Skip to content

O
OpnSense
Commit b83fed8c authored by Ad Schellevis's avatar Ad Schellevis
Browse files
Options

(captiveportal, new) add generation of ssl certs on service start

parent 056eb77f
Hide whitespace changes
Inline Side-by-side
Showing with 74 additions and 0 deletions
src/etc/rc.d/captiveportal
View file @ b83fed8c
......@@ -57,12 +57,18 @@ captiveportal_start()
echo "Starting API dispatcher"
/usr/local/sbin/lighttpd -f /var/etc/lighttpd-api-dispatcher.conf
# generate ssl certificates
/usr/local/opnsense/scripts/OPNsense/CaptivePortal/generate_certs.php
# startup / bootstrap zones
for zoneid in $CPZONES
do
# bootstrap captiveportal jail
zonedirname="zone$zoneid"
echo "Install : zone $zoneid"
if [ ! -d $CPWORKDIR/$zonedirname ]; then
mkdir $CPWORKDIR/$zonedirname
fi
if [ -d $CPWORKDIR/$zonedirname/tmp ]; then
# remove temp (flush)
rm -rf $CPWORKDIR/$zonedirname/tmp
......
src/opnsense/scripts/OPNsense/CaptivePortal/generate_certs.php 0 → 100755
View file @ b83fed8c
#!/usr/local/bin/php
<?php
/**
* Copyright (C) 2015 Deciso B.V.
*
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
* INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
* AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
* OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*
*/
// use legacy code to generate certs and ca's
// eventually we need to replace this.
require_once("config.inc");
require_once("certs.inc");
require_once("legacy_bindings.inc");
use OPNsense\Core\Config;
global $config;
// traverse captive portal zones
$configObj = Config::getInstance()->object();
if (isset($configObj->OPNsense->captiveportal->zones)) {
foreach ($configObj->OPNsense->captiveportal->zones->children() as $zone) {
$cert_refid = (string)$zone->certificate;
$zone_id = (string)$zone->zoneid;
// if the zone has a certificate attached, search for its contents
if ($cert_refid != "") {
foreach ($configObj->cert as $cert) {
if ($cert_refid == (string)$cert->refid) {
// generate cert pem file
$pem_content = str_replace("\n\n", "\n", str_replace("\r", "", base64_decode((string)$cert->crt)));
$pem_content .= str_replace("\n\n", "\n", str_replace("\r", "", base64_decode((string)$cert->prv)));
$output_pem_filename = "/var/etc/cert-cp-zone" . $zone_id . ".pem" ;
file_put_contents($output_pem_filename, $pem_content);
chmod($output_pem_filename, 0600);
echo "certificate generated " .$output_pem_filename . "\n";
// generate ca pem file
if (!empty($cert->caref)) {
$output_pem_filename = "/var/etc/ca-cp-zone" . $zone_id . ".pem" ;
$ca = str_replace("\n\n", "\n", str_replace("\r", "", ca_chain($cert)));
file_put_contents($output_pem_filename, $pem_content);
chmod($output_pem_filename, 0600);
echo "certificate generated " .$output_pem_filename ."\n";
}
}
}
}
}
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

Technounit-GROUP 2023