summaryrefslogtreecommitdiffstats
path: root/base/ra/apache/docroot/ee/scep
diff options
context:
space:
mode:
Diffstat (limited to 'base/ra/apache/docroot/ee/scep')
-rwxr-xr-xbase/ra/apache/docroot/ee/scep/enroll.cgi112
-rw-r--r--base/ra/apache/docroot/ee/scep/enroll.vm74
-rwxr-xr-xbase/ra/apache/docroot/ee/scep/index.cgi68
-rw-r--r--base/ra/apache/docroot/ee/scep/index.vm83
-rwxr-xr-xbase/ra/apache/docroot/ee/scep/installer.cgi74
-rw-r--r--base/ra/apache/docroot/ee/scep/installer.vm73
-rwxr-xr-xbase/ra/apache/docroot/ee/scep/manager.cgi68
-rw-r--r--base/ra/apache/docroot/ee/scep/manager.vm123
-rwxr-xr-xbase/ra/apache/docroot/ee/scep/pkiclient.cgi113
-rwxr-xr-xbase/ra/apache/docroot/ee/scep/submit.cgi91
-rw-r--r--base/ra/apache/docroot/ee/scep/submit.vm76
11 files changed, 955 insertions, 0 deletions
diff --git a/base/ra/apache/docroot/ee/scep/enroll.cgi b/base/ra/apache/docroot/ee/scep/enroll.cgi
new file mode 100755
index 000000000..53291636a
--- /dev/null
+++ b/base/ra/apache/docroot/ee/scep/enroll.cgi
@@ -0,0 +1,112 @@
+#!/usr/bin/perl
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; version 2 of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+#
+#
+#
+
+package op;
+
+use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl";
+
+use MIME::Base64;
+use URI::URL;
+use URI::Escape;
+use XML::Simple;
+use CGI;
+use PKI::Base::Conf;
+use PKI::Base::Util;
+use PKI::Base::Registry;
+use PKI::Service::Op;
+use Template::Velocity;
+use PKI::Conn::CA;
+use PKI::Base::PinStore;
+
+use vars qw (@ISA);
+use PKI::Service::Op;
+@ISA = qw(PKI::Service::Op);
+
+sub new {
+ my $self = {};
+ bless ($self);
+ return $self;
+}
+
+sub process()
+{
+ my $self = shift;
+ my $q = CGI->new();
+
+ my $util = PKI::Base::Util->new();
+
+ my $docroot = PKI::Base::Registry->get_docroot();
+ my $parser = PKI::Base::Registry->get_parser();
+ my $cfg = PKI::Base::Registry->get_config();
+
+ $self->debug_params($cfg, $q);
+
+ my $client_id = $util->get_val($q->param('client_id'));
+ my $site_id = $util->get_val($q->param('site_id'));
+ my $pin = $util->get_alphanum_val($q->param('pin'));
+ my $csr = $util->get_val($q->param('csr'));
+
+ my $key = $client_id . "/" . $site_id;
+
+ my $pin_store = PKI::Base::PinStore->new();
+ $pin_store->open($cfg);
+ my $pinref = $pin_store->read_pin($key);
+ if (defined($pinref) && $pinref->{'pin'} eq $pin) {
+ $pin_store->delete($key);
+ } else {
+ $pin_store->close();
+ # error, redirect user back to the original enrollment page
+ print $q->redirect("/ee/scep/installer.cgi");
+ return;
+ }
+ $pin_store->close();
+
+ my $profile_id = $cfg->get("request.scep.profileId");
+ my $cert_request_type = $cfg->get("request.scep.reqType");
+
+ my $ca = PKI::Conn::CA->new();
+ $ca->open($cfg);
+ my $cert = $ca->enroll($pinref->{'rid'}, "ca1", $profile_id, $cert_request_type, $csr);
+ $ca->close();
+ my $decoded = decode_base64($cert);
+ my $encoded = encode_base64($decoded);
+
+ my %context;
+ $context{cert} = $encoded;
+
+ my $result = $parser->execute_file_with_context("ee/scep/enroll.vm",
+ \%context);
+
+ my $xml = $q->param('xml');
+ if ($xml eq "true") {
+ print "Content-Type: text/xml\n\n";
+ print $self->xml_output(\%context);
+ } else {
+ print "Content-Type: text/html\n\n";
+ print "$result";
+ }
+}
+
+my $op = op->new();
+$op->execute();
diff --git a/base/ra/apache/docroot/ee/scep/enroll.vm b/base/ra/apache/docroot/ee/scep/enroll.vm
new file mode 100644
index 000000000..2893eac1c
--- /dev/null
+++ b/base/ra/apache/docroot/ee/scep/enroll.vm
@@ -0,0 +1,74 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+
+<title>SCEP Router Enrollment</title>
+ <link rel="shortcut icon" href="/pki/images/favicon.ico" />
+ <link rel="stylesheet" href="/pki/css/pki-base.css" type="text/css" />
+ <META http-equiv=Content-Type content="text/html; charset=UTF-8">
+
+</head>
+<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366">
+
+#include ( "header.vm" )
+
+<div id="mainNavOuter">
+<div id="mainNav">
+<div id="mainNavInner">
+
+</div><!-- end mainNavInner -->
+</div><!-- end mainNav -->
+</div><!-- end mainNavOuter -->
+
+
+<div id="bar">
+
+<div id="systembar">
+<div id="systembarinner">
+
+<div>
+ -
+</div>
+
+
+</div>
+</div>
+
+</div>
+
+
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+<a href="/ee/index.cgi">RA Services</a> :
+<a href="/ee/scep/index.cgi">SCEP Enrollment</a><br />
+Installer Interface
+</font><br>
+<p>
+This form is for router installer to retrieve the requested certificate.
+<p>
+ <b>Your Certificate:</b>
+<br/>
+<pre>
+-----BEGIN CERTIFICATE-----
+$cert
+-----END CERTIFICATE-----
+</pre>
+#include ( "footer.vm" )
+
+</body>
+</html>
diff --git a/base/ra/apache/docroot/ee/scep/index.cgi b/base/ra/apache/docroot/ee/scep/index.cgi
new file mode 100755
index 000000000..c73fc379a
--- /dev/null
+++ b/base/ra/apache/docroot/ee/scep/index.cgi
@@ -0,0 +1,68 @@
+#!/usr/bin/perl
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; version 2 of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+#
+#
+#
+
+package op;
+
+use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl";
+
+use CGI;
+use PKI::Service::Op;
+use Template::Velocity;
+use PKI::Base::Registry;
+
+use vars qw (@ISA);
+use PKI::Service::Op;
+@ISA = qw(PKI::Service::Op);
+
+sub new {
+ my $self = {};
+ bless ($self);
+ return $self;
+}
+
+sub process()
+{
+ my $self = shift;
+ my $q = CGI->new();
+
+ my $docroot = PKI::Base::Registry->get_docroot();
+ my $parser = PKI::Base::Registry->get_parser();
+ my $cfg = PKI::Base::Registry->get_config();
+
+ my %context;
+ my $result = $parser->execute_file_with_context("ee/scep/index.vm",
+ \%context);
+
+ my $xml = $q->param('xml');
+ if ($xml eq "true") {
+ print "Content-Type: text/xml\n\n";
+ print $self->xml_output(\%context);
+ } else {
+ print "Content-Type: text/html\n\n";
+ print "$result";
+ }
+}
+
+my $op = op->new();
+$op->execute();
diff --git a/base/ra/apache/docroot/ee/scep/index.vm b/base/ra/apache/docroot/ee/scep/index.vm
new file mode 100644
index 000000000..3d75a8d40
--- /dev/null
+++ b/base/ra/apache/docroot/ee/scep/index.vm
@@ -0,0 +1,83 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+
+<title>RA End-Entity</title>
+ <link rel="shortcut icon" href="/pki/images/favicon.ico" />
+ <link rel="stylesheet" href="/pki/css/pki-base.css" type="text/css" />
+ <META http-equiv=Content-Type content="text/html; charset=UTF-8">
+
+</head>
+<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366">
+
+#include ( "header.vm" )
+
+<div id="mainNavOuter">
+<div id="mainNav">
+<div id="mainNavInner">
+
+</div><!-- end mainNavInner -->
+</div><!-- end mainNav -->
+</div><!-- end mainNavOuter -->
+
+
+<div id="bar">
+
+<div id="systembar">
+<div id="systembarinner">
+
+<div>
+ -
+</div>
+
+
+</div>
+</div>
+
+</div>
+
+
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+<a href="/ee/index.cgi">RA Services</a> : <a href="/ee/scep/index.cgi">SCEP Enrollment</a><br />
+</font><br>
+<p>
+In the SCEP enrollment, a manager must firstly submit a one-time pin creation request to the RA. RA Agent will then approve and generate an one-time pin. The pin will be returned to the manager who will give the pin to a local router installer. The router installer visits the enrollment form where certificate request, one time pin and other necessary information are submitted. The system will issue the certificate immediately.
+<p>
+<center>
+<table border="0" cellspacing="0" cellpadding="0">
+<tr valign="TOP">
+<td>
+<font size=4 face="PrimaSans BT, Verdana, sans-serif">
+<li><a href="manager.cgi">Request Submission - Manager</a></li>
+</font>
+</td>
+</tr>
+<tr valign="TOP">
+<td>
+<font size=4 face="PrimaSans BT, Verdana, sans-serif">
+<li><a href="installer.cgi">SCEP Enrollment - Installer</a></li>
+</font>
+</td>
+</tr>
+</table>
+</center>
+#include ( "footer.vm" )
+
+</body>
+</html>
diff --git a/base/ra/apache/docroot/ee/scep/installer.cgi b/base/ra/apache/docroot/ee/scep/installer.cgi
new file mode 100755
index 000000000..8453c2cc4
--- /dev/null
+++ b/base/ra/apache/docroot/ee/scep/installer.cgi
@@ -0,0 +1,74 @@
+#!/usr/bin/perl
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; version 2 of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+#
+#
+#
+
+package op;
+
+use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl";
+
+use CGI;
+use PKI::Service::Op;
+use Template::Velocity;
+use PKI::Base::Conf;
+use PKI::Base::Registry;
+
+use vars qw (@ISA);
+use PKI::Service::Op;
+@ISA = qw(PKI::Service::Op);
+
+sub new {
+ my $self = {};
+ bless ($self);
+ return $self;
+}
+
+sub process()
+{
+ my $self = shift;
+ my $q = CGI->new();
+
+ my $docroot = PKI::Base::Registry->get_docroot();
+ my $parser = PKI::Base::Registry->get_parser();
+ my $cfg = PKI::Base::Registry->get_config();
+
+ $self->debug_params($cfg, $q);
+
+ my %context;
+ $context{machine} = $cfg->get("service.machineName");
+ $context{port} = $cfg->get("service.unsecurePort");
+
+ my $result = $parser->execute_file_with_context("ee/scep/installer.vm",
+ \%context);
+
+ my $xml = $q->param('xml');
+ if ($xml eq "true") {
+ print "Content-Type: text/xml\n\n";
+ print $self->xml_output(\%context);
+ } else {
+ print "Content-Type: text/html\n\n";
+ print "$result";
+ }
+}
+
+my $op = op->new();
+$op->execute();
diff --git a/base/ra/apache/docroot/ee/scep/installer.vm b/base/ra/apache/docroot/ee/scep/installer.vm
new file mode 100644
index 000000000..be9f969ac
--- /dev/null
+++ b/base/ra/apache/docroot/ee/scep/installer.vm
@@ -0,0 +1,73 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+
+<title>SCEP Router Request Using a One-Time Pin</title>
+ <link rel="shortcut icon" href="/pki/images/favicon.ico" />
+ <link rel="stylesheet" href="/pki/css/pki-base.css" type="text/css" />
+ <META http-equiv=Content-Type content="text/html; charset=UTF-8">
+
+</head>
+<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366">
+
+#include ( "header.vm" )
+
+<div id="mainNavOuter">
+<div id="mainNav">
+<div id="mainNavInner">
+
+</div><!-- end mainNavInner -->
+</div><!-- end mainNav -->
+</div><!-- end mainNavOuter -->
+
+
+<div id="bar">
+
+<div id="systembar">
+<div id="systembarinner">
+
+<div>
+ -
+</div>
+
+
+</div>
+</div>
+
+</div>
+
+
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+<a href="/ee/index.cgi">RA Services</a> :
+<a href="/ee/scep/index.cgi">SCEP Enrollment</a><br />
+Installer Interface
+</font><br>
+<p>
+This form is for router installer to request a certificate with the given one time pin.
+<p>
+<center>
+The SCEP enrollment URL for the router is:
+<br/>
+<br/>
+http://$machine:$port/ee/scep/pkiclient.cgi
+</center>
+#include ( "footer.vm" )
+
+</body>
+</html>
diff --git a/base/ra/apache/docroot/ee/scep/manager.cgi b/base/ra/apache/docroot/ee/scep/manager.cgi
new file mode 100755
index 000000000..8b547a928
--- /dev/null
+++ b/base/ra/apache/docroot/ee/scep/manager.cgi
@@ -0,0 +1,68 @@
+#!/usr/bin/perl
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; version 2 of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+#
+#
+#
+
+package op;
+
+use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl";
+
+use CGI;
+use PKI::Service::Op;
+use Template::Velocity;
+use PKI::Base::Registry;
+
+use vars qw (@ISA);
+use PKI::Service::Op;
+@ISA = qw(PKI::Service::Op);
+
+sub new {
+ my $self = {};
+ bless ($self);
+ return $self;
+}
+
+sub process()
+{
+ my $self = shift;
+ my $q = CGI->new();
+
+ my $docroot = PKI::Base::Registry->get_docroot();
+ my $parser = PKI::Base::Registry->get_parser();
+ my $cfg = PKI::Base::Registry->get_config();
+
+ my %context;
+ my $result = $parser->execute_file_with_context("ee/scep/manager.vm",
+ \%context);
+
+ my $xml = $q->param('xml');
+ if ($xml eq "true") {
+ print "Content-Type: text/xml\n\n";
+ print $self->xml_output(\%context);
+ } else {
+ print "Content-Type: text/html\n\n";
+ print "$result";
+ }
+}
+
+my $op = op->new();
+$op->execute();
diff --git a/base/ra/apache/docroot/ee/scep/manager.vm b/base/ra/apache/docroot/ee/scep/manager.vm
new file mode 100644
index 000000000..e5b6abed5
--- /dev/null
+++ b/base/ra/apache/docroot/ee/scep/manager.vm
@@ -0,0 +1,123 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+
+<title>SCEP Router Manager Request for a One-Time Pin</title>
+ <link rel="shortcut icon" href="/pki/images/favicon.ico" />
+ <link rel="stylesheet" href="/pki/css/pki-base.css" type="text/css" />
+ <META http-equiv=Content-Type content="text/html; charset=UTF-8">
+
+</head>
+<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366">
+
+#include ( "header.vm" )
+
+<div id="mainNavOuter">
+<div id="mainNav">
+<div id="mainNavInner">
+
+</div><!-- end mainNavInner -->
+</div><!-- end mainNav -->
+</div><!-- end mainNavOuter -->
+
+
+<div id="bar">
+
+<div id="systembar">
+<div id="systembarinner">
+
+<div>
+ -
+</div>
+
+
+</div>
+</div>
+
+</div>
+
+
+<SCRIPT LANGUAGE="JavaScript">
+
+function validate()
+{
+ var c = document.enrollment.client_id.value;
+ if (c == '') {
+ alert("client id is empty");
+ return false;
+ }
+ var s = document.enrollment.site_id.value;
+ if (s == '') {
+ alert("site id is empty");
+ return false;
+ }
+ var e = document.enrollment.email.value;
+ if (e == '') {
+ alert("email is empty");
+ return false;
+ }
+}
+
+</SCRIPT>
+
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+<a href="/ee/index.cgi">RA Services</a> :
+<a href="/ee/scep/index.cgi">SCEP Enrollment</a><br />
+Manager Interface
+</font><br>
+<p>
+This form is for manager to request for a one time pin so that router installer can request for a certificate.
+<p>
+<script language=javascript>
+<!--
+ if (navigator.appName == "Microsoft Internet Explorer") {
+ document.writeln('<form name="enrollment" method=post action="submit.cgi">'); } else {
+ document.writeln('<form name="enrollment" onSubmit="return validate();" method=post action="submit.cgi">'); }
+-->
+</script>
+
+<center>
+<table border="0" cellspacing="1" cellpadding="1">
+<tr>
+ <td width=20%>Client ID:</td>
+ <td><input type=text name=client_id value="" ></td>
+</tr>
+<tr>
+ <td>Site ID (IP Address):</td>
+ <td><input type=text name=site_id value=""></td>
+</tr>
+<tr>
+ <td>Your Email:</td>
+ <td><input type=text name=email value=""></td>
+</tr>
+<tr>
+ <td>&nbsp;</td>
+ <td>&nbsp;</td>
+</tr>
+<tr>
+ <td><input type=submit name=Submit value="Submit"></td>
+ <td></td>
+</tr>
+</table>
+</form>
+</center>
+#include ( "footer.vm" )
+
+</body>
+</html>
diff --git a/base/ra/apache/docroot/ee/scep/pkiclient.cgi b/base/ra/apache/docroot/ee/scep/pkiclient.cgi
new file mode 100755
index 000000000..a54558f37
--- /dev/null
+++ b/base/ra/apache/docroot/ee/scep/pkiclient.cgi
@@ -0,0 +1,113 @@
+#!/usr/bin/perl
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; version 2 of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+#
+#
+#
+
+package op;
+
+use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl";
+
+use MIME::Base64;
+use URI::URL;
+use URI::Escape;
+use XML::Simple;
+use CGI;
+use PKI::Base::Conf;
+use PKI::Base::Util;
+use PKI::Service::Op;
+use Template::Velocity;
+use PKI::Conn::CA;
+use PKI::Base::PinStore;
+use PKI::Base::Registry;
+
+use vars qw (@ISA);
+use PKI::Service::Op;
+@ISA = qw(PKI::Service::Op);
+
+sub new {
+ my $self = {};
+ bless ($self);
+ return $self;
+}
+
+sub process()
+{
+ my $self = shift;
+ my $q = CGI->new();
+
+ my $util = PKI::Base::Util->new();
+
+ my $docroot = PKI::Base::Registry->get_docroot();
+ my $parser = PKI::Base::Registry->get_parser();
+ my $cfg = PKI::Base::Registry->get_config();
+
+ $self->debug_params($cfg, $q);
+
+ my $operation = $util->get_alphanum_val($q->param('operation'));
+ my $message = $util->get_val($q->param('message'));
+ $message = uri_escape($message);
+
+ my $ca = PKI::Conn::CA->new();
+ $ca->open($cfg);
+ if ($operation eq "GetCACert") {
+ my $content = $ca->scep_get_ca_cert("ca1", $operation, $message);
+
+ print "Content-Type: application/x-x509-ca-cert\n\n";
+ print $content;
+ } elsif ($operation eq "PKIOperation") {
+ my $decoded = $ca->scep_decode("ca1", $operation, $message);
+ $decoded =~ /(\<XMLResponse\>.*\<\/XMLResponse\>)/;
+ $decoded = $1;
+ my $parser = XML::Simple->new();
+ my $response = $parser->XMLin($decoded);
+
+ # one time pin
+ my $pin = $response->{'PKCS10'}->{'ChallengePassword'}->{'Password'} ;
+ # IP Address
+ my $key = $ENV{'REMOTE_ADDR'};
+
+ # check PIN
+ if (1) {
+ my $pin_store = PKI::Base::PinStore->new();
+ $pin_store->open($cfg);
+ my $pinref = $pin_store->read_pin($key);
+ if (defined($pinref) && $pinref->{'pin'} eq $pin) {
+ $pin_store->delete($key);
+ } else {
+ $pin_store->close();
+ # XXX - return SCEP error
+ print $q->redirect("/ee/scep/installer.cgi");
+ return;
+ }
+ $pin_store->close();
+ }
+
+ my $content = $ca->scep_pki_message("ca1", $operation, $message);
+
+ print "Content-Type: application/x-pki-message\n\n";
+ print $content;
+ }
+ $ca->close();
+}
+
+my $op = op->new();
+$op->execute();
diff --git a/base/ra/apache/docroot/ee/scep/submit.cgi b/base/ra/apache/docroot/ee/scep/submit.cgi
new file mode 100755
index 000000000..b3dfd7a5d
--- /dev/null
+++ b/base/ra/apache/docroot/ee/scep/submit.cgi
@@ -0,0 +1,91 @@
+#!/usr/bin/perl
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; version 2 of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+#
+#
+#
+
+package op;
+
+use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl";
+
+use DBI;
+use CGI;
+use PKI::Service::Op;
+use PKI::Base::Conf;
+use PKI::Base::Util;
+use PKI::Request::Queue;
+use Template::Velocity;
+use PKI::Base::Registry;
+
+use vars qw (@ISA);
+use PKI::Service::Op;
+@ISA = qw(PKI::Service::Op);
+
+sub new {
+ my $self = {};
+ bless ($self);
+ return $self;
+}
+
+sub process()
+{
+ my $self = shift;
+ my $q = CGI->new();
+
+ my $util = PKI::Base::Util->new();
+
+ my $client_id = $util->get_val($q->param('client_id'));
+ my $site_id = $util->get_val($q->param('site_id'));
+ my $email = $util->get_val($q->param('email'));
+
+ my $docroot = PKI::Base::Registry->get_docroot();
+ my $parser = PKI::Base::Registry->get_parser();
+ my $cfg = PKI::Base::Registry->get_config();
+
+ $self->debug_params($cfg, $q);
+
+ my $queue = PKI::Request::Queue->new();
+ $queue->open($cfg);
+ my $request_id = $queue->create_request("scep",
+ "client_id=" . $client_id . ";" .
+ "site_id=" . $site_id,
+ "0",
+ $email);
+ my %context;
+ $context{request_id} = $util->html_encode($request_id);
+ $self->debug_log($cfg, "request $request_id created");
+ $queue->close();
+
+ my $result = $parser->execute_file_with_context("ee/scep/submit.vm",
+ \%context);
+
+ my $xml = $q->param('xml');
+ if ($xml eq "true") {
+ print "Content-Type: text/xml\n\n";
+ print $self->xml_output(\%context);
+ } else {
+ print "Content-Type: text/html\n\n";
+ print "$result";
+ }
+}
+
+my $op = op->new();
+$op->execute();
diff --git a/base/ra/apache/docroot/ee/scep/submit.vm b/base/ra/apache/docroot/ee/scep/submit.vm
new file mode 100644
index 000000000..6786bf936
--- /dev/null
+++ b/base/ra/apache/docroot/ee/scep/submit.vm
@@ -0,0 +1,76 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+
+<title>SCEP Router Request Submission</title>
+ <link rel="shortcut icon" href="/pki/images/favicon.ico" />
+ <link rel="stylesheet" href="/pki/css/pki-base.css" type="text/css" />
+ <META http-equiv=Content-Type content="text/html; charset=UTF-8">
+
+</head>
+<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366">
+
+#include ( "header.vm" )
+
+<div id="mainNavOuter">
+<div id="mainNav">
+<div id="mainNavInner">
+
+</div><!-- end mainNavInner -->
+</div><!-- end mainNav -->
+</div><!-- end mainNavOuter -->
+
+
+<div id="bar">
+
+<div id="systembar">
+<div id="systembarinner">
+
+<div>
+ -
+</div>
+
+
+</div>
+</div>
+
+</div>
+
+
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+<a href="/ee/index.cgi">RA Services</a> :
+<a href="/ee/scep/index.cgi">SCEP Enrollment</a><br />
+Manager Interface
+</font><br>
+<p>
+Your request has been successfully submitted.
+<p>
+<center>
+<table border="0" cellspacing="1" cellpadding="1">
+<tr>
+ <td width=20%>Request ID:</td>
+ <td><a href="/ee/request/status.cgi?id=$request_id">$request_id</a></td>
+</tr>
+</table>
+</form>
+</center>
+#include ( "footer.vm" )
+
+</body>
+</html>
generated by cgit (git 2.34.1) at 2024-04-27 13:26:54 +0000