summaryrefslogtreecommitdiffstats
path: root/openssl-model.lua
diff options
context:
space:
mode:
Diffstat (limited to 'openssl-model.lua')
-rw-r--r--openssl-model.lua82
1 files changed, 42 insertions, 40 deletions
diff --git a/openssl-model.lua b/openssl-model.lua
index c2bcbf5..1df9b13 100644
--- a/openssl-model.lua
+++ b/openssl-model.lua
@@ -1,4 +1,4 @@
-module(..., package.seeall)
+local mymodule = {}
posix = require("posix")
modelfunctions = require("modelfunctions")
@@ -251,7 +251,7 @@ local unhashname = function(hashstring)
return string.char(unpack(hash))
end
-getstatus = function()
+mymodule.getstatus = function()
processinfo = require("acf.processinfo")
-- set the working directory once for model
posix.chdir(openssldir)
@@ -298,16 +298,16 @@ getstatus = function()
end
end
end
- local environment = checkenvironment()
+ local environment = mymodule.checkenvironment()
return cfe({ type="group", value={version=version, conffile=conffile, environment=environment, cacert=cacert, cacertcontents=cacertcontents, cakey=cakey}, label="openssl status" })
end
-set_umask = function()
+mymodule.set_umask = function()
return posix.umask("rw-------")
end
-getreqdefaults = function()
+mymodule.getreqdefaults = function()
local defaults = getdefaults()
--Add in the encryption bit default
@@ -333,7 +333,7 @@ getreqdefaults = function()
return defaults
end
-setreqdefaults = function(self, defaults)
+mymodule.setreqdefaults = function(self, defaults)
local success, defaults = validate_request(defaults, true)
-- If success, write the values to the config file
@@ -363,15 +363,15 @@ setreqdefaults = function(self, defaults)
return defaults
end
-getnewrequest = function()
- local values = getreqdefaults()
+mymodule.getnewrequest = function()
+ local values = mymodule.getreqdefaults()
-- In addition to the request defaults, we need a password and confirmation
values.value.password = cfe({ type="password", label="Password", seq=98 })
values.value.password_confirm = cfe({ type="password", label="Password confirmation", seq=99 })
return values
end
-submitrequest = function(defaults, user)
+mymodule.submitrequest = function(defaults, user)
local success, defaults = validate_request(defaults)
-- Must have a common name
@@ -447,7 +447,7 @@ submitrequest = function(defaults, user)
return defaults
end
-listrequests = function(user)
+mymodule.listrequests = function(user)
user = user or "*"
local list={}
local files = posix.glob(requestdir..user..".*\\.csr") or {}
@@ -459,7 +459,7 @@ listrequests = function(user)
return cfe({ type="list", value=list, label="List of pending requests" })
end
-viewrequest = function(request)
+mymodule.viewrequest = function(request)
local reqpath = requestdir .. request
local cmdresult = modelfunctions.run_executable({"openssl", "req", "-in", reqpath..".csr", "-text", "-noout"})
local a,b,c = string.match(request, "([^%.]*)%.([^%.]*)%.([^%.]*)")
@@ -467,13 +467,13 @@ viewrequest = function(request)
return request
end
-getapproverequest = function(self, clientdata)
+mymodule.getapproverequest = function(self, clientdata)
local retval = {}
retval.request = cfe({ value=clientdata.request or "", label="Request" })
return cfe({ type="group", value=retval, label="Approve Request" })
end
-approverequest = function(self, apprequest)
+mymodule.approverequest = function(self, apprequest)
local reqpath = requestdir .. apprequest.value.request.value
if fs.is_file(reqpath..".csr") then
-- Request file exists, so try to sign
@@ -521,13 +521,13 @@ approverequest = function(self, apprequest)
return apprequest
end
-getdeleterequest = function(self, clientdata)
+mymodule.getdeleterequest = function(self, clientdata)
local retval = {}
retval.request = cfe({ value=clientdata.request or "", label="Request" })
return cfe({ type="group", value=retval, label="Delete Request" })
end
-deleterequest = function(self, delrequest, user)
+mymodule.deleterequest = function(self, delrequest, user)
user = user or ".*"
if (not fs.is_file(requestdir..delrequest.value.request.value..".csr")) or (not string.find(delrequest.value.request.value, "^"..user.."%.")) then
delrequest.value.request.errtxt = "Request not found"
@@ -543,7 +543,7 @@ deleterequest = function(self, delrequest, user)
return delrequest
end
-listcerts = function(user)
+mymodule.listcerts = function(user)
user = user or "*"
local list={}
local files = posix.glob(certdir..user..".*\\.pfx") or {}
@@ -583,37 +583,37 @@ listcerts = function(user)
return cfe({ type="list", value=list, label="List of approved certificates" })
end
-viewcert = function(cert)
+mymodule.viewcert = function(cert)
local cmdresult = modelfunctions.run_executable({"openssl", "x509", "-in", certdir..cert..".crt", "-noout", "-text"})
local a,b,c,d = string.match(cert, "([^%.]*)%.([^%.]*)%.([^%.]*).([^%.]*)")
return cfe({ type="table", value={name=name, user=a, certtype=b, commonName=c, serial=d, value=cmdresult}, label="Certificate" })
end
-getcert = function(cert)
+mymodule.getcert = function(cert)
local f = fs.read_file(certdir..cert..".pfx") or ""
local a,b,c,d = string.match(cert, "([^%.]*)%.([^%.]*)%.([^%.]*).([^%.]*)")
c = string.gsub(unhashname(c), "[^%w_-]", "")
return cfe({ type="raw", value=f, label=c..".pfx", option="application/x-pkcs12" })
end
-getrevokecert = function(self, clientdata)
+mymodule.getrevokecert = function(self, clientdata)
retval = {}
retval.cert = cfe({ value=clientdata.cert or "", label="Certificate" })
return cfe({ type="group", value=retval, label="Revoke Certificate" })
end
-revokecert = function(self, revreq)
+mymodule.revokecert = function(self, revreq)
revreq.descr, revreq.errtxt = modelfunctions.run_executable({"openssl", "ca", "-config", configfile, "-revoke", certdir..revreq.value.cert.value..".crt", "-batch"}, true)
return revreq
end
-getdeletecert = function(self, clientdata)
+mymodule.getdeletecert = function(self, clientdata)
retval = {}
retval.cert = cfe({ value=clientdata.cert or "", label="Certificate" })
return cfe({ type="group", value=retval, label="Delete Certificate" })
end
-deletecert = function(self, delcert)
+mymodule.deletecert = function(self, delcert)
-- The certificate will still be in the ca directories and index.txt, just not available for web interface
local certname = certdir..delcert.value.cert.value
os.remove(certname..".cfg")
@@ -625,13 +625,13 @@ deletecert = function(self, delcert)
return delcert
end
-getrenewcert = function(self, clientdata)
+mymodule.getrenewcert = function(self, clientdata)
retval = {}
retval.cert = cfe({ value=clientdata.cert or "", label="Certificate" })
return cfe({ type="group", value=retval, label="Renew Certificate" })
end
-renewcert = function(self, recert, submit, approve)
+mymodule.renewcert = function(self, recert, submit, approve)
local success = true
local user,certtype,commonName,serialnum = string.match(recert.value.cert.value, "([^%.]*)%.([^%.]*)%.([^%.]*).([^%.]*)")
local reqname = requestdir..user.."."..certtype.."."..commonName
@@ -670,9 +670,9 @@ renewcert = function(self, recert, submit, approve)
end
if success and approve then
- local tmp = getapproverequest(self, {})
+ local tmp = mymodule.getapproverequest(self, {})
tmp.value.request.value = posix.basename(reqname)
- tmp = approverequest(self, tmp)
+ tmp = mymodule.approverequest(self, tmp)
if tmp.errtxt then
recert.descr = recert.descr.."\n"..tmp.errtxt
end
@@ -681,7 +681,7 @@ renewcert = function(self, recert, submit, approve)
return recert
end
-listrevoked = function()
+mymodule.listrevoked = function()
config = config or format.parse_ini_file(fs.read_file(configfile) or "")
local databasepath = getconfigentry(config.ca.default_ca, "database")
local revoked = {}
@@ -694,7 +694,7 @@ listrevoked = function()
return cfe({ type="list", value=revoked, label="Revoked serial numbers" })
end
-getcrl = function(crltype)
+mymodule.getcrl = function(crltype)
local crlfile = cfe({ type="raw", option="application/pkix-crl" })
modelfunctions.run_executable({"openssl", "ca", "-config", configfile, "-gencrl", "-out", openssldir.."ca-crl.crl"})
modelfunctions.run_executable({"openssl", "crl", "-in", openssldir.."ca-crl.crl", "-out", openssldir.."ca-der-crl.crl", "-outform", "DER"})
@@ -710,7 +710,7 @@ getcrl = function(crltype)
return crlfile
end
-getca = function(certtype)
+mymodule.getca = function(certtype)
local result = cfe({ type="raw", option="application/x-x509-ca-cert" })
local fname = "cacert."
if string.lower(certtype or "") == "der" then
@@ -727,13 +727,13 @@ getca = function(certtype)
return result
end
-getnewputca = function()
+mymodule.getnewputca = function()
local ca = cfe({ type="raw", value=0, label="CA Certificate", descr='File must be a password protected ".pfx" file' })
local password = cfe({ label="Certificate Password" })
return cfe({ type="group", value={ca=ca, password=password} })
end
-putca = function(self, newca)
+mymodule.putca = function(self, newca)
local success = true
-- Trying to upload a cert/key
-- The way haserl works, ca contains the temporary file name
@@ -790,14 +790,14 @@ putca = function(self, newca)
return newca
end
-getnewcarequest = function()
+mymodule.getnewcarequest = function()
request = getdefaults()
-- In addition to the distinguished name defaults, we need days
request.value.days = cfe({ value="365", label="Number of days to certify", seq=95 })
return request
end
-generateca = function(self, defaults)
+mymodule.generateca = function(self, defaults)
local success, defaults = validate_request(defaults)
if not validator.is_integer(defaults.value.days.value) then
@@ -836,34 +836,34 @@ generateca = function(self, defaults)
return defaults
end
-getconfigfile = function()
+mymodule.getconfigfile = function()
return modelfunctions.getfiledetails(configfile)
end
-setconfigfile = function(self, filedetails)
+mymodule.setconfigfile = function(self, filedetails)
-- validate
return modelfunctions.setfiledetails(self, filedetails, {configfile})
end
-getenvironment = function(self, clientdata)
+mymodule.getenvironment = function(self, clientdata)
local retval = {}
- retval.status = checkenvironment()
+ retval.status = mymodule.checkenvironment()
return cfe({ type="group", value=retval, label="Check Environment" })
end
-setenvironment = function(self, setenv)
+mymodule.setenvironment = function(self, setenv)
-- loop through the cmdline and execute
for x,cmd in ipairs(setenv.value.status.cmdline) do
cmd()
end
- setenv.value.status = checkenvironment()
+ setenv.value.status = mymodule.checkenvironment()
if setenv.value.status.errtxt then
setenv.errtxt = "Failed to Configure Environment"
end
return setenv
end
-checkenvironment = function()
+mymodule.checkenvironment = function()
local errtxt = {}
local cmdline = {}
@@ -917,3 +917,5 @@ checkenvironment = function()
end
return cfe({ value=value, errtxt=errtxt, cmdline=cmdline, label="Environment" })
end
+
+return mymodule
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-08 16:47:53 +0000