diff options
| author | ivan <ivan> | 2010-11-07 05:30:29 +0000 |
|---|---|---|
| committer | ivan <ivan> | 2010-11-07 05:30:29 +0000 |
| commit | 729ceea3edac7b5364aa572c894991a979a53f2b (patch) | |
| tree | bba52fe0a0960742c4fe63e2f67c5079854d26b7 | |
| parent | 2d77bbdb0f3deff86a4b721e7b4f8be7ff5996d4 (diff) | |
certificates ala communigate, RT#7515
| -rw-r--r-- | FS/FS/svc_cert.pm | 76 | ||||
| -rw-r--r-- | httemplate/edit/process/svc_cert.cgi | 8 | ||||
| -rw-r--r-- | httemplate/edit/svc_cert.cgi | 168 | ||||
| -rw-r--r-- | httemplate/misc/svc_cert-generate.html | 25 | ||||
| -rw-r--r-- | httemplate/view/svc_cert.cgi | 76 |
5 files changed, 328 insertions, 25 deletions
diff --git a/FS/FS/svc_cert.pm b/FS/FS/svc_cert.pm index 08bb8c094..e3ef3256f 100644 --- a/FS/FS/svc_cert.pm +++ b/FS/FS/svc_cert.pm @@ -79,9 +79,9 @@ state country -=item contact +=item cert_contact -contact +contact email =back @@ -124,7 +124,7 @@ sub table_info { 'city' => { label=>'City', %dis, }, 'state' => { label=>'State', %dis, }, 'country' => { label=>'Country', %dis, }, - 'cert_contact' => { label=>'Contact', %dis, }, + 'cert_contact' => { label=>'Contact email', %dis, }, #'another_field' => { # 'label' => 'Description', @@ -213,7 +213,7 @@ sub check { || $self->ut_textn('city') || $self->ut_textn('state') || $self->ut_textn('country') #XXX char(2) or NULL - || $self->ut_textn('contact') + || $self->ut_textn('cert_contact') ; return $error if $error; @@ -271,14 +271,23 @@ sub subj { ); } -sub generate_csr { +sub _file { my $self = shift; - my $in = $self->privatekey; + my $field = shift; my $dir = $FS::UID::conf_dir. "/cache.". $FS::UID::datasrc; #XXX actual cache dir my $fh = new File::Temp( - TEMPLATE => 'certkey.'. '.XXXXXXXX', + TEMPLATE => 'cert.'. '.XXXXXXXX', DIR => $dir, ) or die "can't open temp file: $!\n"; + print $fh $self->$field; + close $fh; + $fh; +} + +sub generate_csr { + my $self = shift; + + my $fh = $self->_file('privatekey'); run( [qw( openssl req -new -key ), $fh->filename, '-subj', $self->subj ], '>pipe'=>\*OUT, '2>'=>'/dev/null' @@ -289,6 +298,59 @@ sub generate_csr { $self->csr($csr); } +#sub check_csr { +# my $self = shift; +#} + +sub generate_selfsigned { + my $self = shift; + + my $days = 730; + + my $key = $self->_file('privatekey'); + my $csr = $self->_file('csr'); + + run( [qw( openssl req -x509 -nodes ), + '-days' => $days, + '-key' => $key->filename, + '-in' => $csr->filename, + ], + '>pipe'=>\*OUT, '2>'=>'/dev/null' + ) + or die "error running openssl: $!"; + #XXX error checking + my $csr = join('', <OUT>); + $self->certificate($csr); +} + +#openssl x509 -in cert -noout -subject -issuer -dates -serial +#subject= /CN=cn.example.com/ST=AK/O=Tofuy/OU=Soybean dept./C=US/L=Tofutown +#issuer= /CN=cn.example.com/ST=AK/O=Tofuy/OU=Soybean dept./C=US/L=Tofutown +#notBefore=Nov 7 05:07:42 2010 GMT +#notAfter=Nov 6 05:07:42 2012 GMT +#serial=B1DBF1A799EF207B + +sub check_certificate { + my $self = shift; + + my $in = $self->certificate; + run( [qw( openssl x509 -noout -subject -issuer -dates -serial )], + '<'=>\$in, + '>pipe'=>\*OUT, '2>'=>'/dev/null' + ) + or die "error running openssl: $!"; + #XXX error checking + + my %hash = (); + while (<OUT>) { + warn $_; + /^\s*(\w+)=\s*(.*)\s*$/ or next; + $hash{$1} = $2; + } + + %hash; +} + =back =head1 BUGS diff --git a/httemplate/edit/process/svc_cert.cgi b/httemplate/edit/process/svc_cert.cgi index 1bf749f96..58b95a6e9 100644 --- a/httemplate/edit/process/svc_cert.cgi +++ b/httemplate/edit/process/svc_cert.cgi @@ -17,9 +17,7 @@ % $cgi->param('error', $error); <% $cgi->redirect(popurl(2). "svc_cert.cgi?". $cgi->query_string ) %> %} else { -%#change link when we make a non-generic view -%#<% $cgi->redirect(popurl(3). "view/svc_cert.cgi?$svcnum") %> -<% $cgi->redirect(popurl(3). "view/svc_Common.html?svcdb=svc_cert;svcnum=$svcnum") %> +<% $cgi->redirect(popurl(3). "view/svc_cert.cgi?$svcnum") %> % } <%init> @@ -39,7 +37,7 @@ my $old = ''; if ( $svcnum ) { $old = qsearchs('svc_cert', { 'svcnum' => $svcnum } ) #agent virt; or die 'unknown svcnum'; - $new->$_( $old->$_ ) for grep $old->$_, qw( privatekey ); + $new->$_( $old->$_ ) for grep $old->$_, qw( privatekey csr certificate cacert ); } my $popup = 0; @@ -58,7 +56,7 @@ if ( $cgi->param('privatekey') eq '_generate' ) { #generate $new->privatekey( $cgi->param('privatekey') ); -} #elsif ( $cgi->param('privatekey') eq '_clear' ) { #import +} #elsif ( $cgi->param('privatekey') eq '_clear' ) { #clear my $error = ''; if ($cgi->param('svcnum')) { diff --git a/httemplate/edit/svc_cert.cgi b/httemplate/edit/svc_cert.cgi index fa14f0ba3..93194228e 100644 --- a/httemplate/edit/svc_cert.cgi +++ b/httemplate/edit/svc_cert.cgi @@ -2,13 +2,123 @@ <% include('/elements/error.html') %> -<FORM ACTION="<% $p1 %>process/svc_cert.cgi" METHOD=POST> +<FORM ACTION="<% $p %>edit/process/svc_cert.cgi" METHOD=POST> <INPUT TYPE="hidden" NAME="svcnum" VALUE="<% $svcnum %>"> <INPUT TYPE="hidden" NAME="pkgnum" VALUE="<% $pkgnum %>"> <INPUT TYPE="hidden" NAME="svcpart" VALUE="<% $svcpart %>"> <% ntable("#cccccc",2) %> +<TR> + <TD ALIGN="right">Private key</TD> + <TD BGCOLOR="#ffffff"> + +% if ( $svc_cert->privatekey && $svc_cert->check_privatekey ) { + + <FONT COLOR="#33ff33">Verification OK</FONT> +% # remove key & cert link? just unprovision? + + </TD></TR> + +% if (0) { #( $svc_cert->csr_submitted ) { #XXX add field? date? } + +% # just show the fields once the csr has been submitted + +% } else { + +% my $cust_main = $svc_cert->cust_svc->cust_pkg->cust_main; + + <TR> + <TD ALIGN="right">Common name</TD> + <TD><INPUT TYPE="text" NAME="common_name" SIZE=40 MAXLENGTH=80 VALUE="<% $svc_cert->common_name |h %>"></TD> + </TR> + + <TR> + <TD ALIGN="right">Organization</TD> + <TD><INPUT TYPE="text" NAME="organization" SIZE=40 MAXLENGTH=80 VALUE="<% $svc_cert->organization || $cust_main->company |h %>"></TD> + </TR> + + <TR> + <TD ALIGN="right">Organization Unit</TD> + <TD><INPUT TYPE="text" NAME="organization_unit" SIZE=40 MAXLENGTH=80 VALUE="<% $svc_cert->organization_unit |h %>"></TD> + </TR> + + <TR> + <TD ALIGN="right">City</TD> + <TD><% include('/elements/city.html', + 'city' => $svc_cert->city || $cust_main->city, + 'state' => $svc_cert->state || $cust_main->state, + 'country' => $svc_cert->country || $cust_main->country, + ) + %> + </TD> + </TR> + + <TR> + <TD ALIGN="right">State</TD> + <TD><% include('/elements/select-state.html', + 'city' => $svc_cert->city || $cust_main->city, + 'state' => $svc_cert->state || $cust_main->state, + 'country' => $svc_cert->country || $cust_main->country, + ) + %> + </TD> + </TR> + + <TR> + <TD ALIGN="right">Country</TD> + <TD><% include('/elements/select-country.html', + 'city' => $svc_cert->city || $cust_main->city, + 'state' => $svc_cert->state || $cust_main->state, + 'country' => $svc_cert->country || $cust_main->country, + ) + %> + </TD> + </TR> + + <TR> + <TD ALIGN="right">Contact email</TD> + <TD><INPUT TYPE="text" NAME="cert_contact" SIZE=40 MAXLENGTH=80 VALUE="<% $svc_cert->cert_contact || ($cust_main->invoicing_list_emailonly)[0] |h %>"></TD> + </TR> + +% } + +% } else { +% my $re = ''; +% if ( $svc_cert->privatekey ) { + <FONT COLOR="#ff0000">Verification error</FONT> +% $re = 'Clear and Re-'; +% } + <% include('/elements/popup_link.html', { + 'action' => "svc_cert/generate_privatekey.html$link_query", + 'label' => $re.'Generate', + 'actionlabel' => 'Generate private key', + #opt + 'width' => '350', + 'height' => '150' + #'color' => '#ff0000', + #'closetext' => 'Go Away', # the value '' removes the link + })%> + + or + + <% include('/elements/popup_link.html', { + 'action' => "svc_cert/import_privatekey.html$link_query", + 'label' => $re.'Import', + 'actionlabel' => 'Import private key', + #opt + 'width' => '544', + 'height' => '368', + #'color' => '#ff0000', + #'closetext' => 'Go Away', # the value '' removes the link + })%> +% if ( $svc_cert->privatekey ) { + <PRE><% $svc_cert->privatekey |h %></PRE> +% } + </TD> +</TR> +% } + </TABLE> <BR> @@ -23,8 +133,62 @@ die "access denied" unless $FS::CurrentUser::CurrentUser->access_right('Provision customer service'); #something else more specific? -#my $conf = new FS::Conf; +my $conf = new FS::Conf; + +my($svcnum, $pkgnum, $svcpart, $part_svc, $svc_cert ); +if ( $cgi->param('error') ) { + + $svc_cert = new FS::svc_cert ( { + map { $_, scalar($cgi->param($_)) } fields('svc_cert') + } ); + $svcnum = $svc_cert->svcnum; + $pkgnum = $cgi->param('pkgnum'); + $svcpart = $cgi->param('svcpart'); + $part_svc = qsearchs('part_svc', { 'svcpart' => $svcpart } ); + die "No part_svc entry!" unless $part_svc; + +} elsif ( $cgi->param('pkgnum') && $cgi->param('svcpart') ) { #adding + + $cgi->param('pkgnum') =~ /^(\d+)$/ or die 'unparsable pkgnum'; + $pkgnum = $1; + $cgi->param('svcpart') =~ /^(\d+)$/ or die 'unparsable svcpart'; + $svcpart = $1; + + $part_svc=qsearchs('part_svc',{'svcpart'=>$svcpart}); + die "No part_svc entry!" unless $part_svc; + + $svc_cert = new FS::svc_cert({}); + + $svcnum=''; + + $svc_cert->set_default_and_fixed; + +} else { #editing + + my($query) = $cgi->keywords; + $query =~ /^(\d+)$/ or die "unparsable svcnum"; + $svcnum=$1; + $svc_cert=qsearchs('svc_cert',{'svcnum'=>$svcnum}) + or die "Unknown (svc_cert) svcnum!"; + + my($cust_svc)=qsearchs('cust_svc',{'svcnum'=>$svcnum}) + or die "Unknown (cust_svc) svcnum!"; + + $pkgnum=$cust_svc->pkgnum; + $svcpart=$cust_svc->svcpart; + + $part_svc=qsearchs('part_svc',{'svcpart'=>$svcpart}); + die "No part_svc entry!" unless $part_svc; + +} +my $action = $svcnum ? 'Edit' : 'Add'; + +my $svc = $part_svc->getfield('svc'); + +#my $otaker = getotaker; +my $p1 = popurl(1); +my $link_query = "?svcnum=$svcnum;pkgnum=$pkgnum;svcpart=$svcpart"; </%init> diff --git a/httemplate/misc/svc_cert-generate.html b/httemplate/misc/svc_cert-generate.html new file mode 100644 index 000000000..10e8ab4e9 --- /dev/null +++ b/httemplate/misc/svc_cert-generate.html @@ -0,0 +1,25 @@ +% if ($error) { +% errorpage($error); +%} else { +<% $cgi->redirect($p."view/svc_cert.cgi?$svcnum") %> +%} +<%init> + +$cgi->param('svcnum') =~ /^(\d+)$/ or die 'illegal svcnum'; +my $svcnum = $1; + +my $svc_cert = qsearchs('svc_cert', { 'svcnum' => $svcnum } ) + or die 'unknown svcnum'; + +my $error = ''; +if ( $cgi->param('action') eq 'generate_csr' ) { + $svc_cert->generate_csr; + $error = $svc_cert->replace; +} elsif ( $cgi->param('action') eq 'generate_selfsigned' ) { + $svc_cert->generate_selfsigned; + $error = $svc_cert->replace; +} else { + die 'unknown action'; +} + +</%init> diff --git a/httemplate/view/svc_cert.cgi b/httemplate/view/svc_cert.cgi index eeda9a1dd..36f598b9a 100644 --- a/httemplate/view/svc_cert.cgi +++ b/httemplate/view/svc_cert.cgi @@ -1,19 +1,73 @@ <% include('elements/svc_Common.html', - 'table' => 'svc_pbx', - 'edit_url' => $p."edit/svc_Common.html?svcdb=svc_pbx;svcnum=", - #'labels' => \%labels, + 'table' => 'svc_cert', + 'labels' => \%labels, #'html_foot' => $html_foot, - 'fields' => [] + 'fields' => \@fields, ) %> <%init> -#my $fields = FS::svc_pbx->table_info->{'fields'}; -#my %labels = map { $_ => ( ref($fields->{$_}) -# ? $fields->{$_}{'label'} -# : $fields->{$_} -# ); -# } -# keys %$fields; +my $fields = FS::svc_cert->table_info->{'fields'}; +my %labels = map { $_ => ( ref($fields->{$_}) + ? $fields->{$_}{'label'} + : $fields->{$_} + ); + } + keys %$fields; + +my @fields = ( + { field=>'privatekey', + value=> sub { + my $svc_cert = shift; + if ( $svc_cert->privatekey && $svc_cert->check_privatekey ) { + '<FONT COLOR="#33ff33">Verification OK</FONT>'; + } elsif ( $svc_cert->privatekey ) { + '<FONT COLOR="#ff0000">Verification error</FONT>'; + } else { + '<I>(none)</I>'; + } + }, + }, + qw( common_name organization organization_unit city state country cert_contact + ), + { 'field'=>'csr', + 'value'=> sub { + my $svc_cert = shift; + if ( $svc_cert->csr ) { #display the subject etc? + '<FONT STYLE="font-family:monospace"><PRE>'. $svc_cert->csr. + '</PRE></FONT>'; + } elsif ( $svc_cert->common_name ) { + my $svcnum = $svc_cert->svcnum; + qq(<A HREF="${p}misc/svc_cert-generate.html?action=generate_csr;svcnum=$svcnum">Generate</A>); + } else { + ''; + } + }, + }, + { 'field'=>'certificate', + 'value'=> sub { + my $svc_cert = shift; + if ( $svc_cert->certificate ) { + + my %hash = $svc_cert->check_certificate; + my $out = '<TABLE>'; #XXX better formatting + foreach my $key ( keys %hash ) { + $out .= "<TR><TD>$key</TD><TD>$hash{$key}</TD></TR>"; + } + $out .= '</TABLE>'; + + $out .= '<FONT STYLE="font-family:monospace"><PRE>'. + $svc_cert->certificate. + '</PRE></FONT>'; + $out; + } elsif ( $svc_cert->csr ) { + my $svcnum = $svc_cert->svcnum; + qq(<A HREF="${p}misc/svc_cert-generate.html?action=generate_selfsigned;svcnum=$svcnum">Generate self-signed</A>); + } else { + ''; + } + }, + }, +); </%init> |