security/acme-client: expose import feature to GUI

opnsense · Sep 28, 2021 · ae69739 · ae69739
1 parent 722debb
commit ae69739
Show file tree

Hide file tree

Showing 4 changed files with 51 additions and 0 deletions.
diff --git a/security/acme-client/pkg-descr b/security/acme-client/pkg-descr
@@ -8,6 +8,11 @@ WWW: https://github.com/acmesh-official/acme.sh
 Plugin Changelog
 ================
 
+3.2
+
+Added:
+* add button to (re-) import a certificate into the trust storage
+
 3.1
 
 Changed:

diff --git a/...lient/src/opnsense/mvc/app/controllers/OPNsense/AcmeClient/Api/CertificatesController.php b/...lient/src/opnsense/mvc/app/controllers/OPNsense/AcmeClient/Api/CertificatesController.php
@@ -172,4 +172,23 @@ public function automationAction($uuid)
         }
         return $result;
     }
+
+    /**
+     * (re-) import the certificate by uuid
+     * @param $uuid item unique id
+     * @return array status
+     */
+    public function importAction($uuid)
+    {
+        $result = array("result" => "failed");
+        $mdlAcme = new AcmeClient();
+        if ($uuid != null) {
+            $node = $mdlAcme->getNodeByReference('certificates.certificate.' . $uuid);
+            if ($node != null) {
+                $backend = new Backend();
+                $response = $backend->configdRun("acmeclient import ${uuid}");
+            }
+        }
+        return $result;
+    }
 }
diff --git a/security/acme-client/src/opnsense/mvc/app/views/OPNsense/AcmeClient/certificates.volt b/security/acme-client/src/opnsense/mvc/app/views/OPNsense/AcmeClient/certificates.volt
@@ -49,6 +49,7 @@ POSSIBILITY OF SUCH DAMAGE.
             revoke:'/api/acmeclient/certificates/revoke/',
             removekey:'/api/acmeclient/certificates/removekey/',
             automation:'/api/acmeclient/certificates/automation/',
+            import:'/api/acmeclient/certificates/import/',
         };
 
         var gridopt = {
@@ -62,6 +63,7 @@ POSSIBILITY OF SUCH DAMAGE.
                     return "<button type=\"button\" title=\"{{ lang._('Edit certificate') }}\" class=\"btn btn-xs btn-default command-edit bootgrid-tooltip\" data-row-id=\"" + row.uuid + "\"><span class=\"fa fa-pencil\"></span></button> " +
                         "<button type=\"button\" title=\"{{ lang._('Copy certificate') }}\" class=\"btn btn-xs btn-default command-copy bootgrid-tooltip\" data-row-id=\"" + row.uuid + "\"><span class=\"fa fa-clone\"></span></button>" +
                         "<button type=\"button\" title=\"{{ lang._('Issue or renew certificate') }}\" class=\"btn btn-xs btn-default command-sign bootgrid-tooltip\" data-row-id=\"" + row.uuid + "\"><span class=\"fa fa-repeat\"></span></button>" +
+                        "<button type=\"button\" title=\"{{ lang._('(Re-) Import certificate') }}\" class=\"btn btn-xs btn-default command-import bootgrid-tooltip\" data-row-id=\"" + row.uuid + "\"><span class=\"fa fa-certificate\"></span></button>" +
                         "<button type=\"button\" title=\"{{ lang._('Run automations') }}\" class=\"btn btn-xs btn-default command-automation bootgrid-tooltip\" data-row-id=\"" + row.uuid + "\"><span class=\"fa fa-paper-plane\"></span></button>" +
                         "<button type=\"button\" title=\"{{ lang._('Revoke certificate') }}\" class=\"btn btn-xs btn-default command-revoke bootgrid-tooltip\" data-row-id=\"" + row.uuid + "\"><span class=\"fa fa-power-off\"></span></button>" +
                         "<button type=\"button\" title=\"{{ lang._('Reset certificate') }}\" class=\"btn btn-xs btn-default command-removekey bootgrid-tooltip\" data-row-id=\"" + row.uuid + "\"><span class=\"fa fa-history\"></span></button>" +
@@ -397,6 +399,25 @@ POSSIBILITY OF SUCH DAMAGE.
                 }
             });
 
+            // import certificate into trust storage
+            grid_certificates.find(".command-import").on("click", function(e)
+            {
+                if (gridParams['import'] != undefined) {
+                    var uuid=$(this).data("row-id");
+                    stdDialogConfirm('{{ lang._('Confirmation Required') }}',
+                        '{{ lang._('(Re-) import the selected certificate into the trust storage?') }}',
+                        '{{ lang._('Yes') }}', '{{ lang._('Cancel') }}', function() {
+                        ajaxCall(url=gridParams['import'] + uuid,
+                            sendData={},callback=function(data,status){
+                                // reload grid after sign
+                                $("#"+gridId).bootgrid("reload");
+                            });
+                    });
+                } else {
+                    console.log("[grid] action import missing")
+                }
+            });
+
         });
 
         // Hide options that are irrelevant in this context.

diff --git a/security/acme-client/src/opnsense/service/conf/actions.d/actions_acmeclient.conf b/security/acme-client/src/opnsense/service/conf/actions.d/actions_acmeclient.conf
@@ -77,6 +77,12 @@ parameters:%s
 type:script
 message:running automations for a certificate
 
+[import]
+command:/usr/local/opnsense/scripts/OPNsense/AcmeClient/setup.sh; /usr/sbin/daemon -f /usr/local/opnsense/scripts/OPNsense/AcmeClient/lecert.php --mode import --cert
+parameters:%s
+type:script
+message:running import for a certificate
+
 [cron-auto-renew]
 command:/usr/local/opnsense/scripts/OPNsense/AcmeClient/setup.sh; /usr/sbin/daemon -f /usr/local/opnsense/scripts/OPNsense/AcmeClient/lecert.php --mode issue --all --cron
 parameters: