diff options
Diffstat (limited to 'base/ra/apache/docroot/ee/scep')
-rwxr-xr-x | base/ra/apache/docroot/ee/scep/enroll.cgi | 112 | ||||
-rw-r--r-- | base/ra/apache/docroot/ee/scep/enroll.vm | 74 | ||||
-rwxr-xr-x | base/ra/apache/docroot/ee/scep/index.cgi | 68 | ||||
-rw-r--r-- | base/ra/apache/docroot/ee/scep/index.vm | 83 | ||||
-rwxr-xr-x | base/ra/apache/docroot/ee/scep/installer.cgi | 74 | ||||
-rw-r--r-- | base/ra/apache/docroot/ee/scep/installer.vm | 73 | ||||
-rwxr-xr-x | base/ra/apache/docroot/ee/scep/manager.cgi | 68 | ||||
-rw-r--r-- | base/ra/apache/docroot/ee/scep/manager.vm | 123 | ||||
-rwxr-xr-x | base/ra/apache/docroot/ee/scep/pkiclient.cgi | 113 | ||||
-rwxr-xr-x | base/ra/apache/docroot/ee/scep/submit.cgi | 91 | ||||
-rw-r--r-- | base/ra/apache/docroot/ee/scep/submit.vm | 76 |
11 files changed, 955 insertions, 0 deletions
diff --git a/base/ra/apache/docroot/ee/scep/enroll.cgi b/base/ra/apache/docroot/ee/scep/enroll.cgi new file mode 100755 index 000000000..53291636a --- /dev/null +++ b/base/ra/apache/docroot/ee/scep/enroll.cgi @@ -0,0 +1,112 @@ +#!/usr/bin/perl +# +# --- BEGIN COPYRIGHT BLOCK --- +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; version 2 of the License. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# +# Copyright (C) 2007 Red Hat, Inc. +# All rights reserved. +# --- END COPYRIGHT BLOCK --- +# +# +# +# + +package op; + +use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; + +use MIME::Base64; +use URI::URL; +use URI::Escape; +use XML::Simple; +use CGI; +use PKI::Base::Conf; +use PKI::Base::Util; +use PKI::Base::Registry; +use PKI::Service::Op; +use Template::Velocity; +use PKI::Conn::CA; +use PKI::Base::PinStore; + +use vars qw (@ISA); +use PKI::Service::Op; +@ISA = qw(PKI::Service::Op); + +sub new { + my $self = {}; + bless ($self); + return $self; +} + +sub process() +{ + my $self = shift; + my $q = CGI->new(); + + my $util = PKI::Base::Util->new(); + + my $docroot = PKI::Base::Registry->get_docroot(); + my $parser = PKI::Base::Registry->get_parser(); + my $cfg = PKI::Base::Registry->get_config(); + + $self->debug_params($cfg, $q); + + my $client_id = $util->get_val($q->param('client_id')); + my $site_id = $util->get_val($q->param('site_id')); + my $pin = $util->get_alphanum_val($q->param('pin')); + my $csr = $util->get_val($q->param('csr')); + + my $key = $client_id . "/" . $site_id; + + my $pin_store = PKI::Base::PinStore->new(); + $pin_store->open($cfg); + my $pinref = $pin_store->read_pin($key); + if (defined($pinref) && $pinref->{'pin'} eq $pin) { + $pin_store->delete($key); + } else { + $pin_store->close(); + # error, redirect user back to the original enrollment page + print $q->redirect("/ee/scep/installer.cgi"); + return; + } + $pin_store->close(); + + my $profile_id = $cfg->get("request.scep.profileId"); + my $cert_request_type = $cfg->get("request.scep.reqType"); + + my $ca = PKI::Conn::CA->new(); + $ca->open($cfg); + my $cert = $ca->enroll($pinref->{'rid'}, "ca1", $profile_id, $cert_request_type, $csr); + $ca->close(); + my $decoded = decode_base64($cert); + my $encoded = encode_base64($decoded); + + my %context; + $context{cert} = $encoded; + + my $result = $parser->execute_file_with_context("ee/scep/enroll.vm", + \%context); + + my $xml = $q->param('xml'); + if ($xml eq "true") { + print "Content-Type: text/xml\n\n"; + print $self->xml_output(\%context); + } else { + print "Content-Type: text/html\n\n"; + print "$result"; + } +} + +my $op = op->new(); +$op->execute(); diff --git a/base/ra/apache/docroot/ee/scep/enroll.vm b/base/ra/apache/docroot/ee/scep/enroll.vm new file mode 100644 index 000000000..2893eac1c --- /dev/null +++ b/base/ra/apache/docroot/ee/scep/enroll.vm @@ -0,0 +1,74 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> +<html> + +<title>SCEP Router Enrollment</title> + <link rel="shortcut icon" href="/pki/images/favicon.ico" /> + <link rel="stylesheet" href="/pki/css/pki-base.css" type="text/css" /> + <META http-equiv=Content-Type content="text/html; charset=UTF-8"> + +</head> +<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366"> + +#include ( "header.vm" ) + +<div id="mainNavOuter"> +<div id="mainNav"> +<div id="mainNavInner"> + +</div><!-- end mainNavInner --> +</div><!-- end mainNav --> +</div><!-- end mainNavOuter --> + + +<div id="bar"> + +<div id="systembar"> +<div id="systembarinner"> + +<div> + - +</div> + + +</div> +</div> + +</div> + + +<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> +<a href="/ee/index.cgi">RA Services</a> : +<a href="/ee/scep/index.cgi">SCEP Enrollment</a><br /> +Installer Interface +</font><br> +<p> +This form is for router installer to retrieve the requested certificate. +<p> + <b>Your Certificate:</b> +<br/> +<pre> +-----BEGIN CERTIFICATE----- +$cert +-----END CERTIFICATE----- +</pre> +#include ( "footer.vm" ) + +</body> +</html> diff --git a/base/ra/apache/docroot/ee/scep/index.cgi b/base/ra/apache/docroot/ee/scep/index.cgi new file mode 100755 index 000000000..c73fc379a --- /dev/null +++ b/base/ra/apache/docroot/ee/scep/index.cgi @@ -0,0 +1,68 @@ +#!/usr/bin/perl +# +# --- BEGIN COPYRIGHT BLOCK --- +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; version 2 of the License. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# +# Copyright (C) 2007 Red Hat, Inc. +# All rights reserved. +# --- END COPYRIGHT BLOCK --- +# +# +# +# + +package op; + +use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; + +use CGI; +use PKI::Service::Op; +use Template::Velocity; +use PKI::Base::Registry; + +use vars qw (@ISA); +use PKI::Service::Op; +@ISA = qw(PKI::Service::Op); + +sub new { + my $self = {}; + bless ($self); + return $self; +} + +sub process() +{ + my $self = shift; + my $q = CGI->new(); + + my $docroot = PKI::Base::Registry->get_docroot(); + my $parser = PKI::Base::Registry->get_parser(); + my $cfg = PKI::Base::Registry->get_config(); + + my %context; + my $result = $parser->execute_file_with_context("ee/scep/index.vm", + \%context); + + my $xml = $q->param('xml'); + if ($xml eq "true") { + print "Content-Type: text/xml\n\n"; + print $self->xml_output(\%context); + } else { + print "Content-Type: text/html\n\n"; + print "$result"; + } +} + +my $op = op->new(); +$op->execute(); diff --git a/base/ra/apache/docroot/ee/scep/index.vm b/base/ra/apache/docroot/ee/scep/index.vm new file mode 100644 index 000000000..3d75a8d40 --- /dev/null +++ b/base/ra/apache/docroot/ee/scep/index.vm @@ -0,0 +1,83 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> +<html> + +<title>RA End-Entity</title> + <link rel="shortcut icon" href="/pki/images/favicon.ico" /> + <link rel="stylesheet" href="/pki/css/pki-base.css" type="text/css" /> + <META http-equiv=Content-Type content="text/html; charset=UTF-8"> + +</head> +<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366"> + +#include ( "header.vm" ) + +<div id="mainNavOuter"> +<div id="mainNav"> +<div id="mainNavInner"> + +</div><!-- end mainNavInner --> +</div><!-- end mainNav --> +</div><!-- end mainNavOuter --> + + +<div id="bar"> + +<div id="systembar"> +<div id="systembarinner"> + +<div> + - +</div> + + +</div> +</div> + +</div> + + +<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> +<a href="/ee/index.cgi">RA Services</a> : <a href="/ee/scep/index.cgi">SCEP Enrollment</a><br /> +</font><br> +<p> +In the SCEP enrollment, a manager must firstly submit a one-time pin creation request to the RA. RA Agent will then approve and generate an one-time pin. The pin will be returned to the manager who will give the pin to a local router installer. The router installer visits the enrollment form where certificate request, one time pin and other necessary information are submitted. The system will issue the certificate immediately. +<p> +<center> +<table border="0" cellspacing="0" cellpadding="0"> +<tr valign="TOP"> +<td> +<font size=4 face="PrimaSans BT, Verdana, sans-serif"> +<li><a href="manager.cgi">Request Submission - Manager</a></li> +</font> +</td> +</tr> +<tr valign="TOP"> +<td> +<font size=4 face="PrimaSans BT, Verdana, sans-serif"> +<li><a href="installer.cgi">SCEP Enrollment - Installer</a></li> +</font> +</td> +</tr> +</table> +</center> +#include ( "footer.vm" ) + +</body> +</html> diff --git a/base/ra/apache/docroot/ee/scep/installer.cgi b/base/ra/apache/docroot/ee/scep/installer.cgi new file mode 100755 index 000000000..8453c2cc4 --- /dev/null +++ b/base/ra/apache/docroot/ee/scep/installer.cgi @@ -0,0 +1,74 @@ +#!/usr/bin/perl +# +# --- BEGIN COPYRIGHT BLOCK --- +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; version 2 of the License. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# +# Copyright (C) 2007 Red Hat, Inc. +# All rights reserved. +# --- END COPYRIGHT BLOCK --- +# +# +# +# + +package op; + +use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; + +use CGI; +use PKI::Service::Op; +use Template::Velocity; +use PKI::Base::Conf; +use PKI::Base::Registry; + +use vars qw (@ISA); +use PKI::Service::Op; +@ISA = qw(PKI::Service::Op); + +sub new { + my $self = {}; + bless ($self); + return $self; +} + +sub process() +{ + my $self = shift; + my $q = CGI->new(); + + my $docroot = PKI::Base::Registry->get_docroot(); + my $parser = PKI::Base::Registry->get_parser(); + my $cfg = PKI::Base::Registry->get_config(); + + $self->debug_params($cfg, $q); + + my %context; + $context{machine} = $cfg->get("service.machineName"); + $context{port} = $cfg->get("service.unsecurePort"); + + my $result = $parser->execute_file_with_context("ee/scep/installer.vm", + \%context); + + my $xml = $q->param('xml'); + if ($xml eq "true") { + print "Content-Type: text/xml\n\n"; + print $self->xml_output(\%context); + } else { + print "Content-Type: text/html\n\n"; + print "$result"; + } +} + +my $op = op->new(); +$op->execute(); diff --git a/base/ra/apache/docroot/ee/scep/installer.vm b/base/ra/apache/docroot/ee/scep/installer.vm new file mode 100644 index 000000000..be9f969ac --- /dev/null +++ b/base/ra/apache/docroot/ee/scep/installer.vm @@ -0,0 +1,73 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> +<html> + +<title>SCEP Router Request Using a One-Time Pin</title> + <link rel="shortcut icon" href="/pki/images/favicon.ico" /> + <link rel="stylesheet" href="/pki/css/pki-base.css" type="text/css" /> + <META http-equiv=Content-Type content="text/html; charset=UTF-8"> + +</head> +<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366"> + +#include ( "header.vm" ) + +<div id="mainNavOuter"> +<div id="mainNav"> +<div id="mainNavInner"> + +</div><!-- end mainNavInner --> +</div><!-- end mainNav --> +</div><!-- end mainNavOuter --> + + +<div id="bar"> + +<div id="systembar"> +<div id="systembarinner"> + +<div> + - +</div> + + +</div> +</div> + +</div> + + +<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> +<a href="/ee/index.cgi">RA Services</a> : +<a href="/ee/scep/index.cgi">SCEP Enrollment</a><br /> +Installer Interface +</font><br> +<p> +This form is for router installer to request a certificate with the given one time pin. +<p> +<center> +The SCEP enrollment URL for the router is: +<br/> +<br/> +http://$machine:$port/ee/scep/pkiclient.cgi +</center> +#include ( "footer.vm" ) + +</body> +</html> diff --git a/base/ra/apache/docroot/ee/scep/manager.cgi b/base/ra/apache/docroot/ee/scep/manager.cgi new file mode 100755 index 000000000..8b547a928 --- /dev/null +++ b/base/ra/apache/docroot/ee/scep/manager.cgi @@ -0,0 +1,68 @@ +#!/usr/bin/perl +# +# --- BEGIN COPYRIGHT BLOCK --- +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; version 2 of the License. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# +# Copyright (C) 2007 Red Hat, Inc. +# All rights reserved. +# --- END COPYRIGHT BLOCK --- +# +# +# +# + +package op; + +use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; + +use CGI; +use PKI::Service::Op; +use Template::Velocity; +use PKI::Base::Registry; + +use vars qw (@ISA); +use PKI::Service::Op; +@ISA = qw(PKI::Service::Op); + +sub new { + my $self = {}; + bless ($self); + return $self; +} + +sub process() +{ + my $self = shift; + my $q = CGI->new(); + + my $docroot = PKI::Base::Registry->get_docroot(); + my $parser = PKI::Base::Registry->get_parser(); + my $cfg = PKI::Base::Registry->get_config(); + + my %context; + my $result = $parser->execute_file_with_context("ee/scep/manager.vm", + \%context); + + my $xml = $q->param('xml'); + if ($xml eq "true") { + print "Content-Type: text/xml\n\n"; + print $self->xml_output(\%context); + } else { + print "Content-Type: text/html\n\n"; + print "$result"; + } +} + +my $op = op->new(); +$op->execute(); diff --git a/base/ra/apache/docroot/ee/scep/manager.vm b/base/ra/apache/docroot/ee/scep/manager.vm new file mode 100644 index 000000000..e5b6abed5 --- /dev/null +++ b/base/ra/apache/docroot/ee/scep/manager.vm @@ -0,0 +1,123 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> +<html> + +<title>SCEP Router Manager Request for a One-Time Pin</title> + <link rel="shortcut icon" href="/pki/images/favicon.ico" /> + <link rel="stylesheet" href="/pki/css/pki-base.css" type="text/css" /> + <META http-equiv=Content-Type content="text/html; charset=UTF-8"> + +</head> +<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366"> + +#include ( "header.vm" ) + +<div id="mainNavOuter"> +<div id="mainNav"> +<div id="mainNavInner"> + +</div><!-- end mainNavInner --> +</div><!-- end mainNav --> +</div><!-- end mainNavOuter --> + + +<div id="bar"> + +<div id="systembar"> +<div id="systembarinner"> + +<div> + - +</div> + + +</div> +</div> + +</div> + + +<SCRIPT LANGUAGE="JavaScript"> + +function validate() +{ + var c = document.enrollment.client_id.value; + if (c == '') { + alert("client id is empty"); + return false; + } + var s = document.enrollment.site_id.value; + if (s == '') { + alert("site id is empty"); + return false; + } + var e = document.enrollment.email.value; + if (e == '') { + alert("email is empty"); + return false; + } +} + +</SCRIPT> + +<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> +<a href="/ee/index.cgi">RA Services</a> : +<a href="/ee/scep/index.cgi">SCEP Enrollment</a><br /> +Manager Interface +</font><br> +<p> +This form is for manager to request for a one time pin so that router installer can request for a certificate. +<p> +<script language=javascript> +<!-- + if (navigator.appName == "Microsoft Internet Explorer") { + document.writeln('<form name="enrollment" method=post action="submit.cgi">'); } else { + document.writeln('<form name="enrollment" onSubmit="return validate();" method=post action="submit.cgi">'); } +--> +</script> + +<center> +<table border="0" cellspacing="1" cellpadding="1"> +<tr> + <td width=20%>Client ID:</td> + <td><input type=text name=client_id value="" ></td> +</tr> +<tr> + <td>Site ID (IP Address):</td> + <td><input type=text name=site_id value=""></td> +</tr> +<tr> + <td>Your Email:</td> + <td><input type=text name=email value=""></td> +</tr> +<tr> + <td> </td> + <td> </td> +</tr> +<tr> + <td><input type=submit name=Submit value="Submit"></td> + <td></td> +</tr> +</table> +</form> +</center> +#include ( "footer.vm" ) + +</body> +</html> diff --git a/base/ra/apache/docroot/ee/scep/pkiclient.cgi b/base/ra/apache/docroot/ee/scep/pkiclient.cgi new file mode 100755 index 000000000..a54558f37 --- /dev/null +++ b/base/ra/apache/docroot/ee/scep/pkiclient.cgi @@ -0,0 +1,113 @@ +#!/usr/bin/perl +# +# --- BEGIN COPYRIGHT BLOCK --- +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; version 2 of the License. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# +# Copyright (C) 2007 Red Hat, Inc. +# All rights reserved. +# --- END COPYRIGHT BLOCK --- +# +# +# +# + +package op; + +use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; + +use MIME::Base64; +use URI::URL; +use URI::Escape; +use XML::Simple; +use CGI; +use PKI::Base::Conf; +use PKI::Base::Util; +use PKI::Service::Op; +use Template::Velocity; +use PKI::Conn::CA; +use PKI::Base::PinStore; +use PKI::Base::Registry; + +use vars qw (@ISA); +use PKI::Service::Op; +@ISA = qw(PKI::Service::Op); + +sub new { + my $self = {}; + bless ($self); + return $self; +} + +sub process() +{ + my $self = shift; + my $q = CGI->new(); + + my $util = PKI::Base::Util->new(); + + my $docroot = PKI::Base::Registry->get_docroot(); + my $parser = PKI::Base::Registry->get_parser(); + my $cfg = PKI::Base::Registry->get_config(); + + $self->debug_params($cfg, $q); + + my $operation = $util->get_alphanum_val($q->param('operation')); + my $message = $util->get_val($q->param('message')); + $message = uri_escape($message); + + my $ca = PKI::Conn::CA->new(); + $ca->open($cfg); + if ($operation eq "GetCACert") { + my $content = $ca->scep_get_ca_cert("ca1", $operation, $message); + + print "Content-Type: application/x-x509-ca-cert\n\n"; + print $content; + } elsif ($operation eq "PKIOperation") { + my $decoded = $ca->scep_decode("ca1", $operation, $message); + $decoded =~ /(\<XMLResponse\>.*\<\/XMLResponse\>)/; + $decoded = $1; + my $parser = XML::Simple->new(); + my $response = $parser->XMLin($decoded); + + # one time pin + my $pin = $response->{'PKCS10'}->{'ChallengePassword'}->{'Password'} ; + # IP Address + my $key = $ENV{'REMOTE_ADDR'}; + + # check PIN + if (1) { + my $pin_store = PKI::Base::PinStore->new(); + $pin_store->open($cfg); + my $pinref = $pin_store->read_pin($key); + if (defined($pinref) && $pinref->{'pin'} eq $pin) { + $pin_store->delete($key); + } else { + $pin_store->close(); + # XXX - return SCEP error + print $q->redirect("/ee/scep/installer.cgi"); + return; + } + $pin_store->close(); + } + + my $content = $ca->scep_pki_message("ca1", $operation, $message); + + print "Content-Type: application/x-pki-message\n\n"; + print $content; + } + $ca->close(); +} + +my $op = op->new(); +$op->execute(); diff --git a/base/ra/apache/docroot/ee/scep/submit.cgi b/base/ra/apache/docroot/ee/scep/submit.cgi new file mode 100755 index 000000000..b3dfd7a5d --- /dev/null +++ b/base/ra/apache/docroot/ee/scep/submit.cgi @@ -0,0 +1,91 @@ +#!/usr/bin/perl +# +# --- BEGIN COPYRIGHT BLOCK --- +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; version 2 of the License. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# +# Copyright (C) 2007 Red Hat, Inc. +# All rights reserved. +# --- END COPYRIGHT BLOCK --- +# +# +# +# + +package op; + +use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; + +use DBI; +use CGI; +use PKI::Service::Op; +use PKI::Base::Conf; +use PKI::Base::Util; +use PKI::Request::Queue; +use Template::Velocity; +use PKI::Base::Registry; + +use vars qw (@ISA); +use PKI::Service::Op; +@ISA = qw(PKI::Service::Op); + +sub new { + my $self = {}; + bless ($self); + return $self; +} + +sub process() +{ + my $self = shift; + my $q = CGI->new(); + + my $util = PKI::Base::Util->new(); + + my $client_id = $util->get_val($q->param('client_id')); + my $site_id = $util->get_val($q->param('site_id')); + my $email = $util->get_val($q->param('email')); + + my $docroot = PKI::Base::Registry->get_docroot(); + my $parser = PKI::Base::Registry->get_parser(); + my $cfg = PKI::Base::Registry->get_config(); + + $self->debug_params($cfg, $q); + + my $queue = PKI::Request::Queue->new(); + $queue->open($cfg); + my $request_id = $queue->create_request("scep", + "client_id=" . $client_id . ";" . + "site_id=" . $site_id, + "0", + $email); + my %context; + $context{request_id} = $util->html_encode($request_id); + $self->debug_log($cfg, "request $request_id created"); + $queue->close(); + + my $result = $parser->execute_file_with_context("ee/scep/submit.vm", + \%context); + + my $xml = $q->param('xml'); + if ($xml eq "true") { + print "Content-Type: text/xml\n\n"; + print $self->xml_output(\%context); + } else { + print "Content-Type: text/html\n\n"; + print "$result"; + } +} + +my $op = op->new(); +$op->execute(); diff --git a/base/ra/apache/docroot/ee/scep/submit.vm b/base/ra/apache/docroot/ee/scep/submit.vm new file mode 100644 index 000000000..6786bf936 --- /dev/null +++ b/base/ra/apache/docroot/ee/scep/submit.vm @@ -0,0 +1,76 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> +<html> + +<title>SCEP Router Request Submission</title> + <link rel="shortcut icon" href="/pki/images/favicon.ico" /> + <link rel="stylesheet" href="/pki/css/pki-base.css" type="text/css" /> + <META http-equiv=Content-Type content="text/html; charset=UTF-8"> + +</head> +<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366"> + +#include ( "header.vm" ) + +<div id="mainNavOuter"> +<div id="mainNav"> +<div id="mainNavInner"> + +</div><!-- end mainNavInner --> +</div><!-- end mainNav --> +</div><!-- end mainNavOuter --> + + +<div id="bar"> + +<div id="systembar"> +<div id="systembarinner"> + +<div> + - +</div> + + +</div> +</div> + +</div> + + +<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> +<a href="/ee/index.cgi">RA Services</a> : +<a href="/ee/scep/index.cgi">SCEP Enrollment</a><br /> +Manager Interface +</font><br> +<p> +Your request has been successfully submitted. +<p> +<center> +<table border="0" cellspacing="1" cellpadding="1"> +<tr> + <td width=20%>Request ID:</td> + <td><a href="/ee/request/status.cgi?id=$request_id">$request_id</a></td> +</tr> +</table> +</form> +</center> +#include ( "footer.vm" ) + +</body> +</html> |