From patchwork Thu Feb 18 16:24:26 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jonatan Schlag X-Patchwork-Id: 3901 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4DhKmg50Q5z3wps for ; Thu, 18 Feb 2021 16:24:51 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4DhKmf5lhrztg; Thu, 18 Feb 2021 16:24:50 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4DhKmf59FKz2xkD; Thu, 18 Feb 2021 16:24:50 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4DhKmd5Wdmz2xXd for ; Thu, 18 Feb 2021 16:24:49 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4DhKmd008Jznm; Thu, 18 Feb 2021 16:24:48 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1613665489; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=3Dd/hQgxVs6vMQQQbvjvITKpwUU0irJPPDgy4bRyQ74=; b=1cnxyRYlsVhljm1HRtC5Md8H29E9KIVy2qxM/xZvrCPYzsdRBQvhmf9N9ZxKVMg98Hj9pQ qY2pvBaiG9Z8BIDA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1613665489; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=3Dd/hQgxVs6vMQQQbvjvITKpwUU0irJPPDgy4bRyQ74=; b=ma6GIGH2znzRs/heXlyiXx+f2Sr5og2bLJGv/fbmIOX5Nmf8h/0bXk25WY8H1hoNTrwGwH 0KdZYG4G+W/wsB8TNMKEMZlv6Aua39SurYeMsl+XXTETkCI32GGBizNLvOhurzx7WLZO/3 fsIJSVbgfccXUDpymzcjAJG3gQqVElzhThItP5SxtNi+nQqcRbq2w32p5asogtUbFN/6Vo Y0W+kk8WDck3B+6TQo0rrHwZLnCt8Cz8dbKskA2fmS3v8LV7xMpuVBDdXEMSnPAhueKcyW j8kkaCLKXrG0wzotVjrihkvL/K25+HxaMApBFQyH1erDMjB3v7Yc9OpVR0hiFQ== From: Jonatan Schlag To: development@lists.ipfire.org Subject: [RFC PATCH 1/2] Add a cgi page to show a vpn certificate Date: Thu, 18 Feb 2021 17:24:26 +0100 Message-Id: <20210218162427.11327-1-jonatan.schlag@ipfire.org> MIME-Version: 1.0 X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" This page has the only usage to show a certificate of the ipsec vpn. It should decrease complexity of the vpnmain.cgi. This decrease might not be huge but at least there. This also should introduce usage of templates. Signed-off-by: Jonatan Schlag --- html/cgi-bin/vpn-show-cert.cgi | 132 ++++++++++++++++++++++++++++++ html/html/templates/vpn-cert.html | 14 ++++ 2 files changed, 146 insertions(+) create mode 100644 html/cgi-bin/vpn-show-cert.cgi create mode 100644 html/html/templates/vpn-cert.html diff --git a/html/cgi-bin/vpn-show-cert.cgi b/html/cgi-bin/vpn-show-cert.cgi new file mode 100644 index 000000000..4c3f99c5f --- /dev/null +++ b/html/cgi-bin/vpn-show-cert.cgi @@ -0,0 +1,132 @@ +#!/usr/bin/perl +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2007-2020 IPFire Team # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see . # +# # +############################################################################### + +use strict; +use HTML::Entities(); +use HTML::Template; + +# enable only the following on debugging purpose +#use warnings; +#use CGI::Carp 'fatalsToBrowser'; + +require '/var/ipfire/general-functions.pl'; +require "${General::swroot}/lang.pl"; +require "${General::swroot}/header.pl"; + +# Functions + +sub is_valid_cert_key { + my $key = $_[0]; + return 1; +} + +sub is_valid_ca_cert_key { + my $key = $_[0]; + return 1; +} + +my %color = (); +my %mainsettings = (); +my %cgiparams=(); +my %confighash=(); +my %cahash=(); + +# Initialize template +my $tmpl = HTML::Template->new( + filename => "/srv/web/ipfire/html/html/templates/vpn-cert.html", + die_on_bad_params => 0 +); + + +# Read-in main settings, for language, theme and colors. +&General::readhash("${General::swroot}/main/settings", \%mainsettings); +&General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color); + + +#Get GUI values +&Header::getcgihash(\%cgiparams); + + +if (($cgiparams{'ACTION'} eq "showCert" || + $cgiparams{'ACTION'} eq "showCaCert" || + $cgiparams{'ACTION'} eq "showRootCert" || + $cgiparams{'ACTION'} eq "showHostCert" )) { + + my $action = $cgiparams{'ACTION'}; + my $file = ""; + + if ($action eq "showRootCert"){ + $file = "${General::swroot}/ca/cacert.pem"; + } elsif ($action eq "showHostCert"){ + $file = "${General::swroot}/ca/cacert.pem"; + } elsif ($action eq "showCert" ){ + my $key = $cgiparams{'KEY'}; + if (is_valid_cert_key($key)){ + &General::readhasharray("${General::swroot}/vpn/config", \%confighash); + $file = "${General::swroot}/certs/$confighash{$key}[1]cert.pem"; + } else { + $tmpl->param(ERRORMESSAGE => $Lang::tr{'invalid key'}); + } + } elsif ($action eq "showCaCert"){ + my $key = $cgiparams{'KEY'}; + if (is_valid_ca_cert_key($key)){ + &General::readhasharray("${General::swroot}/vpn/caconfig", \%cahash); + $file = "${General::swroot}/ca/$cahash{$key}[0]cert.pem"; + } else { + $tmpl->param(ERRORMESSAGE => $Lang::tr{'invalid key'}); + } + } + + if (not "$file" eq "" && -f $file){ + my $output = `/usr/bin/openssl x509 -text -in $file`; + $output = &Header::cleanhtml($output,"y"); + + + + $tmpl->param(OUTPUT => $output); + + # Some translated strings + if ($action eq "showRootCert") { + $tmpl->param(L_TITLE => $Lang::tr{'root certificate'}); + } elsif ($action eq "showHostCert"){ + $tmpl->param(L_TITLE => $Lang::tr{'host certificate'}); + } elsif ($action eq "showCert"){ + $tmpl->param(L_TITLE => $Lang::tr{'cert'}); + } elsif ($action eq "showCaCert"){ + $tmpl->param(L_TITLE => $Lang::tr{'ca certificate'}); + } + + $tmpl->param(L_BACK => $Lang::tr{'back'}); + } + +} else { + + my $keys = join "\n", keys %cgiparams; + $tmpl->param(ERRORMESSAGE => "Invalid Paramter: \n $keys"); +} + +&Header::showhttpheaders(); +&Header::openpage($Lang::tr{'ipsec'}, 1, ''); + +# Print rendered template +print $tmpl->output(); + +&Header::closepage(); diff --git a/html/html/templates/vpn-cert.html b/html/html/templates/vpn-cert.html new file mode 100644 index 000000000..43ec759f1 --- /dev/null +++ b/html/html/templates/vpn-cert.html @@ -0,0 +1,14 @@ +
+ + + +

+ 
+            
+
+ +
+ +
+ +
\ No newline at end of file