diff options
| author | ivan <ivan> | 2010-11-07 05:30:12 +0000 |
|---|---|---|
| committer | ivan <ivan> | 2010-11-07 05:30:12 +0000 |
| commit | cd91e59d897b1359dd91b2b9e5e7e008d2dbd9ed (patch) | |
| tree | 0d22c6b82e55fcc08d752bb198a8ac8050179548 | |
| parent | 2d73473ce78c22160b618e93802a9551c9c77d69 (diff) | |
certificates ala communigate, RT#7515
| -rw-r--r-- | FS/FS/svc_cert.pm | 76 | ||||
| -rw-r--r-- | httemplate/edit/process/svc_cert.cgi | 8 | ||||
| -rw-r--r-- | httemplate/edit/svc_cert.cgi | 174 | ||||
| -rw-r--r-- | httemplate/misc/svc_cert-generate.html | 25 | ||||
| -rw-r--r-- | httemplate/view/svc_cert.cgi | 41 |
5 files changed, 234 insertions, 90 deletions
diff --git a/FS/FS/svc_cert.pm b/FS/FS/svc_cert.pm index 08bb8c094..e3ef3256f 100644 --- a/FS/FS/svc_cert.pm +++ b/FS/FS/svc_cert.pm @@ -79,9 +79,9 @@ state country -=item contact +=item cert_contact -contact +contact email =back @@ -124,7 +124,7 @@ sub table_info { 'city' => { label=>'City', %dis, }, 'state' => { label=>'State', %dis, }, 'country' => { label=>'Country', %dis, }, - 'cert_contact' => { label=>'Contact', %dis, }, + 'cert_contact' => { label=>'Contact email', %dis, }, #'another_field' => { # 'label' => 'Description', @@ -213,7 +213,7 @@ sub check { || $self->ut_textn('city') || $self->ut_textn('state') || $self->ut_textn('country') #XXX char(2) or NULL - || $self->ut_textn('contact') + || $self->ut_textn('cert_contact') ; return $error if $error; @@ -271,14 +271,23 @@ sub subj { ); } -sub generate_csr { +sub _file { my $self = shift; - my $in = $self->privatekey; + my $field = shift; my $dir = $FS::UID::conf_dir. "/cache.". $FS::UID::datasrc; #XXX actual cache dir my $fh = new File::Temp( - TEMPLATE => 'certkey.'. '.XXXXXXXX', + TEMPLATE => 'cert.'. '.XXXXXXXX', DIR => $dir, ) or die "can't open temp file: $!\n"; + print $fh $self->$field; + close $fh; + $fh; +} + +sub generate_csr { + my $self = shift; + + my $fh = $self->_file('privatekey'); run( [qw( openssl req -new -key ), $fh->filename, '-subj', $self->subj ], '>pipe'=>\*OUT, '2>'=>'/dev/null' @@ -289,6 +298,59 @@ sub generate_csr { $self->csr($csr); } +#sub check_csr { +# my $self = shift; +#} + +sub generate_selfsigned { + my $self = shift; + + my $days = 730; + + my $key = $self->_file('privatekey'); + my $csr = $self->_file('csr'); + + run( [qw( openssl req -x509 -nodes ), + '-days' => $days, + '-key' => $key->filename, + '-in' => $csr->filename, + ], + '>pipe'=>\*OUT, '2>'=>'/dev/null' + ) + or die "error running openssl: $!"; + #XXX error checking + my $csr = join('', <OUT>); + $self->certificate($csr); +} + +#openssl x509 -in cert -noout -subject -issuer -dates -serial +#subject= /CN=cn.example.com/ST=AK/O=Tofuy/OU=Soybean dept./C=US/L=Tofutown +#issuer= /CN=cn.example.com/ST=AK/O=Tofuy/OU=Soybean dept./C=US/L=Tofutown +#notBefore=Nov 7 05:07:42 2010 GMT +#notAfter=Nov 6 05:07:42 2012 GMT +#serial=B1DBF1A799EF207B + +sub check_certificate { + my $self = shift; + + my $in = $self->certificate; + run( [qw( openssl x509 -noout -subject -issuer -dates -serial )], + '<'=>\$in, + '>pipe'=>\*OUT, '2>'=>'/dev/null' + ) + or die "error running openssl: $!"; + #XXX error checking + + my %hash = (); + while (<OUT>) { + warn $_; + /^\s*(\w+)=\s*(.*)\s*$/ or next; + $hash{$1} = $2; + } + + %hash; +} + =back =head1 BUGS diff --git a/httemplate/edit/process/svc_cert.cgi b/httemplate/edit/process/svc_cert.cgi index 1bf749f96..58b95a6e9 100644 --- a/httemplate/edit/process/svc_cert.cgi +++ b/httemplate/edit/process/svc_cert.cgi @@ -17,9 +17,7 @@ % $cgi->param('error', $error); <% $cgi->redirect(popurl(2). "svc_cert.cgi?". $cgi->query_string ) %> %} else { -%#change link when we make a non-generic view -%#<% $cgi->redirect(popurl(3). "view/svc_cert.cgi?$svcnum") %> -<% $cgi->redirect(popurl(3). "view/svc_Common.html?svcdb=svc_cert;svcnum=$svcnum") %> +<% $cgi->redirect(popurl(3). "view/svc_cert.cgi?$svcnum") %> % } <%init> @@ -39,7 +37,7 @@ my $old = ''; if ( $svcnum ) { $old = qsearchs('svc_cert', { 'svcnum' => $svcnum } ) #agent virt; or die 'unknown svcnum'; - $new->$_( $old->$_ ) for grep $old->$_, qw( privatekey ); + $new->$_( $old->$_ ) for grep $old->$_, qw( privatekey csr certificate cacert ); } my $popup = 0; @@ -58,7 +56,7 @@ if ( $cgi->param('privatekey') eq '_generate' ) { #generate $new->privatekey( $cgi->param('privatekey') ); -} #elsif ( $cgi->param('privatekey') eq '_clear' ) { #import +} #elsif ( $cgi->param('privatekey') eq '_clear' ) { #clear my $error = ''; if ($cgi->param('svcnum')) { diff --git a/httemplate/edit/svc_cert.cgi b/httemplate/edit/svc_cert.cgi index 89460f3e3..93194228e 100644 --- a/httemplate/edit/svc_cert.cgi +++ b/httemplate/edit/svc_cert.cgi @@ -12,92 +12,112 @@ <TR> <TD ALIGN="right">Private key</TD> <TD BGCOLOR="#ffffff"> -% if ( $svc_cert->privatekey && $svc_cert->check_privatekey ) { - <FONT COLOR="#33ff33">Verification OK</FONT> -% # remove key & cert link? just unprovision? - </TD> -</TR> -% my $cust_main = $svc_cert->cust_svc->cust_pkg->cust_main; +% if ( $svc_cert->privatekey && $svc_cert->check_privatekey ) { -<TR> - <TD ALIGN="right">Organization</TD> - <TD><INPUT TYPE="text" NAME="organization" SIZE=40 MAXLENGTH=80 VALUE="<% $svc_cert->organization || $cust_main->company |h %>"></TD> -</TR> + <FONT COLOR="#33ff33">Verification OK</FONT> +% # remove key & cert link? just unprovision? -<TR> - <TD ALIGN="right">Organization Unit</TD> - <TD><INPUT TYPE="text" NAME="organization_unit" SIZE=40 MAXLENGTH=80 VALUE="<% $svc_cert->organization_unit |h %>"></TD> -</TR> + </TD></TR> -<TR> - <TD ALIGN="right">City</TD> - <TD><% include('/elements/city.html', - 'city' => $svc_cert->city || $cust_main->city, - 'state' => $svc_cert->state || $cust_main->state, - 'country' => $svc_cert->country || $cust_main->country, - ) - %> - </TD> -</TR> +% if (0) { #( $svc_cert->csr_submitted ) { #XXX add field? date? } -<TR> - <TD ALIGN="right">State</TD> - <TD><% include('/elements/select-state.html', - 'city' => $svc_cert->city || $cust_main->city, - 'state' => $svc_cert->state || $cust_main->state, - 'country' => $svc_cert->country || $cust_main->country, - ) - %> - </TD> -</TR> - -<TR> - <TD ALIGN="right">City</TD> - <TD><% include('/elements/select-country.html', - 'city' => $svc_cert->city || $cust_main->city, - 'state' => $svc_cert->state || $cust_main->state, - 'country' => $svc_cert->country || $cust_main->country, - ) - %> - </TD> -</TR> +% # just show the fields once the csr has been submitted % } else { -% my $re = ''; -% if ( $svc_cert->privatekey ) { - <FONT COLOR="#ff0000">Verification error</FONT> -% $re = 'Clear and Re-'; -% } - <% include('/elements/popup_link.html', { - 'action' => "svc_cert/generate_privatekey.html$link_query", - 'label' => $re.'Generate', - 'actionlabel' => 'Generate private key', - #opt - 'width' => '350', - 'height' => '150' - #'color' => '#ff0000', - #'closetext' => 'Go Away', # the value '' removes the link - })%> - - or - - <% include('/elements/popup_link.html', { - 'action' => "svc_cert/import_privatekey.html$link_query", - 'label' => $re.'Import', - 'actionlabel' => 'Import private key', - #opt - 'width' => '544', - 'height' => '368', - #'color' => '#ff0000', - #'closetext' => 'Go Away', # the value '' removes the link - })%> -% if ( $svc_cert->privatekey ) { -<PRE><% $svc_cert->privatekey |h %></PRE> -% } + +% my $cust_main = $svc_cert->cust_svc->cust_pkg->cust_main; + + <TR> + <TD ALIGN="right">Common name</TD> + <TD><INPUT TYPE="text" NAME="common_name" SIZE=40 MAXLENGTH=80 VALUE="<% $svc_cert->common_name |h %>"></TD> + </TR> + + <TR> + <TD ALIGN="right">Organization</TD> + <TD><INPUT TYPE="text" NAME="organization" SIZE=40 MAXLENGTH=80 VALUE="<% $svc_cert->organization || $cust_main->company |h %>"></TD> + </TR> + + <TR> + <TD ALIGN="right">Organization Unit</TD> + <TD><INPUT TYPE="text" NAME="organization_unit" SIZE=40 MAXLENGTH=80 VALUE="<% $svc_cert->organization_unit |h %>"></TD> + </TR> + + <TR> + <TD ALIGN="right">City</TD> + <TD><% include('/elements/city.html', + 'city' => $svc_cert->city || $cust_main->city, + 'state' => $svc_cert->state || $cust_main->state, + 'country' => $svc_cert->country || $cust_main->country, + ) + %> + </TD> + </TR> + + <TR> + <TD ALIGN="right">State</TD> + <TD><% include('/elements/select-state.html', + 'city' => $svc_cert->city || $cust_main->city, + 'state' => $svc_cert->state || $cust_main->state, + 'country' => $svc_cert->country || $cust_main->country, + ) + %> + </TD> + </TR> + + <TR> + <TD ALIGN="right">Country</TD> + <TD><% include('/elements/select-country.html', + 'city' => $svc_cert->city || $cust_main->city, + 'state' => $svc_cert->state || $cust_main->state, + 'country' => $svc_cert->country || $cust_main->country, + ) + %> + </TD> + </TR> + + <TR> + <TD ALIGN="right">Contact email</TD> + <TD><INPUT TYPE="text" NAME="cert_contact" SIZE=40 MAXLENGTH=80 VALUE="<% $svc_cert->cert_contact || ($cust_main->invoicing_list_emailonly)[0] |h %>"></TD> + </TR> + +% } + +% } else { +% my $re = ''; +% if ( $svc_cert->privatekey ) { + <FONT COLOR="#ff0000">Verification error</FONT> +% $re = 'Clear and Re-'; +% } + <% include('/elements/popup_link.html', { + 'action' => "svc_cert/generate_privatekey.html$link_query", + 'label' => $re.'Generate', + 'actionlabel' => 'Generate private key', + #opt + 'width' => '350', + 'height' => '150' + #'color' => '#ff0000', + #'closetext' => 'Go Away', # the value '' removes the link + })%> + + or + + <% include('/elements/popup_link.html', { + 'action' => "svc_cert/import_privatekey.html$link_query", + 'label' => $re.'Import', + 'actionlabel' => 'Import private key', + #opt + 'width' => '544', + 'height' => '368', + #'color' => '#ff0000', + #'closetext' => 'Go Away', # the value '' removes the link + })%> +% if ( $svc_cert->privatekey ) { + <PRE><% $svc_cert->privatekey |h %></PRE> +% } </TD> </TR> -% } +% } </TABLE> <BR> diff --git a/httemplate/misc/svc_cert-generate.html b/httemplate/misc/svc_cert-generate.html new file mode 100644 index 000000000..10e8ab4e9 --- /dev/null +++ b/httemplate/misc/svc_cert-generate.html @@ -0,0 +1,25 @@ +% if ($error) { +% errorpage($error); +%} else { +<% $cgi->redirect($p."view/svc_cert.cgi?$svcnum") %> +%} +<%init> + +$cgi->param('svcnum') =~ /^(\d+)$/ or die 'illegal svcnum'; +my $svcnum = $1; + +my $svc_cert = qsearchs('svc_cert', { 'svcnum' => $svcnum } ) + or die 'unknown svcnum'; + +my $error = ''; +if ( $cgi->param('action') eq 'generate_csr' ) { + $svc_cert->generate_csr; + $error = $svc_cert->replace; +} elsif ( $cgi->param('action') eq 'generate_selfsigned' ) { + $svc_cert->generate_selfsigned; + $error = $svc_cert->replace; +} else { + die 'unknown action'; +} + +</%init> diff --git a/httemplate/view/svc_cert.cgi b/httemplate/view/svc_cert.cgi index 92902d6d2..36f598b9a 100644 --- a/httemplate/view/svc_cert.cgi +++ b/httemplate/view/svc_cert.cgi @@ -28,7 +28,46 @@ my @fields = ( } }, }, - qw( organization organization_unit city state country cert_contact ) + qw( common_name organization organization_unit city state country cert_contact + ), + { 'field'=>'csr', + 'value'=> sub { + my $svc_cert = shift; + if ( $svc_cert->csr ) { #display the subject etc? + '<FONT STYLE="font-family:monospace"><PRE>'. $svc_cert->csr. + '</PRE></FONT>'; + } elsif ( $svc_cert->common_name ) { + my $svcnum = $svc_cert->svcnum; + qq(<A HREF="${p}misc/svc_cert-generate.html?action=generate_csr;svcnum=$svcnum">Generate</A>); + } else { + ''; + } + }, + }, + { 'field'=>'certificate', + 'value'=> sub { + my $svc_cert = shift; + if ( $svc_cert->certificate ) { + + my %hash = $svc_cert->check_certificate; + my $out = '<TABLE>'; #XXX better formatting + foreach my $key ( keys %hash ) { + $out .= "<TR><TD>$key</TD><TD>$hash{$key}</TD></TR>"; + } + $out .= '</TABLE>'; + + $out .= '<FONT STYLE="font-family:monospace"><PRE>'. + $svc_cert->certificate. + '</PRE></FONT>'; + $out; + } elsif ( $svc_cert->csr ) { + my $svcnum = $svc_cert->svcnum; + qq(<A HREF="${p}misc/svc_cert-generate.html?action=generate_selfsigned;svcnum=$svcnum">Generate self-signed</A>); + } else { + ''; + } + }, + }, ); </%init> |