Added getcachain action to show the parent CAs when we are in a child, modified all views to display it

This includes adding a generic HTML view to display cadir and then display the cfe

1 files changed, 63 insertions, 3 deletions

diff --git a/openssl-model.lua b/openssl-model.lua
index 13eafc9..a564954 100644
--- a/openssl-model.lua
+++ b/openssl-model.lua
@@ -34,13 +34,30 @@ local ca_mandatory_entries = { "new_certs_dir", "certificate", "private_key", "d
 
 local initializecfe = function(self, clientdata, label)
 	local retval = cfe({ type="group", value={}, label=label or "" })
-	retval.value.cadir = cfe({ type="hidden", label="CA Directory", key=true })
+	-- use a table as a dummy value to indicate it has not been overridden
+	retval.value.cadir = cfe({ type="hidden", value={}, label="CA Directory", key=true })
 	self.handle_clientdata(retval, clientdata)
+	-- Restore the cadir from the sessiondata in order to make it persistent
+	if type(retval.value.cadir.value) == "table" then
+		if self.sessiondata and self.sessiondata.openssl_cadir then
+			retval.value.cadir.value = self.sessiondata.openssl_cadir
+		else
+			retval.value.cadir.value = ""
+		end
+	end
+
 	basedir = openssldir
+	-- Make sure cadir does not contain ".." to ensure stays within openssldir
 	if string.find(retval.value.cadir.value, "%.%.") then
 		retval.value.cadir.errtxt = "Invalid Directory"
 	elseif retval.value.cadir.value ~= "" then
-		basedir = string.gsub(basedir..retval.value.cadir.value.."/", "//", "/")
+		basedir = string.gsub(basedir..retval.value.cadir.value.."/", "/+", "/")
+		-- Report back cleaned up value
+		retval.value.cadir.value = string.match(basedir, openssldir.."(.*)/$") or ""
+	end
+	-- Save the cadir in the sessiondata in order to make it persistent
+	if self.sessiondata then
+		self.sessiondata.openssl_cadir = retval.value.cadir.value
 	end
 	return retval
 end
@@ -968,7 +985,12 @@ end
 
 mymodule.setconfigfile = function(self, filedetails)
 	-- validate
-	return modelfunctions.setfiledetails(self, filedetails, {basedir..configfile})
+	-- setfiledetails does not return the same cfe, so have to copy any missing ones
+	local retval2 = modelfunctions.setfiledetails(self, filedetails, {basedir..configfile})
+	for name,value in pairs(filedetails.value) do
+		retval2.value[name] = value
+	end
+	return retval2
 end
 
 mymodule.getenvironment = function(self, clientdata)
@@ -989,4 +1011,42 @@ mymodule.setenvironment = function(self, setenv)
 	return setenv
 end
 
+mymodule.get_ca_chain = function(self, clientdata)
+	-- determine the CommonNames for each CA in the chain from cadir back to openssldir
+	local retval = initializecfe(self, clientdata, "CA Chain Information")
+	retval.value.commonnames = cfe({ type="list", value={}, label="CA Common Names" })
+	local cadir,count = string.gsub(retval.value.cadir.value, "/", "/")
+	if retval.value.cadir.value == "" then count=-1 end
+	local matchstring = ""
+	for i=1, (count+2) do
+		local basedir = openssldir
+		if matchstring ~= "" then
+			basedir = basedir..string.match(cadir, matchstring).."/"
+		end
+		matchstring = matchstring.."/?[^/]*"
+		-- This messes with the global, but it will be correct again at the end of the loop
+		config = format.parse_ini_file(fs.read_file(basedir..configfile) or "")
+		if (not config) or (not config.ca) or (not config.ca.default_ca) then
+			--error "Invalid config"
+			retval.value.commonnames.value[i] = "error"
+		else
+			local cacert = getconfigentry(config.ca.default_ca, "certificate")
+			if not fs.is_file(cacert) then
+				--error "File not found"
+				retval.value.commonnames.value[i] = "error"
+			else
+				cacertsubject, errtxt = modelfunctions.run_executable({"openssl", "x509", "-in", cacert, "-noout", "-subject"})
+				if errtxt or not string.find(cacertsubject, "CN=") then
+					--error "CommonName not found"
+					retval.value.commonnames.value[i] = "error"
+				else
+					retval.value.commonnames.value[i] = string.match(cacertsubject, "CN=([^/%W]*)")
+				end
+			end
+		end
+	end
+
+	return retval
+end
+
 return mymodule