Skip to content

Commit

Permalink
StepCA plugin, initial commit
Browse files Browse the repository at this point in the history
  • Loading branch information
vpaprots committed Oct 9, 2024
1 parent 5a02d38 commit 215118e
Show file tree
Hide file tree
Showing 33 changed files with 2,599 additions and 0 deletions.
10 changes: 10 additions & 0 deletions security/step-certificates/Makefile
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
PLUGIN_NAME= step-certificates
PLUGIN_VERSION= 1.0
PLUGIN_COMMENT= StepCA Certificate Authority for OPNSense
PLUGIN_DEPENDS= security/step-certificates \
security/step-kms \
devel/pcsc-lite
# security/py-yubikey-manager
PLUGIN_MAINTAINER= step-opn@papro.ca

.include "../../Mk/plugins.mk"
8 changes: 8 additions & 0 deletions security/step-certificates/pkg-descr
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
StepCA Certificates for OPNSense

Plugin Changelog
================

1.0

* Initial release
70 changes: 70 additions & 0 deletions security/step-certificates/src/etc/inc/plugins.inc.d/stepca.inc
Original file line number Diff line number Diff line change
@@ -0,0 +1,70 @@
<?php

/**
* Copyright (C) 2024 Volodymyr Paprotski
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
* INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
* AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
* OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*/

function stepca_enabled()
{
global $config;

return isset($config['OPNsense']['StepCA']['CA']['general']['Enabled']) &&
$config['OPNsense']['StepCA']['CA']['general']['Enabled'] == 1;
}

/**
* register legacy service
* @return array
*/
function stepca_services()
{
$services = array();

if (!stepca_enabled()) {
return $services;
}

$services[] = array(
'description' => gettext('StepCA'),
'pidfile' => '/var/run/step_ca.pid',
'configd' => array(
'restart' => array('stepca restart'),
'start' => array('stepca start'),
'stop' => array('stepca stop'),
),
'name' => 'stepca',
);

return $services;
}

function stepca_xmlrpc_sync()
{
$result = array();
$result['id'] = 'stepca';
$result['section'] = 'OPNsense.stepca';
$result['description'] = gettext('StepCA');
return array($result);
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,43 @@
<?php

/**
* Copyright (C) 2024 Volodymyr Paprotski
*
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
* INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
* AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
* OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*
*/

namespace OPNsense\StepCA\Api;

use OPNsense\Base\ApiMutableModelControllerBase;

/**
* settings controller for StepCA
* @package OPNsense\StepCA
*/
class InitializeController extends ApiMutableModelControllerBase
{
protected static $internalModelName = 'Initialize';
protected static $internalModelClass = 'OPNsense\StepCA\Initialize';
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,109 @@
<?php

/**
* Copyright (C) 2024 Volodymyr Paprotski
*
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
* INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
* AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
* OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*
*/

namespace OPNsense\StepCA\Api;

use OPNsense\Base\ApiMutableServiceControllerBase;
use OPNsense\Core\Backend;

/**
* Class ServiceController
* @package OPNsense\StepCA
*/
class ServiceController extends ApiMutableServiceControllerBase
{
protected static $internalServiceClass = '\OPNsense\StepCA\StepCA';
protected static $internalServiceTemplate = 'OPNsense/StepCA';
protected static $internalServiceEnabled = 'Enabled';
protected static $internalServiceName = 'stepca';

// protected function reconfigureForceRestart()
// {
// return 1;
// }

public function initcaAction()
{
if ($this->request->isPost()) {
$bckresult = json_decode(trim((new Backend())->configdRun("stepca initca")), true);
if ($bckresult !== null) {
// only return valid json type responses
return $bckresult;
}
}
return ["message" => "unable to run config action"];
}

// Copy of original reconfigure,
// added failure detection
public function reconfigureAction()
{
if (true || $this->request->isPost()) {
$this->sessionClose();

$backend = new Backend();

if (!$this->serviceEnabled() || $this->reconfigureForceRestart()) {
$backend->configdRun(escapeshellarg(static::$internalServiceName) . ' stop');
}

if ($this->invokeInterfaceRegistration()) {
$backend->configdRun('interface invoke registration');
}

if (!empty(static::$internalServiceTemplate)) {
$result = trim($backend->configdpRun('template reload', [static::$internalServiceTemplate]) ?? '');
if ($result !== 'OK') {
throw new UserException(sprintf(
gettext('Template generation failed for internal service "%s". See backend log for details.'),
static::$internalServiceName
), gettext('Configuration exception'));
}
}

$status = 'ok';
if ($this->serviceEnabled()) {
$runStatus = $this->statusAction();
if ($runStatus['status'] != 'running') {
$response = $backend->configdRun(escapeshellarg(static::$internalServiceName) . ' start');
} else {
$response = $backend->configdRun(escapeshellarg(static::$internalServiceName) . ' reload');
}
if (trim($response) !== 'OK') {
$status = 'failed';
}
}

return array('status' => $status);
} else {
return array('status' => 'failed');
}
}
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,73 @@
<?php

/**
* Copyright (C) 2024 Volodymyr Paprotski
*
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
* INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
* AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
* OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*
*/

namespace OPNsense\StepCA\Api;

use OPNsense\Base\ApiMutableModelControllerBase;

/**
* settings controller for StepCA
* @package OPNsense\StepCA
*/
class SettingsController extends ApiMutableModelControllerBase
{
protected static $internalModelName = 'CA';
protected static $internalModelClass = 'OPNsense\StepCA\StepCA';

public function searchItemAction()
{
return $this->searchBase("provisioners.provisioner", array('Enabled', 'Name', 'Provisioner'), "Name");
}

public function setItemAction($uuid)
{
return $this->setBase("provisioner", "provisioners.provisioner", $uuid);
}

public function addItemAction()
{
return $this->addBase("provisioner", "provisioners.provisioner");
}

public function getItemAction($uuid = null)
{
return $this->getBase("provisioner", "provisioners.provisioner", $uuid);
}

public function delItemAction($uuid)
{
return $this->delBase("provisioners.provisioner", $uuid);
}

public function toggleItemAction($uuid, $enabled = null)
{
return $this->toggleBase("provisioners.provisioner", $uuid, $enabled);
}
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,46 @@
<?php

/**
* Copyright (C) 2024 Volodymyr Paprotski
*
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
* INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
* AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
* OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*
*/

namespace OPNsense\StepCA;

/**
* Class IndexController
* @package OPNsense\StepCA
*/
class GeneralController extends \OPNsense\Base\IndexController
{
public function indexAction()
{
// pick the volt template to serve
$this->view->pick('OPNsense/StepCA/general');
// fetch form data "general" in
$this->view->generalForm = $this->getForm("general");
}
}
Loading

0 comments on commit 215118e

Please sign in to comment.