summaryrefslogtreecommitdiffstats
path: root/openssl-model.lua
diff options
context:
space:
mode:
Diffstat (limited to 'openssl-model.lua')
-rw-r--r--openssl-model.lua174
1 files changed, 99 insertions, 75 deletions
diff --git a/openssl-model.lua b/openssl-model.lua
index d15c358..5dd159f 100644
--- a/openssl-model.lua
+++ b/openssl-model.lua
@@ -4,6 +4,7 @@ posix = require("posix")
modelfunctions = require("modelfunctions")
fs = require("acf.fs")
format = require("acf.format")
+processinfo = require("acf.processinfo")
validator = require("acf.validator")
-- There are two options of how to allow users to specify the type of certificate they want - the request extensions
@@ -250,9 +251,74 @@ local unhashname = function(hashstring)
return string.char(unpack(hash))
end
-mymodule.getstatus = function()
- processinfo = require("acf.processinfo")
- -- set the working directory once for model
+local listrequests = function(user)
+ user = user or "*"
+ local list={}
+ local files = posix.glob(openssldir..requestdir..user..".*\\.csr") or {}
+ for i,x in ipairs(files) do
+ local name = string.gsub(posix.basename(x), ".csr$", "")
+ local a,b,c = string.match(name, "([^%.]*)%.([^%.]*)%.([^%.]*)")
+ list[#list + 1] = {request=name, user=a, certtype=b, commonName=unhashname(c)}
+ end
+ return cfe({ type="list", value=list, label="List of pending requests" })
+end
+
+local listcerts = function(user)
+ user = user or "*"
+ local list={}
+ local files = posix.glob(openssldir..certdir..user..".*\\.pfx") or {}
+ -- Do this in two steps - saves forking openssl for each cert, which
+ -- speeds things up noticably for > 100 certs
+ local crtlist = {}
+ for i,x in ipairs(files) do
+ local name = string.gsub(posix.basename(x), ".pfx$", "")
+ local a,b,c,d = string.match(name,
+ "([^%.]*)%.([^%.]*)%.([^%.]*).([^%.]*)")
+ list[#list + 1] = {cert=name, user=a, certtype=b,
+ commonName=unhashname(c), serial=d, enddate=enddate,
+ daysremaining=time}
+ crtlist[#crtlist+1] = "x509 -in "..openssldir..certdir..name..".crt -noout -enddate"
+ end
+
+ local out = modelfunctions.run_executable({"openssl"}, false, table.concat(crtlist, "\n").."\nexit\n")
+ local outtab = format.string_to_table(out, "\n")
+
+ for i,x in ipairs(files) do
+ local enddate = string.match(outtab[i] or "", "notAfter=(.*)") or "Jan 1 00:00:01 1970 GMT"
+ local month, day, year =
+ string.match(enddate, "(%a+)%s+(%d+)%s+%S+%s+(%d+)")
+
+ local reversemonth = {Jan=1,Feb=2,Mar=3,Apr=4,May=5,Jun=6,
+ Jul=7,Aug=8,Sep=9,Oct=10,Nov=11,Dec=12}
+ local time = os.time({year=year, month=reversemonth[month], day=day})
+ if os.time() > time then
+ time = 0
+ else
+ time = (time-os.time())/86400
+ end
+ list[i].enddate = enddate
+ list[i].daysremaining = time
+ end
+
+ return cfe({ type="list", value=list, label="List of approved certificates" })
+end
+
+local listrevoked = function()
+ config = config or format.parse_ini_file(fs.read_file(openssldir..configfile) or "")
+ local databasepath = getconfigentry(config.ca.default_ca, "database")
+ local revoked = {}
+ local database = fs.read_file_as_array(databasepath) or {}
+ for x,line in ipairs(database) do
+ if string.sub(line,1,1) == "R" then
+ revoked[#revoked + 1] = string.match(line, "^%S+%s+%S+%s+%S+%s+(%S+)")
+ end
+ end
+ return cfe({ type="list", value=revoked, label="Revoked serial numbers" })
+end
+
+mymodule.getstatus = function(self, clientdata)
+ -- set the working directory and umask once for model
+ posix.umask("rw-------")
posix.chdir(openssldir)
local value,errtxt=processinfo.package_version(packagename)
local version = cfe({ value=value, errtxt=errtxt, label="Program version", name=packagename })
@@ -301,11 +367,6 @@ mymodule.getstatus = function()
return cfe({ type="group", value={version=version, conffile=conffile, environment=environment, cacert=cacert, cacertcontents=cacertcontents, cakey=cakey}, label="OpenSSL status" })
end
-mymodule.set_umask = function()
- return posix.umask("rw-------")
-end
-
-
mymodule.getreqdefaults = function()
local defaults = getdefaults()
@@ -446,24 +507,34 @@ mymodule.submitrequest = function(defaults, user)
return defaults
end
-mymodule.listrequests = function(user)
- user = user or "*"
- local list={}
- local files = posix.glob(openssldir..requestdir..user..".*\\.csr") or {}
- for i,x in ipairs(files) do
- local name = string.gsub(posix.basename(x), ".csr$", "")
- local a,b,c = string.match(name, "([^%.]*)%.([^%.]*)%.([^%.]*)")
- list[#list + 1] = {name=name, user=a, certtype=b, commonName=unhashname(c)}
- end
- return cfe({ type="list", value=list, label="List of pending requests" })
+mymodule.readall = function(self, clientdata)
+ local result = cfe({ type="group", value={}, label="All Certificates" })
+ result.value.pending = listrequests()
+ result.value.approved = listcerts()
+ result.value.revoked = listrevoked()
+ return result
+end
+
+mymodule.readuser = function(self, clientdata, user)
+ local result = cfe({ type="group", value={}, label="Certificates for "..user })
+ result.value.user = cfe({ value=user, label="User Name" })
+ result.value.pending = listrequests(user)
+ result.value.approved = listcerts(user)
+ result.value.revoked = listrevoked()
+ return result
end
-mymodule.viewrequest = function(request)
+mymodule.viewrequest = function(self, clientdata)
+ local retval = cfe({ type="group", value={}, label="Request" })
+ retval.value.request = cfe({ label="Request", key=true })
+ self.handle_clientdata(retval, clientdata)
+
+ local request = retval.value.request.value
local reqpath = openssldir..requestdir .. request
local cmdresult = modelfunctions.run_executable({"openssl", "req", "-in", reqpath..".csr", "-text", "-noout"})
local a,b,c = string.match(request, "([^%.]*)%.([^%.]*)%.([^%.]*)")
- local request = cfe({ type="table", value={name=name, user=a, certtype=b, commonName=c, value=cmdresult}, label="Request Details" })
- return request
+ retval.value.details = cfe({ type="table", value={request=request, user=a, certtype=b, commonName=unhashname(c), value=cmdresult}, label="Request Details" })
+ return retval
end
mymodule.getapproverequest = function(self, clientdata)
@@ -542,50 +613,16 @@ mymodule.deleterequest = function(self, delrequest, user)
return delrequest
end
-mymodule.listcerts = function(user)
- user = user or "*"
- local list={}
- local files = posix.glob(openssldir..certdir..user..".*\\.pfx") or {}
- -- Do this in two steps - saves forking openssl for each cert, which
- -- speeds things up noticably for > 100 certs
- local crtlist = {}
- for i,x in ipairs(files) do
- local name = string.gsub(posix.basename(x), ".pfx$", "")
- local a,b,c,d = string.match(name,
- "([^%.]*)%.([^%.]*)%.([^%.]*).([^%.]*)")
- list[#list + 1] = {name=name, user=a, certtype=b,
- commonName=unhashname(c), serial=d, enddate=enddate,
- daysremaining=time}
- crtlist[#crtlist+1] = "x509 -in "..openssldir..certdir..name..".crt -noout -enddate"
- end
-
- local out = modelfunctions.run_executable({"openssl"}, false, table.concat(crtlist, "\n").."\nexit\n")
- local outtab = format.string_to_table(out, "\n")
+mymodule.viewcert = function(self, clientdata)
+ local retval = cfe({ type="group", value={}, label="Certificate" })
+ retval.value.cert = cfe({ label="Certificate", key=true })
+ self.handle_clientdata(retval, clientdata)
- for i,x in ipairs(files) do
- local enddate = string.match(outtab[i] or "", "notAfter=(.*)") or "Jan 1 00:00:01 1970 GMT"
- local month, day, year =
- string.match(enddate, "(%a+)%s+(%d+)%s+%S+%s+(%d+)")
-
- local reversemonth = {Jan=1,Feb=2,Mar=3,Apr=4,May=5,Jun=6,
- Jul=7,Aug=8,Sep=9,Oct=10,Nov=11,Dec=12}
- local time = os.time({year=year, month=reversemonth[month], day=day})
- if os.time() > time then
- time = 0
- else
- time = (time-os.time())/86400
- end
- list[i].enddate = enddate
- list[i].daysremaining = time
- end
-
- return cfe({ type="list", value=list, label="List of approved certificates" })
-end
-
-mymodule.viewcert = function(cert)
+ local cert = retval.value.cert.value
local cmdresult = modelfunctions.run_executable({"openssl", "x509", "-in", openssldir..certdir..cert..".crt", "-noout", "-text"})
local a,b,c,d = string.match(cert, "([^%.]*)%.([^%.]*)%.([^%.]*).([^%.]*)")
- return cfe({ type="table", value={name=name, user=a, certtype=b, commonName=c, serial=d, value=cmdresult}, label="Certificate Details" })
+ retval.value.details = cfe({ type="table", value={cert=cert, user=a, certtype=b, commonName=unhashname(c), serial=d, value=cmdresult}, label="Certificate Details" })
+ return retval
end
mymodule.getcert = function(cert)
@@ -680,19 +717,6 @@ mymodule.renewcert = function(self, recert, submit, approve)
return recert
end
-mymodule.listrevoked = function()
- config = config or format.parse_ini_file(fs.read_file(openssldir..configfile) or "")
- local databasepath = getconfigentry(config.ca.default_ca, "database")
- local revoked = {}
- local database = fs.read_file_as_array(databasepath) or {}
- for x,line in ipairs(database) do
- if string.sub(line,1,1) == "R" then
- revoked[#revoked + 1] = string.match(line, "^%S+%s+%S+%s+%S+%s+(%S+)")
- end
- end
- return cfe({ type="list", value=revoked, label="Revoked serial numbers" })
-end
-
mymodule.getcrl = function(crltype)
local crlfile = cfe({ type="raw", option="application/pkix-crl" })
modelfunctions.run_executable({"openssl", "ca", "-config", openssldir..configfile, "-gencrl", "-out", openssldir.."ca-crl.crl"})
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-04 15:25:58 +0000