owsd: ubusproxy with demo only certificates

owsd/Makefile

@@ -61,6 +61,9 @@ define Package/owsd/install
 	$(INSTALL_CONF) ./files/owsd.config $(1)/etc/config/owsd
 	$(INSTALL_DIR) $(1)/etc/hotplug.d/iface
 	$(INSTALL_BIN) ./files/owsd.hotplug $(1)/etc/hotplug.d/iface/55-owsd
+ifeq ($(CONFIG_OWSD_UPROXYD),y)
+	$(CP) ./uproxy-files/* $(1)/
+endif
 endef
 
 define Package/owsd-testdata

owsd/files/owsd.config

@@ -5,8 +5,8 @@ config owsd 'global'
 #	option www_maxage '3600'
 
 # ubusproxy is enbaled if: enable = 1 or peer exists or path exists
-config ubusproxy 'ubusproxy'
-	option enable '0'
+#config ubusproxy 'ubusproxy'
+#	option enable '0'
 #	list peer 'wss://repeater_hostname/'
 #	list peer 'wss://192.168.1.101/'
 #	list object 'router.*'
@@ -30,12 +30,12 @@ config owsd-listen 'lan'
 	option whitelist_interface_as_origin '1'
 	option whitelist_dhcp_domains '1'
 
-config owsd-listen 'lan_8080'
-	option port '8080'
-	option interface 'lan'
-	option ipv6 'on'
-	option whitelist_interface_as_origin '1'
-	option whitelist_dhcp_domains '1'
+#config owsd-listen 'lan_8080'
+#	option port '8080'
+#	option interface 'lan'
+#	option ipv6 'on'
+#	option whitelist_interface_as_origin '1'
+#	option whitelist_dhcp_domains '1'
 
 #config owsd-listen 'lan_https'
 #	option port '443'

owsd/uproxy-files/etc/ubusx/ubusxDemoCA.crt

@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDHzCCAgegAwIBAgIJAKmrHnhgM9CZMA0GCSqGSIb3DQEBCwUAMCYxJDAiBgNV
+BAMMG3Jvb3QgQ0EgZm9yIGlvcHN5cyBnYXRld2F5czAeFw0xOTA0MjcxMDQ4MTJa
+Fw0yNzA3MTQxMDQ4MTJaMCYxJDAiBgNVBAMMG3Jvb3QgQ0EgZm9yIGlvcHN5cyBn
+YXRld2F5czCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM7i0RqyVvpl
+WVm4ioXV7H/5oII6nmlGb+eQM4p0QBujhyvwtT6z0L0KXwwWRGFdYBNChBfsi9zm
+AAhgQaR5D/QPRGDIiB69O3iBd2JFqzxo1rkN/nUMbZ2OplXRscmOs34yT68hV0ov
+nv0iAr06bzyoa2sxOfN262Ic2tKYG5UYtRVnbaX40U80DYm1tvoeJfZgTiZmeuky
+7t6PrWhJ+tfKdzK+IGDsIQ3k4k+3AfS8dwDEBbGocFhx+sOG/yv5OhGlZ3dH9toz
+Gq+xrkawoa0hkKKVOFhNINdHcPG0UH7iET779nsgylT/8OGkQG3vLSBkVJ8rAaAh
+j9vKBWdxIG0CAwEAAaNQME4wHQYDVR0OBBYEFMsfty2iwKt5U+WLdsYpgYVX1ZX2
+MB8GA1UdIwQYMBaAFMsfty2iwKt5U+WLdsYpgYVX1ZX2MAwGA1UdEwQFMAMBAf8w
+DQYJKoZIhvcNAQELBQADggEBALv1l6C94e6Xos4DkiIDToLQasO0nQLcq3eZhsa6
+XJgWnBcoe7p4iLXzHzutacwTj/mx+ptbLkyqPzvIsufKeQf3hat5ICtCLZOpOW55
+fPc4GY4TMixEJDzt3L5U89BXVFTSh7aY5KbphD9zQgYcy1IpkEEPtSOL8B8KWdHb
+lrW1AE9p7YLHb4YgtS6NjEN04a1wHug/flcfes4u9DOnmJzSih9p8UtQP86hjiPK
+C9znwLrbbrJANz4D6QSTtTT+qi8iQo68sKXYLyUC10Kp19pq1FMnfY1IkCcBDSip
+hbGdxwd4txkrl52YZyuo14mXRGP/c2lvEO0a1P6IpR2kMj4=
+-----END CERTIFICATE-----

owsd/uproxy-files/etc/ubusx/ubusxDemoCA.key

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEAzuLRGrJW+mVZWbiKhdXsf/mggjqeaUZv55AzinRAG6OHK/C1
+PrPQvQpfDBZEYV1gE0KEF+yL3OYACGBBpHkP9A9EYMiIHr07eIF3YkWrPGjWuQ3+
+dQxtnY6mVdGxyY6zfjJPryFXSi+e/SICvTpvPKhrazE583brYhza0pgblRi1FWdt
+pfjRTzQNibW2+h4l9mBOJmZ66TLu3o+taEn618p3Mr4gYOwhDeTiT7cB9Lx3AMQF
+sahwWHH6w4b/K/k6EaVnd0f22jMar7GuRrChrSGQopU4WE0g10dw8bRQfuIRPvv2
+eyDKVP/w4aRAbe8tIGRUnysBoCGP28oFZ3EgbQIDAQABAoIBACYwBcr4ukdT589A
+2gjkONhSeocvTMg/4S4MFwdqd97iK3Q35SyiwlfyjyLLBWo3cyF6+Kj118c5iS4C
+nns+gWxaWRPIUB/kbBLNSv0PwRDQhTn5VEvEtIMNrrROlZOPzJ/xp3W7IMKn0aAF
+5B2LqLa4m8NYfcrr23zruJSA0S6O4O9+E2ilI0bLwMPmSEbrRhDYvOUUTP5bqWAy
+DUcOZQp26LIbx9B1gBA9XcQADjSR59ZY0vUCh6Rhd9qmJ2ZVAj78hv7yLkGOUOwS
+O9LnvBQjb7AZ9YNntTx/YlNLtbEMLfhv1/tpBZ8jVa9ZvCNBWNmrzpSCIEzhcQUY
+jv+WGyECgYEA718+bHissVTet0kcuC18XCbdg7LelOws9aSo0ZgQaRCr7BjTXNMi
+NrQPira0QmGyWtQ5eoxLw0s44b8ol0I+zwqA9q5bRMvdNUaZxE01ObC0aaZx0Sex
+51exHN7knVyWS94kMGBYQRQW5ElrmOTUUFN9WOVwsIuhx22hUd8XZ4UCgYEA3UHf
+jWzbdWlOw8ZB7hOu6MS46IFuKdztblHu3n+qw65x9i6VHy5yL8+dDOiFa8earpyP
+bPNuDr0URTj6Xu4OzQ04gLXE3SXghSKZPSOq9UoJ56fw6wXq2Dtz5rFGD4Mt+WHR
+/NiWccKSkA+x0bu8ab2hYBIAeURfqSQfAcmiRckCgYEAmTElLBpWuu6L0lTyElTZ
+38fnwB87H6e+Zj7I48ojxnmq7WA99IwSu1ulDqs61bjcghCL8IfU/NkpQCAshBEb
+TTl1q2mOc4rcuPnD8sNOqusRqwOgl7CFxH50lPt459SXQ1qZYnRmRs/qjpMGT0Uz
+M20bLUc5RWM3WAArW9AglFkCgYAdk+XHqSq5SmeeIk3D/tueAFZbtpm8fO08lzVg
+hx6T5CkV6OpEbdgT7iQnipnza46RExrVTMGEtOAV1OUbdaWC4eaQxjvX+G1IPvTP
+SIpdGhWy4y+Aq5zWZTQ8PayI/FdUBDCnJWkPMhyXp5F04Szx0cjV5/IqQ+qp2MtQ
+WN0ZiQKBgQDT7UFw5svbtjzE6pcjImRSDI4BwmA8F6C7bkK3M5mu10k+/kr5jDGG
+xgByyY61TY3TpHKLOmuxqKb3nOy8umPlFt3P7xpYTuV5+dZRrbIFKtDy2uKkYi9E
+N5xyVfanlXhlU7JoJtc2Xtkdjr5SwESHjNSjR8jDG/sd7opjeltOZg==
+-----END RSA PRIVATE KEY-----

owsd/uproxy-files/etc/ubusx/ubusxDemoCA.srl

@@ -0,0 +1 @@
+514CD4028F0A688DAD8236D20F352623455A4D74

owsd/uproxy-files/etc/ubusx/ubusx_demo_only.crt

@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC+zCCAeMCFFFM1AKPCmiNrYI20g81JiNFWk10MA0GCSqGSIb3DQEBCwUAMCYx
+JDAiBgNVBAMMG3Jvb3QgQ0EgZm9yIGlvcHN5cyBnYXRld2F5czAeFw0xOTA2MjQx
+NzEwMjhaFw0yOTA2MjExNzEwMjhaME4xCzAJBgNVBAYTAlNFMRIwEAYDVQQIDAlT
+dG9ja2hvbG0xFTATBgNVBAoMDGlvcHN5cywgSW5jLjEUMBIGA1UEAwwLVUJVUy1Y
+IERlbW8wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDosnAz7cNKUCWZ
+9+qFs8PpV1J1o+Eq6Hv3Bc5ceNrPxcEsE2vDWQdl7QXU9Je++xILSxfvljHIUO7D
+8AOcH03NO3N0F1H4KhmYIRjTKogQL8y/YIGFkzL4bZXwXRtvzXxMYNtdX4Lbdiyc
+AtGTiSWJ3zBtShPGPFqgR4JpYmf3VaVy/f74tRdUL86rnVNaU5OIBMHGLLxwMf2Z
+w3MPKSNj1ATcNoegKvMvHpd7FE2o5lDgFkUV3b8QqcAFTrmLXx6mYYpo9Fo1KHrA
+6SiUP0KQ/lkQ28yfkvzmN4JpJtLpomzscn9nmJfbI5g3GezSGGFHDAyW/Y2c+VPN
+N9C9n/NhAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAFEBujnBMhFVqLUPnDM41Cd0
+ZzbY5n/haBN885xQP0tNdCJ9qN0L8dr8bDe1IR02WHZ4UIXzvOj20Nu2+AFP1OCG
+CEEPLTQwlaJhaBzhnfLaxb7XCHqVodKBiYDYLQLFNdY9wYOKvyNI5xXMtPbH5fUK
+GJA4bZTbL5c4iaqtdXwLE/6a9FCtfGsv9k70tPw+KYR4tcA2t3SS2Oe/bGRrj5yQ
+Tjy0P7R033S4GlrsCRa7sRGg8yd7TgNpGsgyncsFRLHDG4V71I9NhOkoHR64oUfT
+YVPt/16TIi31vF5FJO4TJtbA2wEpUWPk7x2VjIOvvauMoYE6Hf3YLatzdaIQNHo=
+-----END CERTIFICATE-----

owsd/uproxy-files/etc/ubusx/ubusx_demo_only.csr

@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICkzCCAXsCAQAwTjELMAkGA1UEBhMCU0UxEjAQBgNVBAgMCVN0b2NraG9sbTEV
+MBMGA1UECgwMaW9wc3lzLCBJbmMuMRQwEgYDVQQDDAtVQlVTLVggRGVtbzCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOiycDPtw0pQJZn36oWzw+lXUnWj
+4Sroe/cFzlx42s/FwSwTa8NZB2XtBdT0l777EgtLF++WMchQ7sPwA5wfTc07c3QX
+UfgqGZghGNMqiBAvzL9ggYWTMvhtlfBdG2/NfExg211fgtt2LJwC0ZOJJYnfMG1K
+E8Y8WqBHgmliZ/dVpXL9/vi1F1QvzqudU1pTk4gEwcYsvHAx/ZnDcw8pI2PUBNw2
+h6Aq8y8el3sUTajmUOAWRRXdvxCpwAVOuYtfHqZhimj0WjUoesDpKJQ/QpD+WRDb
+zJ+S/OY3gmkm0umibOxyf2eYl9sjmDcZ7NIYYUcMDJb9jZz5U8030L2f82ECAwEA
+AaAAMA0GCSqGSIb3DQEBCwUAA4IBAQDWLgiuSq41EX4J5v5RH2gE3Ywr1FdzPMMe
+SCJxYL3JOcIvDl0aNyx2bAd9Gc6Zj8uRXT8gDsB3cEgAoHdGjiZB0uoNV/Auz6kS
+mYNnmpcZfAw775cBQpYBZvg2CRFqsv8mD4/OhBmoRjMpoosLkAYPuRmE58U/Ah+6
+9MJIzVca6dn7iLMLVWndkCoD9OUwBZNHU+SGTkn0IKUGyMUTmduADPBGbB7mYg6j
+DQsHiR1v7/ngb3uaQoVS8QA+XYmTUa1UZ+/83cmzjvf17rG10KwrJZh0lQNVUt5d
+gvH8aUvQq92xcXYQlhLfVFkqxmrLZNR0rIEeUVwYvVawPK8ZR+UK
+-----END CERTIFICATE REQUEST-----

owsd/uproxy-files/etc/ubusx/ubusx_demo_only.key

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpQIBAAKCAQEA6LJwM+3DSlAlmffqhbPD6VdSdaPhKuh79wXOXHjaz8XBLBNr
+w1kHZe0F1PSXvvsSC0sX75YxyFDuw/ADnB9NzTtzdBdR+CoZmCEY0yqIEC/Mv2CB
+hZMy+G2V8F0bb818TGDbXV+C23YsnALRk4klid8wbUoTxjxaoEeCaWJn91Wlcv3+
++LUXVC/Oq51TWlOTiATBxiy8cDH9mcNzDykjY9QE3DaHoCrzLx6XexRNqOZQ4BZF
+Fd2/EKnABU65i18epmGKaPRaNSh6wOkolD9CkP5ZENvMn5L85jeCaSbS6aJs7HJ/
+Z5iX2yOYNxns0hhhRwwMlv2NnPlTzTfQvZ/zYQIDAQABAoIBAQC+o9IA+T4R1++2
+YMImn8xVk1DfSE/lE2rcSklywSCjMGS+c3rKJFpHSxSID4tyz8dMsUz+4JIQhx3W
+MQEEGzFmftprtd9V7UfittrbxfCLMl4QPERg5uPPXBiHQACGbFb1TDTsHp/apMqP
+Vk/VC3tRpSTLpPDma/PjdDKHnDOJEXXvIiI6lWzDjkFS8cmb+ZChAVJSAVDpM3v5
+OjtH6Cfn7QnlQh5v6OEcScmdHjGKaVstoQnulr9fK632KsWd4DVrPjcs6IYz+AmI
+w6iMVWwfXM4HmtBZKmFZDB+QedvkKj3GoIGW7rbUWWWW5Nvk549SbrV4dFLmGjFe
+Vg2X59yxAoGBAPfOj/f7aJcltV6Guf4jmt0r9fB+wHAl9Vx1Dg0Etg10LJnjbgEI
+2jkvVr4qp71GUg0vTdbAwcX5ha1gjvvLEfH2ikSut7je1L26Lcm7tcyCGnlIIOU5
+gwyLwTFArdmK8yn2gC56I+MOdiqsw3xgvGeLaM39BTdAcDYtnJ2E0ysLAoGBAPBj
+/G30UVQ3bXcPuP2vZHNUSVBRr3Rsi4YO4Ue+pF4y1tcxaEDHYR+WuD03l/Vnu9mK
+xZxHLwQuVjAeogwrzNgbN3CMN9jytGfnwPPG8YOw0umpS7wk4ZBA6wh97R6H8hlI
+6rSZYt2i92rBKEDU0i5ciUnR0pjyy/IUhM9o/L7DAoGBAJqKWKCXSl/QpW5g6QdD
+3yWFb+hes9Z85aqWWX/m6z4ysEn8WrMMeUNmcVtBMMDKZQtR7+I47d9wQFyitijz
+OKrETPCOYYdKeDQmMr33cWYr0STHxbQOjNq7IW18366miAUodEIH6++DKlBs07Dy
+hyyv9VlZLPKLHi+7fEuD9UmHAoGBAL/2OCfdx+xGbsV66rC6FK78Cad383I3E5uz
+2jYeiMcoNeOV8rh3/pjpFKrd8Bzp/1oStQa82VCvZ+f5LlIlz+hqo3Teo+I8vc+T
+g8OnhEkzNNmedXoCwZUeIhGf7XBKAwwp7DLXodl3P7giEvDiggy/nGo0gcXdbPsd
+Y4j1P49dAoGAPlVSKQx+s7zfcUwJMG9AqOXvXUEg9+AJZBn/xqVVwbd0jb/yf1lB
+7Y+3Q3FndrVF/Gd7kTbgIlwI6sk7l0+CN1jjN1WEHgFenz6O4nlwIcdbQRovw/4S
+okAV3yLGjubMCjyKdBP8bpocBcstYdr2PEmrt37XFNhQVL3C8HjdPmU=
+-----END RSA PRIVATE KEY-----

owsd/uproxy-files/etc/uci-defaults/60-owsd-ubusproxy

@@ -0,0 +1,29 @@
+#!/bin/sh
+
+# do not create ubusproxy section if it exists already
+[ "$(uci -q get owsd.ubusproxy)" == "ubusproxy" ] && exit 0
+
+uci set owsd.ubusproxy="ubusproxy"
+uci set owsd.ubusproxy.enable="1"
+uci set owsd.ubusproxy.peer_key="/etc/ubusx/ubusx_demo_only.key"
+uci set owsd.ubusproxy.peer_cert="/etc/ubusx/ubusx_demo_only.crt"
+uci set owsd.ubusproxy.peer_ca="/etc/ubusx/ubusxDemoCA.crt"
+uci commit owsd
+
+# do not create wan_https section if it exists already
+[ "$(uci -q get owsd.wan_https)" == "owsd-listen" ] && exit 0
+
+# do not create wan_https section if wan interface doesn't exist
+[ "$(uci -q get network.wan)" == "interface" ] || exit 0
+
+uci set owsd.wan_https="owsd-listen"
+uci set owsd.wan_https.port="443"
+uci set owsd.wan_https.interface="wan"
+uci set owsd.wan_https.key="/etc/ubusx/ubusx_demo_only.key"
+uci set owsd.wan_https.cert="/etc/ubusx/ubusx_demo_only.crt"
+uci set owsd.wan_https.ca="/etc/ubusx/ubusxDemoCA.crt"
+uci set owsd.wan_https.whitelist_interface_as_origin="1"
+uci del_list owsd.wan_https.origin="*"
+uci add_list owsd.wan_https.origin="*"
+uci commit owsd
+