diff options
| author | alee <alee@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2009-06-16 15:47:16 +0000 |
|---|---|---|
| committer | alee <alee@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2009-06-16 15:47:16 +0000 |
| commit | d738fae4fac5aa607c48ce0ee32b3b4afc4a7aa2 (patch) | |
| tree | 18c69346d802b70403a43753dda7e28401f42bea | |
| parent | 638d3a921adff47c848288b22901c93463f795f0 (diff) | |
Bugzilla Bug #504240 RA (nethsm) : unable to approve server cert
git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@615 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
| -rw-r--r-- | pki/base/ra/lib/perl/PKI/Conn/CA.pm | 62 |
1 files changed, 50 insertions, 12 deletions
diff --git a/pki/base/ra/lib/perl/PKI/Conn/CA.pm b/pki/base/ra/lib/perl/PKI/Conn/CA.pm index 01de23222..820899905 100644 --- a/pki/base/ra/lib/perl/PKI/Conn/CA.pm +++ b/pki/base/ra/lib/perl/PKI/Conn/CA.pm @@ -61,12 +61,18 @@ sub enroll { my $cfg = $self->{cfg}; my $instdir = $cfg->get("service.instanceDir"); - my $db_password = `grep \"internal:\" \"$instdir/conf/password.conf\" | cut -c10-`; - $db_password =~ s/\n$//g; + my $db_password; my $nickname = $cfg->get("conn." . $con_id . ".clientNickname"); my $cahostport = $cfg->get("conn." . $con_id . ".hostport"); my ($host, $port) = split(/:/, $cahostport); + + if ($nickname =~ /(.*):(.*)/) { + $db_password = `grep \"$1:\" \"$instdir/conf/password.conf\" | cut -c10-`; + } else { + $db_password = `grep \"internal:\" \"$instdir/conf/password.conf\" | cut -c10-`; + } + $db_password =~ s/\n$//g; my $queue = PKI::Request::Queue->new(); $queue->open($cfg); @@ -85,6 +91,7 @@ sub enroll { "cert_request=" . URI::Escape::uri_escape("$cert_request") . "&" . "xmlOutput=true"; + system("/usr/bin/sslget -e \"$params\" -d \"$instdir/alias\" -p \"$db_password\" -v -n \"$nickname\" -r \"/ca/ee/ca/profileSubmit\" $host:$port > $tmpfile"); my $content = `cat $tmpfile`; @@ -161,12 +168,18 @@ sub revoke { my $cfg = $self->{cfg}; my $instdir = $cfg->get("service.instanceDir"); - my $db_password = `grep \"internal:\" \"$instdir/conf/password.conf\" | cut -c10-`; - $db_password =~ s/\n$//g; + my $db_password; my $nickname = $cfg->get("conn." . $con_id . ".clientNickname"); my $cahostport = $cfg->get("conn." . $con_id . ".hostagentport"); + if ($nickname =~ /(.*):(.*)/) { + $db_password = `grep \"$1:\" \"$instdir/conf/password.conf\" | cut -c10-`; + } else { + $db_password = `grep \"internal:\" \"$instdir/conf/password.conf\" | cut -c10-`; + } + $db_password =~ s/\n$//g; + my $tmpfile = "/tmp/tmp-revoke-$serialno-$$"; my ($host, $port) = split(/:/, $cahostport); my $params = "op=" . "revoke" . "&" . @@ -218,13 +231,20 @@ sub getCertStatus { my $cfg = $self->{cfg}; my $instdir = $cfg->get("service.instanceDir"); - my $db_password = `grep \"internal:\" \"$instdir/conf/password.conf\" | cut -c10-`; - $db_password =~ s/\n$//g; + my $db_password; my $nickname = $cfg->get("conn." . $con_id . ".clientNickname"); my $cahostport = $cfg->get("conn." . $con_id . ".hostport"); my ($host, $port) = split(/:/, $cahostport); + if ($nickname =~ /(.*):(.*)/) { + $db_password = `grep \"$1:\" \"$instdir/conf/password.conf\" | cut -c10-`; + } else { + $db_password = `grep \"internal:\" \"$instdir/conf/password.conf\" | cut -c10-`; + } + $db_password =~ s/\n$//g; + + my $tmpfile = "/tmp/tmp-$serialno-$$"; my $params = "serialNumber=" . "0x".$serialno . "&" . "xml=true"; @@ -265,13 +285,19 @@ sub scep_get_ca_cert { my $cfg = $self->{cfg}; my $instdir = $cfg->get("service.instanceDir"); - my $db_password = `grep \"internal:\" \"$instdir/conf/password.conf\" | cut -c10-`; - $db_password =~ s/\n$//g; + my $db_password; my $nickname = $cfg->get("conn." . $con_id . ".clientNickname"); my $cahostport = $cfg->get("conn." . $con_id . ".hostport"); my ($host, $port) = split(/:/, $cahostport); + if ($nickname =~ /(.*):(.*)/) { + $db_password = `grep \"$1:\" \"$instdir/conf/password.conf\" | cut -c10-`; + } else { + $db_password = `grep \"internal:\" \"$instdir/conf/password.conf\" | cut -c10-`; + } + $db_password =~ s/\n$//g; + my $tmpfile = "/tmp/tmp-$$"; my $params = "operation=" . $operation . "&" . "message=" . $message; @@ -291,13 +317,19 @@ sub scep_decode { my $cfg = $self->{cfg}; my $instdir = $cfg->get("service.instanceDir"); - my $db_password = `grep \"internal:\" \"$instdir/conf/password.conf\" | cut -c10-`; - $db_password =~ s/\n$//g; + my $db_password; my $nickname = $cfg->get("conn." . $con_id . ".clientNickname"); my $cahostport = $cfg->get("conn." . $con_id . ".hostport"); my ($host, $port) = split(/:/, $cahostport); + if ($nickname =~ /(.*):(.*)/) { + $db_password = `grep \"$1:\" \"$instdir/conf/password.conf\" | cut -c10-`; + } else { + $db_password = `grep \"internal:\" \"$instdir/conf/password.conf\" | cut -c10-`; + } + $db_password =~ s/\n$//g; + my $tmpfile = "/tmp/tmp-$$"; my $params = "operation=" . $operation . "&" . "message=" . $message . "&" . @@ -317,13 +349,19 @@ sub scep_pki_message { my $cfg = $self->{cfg}; my $instdir = $cfg->get("service.instanceDir"); - my $db_password = `grep \"internal:\" \"$instdir/conf/password.conf\" | cut -c10-`; - $db_password =~ s/\n$//g; + my $db_password; my $nickname = $cfg->get("conn." . $con_id . ".clientNickname"); my $cahostport = $cfg->get("conn." . $con_id . ".hostport"); my ($host, $port) = split(/:/, $cahostport); + if ($nickname =~ /(.*):(.*)/) { + $db_password = `grep \"$1:\" \"$instdir/conf/password.conf\" | cut -c10-`; + } else { + $db_password = `grep \"internal:\" \"$instdir/conf/password.conf\" | cut -c10-`; + } + $db_password =~ s/\n$//g; + my $tmpfile = "/tmp/tmp-$$"; my $params = "operation=" . $operation . "&" . "message=" . $message; |