updateldap

Perl写的CA认证程序

## OpenCA - RA Server Command
## (c) 1998-2001 by Massimiliano Pala and OpenCA Group
##
##   File Name: updateLDAP
##       Brief: Updates LDAP server
## Description: Add issued certificates to LDAP server
##  Parameters: 

if ( $cmd !~ /updateLDAP/i ) {
        configError( "Wrong Command Usage ($cmd/importReqs)!" );
        exit 1;
}

my ( $org, $ldap, $result, $ret );

## Get Required Parameters
my $basedn 	= getRequired( "basedn" );
my $certsdir 	= getRequired( "CACertsDir" );
my $crldir 	= getRequired( "CRLDir" );

## Get DER objects
my $cacert 	= new OpenCA::X509 ( SHELL=>$cryptoShell,
				     FORMAT=>"DER",
				     INFILE=>"$certsdir/cacert.der" );

my $cacrl 	= new OpenCA::CRL ( SHELL=>$cryptoShell,
				    FORMAT=>"DER",
				    INFILE=>"$certsdir/cacrl.der" );

## Get Organization
( $org ) = ( $basedn =~ /o\s*=\s*(.*?)[\,\s]+/i );

## Start Logging Page
print startLogPage ( "LDAP Updating" );

## Connection Setup Setting
print addLogSection ( "Initializing LDAP connection ... ");
if ( not ( $ldap = LDAP_connect() )) {
	print addErrorLog ("LDAP: Connection Refused by server!\n");
	exit(1);
};

$ret = LDAP_bind( LDAP => $ldap );
if( not $ret->{STATUS} ) {
	print addErrorLog("LDAP: Failed in Bind.","$ret->{CODE}");
	LDAP_disconnect( LDAP => $ldap );
	exit(1);
};
print addLogLine ( "Ok." );
print closeLogSection ();

print addLogSection ("Adding Organization Entry ... ");
$result = $ldap->add( 	dn => "$basedn",
			attr => [ 'o' => "$org",
				  'authorityRevocationList;binary' => "",
				  'certificateRevocationList;binary' => "",
				  'cACertificate;binary' => "",
				  'objectclass' => [ 'top', 'organization',
						     'certificationAuthority'],
				] 
		    );
if( not $result->code or $result->code == 18 or $result->code == 68) {
	print addLogLine ("Ok");
	print addPreLogLine ( "[ $basedn ]" );
} else {
	print addLogLine ("Error!");
	print addLogLine ( $result->code, $result->error );
}
print closeLogSection ();

if( defined $cacert ) {
	print addLogSection ("Adding CA Certificate ... ");
	$result = $ldap->modify( $basedn,
			add => { 'cACertificate;binary' => $cacert->getDER() });
	if( not $result->code or $result->code == 18 or $result->code == 68) {
		print addLogLine ("Ok");
		print addPreLogLine( "[ " . $cacert->getParsed()->{DN} . " ]" );
	} else {
		print addLogLine ("Error!");
		print addLogLine ( $result->code, $result->error );
	}
	print closeLogSection ();
}

if ( defined $cacrl ) {
	print addLogSection ("Adding Current CRL ... ");
	$result = $ldap->modify( $basedn,
		add => { 'certificateRevocationList;binary'=>$cacrl->getDER() });
	if( not $result->code or $result->code == 18 or $result->code == 68) {
		print addLogLine ("Ok");
	} else {
		print addLogLine ("Error!");
		print addLogLine ( $result->code, $result->error );
	}
	print closeLogSection ();
}

print addLogSection ("Disconnecting ... ");
LDAP_disconnect ( LDAP => $ldap );
print addLogLine ( "Ok" );
print closeLogSection ();
closePage();

1;