sipwise
/
ngcp-panel
mirror of https://github.com/sipwise/ngcp-panel.git
1
0
Fork 0
Code Issues Releases Wiki Activity

MT#6695 separate api/server certfile

Browse Source
ipeshinskaya/InvoiceTemplate5
Gerhard Jungwirth 11 years ago
parent 2fc4743183
commit 35c5ef8fe7
3 changed files with 13 additions and 8 deletions
Show Stats Download Patch File Download Diff File

2
lib/NGCP/Panel/Form/Administrator/APIDownDelete.pm
Unescape View File

@ -73,7 +73,7 @@ has_field 'ca.download' => (
has_field 'ca.description' => ( has_field 'ca.description' => (
type => 'Display', type => 'Display',
html => '<div class="ngcp-form-desc">The Server Certificate used to sign the above\'s Client Certificates. Needed if you want to verify the server connection in your API client, and the server certificate is not signed by a well-known CA or is self-signed.</div>', html => '<div class="ngcp-form-desc">The Server Certificate. Needed if you want to verify the server connection in your API client, and the server certificate is not signed by a well-known CA or is self-signed.</div>',
do_wrapper => 0, do_wrapper => 0,
do_label => 0, do_label => 0,
); );

14
lib/NGCP/Panel/Model/CA.pm
Unescape View File

@ -37,9 +37,12 @@ sub make_client {
$c->log->debug($tmpl); $c->log->debug($tmpl);
$client_signing_template->spew($tmpl); $client_signing_template->spew($tmpl);
my $client_cert = Path::Tiny->tempfile; my $client_cert = Path::Tiny->tempfile;
$command = sprintf 'certtool -c --load-privkey %s --outfile %s --load-ca-certificate %s --load-ca-privkey %s ' . $command = sprintf
'--template %s 1>&- 2>&-', $client_key->stringify, $client_cert->stringify, $c->config->{ssl}->{certfile}, 'certtool -c --load-privkey %s --outfile %s --load-ca-certificate %s --load-ca-privkey %s --template %s 1>&- 2>&-',
$c->config->{ssl}->{keyfile}, $client_signing_template->stringify; $client_key->stringify, $client_cert->stringify,
($c->config->{ssl}->{rest_api_certfile} || $c->config->{ssl}->{certfile}),
($c->config->{ssl}->{rest_api_keyfile} || $c->config->{ssl}->{keyfile}),
$client_signing_template->stringify;
$c->log->debug($command); $c->log->debug($command);
system $command; system $command;
my $cert = $client_cert->slurp . $client_key->slurp =~ s/.*(?=-----BEGIN RSA PRIVATE KEY-----)//mrs; my $cert = $client_cert->slurp . $client_key->slurp =~ s/.*(?=-----BEGIN RSA PRIVATE KEY-----)//mrs;
@ -55,7 +58,8 @@ sub make_pkcs12 {
my $cert_file = Path::Tiny->tempfile; my $cert_file = Path::Tiny->tempfile;
$cert_file->spew($cert); $cert_file->spew($cert);
my $p12_file = Path::Tiny->tempfile; my $p12_file = Path::Tiny->tempfile;
my $command = sprintf 'openssl pkcs12 -export -in %s -inkey %s -out %s -password pass:%s -name "NGCP API Client Certificate %d"', $cert_file->stringify, $cert_file->stringify, $p12_file->stringify, $pass, $serial; my $command = sprintf 'openssl pkcs12 -export -in %s -inkey %s -out %s -password pass:%s -name "NGCP API Client Certificate %d"',
$cert_file->stringify, $cert_file->stringify, $p12_file->stringify, $pass, $serial;
$c->log->debug($command); $c->log->debug($command);
system $command; system $command;
my $p12 = $p12_file->slurp({binmode => ":raw"}); my $p12 = $p12_file->slurp({binmode => ":raw"});
@ -68,7 +72,7 @@ sub make_pkcs12 {
sub get_server_cert { sub get_server_cert {
my ($self, $c) = @_; my ($self, $c) = @_;
my $cert_file = Path::Tiny->new($c->config->{ssl}->{certfile}); my $cert_file = Path::Tiny->new($c->config->{ssl}->{server_certfile} || $c->config->{ssl}->{certfile});
return $cert_file->slurp; return $cert_file->slurp;
} }

5
ngcp_panel.conf
Unescape View File

@ -81,6 +81,7 @@ log4perl.appender.Default.layout.ConversionPattern=%d{ISO8601} [%p] [%F +%L] %m{
</callflow> </callflow>
<ssl> <ssl>
keyfile /etc/ssl/ngcp/api/ca-key.pem rest_api_keyfile /etc/ssl/ngcp/api/ca-key.pem
certfile /etc/ssl/ngcp/api/ca-cert.pem rest_api_certfile /etc/ssl/ngcp/api/ca-cert.pem
server_certfile /etc/ssl/ngcp/api/ca-cert.pem
</ssl> </ssl>

Write Preview
Loading…
Cancel
Save