diff options
-rw-r--r-- | FS/FS.pm | 4 | ||||
-rw-r--r-- | FS/FS/Mason.pm | 1 | ||||
-rw-r--r-- | FS/FS/Schema.pm | 17 | ||||
-rw-r--r-- | FS/FS/svc_cert.pm | 303 | ||||
-rw-r--r-- | FS/MANIFEST | 2 | ||||
-rw-r--r-- | FS/t/svc_cert.t | 5 | ||||
-rw-r--r-- | eg/table_template-svc.pm | 1 | ||||
-rwxr-xr-x | httemplate/edit/part_svc.cgi | 1 | ||||
-rw-r--r-- | httemplate/edit/process/svc_cert.cgi | 71 | ||||
-rw-r--r-- | httemplate/edit/svc_cert.cgi | 30 | ||||
-rw-r--r-- | httemplate/edit/svc_cert/generate_privatekey.html | 34 | ||||
-rw-r--r-- | httemplate/edit/svc_cert/import_privatekey.html | 28 | ||||
-rw-r--r-- | httemplate/elements/popup_link-cust_svc.html | 6 | ||||
-rw-r--r-- | httemplate/view/elements/svc_Common.html | 10 | ||||
-rw-r--r-- | httemplate/view/svc_Common.html | 4 | ||||
-rw-r--r-- | httemplate/view/svc_cert.cgi | 19 |
16 files changed, 526 insertions, 10 deletions
@@ -174,6 +174,10 @@ L<FS::cdr_type> - CDR type class L<FS::svc_external> - Externally tracked service class. +L<FS::svc_pbx> - PBX service class + +L<FS::svc_cert> - Certificate service class + L<FS::inventory_class> - Inventory classes L<FS::inventory_item> - Inventory items diff --git a/FS/FS/Mason.pm b/FS/FS/Mason.pm index 550ea1a45..13a942cf2 100644 --- a/FS/FS/Mason.pm +++ b/FS/FS/Mason.pm @@ -255,6 +255,7 @@ if ( -e $addl_handler_use_file ) { use FS::part_tag; use FS::acct_snarf; use FS::part_pkg_discount; + use FS::svc_cert; # Sammath Naur if ( $FS::Mason::addl_handler_use ) { diff --git a/FS/FS/Schema.pm b/FS/FS/Schema.pm index 183803664..6ed7756a5 100644 --- a/FS/FS/Schema.pm +++ b/FS/FS/Schema.pm @@ -2972,10 +2972,19 @@ sub tables_hashref { 'svc_cert' => { 'columns' => [ - 'svcnum', 'int', '', '', '', '', - 'recnum', 'int', '', '', '', '', - 'something', 'text', '', '', '', '', - #XXX more fields + 'svcnum', 'int', '', '', '', '', + 'recnum', 'int', 'NULL', '', '', '', + 'privatekey', 'text', 'NULL', '', '', '', + 'csr', 'text', 'NULL', '', '', '', + 'certificate', 'text', 'NULL', '', '', '', + 'cacert', 'text', 'NULL', '', '', '', + 'common_name', 'varchar', 'NULL', $char_d, '', '', + 'organization', 'varchar', 'NULL', $char_d, '', '', + 'organization_unit', 'varchar', 'NULL', $char_d, '', '', + 'city', 'varchar', 'NULL', $char_d, '', '', + 'state', 'varchar', 'NULL', $char_d, '', '', + 'country', 'char', 'NULL', 2, '', '', + 'cert_contact', 'varchar', 'NULL', $char_d, '', '', ], 'primary_key' => 'svcnum', 'unique' => [], diff --git a/FS/FS/svc_cert.pm b/FS/FS/svc_cert.pm new file mode 100644 index 000000000..08bb8c094 --- /dev/null +++ b/FS/FS/svc_cert.pm @@ -0,0 +1,303 @@ +package FS::svc_cert; + +use strict; +use base qw( FS::svc_Common ); +#use FS::Record qw( qsearch qsearchs ); +use FS::cust_svc; + +=head1 NAME + +FS::svc_cert - Object methods for svc_cert records + +=head1 SYNOPSIS + + use FS::svc_cert; + + $record = new FS::svc_cert \%hash; + $record = new FS::svc_cert { 'column' => 'value' }; + + $error = $record->insert; + + $error = $new_record->replace($old_record); + + $error = $record->delete; + + $error = $record->check; + +=head1 DESCRIPTION + +An FS::svc_cert object represents a certificate. FS::svc_cert inherits from +FS::Record. The following fields are currently supported: + +=over 4 + +=item svcnum + +primary key + +=item recnum + +recnum + +=item privatekey + +privatekey + +=item csr + +csr + +=item certificate + +certificate + +=item cacert + +cacert + +=item common_name + +common_name + +=item organization + +organization + +=item organization_unit + +organization_unit + +=item city + +city + +=item state + +state + +=item country + +country + +=item contact + +contact + + +=back + +=head1 METHODS + +=over 4 + +=item new HASHREF + +Creates a new certificate. To add the certificate to the database, see L<"insert">. + +Note that this stores the hash reference, not a distinct copy of the hash it +points to. You can ask the object for a copy with the I<hash> method. + +=cut + +# the new method can be inherited from FS::Record, if a table method is defined + +sub table { 'svc_cert'; } + +sub table_info { + my %dis = ( disable_default=>1, disable_fixed=>1, disable_inventory=>1, disable_select=>1 ); + { + 'name' => 'Certificate', + 'name_plural' => 'Certificates', + 'longname_plural' => 'Example services', #optional + 'sorts' => 'svcnum', # optional sort field (or arrayref of sort fields, main first) + 'display_weight' => 25, + 'cancel_weight' => 65, + 'fields' => { + #'recnum' => '', + 'privatekey' => { label=>'Private key', %dis, }, + 'csr' => { label=>'Certificate signing request', %dis, }, + 'certificate' => { label=>'Certificate', %dis, }, + 'cacert' => { label=>'Certificate authority chain', %dis, }, + 'common_name' => { label=>'Common name', %dis, }, + 'organization' => { label=>'Organization', %dis, }, + 'organization_unit' => { label=>'Organization Unit', %dis, }, + 'city' => { label=>'City', %dis, }, + 'state' => { label=>'State', %dis, }, + 'country' => { label=>'Country', %dis, }, + 'cert_contact' => { label=>'Contact', %dis, }, + + #'another_field' => { + # 'label' => 'Description', + # 'def_label' => 'Description for service definitions', + # 'type' => 'text', + # 'disable_default' => 1, #disable switches + # 'disable_fixed' => 1, # + # 'disable_inventory' => 1, # + # }, + #'foreign_key' => { + # 'label' => 'Description', + # 'def_label' => 'Description for service defs', + # 'type' => 'select', + # 'select_table' => 'foreign_table', + # 'select_key' => 'key_field_in_table', + # 'select_label' => 'label_field_in_table', + # }, + + }, + }; +} + +=item label + +Returns a meaningful identifier for this example + +=cut + +sub label { + my $self = shift; +# $self->label_field; #or something more complicated if necessary + # check privatekey, check->privatekey, more? + return 'Certificate'; +} + +=item insert + +Adds this record to the database. If there is an error, returns the error, +otherwise returns false. + +=cut + +# the insert method can be inherited from FS::Record + +=item delete + +Delete this record from the database. + +=cut + +# the delete method can be inherited from FS::Record + +=item replace OLD_RECORD + +Replaces the OLD_RECORD with this one in the database. If there is an error, +returns the error, otherwise returns false. + +=cut + +# the replace method can be inherited from FS::Record + +=item check + +Checks all fields to make sure this is a valid certificate. If there is +an error, returns the error, otherwise returns false. Called by the insert +and replace methods. + +=cut + +# the check method should currently be supplied - FS::Record contains some +# data checking routines + +sub check { + my $self = shift; + + my $error = + $self->ut_numbern('svcnum') + || $self->ut_numbern('recnum') + || $self->ut_anything('privatekey') #XXX + || $self->ut_anything('csr') #XXX + || $self->ut_anything('certificate')#XXX + || $self->ut_anything('cacert') #XXX + || $self->ut_textn('common_name') + || $self->ut_textn('organization') + || $self->ut_textn('organization_unit') + || $self->ut_textn('city') + || $self->ut_textn('state') + || $self->ut_textn('country') #XXX char(2) or NULL + || $self->ut_textn('contact') + ; + return $error if $error; + + $self->SUPER::check; +} + +=item generate_privatekey [ KEYSIZE ] + +=cut + +use IPC::Run qw( run ); +use File::Temp; + +sub generate_privatekey { + my $self = shift; + my $keysize = (@_ && $_[0]) ? shift : 2048; + run( [qw( openssl genrsa ), $keysize], '>pipe'=>\*OUT, '2>'=>'/dev/null' ) + or die "error running openssl: $!"; + #XXX error checking + my $privatekey = join('', <OUT>); + $self->privatekey($privatekey); +} + +=item check_privatekey + +=cut + +sub check_privatekey { + my $self = shift; + my $in = $self->privatekey; + run( [qw( openssl rsa -check -noout)], '<'=>\$in, '>pipe'=>\*OUT, '2>'=>'/dev/null' ) + ;# or die "error running openssl: $!"; + + my $ok = <OUT>; + return ($ok =~ /key ok/); +} + +my %subj = ( + 'CN' => 'common_name', + 'O' => 'organization', + 'OU' => 'organization_unit', + 'L' => 'city', + 'ST' => 'state', + 'C' => 'country', +); + +sub subj { + my $self = shift; + + '/'. join('/', map { my $v = $self->get($subj{$_}); + $v =~ s/([=\/])/\\$1/; + "$_=$v"; + } + keys %subj + ); +} + +sub generate_csr { + my $self = shift; + my $in = $self->privatekey; + my $dir = $FS::UID::conf_dir. "/cache.". $FS::UID::datasrc; #XXX actual cache dir + my $fh = new File::Temp( + TEMPLATE => 'certkey.'. '.XXXXXXXX', + DIR => $dir, + ) or die "can't open temp file: $!\n"; + + run( [qw( openssl req -new -key ), $fh->filename, '-subj', $self->subj ], + '>pipe'=>\*OUT, '2>'=>'/dev/null' + ) + or die "error running openssl: $!"; + #XXX error checking + my $csr = join('', <OUT>); + $self->csr($csr); +} + +=back + +=head1 BUGS + +=head1 SEE ALSO + +L<FS::Record>, schema.html from the base documentation. + +=cut + +1; + diff --git a/FS/MANIFEST b/FS/MANIFEST index b4bce287d..8fd672653 100644 --- a/FS/MANIFEST +++ b/FS/MANIFEST @@ -538,3 +538,5 @@ FS/svc_cert.pm t/svc_cert.t FS/part_pkg_discount.pm t/part_pkg_discount.t +FS/svc_cert.pm +t/svc_cert.t diff --git a/FS/t/svc_cert.t b/FS/t/svc_cert.t new file mode 100644 index 000000000..05831d1e8 --- /dev/null +++ b/FS/t/svc_cert.t @@ -0,0 +1,5 @@ +BEGIN { $| = 1; print "1..1\n" } +END {print "not ok 1\n" unless $loaded;} +use FS::svc_cert; +$loaded=1; +print "ok 1\n"; diff --git a/eg/table_template-svc.pm b/eg/table_template-svc.pm index 7e10275cd..1470b6f37 100644 --- a/eg/table_template-svc.pm +++ b/eg/table_template-svc.pm @@ -73,6 +73,7 @@ sub table_info { 'disable_default' => 1, #disable switches 'disable_fixed' => 1, # 'disable_inventory' => 1, # + 'disable_select' => 1, # }, 'foreign_key' => { 'label' => 'Description', diff --git a/httemplate/edit/part_svc.cgi b/httemplate/edit/part_svc.cgi index 940ea8d25..e14acb5a9 100755 --- a/httemplate/edit/part_svc.cgi +++ b/httemplate/edit/part_svc.cgi @@ -15,6 +15,7 @@ Disable new orders <INPUT TYPE="checkbox" NAME="disabled" VALUE="Y"<% $hashref-> Service definitions are the templates for items you offer to your customers. <UL><LI>svc_acct - Accounts - anything with a username (Mailboxes, PPP accounts, shell accounts, RADIUS entries for broadband, etc.) <LI>svc_domain - Domains + <LI>svc_cert - Certificates <LI>svc_forward - Mail forwarding <LI>svc_mailinglist - Mailing list <LI>svc_www - Virtual domain website diff --git a/httemplate/edit/process/svc_cert.cgi b/httemplate/edit/process/svc_cert.cgi new file mode 100644 index 000000000..1bf749f96 --- /dev/null +++ b/httemplate/edit/process/svc_cert.cgi @@ -0,0 +1,71 @@ +%if ( $popup ) { +% if ( $error ) { #should redirect back to the posting page? +<% include("/elements/header-popup.html", "Error") %> +<P><FONT SIZE="+1" COLOR="#ff0000"><% $error |h %></FONT> +<BR><BR> +<P ALIGN="center"> +<BUTTON TYPE="button" onClick="parent.cClick();">Close</BUTTON> +</BODY></HTML> +% } else { +<% include('/elements/header-popup.html', $title ) %> + <SCRIPT TYPE="text/javascript"> + window.top.location = '<% popurl(3). "edit/svc_cert.cgi?$svcnum" %>'; + </SCRIPT> + </BODY></HTML> +% } +%} elsif ( $error ) { +% $cgi->param('error', $error); +<% $cgi->redirect(popurl(2). "svc_cert.cgi?". $cgi->query_string ) %> +%} else { +%#change link when we make a non-generic view +%#<% $cgi->redirect(popurl(3). "view/svc_cert.cgi?$svcnum") %> +<% $cgi->redirect(popurl(3). "view/svc_Common.html?svcdb=svc_cert;svcnum=$svcnum") %> +% } +<%init> + +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Provision customer service'); #something else more specific? + +$cgi->param('svcnum') =~ /^(\d*)$/ or die "Illegal svcnum!"; +my $svcnum = $1; + +my $new = new FS::svc_cert ( { + map { + $_, scalar($cgi->param($_)); + } ( fields('svc_cert'), qw( pkgnum svcpart ) ) +} ); + +my $old = ''; +if ( $svcnum ) { + $old = qsearchs('svc_cert', { 'svcnum' => $svcnum } ) #agent virt; + or die 'unknown svcnum'; + $new->$_( $old->$_ ) for grep $old->$_, qw( privatekey ); +} + +my $popup = 0; +my $title = ''; +if ( $cgi->param('privatekey') eq '_generate' ) { #generate + $popup = 1; + $title = 'Key generated'; + + $cgi->param('keysize') =~ /^(\d+)$/ or die 'illegal keysize'; + my $keysize = $1; + $new->generate_privatekey($keysize); + +} elsif ( $cgi->param('privatekey') =~ /\S/ ) { #import + $popup = 1; + $title = 'Key imported'; + + $new->privatekey( $cgi->param('privatekey') ); + +} #elsif ( $cgi->param('privatekey') eq '_clear' ) { #import + +my $error = ''; +if ($cgi->param('svcnum')) { + $error = $new->replace(); +} else { + $error = $new->insert; + $svcnum = $new->svcnum; +} + +</%init> diff --git a/httemplate/edit/svc_cert.cgi b/httemplate/edit/svc_cert.cgi new file mode 100644 index 000000000..fa14f0ba3 --- /dev/null +++ b/httemplate/edit/svc_cert.cgi @@ -0,0 +1,30 @@ +<% include('/elements/header.html', "$action $svc", '') %> + +<% include('/elements/error.html') %> + +<FORM ACTION="<% $p1 %>process/svc_cert.cgi" METHOD=POST> +<INPUT TYPE="hidden" NAME="svcnum" VALUE="<% $svcnum %>"> +<INPUT TYPE="hidden" NAME="pkgnum" VALUE="<% $pkgnum %>"> +<INPUT TYPE="hidden" NAME="svcpart" VALUE="<% $svcpart %>"> + +<% ntable("#cccccc",2) %> + +</TABLE> +<BR> + +<INPUT TYPE="submit" VALUE="Submit"> + +</FORM> + +<% include('/elements/footer.html') %> + +<%init> + +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Provision customer service'); #something else more specific? + +#my $conf = new FS::Conf; + + + +</%init> diff --git a/httemplate/edit/svc_cert/generate_privatekey.html b/httemplate/edit/svc_cert/generate_privatekey.html new file mode 100644 index 000000000..45414e773 --- /dev/null +++ b/httemplate/edit/svc_cert/generate_privatekey.html @@ -0,0 +1,34 @@ +<% include('/elements/header-popup.html', 'Generate private key' ) %> + +<FORM NAME="GenerateKeyForm" ACTION="<% $p %>process/svc_cert.cgi" METHOD="POST"> + +<INPUT TYPE="hidden" NAME="svcnum" VALUE="<% $svcnum %>"> +<INPUT TYPE="hidden" NAME="pkgnum" VALUE="<% $pkgnum %>"> +<INPUT TYPE="hidden" NAME="svcpart" VALUE="<% $svcpart %>"> + +<INPUT TYPE="hidden" NAME="privatekey" VALUE="_generate"> + +Key size: <SELECT NAME="keysize"> + <OPTION VALUE="512">512</OPTION> + <OPTION VALUE="1024">1024</OPTION> + <OPTION VALUE="2048" SELECTED>2048</OPTION> + <OPTION VALUE="4096">4096</OPTION> +</SELECT> + +<BR><BR> +<INPUT TYPE="submit" VALUE="Generate"> + +</FORM> +</BODY> +</HTML> +<%init> + +$cgi->param('svcnum') =~ /^(\d*)$/ or die 'illegal svcnum'; +my $svcnum = $1; +$cgi->param('pkgnum') =~ /^(\d*)$/ or die 'illegal pkgnum'; +my $pkgnum = $1; +$cgi->param('svcpart') =~ /^(\d*)$/ or die 'illegal svcpart'; +my $svcpart = $1; + +</%init> + diff --git a/httemplate/edit/svc_cert/import_privatekey.html b/httemplate/edit/svc_cert/import_privatekey.html new file mode 100644 index 000000000..52e6002f8 --- /dev/null +++ b/httemplate/edit/svc_cert/import_privatekey.html @@ -0,0 +1,28 @@ +<% include('/elements/header-popup.html', 'Import private key' ) %> + +<% include('/elements/error.html') %> + +<FORM NAME="ImportKeyForm" ACTION="<% $p %>process/svc_cert.cgi" METHOD="POST"> + +<INPUT TYPE="hidden" NAME="svcnum" VALUE="<% $svcnum %>"> +<INPUT TYPE="hidden" NAME="pkgnum" VALUE="<% $pkgnum %>"> +<INPUT TYPE="hidden" NAME="svcpart" VALUE="<% $svcpart %>"> + +<TEXTAREA NAME="privatekey" COLS=64 ROWS=15 STYLE="font-family:monospace"></TEXTAREA> + +<BR><BR> +<INPUT TYPE="submit" VALUE="Import"> + +</FORM> +</BODY> +</HTML> +<%init> + +$cgi->param('svcnum') =~ /^(\d*)$/ or die 'illegal svcnum'; +my $svcnum = $1; +$cgi->param('pkgnum') =~ /^(\d*)$/ or die 'illegal pkgnum'; +my $pkgnum = $1; +$cgi->param('svcpart') =~ /^(\d*)$/ or die 'illegal svcpart'; +my $svcpart = $1; + +</%init> diff --git a/httemplate/elements/popup_link-cust_svc.html b/httemplate/elements/popup_link-cust_svc.html index 8255ffc04..39c0d3181 100644 --- a/httemplate/elements/popup_link-cust_svc.html +++ b/httemplate/elements/popup_link-cust_svc.html @@ -4,16 +4,16 @@ Example: include('/elements/init_overlib.html') - include( '/elements/svc_popup_link.html', { #hashref or a list, either way + include('/elements/popup_link-cust_svc.html', { #hashref or a list, either way #required 'action' => 'content.html', # uri for content of popup which should # be suitable for appending '?svcnum=' 'label' => 'click me', # text of <A> tag - 'cust_svc' => $cust_svc # a FS::cust_svc object + 'cust_svc' => $cust_svc # a FS::cust_svc object or FS::svc_* object #strongly recommended (you want a title, right?) - 'actionlabel => 'You clicked', # popup title + 'actionlabel' => 'You clicked', # popup title #opt 'width' => '540', diff --git a/httemplate/view/elements/svc_Common.html b/httemplate/view/elements/svc_Common.html index 8a352f3fa..618d33eed 100644 --- a/httemplate/view/elements/svc_Common.html +++ b/httemplate/view/elements/svc_Common.html @@ -18,6 +18,10 @@ # defaults to "edit/$table.cgi?", will have svcnum appended 'edit_url' => + + #at the very bottom (well, as low as you can go from here) + 'html_foot' => '', + ) </%doc> @@ -56,12 +60,14 @@ Unprovision this Service</A> % foreach my $f ( @$fields ) { % -% my($field, $type); +% my($field, $type, $value); % if ( ref($f) ) { % $field = $f->{'field'}, +% $value = $f->{'value'} ? &{ $f->{'value'} }($svc_x) : $svc_x->$field; % $type = $f->{'type'} || 'text', % } else { % $field = $f; +% $value = $svc_x->$field; % $type = 'text'; % } % @@ -78,7 +84,7 @@ Unprovision this Service</A> % #eventually more options for <SELECT>, etc. fields - <TD BGCOLOR="#ffffff"><% $svc_x->$field %><TD> + <TD BGCOLOR="#ffffff"><% $value %><TD> </TR> diff --git a/httemplate/view/svc_Common.html b/httemplate/view/svc_Common.html index defbee974..7ed63c7aa 100644 --- a/httemplate/view/svc_Common.html +++ b/httemplate/view/svc_Common.html @@ -1,6 +1,6 @@ <% include('elements/svc_Common.html', 'table' => $table, - 'edit_url' => $p."edit/svc_Common.html?svcdb=$table;svcnum=", + 'edit_url' => $edit_url, #$p."edit/svc_Common.html?svcdb=$table;svcnum=", %opt, ) %> @@ -12,6 +12,8 @@ $cgi->param('svcdb') =~ /^(svc_\w+)$/ or die "unparsable svcdb"; my $table = $1; require "FS/$table.pm"; +my $edit_url = svc_url( 'm' => $m, 'action' => 'edit', 'svcdb' => $table, query => '' ); + my %opt; if ( UNIVERSAL::can("FS::$table", 'table_info') ) { $opt{'name'} = "FS::$table"->table_info->{'name'}; diff --git a/httemplate/view/svc_cert.cgi b/httemplate/view/svc_cert.cgi new file mode 100644 index 000000000..eeda9a1dd --- /dev/null +++ b/httemplate/view/svc_cert.cgi @@ -0,0 +1,19 @@ +<% include('elements/svc_Common.html', + 'table' => 'svc_pbx', + 'edit_url' => $p."edit/svc_Common.html?svcdb=svc_pbx;svcnum=", + #'labels' => \%labels, + #'html_foot' => $html_foot, + 'fields' => [] + ) +%> +<%init> + +#my $fields = FS::svc_pbx->table_info->{'fields'}; +#my %labels = map { $_ => ( ref($fields->{$_}) +# ? $fields->{$_}{'label'} +# : $fields->{$_} +# ); +# } +# keys %$fields; + +</%init> |