From: <ope...@li...> - 2004-01-31 01:10:35
|
Update of /cvsroot/openca/openca-0.9/src/common/lib/bp In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv4085/openca-0.9/src/common/lib/bp Modified Files: Makefile Added Files: check_pin.sub create_pin.sub Log Message: * several fixes and additions for the new batch system (should not influence 0.9.2 core) * replaced openca-sign and openca-verify by more general tool openca-sv (easier and more robust configuration) * OpenCA::AC tolerates now empty passphrases Michael --- NEW FILE: check_pin.sub --- ## OpenCA - batch function ## (c) 1998-2004 by Michael Bell and OpenCA Group ## ## File Name: check_pin.sub ## Version: $Revision: 1.1 $ ## Brief: check a new pin ## Description: use strict; sub workflow_check_pin { ## general global stuff our $state_machine; our ($tools, $xml_cache, $cryptoShell, $bp_token); ## global logging system our $log; my $journal = undef; my $keys = { @_ }; my $user = $keys->{USER}; my $workflow = $keys->{WORKFLOW}; my $home = $state_machine->get_workflow_path($user, $workflow); ## initialize new log message $journal->{CLASS} = "batch_system"; $journal->{LEVEL} = "info"; $journal->{message} = ""; $journal->{function} = "create_pin"; $journal->{user} = $user; $journal->{workflow} = $workflow; ## the token of the batch system must be activated if (not $bp_token or not $bp_token->keyOnline) { my $msg = gettext ("The crypto token of the batch system was not activated."); $journal->{message} .= $msg; $log->addMessage (OpenCA::Log::Message->new (HASHREF => $journal)); return [ -105, $msg ]; } ## is there already a pin ? if (not -f $home."/private/purePIN") { my $msg = gettext ("There is no checkable PIN."); $journal->{message} .= $msg; $log->addMessage (OpenCA::Log::Message->new (HASHREF => $journal)); return [ -120, $msg ]; } ## load PIN if (not -f $home."/private/purePIN") { my $msg = gettext ("There is no PIN file which could be used to check the PIN."); $journal->{message} .= $msg; $log->addMessage (OpenCA::Log::Message->new (HASHREF => $journal)); return [ -130, $msg ]; } my $pin = $bp_token->decrypt ( INFILE => $home."/private/purePIN", ); if (not $pin) { my $msg = gettext ("The PIN file cannot be decrypted."); $journal->{message} .= $msg; $log->addMessage (OpenCA::Log::Message->new (HASHREF => $journal)); return [ -140, $msg ]; } ## check PIN ## actually we only do some not configurable length checking ## 128 Bit ==> BASE64 encoding ==> 4x128/3 ==> 171 Bit ==> 22 Zeichen if (length ($pin) < 22) { my $msg = gettext ("The checked PIN is too short."); $journal->{message} .= $msg; $log->addMessage (OpenCA::Log::Message->new (HASHREF => $journal)); return [ -140, $msg ]; } $journal->{message} .= gettext ("PIN checked and accepted."); ## set the new state if (not $state_machine->set_user_states ( "USER" => $user, "PROCESS" => $workflow, "SET" => [ "checked_pin" ], "UNSET" => [ "error_pin_check", "new_pin" ])) { my $msg = i18nGettext ( "Cannot set new state configuration (__ERRNO__).", "__ERRNO__", $state_machine->errno). $state_machine->errval; $journal->{message} .= $msg; $log->addMessage (OpenCA::Log::Message->new (HASHREF => $journal)); return [ -190, $msg ]; } $journal->{message} .= gettext ("State configuration was changed."); ## log the complete stuff $log->addMessage (OpenCA::Log::Message->new (HASHREF => $journal)); ## finished return [ 0, gettext ("PIN checked and accepted.") ]; } 1; --- NEW FILE: create_pin.sub --- ## OpenCA - batch function ## (c) 1998-2004 by Michael Bell and OpenCA Group ## ## File Name: create_pin.sub ## Version: $Revision: 1.1 $ ## Brief: create a pin ## Description: use strict; sub workflow_create_pin { ## general global stuff our $state_machine; our ($tools, $xml_cache, $cryptoShell, $bp_token); ## global logging system our $log; my $journal = undef; my $keys = { @_ }; my $user = $keys->{USER}; my $workflow = $keys->{WORKFLOW}; my $home = $state_machine->get_workflow_path($user, $workflow); ## initialize new log message $journal->{CLASS} = "batch_system"; $journal->{LEVEL} = "info"; $journal->{message} = ""; $journal->{function} = "create_pin"; $journal->{user} = $user; $journal->{workflow} = $workflow; ## the token of the batch system must be activated if (not $bp_token or not $bp_token->keyOnline) { my $msg = gettext ("The crypto token of the batch system was not activated."); $journal->{message} .= $msg; $log->addMessage (OpenCA::Log::Message->new (HASHREF => $journal)); return [ -105, $msg ]; } ## is there a private area for this workflow ? if (not -e $home."/private") { my $umask = umask (0077); if (not mkdir $home."/private") { umask ($umask); my $msg = i18nGettext ("The private directory __DIR__ for the workflow cannot be created.", "__DIR__", $home."/private"); $journal->{message} .= $msg; $log->addMessage (OpenCA::Log::Message->new (HASHREF => $journal)); return [ -110, $msg ]; } $journal->{message} .= gettext ("Created private directory for workflow.\n"); umask ($umask); } ## is there a public area for this workflow ? if (not -e $home."/public") { my $umask = umask (0077); if (not mkdir $home."/public") { umask ($umask); my $msg = i18nGettext ("The public directory __DIR__ for the workflow cannot be created.", "__DIR__", $home."/public"); $journal->{message} .= $msg; $log->addMessage (OpenCA::Log::Message->new (HASHREF => $journal)); return [ -115, $msg ]; } $journal->{message} .= gettext ("Created public directory for workflow.\n"); umask ($umask); } ## is there already a pin ? if (-f $home."/private/purePIN") { my $msg = gettext ("There is already a PIN."); $journal->{message} .= $msg; $log->addMessage (OpenCA::Log::Message->new (HASHREF => $journal)); return [ -120, $msg ]; } ## remove old pin if (-f $home."/public/hashedPIN") { if (not rename ($home."/public/hashedPIN", $home."/public/hashedPIN.". strftime ("%Y-%m-%d-%H-%M-%S", $tools->getData()))) { my $msg = i18nGettext ("The old hashed PIN __FILE__ cannot be moved away.", "__FILE__", $home."/public/hashedPIN"); $journal->{message} .= $msg; $log->addMessage (OpenCA::Log::Message->new (HASHREF => $journal)); return [ -130, $msg ]; } $journal->{message} .= gettext ("Removed old hashed PIN.\n"); } ## create new PIN my $hashed_pin; my $pin; my $pin_length = $xml_cache->get_xpath( FILENAME => getRequired ('StateMachineConfiguration'), XPATH => [ "statemachine/functions/create_pin/secure_pin_length" ], COUNTER => [ 0 ]); my $random_length = $xml_cache->get_xpath( FILENAME => getRequired ('StateMachineConfiguration'), XPATH => [ "statemachine/functions/create_pin/secure_pin_random" ], COUNTER => [ 0 ]); if ($pin_length) { if ($random_length) { $pin = $cryptoShell->getPIN ( PIN_LENGTH => $pin_length, RANDOM_LENGTH => $random_length ); } else { $pin = $cryptoShell->getPIN ( PIN_LENGTH => $pin_length ); } } elsif ($random_length) { $pin = $cryptoShell->getPIN ( RANDOM_LENGTH => $random_length ); } else { my $msg = gettext ("You must configure the PIN length."); $journal->{message} .= $msg; $log->addMessage (OpenCA::Log::Message->new (HASHREF => $journal)); return [ -140, $msg ]; } if (not $pin) { my $msg = i18nGettext ( "Cannot create PIN! OpenCA::OpenSSL returns errorcode __ERRNO__.", "__ERRNO__", $cryptoShell->errno). " (".$cryptoShell->errval.")"; $journal->{message} .= $msg; $log->addMessage (OpenCA::Log::Message->new (HASHREF => $journal)); return [ -150, $msg ]; } ## hash PIN $hashed_pin = $cryptoShell->getDigest ( DATA => $pin, ALGORITHM => "sha1"); if (not $hashed_pin) { my $msg = i18nGettext ( "Cannot hash PIN! OpenCA::OpenSSL returns errorcode __ERRNO__.", "__ERRNO__", $cryptoShell->errno). " (".$cryptoShell->errval.")"; $journal->{message} .= $msg; $log->addMessage (OpenCA::Log::Message->new (HASHREF => $journal)); return [ -160, $msg ]; } ## encrypt and store PIN if (not $bp_token->encrypt ( DATA => $pin, OUTFILE => $home."/private/purePIN")) { my $msg = i18nGettext ( "Cannot write PIN to file __FILE__.", "__FILE__", "$home/private/purePIN"); $journal->{message} .= $msg; $log->addMessage (OpenCA::Log::Message->new (HASHREF => $journal)); return [ -170, $msg ]; } ## store hashed PIN if (not $tools->saveFile (FILENAME => $home."/public/hashedPIN", DATA => $hashed_pin)) { my $msg = i18nGettext ( "Cannot write hashed PIN to file __FILE__.", "__FILE__", "$home/public/hashedPIN"); $journal->{message} .= $msg; $log->addMessage (OpenCA::Log::Message->new (HASHREF => $journal)); return [ -180, $msg ]; } $journal->{message} .= gettext ("PIN created, hashed and stored."); ## set the new state if (not $state_machine->set_user_states ( "USER" => $user, "PROCESS" => $workflow, "SET" => [ "new_pin" ], "UNSET" => [ "error_create_pin", "new_process" ])) { my $msg = i18nGettext ( "Cannot set new state configuration (__ERRNO__).", "__ERRNO__", $state_machine->errno). $state_machine->errval; $journal->{message} .= $msg; $log->addMessage (OpenCA::Log::Message->new (HASHREF => $journal)); return [ -190, $msg ]; } $journal->{message} .= gettext ("State configuration was changed."); ## log the complete stuff $log->addMessage (OpenCA::Log::Message->new (HASHREF => $journal)); ## finished return [ 0, gettext ("PIN created.") ]; } 1; Index: Makefile =================================================================== RCS file: /cvsroot/openca/openca-0.9/src/common/lib/bp/Makefile,v retrieving revision 1.1 retrieving revision 1.2 diff -C2 -d -r1.1 -r1.2 *** Makefile 13 Jan 2004 16:41:49 -0000 1.1 --- Makefile 29 Jan 2004 15:41:24 -0000 1.2 *************** *** 13,16 **** --- 13,18 ---- # commands not derived from .in files: STATIC_SUBS = \ + check_pin.sub \ + create_pin.sub SUBS = $(AC_SUBS) $(STATIC_SUBS) |