summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--openssl-controller.lua54
-rw-r--r--openssl-model.lua82
2 files changed, 70 insertions, 66 deletions
diff --git a/openssl-controller.lua b/openssl-controller.lua
index 45efb71..d34cdee 100644
--- a/openssl-controller.lua
+++ b/openssl-controller.lua
@@ -1,12 +1,12 @@
-- the openssl certificates controller
-module (..., package.seeall)
+local mymodule = {}
-default_action = "status"
+mymodule.default_action = "status"
local sslstatus
-mvc={}
-mvc.pre_exec = function(self)
+mymodule.mvc={}
+mymodule.mvc.pre_exec = function(self)
self.model.set_umask()
sslstatus = self.model.getstatus()
if not self.redirect then
@@ -17,17 +17,17 @@ mvc.pre_exec = function(self)
or (sslstatus.value.environment.errtxt and self.conf.action ~= "status" and self.conf.action ~= "editconfigfile" and self.conf.action ~= "checkenvironment")
or ((sslstatus.value.cacert.errtxt or sslstatus.value.cakey.errtxt) and self.conf.action ~= "status" and self.conf.action ~= "editconfigfile" and self.conf.action ~= "putcacert" and self.conf.action ~= "generatecacert" and self.conf.action ~= "checkenvironment" and self.conf.action ~= "editdefaults")
then
- redirect(self)
+ self.redirect(self)
end
end
-- Show openssl status
-status = function(self)
+mymodule.status = function(self)
return sslstatus
end
-- View all pending and approved requests and revoked certificates
-readall = function(self)
+mymodule.readall = function(self)
local pending = self.model.listrequests()
local approved = self.model.listcerts()
local revoked = self.model.listrevoked()
@@ -36,7 +36,7 @@ readall = function(self)
end
-- Return all certificates (pending, approved, and revoked) for this user
-read = function(self)
+mymodule.read = function(self)
local user = cfe({ value=self.sessiondata.userinfo.userid, label="User Name" })
local pending = self.model.listrequests(self.sessiondata.userinfo.userid)
local approved = self.model.listcerts(self.sessiondata.userinfo.userid)
@@ -46,88 +46,90 @@ read = function(self)
end
-- Form to request a new cert
-request = function(self)
+mymodule.request = function(self)
return self.handle_form(self, self.model.getnewrequest, function(self, value) return self.model.submitrequest(value, self.sessiondata.userinfo.userid) end, self.clientdata, "Submit", "Request Certificate", "Request Submitted")
end
-- Form to edit request defaults
-editdefaults = function(self)
+mymodule.editdefaults = function(self)
return self.handle_form(self, self.model.getreqdefaults, self.model.setreqdefaults, self.clientdata, "Save", "Edit Certificate Defaults", "Defaults Set")
end
-- View request details
-viewrequest = function(self)
+mymodule.viewrequest = function(self)
return self.model.viewrequest(self.clientdata.request)
end
-- Approve the specified request
-approve = function(self)
+mymodule.approve = function(self)
return self.handle_form(self, self.model.getapproverequest, self.model.approverequest, self.clientdata, "Approve", "Approve Request")
end
-- Delete the specified request
-deleterequest = function(self)
+mymodule.deleterequest = function(self)
return self.handle_form(self, self.model.getdeleterequest, function(self, value) return self.model.deleterequest(self, value, nil) end, self.clientdata, "Delete", "Delete Request", "Request Deleted")
end
-- Delete the specified request
-deletemyrequest = function(self)
+mymodule.deletemyrequest = function(self)
return self.handle_form(self, self.model.getdeleterequest, function(self, value) return self.model.deleterequest(self, value, self.sessiondata.userinfo.userid) end, self.clientdata, "Delete", "Delete Request", "Request Deleted")
end
-- View certificate details
-viewcert = function(self)
+mymodule.viewcert = function(self)
return self.model.viewcert(self.clientdata.cert)
end
-- Get the specified cert
-getcert = function(self)
+mymodule.getcert = function(self)
return self.model.getcert(self.clientdata.cert)
end
-- Revoke the specified cert
-revoke = function(self)
+mymodule.revoke = function(self)
return self.handle_form(self, self.model.getrevokecert, self.model.revokecert, self.clientdata, "Revoke", "Revoke Certificate", "Certificate Revoked")
end
-- Delete the specified certificate
-deletecert = function(self)
+mymodule.deletecert = function(self)
return self.handle_form(self, self.model.getdeletecert, self.model.deletecert, self.clientdata, "Delete", "Delete Certificate", "Certificate Deleted")
end
-- Submit request to renew the specified certificate
-requestrenewcert = function(self)
+mymodule.requestrenewcert = function(self)
return self.handle_form(self, self.model.getrenewcert, self.model.renewcert, self.clientdata, "Renew", "Renew Certificate")
end
-- Renew the specified certificate
-renewcert = function(self)
+mymodule.renewcert = function(self)
local retval = self.handle_form(self, self.model.getrenewcert, function(self, value, submit) return self.model.renewcert(self, value, submit, true) end, self.clientdata, "Renew", "Renew Certificate")
end
-- Get the revoked list
-getrevoked = function(self)
+mymodule.getrevoked = function(self)
return self.model.getcrl(self.clientdata.crltype)
end
-- Put the CA cert
-putcacert = function(self)
+mymodule.putcacert = function(self)
return self.handle_form(self, self.model.getnewputca, self.model.putca, self.clientdata, "Upload", "Upload CA Certificate", "Certificate Uploaded")
end
-downloadcacert = function(self)
+mymodule.downloadcacert = function(self)
return self.model.getca(self.clientdata.certtype)
end
-- Generate a self-signed CA
-generatecacert = function(self)
+mymodule.generatecacert = function(self)
return self.handle_form(self, self.model.getnewcarequest, self.model.generateca, self.clientdata, "Generate", "Generate CA Certificate", "Certificate Generated")
end
-editconfigfile = function(self)
+mymodule.editconfigfile = function(self)
return self.handle_form(self, self.model.getconfigfile, self.model.setconfigfile, self.clientdata, "Save", "Edit Config File", "Config File Saved")
end
-checkenvironment = function(self)
+mymodule.checkenvironment = function(self)
return self.handle_form(self, self.model.getenvironment, self.model.setenvironment, self.clientdata, "Configure", "Configure Environment", "Environment Configured")
end
+
+return mymodule
diff --git a/openssl-model.lua b/openssl-model.lua
index c2bcbf5..1df9b13 100644
--- a/openssl-model.lua
+++ b/openssl-model.lua
@@ -1,4 +1,4 @@
-module(..., package.seeall)
+local mymodule = {}
posix = require("posix")
modelfunctions = require("modelfunctions")
@@ -251,7 +251,7 @@ local unhashname = function(hashstring)
return string.char(unpack(hash))
end
-getstatus = function()
+mymodule.getstatus = function()
processinfo = require("acf.processinfo")
-- set the working directory once for model
posix.chdir(openssldir)
@@ -298,16 +298,16 @@ getstatus = function()
end
end
end
- local environment = checkenvironment()
+ local environment = mymodule.checkenvironment()
return cfe({ type="group", value={version=version, conffile=conffile, environment=environment, cacert=cacert, cacertcontents=cacertcontents, cakey=cakey}, label="openssl status" })
end
-set_umask = function()
+mymodule.set_umask = function()
return posix.umask("rw-------")
end
-getreqdefaults = function()
+mymodule.getreqdefaults = function()
local defaults = getdefaults()
--Add in the encryption bit default
@@ -333,7 +333,7 @@ getreqdefaults = function()
return defaults
end
-setreqdefaults = function(self, defaults)
+mymodule.setreqdefaults = function(self, defaults)
local success, defaults = validate_request(defaults, true)
-- If success, write the values to the config file
@@ -363,15 +363,15 @@ setreqdefaults = function(self, defaults)
return defaults
end
-getnewrequest = function()
- local values = getreqdefaults()
+mymodule.getnewrequest = function()
+ local values = mymodule.getreqdefaults()
-- In addition to the request defaults, we need a password and confirmation
values.value.password = cfe({ type="password", label="Password", seq=98 })
values.value.password_confirm = cfe({ type="password", label="Password confirmation", seq=99 })
return values
end
-submitrequest = function(defaults, user)
+mymodule.submitrequest = function(defaults, user)
local success, defaults = validate_request(defaults)
-- Must have a common name
@@ -447,7 +447,7 @@ submitrequest = function(defaults, user)
return defaults
end
-listrequests = function(user)
+mymodule.listrequests = function(user)
user = user or "*"
local list={}
local files = posix.glob(requestdir..user..".*\\.csr") or {}
@@ -459,7 +459,7 @@ listrequests = function(user)
return cfe({ type="list", value=list, label="List of pending requests" })
end
-viewrequest = function(request)
+mymodule.viewrequest = function(request)
local reqpath = requestdir .. request
local cmdresult = modelfunctions.run_executable({"openssl", "req", "-in", reqpath..".csr", "-text", "-noout"})
local a,b,c = string.match(request, "([^%.]*)%.([^%.]*)%.([^%.]*)")
@@ -467,13 +467,13 @@ viewrequest = function(request)
return request
end
-getapproverequest = function(self, clientdata)
+mymodule.getapproverequest = function(self, clientdata)
local retval = {}
retval.request = cfe({ value=clientdata.request or "", label="Request" })
return cfe({ type="group", value=retval, label="Approve Request" })
end
-approverequest = function(self, apprequest)
+mymodule.approverequest = function(self, apprequest)
local reqpath = requestdir .. apprequest.value.request.value
if fs.is_file(reqpath..".csr") then
-- Request file exists, so try to sign
@@ -521,13 +521,13 @@ approverequest = function(self, apprequest)
return apprequest
end
-getdeleterequest = function(self, clientdata)
+mymodule.getdeleterequest = function(self, clientdata)
local retval = {}
retval.request = cfe({ value=clientdata.request or "", label="Request" })
return cfe({ type="group", value=retval, label="Delete Request" })
end
-deleterequest = function(self, delrequest, user)
+mymodule.deleterequest = function(self, delrequest, user)
user = user or ".*"
if (not fs.is_file(requestdir..delrequest.value.request.value..".csr")) or (not string.find(delrequest.value.request.value, "^"..user.."%.")) then
delrequest.value.request.errtxt = "Request not found"
@@ -543,7 +543,7 @@ deleterequest = function(self, delrequest, user)
return delrequest
end
-listcerts = function(user)
+mymodule.listcerts = function(user)
user = user or "*"
local list={}
local files = posix.glob(certdir..user..".*\\.pfx") or {}
@@ -583,37 +583,37 @@ listcerts = function(user)
return cfe({ type="list", value=list, label="List of approved certificates" })
end
-viewcert = function(cert)
+mymodule.viewcert = function(cert)
local cmdresult = modelfunctions.run_executable({"openssl", "x509", "-in", certdir..cert..".crt", "-noout", "-text"})
local a,b,c,d = string.match(cert, "([^%.]*)%.([^%.]*)%.([^%.]*).([^%.]*)")
return cfe({ type="table", value={name=name, user=a, certtype=b, commonName=c, serial=d, value=cmdresult}, label="Certificate" })
end
-getcert = function(cert)
+mymodule.getcert = function(cert)
local f = fs.read_file(certdir..cert..".pfx") or ""
local a,b,c,d = string.match(cert, "([^%.]*)%.([^%.]*)%.([^%.]*).([^%.]*)")
c = string.gsub(unhashname(c), "[^%w_-]", "")
return cfe({ type="raw", value=f, label=c..".pfx", option="application/x-pkcs12" })
end
-getrevokecert = function(self, clientdata)
+mymodule.getrevokecert = function(self, clientdata)
retval = {}
retval.cert = cfe({ value=clientdata.cert or "", label="Certificate" })
return cfe({ type="group", value=retval, label="Revoke Certificate" })
end
-revokecert = function(self, revreq)
+mymodule.revokecert = function(self, revreq)
revreq.descr, revreq.errtxt = modelfunctions.run_executable({"openssl", "ca", "-config", configfile, "-revoke", certdir..revreq.value.cert.value..".crt", "-batch"}, true)
return revreq
end
-getdeletecert = function(self, clientdata)
+mymodule.getdeletecert = function(self, clientdata)
retval = {}
retval.cert = cfe({ value=clientdata.cert or "", label="Certificate" })
return cfe({ type="group", value=retval, label="Delete Certificate" })
end
-deletecert = function(self, delcert)
+mymodule.deletecert = function(self, delcert)
-- The certificate will still be in the ca directories and index.txt, just not available for web interface
local certname = certdir..delcert.value.cert.value
os.remove(certname..".cfg")
@@ -625,13 +625,13 @@ deletecert = function(self, delcert)
return delcert
end
-getrenewcert = function(self, clientdata)
+mymodule.getrenewcert = function(self, clientdata)
retval = {}
retval.cert = cfe({ value=clientdata.cert or "", label="Certificate" })
return cfe({ type="group", value=retval, label="Renew Certificate" })
end
-renewcert = function(self, recert, submit, approve)
+mymodule.renewcert = function(self, recert, submit, approve)
local success = true
local user,certtype,commonName,serialnum = string.match(recert.value.cert.value, "([^%.]*)%.([^%.]*)%.([^%.]*).([^%.]*)")
local reqname = requestdir..user.."."..certtype.."."..commonName
@@ -670,9 +670,9 @@ renewcert = function(self, recert, submit, approve)
end
if success and approve then
- local tmp = getapproverequest(self, {})
+ local tmp = mymodule.getapproverequest(self, {})
tmp.value.request.value = posix.basename(reqname)
- tmp = approverequest(self, tmp)
+ tmp = mymodule.approverequest(self, tmp)
if tmp.errtxt then
recert.descr = recert.descr.."\n"..tmp.errtxt
end
@@ -681,7 +681,7 @@ renewcert = function(self, recert, submit, approve)
return recert
end
-listrevoked = function()
+mymodule.listrevoked = function()
config = config or format.parse_ini_file(fs.read_file(configfile) or "")
local databasepath = getconfigentry(config.ca.default_ca, "database")
local revoked = {}
@@ -694,7 +694,7 @@ listrevoked = function()
return cfe({ type="list", value=revoked, label="Revoked serial numbers" })
end
-getcrl = function(crltype)
+mymodule.getcrl = function(crltype)
local crlfile = cfe({ type="raw", option="application/pkix-crl" })
modelfunctions.run_executable({"openssl", "ca", "-config", configfile, "-gencrl", "-out", openssldir.."ca-crl.crl"})
modelfunctions.run_executable({"openssl", "crl", "-in", openssldir.."ca-crl.crl", "-out", openssldir.."ca-der-crl.crl", "-outform", "DER"})
@@ -710,7 +710,7 @@ getcrl = function(crltype)
return crlfile
end
-getca = function(certtype)
+mymodule.getca = function(certtype)
local result = cfe({ type="raw", option="application/x-x509-ca-cert" })
local fname = "cacert."
if string.lower(certtype or "") == "der" then
@@ -727,13 +727,13 @@ getca = function(certtype)
return result
end
-getnewputca = function()
+mymodule.getnewputca = function()
local ca = cfe({ type="raw", value=0, label="CA Certificate", descr='File must be a password protected ".pfx" file' })
local password = cfe({ label="Certificate Password" })
return cfe({ type="group", value={ca=ca, password=password} })
end
-putca = function(self, newca)
+mymodule.putca = function(self, newca)
local success = true
-- Trying to upload a cert/key
-- The way haserl works, ca contains the temporary file name
@@ -790,14 +790,14 @@ putca = function(self, newca)
return newca
end
-getnewcarequest = function()
+mymodule.getnewcarequest = function()
request = getdefaults()
-- In addition to the distinguished name defaults, we need days
request.value.days = cfe({ value="365", label="Number of days to certify", seq=95 })
return request
end
-generateca = function(self, defaults)
+mymodule.generateca = function(self, defaults)
local success, defaults = validate_request(defaults)
if not validator.is_integer(defaults.value.days.value) then
@@ -836,34 +836,34 @@ generateca = function(self, defaults)
return defaults
end
-getconfigfile = function()
+mymodule.getconfigfile = function()
return modelfunctions.getfiledetails(configfile)
end
-setconfigfile = function(self, filedetails)
+mymodule.setconfigfile = function(self, filedetails)
-- validate
return modelfunctions.setfiledetails(self, filedetails, {configfile})
end
-getenvironment = function(self, clientdata)
+mymodule.getenvironment = function(self, clientdata)
local retval = {}
- retval.status = checkenvironment()
+ retval.status = mymodule.checkenvironment()
return cfe({ type="group", value=retval, label="Check Environment" })
end
-setenvironment = function(self, setenv)
+mymodule.setenvironment = function(self, setenv)
-- loop through the cmdline and execute
for x,cmd in ipairs(setenv.value.status.cmdline) do
cmd()
end
- setenv.value.status = checkenvironment()
+ setenv.value.status = mymodule.checkenvironment()
if setenv.value.status.errtxt then
setenv.errtxt = "Failed to Configure Environment"
end
return setenv
end
-checkenvironment = function()
+mymodule.checkenvironment = function()
local errtxt = {}
local cmdline = {}
@@ -917,3 +917,5 @@ checkenvironment = function()
end
return cfe({ value=value, errtxt=errtxt, cmdline=cmdline, label="Environment" })
end
+
+return mymodule
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-14 22:04:11 +0000