I like this idea. One thing I’d like to mention while the idea is being discussed is that Windows allows stronger encryption if ECDSA certificates are used for RW connections.
For this reason, it would be nice if IPSec could use ECDSA.
Tom
On Feb 18, 2021, at 11:24 AM, Jonatan Schlag jonatan.schlag@ipfire.org wrote:
This page has the only usage to show a certificate of the ipsec vpn. It should decrease complexity of the vpnmain.cgi. This decrease might not be huge but at least there. This also should introduce usage of templates.
Signed-off-by: Jonatan Schlag jonatan.schlag@ipfire.org
html/cgi-bin/vpn-show-cert.cgi | 132 ++++++++++++++++++++++++++++++ html/html/templates/vpn-cert.html | 14 ++++ 2 files changed, 146 insertions(+) create mode 100644 html/cgi-bin/vpn-show-cert.cgi create mode 100644 html/html/templates/vpn-cert.html
diff --git a/html/cgi-bin/vpn-show-cert.cgi b/html/cgi-bin/vpn-show-cert.cgi new file mode 100644 index 000000000..4c3f99c5f --- /dev/null +++ b/html/cgi-bin/vpn-show-cert.cgi @@ -0,0 +1,132 @@ +#!/usr/bin/perl +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2007-2020 IPFire Team info@ipfire.org # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see http://www.gnu.org/licenses/. # +# # +###############################################################################
+use strict; +use HTML::Entities(); +use HTML::Template;
+# enable only the following on debugging purpose +#use warnings; +#use CGI::Carp 'fatalsToBrowser';
+require '/var/ipfire/general-functions.pl'; +require "${General::swroot}/lang.pl"; +require "${General::swroot}/header.pl";
+# Functions
+sub is_valid_cert_key {
- my $key = $_[0];
- return 1;
+}
+sub is_valid_ca_cert_key {
- my $key = $_[0];
- return 1;
+}
+my %color = (); +my %mainsettings = (); +my %cgiparams=(); +my %confighash=(); +my %cahash=();
+# Initialize template +my $tmpl = HTML::Template->new(
- filename => "/srv/web/ipfire/html/html/templates/vpn-cert.html",
- die_on_bad_params => 0
+);
+# Read-in main settings, for language, theme and colors. +&General::readhash("${General::swroot}/main/settings", %mainsettings); +&General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", %color);
+#Get GUI values +&Header::getcgihash(%cgiparams);
+if (($cgiparams{'ACTION'} eq "showCert" ||
- $cgiparams{'ACTION'} eq "showCaCert" ||
- $cgiparams{'ACTION'} eq "showRootCert" ||
- $cgiparams{'ACTION'} eq "showHostCert" )) {
my $action = $cgiparams{'ACTION'};my $file = "";if ($action eq "showRootCert"){$file = "${General::swroot}/ca/cacert.pem";} elsif ($action eq "showHostCert"){$file = "${General::swroot}/ca/cacert.pem";} elsif ($action eq "showCert" ){my $key = $cgiparams{'KEY'};if (is_valid_cert_key($key)){&General::readhasharray("${General::swroot}/vpn/config", \%confighash);$file = "${General::swroot}/certs/$confighash{$key}[1]cert.pem";} else {$tmpl->param(ERRORMESSAGE => $Lang::tr{'invalid key'});}} elsif ($action eq "showCaCert"){my $key = $cgiparams{'KEY'};if (is_valid_ca_cert_key($key)){&General::readhasharray("${General::swroot}/vpn/caconfig", \%cahash);$file = "${General::swroot}/ca/$cahash{$key}[0]cert.pem";} else {$tmpl->param(ERRORMESSAGE => $Lang::tr{'invalid key'});}}if (not "$file" eq "" && -f $file){my $output = `/usr/bin/openssl x509 -text -in $file`;$output = &Header::cleanhtml($output,"y");$tmpl->param(OUTPUT => $output);# Some translated stringsif ($action eq "showRootCert") {$tmpl->param(L_TITLE => $Lang::tr{'root certificate'});} elsif ($action eq "showHostCert"){$tmpl->param(L_TITLE => $Lang::tr{'host certificate'});} elsif ($action eq "showCert"){$tmpl->param(L_TITLE => $Lang::tr{'cert'});} elsif ($action eq "showCaCert"){$tmpl->param(L_TITLE => $Lang::tr{'ca certificate'});}$tmpl->param(L_BACK => $Lang::tr{'back'});}+} else {
- my $keys = join "\n", keys %cgiparams;
- $tmpl->param(ERRORMESSAGE => "Invalid Paramter: \n $keys");
+}
+&Header::showhttpheaders(); +&Header::openpage($Lang::tr{'ipsec'}, 1, '');
+# Print rendered template +print $tmpl->output();
+&Header::closepage(); diff --git a/html/html/templates/vpn-cert.html b/html/html/templates/vpn-cert.html new file mode 100644 index 000000000..43ec759f1 --- /dev/null +++ b/html/html/templates/vpn-cert.html @@ -0,0 +1,14 @@ +<div class="post">
<TMPL_IF NAME="ERRORMESSAGE">
<TMPL_VAR NAME="ERRORMESSAGE"><TMPL_ELSE>
<h2><TMPL_VAR NAME="L_TITLE"></h2>
<pre><TMPL_VAR NAME="OUTPUT"></pre></TMPL_IF>
+</div>
+<div align="center">
- <a href="/cgi-bin/vpnmain.cgi"><TMPL_VAR NAME="L_BACK"></a>
+</div> \ No newline at end of file -- 2.20.1