1 files changed, 47 insertions, 10 deletions

diff --git a/openssl-model.lua b/openssl-model.lua
index ff30867..2502c4a 100644
--- a/openssl-model.lua
+++ b/openssl-model.lua
@@ -44,6 +44,9 @@ local getdefaults = function()
 			value=config[distinguished_name][name.name .. "_default"]
 				or config[distinguished_name]["0."..name.name.."_default"] or "",
 			descr=config[distinguished_name][name.name] or config[distinguished_name]["0."..name.name] })
+		if defaults.value[name.name].value == "" and name.short then
+			defaults.value[name.name].value = config[distinguished_name][name.short .. "_default"] or ""
+		end
 	end
 
 	return defaults
@@ -56,8 +59,14 @@ local validate_distinguished_names = function(values)
 	local success = true
 
 	for i, name in ipairs(distinguished_names) do
+		if string.find(values.value[name.name].value, "[,/'=]") then
+			values.value[name.name].errtxt = "Value cannot contain =/,'"
+			success = false
+		end
+
+		-- check min, but empty is allowed
 		local min = config[distinguished_name][name.name.."_min"] or config[distinguished_name]["0."..name.name.."_min"]
-		if min and values.value[name.name] and #values.value[name.name].value < tonumber(min) then
+		if min and values.value[name.name] and #values.value[name.name].value < tonumber(min) and #values.value[name.name].value > 0 then
 			values.value[name.name].errtxt = "Value too short"
 			success = false
 		end
@@ -93,7 +102,9 @@ end
 local create_subject_string = function(values)
 	local outstr = {}
 	for i,name in ipairs(distinguished_names) do
-		outstr[#outstr + 1] = (name.short or name.name) .. "=" .. values.value[name.name].value
+		if values.value[name.name].value ~= "" then
+			outstr[#outstr + 1] = (name.short or name.name) .. "=" .. values.value[name.name].value
+		end
 	end
 	return "/"..table.concat(outstr, "/")
 end
@@ -190,6 +201,19 @@ local checkfile = function(name, path, default)
 	return errtxt, cmdline
 end
 
+local hashname = function(name)
+	local hash = {name:byte(1,-1)}
+	return table.concat(hash, "-")
+end
+
+local unhashname = function(hashstring)
+	local hash = {}
+	for char in string.gmatch(hashstring, "([^-]+)-*") do
+		hash[#hash+1] = char
+	end
+	return string.char(unpack(hash))
+end
+
 getstatus = function()
 	require("processinfo")
 	-- set the working directory once for model
@@ -221,6 +245,18 @@ getstatus = function()
 				local f = io.popen(cmd)
 				cacertcontents.value = f:read("*a")
 				f:close()
+				local enddate = string.match(cacertcontents.value, "Not After : (.*)")
+				local month, day, year = string.match(enddate, "(%a+)%s+(%d+)%s+%S+%s+(%d+)")
+
+				local reversemonth = {Jan=1,Feb=2,Mar=3,Apr=4,May=5,Jun=6,Jul=7,Aug=8,Sep=9,Oct=10,Nov=11,Dec=12}
+				local time = os.time({year=year, month=reversemonth[month], day=day})
+				if os.time() > time then
+					time = 0
+					cacert.errtxt="Certificate expired"
+				else
+					time = (time-os.time())/86400
+				end
+				cacert.daysremaining=time
 			end
 			cakey.value = getconfigentry(config.ca.default_ca, "private_key")
 			if not fs.is_file(cakey.value) then
@@ -285,7 +321,7 @@ submitrequest = function(defaults, user)
 		success = false
 	end
 
-	local reqname = requestdir..user.."."..defaults.value.certtype.value.."."..defaults.value.commonName.value
+	local reqname = requestdir..user.."."..defaults.value.certtype.value.."."..hashname(defaults.value.commonName.value)
 	if fs.is_file(reqname..".csr") then
 		defaults.errtxt = "Failed to submit request\nRequest already exists"
 		success = false
@@ -311,7 +347,7 @@ submitrequest = function(defaults, user)
 		end
 	end
 
-	if not success then
+	if not success and not defaults.errtxt then
 		defaults.errtxt = "Failed to submit request"
 	end
 
@@ -321,11 +357,11 @@ end
 listrequests = function(user)
 	user = user or "*"
 	local list={}
-	local fh = io.popen('find ' .. requestdir .. ' -name "'..user..'.*.csr" -maxdepth 1')
+	local fh = io.popen("find " .. requestdir .. " -name "..user..".*.csr -maxdepth 1")
 	for x in fh:lines() do
 		local name = basename(x,".csr")
 		local a,b,c = string.match(name, "([^%.]*)%.([^%.]*)%.([^%.]*)")
-		list[#list + 1] = {name=name, user=a, certtype=b, commonName=c}
+		list[#list + 1] = {name=name, user=a, certtype=b, commonName=unhashname(c)}
 	end
 	return cfe({ type="list", value=list, label="List of pending requests" })
 end
@@ -359,11 +395,12 @@ approverequest = function(request)
 		local f = io.popen(cmd)
 		cmdresult.value = f:read("*a")
 		f:close()
-		
+
 		-- If certificate created, create the wrapped up pkcs12
 		local filestats = posix.stat(certname..".crt")
 		if filestats and filestats.size > 0 then
-			cmd = "PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/sbin:/usr/sbin:/sbin openssl pkcs12 -export -inkey "..path..".pem -in "..certname..".crt -out "..certname..".pfx -passout file:"..path..".pwd 2>&1"
+			-- We're wrapping up the key, the cert, and the CA cert (and whatever came with it)
+			cmd = "PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/sbin:/usr/sbin:/sbin openssl pkcs12 -export -inkey "..path..".pem -in "..certname..".crt -out "..certname..".pfx -passout file:"..path..".pwd -certfile "..getconfigentry(certtype, "certificate").." 2>&1"
 			f = io.popen(cmd)
 			local newcmdresult = f:read("*a")
 			f:close()
@@ -406,7 +443,7 @@ end
 listcerts = function(user)
 	user = user or "*"
 	local list={}
-	local fh = io.popen('find ' .. certdir .. ' -name "'..user..'.*.pfx" -maxdepth 1')
+	local fh = io.popen("find " .. certdir .. " -name "..user..".*.pfx -maxdepth 1")
 	for x in fh:lines() do
 		local name = basename(x,".pfx")
 		local a,b,c,d = string.match(name, "([^%.]*)%.([^%.]*)%.([^%.]*).([^%.]*)")
@@ -424,7 +461,7 @@ listcerts = function(user)
 		else
 			time = (time-os.time())/86400
 		end
-		list[#list + 1] = {name=name, user=a, certtype=b, commonName=c, serial=d, enddate=enddate, daysremaining=time}
+		list[#list + 1] = {name=name, user=a, certtype=b, commonName=unhashname(c), serial=d, enddate=enddate, daysremaining=time}
 	end
 	fh:close()
 	return cfe({ type="list", value=list, label="List of approved certificates" })