sipwise
/
ngcp-panel
mirror of https://github.com/sipwise/ngcp-panel.git
1
0
Fork 0
Code Issues Releases Wiki Activity

MT#6695 error checks on generating certificates

Browse Source
ipeshinskaya/InvoiceTemplate5
Gerhard Jungwirth 11 years ago
parent 35c5ef8fe7
commit 24ad811460
2 changed files with 33 additions and 4 deletions
Show Stats Download Patch File Download Diff File

11
lib/NGCP/Panel/Controller/Administrator.pm
Unescape View File

@ -227,7 +227,16 @@ sub api_key :Chained('base') :PathPart('api_key') :Args(0) {
my $cert; my $cert;
if ($c->req->body_parameters->{'gen.generate'}) { if ($c->req->body_parameters->{'gen.generate'}) {
$serial = time; $serial = time;
$cert = $c->model('CA')->make_client($c, $serial); try {
$cert = $c->model('CA')->make_client($c, $serial);
} catch ($e) {
NGCP::Panel::Utils::Message->error(
c => $c,
error => $e,
desc => $c->loc("Failed to generate client certificate."),
);
NGCP::Panel::Utils::Navigation::back_or($c, $c->uri_for('/administrator'));
}
my $updated; my $updated;
while (!$updated) { while (!$updated) {
try { try {

26
lib/NGCP/Panel/Model/CA.pm
Unescape View File

@ -29,7 +29,17 @@ sub COMPONENT {
sub make_client { sub make_client {
my ($self, $c, $serial) = @_; my ($self, $c, $serial) = @_;
my $client_key = Path::Tiny->tempfile; my $client_key = Path::Tiny->tempfile;
my $command = sprintf 'certtool -p --bits 3248 --outfile %s 1>&- 2>&-', $client_key->stringify; my $command = 'openssl x509 -noout -purpose -in ' . ($c->config->{ssl}->{rest_api_certfile} || $c->config->{ssl}->{certfile});
$c->log->debug($command);
my ($stdout, $stderr) = capture {
try {
system $command;
};
};
unless ($stdout =~ m/SSL (client|server) CA : Yes/) {
die [$c->loc('Cannot use the configured certificate for signing client certificates'), "showdetails"];
}
$command = sprintf 'certtool -p --bits 3248 --outfile %s 1>&- 2>&-', $client_key->stringify;
$c->log->debug($command); $c->log->debug($command);
system $command; system $command;
my $client_signing_template = Path::Tiny->tempfile; my $client_signing_template = Path::Tiny->tempfile;
@ -38,13 +48,23 @@ sub make_client {
$client_signing_template->spew($tmpl); $client_signing_template->spew($tmpl);
my $client_cert = Path::Tiny->tempfile; my $client_cert = Path::Tiny->tempfile;
$command = sprintf $command = sprintf
'certtool -c --load-privkey %s --outfile %s --load-ca-certificate %s --load-ca-privkey %s --template %s 1>&- 2>&-', 'certtool -c --load-privkey %s --outfile %s --load-ca-certificate %s --load-ca-privkey %s --template %s',
$client_key->stringify, $client_cert->stringify, $client_key->stringify, $client_cert->stringify,
($c->config->{ssl}->{rest_api_certfile} || $c->config->{ssl}->{certfile}), ($c->config->{ssl}->{rest_api_certfile} || $c->config->{ssl}->{certfile}),
($c->config->{ssl}->{rest_api_keyfile} || $c->config->{ssl}->{keyfile}), ($c->config->{ssl}->{rest_api_keyfile} || $c->config->{ssl}->{keyfile}),
$client_signing_template->stringify; $client_signing_template->stringify;
$c->log->debug($command); $c->log->debug($command);
system $command; my $exep;
($stdout, $stderr) = capture {
try {
system $command;
} catch ($e) {
$exep = $e;
};
};
$c->log->debug($stdout) if $stdout;
$c->log->warn($stderr) if $stderr;
die $exep if $exep;
my $cert = $client_cert->slurp . $client_key->slurp =~ s/.*(?=-----BEGIN RSA PRIVATE KEY-----)//mrs; my $cert = $client_cert->slurp . $client_key->slurp =~ s/.*(?=-----BEGIN RSA PRIVATE KEY-----)//mrs;
$client_cert->remove; $client_cert->remove;
$client_key->remove; $client_key->remove;

Write Preview
Loading…
Cancel
Save