diff options
Diffstat (limited to 'openssl-model.lua')
| -rw-r--r-- | openssl-model.lua | 51 |
1 files changed, 51 insertions, 0 deletions
diff --git a/openssl-model.lua b/openssl-model.lua index a564954..e1d1f5e 100644 --- a/openssl-model.lua +++ b/openssl-model.lua @@ -1049,4 +1049,55 @@ mymodule.get_ca_chain = function(self, clientdata) return retval end +mymodule.getsubca = function(self, clientdata) + local retval = initializecfe(self, clientdata, "Sub-CA Certificate") + retval.value.cert = cfe({ label="Certificate", key=true }) + return retval +end + +mymodule.createsubca = function(self, subca) + local success = true + local cert = basedir..certdir..subca.value.cert.value + if not posix.stat(cert..".crt") or not string.match(subca.value.cert.value, "[^%.]*%.ssl_ca_cert%.") then + subca.value.cert.errtxt = "Invalid Sub-CA" + success = false + else + local subcadir = basedir..subca.value.cert.value.."/" + if not fs.is_dir(subcadir) then + success = fs.create_directory(subcadir) + end + if success and not posix.stat(subcadir..configfile) then + -- Copy the config from this CA, but modify 'dir' + local configcontent = fs.read_file(basedir..configfile) or "" + configcontent = format.update_ini_file(configcontent, nil, "dir", basedir..subca.value.cert.value) + fs.write_file(subcadir..configfile, configcontent) + + -- Copy the cert + -- temporarily overwrite the global config with the new one + config = format.parse_ini_file(configcontent) + fs.copy_file(cert..".crt", getconfigentry(config.ca.default_ca, "certificate")) + fs.copy_file(cert..".pem", getconfigentry(config.ca.default_ca, "private_key")) + config = nil + + -- Set up the environment + -- temporarily overwrite the basedir + local oldbasedir = basedir + basedir = subcadir + local envstatus = checkenvironment() + -- loop through the cmdline and execute + for x,cmd in ipairs(envstatus.cmdline) do + cmd() + end + basedir = oldbasedir + end + if success and self.sessiondata then + self.sessiondata.openssl_cadir = subca.value.cadir.value.."/"..subca.value.cert.value + end + end + if not success then + subca.errtxt = "Failed to configure sub-CA" + end + return subca +end + return mymodule |