Added getcachain action to show the parent CAs when we are in a child, modified all views to display it

This includes adding a generic HTML view to display cadir and then display the cfe

12 files changed, 144 insertions, 8 deletions

diff --git a/openssl-checkenvironment-html.lsp b/openssl-checkenvironment-html.lsp
index 34dede9..54e90f8 100644
--- a/openssl-checkenvironment-html.lsp
+++ b/openssl-checkenvironment-html.lsp
@@ -3,6 +3,12 @@
 <% html = require("acf.html") %>
 
 <%
+if viewlibrary and viewlibrary.dispatch_component and viewlibrary.check_permission("getcachain") and page_info.orig_action == page_info.prefix..page_info.controller.."/"..page_info.action then
+	viewlibrary.dispatch_component("getcachain", {cadir=form.value.cadir.value})
+end
+%>
+
+<%
 local header_level = htmlviewfunctions.displaysectionstart(form, page_info)
 if form.value.status.errtxt then
 	htmlviewfunctions.displayformstart(form, page_info)
diff --git a/openssl-controller.lua b/openssl-controller.lua
index 25805bf..5c72c95 100644
--- a/openssl-controller.lua
+++ b/openssl-controller.lua
@@ -8,7 +8,7 @@ local sslstatus
 mymodule.mvc={}
 mymodule.mvc.pre_exec = function(self)
 	sslstatus = self.model.getstatus(self, self.clientdata)
-	if not self.redirect then
+	if not self.redirect or self.conf.component == true then
 		return
 	end
 	if (sslstatus.value.version.errtxt and self.conf.action ~= "status")
@@ -122,4 +122,8 @@ mymodule.checkenvironment = function(self)
 	return self.handle_form(self, self.model.getenvironment, self.model.setenvironment, self.clientdata, "Configure", "Configure Environment", "Environment Configured")
 end
 
+mymodule.getcachain = function(self)
+	return self.model.get_ca_chain(self, self.clientdata)
+end
+
 return mymodule
diff --git a/openssl-editconfigfile-html.lsp b/openssl-editconfigfile-html.lsp
index 46aa4d4..28ea11a 100644
--- a/openssl-editconfigfile-html.lsp
+++ b/openssl-editconfigfile-html.lsp
@@ -4,6 +4,12 @@
 <% htmlviewfunctions.displaycommandresults({"checkenvironment"}, session, true) %>
 
 <%
+if viewlibrary and viewlibrary.dispatch_component and viewlibrary.check_permission("getcachain") and page_info.orig_action == page_info.prefix..page_info.controller.."/"..page_info.action then
+	viewlibrary.dispatch_component("getcachain", {cadir=form.value.cadir.value})
+end
+%>
+
+<%
 local pattern = string.gsub(page_info.prefix..page_info.controller, "[%(%)%.%%%+%-%*%?%[%]%^%$]", "%%%1")
 local func = haserl.loadfile(page_info.viewfile:gsub(pattern..".*$", "/") .. "filedetails-html.lsp")
 func(form, viewlibrary, page_info, session)
diff --git a/openssl-getcachain-html.lsp b/openssl-getcachain-html.lsp
new file mode 100644
index 0000000..104950e
--- /dev/null
+++ b/openssl-getcachain-html.lsp
@@ -0,0 +1,18 @@
+<% local view, viewlibrary, page_info, session = ... %>
+<% htmlviewfunctions = require("htmlviewfunctions") %>
+<% format = require("acf.format") %>
+<% html = require("acf.html") %>
+
+<%
+if view.value.commonnames and #view.value.commonnames.value > 1 then
+	local header_level = htmlviewfunctions.displaysectionstart(view, page_info)
+	local cadirs = format.string_to_table(view.value.cadir.value, "/")
+	for i,v in ipairs(view.value.commonnames.value) do
+		if i == #view.value.commonnames.value then break end
+		print("<a href='"..page_info.script..page_info.prefix..page_info.controller.."/status?cadir="..html.html_escape(table.concat(cadirs, "/", 1, i-1)).."'> <big>"..html.html_escape(view.value.commonnames.value[i]).."</big></a> -> ")
+	end
+	print("<big>"..html.html_escape(view.value.commonnames.value[#view.value.commonnames.value]).."</big>")
+	htmlviewfunctions.displaysectionend(header_level)
+end
+%>
+
diff --git a/openssl-html.lsp b/openssl-html.lsp
new file mode 100644
index 0000000..6501c7b
--- /dev/null
+++ b/openssl-html.lsp
@@ -0,0 +1,12 @@
+<% local form, viewlibrary, page_info, session = ... %>
+<% htmlviewfunctions = require("htmlviewfunctions") %>
+
+<%
+if viewlibrary and viewlibrary.dispatch_component and viewlibrary.check_permission("getcachain") and page_info.orig_action == page_info.prefix..page_info.controller.."/"..page_info.action then
+	viewlibrary.dispatch_component("getcachain", {cadir=form.value.cadir.value})
+end
+%>
+
+<%
+htmlviewfunctions.displayitem(form, page_info)
+%>
diff --git a/openssl-model.lua b/openssl-model.lua
index 13eafc9..a564954 100644
--- a/openssl-model.lua
+++ b/openssl-model.lua
@@ -34,13 +34,30 @@ local ca_mandatory_entries = { "new_certs_dir", "certificate", "private_key", "d
 
 local initializecfe = function(self, clientdata, label)
 	local retval = cfe({ type="group", value={}, label=label or "" })
-	retval.value.cadir = cfe({ type="hidden", label="CA Directory", key=true })
+	-- use a table as a dummy value to indicate it has not been overridden
+	retval.value.cadir = cfe({ type="hidden", value={}, label="CA Directory", key=true })
 	self.handle_clientdata(retval, clientdata)
+	-- Restore the cadir from the sessiondata in order to make it persistent
+	if type(retval.value.cadir.value) == "table" then
+		if self.sessiondata and self.sessiondata.openssl_cadir then
+			retval.value.cadir.value = self.sessiondata.openssl_cadir
+		else
+			retval.value.cadir.value = ""
+		end
+	end
+
 	basedir = openssldir
+	-- Make sure cadir does not contain ".." to ensure stays within openssldir
 	if string.find(retval.value.cadir.value, "%.%.") then
 		retval.value.cadir.errtxt = "Invalid Directory"
 	elseif retval.value.cadir.value ~= "" then
-		basedir = string.gsub(basedir..retval.value.cadir.value.."/", "//", "/")
+		basedir = string.gsub(basedir..retval.value.cadir.value.."/", "/+", "/")
+		-- Report back cleaned up value
+		retval.value.cadir.value = string.match(basedir, openssldir.."(.*)/$") or ""
+	end
+	-- Save the cadir in the sessiondata in order to make it persistent
+	if self.sessiondata then
+		self.sessiondata.openssl_cadir = retval.value.cadir.value
 	end
 	return retval
 end
@@ -968,7 +985,12 @@ end
 
 mymodule.setconfigfile = function(self, filedetails)
 	-- validate
-	return modelfunctions.setfiledetails(self, filedetails, {basedir..configfile})
+	-- setfiledetails does not return the same cfe, so have to copy any missing ones
+	local retval2 = modelfunctions.setfiledetails(self, filedetails, {basedir..configfile})
+	for name,value in pairs(filedetails.value) do
+		retval2.value[name] = value
+	end
+	return retval2
 end
 
 mymodule.getenvironment = function(self, clientdata)
@@ -989,4 +1011,42 @@ mymodule.setenvironment = function(self, setenv)
 	return setenv
 end
 
+mymodule.get_ca_chain = function(self, clientdata)
+	-- determine the CommonNames for each CA in the chain from cadir back to openssldir
+	local retval = initializecfe(self, clientdata, "CA Chain Information")
+	retval.value.commonnames = cfe({ type="list", value={}, label="CA Common Names" })
+	local cadir,count = string.gsub(retval.value.cadir.value, "/", "/")
+	if retval.value.cadir.value == "" then count=-1 end
+	local matchstring = ""
+	for i=1, (count+2) do
+		local basedir = openssldir
+		if matchstring ~= "" then
+			basedir = basedir..string.match(cadir, matchstring).."/"
+		end
+		matchstring = matchstring.."/?[^/]*"
+		-- This messes with the global, but it will be correct again at the end of the loop
+		config = format.parse_ini_file(fs.read_file(basedir..configfile) or "")
+		if (not config) or (not config.ca) or (not config.ca.default_ca) then
+			--error "Invalid config"
+			retval.value.commonnames.value[i] = "error"
+		else
+			local cacert = getconfigentry(config.ca.default_ca, "certificate")
+			if not fs.is_file(cacert) then
+				--error "File not found"
+				retval.value.commonnames.value[i] = "error"
+			else
+				cacertsubject, errtxt = modelfunctions.run_executable({"openssl", "x509", "-in", cacert, "-noout", "-subject"})
+				if errtxt or not string.find(cacertsubject, "CN=") then
+					--error "CommonName not found"
+					retval.value.commonnames.value[i] = "error"
+				else
+					retval.value.commonnames.value[i] = string.match(cacertsubject, "CN=([^/%W]*)")
+				end
+			end
+		end
+	end
+
+	return retval
+end
+
 return mymodule
diff --git a/openssl-putcacert-html.lsp b/openssl-putcacert-html.lsp
index 35d39b6..df29145 100644
--- a/openssl-putcacert-html.lsp
+++ b/openssl-putcacert-html.lsp
@@ -2,6 +2,12 @@
 <% htmlviewfunctions = require("htmlviewfunctions") %>
 
 <%
+if viewlibrary and viewlibrary.dispatch_component and viewlibrary.check_permission("getcachain") and page_info.orig_action == page_info.prefix..page_info.controller.."/"..page_info.action then
+	viewlibrary.dispatch_component("getcachain", {cadir=form.value.cadir.value})
+end
+%>
+
+<%
 	form.enctype = "multipart/form-data"
 	form.value.ca.type="file"
 	htmlviewfunctions.displayitem(form, page_info)
diff --git a/openssl-read-html.lsp b/openssl-read-html.lsp
index 4691b13..21fa0c0 100644
--- a/openssl-read-html.lsp
+++ b/openssl-read-html.lsp
@@ -24,6 +24,12 @@
 
 <% htmlviewfunctions.displaycommandresults({"approve", "deleterequest", "deletemyrequest", "renewcert", "requestrenewcert", "revoke", "deletecert"}, session) %>
 
+<%
+if viewlibrary and viewlibrary.dispatch_component and viewlibrary.check_permission("getcachain") and page_info.orig_action == page_info.prefix..page_info.controller.."/"..page_info.action then
+	viewlibrary.dispatch_component("getcachain", {cadir=view.value.cadir.value})
+end
+%>
+
 <% local cadir = cfe({ type="hidden", value=view.value.cadir.value }) %>
 <%
 local label = ""
diff --git a/openssl-status-html.lsp b/openssl-status-html.lsp
index 07c1646..32f64d3 100644
--- a/openssl-status-html.lsp
+++ b/openssl-status-html.lsp
@@ -6,6 +6,12 @@
 <% htmlviewfunctions.displaycommandresults({"install"}, session) %>
 
 <%
+if viewlibrary and viewlibrary.dispatch_component and viewlibrary.check_permission("getcachain") and page_info.orig_action == page_info.prefix..page_info.controller.."/"..page_info.action then
+	viewlibrary.dispatch_component("getcachain", {cadir=view.value.cadir.value})
+end
+%>
+
+<%
 local header_level = htmlviewfunctions.displaysectionstart(view, page_info)
 
 htmlviewfunctions.displayitem(view.value.version)
diff --git a/openssl-viewcert-html.lsp b/openssl-viewcert-html.lsp
index c43dc80..36ccbb5 100644
--- a/openssl-viewcert-html.lsp
+++ b/openssl-viewcert-html.lsp
@@ -2,6 +2,12 @@
 <% htmlviewfunctions = require("htmlviewfunctions") %>
 <% html = require("acf.html") %>
 
+<%
+if viewlibrary and viewlibrary.dispatch_component and viewlibrary.check_permission("getcachain") and page_info.orig_action == page_info.prefix..page_info.controller.."/"..page_info.action then
+	viewlibrary.dispatch_component("getcachain", {cadir=view.value.cadir.value})
+end
+%>
+
 <% local header_level = htmlviewfunctions.displaysectionstart(view, page_info) %>
 <pre><%= html.html_escape(view.value.details.value.value) %></pre>
 <% htmlviewfunctions.displaysectionend(header_level) %>
diff --git a/openssl-viewrequest-html.lsp b/openssl-viewrequest-html.lsp
index c43dc80..36ccbb5 100644
--- a/openssl-viewrequest-html.lsp
+++ b/openssl-viewrequest-html.lsp
@@ -2,6 +2,12 @@
 <% htmlviewfunctions = require("htmlviewfunctions") %>
 <% html = require("acf.html") %>
 
+<%
+if viewlibrary and viewlibrary.dispatch_component and viewlibrary.check_permission("getcachain") and page_info.orig_action == page_info.prefix..page_info.controller.."/"..page_info.action then
+	viewlibrary.dispatch_component("getcachain", {cadir=view.value.cadir.value})
+end
+%>
+
 <% local header_level = htmlviewfunctions.displaysectionstart(view, page_info) %>
 <pre><%= html.html_escape(view.value.details.value.value) %></pre>
 <% htmlviewfunctions.displaysectionend(header_level) %>
diff --git a/openssl.roles b/openssl.roles
index 2ef8255..8a7cb5d 100644
--- a/openssl.roles
+++ b/openssl.roles
@@ -1,6 +1,6 @@
 USER=openssl:status,openssl:getrevoked
 EDITOR=openssl:editdefaults
-CERT_REQUESTER=openssl:read,openssl:request,openssl:viewrequest,openssl:deletemyrequest,openssl:viewcert,openssl:getcert,openssl:requestrenewcert
-CERT_APPROVER=openssl:readall,openssl:approve,openssl:viewrequest,openssl:deleterequest,openssl:revoke,openssl:viewcert,openssl:getcert,openssl:deletecert,openssl:renewcert,openssl:downloadcacert
-EXPERT=openssl:putcacert,openssl:generatecacert,openssl:editconfigfile,openssl:checkenvironment,openssl:downloadcacert
-ADMIN=openssl:status,openssl:getrevoked,openssl:editdefaults,openssl:read,openssl:request,openssl:viewrequest,openssl:deletemyrequest,openssl:viewcert,openssl:getcert,openssl:requestrenewcert,openssl:editdefaults,openssl:readall,openssl:approve,openssl:deleterequest,openssl:revoke,openssl:deletecert,openssl:renewcert,openssl:putcacert,openssl:generatecacert,openssl:editconfigfile,openssl:checkenvironment,openssl:downloadcacert
+CERT_REQUESTER=openssl:read,openssl:request,openssl:viewrequest,openssl:deletemyrequest,openssl:viewcert,openssl:getcert,openssl:requestrenewcert,openssl:getcachain
+CERT_APPROVER=openssl:readall,openssl:approve,openssl:viewrequest,openssl:deleterequest,openssl:revoke,openssl:viewcert,openssl:getcert,openssl:deletecert,openssl:renewcert,openssl:downloadcacert,openssl:getcachain
+EXPERT=openssl:putcacert,openssl:generatecacert,openssl:editconfigfile,openssl:checkenvironment,openssl:downloadcacert,openssl:getcachain
+ADMIN=openssl:status,openssl:getrevoked,openssl:editdefaults,openssl:read,openssl:request,openssl:viewrequest,openssl:deletemyrequest,openssl:viewcert,openssl:getcert,openssl:requestrenewcert,openssl:editdefaults,openssl:readall,openssl:approve,openssl:deleterequest,openssl:revoke,openssl:deletecert,openssl:renewcert,openssl:putcacert,openssl:generatecacert,openssl:editconfigfile,openssl:checkenvironment,openssl:downloadcacert,openssl:getcachain