From mboxrd@z Thu Jan 1 00:00:00 1970 From: Jonatan Schlag To: development@lists.ipfire.org Subject: [RFC PATCH 1/2] Add a cgi page to show a vpn certificate Date: Thu, 18 Feb 2021 17:24:26 +0100 Message-ID: <20210218162427.11327-1-jonatan.schlag@ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============7570532905650195013==" List-Id: --===============7570532905650195013== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable This page has the only usage to show a certificate of the ipsec vpn. It should decrease complexity of the vpnmain.cgi. This decrease might not be huge but at least there. This also should introduce usage of templates. Signed-off-by: Jonatan Schlag --- html/cgi-bin/vpn-show-cert.cgi | 132 ++++++++++++++++++++++++++++++ html/html/templates/vpn-cert.html | 14 ++++ 2 files changed, 146 insertions(+) create mode 100644 html/cgi-bin/vpn-show-cert.cgi create mode 100644 html/html/templates/vpn-cert.html diff --git a/html/cgi-bin/vpn-show-cert.cgi b/html/cgi-bin/vpn-show-cert.cgi new file mode 100644 index 000000000..4c3f99c5f --- /dev/null +++ b/html/cgi-bin/vpn-show-cert.cgi @@ -0,0 +1,132 @@ +#!/usr/bin/perl +############################################################################= ### +# = # +# IPFire.org - A linux based firewall = # +# Copyright (C) 2007-2020 IPFire Team = # +# = # +# This program is free software: you can redistribute it and/or modify = # +# it under the terms of the GNU General Public License as published by = # +# the Free Software Foundation, either version 3 of the License, or = # +# (at your option) any later version. = # +# = # +# This program is distributed in the hope that it will be useful, = # +# but WITHOUT ANY WARRANTY; without even the implied warranty of = # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the = # +# GNU General Public License for more details. = # +# = # +# You should have received a copy of the GNU General Public License = # +# along with this program. If not, see . = # +# = # +############################################################################= ### + +use strict; +use HTML::Entities(); +use HTML::Template; + +# enable only the following on debugging purpose +#use warnings; +#use CGI::Carp 'fatalsToBrowser'; + +require '/var/ipfire/general-functions.pl'; +require "${General::swroot}/lang.pl"; +require "${General::swroot}/header.pl"; + +# Functions + +sub is_valid_cert_key { + my $key =3D $_[0]; + return 1; +} + +sub is_valid_ca_cert_key { + my $key =3D $_[0]; + return 1; +} + +my %color =3D (); +my %mainsettings =3D (); +my %cgiparams=3D(); +my %confighash=3D(); +my %cahash=3D(); + +# Initialize template +my $tmpl =3D HTML::Template->new( + filename =3D> "/srv/web/ipfire/html/html/templates/vpn-cert.html", + die_on_bad_params =3D> 0 +); + + +# Read-in main settings, for language, theme and colors. +&General::readhash("${General::swroot}/main/settings", \%mainsettings); +&General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/i= nclude/colors.txt", \%color); + + +#Get GUI values +&Header::getcgihash(\%cgiparams); + + +if (($cgiparams{'ACTION'} eq "showCert" || + $cgiparams{'ACTION'} eq "showCaCert" || + $cgiparams{'ACTION'} eq "showRootCert" || + $cgiparams{'ACTION'} eq "showHostCert" )) { + + my $action =3D $cgiparams{'ACTION'}; + my $file =3D ""; + + if ($action eq "showRootCert"){ + $file =3D "${General::swroot}/ca/cacert.pem"; + } elsif ($action eq "showHostCert"){ + $file =3D "${General::swroot}/ca/cacert.pem"; + } elsif ($action eq "showCert" ){ + my $key =3D $cgiparams{'KEY'}; + if (is_valid_cert_key($key)){ + &General::readhasharray("${General::swroot}/vpn/config", \%c= onfighash); + $file =3D "${General::swroot}/certs/$confighash{$key}[1]cer= t.pem"; + } else { + $tmpl->param(ERRORMESSAGE =3D> $Lang::tr{'invalid key'}); + } + } elsif ($action eq "showCaCert"){ + my $key =3D $cgiparams{'KEY'}; + if (is_valid_ca_cert_key($key)){ + &General::readhasharray("${General::swroot}/vpn/caconfig", \= %cahash); + $file =3D "${General::swroot}/ca/$cahash{$key}[0]cert.pem"; + } else { + $tmpl->param(ERRORMESSAGE =3D> $Lang::tr{'invalid key'}); + } + } + + if (not "$file" eq "" && -f $file){ + my $output =3D `/usr/bin/openssl x509 -text -in $file`; + $output =3D &Header::cleanhtml($output,"y"); + + + + $tmpl->param(OUTPUT =3D> $output); + + # Some translated strings + if ($action eq "showRootCert") { + $tmpl->param(L_TITLE =3D> $Lang::tr{'root certificate'}); + } elsif ($action eq "showHostCert"){ + $tmpl->param(L_TITLE =3D> $Lang::tr{'host certificate'}); + } elsif ($action eq "showCert"){ + $tmpl->param(L_TITLE =3D> $Lang::tr{'cert'}); + } elsif ($action eq "showCaCert"){ + $tmpl->param(L_TITLE =3D> $Lang::tr{'ca certificate'}); + } + + $tmpl->param(L_BACK =3D> $Lang::tr{'back'}); + } + +} else { + + my $keys =3D join "\n", keys %cgiparams; + $tmpl->param(ERRORMESSAGE =3D> "Invalid Paramter: \n $keys"); +} + +&Header::showhttpheaders(); +&Header::openpage($Lang::tr{'ipsec'}, 1, ''); + +# Print rendered template +print $tmpl->output(); + +&Header::closepage(); diff --git a/html/html/templates/vpn-cert.html b/html/html/templates/vpn-cert= .html new file mode 100644 index 000000000..43ec759f1 --- /dev/null +++ b/html/html/templates/vpn-cert.html @@ -0,0 +1,14 @@ +
+ + + +

+ 
+            
+
+ +
+ +
+ +
\ No newline at end of file --=20 2.20.1 --===============7570532905650195013==--