3 files changed, 120 insertions, 74 deletions

diff --git a/openssl-controller.lua b/openssl-controller.lua
index e5f4c0a..013d4b3 100755..100644
--- a/openssl-controller.lua
+++ b/openssl-controller.lua
@@ -9,6 +9,9 @@ mvc={}
 mvc.pre_exec = function(self)
 	self.model.set_umask()
 	sslstatus = self.model.getstatus()
+	if not self.redirect then
+		return
+	end
 	if (sslstatus.value.version.errtxt and self.conf.action ~= "status")
 		or (sslstatus.value.conffile.errtxt and self.conf.action ~= "status" and self.conf.action ~= "editconfigfile" and self.conf.action ~= "checkenvironment")
 		or (sslstatus.value.environment.errtxt and self.conf.action ~= "status" and self.conf.action ~= "editconfigfile" and self.conf.action ~= "checkenvironment")
@@ -59,17 +62,17 @@ end
 
 -- Approve the specified request
 approve = function(self)
-	return self:redirect_to_referrer(self.model.approverequest(self.clientdata.request))
+	return self.handle_form(self, self.model.getapproverequest, self.model.approverequest, self.clientdata, "Approve", "Approve Request")
 end
 
 -- Delete the specified request
 deleterequest = function(self)
-	return self:redirect_to_referrer(self.model.deleterequest(self.clientdata.request))
+	return self.handle_form(self, self.model.getdeleterequest, function(self, value) return self.model.deleterequest(self, value, nil) end, self.clientdata, "Delete", "Delete Request", "Request Deleted")
 end
 
 -- Delete the specified request
 deletemyrequest = function(self)
-	return self:redirect_to_referrer(self.model.deleterequest(self.clientdata.request, self.sessiondata.userinfo.userid))
+	return self.handle_form(self, self.model.getdeleterequest, function(self, value) return self.model.deleterequest(self, value, self.sessiondata.userinfo.userid) end, self.clientdata, "Delete", "Delete Request", "Request Deleted")
 end
 
 -- View certificate details
@@ -85,22 +88,22 @@ end
 
 -- Revoke the specified cert
 revoke = function(self)
-	return self:redirect_to_referrer(self.model.revokecert(self.clientdata.cert))
+	return self.handle_form(self, self.model.getrevokecert, self.model.revokecert, self.clientdata, "Revoke", "Revoke Certificate", "Certificate Revoked")
 end
 
 -- Delete the specified certificate
 deletecert = function(self)
-	return self:redirect_to_referrer(self.model.deletecert(self.clientdata.cert))
+	return self.handle_form(self, self.model.getdeletecert, self.model.deletecert, self.clientdata, "Delete", "Delete Certificate", "Certificate Deleted")
 end
 
 -- Submit request to renew the specified certificate
 requestrenewcert = function(self)
-	return self:redirect_to_referrer(self.model.renewcert(self.clientdata.cert))
+	return self.handle_form(self, self.model.getrenewcert, self.model.renewcert, self.clientdata, "Renew", "Renew Certificate")
 end
 
 -- Renew the specified certificate
 renewcert = function(self)
-	return self:redirect_to_referrer(self.model.renewcert(self.clientdata.cert, true))
+	local retval = self.handle_form(self, self.model.getrenewcert, function(self, value, submit) return self.model.renewcert(self, value, submit, true) end, self.clientdata, "Renew", "Renew Certificate")
 end
 
 -- Get the revoked list
@@ -129,11 +132,5 @@ editconfigfile = function(self)
 end
 
 checkenvironment = function(self)
-	local form = cfe({ type="form", value={}, label="Check Environment", option="Configure" })
-	if self.clientdata.Configure then
-		form.value.status = self:redirect_to_referrer(self.model.checkenvironment(self.clientdata.Configure))
-	else
-		form.value.status = self:redirect_to_referrer() or self.model.checkenvironment(self.clientdata.Configure)
-	end
-	return form
+	return self.handle_form(self, self.model.getenvironment, self.model.setenvironment, self.clientdata, "Configure", "Configure Environment", "Environment Configured")
 end
diff --git a/openssl-html.lsp b/openssl-html.lsp
index 1857ce4..b22484b 100644
--- a/openssl-html.lsp
+++ b/openssl-html.lsp
@@ -35,12 +35,12 @@
 			io.write(html.link{value="viewrequest?request="..request.name, label="View "})
 		end %>
 		<% if viewlibrary.check_permission("approve") then
-			io.write(html.link{value="approve?request="..request.name, label="Approve "})
+			io.write(html.link{value="approve?submit=true&request="..request.name, label="Approve "})
 		end %>
 		<% if viewlibrary.check_permission("deleterequest") then
-			io.write(html.link{value="deleterequest?request="..request.name, label="Delete "})
+			io.write(html.link{value="deleterequest?submit=true&request="..request.name, label="Delete "})
 		elseif viewlibrary.check_permission("deletemyrequest") then
-			io.write(html.link{value="deletemyrequest?request="..request.name, label="Delete "})
+			io.write(html.link{value="deletemyrequest?submit=true&request="..request.name, label="Delete "})
 		end %>
 		</td>
 		<td><%= html.html_escape(request.user) %></td>
@@ -98,15 +98,15 @@ end %>
 			<%= html.link{value="getcert?cert="..cert.name, label="Download "} %>
 		<% end %>
 		<% if viewlibrary.check_permission("renewcert") then %>
-			<%= html.link{value="renewcert?cert="..cert.name, label="Renew "} %>
+			<%= html.link{value="renewcert?submit=true&cert="..cert.name, label="Renew "} %>
 		<% elseif viewlibrary.check_permission("requestrenewcert") then %>
-			<%= html.link{value="requestrenewcert?cert="..cert.name, label="Renew "} %>
+			<%= html.link{value="requestrenewcert?submit=true&cert="..cert.name, label="Renew "} %>
 		<% end %>
 		<% if viewlibrary.check_permission("revoke") then %>
-			<%= html.link{value="revoke?cert="..cert.name, label="Revoke "} %>
+			<%= html.link{value="revoke?submit=true&cert="..cert.name, label="Revoke "} %>
 		<% end %>
 		<% if viewlibrary.check_permission("deletecert") then %>
-			<%= html.link{value="deletecert?cert="..cert.name, label="Delete "} %>
+			<%= html.link{value="deletecert?submit=true&cert="..cert.name, label="Delete "} %>
 		<% end %>
 		</td>
 		<td><%= html.html_escape(cert.user) %></td>
@@ -147,7 +147,7 @@ end %>
 			<%= html.link{value="getcert?cert="..cert.name, label="Download "} %>
 		<% end --]] %>
 		<% if viewlibrary.check_permission("deletecert") then %>
-			<%= html.link{value="deletecert?cert="..cert.name, label="Delete "} %>
+			<%= html.link{value="deletecert?submit=true&cert="..cert.name, label="Delete "} %>
 		<% end %>
 		</td>
 		<td><%= html.html_escape(cert.user) %></td>
diff --git a/openssl-model.lua b/openssl-model.lua
index 44926af..47b02d0 100755..100644
--- a/openssl-model.lua
+++ b/openssl-model.lua
@@ -472,23 +472,28 @@ viewrequest = function(request)
 	return request
 end
 
-approverequest = function(request)
-	local cmdresult = cfe({ value="Failed to approve request", label="Approve result" })
-	local reqpath = requestdir .. request
+getapproverequest = function(self, clientdata)
+	local retval = {}
+	retval.request = cfe({ value=clientdata.request or "", label="Request" })
+	return cfe({ type="group", value=retval, label="Approve Request" })
+end
+
+approverequest = function(self, apprequest)
+	local reqpath = requestdir .. apprequest.value.request.value
 	if fs.is_file(reqpath..".csr") then
 		-- Request file exists, so try to sign
-		local user,certtype,commonName = string.match(request, "([^%.]*)%.([^%.]*)%.([^%.]*)")
+		local user,certtype,commonName = string.match(apprequest.value.request.value, "([^%.]*)%.([^%.]*)%.([^%.]*)")
 
 		-- Add the serial number to the end of the cert file name
 		local serialpath = getconfigentry(certtype, "serial")
 		local serialfile = fs.read_file(serialpath) or ""
 		local serial = string.match(serialfile, "%x+")
-		local certname = certdir..request.."."..serial
+		local certname = certdir..apprequest.value.request.value.."."..serial
 		
 		-- Now, sign the certificate
 		local cmd = path .. "openssl ca -config "..format.escapespecialcharacters(reqpath)..".cfg -in "..format.escapespecialcharacters(reqpath)..".csr -out "..format.escapespecialcharacters(certname)..".crt -name "..format.escapespecialcharacters(certtype).." -batch 2>&1"
 		local f = io.popen(cmd)
-		cmdresult.value = f:read("*a")
+		apprequest.descr = f:read("*a")
 		f:close()
 
 		-- If certificate created, create the wrapped up pkcs12
@@ -499,7 +504,7 @@ approverequest = function(request)
 			f = io.popen(cmd)
 			local newcmdresult = f:read("*a")
 			f:close()
-			cmdresult.value = cmdresult.value .. newcmdresult
+			apprequest.descr = apprequest.descr .. newcmdresult
 		end
 
 		-- Finally, remove the request
@@ -515,22 +520,33 @@ approverequest = function(request)
 			os.remove(certname..".crt")
 			os.remove(certname..".pfx")
 		end
+	else
+		apprequest.errtxt = "Failed to approve request"
+		apprequest.value.request.errtxt = "Failed to find request"
 	end
-	return cmdresult
+	return apprequest
+end
+
+getdeleterequest = function(self, clientdata)
+	local retval = {}
+	retval.request = cfe({ value=clientdata.request or "", label="Request" })
+	return cfe({ type="group", value=retval, label="Delete Request" })
 end
 
-deleterequest = function(request, user)
+deleterequest = function(self, delrequest, user)
 	user = user or ".*"
-	if (not fs.is_file(requestdir..request..".csr")) or (not string.find(request, "^"..user.."%.")) then
-		return cfe({ value="Request not found", label="Delete result" })
+	if (not fs.is_file(requestdir..delrequest.value.request.value..".csr")) or (not string.find(delrequest.value.request.value, "^"..user.."%.")) then
+		delrequest.value.request.errtxt = "Request not found"
+		delrequest.errtxt = "Failed to Delete Request"
+	else
+		local reqpath = requestdir..delrequest.value.request.value
+		os.remove(reqpath..".pwd")
+		os.remove(reqpath..".sbj")
+		os.remove(reqpath..".pem")
+		os.remove(reqpath..".cfg")
+		os.remove(reqpath..".csr")
 	end
-	local reqpath = requestdir..request
-	os.remove(reqpath..".pwd")
-	os.remove(reqpath..".sbj")
-	os.remove(reqpath..".pem")
-	os.remove(reqpath..".cfg")
-	os.remove(reqpath..".csr")
-	return cfe({ value="Request deleted", label="Delete result" })
+	return delrequest
 end
 
 listcerts = function(user)
@@ -595,41 +611,58 @@ getcert = function(cert)
 	return cfe({ type="raw", value=f, label=c..".pfx", option="application/x-pkcs12" })
 end
 
-revokecert = function(cert)
-	local cmdresult = cfe({ label="Revoke result" })
-	local cmd = path .. "openssl ca -config "..configfile.." -revoke "..certdir .. format.escapespecialcharacters(cert)..".crt -batch 2>&1"
+getrevokecert = function(self, clientdata)
+	retval = {}
+	retval.cert = cfe({ value=clientdata.cert or "", label="Certificate" })
+	return cfe({ type="group", value=retval, label="Revoke Certificate" })
+end
+
+revokecert = function(self, revreq)
+	local cmd = path .. "openssl ca -config "..configfile.." -revoke "..certdir .. format.escapespecialcharacters(revreq.value.cert.value)..".crt -batch 2>&1"
 	local f = io.popen(cmd)
-	cmdresult.value = f:read("*a")
+	revreq.descr = f:read("*a")
 	f:close()
-	return cmdresult
+	return revreq
 end
 
-deletecert = function(cert)
+getdeletecert = function(self, clientdata)
+	retval = {}
+	retval.cert = cfe({ value=clientdata.cert or "", label="Certificate" })
+	return cfe({ type="group", value=retval, label="Delete Certificate" })
+end
+
+deletecert = function(self, delcert)
 	-- The certificate will still be in the ca directories and index.txt, just not available for web interface
-	local certname = certdir..cert
+	local certname = certdir..delcert.value.cert.value
 	os.remove(certname..".cfg")
 	os.remove(certname..".crt")
 	os.remove(certname..".pem")
 	os.remove(certname..".pfx")
 	os.remove(certname..".pwd")
 	os.remove(certname..".sbj")
-	return cfe({ value="Certificate deleted", label="Delete result" })
+	return delcert
+end
+
+getrenewcert = function(self, clientdata)
+	retval = {}
+	retval.cert = cfe({ value=clientdata.cert or "", label="Certificate" })
+	return cfe({ type="group", value=retval, label="Renew Certificate" })
 end
 
-renewcert = function(cert, approve)
-	local cmdresult = ""
+renewcert = function(self, recert, submit, approve)
 	local success = true
-	local user,certtype,commonName,serialnum = string.match(cert, "([^%.]*)%.([^%.]*)%.([^%.]*).([^%.]*)")
+	local user,certtype,commonName,serialnum = string.match(recert.value.cert.value, "([^%.]*)%.([^%.]*)%.([^%.]*).([^%.]*)")
 	local reqname = requestdir..user.."."..certtype.."."..commonName
 	if fs.is_file(reqname..".csr") then
-		cmdresult = "Failed to submit request\nRequest already exists"
+		recert.errtxt = "Failed to submit request"
+		recert.value.cert.errtxt = "Request already exists"
 		success = false
 	end
 
 	if success then
 		-- Submit the request
 		-- First, put the subject, config file and password in place
-		local certname = certdir..cert
+		local certname = certdir..recert.value.cert.value
 		fs.copy_file(certname..".pwd", reqname..".pwd")
 		fs.copy_file(certname..".sbj", reqname..".sbj")
 		fs.copy_file(certname..".cfg", reqname..".cfg")
@@ -640,11 +673,12 @@ renewcert = function(cert, approve)
 		-- Next, submit the request (new key)
 		cmd = path .. "openssl req -nodes -new -config "..format.escapespecialcharacters(reqname)..".cfg -keyout "..format.escapespecialcharacters(reqname)..".pem -out "..format.escapespecialcharacters(reqname)..'.csr -subj "'..subject..'" 2>&1'
 		f = io.popen(cmd)
-		cmdresult = f:read("*a")
+		recert.descr = f:read("*a")
 		f:close()
 		local filestats = posix.stat(reqname..".csr")
 		if not filestats or filestats.size == 0 then
-			cmdresult = "Failed to submit request\n"..cmdresult
+			recert.errtxt = "Failed to submit request\n"..recert.descr
+			recert.descr = nil
 			success = false
 			os.remove(reqname..".pwd")
 			os.remove(reqname..".sbj")
@@ -652,15 +686,20 @@ renewcert = function(cert, approve)
 			os.remove(reqname..".pem")
 			os.remove(reqname..".csr")
 		else
-			cmdresult = "Submitted request"
+			recert.descr = "Submitted request"
 		end
 	end
 
 	if success and approve then
-		approverequest(posix.basename(reqname))
+		local tmp = getapproverequest(self, {})
+		tmp.value.request.value = posix.basename(reqname)
+		tmp = approverequest(self, tmp)
+		if tmp.errtxt then
+			recert.descr = recert.descr.."\n"..tmp.errtxt
+		end
 	end
 
-	return cfe({ type="boolean", value=cmdresult, label="Renew result" })
+	return recert
 end
 
 listrevoked = function()
@@ -845,7 +884,25 @@ setconfigfile = function(self, filedetails)
 	return modelfunctions.setfiledetails(self, filedetails, {configfile})
 end
 
-checkenvironment = function(set)
+getenvironment = function(self, clientdata)
+	local retval = {}
+	retval.status = checkenvironment()
+	return cfe({ type="group", value=retval, label="Check Environment" })
+end
+
+setenvironment = function(self, setenv)
+	-- loop through the cmdline and execute
+	for x,cmd in ipairs(setenv.value.status.cmdline) do
+		cmd()
+	end
+	setenv.value.status = checkenvironment()
+	if setenv.value.status.errtxt then
+		setenv.errtxt = "Failed to Configure Environment"
+	end
+	return setenv
+end
+
+checkenvironment = function()
 	local errtxt = {}
 	local cmdline = {}
 	
@@ -889,21 +946,13 @@ checkenvironment = function(set)
 		errtxt[#errtxt+1] = "Configuration invalid"
 	end
 
-	if set then
-		-- loop through the cmdline and execute
-		for x,cmd in ipairs(cmdline) do
-			cmd()
-		end
-		return checkenvironment()
+	errtxt = table.concat(errtxt, '\n')
+	local value
+	if errtxt == "" then
+		errtxt = nil
+		value = "Environment ready"
 	else
-		errtxt = table.concat(errtxt, '\n')
-		local value
-		if errtxt == "" then
-			errtxt = nil
-			value = "Environment ready"
-		else
-			value = "Environment not ready"
-		end
-		return cfe({ value=value, errtxt=errtxt, label="Environment" })
+		value = "Environment not ready"
 	end
+	return cfe({ value=value, errtxt=errtxt, cmdline=cmdline, label="Environment" })
 end