gencacert

Perl写的CA认证程序

## OpenCA - CA Command
## (c) 1998-2001 by Massimiliano Pala and OpenCA Group
##
##   File Name: genCACert
##       Brief: Generate CA Certificate
## Description: Generate the CA's Certificate (self-signed) from the
##              request file (careq.pem).
##  Parameters: bits, days, passwd

my $cmdName = "genCACert";

if ( $cmd !~ /$cmdName/i ) {
        configError( "Wrong Command Usage ($cmd over $cmdName)!" );
        exit 1;
}

## This command is executed to generate a new cacert.pem
## in the $opencaDir directory. Use the already generated
## careq.pem

my $opencaDir = getRequired( 'opencadir' );
my $baseDoc   = getRequired( 'gencacertsheet');
my $makeCmd   = getRequired( 'MakePath');

## Get the parameters
my $bits	= $query->param('bits');
my $days	= $query->param('days');
my $pwd		= $query->param('passwd');

## Other reserved variables
my $careqFile 	= "$opencaDir/careq.pem";
my $cacertFile 	= "$opencaDir/cacert.pem";
my $cacertDER	= "$opencaDir/cacert.der";
my $cakeyFile 	= "$opencaDir/private/cakey.pem";

my ( $page, $crt );

configError("Can not find $careqFile!") unless ( -e "$careqFile" );
configError("Can not find $cakeyFile!") unless ( -e "$cakeyFile" );

## If there is already a cacertfile, than we should move it to .old
if ( -e "$cacertFile" ) {
	$tools->moveFiles( SRC=>"$cacertFile",
			   DEST=>"$opencaDir/private/cacert_${$}.pem");
	$msg = "Old certificate file is (private/cacert_${$}.pem)";
}

unlink( "$cacertDER" ) if ( -e "$cacertDER" );

$cryptoShell->genCert(  KEYFILE=>"$cakeyFile",
			REQFILE=>"$careqFile",
			OUTFILE=>"$cacertFile",
			DAYS=>$days,
			PASSWD=>$pwd );

configError( "<BR>Error (1) while issuing certificate!<BR>" ) if( $? != 0 );

$cryptoShell->dataConvert( DATATYPE=>CERTIFICATE,
			   INFILE=>"$cacertFile",
			   OUTFILE=>"$cacertDER",
			   OUTFORM=>DER );

configError( "<BR>Error (2) while convertig certificate<BR>" ) if( $? != 0 );

$crt = new OpenCA::X509( SHELL=>$cryptoShell, INFILE=>"$cacertFile" );
if( not $crt ) {
	configError( "<BR>Error while loading CA certificate" .
		     " ($cacertFile)." );
} else {
	## Let's link to the stuff dir
	$tools->copyFiles ( SRC=>"$cacertFile",
			    DEST=>"$opencaDir/stuff/cacert.pem");

	## Let's link to the chain dir
	$tools->copyFiles ( SRC=>"$cacertFile",
			    DEST=>"$opencaDir/chain/cacert.crt");

	## Let's make the links for chain verification
	$ret = `cd ${opencaDir}/chain; $makeCmd`;

	if ( not $db->storeItem( DATATYPE=>"VALID_CA_CERTIFICATE",
				 OBJECT=>$crt)) {
		configError ("Error while storing CA cert to dB!");
	}
}

## If we cannot load the base Document, then error
configError("Cannot load $baseDoc.")
			 unless ( $page = $query->getFile("$baseDoc"));

## Substitute the variables
$page = $query->subVar( $page, '$key', $crt->getTXT() );
$page = $query->subVar( $page, '$msg', $msg );

## Send out the page
print "$page";

1;