This page has the only usage to show a certificate of the ipsec vpn. It should decrease complexity of the vpnmain.cgi. This decrease might not be huge but at least there. This also should introduce usage of templates.
Signed-off-by: Jonatan Schlag jonatan.schlag@ipfire.org --- html/cgi-bin/vpn-show-cert.cgi | 132 ++++++++++++++++++++++++++++++ html/html/templates/vpn-cert.html | 14 ++++ 2 files changed, 146 insertions(+) create mode 100644 html/cgi-bin/vpn-show-cert.cgi create mode 100644 html/html/templates/vpn-cert.html
diff --git a/html/cgi-bin/vpn-show-cert.cgi b/html/cgi-bin/vpn-show-cert.cgi new file mode 100644 index 000000000..4c3f99c5f --- /dev/null +++ b/html/cgi-bin/vpn-show-cert.cgi @@ -0,0 +1,132 @@ +#!/usr/bin/perl +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2007-2020 IPFire Team info@ipfire.org # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see http://www.gnu.org/licenses/. # +# # +############################################################################### + +use strict; +use HTML::Entities(); +use HTML::Template; + +# enable only the following on debugging purpose +#use warnings; +#use CGI::Carp 'fatalsToBrowser'; + +require '/var/ipfire/general-functions.pl'; +require "${General::swroot}/lang.pl"; +require "${General::swroot}/header.pl"; + +# Functions + +sub is_valid_cert_key { + my $key = $_[0]; + return 1; +} + +sub is_valid_ca_cert_key { + my $key = $_[0]; + return 1; +} + +my %color = (); +my %mainsettings = (); +my %cgiparams=(); +my %confighash=(); +my %cahash=(); + +# Initialize template +my $tmpl = HTML::Template->new( + filename => "/srv/web/ipfire/html/html/templates/vpn-cert.html", + die_on_bad_params => 0 +); + + +# Read-in main settings, for language, theme and colors. +&General::readhash("${General::swroot}/main/settings", %mainsettings); +&General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", %color); + + +#Get GUI values +&Header::getcgihash(%cgiparams); + + +if (($cgiparams{'ACTION'} eq "showCert" || + $cgiparams{'ACTION'} eq "showCaCert" || + $cgiparams{'ACTION'} eq "showRootCert" || + $cgiparams{'ACTION'} eq "showHostCert" )) { + + my $action = $cgiparams{'ACTION'}; + my $file = ""; + + if ($action eq "showRootCert"){ + $file = "${General::swroot}/ca/cacert.pem"; + } elsif ($action eq "showHostCert"){ + $file = "${General::swroot}/ca/cacert.pem"; + } elsif ($action eq "showCert" ){ + my $key = $cgiparams{'KEY'}; + if (is_valid_cert_key($key)){ + &General::readhasharray("${General::swroot}/vpn/config", %confighash); + $file = "${General::swroot}/certs/$confighash{$key}[1]cert.pem"; + } else { + $tmpl->param(ERRORMESSAGE => $Lang::tr{'invalid key'}); + } + } elsif ($action eq "showCaCert"){ + my $key = $cgiparams{'KEY'}; + if (is_valid_ca_cert_key($key)){ + &General::readhasharray("${General::swroot}/vpn/caconfig", %cahash); + $file = "${General::swroot}/ca/$cahash{$key}[0]cert.pem"; + } else { + $tmpl->param(ERRORMESSAGE => $Lang::tr{'invalid key'}); + } + } + + if (not "$file" eq "" && -f $file){ + my $output = `/usr/bin/openssl x509 -text -in $file`; + $output = &Header::cleanhtml($output,"y"); + + + + $tmpl->param(OUTPUT => $output); + + # Some translated strings + if ($action eq "showRootCert") { + $tmpl->param(L_TITLE => $Lang::tr{'root certificate'}); + } elsif ($action eq "showHostCert"){ + $tmpl->param(L_TITLE => $Lang::tr{'host certificate'}); + } elsif ($action eq "showCert"){ + $tmpl->param(L_TITLE => $Lang::tr{'cert'}); + } elsif ($action eq "showCaCert"){ + $tmpl->param(L_TITLE => $Lang::tr{'ca certificate'}); + } + + $tmpl->param(L_BACK => $Lang::tr{'back'}); + } + +} else { + + my $keys = join "\n", keys %cgiparams; + $tmpl->param(ERRORMESSAGE => "Invalid Paramter: \n $keys"); +} + +&Header::showhttpheaders(); +&Header::openpage($Lang::tr{'ipsec'}, 1, ''); + +# Print rendered template +print $tmpl->output(); + +&Header::closepage(); diff --git a/html/html/templates/vpn-cert.html b/html/html/templates/vpn-cert.html new file mode 100644 index 000000000..43ec759f1 --- /dev/null +++ b/html/html/templates/vpn-cert.html @@ -0,0 +1,14 @@ +<div class="post"> + <TMPL_IF NAME="ERRORMESSAGE"> + <TMPL_VAR NAME="ERRORMESSAGE"> + <TMPL_ELSE> + <h2><TMPL_VAR NAME="L_TITLE"></h2> + <pre> + <TMPL_VAR NAME="OUTPUT"> + </pre> + </TMPL_IF> +</div> + +<div align="center"> + <a href="/cgi-bin/vpnmain.cgi"><TMPL_VAR NAME="L_BACK"></a> +</div> \ No newline at end of file