-- the openssl certificates controller
module (..., package.seeall)

require("getopts")

default_action = "status"

local sslstatus

local handle_req_clientdata = function(clientdata, defaults)
	-- Put the user values into the table
	for name,value in pairs(clientdata) do
		if defaults.value[name] then
			defaults.value[name].value = value
		end
	end
end

mvc={}
mvc.pre_exec = function(self)
	sslstatus = self.model.getstatus()
	if (sslstatus.value.version.errtxt and self.conf.action ~= "status")
		or (sslstatus.value.conffile.errtxt and self.conf.action ~= "status" and self.conf.action ~= "editconfigfile" and self.conf.action ~= "checkenvironment")
		or (sslstatus.value.environment.errtxt and self.conf.action ~= "status" and self.conf.action ~= "editconfigfile" and self.conf.action ~= "checkenvironment")
		or ((sslstatus.value.cacert.errtxt or sslstatus.value.cakey.errtxt) and self.conf.action ~= "status" and self.conf.action ~= "editconfigfile" and self.conf.action ~= "putcacert" and self.conf.action ~= "generatecacert" and self.conf.action ~= "checkenvironment")
	then
		redirect(self)
	end
end

-- Show openssl status
status = function(self)
	return sslstatus
end

-- View all pending and approved requests and revoked certificates
readall = function(self)
	local cmdresult = self.sessiondata.cmdresult
	self.sessiondata.cmdresult = nil
	local pending = self.model.listrequests()
	local approved = self.model.listcerts()
	local revoked = self.model.listrevoked()
	local result = cfe({ type="list", value={cmdresult=cmdresult, pending=pending, approved=approved, revoked=revoked} })
	return result
end

-- Return all certificates (pending, approved, and revoked) for this user
read = function(self)
	local cmdresult = self.sessiondata.cmdresult
	self.sessiondata.cmdresult = nil
	local user = cfe({ value=self.sessiondata.userinfo.userid, label="User Name" })
	local pending = self.model.listrequests(self.sessiondata.userinfo.userid)
	local approved = self.model.listcerts(self.sessiondata.userinfo.userid)
	local revoked = self.model.listrevoked()
	local result = cfe({ type="list", value={cmdresult=cmdresult, user=user, pending=pending, approved=approved, revoked=revoked} })
	return result
end

-- Form to request a new cert
request = function(self)
	local request = self.model.getnewrequest()
	if self.clientdata.Submit then
		handle_req_clientdata(self.clientdata, request)
		-- Try to submit the request
		request = self.model.submitrequest(request, self.sessiondata.userinfo.userid)
		if not request.errtxt then
			cmdresult = cfe({ value="Request submitted", label="Request result" })
			self.sessiondata.cmdresult = cmdresult
			--request.descr = "Submitted request"
			redirect(self, "read")
		end
	end

	request.type = "form"
	request.label = "Request Certificate"
	request.option = "Submit"

	return request
end

-- Form to edit request defaults
editdefaults = function(self)
	local defaults = self.model.getreqdefaults()
	if self.clientdata.Save then
		handle_req_clientdata(self.clientdata, defaults)
		defaults = self.model.setreqdefaults(defaults)
		if not defaults.errtxt then
			defaults.descr = "Defaults set"
		end
	end

	defaults.type = "form"
	defaults.label = "Edit certificate defaults"
	defaults.option = "Save"

	return defaults
end

-- View request details
viewrequest = function(self)
	return self.model.viewrequest(self.clientdata.request)
end

-- Approve the specified request
approve = function(self)
	local cmdresult = self.model.approverequest(self.clientdata.request)
	self.sessiondata.cmdresult = cmdresult
	redirect_to_referrer(self)
end

-- Delete the specified request
deleterequest = function(self)
	local cmdresult = self.model.deleterequest(self.clientdata.request)
	self.sessiondata.cmdresult = cmdresult
	redirect_to_referrer(self)
end

-- Delete the specified request
deletemyrequest = function(self)
	local cmdresult = self.model.deleterequest(self.clientdata.request, self.sessiondata.userinfo.userid)
	self.sessiondata.cmdresult = cmdresult
	redirect_to_referrer(self)
end

-- View certificate details
viewcert = function(self)
	return self.model.viewcert(self.clientdata.cert)
end

-- Get the specified cert
getcert = function(self)
	self.conf.viewtype="stream"
	return self.model.getcert(self.clientdata.cert)
end

-- Revoke the specified cert
revoke = function(self)
	local cmdresult = self.model.revokecert(self.clientdata.cert)
	self.sessiondata.cmdresult = cmdresult
	redirect_to_referrer(self)
end

-- Delete the specified certificate
deletecert = function(self)
	local cmdresult = self.model.deletecert(self.clientdata.cert)
	self.sessiondata.cmdresult = cmdresult
	redirect_to_referrer(self)
end

-- Submit request to renew the specified certificate
requestrenewcert = function(self)
	local cmdresult = self.model.renewcert(self.clientdata.cert)
	self.sessiondata.cmdresult = cmdresult
	redirect_to_referrer(self)
end

-- Renew the specified certificate
renewcert = function(self)
	local cmdresult = self.model.renewcert(self.clientdata.cert, true)
	self.sessiondata.cmdresult = cmdresult
	redirect_to_referrer(self)
end

-- Get the revoked list
getrevoked = function(self)
	self.conf.viewtype="stream"
	return self.model.getcrl(self.clientdata.crltype)
end

-- Put the CA cert
putcacert = function(self)
	local retval = self.model.putca(self.clientdata.ca, self.clientdata.password, self.clientdata.Upload)
	if self.clientdata.Upload then
		if not retval.errtxt then
			redirect(self)
		end
	end
	retval.type = "form"
	retval.label = "Upload CA Certificate"
	retval.option = "Upload"

	return retval
end

-- Generate a self-signed CA
generatecacert = function(self)
	local request = self.model.getnewcarequest()
	if self.clientdata.Generate then
		handle_req_clientdata(self.clientdata, request)
		-- Try to submit the request
		request = self.model.generateca(request)
		if not request.errtxt then
			redirect(self)
		end
	end

	request.type = "form"
	request.label = "Generate CA Certificate"
	request.option = "Generate"

	return request
end

editconfigfile = function(self)
	local saved = false
	if self.clientdata.Save then
		saved = self.model.setconfigfile(self.clientdata.filecontent)
	end
	local configfile = self.model.getconfigfile()
	configfile.type = "form"
	configfile.option = "Save"
	configfile.label = "Edit config file"
	if saved then
		configfile.descr = "Saved config file"
	elseif self.clientdata.Save then
		configfile.errtxt = "Failed to save config file"
	end
	return configfile
end

checkenvironment = function(self)
	local form = cfe({ type="form", value={}, label="Check Environment", option="Configure" })
	form.value.status = self.model.checkenvironment(self.clientdata.Configure)
	if self.clientdata.Configure and not form.value.status.errtxt then
		redirect_to_referrer(self)
	end
	return form
end