[RFC PATCH 1/2] Add a cgi page to show a vpn certificate

public inbox for development@lists.ipfire.org
 help / color / mirror / Atom feed

From: Jonatan Schlag <jonatan.schlag@ipfire.org>
To: development@lists.ipfire.org
Subject: [RFC PATCH 1/2] Add a cgi page to show a vpn certificate
Date: Thu, 18 Feb 2021 17:24:26 +0100	[thread overview]
Message-ID: <20210218162427.11327-1-jonatan.schlag@ipfire.org> (raw)

[-- Attachment #1: Type: text/plain, Size: 6435 bytes --]

This page has the only usage to show a certificate of the ipsec vpn.
It should decrease complexity of the vpnmain.cgi. This decrease might
not be huge but at least there. This also should introduce usage of
templates.

Signed-off-by: Jonatan Schlag <jonatan.schlag(a)ipfire.org>
---
 html/cgi-bin/vpn-show-cert.cgi    | 132 ++++++++++++++++++++++++++++++
 html/html/templates/vpn-cert.html |  14 ++++
 2 files changed, 146 insertions(+)
 create mode 100644 html/cgi-bin/vpn-show-cert.cgi
 create mode 100644 html/html/templates/vpn-cert.html

diff --git a/html/cgi-bin/vpn-show-cert.cgi b/html/cgi-bin/vpn-show-cert.cgi
new file mode 100644
index 000000000..4c3f99c5f
--- /dev/null
+++ b/html/cgi-bin/vpn-show-cert.cgi
@@ -0,0 +1,132 @@
+#!/usr/bin/perl
+###############################################################################
+#                                                                             #
+# IPFire.org - A linux based firewall                                         #
+# Copyright (C) 2007-2020  IPFire Team  <info(a)ipfire.org>                     #
+#                                                                             #
+# This program is free software: you can redistribute it and/or modify        #
+# it under the terms of the GNU General Public License as published by        #
+# the Free Software Foundation, either version 3 of the License, or           #
+# (at your option) any later version.                                         #
+#                                                                             #
+# This program is distributed in the hope that it will be useful,             #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
+# GNU General Public License for more details.                                #
+#                                                                             #
+# You should have received a copy of the GNU General Public License           #
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
+#                                                                             #
+###############################################################################
+
+use strict;
+use HTML::Entities();
+use HTML::Template;
+
+# enable only the following on debugging purpose
+#use warnings;
+#use CGI::Carp 'fatalsToBrowser';
+
+require '/var/ipfire/general-functions.pl';
+require "${General::swroot}/lang.pl";
+require "${General::swroot}/header.pl";
+
+# Functions
+
+sub is_valid_cert_key {
+    my $key = $_[0];
+    return 1;
+}
+
+sub is_valid_ca_cert_key {
+    my $key = $_[0];
+    return 1;
+}
+
+my %color = ();
+my %mainsettings = ();
+my %cgiparams=();
+my %confighash=();
+my %cahash=();
+
+# Initialize template
+my $tmpl = HTML::Template->new(
+    filename => "/srv/web/ipfire/html/html/templates/vpn-cert.html",
+    die_on_bad_params => 0
+);
+
+
+# Read-in main settings, for language, theme and colors.
+&General::readhash("${General::swroot}/main/settings", \%mainsettings);
+&General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color);
+
+
+#Get GUI values
+&Header::getcgihash(\%cgiparams);
+
+
+if (($cgiparams{'ACTION'} eq "showCert" ||
+    $cgiparams{'ACTION'} eq "showCaCert" ||
+    $cgiparams{'ACTION'} eq "showRootCert" ||
+    $cgiparams{'ACTION'} eq "showHostCert" )) {
+
+        my $action = $cgiparams{'ACTION'};
+        my $file = "";
+
+        if ($action eq "showRootCert"){
+            $file = "${General::swroot}/ca/cacert.pem";
+        } elsif ($action eq "showHostCert"){
+            $file = "${General::swroot}/ca/cacert.pem";
+        } elsif ($action eq "showCert" ){
+            my $key = $cgiparams{'KEY'};
+            if (is_valid_cert_key($key)){
+                &General::readhasharray("${General::swroot}/vpn/config", \%confighash);
+                $file =  "${General::swroot}/certs/$confighash{$key}[1]cert.pem";
+            } else {
+                $tmpl->param(ERRORMESSAGE => $Lang::tr{'invalid key'});
+            }
+        } elsif ($action eq "showCaCert"){
+            my $key = $cgiparams{'KEY'};
+            if (is_valid_ca_cert_key($key)){
+                &General::readhasharray("${General::swroot}/vpn/caconfig", \%cahash);
+                $file = "${General::swroot}/ca/$cahash{$key}[0]cert.pem";
+            } else {
+                $tmpl->param(ERRORMESSAGE => $Lang::tr{'invalid key'});
+            }
+        }
+
+        if (not "$file" eq "" && -f $file){
+            my $output = `/usr/bin/openssl x509 -text -in $file`;
+            $output = &Header::cleanhtml($output,"y");
+
+
+
+            $tmpl->param(OUTPUT => $output);
+
+            # Some translated strings
+            if ($action eq "showRootCert") {
+                $tmpl->param(L_TITLE => $Lang::tr{'root certificate'});
+            } elsif ($action eq "showHostCert"){
+                $tmpl->param(L_TITLE => $Lang::tr{'host certificate'});
+            } elsif ($action eq "showCert"){
+                $tmpl->param(L_TITLE => $Lang::tr{'cert'});
+            } elsif ($action eq "showCaCert"){
+                $tmpl->param(L_TITLE => $Lang::tr{'ca certificate'});
+            }
+
+            $tmpl->param(L_BACK => $Lang::tr{'back'});
+        }
+
+} else {
+
+    my $keys = join "\n", keys %cgiparams;
+    $tmpl->param(ERRORMESSAGE => "Invalid Paramter: \n $keys");
+}
+
+&Header::showhttpheaders();
+&Header::openpage($Lang::tr{'ipsec'}, 1, '');
+
+# Print rendered template
+print $tmpl->output();
+
+&Header::closepage();
diff --git a/html/html/templates/vpn-cert.html b/html/html/templates/vpn-cert.html
new file mode 100644
index 000000000..43ec759f1
--- /dev/null
+++ b/html/html/templates/vpn-cert.html
@@ -0,0 +1,14 @@
+<div class="post">
+    <TMPL_IF NAME="ERRORMESSAGE">
+        <TMPL_VAR NAME="ERRORMESSAGE">
+    <TMPL_ELSE>
+    <h2><TMPL_VAR NAME="L_TITLE"></h2>
+        <pre>
+            <TMPL_VAR NAME="OUTPUT">
+        </pre>
+    </TMPL_IF>
+</div>
+
+<div align="center">
+    <a href="/cgi-bin/vpnmain.cgi"><TMPL_VAR NAME="L_BACK"></a>
+</div>
\ No newline at end of file
-- 
2.20.1

next             reply	other threads:[~2021-02-18 16:24 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-02-18 16:24 Jonatan Schlag [this message]
2021-02-18 16:24 ` [RFC PATCH 2/2] Use new vpn-show-cert.cgi in vpnmain.cgi Jonatan Schlag
2021-02-18 22:06 ` [RFC PATCH 1/2] Add a cgi page to show a vpn certificate Tom Rymes

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20210218162427.11327-1-jonatan.schlag@ipfire.org \
    --to=jonatan.schlag@ipfire.org \
    --cc=development@lists.ipfire.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox