export-import.lib

Perl写的CA认证程序

        unlink( "$serverDir/stuff/lastImport.txt" );
        $tools->saveFile ( FILENAME => "$serverDir/stuff/lastImport.txt", 
                           DATA     => $txt );
      }
    }
    unlink( "$fileName" );
 
    # print $ret."<br>\n";
    $ret .= "Added <I>" . $data->getParsed()->{CN} .
            " (" . $data->getParsed->{SERIAL} . ")</I>";
    ## update LDAP ?
    if ( $keys->{LDAP} ) {
      my @result = eximObjectToLDAP ( CERTIFICATE => $data );
      if ( not @result or not $result [0] ) {
        $ret .= "\nCannot write CERTIFICATE to LDAP";
      } else {
        $ret .= "\nCERTIFICATE is available via LDAP";
      }
    }
    $ret .= "<br>\n";
  }
  print addLogLine("Ok.");
  print addPreLogLine( $ret );
  print closeLogSection();
 
  print addLogSection( "Importing ARCHIVIED Status of Requests to dB ... ");
  opendir( CERTS, "$dir" );
  my @certList = grep(/arc$/, readdir( CERTS ) );
  closedir( CERTS );

  $ret = "";
  foreach $tmpCert (@certList) {
    my $tmpSerial, $tmpFormat;

    my $fileName = "$dir/$tmpCert";
    my $certFile = $query->getFile( $fileName );

    if ( not $certFile ) {
      print addErrorLog( "Failed opening ($fileName).");
      print closeLogSection ();
      return 0;
    }

    my $data = new OpenCA::REQ ( SHELL =>$cryptoShell,
                                 INFILE=>$fileName,
                                 FORMAT=>"PEM" );

    if ( not $data ) {
      print addErrorLog("Failed new REQ object!");
      print closeLogSection();
      return 0;
    }
    ## check to insert a new certificate
    if ( not $db->updateStatus ( DATATYPE => "APPROVED_REQUEST",
                                 NEWTYPE  => "ARCHIVIED_REQUEST",
                                 OBJECT   => $data)) {
        print addErrorLog("Failed changing status of request in dB!");
        print closeLogSection ();
        return 0;
    }
  }
  print addLogLine ("OK");
  print closeLogSection ();

  print addLogSection( "Importing DELETED Status of Requests to dB ... ");
  opendir( CERTS, "$dir" );
  my @certList = grep(/del$/, readdir( CERTS ) );
  closedir( CERTS );

  $ret = "";
  foreach $tmpCert (@certList) {
    my $tmpSerial, $tmpFormat;

    my $fileName = "$dir/$tmpCert";
    my $certFile = $query->getFile( $fileName );

    if ( not $certFile ) {
      print addErrorLog( "Failed opening ($fileName).");
      print closeLogSection ();
      return 0;
    }

    my $data = new OpenCA::REQ ( SHELL =>$cryptoShell,
                                 INFILE=>$fileName,
                                 FORMAT=>"PEM" );

    if ( not $data ) {
      print addErrorLog("Failed new REQ object!");
      print closeLogSection();
      return 0;
    }
    ## check to insert a new certificate
    if ( not $db->updateStatus ( DATATYPE => "APPROVED_REQUEST",
                                 NEWTYPE  => "DELETED_REQUEST",
                                 OBJECT   => $data)) {
        print addErrorLog("Failed changing status of request in dB!");
        print closeLogSection ();
        return 0;
    }
  }
  print addLogLine ("OK");
  print closeLogSection ();

  return 1;
}

##################################
## functions for CA-Certifcates ##
##################################

sub exportCAs {

  my $exim_tmp_dir = $_[0];
  my $dir = $exim_tmp_dir."/CA_CERTIFICATE";

  if ( not createDirectory ($dir) ) {
    return 0;
  }

  print addLogSection("CA-Certificate Exporting ... ");
  if( not chdir( "$dir" )) {
    print addErrorLog( "Failed changing dir to $dir." );
    print closeLogSection();
    return 0;
  }

  ## I export all certs to support recovery after a crash on RAServer
  ## before the import I check via getItem for an existent certificate
  ## with this serial
  my @certList = $db->searchItems (DATATYPE => "VALID_CA_CERTIFICATE");

  if( $#certList < 0 ) {
    print addLogLine( "Ok." );
    print addLogLine("<I><OL>No CA-Certificates to be exported.</OL></I>");
    print closeLogSection();
    return 1;
  }

  foreach $cert (@certList) {
    my $key = $cryptoShell->getDigest( DATA => $cert->getPEM () );
    my $fileName = "${dir}/${key}.pem";

    if (not $tools->saveFile ( FILENAME => $fileName,
                               DATA     => $cert->getPEM ()
                             )) {
      print addErroLog ("Cannot save certificate ${key} to file ${key}.pem");
    }
  }

  print addLogLine( "Ok." );
  print closeLogSection();

  return 1;
}

sub importCAs {

  my $keys = { @_ };

  my $exim_tmp_dir = $keys->{TMP};
  my $dir = $exim_tmp_dir."/CA_CERTIFICATE";

  print addLogSection( "Importing CA-Certificates to dB ... ");
  opendir( CERTS, "$dir" );
  my @certList = grep ( /pem$/, readdir( CERTS ) );
  closedir( CERTS );

  $ret = "";
  foreach $tmpCert (@certList) {
    my $tmpSerial, $tmpFormat;

    my $fileName = "$dir/$tmpCert";
    my $certFile = $query->getFile( $fileName );

    if ( not $certFile ) {
      print addErrorLog( "Failed opening ($fileName).");
      print closeLogSection ();
      return 0;
    }

    my $data = new OpenCA::X509( SHELL =>$cryptoShell,
                                 INFILE=>$fileName,
                                 FORMAT=>"PEM" );

    if ( not $data ) {
      print addErrorLog("Failed new X509 object!");
      print closeLogSection();
      return 0;
    }
    if ( not $tmpSerial = $cryptoShell->getDigest ( 
                            DATA => $data->getPEM () 
                                                  ) 
       ) {
      print addErrorLog("Key (hash) is not calculatable!");
      print closeLogSection();
      return 0;
    }
    ## check to insert a new certificate
    if ( not $db->searchItems ( DATATYPE => "CA_CERTIFICATE", 
                               KEY      => $tmpSerial ) ) {
      if ( not $db->storeItem( DATATYPE => "VALID_CA_CERTIFICATE",
                               MODE     => "INSERT",
                               OBJECT   => $data)) {
        print addErrorLog("Failed adding ca-cert to dB!");
        print closeLogSection ();
        return 0;
      }
    }
    unlink( "$fileName" );
    print addLogLine("Ok.");

    ## update LDAP ?
    if ( $keys->{LDAP} ) {
      my @result = eximObjectToLDAP ( AUTHORITY_CERTIFICATE => $data );
      if ( not @result or not $result [0] ) {
        print addErrorLog ( "Cannot write CA_CERTIFICATE to LDAP" );
      } else {
        $ret .= "<br><i>CA_CERTIFICATE is available via LDAP</i><br>" ;
      }
    }
  }
  print addPreLogLine( $ret );
  print closeLogSection();

  my @cacerts = $db->searchItems ( DATATYPE => "VALID_CA_CERTIFICATES" );
  my $key;
  my $serial = -1;
  foreach my $cert (@cacerts) {
    if ( $cert->getParsed ()->{SERIAL} > $serial ) {
      $serial = $cert->getParsed ()->{SERIAL};
      $key    = $cryptoShell->getDigest (
                  DATA => $cert->getPEM ()
                                        );
    }
  }
  my $serverDir = getRequired ( 'ServerDir');
  print addLogSection( "Copying latest ca-certificate to ($serverDir) ... " );
  if( $ret = $tools->copyFiles ( SRC  => "${dir}/${key}.pem",
                                 DEST => "${serverDir}/cacert.pem" ) ) {
    print addLogLine("Ok.");
    ## print addPreLogLine( $ret );
    print closeLogSection();
  } else {
    print addErrorLog("Copying failed from ${dir}/${key}.pem ".
                      "to ${serverDir}/cacert.pem!");
    print closeLogSection ();
    return 0;
  }

  # Now we copy the CA's certificate to the chain dir
  $tools->copyFiles( SRC => "${serverDir}/cacert.pem",
                     DEST => "${serverDir}/chain/cacert.crt" );

  # Let's make Chain verification
  print addLogSection("Re-Building CA Chain ... ");
  chdir( "${serverDir}/chain" );
  $ret = `$makeCmd`;
  print addLogLine("Ok.");
  print addPreLogLine( $ret );
  print closeLogSection();

  return 1;
}


########################
## functions for CRRs ##
########################

sub exportCRRs {

  my $exim_tmp_dir = $_[0];
  my $dir = $exim_tmp_dir."/CRR";

  if ( not createDirectory ($dir) ) {
    return 0;
  }

  print addLogSection ("Export approved requests ...");

  my @reqList = $db->searchItems( DATATYPE=>"APPROVED_CRR" );
  foreach $req (@reqList) {
    my $key = $req->getParsed->{DBKEY};
    my $fileName = "${dir}/${key}.req";

    if ( not $tools->saveFile ( FILENAME => $fileName,
                                DATA     => $req->{crr}
                              )) {
      print addErrorLog ("Cannot write CRR ${key} to file $fileName");
    }
  }

  print addLogLine ("OK");
  print closeLogSection();

  ## the requests are only archived during the import of the certificates
  ## to handle crashed disks etc.

  return 1;
}

sub importCRRs {


  my $exim_tmp_dir = $_[0];
  my $dir = $exim_tmp_dir."/CRR";

  print addLogSection( "Importing CRRs to dB ... ");
  opendir( REQS, "$dir" );
  my @reqsList = grep ( /req$/, readdir( REQS ) );
  closedir( REQS );

  $ret = "";
  foreach $tmpReq (@reqsList) {
    my $storeType, $tmpType;

    my $fileName = "$dir/$tmpReq";
    my $content = "";
    open ( FD, "<$dir/$tmpReq" );
    while ( $tmp = <FD> ) {
      $content .= $tmp;
    }
    close FD;
    my $data = new OpenCA::CRR( SHELL=>$cryptoShell, DATA => $content );

    if ( not $data ) {
      print addErrorLog("Failed creating CRR obj ");
      print closeLogSection ();
      return 0;
    }

    if ( not $db->storeItem( DATATYPE=>"PENDING_CRR", OBJECT=>$data ) ) {
      print addErrorLog("Failed adding request to dB!");
      print closeLogSection ();
      return 0;
    } else {
      unlink( "$fileName" );
    }

    $ret .= "Added <I>" . $data->getParsed()->{CERTIFICATE_DN} .
            " (" . $data->getParsed->{EMAIL} . ")</I><BR>\n";
  }
  print addLogLine("Ok.");
  print addPreLogLine( $ret );
  print closeLogSection();

  return 1;
}

########################
## functions for CRLs ##
########################

sub exportCRLs {

  my $exim_tmp_dir = $_[0];
  my $dir = $exim_tmp_dir."/CRL";

  if ( not createDirectory ($dir) ) {
    return 0;
  }

  my $opencaDir = getRequired ( 'OpenCADir');

  my @clrList;

  print addLogSection("CRL Exporting ($dest) ... ");

  if( not chdir( "$opencaDir/outbound/crl/" )) {
    addErrorLog( "Failed changing dir to $dir." );
    closePage();
    exit 1;
  }

  opendir( CRLs, "$opencaDir/outbound/crl/" ) or 
    die "Cannot access dir '$opencaDir/outbound/crl/'";
  @crlList = grep( /cacrl/, readdir( CRLs ));
  closedir( CRLs );

  if( $#crlList < 0 ) {
    print addLogLine( "Ok." );
    print addLogLine("<I><OL>No CRLs to be exported.</OL></I>");
    print closeLogSection();
    return 1;
  }

  if (not $tools->copyFiles ( SRC  => "$opencaDir/outbound/crl/*cacrl*", 
                              DEST => "$dir" )) {
    print addErrorLog ("Cannot copy from $opencaDir/outbound/crl/*cacrl* ".
                       "to $dir");
    print closeLogSection ();
    return 0;
  }

  ## I export all archived and deleted CRRs to move the 
  ## approved requests on the RAServer in the right way
  my @certList = $db->searchItems (DATATYPE => "ARCHIVIED_CRR" );

  foreach $cert (@certList) {
    my $key = $cert->getParsed->{DBKEY};
    my $fileName = "${dir}/${key}.arc";

    if (not $tools->saveFile ( FILENAME => $fileName,
                               DATA     => $cert->getCRR ()
                             )) {
      print addErrorLog ("Cannot write certificate ${key} to file $fileName!");
    }
  }

  my @certList = $db->searchItems (DATATYPE => "DELETED_CRR" );

  foreach $cert (@certList) {
    my $key = $cert->getParsed->{DBKEY};
    my $fileName = "${dir}/${key}.del";

    if (not $tools->saveFile ( FILENAME => $fileName,
                               DATA     => $cert->getCRR ()
                             )) {
      print addErrorLog ("Cannot write CRR ${key} to file $fileName!");
    }
  }

  print addLogLine("Ok.");
  print addPreLogLine("$ret");
  print closeLogSection();

  return 1;
}

sub importCRLs {

  my $keys = { @_ };

  my $exim_tmp_dir = $keys->{TMP};
  my $dir = $exim_tmp_dir."/CRL";

  my $serverDir = getRequired ( 'ServerDir');
  my $public = getRequired ( 'PublicDir');
  my @clrList;

  print addLogSection("Importing CRL to dB .... ");
	
  opendir( CRLs, "$dir" );
  ## my @crlsList = grep( /[\d]+\_cacrl\.(pem|der|crt|crl)/i,readdir(CRLs));