summaryrefslogtreecommitdiffstats
path: root/openssl-model.lua
diff options
context:
space:
mode:
Diffstat (limited to 'openssl-model.lua')
-rw-r--r--openssl-model.lua112
1 files changed, 49 insertions, 63 deletions
diff --git a/openssl-model.lua b/openssl-model.lua
index 2f4120c..5998c98 100644
--- a/openssl-model.lua
+++ b/openssl-model.lua
@@ -189,13 +189,9 @@ end
local copyca = function(cacert, cakey)
config = config or format.parse_ini_file(fs.read_file(configfile) or "")
local certpath = getconfigentry(config.ca.default_ca, "certificate")
- local cmd = "cp "..format.escapespecialcharacters(cacert).." "..format.escapespecialcharacters(certpath)
- local f = io.popen(cmd)
- f:close()
+ os.rename(cacert, certpath)
local keypath = getconfigentry(config.ca.default_ca, "private_key")
- local cmd = "cp "..format.escapespecialcharacters(cakey).." "..format.escapespecialcharacters(keypath)
- local f = io.popen(cmd)
- f:close()
+ os.rename(cakey, keypath)
end
local checkdir = function(name, dirpath)
@@ -203,7 +199,7 @@ local checkdir = function(name, dirpath)
local filestats = posix.stat(dirpath, "type")
if not filestats or filestats == "" then
errtxt = name.." does not exist"
- cmdline = "mkdir -p "..dirpath
+ cmdline = function() fs.create_directory(dirpath) end
elseif filestats ~= "directory" then
errtxt = "UNRECOVERABLE - "..name.." not a directory"
end
@@ -216,9 +212,9 @@ local checkfile = function(name, filepath, default)
if not filestats or filestats == "" then
errtxt = name.." does not exist"
if default then
- cmdline = "echo "..default.." > "..filepath
+ cmdline = function() fs.write_file(filepath, default) end
else
- cmdline = "touch "..filepath
+ cmdline = function() fs.create_file(filepath) end
end
elseif filestats ~= "regular" then
errtxt = "UNRECOVERABLE - "..name.." not a file"
@@ -424,9 +420,9 @@ submitrequest = function(defaults, user)
local keyfilestats = posix.stat(reqname..".pem")
if not certfilestats or certfilestats.size == 0 or not keyfilestats or keyfilestats.size == 0 then
success = false
- cmd = "rm "..format.escapespecialcharacters(reqname)..".*"
- f = io.popen(cmd)
- f:close()
+ os.remove(reqname..".cfg")
+ os.remove(reqname..".csr")
+ os.remove(reqname..".pem")
else
fs.write_file(reqname..".pwd", defaults.value.password.value)
fs.write_file(reqname..".sbj", subject)
@@ -443,8 +439,8 @@ end
listrequests = function(user)
user = user or "*"
local list={}
- local fh = io.popen("find " .. format.escapespecialcharacters(requestdir) .. " -name "..format.escapespecialcharacters(user)..".*.csr -maxdepth 1")
- for x in fh:lines() do
+ local files = posix.glob(requestdir..user..".*\\.csr") or {}
+ for i,x in ipairs(files) do
local name = basename(x,".csr")
local a,b,c = string.match(name, "([^%.]*)%.([^%.]*)%.([^%.]*)")
list[#list + 1] = {name=name, user=a, certtype=b, commonName=unhashname(c)}
@@ -496,26 +492,15 @@ approverequest = function(request)
-- Finally, remove the request
filestats = posix.stat(certname..".pfx")
if filestats and filestats.size > 0 then
- cmd = "cp "..format.escapespecialcharacters(reqpath)..".pwd "..format.escapespecialcharacters(certname)..".pwd"
- f = io.popen(cmd)
- f:close()
- cmd = "cp "..format.escapespecialcharacters(reqpath)..".sbj "..format.escapespecialcharacters(certname)..".sbj"
- f = io.popen(cmd)
- f:close()
- cmd = "cp "..format.escapespecialcharacters(reqpath)..".pem "..format.escapespecialcharacters(certname)..".pem"
- f = io.popen(cmd)
- f:close()
- cmd = "cp "..format.escapespecialcharacters(reqpath)..".cfg "..format.escapespecialcharacters(certname)..".cfg"
- f = io.popen(cmd)
- f:close()
- cmd = "rm "..format.escapespecialcharacters(reqpath)..".*"
- f = io.popen(cmd)
- f:close()
+ os.rename(reqpath..".pwd", certname..".pwd")
+ os.rename(reqpath..".sbj", certname..".sbj")
+ os.rename(reqpath..".pem", certname..".pem")
+ os.rename(reqpath..".cfg", certname..".cfg")
+ os.remove(reqpath..".csr")
else
-- or failed, remove the cert
- cmd = "rm "..format.escapespecialcharacters(certname)..".*"
- f = io.popen(cmd)
- f:close()
+ os.remove(certname..".crt")
+ os.remove(certname..".pfx")
end
end
return cmdresult
@@ -526,17 +511,20 @@ deleterequest = function(request, user)
if (not fs.is_file(requestdir..request..".csr")) or (not string.find(request, "^"..user.."%.")) then
return cfe({ value="Request not found", label="Delete result" })
end
- cmd = "rm "..requestdir..format.escapespecialcharacters(request)..".*"
- f = io.popen(cmd)
- f:close()
+ local reqpath = requestdir..request
+ os.remove(reqpath..".pwd")
+ os.remove(reqpath..".sbj")
+ os.remove(reqpath..".pem")
+ os.remove(reqpath..".cfg")
+ os.remove(reqpath..".csr")
return cfe({ value="Request deleted", label="Delete result" })
end
listcerts = function(user)
user = user or "*"
local list={}
- local fh = io.popen("find " .. certdir .. " -name "..format.escapespecialcharacters(user)..".*.pfx -maxdepth 1")
- for x in fh:lines() do
+ local files = posix.glob(certdir..user..".*\\.pfx") or {}
+ for i,x in ipairs(files) do
local name = basename(x,".pfx")
local a,b,c,d = string.match(name, "([^%.]*)%.([^%.]*)%.([^%.]*).([^%.]*)")
local cmd = path .. "openssl x509 -in "..certdir..format.escapespecialcharacters(name)..".crt -noout -enddate"
@@ -555,7 +543,6 @@ listcerts = function(user)
end
list[#list + 1] = {name=name, user=a, certtype=b, commonName=unhashname(c), serial=d, enddate=enddate, daysremaining=time}
end
- fh:close()
return cfe({ type="list", value=list, label="List of approved certificates" })
end
@@ -586,9 +573,13 @@ end
deletecert = function(cert)
-- The certificate will still be in the ca directories and index.txt, just not available for web interface
- cmd = "rm "..certdir..format.escapespecialcharacters(cert)..".*"
- f = io.popen(cmd)
- f:close()
+ local certname = certdir..cert
+ os.remove(certname..".cfg")
+ os.remove(certname..".crt")
+ os.remove(certname..".pem")
+ os.remove(certname..".pfx")
+ os.remove(certname..".pwd")
+ os.remove(certname..".sbj")
return cfe({ value="Certificate deleted", label="Delete result" })
end
@@ -605,15 +596,10 @@ renewcert = function(cert, approve)
if success then
-- Submit the request
-- First, put the subject, config file and password in place
- cmd = "cp "..certdir..format.escapespecialcharacters(cert)..".pwd "..format.escapespecialcharacters(reqname)..".pwd"
- f = io.popen(cmd)
- f:close()
- cmd = "cp "..certdir..format.escapespecialcharacters(cert)..".sbj "..format.escapespecialcharacters(reqname)..".sbj"
- f = io.popen(cmd)
- f:close()
- cmd = "cp "..certdir..format.escapespecialcharacters(cert)..".cfg "..format.escapespecialcharacters(reqname)..".cfg"
- f = io.popen(cmd)
- f:close()
+ local certname = certdir..cert
+ fs.copy_file(certname..".pwd", reqname..".pwd")
+ fs.copy_file(certname..".sbj", reqname..".sbj")
+ fs.copy_file(certname..".cfg", reqname..".cfg")
-- Next, get the subject (removing the /n inserted by fs.write_file)
local subject = string.gsub(fs.read_file(reqname..".sbj") or "", "\n", "")
@@ -627,9 +613,11 @@ renewcert = function(cert, approve)
if not filestats or filestats.size == 0 then
cmdresult = "Failed to submit request\n"..cmdresult
success = false
- cmd = "rm "..format.escapespecialcharacters(reqname)..".*"
- f = io.popen(cmd)
- f:close()
+ os.remove(reqname..".pwd")
+ os.remove(reqname..".sbj")
+ os.remove(reqname..".cfg")
+ os.remove(reqname..".pem")
+ os.remove(reqname..".csr")
else
cmdresult = "Submitted request"
end
@@ -736,11 +724,8 @@ putca = function(newca)
-- Delete the temporary files
if validator.is_valid_filename(newca.value.ca.value, "/tmp/") and fs.is_file(newca.value.ca.value) then
- cmd = "rm "..format.escapespecialcharacters(newca.value.ca.value)
- f = io.popen(cmd.."cert.pem")
- f:close()
- f = io.popen(cmd.."key.pem")
- f:close()
+ os.remove(newca.value.ca.value.."cert.pem")
+ os.remove(newca.value.ca.value.."key.pem")
end
-- Clear the values
@@ -766,6 +751,9 @@ generateca = function(defaults)
end
if success then
+ os.remove("/tmp/cacert.pem")
+ os.remove("/tmp/cakey.pem")
+
-- Submit the request
local subject = create_subject_string(defaults, {"days"})
local cmd = path .. "openssl req -x509 -nodes -new -config "..configfile..' -keyout /tmp/cakey.pem -out /tmp/cacert.pem -subj "'..subject..'" -days '..format.escapespecialcharacters(defaults.value.days.value).." 2>&1"
@@ -785,9 +773,8 @@ generateca = function(defaults)
end
-- Delete the temporary files
- cmd = "rm /tmp/ca*.pem"
- f = io.popen(cmd)
- f:close()
+ os.remove("/tmp/cacert.pem")
+ os.remove("/tmp/cakey.pem")
end
if not success and not defaults.errtxt then
@@ -853,8 +840,7 @@ checkenvironment = function(set)
if set then
-- loop through the cmdline and execute
for x,cmd in ipairs(cmdline) do
- local f = io.popen(cmd)
- f:close()
+ cmd()
end
return checkenvironment()
else
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-18 04:29:47 +0000