importcrl

Perl写的CA认证程序

## OpenCA - RA Server Command
## (c) 1998-2001 by Massimiliano Pala and OpenCA Group
##
##   File Name: importCRL
##       Brief: Imports CRL exported by the issuing CA
## Description: Imports CRL exported on removable media by the CA
##  Parameters: 

if ( $cmd !~ /importCRL/i ) {
        configError( "Wrong Command Usage ($cmd/importReqs)!" );
        exit 1;
}

## GNU Tar suggested for exporting Certification Request
## to the CA. We use the GNU tar because of its availability
## for all the platforms and its stability.

## Get required parameters from the configuration file
my $command     = getRequired( 'UnpackArchive' );
my $dev         = getRequired( 'ImportDev' );
my $tmp         = getRequired( 'TempDir' );
my $serverDir   = getRequired( 'ServerDir' );
my $public      = getRequired( 'PublicDir' );

## Subtitute $orig and $dest
$command = $query->subVar( $command, '$orig', $dev );
$command = $query->subVar( $command, '$dest', $tmp );
       
print startLogPage( "CRL Importing Page" );
print addLogSection( "CRL Importing .... ");

if( not chdir( $tmp )) {
	print addErrorLog("Failed changing directory to $tmp!");
	closePage();
	exit 1;
}

$ret = `$command 2>&1`;
if( $? != 0 ) {
	print addErrorLog( "De-Archiving Failed on $dev!", "$ret" );
	closePage();
	exit 1;
}
print addLogLine( "Ok." );
print addPreLogLine( $ret );
print closeLogSection();

print addLogSection("Importing CRL to dB .... ");
	
opendir( CRLs, "$tmp" );
	my @crlsList = grep( /[\d]+\_cacrl\.(pem|der|crt|crl)/i,readdir(CRLs));
closedir( CRLs );

$ret = "";
foreach $tmpCRL (@crlsList) {
	my $fileName = "$tmp/$tmpCRL";
	my $tmpFormat = "PEM";
	my ( $rev, $dataType, $cert );

	if( $fileName =~ /\.(der|crt)/gi ) {
		$tmpFormat = "DER";
	};

	my $data = new OpenCA::CRL( INFILE=>"$fileName",
				    SHELL=>$cryptoShell,
			            FORMAT=>"$tmpFormat" );
       	if( not $data ) {
		print addErrorLog( "Error loading file ($fileName)");
               	closePage();
               	exit;
       	}

	if( not $db->storeItem( DATATYPE=>"CRL", OBJECT=>$data)) {
               	print addErrorLog("Error adding Item to dB!");
               	closePage();
               	exit;
	} else {
		unlink( "$fileName" );

		save( FILENAME=>"$serverDir/crl/cacrl.pem",
						DATA=>$data->getPEM());
		save( FILENAME=>"$serverDir/crl/cacrl.der",
						DATA=>$data->getDER());
		save( FILENAME=>"$serverDir/crl/cacrl.txt",
						DATA=>$data->getTXT());

		save( FILENAME=>"$public/crl/cacrl.pem",
						DATA=>$data->getPEM());
		save( FILENAME=>"$public/crl/cacrl.crl",
						DATA=>$data->getDER());
		save( FILENAME=>"$public/crl/cacrl.txt",
						DATA=>$data->getTXT());

		$ret .= "Added CRL\n\tLast Update: " .
			$data->getParsed()->{LAST_UPDATE} ."\n" .
			"\tNext Update: " .
			$data->getParsed()->{NEXT_UPDATE} . "\n";
	}

	$ret .= "<OL><OL>\n";
	foreach $rev ( @{ $data->getParsed()->{LIST} } ) {

		$ret .= "Revoking certificate [$rev->{SERIAL}].<br>\n";

		if( $cert = $db->getItem(DATATYPE =>'SUSPENDED_CERTIFICATE',
				  KEY => $rev->{SERIAL} )) {
			$dataType = "SUSPENDED_CERTIFICATE";
		} elsif ( $cert = $db->getItem(DATATYPE=>'VALID_CERTIFICATE',
				  KEY => $rev->{SERIAL} )) {
			$dataType = "VALID_CERTIFICATE";
		}

		if( $cert ) {
			$cert->getParsed()->{HEADER}->{REVOKED} =
				$rev->{DATE};
                        $db->updateStatus (DATATYPE =>$dataType,
                                           NEWTYPE  =>'REVOKED_CERTIFICATE',
                                           OBJECT   => $cert );
		}
	}
	$ret .= "</OL></OL>\n";
}

print addLogLine("Ok.");
print addPreLogLine( $ret );
print closeLogSection();
closePage();

1;