DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=gamma;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :content-type:content-transfer-encoding;
        b=oejGwUucbIAxueZ48++UpILUKhrB0KCc0as5sW9LJNvnbTzwNk0FTTVmT3n0HjFlco
         Dvc6OVQDp7YEAGGlRLnEJQ5B3WgceaxH51nrjV4nfIlXWXFAakAYi9XZTftJ3RLYhf+M
         A5zn1PQk9YcrrY2s3Tmmaz3F9vufqvRgDUiZk=
Precedence: list
MIME-Version: 1.0
In-Reply-To: <1308831937-19564-1-git-send-email-lukestu@gmail.com>
References: <1308831937-19564-1-git-send-email-lukestu@gmail.com>
Date: Thu, 23 Jun 2011 14:30:44 +0200
Message-ID: <BANLkTi=6L6VgBfPDiM=o9y7k7PGJqSR78A@mail.gmail.com>
Subject: [alpine-devel] [PATCH] acf-openssl: as per feature request #354: download cert plus
 set encryption bits and period of validity
From: Luke Stuart <lukestu@gmail.com>
To: alpine-devel@lists.alpinelinux.org
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

---
=A0openssl-controller.lua =A0 =A0 =A0 =A0| =A0 =A05 +++++
=A0openssl-editdefaults-html.lsp | =A0 =A02 +-
=A0openssl-model.lua =A0 =A0 =A0 =A0 =A0 =A0 | =A0 32 +++++++++++++++++++++=
+++++++----
=A0openssl-request-html.lsp =A0 =A0 =A0| =A0 =A02 +-
=A0openssl-status-html.lsp =A0 =A0 =A0 | =A0 =A03 ++-
=A0openssl.roles =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 | =A0 =A06 +++---
=A06 files changed, 40 insertions(+), 10 deletions(-)

diff --git a/openssl-controller.lua b/openssl-controller.lua
index 7d9ae9a..3f8750b 100755
--- a/openssl-controller.lua
+++ b/openssl-controller.lua
@@ -116,6 +116,11 @@ putcacert =3D function(self)
=A0 =A0 =A0 =A0return controllerfunctions.handle_form(self,
self.model.getnewputca, self.model.putca, self.clientdata, "Upload",
"Upload CA Certificate", "Certificate Uploaded")
=A0end

+downloadpem =3D function(self)
+ =A0 =A0 =A0 =A0self.conf.viewtype=3D"stream"
+ =A0 =A0 =A0 =A0return self.model.getpem(self.clientdata.dlpath)
+end
+
=A0-- Generate a self-signed CA
=A0generatecacert =3D function(self)
=A0 =A0 =A0 =A0return controllerfunctions.handle_form(self,
self.model.getnewcarequest, self.model.generateca, self.clientdata,
"Generate", "Generate CA Certificate", "Certificate Generated")
diff --git a/openssl-editdefaults-html.lsp b/openssl-editdefaults-html.lsp
index 9052213..b73b0a8 100644
--- a/openssl-editdefaults-html.lsp
+++ b/openssl-editdefaults-html.lsp
@@ -6,7 +6,7 @@
=A0 =A0 =A0 =A0form.action =3D page_info.script .. page_info.prefix ..
page_info.controller .. "/" .. page_info.action
=A0 =A0 =A0 =A0local order =3D { "countryName", "C", "stateOrProvinceName",
"ST", "localityName", "L", "organizationName", "O",
=A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0"organizationalUnitName", "O=
U", "commonName",
"CN", "emailAddress" }
- =A0 =A0 =A0 local finishingorder =3D { "certtype", "extensions" }
+ =A0 =A0 =A0 local finishingorder =3D { "encryption", "validdays",
"certtype", "extensions" }
=A0 =A0 =A0 =A0displayform(form, order, finishingorder)
=A0%>

diff --git a/openssl-model.lua b/openssl-model.lua
index b5a84a6..a9b6f83 100755
--- a/openssl-model.lua
+++ b/openssl-model.lua
@@ -30,7 +30,7 @@ local short_names =3D { countryName=3D"C",
stateOrProvinceName=3D"ST", localityName=3D"L
=A0local extensions =3D { "basicConstraints", "nsCertType", "nsComment",
"keyUsage", "subjectKeyIdentifier",
=A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0"authorityKeyIdentifier", "s=
ubjectAltName",
"issuerAltName" }
=A0-- list of entries that must be found in ca section (used to define
our certificate types)
-local ca_mandatory_entries =3D { "new_certs_dir", "certificate",
"private_key", "default_md", "database", "serial", "policy" }
+local ca_mandatory_entries =3D { "new_certs_dir", "certificate",
"private_key", "default_md", "database", "serial", "policy",
"default_days" }

=A0-- Create a cfe with the distinguished name defaults
=A0local getdefaults =3D function()
@@ -308,6 +308,14 @@ end
=A0getreqdefaults =3D function()
=A0 =A0 =A0 =A0local defaults =3D getdefaults()

+ =A0 =A0 =A0 =A0--Add in the encryption bit default
+ =A0 =A0 =A0 =A0 local encryption =3D config.req.default_bits
+ =A0 =A0 =A0 =A0 defaults.value.encryption =3D cfe({ type=3D"select",
label=3D"Encryption Bits", value=3Dencryption, option=3D{"2048", "4096"} })
+
+ =A0 =A0 =A0 =A0 -- Add in the default days
+ =A0 =A0 =A0 =A0 local validdays =3D getconfigentry(config.ca.default_ca, =
"default_days")
+ =A0 =A0 =A0 =A0 defaults.value.validdays =3D cfe({ type=3D"text", label=
=3D"Period
of Validity (Days)", value=3Dvaliddays, descr=3D"Number of days this
certificate is valid for" })
+
=A0 =A0 =A0 =A0-- Add in the ca type default
=A0 =A0 =A0 =A0defaults.value.certtype =3D cfe({ type=3D"select", label=3D"=
Certificate Type",
=A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0value=3Dconfig.ca.default_ca, option=3Dfind_=
ca_sections() })
@@ -339,9 +347,10 @@ setreqdefaults =3D function(defaults)
=A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0ext_section =3D config.req.r=
eq_extensions
=A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0end
=A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0config =3D nil
+ =A0 =A0 =A0 =A0 =A0 =A0 =A0 fileval =3D
format.update_ini_file(fileval,"","default_days",defaults.value.validdays.v=
alue)
=A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0fileval =3D format.set_ini_section(fileval, =
ext_section,
format.dostounix(defaults.value.extensions.value))
=A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0fileval =3D format.update_ini_file(fileval, =
"ca",
"default_ca", defaults.value.certtype.value)
- =A0 =A0 =A0 =A0 =A0 =A0 =A0 fileval =3D write_distinguished_names(fileval=
, defaults,
{"certtype", "extensions"})
+ =A0 =A0 =A0 =A0 =A0 =A0 =A0 fileval =3D write_distinguished_names(fileval=
, defaults,
{"certtype", "extensions", "validdays"})
=A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0fs.write_file(configfile, fileval)
=A0 =A0 =A0 =A0end

@@ -383,6 +392,11 @@ submitrequest =3D function(defaults, user)
=A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0defaults.errtxt =3D "Failed to submit reques=
t\nRequest
already exists"
=A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0success =3D false
=A0 =A0 =A0 =A0end
+
+ =A0 =A0 =A0 if not tonumber(defaults.value.validdays.value) then
+ =A0 =A0 =A0 =A0 =A0 =A0 =A0 defaults.value.validdays.errtxt =3D "Period o=
f Validity
is not a number"
+ =A0 =A0 =A0 =A0 =A0 =A0 =A0 success =3D false
+ =A0 =A0 =A0 end

=A0 =A0 =A0 =A0if success then
=A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0-- Submit the request
@@ -403,7 +417,9 @@ submitrequest =3D function(defaults, user)
=A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0end
=A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0end
=A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0end
-
+
+ =A0 =A0 =A0 =A0 =A0 =A0 =A0 fileval =3D format.update_ini_file(fileval,
"req","default_bits",defaults.value.encryption.value)
+ =A0 =A0 =A0 =A0 =A0 =A0 =A0 fileval =3D format.update_ini_file(fileval,
"","default_days",defaults.value.validdays.value)
=A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0fileval =3D format.set_ini_section(fileval, =
ext_section, content)
=A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0fileval =3D format.update_ini_file(fileval, =
"req",
"req_extensions", ext_section)
=A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0fs.write_file(reqname..".cfg", fileval)
@@ -470,7 +486,7 @@ approverequest =3D function(request)
=A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0local certname =3D certdir..request.."."..se=
rial

=A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0-- Now, sign the certificate
- =A0 =A0 =A0 =A0 =A0 =A0 =A0 local cmd =3D path .. "openssl ca -config
"..configfile.." -in "..format.escapespecialcharacters(reqpath)..".csr
-out "..format.escapespecialcharacters(certname)..".crt -name
"..format.escapespecialcharacters(certtype).." -batch 2>&1"
+ =A0 =A0 =A0 =A0 =A0 =A0 =A0 local cmd =3D path .. "openssl ca -config
"..format.escapespecialcharacters(reqpath)..".cfg -in
"..format.escapespecialcharacters(reqpath)..".csr -out
"..format.escapespecialcharacters(certname)..".crt -name
"..format.escapespecialcharacters(certtype).." -batch 2>&1"
=A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0local f =3D io.popen(cmd)
=A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0cmdresult.value =3D f:read("*a")
=A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0f:close()
@@ -680,6 +696,14 @@ getcrl =3D function(crltype)
=A0 =A0 =A0 =A0return crlfile
=A0end

+getpem =3D function(pem)
+ =A0 =A0 =A0 =A0local f =3D fs.read_file(pem) or ""
+ =A0 =A0 =A0 =A0local fname =3D string.gsub(pem, ".*/", "")
+ =A0 =A0 =A0 =A0if validator.is_valid_filename(pem, openssldir) then
+ =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0return cfe({ type=3D"raw", value=3Df, labe=
l=3Dfname,
option=3D"application/x-pkcs12" })
+ =A0 =A0 =A0 =A0end
+end
+
=A0getnewputca =3D function()
=A0 =A0 =A0 =A0local ca =3D cfe({ type=3D"raw", value=3D0, label=3D"CA Cert=
ificate",
descr=3D'File must be a password protected ".pfx" file' })
=A0 =A0 =A0 =A0local password =3D cfe({ label=3D"Certificate Password" })
diff --git a/openssl-request-html.lsp b/openssl-request-html.lsp
index 2bc3af9..acbe8ed 100644
--- a/openssl-request-html.lsp
+++ b/openssl-request-html.lsp
@@ -8,7 +8,7 @@
=A0 =A0 =A0 =A0form.value.password_confirm.type =3D "password"
=A0 =A0 =A0 =A0local order =3D { "countryName", "C", "stateOrProvinceName",
"ST", "localityName", "L", "organizationName", "O",
=A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0"organizationalUnitName", "O=
U", "commonName",
"CN", "emailAddress" }
- =A0 =A0 =A0 local finishingorder =3D { "certtype", "extensions", "passwor=
d",
"password_confirm" }
+ =A0 =A0 =A0 local finishingorder =3D { "certtype", "validdays",
"extensions", "password", "password_confirm" }
=A0 =A0 =A0 =A0displayform(form, order, finishingorder)
=A0%>

diff --git a/openssl-status-html.lsp b/openssl-status-html.lsp
index 1837ab0..0f73d35 100644
--- a/openssl-status-html.lsp
+++ b/openssl-status-html.lsp
@@ -32,4 +32,5 @@
=A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0end
=A0 =A0 =A0 =A0end
=A0end %>
-
+<% if viewlibrary.check_permission("downloadpem") then %> <H1>Download
+Certificate</H1> <DL> <%=3D
html.link{value=3D"downloadpem?dlpath=3D"..html.html_escape(view.value.cace=
rt.value),
label=3D"Download "..view.value.cacert.value } %><BR> </DL><% end %>
diff --git a/openssl.roles b/openssl.roles
index eb63818..03f5df1 100644
--- a/openssl.roles
+++ b/openssl.roles
@@ -1,6 +1,6 @@
=A0USER=3Dopenssl:status,openssl:getrevoked
=A0EDITOR=3Dopenssl:editdefaults
=A0CERT_REQUESTER=3Dopenssl:read,openssl:request,openssl:viewrequest,openss=
l:deletemyrequest,openssl:viewcert,openssl:getcert,openssl:requestrenewcert
-CERT_APPROVER=3Dopenssl:readall,openssl:approve,openssl:viewrequest,openss=
l:deleterequest,openssl:revoke,openssl:viewcert,openssl:getcert,openssl:del=
etecert,openssl:renewcert
-EXPERT=3Dopenssl:putcacert,openssl:generatecacert,openssl:editconfigfile,o=
penssl:checkenvironment
-ADMIN=3Dopenssl:status,openssl:getrevoked,openssl:editdefaults,openssl:rea=
d,openssl:request,openssl:viewrequest,openssl:deletemyrequest,openssl:viewc=
ert,openssl:getcert,openssl:requestrenewcert,openssl:editdefaults,openssl:r=
eadall,openssl:approve,openssl:deleterequest,openssl:revoke,openssl:deletec=
ert,openssl:renewcert,openssl:putcacert,openssl:generatecacert,openssl:edit=
configfile,openssl:checkenvironment
+CERT_APPROVER=3Dopenssl:readall,openssl:approve,openssl:viewrequest,openss=
l:deleterequest,openssl:revoke,openssl:viewcert,openssl:getcert,openssl:del=
etecert,openssl:renewcert,openssl:downloadpem
+EXPERT=3Dopenssl:putcacert,openssl:generatecacert,openssl:editconfigfile,o=
penssl:checkenvironment,openssl:downloadpem
+ADMIN=3Dopenssl:status,openssl:getrevoked,openssl:editdefaults,openssl:rea=
d,openssl:request,openssl:viewrequest,openssl:deletemyrequest,openssl:viewc=
ert,openssl:getcert,openssl:requestrenewcert,openssl:editdefaults,openssl:r=
eadall,openssl:approve,openssl:deleterequest,openssl:revoke,openssl:deletec=
ert,openssl:renewcert,openssl:putcacert,openssl:generatecacert,openssl:edit=
configfile,openssl:checkenvironment,openssl:downloadpem
--
1.7.5.4


---
Unsubscribe:  alpine-devel+unsubscribe@lists.alpinelinux.org
Help:         alpine-devel+help@lists.alpinelinux.org
---