diff options
Diffstat (limited to 'openssl-model.lua')
| -rw-r--r-- | openssl-model.lua | 138 |
1 files changed, 71 insertions, 67 deletions
diff --git a/openssl-model.lua b/openssl-model.lua index 3d1f1f6..d0c669d 100644 --- a/openssl-model.lua +++ b/openssl-model.lua @@ -1,6 +1,7 @@ module(..., package.seeall) -require("html") +require("modelfunctions") +require("getopts") require("validator") -- There are two options of how to allow users to specify the type of certificate they want - the request extensions @@ -583,63 +584,69 @@ getcrl = function(crltype) return crlfile end -putca = function(file, pword, set) +getnewputca = function() local ca = cfe({ type="raw", value=0, label="CA Certificate", descr='File must be a password protected ".pfx" file' }) local password = cfe({ label="Certificate Password" }) - local retval = cfe({ type="group", value={ca=ca, password=password} }) - if file and pword and set then - local success = true - -- Trying to upload a cert/key - -- The way haserl works, file contains the temporary file name - -- First, get the cert - local cmd = "PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/sbin:/usr/sbin:/sbin openssl pkcs12 -in "..file.." -out "..file.."cert.pem -password pass:"..pword.." -nokeys 2>&1" - local f = io.popen(cmd) - local cmdresult = f:read("*a") + return cfe({ type="group", value={ca=ca, password=password} }) +end + +putca = function(newca) + local success = true + -- Trying to upload a cert/key + -- The way haserl works, ca contains the temporary file name + -- First, get the cert + local cmd = "PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/sbin:/usr/sbin:/sbin openssl pkcs12 -in "..newca.value.ca.value.." -out "..newca.value.ca.value.."cert.pem -password pass:"..newca.value.password.value.." -nokeys 2>&1" + local f = io.popen(cmd) + local cmdresult = f:read("*a") + f:close() + local filestats = posix.stat(newca.value.ca.value.."cert.pem") + if not filestats or filestats.size == 0 then + newca.value.ca.errtxt = "Could not open certificate\n"..cmdresult + success = false + end + + -- Since -cacerts doesn't seem to work, we have to check to make sure we got a CA + if success then + cmd = "PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/sbin:/usr/sbin:/sbin openssl x509 -in "..newca.value.ca.value.."cert.pem -noout -text" + f = io.popen(cmd) + cmdresult = f:read("*a") f:close() - local filestats = posix.stat(file.."cert.pem") - if not filestats or filestats.size == 0 then - ca.errtxt = "Could not open certificate\n"..cmdresult + if not string.find(cmdresult, "CA:TRUE") then + newca.value.ca.errtxt = "Could not find CA Certificate" success = false end - - -- Since -cacerts doesn't seem to work, we have to check to make sure we got a CA - if success then - cmd = "PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/sbin:/usr/sbin:/sbin openssl x509 -in "..file.."cert.pem -noout -text" - f = io.popen(cmd) - cmdresult = f:read("*a") - f:close() - if not string.find(cmdresult, "CA:TRUE") then - ca.errtxt = "Could not find CA Certificate" - success = false - end - end + end - -- Now, get the key - if success then - cmd = "PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/sbin:/usr/sbin:/sbin openssl pkcs12 -in "..file.." -out "..file.."key.pem -password pass:"..pword.." -nocerts -nodes 2>&1" - f = io.popen(cmd) - cmdresult = f:read("*a") - f:close() - filestats = posix.stat(file.."key.pem") - if not filestats or filestats.size == 0 then - ca.errtxt = "Could not find CA key\n"..cmdresult - success = false - end - end - - if success then - -- copy the keys - copyca(file.."cert.pem", file.."key.pem") - else - retval.errtxt = "Failed to upload CA certificate" - end - - -- Delete the temporary files - cmd = "rm "..file.."*" + -- Now, get the key + if success then + cmd = "PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/sbin:/usr/sbin:/sbin openssl pkcs12 -in "..newca.value.ca.value.." -out "..newca.value.ca.value.."key.pem -password pass:"..newca.value.password.value.." -nocerts -nodes 2>&1" f = io.popen(cmd) + cmdresult = f:read("*a") f:close() + filestats = posix.stat(newca.value.ca.value.."key.pem") + if not filestats or filestats.size == 0 then + newca.value.ca.errtxt = "Could not find CA key\n"..cmdresult + success = false + end end - return retval + + if success then + -- copy the keys + copyca(newca.value.ca.value.."cert.pem", newca.value.ca.value.."key.pem") + else + newca.errtxt = "Failed to upload CA certificate" + end + + -- Delete the temporary files + cmd = "rm "..newca.value.ca.value.."*" + f = io.popen(cmd) + f:close() + + -- Clear the values + newca.value.ca.value = "" + newca.value.password.value = "" + + return newca end getnewcarequest = function() @@ -690,28 +697,25 @@ generateca = function(defaults) end getconfigfile = function() - local filename = cfe({ value=configfile, label="File Name" }) - local filecontent = cfe({ type="longtext", label="Config file" }) - local filesize = cfe({ value="0", label="File size" }) - local mtime = cfe({ value="---", label="File date" }) - if fs.is_file(configfile) then - local filedetails = fs.stat(configfile) - filecontent.value=fs.read_file(configfile) - filesize.value = filedetails.size - mtime.value = filedetails.mtime - else - filename.errtxt = "File not found" - end - return cfe({ type="group", value={filename=filename, filecontent=filecontent, filesize=filesize, mtime=mtime}, label="Config file details" }) + return modelfunctions.getfiledetails(configfile) end -setconfigfile = function(file) - if file and type(file)=="string" and #file>0 then - fs.write_file(configfile, file) +setconfigfile = function(filedetails) + filedetails.value.filename.value = configfile + filedetails.value.filecontent.value = string.gsub(format.dostounix(filedetails.value.filecontent.value), "\n+$", "") + + -- validate + local success = true + + if success then + fs.write_file(configfile, filedetails.value.filecontent.value) + filedetails = getconfigfile() config = nil - return true + else + filedetails.errtxt = "Failed to set configuration file" end - return false + + return filedetails end checkenvironment = function(set) |