Print the ocserv's certificate hash and key ID

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

1 files changed, 33 insertions, 0 deletions

diff --git a/applications/luci-ocserv/luasrc/model/cbi/ocserv/main.lua b/applications/luci-ocserv/luasrc/model/cbi/ocserv/main.lua
index a909649df..c4289f052 100644
--- a/applications/luci-ocserv/luasrc/model/cbi/ocserv/main.lua
+++ b/applications/luci-ocserv/luasrc/model/cbi/ocserv/main.lua
@@ -27,6 +27,39 @@ local e = s:taboption("general", Flag, "enable", translate("Enable server"))
 e.rmempty = false
 e.default = "1"
 
+local o_sha = s:taboption("general", DummyValue, "sha_hash", translate("Server's certificate SHA1 hash"),
+			  translate("That value should be communicated to the client to verify the server's certificate"))
+local o_pki = s:taboption("general", DummyValue, "pkid", translate("Server's Public Key ID"),
+			  translate("An alternative value to be communicated to the client to verify the server's certificate; this value only depends on the public key"))
+
+local fd = io.popen("/usr/bin/certtool -i --infile /etc/ocserv/server-cert.pem", "r")
+if fd then local ln
+	local found_sha = false
+	local found_pki = false
+	local complete = 0
+	while complete < 2 do
+		local ln = fd:read("*l")
+		if not ln then
+			break
+		elseif ln:match("SHA%-?1 fingerprint:") then
+			found_sha = true
+		elseif found_sha then
+			local hash = ln:match("([a-f0-9]+)")
+			o_sha.default = hash and hash:upper()
+			complete = complete + 1
+			found_sha = false
+		elseif ln:match("Public Key I[Dd]:") then
+			found_pki = true
+		elseif found_pki then
+			local hash = ln:match("([a-f0-9]+)")
+			o_pki.default = hash and hash:upper()
+			complete = complete + 1
+			found_pki = false
+		end
+	end
+	fd:close()
+end
+
 function m.on_commit(map)
 	luci.sys.call("/usr/bin/occtl reload  >/dev/null 2>&1")
 end