adm

Perl写的CA认证程序

#!/usr/bin/perl

## RA Server Management Utility 
## (c) 1999 by Massimiliano Pala
## All Rights Reserved
##
## Project Information:
##
## 	Current Version ..................... $VER
##      Project Started on .................. 17/12/1998
##      Last Modified on .................... 09/09/2000
##      Project Closed on ................... n/a
##
## Program currently tested with OpenLDAP v.1.2 on Linux, Solaris
## and Sleepycat DB.
##
## DISC CLAIMER: THIS SOFTWARE IS GIVEN AS IS WITHOUT ANY WARRANTIES
## ABOUT ANY DAMAGE DERIVED BY THE USE ( CORRECT OR NOT ) OF THIS
## SOFTWARE. THE AUTHOR IS THEREFORE NOT RESPONSABLE IN ANY WAY OF
## DAMAGES RELATED IN ANY WAY TO THIS OR SUPPORTED SOFTWARE AS WELL.
##
## If you want to contact me (the author) please use the e-mail
## addresses listed below. Do not esitate in reporting bugs, enhancement
## or anything seems useful in developing this software:
##
##	madwolf@comune.modena.it
##	m.pala@mo.nettuno.it
##	digid@netscape.net
##
## Modified by Miguel Armas <kuko@ulpgc.es>
##  - Added support for Latin1 names (Latin1 and .'-)
##  - Some minor bugfixes
##  - warnUsers and deleteFiles commands now works
##  - CopyCerts didn't copy non-numeric certs (0A.pem)
##  - Added certsList command (view issued certificates)
##  - Added viewCert command (view certificate details)
##
## Modified by V韈tor R. Ruiz <rvr@ulpgc.es>
##  - Minor changes in certsList command (table display and revokation command)
##  - Added appRevReq command (approve revokation request)
##  - Minor changes in parseCertificateFile (added issuer)
##  - Added viewCRL command
##  - minor changes in viewCert command (status)

## Thank you for using this software, and remember that Open Projects
## are the future of mankind. Do not sleep, partecipate to world wide
## efforts to make life easier for all!

## Base requirements
require 5.001;
@INC = ( @INC, "lib/" );

## Flush the output
$|=1;

## Version Release
local $VER = '0.6.22';
local $PRG = 'RA Server';

## Modules to be installed to have this program to work properly
use OpenCA::Configuration;
use OpenCA::TRIStateCGI;

## New OpenCA modules
use OpenCA::OpenSSL;
use OpenCA::X509;
use OpenCA::CRL;
use OpenCA::Tools;
use OpenCA::REQ;
use OpenCA::PKCS7;

## Standard Perl Module
use Cwd;

## LDAP module
use Net::LDAP;

## Functions Requirements
## ======================

require "misc-utils.lib";
require "mail-utils.lib";
require "ldap-utils.lib";
require "log-utils.lib";

## Generate a new reference to Configuration ( instance )
local $config = new OpenCA::Configuration;
local $dbiconfig = new OpenCA::Configuration;

## Let's load our default configuration
$CONFIG = 'raserver.conf';
$DBICONFIG = 'DBI.conf';

if( ($ret = $config->loadCfg( "$CONFIG" )) == undef ) {
	print "Content-type: text/html\n\n";
	configError( "Error while Loading Configuration ($CONFIG)!" );
	exit 100;
}

## Now it's time to get the parameters passed over the web
local $query  = new OpenCA::TRIStateCGI;

## Print the Content Type for Browser
print "Content-type: text/html\n\n";

## Let's get the base Directory
local ( $basedir ) = ( $ENV{'SCRIPT_FILENAME'} =~ /(.*)\/.*/ );

local $self = $query->url(-query=>0,-full=>0);
 
## Init Section
## ============

local $shellPath = getRequired( 'openssl' );
local $tmpdir    = getRequired( 'TempDir' );
local $dbDir     = getRequired( 'dbDir' );
local $verify    = getRequired( 'VerifyPath' );
local $sign      = getRequired( 'SignPath' );

local $versions;

local $cryptoShell = new OpenCA::OpenSSL( SHELL => "$shellPath" );

if ( not $cryptoShell ) {
	configError( "Cannot initialize Crypto Shell ($shellPath)!" );
	exit 1;
}

$cryptoShell->setParams( CONFIG=>"$sslcnf",
                         TMPDIR=>"$tmpdir",
                         VERIFY=>"$verify",
                         SIGN  =>"$sign", );

local $tools = new OpenCA::Tools();
if ( not $tools ) {
	configError( "Cannot initialize OpenCA::Tools class!" );
	exit 1;
}

local  $db;
if ( getRequired('DBmodule') =~ /DBI/i ) {
	use OpenCA::DBI;
	if( ($ret = $config->loadCfg( "$DBICONFIG" )) == undef ) {
		print "Content-type: text/html\n\n";
    		configError( "Error Loading Configuration ($DBICONFIG)!" );
    		exit 100;
  	}
	$db = new OpenCA::DBI (
                    SHELL          => $cryptoShell,
                    mode           => $dbiconfig->getParam ('mode'),
                    failsafe       => $dbiconfig->getParam ('failsafe'),
                    second_chance  => $dbiconfig->getParam ('second_chance'),
                    logsecurity    => $dbiconfig->getParam ('logsecurity'),
                    logperformance => $dbiconfig->getParam ('logperformance'),
                    SignLog        => $dbiconfig->getParam ('SignLog'),
                    MESSAGEKEY     => $dbiconfig->getParam ('MESSAGEKEY'),
                    MESSAGELENGTH  => $dbiconfig->getParam ('MESSAGELENGTH'),
                    CERT_FILE      => $dbiconfig->getParam ('CERT_FILE'),
                    KEY_FILE       => $dbiconfig->getParam ('KEY_FILE'),
                    PASSWD         => $dbiconfig->getParam ('PASSWD'),
                    DEBUG          => $dbiconfig->getParam ('DEBUG'),
                    remoteType     => $dbiconfig->getParam ('remoteType'),
                    remoteName     => $dbiconfig->getParam ('remoteName'),
                    remoteHost     => $dbiconfig->getParam ('remoteHost'),
                    remotePort     => $dbiconfig->getParam ('remotePort'),
                    remoteUser     => $dbiconfig->getParam ('remoteUser'),
                    remotePasswd   => $dbiconfig->getParam ('remotePasswd'),
                    localType      => $dbiconfig->getParam ('localType'),
                    localName      => $dbiconfig->getParam ('localName'),
                    localHost      => $dbiconfig->getParam ('localHost'),
                    localPort      => $dbiconfig->getParam ('localPort'),
                    localUser      => $dbiconfig->getParam ('localUser'),
                    localPasswd    => $dbiconfig->getParam ('localPasswd')
                    );
	if ( not $db ) {
		configError( "Cannot initialize OpenCA::DBI class! ($dbDir)" );
		exit 1;
	}
	$versions->{DB}	= OpenCA::DBI->VERSION;
} else {

	## use DBM-files - this is the default
	use OpenCA::DB;
	$db = new OpenCA::DB( SHELL=>$cryptoShell, DB_DIR=>"$dbDir" );
	if ( not $db ) {
		configError( "Cannot initialize OpenCA::DB class! ($dbDir)" );
		exit 1;
	}
	$versions->{DB}	= OpenCA::DB->VERSION;
}

$versions->{OpenSSL}            = OpenCA::OpenSSL->VERSION;
$versions->{Tools}              = OpenCA::Tools->VERSION;
$versions->{Configuration}      = OpenCA::Configuration->VERSION;
$versions->{TRIStateCGI}        = OpenCA::TRIStateCGI->VERSION;
$versions->{REQ}                = OpenCA::REQ->VERSION;
$versions->{X509}               = OpenCA::X509->VERSION;
$versions->{CRL}                = OpenCA::CRL->VERSION;
$versions->{PKCS7}              = OpenCA::PKCS7->VERSION;

## Main Section
## ============

$cmd = $query->param('cmd');
if ( "$cmd" eq "" ) {
        my @cols;
	my $i;

        my @modules = ( OpenSSL, Tools, DB, Configuration, TRIStateCGI,
                        REQ, X509, CRL, PKCS7 );

        print $query->start_html(-title=>"OpenCA",
                                        -BGCOLOR=>"#FFFFFF",
                                        -TEXT=>"#445599" );

        print "<CENTER>";
        print "<FONT SIZE=\"+3\">";
        print "<B>Open<FONT COLOR=\"#FF9900\">CA</FONT></B></FONT><BR>\n";
        print "<FONT SIZE=\"+1\">";
        print "($PRG Version $VER)</FONT><BR>\n";
        print "<HR WIDTH=80%>";

        push( @cols, "Module" );
        push( @cols, "Version" );

        print $query->startTable( COLS=>[ @cols ],
                                     WIDTH=>"80%",
                                     TABLE_BGCOLOR=>"#000000",
                                     TITLE_BGCOLOR=>"#DDCCFF" );

        foreach $i (@modules) {
                print $query->addTableLine( DATA=>[
                        $i, $versions->{$i} ],
                        COLOR=>"#000000" );
        }

        print $query->endTable();
        print closeLogPage();

        exit;

};

## Let's get the commands directly from the cmds/ directory.
## The require will load and execute it
if( -e "cmds/$cmd" ) {
        require "cmds/$cmd";
        exit $?;
} else {
	## No Valid Command has been given if you reach this point
	generalError( "Command $cmd Not Supported ( yet ?!? )." );
        die "Cannot Find $cmd Command!";
}



## Subroutines Section 
## ====================

sub viewRequest {
	my $keys = { @_ };

	my $dbKey 	= $keys->{KEY};
	my $dataType 	= $keys->{DATATYPE};
	my $doc		= $keys->{DOCFILE};
	my $mode	= $keys->{MODE};
	
	my ( $req, $tmp, @ouInput, $tmpOU, $parsed, $page, $i );

	$req = $db->getItem( DATATYPE=>$dataType, KEY=>$dbKey );
	if( not $req ) {
		configError( "No Request found in dB ($dbKey)!");
		exit 1;
	}

	my $parsed = $req->getParsed();
	my $page   = $tools->getFile( $doc );

	$tmpOU = ""; $i = 1;
	foreach $tmp ( @{$req->getParsed()->{OU}} ) {
		if( $mode =~ /INPUT/ ) {
			$tmpOU = $query->newInput( -regx=>'*',
				-name=>"${i}.OU", -intype=>'textfield',
				-value=>$tmp );
			push ( @ouInput, $tmpOU );
			$i++;
		} else {
			$tmpOU .= "<BR>" if( $tmpOU ne "" );
			$tmpOU .= "$tmp";
		}
	}

	if( $mode =~ /INPUT/ ) {
		$tmpOU = "";
		for $tmp (@ouInput) {
			$tmpOU .= $tmp . "<BR>\n";
		}
	}

	$page = $query->subVar( $page, '@KEYSIZE@', $parsed->{KEYSIZE} );
	$page = $query->subVar( $page, '@CN@',   $parsed->{CN} );

	$page = $query->subVar( $page, '@SERIAL@',  
			( $parsed->{SERIAL} or $parsed->{HEADER}->{SERIAL} ) );

	$page = $query->subVar( $page, '@KEY@',     $dbKey );
	$page = $query->subVar( $page, '@DATATYPE@',$dataType );

	$page = $query->subVar( $page, '@OU@',      $tmpOU );

	$page = $query->subVar( $page, '@L@',	    $parsed->{L} );
	$page = $query->subVar( $page, '@S@',       $parsed->{S} );
	$page = $query->subVar( $page, '@O@',       $parsed->{O} );
	$page = $query->subVar( $page, '@C@', 	    $parsed->{C} );

	$page = $query->subVar( $page, '@PIN@',     
			( $parsed->{PIN} or $parsed->{PASSWD} or 
						$parsed->{HEADER}->{PIN} ) );

	$page = $query->subVar( $page, '@EMAIL@',   $parsed->{EMAIL} );
	$page = $query->subVar( $page, '@NOTBEFORE@', 
		( $parsed->{NOTBEFORE} or $parsed->{HEADER}->{NOTBEFORE}) );
	$page = $query->subVar( $page, '@DELETED@', 
		( $parsed->{DELETED} or $parsed->{HEADER}->{DELETED}) );
	$page = $query->subVar( $page, '@OPERATOR@', 
		( $parsed->{OPERATOR} or $parsed->{HEADER}->{OPERATOR}) );

	print "<PRE>" . $req->getTXT() . "</PRE><BR><BR>\n";

	print "$page";

	return;
}