📄 export-import.lib
字号:
my @crlsList = grep ( /cacrl/i, readdir(CRLs) ); closedir( CRLs ); $ret = ""; foreach $tmpCRL (@crlsList) { my $fileName = "$dir/$tmpCRL"; my $tmpFormat = "PEM"; my $rev; if( $fileName =~ /\.(der|crt)/gi ) { $tmpFormat = "DER"; }; my $data = new OpenCA::CRL( INFILE=>"$fileName", SHELL=>$cryptoShell, FORMAT=>"$tmpFormat" ); if( not $data ) { print addErrorLog( "Error loading file ($fileName)"); print closeLogSection (); return 0; } if( not $db->storeItem( DATATYPE=>"CRL", OBJECT=>$data)) { print addErrorLog("Error adding Item to dB!"); print closeLogSection (); return 0; } else { unlink( "$fileName" ); save( FILENAME=>"$serverDir/crl/cacrl.pem", DATA=>$data->getPEM()); save( FILENAME=>"$serverDir/crl/cacrl.der", DATA=>$data->getDER()); save( FILENAME=>"$serverDir/crl/cacrl.txt", DATA=>$data->getTXT()); save( FILENAME=>"$public/crl/cacrl.pem", DATA=>$data->getPEM()); save( FILENAME=>"$public/crl/cacrl.crl", DATA=>$data->getDER()); save( FILENAME=>"$public/crl/cacrl.txt", DATA=>$data->getTXT()); $ret .= "Added CRL\n\tLast Update: " . $data->getParsed()->{LAST_UPDATE} ."\n" . "\tNext Update: " . $data->getParsed()->{NEXT_UPDATE} . "\n"; } ## update certificate state foreach $rev ( @{ $data->getParsed()->{LIST} } ) { my $cert = $db->getItem(DATATYPE =>'SUSPENDED_CERTIFICATE', KEY => $rev->{SERIAL} ); if( $cert ) { $db->updateStatus (DATATYPE =>'SUSPENDED_CERTIFICATE', NEWTYPE =>'REVOKED_CERTIFICATE', OBJECT => $cert ); } } ## update LDAP ? if ( $keys->{LDAP} ) { my @result = eximObjectToLDAP ( CRL => $data ); if ( not @result or not $result [0] ) { $ret .= "Cannot write CRL to LDAP\n"; } else { $ret .= "CRL is available via LDAP\n"; } } } print addLogLine("Ok."); print addPreLogLine( $ret ); print closeLogSection(); print addLogSection( "Importing ARCHIVIED Status of CRRs to dB ... "); opendir( CERTS, "$dir" ); my @certList = grep(/arc$/, readdir( CERTS ) ); closedir( CERTS ); $ret = ""; foreach $tmpCert (@certList) { my $tmpSerial, $tmpFormat; my $fileName = "$dir/$tmpCert"; my $certFile = $query->getFile( $fileName ); if ( not $certFile ) { print addErrorLog( "Failed opening ($fileName)."); print closeLogSection (); return 0; } my $data = new OpenCA::CRR ( SHELL =>$cryptoShell, INFILE=>$fileName, FORMAT=>"PEM" ); if ( not $data ) { print addErrorLog("Failed new CRR object!"); print closeLogSection(); return 0; } ## check to insert a new certificate if ( not $db->updateStatus ( DATATYPE => "APPROVED_CRR", NEWTYPE => "ARCHIVIED_CRR", OBJECT => $data)) { print addErrorLog("Failed changing status of CRR in dB!"); print closeLogSection (); return 0; } } print addLogLine ("OK"); print closeLogSection (); print addLogSection( "Importing DELETED Status of CRRs to dB ... "); opendir( CERTS, "$dir" ); my @certList = grep(/del$/, readdir( CERTS ) ); closedir( CERTS ); $ret = ""; foreach $tmpCert (@certList) { my $tmpSerial, $tmpFormat; my $fileName = "$dir/$tmpCert"; my $certFile = $query->getFile( $fileName ); if ( not $certFile ) { print addErrorLog( "Failed opening ($fileName)."); print closeLogSection (); return 0; } my $data = new OpenCA::CRR ( SHELL =>$cryptoShell, INFILE=>$fileName, FORMAT=>"PEM" ); if ( not $data ) { print addErrorLog("Failed new REQ object!"); print closeLogSection(); return 0; } ## check to insert a new certificate if ( not $db->updateStatus ( DATATYPE => "APPROVED_CRR", NEWTYPE => "DELETED_CRR", OBJECT => $data)) { print addErrorLog("Failed changing status of CRR in dB!"); print closeLogSection (); return 0; } } print addLogLine("Ok."); print closeLogSection(); return 1;}################################### functions for Configuration ###################################sub exportConfiguration { my $exim_tmp_dir = $_[0]; my $dir = $exim_tmp_dir."/Configuration"; if ( not createDirectory ($dir) ) { return 0; } my $openssl = getRequired ( 'sslconfig' ); my $rbac_dir = getRequired ( 'RBAC_DIR' ); my $openssl_dir = getRequired ( 'OPENSSL_DIR' ); my $ext_dir = getRequired ( 'EXT_DIR' ); my $config_dir = $rbac_dir; $config_dir =~ s/\/[^\/]*$//; $rbac_dir =~ s/^.*\///g; $openssl_dir =~ s/^.*\///g; $ext_dir =~ s/^.*\///g; my $tmpdir = $dir; if( not chdir( "$tmpdir" )) { print addErrorLog( "Failed changing dir to $tmpdir" ); print closeLogSection (); return 0; } ## bring openssl.cnf to tmp-dir print addLogSection("Copying $openssl to $tmpdir ... "); $ret = `cp $openssl . 2>&1`; if( $? != 0 ) { print addErrorLog("Cannot copy $openssl to $tmpdir!"); print addLogLine( "cp $openssl ." ); print closeLogSection (); return 0; } print addLogLine( "Ok." ); print addPreLogLine( $ret ); print closeLogSection (); ## bring RBAC/ to tmp-dir print addLogSection("Copying $rbac_dir to $tmpdir ... "); $ret = `cd $config_dir; tar -c $rbac_dir | tar -x -C $tmpdir 2>&1`; if( $? != 0 ) { print addErrorLog("Cannot copy $rbac_dir to $tmpdir!"); print addLogLine( "cd $config_dir; tar -c $rbac_dir | tar -x -C $tmpdir" ); print closeLogSection (); return 0; } print addLogLine( "Ok." ); print addPreLogLine( $ret ); print closeLogSection (); ## bring OpenSSL/ to tmp-dir print addLogSection("Copying $openssl_dir to $tmpdir ... "); $ret = `cd $config_dir; tar -c $openssl_dir | tar -x -C $tmpdir 2>&1`; if( $? != 0 ) { print addErrorLog("Cannot copy $openssl_dir to $tmpdir!"); print addLogLine( "cd $config_dir; tar -c $openssl_dir | tar -x -C $tmpdir" ); print closeLogSection (); return 0; } print addLogLine( "Ok." ); print addPreLogLine( $ret ); print closeLogSection (); ## bring extfiles/ to tmp-dir print addLogSection("Copying $ext_dir to $tmpdir ... "); $ret = `cd $config_dir; tar -c $ext_dir | tar -x -C $tmpdir 2>&1`; if( $? != 0 ) { print addErrorLog("Cannot copy $ext_dir to $tmpdir!"); print addLogLine( "cd $config_dir; tar -c $ext_dir | tar -x -C $tmpdir" ); print closeLogSection (); return 0; } print addLogLine( "Ok." ); print addPreLogLine( $ret ); print closeLogSection (); return 1;}sub importConfiguration { my $exim_tmp_dir = $_[0]; my $dir = $exim_tmp_dir."/Configuration"; my $openssl = getRequired ( 'sslconfig' ); my $rbac_dir = getRequired ( 'RBAC_DIR' ); my $openssl_dir = getRequired ( 'OPENSSL_DIR' ); my $ext_dir = getRequired ( 'EXT_DIR' ); my $config_dir = $rbac_dir; $config_dir =~ s/\/[^\/]*$//; $rbac_dir =~ s/^.*\///g; $openssl_dir =~ s/^.*\///g; $ext_dir =~ s/^.*\///g; my ( @lastExport ); my $tmpdir = $dir; if (not chdir ( $tmpdir ) ) { print addErrorLog("Cannot change directory to $tmpdir!"); print closeLogSection (); return 0; } ## importing openssl.cnf my $sslconfig = $openssl; $sslconfig =~ s/.*\///g; print addLogSection("Importing $sslconfig into RAServer ... "); $ret = `cp $sslconfig $openssl 2>&1`; if( $? != 0 ) { print addErrorLog("Cannot copy $sslconfig to $openssl!"); print addLogLine( "cp $sslconfig $openssl" ); print closeLogSection (); return 0; } print addLogLine( "Ok." ); print addPreLogLine( $ret ); print closeLogSection (); ## importing RBAC/ print addLogSection("Importing $rbac_dir into RAServer ... "); $ret = `tar -c $rbac_dir | tar -x -C $config_dir 2>&1`; if( $? != 0 ) { print addErrorLog("Cannot copy $rbac_dir to $config_dir!"); print addLogLine( "tar -c $rbac_dir | tar -x -C $config_dir" ); print closeLogSection (); return 0; } print addLogLine( "Ok." ); print addPreLogLine( $ret ); print closeLogSection (); ## importing OpenSSL/ print addLogSection("Importing $openssl_dir into RAServer ... "); $ret = `tar -c $openssl_dir | tar -x -C $config_dir 2>&1`; if( $? != 0 ) { print addErrorLog("Cannot copy $openssl_dir to $config_dir!"); print addLogLine( "tar -c $openssl_dir | tar -x -C $config_dir" ); print closeLogSection (); return 0; } print addLogLine( "Ok." ); print addPreLogLine( $ret ); print closeLogSection (); ## importing extfiles/ print addLogSection("Importing $ext_dir into RAServer ... "); $ret = `tar -c $ext_dir | tar -x -C $config_dir 2>&1`; if( $? != 0 ) { print addErrorLog("Cannot copy $ext_dir to $config_dir!"); print addLogLine( "tar -c $ext_dir | tar -x -C $config_dir" ); print closeLogSection (); return 0; } print addLogLine( "Ok." ); print addPreLogLine( $ret ); print closeLogSection (); return 1;}############################################ ldap import and export functionality ############################################sub eximObjectToLDAP { my $keys = { @_ }; ## determine type of object if ( $keys->{CERTIFICATE} ) { ## create object in LDAP my @result = addLDAPobject ( CERTIFICATE => $keys->{CERTIFICATE} ); if ( not (@result and $result[0]) ) { return (0); } ## add attribute return addLDAPattribute ( CERTIFICATE => $keys->{CERTIFICATE}, NOPRINT => 1 ); } elsif ( $keys->{AUTHORITY_CERTIFICATE} ) { ## create object in LDAP my @result = addLDAPobject ( CERTIFICATE => $keys->{AUTHORITY_CERTIFICATE} ); if ( not (@result and $result[0]) ) { return 0; } ## add attribute return addLDAPattribute ( AUTHORITY_CERTIFICATE => $keys->{AUTHORITY_CERTIFICATE}, NOPRINT => 1 ); } elsif ( $keys->{CRL} ) { ## create object in LDAP is not necessary because it is the CA ## add attribute return addLDAPattribute ( CRL => $keys->{CRL}, NOPRINT => 1 ); } elsif ( $keys->{AUTHORITY_CRL} ) { ## create object in LDAP is not necessary because it is the CA ## add attribute return addLDAPattribute ( AUTHORITY_CRL => $keys->{AUTHORITY_CRL}, NOPRINT => 1 ); } else { return (0); }}######################################## full export/import functionality ########################################sub exportToCA { my $tmp = createDirectory (); exportReqs ( $tmp ); exportCRRs ( $tmp ); createArchive ( $tmp ); removeDirectory ( $tmp );}sub importFromCA { my $keys = { @_ }; my $tmp = createDirectory (); extractArchive ( $tmp ); if (withLDAPsupport) { importCerts ( TMP => $tmp, LDAP => "1" ); importCAs ( TMP => $tmp, LDAP => "1" ); importCRLs ( TMP => $tmp, LDAP => "1" ); } else { importCerts ( TMP => $tmp, LDAP => "0" ); importCAs ( TMP => $tmp, LDAP => "0" ); importCRLs ( TMP => $tmp, LDAP => "0" ); } importConfiguration ( $tmp ); removeDirectory ( $tmp );}sub exportToRAServer { my $tmp = createDirectory (); exportCerts ( $tmp ); exportCAs ( $tmp ); exportCRLs ( $tmp ); exportConfiguration ( $tmp ); createArchive ( $tmp ); removeDirectory ( $tmp );}sub importFromRAServer { my $tmp = createDirectory (); extractArchive ( $tmp ); importReqs ( $tmp ); importCRRs ( $tmp ); removeDirectory ( $tmp );}sub withLDAPsupport { my $ldap = getRequired ('LDAP'); print addLogSection ("LDAP support is "); if ( $ldap =~ /^(off|no)$/i ) { print addLogLine ("deactivated"); print closeLogSection (); return 0; } else { print addLogLine ("activated"); print closeLogSection (); return 1; }} 1;⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -