From patchwork Thu Feb 18 16:24:27 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Jonatan Schlag <jonatan.schlag@ipfire.org>
X-Patchwork-Id: 3902
Return-Path: <development-bounces@lists.ipfire.org>
Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (P-384)
	 client-signature ECDSA (P-384))
	(Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK))
	by web04.haj.ipfire.org (Postfix) with ESMTPS id 4DhKmk1dtWz3wps
	for <patchwork@web04.haj.ipfire.org>; Thu, 18 Feb 2021 16:24:54 +0000 (UTC)
Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (P-384)
	 client-signature ECDSA (P-384))
	(Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK))
	by mail01.ipfire.org (Postfix) with ESMTPS id 4DhKmj6Qw6z26N;
	Thu, 18 Feb 2021 16:24:53 +0000 (UTC)
Received: from mail02.haj.ipfire.org (localhost [127.0.0.1])
	by mail02.haj.ipfire.org (Postfix) with ESMTP id 4DhKmj5qf0z2xqV;
	Thu, 18 Feb 2021 16:24:53 +0000 (UTC)
Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature ECDSA (P-384)
 client-signature ECDSA (P-384))
 (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK))
 by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4DhKmh3zBNz2xXd
 for <development@lists.ipfire.org>; Thu, 18 Feb 2021 16:24:52 +0000 (UTC)
Received: from [127.0.0.1] (localhost [127.0.0.1])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384)
 (No client certificate requested)
 by mail01.ipfire.org (Postfix) with ESMTPSA id 4DhKmh29WYz1VD;
 Thu, 18 Feb 2021 16:24:52 +0000 (UTC)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org;
 s=202003ed25519; t=1613665492;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:cc:mime-version:mime-version:
 content-transfer-encoding:content-transfer-encoding:
 in-reply-to:in-reply-to:references:references;
 bh=od49EgEJJzAlcpd6aqctUH4LPWa5WjNqdRAxtbAFiA0=;
 b=GDcYcctZn1ud0jSD/xayDBHTryyluq+woou+zy0gQF8IPAGVXpafvp72KKpsHtQVl3m2RG
 yD0QsHx6Tq2VLCAg==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org;
 s=202003rsa;
 t=1613665492;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:cc:mime-version:mime-version:
 content-transfer-encoding:content-transfer-encoding:
 in-reply-to:in-reply-to:references:references;
 bh=od49EgEJJzAlcpd6aqctUH4LPWa5WjNqdRAxtbAFiA0=;
 b=j9yZxVlCdHu71V++YG5gYu9xjA6ZXYsOnID3VT78obyzgHiCckJpCwyjbUtFfIgunp6e16
 yW0huOaAQsLBANSenurBKb/dnSqXXV+iH9qNx2RcuQpuR2HGmM77tQr40z8t9EWpO3Qn+9
 ZbfIgKjssKNXMVa94R5ncw558l18QstBKi/flsOTH7z8UEhBtsK5IqdHcf21ay0/GQmcn6
 jsJDydfxYVIPdy0s40LrPaxxspeKpzmvGbonwzxw5vTkyFCo361sm80IQaNFkfnHCuPjol
 9GMMGN455egP2n0ybbYnrCVWcoicm1FeF5GVJ9zgNSfA2BZfqETgi5HxUUNSRA==
From: Jonatan Schlag <jonatan.schlag@ipfire.org>
To: development@lists.ipfire.org
Subject: [RFC PATCH 2/2] Use new vpn-show-cert.cgi in vpnmain.cgi
Date: Thu, 18 Feb 2021 17:24:27 +0100
Message-Id: <20210218162427.11327-2-jonatan.schlag@ipfire.org>
In-Reply-To: <20210218162427.11327-1-jonatan.schlag@ipfire.org>
References: <20210218162427.11327-1-jonatan.schlag@ipfire.org>
MIME-Version: 1.0
X-BeenThere: development@lists.ipfire.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IPFire development talk <development.lists.ipfire.org>
List-Unsubscribe: <https://lists.ipfire.org/mailman/options/development>,
 <mailto:development-request@lists.ipfire.org?subject=unsubscribe>
List-Archive: <http://lists.ipfire.org/pipermail/development/>
List-Post: <mailto:development@lists.ipfire.org>
List-Help: <mailto:development-request@lists.ipfire.org?subject=help>
List-Subscribe: <https://lists.ipfire.org/mailman/listinfo/development>,
 <mailto:development-request@lists.ipfire.org?subject=subscribe>
Errors-To: development-bounces@lists.ipfire.org
Sender: "Development" <development-bounces@lists.ipfire.org>

Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
---
 html/cgi-bin/vpnmain.cgi | 81 ++++------------------------------------
 1 file changed, 8 insertions(+), 73 deletions(-)

diff --git a/html/cgi-bin/vpnmain.cgi b/html/cgi-bin/vpnmain.cgi
index db442e111..55993e852 100644
--- a/html/cgi-bin/vpnmain.cgi
+++ b/html/cgi-bin/vpnmain.cgi
@@ -638,28 +638,6 @@ END
 
 	UPLOADCA_ERROR:
 
-###
-### Display ca certificate
-###
-} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'show ca certificate'}) {
-	&General::readhasharray("${General::swroot}/vpn/caconfig", \%cahash);
-
-	if ( -f "${General::swroot}/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem") {
-		&Header::showhttpheaders();
-		&Header::openpage($Lang::tr{'ipsec'}, 1, '');
-		&Header::openbigbox('100%', 'left', '', '');
-		&Header::openbox('100%', 'left', "$Lang::tr{'ca certificate'}:");
-		my $output = `/usr/bin/openssl x509 -text -in ${General::swroot}/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem`;
-		$output = &Header::cleanhtml($output,"y");
-		print "<pre>$output</pre>\n";
-		&Header::closebox();
-		print "<div align='center'><a href='/cgi-bin/vpnmain.cgi'>$Lang::tr{'back'}</a></div>";
-		&Header::closebigbox();
-		&Header::closepage();
-		exit(0);
-	} else {
-		$errormessage = $Lang::tr{'invalid key'};
-	}
 
 ###
 ### Export ca certificate to browser
@@ -759,29 +737,6 @@ END
 		$errormessage = $Lang::tr{'invalid key'};
 	}
 
-###
-### Display root certificate
-###
-} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'show root certificate'} ||
-	$cgiparams{'ACTION'} eq $Lang::tr{'show host certificate'}) {
-	my $output;
-	&Header::showhttpheaders();
-	&Header::openpage($Lang::tr{'ipsec'}, 1, '');
-	&Header::openbigbox('100%', 'left', '', '');
-	if ($cgiparams{'ACTION'} eq $Lang::tr{'show root certificate'}) {
-		&Header::openbox('100%', 'left', "$Lang::tr{'root certificate'}:");
-		$output = `/usr/bin/openssl x509 -text -in ${General::swroot}/ca/cacert.pem`;
-	} else {
-		&Header::openbox('100%', 'left', "$Lang::tr{'host certificate'}:");
-		$output = `/usr/bin/openssl x509 -text -in ${General::swroot}/certs/hostcert.pem`;
-	}
-	$output = &Header::cleanhtml($output,"y");
-	print "<pre>$output</pre>\n";
-	&Header::closebox();
-	print "<div align='center'><a href='/cgi-bin/vpnmain.cgi'>$Lang::tr{'back'}</a></div>";
-	&Header::closebigbox();
-	&Header::closepage();
-	exit(0);
 
 ###
 ### Export root certificate to browser
@@ -1178,26 +1133,6 @@ END
 	print `/bin/cat ${General::swroot}/certs/$confighash{$cgiparams{'KEY'}}[1].p12`;
 	exit (0);
 
-###
-### Display certificate
-###
-} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'show certificate'}) {
-	&General::readhasharray("${General::swroot}/vpn/config", \%confighash);
-
-	if ( -f "${General::swroot}/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem") {
-		&Header::showhttpheaders();
-		&Header::openpage($Lang::tr{'ipsec'}, 1, '');
-		&Header::openbigbox('100%', 'left', '', '');
-		&Header::openbox('100%', 'left', "$Lang::tr{'cert'}:");
-		my $output = `/usr/bin/openssl x509 -text -in ${General::swroot}/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem`;
-		$output = &Header::cleanhtml($output,"y");
-		print "<pre>$output</pre>\n";
-		&Header::closebox();
-		print "<div align='center'><a href='/cgi-bin/vpnmain.cgi'>$Lang::tr{'back'}</a></div>";
-		&Header::closebigbox();
-		&Header::closepage();
-		exit(0);
-	}
 
 ###
 ### Export Certificate to browser
@@ -3047,9 +2982,9 @@ END
 	if (($confighash{$key}[4] eq 'cert') && ($confighash{$key}[2] ne '%auth-dn')) {
 		print <<END
 		<td align='center' $col>
-		<form method='post' action='$ENV{'SCRIPT_NAME'}'>
+		<form method='post' action='/cgi-bin/vpn-show-cert.cgi'>
 		<input type='image' name='$Lang::tr{'show certificate'}' src='/images/info.gif' alt='$Lang::tr{'show certificate'}' title='$Lang::tr{'show certificate'}' />
-		<input type='hidden' name='ACTION' value='$Lang::tr{'show certificate'}' />
+		<input type='hidden' name='ACTION' value='showCert' />
 		<input type='hidden' name='KEY' value='$key' />
 		</form>
 		</td>
@@ -3173,8 +3108,8 @@ EOF
 		<td class='base' $col1>$Lang::tr{'root certificate'}</td>
 		<td class='base' $col1>$casubject</td>
 		<td width='3%' align='center' $col1>
-			<form method='post' action='$ENV{'SCRIPT_NAME'}'>
-			<input type='hidden' name='ACTION' value='$Lang::tr{'show root certificate'}' />
+			<form method='post' action='/cgi-bin/vpn-show-cert.cgi'>
+			<input type='hidden' name='ACTION' value='showRootCert' />
 			<input type='image' name='$Lang::tr{'edit'}' src='/images/info.gif' alt='$Lang::tr{'show root certificate'}' title='$Lang::tr{'show root certificate'}' />
 			</form>
 		</td>
@@ -3206,8 +3141,8 @@ END
 		<td class='base' $col2>$Lang::tr{'host certificate'}</td>
 		<td class='base' $col2>$hostsubject</td>
 		<td width='3%' align='center' $col2>
-			<form method='post' action='$ENV{'SCRIPT_NAME'}'>
-			<input type='hidden' name='ACTION' value='$Lang::tr{'show host certificate'}' />
+			<form method='post' action='/cgi-bin/vpn-show-cert.cgi'>
+			<input type='hidden' name='ACTION' value='showHostCert' />
 			<input type='image' name='$Lang::tr{'show host certificate'}' src='/images/info.gif' alt='$Lang::tr{'show host certificate'}' title='$Lang::tr{'show host certificate'}' />
 			</form>
 		</td>
@@ -3245,9 +3180,9 @@ END
 			print "<td class='base' $col>$cahash{$key}[1]</td>\n";
 			print <<END
 			<td align='center' $col>
-			<form method='post' name='cafrm${key}a' action='$ENV{'SCRIPT_NAME'}'>
+			<form method='post' name='cafrm${key}a' action='/cgi-bin/vpn-show-cert.cgi'>
 			<input type='image' name='$Lang::tr{'show ca certificate'}' src='/images/info.gif' alt='$Lang::tr{'show ca certificate'}' title='$Lang::tr{'show ca certificate'}' />
-			<input type='hidden' name='ACTION' value='$Lang::tr{'show ca certificate'}' />
+			<input type='hidden' name='ACTION' value='showCaCert' />
 			<input type='hidden' name='KEY' value='$key' />
 			</form>
 			</td>