary.check_permission("getcachain") and page_info.orig_action == page_info.prefix..page_info.controller.."/"..page_info.action then + viewlibrary.dispatch_component("getcachain", {cadir=view.value.cadir.value}) +end +%> + <% local cadir = cfe({ type="hidden", value=view.value.cadir.value }) %> <% local label = "" diff --git a/openssl-status-html.lsp b/openssl-status-html.lsp index 07c1646..32f64d3 100644 --- a/openssl-status-html.lsp +++ b/openssl-status-html.lsp @@ -6,6 +6,12 @@ <% htmlviewfunctions.displaycommandresults({"install"}, session) %> <% +if viewlibrary and viewlibrary.dispatch_component and viewlibrary.check_permission("getcachain") and page_info.orig_action == page_info.prefix..page_info.controller.."/"..page_info.action then + viewlibrary.dispatch_component("getcachain", {cadir=view.value.cadir.value}) +end +%> + +<% local header_level = htmlviewfunctions.displaysectionstart(view, page_info) htmlviewfunctions.displayitem(view.value.version) diff --git a/openssl-viewcert-html.lsp b/openssl-viewcert-html.lsp index c43dc80..36ccbb5 100644 --- a/openssl-viewcert-html.lsp +++ b/openssl-viewcert-html.lsp @@ -2,6 +2,12 @@ <% htmlviewfunctions = require("htmlviewfunctions") %> <% html = require("acf.html") %> +<% +if viewlibrary and viewlibrary.dispatch_component and viewlibrary.check_permission("getcachain") and page_info.orig_action == page_info.prefix..page_info.controller.."/"..page_info.action then + viewlibrary.dispatch_component("getcachain", {cadir=view.value.cadir.value}) +end +%> + <% local header_level = htmlviewfunctions.displaysectionstart(view, page_info) %> <pre><%= html.html_escape(view.value.details.value.value) %></pre> <% htmlviewfunctions.displaysectionend(header_level) %> diff --git a/openssl-viewrequest-html.lsp b/openssl-viewrequest-html.lsp index c43dc80..36ccbb5 100644 --- a/openssl-viewrequest-html.lsp +++ b/openssl-viewrequest-html.lsp @@ -2,6 +2,12 @@ <% htmlviewfunctions = require("htmlviewfunctions") %> <% html = require("acf.html") %> +<% +if viewlibrary and viewlibrary.dispatch_component and viewlibrary.check_permission("getcachain") and page_info.orig_action == page_info.prefix..page_info.controller.."/"..page_info.action then + viewlibrary.dispatch_component("getcachain", {cadir=view.value.cadir.value}) +end +%> + <% local header_level = htmlviewfunctions.displaysectionstart(view, page_info) %> <pre><%= html.html_escape(view.value.details.value.value) %></pre> <% htmlviewfunctions.displaysectionend(header_level) %> diff --git a/openssl.roles b/openssl.roles index 2ef8255..8a7cb5d 100644 --- a/openssl.roles +++ b/openssl.roles @@ -1,6 +1,6 @@ USER=openssl:status,openssl:getrevoked EDITOR=openssl:editdefaults -CERT_REQUESTER=openssl:read,openssl:request,openssl:viewrequest,openssl:deletemyrequest,openssl:viewcert,openssl:getcert,openssl:requestrenewcert -CERT_APPROVER=openssl:readall,openssl:approve,openssl:viewrequest,openssl:deleterequest,openssl:revoke,openssl:viewcert,openssl:getcert,openssl:deletecert,openssl:renewcert,openssl:downloadcacert -EXPERT=openssl:putcacert,openssl:generatecacert,openssl:editconfigfile,openssl:checkenvironment,openssl:downloadcacert -ADMIN=openssl:status,openssl:getrevoked,openssl:editdefaults,openssl:read,openssl:request,openssl:viewrequest,openssl:deletemyrequest,openssl:viewcert,openssl:getcert,openssl:requestrenewcert,openssl:editdefaults,openssl:readall,openssl:approve,openssl:deleterequest,openssl:revoke,openssl:deletecert,openssl:renewcert,openssl:putcacert,openssl:generatecacert,openssl:editconfigfile,openssl:checkenvironment,openssl:downloadcacert +CERT_REQUESTER=openssl:read,openssl:request,openssl:viewrequest,openssl:deletemyrequest,openssl:viewcert,openssl:getcert,openssl:requestrenewcert,openssl:getcachain +CERT_APPROVER=openssl:readall,openssl:approve,openssl:viewrequest,openssl:deleterequest,openssl:revoke,openssl:viewcert,openssl:getcert,openssl:deletecert,openssl:renewcert,openssl:downloadcacert,openssl:getcachain +EXPERT=openssl:putcacert,openssl:generatecacert,openssl:editconfigfile,openssl:checkenvironment,openssl:downloadcacert,openssl:getcachain +ADMIN=openssl:status,openssl:getrevoked,openssl:editdefaults,openssl:read,openssl:request,openssl:viewrequest,openssl:deletemyrequest,openssl:viewcert,openssl:getcert,openssl:requestrenewcert,openssl:editdefaults,openssl:readall,openssl:approve,openssl:deleterequest,openssl:revoke,openssl:deletecert,openssl:renewcert,openssl:putcacert,openssl:generatecacert,openssl:editconfigfile,openssl:checkenvironment,openssl:downloadcacert,openssl:getcachain |