1 files changed, 42 insertions, 2 deletions

diff --git a/openssl-model.lua b/openssl-model.lua
index fa844fe..ef2218e 100644
--- a/openssl-model.lua
+++ b/openssl-model.lua
@@ -317,7 +317,6 @@ approverequest = function(request)
 
 		-- Now, sign the certificate
 		local cmd = "PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/sbin:/usr/sbin:/sbin openssl ca -config "..configfile.." -in "..path..".csr -out "..certname..".crt -name "..certtype.." -batch 2>&1"
-APP.logevent(cmd)
 		local f = io.popen(cmd)
 		cmdresult.value = f:read("*a")
 		f:close()
@@ -357,6 +356,7 @@ listcerts = function(user)
 		local a,b,c,d = string.match(name, "([^%.]*)%.([^%.]*)%.([^%.]*).([^%.]*)")
 		list[#list + 1] = {name=name, user=a, certtype=b, commonName=c, serial=d}
 	end
+	fh:close()
 	return cfe({ type="list", value=list, label="List of approved certificates" })
 end
 
@@ -368,10 +368,17 @@ end
 
 getcert = function(cert)
 	local f = fs.read_file(certdir..cert..".pfx")
-	return cfe({ type="raw", value=f, label=cert..".pfx" })
+	return cfe({ type="raw", value=f, label=cert..".pfx", option="application/x-pkcs12" })
+	--return cfe({ type="raw", value=f, label=cert..".pfx" })
 end
 
 revokecert = function(cert)
+	local cmdresult = cfe({ label="Revoke result" })
+	local cmd = "PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/sbin:/usr/sbin:/sbin openssl ca -config "..configfile.." -revoke "..certdir .. cert..".crt -batch 2>&1"
+	local f = io.popen(cmd)
+	cmdresult.value = f:read("*a")
+	f:close()
+	return cmdresult
 end
 
 deletecert = function(cert)
@@ -382,6 +389,39 @@ deletecert = function(cert)
 	return cfe({ value="Certificate deleted", label="Delete result" })
 end
 
+listrevoked = function()
+	config = config or getopts.getoptsfromfile(configfile)
+	local databasepath = getconfigpath(config.ca.default_ca, "database")
+	local revoked = {}
+	local database = fs.read_file_as_array(databasepath)
+	for x,line in ipairs(database) do
+		if string.sub(line,1,1) == "R" then
+			revoked[#revoked + 1] = string.match(line, "^%S+%s+%S+%s+%S+%s+(%S+)")
+		end
+	end
+	return cfe({ type="list", value=revoked, label="Revoked serial numbers" })
+end
+
+getcrl = function(crltype)
+	local crlfile = cfe({ type="raw", label="Revoke list", option="application/pkix-crl" })
+	local cmd = "PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/sbin:/usr/sbin:/sbin openssl ca -config "..configfile.." -gencrl -out "..openssldir.."ca-crl.crl"
+	local f = io.popen(cmd)
+	f:close()
+	local cmd = "PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/sbin:/usr/sbin:/sbin openssl crl -in "..openssldir.."ca-crl.crl -out "..openssldir.."ca-der-crl.crl -outform DER"
+	local f = io.popen(cmd)
+	f:close()
+	if crltype == "DER" then
+		crlfile.label = "ca-der-crl.crl"
+		crlfile.value = fs.read_file(crlfile.label)
+	elseif crltype == "PEM" then
+		crlfile.label = "ca-crl.crl"
+		crlfile.value = fs.read_file(crlfile.label)
+	else
+		crlfile.value = fs.read_file("ca-crl.crl")
+	end
+	return crlfile
+end
+
 -- FIXME this won't work because haserl doesn't support file upload. Untested and unfinished
 putca = function(file, pword, set)
 	local ca = cfe({ type="raw", value=0, label="CA Certificate", descr='File must be a password protected ".pfx" file' })