Menu
▾
▴
openxpki-svn — SVN commit and bug tracking list
You can subscribe to this list here.
| 2006 |
Jan
|
Feb
|
Mar
|
Apr
|
May
(45) |
Jun
(49) |
Jul
(69) |
Aug
(58) |
Sep
(62) |
Oct
(31) |
Nov
(53) |
Dec
(35) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2007 |
Jan
(61) |
Feb
(40) |
Mar
(25) |
Apr
(73) |
May
(71) |
Jun
(104) |
Jul
(53) |
Aug
(44) |
Sep
(21) |
Oct
(71) |
Nov
(63) |
Dec
(43) |
| 2008 |
Jan
(20) |
Feb
(26) |
Mar
(18) |
Apr
(35) |
May
(11) |
Jun
(10) |
Jul
(59) |
Aug
(62) |
Sep
(13) |
Oct
(3) |
Nov
(22) |
Dec
(13) |
| 2009 |
Jan
(25) |
Feb
(12) |
Mar
(20) |
Apr
(30) |
May
(17) |
Jun
(10) |
Jul
(1) |
Aug
(2) |
Sep
(2) |
Oct
|
Nov
(1) |
Dec
(15) |
| 2010 |
Jan
(9) |
Feb
(2) |
Mar
(10) |
Apr
(20) |
May
(2) |
Jun
|
Jul
|
Aug
(4) |
Sep
(1) |
Oct
(1) |
Nov
(2) |
Dec
(6) |
| 2011 |
Jan
|
Feb
|
Mar
(4) |
Apr
(3) |
May
(5) |
Jun
|
Jul
(6) |
Aug
(13) |
Sep
(3) |
Oct
(1) |
Nov
(1) |
Dec
(1) |
| 2012 |
Jan
(1) |
Feb
(6) |
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2019 |
Jan
|
Feb
|
Mar
|
Apr
(1) |
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2021 |
Jan
|
Feb
(1) |
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|
From: Artur W. <Art...@vi...> - 2021-02-22 00:57:50
|
Hi OpenXPKI Team! I am playing around with your EST implementation, currently trying to understand CSR Attributes function / configuration part So this is what I get: root@est-virtual-machine:~# curl https://pki.example.com:443/.well-known/est/csrattrs --cacert RootCA.crt | openssl base64 -d -A | openssl asn1parse -inform DER % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 56 100 56 0 0 186 0 --:--:-- --:--:-- --:--:-- 186 0:d=0 hl=2 l= 38 cons: SEQUENCE 2:d=1 hl=2 l= 7 prim: OBJECT :1.3.6.1.1.1.1.22 11:d=1 hl=2 l= 9 prim: OBJECT :emailAddress 22:d=1 hl=2 l= 5 prim: OBJECT :secp384r1 29:d=1 hl=2 l= 9 prim: OBJECT :sha384 first thing what I wanted to do is change emailAddress to macAddress, however, after making the change here /etc/openxpki/config.d/realm/democa/workflow/def/est_csrattrs.yaml I get an error root@est-virtual-machine:~# curl https://est.vatest.com:443/.well-known/est/csrattrs --cacert RootCA.crt | openssl base64 -d -A | openssl asn1parse -inform DER % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 Error: offset out of range root@est:~# ==> /var/log/apache2/error.log <== [Sun Feb 21 23:54:52.075064 2021] [fcgid:warn] [pid 1675:tid 139667566380800] [client 10.100.235.53:50180] mod_fcgid: stderr: [Sun Feb 21 23:54:52 2021] est.fcgi: Use of uninitialized value $out in substitution (s///) at /usr/lib/cgi-bin/est.fcgi line 307. [Sun Feb 21 23:54:52.075145 2021] [fcgid:warn] [pid 1675:tid 139667566380800] [client 10.100.235.53:50180] mod_fcgid: stderr: [Sun Feb 21 23:54:52 2021] est.fcgi: Use of uninitialized value $out in substitution (s///) at /usr/lib/cgi-bin/est.fcgi line 307. ==> /var/log/apache2/other_vhosts_access.log <== est.vetest.com:443 10.100.235.53 - - [21/Feb/2021:23:54:51 +0000] "GET /.well-known/est/csrattrs HTTP/1.1" 200 4698 "-" "curl/7.68.0" so it simply breaks after manipulating emailAddress I would like to know how I can modify / add more attributes? What is the correct syntax? For example, I would like to add this OID value: 1.2.840.113549.1.9.7 OID description: Challenge Password attribute for use in signatures. /etc/openxpki/config.d/realm/democa/workflow/def/est_csrattrs.yaml [...] param: target_key: output oidlist: | 1.3.6.1.1.1.1.22 macAddress secp384r1 sha384 oidlist: | ?? 1.2.840.113549.1.9.7 ?? ?? So far I haven't tested enrolment yet, still exploring/learning EST so these will be just a blind shot questions; how these attributes are enforced? Do I need to create a policy? I guess, Server needs to verify presence of these attributes before proceeding with authentication/ enrolment? Can these additional attributes be thighed up with "individual" usernames/passwords in form of SQL table that is used for http authentication? Could you provide some additional explanation on this please. _____________________________________________________________ Regards, Artur |
|
From: Francisco B. O. <bar...@te...> - 2019-04-13 09:53:30
|
When adding the schema schema-mysql.sql to the database during installation thie error prompts ERROR 1068 <42000> at line 226: Multiple primary keydedfined I'm installing it in Debian jessie (over vagrant) Thanks for the answer |
|
From: <dj...@us...> - 2012-02-24 20:26:56
|
Revision: 1591
http://openxpki.svn.sourceforge.net/openxpki/?rev=1591&view=rev
Author: djulia
Date: 2012-02-24 20:26:49 +0000 (Fri, 24 Feb 2012)
Log Message:
-----------
perl-5.14 patch
Example of how to follow new syntax requirements.
Works in older perls too.
Modified Paths:
--------------
trunk/clients/perl/OpenXPKI-Client-HTML-Mason/htdocs/autohandler
Modified: trunk/clients/perl/OpenXPKI-Client-HTML-Mason/htdocs/autohandler
===================================================================
--- trunk/clients/perl/OpenXPKI-Client-HTML-Mason/htdocs/autohandler 2012-02-24 20:23:41 UTC (rev 1590)
+++ trunk/clients/perl/OpenXPKI-Client-HTML-Mason/htdocs/autohandler 2012-02-24 20:26:49 UTC (rev 1591)
@@ -216,7 +216,7 @@
</script>
<div>
% my $urls;
-% foreach my $lang qw( en ru de ) {
+% foreach my $lang (qw( en ru de )) {
% $urls->{$lang} = $current_url;
% }
% $urls->{'en'} =~ s/__language=[^;]*/__language=en_US/;
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <dj...@us...> - 2012-02-24 20:23:48
|
Revision: 1590
http://openxpki.svn.sourceforge.net/openxpki/?rev=1590&view=rev
Author: djulia
Date: 2012-02-24 20:23:41 +0000 (Fri, 24 Feb 2012)
Log Message:
-----------
utf-8 Ansatz
Example of treating utf-8 data.
Solves a problem about generating SPKAC CSR as reported by Oliver.
Modified Paths:
--------------
trunk/clients/perl/OpenXPKI-Client-HTML-Mason/htdocs/service/create_csr/create_workflow.mhtml
trunk/clients/perl/OpenXPKI-Client-HTML-Mason/htdocs/service/create_csr/get_spkac.mhtml
trunk/clients/perl/OpenXPKI-Client-HTML-Mason/htdocs/service/create_csr/get_subject.mhtml
Modified: trunk/clients/perl/OpenXPKI-Client-HTML-Mason/htdocs/service/create_csr/create_workflow.mhtml
===================================================================
--- trunk/clients/perl/OpenXPKI-Client-HTML-Mason/htdocs/service/create_csr/create_workflow.mhtml 2012-02-17 17:47:27 UTC (rev 1589)
+++ trunk/clients/perl/OpenXPKI-Client-HTML-Mason/htdocs/service/create_csr/create_workflow.mhtml 2012-02-24 20:23:41 UTC (rev 1590)
@@ -26,7 +26,11 @@
$params{"cert_role"} = $role if (defined $role);
$params{"cert_profile"} = $profile if (defined $profile);
$params{"cert_subject_style"} = $subject_style if (defined $subject_style);
- $params{"cert_subject_parts"} = $ser->serialize($subject_parts) if (defined $subject_parts);
+ if (defined $subject_parts) {
+ my $cert_subject_parts = $ser->serialize($subject_parts);
+ Encode::_utf8_on($cert_subject_parts);
+ $params{"cert_subject_parts"} = $cert_subject_parts;
+ }
$params{"cert_subject_alt_name_parts"} = $ser->serialize($subject_alt_name_parts) if (defined $subject_alt_name_parts);
$params{"cert_info"} = $ser->serialize($info) if (defined $info);
$params{"spkac"} = $spkac if (defined $spkac);
@@ -67,4 +71,5 @@
<%once>
use OpenXPKI::Serialization::Simple;
my $ser = OpenXPKI::Serialization::Simple->new();
+ use Encode;
</%once>
Modified: trunk/clients/perl/OpenXPKI-Client-HTML-Mason/htdocs/service/create_csr/get_spkac.mhtml
===================================================================
--- trunk/clients/perl/OpenXPKI-Client-HTML-Mason/htdocs/service/create_csr/get_spkac.mhtml 2012-02-17 17:47:27 UTC (rev 1589)
+++ trunk/clients/perl/OpenXPKI-Client-HTML-Mason/htdocs/service/create_csr/get_spkac.mhtml 2012-02-24 20:23:41 UTC (rev 1590)
@@ -39,7 +39,9 @@
$subject_alt_name_parts->{$key} = $m->request_args()->{$key};
}
elsif ($key =~ m{ \A cert_subject_ }xms) {
- $subject_parts->{$key} = $m->request_args()->{$key};
+ my $subject_part_value = $m->request_args()->{$key};
+ Encode::_utf8_on($subject_part_value);
+ $subject_parts->{$key} = $subject_part_value;
}
elsif ($key =~ s{ \A additional_info_ }{}xms) {
$info->{$key} = $m->request_args()->{'additional_info_' . $key};
@@ -73,3 +75,6 @@
## ok we have to display the whole stuff
</%init>
+<%once>
+ use Encode;
+</%once>
Modified: trunk/clients/perl/OpenXPKI-Client-HTML-Mason/htdocs/service/create_csr/get_subject.mhtml
===================================================================
--- trunk/clients/perl/OpenXPKI-Client-HTML-Mason/htdocs/service/create_csr/get_subject.mhtml 2012-02-17 17:47:27 UTC (rev 1589)
+++ trunk/clients/perl/OpenXPKI-Client-HTML-Mason/htdocs/service/create_csr/get_subject.mhtml 2012-02-24 20:23:41 UTC (rev 1590)
@@ -164,7 +164,9 @@
my $req_args = {};
foreach my $key (keys %{ $m->request_args() }) {
if ($key =~ m{ \A cert_subject_ }xms) {
- $subject_parts->{$key} = $m->request_args()->{$key};
+ my $subject_part_value = $m->request_args()->{$key};
+ Encode::_utf8_on($subject_part_value);
+ $subject_parts->{$key} = $subject_part_value;
}
$req_args->{$key} = $m->request_args()->{$key};
}
@@ -281,3 +283,6 @@
###############################
</%init>
+<%once>
+ use Encode;
+</%once>
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <sv...@us...> - 2012-02-17 17:47:37
|
Revision: 1589
http://openxpki.svn.sourceforge.net/openxpki/?rev=1589&view=rev
Author: svysh
Date: 2012-02-17 17:47:27 +0000 (Fri, 17 Feb 2012)
Log Message:
-----------
Freebsd package kitchen: typo fix
Modified Paths:
--------------
www.openxpki.org/trunk/htdocs/download/freebsd.html
www.openxpki.org/trunk/src/htdocs/download/freebsd.html
Modified: www.openxpki.org/trunk/htdocs/download/freebsd.html
===================================================================
--- www.openxpki.org/trunk/htdocs/download/freebsd.html 2012-02-16 10:36:49 UTC (rev 1588)
+++ www.openxpki.org/trunk/htdocs/download/freebsd.html 2012-02-17 17:47:27 UTC (rev 1589)
@@ -122,7 +122,7 @@
<a href="http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/ports-using.html">
a FreeBSD Handbook</a>.
</li><li>
-<tt>cd /usr/ports/ports-mgmt/portupgrade && make reinstall clean</tt><br/>
+<tt>cd /usr/ports/ports-mgmt/portmaster && make reinstall clean</tt><br/>
<tt>/usr/local/sbin/portmaster security/p5-openxpki-client-html-mason</tt><br/>
<tt>/usr/local/sbin/portmaster security/p5-openxpki-deployment</tt><br/>
<tt>/usr/local/sbin/portmaster security/p5-openxpki-i18n</tt><br/>
@@ -196,8 +196,8 @@
</div> <!-- content -->
<div id="footer">
- Last modified by svysh on Mon Feb 13 13:31:32 UTC 2012
- (based on rev. 1583). © 2005 - 2009 OpenXPKI Foundation
+ Last modified by svysh on Fri Feb 17 17:46:12 UTC 2012
+ (based on rev. 1586). © 2005 - 2009 OpenXPKI Foundation
</div> <!-- footer -->
Modified: www.openxpki.org/trunk/src/htdocs/download/freebsd.html
===================================================================
--- www.openxpki.org/trunk/src/htdocs/download/freebsd.html 2012-02-16 10:36:49 UTC (rev 1588)
+++ www.openxpki.org/trunk/src/htdocs/download/freebsd.html 2012-02-17 17:47:27 UTC (rev 1589)
@@ -80,7 +80,7 @@
path => '/doc/en_US.ISO8859-1/books/handbook/ports-using.html' &>">
a FreeBSD Handbook</a>.
</li><li>
-<tt>cd /usr/ports/ports-mgmt/portupgrade && make reinstall clean</tt><br/>
+<tt>cd /usr/ports/ports-mgmt/portmaster && make reinstall clean</tt><br/>
<tt>/usr/local/sbin/portmaster security/p5-openxpki-client-html-mason</tt><br/>
<tt>/usr/local/sbin/portmaster security/p5-openxpki-deployment</tt><br/>
<tt>/usr/local/sbin/portmaster security/p5-openxpki-i18n</tt><br/>
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <mba...@us...> - 2012-02-16 10:37:00
|
Revision: 1588
http://openxpki.svn.sourceforge.net/openxpki/?rev=1588&view=rev
Author: mbartosch
Date: 2012-02-16 10:36:49 +0000 (Thu, 16 Feb 2012)
Log Message:
-----------
Fixed bug in SQL abstraction
Handling for the VALID_AT constraint in the select method contained
a problem when querying single tables.
According to the documentation for this constraint the argument may be
one of the following:
1. single table query:
- SCALAR (single point in time)
- ARRAYREF (multiple points in time)
2. join query across multiple tables
- ARRAYREF containing entries for each single joined table
- each containing SCALAR or ARRAYREF, see 1.
Modified Paths:
--------------
trunk/perl-modules/core/trunk/OpenXPKI/Server/DBI/SQL.pm
Modified: trunk/perl-modules/core/trunk/OpenXPKI/Server/DBI/SQL.pm
===================================================================
--- trunk/perl-modules/core/trunk/OpenXPKI/Server/DBI/SQL.pm 2012-02-13 16:26:19 UTC (rev 1587)
+++ trunk/perl-modules/core/trunk/OpenXPKI/Server/DBI/SQL.pm 2012-02-16 10:36:49 UTC (rev 1588)
@@ -840,6 +840,22 @@
##
# handle validity for joins
if (defined $args->{VALID_AT}) {
+ # according to the documentation for this constraint it may be
+ # one of the following
+ # 1. single table query:
+ # - SCALAR (single point in time)
+ # - ARRAYREF (multiple points in time)
+ # 2. join query across multiple tables
+ # - ARRAYREF containing entries for each single joined table
+ # - each containing SCALAR or ARRAYREF, see 1.
+ # hence for single table queries we need to wrap the argument
+ # in an arrayref to prepare the input for generalized processing
+ # below
+ if (scalar(@symbolic_select_tables) == 1) {
+ $args->{VALID_AT} = [ $args->{VALID_AT} ];
+ }
+
+ # sanity checks
if (ref $args->{VALID_AT} ne 'ARRAY') {
OpenXPKI::Exception->throw (
message => "I18N_OPENXPKI_SERVER_DBI_SQL_SELECT_INCORRECT_VALIDITY_SPECIFICATION_TYPE_FOR_JOIN");
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <mba...@us...> - 2012-02-13 16:26:25
|
Revision: 1587
http://openxpki.svn.sourceforge.net/openxpki/?rev=1587&view=rev
Author: mbartosch
Date: 2012-02-13 16:26:19 +0000 (Mon, 13 Feb 2012)
Log Message:
-----------
added missing file in client
the missing file caused a display bug that triggered when raising
a revocation request from the "Create revocation request" menu.
Modified Paths:
--------------
trunk/clients/perl/OpenXPKI-Client-HTML-Mason/MANIFEST
Modified: trunk/clients/perl/OpenXPKI-Client-HTML-Mason/MANIFEST
===================================================================
--- trunk/clients/perl/OpenXPKI-Client-HTML-Mason/MANIFEST 2012-02-13 13:32:34 UTC (rev 1586)
+++ trunk/clients/perl/OpenXPKI-Client-HTML-Mason/MANIFEST 2012-02-13 16:26:19 UTC (rev 1587)
@@ -172,6 +172,7 @@
htdocs/service/create_crr/form.html
htdocs/service/create_crr/error.mhtml
htdocs/service/create_crr/success.mhtml
+htdocs/service/create_crr/cert_info.html
htdocs/service/smartcard_personalization/index.html
htdocs/service/smartcard_personalization/waiting_for_issuance.mhtml
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <sv...@us...> - 2012-02-13 13:32:45
|
Revision: 1586
http://openxpki.svn.sourceforge.net/openxpki/?rev=1586&view=rev
Author: svysh
Date: 2012-02-13 13:32:34 +0000 (Mon, 13 Feb 2012)
Log Message:
-----------
Fix freebsd kitchen stuff
Modified Paths:
--------------
www.openxpki.org/trunk/htdocs/download/freebsd.html
www.openxpki.org/trunk/src/htdocs/download/freebsd.html
Modified: www.openxpki.org/trunk/htdocs/download/freebsd.html
===================================================================
--- www.openxpki.org/trunk/htdocs/download/freebsd.html 2012-01-16 10:05:03 UTC (rev 1585)
+++ www.openxpki.org/trunk/htdocs/download/freebsd.html 2012-02-13 13:32:34 UTC (rev 1586)
@@ -123,9 +123,9 @@
a FreeBSD Handbook</a>.
</li><li>
<tt>cd /usr/ports/ports-mgmt/portupgrade && make reinstall clean</tt><br/>
-<tt>/usr/local/sbin/portupgrade -NrR security/p5-openxpki-client-html-mason</tt><br/>
-<tt>/usr/local/sbin/portupgrade -NrR security/p5-openxpki-deployment</tt><br/>
-<tt>/usr/local/sbin/portupgrade -NrR security/p5-openxpki-i18n</tt><br/>
+<tt>/usr/local/sbin/portmaster security/p5-openxpki-client-html-mason</tt><br/>
+<tt>/usr/local/sbin/portmaster security/p5-openxpki-deployment</tt><br/>
+<tt>/usr/local/sbin/portmaster security/p5-openxpki-i18n</tt><br/>
(Appropriate tarballs of openxpki will be fetched automatically.
Alternatively, you can fetch tarballs of openxpki by hand
and place them into <tt>/usr/ports/distfiles/openxpki/</tt>)
@@ -196,8 +196,8 @@
</div> <!-- content -->
<div id="footer">
- Last modified by svysh on Sun Oct 9 22:51:15 UTC 2011
- (based on rev. 1582). © 2005 - 2009 OpenXPKI Foundation
+ Last modified by svysh on Mon Feb 13 13:31:32 UTC 2012
+ (based on rev. 1583). © 2005 - 2009 OpenXPKI Foundation
</div> <!-- footer -->
Modified: www.openxpki.org/trunk/src/htdocs/download/freebsd.html
===================================================================
--- www.openxpki.org/trunk/src/htdocs/download/freebsd.html 2012-01-16 10:05:03 UTC (rev 1585)
+++ www.openxpki.org/trunk/src/htdocs/download/freebsd.html 2012-02-13 13:32:34 UTC (rev 1586)
@@ -81,9 +81,9 @@
a FreeBSD Handbook</a>.
</li><li>
<tt>cd /usr/ports/ports-mgmt/portupgrade && make reinstall clean</tt><br/>
-<tt>/usr/local/sbin/portupgrade -NrR security/p5-openxpki-client-html-mason</tt><br/>
-<tt>/usr/local/sbin/portupgrade -NrR security/p5-openxpki-deployment</tt><br/>
-<tt>/usr/local/sbin/portupgrade -NrR security/p5-openxpki-i18n</tt><br/>
+<tt>/usr/local/sbin/portmaster security/p5-openxpki-client-html-mason</tt><br/>
+<tt>/usr/local/sbin/portmaster security/p5-openxpki-deployment</tt><br/>
+<tt>/usr/local/sbin/portmaster security/p5-openxpki-i18n</tt><br/>
(Appropriate tarballs of openxpki will be fetched automatically.
Alternatively, you can fetch tarballs of openxpki by hand
and place them into <tt>/usr/ports/distfiles/openxpki/</tt>)
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <mba...@us...> - 2012-01-16 10:05:13
|
Revision: 1585
http://openxpki.svn.sourceforge.net/openxpki/?rev=1585&view=rev
Author: mbartosch
Date: 2012-01-16 10:05:03 +0000 (Mon, 16 Jan 2012)
Log Message:
-----------
Fixed wrong sub call get_parsed -> get_parsed_ref
Modified Paths:
--------------
trunk/perl-modules/core/trunk/OpenXPKI/Server/Workflow/Activity/Tools/ParseCertificate.pm
Modified: trunk/perl-modules/core/trunk/OpenXPKI/Server/Workflow/Activity/Tools/ParseCertificate.pm
===================================================================
--- trunk/perl-modules/core/trunk/OpenXPKI/Server/Workflow/Activity/Tools/ParseCertificate.pm 2011-12-07 14:08:28 UTC (rev 1584)
+++ trunk/perl-modules/core/trunk/OpenXPKI/Server/Workflow/Activity/Tools/ParseCertificate.pm 2012-01-16 10:05:03 UTC (rev 1585)
@@ -52,7 +52,7 @@
DATA => $certificate,
);
- my $x509_parsed = $x509->get_parsed();
+ my $x509_parsed = $x509->get_parsed_ref();
foreach my $key (keys %cert_attrmap) {
if (! exists $x509_parsed->{BODY}->{$key}) {
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <bel...@us...> - 2011-12-07 14:08:38
|
Revision: 1584
http://openxpki.svn.sourceforge.net/openxpki/?rev=1584&view=rev
Author: bellmich
Date: 2011-12-07 14:08:28 +0000 (Wed, 07 Dec 2011)
Log Message:
-----------
added / to <br>
This fixes an error reported by the W3C XHTML validator.
Modified Paths:
--------------
www.openxpki.org/trunk/htdocs/index.html
www.openxpki.org/trunk/src/htdocs/index.html
Modified: www.openxpki.org/trunk/htdocs/index.html
===================================================================
--- www.openxpki.org/trunk/htdocs/index.html 2011-10-09 22:52:21 UTC (rev 1583)
+++ www.openxpki.org/trunk/htdocs/index.html 2011-12-07 14:08:28 UTC (rev 1584)
@@ -72,7 +72,7 @@
<p>
OpenXPKI runs on most Unix-like operating system (verified on
FreeBSD, Linux, Solaris/OpenSolaris and Mac OS X).<br/>
- Database backends exist for MySQL, PostgreSQL, Oracle and DB2.<br>
+ Database backends exist for MySQL, PostgreSQL, Oracle and DB2.<br/>
OpenXPKI also integrates with the
<a href="http://bestpractical.com/rt/">RT Request Tracker</a> and
supports nCipher's nShield Hardware Security Modules.
Modified: www.openxpki.org/trunk/src/htdocs/index.html
===================================================================
--- www.openxpki.org/trunk/src/htdocs/index.html 2011-10-09 22:52:21 UTC (rev 1583)
+++ www.openxpki.org/trunk/src/htdocs/index.html 2011-12-07 14:08:28 UTC (rev 1584)
@@ -27,7 +27,7 @@
<p>
OpenXPKI runs on most Unix-like operating system (verified on
FreeBSD, Linux, Solaris/OpenSolaris and Mac OS X).<br/>
- Database backends exist for MySQL, PostgreSQL, Oracle and DB2.<br>
+ Database backends exist for MySQL, PostgreSQL, Oracle and DB2.<br/>
OpenXPKI also integrates with the
<a href="http://bestpractical.com/rt/">RT Request Tracker</a> and
supports nCipher's nShield Hardware Security Modules.
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: SourceForge.net <no...@so...> - 2011-11-10 14:41:25
|
Bugs item #3436119, was opened at 2011-11-10 06:41 Message generated for change (Tracker Item Submitted) made by oliwel You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=776757&aid=3436119&group_id=150124 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: Workflow Group: None Status: Open Resolution: None Priority: 3 Private: No Submitted By: Oliver Welter (oliwel) Assigned to: Nobody/Anonymous (nobody) Summary: Frontend Error on CSR with Server Side KeyGeneration Initial Comment: The workflow I18N_OPENXPKI_WF_TYPE_CERTIFICATE_SIGNING_REQUEST results in a frontend error message when server side key generation is used. At the last step, after entering the key secret, you get an error sayig { 'LABEL' => 'I18N_OPENXPKI_SERVER_API_INVALID_PARAMETER', 'PARAMS' => { '__ERROR__' => 'The \'WORKFLOW\' parameter (undef) to OpenXPKI::Server::API::__ANON__ was an \'undef\', which is not one of the allowed types: scalar ' } } . However, the key and csr is usable in the database and can be approved/issued, so it looks like a frontend only issue. The opemnxpki.log does not show some useful information on the error. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=776757&aid=3436119&group_id=150124 |
|
From: <sv...@us...> - 2011-10-09 22:52:27
|
Revision: 1583
http://openxpki.svn.sourceforge.net/openxpki/?rev=1583&view=rev
Author: svysh
Date: 2011-10-09 22:52:21 +0000 (Sun, 09 Oct 2011)
Log Message:
-----------
Last Midnight Snapshot generator is back
Modified Paths:
--------------
www.openxpki.org/trunk/htdocs/download/freebsd.html
www.openxpki.org/trunk/htdocs/download/index.html
www.openxpki.org/trunk/src/htdocs/download/freebsd.html
www.openxpki.org/trunk/src/htdocs/download/index.html
Modified: www.openxpki.org/trunk/htdocs/download/freebsd.html
===================================================================
--- www.openxpki.org/trunk/htdocs/download/freebsd.html 2011-09-12 18:40:53 UTC (rev 1582)
+++ www.openxpki.org/trunk/htdocs/download/freebsd.html 2011-10-09 22:52:21 UTC (rev 1583)
@@ -144,13 +144,11 @@
in ALL (stable, current, legacy) versions of FreeBSD.
</p>
-<!--
<h2>Ports for Last Midnight Snapshot of the OpenXPKI development code</h2>
<p>
Are built nightly by an intellectual script. Awailable from the
<a href="../lastmidnight/index.html">Last Midnight Snapshot page</a>.
</p>
--->
<h2>Ports for current svn snapshot of the OpenXPKI development code</h2>
<p>
@@ -198,8 +196,8 @@
</div> <!-- content -->
<div id="footer">
- Last modified by svysh on Mon Sep 12 18:36:23 UTC 2011
- (based on rev. 1361). © 2005 - 2009 OpenXPKI Foundation
+ Last modified by svysh on Sun Oct 9 22:51:15 UTC 2011
+ (based on rev. 1582). © 2005 - 2009 OpenXPKI Foundation
</div> <!-- footer -->
Modified: www.openxpki.org/trunk/htdocs/download/index.html
===================================================================
--- www.openxpki.org/trunk/htdocs/download/index.html 2011-09-12 18:40:53 UTC (rev 1582)
+++ www.openxpki.org/trunk/htdocs/download/index.html 2011-10-09 22:52:21 UTC (rev 1583)
@@ -60,7 +60,6 @@
to the SourceForge svn facility. If you are interested in the
development code you can fetch it from here.
</p>
-<!--
<p>
<a href="http://www7.openxpki.org/lastmidnight/index.html">Last Midnight Snapshot</a>.
You can get
@@ -74,7 +73,6 @@
If you notice that autogenerated tarballs are outdated
or corrupted, please report to the openxpki-users mailing list.
</p>
--->
<p>
<a href="http://sourceforge.net/project/showfiles.php?group_id=150124">Archived snapshots</a>.
Some of the intermediate snapshots are archived at SourceForge. Mainly
@@ -106,8 +104,8 @@
</div> <!-- content -->
<div id="footer">
- Last modified by svysh on Mon Sep 12 18:39:51 UTC 2011
- (based on rev. 1581). © 2005 - 2009 OpenXPKI Foundation
+ Last modified by svysh on Sun Oct 9 22:51:14 UTC 2011
+ (based on rev. 1582). © 2005 - 2009 OpenXPKI Foundation
</div> <!-- footer -->
Modified: www.openxpki.org/trunk/src/htdocs/download/freebsd.html
===================================================================
--- www.openxpki.org/trunk/src/htdocs/download/freebsd.html 2011-09-12 18:40:53 UTC (rev 1582)
+++ www.openxpki.org/trunk/src/htdocs/download/freebsd.html 2011-10-09 22:52:21 UTC (rev 1583)
@@ -102,13 +102,11 @@
in ALL (stable, current, legacy) versions of FreeBSD.
</p>
-<!--
<h2>Ports for Last Midnight Snapshot of the OpenXPKI development code</h2>
<p>
Are built nightly by an intellectual script. Awailable from the
<a href="../lastmidnight/index.html">Last Midnight Snapshot page</a>.
</p>
--->
<h2>Ports for current svn snapshot of the OpenXPKI development code</h2>
<p>
Modified: www.openxpki.org/trunk/src/htdocs/download/index.html
===================================================================
--- www.openxpki.org/trunk/src/htdocs/download/index.html 2011-09-12 18:40:53 UTC (rev 1582)
+++ www.openxpki.org/trunk/src/htdocs/download/index.html 2011-10-09 22:52:21 UTC (rev 1583)
@@ -15,7 +15,6 @@
to the SourceForge svn facility. If you are interested in the
development code you can fetch it from here.
</p>
-<!--
<p>
<a href="<& /lib/url.mas,
host => 'www7.openxpki.org',
@@ -31,7 +30,6 @@
If you notice that autogenerated tarballs are outdated
or corrupted, please report to the openxpki-users mailing list.
</p>
--->
<p>
<a href="<& /lib/url.mas,
host => 'sourceforge.net',
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <sv...@us...> - 2011-09-12 18:41:00
|
Revision: 1582
http://openxpki.svn.sourceforge.net/openxpki/?rev=1582&view=rev
Author: svysh
Date: 2011-09-12 18:40:53 +0000 (Mon, 12 Sep 2011)
Log Message:
-----------
More fix related to removal of refs to Last Midnight generator
Modified Paths:
--------------
www.openxpki.org/trunk/htdocs/download/index.html
www.openxpki.org/trunk/src/htdocs/download/index.html
Modified: www.openxpki.org/trunk/htdocs/download/index.html
===================================================================
--- www.openxpki.org/trunk/htdocs/download/index.html 2011-09-12 18:38:19 UTC (rev 1581)
+++ www.openxpki.org/trunk/htdocs/download/index.html 2011-09-12 18:40:53 UTC (rev 1582)
@@ -70,11 +70,11 @@
of the OpenXPKI development code,</li>
<li> FreeBSD ports for nightly built distribution tarballs </li>
</ul>
--->
<p>
If you notice that autogenerated tarballs are outdated
or corrupted, please report to the openxpki-users mailing list.
</p>
+-->
<p>
<a href="http://sourceforge.net/project/showfiles.php?group_id=150124">Archived snapshots</a>.
Some of the intermediate snapshots are archived at SourceForge. Mainly
@@ -106,8 +106,8 @@
</div> <!-- content -->
<div id="footer">
- Last modified by svysh on Mon Sep 12 18:36:23 UTC 2011
- (based on rev. 1361). © 2005 - 2009 OpenXPKI Foundation
+ Last modified by svysh on Mon Sep 12 18:39:51 UTC 2011
+ (based on rev. 1581). © 2005 - 2009 OpenXPKI Foundation
</div> <!-- footer -->
Modified: www.openxpki.org/trunk/src/htdocs/download/index.html
===================================================================
--- www.openxpki.org/trunk/src/htdocs/download/index.html 2011-09-12 18:38:19 UTC (rev 1581)
+++ www.openxpki.org/trunk/src/htdocs/download/index.html 2011-09-12 18:40:53 UTC (rev 1582)
@@ -27,11 +27,11 @@
of the OpenXPKI development code,</li>
<li> FreeBSD ports for nightly built distribution tarballs </li>
</ul>
--->
<p>
If you notice that autogenerated tarballs are outdated
or corrupted, please report to the openxpki-users mailing list.
</p>
+-->
<p>
<a href="<& /lib/url.mas,
host => 'sourceforge.net',
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <sv...@us...> - 2011-09-12 18:38:25
|
Revision: 1581
http://openxpki.svn.sourceforge.net/openxpki/?rev=1581&view=rev
Author: svysh
Date: 2011-09-12 18:38:19 +0000 (Mon, 12 Sep 2011)
Log Message:
-----------
Last Midnight Snapshop generator stays broken too long
Modified Paths:
--------------
www.openxpki.org/trunk/htdocs/download/freebsd.html
www.openxpki.org/trunk/htdocs/download/index.html
www.openxpki.org/trunk/src/htdocs/download/freebsd.html
www.openxpki.org/trunk/src/htdocs/download/index.html
Modified: www.openxpki.org/trunk/htdocs/download/freebsd.html
===================================================================
--- www.openxpki.org/trunk/htdocs/download/freebsd.html 2011-09-12 18:28:02 UTC (rev 1580)
+++ www.openxpki.org/trunk/htdocs/download/freebsd.html 2011-09-12 18:38:19 UTC (rev 1581)
@@ -144,11 +144,13 @@
in ALL (stable, current, legacy) versions of FreeBSD.
</p>
+<!--
<h2>Ports for Last Midnight Snapshot of the OpenXPKI development code</h2>
<p>
Are built nightly by an intellectual script. Awailable from the
<a href="../lastmidnight/index.html">Last Midnight Snapshot page</a>.
</p>
+-->
<h2>Ports for current svn snapshot of the OpenXPKI development code</h2>
<p>
@@ -196,8 +198,8 @@
</div> <!-- content -->
<div id="footer">
- Last modified by svysh on Mon Jan 26 10:36:22 UTC 2009
- (based on rev. 1361). © 2005 - 2008 OpenXPKI Foundation
+ Last modified by svysh on Mon Sep 12 18:36:23 UTC 2011
+ (based on rev. 1361). © 2005 - 2009 OpenXPKI Foundation
</div> <!-- footer -->
Modified: www.openxpki.org/trunk/htdocs/download/index.html
===================================================================
--- www.openxpki.org/trunk/htdocs/download/index.html 2011-09-12 18:28:02 UTC (rev 1580)
+++ www.openxpki.org/trunk/htdocs/download/index.html 2011-09-12 18:38:19 UTC (rev 1581)
@@ -60,6 +60,7 @@
to the SourceForge svn facility. If you are interested in the
development code you can fetch it from here.
</p>
+<!--
<p>
<a href="http://www7.openxpki.org/lastmidnight/index.html">Last Midnight Snapshot</a>.
You can get
@@ -69,6 +70,7 @@
of the OpenXPKI development code,</li>
<li> FreeBSD ports for nightly built distribution tarballs </li>
</ul>
+-->
<p>
If you notice that autogenerated tarballs are outdated
or corrupted, please report to the openxpki-users mailing list.
@@ -87,7 +89,11 @@
<li><a href="debian.html">
packages for Debian Linux (including nightly builds)</a></li>
<li><a href="freebsd.html">
- ports for FreeBSD (including nightly builds)</a></li>
+ ports for FreeBSD
+<!--
+ (including nightly builds)
+-->
+</a></li>
<li><a href="suse.html">
packages for Suse Linux</a></li>
</ul>
@@ -100,8 +106,8 @@
</div> <!-- content -->
<div id="footer">
- Last modified by svysh on Mon Jan 26 10:36:23 UTC 2009
- (based on rev. 1361). © 2005 - 2008 OpenXPKI Foundation
+ Last modified by svysh on Mon Sep 12 18:36:23 UTC 2011
+ (based on rev. 1361). © 2005 - 2009 OpenXPKI Foundation
</div> <!-- footer -->
Modified: www.openxpki.org/trunk/src/htdocs/download/freebsd.html
===================================================================
--- www.openxpki.org/trunk/src/htdocs/download/freebsd.html 2011-09-12 18:28:02 UTC (rev 1580)
+++ www.openxpki.org/trunk/src/htdocs/download/freebsd.html 2011-09-12 18:38:19 UTC (rev 1581)
@@ -102,11 +102,13 @@
in ALL (stable, current, legacy) versions of FreeBSD.
</p>
+<!--
<h2>Ports for Last Midnight Snapshot of the OpenXPKI development code</h2>
<p>
Are built nightly by an intellectual script. Awailable from the
<a href="../lastmidnight/index.html">Last Midnight Snapshot page</a>.
</p>
+-->
<h2>Ports for current svn snapshot of the OpenXPKI development code</h2>
<p>
Modified: www.openxpki.org/trunk/src/htdocs/download/index.html
===================================================================
--- www.openxpki.org/trunk/src/htdocs/download/index.html 2011-09-12 18:28:02 UTC (rev 1580)
+++ www.openxpki.org/trunk/src/htdocs/download/index.html 2011-09-12 18:38:19 UTC (rev 1581)
@@ -15,6 +15,7 @@
to the SourceForge svn facility. If you are interested in the
development code you can fetch it from here.
</p>
+<!--
<p>
<a href="<& /lib/url.mas,
host => 'www7.openxpki.org',
@@ -26,6 +27,7 @@
of the OpenXPKI development code,</li>
<li> FreeBSD ports for nightly built distribution tarballs </li>
</ul>
+-->
<p>
If you notice that autogenerated tarballs are outdated
or corrupted, please report to the openxpki-users mailing list.
@@ -48,7 +50,11 @@
packages for Debian Linux (including nightly builds)</a></li>
<li><a href="<& /lib/url.mas,
path => '/download/freebsd.html' &>">
- ports for FreeBSD (including nightly builds)</a></li>
+ ports for FreeBSD
+<!--
+ (including nightly builds)
+-->
+</a></li>
<li><a href="<& /lib/url.mas,
path => '/download/suse.html' &>">
packages for Suse Linux</a></li>
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <sv...@us...> - 2011-09-12 18:28:09
|
Revision: 1580
http://openxpki.svn.sourceforge.net/openxpki/?rev=1580&view=rev
Author: svysh
Date: 2011-09-12 18:28:02 +0000 (Mon, 12 Sep 2011)
Log Message:
-----------
WebSVN viewer at www7 goes out of service
Modified Paths:
--------------
www.openxpki.org/trunk/htdocs/resources/index.html
www.openxpki.org/trunk/src/htdocs/resources/index.html
Modified: www.openxpki.org/trunk/htdocs/resources/index.html
===================================================================
--- www.openxpki.org/trunk/htdocs/resources/index.html 2011-08-25 08:42:27 UTC (rev 1579)
+++ www.openxpki.org/trunk/htdocs/resources/index.html 2011-09-12 18:28:02 UTC (rev 1580)
@@ -75,9 +75,11 @@
<li><a href="http://openxpki.svn.sf.net/viewvc/openxpki/">
ViewVC</a>. Web viewer of the OpenXPKI's SVN repository.
Hosts at SourceForge. Updates with each commit.</li>
+<!--
<li><a href="http://www7.openxpki.org/svn/openxpki">
WebSVN</a>. Another web viewer of the OpenXPKI's SVN repository.
With RSS feed. Hosts at www7. Updates every 10 min.</li>
+-->
</ul>
<h2>Source code repository structure</h2>
<p>
@@ -141,8 +143,8 @@
</div> <!-- content -->
<div id="footer">
- Last modified by svysh on Mon Jan 26 10:36:25 UTC 2009
- (based on rev. 1315). © 2005 - 2008 OpenXPKI Foundation
+ Last modified by svysh on Mon Sep 12 18:26:17 UTC 2011
+ (based on rev. 1501). © 2005 - 2009 OpenXPKI Foundation
</div> <!-- footer -->
Modified: www.openxpki.org/trunk/src/htdocs/resources/index.html
===================================================================
--- www.openxpki.org/trunk/src/htdocs/resources/index.html 2011-08-25 08:42:27 UTC (rev 1579)
+++ www.openxpki.org/trunk/src/htdocs/resources/index.html 2011-09-12 18:28:02 UTC (rev 1580)
@@ -42,11 +42,13 @@
path => '/viewvc/openxpki/' &>">
ViewVC</a>. Web viewer of the OpenXPKI's SVN repository.
Hosts at SourceForge. Updates with each commit.</li>
+<!--
<li><a href="<& /lib/url.mas,
host => 'www7.openxpki.org',
path => '/svn/openxpki' &>">
WebSVN</a>. Another web viewer of the OpenXPKI's SVN repository.
With RSS feed. Hosts at www7. Updates every 10 min.</li>
+-->
</ul>
<h2>Source code repository structure</h2>
<p>
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <mba...@us...> - 2011-08-25 08:42:34
|
Revision: 1579
http://openxpki.svn.sourceforge.net/openxpki/?rev=1579&view=rev
Author: mbartosch
Date: 2011-08-25 08:42:27 +0000 (Thu, 25 Aug 2011)
Log Message:
-----------
jumbo update: backported workflow classes
Modified Paths:
--------------
trunk/perl-modules/core/trunk/MANIFEST
Added Paths:
-----------
trunk/perl-modules/core/trunk/OpenXPKI/Server/Workflow/Activity/SmartCard/CreateEscrowedKey.pm
trunk/perl-modules/core/trunk/OpenXPKI/Server/Workflow/Activity/SmartCard/CreatePKCS12.pm
trunk/perl-modules/core/trunk/OpenXPKI/Server/Workflow/Activity/SmartCard/IssueCert.pm
trunk/perl-modules/core/trunk/OpenXPKI/Server/Workflow/Activity/Tools/RetrieveCertificate.pm
trunk/perl-modules/core/trunk/OpenXPKI/Server/Workflow/Activity/Tools/SetContext.pm
trunk/perl-modules/core/trunk/OpenXPKI/Server/Workflow/Activity/Tools/WFArray.pm
trunk/perl-modules/core/trunk/OpenXPKI/Server/Workflow/Activity/Tools/WFHash.pm
trunk/perl-modules/core/trunk/OpenXPKI/Server/Workflow/Condition/CheckExistingCertificate.pm
trunk/perl-modules/core/trunk/OpenXPKI/Server/Workflow/Condition/DatapoolEntry.pm
trunk/perl-modules/core/trunk/OpenXPKI/Server/Workflow/Condition/WFArray.pm
trunk/perl-modules/core/trunk/OpenXPKI/Server/Workflow/Condition/WorkflowContextBulk.pm
trunk/perl-modules/core/trunk/OpenXPKI/Server/Workflow/WFObject/
trunk/perl-modules/core/trunk/OpenXPKI/Server/Workflow/WFObject/WFArray.pm
trunk/perl-modules/core/trunk/OpenXPKI/Server/Workflow/WFObject/WFHash.pm
trunk/perl-modules/core/trunk/OpenXPKI/Server/Workflow/WFObject.pm
Modified: trunk/perl-modules/core/trunk/MANIFEST
===================================================================
--- trunk/perl-modules/core/trunk/MANIFEST 2011-08-25 08:41:46 UTC (rev 1578)
+++ trunk/perl-modules/core/trunk/MANIFEST 2011-08-25 08:42:27 UTC (rev 1579)
@@ -176,6 +176,10 @@
OpenXPKI/Server/Workflow.pm
+OpenXPKI/Server/Workflow/WFObject.pm
+OpenXPKI/Server/Workflow/WFObject/WFArray.pm
+OpenXPKI/Server/Workflow/WFObject/WFHash.pm
+
OpenXPKI/Server/Workflow/Activity.pm
OpenXPKI/Server/Workflow/Activity/Skeleton.pm
@@ -206,6 +210,8 @@
OpenXPKI/Server/Workflow/Activity/Tools/Notification.pm
OpenXPKI/Server/Workflow/Activity/Tools/NotifyParentWorkflow.pm
OpenXPKI/Server/Workflow/Activity/Tools/GeneratePassword.pm
+OpenXPKI/Server/Workflow/Activity/Tools/RetrieveCertificate.pm
+OpenXPKI/Server/Workflow/Activity/Tools/SetContext.pm
OpenXPKI/Server/Workflow/Activity/Tools/ParseCertificate.pm
OpenXPKI/Server/Workflow/Activity/Tools/Datapool/GetEntry.pm
@@ -213,6 +219,8 @@
OpenXPKI/Server/Workflow/Activity/Tools/Datapool/SetEntry.pm
OpenXPKI/Server/Workflow/Activity/Tools/LDAP/GetLDAPData.pm
+OpenXPKI/Server/Workflow/Activity/Tools/WFArray.pm
+OpenXPKI/Server/Workflow/Activity/Tools/WFHash.pm
OpenXPKI/Server/Workflow/Activity/CRLIssuance/DetermineNextCA.pm
OpenXPKI/Server/Workflow/Activity/CRLIssuance/GetCRLProfile.pm
@@ -243,7 +251,11 @@
OpenXPKI/Server/Workflow/Activity/SmartCard/GetLDAPData.pm
OpenXPKI/Server/Workflow/Activity/SmartCard/PublishCertificates.pm
OpenXPKI/Server/Workflow/Activity/SmartCard/CreateServerCSR.pm
+OpenXPKI/Server/Workflow/Activity/SmartCard/CreatePKCS12.pm
+OpenXPKI/Server/Workflow/Activity/SmartCard/CreateEscrowedKey.pm
+OpenXPKI/Server/Workflow/Activity/SmartCard/IssueCert.pm
+
OpenXPKI/Server/Workflow/Persister/DBI.pm
OpenXPKI/Server/Workflow/Persister/DBI/SequenceId.pm
@@ -278,12 +290,17 @@
OpenXPKI/Server/Workflow/Condition/WorkflowCreator.pm
OpenXPKI/Server/Workflow/Condition/WorkflowContext.pm
OpenXPKI/Server/Workflow/Condition/CheckForkedWorkflowChildren.pm
+OpenXPKI/Server/Workflow/Condition/CheckExistingCertificate.pm
+OpenXPKI/Server/Workflow/Condition/WorkflowContextBulk.pm
OpenXPKI/Server/Workflow/Condition/SCEPClient.pm
OpenXPKI/Server/Workflow/Condition/SCEPClientAutoIssuance.pm
OpenXPKI/Server/Workflow/Condition/SCEPClientCertValid.pm
OpenXPKI/Server/Workflow/Condition/SCEPClientEnrollment.pm
OpenXPKI/Server/Workflow/Condition/SCEPClientCSRValidRole.pm
+OpenXPKI/Server/Workflow/Condition/WFArray.pm
+OpenXPKI/Server/Workflow/Condition/DatapoolEntry.pm
+
OpenXPKI/Server/Workflow/Validator/ApprovalSignature.pm
OpenXPKI/Server/Workflow/Validator/Creator.pm
OpenXPKI/Server/Workflow/Validator/CertRole.pm
Added: trunk/perl-modules/core/trunk/OpenXPKI/Server/Workflow/Activity/SmartCard/CreateEscrowedKey.pm
===================================================================
--- trunk/perl-modules/core/trunk/OpenXPKI/Server/Workflow/Activity/SmartCard/CreateEscrowedKey.pm (rev 0)
+++ trunk/perl-modules/core/trunk/OpenXPKI/Server/Workflow/Activity/SmartCard/CreateEscrowedKey.pm 2011-08-25 08:42:27 UTC (rev 1579)
@@ -0,0 +1,157 @@
+# OpenXPKI::Server::Workflow::Activity::SmartCard::CreateEscrowedKey
+# Written by Martin Bartosch for the OpenXPKI project 2010
+# Copyright (c) 2010 by The OpenXPKI Project
+
+package OpenXPKI::Server::Workflow::Activity::SmartCard::CreateEscrowedKey;
+
+use strict;
+use base qw( OpenXPKI::Server::Workflow::Activity );
+
+use OpenXPKI::Server::Context qw( CTX );
+use OpenXPKI::Exception;
+use OpenXPKI::Debug;
+
+use Data::Dumper;
+
+sub execute {
+ my $self = shift;
+ my $workflow = shift;
+ my $context = $workflow->context();
+
+ my $default_token = CTX('pki_realm_by_cfg')->{$self->config_id()}->{$self->{PKI_REALM}}->{crypto}->{default};
+
+ my $namespace = $self->param('ds_namespace');
+
+ my $ds_key_param = $self->param('ds_key_param') || 'token_id';
+ my $ds_key = $context->param($ds_key_param);
+
+
+ my $keyalg = $context->param('keyalg') || 'RSA';
+ my $keysize = $context->param('keysize') || 1024;
+
+ my $supported_algs = $default_token->command(
+ {
+ 'COMMAND' => "list_algorithms",
+ 'FORMAT' => "all_data",
+ });
+
+ # keytype check
+ if (! exists $supported_algs->{$keyalg}) {
+ OpenXPKI::Exception->throw(
+ message => 'I18N_OPENXPKI_SERVER_WORKFLOW_ACTIVITY_SMARTCARD_CREATEESCROWEDKEY_WRONG_KEYTYPE',
+ params => {
+ 'KEYTYPE' => $keyalg,
+ },
+ );
+ }
+
+
+ # use fixed password because the key will be stored encrypted in the
+ # datapool
+ my $passwd = 'OpenXPKI';
+ my $command = {
+ COMMAND => 'create_key',
+ TYPE => $keyalg,
+ PASSWD => $passwd,
+ PARAMETERS => {
+ KEY_LENGTH => $keysize,
+ },
+ };
+ ##! 16: 'command: ' . Dumper $command
+
+ my $private_key = $default_token->command($command);
+
+ # ultimately we want to save the key under the corresponding certificate
+ # identifier, but we don't know this yet. we use a temporary handle
+ # and will later rename it.
+ my $temp_handle = $ds_key . '_' . $workflow->id();
+
+ CTX('api')->set_data_pool_entry(
+ {
+ NAMESPACE => $namespace,
+ KEY => $temp_handle,
+ VALUE => $private_key,
+ # autocleanup of keys which are not crafted into certificates
+ # later in this process
+ EXPIRATION_DATE => time + 24 * 3600,
+ FORCE => 1,
+ ENCRYPT => 1,
+ });
+
+ CTX('dbi_backend')->commit();
+
+ ##! 16: 'datapool entry saved to ' . $namespace . ':' . $temp_handle
+ CTX('log')->log(
+ MESSAGE => 'Created ' . $keyalg . ' private key for ' . $context->param('creator') . ', saved to datapool entry ' . $namespace . '/' . $temp_handle,
+ PRIORITY => 'info',
+ FACILITY => 'audit',
+ );
+
+ my $csr = $default_token->command (
+ {
+ COMMAND => "create_pkcs10",
+ KEY => $private_key,
+ PASSWD => $passwd,
+ SUBJECT => 'dummy subject',
+ });
+
+ $context->param('pkcs10' => $csr);
+ $context->param('temp_key_handle' => $temp_handle);
+
+ return 1;
+}
+
+1;
+__END__
+
+=head1 Name
+
+OpenXPKI::Server::Workflow::Activity::SmartCard::CreateEscrowedKey
+
+=head1 Description
+
+Generates RSA private key, saves private key in datapool using a temporary
+key (lifetime: 24h). Creates PKCS#10 request from private key, exports
+request to context.
+
+=head1 Configuration
+
+=head2 Activity parameters
+
+In the activity definition, the following parameters must be set.
+See the example that follows.
+
+=over 8
+
+=item ds_namespace
+
+Datapool namespace to use.
+
+=item ds_key_param
+
+The name of the context parameter that contains the key basename for this
+datastore entry. Default: 'token_id'
+
+=back
+
+=head2 Context parameters
+
+=over 8
+
+=item keyalg (input)
+
+Public key algorithm to use. Default: 'RSA'
+
+=item keysize (input)
+
+Public key size in bits. Default: 2048
+
+=item pkcs10 (output)
+
+Generated PKCS#10 request.
+
+=item temp_datapool_key
+
+Temporary datapool key used for storing the private key.
+
+=back
Added: trunk/perl-modules/core/trunk/OpenXPKI/Server/Workflow/Activity/SmartCard/CreatePKCS12.pm
===================================================================
--- trunk/perl-modules/core/trunk/OpenXPKI/Server/Workflow/Activity/SmartCard/CreatePKCS12.pm (rev 0)
+++ trunk/perl-modules/core/trunk/OpenXPKI/Server/Workflow/Activity/SmartCard/CreatePKCS12.pm 2011-08-25 08:42:27 UTC (rev 1579)
@@ -0,0 +1,100 @@
+# OpenXPKI::Server::Workflow::Activity::SmartCard::CreatePKCS12
+# Written by Martin Bartosch for the OpenXPKI project 2009
+# Copyright (c) 2009 by The OpenXPKI Project
+
+package OpenXPKI::Server::Workflow::Activity::SmartCard::CreatePKCS12;
+
+use strict;
+use English;
+use base qw( OpenXPKI::Server::Workflow::Activity );
+
+use OpenXPKI::Server::Context qw( CTX );
+use OpenXPKI::Exception;
+use OpenXPKI::Debug;
+use MIME::Base64 qw( encode_base64 );
+
+use Data::Dumper;
+
+sub execute {
+ ##! 1: 'start'
+ my $self = shift;
+ my $workflow = shift;
+ my $context = $workflow->context();
+
+ my $default_token = CTX('pki_realm_by_cfg')->
+ {$self->config_id()}->
+ {$self->{PKI_REALM}}->{crypto}->{default};
+
+ my %contextentry_of = (
+ password => '_password',
+ p12password => '_p12password',
+ certificate => 'certificate',
+ privatekey => '_private_key',
+ pkcs12base64 => 'pkcs12base64',
+ );
+
+ foreach my $contextkey (keys %contextentry_of) {
+ my $tmp = $contextkey . 'contextkey';
+ if (defined $self->param($contextkey . 'contextkey')) {
+ $contextentry_of{$contextkey} = $self->param($contextkey . 'contextkey');
+ }
+ }
+ ##! 16: 'contextentry mapping: ' . Dumper \%contextentry_of
+
+ my $password = $context->param($contextentry_of{'password'});
+ my $p12password = $context->param($contextentry_of{'p12password'});
+ if (! defined $p12password || $p12password eq '') {
+ $p12password = $password;
+ }
+ my $certificate = $context->param($contextentry_of{'certificate'});
+ my $key = $context->param($contextentry_of{'privatekey'});
+
+ my $command = {
+ COMMAND => 'create_pkcs12',
+ PASSWD => $password,
+ PKCS12_PASSWD => $p12password,
+ KEY => $key,
+ CERT => $certificate,
+ CHAIN => [],
+ };
+
+ my $pkcs12 = $default_token->command($command);
+
+ # convert to base64
+ $pkcs12 = encode_base64($pkcs12, '');
+
+ $context->param($contextentry_of{'pkcs12base64'} => $pkcs12);
+ return 1;
+}
+1;
+__END__
+
+=head1 Name
+
+OpenXPKI::Server::Workflow::Activity::SmartCard::CreatePKCS12
+
+=head1 Description
+
+This class creates a PKCS12 structure.
+
+Input parameters (from context):
+_password Passphrase of private key
+_p12password Passphrase of the generated PKCS#12
+ (defaults to value of _password)
+certificate Certificate to wrap
+_private_key Private key to wrap
+
+Output parameters (to context):
+pkcs12base64 Base64 encoded PKCS12 structure
+
+These are the default context parameters. By setting the following activity
+parameters you can override these context parameters:
+
+
+Activity configuration:
+passwordcontextkey context parameter to use for password
+p12passwordcontextkey context parameter to use for p12password
+certificatecontextkey context parameter to use for certificate
+privatekeycontextkey context parameter to use for private key
+pkcs12base64contextkey context parameter to use for output data
+
Added: trunk/perl-modules/core/trunk/OpenXPKI/Server/Workflow/Activity/SmartCard/IssueCert.pm
===================================================================
--- trunk/perl-modules/core/trunk/OpenXPKI/Server/Workflow/Activity/SmartCard/IssueCert.pm (rev 0)
+++ trunk/perl-modules/core/trunk/OpenXPKI/Server/Workflow/Activity/SmartCard/IssueCert.pm 2011-08-25 08:42:27 UTC (rev 1579)
@@ -0,0 +1,294 @@
+# OpenXPKI::Server::Workflow::Activity::SmartCard::IssueCert
+# Written by Martin Bartosch for the OpenXPKI project 2010
+# Copyright (c) 2010 by The OpenXPKI Project
+
+package OpenXPKI::Server::Workflow::Activity::SmartCard::IssueCert;
+
+use strict;
+use warnings;
+use English;
+use base qw( OpenXPKI::Server::Workflow::Activity );
+
+use OpenXPKI::Server::Context qw( CTX );
+use OpenXPKI::Exception;
+use OpenXPKI::Crypto::Profile::Certificate;
+use OpenXPKI::Crypto::X509;
+use OpenXPKI::Serialization::Simple;
+use OpenXPKI::Server::Workflow::WFObject::WFArray;
+use OpenXPKI::Debug;
+use MIME::Base64;
+use English;
+
+use Data::Dumper;
+
+sub execute {
+ ##! 1: 'start'
+ my $self = shift;
+ my $workflow = shift;
+ my $context = $workflow->context();
+ my $serializer = OpenXPKI::Serialization::Simple->new();
+ my $realm = CTX('session')->get_pki_realm();
+
+# my $role = $self->param('role');
+# ##! 64: 'role from config file: ' . $role
+
+ my $queue_key = $self->param('csr_queue_key') || 'csr_serial';
+
+ my $csrs = OpenXPKI::Server::Workflow::WFObject::WFArray->new(
+ {
+ workflow => $workflow,
+ context_key => $queue_key,
+ } );
+
+ my $csr_serial = $csrs->shift();
+
+ ##! 64: 'checking csr serial validity: ' . $csr_serial
+ if (! defined $csr_serial) {
+ OpenXPKI::Exception->throw(
+ message => 'I18N_OPENXPKI_SERVER_WORKFLOW_ACTIVITY_SMARTCARD_ISSUECERT_CSR_SERIAL_UNDEFINED',
+ );
+ }
+
+ # get a fresh view of the database
+ CTX('dbi_backend')->commit();
+
+ my $csr = CTX('dbi_backend')->first(
+ TABLE => 'CSR',
+ DYNAMIC => {
+ 'CSR_SERIAL' => $csr_serial,
+ },
+ );
+ if (! defined $csr) {
+ OpenXPKI::Exception->throw(
+ message => 'I18N_OPENXPKI_SERVER_WORKFLOW_ACTIVITY_SMARTCARD_ISSUECERT_CSR_NOT_IN_DATABASE',
+ );
+ }
+
+ if ($csr->{TYPE} ne 'pkcs10') {
+ OpenXPKI::Exception->throw(
+ message => 'I18N_OPENXPKI_SERVER_WORKFLOW_ACTIVITY_SMARTCARD_ISSUECERT_CSR_UNSUPPORTED_REQUEST_TYPE',
+ params => {
+ TYPE => $csr->{TYPE},
+ },
+ );
+ }
+ ##! 64: 'csr: ' . Dumper $csr
+
+ my $cert_profile = $csr->{PROFILE};
+ ##! 64: 'certificate profile: ' . $cert_profile
+
+ my $issuing_ca = CTX('api')->determine_issuing_ca(
+ {
+ PROFILE => $cert_profile,
+ CONFIG_ID => $self->config_id(),
+ });
+ ##! 64: 'issuing ca: ' . $issuing_ca
+
+ my $certificate = CTX('pki_realm_by_cfg')->{$self->config_id()}->{$realm}->{ca}->{id}->{$issuing_ca}->{certificate};
+ my $ca_token = CTX('pki_realm_by_cfg')->{$self->config_id()}->{$realm}->{ca}->{id}->{$issuing_ca}->{crypto};
+
+ if (!defined $ca_token) {
+ OpenXPKI::Exception->throw(
+ message => 'I18N_OPENXPKI_SERVER_WORKFLOW_ACTIVITY_SMARTCARD_ISSUECERT_CA_TOKEN_UNAVAILABLE',
+ );
+ }
+
+ ##! 64: 'preparing certificate profile'
+ my $profile = OpenXPKI::Crypto::Profile::Certificate->new(
+ CONFIG => CTX('xml_config'),
+ PKI_REALM => CTX('api')->get_pki_realm(),
+ CA => $issuing_ca,
+ ID => $cert_profile,
+ TYPE => 'ENDENTITY', # no self-signed CA certs here(?)
+ CONFIG_ID => $self->config_id(),
+ );
+
+ ##! 64: 'propagating cert subject: ' . $csr->{SUBJECT}
+ $profile->set_subject($csr->{SUBJECT});
+
+ my @subject_alt_names;
+ my $csr_metadata = CTX('dbi_backend')->select(
+ TABLE => 'CSR_ATTRIBUTES',
+ DYNAMIC => {
+ 'CSR_SERIAL' => $csr_serial,
+ },
+ );
+
+ my $notbefore;
+ my $notafter;
+
+ foreach my $metadata (@{$csr_metadata}) {
+ if ($metadata->{ATTRIBUTE_KEY} eq 'subject_alt_name') {
+ push @subject_alt_names,
+ $serializer->deserialize($metadata->{ATTRIBUTE_VALUE});
+ } elsif ($metadata->{ATTRIBUTE_KEY} eq 'notbefore') {
+ $notbefore = $metadata->{ATTRIBUTE_VALUE};
+ } elsif ($metadata->{ATTRIBUTE_KEY} eq 'notafter') {
+ $notafter = $metadata->{ATTRIBUTE_VALUE};
+ }
+ }
+
+ if (scalar @subject_alt_names) {
+ ##! 64: 'propagating subject alternative names: ' . Dumper \@subject_alt_names
+ $profile->set_subject_alt_name(\@subject_alt_names);
+ }
+
+
+ my $rand_length = $profile->get_randomized_serial_bytes();
+ my $increasing = $profile->get_increasing_serials();
+
+ my $random_data = '';
+ if ($rand_length > 0) {
+ $random_data = $ca_token->command({
+ COMMAND => 'create_random',
+ RANDOM_LENGTH => $rand_length,
+ });
+ $random_data = decode_base64($random_data);
+ }
+
+ # determine serial number (atomically)
+ my $serial = CTX('dbi_backend')->get_new_serial(
+ TABLE => 'CERTIFICATE',
+ INCREASING => $increasing,
+ RANDOM_LENGTH => $rand_length,
+ RANDOM_PART => $random_data,
+ );
+ ##! 64: 'propagating serial number: ' . $serial
+ $profile->set_serial($serial);
+
+ if (defined $notbefore) {
+ ##! 64: 'propagating notbefore date: ' . $notbefore
+ $profile->set_notbefore(
+ OpenXPKI::DateTime::get_validity({
+ VALIDITY_FORMAT => 'absolutedate',
+ VALIDITY => $notbefore,
+ })
+ );
+ }
+
+ if (defined $notafter) {
+ ##! 64: 'propagating notafter date: ' . $notafter
+ $profile->set_notafter(
+ OpenXPKI::DateTime::get_validity({
+ VALIDITY_FORMAT => 'absolutedate',
+ VALIDITY => $notafter,
+ })
+ );
+ }
+
+ ##! 64: 'performing key online test'
+ if (! $ca_token->key_usable()) {
+ OpenXPKI::Exception->throw(
+ message => 'I18N_OPENXPKI_SERVER_WORKFLOW_ACTIVITY_SMARTCARD_ISSUECERT_CA_KEY_UNUSABLE',
+ );
+ }
+ ##! 64: 'issuing certificate'
+ my $cert = $ca_token->command(
+ {
+ COMMAND => "issue_cert",
+ PROFILE => $profile,
+ CSR => $csr->{DATA},
+ });
+
+ CTX('log')->log(
+ MESSAGE => "CA '$issuing_ca' issued certificate with serial $serial and DN=" . $profile->get_subject() . " in PKI realm '" . CTX('api')->get_pki_realm() . "'",
+ PRIORITY => 'info',
+ FACILITY => [ 'audit', 'system', ],
+ );
+ ##! 16: 'cert: ' . $cert
+
+ ##! 64: 'parsing generated certificate'
+ my $x509 = OpenXPKI::Crypto::X509->new(
+ DATA => $cert,
+ TOKEN => $ca_token,
+ );
+
+ ##! 64: 'persisting certificate'
+ my %insert_hash = $x509->to_db_hash();
+ my $identifier = $insert_hash{'IDENTIFIER'};
+
+ my $ca_identifier = CTX('pki_realm_by_cfg')->{$self->config_id()}->{CTX('api')->get_pki_realm()}->{ca}->{id}->{$issuing_ca}->{identifier};
+
+ $insert_hash{'PKI_REALM'} = CTX('api')->get_pki_realm();
+ $insert_hash{'ISSUER_IDENTIFIER'} = $ca_identifier;
+ $insert_hash{'ROLE'} = $csr->{ROLE};
+ $insert_hash{'CSR_SERIAL'} = $csr_serial;
+ $insert_hash{'STATUS'} = 'ISSUED';
+ CTX('dbi_backend')->insert(
+ TABLE => 'CERTIFICATE',
+ HASH => \%insert_hash,
+ );
+
+ my @parsed_subject_alt_names = $x509->get_subject_alt_names();
+ ##! 32: 'sans: ' . Dumper \@subject_alt_names
+ ##! 32: 'sans (parsed): ' . Dumper \@parsed_subject_alt_names
+ foreach my $san (@parsed_subject_alt_names) {
+ my $serial = CTX('dbi_backend')->get_new_serial(
+ TABLE => 'CERTIFICATE_ATTRIBUTES',
+ );
+ CTX('dbi_backend')->insert(
+ TABLE => 'CERTIFICATE_ATTRIBUTES',
+ HASH => {
+ 'ATTRIBUTE_SERIAL' => $serial,
+ 'IDENTIFIER' => $identifier,
+ 'ATTRIBUTE_KEY' => 'subject_alt_name',
+ 'ATTRIBUTE_VALUE' => $san->[0] . ':' . $san->[1],
+ },
+ );
+ }
+ CTX('dbi_backend')->commit();
+
+# $context->param(certificate => $cert);
+ $context->param('cert_identifier' => $identifier);
+
+ # inform successor that an escrow cert was generated
+ $context->param('have_new_escrow_cert', 'yes');
+
+ # if requested in the configuration push the current cert identifier
+ # to the specified context array
+ if (defined $self->param('issuance_queue_key')) {
+ my $certs_issued = OpenXPKI::Server::Workflow::WFObject::WFArray->new(
+ {
+ workflow => $workflow,
+ context_key => $self->param('issuance_queue_key'),
+ } );
+ $certs_issued->push($identifier);
+ }
+
+ return;
+}
+
+1;
+__END__
+
+=head1 Name
+
+OpenXPKI::Server::Workflow::Activity::SmartCard::IssueCert
+
+=head1 Description
+
+Inline certificate issuance function. Takes the first CSR from the
+certificate request queue, prepares the certificate profile,
+determines the issuing CA and issues the certificate.
+
+=head1 Examples
+ <action name="scpers_issue_certificate"
+ class="OpenXPKI::Server::Workflow::Activity::SmartCard::IssueCert"
+ csr_queue_key="csr_serials_to_process"
+ issuance_queue_key="certs_issued">
+ <field name="csr_serials_to_process" is_required="yes"/>
+ </action>
+
+=head1 Parameters
+
+=head2 csr_queue_key
+
+Context parameter name to access for fetching the next CSR to process.
+Expects a serialized array of CSR serial numbers. The CSR must already
+exist in the database. Default: csr_serial
+
+=head2 issuance_queue_key
+
+Optional. Context parameter name specifying a workflow context array
+that will contain the certificate identifiers of the issued certificates.
+
Added: trunk/perl-modules/core/trunk/OpenXPKI/Server/Workflow/Activity/Tools/RetrieveCertificate.pm
===================================================================
--- trunk/perl-modules/core/trunk/OpenXPKI/Server/Workflow/Activity/Tools/RetrieveCertificate.pm (rev 0)
+++ trunk/perl-modules/core/trunk/OpenXPKI/Server/Workflow/Activity/Tools/RetrieveCertificate.pm 2011-08-25 08:42:27 UTC (rev 1579)
@@ -0,0 +1,230 @@
+# OpenXPKI::Server::Workflow::Activity::Tools::RetrieveCertificate
+# Written by Martin Bartosch for the OpenXPKI project 2009
+# Copyright (c) 2009 by The OpenXPKI Project
+
+package OpenXPKI::Server::Workflow::Activity::Tools::RetrieveCertificate;
+
+use strict;
+use base qw( OpenXPKI::Server::Workflow::Activity );
+
+use DateTime;
+
+use OpenXPKI::Server::Context qw( CTX );
+use OpenXPKI::Exception;
+use OpenXPKI::Debug;
+use OpenXPKI::Serialization::Simple;
+
+use Data::Dumper;
+
+my @parameters = qw(
+ cert_profile
+ cert_email
+ cert_subject
+ min_remaining_validity
+ valid_at
+);
+
+__PACKAGE__->mk_accessors(@parameters);
+
+sub execute
+{
+ my $self = shift;
+ my $workflow = shift;
+ my $dbi = CTX('dbi_backend');
+ my $pki_realm = CTX('session')->get_pki_realm();
+ my $context = $workflow->context();
+
+ ##! 16: 'RetrieveCertificate'
+ my %contextentry_of = (
+ certificateout => 'certificate',
+ certidentifierout => undef,
+ );
+ foreach my $contextkey (keys %contextentry_of) {
+ if (defined $self->param($contextkey . 'contextkey')) {
+ $contextentry_of{$contextkey} = $self->param($contextkey . 'contextkey');
+ }
+ }
+
+
+ # propagate workflow activity parametrisation to our object
+ foreach my $arg (@parameters) {
+ if (defined $self->param($arg)) {
+ $self->$arg( $self->param($arg) );
+ }
+ # access worklow context instead of literal value if value starts
+ # with a $
+ if (defined $self->$arg() && ($self->$arg() =~ m{ \A \$ (.*) }xms)) {
+ my $wf_key = $1;
+ $self->$arg( $context->param($wf_key) )
+ }
+ ##! 64: 'param: ' . $arg . '; value: ' . $self->$arg()
+ }
+
+
+ my %conditions = (
+ );
+
+ if (defined $self->cert_email()) {
+ $conditions{'CERTIFICATE.EMAIL'} = $self->cert_email();
+ }
+ if (defined $self->cert_profile()) {
+ $conditions{'CSR.PROFILE'} = $self->cert_profile();
+ }
+ if (defined $self->cert_subject()) {
+ $conditions{'CERTIFICATE.SUBJECT'} = $self->cert_subject();
+ }
+
+ if (scalar keys(%conditions) == 0) {
+ ##! 16: 'operation mode 1 (search for certificate identifier)'
+ my $cert_identifier = $context->param('cert_identifier');
+
+ if (! defined $cert_identifier) {
+ ##! 16: 'no certificate identifier specified, clearing context entry'
+ $context->param($contextentry_of{'certificateout'} => undef);
+ return 1;
+ }
+
+ ##! 16: 'searching for certificate identifier ' . $cert_identifier
+ my $cert = $dbi->first(
+ TABLE => 'CERTIFICATE',
+ COLUMNS => [
+ 'DATA',
+ ],
+ DYNAMIC => {
+ 'IDENTIFIER' => $cert_identifier,
+ 'STATUS' => 'ISSUED',
+ 'PKI_REALM' => $pki_realm,
+ },
+ );
+
+ $context->param($contextentry_of{'certificateout'} => $cert->{DATA});
+
+ return 1;
+ } else {
+ ##! 16: 'operation mode 2 (query certificate details)'
+ my @validity;
+
+ if (defined $self->valid_at()) {
+ if ($self->valid_at() =~ m{ \A (\d{4})(\d{2})(\d{2}) \z }xms) {
+ my $dt = DateTime->new(year => $1,
+ month => $2,
+ day => $3,
+ time_zone => 'UTC');
+ push @validity, $dt->epoch;
+ } elsif ($self->valid_at() =~ m{ \A \d+ \z }xms) {
+ push @validity, $self->valid_at();
+ } else {
+ OpenXPKI::Exception->throw(
+ message => 'I18N_OPENXPKI_SERVER_WORKFLOW_ACTIVITY_TOOLS_RETRIEVECERTIFICATE_INVALID_TIME_SPECIFICATION',
+ params => {
+ valid_at => $self->valid_at(),
+ },
+ );
+ }
+ }
+ if (defined $self->min_remaining_validity()) {
+ push @validity, time + ($self->min_remaining_validity() * 24 * 3600);
+ }
+ if (scalar (@validity) == 0) {
+ push @validity, time;
+ }
+
+ my $certs = CTX('dbi_backend')->select(
+ TABLE => [ 'CERTIFICATE', 'CSR' ],
+ COLUMNS => [
+ 'CERTIFICATE.DATA',
+ 'CERTIFICATE.IDENTIFIER',
+ 'CERTIFICATE.NOTAFTER',
+ ],
+ JOIN => [
+ [ 'CSR_SERIAL', 'CSR_SERIAL' ],
+ ],
+ DYNAMIC => {
+ 'CERTIFICATE.PKI_REALM' => $pki_realm,
+ 'CERTIFICATE.STATUS' => 'ISSUED',
+ %conditions,
+ },
+ VALID_AT => [ [ @validity ], undef ],
+ REVERSE => 1,
+ );
+
+ ##! 16: 'certificates found: ' . Dumper $certs
+ if (! defined $certs) {
+ ##! 16: 'error: could not execute database query'
+ OpenXPKI::Exception->throw(
+ message => 'I18N_OPENXPKI_SERVER_WORKFLOW_ACTIVITY_TOOLS_RETRIEVECERTIFICATE_QUERY_ERROR',
+ params => {
+ },
+ );
+ }
+ ##! 16: 'found ' . scalar @{$certs} . ' matching certificates'
+ if (scalar @{$certs} == 0) {
+ ##! 16: 'no matching certs found'
+ $context->param($contextentry_of{'certificateout'} => undef);
+ if (defined $contextentry_of{'certidentifierout'}) {
+ $context->param($contextentry_of{'certidentifierout'} => undef);
+ }
+ return 1;
+ }
+
+ $context->param($contextentry_of{'certificateout'} => $certs->[0]->{'CERTIFICATE.DATA'});
+ if (defined $contextentry_of{'certidentifierout'}) {
+ $context->param($contextentry_of{'certidentifierout'} => $certs->[0]->{'CERTIFICATE.IDENTIFIER'});
+ }
+ }
+}
+
+1;
+__END__
+
+=head1 Name
+
+OpenXPKI::Server::Workflow::Activity::Tools::RetrieveCertificate
+
+=head1 Description
+
+Searches certificate database for certificate with the matching criteria.
+
+Activity configuration:
+certificateoutcontextkey context parameter to use for output certificate
+ (default: certificate)
+certidentifieroutcontextkey context parameter to use for output certificate
+ identifier
+ (default: none, do not write to context)
+
+
+Operation mode 1: search for certificate identifier
+
+If no activity options are specified this activity expects to find the
+a context parameter cert_identifier. Its value is used to query the
+database and search the corresponding certificate.
+
+Sets context parameter 'certificate' to PEM encoded certificate with the
+matching certificate identifier.
+
+
+Operation mode 2: search for particular certificate with specified criteria
+
+This operation mode is enabled if at least one of the following
+activity parameters are defined in the activity definition. The
+parameter cert_identifier is IGNORED if any of these parameters are
+defined.
+
+cert_profile: filter certificates with this profile (required)
+cert_email: filter certificates with specified email address
+cert_subject: filter certificates with specified subject
+min_remaining_validity: filter certificates with a minimum of the specified
+ number of days remaining before expiration
+valid_at: filter certificates which are valid at specified
+ time (allowed: Unix timestamp or YYYYMMDD,
+ distinguished by value length)
+
+Note: if parameters specified start with a '$', the corresponding workflow
+context parameter is referenced instead of the literal string.
+
+The first certificate with the matching criteria is exported via the
+context parameter 'certificate' (PEM encoded).
+
+Only if explicitly set in the activity configuration via
+identifieroutcontextkey the specified context entry is set by the
+activity to contain the retrieved certificate identifier.
Added: trunk/perl-modules/core/trunk/OpenXPKI/Server/Workflow/Activity/Tools/SetContext.pm
===================================================================
--- trunk/perl-modules/core/trunk/OpenXPKI/Server/Workflow/Activity/Tools/SetContext.pm (rev 0)
+++ trunk/perl-modules/core/trunk/OpenXPKI/Server/Workflow/Activity/Tools/SetContext.pm 2011-08-25 08:42:27 UTC (rev 1579)
@@ -0,0 +1,135 @@
+# OpenXPKI::Server::Workflow::Activity::Tools::SetContext
+# Written by Martin Bartosch for the OpenXPKI project 2009
+# Copyright (c) 2009 by The OpenXPKI Project
+
+package OpenXPKI::Server::Workflow::Activity::Tools::SetContext;
+
+use strict;
+use base qw( OpenXPKI::Server::Workflow::Activity );
+
+use OpenXPKI::Server::Context qw( CTX );
+use OpenXPKI::Exception;
+use OpenXPKI::Debug;
+use OpenXPKI::Serialization::Simple;
+use English;
+
+use Data::Dumper;
+
+sub execute
+{
+ my $self = shift;
+ my $workflow = shift;
+ my $context = $workflow->context();
+
+ ##! 16: 'SetContext'
+
+ my %options = (
+ overwritecontext => 0,
+ extendedsyntax => 0,
+ );
+
+ my $parameters = $self->param('SetContextParameters');
+ foreach my $entry (split /,\s*/, $parameters) {
+ my ($bool, $entry) = ($entry =~ m{ \A (!?)(.*) \z }xms);
+ $bool = 0 + ($bool ne '!');
+ $options{$entry} = $bool;
+ }
+ ##! 16: 'options: ' . Dumper \%options
+ ##! 16: ' parameters: ' . Dumper $self->{PARAMS}
+ KEY:
+ foreach my $key (%{$self->{PARAMS}}) {
+ next KEY if ($key eq 'SetContextParameters');
+ my $value = $self->param($key);
+
+ # execute configured value in current context. since $value comes
+ # only from the configured parameters ($self->param) instead of the
+ # context, this is safe as long as the configuration file is not
+ # compromised.
+ if ($options{extendedsyntax}) {
+ $value = eval $value;
+
+ if ($EVAL_ERROR) {
+ OpenXPKI::Exception->throw(
+ message =>
+ 'I18N_OPENXPKI_SERVER_WORKFLOW_ACTIVITY_TOOLS_SETCONTEXT_INVALID_EXTENDED_SYNTAX',
+ params => {
+ EVAL_ERROR => $EVAL_ERROR,
+ },
+ log => {
+ logger => CTX('log'),
+ priority => 'error',
+ facility => 'system',
+ },
+ );
+ }
+ # allow anonymous subroutines in configuration
+ if (ref $value eq 'CODE') {
+ eval {
+ $value = &{$value}($workflow);
+ };
+ if ($EVAL_ERROR) {
+ OpenXPKI::Exception->throw(
+ message =>
+ 'I18N_OPENXPKI_SERVER_WORKFLOW_ACTIVITY_TOOLS_SETCONTEXT_INVALID_EXTENDED_SYNTAX_CODEREF',
+ params => {
+ EVAL_ERROR => $EVAL_ERROR,
+ },
+ log => {
+ logger => CTX('log'),
+ priority => 'error',
+ facility => 'system',
+ },
+ );
+ }
+ }
+ }
+
+ my $old = $context->param($key);
+ if (! defined $old) {
+ ##! 16: "setting context $key: $value"
+ $context->param($key => $value);
+ } else {
+ if ($options{overwritecontext}) {
+ ##! 16: "overwriting context $key: $value"
+ $context->param($key => $value);
+ }
+ }
+ }
+
+ return 1;
+}
+
+1;
+__END__
+
+=head1 Name
+
+OpenXPKI::Server::Workflow::Activity::Tools::SetContext
+
+=head1 Description
+
+Set context parameters from the activity definition.
+
+This allows to explicitly set workflow context parameters from the XML
+configuration of this activity.
+
+Option parameter (set in action definition):
+SetContextParameters - comma separated list of options
+
+Possible values:
+!overwritecontext (DEFAULT) Keep original context value if it exists
+overwritecontext Overwrite context value
+
+!extendedsyntax (DEFAULT) Standard behaviour
+extendedsyntax Configured values are evaluated as perl code
+ (see below).
+
+=head1 Extended Syntax
+
+If the extendedsyntax option is set, the configured values are evaluated
+as Perl
+ Allows access to internal data structures,
+ most prominently the workflow context via
+ the $context variable.
+ NOTE: use with caution, improper use may cause
+ security problems.
Added: trunk/perl-modules/core/trunk/OpenXPKI/Server/Workflow/Activity/Tools/WFArray.pm
===================================================================
--- trunk/perl-modules/core/trunk/OpenXPKI/Server/Workflow/Activity/Tools/WFArray.pm (rev 0)
+++ trunk/perl-modules/core/trunk/OpenXPKI/Server/Workflow/Activity/Tools/WFArray.pm 2011-08-25 08:42:27 UTC (rev 1579)
@@ -0,0 +1,203 @@
+# OpenXPKI::Server::Workflow::Activity::Tools::WFArray
+# Written by Scott Hardin for the OpenXPKI project 2010
+# Copyright (c) 2010 by The OpenXPKI Project
+
+package OpenXPKI::Server::Workflow::Activity::Tools::WFArray;
+
+use strict;
+use base qw( OpenXPKI::Server::Workflow::Activity );
+use OpenXPKI::Server::Context qw( CTX );
+use OpenXPKI::Exception;
+use OpenXPKI::Serialization::Simple;
+use OpenXPKI::Debug;
+use OpenXPKI::Server::Workflow::WFObject::WFArray;
+
+#use Data::Dumper;
+
+my @REQ_PROPS = qw( array_name function );
+my @OPT_PROPS = qw( context_key index_key index );
+__PACKAGE__->mk_accessors( @REQ_PROPS, @OPT_PROPS );
+
+sub new {
+ my ( $class, $wf, $params ) = @_;
+ my $self = $class->SUPER::new( $wf, $params );
+
+ # set only our extra properties from action class def
+ foreach my $prop (@REQ_PROPS) {
+ if ( not defined $params->{$prop} ) { # These properties are mandatory
+ warn "ERR - MISSING PARAM '$prop'";
+ OpenXPKI::Exception->throw(
+ message =>
+ 'I18N_OPENXPKI_SERVER_WF_ACTIVITY_TOOLS_NSARRAY_MISSING_PARAM',
+ params => { name => $prop, },
+ );
+ }
+ $self->$prop( $params->{$prop} );
+ }
+ foreach my $prop (@OPT_PROPS) {
+ if ( defined $params->{$prop} ) {
+ $self->$prop( $params->{$prop} );
+ }
+ }
+ return $self;
+}
+
+sub execute {
+ my ( $self, $wf ) = @_;
+ my $function = lc($self->function());
+ my $context = $wf->context();
+ my $context_key = $self->context_key();
+
+ my $array = OpenXPKI::Server::Workflow::WFObject::WFArray->new(
+ { workflow => $wf, context_key => $self->array_name } );
+
+ # read operations that do not take a parameter
+ if ( $function =~ m/^(pop|shift|count)$/ ) {
+ my $ret = $array->$function;
+ if ( defined $ret ) {
+ $context->param( $context_key, $ret );
+ } else {
+ $context->param( $context_key, $ret );
+ # for testing, indicate an error
+ if ( defined $context->param( $context_key ) ) {
+# $context->param( $context_key, '<undef>' );
+ }
+ }
+ }
+ # write operations that take a parameter
+ elsif ( $function =~ m/^(push|unshift)$/ ) {
+ $array->$function( $context->param( $context_key ) );
+ }
+ # write operations that take a parameter
+ elsif ( $function =~ m/^(pusharray|unshiftarray)$/ ) {
+ $function =~ s{ array \z }{}xms;
+
+ my $arg = OpenXPKI::Server::Workflow::WFObject::WFArray->new(
+ { workflow => $wf, context_key => $context_key } );
+
+ $array->$function( @{$arg->value()} );
+ }
+ # other operations
+ elsif ( $function eq 'value' ) {
+ my $index = $self->index;
+
+ if (! defined $index) {
+ my $index_key = $self->index_key;
+ $index = $context->param($index_key);
+ }
+
+ if (! defined $index) {
+ OpenXPKI::Exception->throw(
+ message =>
+ 'I18N_OPENXPKI_SERVER_WF_ACTIVITY_TOOLS_NSARRAY_MISSING_INDEX',
+ params => { name => $function, },
+ );
+ }
+
+ $context->param( $context_key, $array->$function($index) );
+ }
+
+ else {
+ OpenXPKI::Exception->throw(
+ message =>
+ 'I18N_OPENXPKI_SERVER_WF_ACTIVITY_TOOLS_NSARRAY_MISSING_FUNCTION',
+ params => { name => $function, },
+ );
+ }
+
+ $array = undef;
+ return 1;
+}
+
+1;
+
+__END__
+
+=head1 Name
+
+OpenXPKI::Server::Workflow::Activity::Tools::WFArray
+
+=head1 Description
+
+Allow array structures to be modelled in the workflow action
+definitions using a single implementation class.
+
+=head1 Examples
+
+ <action name="add_cert_to_publish"
+ class="OpenXPKI::Server::Workflow::Activity::Tools::WFArray"
+ array_name="cert_publish_queue"
+ function="push"
+ context_key="next_cert_to_publish">
+ </action>
+
+
+=head1 Parameters
+
+The following parameters may be set in the definition of the action:
+
+=head2 array_name
+
+The name of the workflow context parameter containing the array to be
+used
+
+=head2 function
+
+The following functions are supported:
+
+=over 8
+
+=item push
+
+Adds the value of the context parameter named in I<context_key> to the
+end of the array
+
+=item pusharray
+
+Adds the array contents contained in context parameter named in
+I<context_key> to the end of the array.
+
+=item pop
+
+Removes the last value from the end of the array and assigns it to the
+context parameter named in I<context_key>.
+
+=item unshift
+
+Adds the value of the context parameter named in I<context_key> to the
+beginning of the array
+
+=item unshiftarray
+
+Adds the array contents contained in context parameter named in
+I<context_key> to the beginning of the array
+
+=item shift
+
+Removes the last value from the beginning of the array and assigns it
+to the context parameter named in I<context_key>.
+
+=item value
+
+Returns the value at the position specified in I<array_index> and
+assigns it to the context parameter named in I<context_key>.
+
+If activity configuration explicitly sets I<index> this value is taken,
+otherwise the index is taken from the context value contained in I<index_key>.
+
+=item count
+
+Returns the number of items in the array.
+
+=back
+
+=head2 context_key
+
+The name of the context parameter that either contains or is the lvalue
+for the function.
+
+=head2 index_key
+
+When retrieving an element of the array, this specifies the name of the
+context parameter that contains the index of the element.
+
Added: trunk/perl-modules/core/trunk/OpenXPKI/Server/Workflow/Activity/Tools/WFHash.pm
===================================================================
--- trunk/perl-modules/core/trunk/OpenXPKI/Server/Workflow/Activity/Tools/WFHash.pm (rev 0)
+++ trunk/perl-modules/core/trunk/OpenXPKI/Server/Workflow/Activity/Tools/WFHash.pm 2011-08-25 08:42:27 UTC (rev 1579)
@@ -0,0 +1,152 @@
+# OpenXPKI::Server::Workflow::Activity::Tools::WFHash
+# Written by Scott Hardin for the OpenXPKI project 2010
+# Copyright (c) 2010 by The OpenXPKI Project
+
+package OpenXPKI::Server::Workflow::Activity::Tools::WFHash;
+
+use strict;
+use base qw( OpenXPKI::Server::Workflow::Activity );
+use OpenXPKI::Server::Context qw( CTX );
+use OpenXPKI::Exception;
+use OpenXPKI::Serialization::Simple;
+use OpenXPKI::Debug;
+use OpenXPKI::Server::Workflow::WFObject::WFHash;
+
+#use Data::Dumper;
+
+my @REQ_PROPS = qw( hash_name function );
+my @OPT_PROPS = qw( context_key context_val_key );
+__PACKAGE__->mk_accessors( @REQ_PROPS, @OPT_PROPS );
+
+sub new {
+ my ( $class, $wf, $params ) = @_;
+ my $self = $class->SUPER::new( $wf, $params );
+
+ # set only our extra properties from action class def
+ foreach my $prop (@REQ_PROPS) {
+ if ( not defined $params->{$prop} ) { # These properties are mandatory
+ warn "ERR - MISSING PARAM '$prop'";
+ OpenXPKI::Exception->throw(
+ message =>
+ 'I18N_OPENXPKI_SERVER_WF_ACTIVITY_TOOLS_WFHASH_MISSING_PARAM',
+ params => { name => $prop, },
+ );
+ }
+ $self->$prop( $params->{$prop} );
+ }
+ foreach my $prop (@OPT_PROPS) {
+ if ( defined $params->{$prop} ) {
+ $self->$prop( $params->{$prop} );
+ }
+ }
+ return $self;
+}
+
+sub execute {
+ my ( $self, $wf ) = @_;
+ my $function = lc($self->function());
+ my $context = $wf->context();
+ my $context_key = $self->context_key();
+
+=begin
+
+ my $hash = OpenXPKI::Server::Workflow::WFObject::WFHash->new(
+ { workflow => $wf, context_key => $self->hash_name } );
+
+ if ( $function eq 'valueForKey' ) {
+ my $ret = $hash->$function( $context->param( $context_key ) );
+ if ( defined $ret ) {
+ $context->param( $context_key, $ret );
+ } else {
+ $context->param( $context_key, $ret );
+ # for testing, indicate an error
+ if ( defined $context->param( $context_key ) ) {
+# $context->param( $context_key, '<undef>' );
+ }
+ }
+ }
+ # write operations that take a parameter
+ elsif ( $function =~ m/^(push|unshift)$/ ) {
+ $array->$function( $context->param( $context_key ) );
+ }
+ # other operations
+ elsif ( $function eq 'value' ) {
+ my $index_key = $self->index_key;
+ $context->param( $context_key, $array->$function( $context->param( $index_key ) ) );
+ }
+
+ else {
+ OpenXPKI::Exception->throw(
+ message =>
+ 'I18N_OPENXPKI_SERVER_WF_ACTIVITY_TOOLS_NSARRAY_MISSING_FUNCTION',
+ params => { name => $function, },
+ );
+ }
+
+ $array = undef;
+
+=end
+
+=cut
+
+ return 1;
+}
+
+1;
+
+__END__
+
+=head1 Name
+
+OpenXPKI::Server::Workflow::Activity::Tools::WFHash
+
+=head1 Description
+
+Allow array structures to be modelled in the workflow action
+definitions using a single implementation class.
+
+=head1 Examples
+
+ <action name="add_cert_to_publish"
+ class="OpenXPKI::Server::Workflow::Activity::Tools::WFHash"
+ array_name="certs_found"
+ function="setValueForKey"
+ context_key="_add_cert_key"
+ context_val_key="_add_cert_val"
+>
+ </action>
+
+
+=head1 Parameters
+
+The following parameters may be set in the definition of the action:
+
+=head2 hash_name
+
+The name of the workflow context parameter containing the hash to be
+used
+
+=head2 function
+
+The following functions are supported:
+
+=over 8
+
+=item setValueForKey
+
+Adds the value of the context parameter named in I<context_val_key> to the
+the hash in the key name currently in the context parameter named in
+I<context_key>.
+
+=back
+
+=head2 context_key
+
+The name of the context parameter that either contains or is the lvalue
+for the function.
+
+=head2 context_val_key
+
+When retrieving an element of the array, this specifies the name of the
+context parameter that contains the value of the element.
+
Added: trunk/perl-modules/core/trunk/OpenXPKI/Server/Workflow/Condition/CheckExistingCertificate.pm
===================================================================
--- trunk/perl-modules/core/trunk/OpenXPKI/Server/Workflow/Condition/CheckExistingCertificate.pm (rev 0)
+++ trunk/perl-modules/core/trunk/OpenXPKI/Server/Workflow/Condition/CheckExistingCertificate.pm 2011-08-25 08:42:27 UTC (rev 1579)
@@ -0,0 +1,219 @@
+# OpenXPKI::Server::Workflow::Condition::CheckExistingCertificate
+# Written by Martin Bartosch for the OpenXPKI project 2009
+# Copyright (c) 2009 by The OpenXPKI Project
+package OpenXPKI::Server::Workflow::Condition::CheckExistingCertificate;
+
+use strict;
+use warnings;
+use base qw( Workflow::Condition );
+use DateTime;
+use Workflow::Exception qw( condition_error configuration_error );
+use OpenXPKI::Server::Context qw( CTX );
+use OpenXPKI::Serialization::Simple;
+use OpenXPKI::Debug;
+use English;
+use OpenXPKI::Exception;
+use Data::Dumper;
+
+
+my @parameters = qw(
+ cert_profile
+ cert_email
+ cert_subject
+ min_remaining_validity
+ expected_cert_identifiers
+ export_notafter
+);
+
+__PACKAGE__->mk_accessors(@parameters);
+
+sub _init
+{
+ my ( $self, $params ) = @_;
+
+ my $condition_available;
+ # propagate workflow condition parametrisation to our object
+ foreach my $arg (@parameters) {
+ if (defined $params->{$arg}) {
+ $self->$arg( $params->{$arg} );
+ $condition_available = 1;
+ }
+ }
+ if (! $condition_available) {
+ ##! 16: 'error: no conditions defined'
+ configuration_error
+ "You must define at least one condition in ",
+ "declaration of condition ", $self->name;
+ }
+}
+
+sub evaluate
+{
+ ##! 1: 'start'
+ my ( $self, $workflow ) = @_;
+ my $context = $workflow->context();
+ my $pki_realm = CTX('session')->get_pki_realm();
+
+ foreach my $arg (@parameters) {
+ # access worklow context instead of literal value if value starts
+ # with a $
+ if (defined $self->$arg() && ($self->$arg() =~ m{ \A \$ (.*) }xms)) {
+ my $wf_key = $1;
+ $self->$arg( $context->param($wf_key) )
+ }
+ ##! 64: 'param: ' . $arg . '; value: ' . $self->$arg()
+ }
+
+ my $expected_cert_identifiers;
+ if (defined $self->expected_cert_identifiers()) {
+ my $ser = OpenXPKI::Serialization::Simple->new ();
+ $expected_cert_identifiers = $ser->deserialize($self->expected_cert_identifiers());
+ ##! 64: 'check for expected cert identifiers: ' . Dumper $expected_cert_identifiers
+ }
+
+ CTX('dbi_backend')->commit();
+
+ my %conditions = (
+ );
+
+
+ if (defined $self->cert_email()) {
+ $conditions{'CERTIFICATE.EMAIL'} = $self->cert_email(),
+ }
+ if (defined $self->cert_profile()) {
+ $conditions{'CSR.PROFILE'} = $self->cert_profile(),
+ }
+ if (defined $self->cert_subject()) {
+ $conditions{'CERTIFICATE.SUBJECT'} = $self->cert_subject(),
+ }
+
+
+ my @validity = ( time );
+ if (defined $self->min_remaining_validity()) {
+ push @validity, time + ($self->min_remaining_validity() * 24 * 3600);
+ }
+
+ my $certs = CTX('dbi_backend')->select(
+ TABLE => [ 'CERTIFICATE', 'CSR' ],
+ COLUMNS => [
+ 'CERTIFICATE.IDENTIFIER',
+ 'CERTIFICATE.NOTAFTER',
+ ],
+ JOIN => [
+ [ 'CSR_SERIAL', 'CSR_SERIAL' ],
+ ],
+ DYNAMIC => {
+ 'CERTIFICATE.PKI_REALM' => $pki_realm,
+ 'CERTIFICATE.STATUS' => 'ISSUED',
+ %conditions,
+ },
+ VALID_AT => [ [ @validity ], undef ],
+ REVERSE => 1,
+ );
+
+ ##! 16: 'certificates found: ' . Dumper $certs
+ if (! defined $certs) {
+ ##! 16: 'error: could not execute database query'
+ condition_error 'I18N_OPENXPKI_SERVER_WORKFLOW_CONDITION_CHECKEXISTINGCERTIFICATE_QUERY_ERROR';
+ }
+ ##! 16: 'found ' . scalar @{$certs} . ' matching certificates'
+ if (scalar @{$certs} == 0) {
+ ##! 16: 'error: no matching certs found'
+ condition_error 'I18N_OPENXPKI_SERVER_WORKFLOW_CONDITION_CHECKEXISTINGCERTIFICATE_NO_MATCHING_CERTS_FOUND';
+ }
+
+ my $identifier = $certs->[0]->{'CERTIFICATE.IDENTIFIER'};
+ ##! 16: 'latest certificate identifier: ' . $identifier
+
+ if (defined $expected_cert_identifiers) {
+ if (scalar @{$expected_cert_identifiers} == 0) {
+ condition_error 'I18N_OPENXPKI_SERVER_WORKFLOW_CONDITION_CHECKEXISTINGCERTIFICATE_NO_EXISTING_CERTS_TO_CHECK';
+ }
+ # check if the latest identifier is one of the expected ones
+ if (! grep(m{ \A $identifier \z }xms, @{$expected_cert_identifiers})) {
+ ##! 16: 'error: specified identifier ' .
+ condition_error 'I18N_OPENXPKI_SERVER_WORKFLOW_CONDITION_CHECKEXISTINGCERTIFICATE_CERT_ID_NOT_EXPECTED';
+ }
+ }
+
+ ##! 16: 'checks passed'
+ $context->param('cert_identifier' => $identifier);
+
+ if (defined $self->export_notafter()) {
+ my $notafter_epoch = $certs->[0]->{'CERTIFICATE.NOTAFTER'};
+ my $dt = DateTime->from_epoch(epoch => $notafter_epoch);
+
+ my $notafter_absolute = OpenXPKI::DateTime::convert_date(
+ {
+ DATE => $dt,
+ OUTFORMAT => 'terse',
+ });
+ ##! 16: 'exporting notafter date ' . $notafter_absolute . ' to context entry ' . $self->export_notafter()
+ $context->param($self->export_notafter() => $notafter_absolute);
+ }
+
+ return 1;
+}
+
+1;
+
+__END__
+
+=head1 NAME
+
+OpenXPKI::Server::Workflow::Condition::CheckExistingCertificate
+
+=head1 SYNOPSIS
+ <condition
+ name="usable_encryption_certificate_already_exists"
+ class="OpenXPKI::Server::Workflow::Condition::CheckExistingCertificate">
+ <param name="cert_profile" value="I18N_OPENXPKI_PROFILE_USER_FSE"/>
+ <param name="cert_email" value="$creator"/>
+ <!-- minimum number of days until expiration -->
+ <param name="min_remaining_validity" value="90"/>
+ </condition>
+
+=head1 DESCRIPTION
+
+First operation mode: condition parameter 'expected_cert_identifiers' is not
+set. The condition checks if there is at least one valid certificate with
+the specified search criteria.
+Returns a success if at least one matching certificate was found.
+
+Second operation mode:
+If the parameter 'expected_cert_identifiers' is set, its content is
+deserialized. The resulting array is interpreted as a list certificate
+identifiers. The remaining parameters are used for a database search just
+as in the first operation mode.
+The newest match (highest NotAfter date) is checked against the list of
+'expected_cert_identifiers'. If the match is found in the list the condition
+returns success.
+If the 'expected_cert_identifiers' array is empty, the condition always
+fails.
+
+Side effect on success: figures out the newest matching certificate
+and sets the workflow context parameter 'cert_identifier'
+to its certificate identifier.
+Side effect on success: if 'export_notafter' is set in the activity
+definition, the found NotAfter date is exported to the workflow context
+entry specified via 'export_notafter' in YYYYMMDDHHMMSS format.
+
+
+Parameters:
+
+cert_profile: filter certificates with this profile
+cert_email: filter certificates with specified email address
+cert_subject: filter certificates with specified subject
+min_remaining_validity: filter certificates with a minimum of the specified
+ number of days remaining before expiration
+
+expected_cert_identifiers: presence enables second operation mode (see
+ above. interpreted as serialized array of
+ certificate identifiers to match against
+ query results.
+export_notafter if defined, the notafter date of the certificate
+ is written to the specified context entry
+
+Note: if parameters specified start with a '$', the corresponding workflow
+context parameter is referenced instead of the literal string.
+
Added: trunk/perl-modules/core/trunk/OpenXPKI/Server/Workflow/Condition/DatapoolEntry.pm
===================================================================
--- trunk/perl-modules/core/trunk/OpenXPKI/Server/Workflow/Condition/DatapoolEntry.pm (rev 0)
+++ trunk/perl-modules/core/trunk/OpenXPKI/Server/Workflow/Condition/DatapoolEntry.pm 2011-08-25 08:42:27 UTC (rev 1579)
@@ -0,0 +1,131 @@
+# OpenXPKI::Server::Workflow::Condition::DatapoolEntry
+# Written by Martin Bartosch for the OpenXPKI project 2010
+# Copyright (c) 2010 by The OpenXPKI Project
+package OpenXPKI::Server::Workflow::Condition::DatapoolEntry;
+
+use strict;
+use warnings;
+use base qw( Workflow::Condition );
+use DateTime;
+use Workflow::Exception qw( condition_error configuration_error );
+use OpenXPKI::Server::Context qw( CTX );
+use OpenXPKI::Debug;
+use English;
+use OpenXPKI::Exception;
+use Data::Dumper;
+
+
+my @parameters = qw(
+ datapool_namespace
+ datapool_key
+ datapool_value
+ condition
+);
+
+__PACKAGE__->mk_accessors(@parameters);
+
+sub _init
+{
+ my ( $self, $params ) = @_;
+
+ # propagate workflow condition parametrisation to our object
+ foreach my $arg (@parameters) {
+ if (defined $params->{$arg}) {
+ $self->$arg( $params->{$arg} );
+ }
+ }
+ if (! (defined $self->datapool_namespace()
+ && defined $self->datapool_key()
+ && defined $self->condition())) {
+ ##! 16: 'error: no conditions defined'
+ configuration_error
+ "Missing parameters in ",
+ "declaration of condition ", $self->name;
+ }
+}
+
+sub evaluate
+{
+ ##! 1: 'start'
+ my ( $self, $workflow ) = @_;
+ my $context = $workflow->context();
+
+ my $params = {
+ PKI_REALM => CTX('session')->get_pki_realm(),
+ };
+
+ foreach my $arg (@parameters) {
+ # access workflow context instead of literal value if value starts
+ # with a $
+ if (defined $self->$arg() && ($self->$arg() =~ m{ \A \$ (.*) }xms)) {
+ my $wf_key = $1;
+ $self->$arg( $context->param($wf_key) )
+ }
+ ##! 64: 'param: ' . $arg . '; value: ' . $self->$arg()
+ }
+
+ my $condition = $self->condition();
+
+ $params->{NAMESPACE} = $self->datapool_namespace();
+ $params->{KEY} = $self->datapool_key();
+
+ my $msg = CTX('api')->get_data_pool_entry($params);
+
+ my $datapool_value = $msg->{VALUE};
+
+ if ($condition eq 'exists') {
+ if (! defined $datapool_value) {
+ condition_error 'I18N_OPENXPKI_SERVER_WORKFLOW_CONDITION_DATAPOOLENTRY_DOES_NOT_EXIST';
+ }
+ } elsif ($condition eq 'notnull') {
+ if (! defined $datapool_value || ($datapool_value eq '')) {
+ condition_error 'I18N_OPENXPKI_SERVER_WORKFLOW_CONDITION_DATAPOOLENTRY_VALUE_EMPTY';
+ }
+ } elsif ($condition eq 'equals') {
+ if ($datapool_value ne $self->datapool_value()) {
+ condition_error 'I18N_OPENXPKI_SERVER_WORKFLOW_CONDITION_DATAPOOLENTRY_EQUALITY_MISMATCH';
+ }
+ } elsif ($condition eq 'regex') {
+ my $regex = qr/$self->datapool_value()/ms;
+ if ($datapool_value =~ /$regex/) {
+ condition_error 'I18N_OPENXPKI_SERVER_WORKFLOW_CONDITION_DATAPOOL_REGEX_MISMATCH';
+ }
+ } else {
+ condition_error 'I18N_OPENXPKI_SERVER_WORKFLOW_CONDITION_DATAPOOLENTRY_INVALID_CONDITION';
+ }
+
+ return 1;
+}
+
+1;
+
+__END__
+
+=head1 NAME
+
+OpenXPKI::Server::Workflow::Condition::DatapoolEntry
+
+=head1 SYNOPSIS
+ <condition
+ name="private_key_not_empty"
+ class="OpenXPKI::Server::Workflow::Condition::DatapoolEntry">
+ <param name="datapool_key" value="$cert_identifier"/>
+ <param name="datapool_namespace" value="certificate.privatekey"/>
+ <param name="condition" value="exists"/>
+ </condition>
+
+=head1 DESCRIPTION
+
+Checks if the specified datapool entry exists, is not empty or matches
+a given string or regex.
+
+Parameters:
+
+datapool_namespace: check entries in this namespace (required)
+datapool_key: checks are applied to this datapool entry
+condition: type of check: 'exists', 'notnull', 'regex', 'equals'
+datapool_value: comparison value for regex or equals check
+
+Note: if parameters specified start with a '$', the corresponding workflow
+context parameter is referenced instead of the literal string.
+
Added: trunk/perl-modules/core/trunk/OpenXPKI/Server/Workflow/Condition/WFArray.pm
===================================================================
--- trunk/perl-modules/core/trunk/OpenXPKI/Server/Workflow/Condition/WFArray.pm (rev 0)
+++ trunk/perl-modules/core/trunk/OpenXPKI/Server/Workflow/Condition/WFArray.pm 2011-08-25 08:42:27 UTC (rev 1579)
@@ -0,0 +1,104 @@
+# OpenXPKI::Server::Workflow::Condition::WFArray
+# Written by Scott Hardin for the OpenXPKI project 2010
+# Copyright (c) 2010 by The OpenXPKI Project
+
+package OpenXPKI::Server::Workflow::Condition::WFArray;
+
+use strict;
+use warnings;
+use base qw( Workflow::Condition );
+use OpenXPKI::Server::Context qw( CTX );
+use Workflow::Exception qw( condition_error configuration_error );
+use OpenXPKI::Exception;
+use OpenXPKI::Server::Workflow::WFObject::WFArray;
+use OpenXPKI::Debug;
+use English;
+
+my @parameters = qw(
+ array_name
+ condition
+);
+
+__PACKAGE__->mk_accessors(@parameters);
+
+sub _init {
+ my ( $self, $params ) = @_;
+
+ # propagate workflow condition parametrisation to our object
+ foreach my $arg (@parameters) {
+ if ( defined $params->{$arg} ) {
+ $self->$arg( $params->{$arg} );
+ }
+ }
+ if ( !( defined $self->array_name() ) ) {
+ configuration_error
+ "Missing parameter 'array_name' in " .
+ "declaration of condition " . $self->name();
+ }
+}
+
+
+sub evaluate {
+ my ( $self, $wf ) = @_;
+ my $context = $wf->context();
+
+
+ my $array = OpenXPKI::Server::Workflow::WFObject::WFArray->new(
+ {
+ workflow => $wf,
+ context_key => $self->array_name(),
+ } );
+
+ if ($self->condition() eq 'is_empty') {
+ if ($array->count() == 0) {
+ return 1;
+ }
+ condition_error
+ 'I18N_OPENXPKI_SERVER_WORKFLOW_CONDITION_WFARRAY_ARRAY_NOT_EMPTY';
+ } else {
+ configuration_error
+ "Invalid condition " . $self->condition() . " in " .
+ "declaration of condition " . $self->name();
+ }
+}
+
+1;
+__END__
+
+=head1 NAME
+
+OpenXPKI::Server::Workflow::Condition::WFArray
+
+=head1 SYNOPSIS
+
+ <condition
+ name="queue_is_empty"
+ class="OpenXPKI::Server::Workflow::Condition::WFArray">
+ <param name="array_name" value="cert_queue"/>
+ <param name="condition" value="is_empty"/>
+ </condition>
+
+=head1 DESCRIPTION
+
+Allows for checks of the contents of an array stored as a workflow
+context parameter.
+
+=head1 PARAMETERS
+
+=head2 array_name
+
+The name of the workflow context parameter containing the array to be used
+
+=head2 condition
+
+The following conditions are supported:
+
+=over 8
+
+=item is_empty
+
+Condition is true if the array is either non-existent or is empty.
+
+=back
+
+
Added: trunk/perl-modules/core/trunk/OpenXPKI/Server/Workflow/Condition/WorkflowContextBulk.pm
===================================================================
--- trunk/perl-modules/core/trunk/OpenXPKI/Server/Workflow/Condition/WorkflowContextBulk.pm (rev 0)
+++ trunk/perl-modules/core/trunk/OpenXPKI/Server/Workflow/Condition/WorkflowContextBulk.pm 2011-08-25 08:42:27 UTC (rev 1579)
@@ -0,0 +1,156 @@
+# OpenXPKI::Server::Workflow::Condition::WorkflowContextBulk
+# Written by Martin Bartosch for the OpenXPKI project 2009
+# Copyright (c) 2009 by The OpenXPKI Project
+package OpenXPKI::Server::Workflow::Condition::WorkflowContextBulk;
+
+use strict;
+use warnings;
+use base qw( Workflow::Condition );
+use DateTime;
+use Workflow::Exception qw( condition_error configuration_error );
+use OpenXPKI::Server::Context qw( CTX );
+use OpenXPKI::Debug;
+use English;
+use OpenXPKI::Exception;
+use Data::Dumper;
+
+my @parameters = qw(
+ cont...
[truncated message content] |
|
From: <mba...@us...> - 2011-08-25 08:41:52
|
Revision: 1578
http://openxpki.svn.sourceforge.net/openxpki/?rev=1578&view=rev
Author: mbartosch
Date: 2011-08-25 08:41:46 +0000 (Thu, 25 Aug 2011)
Log Message:
-----------
fixes to encrypted salts in context
Modified Paths:
--------------
trunk/perl-modules/core/trunk/OpenXPKI/Server/Workflow/Activity/SmartcardPINUnblock/GenerateActivationCode.pm
Modified: trunk/perl-modules/core/trunk/OpenXPKI/Server/Workflow/Activity/SmartcardPINUnblock/GenerateActivationCode.pm
===================================================================
--- trunk/perl-modules/core/trunk/OpenXPKI/Server/Workflow/Activity/SmartcardPINUnblock/GenerateActivationCode.pm 2011-08-25 08:41:28 UTC (rev 1577)
+++ trunk/perl-modules/core/trunk/OpenXPKI/Server/Workflow/Activity/SmartcardPINUnblock/GenerateActivationCode.pm 2011-08-25 08:41:46 UTC (rev 1578)
@@ -237,7 +237,7 @@
RETURN_LENGTH => $salt_len,
RANDOM_LENGTH => $salt_len,
};
- $salt = $default_token->command($command);
+ my $salt = $default_token->command($command);
#
# Add salt to activation code and create the SHA1 hash that is stored in
@@ -251,18 +251,35 @@
#
my $found = 0;
foreach my $a (qw( auth1 auth2 )) {
- $found++;
##! 16: "user=$user, auth=$a, val=" . $context->param($a . '_id')
- if ( $user eq $context->param( $a . '_id' ) ) {
- ##! 10: "Setting hash and salt in $a for user $user"
+ if ( lc($user) eq lc($context->param( $a . '_id' )) ) {
+ $found++;
+ ##! 10: "Setting hash and salt in $a for user $user"
# writing hash is easy... just put it in the context
$context->param( $a . '_hash', $hash );
# For the salt attribute, use the prefix '+' to
# let the persister know that this value must
# be encrypted in the database
- $context->param( '+' . $a . '_salt', $salt );
+ #$context->param( '+' . $a . '_salt', $salt );
+ #
+ # 2010-08-05 Martin Bartosch - FIXME
+ # encrypt salt and store in context
+ my $handle = $workflow->id() . '_' . $a;
+ CTX('api')->set_data_pool_entry(
+ {
+ NAMESPACE => 'smartcard.pinunblock.salt',
+ KEY => $handle,
+ VALUE => $salt,
+ # autocleanup of keys which are not crafted into certificates
+ # later in this process
+ EXPIRATION_DATE => time + 2 * 24 * 3600,
+ FORCE => 1,
+ ENCRYPT => 1,
+ });
+
+ CTX('dbi_backend')->commit();
}
}
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <mba...@us...> - 2011-08-25 08:41:34
|
Revision: 1577
http://openxpki.svn.sourceforge.net/openxpki/?rev=1577&view=rev
Author: mbartosch
Date: 2011-08-25 08:41:28 +0000 (Thu, 25 Aug 2011)
Log Message:
-----------
new activity tool for parsing certs
added new activity that allows to parse certificates and populate context
entries from the parsed information.
Modified Paths:
--------------
trunk/perl-modules/core/trunk/MANIFEST
Added Paths:
-----------
trunk/perl-modules/core/trunk/OpenXPKI/Server/Workflow/Activity/Tools/ParseCertificate.pm
Modified: trunk/perl-modules/core/trunk/MANIFEST
===================================================================
--- trunk/perl-modules/core/trunk/MANIFEST 2011-08-25 08:41:08 UTC (rev 1576)
+++ trunk/perl-modules/core/trunk/MANIFEST 2011-08-25 08:41:28 UTC (rev 1577)
@@ -205,7 +205,15 @@
OpenXPKI/Server/Workflow/Activity/Tools/Sleep.pm
OpenXPKI/Server/Workflow/Activity/Tools/Notification.pm
OpenXPKI/Server/Workflow/Activity/Tools/NotifyParentWorkflow.pm
+OpenXPKI/Server/Workflow/Activity/Tools/GeneratePassword.pm
+OpenXPKI/Server/Workflow/Activity/Tools/ParseCertificate.pm
+OpenXPKI/Server/Workflow/Activity/Tools/Datapool/GetEntry.pm
+OpenXPKI/Server/Workflow/Activity/Tools/Datapool/ModifyEntry.pm
+OpenXPKI/Server/Workflow/Activity/Tools/Datapool/SetEntry.pm
+
+OpenXPKI/Server/Workflow/Activity/Tools/LDAP/GetLDAPData.pm
+
OpenXPKI/Server/Workflow/Activity/CRLIssuance/DetermineNextCA.pm
OpenXPKI/Server/Workflow/Activity/CRLIssuance/GetCRLProfile.pm
OpenXPKI/Server/Workflow/Activity/CRLIssuance/IssueCRL.pm
Added: trunk/perl-modules/core/trunk/OpenXPKI/Server/Workflow/Activity/Tools/ParseCertificate.pm
===================================================================
--- trunk/perl-modules/core/trunk/OpenXPKI/Server/Workflow/Activity/Tools/ParseCertificate.pm (rev 0)
+++ trunk/perl-modules/core/trunk/OpenXPKI/Server/Workflow/Activity/Tools/ParseCertificate.pm 2011-08-25 08:41:28 UTC (rev 1577)
@@ -0,0 +1,159 @@
+# OpenXPKI::Server::Workflow::Activity::Tools::ParseCertificate
+# Written by Martin Bartosch for the OpenXPKI project 2011
+# Copyright (c) 2011 by The OpenXPKI Project
+
+package OpenXPKI::Server::Workflow::Activity::Tools::ParseCertificate;
+
+use strict;
+use base qw( OpenXPKI::Server::Workflow::Activity );
+
+use OpenXPKI::Server::Context qw( CTX );
+use OpenXPKI::Exception;
+use OpenXPKI::Debug;
+
+use Data::Dumper;
+
+my @parameters = qw(
+ cert_attrmap
+ certificate
+);
+
+__PACKAGE__->mk_accessors(@parameters);
+
+
+sub execute
+{
+ my $self = shift;
+ my $workflow = shift;
+ my $context = $workflow->context();
+ my $dbi = CTX('dbi_backend');
+ my $default_token = CTX('pki_realm_by_cfg')->
+ {$self->config_id()}->
+ {$self->{PKI_REALM}}->{crypto}->{default};
+
+ ##! 16: 'ParseCert'
+ my %contextentry_of = (
+ certificatein => 'certificate',
+ );
+ foreach my $contextkey (keys %contextentry_of) {
+ if (defined $self->param($contextkey . 'contextkey')) {
+ $contextentry_of{$contextkey} = $self->param($contextkey . 'contextkey');
+ }
+ }
+
+ my %cert_attrmap = map { split(/\s*[=-]>\s*/) }
+ split( /\s*,\s*/, $self->param('cert_attrmap') );
+
+
+ my $certificate = $context->param($contextentry_of{'certificatein'});
+
+ my $x509 = OpenXPKI::Crypto::X509->new(
+ TOKEN => $default_token,
+ DATA => $certificate,
+ );
+
+ my $x509_parsed = $x509->get_parsed();
+
+ foreach my $key (keys %cert_attrmap) {
+ if (! exists $x509_parsed->{BODY}->{$key}) {
+ OpenXPKI::Exception->throw(
+ message =>
+ 'I18N_OPENXPKI_SERVER_WORKFLOW_ACTIVITY_TOOLS_PARSE_CERT_INVALID_ATTRIBUTE',
+ params => {
+ ATTRIBUTE => $key,
+ },
+ log => {
+ logger => CTX('log'),
+ priority => 'error',
+ facility => 'system',
+ },
+ );
+ }
+ my $value = $x509_parsed->{BODY}->{$key};
+
+ if (ref $value ne '') {
+ OpenXPKI::Exception->throw(
+ message =>
+ 'I18N_OPENXPKI_SERVER_WORKFLOW_ACTIVITY_TOOLS_PARSE_CERT_INVALID_ATTRIBUTE_DATA_TYPE',
+ params => {
+ ATTRIBUTE => $key,
+ TYPE => ref $value,
+ },
+ log => {
+ logger => CTX('log'),
+ priority => 'error',
+ facility => 'system',
+ },
+ );
+ }
+
+ my $context_key = $cert_attrmap{$key};
+
+ $context->param($context_key => $value);
+ }
+
+ return 1;
+}
+
+1;
+__END__
+
+=head1 Name
+
+OpenXPKI::Server::Workflow::Activity::Tools::ParseCertificate
+
+=head1 Description
+
+Parse certificate and populate context entries with parsed information
+from the certificate.
+
+=head1 Parameters
+
+=head2 cert_attrmap
+
+Map parsed certificate attributes to context parameter names, allowing
+flexible access and assignment of data parsed certificates into the context.
+Must be defined, otherwise no output is generated in the context. Mapping
+keys must be specified correctly (including case), otherwise an exception
+is thrown.
+
+List of (useful) mapping keys, the available values are identical to
+the entries in the X.509 class member variable $cert->{PARSED}->{BODY}.
+Some of these entries are not scalar values, but complex types. These
+are currently not available and referencing them cause an exception to
+be thrown.
+
+ SUBJECT
+ SERIAL
+ SERIAL_HEX
+ IS_CA
+ ISSUER
+ EMAILADDRESS
+
+Less useful, but still available:
+
+ PUBKEY_ALGORITHM
+ SIGNATURE_ALGORITHM
+ CA_KEYID
+ EXPONENT (hexadecimal string)
+ FINGERPRINT
+ KEYID
+ KEYSIZE
+ MODULUS (hexadecimal string)
+ OPENSSL_SUBJECT
+ PLAIN_EXTENSIONS (large text blob, unstructured)
+ VERSION
+
+
+Example for cert_attrmap:
+
+SUBJECT -> cert_subject, ISSUER -> cert_issuer
+
+Writes the certificate subject to the context entry 'cert_subject', the
+certificate issuer to 'cert_issuer'.
+
+
+=head2 certificateincontextkey
+
+Context parameter to use for input certificate (default: certificate)
+
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <mba...@us...> - 2011-08-25 08:41:14
|
Revision: 1576
http://openxpki.svn.sourceforge.net/openxpki/?rev=1576&view=rev
Author: mbartosch
Date: 2011-08-25 08:41:08 +0000 (Thu, 25 Aug 2011)
Log Message:
-----------
updates to ldap data query code
Modified Paths:
--------------
trunk/perl-modules/core/trunk/OpenXPKI/Server/Workflow/Activity/Tools/LDAP/GetLDAPData.pm
Modified: trunk/perl-modules/core/trunk/OpenXPKI/Server/Workflow/Activity/Tools/LDAP/GetLDAPData.pm
===================================================================
--- trunk/perl-modules/core/trunk/OpenXPKI/Server/Workflow/Activity/Tools/LDAP/GetLDAPData.pm 2011-08-25 08:40:49 UTC (rev 1575)
+++ trunk/perl-modules/core/trunk/OpenXPKI/Server/Workflow/Activity/Tools/LDAP/GetLDAPData.pm 2011-08-25 08:41:08 UTC (rev 1576)
@@ -12,7 +12,7 @@
use OpenXPKI::Exception;
use OpenXPKI::Debug;
use OpenXPKI::Serialization::Simple;
-use Net::LDAPS;
+#use Net::LDAPS;
use Template;
use Data::Dumper;
@@ -24,6 +24,11 @@
my $context = $workflow->context();
my $serializer = OpenXPKI::Serialization::Simple->new();
+ my $error_when_not_found
+ = lc( $self->param('error_when_not_found') ) eq 'no' ? 0 : 1;
+ my $error_when_not_unique
+ = lc( $self->param('error_when_not_unique') ) eq 'no' ? 0 : 1;
+
my $ldap_server = $self->param('ldap_server');
my $ldap_port = $self->param('ldap_port');
my $ldap_userdn = $self->param('ldap_userdn');
@@ -32,27 +37,49 @@
my $ldap_attributes = $self->param('ldap_attributes');
my $ldap_attrmap = $self->param('ldap_attrmap');
my $ldap_timelimit = $self->param('ldap_timelimit');
- my @ldap_attribs = split( /,/, $ldap_attributes );
- my %ldap_attrmap =
- map { split(/\s*[=-]>\s*/) }
- split( /\s*,\s*/, $ldap_attrmap );
- ##! 64: "ldap_attrmap = " . Dumper(\%ldap_attrmap)
+ my @ldap_attribs = split( /\s*,\s*/, $ldap_attributes );
- ##! 2: 'connecting to ldap server ' . $ldap_server . ':' . $ldap_port
- my $ldap = Net::LDAPS->new(
- $ldap_server,
- port => $ldap_port,
- onerror => undef,
- );
+ # LDAPS doesn't seem to like non-ssl, which is useful for test installations
+ my $ldap;
+ eval {
+ if ( $ldap_port == 389 )
+ {
+ require Net::LDAP;
+ import Net::LDAP;
+ $ldap = Net::LDAP->new(
+ $ldap_server,
+ port => $ldap_port,
+ onerror => undef,
+ );
+ }
+ else {
+ require Net::LDAPS;
+ import Net::LDAPS;
+ $ldap = Net::LDAPS->new(
+ $ldap_server,
+ port => $ldap_port,
+ onerror => undef,
+ );
+ }
+ };
+ if ($EVAL_ERROR) {
+ OpenXPKI::Exception->throw(
+ message =>
+ 'I18N_OPENXPKI_SERVER_WORKFLOW_ACTIVITY_SMARTCARD_GETLDAPDATA_NET_LDAP_EVAL_ERR',
+ params => { 'EVAL_ERROR' => $EVAL_ERROR, },
+ log => {
+ logger => CTX('log'),
+ priority => 'error',
+ facility => 'monitor',
+ },
+ );
+ }
- ##! 2: 'ldap object created'
- # TODO: maybe use TLS ($ldap->start_tls())?
-
if ( !defined $ldap ) {
OpenXPKI::Exception->throw(
message =>
-'I18N_OPENXPKI_SERVER_WORKFLOW_ACTIVITY_SMARTCARD_GETLDAPDATA_LDAP_CONNECTION_FAILED',
+ 'I18N_OPENXPKI_SERVER_WORKFLOW_ACTIVITY_SMARTCARD_GETLDAPDATA_LDAP_CONNECTION_FAILED',
params => {
'LDAP_SERVER' => $ldap_server,
'LDAP_PORT' => $ldap_port,
@@ -65,11 +92,17 @@
);
}
+ my %ldap_attrmap = map { split(/\s*[=-]>\s*/) }
+ split( /\s*,\s*/, $ldap_attrmap );
+
+ ##! 2: 'ldap object created'
+ # TODO: maybe use TLS ($ldap->start_tls())?
+
my $mesg = $ldap->bind( $ldap_userdn, password => $ldap_pass );
if ( $mesg->is_error() ) {
OpenXPKI::Exception->throw(
message =>
-'I18N_OPENXPKI_SERVER_WORKFLOW_ACTIVITY_SMARTCARD_GETLDAPDATA_LDAP_BIND_FAILED',
+ 'I18N_OPENXPKI_SERVER_WORKFLOW_ACTIVITY_SMARTCARD_GETLDAPDATA_LDAP_BIND_FAILED',
params => {
ERROR => $mesg->error(),
ERROR_DESC => $mesg->error_desc(),
@@ -100,7 +133,8 @@
else {
$value = $svcparsed;
}
- ##! 128: "svc=$svc, svcparsed=$svcparsed, value=$value"
+ ##! 128: "svc=$svc, svcparsed=$svcparsed, key=$key, value=$value, basedn=$ldap_basedn"
+ ##! 128: "ldap_attribs=" . join(', ', @ldap_attribs)
$mesg = $ldap->search(
base => $ldap_basedn,
@@ -112,7 +146,7 @@
if ( $mesg->is_error() ) {
OpenXPKI::Exception->throw(
message =>
-'I18N_OPENXPKI_SERVER_WORKFLOW_ACTIVITY_SMARTCARD_GETLDAPDATA_LDAP_SEARCH_FAILED',
+ 'I18N_OPENXPKI_SERVER_WORKFLOW_ACTIVITY_SMARTCARD_GETLDAPDATA_LDAP_SEARCH_FAILED',
params => {
ERROR => $mesg->error(),
ERROR_DESC => $mesg->error_desc(),
@@ -127,10 +161,10 @@
##! 2: 'ldap->search() done'
##! 16: 'mesg->count: ' . $mesg->count
- if ( $mesg->count == 0 ) {
+ if ( $mesg->count == 0 and $error_when_not_found ) {
OpenXPKI::Exception->throw(
message =>
-'I18N_OPENXPKI_SERVER_WORKFLOW_ACTIVITY_SMARTCARD_GETLDAPDATA_LDAP_ENTRY_NOT_FOUND',
+ 'I18N_OPENXPKI_SERVER_WORKFLOW_ACTIVITY_SMARTCARD_GETLDAPDATA_LDAP_ENTRY_NOT_FOUND',
params => { FILTER => "$key=$value", },
log => {
logger => CTX('log'),
@@ -139,10 +173,10 @@
},
);
}
- elsif ( $mesg->count > 1 ) {
+ elsif ( $mesg->count > 1 and $error_when_not_unique ) {
OpenXPKI::Exception->throw(
message =>
-'I18N_OPENXPKI_SERVER_WORKFLOW_ACTIVITY_SMARTCARD_GETLDAPDATA_MORE_THAN_ONE_LDAP_ENTRY_FOUND',
+ 'I18N_OPENXPKI_SERVER_WORKFLOW_ACTIVITY_SMARTCARD_GETLDAPDATA_MORE_THAN_ONE_LDAP_ENTRY_FOUND',
params => { FILTER => "$key=$value", },
log => {
logger => CTX('log'),
@@ -152,6 +186,7 @@
);
}
+ ##! 128: "LDAP entries returned by search: " . Dumper($mesg->entries)
foreach my $entry ( $mesg->entries ) {
##! 32: "foreach entry: " . Dumper($entry)
foreach my $attrib ( $entry->attributes ) {
@@ -171,11 +206,11 @@
}
}
- # $context->param('display_mapping' => $self->param('display_mapping'));
- # $context->param('client_csp' => $self->param('client_csp'));
- # $context->param('client_bitlength' => $self->param('client_bitlength'));
+ # $context->param('display_mapping' => $self->param('display_mapping'));
+ # $context->param('client_csp' => $self->param('client_csp'));
+ # $context->param('client_bitlength' => $self->param('client_bitlength'));
- ##! 32: 'context = ' . Dumper($context)
+ ##! 32: 'context = ' . Dumper($context)
##! 4: 'end'
return;
@@ -195,8 +230,59 @@
=head1 Parameters
-=head2 attrmap
+=head2 display_mapping
+I<Note:> doesn't seem to be used at the moment
+
+Comma-separated list used for mapping display names. For example:
+
+ cn -> I18N_OPENXPKI_HTML_SMARTCARD_LDAP_CN, mail -> I18N_OPENXPKI_HTML_SMARTCARD_LDAP_MAIL
+
+=head2 ldap_attributes
+
+List of attributes in the LDAP entry to be returned for each entry that matches the search filter.
+
+=head2 ldap_attrmap
+
Map LDAP attribute names to context parameter names, allowing flexible access and assignment of
data from LDAP into the context. By default, the names of the LDAP attributes returned are
prepended with 'ldap_' and set as context parameters.
+
+=head2 error_when_not_found
+
+Setting this to 'yes' causes an exception to be thrown when no record is
+found and 'no' supresses the exception. The default is 'yes'.
+
+=head2 error_when_not_unique
+
+Setting this to 'yes' causes an exception to be thrown when more than one
+record is found and 'no' supresses the exception. The default is 'yes'.
+
+=head2 ldap_basedn
+
+The DN that is the base object entry relative to which the search is to be performed.
+
+=head2 ldap_pass
+
+The password for binding to the LDAP server.
+
+=head2 ldap_port
+
+The port that the server listens on.
+
+=head2 ldap_server
+
+The host name or IP address of the LDAP server.
+
+=head2 ldap_timelimit
+
+A timelimit that restricts the maximum time (in seconds) allowed for a search. A value of 0
+means that no timelimit will be requested.
+
+=head2 ldap_userdn
+
+The user DN for binding to the LDAP server.
+
+=head2 search_key
+
+=head2 search_value_context
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <mba...@us...> - 2011-08-25 08:40:56
|
Revision: 1575
http://openxpki.svn.sourceforge.net/openxpki/?rev=1575&view=rev
Author: mbartosch
Date: 2011-08-25 08:40:49 +0000 (Thu, 25 Aug 2011)
Log Message:
-----------
workflow datapool manipulation activity updates
Modified Paths:
--------------
trunk/perl-modules/core/trunk/OpenXPKI/Server/Workflow/Activity/Tools/Datapool/GetEntry.pm
trunk/perl-modules/core/trunk/OpenXPKI/Server/Workflow/Activity/Tools/Datapool/SetEntry.pm
Added Paths:
-----------
trunk/perl-modules/core/trunk/OpenXPKI/Server/Workflow/Activity/Tools/Datapool/ModifyEntry.pm
Modified: trunk/perl-modules/core/trunk/OpenXPKI/Server/Workflow/Activity/Tools/Datapool/GetEntry.pm
===================================================================
--- trunk/perl-modules/core/trunk/OpenXPKI/Server/Workflow/Activity/Tools/Datapool/GetEntry.pm 2011-08-25 08:40:28 UTC (rev 1574)
+++ trunk/perl-modules/core/trunk/OpenXPKI/Server/Workflow/Activity/Tools/Datapool/GetEntry.pm 2011-08-25 08:40:49 UTC (rev 1575)
@@ -1,6 +1,6 @@
# OpenXPKI::Server::Workflow::Activity::Tools::Datapool::GetEntry
-# Written by Alexander Klink for the OpenXPKI project 2006
-# Copyright (c) 2006 by The OpenXPKI Project
+# Written by Scott Hardin for the OpenXPKI project 2010
+# Copyright (c) 2010 by The OpenXPKI Project
package OpenXPKI::Server::Workflow::Activity::Tools::Datapool::GetEntry;
@@ -68,8 +68,21 @@
my $msg = CTX('api')->get_data_pool_entry($params);
+ my $retval = $msg->{VALUE};
+
+ my $default_value = $self->param('ds_default_value');
+
+ if ( not defined $retval ) {
+ if ( defined $default_value ) {
+ if ( $default_value =~ s/^\$// ) {
+ $default_value = $context->param($default_value);
+ }
+ $retval = $default_value;
+ }
+ }
+
##! 1: 'returned from get_data_pool_entry(): ' . Dumper($msg)
- $context->param($valparam, $msg->{VALUE});
+ $context->param($valparam, $retval);
return;
}
@@ -113,6 +126,12 @@
B<Note:> If encryption is enabled, the parameter name must be
preceeded with an underscore.
+=item ds_default_value
+
+The default value to be returned if no record in the datapool is
+found. If preceeded with a dollar symbol '$', then the workflow
+context variable with the given name will be used.
+
=back
=head2 Arguments
Added: trunk/perl-modules/core/trunk/OpenXPKI/Server/Workflow/Activity/Tools/Datapool/ModifyEntry.pm
===================================================================
--- trunk/perl-modules/core/trunk/OpenXPKI/Server/Workflow/Activity/Tools/Datapool/ModifyEntry.pm (rev 0)
+++ trunk/perl-modules/core/trunk/OpenXPKI/Server/Workflow/Activity/Tools/Datapool/ModifyEntry.pm 2011-08-25 08:40:49 UTC (rev 1575)
@@ -0,0 +1,129 @@
+# OpenXPKI::Server::Workflow::Activity::Tools::Datapool::ModifyEntry
+# Written by Martin Bartosch for the OpenXPKI project 2010
+# Copyright (c) 2010 by The OpenXPKI Project
+
+package OpenXPKI::Server::Workflow::Activity::Tools::Datapool::ModifyEntry;
+
+use strict;
+use English;
+use base qw( OpenXPKI::Server::Workflow::Activity );
+
+use OpenXPKI::Server::Context qw( CTX );
+use OpenXPKI::Exception;
+use OpenXPKI::Debug;
+use OpenXPKI::DateTime;
+use DateTime;
+use Template;
+
+use Data::Dumper;
+
+sub execute {
+ ##! 1: 'start'
+ my $self = shift;
+ my $workflow = shift;
+ my $context = $workflow->context();
+
+ my $params = {
+ PKI_REALM => CTX('api')->get_pki_realm(),
+ };
+
+ foreach my $key (qw( namespace key )) {
+ my $pkey = 'ds_' . $key;
+ my $val = $self->param($pkey);
+ if ( not defined $val ) {
+ OpenXPKI::Exception->throw(
+ message =>
+ 'I18N_OPENXPKI_SERVER_WORKFLOW_ACTIVITY_TOOLS_DATAPOOL_MODIFYENTRY_MISSPARAM',
+ params => {
+ PARAM => $pkey,
+ },
+ );
+ }
+ }
+
+ foreach my $key (qw( namespace key newkey expiration_date )) {
+ if (defined $self->param( 'ds_' . $key )) {
+ $params->{ uc($key) } = $self->param( 'ds_' . $key );
+ }
+ }
+
+ foreach my $key (qw( KEY NEWKEY )) {
+ # dereference if necessary
+ if ($params->{$key} =~ m{ \A \$ (.*) }xms) {
+ $params->{$key} = $context->param($1);
+ }
+ }
+
+
+ if (exists $params->{EXPIRATION_DATE}) {
+ if (defined $params->{EXPIRATION_DATE}
+ && ($params->{EXPIRATION_DATE} ne '')) {
+ my $then = OpenXPKI::DateTime::get_validity(
+ {
+ REFERENCEDATE => DateTime->now(),
+ VALIDITY => $params->{EXPIRATION_DATE},
+ VALIDITYFORMAT => 'relativedate',
+ });
+ $params->{EXPIRATION_DATE} = $then->epoch();
+ } else {
+ $params->{EXPIRATION_DATE} = undef;
+ }
+ }
+
+ ##! 16: 'modify_data_pool_entry params: ' . Dumper $params
+ CTX('api')->modify_data_pool_entry($params);
+
+ CTX('dbi_backend')->commit();
+
+ return 1;
+}
+
+1;
+__END__
+
+=head1 Name
+
+OpenXPKI::Server::Workflow::Activity::Tools::Datapool::ModifyEntry
+
+=head1 Description
+
+This class modifies an entry in the Datapool.
+
+=head1 Configuration
+
+=head2 Parameters
+
+In the activity definition, the following parameters must be set.
+See the example that follows.
+
+=over 8
+
+=item ds_namespace
+
+The namespace to use.
+
+=item ds_key
+
+Key within the namespace to access. If it starts with a $, the context
+value with the specified name is dereferenced.
+
+=item ds_force
+
+Causes the set action to overwrite an existing entry.
+
+=item ds_expiration_date
+
+Sets expiration date of the datapool entry to the specified value.
+The value should be a relative time specification (such as '+000001',
+which means one day). See OpenXPKI::DateTime::get_validity, section
+'relativedate' for details.
+
+If the expiration date is an emptry string, the expiration date is interpreted
+as NULL.
+
+=back
+
+=head2 Arguments
+
+=head2 Example
+
Modified: trunk/perl-modules/core/trunk/OpenXPKI/Server/Workflow/Activity/Tools/Datapool/SetEntry.pm
===================================================================
--- trunk/perl-modules/core/trunk/OpenXPKI/Server/Workflow/Activity/Tools/Datapool/SetEntry.pm 2011-08-25 08:40:28 UTC (rev 1574)
+++ trunk/perl-modules/core/trunk/OpenXPKI/Server/Workflow/Activity/Tools/Datapool/SetEntry.pm 2011-08-25 08:40:49 UTC (rev 1575)
@@ -1,6 +1,6 @@
# OpenXPKI::Server::Workflow::Activity::Tools::Datapool::SetEntry
-# Written by Alexander Klink for the OpenXPKI project 2006
-# Copyright (c) 2006 by The OpenXPKI Project
+# Written by Scott Hardin for the OpenXPKI project 2010
+# Copyright (c) 2010 by The OpenXPKI Project
package OpenXPKI::Server::Workflow::Activity::Tools::Datapool::SetEntry;
@@ -12,6 +12,8 @@
use OpenXPKI::Exception;
use OpenXPKI::Debug;
use OpenXPKI::Serialization::Simple;
+use OpenXPKI::DateTime;
+use DateTime;
use Net::LDAP;
use Template;
@@ -35,9 +37,22 @@
. uc($key) );
}
}
- foreach my $key (qw( namespace encrypt force )) {
- $params->{ uc($key) } = $self->param( 'ds_' . $key );
+
+ foreach my $key (qw( namespace encrypt force expiration_date )) {
+ if (defined $self->param( 'ds_' . $key )) {
+ $params->{ uc($key) } = $self->param( 'ds_' . $key );
+ }
}
+
+ if (defined $params->{EXPIRATION_DATE}) {
+ my $then = OpenXPKI::DateTime::get_validity(
+ {
+ REFERENCEDATE => DateTime->now(),
+ VALIDITY => $params->{EXPIRATION_DATE},
+ VALIDITYFORMAT => 'relativedate',
+ });
+ $params->{EXPIRATION_DATE} = $then->epoch();
+ }
my $keyparam = $self->param('ds_key_param');
if ( not defined $keyparam ) {
@@ -68,6 +83,15 @@
CTX('api')->set_data_pool_entry($params);
CTX('dbi_backend')->commit();
+ if ($self->param('ds_unset_context_value')) {
+ ##! 16: 'clearing context parameter ' . $valparam
+
+ # Workflow does not allow to delete workflow context entries or
+ # set them to undef, hence work around this bug by setting the
+ # value to an empty string
+ $context->param($valparam => '');
+ }
+
# TODO: handle return code from set_data_pool_entry()
return 1;
@@ -121,6 +145,18 @@
Causes the set action to overwrite an existing entry.
+=item ds_expiration_date
+
+Sets expiration date of the datapool entry to the specified value.
+The value should be a relative time specification (such as '+000001',
+which means one day). See OpenXPKI::DateTime::get_validity, section
+'relativedate' for details.
+
+=item ds_unset_context_value
+
+If this parameter is set to 1 the activity clears the workflow context
+value specified via dc_value_param after storing the value in the datapool.
+
=back
=head2 Arguments
@@ -137,7 +173,9 @@
ds_key_param="token_id"
ds_value_param="_puk"
ds_encrypt="1"
- ds_force="1" >
+ ds_force="1"
+ ds_unset_context_value="1"
+ ds_expiration_date="+10" >
<field name="token_id" label="Serial number of Smartcard"/>
<field name="_puk" label="Smartcard PUK"/>
</action>
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <mba...@us...> - 2011-08-25 08:40:34
|
Revision: 1574
http://openxpki.svn.sourceforge.net/openxpki/?rev=1574&view=rev
Author: mbartosch
Date: 2011-08-25 08:40:28 +0000 (Thu, 25 Aug 2011)
Log Message:
-----------
support serialization of multi-valued fields from ldap
Modified Paths:
--------------
trunk/perl-modules/core/trunk/OpenXPKI/Server/Workflow/Activity/SmartCard/GetLDAPData.pm
Modified: trunk/perl-modules/core/trunk/OpenXPKI/Server/Workflow/Activity/SmartCard/GetLDAPData.pm
===================================================================
--- trunk/perl-modules/core/trunk/OpenXPKI/Server/Workflow/Activity/SmartCard/GetLDAPData.pm 2011-08-25 08:40:10 UTC (rev 1573)
+++ trunk/perl-modules/core/trunk/OpenXPKI/Server/Workflow/Activity/SmartCard/GetLDAPData.pm 2011-08-25 08:40:28 UTC (rev 1574)
@@ -108,6 +108,7 @@
message => 'I18N_OPENXPKI_SERVER_WORKFLOW_ACTIVITY_SMARTCARD_GETLDAPDATA_LDAP_ENTRY_NOT_FOUND',
params => {
FILTER => "$key=$value",
+ BASEDN => $ldap_basedn,
},
log => {
logger => CTX('log'),
@@ -133,11 +134,19 @@
foreach my $entry ($mesg->entries) {
##! 32: 'foreach entry'
foreach my $attrib ($entry->attributes) {
- # TODO: handle non-scalar attributes (serialization)
##! 32: 'foreach attrib: ' . $attrib
- $context->param(
- 'ldap_' . $attrib => $entry->get_value($attrib),
- );
+ my @values = $entry->get_value($attrib);
+ ##! 32: 'attrib values: ' . Dumper \@values
+ if (scalar @values == 1) { # scalar
+ $context->param(
+ 'ldap_' . $attrib => $values[0],
+ );
+ }
+ else { # non-scalar, serialize
+ $context->param(
+ 'ldap_' . $attrib => $serializer->serialize(\@values),
+ );
+ }
}
}
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <mba...@us...> - 2011-08-25 08:40:16
|
Revision: 1573
http://openxpki.svn.sourceforge.net/openxpki/?rev=1573&view=rev
Author: mbartosch
Date: 2011-08-25 08:40:10 +0000 (Thu, 25 Aug 2011)
Log Message:
-----------
sleep option for wf forking
Modified Paths:
--------------
trunk/perl-modules/core/trunk/OpenXPKI/Server/Workflow/Activity/SmartCard/ForkWorkflowInstances.pm
Modified: trunk/perl-modules/core/trunk/OpenXPKI/Server/Workflow/Activity/SmartCard/ForkWorkflowInstances.pm
===================================================================
--- trunk/perl-modules/core/trunk/OpenXPKI/Server/Workflow/Activity/SmartCard/ForkWorkflowInstances.pm 2011-08-25 08:33:53 UTC (rev 1572)
+++ trunk/perl-modules/core/trunk/OpenXPKI/Server/Workflow/Activity/SmartCard/ForkWorkflowInstances.pm 2011-08-25 08:40:10 UTC (rev 1573)
@@ -23,6 +23,7 @@
my $context = $workflow->context();
my $serializer = OpenXPKI::Serialization::Simple->new();
my $role = $self->param('role');
+ my $sleep = $self->param('sleep');
##! 64: 'role from config file: ' . $role
my $csr_serials = $context->param('csr_serial');
if (!defined $csr_serials) {
@@ -32,7 +33,7 @@
}
my @csr_serials = @{$serializer->deserialize($csr_serials)};
-
+
foreach my $serial (@csr_serials) {
##! 64: 'csr_serial: ' . $serial
my $fork_wf_instance = OpenXPKI::Server::Workflow::Activity::Tools::ForkWorkflowInstance->new(
@@ -49,6 +50,10 @@
},
);
##! 64: 'executed'
+ if (defined $sleep && ($sleep =~ m{ \A \d+ \z }xms)) {
+ ##! 64: 'sleeping ' . $sleep . ' seconds'
+ sleep $sleep;
+ }
}
return;
}
@@ -64,3 +69,7 @@
Forks certificate issuance workflows for all csr_serials in the
context.
+
+parameters:
+
+sleep: (optional) sleep n seconds after each fork operation
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <mba...@us...> - 2011-08-25 08:34:00
|
Revision: 1572
http://openxpki.svn.sourceforge.net/openxpki/?rev=1572&view=rev
Author: mbartosch
Date: 2011-08-25 08:33:53 +0000 (Thu, 25 Aug 2011)
Log Message:
-----------
Code cleanup: reduce Perl warnings
This commit addresses several minor problems in the code where parameter
checking was not properly applied. It should reduce the number of
runtime warnings about undefined values (and hopefully does not break
things).
Modified Paths:
--------------
trunk/perl-modules/core/trunk/OpenXPKI/Crypto/Backend/OpenSSL/Command/convert_crl.pm
trunk/perl-modules/core/trunk/OpenXPKI/Crypto/Profile/Base.pm
trunk/perl-modules/core/trunk/OpenXPKI/Server/API/Default.pm
trunk/perl-modules/core/trunk/OpenXPKI/Server/DBI/Hash.pm
trunk/perl-modules/core/trunk/OpenXPKI/Server/Notification.pm
trunk/perl-modules/core/trunk/OpenXPKI/Service/Default.pm
Modified: trunk/perl-modules/core/trunk/OpenXPKI/Crypto/Backend/OpenSSL/Command/convert_crl.pm
===================================================================
--- trunk/perl-modules/core/trunk/OpenXPKI/Crypto/Backend/OpenSSL/Command/convert_crl.pm 2011-08-25 08:33:24 UTC (rev 1571)
+++ trunk/perl-modules/core/trunk/OpenXPKI/Crypto/Backend/OpenSSL/Command/convert_crl.pm 2011-08-25 08:33:53 UTC (rev 1572)
@@ -45,7 +45,7 @@
my $command = "crl";
$command .= " -out ".$self->{OUTFILE};
$command .= " -in ".$self->{INFILE};
- if ($self->{IN} eq 'DER') {
+ if (defined $self->{IN} && ($self->{IN} eq 'DER')) {
$command .= " -inform DER";
}
if ($self->{OUT} eq "DER")
Modified: trunk/perl-modules/core/trunk/OpenXPKI/Crypto/Profile/Base.pm
===================================================================
--- trunk/perl-modules/core/trunk/OpenXPKI/Crypto/Profile/Base.pm 2011-08-25 08:33:24 UTC (rev 1571)
+++ trunk/perl-modules/core/trunk/OpenXPKI/Crypto/Profile/Base.pm 2011-08-25 08:33:53 UTC (rev 1572)
@@ -104,11 +104,19 @@
## is this a critical extension?
- my $critical = eval {$self->{config}->get_xpath (
- XPATH => [@path, "critical"],
- COUNTER => [@counter, 0, 0],
- CONFIG_ID => $cfg_id)};
-
+ my $critical;
+ eval {
+ $critical = $self->{config}->get_xpath (
+ XPATH => [@path, "critical"],
+ COUNTER => [@counter, 0, 0],
+ CONFIG_ID => $cfg_id);
+ };
+ if (! defined $critical) {
+ $critical = 'false';
+ # FIXME: should we generate a warning here that no criticality is
+ # defined?
+ }
+
if ($path[$#path] eq "basic_constraints")
{
$values[0] = ["CA",
@@ -430,6 +438,36 @@
my $name = $keys->{NAME};
my $critical = $keys->{CRITICAL};
my $value = $keys->{VALUES};
+
+ if (! defined $name) {
+ OpenXPKI::Exception->throw(
+ message => "I18N_OPENXPKI_CRYPTO_PROFILE_CERTIFICATE_SET_EXTENSION_NAME_NOT_SPECIFIED",
+ );
+ }
+
+ if (! defined $value) {
+ OpenXPKI::Exception->throw (
+ message => "I18N_OPENXPKI_CRYPTO_PROFILE_CERTIFICATE_SET_EXTENSION_VALUE_NOT_SPECIFIED",
+ );
+ }
+ if (! defined $critical) {
+ OpenXPKI::Exception->throw (
+ message => "I18N_OPENXPKI_CRYPTO_PROFILE_CERTIFICATE_SET_EXTENSION_CRITICALITY_NOT_SPECIFIED",
+ params => {
+ NAME => $name,
+ VALUE => $value,
+ });
+ }
+ if ($critical !~ m{ \A (?:true|false) }xms) {
+ OpenXPKI::Exception->throw (
+ message => "I18N_OPENXPKI_CRYPTO_PROFILE_CERTIFICATE_SET_EXTENSION_INVALID_CRITICALITY",
+ params => {
+ NAME => $name,
+ VALUE => $value,
+ CRITICALITY => $critical,
+ });
+ }
+
##! 16: 'name: ' . $name
##! 16: 'critical: ' . $critical
##! 16: 'value: ' . $value
Modified: trunk/perl-modules/core/trunk/OpenXPKI/Server/API/Default.pm
===================================================================
--- trunk/perl-modules/core/trunk/OpenXPKI/Server/API/Default.pm 2011-08-25 08:33:24 UTC (rev 1571)
+++ trunk/perl-modules/core/trunk/OpenXPKI/Server/API/Default.pm 2011-08-25 08:33:53 UTC (rev 1572)
@@ -663,10 +663,14 @@
if ($pkcs10) {
# add subject alternative names from CSR if present
my @pkcs10_sans = ();
- eval {
- @pkcs10_sans = split q{, }, $csr_info->{BODY}->{OPENSSL_EXTENSIONS}->{'X509v3 Subject Alternative Name'}->[0];
- };
- for (my $ii = $san_count; $ii < ($san_count + scalar @pkcs10_sans); $ii++) {
+
+ my $tmp = $csr_info->{BODY}->{OPENSSL_EXTENSIONS}->{'X509v3 Subject Alternative Name'}->[0];
+ if (defined $tmp) {
+ eval {
+ @pkcs10_sans = split q{, }, $tmp;
+ };
+ }
+ for (my $ii = $san_count; $ii < ($san_count + scalar @pkcs10_sans); $ii++) {
# add fixed SAN entries for all SANs in the PKCS#10
my $san = $pkcs10_sans[$ii - $san_count];
##! 16: 'san: ' . $san
Modified: trunk/perl-modules/core/trunk/OpenXPKI/Server/DBI/Hash.pm
===================================================================
--- trunk/perl-modules/core/trunk/OpenXPKI/Server/DBI/Hash.pm 2011-08-25 08:33:24 UTC (rev 1571)
+++ trunk/perl-modules/core/trunk/OpenXPKI/Server/DBI/Hash.pm 2011-08-25 08:33:53 UTC (rev 1572)
@@ -189,7 +189,11 @@
# TODO: do we really need to log this?
foreach my $key (keys %index)
{
- $message .= "\n".lc($key)."=".$index{$key};
+ my $val = 'n/a';
+ if (exists $index{$key}) {
+ $val = $index{$key};
+ }
+ $message .= "\n" . lc($key) . "=" . $val;
}
##! 16: 'log: ' . ref $self->{LOG}
Modified: trunk/perl-modules/core/trunk/OpenXPKI/Server/Notification.pm
===================================================================
--- trunk/perl-modules/core/trunk/OpenXPKI/Server/Notification.pm 2011-08-25 08:33:24 UTC (rev 1571)
+++ trunk/perl-modules/core/trunk/OpenXPKI/Server/Notification.pm 2011-08-25 08:33:53 UTC (rev 1572)
@@ -404,7 +404,7 @@
COUNTER => [ @counter, $i , 0 ],
CONFIG_ID => $config_id_of{$ident},
);
- if ($lang eq $language) {
+ if (defined $language && ($lang eq $language)) {
$template_index = $i;
last FIND_LANGUAGE_TEMPLATE;
}
Modified: trunk/perl-modules/core/trunk/OpenXPKI/Service/Default.pm
===================================================================
--- trunk/perl-modules/core/trunk/OpenXPKI/Service/Default.pm 2011-08-25 08:33:24 UTC (rev 1571)
+++ trunk/perl-modules/core/trunk/OpenXPKI/Service/Default.pm 2011-08-25 08:33:53 UTC (rev 1572)
@@ -482,11 +482,18 @@
## log in, as this will cause a crash on the web interface. This
## is a known bug (#1909037), and this code is here as a workaround
## until it is fixed.
- if (exists $message->{PARAMS}->{LOGIN} &&
- $message->{PARAMS}->{LOGIN} !~ m{ \A \p{IsASCII}+ \z }xms) {
- OpenXPKI::Exception->throw(
- message => 'I18N_OPENXPKI_SERVICE_DEFAULT_GET_PASSWD_LOGIN_NON_ASCII_USERNAME_BUG',
- );
+ if (exists $message->{PARAMS}->{LOGIN}) {
+ if (! defined $message->{PARAMS}->{LOGIN}) {
+ OpenXPKI::Exception->throw(
+ message => 'I18N_OPENXPKI_SERVICE_DEFAULT_GET_PASSWD_USERNAME_UNDEFINED',
+ );
+ }
+
+ if ($message->{PARAMS}->{LOGIN} !~ m{ \A \p{IsASCII}+ \z }xms) {
+ OpenXPKI::Exception->throw(
+ message => 'I18N_OPENXPKI_SERVICE_DEFAULT_GET_PASSWD_LOGIN_NON_ASCII_USERNAME_BUG',
+ );
+ }
}
my ($user, $role, $reply) = CTX('authentication')->login_step({
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <mba...@us...> - 2011-08-25 08:33:30
|
Revision: 1571
http://openxpki.svn.sourceforge.net/openxpki/?rev=1571&view=rev
Author: mbartosch
Date: 2011-08-25 08:33:24 +0000 (Thu, 25 Aug 2011)
Log Message:
-----------
Fixed parsing problem of IP SubjectAltNames
OpenSSL has a slight inconsistency when it comes to handling IP SANs:
It parses pkcs10 requests and certificates containing a IP SubjectAltName
by producing a parsed line like 'IP Address:1.2.3.4'.
However, if you wish to set an IP SAN in generated certificates you need
to produce an OpenSSL config file that contains 'IP:1.2.3.4' instead.
All other SubjectAlternativeName types can be left as parsed and directly
propagated from a parsed CSR to a config file to be used for creating a cert.
This results in a problem if a CSR containing an IP SAN is processed
and approved without modifying the parsed SAN by the RA Operator.
The certificate issuance operation subsequently fails with an OpenSSL error.
In case an IP SAN is encountered during parsing a CSR or X.509 cert this
commit mangles the reported SubjectAltName to 'IP'.
This should not cause compatibilty problems, as 'IP' is used internally in
OpenXPKI to specify IP SANs. Using 'IP Address' shall hence be considered
a bug.
Modified Paths:
--------------
trunk/perl-modules/core/trunk/OpenXPKI/Crypto/CSR.pm
trunk/perl-modules/core/trunk/OpenXPKI/Crypto/X509.pm
Modified: trunk/perl-modules/core/trunk/OpenXPKI/Crypto/CSR.pm
===================================================================
--- trunk/perl-modules/core/trunk/OpenXPKI/Crypto/CSR.pm 2011-08-23 09:29:32 UTC (rev 1570)
+++ trunk/perl-modules/core/trunk/OpenXPKI/Crypto/CSR.pm 2011-08-25 08:33:24 UTC (rev 1571)
@@ -198,6 +198,15 @@
$val =~ s/\s+$//;
$i++;
next if $val =~ /^$/;
+ if ($key eq 'X509v3 Subject Alternative Name') {
+ # when OpenSSL encounters CSR IP Subject Alternative Names
+ # the parsed output contains "IP Address:d.d.d.d", however
+ # OpenSSL expects "IP:d.d.d.d" in a config file for
+ # certificate issuance if you intend to issue a certificate
+ # we hereby declare that "IP" is the canonical identifier
+ # for an IP Subject Alternative Name
+ $val =~ s{ \A IP\ Address: }{IP:}xms;
+ }
push(@{$ret->{OPENSSL_EXTENSIONS}->{$key}}, $val);
}
} else {
Modified: trunk/perl-modules/core/trunk/OpenXPKI/Crypto/X509.pm
===================================================================
--- trunk/perl-modules/core/trunk/OpenXPKI/Crypto/X509.pm 2011-08-23 09:29:32 UTC (rev 1570)
+++ trunk/perl-modules/core/trunk/OpenXPKI/Crypto/X509.pm 2011-08-25 08:33:24 UTC (rev 1571)
@@ -201,6 +201,15 @@
$val =~ s/\s+$//;
$i++;
next if $val =~ /^$/;
+ if ($key eq 'X509v3 Subject Alternative Name') {
+ # when OpenSSL encounters CSR IP Subject Alternative Names
+ # the parsed output contains "IP Address:d.d.d.d", however
+ # OpenSSL expects "IP:d.d.d.d" in a config file for
+ # certificate issuance if you intend to issue a certificate
+ # we hereby declare that "IP" is the canonical identifier
+ # for an IP Subject Alternative Name
+ $val =~ s{ \A IP\ Address: }{IP:}xms;
+ }
push(@{$ret->{OPENSSL_EXTENSIONS}->{$key}}, $val);
}
} else {
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <mba...@us...> - 2011-08-23 09:29:39
|
Revision: 1570
http://openxpki.svn.sourceforge.net/openxpki/?rev=1570&view=rev
Author: mbartosch
Date: 2011-08-23 09:29:32 +0000 (Tue, 23 Aug 2011)
Log Message:
-----------
Security fix for OpenXPKI::Crypto::CLI
Please refer to the email to the OpenXPKI Users and Development mailing
list for details.
This commit introduces an additional dependency to the Perl module
Proc::SafeExec and addresses a security issue in the Crypto CLI
interface.
Modified Paths:
--------------
trunk/perl-modules/core/trunk/Makefile.PL
trunk/perl-modules/core/trunk/OpenXPKI/Crypto/Backend/OpenSSL/Command/create_cert.pm
trunk/perl-modules/core/trunk/OpenXPKI/Crypto/Backend/OpenSSL/Command/create_pkcs10.pm
trunk/perl-modules/core/trunk/OpenXPKI/Crypto/Backend/OpenSSL/Command/issue_cert.pm
trunk/perl-modules/core/trunk/OpenXPKI/Crypto/CLI.pm
Modified: trunk/perl-modules/core/trunk/Makefile.PL
===================================================================
--- trunk/perl-modules/core/trunk/Makefile.PL 2011-08-23 09:29:08 UTC (rev 1569)
+++ trunk/perl-modules/core/trunk/Makefile.PL 2011-08-23 09:29:32 UTC (rev 1570)
@@ -316,6 +316,7 @@
'Net::Server' => '0.94',
'Params::Validate' => '0.77',
'Proc::ProcessTable' => '0.43',
+ 'Proc::SafeExec' => '1.4',
'Regexp::Common' => 2,
'Sys::SigAction' => '0.06',
'Template' => '2.15',
Modified: trunk/perl-modules/core/trunk/OpenXPKI/Crypto/Backend/OpenSSL/Command/create_cert.pm
===================================================================
--- trunk/perl-modules/core/trunk/OpenXPKI/Crypto/Backend/OpenSSL/Command/create_cert.pm 2011-08-23 09:29:08 UTC (rev 1569)
+++ trunk/perl-modules/core/trunk/OpenXPKI/Crypto/Backend/OpenSSL/Command/create_cert.pm 2011-08-23 09:29:32 UTC (rev 1570)
@@ -27,8 +27,6 @@
}
$self->{CONFIG}->set_profile($self->{PROFILE});
- my @result = ();
-
$self->get_tmpfile ('CSR');
$self->get_tmpfile ('DUMMYCA');
@@ -121,7 +119,7 @@
my @subject = ();
if ($subject) {
- push(@subject, '-subj', qq("$subject"));
+ push(@subject, '-subj', $subject);
if ($subject =~ /[^\\](\\\\)*\+/) {
push(@subject, '-multivalue-rdn');
@@ -130,12 +128,12 @@
my @engine = ();
if ($engine) {
- push(@engine, '-engine', qq("$engine"));
+ push(@engine, '-engine', $engine);
}
my @keyform = ();
if ($keyform) {
- push(@keyform, '-keyform', qq("$keyform"));
+ push(@keyform, '-keyform', $keyform);
}
my @password = ();
@@ -144,27 +142,21 @@
$self->set_env ("pwd" => $passwd);
}
- my @cmd;
- @cmd = (
+ my @cmd1 = (
'req', '-x509',
# done by CLI
# '-config', $config,
@subject,
@engine,
@keyform,
- '-key', qq("$self->{KEYFILE}"),
- '-out', qq("$self->{DUMMYCAFILE}"),
- '-in', qq("$self->{CSRFILE}"),
+ '-key', $self->{KEYFILE},
+ '-out', $self->{DUMMYCAFILE},
+ '-in', $self->{CSRFILE},
'-set_serial', $self->{PROFILE}->get_serial(),
'-days', '1',
@password,
);
-
- ##! 2: "command: " . join(' ', @cmd)
- push @result, join(' ', @cmd);
-
-
# STEP 1b: restore serial number (serial file content is incremented
# by previous OpenSSL command)
# NOTE:
@@ -178,7 +170,7 @@
# };
# STEP 2: Using the Dummy CA created above issue the actual CA certificate
- @cmd = (
+ my @cmd2 = (
'ca',
'-batch',
#done by CLI
@@ -186,17 +178,15 @@
@subject,
@engine,
@keyform,
- '-keyfile', qq("$self->{KEYFILE}"),
- '-cert', qq("$self->{DUMMYCAFILE}"),
- '-out', qq("$self->{OUTFILE}"),
- '-ss_cert', qq("$self->{DUMMYCAFILE}"),
+ '-keyfile', $self->{KEYFILE},
+ '-cert', $self->{DUMMYCAFILE},
+ '-out', $self->{OUTFILE},
+ '-ss_cert', $self->{DUMMYCAFILE},
@password,
);
##! 2: "command: " . join(' ', @cmd)
- push @result, join(' ', @cmd);
-
- return \@result;
+ return [ \@cmd1, \@cmd2 ];
}
sub hide_output
Modified: trunk/perl-modules/core/trunk/OpenXPKI/Crypto/Backend/OpenSSL/Command/create_pkcs10.pm
===================================================================
--- trunk/perl-modules/core/trunk/OpenXPKI/Crypto/Backend/OpenSSL/Command/create_pkcs10.pm 2011-08-23 09:29:08 UTC (rev 1569)
+++ trunk/perl-modules/core/trunk/OpenXPKI/Crypto/Backend/OpenSSL/Command/create_pkcs10.pm 2011-08-23 09:29:32 UTC (rev 1570)
@@ -88,23 +88,21 @@
## build the command
- my $command = "req -new";
- #done by CLI
- #$command .= " -config $config";
- $command .= " -subj \"$subject\"";
- $command .= " -multivalue-rdn" if ($subject =~ /[^\\](\\\\)*\+/);
- $command .= " -engine $engine" if ($engine);
- $command .= " -keyform $keyform" if ($keyform);
- $command .= " -key ".$self->{KEYFILE};
- $command .= " -out ".$self->{OUTFILE};
+ my @command = qw( req -new );
+ push @command, ('-subj', $subject);
+ push @command, '-multivalue-rdn' if ($subject =~ /[^\\](\\\\)*\+/);
+ push @command, ('-engine', $engine) if ($engine);
+ push @command, ('-keyform', $keyform) if ($keyform);
+ push @command, ('-key', $self->{KEYFILE});
+ push @command, ('-out', $self->{OUTFILE});
if (defined $passwd)
{
- $command .= " -passin env:pwd";
+ push @command, ('-passin', 'env:pwd');
$self->set_env ("pwd" => $passwd);
}
- return [ $command ];
+ return [ \@command ];
}
sub __get_used_engine
Modified: trunk/perl-modules/core/trunk/OpenXPKI/Crypto/Backend/OpenSSL/Command/issue_cert.pm
===================================================================
--- trunk/perl-modules/core/trunk/OpenXPKI/Crypto/Backend/OpenSSL/Command/issue_cert.pm 2011-08-23 09:29:08 UTC (rev 1569)
+++ trunk/perl-modules/core/trunk/OpenXPKI/Crypto/Backend/OpenSSL/Command/issue_cert.pm 2011-08-23 09:29:32 UTC (rev 1570)
@@ -81,26 +81,29 @@
## build the command
- my $command = "ca -batch";
- $command .= ' -subj "'.$self->get_openssl_dn($profile->get_subject()).'"';
- $command .= " -multivalue-rdn" if ($profile->get_subject() =~ /[^\\](\\\\)*\+/);
- $command .= " -engine $engine" if ($engine);
- $command .= " -keyform $keyform" if ($keyform);
- $command .= " -out ".$self->{OUTFILE};
+ my @command = qw( ca -batch );
+ push @command, (
+ '-subj',
+ $self->get_openssl_dn($profile->get_subject()),
+ );
+ push @command, '-multivalue-rdn' if ($profile->get_subject() =~ /[^\\](\\\\)*\+/);
+ push @command, ('-engine', $engine) if ($engine);
+ push @command, ('-keyform', $keyform) if ($keyform);
+ push @command, ('-out', $self->{OUTFILE});
if ($spkac)
{
- $command .= " -spkac ".$self->{CSRFILE};
+ push @command, ('-spkac', $self->{CSRFILE});
} else {
- $command .= " -in ".$self->{CSRFILE};
+ push @command, ('-in', $self->{CSRFILE});
}
if (defined $passwd)
{
- $command .= " -passin env:pwd";
+ push @command, ('-passin', 'env:pwd');
$self->set_env ("pwd" => $passwd);
}
- return [ $command ];
+ return [ \@command ];
}
sub hide_output
Modified: trunk/perl-modules/core/trunk/OpenXPKI/Crypto/CLI.pm
===================================================================
--- trunk/perl-modules/core/trunk/OpenXPKI/Crypto/CLI.pm 2011-08-23 09:29:08 UTC (rev 1569)
+++ trunk/perl-modules/core/trunk/OpenXPKI/Crypto/CLI.pm 2011-08-23 09:29:32 UTC (rev 1570)
@@ -14,7 +14,9 @@
#use OpenXPKI qw (read_file get_safe_tmpfile);
use OpenXPKI::FileUtils;
use OpenXPKI::Exception;
+use OpenXPKI::Server::Context;
use Data::Dumper;
+use Proc::SafeExec;
my %tmp_of :ATTR( :init_arg<TMP> ); # the tmp directory
my %shell_of :ATTR( :init_arg<SHELL> ); # the shell to be used
@@ -23,6 +25,7 @@
my %stdout_file_of :ATTR; # STDOUT file (redirected output from command)
my %stderr_file_of :ATTR; # STDERR file (redirected output from command)
my %command_of :ATTR; # the command used
+my %logger_of :ATTR; # OpenXPKI logger
sub START {
my ($self, $ident, $arg_ref) = @_;
@@ -56,6 +59,10 @@
message => "I18N_OPENXPKI_CRYPTO_CLI_MISSING_ENGINE");
}
+ eval {
+ $logger_of{$ident} = OpenXPKI::Server::Context::CTX('log');
+ };
+
##! 2: "create output and stderr files in $arg_ref->{TMP}"
my $fu = OpenXPKI::FileUtils->new();
$stdin_file_of{$ident} = $fu->get_safe_tmpfile({
@@ -85,13 +92,6 @@
else {
@{$command_of{$ident}} = ( $arg_ref->{COMMAND} );
}
- for (my $i=0; $i < scalar @{$command_of{$ident}}; $i++) {
- $command_of{$ident}->[$i] = $shell_of{$ident} . " "
- . $command_of{$ident}->[$i]
- . " 1>>" . $stdout_file_of{$ident}
- . " 2>>" . $stderr_file_of{$ident};
- ##! 4: "prepared command: " . $command_of{$ident}->[$i]
- }
##! 1: "end"
}
@@ -124,7 +124,7 @@
##! 2: "execute commands"
for (my $i=0; $i < scalar @{$command_of{$ident}}; $i++) {
my $cmd = $command_of{$ident}->[$i];
- ##! 4: "command: $cmd"
+ ##! 4: "command: " . Dumper $cmd
if (defined $params and
exists $params->[$i] and
ref $params->[$i] eq 'HASH' and
@@ -132,65 +132,149 @@
$params->[$i]->{TYPE} eq 'STDOUT')
) {
if ($params->[$i]->{TYPE} eq 'STDIN') {
- ## read data from STDIN
+ ##! 16: 'read data from STDIN'
- if (open my $FD, "|$cmd") {
- print $FD $params->[$i]->{DATA};
- close $FD;
- }
- else {
+ my @cmd = split /\s/, $cmd;
+ open my $STDOUT, '>', $stdout_file_of{$ident};
+ open my $STDERR, '>', $stderr_file_of{$ident};
+ ##! 16: 'split command: ' . Dumper \@cmd
+ my ($shell, @wrapper_cmd) =
+ __deal_with_wrapper($shell_of{$ident}, @cmd);
+ my $command = Proc::SafeExec->new({
+ exec => [ $shell, @wrapper_cmd ],
+ stdin => 'new',
+ stdout => $STDOUT,
+ stderr => $STDERR,
+ });
+ print {$command->stdin()} $params->[$i]->{DATA};
+ $command->wait();
+ close $STDOUT;
+ close $STDERR;
+
+ if ($command->exit_status()) {
+ $self->get_result(); # discard output but purge temp file
+ my $stderr = $self->get_stderr();
+
+ $self->log('OpenSSL error: ' . $stderr,
+ {
+ PRIORITY => 'error',
+ });
+
OpenXPKI::Exception->throw(
message => 'I18N_OPENXPKI_CRYPTO_CLI_EXECUTE_PIPED_STDIN_FAILED',
- params => { 'ERRVAL' => $EVAL_ERROR,
- },
+ params => {
+ 'EXIT_STATUS' => $command->exit_status(),
+# 'ERROR' => $stderr,
+ },
);
}
}
else {
- ## capture STDOUT
- if (open my $FD, "$cmd|") {
- $params->[$i]->{STDOUT} = '';
- while (<$FD>) { # TODO: slurp, see #
- $params->[$i]->{STDOUT} .= $_;
- }
- $return .= $params->[$i]->{STDOUT};
- close $FD;
- }
- else {
+ ##! 16: 'capture STDOUT'
+ my @cmd = split /\s/, $cmd;
+ open my $STDOUT, '>', $stdout_file_of{$ident};
+ open my $STDERR, '>', $stderr_file_of{$ident};
+ my ($shell, @wrapper_cmd) =
+ __deal_with_wrapper($shell_of{$ident}, @cmd);
+ my $command = Proc::SafeExec->new({
+ exec => [ $shell, @wrapper_cmd ],
+ stdin => 'new',
+ stdout => $STDOUT,
+ stderr => $STDERR,
+ });
+ $command->wait();
+ my $command_stdout = $command->stdout();
+ my $stdout = do {
+ local $/;
+ <$command_stdout>;
+ };
+ close $STDOUT;
+ close $STDERR;
+ $params->[$i]->{STDOUT} = $stdout;
+ $return .= $stdout;
+ if ($command->exit_status()) {
+ $self->get_result();
+ my $stderr = $self->get_stderr();
+
+ $self->log('OpenSSL error: ' . $stderr,
+ {
+ PRIORITY => 'error',
+ });
+
OpenXPKI::Exception->throw(
message => 'I18N_OPENXPKI_CRYPTO_CLI_EXECUTE_PIPED_STDOUT_FAILED',
params => {
- 'ERRVAL' => $EVAL_ERROR,
+ 'EXIT_STATUS' => $command->exit_status(),
+# 'ERROR' => $stderr,
},
);
}
- }
+ }
} else {
- ## simply execute the command
- `$cmd`;
+ my @cmd;
+ if (ref $cmd eq 'ARRAY') {
+ @cmd = @{ $cmd };
+ }
+ else {
+ @cmd = split q{ }, $cmd;
+ }
+ ##! 16: 'split cmd (was backticks): ' . Dumper \@cmd
+
+ open my $STDOUT, '>', $stdout_file_of{$ident};
+ open my $STDERR, '>', $stderr_file_of{$ident};
+ my ($shell, @wrapper_cmd) =
+ __deal_with_wrapper($shell_of{$ident}, @cmd);
+ my $command = Proc::SafeExec->new({
+ exec => [ $shell, @wrapper_cmd ],
+ stdin => 'new',
+ stdout => $STDOUT,
+ stderr => $STDERR,
+ });
+ eval {
+ $command->wait();
+ };
+ if ($EVAL_ERROR && $EVAL_ERROR ne "Child was already waited on without calling the wait method\n") {
+ # the above may fail if the child has already exited,
+ # we ignore that
+ $self->get_result();
+ my $stderr = $self->get_stderr();
+
+ $self->log('OpenSSL error: ' . $stderr,
+ {
+ PRIORITY => 'error',
+ });
+
+ OpenXPKI::Exception->throw(
+ message => 'I18N_OPENXPKI_CRYPTO_CLI_EXECUTE_WAIT_FAILED',
+ params => {
+ EVAL_ERROR => $EVAL_ERROR,
+# 'ERROR' => $stderr,
+ },
+ );
+ }
+ ##! 16: 'stdout_file: ' . $stdout_file_of{$ident}
+ ##! 16: 'stderr_file: ' . $stderr_file_of{$ident}
+ close($STDOUT);
+ close($STDERR);
+ if ($command->exit_status()) {
+ $self->get_result();
+ my $stderr = $self->get_stderr();
+
+ $self->log('OpenSSL error: ' . $stderr,
+ {
+ PRIORITY => 'error',
+ });
+
+ OpenXPKI::Exception->throw(
+ message => 'I18N_OPENXPKI_CRYPTO_CLI_EXECUTE_FAILED',
+ params => {
+ 'EXIT_STATUS' => $command->exit_status(),
+# 'ERROR' => $stderr,
+ },
+ );
+ }
}
- if ($EVAL_ERROR)
- {
- OpenXPKI::Exception->throw(
- message => 'I18N_OPENXPKI_CRYPTO_CLI_EXECUTE_FAILED',
- params => { 'ERRVAL' => $EVAL_ERROR,
- },
- );
- }
}
- ##! 64: 'CHILD_ERROR: ' . $CHILD_ERROR
- if ($CHILD_ERROR != 0 && $CHILD_ERROR != -1) {
- # child error -1 has to be ignored because it will most likely be
- # caused by the waitpid in the SIG{'CHLD'} handler :-/
- OpenXPKI::Exception->throw(
- message => 'I18N_OPENXPKI_CRYPTO_CLI_EXECUTE_CHILD_ERROR',
- params => {
- 'EXIT_CODE' => ($? >> 8),
- 'SIGNAL' => ($? & 127),
- },
- );
- }
-
##! 2: "try to detect other errors"
$self->__find_error();
@@ -231,6 +315,12 @@
if ($self->error_ispresent($ret)) {
##! 8: "error detected - firing exception"
unlink ($stdout_file_of{$ident});
+
+ $self->log('OpenSSL error: ' . $ret,
+ {
+ PRIORITY => 'error',
+ });
+
OpenXPKI::Exception->throw(
message => 'I18N_OPENXPKI_CRYPTO_CLI_ERROR',
params => { 'ERRVAL' => $ret,
@@ -242,6 +332,27 @@
return 0;
}
+sub __deal_with_wrapper {
+ # deals with a possible wrapper being included in the shell parameter
+ # reduces the shell to the first argument, pushes the options of
+ # the wrapper to the @options array and returns the pair
+ ##! 1: 'start'
+ my $shell = shift;
+ my @cmd = @_;
+
+ ##! 64: 'shell: ' . $shell
+ ##! 64: 'cmd: ' . Dumper \@cmd
+
+ my @wrapper = split q{ }, $shell;
+ my $new_shell = shift @wrapper;
+ push @wrapper, @cmd;
+
+ ##! 64: 'new_shell: ' . $new_shell
+ ##! 64: 'wrapper: ' . Dumper \@wrapper;
+
+ return ($new_shell, @wrapper);
+}
+
sub get_result {
my $self = shift;
my $ident = ident $self;
@@ -266,6 +377,27 @@
return $ret;
}
+sub get_stderr {
+ my $self = shift;
+ my $ident = ident $self;
+ ##! 1: "start"
+
+ my $ret = 1;
+ if (-e $stderr_file_of{$ident}) {
+ ## there was an output
+ my $fu = OpenXPKI::FileUtils->new();
+ $ret = $fu->read_file($stderr_file_of{$ident});
+ $ret = $engine_of{$ident}->filter_stderr($ret);
+ if ($ret eq '') {
+ $ret = 1;
+ }
+ }
+ unlink ($stderr_file_of{$ident});
+
+ ##! 1: "end"
+ return $ret;
+}
+
sub cleanup {
##! 1: "start"
my $self = shift;
@@ -283,6 +415,29 @@
##! 1: "end"
}
+sub log {
+ my $self = shift;
+ my $ident = ident $self;
+
+ my $message = shift;
+ my $args = shift;
+
+ my %logger_args = (
+ FACILITY => 'system',
+ PRIORITY => 'info',
+ %{$args},
+ );
+
+ if (! defined $logger_of{$ident}) {
+ return;
+ }
+
+ return $logger_of{$ident}->log(
+ %logger_args,
+ MESSAGE => $message,
+ );
+}
+
sub DEMOLISH {
##! 1: "start"
my $self = shift;
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
1 message has been excluded from this view by a project administrator.
