viewsignature

Perl写的CA认证程序

## OpenCA - CA Command
## (c) 1998-2001 by Massimiliano Pala and OpenCA Group
##
##   File Name: viewSignature
##       Brief: View Signature
## Description: Display given object's signature and its validity
##  Parameters: dataType, key

my $cmdName = "viewSignature";

if ( $cmd !~ /$cmdName/i ) {
        configError( "Wrong Command Usage ($cmd over $cmdName)!" );
        exit 1;
}

## Get the Configuration parameters ...
my ( $parsed, $lnk, $serLink, $sigInfo, $sigStatus, $signer, $signature);
my ( $baseDoc, $info, $sigCertStatus, $def, $dbStatus, $dbMessage);
my ( $myCN, $myEmail, $mySerial, @sigCert, $tmpCert, $pCert );

my $dataType 	= $query->param('dataType' );
my $key      	= $query->param('key');
my $baseDoc 	= getRequired('ViewSignatureSheet');
my $tempDir  	= getRequired('tempDir');
my $opencaDir  	= getRequired('BaseDir');


## Check passed parameters
configError( "Error, needed dB key!" ) if ( not $key );
configError ( "Invalid or missing dataType ($dataType) !") if ( not $dataType);

## Load base page
if( not ( $page = $query->getFile( $baseDoc )) ) {
	configError ("Error while loading $baseDoc!" );
};

## Retrieve item from the DB
my $item = $db->getItem( DATATYPE=>$dataType, KEY=>$key );

configError ("Object not present in DB!" ) if ( not $item );
configError ("Object not Signed!") if ( not $item->getParsed()->{SIGNATURE} );

## Get the parsed Object
my $parsed = $item->getParsed();

@cols = ( "Variable", "Value" );

## Get Signature
if( not $signature = libGetSignatureObject( OBJECT=>$item )) {
	generalError( "Signature Object not returned, " . 
			"check the openca-verify command.", 560);
}

## Get Signer
$signer = $signature->getSigner();

$lnk = new CGI({cmd=>"search", dataType=>"CERTIFICATE",
		name=>"CN", value=>$signer->{CN}} );
$myCN = $lnk->a({-href=>$lnk->self_url()}, $signer->{CN});

$lnk = new CGI({cmd=>"search", dataType=>"CERTIFICATE",
		name=>"EMAIL", value=>$signer->{EMAIL}} );
$myEmail = $lnk->a({-href=>$lnk->self_url()}, $signer->{EMAIL});

$sigCert = new OpenCA::X509 ( SHELL => $cryptoShell,
			      DATA => $signature->getSigner()->{CERTIFICATE});

## Check Signature Status
if( not libCheckSignature( SIGNATURE=>$signature ) ) {
	$sigStatus = "<FONT COLOR=\"Red\">Error</FONT>";
	$sigMessage = "Signature Verification Error!";

	$sigInfo = $query->img({-src=>"/images/sigError.png",
				-align=>"MIDDLE"});
	if( $errno > 400 ) {
		$dbMessage = $errval;
		$dbStatus = $errno;
		$sigStatus = "<FONT COLOR=\"Red\">Unknown</FONT>";

		if( $signer->{SERIAL} ) {
			$serLink = "0x" . $signer->{SERIAL};
			$decSerLink = "( " . hex(lc($signer->{SERIAL})) . " )";
		} else {
			$serLink   = "Unknow";
		}
	} else {
		$sigMessage = "Signature correctly verified";
	}
} else {
	$sigStatus = "Valid";
	$sigInfo = $query->img({src=>"/images/validSig.png",
			border=>"0", align=>"MIDDLE"});
}

$tmpCert = libGetSignerCertificateDB( SIGNATURE=>$signature );
if( $errno < 400 ) {
	if( $tmpCert->{DATATYPE} =~ /VALID/ ) {
		$sigCertStatus = "Valid";
	} elsif ( $tmpCert->{DATATYPE} =~ /EXPIRED/ ) {
		$sigCertStatus = "Expired";
	} elsif ( $tmpCert->{DATATYPE} =~ /REVOKED/ ) {
		$sigCertStatus = "<FONT COLOR=\"RED\">Revoked</FONT>";
	}
	$dbStatus = "0";
	$dbMessage = "Certificate present in dB";

	$lnk = new CGI({ cmd=>"viewCert",
		 dataType=>$tmpCert->{DATATYPE},
		 key=>$tmpCert->{SERIAL}});

	$serLink = $lnk->a({-href=>$lnk->self_url()},
			$tmpCert->{SERIAL} );

}

if( $errno < 400 ) {
	$lnk = new CGI({ cmd=>"viewCert", 
		dataType=>$tmpCert->{DATATYPE}, 
		key=>$tmpCert->getParsed()->{SERIAL}});
	$serLink = $lnk->a({-href=>$lnk->self_url()}, 
			"0x" . $tmpCert->getParsed()->{SERIAL} );
	$decSerLink = "( " . hex( $sigCert->getParsed()->{SERIAL} ) . " )";
}

if( $sigCert ) {
	$pCert = $sigCert->getParsed();
} elsif ( $tmpCert ) {
	$pCert = $tmpCert->getParsed();
}

## View the Operator Used Certificate Data
$page = $query->subVar( $page, '@CN@',       ($myCN or "n/a" ) );
$page = $query->subVar( $page, '@EMAIL@',    ($myEmail or "n/a" ) );
$page = $query->subVar( $page, '@SERIAL@',    $serLink );
$page = $query->subVar( $page, '@DECSERIAL@', $decSerLink );

$page = $query->subVar( $page, '@NOTBEFORE@', ($pCert->{NOTBEFORE} or "n/a"));
$page = $query->subVar( $page, '@NOTAFTER@',  ($pCert->{NOTAFTER} or "n/a" ));
$page = $query->subVar( $page, '@SIGSTATUS@',  $sigStatus );
$page = $query->subVar( $page, '@SIGMESSAGE@', $sigMessage );

$page = $query->subVar( $page, '@KEY@', 	$key);
$page = $query->subVar( $page, '@SIGINFO@',     $sigInfo );

$page = $query->subVar( $page, '@SIGNATURE@',   $parsed->{SIGNATURE} );
$page = $query->subVar( $page, '@DECSERIAL@',   $decSerLink );
$page = $query->subVar( $page, '@DBSTATUS@',    $dbStatus );
$page = $query->subVar( $page, '@DBMESSAGE@',   $dbMessage );

print "$page";

1;