diff options
Diffstat (limited to 'openssl-model.lua')
| -rwxr-xr-x | openssl-model.lua | 32 |
1 files changed, 28 insertions, 4 deletions
diff --git a/openssl-model.lua b/openssl-model.lua index b5a84a6..a9b6f83 100755 --- a/openssl-model.lua +++ b/openssl-model.lua @@ -30,7 +30,7 @@ local short_names = { countryName="C", stateOrProvinceName="ST", localityName="L local extensions = { "basicConstraints", "nsCertType", "nsComment", "keyUsage", "subjectKeyIdentifier", "authorityKeyIdentifier", "subjectAltName", "issuerAltName" } -- list of entries that must be found in ca section (used to define our certificate types) -local ca_mandatory_entries = { "new_certs_dir", "certificate", "private_key", "default_md", "database", "serial", "policy" } +local ca_mandatory_entries = { "new_certs_dir", "certificate", "private_key", "default_md", "database", "serial", "policy", "default_days" } -- Create a cfe with the distinguished name defaults local getdefaults = function() @@ -308,6 +308,14 @@ end getreqdefaults = function() local defaults = getdefaults() + --Add in the encryption bit default + local encryption = config.req.default_bits + defaults.value.encryption = cfe({ type="select", label="Encryption Bits", value=encryption, option={"2048", "4096"} }) + + -- Add in the default days + local validdays = getconfigentry(config.ca.default_ca, "default_days") + defaults.value.validdays = cfe({ type="text", label="Period of Validity (Days)", value=validdays, descr="Number of days this certificate is valid for" }) + -- Add in the ca type default defaults.value.certtype = cfe({ type="select", label="Certificate Type", value=config.ca.default_ca, option=find_ca_sections() }) @@ -339,9 +347,10 @@ setreqdefaults = function(defaults) ext_section = config.req.req_extensions end config = nil + fileval = format.update_ini_file(fileval,"","default_days",defaults.value.validdays.value) fileval = format.set_ini_section(fileval, ext_section, format.dostounix(defaults.value.extensions.value)) fileval = format.update_ini_file(fileval, "ca", "default_ca", defaults.value.certtype.value) - fileval = write_distinguished_names(fileval, defaults, {"certtype", "extensions"}) + fileval = write_distinguished_names(fileval, defaults, {"certtype", "extensions", "validdays"}) fs.write_file(configfile, fileval) end @@ -383,6 +392,11 @@ submitrequest = function(defaults, user) defaults.errtxt = "Failed to submit request\nRequest already exists" success = false end + + if not tonumber(defaults.value.validdays.value) then + defaults.value.validdays.errtxt = "Period of Validity is not a number" + success = false + end if success then -- Submit the request @@ -403,7 +417,9 @@ submitrequest = function(defaults, user) end end end - + + fileval = format.update_ini_file(fileval, "req","default_bits",defaults.value.encryption.value) + fileval = format.update_ini_file(fileval, "","default_days",defaults.value.validdays.value) fileval = format.set_ini_section(fileval, ext_section, content) fileval = format.update_ini_file(fileval, "req", "req_extensions", ext_section) fs.write_file(reqname..".cfg", fileval) @@ -470,7 +486,7 @@ approverequest = function(request) local certname = certdir..request.."."..serial -- Now, sign the certificate - local cmd = path .. "openssl ca -config "..configfile.." -in "..format.escapespecialcharacters(reqpath)..".csr -out "..format.escapespecialcharacters(certname)..".crt -name "..format.escapespecialcharacters(certtype).." -batch 2>&1" + local cmd = path .. "openssl ca -config "..format.escapespecialcharacters(reqpath)..".cfg -in "..format.escapespecialcharacters(reqpath)..".csr -out "..format.escapespecialcharacters(certname)..".crt -name "..format.escapespecialcharacters(certtype).." -batch 2>&1" local f = io.popen(cmd) cmdresult.value = f:read("*a") f:close() @@ -680,6 +696,14 @@ getcrl = function(crltype) return crlfile end +getpem = function(pem) + local f = fs.read_file(pem) or "" + local fname = string.gsub(pem, ".*/", "") + if validator.is_valid_filename(pem, openssldir) then + return cfe({ type="raw", value=f, label=fname, option="application/x-pkcs12" }) + end +end + getnewputca = function() local ca = cfe({ type="raw", value=0, label="CA Certificate", descr='File must be a password protected ".pfx" file' }) local password = cfe({ label="Certificate Password" }) |