importcacert

Perl写的CA认证程序

## OpenCA - CA Command
## (c) 1998-2001 by Massimiliano Pala and OpenCA Group
##
##   File Name: importCACerts
##       Brief: Import externally approved CA Certificate
## Description: Import approved CA certificate (issued by a root CA ?)
##              from media and imports it into the VALID_CA_CERTIFICATE dB.
##  Parameters: dataType

if ( $cmd !~ /importCACert/i ) {
        configError( "Wrong Command Usage ($cmd/importCACert)!" );
        exit 1;
}

## GNU Tar suggested for exporting Certification Request
## to the CA. We use the GNU tar because of its availability
## for all the platforms and its stability.

## Get required parameters from the configuration file
my $command	= getRequired( 'UnpackArchive' );
my $dev  	= getRequired( 'ImportDev' );
my $tmp  	= getRequired( 'TempDir' );
my $serverDir	= getRequired( 'BaseDir' );
my $makeCmd	= getRequired( 'MakePath' );

my ( @lastImport );
my ( $dir, $filter, $ret, $ca, $tmpLine );

my $dataType = $query->param( 'dataType' );

if ( $dataType eq "VALID_CA_CERTIFICATE") {
	$dir = "$serverDir";
	$filter = 'cacert.pem';
	$ca = 1;
} else {
	configError( "Unsupported dataType ($dataType)" );
	exit 1;
}

## Subtitute $orig and $dest
$command = $query->subVar( $command, '$orig', $dev );
$command = $query->subVar( $command, '$dest', $tmp );

print startLogPage( "Certificate Importing Page");
print addLogSection("Certificate Importing ... ");
if( not chdir("$tmp")) {
	print addErrorLog("Can not change dir to $tmp.");
	closePage();
	exit 1;
}

$ret = `$command 2>&1`;
if( $? != 0 ) {
	print addErrorLog( "De-Archiving Failed from $dev!" );
	closePage();
	exit;
} 
print addLogLine("Ok.");
print addPreLogLine( $ret );
print closeLogSection();

## we copy to $dir if we have to import cacert.pem
print addLogSection( "Copying certificate to ($dir) ... " );

# Now we copy the CA's certificate to the chain dir
if( $tools->copyFiles( 	SRC => "${tmp}/cacert.pem",
			DEST => "${serverDir}/cacert.pem" )) {
       	print addLogLine("Ok.");
	print addPreLogLine( $ret );
	print closeLogSection();
} else {
	print addErrorLog("Copying failed ($dir)!");
	closePage();
	exit;
}

my $cacert = new OpenCA::X509( 	SHELL =>$cryptoShell,
			       	INFILE=>"${serverDir}/cacert.pem",
				FORMAT=>"PEM" );

if ((not $cacert) or ( not $tmpSerial = $cacert->getParsed()->{SERIAL})) {
	print addErrorLog("Imported file does not seems to be a certificate.");
	closePage();
	exit;
}

# Now we copy the CA's certificate to the chain dir
$tools->copyFiles( SRC => "${serverDir}/cacert.pem",
		   DEST => "${serverDir}/chain/cacert.crt" );

# Let's make Chain verification
print addLogSection("Re-Building CA Chain ... ");
chdir( "${serverDir}/chain" );
$ret = `$makeCmd`;
print addLogLine("Ok.");
print addPreLogLine( $ret );
print closeLogSection();

print addLogSection("Importing new CA cert into DB ... ");
if ( not $db->storeItem( DATATYPE=>$dataType, OBJECT=>$cacert)) {
	print addErrorLog("Failed adding cert to dB!");
	closeLogPage();
	exit;
} else {
	$tmpLine = $cacert->getParsed()->{DN} . "\n";
	$tmpLine =~ s/(,|\/)/<BR>/g;
	$tmpLine = "<BR>$tmpLine<BR>";

}

$ret = "Added CA certificate <OL><I>$tmpLine</I></OL>";

#$ret .= "Added <OL><I>" . $data->getParsed()->{CN} .
#	" (" . $data->getParsed->{SERIAL} . ")</I><BR>\n";

print addLogLine("Ok.");
print addPreLogLine( $ret );
print closeLogSection();
closePage();

1;