Update of /cvsroot/openca/openca-0.9/src/cgi-bin/cmds In directory usw-pr-cvs1:/tmp/cvs-serv28823/openca-0.9/src/cgi-bin/cmds Modified Files: Makefile approveCSR approveCSRnotSigned changeCSR editCSR viewCSR Added Files: renewCSR Log Message: added support for renew requests --- NEW FILE: renewCSR --- ## OpenCA - RA Server Command ## (c) 1998-2001 by Massimiliano Pala and OpenCA Group ## ## File Name: renewCSR ## Brief: renew Request ## Description: renew an approved request ## Parameters: key my $cmdName = "renewCSR"; if ( $cmd !~ /$cmdName/i ) { configError( "Wrong Command Usage ($cmd over $cmdName)!" ); exit 1; } ## To aprove a Request, we need it signed by the RA operator my $beginHeader = "-----BEGIN HEADER-----"; my $endHeader = "-----END HEADER-----"; ## Get the parameters my $key = $query->param('key'); my $req = $db->getItem( DATATYPE=>"REQUEST", KEY=>$key); ## If it doesn't exists the file, report error if( not $req ) { configError("Error: Request $serial ($key) Not found (database errorcode ". $db->errno().")!".$db->errval); } my $parsed = $req->getParsed(); my ( $head, $text, $newREQ, $tmp, $format, $tmpSubj ); ## Get the Operator Serial Number ( Whatch out, only authorized ## people should get here in, please verify your web configuration, ## this is not matter of this program but access control ) $parsed->{HEADER}->{OPERATOR} = ( $ENV{'SSL_CLIENT_CERT_SERIAL'} or $ENV{'SSL_CLIENT_M_SERIAL'}); if( $parsed->{HEADER}->{OPERATOR} eq "" ) { $parsed->{HEADER}->{OPERATOR} = "n/a"; } else { if ( length( $parsed->{HEADER}->{OPERATOR} ) % 2 ) { $parsed->{HEADER}->{OPERATOR} = "0" . $parsed->{HEADER}->{OPERATOR}; } } my $req_elements = $db->elements (DATATYPE => "REQUEST"); if ((not defined $req_elements) or ($req_elements < 0)) { generalError ("Database fails during counting the already existing requests!", 669); } else { $req_elements++; } my $new_serial = ($req_elements << getRequired ("ModuleShift")) | getRequired ("ModuleID"); ## Set new header $head = "$beginHeader\n"; $head .= "TYPE = $parsed->{TYPE}\n"; $head .= "RA = $parsed->{HEADER}->{RA}\n"; $head .= "SERIAL = ".$new_serial."\n"; $head .= "RENEW = ".$req->getSerial()."\n"; $head .= "OPERATOR = $parsed->{HEADER}->{OPERATOR}\n"; $head .= "NOTBEFORE = ".$tools->getDate()."\n"; $head .= "PIN = $parsed->{HEADER}->{PIN}\n"; $head .= "SUBJ = $parsed->{HEADER}->{SUBJ}\n"; $head .= "SUBJECT_ALT_NAME = $parsed->{HEADER}->{SUBJECT_ALT_NAME}\n"; $head .= "ROLE = $parsed->{HEADER}->{ROLE}\n"; $head .= "$endHeader\n"; if ( $parsed->{TYPE} =~ /(PKCS#10|IE)/ ) { $format = "PEM"; } else { $format = "SPKAC"; } my $text = $req->getParsed()->{BODY}; my $keypair = $req->getParsed()->{KEY}; ## Create a new REQ object (if we modified something we should ## store modifications) and save the value. $newREQ = $head . $text . $keypair; my $item = new OpenCA::REQ( SHELL=>$cryptoShell, DATA=>$newREQ, INFORM=>$format); if( not $item ) { configError( "Cannot create a new REQ object." ); } if( not $db->storeItem( DATATYPE=>"RENEW_REQUEST", MODE=>"INSERT", KEY=>$new_serial, OBJECT=>$item ) ) { configError( "Error while storing REQ ($dbDir)!" ); } $cmd = "viewCSR"; $query->param ('key', $new_serial); $query->param ('dataType', "RENEW_REQUEST"); my $command = getRequired ('CgiCmdsPath')."/$cmd"; require "$command"; exit $?; Index: Makefile =================================================================== RCS file: /cvsroot/openca/openca-0.9/src/cgi-bin/cmds/Makefile,v retrieving revision 1.3 retrieving revision 1.4 diff -C2 -d -r1.3 -r1.4 *** Makefile 28 May 2002 12:55:18 -0000 1.3 --- Makefile 31 May 2002 07:14:45 -0000 1.4 *************** *** 90,95 **** rebuildOpenSSLindexDB \ removeFiles \ - removeItem \ removeKey \ replayLog \ revokeCertificate \ --- 90,95 ---- rebuildOpenSSLindexDB \ removeFiles \ removeKey \ + renewCSR \ replayLog \ revokeCertificate \ Index: approveCSR =================================================================== RCS file: /cvsroot/openca/openca-0.9/src/cgi-bin/cmds/approveCSR,v retrieving revision 1.1 retrieving revision 1.2 diff -C2 -d -r1.1 -r1.2 *** approveCSR 21 May 2002 09:08:50 -0000 1.1 --- approveCSR 31 May 2002 07:14:45 -0000 1.2 *************** *** 38,55 **** $text .= $req->getParsed()->{KEY}; ! # check the public key ! ## Check if there are certificates with the same keys ! my @certList = $db->searchItems( DATATYPE=> "CERTIFICATE", ! PUBKEY => $req->getParsed()->{PUBKEY}); ! my $errorString = "A Certificate with the same public key exists! <br>\n". ! "This is a keycompromise of the certificates with the serial:\n". ! "<ul>\n"; ! foreach my $h (@certList) { ! $errorString .= "<li>".$h->getSerial()."</li>\n"; ! } ! $errorString .= "Please revoke the certificates and delete the request.\n"; ! generalError( $errorString ) if($#certList > -1); if( $req->getParsed()->{HEADER}->{TYPE} =~ /(PKCS#10|IE)/i ) { --- 38,57 ---- $text .= $req->getParsed()->{KEY}; ! if ($dataType !~ /RENEW/i) { ! # check the public key ! ## Check if there are certificates with the same keys ! my @certList = $db->searchItems( DATATYPE=> "CERTIFICATE", ! PUBKEY => $req->getParsed()->{PUBKEY}); ! my $errorString = "A Certificate with the same public key exists! <br>\n". ! "This is a keycompromise of the certificates with the serial:\n". ! "<ul>\n"; ! foreach my $h (@certList) { ! $errorString .= "<li>".$h->getSerial()."</li>\n"; ! } ! $errorString .= "Please revoke the certificates and delete the request.\n"; ! generalError( $errorString ) if($#certList > -1); ! } if( $req->getParsed()->{HEADER}->{TYPE} =~ /(PKCS#10|IE)/i ) { Index: approveCSRnotSigned =================================================================== RCS file: /cvsroot/openca/openca-0.9/src/cgi-bin/cmds/approveCSRnotSigned,v retrieving revision 1.1 retrieving revision 1.2 diff -C2 -d -r1.1 -r1.2 *** approveCSRnotSigned 21 May 2002 09:08:50 -0000 1.1 --- approveCSRnotSigned 31 May 2002 07:14:45 -0000 1.2 *************** *** 34,51 **** $text .= $req->getParsed()->{KEY}; ! # check the public key ! ## Check if there are certificates with the same keys ! my @certList = $db->searchItems( DATATYPE=> "CERTIFICATE", ! PUBKEY => $req->getParsed()->{PUBKEY}); ! my $errorString = "A Certificate with the same public key exists! <br>\n". ! "This is a keycompromise of the certificates with the serial:\n". ! "<ul>\n"; ! foreach my $h (@certList) { ! $errorString .= "<li>".$h->getSerial()."</li>\n"; ! } ! $errorString .= "Please revoke the certificates and delete the request.\n"; ! generalError( $errorString ) if($#certList > -1); if( $req->getParsed()->{HEADER}->{TYPE} =~ /(PKCS#10|IE)/i ) { --- 34,53 ---- $text .= $req->getParsed()->{KEY}; ! if ($dataType !~ /RENEW/i) { ! # check the public key ! ## Check if there are certificates with the same keys ! my @certList = $db->searchItems( DATATYPE=> "CERTIFICATE", ! PUBKEY => $req->getParsed()->{PUBKEY}); ! my $errorString = "A Certificate with the same public key exists! <br>\n". ! "This is a keycompromise of the certificates with the serial:\n". ! "<ul>\n"; ! foreach my $h (@certList) { ! $errorString .= "<li>".$h->getSerial()."</li>\n"; ! } ! $errorString .= "Please revoke the certificates and delete the request.\n"; ! generalError( $errorString ) if($#certList > -1); ! } if( $req->getParsed()->{HEADER}->{TYPE} =~ /(PKCS#10|IE)/i ) { Index: changeCSR =================================================================== RCS file: /cvsroot/openca/openca-0.9/src/cgi-bin/cmds/changeCSR,v retrieving revision 1.1 retrieving revision 1.2 diff -C2 -d -r1.1 -r1.2 *** changeCSR 21 May 2002 09:08:50 -0000 1.1 --- changeCSR 31 May 2002 07:14:45 -0000 1.2 *************** *** 19,23 **** ## Get the parameters my $key = $query->param('key'); ! my $dataType = "PENDING_REQUEST"; my $subj = $query->param('subj'); --- 19,23 ---- ## Get the parameters my $key = $query->param('key'); ! my $dataType = $query->param('dataType'); my $subj = $query->param('subj'); *************** *** 77,80 **** --- 77,81 ---- $head .= "RA = $parsed->{HEADER}->{RA}\n"; $head .= "SERIAL = ".$req->getSerial()."\n"; + $head .= "RENEW = ".$parsed->{HEADER}->{RENEW}."\n" if ($parsed->{HEADER}->{RENEW}); $head .= "OPERATOR = $parsed->{HEADER}->{OPERATOR}\n"; $head .= "NOTBEFORE = $parsed->{HEADER}->{NOTBEFORE}\n"; Index: editCSR =================================================================== RCS file: /cvsroot/openca/openca-0.9/src/cgi-bin/cmds/editCSR,v retrieving revision 1.2 retrieving revision 1.3 diff -C2 -d -r1.2 -r1.3 *** editCSR 23 May 2002 10:44:04 -0000 1.2 --- editCSR 31 May 2002 07:14:45 -0000 1.3 *************** *** 16,20 **** ## Get the Configuration parameters ... my ( $ou, $ouList, $def, $op, $opCert, $info, $opStatus, $dnLabel); ! my ( $sigStatus, $signer, $signature, $myCN, $myEmail, @myDnInfo, $subjectAltName ); my ( @opCertList, $reqDataTable, @cols, $opCert, $serLink, $lnk, $sigInfo ); my ( %labels, @values, $role ); --- 16,20 ---- ## Get the Configuration parameters ... my ( $ou, $ouList, $def, $op, $opCert, $info, $opStatus, $dnLabel); ! my ( $sigStatus, $signer, $signature, $myCN, $myEmail, @myDnInfo, $subject, $subjectAltName ); my ( @opCertList, $reqDataTable, @cols, $opCert, $serLink, $lnk, $sigInfo ); my ( %labels, @values, $role ); *************** *** 22,25 **** --- 22,26 ---- my $key = $query->param('key'); + my $dataType = $query->param('dataType'); ## Required Configuration Key *************** *** 44,48 **** $page = $query->subVar( $page, '@CMDSPANEL@', $tools->getFile("$cmdsPanel") ); ! my $req = $db->getItem( DATATYPE=>"PENDING_REQUEST", KEY=>$key ); configError ("Request not present in DB or the status of the request was changed!" ) if ( not $req ); --- 45,49 ---- $page = $query->subVar( $page, '@CMDSPANEL@', $tools->getFile("$cmdsPanel") ); ! my $req = $db->getItem( DATATYPE=>$dataType, KEY=>$key ); configError ("Request not present in DB or the status of the request was changed!" ) if ( not $req ); *************** *** 100,104 **** if ( $parsed_req->{TYPE} =~ /with .*? Signature/i ) { ! $lnk = new CGI({cmd=>"viewSignature", dataType=>"PENDING_REQUEST", key=>$key}); if( libCheckSignature( OBJECT=>$req ) ) { $tmp = $query->img({src=>getRequired ('ValidSigImage'), --- 101,105 ---- if ( $parsed_req->{TYPE} =~ /with .*? Signature/i ) { ! $lnk = new CGI({cmd=>"viewSignature", dataType=>$dataType, key=>$key}); if( libCheckSignature( OBJECT=>$req ) ) { $tmp = $query->img({src=>getRequired ('ValidSigImage'), *************** *** 116,130 **** } ! my ( $subjArea, $certType, $reason ); ! ! $tmp = $parsed_req->{DN}; ! $tmp =~ s/(\,|\/)\s*/\n/g; ! $subjArea = $query->newInput( -regx=>'*', -intype=>'textarea', -name=>'subj', -rows=>6, -columns=>35, ! -default=>$tmp); $subjectAltName = $query->newInput( -regx=>'*', --- 117,134 ---- } ! ## get the subject ! if ($req->getParsed()->{HEADER}->{SUBJ}) { ! $subject = $req->getParsed()->{HEADER}->{SUBJ}; ! } else { ! $subject = $req->getParsed()->{DN}; ! } ! $subject =~ s/,\s*/\n/g; ! $subject = $query->newInput( -regx=>'*', -intype=>'textarea', -name=>'subj', -rows=>6, -columns=>35, ! -default=>$subject); $subjectAltName = $query->newInput( -regx=>'*', *************** *** 163,167 **** [ "<B>Subject alternative name:</B>", $subjectAltName ]); $reqDataTable .=$query->addTableLine(DATA=> ! [ "<B>Subject:</B>", $subjArea ]); $reqDataTable .=$query->addTableLine(DATA=> ["<B>Role:</B>", --- 167,171 ---- [ "<B>Subject alternative name:</B>", $subjectAltName ]); $reqDataTable .=$query->addTableLine(DATA=> ! [ "<B>Subject:</B>", $subject ]); $reqDataTable .=$query->addTableLine(DATA=> ["<B>Role:</B>", *************** *** 183,187 **** $page = $query->subVar( $page, '@KEY@', $dbKey ); ! $page = $query->subVar( $page, '@DATATYPE@',"PENDING_REQUEST" ); $page = $query->subVar( $page, '@REQDATA@', $reqDataTable ); --- 187,191 ---- $page = $query->subVar( $page, '@KEY@', $dbKey ); ! $page = $query->subVar( $page, '@DATATYPE@',$dataType ); $page = $query->subVar( $page, '@REQDATA@', $reqDataTable ); Index: viewCSR =================================================================== RCS file: /cvsroot/openca/openca-0.9/src/cgi-bin/cmds/viewCSR,v retrieving revision 1.4 retrieving revision 1.5 diff -C2 -d -r1.4 -r1.5 *** viewCSR 28 May 2002 07:05:02 -0000 1.4 --- viewCSR 31 May 2002 07:14:45 -0000 1.5 *************** *** 16,20 **** ## Get the Configuration parameters ... my ( $ou, $ouList, $def, $op, $opCert, $info, $opStatus, $dnLabel); ! my ( $sigStatus, $signer, $signature, $myCN, $myEmail, @myDnInfo, $subjectAltName ); my ( @opCertList, $reqDataTable, @cols, $opCert, $serLink, $lnk, $sigInfo ); my ( %labels, @values, $role ); --- 16,20 ---- ## Get the Configuration parameters ... my ( $ou, $ouList, $def, $op, $opCert, $info, $opStatus, $dnLabel); ! my ( $sigStatus, $signer, $signature, $myRenew, $myCN, $myEmail, @myDnInfo, $subjectAltName ); my ( @opCertList, $reqDataTable, @cols, $opCert, $serLink, $lnk, $sigInfo ); my ( %labels, @values, $role ); *************** *** 52,57 **** $cmdsPanel = "$includeDir/archived_cmds.inc"; $reqDesc = "$txtDir/archivied_desc.txt"; } else { ! configError ( "Invalid or missing dataType ($dataType) !"); } --- 52,87 ---- $cmdsPanel = "$includeDir/archived_cmds.inc"; $reqDesc = "$txtDir/archivied_desc.txt"; + } elsif ( $dataType eq "REQUEST" ) { + ## try to determine the datatype + if ($db->getItem ( DATATYPE => "ARCHIVIED_REQUEST", KEY => $key )) { + $dataType = "ARCHIVIED_REQUEST"; + $reqStatus = "Archivied Request"; + $cmdsPanel = "$includeDir/archived_cmds.inc"; + $reqDesc = "$txtDir/archivied_desc.txt"; + } elsif ($db->getItem ( DATATYPE => "APPROVED_REQUEST", KEY => $key )) { + $dataType = "APPROVED_REQUEST"; + $reqStatus = "Approved Request"; + $cmdsPanel = "$includeDir/approved_cmds.inc"; + $reqDesc = "$txtDir/approved_desc.txt"; + } elsif ($db->getItem ( DATATYPE => "DELETED_REQUEST", KEY => $key )) { + $dataType = "DELETED_REQUEST"; + $reqStatus = "Deleted Request"; + $cmdsPanel = "$includeDir/deleted_cmds.inc"; + $reqDesc = "$txtDir/deleted_desc.txt"; + } elsif ($db->getItem ( DATATYPE => "RENEW_REQUEST", KEY => $key )) { + $dataType = "RENEW_REQUEST"; + $reqStatus = "Renewal Request Waiting for Approval"; + $cmdsPanel = "$includeDir/pending_cmds.inc"; + $reqDesc = "$txtDir/pending_desc.txt"; + } elsif ($db->getItem ( DATATYPE => "PENDING_REQUEST", KEY => $key )) { + $dataType = "PENDING_REQUEST"; + $reqStatus = "Waiting for Approval"; + $cmdsPanel = "$includeDir/pending_cmds.inc"; + $reqDesc = "$txtDir/pending_desc.txt"; + } else { + configError ( "Cannot determine status of this request!"); + } } else { ! configError ( "Invalid dataType ($dataType) !"); } *************** *** 67,71 **** my $req = $db->getItem( DATATYPE=>$dataType, KEY=>$key ); ! configError ("Request not present in DB or the status of the request was changed!" ) if ( not $req ); ## Get the parsed Request --- 97,101 ---- my $req = $db->getItem( DATATYPE=>$dataType, KEY=>$key ); ! configError ("Request $key not present in DB or the status of the $reqStatus was changed!" ) if ( not $req ); ## Get the parsed Request *************** *** 85,88 **** --- 115,119 ---- $header .= "RA = $parsed_req->{HEADER}->{RA}\n"; $header .= "SERIAL = ".$req->getSerial()."\n"; + $header .= "RENEW = ".$parsed_req->{HEADER}->{RENEW}."\n" if ($parsed_req->{HEADER}->{RENEW}); $header .= "OPERATOR = $parsed_req->{HEADER}->{OPERATOR}\n"; $header .= "NOTBEFORE = $parsed_req->{HEADER}->{NOTBEFORE}\n"; *************** *** 163,166 **** --- 194,205 ---- ###################################### + if ( $req->getParsed()->{HEADER}->{RENEW} ) { + $lnk = new CGI({cmd=>"viewCSR", dataType=>"REQUEST", + key=>$req->getParsed()->{HEADER}->{RENEW}}); + $myRenew = $lnk->a({-href=>$lnk->self_url()}, $req->getParsed()->{HEADER}->{RENEW}); + } else { + $myRenew = ""; + } + if ( $req->getParsed()->{DN_HASH}->{CN}[0] ne "" ) { $lnk = new CGI({cmd=>"search", dataType=>"CERTIFICATE", *************** *** 247,250 **** --- 286,291 ---- $reqDataTable .=$query->addTableLine(DATA=>[ "<B>Serial Number:</B>", ($req->getSerial() or "n/a") ]); + $reqDataTable .=$query->addTableLine(DATA=>[ "<B>Renewed from:</B>", $myRenew ]) + if ($myRenew); $reqDataTable .=$query->addTableLine(DATA=>["<B>Request Type:</B>", ($parsed_req->{TYPE} or "n/a") ]); |