Expose certificate private key availability · 2bd2a62

+5 -0

scripts/ca_manager.sh

@@ -164,6 +164,11 @@ list_json() {
         printf ',"not_before":'; json_escape "$(cert_field "$cert" not_before)"
         printf ',"not_after":'; json_escape "$(cert_field "$cert" not_after)"
         printf ',"fingerprint_sha256":'; json_escape "$(cert_field "$cert" fingerprint)"
+        if [[ -f "$CA_DIR/issued/$name.key.pem" ]]; then
+            printf ',"has_private_key":true'
+        else
+            printf ',"has_private_key":false'
+        fi
         printf '}'
     done
     shopt -u nullglob


+14 -3

scripts/host_manager.pl

View

@@ -465,7 +465,7 @@ SQL
             status => clean_scalar($row->{certificate_status} || ''),
             not_after => clean_scalar($row->{not_after} || ''),
             fingerprint_sha256 => clean_scalar($row->{fingerprint_sha256} || ''),
-            has_private_key => json_bool(-f ca_issued_key_path($cert_id) ? 1 : 0),
+            has_private_key => json_bool(ca_private_key_exists($cert_id)),
         ) : ();
         push @rows, {
             vhost => $row->{vhost_fqdn},
@@ -505,7 +505,7 @@ sub certificate_payloads {
             not_after => $row->{not_after} || '',
             fingerprint_sha256 => $row->{fingerprint_sha256} || '',
             dns_names => [ certificate_dns_names($dbh, $id) ],
-            has_private_key => json_bool(-f ca_issued_key_path($id) ? 1 : 0),
+            has_private_key => json_bool(ca_private_key_exists($id)),
         };
     }
     return @certificates;
@@ -1170,6 +1170,12 @@ sub ca_issued_key_path {
     return ca_dir() . "/issued/$name.key.pem";
 }
 
+sub ca_private_key_exists {
+    my ($name) = @_;
+    return 0 unless clean_certificate_id($name || '');
+    return -f ca_issued_key_path($name) ? 1 : 0;
+}
+
 sub ca_manager_output {
     my (@args) = @_;
     my $script = ca_script_path();
@@ -3565,7 +3571,12 @@ sub app_html {
             </td>
             <td class="mono">${escapeHtml(cert.serial || '')}</td>
             <td class="mono ca-fingerprint">${escapeHtml(cert.fingerprint_sha256 || '')}</td>
-            <td><a class="linkbtn" href="/download/ca/cert/${encodeURIComponent(cert.name || '')}.crt">crt</a></td>
+            <td>
+              <div class="vhost-cert-links">
+                <a class="linkbtn" href="/download/ca/cert/${encodeURIComponent(cert.name || '')}.crt">crt</a>
+                ${cert.has_private_key ? `<a class="linkbtn" href="/download/ca/key/${encodeURIComponent(cert.name || '')}.key">key</a>` : ''}
+              </div>
+            </td>
           </tr>`;
         }).join('') : '<tr><td colspan="6" class="muted">No issued certificates.</td></tr>';
       } catch (e) {


	@@ -465,7 +465,7 @@ SQL
465	465	status => clean_scalar($row->{certificate_status} \|\| ''),
466	466	not_after => clean_scalar($row->{not_after} \|\| ''),
467	467	fingerprint_sha256 => clean_scalar($row->{fingerprint_sha256} \|\| ''),
468		- has_private_key => json_bool(-f ca_issued_key_path($cert_id) ? 1 : 0),
	468	+ has_private_key => json_bool(ca_private_key_exists($cert_id)),
469	469	) : ();
470	470	push @rows, {
471	471	vhost => $row->{vhost_fqdn},
	@@ -505,7 +505,7 @@ sub certificate_payloads {
505	505	not_after => $row->{not_after} \|\| '',
506	506	fingerprint_sha256 => $row->{fingerprint_sha256} \|\| '',
507	507	dns_names => [ certificate_dns_names($dbh, $id) ],
508		- has_private_key => json_bool(-f ca_issued_key_path($id) ? 1 : 0),
	508	+ has_private_key => json_bool(ca_private_key_exists($id)),
509	509	};
510	510	}
511	511	return @certificates;
	@@ -1170,6 +1170,12 @@ sub ca_issued_key_path {
1170	1170	return ca_dir() . "/issued/$name.key.pem";
1171	1171	}
1172	1172
	1173	+sub ca_private_key_exists {
	1174	+ my ($name) = @_;
	1175	+ return 0 unless clean_certificate_id($name \|\| '');
	1176	+ return -f ca_issued_key_path($name) ? 1 : 0;
	1177	+}
	1178	+
1173	1179	sub ca_manager_output {
1174	1180	my (@args) = @_;
1175	1181	my $script = ca_script_path();
	@@ -3565,7 +3571,12 @@ sub app_html {
3565	3571	</td>
3566	3572	<td class="mono">${escapeHtml(cert.serial \|\| '')}</td>
3567	3573	<td class="mono ca-fingerprint">${escapeHtml(cert.fingerprint_sha256 \|\| '')}</td>
3568		- <td><a class="linkbtn" href="/download/ca/cert/${encodeURIComponent(cert.name \|\| '')}.crt">crt</a></td>
	3574	+ <td>
	3575	+ <div class="vhost-cert-links">
	3576	+ <a class="linkbtn" href="/download/ca/cert/${encodeURIComponent(cert.name \|\| '')}.crt">crt</a>
	3577	+ ${cert.has_private_key ? `<a class="linkbtn" href="/download/ca/key/${encodeURIComponent(cert.name \|\| '')}.key">key</a>` : ''}
	3578	+ </div>
	3579	+ </td>
3569	3580	</tr>`;
3570	3581	}).join('') : '<tr><td colspan="6" class="muted">No issued certificates.</td></tr>';
3571	3582	} catch (e) {

	@@ -164,6 +164,11 @@ list_json() {
164	164	printf ',"not_before":'; json_escape "$(cert_field "$cert" not_before)"
165	165	printf ',"not_after":'; json_escape "$(cert_field "$cert" not_after)"
166	166	printf ',"fingerprint_sha256":'; json_escape "$(cert_field "$cert" fingerprint)"
	167	+ if [[ -f "$CA_DIR/issued/$name.key.pem" ]]; then
	168	+ printf ',"has_private_key":true'
	169	+ else
	170	+ printf ',"has_private_key":false'
	171	+ fi
167	172	printf '}'
168	173	done
169	174	shopt -u nullglob