issuecertificate

Perl写的CA认证程序

## OpenCA - CA Command
## (c) 1998-2001 by Massimiliano Pala and OpenCA Group
##
##   File Name: issueCertificate
##       Brief: Issue a Certificate
## Description: Issue a new Certificate
##  Parameters: key, dataType, passwd

my $cmdName = "issueCertificate";

if ( $cmd !~ /$cmdName/i ) {
        configError( "Wrong Command Usage ($cmd over $cmdName)!" );
        exit 1;
}

## To aprove a Request, we need the file containing the
## user data and the SPKAC. In a second time we must be
## able to manage encrypted files with CA key.

my ( $ieHack, $inForm, $reqType, $userCert, $reqFile, @certList );

## Get Configuration needed parameters ...
my $newCertsDir = getRequired('NewCertsDir');
my $opencaDir   = getRequired('OpenCADir');
my $tempDir     = getRequired('TempDir');
my $SSLIndex	= getRequired('SSLIndex');
my $SSLSerial	= getRequired('SSLSerial');

## Get the parameters
my $key 	= $query->param('key');
my $dataType    = $query->param('dataType');
my $passwd      = $query->param('passwd');
my $extfile     = $query->param('extfile');
my $comment     = $query->param('comment');

configError("Needed key to access dB!") if ( not $key );
configError("Needed PASSWD!") if ( not $passwd );

if( $extfile ) {
	$extfile = "${opencaDir}/conf/openssl/extfiles/${extfile}";
}

## Set the COMMENT env variable
$ENV{'COMMENT'} = "$comment";

## Get Request
my $req = $db->getItem ( DATATYPE => $dataType, KEY => $key );
configError( "Cannot Access $key Request!") if( not $req );

## Check if there are certificates with the same DN
@certList = $db->searchItems( DATATYPE=>"VALID_CERTIFICATE",
			      DN=>$req->getParsed()->{DN} );

configError("A Valid Certificate with same DN exists!") if($#certList > -1);

if ( $req->getParsed()->{TYPE} =~ /IE/ ) {
	$reqType = "MSIE";
	$inForm  = PEM;
} elsif ( $req->getParsed()->{TYPE} =~ /SPKAC|MOZILLA|NETSCAPE/ ) {
	$inForm = SPKAC;
} else {
	$inForm = PEM;
};

## Get the serial Number the certificate will have
my ( $ser ) = 
	( $query->getFile("$SSLSerial") =~ /([0-9a-f]+)/i );

## Let's save the request body to a temp file
$tools->saveFile( FILENAME=>"$tempDir/${ser}.req", 
 		  DATA=>$req->getParsed()->{BODY} . "\n" )
 	or configError( "Cannot write to $tempDir/${ser}.req" );

## ## this code is not tested actually
##
## ## allocate role
## my $role = getRoleFromDN ( $req->getParsed()->{DN} );
##
## ## set configFile from OpenSSL/
## $cryptoShell->setParams( CONFIG=> $opencaDir."/OpenSSL/".$role.".conf");
##
## ## Issue the Certificate
## if ( not $cryptoShell->issueCert(
##   REQFILE=>"$tempDir/${ser}.req",
##   INFORM=>$reqType,
##   PRESERVE_DN=>Y,
##   CAKEY=>"$opencaDir/private/cakey.pem",
##   CACERT=>"$opencaDir/cacert.pem",
##   EXTFILE => $opencaDir."/extfiles/".$role.".conf",
##   PASSWD=>"$passwd" ) ) {

## Issue the Certificate
if ( not $cryptoShell->issueCert(
		 REQFILE=>"$tempDir/${ser}.req",
		 INFORM=>$inForm,
		 REQTYPE=>$reqType,
		 EXTFILE=>$extfile,
		 SUBJECT=>$req->getParsed()->{HEADER}->{SUBJ},
		 PRESERVE_DN=>Y,
		 CAKEY=>"$opencaDir/private/cakey.pem",
		 CACERT=>"$opencaDir/cacert.pem",
		 PASSWD=>"$passwd" ) ) {
	configError ( "Error while issuing Certificate to ".
			 $req->getParsed()->{CN} . "<BR><BR>".
			 "(errno: $? - file name: $tempDir/${ser}.req )");
}

## Unlinking Temporary File
unlink( "$tempDir/${ser}.req" );

## Put the certificate in the certificate DB. Just parse the
## returned string to get the serial number of the certificate,
## then load from the 'just issued' certificates' dir and add
## to the DB.
my $cert = new OpenCA::X509 ( SHELL=>$cryptoShell,
			      INFILE=>"${newCertsDir}/${ser}.pem" );
 
configError("Error while opening ${newCertsDir}/${ser}.pem") if (not $cert);

if ( not $db->storeItem( DATATYPE=>VALID_CERTIFICATE, OBJECT=>$cert )) {
		configError( "Error while storing ${ser}.pem cert in dB!" );
}

## Put the Request in the archivied requests DBM. This is built
## as $serial=>$req where the serial is the certificate's
## serial number and the req is the request file

if( not $db->updateStatus( OBJECT=>$req, DATATYPE=>"PENDING_REQUEST",
			   NEWTYPE=>"ARCHIVIED_REQUEST" ) ) {
	configError("Error while storing req to archivied reqs db!");
}

## Send Success Page
success( "Certificate Issued",
	 "Certificate Request approved and archivied.\n",
	 $cert->getTXT() );

1;