Menu
▾
▴
[openca-cvsdev] CVS: openca-0.9/src/cgi-bin/cmds renewCSR,NONE,1.1 Makefile,1.3,1.4 approveCSR,1.1,1.2 approveCSRnotSigned,1.1,1.2 changeCSR,1.1,1.2 editCSR,1.2,1.3 viewCSR,1.4,1.5
Update of /cvsroot/openca/openca-0.9/src/cgi-bin/cmds
In directory usw-pr-cvs1:/tmp/cvs-serv28823/openca-0.9/src/cgi-bin/cmds
Modified Files:
Makefile approveCSR approveCSRnotSigned changeCSR editCSR
viewCSR
Added Files:
renewCSR
Log Message:
added support for renew requests
--- NEW FILE: renewCSR ---
## OpenCA - RA Server Command
## (c) 1998-2001 by Massimiliano Pala and OpenCA Group
##
## File Name: renewCSR
## Brief: renew Request
## Description: renew an approved request
## Parameters: key
my $cmdName = "renewCSR";
if ( $cmd !~ /$cmdName/i ) {
configError( "Wrong Command Usage ($cmd over $cmdName)!" );
exit 1;
}
## To aprove a Request, we need it signed by the RA operator
my $beginHeader = "-----BEGIN HEADER-----";
my $endHeader = "-----END HEADER-----";
## Get the parameters
my $key = $query->param('key');
my $req = $db->getItem( DATATYPE=>"REQUEST", KEY=>$key);
## If it doesn't exists the file, report error
if( not $req ) {
configError("Error: Request $serial ($key) Not found (database errorcode ".
$db->errno().")!".$db->errval);
}
my $parsed = $req->getParsed();
my ( $head, $text, $newREQ, $tmp, $format, $tmpSubj );
## Get the Operator Serial Number ( Whatch out, only authorized
## people should get here in, please verify your web configuration,
## this is not matter of this program but access control )
$parsed->{HEADER}->{OPERATOR} =
( $ENV{'SSL_CLIENT_CERT_SERIAL'} or $ENV{'SSL_CLIENT_M_SERIAL'});
if( $parsed->{HEADER}->{OPERATOR} eq "" ) {
$parsed->{HEADER}->{OPERATOR} = "n/a";
} else {
if ( length( $parsed->{HEADER}->{OPERATOR} ) % 2 ) {
$parsed->{HEADER}->{OPERATOR} = "0" .
$parsed->{HEADER}->{OPERATOR};
}
}
my $req_elements = $db->elements (DATATYPE => "REQUEST");
if ((not defined $req_elements) or ($req_elements < 0)) {
generalError ("Database fails during counting the already existing requests!", 669);
} else {
$req_elements++;
}
my $new_serial = ($req_elements << getRequired ("ModuleShift")) | getRequired ("ModuleID");
## Set new header
$head = "$beginHeader\n";
$head .= "TYPE = $parsed->{TYPE}\n";
$head .= "RA = $parsed->{HEADER}->{RA}\n";
$head .= "SERIAL = ".$new_serial."\n";
$head .= "RENEW = ".$req->getSerial()."\n";
$head .= "OPERATOR = $parsed->{HEADER}->{OPERATOR}\n";
$head .= "NOTBEFORE = ".$tools->getDate()."\n";
$head .= "PIN = $parsed->{HEADER}->{PIN}\n";
$head .= "SUBJ = $parsed->{HEADER}->{SUBJ}\n";
$head .= "SUBJECT_ALT_NAME = $parsed->{HEADER}->{SUBJECT_ALT_NAME}\n";
$head .= "ROLE = $parsed->{HEADER}->{ROLE}\n";
$head .= "$endHeader\n";
if ( $parsed->{TYPE} =~ /(PKCS#10|IE)/ ) {
$format = "PEM";
} else {
$format = "SPKAC";
}
my $text = $req->getParsed()->{BODY};
my $keypair = $req->getParsed()->{KEY};
## Create a new REQ object (if we modified something we should
## store modifications) and save the value.
$newREQ = $head . $text . $keypair;
my $item = new OpenCA::REQ( SHELL=>$cryptoShell, DATA=>$newREQ,
INFORM=>$format);
if( not $item ) {
configError( "Cannot create a new REQ object." );
}
if( not $db->storeItem( DATATYPE=>"RENEW_REQUEST", MODE=>"INSERT",
KEY=>$new_serial, OBJECT=>$item ) ) {
configError( "Error while storing REQ ($dbDir)!" );
}
$cmd = "viewCSR";
$query->param ('key', $new_serial);
$query->param ('dataType', "RENEW_REQUEST");
my $command = getRequired ('CgiCmdsPath')."/$cmd";
require "$command";
exit $?;
Index: Makefile
===================================================================
RCS file: /cvsroot/openca/openca-0.9/src/cgi-bin/cmds/Makefile,v
retrieving revision 1.3
retrieving revision 1.4
diff -C2 -d -r1.3 -r1.4
*** Makefile 28 May 2002 12:55:18 -0000 1.3
--- Makefile 31 May 2002 07:14:45 -0000 1.4
***************
*** 90,95 ****
rebuildOpenSSLindexDB \
removeFiles \
- removeItem \
removeKey \
replayLog \
revokeCertificate \
--- 90,95 ----
rebuildOpenSSLindexDB \
removeFiles \
removeKey \
+ renewCSR \
replayLog \
revokeCertificate \
Index: approveCSR
===================================================================
RCS file: /cvsroot/openca/openca-0.9/src/cgi-bin/cmds/approveCSR,v
retrieving revision 1.1
retrieving revision 1.2
diff -C2 -d -r1.1 -r1.2
*** approveCSR 21 May 2002 09:08:50 -0000 1.1
--- approveCSR 31 May 2002 07:14:45 -0000 1.2
***************
*** 38,55 ****
$text .= $req->getParsed()->{KEY};
! # check the public key
! ## Check if there are certificates with the same keys
! my @certList = $db->searchItems( DATATYPE=> "CERTIFICATE",
! PUBKEY => $req->getParsed()->{PUBKEY});
! my $errorString = "A Certificate with the same public key exists! <br>\n".
! "This is a keycompromise of the certificates with the serial:\n".
! "<ul>\n";
! foreach my $h (@certList) {
! $errorString .= "<li>".$h->getSerial()."</li>\n";
! }
! $errorString .= "Please revoke the certificates and delete the request.\n";
! generalError( $errorString ) if($#certList > -1);
if( $req->getParsed()->{HEADER}->{TYPE} =~ /(PKCS#10|IE)/i ) {
--- 38,57 ----
$text .= $req->getParsed()->{KEY};
! if ($dataType !~ /RENEW/i) {
! # check the public key
! ## Check if there are certificates with the same keys
! my @certList = $db->searchItems( DATATYPE=> "CERTIFICATE",
! PUBKEY => $req->getParsed()->{PUBKEY});
! my $errorString = "A Certificate with the same public key exists! <br>\n".
! "This is a keycompromise of the certificates with the serial:\n".
! "<ul>\n";
! foreach my $h (@certList) {
! $errorString .= "<li>".$h->getSerial()."</li>\n";
! }
! $errorString .= "Please revoke the certificates and delete the request.\n";
! generalError( $errorString ) if($#certList > -1);
! }
if( $req->getParsed()->{HEADER}->{TYPE} =~ /(PKCS#10|IE)/i ) {
Index: approveCSRnotSigned
===================================================================
RCS file: /cvsroot/openca/openca-0.9/src/cgi-bin/cmds/approveCSRnotSigned,v
retrieving revision 1.1
retrieving revision 1.2
diff -C2 -d -r1.1 -r1.2
*** approveCSRnotSigned 21 May 2002 09:08:50 -0000 1.1
--- approveCSRnotSigned 31 May 2002 07:14:45 -0000 1.2
***************
*** 34,51 ****
$text .= $req->getParsed()->{KEY};
! # check the public key
! ## Check if there are certificates with the same keys
! my @certList = $db->searchItems( DATATYPE=> "CERTIFICATE",
! PUBKEY => $req->getParsed()->{PUBKEY});
! my $errorString = "A Certificate with the same public key exists! <br>\n".
! "This is a keycompromise of the certificates with the serial:\n".
! "<ul>\n";
! foreach my $h (@certList) {
! $errorString .= "<li>".$h->getSerial()."</li>\n";
! }
! $errorString .= "Please revoke the certificates and delete the request.\n";
! generalError( $errorString ) if($#certList > -1);
if( $req->getParsed()->{HEADER}->{TYPE} =~ /(PKCS#10|IE)/i ) {
--- 34,53 ----
$text .= $req->getParsed()->{KEY};
! if ($dataType !~ /RENEW/i) {
! # check the public key
! ## Check if there are certificates with the same keys
! my @certList = $db->searchItems( DATATYPE=> "CERTIFICATE",
! PUBKEY => $req->getParsed()->{PUBKEY});
! my $errorString = "A Certificate with the same public key exists! <br>\n".
! "This is a keycompromise of the certificates with the serial:\n".
! "<ul>\n";
! foreach my $h (@certList) {
! $errorString .= "<li>".$h->getSerial()."</li>\n";
! }
! $errorString .= "Please revoke the certificates and delete the request.\n";
! generalError( $errorString ) if($#certList > -1);
! }
if( $req->getParsed()->{HEADER}->{TYPE} =~ /(PKCS#10|IE)/i ) {
Index: changeCSR
===================================================================
RCS file: /cvsroot/openca/openca-0.9/src/cgi-bin/cmds/changeCSR,v
retrieving revision 1.1
retrieving revision 1.2
diff -C2 -d -r1.1 -r1.2
*** changeCSR 21 May 2002 09:08:50 -0000 1.1
--- changeCSR 31 May 2002 07:14:45 -0000 1.2
***************
*** 19,23 ****
## Get the parameters
my $key = $query->param('key');
! my $dataType = "PENDING_REQUEST";
my $subj = $query->param('subj');
--- 19,23 ----
## Get the parameters
my $key = $query->param('key');
! my $dataType = $query->param('dataType');
my $subj = $query->param('subj');
***************
*** 77,80 ****
--- 77,81 ----
$head .= "RA = $parsed->{HEADER}->{RA}\n";
$head .= "SERIAL = ".$req->getSerial()."\n";
+ $head .= "RENEW = ".$parsed->{HEADER}->{RENEW}."\n" if ($parsed->{HEADER}->{RENEW});
$head .= "OPERATOR = $parsed->{HEADER}->{OPERATOR}\n";
$head .= "NOTBEFORE = $parsed->{HEADER}->{NOTBEFORE}\n";
Index: editCSR
===================================================================
RCS file: /cvsroot/openca/openca-0.9/src/cgi-bin/cmds/editCSR,v
retrieving revision 1.2
retrieving revision 1.3
diff -C2 -d -r1.2 -r1.3
*** editCSR 23 May 2002 10:44:04 -0000 1.2
--- editCSR 31 May 2002 07:14:45 -0000 1.3
***************
*** 16,20 ****
## Get the Configuration parameters ...
my ( $ou, $ouList, $def, $op, $opCert, $info, $opStatus, $dnLabel);
! my ( $sigStatus, $signer, $signature, $myCN, $myEmail, @myDnInfo, $subjectAltName );
my ( @opCertList, $reqDataTable, @cols, $opCert, $serLink, $lnk, $sigInfo );
my ( %labels, @values, $role );
--- 16,20 ----
## Get the Configuration parameters ...
my ( $ou, $ouList, $def, $op, $opCert, $info, $opStatus, $dnLabel);
! my ( $sigStatus, $signer, $signature, $myCN, $myEmail, @myDnInfo, $subject, $subjectAltName );
my ( @opCertList, $reqDataTable, @cols, $opCert, $serLink, $lnk, $sigInfo );
my ( %labels, @values, $role );
***************
*** 22,25 ****
--- 22,26 ----
my $key = $query->param('key');
+ my $dataType = $query->param('dataType');
## Required Configuration Key
***************
*** 44,48 ****
$page = $query->subVar( $page, '@CMDSPANEL@', $tools->getFile("$cmdsPanel") );
! my $req = $db->getItem( DATATYPE=>"PENDING_REQUEST", KEY=>$key );
configError ("Request not present in DB or the status of the request was changed!" ) if ( not $req );
--- 45,49 ----
$page = $query->subVar( $page, '@CMDSPANEL@', $tools->getFile("$cmdsPanel") );
! my $req = $db->getItem( DATATYPE=>$dataType, KEY=>$key );
configError ("Request not present in DB or the status of the request was changed!" ) if ( not $req );
***************
*** 100,104 ****
if ( $parsed_req->{TYPE} =~ /with .*? Signature/i ) {
! $lnk = new CGI({cmd=>"viewSignature", dataType=>"PENDING_REQUEST", key=>$key});
if( libCheckSignature( OBJECT=>$req ) ) {
$tmp = $query->img({src=>getRequired ('ValidSigImage'),
--- 101,105 ----
if ( $parsed_req->{TYPE} =~ /with .*? Signature/i ) {
! $lnk = new CGI({cmd=>"viewSignature", dataType=>$dataType, key=>$key});
if( libCheckSignature( OBJECT=>$req ) ) {
$tmp = $query->img({src=>getRequired ('ValidSigImage'),
***************
*** 116,130 ****
}
! my ( $subjArea, $certType, $reason );
!
! $tmp = $parsed_req->{DN};
! $tmp =~ s/(\,|\/)\s*/\n/g;
! $subjArea = $query->newInput( -regx=>'*',
-intype=>'textarea',
-name=>'subj',
-rows=>6,
-columns=>35,
! -default=>$tmp);
$subjectAltName = $query->newInput( -regx=>'*',
--- 117,134 ----
}
! ## get the subject
! if ($req->getParsed()->{HEADER}->{SUBJ}) {
! $subject = $req->getParsed()->{HEADER}->{SUBJ};
! } else {
! $subject = $req->getParsed()->{DN};
! }
! $subject =~ s/,\s*/\n/g;
! $subject = $query->newInput( -regx=>'*',
-intype=>'textarea',
-name=>'subj',
-rows=>6,
-columns=>35,
! -default=>$subject);
$subjectAltName = $query->newInput( -regx=>'*',
***************
*** 163,167 ****
[ "<B>Subject alternative name:</B>", $subjectAltName ]);
$reqDataTable .=$query->addTableLine(DATA=>
! [ "<B>Subject:</B>", $subjArea ]);
$reqDataTable .=$query->addTableLine(DATA=>
["<B>Role:</B>",
--- 167,171 ----
[ "<B>Subject alternative name:</B>", $subjectAltName ]);
$reqDataTable .=$query->addTableLine(DATA=>
! [ "<B>Subject:</B>", $subject ]);
$reqDataTable .=$query->addTableLine(DATA=>
["<B>Role:</B>",
***************
*** 183,187 ****
$page = $query->subVar( $page, '@KEY@', $dbKey );
! $page = $query->subVar( $page, '@DATATYPE@',"PENDING_REQUEST" );
$page = $query->subVar( $page, '@REQDATA@', $reqDataTable );
--- 187,191 ----
$page = $query->subVar( $page, '@KEY@', $dbKey );
! $page = $query->subVar( $page, '@DATATYPE@',$dataType );
$page = $query->subVar( $page, '@REQDATA@', $reqDataTable );
Index: viewCSR
===================================================================
RCS file: /cvsroot/openca/openca-0.9/src/cgi-bin/cmds/viewCSR,v
retrieving revision 1.4
retrieving revision 1.5
diff -C2 -d -r1.4 -r1.5
*** viewCSR 28 May 2002 07:05:02 -0000 1.4
--- viewCSR 31 May 2002 07:14:45 -0000 1.5
***************
*** 16,20 ****
## Get the Configuration parameters ...
my ( $ou, $ouList, $def, $op, $opCert, $info, $opStatus, $dnLabel);
! my ( $sigStatus, $signer, $signature, $myCN, $myEmail, @myDnInfo, $subjectAltName );
my ( @opCertList, $reqDataTable, @cols, $opCert, $serLink, $lnk, $sigInfo );
my ( %labels, @values, $role );
--- 16,20 ----
## Get the Configuration parameters ...
my ( $ou, $ouList, $def, $op, $opCert, $info, $opStatus, $dnLabel);
! my ( $sigStatus, $signer, $signature, $myRenew, $myCN, $myEmail, @myDnInfo, $subjectAltName );
my ( @opCertList, $reqDataTable, @cols, $opCert, $serLink, $lnk, $sigInfo );
my ( %labels, @values, $role );
***************
*** 52,57 ****
$cmdsPanel = "$includeDir/archived_cmds.inc";
$reqDesc = "$txtDir/archivied_desc.txt";
} else {
! configError ( "Invalid or missing dataType ($dataType) !");
}
--- 52,87 ----
$cmdsPanel = "$includeDir/archived_cmds.inc";
$reqDesc = "$txtDir/archivied_desc.txt";
+ } elsif ( $dataType eq "REQUEST" ) {
+ ## try to determine the datatype
+ if ($db->getItem ( DATATYPE => "ARCHIVIED_REQUEST", KEY => $key )) {
+ $dataType = "ARCHIVIED_REQUEST";
+ $reqStatus = "Archivied Request";
+ $cmdsPanel = "$includeDir/archived_cmds.inc";
+ $reqDesc = "$txtDir/archivied_desc.txt";
+ } elsif ($db->getItem ( DATATYPE => "APPROVED_REQUEST", KEY => $key )) {
+ $dataType = "APPROVED_REQUEST";
+ $reqStatus = "Approved Request";
+ $cmdsPanel = "$includeDir/approved_cmds.inc";
+ $reqDesc = "$txtDir/approved_desc.txt";
+ } elsif ($db->getItem ( DATATYPE => "DELETED_REQUEST", KEY => $key )) {
+ $dataType = "DELETED_REQUEST";
+ $reqStatus = "Deleted Request";
+ $cmdsPanel = "$includeDir/deleted_cmds.inc";
+ $reqDesc = "$txtDir/deleted_desc.txt";
+ } elsif ($db->getItem ( DATATYPE => "RENEW_REQUEST", KEY => $key )) {
+ $dataType = "RENEW_REQUEST";
+ $reqStatus = "Renewal Request Waiting for Approval";
+ $cmdsPanel = "$includeDir/pending_cmds.inc";
+ $reqDesc = "$txtDir/pending_desc.txt";
+ } elsif ($db->getItem ( DATATYPE => "PENDING_REQUEST", KEY => $key )) {
+ $dataType = "PENDING_REQUEST";
+ $reqStatus = "Waiting for Approval";
+ $cmdsPanel = "$includeDir/pending_cmds.inc";
+ $reqDesc = "$txtDir/pending_desc.txt";
+ } else {
+ configError ( "Cannot determine status of this request!");
+ }
} else {
! configError ( "Invalid dataType ($dataType) !");
}
***************
*** 67,71 ****
my $req = $db->getItem( DATATYPE=>$dataType, KEY=>$key );
! configError ("Request not present in DB or the status of the request was changed!" ) if ( not $req );
## Get the parsed Request
--- 97,101 ----
my $req = $db->getItem( DATATYPE=>$dataType, KEY=>$key );
! configError ("Request $key not present in DB or the status of the $reqStatus was changed!" ) if ( not $req );
## Get the parsed Request
***************
*** 85,88 ****
--- 115,119 ----
$header .= "RA = $parsed_req->{HEADER}->{RA}\n";
$header .= "SERIAL = ".$req->getSerial()."\n";
+ $header .= "RENEW = ".$parsed_req->{HEADER}->{RENEW}."\n" if ($parsed_req->{HEADER}->{RENEW});
$header .= "OPERATOR = $parsed_req->{HEADER}->{OPERATOR}\n";
$header .= "NOTBEFORE = $parsed_req->{HEADER}->{NOTBEFORE}\n";
***************
*** 163,166 ****
--- 194,205 ----
######################################
+ if ( $req->getParsed()->{HEADER}->{RENEW} ) {
+ $lnk = new CGI({cmd=>"viewCSR", dataType=>"REQUEST",
+ key=>$req->getParsed()->{HEADER}->{RENEW}});
+ $myRenew = $lnk->a({-href=>$lnk->self_url()}, $req->getParsed()->{HEADER}->{RENEW});
+ } else {
+ $myRenew = "";
+ }
+
if ( $req->getParsed()->{DN_HASH}->{CN}[0] ne "" ) {
$lnk = new CGI({cmd=>"search", dataType=>"CERTIFICATE",
***************
*** 247,250 ****
--- 286,291 ----
$reqDataTable .=$query->addTableLine(DATA=>[ "<B>Serial Number:</B>",
($req->getSerial() or "n/a") ]);
+ $reqDataTable .=$query->addTableLine(DATA=>[ "<B>Renewed from:</B>", $myRenew ])
+ if ($myRenew);
$reqDataTable .=$query->addTableLine(DATA=>["<B>Request Type:</B>",
($parsed_req->{TYPE} or "n/a") ]);
|