appreq

Perl写的CA认证程序

## OpenCA - RA Server Command
## (c) 1998-2001 by Massimiliano Pala and OpenCA Group
##
##   File Name: appReq
##       Brief: Approve Request
## Description: Send out the form to approve and sign a request
##              after having verified request data
##  Parameters: key, dataType, EMAIL, CN, O, C, S, L

my $cmdName = "appReq";
if ( $cmd !~ /$cmdName/i ) {
        configError( "Wrong Command Usage ($cmd over $cmdName)!" );
        exit 1;
}

## To aprove a Request, we need it signed by the RA operator
my $beginHeader = "-----BEGIN HEADER-----";
my $endHeader = "-----END HEADER-----";

## Get Configuration needed parameters ...
my $doc     = getRequired('ApproveRequestSheet');

## Get the parameters
my $key		= $query->param('key');
my $dataType	= $query->param('dataType');

my $subj	= $query->param('subj');
my $certType	= $query->param('certtype');

$subj =~ s/(\n|\r\n)/\, /g;

## my $email 	= $query->param('EMAIL');
## my $cname 	= $query->param('CN');
## my $org 	= $query->param('O');
## my $country 	= $query->param('C');
## my $state 	= $query->param('S');
## my $locality 	= $query->param('L');

my $req		= $db->getItem( DATATYPE=>$dataType, KEY=>$key);
my $parsed	= $req->getParsed();

my ( $head, $text, $newREQ, $tmp, $format, $tmpSubj );

## If it doesn't exists the file, report error
if( not $req ) {
	configError("Error: Request $serial ($key) Not found!");
	exit;
}

## $parsed->{EMAIL}    = $query->param('EMAIL');
## $parsed->{CN} 	    = $query->param('CN');
## $parsed->{O}        = $query->param('O');
## $parsed->{C}        = $query->param('C');
## $parsed->{S}        = $query->param('S');
## $parsed->{L}        = $query->param('L');

$parsed->{HEADER}->{APPROVED} = $tools->getDate();
$parsed->{HEADER}->{ROLE}     = $query->param('ROLE');
$parsed->{HEADER}->{SUBJ}     = $subj;

## $i = 1;
## while ( $tmp = $query->param( "$i.OU" ) ) {
## 	push( @ouList, $tmp );
## 	$i++;
## }
## $parsed->{OU} = [ @ouList ];

## $tmpOU = "";
## foreach $tmp ( @ouList ) {
## 	$tmpOU .= "<BR>" if( $tmpOU ne "" );
## 	$tmpOU .= "$tmp";
## }

## Get the Operator Serial Number ( Whatch out, only authorized
## people should get here in, please verify your web configuration,
## this is not matter of this program but access control )
$parsed->{HEADER}->{OPERATOR} = 
( $ENV{'SSL_CLIENT_CERT_SERIAL'} or $ENV{'SSL_CLIENT_M_SERIAL'});

if( $parsed->{HEADER}->{OPERATOR} eq "" ) {
	$parsed->{HEADER}->{OPERATOR} = "n/a";
} else {
	if ( length( $parsed->{HEADER}->{OPERATOR} ) % 2 ) {
		$parsed->{HEADER}->{OPERATOR} = "0" . 
					$parsed->{HEADER}->{OPERATOR};
	}
}

## Set Text to sign
$head  = "$beginHeader\n";
$head .= "TYPE = $parsed->{TYPE}\n";
$head .= "RA = $parsed->{HEADER}->{RA}\n";
$head .= "SERIAL = $parsed->{HEADER}->{SERIAL}\n";
$head .= "OPERATOR = $parsed->{HEADER}->{OPERATOR}\n";
$head .= "NOTBEFORE = $parsed->{HEADER}->{NOTBEFORE}\n";
$head .= "APPROVED = $parsed->{HEADER}->{APPROVED}\n";
$head .= "PIN = $parsed->{HEADER}->{PIN}\n";
$head .= "SUBJ = $parsed->{HEADER}->{SUBJ}\n";
$head .= "CERTTYPE = $certType\n";
$head .= "ROLE = $parsed->{HEADER}->{ROLE}\n";
$head .= "$endHeader\n";

## if ( $parsed->{TYPE} =~ /(PKCS#10|IE)/ ) {
## 	$text .= $req->getParsed()->{BODY};
## 	$format = "PEM";
## } else {
## 	$text .= "Email = $parsed->{EMAIL}\n" if ( $parsed->{EMAIL} );
## 	$text .= "CN = $parsed->{CN}\n" if ( $parsed->{CN} );

	# Let's add all the OUs
## 	$i = 1;
## 	foreach $tmp ( @ouList ) {
## 		$text .= "$i.OU = $tmp\n" if ($tmp);
##                 $i++;
## 	}

## 	$text .= "S = $parsed->{S}\n" if ($parsed->{S});
## 	$text .= "L = $parsed->{L}\n" if ($parsed->{L});
## 	$text .= "O = $parsed->{O}\n" if ($parsed->{O});
## 	$text .= "C = $parsed->{C}\n" if ($parsed->{C});

##	$text .= "SPKAC = $parsed->{SPKAC}\n";
## 	$format = "SPKAC";
## }

if ( $parsed->{TYPE} =~ /(PKCS#10|IE)/ ) {
	$format = "PEM";
} else {
	$format = "SPKAC";
}

$text = $req->getParsed()->{BODY};

## Create a new REQ object (if we modified something we should
## store modifications) and save the value.
$newREQ = $head . $text;

my $item = new OpenCA::REQ( SHELL=>$cryptoShell, DATA=>$newREQ,
						INFORM=>$format);
if( not $item ) {
       	configError( "Cannot create a new REQ object." );
}

if( not $db->storeItem( DATATYPE=>$dataType, MODE=>"UPDATE",
				KEY=>$key, OBJECT=>$item ) ) {
       	configError( "Error while storing REQ ($dbDir)!" );
}

## Get the sheet page
$page   = $tools->getFile( $doc );
$parsed = $item->getParsed();
$header = $parsed->{HEADER};

## Substitute variables
$tmpSubj = $header->{SUBJ};
$tmpSubj =~ s/(\,\s|\/)/<BR>/g;

@cols = ( "Variable", "Value" );
$reqDataTable = $query->startTable( COLS=>[ @cols ],
                                        WIDTH=>"100%",
                                        BGCOLOR=>"#F1F0F8",
					PADDING=>"2",
					CELLPADDING=>"4",
					TABLE_BGCOLOR=>"#F1F0F8",
                                        TITLE_BGCOLOR=>"#DDCCFF" );

$reqDataTable .=$query->addTableLine(DATA=>["<B>Request Version:</B>",
                       ($parsed->{VERSION} or "n/a") ]);
$reqDataTable .=$query->addTableLine(DATA=>[ "<B>Serial Number:</B>",
                       ($parsed->{HEADER}->{SERIAL} or "n/a") ]);
$reqDataTable .=$query->addTableLine(DATA=>["<B>Request Type:</B>",
                       ($parsed->{TYPE} or "n/a") ]);
$reqDataTable .=$query->addTableLine(DATA=>["<B>Submission Date:</B>",
                       ($header->{NOTBEFORE} or "n/a") ]);
$reqDataTable .=$query->addTableLine(DATA=>["<B>Request Subject DN:</B>",
                       ($tmpSubj or "n/a") ]);
$reqDataTable .=$query->addTableLine(DATA=>["<B>Certificate Profile:</B>",
                       ($header->{CERTTYPE} or "n/a") ]);
$reqDataTable .=$query->addTableLine(DATA=>["<B>Key Size:</B>",
                       ($parsed->{KEYSIZE} or "n/a") ]);
$reqDataTable .=$query->addTableLine(DATA=>[ "<B>Public Key Algorithm:</B>",
                       ($parsed->{PK_ALGORITHM} or "n/a") ]);
$reqDataTable .=$query->addTableLine(DATA=>[ "<B>Signature Algorithm:</B>",
                        ($parsed->{SIG_ALGORITHM} or "n/a") ]);
$reqDataTable .= $query->endTable();


$page = $query->subVar( $page, '@REQTABLE@', 	$reqDataTable );
$page = $query->subVar( $page, '@TEXT@', 	$text );
$page = $query->subVar( $page, '@KEY@', 	$key );
$page = $query->subVar( $page, '@DATATYPE@', 	$dataType );
$page = $query->subVar( $page, '@HEADER@', 	$head );

## $page = $query->subVar( $page, '@CN@', 		$parsed->{CN} );
## $page = $query->subVar( $page, '@OU@', 		$tmpOU );
## $page = $query->subVar( $page, '@S@', 		$parsed->{S} );
## $page = $query->subVar( $page, '@L@', 		$parsed->{L} );
## $page = $query->subVar( $page, '@O@', 		$parsed->{O} );
## $page = $query->subVar( $page, '@C@', 		$parsed->{C} );
## $page = $query->subVar( $page, '@EMAIL@', 	$parsed->{EMAIL} );

print "$page";

1;