From: ivan Date: Sun, 7 Nov 2010 00:56:35 +0000 (+0000) Subject: certificates ala communigate, RT#7515 X-Git-Tag: TORRUS_1_0_9~126 X-Git-Url: http://git.freeside.biz/gitweb/?p=freeside.git;a=commitdiff_plain;h=2d73473ce78c22160b618e93802a9551c9c77d69 certificates ala communigate, RT#7515 --- diff --git a/FS/FS.pm b/FS/FS.pm index 1fdde3586..aca33de6a 100644 --- a/FS/FS.pm +++ b/FS/FS.pm @@ -174,6 +174,10 @@ L - CDR type class L - Externally tracked service class. +L - PBX service class + +L - Certificate service class + L - Inventory classes L - Inventory items diff --git a/FS/FS/Mason.pm b/FS/FS/Mason.pm index 4671f9694..d3c04db27 100644 --- a/FS/FS/Mason.pm +++ b/FS/FS/Mason.pm @@ -257,6 +257,7 @@ if ( -e $addl_handler_use_file ) { use FS::part_tag; use FS::acct_snarf; use FS::part_pkg_discount; + use FS::svc_cert; # Sammath Naur if ( $FS::Mason::addl_handler_use ) { diff --git a/FS/FS/Schema.pm b/FS/FS/Schema.pm index 183803664..6ed7756a5 100644 --- a/FS/FS/Schema.pm +++ b/FS/FS/Schema.pm @@ -2972,10 +2972,19 @@ sub tables_hashref { 'svc_cert' => { 'columns' => [ - 'svcnum', 'int', '', '', '', '', - 'recnum', 'int', '', '', '', '', - 'something', 'text', '', '', '', '', - #XXX more fields + 'svcnum', 'int', '', '', '', '', + 'recnum', 'int', 'NULL', '', '', '', + 'privatekey', 'text', 'NULL', '', '', '', + 'csr', 'text', 'NULL', '', '', '', + 'certificate', 'text', 'NULL', '', '', '', + 'cacert', 'text', 'NULL', '', '', '', + 'common_name', 'varchar', 'NULL', $char_d, '', '', + 'organization', 'varchar', 'NULL', $char_d, '', '', + 'organization_unit', 'varchar', 'NULL', $char_d, '', '', + 'city', 'varchar', 'NULL', $char_d, '', '', + 'state', 'varchar', 'NULL', $char_d, '', '', + 'country', 'char', 'NULL', 2, '', '', + 'cert_contact', 'varchar', 'NULL', $char_d, '', '', ], 'primary_key' => 'svcnum', 'unique' => [], diff --git a/FS/FS/svc_cert.pm b/FS/FS/svc_cert.pm new file mode 100644 index 000000000..08bb8c094 --- /dev/null +++ b/FS/FS/svc_cert.pm @@ -0,0 +1,303 @@ +package FS::svc_cert; + +use strict; +use base qw( FS::svc_Common ); +#use FS::Record qw( qsearch qsearchs ); +use FS::cust_svc; + +=head1 NAME + +FS::svc_cert - Object methods for svc_cert records + +=head1 SYNOPSIS + + use FS::svc_cert; + + $record = new FS::svc_cert \%hash; + $record = new FS::svc_cert { 'column' => 'value' }; + + $error = $record->insert; + + $error = $new_record->replace($old_record); + + $error = $record->delete; + + $error = $record->check; + +=head1 DESCRIPTION + +An FS::svc_cert object represents a certificate. FS::svc_cert inherits from +FS::Record. The following fields are currently supported: + +=over 4 + +=item svcnum + +primary key + +=item recnum + +recnum + +=item privatekey + +privatekey + +=item csr + +csr + +=item certificate + +certificate + +=item cacert + +cacert + +=item common_name + +common_name + +=item organization + +organization + +=item organization_unit + +organization_unit + +=item city + +city + +=item state + +state + +=item country + +country + +=item contact + +contact + + +=back + +=head1 METHODS + +=over 4 + +=item new HASHREF + +Creates a new certificate. To add the certificate to the database, see L<"insert">. + +Note that this stores the hash reference, not a distinct copy of the hash it +points to. You can ask the object for a copy with the I method. + +=cut + +# the new method can be inherited from FS::Record, if a table method is defined + +sub table { 'svc_cert'; } + +sub table_info { + my %dis = ( disable_default=>1, disable_fixed=>1, disable_inventory=>1, disable_select=>1 ); + { + 'name' => 'Certificate', + 'name_plural' => 'Certificates', + 'longname_plural' => 'Example services', #optional + 'sorts' => 'svcnum', # optional sort field (or arrayref of sort fields, main first) + 'display_weight' => 25, + 'cancel_weight' => 65, + 'fields' => { + #'recnum' => '', + 'privatekey' => { label=>'Private key', %dis, }, + 'csr' => { label=>'Certificate signing request', %dis, }, + 'certificate' => { label=>'Certificate', %dis, }, + 'cacert' => { label=>'Certificate authority chain', %dis, }, + 'common_name' => { label=>'Common name', %dis, }, + 'organization' => { label=>'Organization', %dis, }, + 'organization_unit' => { label=>'Organization Unit', %dis, }, + 'city' => { label=>'City', %dis, }, + 'state' => { label=>'State', %dis, }, + 'country' => { label=>'Country', %dis, }, + 'cert_contact' => { label=>'Contact', %dis, }, + + #'another_field' => { + # 'label' => 'Description', + # 'def_label' => 'Description for service definitions', + # 'type' => 'text', + # 'disable_default' => 1, #disable switches + # 'disable_fixed' => 1, # + # 'disable_inventory' => 1, # + # }, + #'foreign_key' => { + # 'label' => 'Description', + # 'def_label' => 'Description for service defs', + # 'type' => 'select', + # 'select_table' => 'foreign_table', + # 'select_key' => 'key_field_in_table', + # 'select_label' => 'label_field_in_table', + # }, + + }, + }; +} + +=item label + +Returns a meaningful identifier for this example + +=cut + +sub label { + my $self = shift; +# $self->label_field; #or something more complicated if necessary + # check privatekey, check->privatekey, more? + return 'Certificate'; +} + +=item insert + +Adds this record to the database. If there is an error, returns the error, +otherwise returns false. + +=cut + +# the insert method can be inherited from FS::Record + +=item delete + +Delete this record from the database. + +=cut + +# the delete method can be inherited from FS::Record + +=item replace OLD_RECORD + +Replaces the OLD_RECORD with this one in the database. If there is an error, +returns the error, otherwise returns false. + +=cut + +# the replace method can be inherited from FS::Record + +=item check + +Checks all fields to make sure this is a valid certificate. If there is +an error, returns the error, otherwise returns false. Called by the insert +and replace methods. + +=cut + +# the check method should currently be supplied - FS::Record contains some +# data checking routines + +sub check { + my $self = shift; + + my $error = + $self->ut_numbern('svcnum') + || $self->ut_numbern('recnum') + || $self->ut_anything('privatekey') #XXX + || $self->ut_anything('csr') #XXX + || $self->ut_anything('certificate')#XXX + || $self->ut_anything('cacert') #XXX + || $self->ut_textn('common_name') + || $self->ut_textn('organization') + || $self->ut_textn('organization_unit') + || $self->ut_textn('city') + || $self->ut_textn('state') + || $self->ut_textn('country') #XXX char(2) or NULL + || $self->ut_textn('contact') + ; + return $error if $error; + + $self->SUPER::check; +} + +=item generate_privatekey [ KEYSIZE ] + +=cut + +use IPC::Run qw( run ); +use File::Temp; + +sub generate_privatekey { + my $self = shift; + my $keysize = (@_ && $_[0]) ? shift : 2048; + run( [qw( openssl genrsa ), $keysize], '>pipe'=>\*OUT, '2>'=>'/dev/null' ) + or die "error running openssl: $!"; + #XXX error checking + my $privatekey = join('', ); + $self->privatekey($privatekey); +} + +=item check_privatekey + +=cut + +sub check_privatekey { + my $self = shift; + my $in = $self->privatekey; + run( [qw( openssl rsa -check -noout)], '<'=>\$in, '>pipe'=>\*OUT, '2>'=>'/dev/null' ) + ;# or die "error running openssl: $!"; + + my $ok = ; + return ($ok =~ /key ok/); +} + +my %subj = ( + 'CN' => 'common_name', + 'O' => 'organization', + 'OU' => 'organization_unit', + 'L' => 'city', + 'ST' => 'state', + 'C' => 'country', +); + +sub subj { + my $self = shift; + + '/'. join('/', map { my $v = $self->get($subj{$_}); + $v =~ s/([=\/])/\\$1/; + "$_=$v"; + } + keys %subj + ); +} + +sub generate_csr { + my $self = shift; + my $in = $self->privatekey; + my $dir = $FS::UID::conf_dir. "/cache.". $FS::UID::datasrc; #XXX actual cache dir + my $fh = new File::Temp( + TEMPLATE => 'certkey.'. '.XXXXXXXX', + DIR => $dir, + ) or die "can't open temp file: $!\n"; + + run( [qw( openssl req -new -key ), $fh->filename, '-subj', $self->subj ], + '>pipe'=>\*OUT, '2>'=>'/dev/null' + ) + or die "error running openssl: $!"; + #XXX error checking + my $csr = join('', ); + $self->csr($csr); +} + +=back + +=head1 BUGS + +=head1 SEE ALSO + +L, schema.html from the base documentation. + +=cut + +1; + diff --git a/FS/MANIFEST b/FS/MANIFEST index b4bce287d..8fd672653 100644 --- a/FS/MANIFEST +++ b/FS/MANIFEST @@ -538,3 +538,5 @@ FS/svc_cert.pm t/svc_cert.t FS/part_pkg_discount.pm t/part_pkg_discount.t +FS/svc_cert.pm +t/svc_cert.t diff --git a/FS/t/svc_cert.t b/FS/t/svc_cert.t new file mode 100644 index 000000000..05831d1e8 --- /dev/null +++ b/FS/t/svc_cert.t @@ -0,0 +1,5 @@ +BEGIN { $| = 1; print "1..1\n" } +END {print "not ok 1\n" unless $loaded;} +use FS::svc_cert; +$loaded=1; +print "ok 1\n"; diff --git a/eg/table_template-svc.pm b/eg/table_template-svc.pm index 7e10275cd..1470b6f37 100644 --- a/eg/table_template-svc.pm +++ b/eg/table_template-svc.pm @@ -73,6 +73,7 @@ sub table_info { 'disable_default' => 1, #disable switches 'disable_fixed' => 1, # 'disable_inventory' => 1, # + 'disable_select' => 1, # }, 'foreign_key' => { 'label' => 'Description', diff --git a/httemplate/edit/part_svc.cgi b/httemplate/edit/part_svc.cgi index 940ea8d25..e14acb5a9 100755 --- a/httemplate/edit/part_svc.cgi +++ b/httemplate/edit/part_svc.cgi @@ -15,6 +15,7 @@ Disable new orders Service definitions are the templates for items you offer to your customers.
  • svc_acct - Accounts - anything with a username (Mailboxes, PPP accounts, shell accounts, RADIUS entries for broadband, etc.)
  • svc_domain - Domains +
  • svc_cert - Certificates
  • svc_forward - Mail forwarding
  • svc_mailinglist - Mailing list
  • svc_www - Virtual domain website diff --git a/httemplate/edit/process/svc_cert.cgi b/httemplate/edit/process/svc_cert.cgi new file mode 100644 index 000000000..1bf749f96 --- /dev/null +++ b/httemplate/edit/process/svc_cert.cgi @@ -0,0 +1,71 @@ +%if ( $popup ) { +% if ( $error ) { #should redirect back to the posting page? +<% include("/elements/header-popup.html", "Error") %> +

    <% $error |h %> +

    +

    + + +% } else { +<% include('/elements/header-popup.html', $title ) %> + + +% } +%} elsif ( $error ) { +% $cgi->param('error', $error); +<% $cgi->redirect(popurl(2). "svc_cert.cgi?". $cgi->query_string ) %> +%} else { +%#change link when we make a non-generic view +%#<% $cgi->redirect(popurl(3). "view/svc_cert.cgi?$svcnum") %> +<% $cgi->redirect(popurl(3). "view/svc_Common.html?svcdb=svc_cert;svcnum=$svcnum") %> +% } +<%init> + +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Provision customer service'); #something else more specific? + +$cgi->param('svcnum') =~ /^(\d*)$/ or die "Illegal svcnum!"; +my $svcnum = $1; + +my $new = new FS::svc_cert ( { + map { + $_, scalar($cgi->param($_)); + } ( fields('svc_cert'), qw( pkgnum svcpart ) ) +} ); + +my $old = ''; +if ( $svcnum ) { + $old = qsearchs('svc_cert', { 'svcnum' => $svcnum } ) #agent virt; + or die 'unknown svcnum'; + $new->$_( $old->$_ ) for grep $old->$_, qw( privatekey ); +} + +my $popup = 0; +my $title = ''; +if ( $cgi->param('privatekey') eq '_generate' ) { #generate + $popup = 1; + $title = 'Key generated'; + + $cgi->param('keysize') =~ /^(\d+)$/ or die 'illegal keysize'; + my $keysize = $1; + $new->generate_privatekey($keysize); + +} elsif ( $cgi->param('privatekey') =~ /\S/ ) { #import + $popup = 1; + $title = 'Key imported'; + + $new->privatekey( $cgi->param('privatekey') ); + +} #elsif ( $cgi->param('privatekey') eq '_clear' ) { #import + +my $error = ''; +if ($cgi->param('svcnum')) { + $error = $new->replace(); +} else { + $error = $new->insert; + $svcnum = $new->svcnum; +} + + diff --git a/httemplate/edit/svc_cert.cgi b/httemplate/edit/svc_cert.cgi new file mode 100644 index 000000000..89460f3e3 --- /dev/null +++ b/httemplate/edit/svc_cert.cgi @@ -0,0 +1,174 @@ +<% include('/elements/header.html', "$action $svc", '') %> + +<% include('/elements/error.html') %> + +

    + + + + +<% ntable("#cccccc",2) %> + + + Private key + +% if ( $svc_cert->privatekey && $svc_cert->check_privatekey ) { + Verification OK +% # remove key & cert link? just unprovision? + + + +% my $cust_main = $svc_cert->cust_svc->cust_pkg->cust_main; + + + Organization + + + + + Organization Unit + + + + + City + <% include('/elements/city.html', + 'city' => $svc_cert->city || $cust_main->city, + 'state' => $svc_cert->state || $cust_main->state, + 'country' => $svc_cert->country || $cust_main->country, + ) + %> + + + + + State + <% include('/elements/select-state.html', + 'city' => $svc_cert->city || $cust_main->city, + 'state' => $svc_cert->state || $cust_main->state, + 'country' => $svc_cert->country || $cust_main->country, + ) + %> + + + + + City + <% include('/elements/select-country.html', + 'city' => $svc_cert->city || $cust_main->city, + 'state' => $svc_cert->state || $cust_main->state, + 'country' => $svc_cert->country || $cust_main->country, + ) + %> + + + +% } else { +% my $re = ''; +% if ( $svc_cert->privatekey ) { + Verification error +% $re = 'Clear and Re-'; +% } + <% include('/elements/popup_link.html', { + 'action' => "svc_cert/generate_privatekey.html$link_query", + 'label' => $re.'Generate', + 'actionlabel' => 'Generate private key', + #opt + 'width' => '350', + 'height' => '150' + #'color' => '#ff0000', + #'closetext' => 'Go Away', # the value '' removes the link + })%> + + or + + <% include('/elements/popup_link.html', { + 'action' => "svc_cert/import_privatekey.html$link_query", + 'label' => $re.'Import', + 'actionlabel' => 'Import private key', + #opt + 'width' => '544', + 'height' => '368', + #'color' => '#ff0000', + #'closetext' => 'Go Away', # the value '' removes the link + })%> +% if ( $svc_cert->privatekey ) { +
    <% $svc_cert->privatekey |h %>
    +% } + + +% } + + +
    + + + +
    + +<% include('/elements/footer.html') %> + +<%init> + +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Provision customer service'); #something else more specific? + +my $conf = new FS::Conf; + +my($svcnum, $pkgnum, $svcpart, $part_svc, $svc_cert ); +if ( $cgi->param('error') ) { + + $svc_cert = new FS::svc_cert ( { + map { $_, scalar($cgi->param($_)) } fields('svc_cert') + } ); + $svcnum = $svc_cert->svcnum; + $pkgnum = $cgi->param('pkgnum'); + $svcpart = $cgi->param('svcpart'); + $part_svc = qsearchs('part_svc', { 'svcpart' => $svcpart } ); + die "No part_svc entry!" unless $part_svc; + +} elsif ( $cgi->param('pkgnum') && $cgi->param('svcpart') ) { #adding + + $cgi->param('pkgnum') =~ /^(\d+)$/ or die 'unparsable pkgnum'; + $pkgnum = $1; + $cgi->param('svcpart') =~ /^(\d+)$/ or die 'unparsable svcpart'; + $svcpart = $1; + + $part_svc=qsearchs('part_svc',{'svcpart'=>$svcpart}); + die "No part_svc entry!" unless $part_svc; + + $svc_cert = new FS::svc_cert({}); + + $svcnum=''; + + $svc_cert->set_default_and_fixed; + +} else { #editing + + my($query) = $cgi->keywords; + $query =~ /^(\d+)$/ or die "unparsable svcnum"; + $svcnum=$1; + $svc_cert=qsearchs('svc_cert',{'svcnum'=>$svcnum}) + or die "Unknown (svc_cert) svcnum!"; + + my($cust_svc)=qsearchs('cust_svc',{'svcnum'=>$svcnum}) + or die "Unknown (cust_svc) svcnum!"; + + $pkgnum=$cust_svc->pkgnum; + $svcpart=$cust_svc->svcpart; + + $part_svc=qsearchs('part_svc',{'svcpart'=>$svcpart}); + die "No part_svc entry!" unless $part_svc; + +} +my $action = $svcnum ? 'Edit' : 'Add'; + +my $svc = $part_svc->getfield('svc'); + +#my $otaker = getotaker; + +my $p1 = popurl(1); + +my $link_query = "?svcnum=$svcnum;pkgnum=$pkgnum;svcpart=$svcpart"; + + diff --git a/httemplate/edit/svc_cert/generate_privatekey.html b/httemplate/edit/svc_cert/generate_privatekey.html new file mode 100644 index 000000000..45414e773 --- /dev/null +++ b/httemplate/edit/svc_cert/generate_privatekey.html @@ -0,0 +1,34 @@ +<% include('/elements/header-popup.html', 'Generate private key' ) %> + +
    + + + + + + + +Key size: + +

    + + +
    + + +<%init> + +$cgi->param('svcnum') =~ /^(\d*)$/ or die 'illegal svcnum'; +my $svcnum = $1; +$cgi->param('pkgnum') =~ /^(\d*)$/ or die 'illegal pkgnum'; +my $pkgnum = $1; +$cgi->param('svcpart') =~ /^(\d*)$/ or die 'illegal svcpart'; +my $svcpart = $1; + + + diff --git a/httemplate/edit/svc_cert/import_privatekey.html b/httemplate/edit/svc_cert/import_privatekey.html new file mode 100644 index 000000000..52e6002f8 --- /dev/null +++ b/httemplate/edit/svc_cert/import_privatekey.html @@ -0,0 +1,28 @@ +<% include('/elements/header-popup.html', 'Import private key' ) %> + +<% include('/elements/error.html') %> + +
    + + + + + + + +

    + + +
    + + +<%init> + +$cgi->param('svcnum') =~ /^(\d*)$/ or die 'illegal svcnum'; +my $svcnum = $1; +$cgi->param('pkgnum') =~ /^(\d*)$/ or die 'illegal pkgnum'; +my $pkgnum = $1; +$cgi->param('svcpart') =~ /^(\d*)$/ or die 'illegal svcpart'; +my $svcpart = $1; + + diff --git a/httemplate/elements/popup_link-cust_svc.html b/httemplate/elements/popup_link-cust_svc.html index 8255ffc04..39c0d3181 100644 --- a/httemplate/elements/popup_link-cust_svc.html +++ b/httemplate/elements/popup_link-cust_svc.html @@ -4,16 +4,16 @@ Example: include('/elements/init_overlib.html') - include( '/elements/svc_popup_link.html', { #hashref or a list, either way + include('/elements/popup_link-cust_svc.html', { #hashref or a list, either way #required 'action' => 'content.html', # uri for content of popup which should # be suitable for appending '?svcnum=' 'label' => 'click me', # text of tag - 'cust_svc' => $cust_svc # a FS::cust_svc object + 'cust_svc' => $cust_svc # a FS::cust_svc object or FS::svc_* object #strongly recommended (you want a title, right?) - 'actionlabel => 'You clicked', # popup title + 'actionlabel' => 'You clicked', # popup title #opt 'width' => '540', diff --git a/httemplate/view/elements/svc_Common.html b/httemplate/view/elements/svc_Common.html index 8a352f3fa..618d33eed 100644 --- a/httemplate/view/elements/svc_Common.html +++ b/httemplate/view/elements/svc_Common.html @@ -18,6 +18,10 @@ # defaults to "edit/$table.cgi?", will have svcnum appended 'edit_url' => + + #at the very bottom (well, as low as you can go from here) + 'html_foot' => '', + ) @@ -56,12 +60,14 @@ Unprovision this Service % foreach my $f ( @$fields ) { % -% my($field, $type); +% my($field, $type, $value); % if ( ref($f) ) { % $field = $f->{'field'}, +% $value = $f->{'value'} ? &{ $f->{'value'} }($svc_x) : $svc_x->$field; % $type = $f->{'type'} || 'text', % } else { % $field = $f; +% $value = $svc_x->$field; % $type = 'text'; % } % @@ -78,7 +84,7 @@ Unprovision this Service % #eventually more options for