diff options
author | Endi Sukma Dewata <edewata@redhat.com> | 2012-11-21 13:28:22 -0500 |
---|---|---|
committer | Endi Sukma Dewata <edewata@redhat.com> | 2012-12-03 11:40:25 -0500 |
commit | 538dee3554b0a84497afa78770706a5ad4a8ff52 (patch) | |
tree | 239fa83c28241f3d4d8b6ba27214db539fc9cb19 /base/ra/apache/docroot/ee | |
parent | 35dc1009494453803d22573ef876c8b418a609d3 (diff) | |
download | pki-538dee3554b0a84497afa78770706a5ad4a8ff52.tar.gz pki-538dee3554b0a84497afa78770706a5ad4a8ff52.tar.xz pki-538dee3554b0a84497afa78770706a5ad4a8ff52.zip |
Reorganized RA templates and scripts.
The templates, JS, and CGI scripts for RA have been moved into
the RA core package.
Ticket #407
Diffstat (limited to 'base/ra/apache/docroot/ee')
48 files changed, 4447 insertions, 0 deletions
diff --git a/base/ra/apache/docroot/ee/agent/enroll.cgi b/base/ra/apache/docroot/ee/agent/enroll.cgi new file mode 100755 index 000000000..4f1af8f16 --- /dev/null +++ b/base/ra/apache/docroot/ee/agent/enroll.cgi @@ -0,0 +1,127 @@ +#!/usr/bin/perl +# +# --- BEGIN COPYRIGHT BLOCK --- +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; version 2 of the License. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# +# Copyright (C) 2007 Red Hat, Inc. +# All rights reserved. +# --- END COPYRIGHT BLOCK --- +# +# +# +# + +package op; + +use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; + +use MIME::Base64; +use CGI; +use PKI::Service::Op; +use Template::Velocity; +use PKI::Base::Conf; +use PKI::Base::Registry; +use PKI::Request::Queue; +use PKI::Conn::CA; +use PKI::Base::PinStore; +use PKI::Base::Util; + +use vars qw (@ISA); +@ISA = qw(PKI::Service::Op); + +sub new { + my $self = {}; + bless ($self); + return $self; +} + +sub process() +{ + my $self = shift; + my $q = CGI->new(); + + my $util = PKI::Base::Util->new(); + + my $docroot = PKI::Base::Registry->get_docroot(); + my $parser = PKI::Base::Registry->get_parser(); + my $cfg = PKI::Base::Registry->get_config(); + + $self->debug_params($cfg, $q); + + my $uid = $util->get_val($q->param('uid')); + my $pin = $util->get_alphanum_val($q->param('pin')); + my $csr = $util->get_val($q->param('csr')); + $csr = $util->normalize_csr($csr); + + my $key = $uid; + + my $pin_store = PKI::Base::PinStore->new(); + $pin_store->open($cfg); + my $pinref = $pin_store->read_pin($key); + if (defined($pinref) && $pinref->{'pin'} eq $pin) { + $pin_store->delete($key); + } else { + $pin_store->close(); + print $q->redirect("/ee/error.cgi?error=Invalid Pin"); + return; + } + my $rid = $pinref->{'rid'}; + $pin_store->close(); + + my $profile_id = $cfg->get("request.agent.profileId"); + my $cert_request_type = $cfg->get("request.agent.reqType"); + + my $queue = PKI::Request::Queue->new(); + $queue->open($cfg); + my $req = $queue->read_request($rid); + $queue->set_request($rid, "subject_dn", "uid=$uid, e=$req->{'created_by'}"); + + my $ca = PKI::Conn::CA->new(); + $ca->open($cfg); + my $cert = $ca->enroll($rid, "ca1", $profile_id, $cert_request_type, $csr); + $ca->close(); + $queue->set_request($rid, "output", $cert); + + $req = $queue->read_request($rid); + if ($cert eq "") { + my $error = $req->{'errorString'}; + $queue->close(); + print $q->redirect("/ee/error.cgi?error=$error"); + return; + } + + my $decoded = decode_base64($cert); + my $encoded = encode_base64($decoded); + + my %context; + $context{cert} = $encoded; + $context{rid} = $util->html_encode($rid); + $context{subject_dn} = $util->html_encode($req->{'subject_dn'}); + $queue->close(); + + my $result = $parser->execute_file_with_context("ee/agent/enroll.vm", + \%context); + + my $xml = $q->param('xml'); + if ($xml eq "true") { + print "Content-Type: text/xml\n\n"; + print $self->xml_output(\%context); + } else { + print "Content-Type: text/html\n\n"; + print "$result"; + } +} + +my $op = op->new(); +$op->execute(); diff --git a/base/ra/apache/docroot/ee/agent/enroll.vm b/base/ra/apache/docroot/ee/agent/enroll.vm new file mode 100644 index 000000000..203b02696 --- /dev/null +++ b/base/ra/apache/docroot/ee/agent/enroll.vm @@ -0,0 +1,74 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> +<html> + +<title>Agent Certificate Enrollment</title> + <link rel="shortcut icon" href="/pki/images/favicon.ico" /> + <link rel="stylesheet" href="/pki/css/pki-base.css" type="text/css" /> + <META http-equiv=Content-Type content="text/html; charset=UTF-8"> + +</head> +<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366"> + +#include ( "header.vm" ) + +<div id="mainNavOuter"> +<div id="mainNav"> +<div id="mainNavInner"> + +</div><!-- end mainNavInner --> +</div><!-- end mainNav --> +</div><!-- end mainNavOuter --> + + +<div id="bar"> + +<div id="systembar"> +<div id="systembarinner"> + +<div> + - +</div> + + +</div> +</div> + +</div> + + +<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> +<a href="/ee/index.cgi">RA Services</a> : <a href="/ee/agent/index.cgi">Agent Enrollment</a><br /> +Enroll Interface +</font><br> +<p> +<b>Your Certificate:</b> +<br/> +<b>Subject DN:</b> $subject_dn +<br/> +<pre> +-----BEGIN CERTIFICATE----- +$cert +-----END CERTIFICATE----- +</pre> +<a href="/ee/request/importcert.cgi?id=$rid">import certificate</a> +#include ( "footer.vm" ) + +</body> +</html> diff --git a/base/ra/apache/docroot/ee/agent/index.cgi b/base/ra/apache/docroot/ee/agent/index.cgi new file mode 100755 index 000000000..66fceb8ff --- /dev/null +++ b/base/ra/apache/docroot/ee/agent/index.cgi @@ -0,0 +1,68 @@ +#!/usr/bin/perl +# +# --- BEGIN COPYRIGHT BLOCK --- +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; version 2 of the License. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# +# Copyright (C) 2007 Red Hat, Inc. +# All rights reserved. +# --- END COPYRIGHT BLOCK --- +# +# +# +# + +package op; + +use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; + +use CGI; +use PKI::Service::Op; +use PKI::Base::Registry; +use Template::Velocity; + +use vars qw (@ISA); +use PKI::Service::Op; +@ISA = qw(PKI::Service::Op); + +sub new { + my $self = {}; + bless ($self); + return $self; +} + +sub process() +{ + my $self = shift; + my $q = CGI->new(); + + my $docroot = PKI::Base::Registry->get_docroot(); + my $parser = PKI::Base::Registry->get_parser(); + my $cfg = PKI::Base::Registry->get_config(); + + my %context; + my $result = $parser->execute_file_with_context("ee/agent/index.vm", + \%context); + + my $xml = $q->param('xml'); + if ($xml eq "true") { + print "Content-Type: text/xml\n\n"; + print $self->xml_output(\%context); + } else { + print "Content-Type: text/html\n\n"; + print "$result"; + } +} + +my $op = op->new(); +$op->execute(); diff --git a/base/ra/apache/docroot/ee/agent/index.vm b/base/ra/apache/docroot/ee/agent/index.vm new file mode 100644 index 000000000..9fc991d6a --- /dev/null +++ b/base/ra/apache/docroot/ee/agent/index.vm @@ -0,0 +1,83 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> +<html> + +<title>RA End-Entity</title> + <link rel="shortcut icon" href="/pki/images/favicon.ico" /> + <link rel="stylesheet" href="/pki/css/pki-base.css" type="text/css" /> + <META http-equiv=Content-Type content="text/html; charset=UTF-8"> + +</head> +<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366"> + +#include ( "header.vm" ) + +<div id="mainNavOuter"> +<div id="mainNav"> +<div id="mainNavInner"> + +</div><!-- end mainNavInner --> +</div><!-- end mainNav --> +</div><!-- end mainNavOuter --> + + +<div id="bar"> + +<div id="systembar"> +<div id="systembarinner"> + +<div> + - +</div> + + +</div> +</div> + +</div> + + +<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> +<a href="/ee/index.cgi">RA Services</a> : <a href="/ee/agent/index.cgi">Agent Enrollment</a><br /> +</font><br> +<p> +For RA agent enrollment, an agent must submit a pin creation request first before performing certificate enrollment. +<p> +<center> +<table border="0" cellspacing="0" cellpadding="0"> +<tr valign="TOP"> +<td> +<font size=4 face="PrimaSans BT, Verdana, sans-serif"> +<li><a href="new.cgi">Pin Creation Request</a></li> +</font> +</td> +</tr> +<tr valign="TOP"> +<td> +<font size=4 face="PrimaSans BT, Verdana, sans-serif"> +<li><a href="start.cgi">Certificate Enrollment</a></li> +</font> +</td> +</tr> +</table> +</center> +#include ( "footer.vm" ) + +</body> +</html> diff --git a/base/ra/apache/docroot/ee/agent/new.cgi b/base/ra/apache/docroot/ee/agent/new.cgi new file mode 100755 index 000000000..c209f5e74 --- /dev/null +++ b/base/ra/apache/docroot/ee/agent/new.cgi @@ -0,0 +1,68 @@ +#!/usr/bin/perl +# +# --- BEGIN COPYRIGHT BLOCK --- +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; version 2 of the License. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# +# Copyright (C) 2007 Red Hat, Inc. +# All rights reserved. +# --- END COPYRIGHT BLOCK --- +# +# +# +# + +package op; + +use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; + +use CGI; +use PKI::Service::Op; +use PKI::Base::Registry; +use Template::Velocity; + +use vars qw (@ISA); +use PKI::Service::Op; +@ISA = qw(PKI::Service::Op); + +sub new { + my $self = {}; + bless ($self); + return $self; +} + +sub process() +{ + my $self = shift; + my $q = CGI->new(); + + my $docroot = PKI::Base::Registry->get_docroot(); + my $parser = PKI::Base::Registry->get_parser(); + my $cfg = PKI::Base::Registry->get_config(); + + my %context; + my $result = $parser->execute_file_with_context("ee/agent/new.vm", \%context); + + my $xml = $q->param('xml'); + if ($xml eq "true") { + print "Content-Type: text/xml\n\n"; + print $self->xml_output(\%context); + } else { + print "Content-Type: text/html\n\n"; + print "$result"; + } + +} + +my $op = op->new(); +$op->execute(); diff --git a/base/ra/apache/docroot/ee/agent/new.vm b/base/ra/apache/docroot/ee/agent/new.vm new file mode 100644 index 000000000..bca0a37fc --- /dev/null +++ b/base/ra/apache/docroot/ee/agent/new.vm @@ -0,0 +1,88 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> +<html> + +<title>Agent Certificate Request</title> + <link rel="shortcut icon" href="/pki/images/favicon.ico" /> + <link rel="stylesheet" href="/pki/css/pki-base.css" type="text/css" /> + <META http-equiv=Content-Type content="text/html; charset=UTF-8"> + +</head> +<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366"> + +#include ( "header.vm" ) + +<div id="mainNavOuter"> +<div id="mainNav"> +<div id="mainNavInner"> + +</div><!-- end mainNavInner --> +</div><!-- end mainNav --> +</div><!-- end mainNavOuter --> + + +<div id="bar"> + +<div id="systembar"> +<div id="systembarinner"> + +<div> + - +</div> + + +</div> +</div> + +</div> + + +<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> +<a href="/ee/index.cgi">RA Services</a> : <a href="/ee/agent/index.cgi">Agent Enrollment</a><br /> +Agent Interface +</font><br> +<p> +This form is for new agent to request for agent certificate. +<p> +<center> +<form method=post action="submit.cgi"> +<table border="0" cellspacing="1" cellpadding="1"> +<tr> + <td width=20%>UID:</td> + <td><input type=text name=uid value="" ></td> +</tr> +<tr> + <td>Your Email:</td> + <td><input type=text name=email value=""></td> +</tr> +<tr> + <td> </td> + <td> </td> +</tr> +<tr> + <td><input type=submit name=Submit value="Submit"></td> + <td></td> +</tr> +</table> +</form> +</center> +#include ( "footer.vm" ) + +</body> +</html> diff --git a/base/ra/apache/docroot/ee/agent/start.cgi b/base/ra/apache/docroot/ee/agent/start.cgi new file mode 100755 index 000000000..27aedb546 --- /dev/null +++ b/base/ra/apache/docroot/ee/agent/start.cgi @@ -0,0 +1,69 @@ +#!/usr/bin/perl +# +# --- BEGIN COPYRIGHT BLOCK --- +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; version 2 of the License. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# +# Copyright (C) 2007 Red Hat, Inc. +# All rights reserved. +# --- END COPYRIGHT BLOCK --- +# +# +# +# + +package op; + +use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; + +use CGI; +use PKI::Service::Op; +use PKI::Base::Registry; +use Template::Velocity; + +use vars qw (@ISA); +use PKI::Service::Op; +@ISA = qw(PKI::Service::Op); + +sub new { + my $self = {}; + bless ($self); + return $self; +} + +sub process() +{ + my $self = shift; + my $q = CGI->new(); + + my $docroot = PKI::Base::Registry->get_docroot(); + my $parser = PKI::Base::Registry->get_parser(); + my $cfg = PKI::Base::Registry->get_config(); + + my %context; + + my $result = $parser->execute_file_with_context("ee/agent/start.vm", + \%context); + + my $xml = $q->param('xml'); + if ($xml eq "true") { + print "Content-Type: text/xml\n\n"; + print $self->xml_output(\%context); + } else { + print "Content-Type: text/html\n\n"; + print "$result"; + } +} + +my $op = op->new(); +$op->execute(); diff --git a/base/ra/apache/docroot/ee/agent/start.vm b/base/ra/apache/docroot/ee/agent/start.vm new file mode 100644 index 000000000..b2b21dc1b --- /dev/null +++ b/base/ra/apache/docroot/ee/agent/start.vm @@ -0,0 +1,114 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> +<html> + +<title>Agent Certificate Request Using a One-Time Pin</title> + <link rel="shortcut icon" href="/pki/images/favicon.ico" /> + <link rel="stylesheet" href="/pki/css/pki-base.css" type="text/css" /> + <META http-equiv=Content-Type content="text/html; charset=UTF-8"> + +</head> +<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366"> + +#include ( "header.vm" ) + +<div id="mainNavOuter"> +<div id="mainNav"> +<div id="mainNavInner"> + +</div><!-- end mainNavInner --> +</div><!-- end mainNav --> +</div><!-- end mainNavOuter --> + + +<div id="bar"> + +<div id="systembar"> +<div id="systembarinner"> + +<div> + - +</div> + + +</div> +</div> + +</div> + +<SCRIPT LANGUAGE="JavaScript"> + +function validate() +{ + with (document.forms[0]) { + crmfObject = crypto.generateCRMFRequest( + "CN=x", + "regToken", "authenticator", + null, + "setCRMFRequest();", + 1024, null, "rsa-dual-use"); + return false; + } +} + +function setCRMFRequest() +{ + with (document.forms[0]) { + csr.value = crmfObject.request; + submit(); + } +} + +</SCRIPT> + + +<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> +<a href="/ee/index.cgi">RA Services</a> : <a href="/ee/agent/index.cgi">Agent Enrollment</a><br /> +Agent Interface +</font><br> +<p> +This form is for new RA agent to request a certificate. +<p> +<center> +<form onSubmit="return validate();" method=post action="enroll.cgi"> +<table border="0" cellspacing="1" cellpadding="1"> +<tr> + <td width=20%>UID:</td> + <td><input type=text name=uid value="" ></td> +</tr> +<tr> + <td>One-Time Pin:</td> + <td><input type=text name=pin value=""></td> +</tr> +<tr> + <td> </td> + <td> </td> +</tr> +<tr> + <td><input type=submit name=Submit value="Submit"></td> + <td></td> +</tr> +</table> +<input type=hidden name="csr" value=""> +</form> +</center> +#include ( "footer.vm" ) + +</body> +</html> diff --git a/base/ra/apache/docroot/ee/agent/submit.cgi b/base/ra/apache/docroot/ee/agent/submit.cgi new file mode 100755 index 000000000..a68242114 --- /dev/null +++ b/base/ra/apache/docroot/ee/agent/submit.cgi @@ -0,0 +1,88 @@ +#!/usr/bin/perl +# +# --- BEGIN COPYRIGHT BLOCK --- +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; version 2 of the License. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# +# Copyright (C) 2007 Red Hat, Inc. +# All rights reserved. +# --- END COPYRIGHT BLOCK --- +# +# +# +# + +package op; + +use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; + +use CGI; +use PKI::Service::Op; +use Template::Velocity; +use PKI::Base::Conf; +use PKI::Base::Util; +use PKI::Base::Registry; +use PKI::Request::Queue; + +use vars qw (@ISA); +use PKI::Service::Op; +@ISA = qw(PKI::Service::Op); + +sub new { + my $self = {}; + bless ($self); + return $self; +} + +sub process() +{ + my $self = shift; + my $q = CGI->new(); + + my $util = PKI::Base::Util->new(); + + my $docroot = PKI::Base::Registry->get_docroot(); + my $parser = PKI::Base::Registry->get_parser(); + my $cfg = PKI::Base::Registry->get_config(); + + my $uid = $util->get_val($q->param('uid')); + my $email = $util->get_val($q->param('email')); + + $self->debug_params($cfg, $q); + + my $queue = PKI::Request::Queue->new(); + $queue->open($cfg); + my $request_id = $queue->create_request("agent", + "uid=" . $uid, + "0", + $email); + my %context; + $context{request_id} = $util->html_encode($request_id); + $self->debug_log($cfg, "request $request_id created"); + $queue->close(); + + my $result = $parser->execute_file_with_context("ee/agent/submit.vm", + \%context); + + my $xml = $q->param('xml'); + if ($xml eq "true") { + print "Content-Type: text/xml\n\n"; + print $self->xml_output(\%context); + } else { + print "Content-Type: text/html\n\n"; + print "$result"; + } +} + +my $op = op->new(); +$op->execute(); diff --git a/base/ra/apache/docroot/ee/agent/submit.vm b/base/ra/apache/docroot/ee/agent/submit.vm new file mode 100644 index 000000000..aaabee929 --- /dev/null +++ b/base/ra/apache/docroot/ee/agent/submit.vm @@ -0,0 +1,73 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> +<html> + +<title>Agent Certificate Request Submission</title> + <link rel="shortcut icon" href="/pki/images/favicon.ico" /> + <link rel="stylesheet" href="/pki/css/pki-base.css" type="text/css" /> + <META http-equiv=Content-Type content="text/html; charset=UTF-8"> + +</head> +<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366"> + +#include ( "header.vm" ) + +<div id="mainNavOuter"> +<div id="mainNav"> +<div id="mainNavInner"> + +</div><!-- end mainNavInner --> +</div><!-- end mainNav --> +</div><!-- end mainNavOuter --> + + +<div id="bar"> + +<div id="systembar"> +<div id="systembarinner"> + +<div> + - +</div> + + +</div> +</div> + +</div> + + +<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> +<a href="/ee/index.cgi">RA Services</a> : <a href="/ee/agent/index.cgi">Agent Enrollment</a><br /> +</font><br> +<p> +Your request has been successfully submitted. +<p> +<center> +<table border="0" cellspacing="1" cellpadding="1"> +<tr> + <td width=20%>Request ID:</td> + <td><a href="/ee/request/status.cgi?id=$request_id">$request_id</td> +</tr> +</table> +</center> +#include ( "footer.vm" ) + +</body> +</html> diff --git a/base/ra/apache/docroot/ee/error.cgi b/base/ra/apache/docroot/ee/error.cgi new file mode 100755 index 000000000..1417d4b61 --- /dev/null +++ b/base/ra/apache/docroot/ee/error.cgi @@ -0,0 +1,81 @@ +#!/usr/bin/perl +# +# --- BEGIN COPYRIGHT BLOCK --- +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; version 2 of the License. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# +# Copyright (C) 2007 Red Hat, Inc. +# All rights reserved. +# --- END COPYRIGHT BLOCK --- +# +# +# +# + +package op; + +use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; + +use CGI; +use Template::Velocity; +use PKI::Base::Conf; +use PKI::Base::UserStore; +use PKI::Base::Util; +use PKI::Base::Registry; + +use vars qw (@ISA); +use PKI::Service::Op; +@ISA = qw(PKI::Service::Op); + +sub new { + my $self = {}; + bless ($self); + return $self; +} + +sub process() +{ + my $self = shift; + + my $q = CGI->new(); + + my $docroot = PKI::Base::Registry->get_docroot(); + my $parser = PKI::Base::Registry->get_parser(); + my $cfg = PKI::Base::Registry->get_config(); + + $self->debug_params($cfg, $q); + + my $util = PKI::Base::Util->new(); + + my %context; + + my $error = $util->get_val($q->param('error')); + if ($error ne "") { + $context{has_error} = 1; + $context{'error'} = $util->html_encode($error); + } + + my $result = $parser->execute_file_with_context("ee/error.vm", \%context); + + my $xml = $q->param('xml'); + if ($xml eq "true") { + print "Content-Type: text/xml\n\n"; + print $self->xml_output(\%context); + } else { + print "Content-Type: text/html\n\n"; + print "$result"; + } +} + +my $op = op->new(); +$op->execute(); diff --git a/base/ra/apache/docroot/ee/error.vm b/base/ra/apache/docroot/ee/error.vm new file mode 100644 index 000000000..0c4e7afcb --- /dev/null +++ b/base/ra/apache/docroot/ee/error.vm @@ -0,0 +1,71 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> +<html> + +<title>RA End-Entity Error!</title> + <link rel="shortcut icon" href="/pki/images/favicon.ico" /> + <link rel="stylesheet" href="/pki/css/pki-base.css" type="text/css" /> + <META http-equiv=Content-Type content="text/html; charset=UTF-8"> + +</head> +<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366"> + +#include ( "header.vm" ) + +<div id="mainNavOuter"> +<div id="mainNav"> +<div id="mainNavInner"> + +</div><!-- end mainNavInner --> +</div><!-- end mainNav --> +</div><!-- end mainNavOuter --> + + +<div id="bar"> + +<div id="systembar"> +<div id="systembarinner"> + +<div> + - +</div> + + +</div> +</div> + +</div> + + +<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> +EE Interface +</font><br> +<p> +<center> +Request process error +<br> +#if ($has_error) + Error: $error +#end + +</center> +#include ( "footer.vm" ) + +</body> +</html> diff --git a/base/ra/apache/docroot/ee/index.cgi b/base/ra/apache/docroot/ee/index.cgi new file mode 100755 index 000000000..453b2873b --- /dev/null +++ b/base/ra/apache/docroot/ee/index.cgi @@ -0,0 +1,68 @@ +#!/usr/bin/perl +# +# --- BEGIN COPYRIGHT BLOCK --- +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; version 2 of the License. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# +# Copyright (C) 2007 Red Hat, Inc. +# All rights reserved. +# --- END COPYRIGHT BLOCK --- +# +# +# +# + +package op; + +use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; + +use CGI; +use PKI::Service::Op; +use Template::Velocity; +use PKI::Base::Registry; + +use vars qw (@ISA); +use PKI::Service::Op; +@ISA = qw(PKI::Service::Op); + +sub new { + my $self = {}; + bless ($self); + return $self; +} + +sub process() +{ + my $self = shift; + + my $q = CGI->new(); + + my $docroot = PKI::Base::Registry->get_docroot(); + my $parser = PKI::Base::Registry->get_parser(); + my $cfg = PKI::Base::Registry->get_config(); + + my %context; + my $result = $parser->execute_file_with_context("ee/index.vm", \%context); + + my $xml = $q->param('xml'); + if ($xml eq "true") { + print "Content-Type: text/xml\n\n"; + print $self->xml_output(\%context); + } else { + print "Content-Type: text/html\n\n"; + print "$result"; + } +} + +my $op = op->new(); +$op->execute(); diff --git a/base/ra/apache/docroot/ee/index.vm b/base/ra/apache/docroot/ee/index.vm new file mode 100644 index 000000000..70f3443ab --- /dev/null +++ b/base/ra/apache/docroot/ee/index.vm @@ -0,0 +1,102 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> +<html> + +<title>RA End-Entity</title> + <link rel="shortcut icon" href="/pki/images/favicon.ico" /> + <link rel="stylesheet" href="/pki/css/pki-base.css" type="text/css" /> + <META http-equiv=Content-Type content="text/html; charset=UTF-8"> + +</head> +<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366"> + +#include ( "header.vm" ) + +<div id="mainNavOuter"> +<div id="mainNav"> +<div id="mainNavInner"> + +</div><!-- end mainNavInner --> +</div><!-- end mainNav --> +</div><!-- end mainNavOuter --> + + +<div id="bar"> + +<div id="systembar"> +<div id="systembarinner"> + +<div> + - +</div> + + +</div> +</div> + +</div> + + +<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> +RA EE Services +</font><br> +<p> +<center> +<table border="0" cellspacing="0" cellpadding="0"> +<tr valign="TOP"> +<td> +<font size=4 face="PrimaSans BT, Verdana, sans-serif"> +<li><a href="/ee/scep/index.cgi">SCEP Enrollment</a></li> +</font> +</td> +</tr> +<tr valign="TOP"> +<td> +<font size=4 face="PrimaSans BT, Verdana, sans-serif"> +<li><a href="/ee/server/index.cgi">Server Enrollment</a></li> +</font> +</td> +</tr> +<tr valign="TOP"> +<td> +<font size=4 face="PrimaSans BT, Verdana, sans-serif"> +<li><a href="/ee/user/index.cgi">User Enrollment</a></li> +</font> +</td> +</tr> +<tr valign="TOP"> +<td> +<font size=4 face="PrimaSans BT, Verdana, sans-serif"> +<li><a href="/ee/agent/index.cgi">Agent Enrollment</a></li> +</font> +</td> +</tr> +<tr valign="TOP"> +<td> +<font size=4 face="PrimaSans BT, Verdana, sans-serif"> +<li><a href="/ee/request/index.cgi">Request Status Check</a></li> +</font> +</td> +</tr> +</table> +</center> +#include ( "footer.vm" ) + +</body> +</html> diff --git a/base/ra/apache/docroot/ee/request/getcert.cgi b/base/ra/apache/docroot/ee/request/getcert.cgi new file mode 100755 index 000000000..b22444dc1 --- /dev/null +++ b/base/ra/apache/docroot/ee/request/getcert.cgi @@ -0,0 +1,93 @@ +#!/usr/bin/perl +# +# --- BEGIN COPYRIGHT BLOCK --- +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; version 2 of the License. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# +# Copyright (C) 2007 Red Hat, Inc. +# All rights reserved. +# --- END COPYRIGHT BLOCK --- +# +# +# +# + +package op; + +use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; + +use DBI; +use CGI; +use PKI::Service::Op; +use PKI::Base::Conf; +use PKI::Base::Util; +use PKI::Base::Registry; +use PKI::Request::Queue; +use Template::Velocity; +use MIME::Base64; +use Encode; + +use vars qw (@ISA); +use PKI::Service::Op; +@ISA = qw(PKI::Service::Op); + +sub new { + my $self = {}; + bless ($self); + return $self; +} + +sub process() +{ + my $self = shift; + my $q = CGI->new(); + + my $util = PKI::Base::Util->new(); + + my $id = $util->get_alphanum_val($q->param('id')); + + my $docroot = PKI::Base::Registry->get_docroot(); + my $parser = PKI::Base::Registry->get_parser(); + my $cfg = PKI::Base::Registry->get_config(); + + $self->debug_params($cfg, $q); + + my $queue = PKI::Request::Queue->new(); + $queue->open($cfg); + my $req = $queue->read_request($id); + $queue->close(); + + my %context; + $context{id} = $util->html_encode($req->{'rowid'}); + $context{serialno} = $util->html_encode($req->{'serialno'}); + $context{subject_dn} = $util->html_encode(Encode::decode('UTF-8', $req->{'subject_dn'})); + if ($req->{'serialno'} eq "unavailable") { + $context{output} = ""; + } else { + $context{output} = "-----BEGIN CERTIFICATE-----\n".$util->breakline($util->html_encode($req->{'output'}), 40)."\n-----END CERTIFICATE-----"; + } + my $result = $parser->execute_file_with_context("ee/request/getcert.vm", + \%context); + + my $xml = $q->param('xml'); + if ($xml eq "true") { + print "Content-Type: text/xml\n\n"; + print $self->xml_output(\%context); + } else { + print "Content-Type: text/html\n\n"; + print "$result"; + } +} + +my $op = op->new(); +$op->execute(); diff --git a/base/ra/apache/docroot/ee/request/getcert.vm b/base/ra/apache/docroot/ee/request/getcert.vm new file mode 100644 index 000000000..40387a7ef --- /dev/null +++ b/base/ra/apache/docroot/ee/request/getcert.vm @@ -0,0 +1,72 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> +<html> + +<title>Import Certificate</title> + <link rel="shortcut icon" href="/pki/images/favicon.ico" /> + <link rel="stylesheet" href="/pki/css/pki-base.css" type="text/css" /> + <META http-equiv=Content-Type content="text/html; charset=UTF-8"> + +</head> +<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366"> + +#include ( "header.vm" ) + +<div id="mainNavOuter"> +<div id="mainNav"> +<div id="mainNavInner"> + +</div><!-- end mainNavInner --> +</div><!-- end mainNav --> +</div><!-- end mainNavOuter --> + + +<div id="bar"> + +<div id="systembar"> +<div id="systembarinner"> + +<div> + - +</div> + + +</div> +</div> + +</div> + + +<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> +<a href="/ee/index.cgi">RA Services</a> : <a href="/ee/request/index.cgi">Request Status Check</a> +<br/> +Certificate Import +</font><br> +<p> +<p> +<b>Serial Number:</b>$serialno<br> +<b>Subject DN:</b>$subject_dn<br><br> +<b>Base64 Encoding:</b><br> + <pre>$output</pre> +<b>Import Certificate (click on the following link to import):</b><br> +<a href="importcert.cgi?id=$id">import certificate</a> +#include ( "footer.vm" ) + +</body> +</html> diff --git a/base/ra/apache/docroot/ee/request/importcert.cgi b/base/ra/apache/docroot/ee/request/importcert.cgi new file mode 100755 index 000000000..fdc309746 --- /dev/null +++ b/base/ra/apache/docroot/ee/request/importcert.cgi @@ -0,0 +1,82 @@ +#!/usr/bin/perl +# +# --- BEGIN COPYRIGHT BLOCK --- +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; version 2 of the License. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# +# Copyright (C) 2007 Red Hat, Inc. +# All rights reserved. +# --- END COPYRIGHT BLOCK --- +# +# +# +# + +package op; + +use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; + +use DBI; +use CGI; +use PKI::Service::Op; +use PKI::Base::Conf; +use PKI::Base::Util; +use PKI::Base::Registry; +use PKI::Request::Queue; +use Template::Velocity; +use MIME::Base64; + +use vars qw (@ISA); +use PKI::Service::Op; +@ISA = qw(PKI::Service::Op); + +sub new { + my $self = {}; + bless ($self); + return $self; +} + +sub process() +{ + my $self = shift; + my $q = CGI->new(); + + my $util = PKI::Base::Util->new(); + + my $id = $util->get_alphanum_val($q->param('id')); + + my $docroot = PKI::Base::Registry->get_docroot(); + my $parser = PKI::Base::Registry->get_parser(); + my $cfg = PKI::Base::Registry->get_config(); + + $self->debug_params($cfg, $q); + + my $queue = PKI::Request::Queue->new(); + $queue->open($cfg); + my $req = $queue->read_request($id); + $queue->close(); + + my %context; +# $::symbol{id} = $req->{'rowid'}; +# $::symbol{status} = $req->{'status'}; + +# my $result = $parser->execute_file("ee/request/status.vm"); + + my $cert = MIME::Base64::decode($req->{'output'}); + + print "Content-Type: application/x-x509-user-cert\n\n"; + print $cert; +} + +my $op = op->new(); +$op->execute(); diff --git a/base/ra/apache/docroot/ee/request/index.cgi b/base/ra/apache/docroot/ee/request/index.cgi new file mode 100755 index 000000000..ef2a68b23 --- /dev/null +++ b/base/ra/apache/docroot/ee/request/index.cgi @@ -0,0 +1,68 @@ +#!/usr/bin/perl +# +# --- BEGIN COPYRIGHT BLOCK --- +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; version 2 of the License. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# +# Copyright (C) 2007 Red Hat, Inc. +# All rights reserved. +# --- END COPYRIGHT BLOCK --- +# +# +# +# + +package op; + +use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; + +use CGI; +use PKI::Service::Op; +use Template::Velocity; +use PKI::Base::Registry; + +use vars qw (@ISA); +use PKI::Service::Op; +@ISA = qw(PKI::Service::Op); + +sub new { + my $self = {}; + bless ($self); + return $self; +} + +sub process() +{ + my $self = shift; + my $q = CGI->new(); + + my $docroot = PKI::Base::Registry->get_docroot(); + my $parser = PKI::Base::Registry->get_parser(); + my $cfg = PKI::Base::Registry->get_config(); + + my %context; + my $result = $parser->execute_file_with_context("ee/request/index.vm", + \%context); + + my $xml = $q->param('xml'); + if ($xml eq "true") { + print "Content-Type: text/xml\n\n"; + print $self->xml_output(\%context); + } else { + print "Content-Type: text/html\n\n"; + print "$result"; + } +} + +my $op = op->new(); +$op->execute(); diff --git a/base/ra/apache/docroot/ee/request/index.vm b/base/ra/apache/docroot/ee/request/index.vm new file mode 100644 index 000000000..42dc259ac --- /dev/null +++ b/base/ra/apache/docroot/ee/request/index.vm @@ -0,0 +1,67 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> +<html> + +<title>RA End-Entity</title> + <link rel="shortcut icon" href="/pki/images/favicon.ico" /> + <link rel="stylesheet" href="/pki/css/pki-base.css" type="text/css" /> + <META http-equiv=Content-Type content="text/html; charset=UTF-8"> + +</head> +<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366"> + +#include ( "header.vm" ) + +<div id="mainNavOuter"> +<div id="mainNav"> +<div id="mainNavInner"> + +</div><!-- end mainNavInner --> +</div><!-- end mainNav --> +</div><!-- end mainNavOuter --> + + +<div id="bar"> + +<div id="systembar"> +<div id="systembarinner"> + +<div> + - +</div> + + +</div> +</div> + +</div> + + +<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> +<a href="/ee/index.cgi">RA Services</a> : <a href="/ee/request/index.cgi">Request Status</a><br /> +</font><br> +<p> +<form name=form method=post action="status.cgi"> +Request Id: <input type=text name=id value=""> +</form> +<a href="#" onclick="document.form.submit();">Check</a> +#include ( "footer.vm" ) + +</body> +</html> diff --git a/base/ra/apache/docroot/ee/request/status.cgi b/base/ra/apache/docroot/ee/request/status.cgi new file mode 100755 index 000000000..6a3154716 --- /dev/null +++ b/base/ra/apache/docroot/ee/request/status.cgi @@ -0,0 +1,94 @@ +#!/usr/bin/perl +# +# --- BEGIN COPYRIGHT BLOCK --- +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; version 2 of the License. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# +# Copyright (C) 2007 Red Hat, Inc. +# All rights reserved. +# --- END COPYRIGHT BLOCK --- +# +# +# +# + +package op; + +use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; + +use DBI; +use CGI; +use PKI::Service::Op; +use PKI::Base::Conf; +use PKI::Base::Util; +use PKI::Base::Registry; +use PKI::Request::Queue; +use Template::Velocity; + +use vars qw (@ISA); +use PKI::Service::Op; +@ISA = qw(PKI::Service::Op); + +sub new { + my $self = {}; + bless ($self); + return $self; +} + +sub process() +{ + my $self = shift; + my $q = CGI->new(); + + + my $util = PKI::Base::Util->new(); + + my $id = $util->get_alphanum_val($q->param('id')); + + my $docroot = PKI::Base::Registry->get_docroot(); + my $parser = PKI::Base::Registry->get_parser(); + my $cfg = PKI::Base::Registry->get_config(); + + $self->debug_params($cfg, $q); + + my $queue = PKI::Request::Queue->new(); + $queue->open($cfg); + my $req = $queue->read_request($id); + $queue->close(); + if ($req == "") { + print $q->redirect("/ee/error.cgi?error=request%20not%20found"); + return; + } + + my %context; + $context{id} = $util->html_encode($req->{'rowid'}); + $context{type} =$util->html_encode($req->{'type'}); + $context{status} = $util->html_encode($req->{'status'}); + $context{serialno} = $util->html_encode($req->{'serialno'}); + $context{errorString} = $util->html_encode($req->{'errorString'}); + + my $result = $parser->execute_file_with_context("ee/request/status.vm", + \%context); + + my $xml = $q->param('xml'); + if ($xml eq "true") { + print "Content-Type: text/xml\n\n"; + print $self->xml_output(\%context); + } else { + print "Content-Type: text/html\n\n"; + print "$result"; + } +} + +my $op = op->new(); +$op->execute(); diff --git a/base/ra/apache/docroot/ee/request/status.vm b/base/ra/apache/docroot/ee/request/status.vm new file mode 100644 index 000000000..ed61cdbe4 --- /dev/null +++ b/base/ra/apache/docroot/ee/request/status.vm @@ -0,0 +1,91 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> +<html> + +<title>Certificate Request Status</title> + <link rel="shortcut icon" href="/pki/images/favicon.ico" /> + <link rel="stylesheet" href="/pki/css/pki-base.css" type="text/css" /> + <META http-equiv=Content-Type content="text/html; charset=UTF-8"> + +</head> +<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366"> + +#include ( "header.vm" ) + +<div id="mainNavOuter"> +<div id="mainNav"> +<div id="mainNavInner"> + +</div><!-- end mainNavInner --> +</div><!-- end mainNav --> +</div><!-- end mainNavOuter --> + + +<div id="bar"> + +<div id="systembar"> +<div id="systembarinner"> + +<div> + - +</div> + + +</div> +</div> + +</div> + + +<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> +<a href="/ee/index.cgi">RA Services</a> : <a href="/ee/request/index.cgi">Request Status Check</a> +<br/> +Request Status +</font><br> +<p> +<p> +<center> +<table border="0" cellspacing="1" cellpadding="1"> +<tr> + <td width=20%><b>Request ID:</b></td> + <td><a href="status.cgi?id=$id">$id</a></td> +</tr> +<tr> + <td width=20%><b>Status:</b></td> + <td>$status</td> +</tr> +<tr> + <td width=20%><b>Error Message:</b></td> + <td>$errorString</td> +</tr> +#if ($status == "APPROVED") +#if ($serialno != "unavailable") +<tr> + <td width=20%><b>Import Certificate:</b></td> + <td><a href="getcert.cgi?id=$id">$id</td> +</tr> +#end +#end +</table> +</form> +</center> +#include ( "footer.vm" ) + +</body> +</html> diff --git a/base/ra/apache/docroot/ee/scep/enroll.cgi b/base/ra/apache/docroot/ee/scep/enroll.cgi new file mode 100755 index 000000000..53291636a --- /dev/null +++ b/base/ra/apache/docroot/ee/scep/enroll.cgi @@ -0,0 +1,112 @@ +#!/usr/bin/perl +# +# --- BEGIN COPYRIGHT BLOCK --- +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; version 2 of the License. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# +# Copyright (C) 2007 Red Hat, Inc. +# All rights reserved. +# --- END COPYRIGHT BLOCK --- +# +# +# +# + +package op; + +use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; + +use MIME::Base64; +use URI::URL; +use URI::Escape; +use XML::Simple; +use CGI; +use PKI::Base::Conf; +use PKI::Base::Util; +use PKI::Base::Registry; +use PKI::Service::Op; +use Template::Velocity; +use PKI::Conn::CA; +use PKI::Base::PinStore; + +use vars qw (@ISA); +use PKI::Service::Op; +@ISA = qw(PKI::Service::Op); + +sub new { + my $self = {}; + bless ($self); + return $self; +} + +sub process() +{ + my $self = shift; + my $q = CGI->new(); + + my $util = PKI::Base::Util->new(); + + my $docroot = PKI::Base::Registry->get_docroot(); + my $parser = PKI::Base::Registry->get_parser(); + my $cfg = PKI::Base::Registry->get_config(); + + $self->debug_params($cfg, $q); + + my $client_id = $util->get_val($q->param('client_id')); + my $site_id = $util->get_val($q->param('site_id')); + my $pin = $util->get_alphanum_val($q->param('pin')); + my $csr = $util->get_val($q->param('csr')); + + my $key = $client_id . "/" . $site_id; + + my $pin_store = PKI::Base::PinStore->new(); + $pin_store->open($cfg); + my $pinref = $pin_store->read_pin($key); + if (defined($pinref) && $pinref->{'pin'} eq $pin) { + $pin_store->delete($key); + } else { + $pin_store->close(); + # error, redirect user back to the original enrollment page + print $q->redirect("/ee/scep/installer.cgi"); + return; + } + $pin_store->close(); + + my $profile_id = $cfg->get("request.scep.profileId"); + my $cert_request_type = $cfg->get("request.scep.reqType"); + + my $ca = PKI::Conn::CA->new(); + $ca->open($cfg); + my $cert = $ca->enroll($pinref->{'rid'}, "ca1", $profile_id, $cert_request_type, $csr); + $ca->close(); + my $decoded = decode_base64($cert); + my $encoded = encode_base64($decoded); + + my %context; + $context{cert} = $encoded; + + my $result = $parser->execute_file_with_context("ee/scep/enroll.vm", + \%context); + + my $xml = $q->param('xml'); + if ($xml eq "true") { + print "Content-Type: text/xml\n\n"; + print $self->xml_output(\%context); + } else { + print "Content-Type: text/html\n\n"; + print "$result"; + } +} + +my $op = op->new(); +$op->execute(); diff --git a/base/ra/apache/docroot/ee/scep/enroll.vm b/base/ra/apache/docroot/ee/scep/enroll.vm new file mode 100644 index 000000000..2893eac1c --- /dev/null +++ b/base/ra/apache/docroot/ee/scep/enroll.vm @@ -0,0 +1,74 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> +<html> + +<title>SCEP Router Enrollment</title> + <link rel="shortcut icon" href="/pki/images/favicon.ico" /> + <link rel="stylesheet" href="/pki/css/pki-base.css" type="text/css" /> + <META http-equiv=Content-Type content="text/html; charset=UTF-8"> + +</head> +<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366"> + +#include ( "header.vm" ) + +<div id="mainNavOuter"> +<div id="mainNav"> +<div id="mainNavInner"> + +</div><!-- end mainNavInner --> +</div><!-- end mainNav --> +</div><!-- end mainNavOuter --> + + +<div id="bar"> + +<div id="systembar"> +<div id="systembarinner"> + +<div> + - +</div> + + +</div> +</div> + +</div> + + +<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> +<a href="/ee/index.cgi">RA Services</a> : +<a href="/ee/scep/index.cgi">SCEP Enrollment</a><br /> +Installer Interface +</font><br> +<p> +This form is for router installer to retrieve the requested certificate. +<p> + <b>Your Certificate:</b> +<br/> +<pre> +-----BEGIN CERTIFICATE----- +$cert +-----END CERTIFICATE----- +</pre> +#include ( "footer.vm" ) + +</body> +</html> diff --git a/base/ra/apache/docroot/ee/scep/index.cgi b/base/ra/apache/docroot/ee/scep/index.cgi new file mode 100755 index 000000000..c73fc379a --- /dev/null +++ b/base/ra/apache/docroot/ee/scep/index.cgi @@ -0,0 +1,68 @@ +#!/usr/bin/perl +# +# --- BEGIN COPYRIGHT BLOCK --- +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; version 2 of the License. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# +# Copyright (C) 2007 Red Hat, Inc. +# All rights reserved. +# --- END COPYRIGHT BLOCK --- +# +# +# +# + +package op; + +use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; + +use CGI; +use PKI::Service::Op; +use Template::Velocity; +use PKI::Base::Registry; + +use vars qw (@ISA); +use PKI::Service::Op; +@ISA = qw(PKI::Service::Op); + +sub new { + my $self = {}; + bless ($self); + return $self; +} + +sub process() +{ + my $self = shift; + my $q = CGI->new(); + + my $docroot = PKI::Base::Registry->get_docroot(); + my $parser = PKI::Base::Registry->get_parser(); + my $cfg = PKI::Base::Registry->get_config(); + + my %context; + my $result = $parser->execute_file_with_context("ee/scep/index.vm", + \%context); + + my $xml = $q->param('xml'); + if ($xml eq "true") { + print "Content-Type: text/xml\n\n"; + print $self->xml_output(\%context); + } else { + print "Content-Type: text/html\n\n"; + print "$result"; + } +} + +my $op = op->new(); +$op->execute(); diff --git a/base/ra/apache/docroot/ee/scep/index.vm b/base/ra/apache/docroot/ee/scep/index.vm new file mode 100644 index 000000000..3d75a8d40 --- /dev/null +++ b/base/ra/apache/docroot/ee/scep/index.vm @@ -0,0 +1,83 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> +<html> + +<title>RA End-Entity</title> + <link rel="shortcut icon" href="/pki/images/favicon.ico" /> + <link rel="stylesheet" href="/pki/css/pki-base.css" type="text/css" /> + <META http-equiv=Content-Type content="text/html; charset=UTF-8"> + +</head> +<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366"> + +#include ( "header.vm" ) + +<div id="mainNavOuter"> +<div id="mainNav"> +<div id="mainNavInner"> + +</div><!-- end mainNavInner --> +</div><!-- end mainNav --> +</div><!-- end mainNavOuter --> + + +<div id="bar"> + +<div id="systembar"> +<div id="systembarinner"> + +<div> + - +</div> + + +</div> +</div> + +</div> + + +<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> +<a href="/ee/index.cgi">RA Services</a> : <a href="/ee/scep/index.cgi">SCEP Enrollment</a><br /> +</font><br> +<p> +In the SCEP enrollment, a manager must firstly submit a one-time pin creation request to the RA. RA Agent will then approve and generate an one-time pin. The pin will be returned to the manager who will give the pin to a local router installer. The router installer visits the enrollment form where certificate request, one time pin and other necessary information are submitted. The system will issue the certificate immediately. +<p> +<center> +<table border="0" cellspacing="0" cellpadding="0"> +<tr valign="TOP"> +<td> +<font size=4 face="PrimaSans BT, Verdana, sans-serif"> +<li><a href="manager.cgi">Request Submission - Manager</a></li> +</font> +</td> +</tr> +<tr valign="TOP"> +<td> +<font size=4 face="PrimaSans BT, Verdana, sans-serif"> +<li><a href="installer.cgi">SCEP Enrollment - Installer</a></li> +</font> +</td> +</tr> +</table> +</center> +#include ( "footer.vm" ) + +</body> +</html> diff --git a/base/ra/apache/docroot/ee/scep/installer.cgi b/base/ra/apache/docroot/ee/scep/installer.cgi new file mode 100755 index 000000000..8453c2cc4 --- /dev/null +++ b/base/ra/apache/docroot/ee/scep/installer.cgi @@ -0,0 +1,74 @@ +#!/usr/bin/perl +# +# --- BEGIN COPYRIGHT BLOCK --- +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; version 2 of the License. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# +# Copyright (C) 2007 Red Hat, Inc. +# All rights reserved. +# --- END COPYRIGHT BLOCK --- +# +# +# +# + +package op; + +use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; + +use CGI; +use PKI::Service::Op; +use Template::Velocity; +use PKI::Base::Conf; +use PKI::Base::Registry; + +use vars qw (@ISA); +use PKI::Service::Op; +@ISA = qw(PKI::Service::Op); + +sub new { + my $self = {}; + bless ($self); + return $self; +} + +sub process() +{ + my $self = shift; + my $q = CGI->new(); + + my $docroot = PKI::Base::Registry->get_docroot(); + my $parser = PKI::Base::Registry->get_parser(); + my $cfg = PKI::Base::Registry->get_config(); + + $self->debug_params($cfg, $q); + + my %context; + $context{machine} = $cfg->get("service.machineName"); + $context{port} = $cfg->get("service.unsecurePort"); + + my $result = $parser->execute_file_with_context("ee/scep/installer.vm", + \%context); + + my $xml = $q->param('xml'); + if ($xml eq "true") { + print "Content-Type: text/xml\n\n"; + print $self->xml_output(\%context); + } else { + print "Content-Type: text/html\n\n"; + print "$result"; + } +} + +my $op = op->new(); +$op->execute(); diff --git a/base/ra/apache/docroot/ee/scep/installer.vm b/base/ra/apache/docroot/ee/scep/installer.vm new file mode 100644 index 000000000..be9f969ac --- /dev/null +++ b/base/ra/apache/docroot/ee/scep/installer.vm @@ -0,0 +1,73 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> +<html> + +<title>SCEP Router Request Using a One-Time Pin</title> + <link rel="shortcut icon" href="/pki/images/favicon.ico" /> + <link rel="stylesheet" href="/pki/css/pki-base.css" type="text/css" /> + <META http-equiv=Content-Type content="text/html; charset=UTF-8"> + +</head> +<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366"> + +#include ( "header.vm" ) + +<div id="mainNavOuter"> +<div id="mainNav"> +<div id="mainNavInner"> + +</div><!-- end mainNavInner --> +</div><!-- end mainNav --> +</div><!-- end mainNavOuter --> + + +<div id="bar"> + +<div id="systembar"> +<div id="systembarinner"> + +<div> + - +</div> + + +</div> +</div> + +</div> + + +<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> +<a href="/ee/index.cgi">RA Services</a> : +<a href="/ee/scep/index.cgi">SCEP Enrollment</a><br /> +Installer Interface +</font><br> +<p> +This form is for router installer to request a certificate with the given one time pin. +<p> +<center> +The SCEP enrollment URL for the router is: +<br/> +<br/> +http://$machine:$port/ee/scep/pkiclient.cgi +</center> +#include ( "footer.vm" ) + +</body> +</html> diff --git a/base/ra/apache/docroot/ee/scep/manager.cgi b/base/ra/apache/docroot/ee/scep/manager.cgi new file mode 100755 index 000000000..8b547a928 --- /dev/null +++ b/base/ra/apache/docroot/ee/scep/manager.cgi @@ -0,0 +1,68 @@ +#!/usr/bin/perl +# +# --- BEGIN COPYRIGHT BLOCK --- +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; version 2 of the License. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# +# Copyright (C) 2007 Red Hat, Inc. +# All rights reserved. +# --- END COPYRIGHT BLOCK --- +# +# +# +# + +package op; + +use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; + +use CGI; +use PKI::Service::Op; +use Template::Velocity; +use PKI::Base::Registry; + +use vars qw (@ISA); +use PKI::Service::Op; +@ISA = qw(PKI::Service::Op); + +sub new { + my $self = {}; + bless ($self); + return $self; +} + +sub process() +{ + my $self = shift; + my $q = CGI->new(); + + my $docroot = PKI::Base::Registry->get_docroot(); + my $parser = PKI::Base::Registry->get_parser(); + my $cfg = PKI::Base::Registry->get_config(); + + my %context; + my $result = $parser->execute_file_with_context("ee/scep/manager.vm", + \%context); + + my $xml = $q->param('xml'); + if ($xml eq "true") { + print "Content-Type: text/xml\n\n"; + print $self->xml_output(\%context); + } else { + print "Content-Type: text/html\n\n"; + print "$result"; + } +} + +my $op = op->new(); +$op->execute(); diff --git a/base/ra/apache/docroot/ee/scep/manager.vm b/base/ra/apache/docroot/ee/scep/manager.vm new file mode 100644 index 000000000..e5b6abed5 --- /dev/null +++ b/base/ra/apache/docroot/ee/scep/manager.vm @@ -0,0 +1,123 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> +<html> + +<title>SCEP Router Manager Request for a One-Time Pin</title> + <link rel="shortcut icon" href="/pki/images/favicon.ico" /> + <link rel="stylesheet" href="/pki/css/pki-base.css" type="text/css" /> + <META http-equiv=Content-Type content="text/html; charset=UTF-8"> + +</head> +<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366"> + +#include ( "header.vm" ) + +<div id="mainNavOuter"> +<div id="mainNav"> +<div id="mainNavInner"> + +</div><!-- end mainNavInner --> +</div><!-- end mainNav --> +</div><!-- end mainNavOuter --> + + +<div id="bar"> + +<div id="systembar"> +<div id="systembarinner"> + +<div> + - +</div> + + +</div> +</div> + +</div> + + +<SCRIPT LANGUAGE="JavaScript"> + +function validate() +{ + var c = document.enrollment.client_id.value; + if (c == '') { + alert("client id is empty"); + return false; + } + var s = document.enrollment.site_id.value; + if (s == '') { + alert("site id is empty"); + return false; + } + var e = document.enrollment.email.value; + if (e == '') { + alert("email is empty"); + return false; + } +} + +</SCRIPT> + +<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> +<a href="/ee/index.cgi">RA Services</a> : +<a href="/ee/scep/index.cgi">SCEP Enrollment</a><br /> +Manager Interface +</font><br> +<p> +This form is for manager to request for a one time pin so that router installer can request for a certificate. +<p> +<script language=javascript> +<!-- + if (navigator.appName == "Microsoft Internet Explorer") { + document.writeln('<form name="enrollment" method=post action="submit.cgi">'); } else { + document.writeln('<form name="enrollment" onSubmit="return validate();" method=post action="submit.cgi">'); } +--> +</script> + +<center> +<table border="0" cellspacing="1" cellpadding="1"> +<tr> + <td width=20%>Client ID:</td> + <td><input type=text name=client_id value="" ></td> +</tr> +<tr> + <td>Site ID (IP Address):</td> + <td><input type=text name=site_id value=""></td> +</tr> +<tr> + <td>Your Email:</td> + <td><input type=text name=email value=""></td> +</tr> +<tr> + <td> </td> + <td> </td> +</tr> +<tr> + <td><input type=submit name=Submit value="Submit"></td> + <td></td> +</tr> +</table> +</form> +</center> +#include ( "footer.vm" ) + +</body> +</html> diff --git a/base/ra/apache/docroot/ee/scep/pkiclient.cgi b/base/ra/apache/docroot/ee/scep/pkiclient.cgi new file mode 100755 index 000000000..a54558f37 --- /dev/null +++ b/base/ra/apache/docroot/ee/scep/pkiclient.cgi @@ -0,0 +1,113 @@ +#!/usr/bin/perl +# +# --- BEGIN COPYRIGHT BLOCK --- +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; version 2 of the License. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# +# Copyright (C) 2007 Red Hat, Inc. +# All rights reserved. +# --- END COPYRIGHT BLOCK --- +# +# +# +# + +package op; + +use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; + +use MIME::Base64; +use URI::URL; +use URI::Escape; +use XML::Simple; +use CGI; +use PKI::Base::Conf; +use PKI::Base::Util; +use PKI::Service::Op; +use Template::Velocity; +use PKI::Conn::CA; +use PKI::Base::PinStore; +use PKI::Base::Registry; + +use vars qw (@ISA); +use PKI::Service::Op; +@ISA = qw(PKI::Service::Op); + +sub new { + my $self = {}; + bless ($self); + return $self; +} + +sub process() +{ + my $self = shift; + my $q = CGI->new(); + + my $util = PKI::Base::Util->new(); + + my $docroot = PKI::Base::Registry->get_docroot(); + my $parser = PKI::Base::Registry->get_parser(); + my $cfg = PKI::Base::Registry->get_config(); + + $self->debug_params($cfg, $q); + + my $operation = $util->get_alphanum_val($q->param('operation')); + my $message = $util->get_val($q->param('message')); + $message = uri_escape($message); + + my $ca = PKI::Conn::CA->new(); + $ca->open($cfg); + if ($operation eq "GetCACert") { + my $content = $ca->scep_get_ca_cert("ca1", $operation, $message); + + print "Content-Type: application/x-x509-ca-cert\n\n"; + print $content; + } elsif ($operation eq "PKIOperation") { + my $decoded = $ca->scep_decode("ca1", $operation, $message); + $decoded =~ /(\<XMLResponse\>.*\<\/XMLResponse\>)/; + $decoded = $1; + my $parser = XML::Simple->new(); + my $response = $parser->XMLin($decoded); + + # one time pin + my $pin = $response->{'PKCS10'}->{'ChallengePassword'}->{'Password'} ; + # IP Address + my $key = $ENV{'REMOTE_ADDR'}; + + # check PIN + if (1) { + my $pin_store = PKI::Base::PinStore->new(); + $pin_store->open($cfg); + my $pinref = $pin_store->read_pin($key); + if (defined($pinref) && $pinref->{'pin'} eq $pin) { + $pin_store->delete($key); + } else { + $pin_store->close(); + # XXX - return SCEP error + print $q->redirect("/ee/scep/installer.cgi"); + return; + } + $pin_store->close(); + } + + my $content = $ca->scep_pki_message("ca1", $operation, $message); + + print "Content-Type: application/x-pki-message\n\n"; + print $content; + } + $ca->close(); +} + +my $op = op->new(); +$op->execute(); diff --git a/base/ra/apache/docroot/ee/scep/submit.cgi b/base/ra/apache/docroot/ee/scep/submit.cgi new file mode 100755 index 000000000..b3dfd7a5d --- /dev/null +++ b/base/ra/apache/docroot/ee/scep/submit.cgi @@ -0,0 +1,91 @@ +#!/usr/bin/perl +# +# --- BEGIN COPYRIGHT BLOCK --- +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; version 2 of the License. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# +# Copyright (C) 2007 Red Hat, Inc. +# All rights reserved. +# --- END COPYRIGHT BLOCK --- +# +# +# +# + +package op; + +use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; + +use DBI; +use CGI; +use PKI::Service::Op; +use PKI::Base::Conf; +use PKI::Base::Util; +use PKI::Request::Queue; +use Template::Velocity; +use PKI::Base::Registry; + +use vars qw (@ISA); +use PKI::Service::Op; +@ISA = qw(PKI::Service::Op); + +sub new { + my $self = {}; + bless ($self); + return $self; +} + +sub process() +{ + my $self = shift; + my $q = CGI->new(); + + my $util = PKI::Base::Util->new(); + + my $client_id = $util->get_val($q->param('client_id')); + my $site_id = $util->get_val($q->param('site_id')); + my $email = $util->get_val($q->param('email')); + + my $docroot = PKI::Base::Registry->get_docroot(); + my $parser = PKI::Base::Registry->get_parser(); + my $cfg = PKI::Base::Registry->get_config(); + + $self->debug_params($cfg, $q); + + my $queue = PKI::Request::Queue->new(); + $queue->open($cfg); + my $request_id = $queue->create_request("scep", + "client_id=" . $client_id . ";" . + "site_id=" . $site_id, + "0", + $email); + my %context; + $context{request_id} = $util->html_encode($request_id); + $self->debug_log($cfg, "request $request_id created"); + $queue->close(); + + my $result = $parser->execute_file_with_context("ee/scep/submit.vm", + \%context); + + my $xml = $q->param('xml'); + if ($xml eq "true") { + print "Content-Type: text/xml\n\n"; + print $self->xml_output(\%context); + } else { + print "Content-Type: text/html\n\n"; + print "$result"; + } +} + +my $op = op->new(); +$op->execute(); diff --git a/base/ra/apache/docroot/ee/scep/submit.vm b/base/ra/apache/docroot/ee/scep/submit.vm new file mode 100644 index 000000000..6786bf936 --- /dev/null +++ b/base/ra/apache/docroot/ee/scep/submit.vm @@ -0,0 +1,76 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> +<html> + +<title>SCEP Router Request Submission</title> + <link rel="shortcut icon" href="/pki/images/favicon.ico" /> + <link rel="stylesheet" href="/pki/css/pki-base.css" type="text/css" /> + <META http-equiv=Content-Type content="text/html; charset=UTF-8"> + +</head> +<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366"> + +#include ( "header.vm" ) + +<div id="mainNavOuter"> +<div id="mainNav"> +<div id="mainNavInner"> + +</div><!-- end mainNavInner --> +</div><!-- end mainNav --> +</div><!-- end mainNavOuter --> + + +<div id="bar"> + +<div id="systembar"> +<div id="systembarinner"> + +<div> + - +</div> + + +</div> +</div> + +</div> + + +<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> +<a href="/ee/index.cgi">RA Services</a> : +<a href="/ee/scep/index.cgi">SCEP Enrollment</a><br /> +Manager Interface +</font><br> +<p> +Your request has been successfully submitted. +<p> +<center> +<table border="0" cellspacing="1" cellpadding="1"> +<tr> + <td width=20%>Request ID:</td> + <td><a href="/ee/request/status.cgi?id=$request_id">$request_id</a></td> +</tr> +</table> +</form> +</center> +#include ( "footer.vm" ) + +</body> +</html> diff --git a/base/ra/apache/docroot/ee/server/admin.cgi b/base/ra/apache/docroot/ee/server/admin.cgi new file mode 100755 index 000000000..18945da02 --- /dev/null +++ b/base/ra/apache/docroot/ee/server/admin.cgi @@ -0,0 +1,68 @@ +#!/usr/bin/perl +# +# --- BEGIN COPYRIGHT BLOCK --- +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; version 2 of the License. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# +# Copyright (C) 2007 Red Hat, Inc. +# All rights reserved. +# --- END COPYRIGHT BLOCK --- +# +# +# +# + +package op; + +use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; + +use CGI; +use PKI::Service::Op; +use Template::Velocity; +use PKI::Base::Registry; + +use vars qw (@ISA); +use PKI::Service::Op; +@ISA = qw(PKI::Service::Op); + +sub new { + my $self = {}; + bless ($self); + return $self; +} + +sub process() +{ + my $self = shift; + my $q = CGI->new(); + + my $docroot = PKI::Base::Registry->get_docroot(); + my $parser = PKI::Base::Registry->get_parser(); + my $cfg = PKI::Base::Registry->get_config(); + + my %context; + my $result = $parser->execute_file_with_context("ee/server/admin.vm", + \%context); + + my $xml = $q->param('xml'); + if ($xml eq "true") { + print "Content-Type: text/xml\n\n"; + print $self->xml_output(\%context); + } else { + print "Content-Type: text/html\n\n"; + print "$result"; + } +} + +my $op = op->new(); +$op->execute(); diff --git a/base/ra/apache/docroot/ee/server/admin.vm b/base/ra/apache/docroot/ee/server/admin.vm new file mode 100644 index 000000000..35af32ca8 --- /dev/null +++ b/base/ra/apache/docroot/ee/server/admin.vm @@ -0,0 +1,132 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> +<html> + +<title>Server Certificate Request</title> + <link rel="shortcut icon" href="/pki/images/favicon.ico" /> + <link rel="stylesheet" href="/pki/css/pki-base.css" type="text/css" /> + <META http-equiv=Content-Type content="text/html; charset=UTF-8"> + +</head> +<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366"> + +#include ( "header.vm" ) + +<div id="mainNavOuter"> +<div id="mainNav"> +<div id="mainNavInner"> + +</div><!-- end mainNavInner --> +</div><!-- end mainNav --> +</div><!-- end mainNavOuter --> + + +<div id="bar"> + +<div id="systembar"> +<div id="systembarinner"> + +<div> + - +</div> + + +</div> +</div> + +</div> + +<SCRIPT LANGUAGE="JavaScript"> + +function validate() +{ + var x = document.enrollment.server_id.value; + if (x == '') { + alert("server id is empty"); + return false; + } + var s = document.enrollment.site_id.value; + if (s == '') { + alert("site id is empty"); + return false; + } + var e = document.enrollment.email.value; + if (e == '') { + alert("email is empty"); + return false; + } + var c = document.enrollment.csr.value; + if (c == '') { + alert("csr is empty"); + return false; + } +} +</SCRIPT> + +<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> +<a href="/ee/index.cgi">RA Services</a> : +<a href="/ee/server/index.cgi">Server Enrollment</a><br /> +Server Administrator Interface +</font><br> +<p> +This form is for server administrator to request for a server certificate. +<p> + +<script language=javascript> +<!-- + if (navigator.appName == "Microsoft Internet Explorer") { + document.writeln('<form name="enrollment" method=post action="submit.cgi">'); + } else { + document.writeln('<form name="enrollment" onSubmit="return validate();" method=post action="submit.cgi">'); + } +--> +</script> +<center> +<table border="0" cellspacing="1" cellpadding="1"> +<tr> + <td width=20%>Server ID:</td> + <td><input type=text name=server_id value="" ></td> +</tr> +<tr> + <td>Site ID:</td> + <td><input type=text name=site_id value=""></td> +</tr> +<tr> + <td>Your Email:</td> + <td><input type=text name=email value=""></td> +</tr> +<tr> + <td>CSR:</td> + <td><textarea cols=40 rows=5 name=csr></textarea></td> +</tr> +<tr> + <td> </td> + <td> </td> +</tr> +<tr> + <td><input type=submit name=Submit value="Submit"></td> + <td></td> +</tr> +</table> +</form> +</center> +#include ( "footer.vm" ) + +</body> +</html> diff --git a/base/ra/apache/docroot/ee/server/index.cgi b/base/ra/apache/docroot/ee/server/index.cgi new file mode 100755 index 000000000..830409a8b --- /dev/null +++ b/base/ra/apache/docroot/ee/server/index.cgi @@ -0,0 +1,68 @@ +#!/usr/bin/perl +# +# --- BEGIN COPYRIGHT BLOCK --- +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; version 2 of the License. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# +# Copyright (C) 2007 Red Hat, Inc. +# All rights reserved. +# --- END COPYRIGHT BLOCK --- +# +# +# +# + +package op; + +use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; + +use CGI; +use PKI::Service::Op; +use Template::Velocity; +use PKI::Base::Registry; + +use vars qw (@ISA); +use PKI::Service::Op; +@ISA = qw(PKI::Service::Op); + +sub new { + my $self = {}; + bless ($self); + return $self; +} + +sub process() +{ + my $self = shift; + my $q = CGI->new(); + + my $docroot = PKI::Base::Registry->get_docroot(); + my $parser = PKI::Base::Registry->get_parser(); + my $cfg = PKI::Base::Registry->get_config(); + + my %context; + my $result = $parser->execute_file_with_context("ee/server/index.vm", + \%context); + + my $xml = $q->param('xml'); + if ($xml eq "true") { + print "Content-Type: text/xml\n\n"; + print $self->xml_output(\%context); + } else { + print "Content-Type: text/html\n\n"; + print "$result"; + } +} + +my $op = op->new(); +$op->execute(); diff --git a/base/ra/apache/docroot/ee/server/index.vm b/base/ra/apache/docroot/ee/server/index.vm new file mode 100644 index 000000000..04727ae41 --- /dev/null +++ b/base/ra/apache/docroot/ee/server/index.vm @@ -0,0 +1,76 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> +<html> + +<title>RA End-Entity</title> + <link rel="shortcut icon" href="/pki/images/favicon.ico" /> + <link rel="stylesheet" href="/pki/css/pki-base.css" type="text/css" /> + <META http-equiv=Content-Type content="text/html; charset=UTF-8"> + +</head> +<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366"> + +#include ( "header.vm" ) + +<div id="mainNavOuter"> +<div id="mainNav"> +<div id="mainNavInner"> + +</div><!-- end mainNavInner --> +</div><!-- end mainNav --> +</div><!-- end mainNavOuter --> + + +<div id="bar"> + +<div id="systembar"> +<div id="systembarinner"> + +<div> + - +</div> + + +</div> +</div> + +</div> + + +<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> +<a href="/ee/index.cgi">RA Services</a> : <a href="/ee/server/index.cgi">Server Enrollment</a><br /> +</font><br> +<p> +Server Administrator must use the following form to submit a request which will later be approved by a RA agent. Upon approval, the administrator will be notified by email and the server certificate can be retrieved. +<p> +<center> +<table border="0" cellspacing="0" cellpadding="0"> +<tr valign="TOP"> +<td> +<font size=4 face="PrimaSans BT, Verdana, sans-serif"> +<li><a href="admin.cgi">Request Submission - Administrator</a></li> +</font> +</td> +</tr> +</table> +</center> +#include ( "footer.vm" ) + +</body> +</html> diff --git a/base/ra/apache/docroot/ee/server/submit.cgi b/base/ra/apache/docroot/ee/server/submit.cgi new file mode 100755 index 000000000..4916033ee --- /dev/null +++ b/base/ra/apache/docroot/ee/server/submit.cgi @@ -0,0 +1,93 @@ +#!/usr/bin/perl +# +# --- BEGIN COPYRIGHT BLOCK --- +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; version 2 of the License. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# +# Copyright (C) 2007 Red Hat, Inc. +# All rights reserved. +# --- END COPYRIGHT BLOCK --- +# +# +# +# + +package op; +use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; + +use CGI; +use PKI::Service::Op; +use PKI::Base::Conf; +use PKI::Base::Util; +use PKI::Request::Queue; +use Template::Velocity; +use PKI::Base::Registry; + +use vars qw (@ISA); +use PKI::Service::Op; +@ISA = qw(PKI::Service::Op); + +sub new { + my $self = {}; + bless ($self); + return $self; +} + +sub process() +{ + my $self = shift; + my $q = CGI->new(); + + my $util = PKI::Base::Util->new(); + + my $server_id = $util->get_val($q->param('server_id')); + my $site_id = $util->get_val($q->param('site_id')); + my $email = $util->get_val($q->param('email')); + my $csr = $util->get_val($q->param('csr')); + + $csr = $util->normalize_csr($csr); + + my $docroot = PKI::Base::Registry->get_docroot(); + my $parser = PKI::Base::Registry->get_parser(); + my $cfg = PKI::Base::Registry->get_config(); + + $self->debug_params($cfg, $q); + + my $queue = PKI::Request::Queue->new(); + $queue->open($cfg); + my $request_id = $queue->create_request("server", + "server_id=" . $server_id . ";" . + "site_id=" . $site_id . ";" . + "csr=" . $csr, + "0", + $email); + my %context; + $context{request_id} = $util->html_encode($request_id); + $self->debug_log($cfg, "request $request_id created"); + $queue->close(); + + my $result = $parser->execute_file_with_context("ee/server/submit.vm", + \%context); + + my $xml = $q->param('xml'); + if ($xml eq "true") { + print "Content-Type: text/xml\n\n"; + print $self->xml_output(\%context); + } else { + print "Content-Type: text/html\n\n"; + print "$result"; + } +} + +my $op = op->new(); +$op->execute(); diff --git a/base/ra/apache/docroot/ee/server/submit.vm b/base/ra/apache/docroot/ee/server/submit.vm new file mode 100644 index 000000000..f08914583 --- /dev/null +++ b/base/ra/apache/docroot/ee/server/submit.vm @@ -0,0 +1,75 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> +<html> + +<title>Server Certificate Request Submission</title> + <link rel="shortcut icon" href="/pki/images/favicon.ico" /> + <link rel="stylesheet" href="/pki/css/pki-base.css" type="text/css" /> + <META http-equiv=Content-Type content="text/html; charset=UTF-8"> + +</head> +<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366"> + +#include ( "header.vm" ) + +<div id="mainNavOuter"> +<div id="mainNav"> +<div id="mainNavInner"> + +</div><!-- end mainNavInner --> +</div><!-- end mainNav --> +</div><!-- end mainNavOuter --> + + +<div id="bar"> + +<div id="systembar"> +<div id="systembarinner"> + +<div> + - +</div> + + +</div> +</div> + +</div> + + +<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> +<a href="/ee/index.cgi">RA Services</a> : +<a href="/ee/server/index.cgi">Server Enrollment</a><br /> +Server Administrator Interface +</font><br> +<p> +Your request has been successfully submitted. +<p> +<center> +<table border="0" cellspacing="1" cellpadding="1"> +<tr> + <td width=20%>Request ID:</td> + <td><a href="/ee/request/status.cgi?id=$request_id">$request_id</a></td> +</tr> +</table> +</center> +#include ( "footer.vm" ) + +</body> +</html> diff --git a/base/ra/apache/docroot/ee/user/index.cgi b/base/ra/apache/docroot/ee/user/index.cgi new file mode 100755 index 000000000..ef6b3aa47 --- /dev/null +++ b/base/ra/apache/docroot/ee/user/index.cgi @@ -0,0 +1,68 @@ +#!/usr/bin/perl +# +# --- BEGIN COPYRIGHT BLOCK --- +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; version 2 of the License. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# +# Copyright (C) 2007 Red Hat, Inc. +# All rights reserved. +# --- END COPYRIGHT BLOCK --- +# +# +# +# + +package op; + +use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; + +use CGI; +use PKI::Service::Op; +use Template::Velocity; +use PKI::Base::Registry; + +use vars qw (@ISA); +use PKI::Service::Op; +@ISA = qw(PKI::Service::Op); + +sub new { + my $self = {}; + bless ($self); + return $self; +} + +sub process() +{ + my $self = shift; + my $q = CGI->new(); + + my $docroot = PKI::Base::Registry->get_docroot(); + my $parser = PKI::Base::Registry->get_parser(); + my $cfg = PKI::Base::Registry->get_config(); + + my %context; + my $result = $parser->execute_file_with_context("ee/user/index.vm", + \%context); + + my $xml = $q->param('xml'); + if ($xml eq "true") { + print "Content-Type: text/xml\n\n"; + print $self->xml_output(\%context); + } else { + print "Content-Type: text/html\n\n"; + print "$result"; + } +} + +my $op = op->new(); +$op->execute(); diff --git a/base/ra/apache/docroot/ee/user/index.vm b/base/ra/apache/docroot/ee/user/index.vm new file mode 100644 index 000000000..76b06a91c --- /dev/null +++ b/base/ra/apache/docroot/ee/user/index.vm @@ -0,0 +1,83 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> +<html> + +<title>RA End-Entity</title> + <link rel="shortcut icon" href="/pki/images/favicon.ico" /> + <link rel="stylesheet" href="/pki/css/pki-base.css" type="text/css" /> + <META http-equiv=Content-Type content="text/html; charset=UTF-8"> + +</head> +<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366"> + +#include ( "header.vm" ) + +<div id="mainNavOuter"> +<div id="mainNav"> +<div id="mainNavInner"> + +</div><!-- end mainNavInner --> +</div><!-- end mainNav --> +</div><!-- end mainNavOuter --> + + +<div id="bar"> + +<div id="systembar"> +<div id="systembarinner"> + +<div> + - +</div> + + +</div> +</div> + +</div> + + +<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> +<a href="/ee/index.cgi">RA Services</a> : <a href="/ee/user/index.cgi">User Enrollment</a><br /> +</font><br> +<p> +For user enrollment, user must access the following forms with appropriate client (i.e. browser) where key pair will be generated. +<p> +<center> +<table border="0" cellspacing="0" cellpadding="0"> +<tr valign="TOP"> +<td> +<font size=4 face="PrimaSans BT, Verdana, sans-serif"> +<li><a href="user.cgi">Request Submission - User</a></li> +</font> +</td> +</tr> +<tr valign="TOP"> +<td> +<font size=4 face="PrimaSans BT, Verdana, sans-serif"> +<li><a href="renewal.cgi">Renewal - User</a></li> +</font> +</td> +</tr> +</table> +</center> +#include ( "footer.vm" ) + +</body> +</html> diff --git a/base/ra/apache/docroot/ee/user/renew.cgi b/base/ra/apache/docroot/ee/user/renew.cgi new file mode 100755 index 000000000..63d646ec9 --- /dev/null +++ b/base/ra/apache/docroot/ee/user/renew.cgi @@ -0,0 +1,165 @@ +#!/usr/bin/perl +# +# --- BEGIN COPYRIGHT BLOCK --- +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; version 2 of the License. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# +# Copyright (C) 2007 Red Hat, Inc. +# All rights reserved. +# --- END COPYRIGHT BLOCK --- +# +# +# +# + +package op; + +use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; + +use CGI; +use PKI::Base::Conf; +use PKI::Request::Queue; +use Template::Velocity; +use PKI::Service::Op; +use PKI::Base::Util; +use PKI::Base::Registry; + +use vars qw (@ISA); +@ISA = qw(PKI::Service::Op); + +sub new { + my $self = {}; + bless ($self); + return $self; +} + +sub process() +{ + my $self = shift; + my $q = CGI->new(); + + my $docroot = PKI::Base::Registry->get_docroot(); + my $parser = PKI::Base::Registry->get_parser(); + my $cfg = PKI::Base::Registry->get_config(); + + my $util = PKI::Base::Util->new(); + my $error = ""; + + my $host = $cfg->get("service.machineName"); + my $port = $cfg->get("service.non_clientauth_securePort"); + + $self->debug_params($cfg, $q); + + my $cert = $self->get_cert_record($cfg); + $self->debug_log( $cfg, "after get_cert_record"); + if (!defined($cert) || ($cert eq "")) { + $self->debug_log( $cfg, "cert not defined"); + $error = "certificate not found in database"; + print $q->redirect("/ee/error.cgi?error=$error"); + return; + } + $self->debug_log( $cfg, "got cert"); + + my $csr = $cert->{'csr'}; + if ($csr eq "") { + $error = "csr not found in database"; + print $q->redirect("/ee/error.cgi?error=$error"); + return; + } + $self->debug_log( $cfg, "got csr"); + + my $req_id = $cert->{'rid'}; + if ($req_id eq "") { + $error = "reqid not found in database"; + print $q->redirect("/ee/error.cgi?error=$error"); + return; + } + $self->debug_log( $cfg, "got req_id = $req_id"); + $self->debug_log( $cfg, "before renewl read/create request"); + my $queue = PKI::Request::Queue->new(); + $queue->open($cfg); + my $o_req = $queue->read_request($req_id); + if ($o_req eq "") { + $self->debug_log( $cfg, "got null o_req"); + print $q->redirect("/ee/error.cgi?error=$error"); + return; + } + + my $uid = ""; + my $site_id = ""; + my $org_csr = ""; + my $csr_type = ""; + + my $data = $o_req->{'data'}; + foreach $nv (split(/;/, $data)) { + my ($n, $v) = split(/=/, $nv); + if ($n eq "uid") { + $uid = $v; + } + if ($n eq "site_id") { + $site_id = $v; + } + if ($n eq "csr") { + $org_csr = $v; + } + if ($n eq "csr_type") { + $csr_type = $v; + } + } + + my $new_request = $queue->create_request("renewal", + "uid=" . $uid . ";" . + "site_id=" . $site_id . ";" . + "csr_type=" . $csr_type . ";" . + "csr=" . $csr, + "orig_reqid=" . $o_req->{'rowid'}, + $o_req->{'created_by'}); + + #self-renewal is created and processed by the same user + $ref = $queue->approve_request($new_request, $o_req->{'created_by'}); + my $nreq = $queue->read_request($new_request); + $error = $nreq->{'errorString'}; + if ($error ne "0") { + $self->debug_log( $cfg, "after approve request, got error=$error"); + print $q->redirect("/ee/error.cgi?error=$error"); + return; + } + + my %context; + $context{request_id} = $util->html_encode($new_request); + $self->debug_log($cfg, "request $new_request created"); + $queue->close(); + $self->debug_log( $cfg, "after renewl read/create request $new_request"); + + $context{data} = $util->breakline($util->html_encode($ref->{'data'}), 40); + $context{output} = $util->breakline($util->html_encode($ref->{'output'}), 40); + $context{serialno} = $util->html_encode($ref->{'serialno'}); + $context{host} = $util->html_encode($host); + $context{port} = $util->html_encode($port); + + #print $q->redirect("/ee/request/getcert.cgi?id=$new_request"); + my $result = $parser->execute_file_with_context("ee/user/renew.vm", + \%context); + + my $xml = $q->param('xml'); + if ($xml eq "true") { + print "Content-Type: text/xml\n\n"; + print $self->xml_output(\%context); + } else { + print "Content-Type: text/html\n\n"; + print "$result"; + } +} + +my $op = op->new(); +$op->execute(); diff --git a/base/ra/apache/docroot/ee/user/renew.vm b/base/ra/apache/docroot/ee/user/renew.vm new file mode 100644 index 000000000..dee119c65 --- /dev/null +++ b/base/ra/apache/docroot/ee/user/renew.vm @@ -0,0 +1,86 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> +<html> + +<title>User Certificate Renewal Notification</title> + <link rel="shortcut icon" href="/pki/images/favicon.ico" /> + <link rel="stylesheet" href="/pki/css/pki-base.css" type="text/css" /> + <META http-equiv=Content-Type content="text/html; charset=UTF-8"> + +</head> +<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366"> + +#include ( "header.vm" ) + +<div id="mainNavOuter"> +<div id="mainNav"> +<div id="mainNavInner"> + +</div><!-- end mainNavInner --> +</div><!-- end mainNav --> +</div><!-- end mainNavOuter --> + + +<div id="bar"> + +<div id="systembar"> +<div id="systembarinner"> + +<div> + - +</div> + + +</div> +</div> + +</div> + + +<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> +<a href="https://$host:$port/ee/index.cgi">RA Services</a> : +<a href="https://$host:$port/ee/user/index.cgi">User Enrollment</a><br /> +Renewal Interface +</font><br> +<p> +Your certificate has been successfully renewed. +<p> +<center> +<table border="0" cellspacing="1" cellpadding="1"> +<tr> + <td width=20%>Request ID:</td> + <td><a href="https://$host:$port/ee/request/status.cgi?id=$request_id">$request_id</a></td> +<tr valign="TOP"> +<td><b>Data</b></td> +<td>$data</td> +</tr> +<tr valign="TOP"> +<td><b>Output</b></td> +<td>$output</td> +</tr> +<tr valign="TOP"> +<td><b>Serial Number</b></td> +<td>$serialno</td> +</tr> +</table> +</center> +#include ( "footer.vm" ) + +</body> +</html> diff --git a/base/ra/apache/docroot/ee/user/renewal.cgi b/base/ra/apache/docroot/ee/user/renewal.cgi new file mode 100755 index 000000000..63a211eff --- /dev/null +++ b/base/ra/apache/docroot/ee/user/renewal.cgi @@ -0,0 +1,74 @@ +#!/usr/bin/perl +# +# --- BEGIN COPYRIGHT BLOCK --- +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; version 2 of the License. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# +# Copyright (C) 2007 Red Hat, Inc. +# All rights reserved. +# --- END COPYRIGHT BLOCK --- +# +# +# +# + +package op; + +use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; + +use CGI; +use PKI::Service::Op; +use Template::Velocity; +use PKI::Base::Conf; +use PKI::Base::Registry; + +use vars qw (@ISA); +@ISA = qw(PKI::Service::Op); + +sub new { + my $self = {}; + bless ($self); + return $self; +} + +sub process() +{ + my $self = shift; + my $q = CGI->new(); + + my $docroot = PKI::Base::Registry->get_docroot(); + my $parser = PKI::Base::Registry->get_parser(); + my $cfg = PKI::Base::Registry->get_config(); + + $self->debug_params($cfg, $q); + + my $host = $cfg->get("service.machineName"); + my $port = $cfg->get("service.securePort"); + + my %context; + $context{url} = "https://$host:$port/ee/user/renew.cgi"; + my $result = $parser->execute_file_with_context("ee/user/renewal.vm", + \%context); + + my $xml = $q->param('xml'); + if ($xml eq "true") { + print "Content-Type: text/xml\n\n"; + print $self->xml_output(\%context); + } else { + print "Content-Type: text/html\n\n"; + print "$result"; + } +} + +my $op = op->new(); +$op->execute(); diff --git a/base/ra/apache/docroot/ee/user/renewal.vm b/base/ra/apache/docroot/ee/user/renewal.vm new file mode 100644 index 000000000..1e2b438a1 --- /dev/null +++ b/base/ra/apache/docroot/ee/user/renewal.vm @@ -0,0 +1,73 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> +<html> + +<title>User Certificate Renewal</title> + <link rel="shortcut icon" href="/pki/images/favicon.ico" /> + <link rel="stylesheet" href="/pki/css/pki-base.css" type="text/css" /> + <META http-equiv=Content-Type content="text/html; charset=UTF-8"> + +</head> +<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366"> + +#include ( "header.vm" ) + +<div id="mainNavOuter"> +<div id="mainNav"> +<div id="mainNavInner"> + +</div><!-- end mainNavInner --> +</div><!-- end mainNav --> +</div><!-- end mainNavOuter --> + + +<div id="bar"> + +<div id="systembar"> +<div id="systembarinner"> + +<div> + - +</div> + + +</div> +</div> + +</div> + + +<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> +<a href="/ee/index.cgi">RA Services</a> : +<a href="/ee/user/index.cgi">User Enrollment</a><br /> +User Renewal Interface +</font><br> +<p> +This form is for end user to renew his/her certificates.<br> +At popup, please select the user certificate to renew. +<p> +<center> +<form method=post action=$url> +<input type=submit name=Submit value="Renewal"> +</form> +</center> +#include ( "footer.vm" ) + +</body> +</html> diff --git a/base/ra/apache/docroot/ee/user/submit.cgi b/base/ra/apache/docroot/ee/user/submit.cgi new file mode 100755 index 000000000..26c900e00 --- /dev/null +++ b/base/ra/apache/docroot/ee/user/submit.cgi @@ -0,0 +1,112 @@ +#!/usr/bin/perl +# +# --- BEGIN COPYRIGHT BLOCK --- +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; version 2 of the License. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# +# Copyright (C) 2007 Red Hat, Inc. +# All rights reserved. +# --- END COPYRIGHT BLOCK --- +# +# +# +# + +package op; + +use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; + +use Benchmark; +use CGI; +use PKI::Service::Op; +use Template::Velocity; +use PKI::Base::Conf; +use PKI::Base::Util; +use PKI::Base::Registry; +use PKI::Request::Queue; + +use vars qw (@ISA); +use PKI::Service::Op; +@ISA = qw(PKI::Service::Op); + +sub new { + my $self = {}; + bless ($self); + return $self; +} + +sub process() +{ + my $self = shift; + my $q = CGI->new(); + + my $st = new Benchmark; + + my $util = PKI::Base::Util->new(); + + my $userid = $util->get_val($q->param('uid')); + my $fullname = $util->get_val($q->param('cn')); + my $site_id = $util->get_val($q->param('site_id')); + my $email = $util->get_val($q->param('email')); + my $csr_type = $util->get_alphanum_val($q->param('csr_type')); + my $csr = $util->get_val($q->param('csr')); + + $csr = $util->normalize_csr($csr); + + my $docroot = PKI::Base::Registry->get_docroot(); + my $parser = PKI::Base::Registry->get_parser(); + my $cfg = PKI::Base::Registry->get_config(); + + $self->debug_params($cfg, $q); + + my $db_st = new Benchmark; + my $queue = PKI::Request::Queue->new(); + $queue->open($cfg); + my $request_id = $queue->create_request("user", + "uid=" . $userid . ";" . + "cn=" . $fullname . ";" . + "site_id=" . $site_id . ";" . + "csr_type=" . $csr_type . ";" . + "csr=" . $csr, + "0", + $email); + my %context; + $context{request_id} = $util->html_encode($request_id); + $self->debug_log($cfg, "request $request_id created"); + $queue->close(); + my $db_et = new Benchmark; + + my $t_st = new Benchmark; + my $result = $parser->execute_file_with_context("ee/user/submit.vm", + \%context); + my $t_et = new Benchmark; + + my $xml = $q->param('xml'); + if ($xml eq "true") { + print "Content-Type: text/xml\n\n"; + print $self->xml_output(\%context); + } else { + print "Content-Type: text/html\n\n"; + print "$result"; + } + + my $et = new Benchmark; + $self->debug_log($cfg, "benchmark " . + "total=" . timestr(timediff($et, $st)) . " " . + "db total=" . timestr(timediff($db_et, $db_st)) . " " . + "template total=" . timestr(timediff($t_et, $t_st)) . " " + ); +} + +my $op = op->new(); +$op->execute(); diff --git a/base/ra/apache/docroot/ee/user/submit.vm b/base/ra/apache/docroot/ee/user/submit.vm new file mode 100644 index 000000000..6c7a0cd44 --- /dev/null +++ b/base/ra/apache/docroot/ee/user/submit.vm @@ -0,0 +1,75 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> +<html> + +<title>User Certificate Request Submission</title> + <link rel="shortcut icon" href="/pki/images/favicon.ico" /> + <link rel="stylesheet" href="/pki/css/pki-base.css" type="text/css" /> + <META http-equiv=Content-Type content="text/html; charset=UTF-8"> + +</head> +<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366"> + +#include ( "header.vm" ) + +<div id="mainNavOuter"> +<div id="mainNav"> +<div id="mainNavInner"> + +</div><!-- end mainNavInner --> +</div><!-- end mainNav --> +</div><!-- end mainNavOuter --> + + +<div id="bar"> + +<div id="systembar"> +<div id="systembarinner"> + +<div> + - +</div> + + +</div> +</div> + +</div> + + +<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> +<a href="/ee/index.cgi">RA Services</a> : +<a href="/ee/user/index.cgi">User Enrollment</a><br /> +Manager Interface +</font><br> +<p> +Your request has been successfully submitted. +<p> +<center> +<table border="0" cellspacing="1" cellpadding="1"> +<tr> + <td width=20%>Request ID:</td> + <td><a href="/ee/request/status.cgi?id=$request_id">$request_id</td> +</tr> +</table> +</center> +#include ( "footer.vm" ) + +</body> +</html> diff --git a/base/ra/apache/docroot/ee/user/user.cgi b/base/ra/apache/docroot/ee/user/user.cgi new file mode 100755 index 000000000..2d58a532b --- /dev/null +++ b/base/ra/apache/docroot/ee/user/user.cgi @@ -0,0 +1,68 @@ +#!/usr/bin/perl +# +# --- BEGIN COPYRIGHT BLOCK --- +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; version 2 of the License. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# +# Copyright (C) 2007 Red Hat, Inc. +# All rights reserved. +# --- END COPYRIGHT BLOCK --- +# +# +# +# + +package op; + +use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; + +use CGI; +use PKI::Service::Op; +use Template::Velocity; +use PKI::Base::Registry; + +use vars qw (@ISA); +use PKI::Service::Op; +@ISA = qw(PKI::Service::Op); + +sub new { + my $self = {}; + bless ($self); + return $self; +} + +sub process() +{ + my $self = shift; + my $q = CGI->new(); + + my $docroot = PKI::Base::Registry->get_docroot(); + my $parser = PKI::Base::Registry->get_parser(); + my $cfg = PKI::Base::Registry->get_config(); + + my %context; + my $result = $parser->execute_file_with_context("ee/user/user.vm", + \%context); + + my $xml = $q->param('xml'); + if ($xml eq "true") { + print "Content-Type: text/xml\n\n"; + print $self->xml_output(\%context); + } else { + print "Content-Type: text/html\n\n"; + print "$result"; + } +} + +my $op = op->new(); +$op->execute(); diff --git a/base/ra/apache/docroot/ee/user/user.vm b/base/ra/apache/docroot/ee/user/user.vm new file mode 100644 index 000000000..04763d7cf --- /dev/null +++ b/base/ra/apache/docroot/ee/user/user.vm @@ -0,0 +1,435 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> +<html> + +<OBJECT + classid="clsid:127698e4-e730-4e5c-a2b1-21490a70c8a1" + CODEBASE="/ee/xenroll.dll" + id="Enroll"> +</OBJECT> + +<OBJECT id='g_objClassFactory' CLASSID='clsid:884e2049-217d-11da-b2a4-000e7bbb2b09'> +</OBJECT> + +<title>User Certificate Request</title> + <link rel="shortcut icon" href="/pki/images/favicon.ico" /> + <link rel="stylesheet" href="/pki/css/pki-base.css" type="text/css" /> + <META http-equiv=Content-Type content="text/html; charset=UTF-8"> + +</head> +<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366"> + +#include ( "header.vm" ) + +<div id="mainNavOuter"> +<div id="mainNav"> +<div id="mainNavInner"> + +</div><!-- end mainNavInner --> +</div><!-- end mainNav --> +</div><!-- end mainNavOuter --> + + +<div id="bar"> + +<div id="systembar"> +<div id="systembarinner"> + +<div> + - +</div> + + +</div> +</div> + +</div> + +<SCRIPT LANGUAGE="JavaScript"> +function encode_utf8( s ) +{ + return unescape( encodeURIComponent( s ) ); +} + +function decode_utf8( s ) +{ + return decodeURIComponent( escape( s ) ); +} + +function validate() +{ + var x = document.enrollment.uid.value; + if (x == '') { + alert("uid is empty"); + return false; + } + var e = document.enrollment.email.value; + if (e == '') { + alert("email is empty"); + return false; + } + var cn = document.enrollment.cn.value; + if (cn == '') { + alert("Full name is empty"); + return false; + } + var dn = encode_utf8("uid="+x+",e="+e+",cn="+cn); + with (document.forms[0]) { + crmfObject = crypto.generateCRMFRequest( + dn, + "regToken", "authenticator", + null, + "setCRMFRequest();", + 1024, null, "rsa-dual-use"); + return false; + } +} + +function setCRMFRequest() +{ + with (document.forms[0]) { + csr.value = crmfObject.request; + submit(); + } +} + +</SCRIPT> + + +<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> +<a href="/ee/index.cgi">RA Services</a> : +<a href="/ee/user/index.cgi">User Enrollment</a><br /> +User Interface +</font><br> +<p> +This form is for user to request for an end-user certificate. +<p> +<script language=javascript> +<!-- + if (navigator.appName == "Microsoft Internet Explorer") { + document.writeln('<form name="enrollment" method=post action="submit.cgi">'); + } else { + document.writeln('<form name="enrollment" onSubmit="return validate();" method=post action="submit.cgi">'); + } +--> +</script> +<SCRIPT LANGUAGE=VBS> +<!-- +'Get OS Version, works for Vista and below only +Function GetOSVersion + dim agent + dim result + dim pos + + agent = Navigator.appVersion + pos = InStr(agent,"NT 6.") + + If pos > 0 Then + GetOSVersion = 6 ' Vista + Exit Function + End If + + pos = InStr(agent,"NT 5.") + + If pos > 0 Then + GetOSVersion = 5 ' XP etc + Exit Function + End If + +' Default + GetOSVersion = 5 +End Function + +Sub Send_OnClick + Dim TheForm + Dim szName + Dim options + Dim osVersion + Dim result + Set TheForm = Document.enrollment + + osVersion = GetOSVersion() + + If osVersion <> 6 Then 'Not Vista + + ' Contruct the X500 distinguished name + szName = "0.9.2342.19200300.100.1.1=" & TheForm.uid.Value & ",E=" & TheForm.email.Value & ",CN=" & TheForm.cn.Value + + On Error Resume Next + Enroll.HashAlgorithm = "MD5" + Enroll.KeySpec = 1 + + ' Pick the provider that is selected + set options = TheForm.all.cryptprovider.options + index = options.selectedIndex + Enroll.providerType = options(index).value + Enroll.providerName = options(index).text + + ' adding 2 to "GenKeyFlags" will enable the 'High Security' + ' (USER_PROTECTED) mode, which means IE will pop up a dialog + ' asking what level of protection you would like to give + ' the key - this varies from 'none' to 'confirm password + ' every time the key is used' + Enroll.GenKeyFlags = 1 ' key PKCS12-exportable + szCertReq = Enroll.createPKCS10(szName, "1.3.6.1.5.5.7.3.2") + theError = Err.Number + On Error Goto 0 + ' + ' If the user has cancelled things the we simply ignore whatever + ' they were doing ... need to think what should be done here + ' + If (szCertReq = Empty AND theError = 0) Then + Exit Sub + End If + + If (szCertReq = Empty OR theError <> 0) Then + ' + ' There was an error in the key pair generation. The error value + ' is found in the variable 'theError' which we snarfed above before + ' we did the 'On Error Goto 0' which cleared it again. + ' + sz = "The error '" & Hex(theError) & "' occurred." & chr(13) & chr(10) & "Your credentials could not be generated." + result = MsgBox(sz, 0, "Credentials Enrollment") + Exit Sub + End If + + TheForm.csr.Value = szCertReq + + ' TheForm.Submit + +Else 'Vista + Dim enrollment + Dim privateKey + Dim request + Dim csr + Dim objDN + + 'certUsage is "1.3.6.1.5.5.7.3.2" + + On Error Resume Next + 'CreateObject("X509Enrollment.CX509EnrollmentWebClassFactory") + + If IsObject(g_objClassFactory) = False Then + result = MsgBox("Can't create Factory Object " & " Error: " & Err.number & " :" & Err.description,0,"") + Exit Sub + End If + + Set enrollment = g_objClassFactory.CreateObject("X509Enrollment.CX509Enrollment") + + If IsObject(enrollment) = False Then + result = MsgBox("Can't create enroll Object! " & " Error: " & Err.number & " :" & Err.description,"") + Exit Sub + End If + + Set privateKey = g_objClassFactory.CreateObject("X509Enrollment.CX509PrivateKey") + + If IsObject(privateKey) = False Then + result = MsgBox("Can't create Key Object! " & " Error: " & Err.number & " :" & Err.description,0,"") + Exit Sub + End If + + Set request = g_objClassFactory.CreateObject("X509Enrollment.CX509CertificateRequestPkcs10") + + If IsObject(request) = False Then + result = MsgBox("Can't create Request Object. ! " & " Error: " & Err.number & " :" & Err.description,0,"") + Exit Sub + End If + + privateKey.KeySpec= "1" + + ' Pick the provider that is selected + set options = TheForm.all.cryptprovider.options + index = options.selectedIndex + privateKey.ProviderType= index + privateKey.ProviderName = options(index).text + + szName = "0.9.2342.19200300.100.1.1=" & TheForm.uid.Value & ",E=" & TheForm.email.Value & ",CN=" & TheForm.cn.Value + + Set objDN = g_objClassFactory.CreateObject("X509Enrollment.CX500DistinguishedName") + + If IsObject(objDN) = False Then + result = MsgBox("Can't create DN Object. ! " & " Error: " & Err.number & " :" & Err.description,0,"") + Exit Sub + End If + + objDN.Encode szName,0 + + request.InitializeFromPrivateKey 1,privateKey,"" + request.Subject = objDN + + enrollment.InitializeFromRequest(request) + csr=enrollment.CreateRequest(1) + + If len(csr) = 0 Then + result = MsgBox("Error Creating Request! "& " Error: " & Err.number & " :" & Err.description,0,"") + Exit Sub + End If + + TheForm.csr.Value = csr + + End If + Exit Sub + +End Sub + +--> +</SCRIPT> +<center> +<table border="0" cellspacing="1" cellpadding="1"> +<tr> + <td>UID:</td> + <td><input type=text name=uid value=""></td> +</tr> +<tr> + <td>Full Name:</td> + <td><input type=text name=cn value=""></td> +</tr> +<tr> + <td>Site ID:</td> + <td><input type=text name=site_id value=""></td> +</tr> +<tr> + <td>Your Email:</td> + <td><input type=text name=email value=""></td> +</tr> +<tr> +</tr> +<tr> + <td> </td> + <td> </td> +</tr> +<script language=javascript> +<!-- + if (navigator.appName == "Microsoft Internet Explorer") { + document.writeln('<SELECT NAME=\"cryptprovider\"></SELECT>'); + } +--> +</script> +<tr> + <td> +<script language=javascript> +<!-- + if (navigator.appName == "Microsoft Internet Explorer") { + document.writeln('<input type=hidden name=csr_type value="pkcs10">'); + document.writeln('<input type=submit Name=Send value="Submit">'); + } else { + document.writeln('<input type=hidden name=csr_type value="crmf">'); + document.writeln('<input type=submit name=Submit value="Submit">'); + } +--> +</script> + </td> + <td></td> +</tr> +</table> +</center> +<input type=hidden name="csr" value=""> +<SCRIPT LANGUAGE=VBS> +<!-- +FindProviders + +Function FindProviders + Dim i, j + Dim providers() + i = 0 + j = 1 + Dim el + Dim temp + Dim first + Dim TheForm + Set TheForm = document.enrollment + On Error Resume Next + first = 0 + + Dim osVersion + Dim result + osVersion = GetOSVersion() + + If osVersion <> 6 Then 'Not Vista + Do While True + temp = "" + Enroll.providerType = j + temp = Enroll.enumProviders(i,0) + If Len(temp) = 0 Then + If j < 1 Then + j = j + 1 + i = 0 + Else + Exit Do + End If + Else + set el = document.createElement("OPTION") + el.text = temp + el.value = j + If temp = "Microsoft Base Cryptographic Provider v1.0" Then + first = i + End If + TheForm.cryptprovider.add(el) + If first = 0 Then + first = 1 + TheForm.cryptprovider.selectedIndex = 0 + Else + TheForm.cryptprovider.selectedIndex = first + End If + i = i + 1 + End If + Loop + Else 'Vista + + Dim csps + Set csps = g_objClassFactory.CreateObject("X509Enrollment.CCspInformations") + If IsObject(csps) = False Then + result = MsgBox("Can't create CSP List Object! " & " Error: " & Err.number & " :" & Err.description,0,"") + Exit Function + + End If + csps.AddAvailableCsps() + 'result = MsgBox(csps.Count,0,"Number of CSPS") + + Dim curName + Dim csp + Dim selected + selected = 0 + For i = 0 to csps.Count-1 + + curName = csps.ItemByIndex(i).Name + If len(curName) > 0 Then + Set csp = document.createElement("OPTION") + csp.text = curName + csp.value = 1 + TheForm.cryptprovider.add(csp) + + If curName = "Microsoft Base Cryptographic Provider v1.0" Then + selected = i + End If + 'result = MsgBox(curName,0,"") + End If + Next +TheForm.cryptprovider.selectedIndex = selected + End If +End Function + +--> +</SCRIPT> +</form> +#include ( "footer.vm" ) + +</body> +</html> |