Commit a62da600 authored by Ted Trask's avatar Ted Trask

Modified ipsectools to add ability to manage certificates.

git-svn-id: svn://svn.alpinelinux.org/acf/ipsec-tools/trunk@1608 ab2d0c66-481e-0410-8bed-d214d4d58bed
parent a5e6a9ba
......@@ -30,3 +30,15 @@ end
function editipsec (self)
return controllerfunctions.handle_form(self, self.model.get_ipsecfiledetails, self.model.update_ipsecfiledetails, self.clientdata, "Save", "Edit IPSec Config", "Configuration Set")
end
function listcerts(self)
return self.model.list_certs()
end
function deletecert(self)
return self:redirect_to_referrer(self.model.delete_cert(self.clientdata.cert))
end
function uploadcert (self)
return controllerfunctions.handle_form(self, self.model.new_upload_cert, self.model.upload_cert, self.clientdata, "Upload", "Upload Certificate", "Certificate Uploaded")
end
<% local view, viewlibrary, page_info, session = ... %>
<% require("viewfunctions") %>
<% displaycommandresults({"deletecert"}, session) %>
<% displaycommandresults({"uploadcert"}, session, true) %>
<H1><%= view.label %></H1>
<DL>
<TABLE>
<TR style="background:#eee;font-weight:bold;">
<TD style="padding-right:20px;white-space:nowrap;text-align:left;" class="header">Action</TD>
<TD style="white-space:nowrap;text-align:left;" class="header">Certificate</TD>
</TR>
<% for i,cert in ipairs(view.value) do %>
<TR>
<TD style="padding-right:20px;white-space:nowrap;">
<%= html.link{value=page_info.script..page_info.prefix..page_info.controller.."/deletecert?cert="..cert.."&redir="..page_info.orig_action, label="Delete "} %>
</TD>
<TD style="white-space:nowrap;"><%= cert %></TD>
</TR>
<% end %>
</TABLE>
<% if viewlibrary.dispatch_component and session.permissions.ipsectools.uploadcert then
viewlibrary.dispatch_component("uploadcert")
end %>
......@@ -12,6 +12,8 @@ local processname = "racoon"
local packagename = "ipsec-tools"
local baseurl = "/etc/racoon/"
local path = "PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/sbin:/usr/sbin:/sbin "
local descr = {
state={
['9']="Established",
......@@ -145,3 +147,100 @@ end
function update_ipsecfiledetails(filedetails)
return modelfunctions.setfiledetails(filedetails, {configfile2})
end
function list_certs()
local list = {}
for file in fs.find(".*%.pem", baseurl) do
list[#list+1] = basename(file)
end
return cfe({ type="list", value=list, label="IPSEC Certificates" })
end
function delete_cert(certname)
local list = list_certs()
local retval = cfe({ label="Delete Certificate result", errtxt="Invalid cert name" })
for i,cert in ipairs(list.value) do
if cert == certname then
os.remove(baseurl..certname)
retval.value = "Certificate deleted"
retval.errtxt = nil
break
end
end
return retval
end
function new_upload_cert()
local value = {}
value.cert = cfe({ type="raw", value=0, label="Certificate", descr='File must be a password protected ".pfx" file' })
value.password = cfe({ label="Certificate Password" })
value.name = cfe({ label="Certificate Local Name" })
return cfe({ type="group", value=value })
end
function upload_cert(newcert)
local success = true
-- Trying to upload a cert/key
-- The way haserl works, cert contains the temporary file name
-- First, get the cert
local cmd = path .. "openssl pkcs12 -in "..newcert.value.cert.value.." -out "..newcert.value.cert.value.."cert.pem -password pass:"..newcert.value.password.value.." -nokeys -clcerts 2>&1"
local f = io.popen(cmd)
local cmdresult = f:read("*a")
f:close()
local filestats = posix.stat(newcert.value.cert.value.."cert.pem")
if not filestats or filestats.size == 0 then
newcert.value.cert.errtxt = "Could not open certificate\n"..cmdresult
success = false
end
-- Now, get the key and the ca certs
if success then
cmd = path .. "openssl pkcs12 -in "..newcert.value.cert.value.." -out "..newcert.value.cert.value.."key.pem -password pass:"..newcert.value.password.value.." -nocerts -nodes 2>&1"
f = io.popen(cmd)
cmdresult = f:read("*a")
f:close()
filestats = posix.stat(newcert.value.cert.value.."key.pem")
if not filestats or filestats.size == 0 then
newcert.value.cert.errtxt = "Could not find key\n"..cmdresult
success = false
end
cmd = path .. "openssl pkcs12 -in "..newcert.value.cert.value.." -out "..newcert.value.cert.value.."ca.pem -password pass:"..newcert.value.password.value.." -nokeys -cacerts 2>&1"
f = io.popen(cmd)
cmdresult = f:read("*a")
f:close()
filestats = posix.stat(newcert.value.cert.value.."ca.pem")
if not filestats or filestats.size == 0 then
newcert.value.cert.errtxt = "Could not find CA certs\n"..cmdresult
success = false
end
end
if newcert.value.name.value == "" then
newcert.value.name.errtxt = "Cannot be blank"
success = false
elseif posix.stat(baseurl..newcert.value.name.value.."-cert.pem") or posix.stat(baseurl..newcert.value.name.value.."-key.pem") or posix.stat(baseurl..newcert.value.name.value.."-ca.pem") then
newcert.value.name.errtxt = "Certificate of this name already exists"
success = false
end
if success then
if not posix.stat(baseurl) then
posix.mkdir(baseurl)
end
-- copy the keys
os.rename(newcert.value.cert.value.."cert.pem", baseurl..newcert.value.name.value.."-cert.pem")
os.rename(newcert.value.cert.value.."key.pem", baseurl..newcert.value.name.value.."-key.pem")
os.rename(newcert.value.cert.value.."ca.pem", baseurl..newcert.value.name.value.."-ca.pem")
posix.chmod(baseurl..newcert.value.name.value.."-key.pem", "rw-------")
else
newcert.errtxt = "Failed to upload certificate"
end
-- Delete the temporary files
cmd = "rm "..newcert.value.cert.value.."*"
f = io.popen(cmd)
f:close()
return newcert
end
<% local form, viewlibrary, page_info = ... %>
<% require("viewfunctions") %>
<% --[[ DEBUG INFORMATION
io.write(html.cfe_unpack(form))
--]] %>
<H1><%= form.label %></H1>
<%
-- This is a kludge to get file upload working
form.action = page_info.script .. page_info.prefix .. page_info.controller .. "/" .. page_info.action .. '" enctype="multipart/form-data'
form.value.cert.type="file"
form.value.password.type="password"
local order = {"cert", "password"}
displayform(form, order)
%>
#CAT GROUP/DESC TAB ACTION
Networking 45IPsec Status details
Networking 45IPsec Certificates listcerts
Networking 45IPsec Expert expert
Networking 45IPsec Logfile logfile
USER=ipsectools:status,ipsectools:logfile,ipsectools:details,ipsectools:startstop
EXPERT=ipsectools:editracoon,ipsectools:editipsec,ipsectools:expert
ADMIN=ipsectools:status,ipsectools:logfile,ipsectools:details,ipsectools:startstop,ipsectools:editracoon,ipsectools:editipsec,ipsectools:expert
EXPERT=ipsectools:editracoon,ipsectools:editipsec,ipsectools:expert,ipsectools:listcerts,ipsectools:deletecert,ipsectools:uploadcert
ADMIN=ipsectools:status,ipsectools:logfile,ipsectools:details,ipsectools:startstop,ipsectools:editracoon,ipsectools:editipsec,ipsectools:expert,ipsectools:listcerts,ipsectools:deletecert,ipsectools:uploadcert
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment