forked from zer.ooo/web
You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
128 lines
3.7 KiB
PHP
128 lines
3.7 KiB
PHP
<?php
|
|
|
|
|
|
namespace Eater\Glim\Handler\Panel\ConfigBuilder;
|
|
|
|
use Eater\Glim\Handler\Session;
|
|
use Eater\Glim\Model\Certificate;
|
|
use Eater\Glim\Model\CertificateQuery;
|
|
use Eater\Glim\Model\Server;
|
|
use Eater\Glim\Model\ServerQuery;
|
|
|
|
class Action extends Session
|
|
{
|
|
public function handle()
|
|
{
|
|
$zipFile = tempnam(sys_get_temp_dir(), '0zip');
|
|
$zip = new \ZipArchive();
|
|
$zip->open($zipFile, \ZipArchive::CREATE);
|
|
$cert = $this->post('cert');
|
|
|
|
if ($cert === null) {
|
|
$this->getResponse()
|
|
->withStatus(500)
|
|
->write('Stop messing with the form');
|
|
}
|
|
|
|
$wantEmbedded = $this->post('want-embedded');
|
|
|
|
$server = ServerQuery::create()->findOneByFingerprint($this->post('fingerprint'));
|
|
$name = $server->getFqdn();
|
|
|
|
if ($wantEmbedded !== null) {
|
|
$certModel = CertificateQuery::create()->findOneByUserAndName($this->getUser(), $cert);
|
|
$config = $this->getEmbeddedConfig($server, $certModel);
|
|
$name .= '-' . $certModel->getName() . '.' . $certModel->getSerial();
|
|
|
|
return $this->getResponse()
|
|
->withHeader('Content-Type', 'text/plain')
|
|
->withHeader('Content-Disposition', 'attachment; filename="' . $name . '-embedded.conf"')
|
|
->write($config);
|
|
}
|
|
|
|
|
|
$certModel = CertificateQuery::create()->findOneByUserAndName($this->getUser(), $cert);
|
|
$this->addClientCertificateData($zip, $certModel);
|
|
|
|
$name .= '-' . $certModel->getName() . '.' . $certModel->getSerial();
|
|
|
|
$this->fillZipWithCaAndConfig($zip, $server);
|
|
|
|
$zip->close();
|
|
|
|
$zipContents = file_get_contents($zipFile);
|
|
unlink($zipFile);
|
|
|
|
return $this->getResponse()
|
|
->withHeader('Content-Type', 'application/zip')
|
|
->withHeader('Content-Disposition', 'attachment; filename="' . $name . '.zip"')
|
|
->write($zipContents);
|
|
}
|
|
|
|
/**
|
|
* @param \ZipArchive $zip
|
|
* @param Server $server
|
|
*/
|
|
public function fillZipWithCaAndConfig($zip, $server)
|
|
{
|
|
$config = $this->getConfigForServerFingerprint($server);
|
|
$zip->addFromString('server.conf', $config);
|
|
$zip->addFromString('ca.crt', file_get_contents($this->getCore()->getBaseDir() . '/storage/ca/ca.crt'));
|
|
}
|
|
|
|
/**
|
|
* @param Server $server
|
|
* @param Certificate $cert
|
|
* @throws \Twig_Error_Loader
|
|
* @throws \Twig_Error_Runtime
|
|
* @throws \Twig_Error_Syntax
|
|
* @return string
|
|
*/
|
|
public function getEmbeddedConfig($server, $cert)
|
|
{
|
|
/** @var \Twig_Environment $twig */
|
|
$twig = $this->get('twig');
|
|
|
|
$parameters = [
|
|
'server' => $server,
|
|
'ca' => file_get_contents($this->getCore()->getBaseDir() . '/storage/ca/ca.crt'),
|
|
'cert' => $cert->getCertificate(),
|
|
'key' => '',
|
|
];
|
|
|
|
if ($cert->hasPrivateKey()) {
|
|
$parameters['key'] = $cert->getPrivateKey();
|
|
}
|
|
|
|
return $twig->render('etc/openvpn-client-embedded.conf.twig', $parameters);
|
|
}
|
|
|
|
/**
|
|
* @param Server $server
|
|
* @return string
|
|
*/
|
|
public function getConfigForServerFingerprint($server)
|
|
{
|
|
/** @var \Twig_Environment $twig */
|
|
$twig = $this->get('twig');
|
|
|
|
$config = $twig->render('etc/openvpn-client.conf.twig', [
|
|
'server' => $server
|
|
]);
|
|
|
|
return $config;
|
|
}
|
|
|
|
/**
|
|
* @param \ZipArchive $zip
|
|
* @param Certificate $cert
|
|
*/
|
|
public function addClientCertificateData($zip, $cert)
|
|
{
|
|
$zip->addFromString('client.crt', $cert->getCertificate());
|
|
|
|
if ($cert->hasPrivateKey()) {
|
|
$zip->addFromString('client.key', $cert->getPrivateKey());
|
|
}
|
|
}
|
|
} |