Mail archive
alpine-devel

Re: [alpine-devel] [PATCH] acf-openssl: as per feature request #354: download cert plus set encryption bits and period of validity

From: Jeff Bilyk <jbilyk_at_gmail.com>
Date: Tue, 5 Jul 2011 19:23:32 -0400

On Tue, Jul 5, 2011 at 7:17 PM, Ted Trask <ttrask01_at_yahoo.com> wrote:
> I tried to apply the patch, but ran into trouble. I kept getting line wraps
> and HTML tags and other garbage. Since I tried it with two different mail
> clients, I'm wondering if it was a problem when sending the patch. Can you
> please try again using 'git send-email'?
> Or, can someone else help me to apply the patch?

I gave it a quick try as well, and I am also getting formatting issues
with the email, would be best to resend.

> Thanks.
>
> Ted
>
>
> ________________________________
> From: Luke Stuart <lukestu_at_gmail.com>
> To: alpine-devel_at_lists.alpinelinux.org
> Sent: Thursday, June 23, 2011 8:30 AM
> Subject: [alpine-devel] [PATCH] acf-openssl: as per feature request #354:
> download cert plus set encryption bits and period of validity
>
> ---
>  openssl-controller.lua        |    5 +++++
>  openssl-editdefaults-html.lsp |    2 +-
>  openssl-model.lua             |   32 ++++++++++++++++++++++++++++----
>  openssl-request-html.lsp      |    2 +-
>  openssl-status-html.lsp       |    3 ++-
>  openssl.roles                 |    6 +++---
>  6 files changed, 40 insertions(+), 10 deletions(-)
>
> diff --git a/openssl-controller.lua b/openssl-controller.lua
> index 7d9ae9a..3f8750b 100755
> --- a/openssl-controller.lua
> +++ b/openssl-controller.lua
> _at_@ -116,6 +116,11 @@ putcacert = function(self)
>        return controllerfunctions.handle_form(self,
> self.model.getnewputca, self.model.putca, self.clientdata, "Upload",
> "Upload CA Certificate", "Certificate Uploaded")
>  end
>
> +downloadpem = function(self)
> +        self.conf.viewtype="stream"
> +        return self.model.getpem(self.clientdata.dlpath)
> +end
> +
>  -- Generate a self-signed CA
>  generatecacert = function(self)
>        return controllerfunctions.handle_form(self,
> self.model.getnewcarequest, self.model.generateca, self.clientdata,
> "Generate", "Generate CA Certificate", "Certificate Generated")
> diff --git a/openssl-editdefaults-html.lsp b/openssl-editdefaults-html.lsp
> index 9052213..b73b0a8 100644
> --- a/openssl-editdefaults-html.lsp
> +++ b/openssl-editdefaults-html.lsp
> _at_@ -6,7 +6,7 @@
>        form.action = page_info.script .. page_info.prefix ..
> page_info.controller .. "/" .. page_info.action
>        local order = { "countryName", "C", "stateOrProvinceName",
> "ST", "localityName", "L", "organizationName", "O",
>                        "organizationalUnitName", "OU", "commonName",
> "CN", "emailAddress" }
> -       local finishingorder = { "certtype", "extensions" }
> +       local finishingorder = { "encryption", "validdays",
> "certtype", "extensions" }
>        displayform(form, order, finishingorder)
>  %>
>
> diff --git a/openssl-model.lua b/openssl-model.lua
> index b5a84a6..a9b6f83 100755
> --- a/openssl-model.lua
> +++ b/openssl-model.lua
> _at_@ -30,7 +30,7 @@ local short_names = { countryName="C",
> stateOrProvinceName="ST", localityName="L
>  local extensions = { "basicConstraints", "nsCertType", "nsComment",
> "keyUsage", "subjectKeyIdentifier",
>                        "authorityKeyIdentifier", "subjectAltName",
> "issuerAltName" }
>  -- list of entries that must be found in ca section (used to define
> our certificate types)
> -local ca_mandatory_entries = { "new_certs_dir", "certificate",
> "private_key", "default_md", "database", "serial", "policy" }
> +local ca_mandatory_entries = { "new_certs_dir", "certificate",
> "private_key", "default_md", "database", "serial", "policy",
> "default_days" }
>
>  -- Create a cfe with the distinguished name defaults
>  local getdefaults = function()
> _at_@ -308,6 +308,14 @@ end
>  getreqdefaults = function()
>        local defaults = getdefaults()
>
> +        --Add in the encryption bit default
> +         local encryption = config.req.default_bits
> +         defaults.value.encryption = cfe({ type="select",
> label="Encryption Bits", value=encryption, option={"2048", "4096"} })
> +
> +         -- Add in the default days
> +         local validdays = getconfigentry(config.ca.default_ca,
> "default_days")
> +         defaults.value.validdays = cfe({ type="text", label="Period
> of Validity (Days)", value=validdays, descr="Number of days this
> certificate is valid for" })
> +
>        -- Add in the ca type default
>        defaults.value.certtype = cfe({ type="select", label="Certificate
> Type",
>                value=config.ca.default_ca, option=find_ca_sections() })
> _at_@ -339,9 +347,10 @@ setreqdefaults = function(defaults)
>                        ext_section = config.req.req_extensions
>                end
>                config = nil
> +               fileval =
> format.update_ini_file(fileval,"","default_days",defaults.value.validdays.value)
>                fileval = format.set_ini_section(fileval, ext_section,
> format.dostounix(defaults.value.extensions.value))
>                fileval = format.update_ini_file(fileval, "ca",
> "default_ca", defaults.value.certtype.value)
> -               fileval = write_distinguished_names(fileval, defaults,
> {"certtype", "extensions"})
> +               fileval = write_distinguished_names(fileval, defaults,
> {"certtype", "extensions", "validdays"})
>                fs.write_file(configfile, fileval)
>        end
>
> _at_@ -383,6 +392,11 @@ submitrequest = function(defaults, user)
>                defaults.errtxt = "Failed to submit request\nRequest
> already exists"
>                success = false
>        end
> +
> +       if not tonumber(defaults.value.validdays.value) then
> +               defaults.value.validdays.errtxt = "Period of Validity
> is not a number"
> +               success = false
> +       end
>
>        if success then
>                -- Submit the request
> _at_@ -403,7 +417,9 @@ submitrequest = function(defaults, user)
>                                end
>                        end
>                end
> -
> +
> +               fileval = format.update_ini_file(fileval,
> "req","default_bits",defaults.value.encryption.value)
> +               fileval = format.update_ini_file(fileval,
> "","default_days",defaults.value.validdays.value)
>                fileval = format.set_ini_section(fileval, ext_section,
> content)
>                fileval = format.update_ini_file(fileval, "req",
> "req_extensions", ext_section)
>                fs.write_file(reqname..".cfg", fileval)
> _at_@ -470,7 +486,7 @@ approverequest = function(request)
>                local certname = certdir..request.."."..serial
>
>                -- Now, sign the certificate
> -               local cmd = path .. "openssl ca -config
> "..configfile.." -in "..format.escapespecialcharacters(reqpath)..".csr
> -out "..format.escapespecialcharacters(certname)..".crt -name
> "..format.escapespecialcharacters(certtype).." -batch 2>&1"
> +               local cmd = path .. "openssl ca -config
> "..format.escapespecialcharacters(reqpath)..".cfg -in
> "..format.escapespecialcharacters(reqpath)..".csr -out
> "..format.escapespecialcharacters(certname)..".crt -name
> "..format.escapespecialcharacters(certtype).." -batch 2>&1"
>                local f = io.popen(cmd)
>                cmdresult.value = f:read("*a")
>                f:close()
> _at_@ -680,6 +696,14 @@ getcrl = function(crltype)
>        return crlfile
>  end
>
> +getpem = function(pem)
> +        local f = fs.read_file(pem) or ""
> +        local fname = string.gsub(pem, ".*/", "")
> +        if validator.is_valid_filename(pem, openssldir) then
> +                return cfe({ type="raw", value=f, label=fname,
> option="application/x-pkcs12" })
> +        end
> +end
> +
>  getnewputca = function()
>        local ca = cfe({ type="raw", value=0, label="CA Certificate",
> descr='File must be a password protected ".pfx" file' })
>        local password = cfe({ label="Certificate Password" })
> diff --git a/openssl-request-html.lsp b/openssl-request-html.lsp
> index 2bc3af9..acbe8ed 100644
> --- a/openssl-request-html.lsp
> +++ b/openssl-request-html.lsp
> _at_@ -8,7 +8,7 @@
>        form.value.password_confirm.type = "password"
>        local order = { "countryName", "C", "stateOrProvinceName",
> "ST", "localityName", "L", "organizationName", "O",
>                        "organizationalUnitName", "OU", "commonName",
> "CN", "emailAddress" }
> -       local finishingorder = { "certtype", "extensions", "password",
> "password_confirm" }
> +       local finishingorder = { "certtype", "validdays",
> "extensions", "password", "password_confirm" }
>        displayform(form, order, finishingorder)
>  %>
>
> diff --git a/openssl-status-html.lsp b/openssl-status-html.lsp
> index 1837ab0..0f73d35 100644
> --- a/openssl-status-html.lsp
> +++ b/openssl-status-html.lsp
> _at_@ -32,4 +32,5 @@
>                end
>        end
>  end %>
> -
> +<% if viewlibrary.check_permission("downloadpem") then %> <H1>Download
> +Certificate</H1> <DL> <%=
> html.link{value="downloadpem?dlpath="..html.html_escape(view.value.cacert.value),
> label="Download "..view.value.cacert.value } %><BR> </DL><% end %>
> diff --git a/openssl.roles b/openssl.roles
> index eb63818..03f5df1 100644
> --- a/openssl.roles
> +++ b/openssl.roles
> _at_@ -1,6 +1,6 @@
>  USER=openssl:status,openssl:getrevoked
>  EDITOR=openssl:editdefaults
>  CERT_REQUESTER=openssl:read,openssl:request,openssl:viewrequest,openssl:deletemyrequest,openssl:viewcert,openssl:getcert,openssl:requestrenewcert
> -CERT_APPROVER=openssl:readall,openssl:approve,openssl:viewrequest,openssl:deleterequest,openssl:revoke,openssl:viewcert,openssl:getcert,openssl:deletecert,openssl:renewcert
> -EXPERT=openssl:putcacert,openssl:generatecacert,openssl:editconfigfile,openssl:checkenvironment
> -ADMIN=openssl:status,openssl:getrevoked,openssl:editdefaults,openssl:read,openssl:request,openssl:viewrequest,openssl:deletemyrequest,openssl:viewcert,openssl:getcert,openssl:requestrenewcert,openssl:editdefaults,openssl:readall,openssl:approve,openssl:deleterequest,openssl:revoke,openssl:deletecert,openssl:renewcert,openssl:putcacert,openssl:generatecacert,openssl:editconfigfile,openssl:checkenvironment
> +CERT_APPROVER=openssl:readall,
> openssl:approve,openssl:viewrequest,openssl:deleterequest,openssl:revoke,openssl:viewcert,openssl:getcert,openssl:deletecert,openssl:renewcert,openssl:downloadpem
> +EXPERT=openssl:putcacert,openssl:generatecacert,openssl:editconfigfile,openssl:checkenvironment,openssl:downloadpem
> +ADMIN=openssl:status,openssl:getrevoked,openssl:editdefaults,openssl:read,openssl:request,openssl:viewrequest,openssl:deletemyrequest,openssl:viewcert,openssl:getcert,openssl:requestrenewcert,openssl:editdefaults,openssl:readall,openssl:approve,openssl:deleterequest,openssl:revoke,openssl:deletecert,openssl:renewcert,openssl:putcacert,openssl:generatecacert,openssl:editconfigfile,openssl:checkenvironment,openssl:downloadpem
> --
> 1.7.5.4
>
>
> ---
> Unsubscribe:  alpine-devel+unsubscribe_at_lists.alpinelinux.org
> Help:        alpine-devel+help_at_lists.alpinelinux.org
> ---
>
>
>
>



-- 
Jeff
---
Unsubscribe:  alpine-devel+unsubscribe_at_lists.alpinelinux.org
Help:         alpine-devel+help_at_lists.alpinelinux.org
---
Received on Tue Jul 05 2011 - 19:23:32 UTC