lucaspalomodevelop/core
1
0
Fork 0
mirror of https://github.com/lucaspalomodevelop/core.git synced 2026-03-20 03:16:12 +00:00
Code Issues Packages Projects Releases Wiki Activity

System: Trust: Certificates - work in progress for https://github.com/opnsense/core/issues/7248

Browse Source
This commit is contained in:
Ad Schellevis 2024-02-27 18:41:03 +01:00
parent e0cee10ad1
commit 359954ddbb
6 changed files with 86 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
src/opnsense/mvc/app/controllers/OPNsense/Trust/Api/CertController.php
View File

@ -29,6 +29,7 @@
namespace OPNsense\Trust\Api;
use OPNsense\Base\ApiMutableModelControllerBase;
use OPNsense\Base\UserException;
/**
* Class CertController
@ -39,9 +40,15 @@ class CertController extends ApiMutableModelControllerBase
protected static $internalModelName = 'cert';
protected static $internalModelClass = 'OPNsense\Trust\Cert';
protected function setBaseHook($node)
{
throw new UserException("Not allowed to save yet", (string)$node->action);
}
public function searchAction()
{
return $this->searchBase('cert', ['descr', 'caref', 'valid_from', 'valid_to']);
return $this->searchBase('cert', ['descr', 'caref', 'name', 'valid_from', 'valid_to']);
}
public function getAction($uuid = null)
{

15
src/opnsense/mvc/app/controllers/OPNsense/Trust/forms/dialogCert.xml
View File

@ -1,4 +1,9 @@
<form>
<field>
<id>cert.action</id>
<label>Method</label>
<type>dropdown</type>
</field>
<field>
<type>header</type>
<label>General</label>
@ -8,6 +13,16 @@
<label>Description</label>
<type>text</type>
</field>
<field>
<id>cert.key</id>
<label>Key type</label>
<type>dropdown</type>
</field>
<field>
<id>cert.digest</id>
<label>Digest Algorithm</label>
<type>dropdown</type>
</field>
<field>
<id>cert.caref</id>
<label>Issuer</label>

24
src/opnsense/mvc/app/library/OPNsense/Trust/Store.php
View File

@ -31,7 +31,7 @@ namespace OPNsense\Trust;
use OPNsense\Core\Config;
/**
* Wrapper around legacy trust store
* Wrapper around [legacy] trust store
* @package OPNsense\Trust
*/
class Store
@ -125,4 +125,26 @@ class Store
}
return implode("\n", $chain);
}
/**
* Create a temporary config file, to help with calls that require properties that can only be set via the config file.
*
* @param $dn
* @return string The name of the temporary config file.
*/
public static function createTempOpenSSLconfig($extns = [])
{
// define temp filename to use for openssl.cnf and add extensions values to it
$configFilename = tempnam(sys_get_temp_dir(), 'ssl');
$template = file_get_contents('/usr/local/etc/ssl/opnsense.cnf');
foreach (array_keys($extns) as $extnTag) {
$template_extn = $extnTag . ' = ' . str_replace(array("\r", "\n"), '', $extns[$extnTag]);
// Overwrite the placeholders for this property
$template = str_replace('###OPNsense:' . $extnTag . '###', $template_extn, $template);
}
file_put_contents($configFilename, $template);
return $configFilename;
}
}

37
src/opnsense/mvc/app/models/OPNsense/Trust/Cert.xml
View File

@ -13,6 +13,42 @@
<crt type="TextField"/>
<csr type="TextField"/>
<prv type="TextField"/>
<action type="OptionField" volatile="true">
<default>internal</default>
<required>Y</required>
<OptionValues>
<internal>Create an internal Certificate</internal>
<external>Create a Certificate Signing Request</external>
<import>Import an existing Certificate</import>
<sign>Sign a Certificate Signing Request</sign>
</OptionValues>
</action>
<key type="OptionField" volatile="true">
<required>Y</required>
<default>RSA-2048</default>
<OptionValues>
<RSA-512>RSA-512</RSA-512>
<RSA-1024>RSA-1024</RSA-1024>
<RSA-2048>RSA-2048</RSA-2048>
<RSA-3072>RSA-3072</RSA-3072>
<RSA-4096>RSA-4096</RSA-4096>
<RSA-8192>RSA-8192</RSA-8192>
<EC-prime256v1>Elliptic Curve prime256v1</EC-prime256v1>
<EC-secp384r1>Elliptic Curve secp384r1</EC-secp384r1>
<EC-secp521r1>Elliptic Curve secp521r1</EC-secp521r1>
</OptionValues>
</key>
<digest type="OptionField" volatile="true">
<required>Y</required>
<default>sha256</default>
<OptionValues>
<sha1>SHA1</sha1>
<sha224>SHA224</sha224>
<sha256>SHA256</sha256>
<sha384>SHA384</sha384>
<sha512>SHA512</sha512>
</OptionValues>
</digest>
<city type="TextField" volatile="true">
<Mask>/^[^\x00-\x08\x0b\x0c\x0e-\x1f\n]*$/</Mask>
</city>
@ -43,6 +79,7 @@
<altnames_email type="TextField" volatile="true">
<Mask>/^[^\x00-\x08\x0b\x0c\x0e-\x1f]*$/</Mask>
</altnames_email>
<name type="TextField" volatile="true"/>
<valid_from type="TextField" volatile="true"/>
<valid_to type="TextField" volatile="true"/>
</cert>

3
src/opnsense/mvc/app/models/OPNsense/Trust/FieldTypes/CertificatesField.php
View File

@ -54,9 +54,10 @@ class CertificatesField extends ArrayField
if (!empty($cert_data)) {
$crt = @openssl_x509_parse($cert_data);
if ($crt !== null) {
// valid from/to
// valid from/to and name of this cert
$node->valid_from = $crt['validFrom_time_t'];
$node->valid_to = $crt['validTo_time_t'];
$node->name = $crt['name'];
foreach ($issue_map as $key => $target) {
if (!empty($crt['issuer'][$key])) {
$node->$target = $crt['issuer'][$key];

1
src/opnsense/mvc/app/views/OPNsense/Trust/cert.volt
View File

@ -57,6 +57,7 @@
<th data-column-id="uuid" data-type="string" data-identifier="true" data-visible="false">{{ lang._('ID') }}</th>
<th data-column-id="descr" data-type="string">{{ lang._('Description') }}</th>
<th data-column-id="caref" data-type="string">{{ lang._('Issuer') }}</th>
<th data-column-id="name" data-type="string">{{ lang._('Name') }}</th>
<th data-column-id="valid_from" data-type="datetime">{{ lang._('Valid from') }}</th>
<th data-column-id="valid_to" data-type="datetime">{{ lang._('Valid to') }}</th>
<th data-column-id="commands" data-width="7em" data-formatter="commands" data-sortable="false">{{ lang._('Commands') }}</th>