revokecertificate

Perl写的CA认证程序

## OpenCA - CA Command
## (c) 1998-2001 by Massimiliano Pala and OpenCA Group
##
##   File Name: revokeCertificate
##       Brief: Revoke a Certificate
## Description: Revoke a Valid Certificate either from a rev request
##              and from a certificate View
##  Parameters: key, serial, dataType, passwd

my $cmdName = "revokeCertificate";

if ( $cmd !~ /$cmdName/i ) {
        configError( "Wrong Command Usage ($cmd over $cmdName)!" );
        exit 1;
}

## Revoke a certificate (rvr@openca.org)
## Modified by madwolf to support certificates dB.
## Modified to support new DB module (and structure);

## Get Configuration needed parameters ...
my $tmpdir      = getRequired('TempDir');

## Get the parameters
my $key	     = $query->param('key');
my $dataType = $query->param ('dataType');
my $passwd   = $query->param('passwd');

## Get the Certificate from the Certs dB
my $cert = $db->getItem( DATATYPE=>VALID_CERTIFICATE, KEY=>$key );
if( not $cert ) {
 	generalError("Certificate $serial Not found in DB!");
}

my $fileName = "$tmpdir/${$}_${key}_cert.pem";
$tools->saveFile( FILENAME=>$fileName, DATA=>$cert->getPEM() );

## Revoke Certificate
if( not $cryptoShell->revoke( INFILE=>"$fileName", PASSWD=>"$passwd")) {
	unlink( "$fileName" );
	generalError( "Error while revoking Certificate!" );
	exit 0;
}

unlink( $fileName );

## Set The header to revoke date
$cert->getParsed()->{HEADER}->{REVOKED}=$tools->getDate();
$cert->getParsed()->{HEADER}->{REVREASON}="CA Revoked Certificate";
$cert->getParsed()->{HEADER}->{REVCODE}="1";

if( not $db->updateStatus( OBJECT=>$cert, DATATYPE=>"VALID_CERTIFICATE",
					NEWTYPE=>"REVOKED_CERTIFICATE" )) {
	generalError("Error moving certificate $key to Revoked dB");
}

success( "Certificate Revokation", "Certificate $key successfully revoked.");

1;