From: lstuart <lukestu@gmail.com>

Added option to specify validity period; option on status page to download PEM; drop-down box to specify encryption bit

ref #354
---
 .../acf-openssl-354-feature-requests.patch         |  176 ++++++++++++++++++++
 1 files changed, 176 insertions(+), 0 deletions(-)
 create mode 100644 main/acf-openssl/acf-openssl-354-feature-requests.patch

diff --git a/main/acf-openssl/acf-openssl-354-feature-requests.patch b/main/acf-openssl/acf-openssl-354-feature-requests.patch
new file mode 100644
index 0000000..4ef0c40
--- /dev/null
+++ b/main/acf-openssl/acf-openssl-354-feature-requests.patch
@@ -0,0 +1,176 @@
+--- a/openssl-controller.lua
++++ b/openssl-controller.lua
+@@ -115,6 +115,11 @@
+ 	return controllerfunctions.handle_form(self, self.model.getnewputca, self.model.putca, self.clientdata, "Upload", "Upload CA Certificate", "Certificate Uploaded")
+ end
+ 
++downloadpem = function(self)
++	self.conf.viewtype="stream"
++	return self.model.getpem(self.clientdata.dlpath)	
++end
++	
+ -- Generate a self-signed CA
+ generatecacert = function(self)
+ 	return controllerfunctions.handle_form(self, self.model.getnewcarequest, self.model.generateca, self.clientdata, "Generate", "Generate CA Certificate", "Certificate Generated")
+--- a/openssl-editdefaults-html.lsp
++++ b/openssl-editdefaults-html.lsp
+@@ -6,7 +6,7 @@
+ 	form.action = page_info.script .. page_info.prefix .. page_info.controller .. "/" .. page_info.action
+ 	local order = { "countryName", "C", "stateOrProvinceName", "ST", "localityName", "L", "organizationName", "O",
+ 			"organizationalUnitName", "OU", "commonName", "CN", "emailAddress" }
+-	local finishingorder = { "certtype", "extensions" }
++	local finishingorder = { "encryption", "validdays", "certtype", "extensions" }
+ 	displayform(form, order, finishingorder)
+ %>
+ 
+--- a/openssl-model.lua
++++ b/openssl-model.lua
+@@ -37,7 +37,6 @@
+ 	local defaults = cfe({ type="group", value={} })
+ 	config = config or format.parse_ini_file(fs.read_file(configfile) or "")
+ 	local distinguished_name = config.req.distinguished_name or ""
+-
+ 	-- Get the distinguished name defaults
+ 	for name,value in pairs(config[distinguished_name]) do
+ 		if nil == string.find(name, "_") then
+@@ -302,14 +301,24 @@
+ 
+ getreqdefaults = function()
+ 	local defaults = getdefaults()
+-
++	
++	--Add in the encryption bit default
++	local encryption = ""
++	local content = fs.read_file(configfile) or ""
++	encryption = format.get_ini_entry(content, "req", "default_bits")
++	defaults.value.encryption = cfe({ type="select", label="Encryption Bits", value=encryption, option={"2048", "4096"} })
++	
++	-- Add in the default days
++	local validdays = ""
++	local validdays = format.get_ini_entry(content, "", "default_days")
++	defaults.value.validdays = cfe({ type="text", label="Period of Validity (Days)", value=validdays, descr="Number of days this certificate is valid for" })
++	
+ 	-- Add in the ca type default
+ 	defaults.value.certtype = cfe({ type="select", label="Certificate Type", 
+ 		value=config.ca.default_ca, option=find_ca_sections() })
++	
+ 	-- Add in the extensions
+ 	local extensions = ""
+-	local content = fs.read_file(configfile) or ""
+-	config = config or format.parse_ini_file(content)
+ 	if config.req.req_extensions then
+ 		extensions = format.get_ini_section(content, config.req.req_extensions)
+ 	end
+@@ -333,10 +342,13 @@
+ 		else
+ 			ext_section = config.req.req_extensions
+ 		end
++	
+ 		config = nil
++		fileval = format.update_ini_file(fileval,"req","default_bits",defaults.value.encryption.value)
++		fileval = format.update_ini_file(fileval,"","default_days",defaults.value.validdays.value)
+ 		fileval = format.set_ini_section(fileval, ext_section, format.dostounix(defaults.value.extensions.value))
+ 		fileval = format.update_ini_file(fileval, "ca", "default_ca", defaults.value.certtype.value)
+-		fileval = write_distinguished_names(fileval, defaults, {"certtype", "extensions"})
++		fileval = write_distinguished_names(fileval, defaults, {"certtype", "extensions", "validdays" })
+ 		fs.write_file(configfile, fileval)
+ 	end
+ 
+@@ -357,7 +369,7 @@
+ 
+ submitrequest = function(defaults, user)
+ 	local success, defaults = validate_request(defaults)
+-
++	
+ 	-- Must have a common name
+ 	if #defaults.value.commonName.value == 0 then
+ 		defaults.value.commonName.errtxt = "Common Name cannot be blank"
+@@ -378,10 +390,15 @@
+ 		defaults.errtxt = "Failed to submit request\nRequest already exists"
+ 		success = false
+ 	end
++	
++	if not tonumber(defaults.value.validdays.value) then
++		defaults.value.validdays.errtxt = "Period of Validity is not a number"
++		success = false
++	end 
+ 
+ 	if success then
+ 		-- Submit the request
+-		local subject = create_subject_string(defaults, {"password", "password_confirm", "certtype", "extensions"})
++		local subject = create_subject_string(defaults, {"password", "password_confirm", "certtype", "extensions" })
+ 
+ 		-- Generate a temp config file for this request
+ 		local fileval = fs.read_file(configfile) or ""
+@@ -398,11 +415,11 @@
+ 				end
+ 			end
+ 		end
+-		
++		fileval = format.update_ini_file(fileval, "req","default_bits",defaults.value.encryption.value)
++		fileval = format.update_ini_file(fileval, "","default_days",defaults.value.validdays.value)	
+ 		fileval = format.set_ini_section(fileval, ext_section, content)
+ 		fileval = format.update_ini_file(fileval, "req", "req_extensions", ext_section)
+ 		fs.write_file(reqname..".cfg", fileval)
+-		
+ 		local cmd = path .. "openssl req -nodes -new -config "..format.escapespecialcharacters(reqname)..".cfg -keyout "..format.escapespecialcharacters(reqname)..".pem -out "..format.escapespecialcharacters(reqname)..'.csr -subj "'..subject..'" 2>&1'
+ 		local f = io.popen(cmd)
+ 		local cmdresult = f:read("*a")
+@@ -465,7 +482,7 @@
+ 		local certname = certdir..request.."."..serial
+ 		
+ 		-- Now, sign the certificate
+-		local cmd = path .. "openssl ca -config "..configfile.." -in "..format.escapespecialcharacters(reqpath)..".csr -out "..format.escapespecialcharacters(certname)..".crt -name "..format.escapespecialcharacters(certtype).." -batch 2>&1"
++		local cmd = path .. "openssl ca -config "..format.escapespecialcharacters(reqpath)..".cfg -in "..format.escapespecialcharacters(reqpath)..".csr -out "..format.escapespecialcharacters(certname)..".crt -name "..format.escapespecialcharacters(certtype).." -batch 2>&1"
+ 		local f = io.popen(cmd)
+ 		cmdresult.value = f:read("*a")
+ 		f:close()
+@@ -673,6 +690,12 @@
+ 		crlfile.value = fs.read_file("ca-crl.crl") or ""
+ 	end
+ 	return crlfile
++end
++
++getpem = function(pem)
++	local f = fs.read_file(pem) or ""
++	local fname = string.gsub(pem, ".*/", "")
++	return cfe({ type="raw", value=f, label=fname, option="application/x-pkcs12" })
+ end
+ 
+ getnewputca = function()
+--- a/openssl-request-html.lsp
++++ b/openssl-request-html.lsp
+@@ -8,7 +8,7 @@
+ 	form.value.password_confirm.type = "password"
+ 	local order = { "countryName", "C", "stateOrProvinceName", "ST", "localityName", "L", "organizationName", "O",
+ 			"organizationalUnitName", "OU", "commonName", "CN", "emailAddress" }
+-	local finishingorder = { "certtype", "extensions", "password", "password_confirm" }
++	local finishingorder = { "encryption", "validdays", "certtype", "extensions", "password", "password_confirm" }
+ 	displayform(form, order, finishingorder)
+ %>
+ 
+--- a/openssl-status-html.lsp
++++ b/openssl-status-html.lsp
+@@ -32,4 +32,9 @@
+ 		end
+ 	end
+ end %>
+-
++<% if viewlibrary.check_permission("downloadpem") then %>
++<H1>Download Certificate</H1>
++<DL>
++<%= html.link{value="downloadpem?dlpath="..html.html_escape(view.value.cacert.value), label="Download "..view.value.cacert.value } %><BR>
++</DL>
++<% end %> 
+--- a/openssl.roles
++++ b/openssl.roles
+@@ -1,6 +1,6 @@
+ USER=openssl:status,openssl:getrevoked
+ EDITOR=openssl:editdefaults
+ CERT_REQUESTER=openssl:read,openssl:request,openssl:viewrequest,openssl:deletemyrequest,openssl:viewcert,openssl:getcert,openssl:requestrenewcert
+-CERT_APPROVER=openssl:readall,openssl:approve,openssl:viewrequest,openssl:deleterequest,openssl:revoke,openssl:viewcert,openssl:getcert,openssl:deletecert,openssl:renewcert
+-EXPERT=openssl:putcacert,openssl:generatecacert,openssl:editconfigfile,openssl:checkenvironment
+-ADMIN=openssl:status,openssl:getrevoked,openssl:editdefaults,openssl:read,openssl:request,openssl:viewrequest,openssl:deletemyrequest,openssl:viewcert,openssl:getcert,openssl:requestrenewcert,openssl:editdefaults,openssl:readall,openssl:approve,openssl:deleterequest,openssl:revoke,openssl:deletecert,openssl:renewcert,openssl:putcacert,openssl:generatecacert,openssl:editconfigfile,openssl:checkenvironment
++CERT_APPROVER=openssl:readall,openssl:approve,openssl:viewrequest,openssl:deleterequest,openssl:revoke,openssl:viewcert,openssl:getcert,openssl:deletecert,openssl:renewcert,openssl:downloadpem
++EXPERT=openssl:putcacert,openssl:generatecacert,openssl:editconfigfile,openssl:checkenvironment,openssl:downloadpem
++ADMIN=openssl:status,openssl:getrevoked,openssl:editdefaults,openssl:read,openssl:request,openssl:viewrequest,openssl:deletemyrequest,openssl:viewcert,openssl:getcert,openssl:requestrenewcert,openssl:editdefaults,openssl:readall,openssl:approve,openssl:deleterequest,openssl:revoke,openssl:deletecert,openssl:renewcert,openssl:putcacert,openssl:generatecacert,openssl:editconfigfile,openssl:checkenvironment,openssl:downloadpem
-- 
1.7.4.1



---
Unsubscribe:  alpine-devel+unsubscribe@lists.alpinelinux.org
Help:         alpine-devel+help@lists.alpinelinux.org
---