summaryrefslogtreecommitdiffstats
path: root/openssl-model.lua
diff options
context:
space:
mode:
Diffstat (limited to 'openssl-model.lua')
-rw-r--r--[-rwxr-xr-x]openssl-model.lua153
1 files changed, 101 insertions, 52 deletions
diff --git a/openssl-model.lua b/openssl-model.lua
index 44926af..47b02d0 100755..100644
--- a/openssl-model.lua
+++ b/openssl-model.lua
@@ -472,23 +472,28 @@ viewrequest = function(request)
return request
end
-approverequest = function(request)
- local cmdresult = cfe({ value="Failed to approve request", label="Approve result" })
- local reqpath = requestdir .. request
+getapproverequest = function(self, clientdata)
+ local retval = {}
+ retval.request = cfe({ value=clientdata.request or "", label="Request" })
+ return cfe({ type="group", value=retval, label="Approve Request" })
+end
+
+approverequest = function(self, apprequest)
+ local reqpath = requestdir .. apprequest.value.request.value
if fs.is_file(reqpath..".csr") then
-- Request file exists, so try to sign
- local user,certtype,commonName = string.match(request, "([^%.]*)%.([^%.]*)%.([^%.]*)")
+ local user,certtype,commonName = string.match(apprequest.value.request.value, "([^%.]*)%.([^%.]*)%.([^%.]*)")
-- Add the serial number to the end of the cert file name
local serialpath = getconfigentry(certtype, "serial")
local serialfile = fs.read_file(serialpath) or ""
local serial = string.match(serialfile, "%x+")
- local certname = certdir..request.."."..serial
+ local certname = certdir..apprequest.value.request.value.."."..serial
-- Now, sign the certificate
local cmd = path .. "openssl ca -config "..format.escapespecialcharacters(reqpath)..".cfg -in "..format.escapespecialcharacters(reqpath)..".csr -out "..format.escapespecialcharacters(certname)..".crt -name "..format.escapespecialcharacters(certtype).." -batch 2>&1"
local f = io.popen(cmd)
- cmdresult.value = f:read("*a")
+ apprequest.descr = f:read("*a")
f:close()
-- If certificate created, create the wrapped up pkcs12
@@ -499,7 +504,7 @@ approverequest = function(request)
f = io.popen(cmd)
local newcmdresult = f:read("*a")
f:close()
- cmdresult.value = cmdresult.value .. newcmdresult
+ apprequest.descr = apprequest.descr .. newcmdresult
end
-- Finally, remove the request
@@ -515,22 +520,33 @@ approverequest = function(request)
os.remove(certname..".crt")
os.remove(certname..".pfx")
end
+ else
+ apprequest.errtxt = "Failed to approve request"
+ apprequest.value.request.errtxt = "Failed to find request"
end
- return cmdresult
+ return apprequest
+end
+
+getdeleterequest = function(self, clientdata)
+ local retval = {}
+ retval.request = cfe({ value=clientdata.request or "", label="Request" })
+ return cfe({ type="group", value=retval, label="Delete Request" })
end
-deleterequest = function(request, user)
+deleterequest = function(self, delrequest, user)
user = user or ".*"
- if (not fs.is_file(requestdir..request..".csr")) or (not string.find(request, "^"..user.."%.")) then
- return cfe({ value="Request not found", label="Delete result" })
+ if (not fs.is_file(requestdir..delrequest.value.request.value..".csr")) or (not string.find(delrequest.value.request.value, "^"..user.."%.")) then
+ delrequest.value.request.errtxt = "Request not found"
+ delrequest.errtxt = "Failed to Delete Request"
+ else
+ local reqpath = requestdir..delrequest.value.request.value
+ os.remove(reqpath..".pwd")
+ os.remove(reqpath..".sbj")
+ os.remove(reqpath..".pem")
+ os.remove(reqpath..".cfg")
+ os.remove(reqpath..".csr")
end
- local reqpath = requestdir..request
- os.remove(reqpath..".pwd")
- os.remove(reqpath..".sbj")
- os.remove(reqpath..".pem")
- os.remove(reqpath..".cfg")
- os.remove(reqpath..".csr")
- return cfe({ value="Request deleted", label="Delete result" })
+ return delrequest
end
listcerts = function(user)
@@ -595,41 +611,58 @@ getcert = function(cert)
return cfe({ type="raw", value=f, label=c..".pfx", option="application/x-pkcs12" })
end
-revokecert = function(cert)
- local cmdresult = cfe({ label="Revoke result" })
- local cmd = path .. "openssl ca -config "..configfile.." -revoke "..certdir .. format.escapespecialcharacters(cert)..".crt -batch 2>&1"
+getrevokecert = function(self, clientdata)
+ retval = {}
+ retval.cert = cfe({ value=clientdata.cert or "", label="Certificate" })
+ return cfe({ type="group", value=retval, label="Revoke Certificate" })
+end
+
+revokecert = function(self, revreq)
+ local cmd = path .. "openssl ca -config "..configfile.." -revoke "..certdir .. format.escapespecialcharacters(revreq.value.cert.value)..".crt -batch 2>&1"
local f = io.popen(cmd)
- cmdresult.value = f:read("*a")
+ revreq.descr = f:read("*a")
f:close()
- return cmdresult
+ return revreq
end
-deletecert = function(cert)
+getdeletecert = function(self, clientdata)
+ retval = {}
+ retval.cert = cfe({ value=clientdata.cert or "", label="Certificate" })
+ return cfe({ type="group", value=retval, label="Delete Certificate" })
+end
+
+deletecert = function(self, delcert)
-- The certificate will still be in the ca directories and index.txt, just not available for web interface
- local certname = certdir..cert
+ local certname = certdir..delcert.value.cert.value
os.remove(certname..".cfg")
os.remove(certname..".crt")
os.remove(certname..".pem")
os.remove(certname..".pfx")
os.remove(certname..".pwd")
os.remove(certname..".sbj")
- return cfe({ value="Certificate deleted", label="Delete result" })
+ return delcert
+end
+
+getrenewcert = function(self, clientdata)
+ retval = {}
+ retval.cert = cfe({ value=clientdata.cert or "", label="Certificate" })
+ return cfe({ type="group", value=retval, label="Renew Certificate" })
end
-renewcert = function(cert, approve)
- local cmdresult = ""
+renewcert = function(self, recert, submit, approve)
local success = true
- local user,certtype,commonName,serialnum = string.match(cert, "([^%.]*)%.([^%.]*)%.([^%.]*).([^%.]*)")
+ local user,certtype,commonName,serialnum = string.match(recert.value.cert.value, "([^%.]*)%.([^%.]*)%.([^%.]*).([^%.]*)")
local reqname = requestdir..user.."."..certtype.."."..commonName
if fs.is_file(reqname..".csr") then
- cmdresult = "Failed to submit request\nRequest already exists"
+ recert.errtxt = "Failed to submit request"
+ recert.value.cert.errtxt = "Request already exists"
success = false
end
if success then
-- Submit the request
-- First, put the subject, config file and password in place
- local certname = certdir..cert
+ local certname = certdir..recert.value.cert.value
fs.copy_file(certname..".pwd", reqname..".pwd")
fs.copy_file(certname..".sbj", reqname..".sbj")
fs.copy_file(certname..".cfg", reqname..".cfg")
@@ -640,11 +673,12 @@ renewcert = function(cert, approve)
-- Next, submit the request (new key)
cmd = path .. "openssl req -nodes -new -config "..format.escapespecialcharacters(reqname)..".cfg -keyout "..format.escapespecialcharacters(reqname)..".pem -out "..format.escapespecialcharacters(reqname)..'.csr -subj "'..subject..'" 2>&1'
f = io.popen(cmd)
- cmdresult = f:read("*a")
+ recert.descr = f:read("*a")
f:close()
local filestats = posix.stat(reqname..".csr")
if not filestats or filestats.size == 0 then
- cmdresult = "Failed to submit request\n"..cmdresult
+ recert.errtxt = "Failed to submit request\n"..recert.descr
+ recert.descr = nil
success = false
os.remove(reqname..".pwd")
os.remove(reqname..".sbj")
@@ -652,15 +686,20 @@ renewcert = function(cert, approve)
os.remove(reqname..".pem")
os.remove(reqname..".csr")
else
- cmdresult = "Submitted request"
+ recert.descr = "Submitted request"
end
end
if success and approve then
- approverequest(posix.basename(reqname))
+ local tmp = getapproverequest(self, {})
+ tmp.value.request.value = posix.basename(reqname)
+ tmp = approverequest(self, tmp)
+ if tmp.errtxt then
+ recert.descr = recert.descr.."\n"..tmp.errtxt
+ end
end
- return cfe({ type="boolean", value=cmdresult, label="Renew result" })
+ return recert
end
listrevoked = function()
@@ -845,7 +884,25 @@ setconfigfile = function(self, filedetails)
return modelfunctions.setfiledetails(self, filedetails, {configfile})
end
-checkenvironment = function(set)
+getenvironment = function(self, clientdata)
+ local retval = {}
+ retval.status = checkenvironment()
+ return cfe({ type="group", value=retval, label="Check Environment" })
+end
+
+setenvironment = function(self, setenv)
+ -- loop through the cmdline and execute
+ for x,cmd in ipairs(setenv.value.status.cmdline) do
+ cmd()
+ end
+ setenv.value.status = checkenvironment()
+ if setenv.value.status.errtxt then
+ setenv.errtxt = "Failed to Configure Environment"
+ end
+ return setenv
+end
+
+checkenvironment = function()
local errtxt = {}
local cmdline = {}
@@ -889,21 +946,13 @@ checkenvironment = function(set)
errtxt[#errtxt+1] = "Configuration invalid"
end
- if set then
- -- loop through the cmdline and execute
- for x,cmd in ipairs(cmdline) do
- cmd()
- end
- return checkenvironment()
+ errtxt = table.concat(errtxt, '\n')
+ local value
+ if errtxt == "" then
+ errtxt = nil
+ value = "Environment ready"
else
- errtxt = table.concat(errtxt, '\n')
- local value
- if errtxt == "" then
- errtxt = nil
- value = "Environment ready"
- else
- value = "Environment not ready"
- end
- return cfe({ value=value, errtxt=errtxt, label="Environment" })
+ value = "Environment not ready"
end
+ return cfe({ value=value, errtxt=errtxt, cmdline=cmdline, label="Environment" })
end
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-30 12:36:07 +0000