diff options
Diffstat (limited to 'pki/base/ra')
111 files changed, 0 insertions, 17651 deletions
diff --git a/pki/base/ra/CMakeLists.txt b/pki/base/ra/CMakeLists.txt deleted file mode 100644 index 59910fe95..000000000 --- a/pki/base/ra/CMakeLists.txt +++ /dev/null @@ -1,76 +0,0 @@ -project(ra) - -add_subdirectory(doc) -add_subdirectory(setup) - -# install init script -install( - FILES - etc/init.d/pki-rad - DESTINATION - ${SYSCONF_INSTALL_DIR}/rc.d/init.d - PERMISSIONS - OWNER_EXECUTE OWNER_WRITE OWNER_READ - GROUP_EXECUTE GROUP_READ - WORLD_EXECUTE WORLD_READ -) - -install( - DIRECTORY - apache/conf/ - DESTINATION - ${SHARE_INSTALL_PREFIX}/${APPLICATION_NAME}/${PROJECT_NAME}/conf -) - -install( - DIRECTORY - emails/ - DESTINATION - ${SHARE_INSTALL_PREFIX}/${APPLICATION_NAME}/${PROJECT_NAME}/conf -) - -install( - DIRECTORY - forms/ - DESTINATION - ${SHARE_INSTALL_PREFIX}/${APPLICATION_NAME}/${PROJECT_NAME}/docroot -) - -install( - DIRECTORY - lib/ - DESTINATION - ${SHARE_INSTALL_PREFIX}/${APPLICATION_NAME}/${PROJECT_NAME}/lib -) - -install( - FILES - scripts/nss_pcache - DESTINATION - ${SHARE_INSTALL_PREFIX}/${APPLICATION_NAME}/${PROJECT_NAME}/scripts - PERMISSIONS - OWNER_EXECUTE OWNER_WRITE OWNER_READ - GROUP_EXECUTE GROUP_READ - WORLD_EXECUTE WORLD_READ -) - -install( - FILES - scripts/schema.sql - DESTINATION - ${SHARE_INSTALL_PREFIX}/${APPLICATION_NAME}/${PROJECT_NAME}/scripts -) - -# install empty directories -install( - DIRECTORY - DESTINATION - ${VAR_INSTALL_DIR}/lock/pki/ra -) - -install( - DIRECTORY - DESTINATION - ${VAR_INSTALL_DIR}/run/pki/ra -) - diff --git a/pki/base/ra/LICENSE b/pki/base/ra/LICENSE deleted file mode 100644 index e281f4362..000000000 --- a/pki/base/ra/LICENSE +++ /dev/null @@ -1,291 +0,0 @@ -This Program is free software; you can redistribute it and/or modify -it under the terms of the GNU General Public License as published -by the Free Software Foundation; version 2 of the License. - -This Program is distributed in the hope that it will be useful, but -WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY -or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License -for more details. - -You should have received a copy of the GNU General Public License -along with this Program; if not, write to the Free Software -Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. - - GNU GENERAL PUBLIC LICENSE - Version 2, June 1991 - - Copyright (C) 1989, 1991 Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA - Everyone is permitted to copy and distribute verbatim copies - of this license document, but changing it is not allowed. - - Preamble - - The licenses for most software are designed to take away your -freedom to share and change it. By contrast, the GNU General Public -License is intended to guarantee your freedom to share and change free -software--to make sure the software is free for all its users. This -General Public License applies to most of the Free Software -Foundation's software and to any other program whose authors commit to -using it. (Some other Free Software Foundation software is covered by -the GNU Lesser General Public License instead.) You can apply it to -your programs, too. - - When we speak of free software, we are referring to freedom, not -price. Our General Public Licenses are designed to make sure that you -have the freedom to distribute copies of free software (and charge for -this service if you wish), that you receive source code or can get it -if you want it, that you can change the software or use pieces of it -in new free programs; and that you know you can do these things. - - To protect your rights, we need to make restrictions that forbid -anyone to deny you these rights or to ask you to surrender the rights. -These restrictions translate to certain responsibilities for you if you -distribute copies of the software, or if you modify it. - - For example, if you distribute copies of such a program, whether -gratis or for a fee, you must give the recipients all the rights that -you have. You must make sure that they, too, receive or can get the -source code. And you must show them these terms so they know their -rights. - - We protect your rights with two steps: (1) copyright the software, and -(2) offer you this license which gives you legal permission to copy, -distribute and/or modify the software. - - Also, for each author's protection and ours, we want to make certain -that everyone understands that there is no warranty for this free -software. If the software is modified by someone else and passed on, we -want its recipients to know that what they have is not the original, so -that any problems introduced by others will not reflect on the original -authors' reputations. - - Finally, any free program is threatened constantly by software -patents. We wish to avoid the danger that redistributors of a free -program will individually obtain patent licenses, in effect making the -program proprietary. To prevent this, we have made it clear that any -patent must be licensed for everyone's free use or not licensed at all. - - The precise terms and conditions for copying, distribution and -modification follow. - - GNU GENERAL PUBLIC LICENSE - TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION - - 0. This License applies to any program or other work which contains -a notice placed by the copyright holder saying it may be distributed -under the terms of this General Public License. The "Program", below, -refers to any such program or work, and a "work based on the Program" -means either the Program or any derivative work under copyright law: -that is to say, a work containing the Program or a portion of it, -either verbatim or with modifications and/or translated into another -language. (Hereinafter, translation is included without limitation in -the term "modification".) Each licensee is addressed as "you". - -Activities other than copying, distribution and modification are not -covered by this License; they are outside its scope. The act of -running the Program is not restricted, and the output from the Program -is covered only if its contents constitute a work based on the -Program (independent of having been made by running the Program). -Whether that is true depends on what the Program does. - - 1. You may copy and distribute verbatim copies of the Program's -source code as you receive it, in any medium, provided that you -conspicuously and appropriately publish on each copy an appropriate -copyright notice and disclaimer of warranty; keep intact all the -notices that refer to this License and to the absence of any warranty; -and give any other recipients of the Program a copy of this License -along with the Program. - -You may charge a fee for the physical act of transferring a copy, and -you may at your option offer warranty protection in exchange for a fee. - - 2. You may modify your copy or copies of the Program or any portion -of it, thus forming a work based on the Program, and copy and -distribute such modifications or work under the terms of Section 1 -above, provided that you also meet all of these conditions: - - a) You must cause the modified files to carry prominent notices - stating that you changed the files and the date of any change. - - b) You must cause any work that you distribute or publish, that in - whole or in part contains or is derived from the Program or any - part thereof, to be licensed as a whole at no charge to all third - parties under the terms of this License. - - c) If the modified program normally reads commands interactively - when run, you must cause it, when started running for such - interactive use in the most ordinary way, to print or display an - announcement including an appropriate copyright notice and a - notice that there is no warranty (or else, saying that you provide - a warranty) and that users may redistribute the program under - these conditions, and telling the user how to view a copy of this - License. (Exception: if the Program itself is interactive but - does not normally print such an announcement, your work based on - the Program is not required to print an announcement.) - -These requirements apply to the modified work as a whole. If -identifiable sections of that work are not derived from the Program, -and can be reasonably considered independent and separate works in -themselves, then this License, and its terms, do not apply to those -sections when you distribute them as separate works. But when you -distribute the same sections as part of a whole which is a work based -on the Program, the distribution of the whole must be on the terms of -this License, whose permissions for other licensees extend to the -entire whole, and thus to each and every part regardless of who wrote it. - -Thus, it is not the intent of this section to claim rights or contest -your rights to work written entirely by you; rather, the intent is to -exercise the right to control the distribution of derivative or -collective works based on the Program. - -In addition, mere aggregation of another work not based on the Program -with the Program (or with a work based on the Program) on a volume of -a storage or distribution medium does not bring the other work under -the scope of this License. - - 3. You may copy and distribute the Program (or a work based on it, -under Section 2) in object code or executable form under the terms of -Sections 1 and 2 above provided that you also do one of the following: - - a) Accompany it with the complete corresponding machine-readable - source code, which must be distributed under the terms of Sections - 1 and 2 above on a medium customarily used for software interchange; or, - - b) Accompany it with a written offer, valid for at least three - years, to give any third party, for a charge no more than your - cost of physically performing source distribution, a complete - machine-readable copy of the corresponding source code, to be - distributed under the terms of Sections 1 and 2 above on a medium - customarily used for software interchange; or, - - c) Accompany it with the information you received as to the offer - to distribute corresponding source code. (This alternative is - allowed only for noncommercial distribution and only if you - received the program in object code or executable form with such - an offer, in accord with Subsection b above.) - -The source code for a work means the preferred form of the work for -making modifications to it. For an executable work, complete source -code means all the source code for all modules it contains, plus any -associated interface definition files, plus the scripts used to -control compilation and installation of the executable. However, as a -special exception, the source code distributed need not include -anything that is normally distributed (in either source or binary -form) with the major components (compiler, kernel, and so on) of the -operating system on which the executable runs, unless that component -itself accompanies the executable. - -If distribution of executable or object code is made by offering -access to copy from a designated place, then offering equivalent -access to copy the source code from the same place counts as -distribution of the source code, even though third parties are not -compelled to copy the source along with the object code. - - 4. You may not copy, modify, sublicense, or distribute the Program -except as expressly provided under this License. Any attempt -otherwise to copy, modify, sublicense or distribute the Program is -void, and will automatically terminate your rights under this License. -However, parties who have received copies, or rights, from you under -this License will not have their licenses terminated so long as such -parties remain in full compliance. - - 5. You are not required to accept this License, since you have not -signed it. However, nothing else grants you permission to modify or -distribute the Program or its derivative works. These actions are -prohibited by law if you do not accept this License. Therefore, by -modifying or distributing the Program (or any work based on the -Program), you indicate your acceptance of this License to do so, and -all its terms and conditions for copying, distributing or modifying -the Program or works based on it. - - 6. Each time you redistribute the Program (or any work based on the -Program), the recipient automatically receives a license from the -original licensor to copy, distribute or modify the Program subject to -these terms and conditions. You may not impose any further -restrictions on the recipients' exercise of the rights granted herein. -You are not responsible for enforcing compliance by third parties to -this License. - - 7. If, as a consequence of a court judgment or allegation of patent -infringement or for any other reason (not limited to patent issues), -conditions are imposed on you (whether by court order, agreement or -otherwise) that contradict the conditions of this License, they do not -excuse you from the conditions of this License. If you cannot -distribute so as to satisfy simultaneously your obligations under this -License and any other pertinent obligations, then as a consequence you -may not distribute the Program at all. For example, if a patent -license would not permit royalty-free redistribution of the Program by -all those who receive copies directly or indirectly through you, then -the only way you could satisfy both it and this License would be to -refrain entirely from distribution of the Program. - -If any portion of this section is held invalid or unenforceable under -any particular circumstance, the balance of the section is intended to -apply and the section as a whole is intended to apply in other -circumstances. - -It is not the purpose of this section to induce you to infringe any -patents or other property right claims or to contest validity of any -such claims; this section has the sole purpose of protecting the -integrity of the free software distribution system, which is -implemented by public license practices. Many people have made -generous contributions to the wide range of software distributed -through that system in reliance on consistent application of that -system; it is up to the author/donor to decide if he or she is willing -to distribute software through any other system and a licensee cannot -impose that choice. - -This section is intended to make thoroughly clear what is believed to -be a consequence of the rest of this License. - - 8. If the distribution and/or use of the Program is restricted in -certain countries either by patents or by copyrighted interfaces, the -original copyright holder who places the Program under this License -may add an explicit geographical distribution limitation excluding -those countries, so that distribution is permitted only in or among -countries not thus excluded. In such case, this License incorporates -the limitation as if written in the body of this License. - - 9. The Free Software Foundation may publish revised and/or new versions -of the General Public License from time to time. Such new versions will -be similar in spirit to the present version, but may differ in detail to -address new problems or concerns. - -Each version is given a distinguishing version number. If the Program -specifies a version number of this License which applies to it and "any -later version", you have the option of following the terms and conditions -either of that version or of any later version published by the Free -Software Foundation. If the Program does not specify a version number of -this License, you may choose any version ever published by the Free Software -Foundation. - - 10. If you wish to incorporate parts of the Program into other free -programs whose distribution conditions are different, write to the author -to ask for permission. For software which is copyrighted by the Free -Software Foundation, write to the Free Software Foundation; we sometimes -make exceptions for this. Our decision will be guided by the two goals -of preserving the free status of all derivatives of our free software and -of promoting the sharing and reuse of software generally. - - NO WARRANTY - - 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY -FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN -OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES -PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED -OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF -MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS -TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE -PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, -REPAIR OR CORRECTION. - - 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING -WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR -REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, -INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING -OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED -TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY -YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER -PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE -POSSIBILITY OF SUCH DAMAGES. diff --git a/pki/base/ra/apache/conf/httpd.conf b/pki/base/ra/apache/conf/httpd.conf deleted file mode 100644 index 9f81b646d..000000000 --- a/pki/base/ra/apache/conf/httpd.conf +++ /dev/null @@ -1,1074 +0,0 @@ -# -# Based upon the NCSA server configuration files originally by Rob McCool. -# -# This is the main Apache server configuration file. It contains the -# configuration directives that give the server its instructions. -# See <URL:http://httpd.apache.org/docs-2.0/> for detailed information about -# the directives. -# -# Do NOT simply read the instructions in here without understanding -# what they do. They're here only as hints or reminders. If you are unsure -# consult the online docs. You have been warned. -# -# The configuration directives are grouped into three basic sections: -# 1. Directives that control the operation of the Apache server process as a -# whole (the 'global environment'). -# 2. Directives that define the parameters of the 'main' or 'default' server, -# which responds to requests that aren't handled by a virtual host. -# These directives also provide default values for the settings -# of all virtual hosts. -# 3. Settings for virtual hosts, which allow Web requests to be sent to -# different IP addresses or hostnames and have them handled by the -# same Apache server process. -# -# Configuration and logfile names: If the filenames you specify for many -# of the server's control files begin with "/" (or "drive:/" for Win32), the -# server will use that explicit path. If the filenames do *not* begin -# with "/", the value of ServerRoot is prepended -- so "logs/foo.log" -# with ServerRoot set to "/export/apache" will be interpreted by the -# server as "/export/apache/logs/foo.log". -# - -### Section 1: Global Environment -# -# The directives in this section affect the overall operation of Apache, -# such as the number of concurrent requests it can handle or where it -# can find its configuration files. -# - -# -# ServerRoot: The top of the directory tree under which the server's -# configuration, error, and log files are kept. -# -# NOTE! If you intend to place this on an NFS (or otherwise network) -# mounted filesystem then please read the LockFile documentation (available -# at <URL:http://httpd.apache.org/docs-2.0/mod/mpm_common.html#lockfile>); -# you will save yourself a lot of trouble. -# -# Do NOT add a slash at the end of the directory path. -# -ServerRoot "[SERVER_ROOT]" - -# -# The accept serialization lock file MUST BE STORED ON A LOCAL DISK. -# -<IfModule !mpm_winnt.c> -<IfModule !mpm_netware.c> -#LockFile logs/accept.lock -</IfModule> -</IfModule> - -# -# ScoreBoardFile: File used to store internal server process information. -# If unspecified (the default), the scoreboard will be stored in an -# anonymous shared memory segment, and will be unavailable to third-party -# applications. -# If specified, ensure that no two invocations of Apache share the same -# scoreboard file. The scoreboard file MUST BE STORED ON A LOCAL DISK. -# -<IfModule !mpm_netware.c> -<IfModule !perchild.c> -#ScoreBoardFile logs/apache_runtime_status -</IfModule> -</IfModule> - - -# -# PidFile: The file in which the server should record its process -# identification number when it starts. -# -<IfModule !mpm_netware.c> -PidFile run/[PKI_INSTANCE_ID].pid -</IfModule> - -# -# Timeout: The number of seconds before receives and sends time out. -# -Timeout 300 - -# -# KeepAlive: Whether or not to allow persistent connections (more than -# one request per connection). Set to "Off" to deactivate. -# -KeepAlive On - -# -# MaxKeepAliveRequests: The maximum number of requests to allow -# during a persistent connection. Set to 0 to allow an unlimited amount. -# We recommend you leave this number high, for maximum performance. -# -MaxKeepAliveRequests 100 - -# -# KeepAliveTimeout: Number of seconds to wait for the next request from the -# same client on the same connection. -# -KeepAliveTimeout 15 - -## -## Server-Pool Size Regulation (MPM specific) -## - -# prefork MPM -# StartServers: number of server processes to start -# MinSpareServers: minimum number of server processes which are kept spare -# MaxSpareServers: maximum number of server processes which are kept spare -# MaxClients: maximum number of server processes allowed to start -# MaxRequestsPerChild: maximum number of requests a server process serves -<IfModule prefork.c> -StartServers 5 -MinSpareServers 5 -MaxSpareServers 10 -MaxClients 150 -MaxRequestsPerChild 0 -</IfModule> - -# worker MPM -# StartServers: initial number of server processes to start -# MaxClients: maximum number of simultaneous client connections -# MinSpareThreads: minimum number of worker threads which are kept spare -# MaxSpareThreads: maximum number of worker threads which are kept spare -# ThreadsPerChild: constant number of worker threads in each server process -# MaxRequestsPerChild: maximum number of requests a server process serves -<IfModule worker.c> -ServerLimit 1 -StartServers 1 -MaxClients 64 -MinSpareThreads 1 -MaxSpareThreads 75 -ThreadsPerChild 64 -MaxRequestsPerChild 0 -</IfModule> - -# perchild MPM -# NumServers: constant number of server processes -# StartThreads: initial number of worker threads in each server process -# MinSpareThreads: minimum number of worker threads which are kept spare -# MaxSpareThreads: maximum number of worker threads which are kept spare -# MaxThreadsPerChild: maximum number of worker threads in each server process -# MaxRequestsPerChild: maximum number of connections per server process -<IfModule perchild.c> -NumServers 5 -StartThreads 5 -MinSpareThreads 5 -MaxSpareThreads 10 -MaxThreadsPerChild 20 -MaxRequestsPerChild 0 -</IfModule> - -# WinNT MPM -# ThreadsPerChild: constant number of worker threads in the server process -# MaxRequestsPerChild: maximum number of requests a server process serves -<IfModule mpm_winnt.c> -ThreadsPerChild 250 -MaxRequestsPerChild 0 -</IfModule> - -# BeOS MPM -# StartThreads: how many threads do we initially spawn? -# MaxClients: max number of threads we can have (1 thread == 1 client) -# MaxRequestsPerThread: maximum number of requests each thread will process -<IfModule beos.c> -StartThreads 10 -MaxClients 50 -MaxRequestsPerThread 10000 -</IfModule> - -# NetWare MPM -# ThreadStackSize: Stack size allocated for each worker thread -# StartThreads: Number of worker threads launched at server startup -# MinSpareThreads: Minimum number of idle threads, to handle request spikes -# MaxSpareThreads: Maximum number of idle threads -# MaxThreads: Maximum number of worker threads alive at the same time -# MaxRequestsPerChild: Maximum number of requests a thread serves. It is -# recommended that the default value of 0 be set for this -# directive on NetWare. This will allow the thread to -# continue to service requests indefinitely. -<IfModule mpm_netware.c> -ThreadStackSize 65536 -StartThreads 250 -MinSpareThreads 25 -MaxSpareThreads 250 -MaxThreads 1000 -MaxRequestsPerChild 0 -MaxMemFree 100 -</IfModule> - -# OS/2 MPM -# StartServers: Number of server processes to maintain -# MinSpareThreads: Minimum number of idle threads per process, -# to handle request spikes -# MaxSpareThreads: Maximum number of idle threads per process -# MaxRequestsPerChild: Maximum number of connections per server process -<IfModule mpmt_os2.c> -StartServers 2 -MinSpareThreads 5 -MaxSpareThreads 10 -MaxRequestsPerChild 0 -</IfModule> - -# -# Listen: Allows you to bind Apache to specific IP addresses and/or -# ports, instead of the default. See also the <VirtualHost> -# directive. -# -# Change this to Listen on specific IP addresses as shown below to -# prevent Apache from glomming onto all bound IP addresses (0.0.0.0) -# -#Listen 12.34.56.78:80 - -Listen [PORT] - -# -# Dynamic Shared Object (DSO) Support -# -# To be able to use the functionality of a module which was built as a DSO you -# have to place corresponding `LoadModule' lines at this location so the -# directives contained in it are actually available _before_ they are used. -# Statically compiled modules (those listed by `httpd -l') do not need -# to be loaded here. -# -# Example: -# LoadModule foo_module modules/mod_foo.so -# - -# Required modules for command 'Order': -[FORTITUDE_AUTH_MODULES] -# Required module for command 'UserDir': -LoadModule userdir_module [FORTITUDE_LIB_DIR]/modules/mod_userdir.so -# Required module for command 'DirectoryIndex': -LoadModule dir_module [FORTITUDE_LIB_DIR]/modules/mod_dir.so -# Required module for command 'TypesConfig': -LoadModule mime_module [FORTITUDE_LIB_DIR]/modules/mod_mime.so -# Required module for command 'LogFormat': -LoadModule log_config_module [FORTITUDE_LIB_DIR]/modules/mod_log_config.so -# Required module for command 'Alias': -LoadModule alias_module [FORTITUDE_LIB_DIR]/modules/mod_alias.so -# Required module for command 'SetEnvIf': -LoadModule setenvif_module [FORTITUDE_LIB_DIR]/modules/mod_setenvif.so -# Required module for command 'IndexOptions': -LoadModule autoindex_module [FORTITUDE_LIB_DIR]/modules/mod_autoindex.so -# Required module for command 'LanguagePriority': -LoadModule negotiation_module [FORTITUDE_LIB_DIR]/modules/mod_negotiation.so -# Required module for command 'CGI Scripts': -LoadModule cgi_module [FORTITUDE_LIB_DIR]/modules/mod_cgi.so -# Required module for commands in nss.conf: -[FORTITUDE_NSS_MODULES] - -<Location /nk_service> - SetHandler nk_service -</Location> - -<Location /tus> - SetHandler tus -</Location> - -# -# Load config files from the config directory "/etc/[PKI_INSTANCE_ID]/conf.d". -# -#Include conf.d/*.conf -Include [SERVER_ROOT]/conf/perl.conf - -# -# ExtendedStatus controls whether Apache will generate "full" status -# information (ExtendedStatus On) or just basic information (ExtendedStatus -# Off) when the "server-status" handler is called. The default is Off. -# -#ExtendedStatus On - -### Section 2: 'Main' server configuration -# -# The directives in this section set up the values used by the 'main' -# server, which responds to any requests that aren't handled by a -# <VirtualHost> definition. These values also provide defaults for -# any <VirtualHost> containers you may define later in the file. -# -# All of these directives may appear inside <VirtualHost> containers, -# in which case these default settings will be overridden for the -# virtual host being defined. -# - -<IfModule !mpm_winnt.c> -<IfModule !mpm_netware.c> -# -# If you wish [PKI_INSTANCE_ID] to run as a different user or group, you must run -# [PKI_INSTANCE_ID] as root initially and it will switch. -# -# User/Group: The name (or #number) of the user/group to run [PKI_INSTANCE_ID] as. -# . On SCO (ODT 3) use "User nouser" and "Group nogroup". -# . On HPUX you may not be able to use shared memory as nobody, and the -# suggested workaround is to create a user www and use that user. -# NOTE that some kernels refuse to setgid(Group) or semctl(IPC_SET) -# when the value of (unsigned)Group is above 60000; -# don't use Group #-1 on these systems! -# -User [PKI_USER] -Group [PKI_GROUP] -#Group #-1 -</IfModule> -</IfModule> - -# -# ServerAdmin: Your address, where problems with the server should be -# e-mailed. This address appears on some server-generated pages, such -# as error documents. e.g. admin@your-domain.com -# -ServerAdmin you@example.com - -# -# ServerName gives the name and port that the server uses to identify itself. -# This can often be determined automatically, but we recommend you specify -# it explicitly to prevent problems during startup. -# -# If this is not set to valid DNS name for your host, server-generated -# redirections will not work. See also the UseCanonicalName directive. -# -# If your host doesn't have a registered DNS name, enter its IP address here. -# You will have to access it by its address anyway, and this will make -# redirections work in a sensible way. -# -#ServerName www.example.com:80 - -# -# UseCanonicalName: Determines how Apache constructs self-referencing -# URLs and the SERVER_NAME and SERVER_PORT variables. -# When set "Off", Apache will use the Hostname and Port supplied -# by the client. When set "On", Apache will use the value of the -# ServerName directive. -# -UseCanonicalName Off - -# -# DocumentRoot: The directory out of which you will serve your -# documents. By default, all requests are taken from this directory, but -# symbolic links and aliases may be used to point to other locations. -# -DocumentRoot "[SERVER_ROOT]/docroot" - -# -# Each directory to which Apache has access can be configured with respect -# to which services and features are allowed and/or disabled in that -# directory (and its subdirectories). -# -# First, we configure the "default" to be a very restrictive set of -# features. -# -<Directory /> - Options FollowSymLinks - AllowOverride None -</Directory> - -# -# Note that from this point forward you must specifically allow -# particular features to be enabled - so if something's not working as -# you might expect, make sure that you have specifically enabled it -# below. -# - -# -# This should be changed to whatever you set DocumentRoot to. -# -<Directory "[SERVER_ROOT]/docroot"> - -# -# Possible values for the Options directive are "None", "All", -# or any combination of: -# Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews -# -# Note that "MultiViews" must be named *explicitly* --- "Options All" -# doesn't give it to you. -# -# The Options directive is both complicated and important. Please see -# http://httpd.apache.org/docs-2.0/mod/core.html#options -# for more information. -# - Options Indexes ExecCGI FollowSymLinks - -# -# AllowOverride controls what directives may be placed in .htaccess files. -# It can be "All", "None", or any combination of the keywords: -# Options FileInfo AuthConfig Limit -# - AllowOverride None - -# -# Controls who can get stuff from this server. -# - Order allow,deny - Allow from all - -</Directory> - -# -# UserDir: The name of the directory that is appended onto a user's home -# directory if a ~user request is received. -# -UserDir public_html - -# -# Control access to UserDir directories. The following is an example -# for a site where these directories are restricted to read-only. -# -#<Directory /home/*/public_html> -# AllowOverride FileInfo AuthConfig Limit Indexes -# Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec -# <Limit GET POST OPTIONS PROPFIND> -# Order allow,deny -# Allow from all -# </Limit> -# <LimitExcept GET POST OPTIONS PROPFIND> -# Order deny,allow -# Deny from all -# </LimitExcept> -#</Directory> - -# -# DirectoryIndex: sets the file that Apache will serve if a directory -# is requested. -# -# The index.html.var file (a type-map) is used to deliver content- -# negotiated documents. The MultiViews Option can be used for the -# same purpose, but it is much slower. -# -DirectoryIndex index.html index.html.var index.cgi - -# -# AccessFileName: The name of the file to look for in each directory -# for additional configuration directives. See also the AllowOverride -# directive. -# -AccessFileName .htaccess - -# -# The following lines prevent .htaccess and .htpasswd files from being -# viewed by Web clients. -# -<Files ~ "^\.ht"> - Order allow,deny - Deny from all -</Files> - -# -# TypesConfig describes where the mime.types file (or equivalent) is -# to be found. -# -TypesConfig conf/mime.types - -# -# DefaultType is the default MIME type the server will use for a document -# if it cannot otherwise determine one, such as from filename extensions. -# If your server contains mostly text or HTML documents, "text/plain" is -# a good value. If most of your content is binary, such as applications -# or images, you may want to use "application/octet-stream" instead to -# keep browsers from trying to display binary files as though they are -# text. -# -DefaultType text/plain - -# -# The mod_mime_magic module allows the server to use various hints from the -# contents of the file itself to determine its type. The MIMEMagicFile -# directive tells the module where the hint definitions are located. -# -<IfModule mod_mime_magic.c> - MIMEMagicFile conf/magic -</IfModule> - -# -# HostnameLookups: Log the names of clients or just their IP addresses -# e.g., www.apache.org (on) or 204.62.129.132 (off). -# The default is off because it'd be overall better for the net if people -# had to knowingly turn this feature on, since enabling it means that -# each client request will result in AT LEAST one lookup request to the -# nameserver. -# -HostnameLookups Off - -# -# EnableMMAP: Control whether memory-mapping is used to deliver -# files (assuming that the underlying OS supports it). -# The default is on; turn this off if you serve from NFS-mounted -# filesystems. On some systems, turning it off (regardless of -# filesystem) can improve performance; for details, please see -# http://httpd.apache.org/docs-2.0/mod/core.html#enablemmap -# -#EnableMMAP off - -# -# EnableSendfile: Control whether the sendfile kernel support is -# used to deliver files (assuming that the OS supports it). -# The default is on; turn this off if you serve from NFS-mounted -# filesystems. Please see -# http://httpd.apache.org/docs-2.0/mod/core.html#enablesendfile -# -#EnableSendfile off - -# -# ErrorLog: The location of the error log file. -# If you do not specify an ErrorLog directive within a <VirtualHost> -# container, error messages relating to that virtual host will be -# logged here. If you *do* define an error logfile for a <VirtualHost> -# container, that host's errors will be logged there and not here. -# -ErrorLog logs/error_log - -# -# LogLevel: Control the number of messages logged to the error_log. -# Possible values include: debug, info, notice, warn, error, crit, -# alert, emerg. -# -#LogLevel warn -LogLevel debug - -# -# The following directives define some format nicknames for use with -# a CustomLog directive (see below). -# -LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined -LogFormat "%h %l %u %t \"%r\" %>s %b" common -LogFormat "%{Referer}i -> %U" referer -LogFormat "%{User-agent}i" agent - -# You need to enable mod_logio.c to use %I and %O -#LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio - -# -# The location and format of the access logfile (Common Logfile Format). -# If you do not define any access logfiles within a <VirtualHost> -# container, they will be logged here. Contrariwise, if you *do* -# define per-<VirtualHost> access logfiles, transactions will be -# logged therein and *not* in this file. -# -CustomLog logs/access_log common - -# -# If you would like to have agent and referer logfiles, uncomment the -# following directives. -# -#CustomLog logs/referer_log referer -#CustomLog logs/agent_log agent - -# -# If you prefer a single logfile with access, agent, and referer information -# (Combined Logfile Format) you can use the following directive. -# -#CustomLog logs/access_log combined - -# -# ServerTokens -# This directive configures what you return as the Server HTTP response -# Header. The default is 'Full' which sends information about the OS-Type -# and compiled in modules. -# Set to one of: Full | OS | Minor | Minimal | Major | Prod -# where Full conveys the most information, and Prod the least. -# -ServerTokens Prod - -# -# Optionally add a line containing the server version and virtual host -# name to server-generated pages (internal error documents, FTP directory -# listings, mod_status and mod_info output etc., but not CGI generated -# documents or custom error documents). -# Set to "EMail" to also include a mailto: link to the ServerAdmin. -# Set to one of: On | Off | EMail -# -ServerSignature Off - -# -# Aliases: Add here as many aliases as you need (with no limit). The format is -# Alias fakename realname -# -# Note that if you include a trailing / on fakename then the server will -# require it to be present in the URL. So "/icons" isn't aliased in this -# example, only "/icons/". If the fakename is slash-terminated, then the -# realname must also be slash terminated, and if the fakename omits the -# trailing slash, the realname must also omit it. -# -# We include the /icons/ alias for FancyIndexed directory listings. If you -# do not use FancyIndexing, you may comment this out. -# -Alias /icons/ "[SERVER_ROOT]/icons/" - -<Directory "[SERVER_ROOT]/icons"> - Options Indexes MultiViews - AllowOverride None - Order allow,deny - Allow from all -</Directory> - -# -# This should be changed to the ServerRoot/manual/. The alias provides -# the manual, even if you choose to move your DocumentRoot. You may comment -# this out if you do not care for the documentation. -# -AliasMatch ^/manual(?:/(?:de|en|es|fr|ja|ko|ru))?(/.*)?$ "[SERVER_ROOT]/manual$1" - -<Directory "[SERVER_ROOT]/manual"> - Options Indexes - AllowOverride None - Order allow,deny - Allow from all - - <Files *.html> - SetHandler type-map - </Files> - - SetEnvIf Request_URI ^/manual/(de|en|es|fr|ja|ko|ru)/ prefer-language=$1 - RedirectMatch 301 ^/manual(?:/(de|en|es|fr|ja|ko|ru)){2,}(/.*)?$ /manual/$1$2 -</Directory> - -# -# ScriptAlias: This controls which directories contain server scripts. -# ScriptAliases are essentially the same as Aliases, except that -# documents in the realname directory are treated as applications and -# run by the server when requested rather than as documents sent to the client. -# The same rules about trailing "/" apply to ScriptAlias directives as to -# Alias. -# -ScriptAlias /cgi-bin/ "[SERVER_ROOT]/cgi-bin/" - -<IfModule mod_cgid.c> -# -# Additional to mod_cgid.c settings, mod_cgid has Scriptsock <path> -# for setting UNIX socket for communicating with cgid. -# -#Scriptsock logs/cgisock -</IfModule> - -# -# "[SERVER_ROOT]/cgi-bin" should be changed to whatever your ScriptAliased -# CGI directory exists, if you have that configured. -# -<Directory "[SERVER_ROOT]/cgi-bin"> - AllowOverride None - Options ExecCGI - Order allow,deny - Allow from all -</Directory> - -# -# Redirect allows you to tell clients about documents which used to exist in -# your server's namespace, but do not anymore. This allows you to tell the -# clients where to look for the relocated document. -# Example: -# Redirect permanent /foo http://www.example.com/bar - -# -# Directives controlling the display of server-generated directory listings. -# - -# -# IndexOptions: Controls the appearance of server-generated directory -# listings. -# -IndexOptions FancyIndexing VersionSort - -# -# AddIcon* directives tell the server which icon to show for different -# files or filename extensions. These are only displayed for -# FancyIndexed directories. -# -AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip - -AddIconByType (TXT,/icons/text.gif) text/* -AddIconByType (IMG,/icons/image2.gif) image/* -AddIconByType (SND,/icons/sound2.gif) audio/* -AddIconByType (VID,/icons/movie.gif) video/* - -AddIcon /icons/binary.gif .bin .exe -AddIcon /icons/binhex.gif .hqx -AddIcon /icons/tar.gif .tar -AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv -AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip -AddIcon /icons/a.gif .ps .ai .eps -AddIcon /icons/layout.gif .html .shtml .htm .pdf -AddIcon /icons/text.gif .txt -AddIcon /icons/c.gif .c -AddIcon /icons/p.gif .pl .py -AddIcon /icons/f.gif .for -AddIcon /icons/dvi.gif .dvi -AddIcon /icons/uuencoded.gif .uu -AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl -AddIcon /icons/tex.gif .tex -AddIcon /icons/bomb.gif core - -AddIcon /icons/back.gif .. -AddIcon /icons/hand.right.gif README -AddIcon /icons/folder.gif ^^DIRECTORY^^ -AddIcon /icons/blank.gif ^^BLANKICON^^ - -# -# DefaultIcon is which icon to show for files which do not have an icon -# explicitly set. -# -DefaultIcon /icons/unknown.gif - -# -# AddDescription allows you to place a short description after a file in -# server-generated indexes. These are only displayed for FancyIndexed -# directories. -# Format: AddDescription "description" filename -# -#AddDescription "GZIP compressed document" .gz -#AddDescription "tar archive" .tar -#AddDescription "GZIP compressed tar archive" .tgz - -# -# ReadmeName is the name of the README file the server will look for by -# default, and append to directory listings. -# -# HeaderName is the name of a file which should be prepended to -# directory indexes. -ReadmeName README.html -HeaderName HEADER.html - -# -# IndexIgnore is a set of filenames which directory indexing should ignore -# and not include in the listing. Shell-style wildcarding is permitted. -# -IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t - -# -# DefaultLanguage and AddLanguage allows you to specify the language of -# a document. You can then use content negotiation to give a browser a -# file in a language the user can understand. -# -# Specify a default language. This means that all data -# going out without a specific language tag (see below) will -# be marked with this one. You probably do NOT want to set -# this unless you are sure it is correct for all cases. -# -# * It is generally better to not mark a page as -# * being a certain language than marking it with the wrong -# * language! -# -# DefaultLanguage nl -# -# Note 1: The suffix does not have to be the same as the language -# keyword --- those with documents in Polish (whose net-standard -# language code is pl) may wish to use "AddLanguage pl .po" to -# avoid the ambiguity with the common suffix for perl scripts. -# -# Note 2: The example entries below illustrate that in some cases -# the two character 'Language' abbreviation is not identical to -# the two character 'Country' code for its country, -# E.g. 'Danmark/dk' versus 'Danish/da'. -# -# Note 3: In the case of 'ltz' we violate the RFC by using a three char -# specifier. There is 'work in progress' to fix this and get -# the reference data for rfc1766 cleaned up. -# -# Catalan (ca) - Croatian (hr) - Czech (cs) - Danish (da) - Dutch (nl) -# English (en) - Esperanto (eo) - Estonian (et) - French (fr) - German (de) -# Greek-Modern (el) - Hebrew (he) - Italian (it) - Japanese (ja) -# Korean (ko) - Luxembourgeois* (ltz) - Norwegian Nynorsk (nn) -# Norwegian (no) - Polish (pl) - Portugese (pt) -# Brazilian Portuguese (pt-BR) - Russian (ru) - Swedish (sv) -# Simplified Chinese (zh-CN) - Spanish (es) - Traditional Chinese (zh-TW) -# -AddLanguage ca .ca -AddLanguage cs .cz .cs -AddLanguage da .dk -AddLanguage de .de -AddLanguage el .el -AddLanguage en .en -AddLanguage eo .eo -AddLanguage es .es -AddLanguage et .et -AddLanguage fr .fr -AddLanguage he .he -AddLanguage hr .hr -AddLanguage it .it -AddLanguage ja .ja -AddLanguage ko .ko -AddLanguage ltz .ltz -AddLanguage nl .nl -AddLanguage nn .nn -AddLanguage no .no -AddLanguage pl .po -AddLanguage pt .pt -AddLanguage pt-BR .pt-br -AddLanguage ru .ru -AddLanguage sv .sv -AddLanguage zh-CN .zh-cn -AddLanguage zh-TW .zh-tw - -# -# LanguagePriority allows you to give precedence to some languages -# in case of a tie during content negotiation. -# -# Just list the languages in decreasing order of preference. We have -# more or less alphabetized them here. You probably want to change this. -# -LanguagePriority en ca cs da de el eo es et fr he hr it ja ko ltz nl nn no pl pt pt-BR ru sv zh-CN zh-TW - -# -# ForceLanguagePriority allows you to serve a result page rather than -# MULTIPLE CHOICES (Prefer) [in case of a tie] or NOT ACCEPTABLE (Fallback) -# [in case no accepted languages matched the available variants] -# -ForceLanguagePriority Prefer Fallback - -# -# Commonly used filename extensions to character sets. You probably -# want to avoid clashes with the language extensions, unless you -# are good at carefully testing your setup after each change. -# See http://www.iana.org/assignments/character-sets for the -# official list of charset names and their respective RFCs. -# -AddCharset ISO-8859-1 .iso8859-1 .latin1 -AddCharset ISO-8859-2 .iso8859-2 .latin2 .cen -AddCharset ISO-8859-3 .iso8859-3 .latin3 -AddCharset ISO-8859-4 .iso8859-4 .latin4 -AddCharset ISO-8859-5 .iso8859-5 .latin5 .cyr .iso-ru -AddCharset ISO-8859-6 .iso8859-6 .latin6 .arb -AddCharset ISO-8859-7 .iso8859-7 .latin7 .grk -AddCharset ISO-8859-8 .iso8859-8 .latin8 .heb -AddCharset ISO-8859-9 .iso8859-9 .latin9 .trk -AddCharset ISO-2022-JP .iso2022-jp .jis -AddCharset ISO-2022-KR .iso2022-kr .kis -AddCharset ISO-2022-CN .iso2022-cn .cis -AddCharset Big5 .Big5 .big5 -# For russian, more than one charset is used (depends on client, mostly): -AddCharset WINDOWS-1251 .cp-1251 .win-1251 -AddCharset CP866 .cp866 -AddCharset KOI8-r .koi8-r .koi8-ru -AddCharset KOI8-ru .koi8-uk .ua -AddCharset ISO-10646-UCS-2 .ucs2 -AddCharset ISO-10646-UCS-4 .ucs4 -AddCharset UTF-8 .utf8 - -# The set below does not map to a specific (iso) standard -# but works on a fairly wide range of browsers. Note that -# capitalization actually matters (it should not, but it -# does for some browsers). -# -# See http://www.iana.org/assignments/character-sets -# for a list of sorts. But browsers support few. -# -AddCharset GB2312 .gb2312 .gb -AddCharset utf-7 .utf7 -AddCharset utf-8 .utf8 -AddCharset big5 .big5 .b5 -AddCharset EUC-TW .euc-tw -AddCharset EUC-JP .euc-jp -AddCharset EUC-KR .euc-kr -AddCharset shift_jis .sjis - -# -# AddType allows you to add to or override the MIME configuration -# file mime.types for specific file types. -# -#AddType application/x-tar .tgz -# -# AddEncoding allows you to have certain browsers uncompress -# information on the fly. Note: Not all browsers support this. -# Despite the name similarity, the following Add* directives have nothing -# to do with the FancyIndexing customization directives above. -# -#AddEncoding x-compress .Z -#AddEncoding x-gzip .gz .tgz -# -# If the AddEncoding directives above are commented-out, then you -# probably should define those extensions to indicate media types: -# -AddType application/x-compress .Z -AddType application/x-gzip .gz .tgz - -# -# AddHandler allows you to map certain file extensions to "handlers": -# actions unrelated to filetype. These can be either built into the server -# or added with the Action directive (see below) -# -# To use CGI scripts outside of ScriptAliased directories: -# (You will also need to add "ExecCGI" to the "Options" directive.) -# -AddHandler cgi-script .cgi - -# -# For files that include their own HTTP headers: -# -#AddHandler send-as-is asis - -# -# For server-parsed imagemap files: -# -#AddHandler imap-file map - -# -# For type maps (negotiated resources): -# (This is enabled by default to allow the Apache "It Worked" page -# to be distributed in multiple languages.) -# -AddHandler type-map var - -# -# Filters allow you to process content before it is sent to the client. -# -# To parse .shtml files for server-side includes (SSI): -# (You will also need to add "Includes" to the "Options" directive.) -# -#AddType text/html .shtml -#AddOutputFilter INCLUDES .shtml - -# -# Action lets you define media types that will execute a script whenever -# a matching file is called. This eliminates the need for repeated URL -# pathnames for oft-used CGI file processors. -# Format: Action media/type /cgi-script/location -# Format: Action handler-name /cgi-script/location -# - -# -# Customizable error responses come in three flavors: -# 1) plain text 2) local redirects 3) external redirects -# -# Some examples: -#ErrorDocument 500 "The server made a boo boo." -#ErrorDocument 404 /missing.html -#ErrorDocument 404 "/cgi-bin/missing_handler.pl" -#ErrorDocument 402 http://www.example.com/subscription_info.html -# - -# -# Putting this all together, we can internationalize error responses. -# -# We use Alias to redirect any /error/HTTP_<error>.html.var response to -# our collection of by-error message multi-language collections. We use -# includes to substitute the appropriate text. -# -# You can modify the messages' appearance without changing any of the -# default HTTP_<error>.html.var files by adding the line: -# -# Alias /error/include/ "/your/include/path/" -# -# which allows you to create your own set of files by starting with the -# /export/apache/error/include/ files and copying them to /your/include/path/, -# even on a per-VirtualHost basis. The default include files will display -# your Apache version number and your ServerAdmin email address regardless -# of the setting of ServerSignature. -# -# The internationalized error documents require mod_alias, mod_include -# and mod_negotiation. To activate them, uncomment the following 30 lines. - -# Alias /error/ "/export/apache/error/" -# -# <Directory "/export/apache/error"> -# AllowOverride None -# Options IncludesNoExec -# AddOutputFilter Includes html -# AddHandler type-map var -# Order allow,deny -# Allow from all -# LanguagePriority en cs de es fr it ja ko nl pl pt-br ro sv tr -# ForceLanguagePriority Prefer Fallback -# </Directory> -# -# ErrorDocument 400 /error/HTTP_BAD_REQUEST.html.var -# ErrorDocument 401 /error/HTTP_UNAUTHORIZED.html.var -# ErrorDocument 403 /error/HTTP_FORBIDDEN.html.var -# ErrorDocument 404 /error/HTTP_NOT_FOUND.html.var -# ErrorDocument 405 /error/HTTP_METHOD_NOT_ALLOWED.html.var -# ErrorDocument 408 /error/HTTP_REQUEST_TIME_OUT.html.var -# ErrorDocument 410 /error/HTTP_GONE.html.var -# ErrorDocument 411 /error/HTTP_LENGTH_REQUIRED.html.var -# ErrorDocument 412 /error/HTTP_PRECONDITION_FAILED.html.var -# ErrorDocument 413 /error/HTTP_REQUEST_ENTITY_TOO_LARGE.html.var -# ErrorDocument 414 /error/HTTP_REQUEST_URI_TOO_LARGE.html.var -# ErrorDocument 415 /error/HTTP_UNSUPPORTED_MEDIA_TYPE.html.var -# ErrorDocument 500 /error/HTTP_INTERNAL_SERVER_ERROR.html.var -# ErrorDocument 501 /error/HTTP_NOT_IMPLEMENTED.html.var -# ErrorDocument 502 /error/HTTP_BAD_GATEWAY.html.var -# ErrorDocument 503 /error/HTTP_SERVICE_UNAVAILABLE.html.var -# ErrorDocument 506 /error/HTTP_VARIANT_ALSO_VARIES.html.var -#[ErrorDocument_404] -#[ErrorDocument_500] - - -# -# The following directives modify normal HTTP response behavior to -# handle known problems with browser implementations. -# -BrowserMatch "Mozilla/2" nokeepalive -BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0 -BrowserMatch "RealPlayer 4\.0" force-response-1.0 -BrowserMatch "Java/1\.0" force-response-1.0 -BrowserMatch "JDK/1\.0" force-response-1.0 - -# -# The following directive disables redirects on non-GET requests for -# a directory that does not include the trailing slash. This fixes a -# problem with Microsoft WebFolders which does not appropriately handle -# redirects for folders with DAV methods. -# Same deal with Apple's DAV filesystem and Gnome VFS support for DAV. -# -BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully -BrowserMatch "^WebDrive" redirect-carefully -BrowserMatch "^WebDAVFS/1.[012]" redirect-carefully -BrowserMatch "^gnome-vfs" redirect-carefully - -# -# Allow server status reports generated by mod_status, -# with the URL of http://servername/server-status -# Change the ".example.com" to match your domain to enable. -# -#<Location /server-status> -# SetHandler server-status -# Order deny,allow -# Deny from all -# Allow from .example.com -#</Location> - -# -# Allow remote server configuration reports, with the URL of -# http://servername/server-info (requires that mod_info.c be loaded). -# Change the ".example.com" to match your domain to enable. -# -#<Location /server-info> -# SetHandler server-info -# Order deny,allow -# Deny from all -# Allow from .example.com -#</Location> - - -# -# Bring in additional module-specific configurations -# -#<IfModule mod_ssl.c> -# Include conf/ssl.conf -#</IfModule> -Include [SERVER_ROOT]/conf/nss.conf - -### Section 3: Virtual Hosts -# -# VirtualHost: If you want to maintain multiple domains/hostnames on your -# machine you can setup VirtualHost containers for them. Most configurations -# use only name-based virtual hosts so the server doesn't need to worry about -# IP addresses. This is indicated by the asterisks in the directives below. -# -# Please see the documentation at -# <URL:http://httpd.apache.org/docs-2.0/vhosts/> -# for further details before you try to setup virtual hosts. -# -# You may use the command line option '-S' to verify your virtual host -# configuration. - -# -# Use name-based virtual hosting. -# -#NameVirtualHost *:80 - -# -# VirtualHost example: -# Almost any Apache directive may go into a VirtualHost container. -# The first VirtualHost section is used for requests without a known -# server name. -# -#<VirtualHost *:80> -# ServerAdmin webmaster@dummy-host.example.com -# DocumentRoot /www/docs/dummy-host.example.com -# ServerName dummy-host.example.com -# ErrorLog logs/dummy-host.example.com-error_log -# CustomLog logs/dummy-host.example.com-access_log common -#</VirtualHost> diff --git a/pki/base/ra/apache/conf/magic b/pki/base/ra/apache/conf/magic deleted file mode 100644 index 0de73361f..000000000 --- a/pki/base/ra/apache/conf/magic +++ /dev/null @@ -1,382 +0,0 @@ -# Magic data for mod_mime_magic Apache module (originally for file(1) command) -# The module is described in /manual/mod/mod_mime_magic.html -# -# The format is 4-5 columns: -# Column #1: byte number to begin checking from, ">" indicates continuation -# Column #2: type of data to match -# Column #3: contents of data to match -# Column #4: MIME type of result -# Column #5: MIME encoding of result (optional) - -#------------------------------------------------------------------------------ -# Localstuff: file(1) magic for locally observed files -# Add any locally observed files here. - -#------------------------------------------------------------------------------ -# end local stuff -#------------------------------------------------------------------------------ - -#------------------------------------------------------------------------------ -# Java - -0 short 0xcafe ->2 short 0xbabe application/java - -#------------------------------------------------------------------------------ -# audio: file(1) magic for sound formats -# -# from Jan Nicolai Langfeldt <janl@ifi.uio.no>, -# - -# Sun/NeXT audio data -0 string .snd ->12 belong 1 audio/basic ->12 belong 2 audio/basic ->12 belong 3 audio/basic ->12 belong 4 audio/basic ->12 belong 5 audio/basic ->12 belong 6 audio/basic ->12 belong 7 audio/basic - ->12 belong 23 audio/x-adpcm - -# DEC systems (e.g. DECstation 5000) use a variant of the Sun/NeXT format -# that uses little-endian encoding and has a different magic number -# (0x0064732E in little-endian encoding). -0 lelong 0x0064732E ->12 lelong 1 audio/x-dec-basic ->12 lelong 2 audio/x-dec-basic ->12 lelong 3 audio/x-dec-basic ->12 lelong 4 audio/x-dec-basic ->12 lelong 5 audio/x-dec-basic ->12 lelong 6 audio/x-dec-basic ->12 lelong 7 audio/x-dec-basic -# compressed (G.721 ADPCM) ->12 lelong 23 audio/x-dec-adpcm - -# Bytes 0-3 of AIFF, AIFF-C, & 8SVX audio files are "FORM" -# AIFF audio data -8 string AIFF audio/x-aiff -# AIFF-C audio data -8 string AIFC audio/x-aiff -# IFF/8SVX audio data -8 string 8SVX audio/x-aiff - -# Creative Labs AUDIO stuff -# Standard MIDI data -0 string MThd audio/unknown -#>9 byte >0 (format %d) -#>11 byte >1 using %d channels -# Creative Music (CMF) data -0 string CTMF audio/unknown -# SoundBlaster instrument data -0 string SBI audio/unknown -# Creative Labs voice data -0 string Creative\ Voice\ File audio/unknown -## is this next line right? it came this way... -#>19 byte 0x1A -#>23 byte >0 - version %d -#>22 byte >0 \b.%d - -# [GRR 950115: is this also Creative Labs? Guessing that first line -# should be string instead of unknown-endian long...] -#0 long 0x4e54524b MultiTrack sound data -#0 string NTRK MultiTrack sound data -#>4 long x - version %ld - -# Microsoft WAVE format (*.wav) -# [GRR 950115: probably all of the shorts and longs should be leshort/lelong] -# Microsoft RIFF -0 string RIFF audio/unknown -# - WAVE format ->8 string WAVE audio/x-wav -# MPEG audio. -0 beshort&0xfff0 0xfff0 audio/mpeg -# C64 SID Music files, from Linus Walleij <triad@df.lth.se> -0 string PSID audio/prs.sid - -#------------------------------------------------------------------------------ -# c-lang: file(1) magic for C programs or various scripts -# - -# XPM icons (Greg Roelofs, newt@uchicago.edu) -# ideally should go into "images", but entries below would tag XPM as C source -0 string /*\ XPM image/x-xbm 7bit - -# this first will upset you if you're a PL/1 shop... (are there any left?) -# in which case rm it; ascmagic will catch real C programs -# C or REXX program text -0 string /* text/plain -# C++ program text -0 string // text/plain - -#------------------------------------------------------------------------------ -# compress: file(1) magic for pure-compression formats (no archives) -# -# compress, gzip, pack, compact, huf, squeeze, crunch, freeze, yabba, whap, etc. -# -# Formats for various forms of compressed data -# Formats for "compress" proper have been moved into "compress.c", -# because it tries to uncompress it to figure out what's inside. - -# standard unix compress -0 string \037\235 application/octet-stream x-compress - -# gzip (GNU zip, not to be confused with [Info-ZIP/PKWARE] zip archiver) -0 string \037\213 application/octet-stream x-gzip - -# According to gzip.h, this is the correct byte order for packed data. -0 string \037\036 application/octet-stream -# -# This magic number is byte-order-independent. -# -0 short 017437 application/octet-stream - -# XXX - why *two* entries for "compacted data", one of which is -# byte-order independent, and one of which is byte-order dependent? -# -# compacted data -0 short 0x1fff application/octet-stream -0 string \377\037 application/octet-stream -# huf output -0 short 0145405 application/octet-stream - -# Squeeze and Crunch... -# These numbers were gleaned from the Unix versions of the programs to -# handle these formats. Note that I can only uncrunch, not crunch, and -# I didn't have a crunched file handy, so the crunch number is untested. -# Keith Waclena <keith@cerberus.uchicago.edu> -#0 leshort 0x76FF squeezed data (CP/M, DOS) -#0 leshort 0x76FE crunched data (CP/M, DOS) - -# Freeze -#0 string \037\237 Frozen file 2.1 -#0 string \037\236 Frozen file 1.0 (or gzip 0.5) - -# lzh? -#0 string \037\240 LZH compressed data - -#------------------------------------------------------------------------------ -# frame: file(1) magic for FrameMaker files -# -# This stuff came on a FrameMaker demo tape, most of which is -# copyright, but this file is "published" as witness the following: -# -0 string \<MakerFile application/x-frame -0 string \<MIFFile application/x-frame -0 string \<MakerDictionary application/x-frame -0 string \<MakerScreenFon application/x-frame -0 string \<MML application/x-frame -0 string \<Book application/x-frame -0 string \<Maker application/x-frame - -#------------------------------------------------------------------------------ -# html: file(1) magic for HTML (HyperText Markup Language) docs -# -# from Daniel Quinlan <quinlan@yggdrasil.com> -# and Anna Shergold <anna@inext.co.uk> -# -0 string \<!DOCTYPE\ HTML text/html -0 string \<!doctype\ html text/html -0 string \<HEAD text/html -0 string \<head text/html -0 string \<TITLE text/html -0 string \<title text/html -0 string \<html text/html -0 string \<HTML text/html -0 string \<!-- text/html -0 string \<h1 text/html -0 string \<H1 text/html - -# XML eXtensible Markup Language, from Linus Walleij <triad@df.lth.se> -0 string \<?xml text/xml - -#------------------------------------------------------------------------------ -# images: file(1) magic for image formats (see also "c-lang" for XPM bitmaps) -# -# originally from jef@helios.ee.lbl.gov (Jef Poskanzer), -# additions by janl@ifi.uio.no as well as others. Jan also suggested -# merging several one- and two-line files into here. -# -# XXX - byte order for GIF and TIFF fields? -# [GRR: TIFF allows both byte orders; GIF is probably little-endian] -# - -# [GRR: what the hell is this doing in here?] -#0 string xbtoa btoa'd file - -# PBMPLUS -# PBM file -0 string P1 image/x-portable-bitmap 7bit -# PGM file -0 string P2 image/x-portable-greymap 7bit -# PPM file -0 string P3 image/x-portable-pixmap 7bit -# PBM "rawbits" file -0 string P4 image/x-portable-bitmap -# PGM "rawbits" file -0 string P5 image/x-portable-greymap -# PPM "rawbits" file -0 string P6 image/x-portable-pixmap - -# NIFF (Navy Interchange File Format, a modification of TIFF) -# [GRR: this *must* go before TIFF] -0 string IIN1 image/x-niff - -# TIFF and friends -# TIFF file, big-endian -0 string MM image/tiff -# TIFF file, little-endian -0 string II image/tiff - -# possible GIF replacements; none yet released! -# (Greg Roelofs, newt@uchicago.edu) -# -# GRR 950115: this was mine ("Zip GIF"): -# ZIF image (GIF+deflate alpha) -0 string GIF94z image/unknown -# -# GRR 950115: this is Jeremy Wohl's Free Graphics Format (better): -# FGF image (GIF+deflate beta) -0 string FGF95a image/unknown -# -# GRR 950115: this is Thomas Boutell's Portable Bitmap Format proposal -# (best; not yet implemented): -# PBF image (deflate compression) -0 string PBF image/unknown - -# GIF -0 string GIF image/gif - -# JPEG images -0 beshort 0xffd8 image/jpeg - -# PC bitmaps (OS/2, Windoze BMP files) (Greg Roelofs, newt@uchicago.edu) -0 string BM image/bmp -#>14 byte 12 (OS/2 1.x format) -#>14 byte 64 (OS/2 2.x format) -#>14 byte 40 (Windows 3.x format) -#0 string IC icon -#0 string PI pointer -#0 string CI color icon -#0 string CP color pointer -#0 string BA bitmap array - - -#------------------------------------------------------------------------------ -# lisp: file(1) magic for lisp programs -# -# various lisp types, from Daniel Quinlan (quinlan@yggdrasil.com) -0 string ;; text/plain 8bit -# Emacs 18 - this is always correct, but not very magical. -0 string \012( application/x-elc -# Emacs 19 -0 string ;ELC\023\000\000\000 application/x-elc - -#------------------------------------------------------------------------------ -# mail.news: file(1) magic for mail and news -# -# There are tests to ascmagic.c to cope with mail and news. -0 string Relay-Version: message/rfc822 7bit -0 string #!\ rnews message/rfc822 7bit -0 string N#!\ rnews message/rfc822 7bit -0 string Forward\ to message/rfc822 7bit -0 string Pipe\ to message/rfc822 7bit -0 string Return-Path: message/rfc822 7bit -0 string Path: message/news 8bit -0 string Xref: message/news 8bit -0 string From: message/rfc822 7bit -0 string Article message/news 8bit -#------------------------------------------------------------------------------ -# msword: file(1) magic for MS Word files -# -# Contributor claims: -# Reversed-engineered MS Word magic numbers -# - -0 string \376\067\0\043 application/msword -0 string \333\245-\0\0\0 application/msword - -# disable this one because it applies also to other -# Office/OLE documents for which msword is not correct. See PR#2608. -#0 string \320\317\021\340\241\261 application/msword - - - -#------------------------------------------------------------------------------ -# printer: file(1) magic for printer-formatted files -# - -# PostScript -0 string %! application/postscript -0 string \004%! application/postscript - -# Acrobat -# (due to clamen@cs.cmu.edu) -0 string %PDF- application/pdf - -#------------------------------------------------------------------------------ -# sc: file(1) magic for "sc" spreadsheet -# -38 string Spreadsheet application/x-sc - -#------------------------------------------------------------------------------ -# tex: file(1) magic for TeX files -# -# XXX - needs byte-endian stuff (big-endian and little-endian DVI?) -# -# From <conklin@talisman.kaleida.com> - -# Although we may know the offset of certain text fields in TeX DVI -# and font files, we can't use them reliably because they are not -# zero terminated. [but we do anyway, christos] -0 string \367\002 application/x-dvi -#0 string \367\203 TeX generic font data -#0 string \367\131 TeX packed font data -#0 string \367\312 TeX virtual font data -#0 string This\ is\ TeX, TeX transcript text -#0 string This\ is\ METAFONT, METAFONT transcript text - -# There is no way to detect TeX Font Metric (*.tfm) files without -# breaking them apart and reading the data. The following patterns -# match most *.tfm files generated by METAFONT or afm2tfm. -#2 string \000\021 TeX font metric data -#2 string \000\022 TeX font metric data -#>34 string >\0 (%s) - -# Texinfo and GNU Info, from Daniel Quinlan (quinlan@yggdrasil.com) -#0 string \\input\ texinfo Texinfo source text -#0 string This\ is\ Info\ file GNU Info text - -# correct TeX magic for Linux (and maybe more) -# from Peter Tobias (tobias@server.et-inf.fho-emden.de) -# -0 leshort 0x02f7 application/x-dvi - -# RTF - Rich Text Format -0 string {\\rtf application/rtf - -#------------------------------------------------------------------------------ -# animation: file(1) magic for animation/movie formats -# -# animation formats, originally from vax@ccwf.cc.utexas.edu (VaX#n8) -# MPEG file -0 string \000\000\001\263 video/mpeg -# -# The contributor claims: -# I couldn't find a real magic number for these, however, this -# -appears- to work. Note that it might catch other files, too, -# so BE CAREFUL! -# -# Note that title and author appear in the two 20-byte chunks -# at decimal offsets 2 and 22, respectively, but they are XOR'ed with -# 255 (hex FF)! DL format SUCKS BIG ROCKS. -# -# DL file version 1 , medium format (160x100, 4 images/screen) -0 byte 1 video/unknown -0 byte 2 video/unknown -# Quicktime video, from Linus Walleij <triad@df.lth.se> -# from Apple quicktime file format documentation. -4 string moov video/quicktime -4 string mdat video/quicktime - diff --git a/pki/base/ra/apache/conf/mime.types b/pki/base/ra/apache/conf/mime.types deleted file mode 100644 index 3485692d1..000000000 --- a/pki/base/ra/apache/conf/mime.types +++ /dev/null @@ -1,592 +0,0 @@ -# This is a comment. I love comments. - -# This file controls what Internet media types are sent to the client for -# given file extension(s). Sending the correct media type to the client -# is important so they know how to handle the content of the file. -# Extra types can either be added here or by using an AddType directive -# in your config files. For more information about Internet media types, -# please read RFC 2045, 2046, 2047, 2048, and 2077. The Internet media type -# registry is at <http://www.iana.org/assignments/media-types/>. - -# MIME type Extensions -application/activemessage -application/andrew-inset ez -application/applefile -application/atom+xml atom -application/atomicmail -application/batch-smtp -application/beep+xml -application/cals-1840 -application/cnrp+xml -application/commonground -application/cpl+xml -application/cybercash -application/dca-rft -application/dec-dx -application/dvcs -application/edi-consent -application/edifact -application/edi-x12 -application/eshop -application/font-tdpfr -application/http -application/hyperstudio -application/iges -application/index -application/index.cmd -application/index.obj -application/index.response -application/index.vnd -application/iotp -application/ipp -application/isup -application/mac-binhex40 hqx -application/mac-compactpro cpt -application/macwriteii -application/marc -application/mathematica -application/mathml+xml mathml -application/msword doc -application/news-message-id -application/news-transmission -application/ocsp-request -application/ocsp-response -application/octet-stream bin dms lha lzh exe class so dll dmg -application/oda oda -application/ogg ogg -application/parityfec -application/pdf pdf -application/pgp-encrypted -application/pgp-keys -application/pgp-signature -application/pkcs10 -application/pkcs7-mime -application/pkcs7-signature -application/pkix-cert -application/pkix-crl -application/pkixcmp -application/postscript ai eps ps -application/prs.alvestrand.titrax-sheet -application/prs.cww -application/prs.nprend -application/prs.plucker -application/qsig -application/rdf+xml rdf -application/reginfo+xml -application/remote-printing -application/riscos -application/rtf -application/sdp -application/set-payment -application/set-payment-initiation -application/set-registration -application/set-registration-initiation -application/sgml -application/sgml-open-catalog -application/sieve -application/slate -application/smil smi smil -application/srgs gram -application/srgs+xml grxml -application/timestamp-query -application/timestamp-reply -application/tve-trigger -application/vemmi -application/vnd.3gpp.pic-bw-large -application/vnd.3gpp.pic-bw-small -application/vnd.3gpp.pic-bw-var -application/vnd.3gpp.sms -application/vnd.3m.post-it-notes -application/vnd.accpac.simply.aso -application/vnd.accpac.simply.imp -application/vnd.acucobol -application/vnd.acucorp -application/vnd.adobe.xfdf -application/vnd.aether.imp -application/vnd.amiga.ami -application/vnd.anser-web-certificate-issue-initiation -application/vnd.anser-web-funds-transfer-initiation -application/vnd.audiograph -application/vnd.blueice.multipass -application/vnd.bmi -application/vnd.businessobjects -application/vnd.canon-cpdl -application/vnd.canon-lips -application/vnd.cinderella -application/vnd.claymore -application/vnd.commerce-battelle -application/vnd.commonspace -application/vnd.contact.cmsg -application/vnd.cosmocaller -application/vnd.criticaltools.wbs+xml -application/vnd.ctc-posml -application/vnd.cups-postscript -application/vnd.cups-raster -application/vnd.cups-raw -application/vnd.curl -application/vnd.cybank -application/vnd.data-vision.rdz -application/vnd.dna -application/vnd.dpgraph -application/vnd.dreamfactory -application/vnd.dxr -application/vnd.ecdis-update -application/vnd.ecowin.chart -application/vnd.ecowin.filerequest -application/vnd.ecowin.fileupdate -application/vnd.ecowin.series -application/vnd.ecowin.seriesrequest -application/vnd.ecowin.seriesupdate -application/vnd.enliven -application/vnd.epson.esf -application/vnd.epson.msf -application/vnd.epson.quickanime -application/vnd.epson.salt -application/vnd.epson.ssf -application/vnd.ericsson.quickcall -application/vnd.eudora.data -application/vnd.fdf -application/vnd.ffsns -application/vnd.fints -application/vnd.flographit -application/vnd.framemaker -application/vnd.fsc.weblaunch -application/vnd.fujitsu.oasys -application/vnd.fujitsu.oasys2 -application/vnd.fujitsu.oasys3 -application/vnd.fujitsu.oasysgp -application/vnd.fujitsu.oasysprs -application/vnd.fujixerox.ddd -application/vnd.fujixerox.docuworks -application/vnd.fujixerox.docuworks.binder -application/vnd.fut-misnet -application/vnd.grafeq -application/vnd.groove-account -application/vnd.groove-help -application/vnd.groove-identity-message -application/vnd.groove-injector -application/vnd.groove-tool-message -application/vnd.groove-tool-template -application/vnd.groove-vcard -application/vnd.hbci -application/vnd.hhe.lesson-player -application/vnd.hp-hpgl -application/vnd.hp-hpid -application/vnd.hp-hps -application/vnd.hp-pcl -application/vnd.hp-pclxl -application/vnd.httphone -application/vnd.hzn-3d-crossword -application/vnd.ibm.afplinedata -application/vnd.ibm.electronic-media -application/vnd.ibm.minipay -application/vnd.ibm.modcap -application/vnd.ibm.rights-management -application/vnd.ibm.secure-container -application/vnd.informix-visionary -application/vnd.intercon.formnet -application/vnd.intertrust.digibox -application/vnd.intertrust.nncp -application/vnd.intu.qbo -application/vnd.intu.qfx -application/vnd.irepository.package+xml -application/vnd.is-xpr -application/vnd.japannet-directory-service -application/vnd.japannet-jpnstore-wakeup -application/vnd.japannet-payment-wakeup -application/vnd.japannet-registration -application/vnd.japannet-registration-wakeup -application/vnd.japannet-setstore-wakeup -application/vnd.japannet-verification -application/vnd.japannet-verification-wakeup -application/vnd.jisp -application/vnd.kde.karbon -application/vnd.kde.kchart -application/vnd.kde.kformula -application/vnd.kde.kivio -application/vnd.kde.kontour -application/vnd.kde.kpresenter -application/vnd.kde.kspread -application/vnd.kde.kword -application/vnd.kenameaapp -application/vnd.koan -application/vnd.liberty-request+xml -application/vnd.llamagraphics.life-balance.desktop -application/vnd.llamagraphics.life-balance.exchange+xml -application/vnd.lotus-1-2-3 -application/vnd.lotus-approach -application/vnd.lotus-freelance -application/vnd.lotus-notes -application/vnd.lotus-organizer -application/vnd.lotus-screencam -application/vnd.lotus-wordpro -application/vnd.mcd -application/vnd.mediastation.cdkey -application/vnd.meridian-slingshot -application/vnd.micrografx.flo -application/vnd.micrografx.igx -application/vnd.mif mif -application/vnd.minisoft-hp3000-save -application/vnd.mitsubishi.misty-guard.trustweb -application/vnd.mobius.daf -application/vnd.mobius.dis -application/vnd.mobius.mbk -application/vnd.mobius.mqy -application/vnd.mobius.msl -application/vnd.mobius.plc -application/vnd.mobius.txf -application/vnd.mophun.application -application/vnd.mophun.certificate -application/vnd.motorola.flexsuite -application/vnd.motorola.flexsuite.adsi -application/vnd.motorola.flexsuite.fis -application/vnd.motorola.flexsuite.gotap -application/vnd.motorola.flexsuite.kmr -application/vnd.motorola.flexsuite.ttc -application/vnd.motorola.flexsuite.wem -application/vnd.mozilla.xul+xml xul -application/vnd.ms-artgalry -application/vnd.ms-asf -application/vnd.ms-excel xls -application/vnd.ms-lrm -application/vnd.ms-powerpoint ppt -application/vnd.ms-project -application/vnd.ms-tnef -application/vnd.ms-works -application/vnd.ms-wpl -application/vnd.mseq -application/vnd.msign -application/vnd.music-niff -application/vnd.musician -application/vnd.netfpx -application/vnd.noblenet-directory -application/vnd.noblenet-sealer -application/vnd.noblenet-web -application/vnd.novadigm.edm -application/vnd.novadigm.edx -application/vnd.novadigm.ext -application/vnd.obn -application/vnd.osa.netdeploy -application/vnd.palm -application/vnd.pg.format -application/vnd.pg.osasli -application/vnd.powerbuilder6 -application/vnd.powerbuilder6-s -application/vnd.powerbuilder7 -application/vnd.powerbuilder7-s -application/vnd.powerbuilder75 -application/vnd.powerbuilder75-s -application/vnd.previewsystems.box -application/vnd.publishare-delta-tree -application/vnd.pvi.ptid1 -application/vnd.pwg-multiplexed -application/vnd.pwg-xhtml-print+xml -application/vnd.quark.quarkxpress -application/vnd.rapid -application/vnd.s3sms -application/vnd.sealed.net -application/vnd.seemail -application/vnd.shana.informed.formdata -application/vnd.shana.informed.formtemplate -application/vnd.shana.informed.interchange -application/vnd.shana.informed.package -application/vnd.smaf -application/vnd.sss-cod -application/vnd.sss-dtf -application/vnd.sss-ntf -application/vnd.street-stream -application/vnd.svd -application/vnd.swiftview-ics -application/vnd.triscape.mxs -application/vnd.trueapp -application/vnd.truedoc -application/vnd.ufdl -application/vnd.uplanet.alert -application/vnd.uplanet.alert-wbxml -application/vnd.uplanet.bearer-choice -application/vnd.uplanet.bearer-choice-wbxml -application/vnd.uplanet.cacheop -application/vnd.uplanet.cacheop-wbxml -application/vnd.uplanet.channel -application/vnd.uplanet.channel-wbxml -application/vnd.uplanet.list -application/vnd.uplanet.list-wbxml -application/vnd.uplanet.listcmd -application/vnd.uplanet.listcmd-wbxml -application/vnd.uplanet.signal -application/vnd.vcx -application/vnd.vectorworks -application/vnd.vidsoft.vidconference -application/vnd.visio -application/vnd.visionary -application/vnd.vividence.scriptfile -application/vnd.vsf -application/vnd.wap.sic -application/vnd.wap.slc -application/vnd.wap.wbxml wbxml -application/vnd.wap.wmlc wmlc -application/vnd.wap.wmlscriptc wmlsc -application/vnd.webturbo -application/vnd.wrq-hp3000-labelled -application/vnd.wt.stf -application/vnd.wv.csp+wbxml -application/vnd.xara -application/vnd.xfdl -application/vnd.yamaha.hv-dic -application/vnd.yamaha.hv-script -application/vnd.yamaha.hv-voice -application/vnd.yellowriver-custom-menu -application/voicexml+xml vxml -application/watcherinfo+xml -application/whoispp-query -application/whoispp-response -application/wita -application/wordperfect5.1 -application/x-bcpio bcpio -application/x-cdlink vcd -application/x-chess-pgn pgn -application/x-compress -application/x-cpio cpio -application/x-csh csh -application/x-director dcr dir dxr -application/x-dvi dvi -application/x-futuresplash spl -application/x-gtar gtar -application/x-gzip -application/x-hdf hdf -application/x-javascript js -application/x-koan skp skd skt skm -application/x-latex latex -application/x-netcdf nc cdf -application/x-sh sh -application/x-shar shar -application/x-shockwave-flash swf -application/x-stuffit sit -application/x-sv4cpio sv4cpio -application/x-sv4crc sv4crc -application/x-tar tar -application/x-tcl tcl -application/x-tex tex -application/x-texinfo texinfo texi -application/x-troff t tr roff -application/x-troff-man man -application/x-troff-me me -application/x-troff-ms ms -application/x-ustar ustar -application/x-wais-source src -application/x400-bp -application/xhtml+xml xhtml xht -application/xslt+xml xslt -application/xml xml xsl -application/xml-dtd dtd -application/xml-external-parsed-entity -application/zip zip -audio/32kadpcm -audio/amr -audio/amr-wb -audio/basic au snd -audio/cn -audio/dat12 -audio/dsr-es201108 -audio/dvi4 -audio/evrc -audio/evrc0 -audio/g722 -audio/g.722.1 -audio/g723 -audio/g726-16 -audio/g726-24 -audio/g726-32 -audio/g726-40 -audio/g728 -audio/g729 -audio/g729D -audio/g729E -audio/gsm -audio/gsm-efr -audio/l8 -audio/l16 -audio/l20 -audio/l24 -audio/lpc -audio/midi mid midi kar -audio/mpa -audio/mpa-robust -audio/mp4a-latm -audio/mpeg mpga mp2 mp3 -audio/parityfec -audio/pcma -audio/pcmu -audio/prs.sid -audio/qcelp -audio/red -audio/smv -audio/smv0 -audio/telephone-event -audio/tone -audio/vdvi -audio/vnd.3gpp.iufp -audio/vnd.cisco.nse -audio/vnd.cns.anp1 -audio/vnd.cns.inf1 -audio/vnd.digital-winds -audio/vnd.everad.plj -audio/vnd.lucent.voice -audio/vnd.nortel.vbk -audio/vnd.nuera.ecelp4800 -audio/vnd.nuera.ecelp7470 -audio/vnd.nuera.ecelp9600 -audio/vnd.octel.sbc -audio/vnd.qcelp -audio/vnd.rhetorex.32kadpcm -audio/vnd.vmx.cvsd -audio/x-aiff aif aiff aifc -audio/x-alaw-basic -audio/x-mpegurl m3u -audio/x-pn-realaudio ram ra -audio/x-pn-realaudio-plugin -application/vnd.rn-realmedia rm -audio/x-wav wav -chemical/x-pdb pdb -chemical/x-xyz xyz -image/bmp bmp -image/cgm cgm -image/g3fax -image/gif gif -image/ief ief -image/jpeg jpeg jpg jpe -image/naplps -image/png png -image/prs.btif -image/prs.pti -image/svg+xml svg -image/t38 -image/tiff tiff tif -image/tiff-fx -image/vnd.cns.inf2 -image/vnd.djvu djvu djv -image/vnd.dwg -image/vnd.dxf -image/vnd.fastbidsheet -image/vnd.fpx -image/vnd.fst -image/vnd.fujixerox.edmics-mmr -image/vnd.fujixerox.edmics-rlc -image/vnd.globalgraphics.pgb -image/vnd.mix -image/vnd.ms-modi -image/vnd.net-fpx -image/vnd.svf -image/vnd.wap.wbmp wbmp -image/vnd.xiff -image/x-cmu-raster ras -image/x-icon ico -image/x-portable-anymap pnm -image/x-portable-bitmap pbm -image/x-portable-graymap pgm -image/x-portable-pixmap ppm -image/x-rgb rgb -image/x-xbitmap xbm -image/x-xpixmap xpm -image/x-xwindowdump xwd -message/delivery-status -message/disposition-notification -message/external-body -message/http -message/news -message/partial -message/rfc822 -message/s-http -message/sip -message/sipfrag -model/iges igs iges -model/mesh msh mesh silo -model/vnd.dwf -model/vnd.flatland.3dml -model/vnd.gdl -model/vnd.gs-gdl -model/vnd.gtw -model/vnd.mts -model/vnd.parasolid.transmit.binary -model/vnd.parasolid.transmit.text -model/vnd.vtu -model/vrml wrl vrml -multipart/alternative -multipart/appledouble -multipart/byteranges -multipart/digest -multipart/encrypted -multipart/form-data -multipart/header-set -multipart/mixed -multipart/parallel -multipart/related -multipart/report -multipart/signed -multipart/voice-message -text/calendar ics ifb -text/css css -text/directory -text/enriched -text/html html htm -text/parityfec -text/plain asc txt -text/prs.lines.tag -text/rfc822-headers -text/richtext rtx -text/rtf rtf -text/sgml sgml sgm -text/t140 -text/tab-separated-values tsv -text/uri-list -text/vnd.abc -text/vnd.curl -text/vnd.dmclientscript -text/vnd.fly -text/vnd.fmi.flexstor -text/vnd.in3d.3dml -text/vnd.in3d.spot -text/vnd.iptc.nitf -text/vnd.iptc.newsml -text/vnd.latex-z -text/vnd.motorola.reflex -text/vnd.ms-mediapackage -text/vnd.net2phone.commcenter.command -text/vnd.sun.j2me.app-descriptor -text/vnd.wap.si -text/vnd.wap.sl -text/vnd.wap.wml wml -text/vnd.wap.wmlscript wmls -text/x-setext etx -text/xml -text/xml-external-parsed-entity -video/bmpeg -video/bt656 -video/celb -video/dv -video/h261 -video/h263 -video/h263-1998 -video/h263-2000 -video/jpeg -video/mp1s -video/mp2p -video/mp2t -video/mp4v-es -video/mpv -video/mpeg mpeg mpg mpe -video/nv -video/parityfec -video/pointer -video/quicktime qt mov -video/smpte292m -video/vnd.fvt -video/vnd.motorola.video -video/vnd.motorola.videop -video/vnd.mpegurl mxu m4u -video/vnd.nokia.interleaved-multimedia -video/vnd.objectvideo -video/vnd.vivo -video/x-msvideo avi -video/x-sgi-movie movie -x-conference/x-cooltalk ice diff --git a/pki/base/ra/apache/conf/nss.conf b/pki/base/ra/apache/conf/nss.conf deleted file mode 100644 index a3e0621ab..000000000 --- a/pki/base/ra/apache/conf/nss.conf +++ /dev/null @@ -1,267 +0,0 @@ -# -# This is the Apache server configuration file providing SSL support using. -# the mod_nss plugin. It contains the configuration directives to instruct -# the server how to serve pages over an https connection. -# -# Do NOT simply read the instructions in here without understanding -# what they do. They're here only as hints or reminders. If you are unsure -# consult the online docs. You have been warned. -# - -# -# When we also provide SSL we have to listen to the -# standard HTTP port (see above) and to the HTTPS port -# -# Note: Configurations that use IPv6 but not IPv4-mapped addresses need two -# Listen directives: "Listen [::]:443" and "Listen 0.0.0.0:443" -# -Listen [SECURE_PORT] - -Listen [NON_CLIENTAUTH_SECURE_PORT] - -## -## SSL Global Context -## -## All SSL configuration in this context applies both to -## the main server and all SSL-enabled virtual hosts. -## - -# -# Some MIME-types for downloading Certificates and CRLs -# -AddType application/x-x509-ca-cert .crt -AddType application/x-pkcs7-crl .crl - -# Pass Phrase Dialog: -# Configure the pass phrase gathering process. -# The filtering dialog program (`builtin' is a internal -# terminal dialog) has to provide the pass phrase on stdout. -#NSSPassPhraseDialog builtin -NSSPassPhraseDialog defer:[SERVER_ROOT]/conf/password.conf - - -# Pass Phrase Helper: -# This helper program stores the token password pins between -# restarts of Apache. -NSSPassPhraseHelper /usr/share/pki/ra/scripts/nss_pcache - -# Configure the SSL Session Cache. -# SSLSessionCacheSize is the number of entries in the cache. -# SSLSessionCacheTimeout is the SSL2 session timeout (in seconds). -# SSL3SessionCacheTimeout is the SSL3/TLS session timeout (in seconds). -NSSSessionCacheSize 10000 -NSSSessionCacheTimeout 100 -NSSSession3CacheTimeout 86400 - -## -## SSL Virtual Host Context -## - -<VirtualHost _default_:[SECURE_PORT]> - -# General setup for the virtual host -#DocumentRoot "/htdocs" -#ServerName [Server_Name]:[Secure_Port] -#ServerAdmin you@example.com - -# Configure OCSP checking of client certs - -#NSSOCSP on -#NSSOCSPDefaultResponder on - -# URL of the ocsp service -# -# Example of the built in ocsp service of the CS CA -# -#NSSOCSPDefaultURL http://localhost:9180/ca/ocsp - -# Nickname of ocsp signing cert -# -# Below is sufficient if using built in CS CA ocsp service -# If using outboard ocsp, make sure the cert listed below -# is imported into the local cert database. -# -#NSSOCSPDefaultName caCert - -# mod_ssl logs to separate log files, you can choose to do that if you'd like -ErrorLog [SERVER_ROOT]/logs/error_log -TransferLog [SERVER_ROOT]/logs/access_log - -# SSL Engine Switch: -# Enable/Disable SSL for this virtual host. -NSSEngine on - -# SSL Cipher Suite: -# List the ciphers that the client is permitted to negotiate. -# See the mod_nss documentation for a complete list. -NSSCipherSuite -des,-desede3,-rc2,-rc2export,-rc4,-rc4export,+rsa_3des_sha,-rsa_des_56_sha,+rsa_des_sha,-rsa_null_md5,-rsa_null_sha,-rsa_rc2_40_md5,+rsa_rc4_128_md5,-rsa_rc4_128_sha,-rsa_rc4_40_md5,-rsa_rc4_56_sha,-fortezza,-fortezza_rc4_128_sha,-fortezza_null,-fips_des_sha,+fips_3des_sha,-rsa_aes_128_sha,-rsa_aes_256_sha,+ecdhe_ecdsa_aes_256_sha - -NSSProtocol SSLv3,TLSv1 - -# SSL Certificate Nickname: -# The nickname of the server certificate you are going to use. -NSSNickname "Server-Cert cert-[PKI_INSTANCE_ID]" - -# Server Certificate Database: -# The NSS security database directory that holds the certificates and -# keys. The database consists of 3 files: cert8.db, key3.db and secmod.db. -# Provide the directory that these files exist. -NSSCertificateDatabase [SERVER_ROOT]/alias - -# Client Authentication (Type): -# Client certificate verification type. Types are none, optional and -# require. -NSSVerifyClient require - -# Access Control: -# With SSLRequire you can do per-directory access control based -# on arbitrary complex boolean expressions containing server -# variable checks and other lookup directives. The syntax is a -# mixture between C and Perl. See the mod_nss documentation -# for more details. -#<Location /> -#SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \ -# and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \ -# and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \ -# and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \ -# and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \ -# or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/ -#</Location> - -# SSL Engine Options: -# Set various options for the SSL engine. -# o FakeBasicAuth: -# Translate the client X.509 into a Basic Authorisation. This means that -# the standard Auth/DBMAuth methods can be used for access control. The -# user name is the `one line' version of the client's X.509 certificate. -# Note that no password is obtained from the user. Every entry in the user -# file needs this password: `xxj31ZMTZzkVA'. -# o ExportCertData: -# This exports two additional environment variables: SSL_CLIENT_CERT and -# SSL_SERVER_CERT. These contain the PEM-encoded certificates of the -# server (always existing) and the client (only existing when client -# authentication is used). This can be used to import the certificates -# into CGI scripts. -# o StdEnvVars: -# This exports the standard SSL/TLS related `SSL_*' environment variables. -# Per default this exportation is switched off for performance reasons, -# because the extraction step is an expensive operation and is usually -# useless for serving static content. So one usually enables the -# exportation for CGI and SSI requests only. -# o StrictRequire: -# This denies access when "SSLRequireSSL" or "SSLRequire" applied even -# under a "Satisfy any" situation, i.e. when it applies access is denied -# and no other module can change it. -# o OptRenegotiate: -# This enables optimized SSL connection renegotiation handling when SSL -# directives are used in per-directory context. -#SSLOptions +FakeBasicAuth +ExportCertData +CompatEnvVars +StrictRequire -<Files ~ "\.(cgi|shtml|phtml|php3?)$"> - NSSOptions +StdEnvVars +ExportCertData -</Files> -<Directory "/cgi-bin"> - NSSOptions +StdEnvVars -</Directory> - -# Per-Server Logging: -# The home of a custom SSL log file. Use this when you want a -# compact non-error SSL logfile on a virtual host basis. -#CustomLog [SERVER_ROOT]/logs/ssl_request_log \ -# "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" - -</VirtualHost> - -<VirtualHost _default_:[NON_CLIENTAUTH_SECURE_PORT]> - -# General setup for the virtual host -#DocumentRoot "/htdocs" -#ServerName [Server_Name]:[Non_Clientauth_Secure_Port] -#ServerAdmin you@example.com - -# mod_ssl logs to separate log files, you can choose to do that if you'd like -ErrorLog [SERVER_ROOT]/logs/error_log -TransferLog [SERVER_ROOT]/logs/access_log - -# SSL Engine Switch: -# Enable/Disable SSL for this virtual host. -NSSEngine on - -# SSL Cipher Suite: -# List the ciphers that the client is permitted to negotiate. -# See the mod_nss documentation for a complete list. -NSSCipherSuite -des,-desede3,-rc2,-rc2export,-rc4,-rc4export,+rsa_3des_sha,-rsa_des_56_sha,+rsa_des_sha,-rsa_null_md5,-rsa_null_sha,-rsa_rc2_40_md5,+rsa_rc4_128_md5,-rsa_rc4_128_sha,-rsa_rc4_40_md5,-rsa_rc4_56_sha,-fortezza,-fortezza_rc4_128_sha,-fortezza_null,-fips_des_sha,+fips_3des_sha,-rsa_aes_128_sha,-rsa_aes_256_sha,+ecdhe_ecdsa_aes_256_sha - -NSSProtocol SSLv3,TLSv1 - -# SSL Certificate Nickname: -# The nickname of the server certificate you are going to use. -NSSNickname "Server-Cert cert-[PKI_INSTANCE_ID]" - -# Server Certificate Database: -# The NSS security database directory that holds the certificates and -# keys. The database consists of 3 files: cert8.db, key3.db and secmod.db. -# Provide the directory that these files exist. -NSSCertificateDatabase [SERVER_ROOT]/alias - -# Client Authentication (Type): -# Client certificate verification type. Types are none, optional and -# require. -NSSVerifyClient none - -# Access Control: -# With SSLRequire you can do per-directory access control based -# on arbitrary complex boolean expressions containing server -# variable checks and other lookup directives. The syntax is a -# mixture between C and Perl. See the mod_nss documentation -# for more details. -#<Location /> -#SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \ -# and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \ -# and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \ -# and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \ -# and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \ -# or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/ -#</Location> - -# SSL Engine Options: -# Set various options for the SSL engine. -# o FakeBasicAuth: -# Translate the client X.509 into a Basic Authorisation. This means that -# the standard Auth/DBMAuth methods can be used for access control. The -# user name is the `one line' version of the client's X.509 certificate. -# Note that no password is obtained from the user. Every entry in the user -# file needs this password: `xxj31ZMTZzkVA'. -# o ExportCertData: -# This exports two additional environment variables: SSL_CLIENT_CERT and -# SSL_SERVER_CERT. These contain the PEM-encoded certificates of the -# server (always existing) and the client (only existing when client -# authentication is used). This can be used to import the certificates -# into CGI scripts. -# o StdEnvVars: -# This exports the standard SSL/TLS related `SSL_*' environment variables. -# Per default this exportation is switched off for performance reasons, -# because the extraction step is an expensive operation and is usually -# useless for serving static content. So one usually enables the -# exportation for CGI and SSI requests only. -# o StrictRequire: -# This denies access when "SSLRequireSSL" or "SSLRequire" applied even -# under a "Satisfy any" situation, i.e. when it applies access is denied -# and no other module can change it. -# o OptRenegotiate: -# This enables optimized SSL connection renegotiation handling when SSL -# directives are used in per-directory context. -#SSLOptions +FakeBasicAuth +ExportCertData +CompatEnvVars +StrictRequire -<Files ~ "\.(cgi|shtml|phtml|php3?)$"> - NSSOptions +StdEnvVars +ExportCertData -</Files> -<Directory "/cgi-bin"> - NSSOptions +StdEnvVars -</Directory> - -# Per-Server Logging: -# The home of a custom SSL log file. Use this when you want a -# compact non-error SSL logfile on a virtual host basis. -#CustomLog [SERVER_ROOT]/logs/ssl_request_log \ -# "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" - -</VirtualHost> diff --git a/pki/base/ra/apache/conf/perl.conf b/pki/base/ra/apache/conf/perl.conf deleted file mode 100644 index 50139cdab..000000000 --- a/pki/base/ra/apache/conf/perl.conf +++ /dev/null @@ -1,102 +0,0 @@ -# -# Mod_perl incorporates a Perl interpreter into the Apache web server, -# so that the Apache web server can directly execute Perl code. -# Mod_perl links the Perl runtime library into the Apache web server -# and provides an object-oriented Perl interface for Apache's C -# language API. The end result is a quicker CGI script turnaround -# process, since no external Perl interpreter has to be started. -# - -LoadModule perl_module [FORTITUDE_LIB_DIR]/modules/mod_perl.so - -# Uncomment this line to globally enable warnings, which will be -# written to the server's error log. Warnings should be enabled -# during the development process, but should be disabled on a -# production server as they affect performance. -# -#PerlWarn On - -# Uncomment this line to enable taint checking globally. When Perl is -# running in taint mode various checks are performed to reduce the -# risk of insecure data being passed to a subshell or being used to -# modify the filesystem. Unfortunatly many Perl modules are not -# taint-safe, so you should exercise care before enabling it on a -# production server. -# -#PerlTaintCheck On - -# This will allow execution of mod_perl to compile your scripts to -# subroutines which it will execute directly, avoiding the costly -# compile process for most requests. -# -#Alias /perl /var/www/perl -#<Directory /var/www/perl> -# SetHandler perl-script -# PerlResponseHandler ModPerl::Registry -# PerlOptions +ParseHeaders -# Options +ExecCGI -#</Directory> - -# This will allow remote server configuration reports, with the URL of -# http://servername/perl-status -# Change the ".your-domain.com" to match your domain to enable. -# -#PerlModule Apache::compat -#<Location /perl-status> -# SetHandler perl-script -# PerlResponseHandler Apache::Status -# Order deny,allow -# Deny from all -# Allow from .your-domain.com -#</Location> - -PerlModule ModPerl::Registry -PerlModule [FORTITUDE_APACHE]::compat -PerlModule PKI::RA::wizard -PerlSetEnv PKI_DOCROOT [SERVER_ROOT]/docroot -PerlSetEnv PKI_ROOT [SERVER_ROOT] -<Location /ra/admin/console/config/wizard> - SetHandler perl-script - PerlHandler PKI::RA::Wizard - Order deny,allow - Allow from all -</Location> - -<Location /ra/admin/console/config/login> - SetHandler perl-script - PerlHandler PKI::RA::Login - Order deny,allow - Allow from all -</Location> - -PerlModule ModPerl::PerlRun -Alias /ee/ [SERVER_ROOT]/docroot/ee/ -<Location /ee/ > - SetHandler perl-script - PerlHandler ModPerl::PerlRun - Options Indexes ExecCGI - PerlSendHeader On -</Location> - -Alias /agent/ [SERVER_ROOT]/docroot/agent/ -<Location /agent/ > - SetHandler perl-script - PerlHandler ModPerl::PerlRun - Options Indexes ExecCGI - PerlSendHeader On -</Location> - -Alias /admin/ [SERVER_ROOT]/docroot/admin/ -<Location /admin/ > - SetHandler perl-script - PerlHandler ModPerl::PerlRun - Options Indexes ExecCGI - PerlSendHeader On -</Location> - -<Location /index.cgi > - SetHandler perl-script - PerlHandler ModPerl::PerlRun - Options Indexes ExecCGI - PerlSendHeader On -</Location> diff --git a/pki/base/ra/doc/CMakeLists.txt b/pki/base/ra/doc/CMakeLists.txt deleted file mode 100644 index 4cebbe1c9..000000000 --- a/pki/base/ra/doc/CMakeLists.txt +++ /dev/null @@ -1,10 +0,0 @@ -set(VERSION ${APPLICATION_VERSION}) - -configure_file(${CMAKE_CURRENT_SOURCE_DIR}/CS.cfg.in ${CMAKE_CURRENT_BINARY_DIR}/CS.cfg @ONLY) - -install( - FILES - ${CMAKE_CURRENT_BINARY_DIR}/CS.cfg - DESTINATION - ${SHARE_INSTALL_PREFIX}/${APPLICATION_NAME}/${PROJECT_NAME}/conf -) diff --git a/pki/base/ra/doc/CS.cfg.in b/pki/base/ra/doc/CS.cfg.in deleted file mode 100644 index 0581e3a78..000000000 --- a/pki/base/ra/doc/CS.cfg.in +++ /dev/null @@ -1,242 +0,0 @@ -_000=## -_001=## Registration Authority (RA) Configuration File -_002=## -pidDir=[PKI_PIDDIR] -pkicreate.pki_instance_root=[PKI_INSTANCE_ROOT] -pkicreate.pki_instance_name=[PKI_INSTANCE_ID] -pkicreate.subsystem_type=[PKI_SUBSYSTEM_TYPE] -pkicreate.secure_port=[SECURE_PORT] -pkicreate.non_clientauth_secure_port=[NON_CLIENTAUTH_SECURE_PORT] -pkicreate.unsecure_port=[PORT] -pkicreate.user=[PKI_USER] -pkicreate.group=[PKI_GROUP] -pkiremove.cert.subsystem.nickname=subsystemCert cert-[PKI_INSTANCE_ID] -request._000=######################################### -request._001=# Request Queue Parameters -request._002=######################################### -agent.authorized_groups=administrators,agents -admin.authorized_groups=administrators -database.dbfile=[SERVER_ROOT]/conf/dbfile -database.lockfile=[SERVER_ROOT]/conf/dblock -request.renewal.approve_request.0.ca=ca1 -request.renewal.approve_request.0.plugin=PKI::Request::Plugin::RequestToCA -request.renewal.approve_request.0.profileId=caDualRAuserCert -request.renewal.approve_request.0.reqType=crmf -request.renewal.approve_request.1.mailTo=$created_by -request.renewal.approve_request.1.plugin=PKI::Request::Plugin::EmailNotification -request.renewal.approve_request.1.templateDir=/usr/share/pki/ra/conf -request.renewal.approve_request.1.templateFile=mail_approve_request.vm -request.renewal.approve_request.num_plugins=2 -request.renewal.reject_request.num_plugins=0 -request.renewal.create_request.0.assignTo=agents -request.renewal.create_request.0.plugin=PKI::Request::Plugin::AutoAssign -request.renewal.create_request.1.mailTo=$created_by -request.renewal.create_request.1.plugin=PKI::Request::Plugin::EmailNotification -request.renewal.create_request.1.templateDir=/usr/share/pki/ra/conf -request.renewal.create_request.1.templateFile=mail_create_request.vm -request.renewal.create_request.num_plugins=2 -request.scep.profileId=caRARouterCert -request.scep.reqType=pkcs10 -request.scep.create_request.num_plugins=2 -request.scep.create_request.0.plugin=PKI::Request::Plugin::AutoAssign -request.scep.create_request.0.assignTo=agents -request.scep.create_request.1.plugin=PKI::Request::Plugin::EmailNotification -request.scep.create_request.1.mailTo= -request.scep.create_request.1.templateDir=/usr/share/pki/ra/conf -request.scep.create_request.1.templateFile=mail_create_request.vm -request.scep.approve_request.num_plugins=1 -request.scep.approve_request.0.plugin=PKI::Request::Plugin::CreatePin -request.scep.approve_request.0.pinFormat=$site_id -request.scep.reject_request.num_plugins=0 -request.agent.profileId=caRAagentCert -request.agent.reqType=crmf -request.agent.create_request.num_plugins=2 -request.agent.create_request.0.plugin=PKI::Request::Plugin::AutoAssign -request.agent.create_request.0.assignTo=agents -request.agent.create_request.1.plugin=PKI::Request::Plugin::EmailNotification -request.agent.create_request.1.mailTo= -request.agent.create_request.1.templateDir=/usr/share/pki/ra/conf -request.agent.create_request.1.templateFile=mail_create_request.vm -request.agent.approve_request.num_plugins=1 -request.agent.approve_request.0.plugin=PKI::Request::Plugin::CreatePin -request.agent.approve_request.0.pinFormat=$uid -request.agent.reject_request.num_plugins=0 -request.user.create_request.num_plugins=2 -request.user.create_request.0.plugin=PKI::Request::Plugin::AutoAssign -request.user.create_request.0.assignTo=agents -request.user.create_request.1.plugin=PKI::Request::Plugin::EmailNotification -request.user.create_request.1.templateDir=/usr/share/pki/ra/conf -request.user.create_request.1.templateFile=mail_create_request.vm -request.user.create_request.1.mailTo= -request.user.approve_request.num_plugins=2 -request.user.approve_request.0.plugin=PKI::Request::Plugin::RequestToCA -request.user.approve_request.0.ca=ca1 -request.user.approve_request.0.profileId=caDualRAuserCert -request.user.approve_request.0.reqType=crmf -request.user.approve_request.1.plugin=PKI::Request::Plugin::EmailNotification -request.user.approve_request.1.mailTo=$created_by -request.user.approve_request.1.templateDir=/usr/share/pki/ra/conf -request.user.approve_request.1.templateFile=mail_approve_request.vm -request.user.reject_request.num_plugins=0 -request.server.create_request.num_plugins=2 -request.server.create_request.0.plugin=PKI::Request::Plugin::AutoAssign -request.server.create_request.0.assignTo=agents -request.server.create_request.1.plugin=PKI::Request::Plugin::EmailNotification -request.server.create_request.1.mailTo= -request.server.create_request.1.templateDir=/usr/share/pki/ra/conf -request.server.create_request.1.templateFile=mail_create_request.vm -request.server.approve_request.num_plugins=2 -request.server.approve_request.0.plugin=PKI::Request::Plugin::RequestToCA -request.server.approve_request.0.ca=ca1 -request.server.approve_request.0.profileId=caRAserverCert -request.server.approve_request.0.reqType=pkcs10 -request.server.approve_request.1.plugin=PKI::Request::Plugin::EmailNotification -request.server.approve_request.1.mailTo=$created_by -request.server.approve_request.1.templateDir=/usr/share/pki/ra/conf -request.server.approve_request.1.templateFile=mail_approve_request.vm -request.server.reject_request.num_plugins=0 -cs.type=RA -service.machineName=[SERVER_NAME] -service.instanceDir=[SERVER_ROOT] -service.securePort=[SECURE_PORT] -service.non_clientauth_securePort=[NON_CLIENTAUTH_SECURE_PORT] -service.unsecurePort=[PORT] -service.instanceID=[PKI_INSTANCE_ID] -logging._000=######################################### -logging._001=# RA configuration File -logging._002=# -logging._003=# All <...> must be replaced with -logging._004=# appropriate values. -logging._005=######################################### -logging._006=######################################## -logging._007=# logging -logging._008=# -logging._009=# logging.debug.enable: -logging._010=# logging.audit.enable: -logging._011=# logging.error.enable: -logging._012=# - enable or disable the corresponding logging -logging._013=# logging.debug.filename: -logging._014=# logging.audit.filename: -logging._015=# logging.error.filename: -logging._016=# - name of the log file -logging._017=# logging.debug.level: -logging._018=# logging.audit.level: -logging._019=# logging.error.level: -logging._020=# - level of logging. (0-10) -logging._021=# 0 - no logging, -logging._022=# 4 - LL_PER_SERVER these messages will occur only once -logging._023=# during the entire invocation of the -logging._024=# server, e. g. at startup or shutdown -logging._025=# time., reading the conf parameters. -logging._026=# Perhaps other infrequent events -logging._027=# relating to failing over of CA, TKS, -logging._028=# too -logging._029=# 6 - LL_PER_CONNECTION these messages happen once per -logging._030=# connection - most of the log events -logging._031=# will be at this level -logging._032=# 8 - LL_PER_PDU these messages relate to PDU -logging._033=# processing. If you have something that -logging._034=# is done for every PDU, such as -logging._035=# applying the MAC, it should be logged -logging._036=# at this level -logging._037=# 9 - LL_ALL_DATA_IN_PDU dump all the data in the PDU - a more -logging._038=# chatty version of the above -logging._039=# 10 - all logging -logging._040=######################################### -logging.debug.enable=true -logging.debug.filename=[SERVER_ROOT]/logs/ra-debug.log -logging.debug.level=7 -logging.audit.enable=true -logging.audit.filename=[SERVER_ROOT]/logs/ra-audit.log -logging.audit.level=10 -logging.error.enable=true -logging.error.filename=[SERVER_ROOT]/logs/ra-error.log -logging.error.level=10 -conn.ca1._000=######################################### -conn.ca1._001=# CA connection -conn.ca1._002=# -conn.ca1._003=# conn.ca<n>.hostport: -conn.ca1._004=# - host name and port number of your CA, format is host:port -conn.ca1._005=# conn.ca<n>.clientNickname: -conn.ca1._006=# - nickname of the client certificate for -conn.ca1._007=# authentication -conn.ca1._008=# conn.ca<n>.servlet.enrollment: -conn.ca1._009=# - servlet to contact in CA -conn.ca1._010=# - must be '/ca/ee/ca/profileSubmitSSLClient' -conn.ca1._008=# conn.ca<n>.servlet.addagent: -conn.ca1._009=# - servlet to add ra agent on CA -conn.ca1._010=# - must be '/ca/admin/ca/registerRaUser -conn.ca1._011=# conn.ca<n>.retryConnect: -conn.ca1._012=# - number of reconnection attempts on failure -conn.ca1._013=# conn.ca<n>.timeout: -conn.ca1._014=# - connection timeout -conn.ca1._015=# conn.ca<n>.SSLOn: -conn.ca1._016=# - enable SSL or not -conn.ca1._017=# conn.ca<n>.keepAlive: -conn.ca1._018=# - enable keep alive or not -conn.ca1._019=# -conn.ca1._020=# where -conn.ca1._021=# <n> - CA connection ID -conn.ca1._022=######################################### -failover.pod.enable=false -conn.ca1.hostport=[CA_HOST]:[CA_PORT] -conn.ca1.clientNickname=[HSM_LABEL][NICKNAME] -conn.ca1.servlet.enrollment=/ca/ee/ca/profileSubmitSSLClient -conn.ca1.servlet.addagent=/ca/admin/ca/registerRaUser -conn.ca1.servlet.revoke=/ca/subsystem/ca/doRevoke -conn.ca1.servlet.unrevoke=/ca/subsystem/ca/doUnrevoke -conn.ca1.retryConnect=3 -conn.ca1.timeout=100 -conn.ca1.SSLOn=true -conn.ca1.keepAlive=true -preop.pin=[PKI_RANDOM_NUMBER] -preop.product.version=@VERSION@ -preop.cert._000=######################################### -preop.cert._001=# Installation configuration "preop" certs parameters -preop.cert._002=######################################### -preop.cert.list=sslserver,subsystem -preop.cert.sslserver.enable=true -preop.cert.subsystem.enable=true -preop.cert.sslserver.defaultSigningAlgorithm=SHA256withRSA -preop.cert.sslserver.dn=CN=[SERVER_NAME], OU=[PKI_INSTANCE_ID] -preop.cert.sslserver.keysize.customsize=2048 -preop.cert.sslserver.keysize.size=2048 -preop.cert.sslserver.keysize.select=custom -preop.cert.sslserver.nickname=Server-Cert cert-[PKI_INSTANCE_ID] -preop.cert.sslserver.profile=caInternalAuthServerCert -preop.cert.sslserver.subsystem=ra -preop.cert._003=#preop.cert.sslserver.type=local -preop.cert.sslserver.userfriendlyname=SSL Server Certificate -preop.cert._004=#preop.cert.sslserver.cncomponent.override=false -preop.cert.subsystem.defaultSigningAlgorithm=SHA256withRSA -preop.cert.subsystem.dn=CN=RA Subsystem Certificate, OU=[PKI_INSTANCE_ID] -preop.cert.subsystem.keysize.customsize=2048 -preop.cert.subsystem.keysize.size=2048 -preop.cert.subsystem.keysize.select=custom -preop.cert.subsystem.nickname=subsystemCert cert-[PKI_INSTANCE_ID] -preop.cert.subsystem.profile=caInternalAuthSubsystemCert -preop.cert.subsystem.subsystem=ra -preop.cert._005=#preop.cert.subsystem.type=local -preop.cert.subsystem.userfriendlyname=Subsystem Certificate -preop.cert._006=#preop.cert.subsystem.cncomponent.override=true -preop.configModules._000=######################################### -preop.configModules._001=# Installation configuration "preop" module parameters -preop.configModules._002=######################################### -preop.configModules.count=3 -preop.configModules.module0.commonName=NSS Internal PKCS #11 Module -preop.configModules.module0.imagePath=../img/clearpixel.gif -preop.configModules.module0.userFriendlyName=NSS Internal PKCS #11 Module -preop.configModules.module1.commonName=nfast -preop.configModules.module1.imagePath=../img/clearpixel.gif -preop.configModules.module1.userFriendlyName=nCipher's nFast Token Hardware Module -preop.configModules.module2.commonName=lunasa -preop.configModules.module2.imagePath=../img/clearpixel.gif -preop.configModules.module2.userFriendlyName=SafeNet's LunaSA Token Hardware Module -preop.module.token=NSS Certificate DB -preop.keysize._000=######################################### -preop.keysize._001=# Installation configuration "preop" keysize parameters -preop.keysize._002=######################################### -preop.keysize.customsize=2048 -preop.keysize.select=default -preop.keysize.size=2048 -preop.keysize.ecc.size=256 diff --git a/pki/base/ra/emails/mail_approve_request.vm b/pki/base/ra/emails/mail_approve_request.vm deleted file mode 100644 index 461eb4d10..000000000 --- a/pki/base/ra/emails/mail_approve_request.vm +++ /dev/null @@ -1,11 +0,0 @@ -Reply-to: $mail_to -Subject: Request #$request_id approved -To: $mail_to -Content-type: text/plain\n\n -Request #$request_id has been approved -for -Subject DN: $subject_dn - -Import certificate at: -https://$machineName:$nonClientAuthSecurePort/ee/request/getcert.cgi?id=$request_id - diff --git a/pki/base/ra/emails/mail_create_request.vm b/pki/base/ra/emails/mail_create_request.vm deleted file mode 100644 index 317270efa..000000000 --- a/pki/base/ra/emails/mail_create_request.vm +++ /dev/null @@ -1,8 +0,0 @@ -Reply-to: $mail_to -Subject: New request #$request_id has been created -To: $mail_to -Content-type: text/plain\n\n -A new request has been created for you. You can access -the request by going to - -https://$machineName:$securePort/agent/request/read.cgi?id=$request_id diff --git a/pki/base/ra/etc/init.d/pki-rad b/pki/base/ra/etc/init.d/pki-rad deleted file mode 100755 index 666bf6387..000000000 --- a/pki/base/ra/etc/init.d/pki-rad +++ /dev/null @@ -1,87 +0,0 @@ -#!/bin/bash -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007-2010 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# pki-rad Startup script for the Apache HTTP pki-ra Server -# -# chkconfig: - 86 14 -# description: Registration Authority (Apache) -# processname: pki-rad -# piddir: /var/run/pki/ra -# config: ${PKI_SERVER_ROOT}/conf/httpd.conf - -PROG_NAME=`basename $0` -SERVICE_NAME="pki-rad" -SERVICE_PROG="/sbin/service" -PKI_PATH="/usr/share/pki/ra" -PKI_REGISTRY="/etc/sysconfig/pki/ra" -PKI_TYPE="pki-ra" -PKI_TOTAL_PORTS=3 - -# Avoid using 'systemctl' for now -SYSTEMCTL_SKIP_REDIRECT=1 -export SYSTEMCTL_SKIP_REDIRECT - -# Disallow 'others' the ability to 'write' to new files -umask 00002 - -command="$1" -pki_instance="$2" - -# Source function library. -. /etc/init.d/functions - -# Source the PKI function library -. /usr/share/pki/scripts/functions - -# See how we were called. -case $command in - status) - registry_status - exit $? - ;; - start) - start - exit $? - ;; - restart) - restart - exit $? - ;; - stop) - stop - exit $? - ;; - condrestart|force-restart|try-restart) - [ ! -f ${lockfile} ] || restart - exit $? - ;; - reload) - echo "The 'reload' action is an unimplemented feature." - exit ${default_error} - ;; - *) - echo "unknown action ($command)" - usage - echo "where valid instance names include:" - list_instances - exit ${default_error} - ;; -esac - diff --git a/pki/base/ra/forms/admin/group/add.cgi b/pki/base/ra/forms/admin/group/add.cgi deleted file mode 100755 index 212330d0d..000000000 --- a/pki/base/ra/forms/admin/group/add.cgi +++ /dev/null @@ -1,86 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package op; - -use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; - -use DBI; -use CGI; -use Template::Velocity; -use PKI::RA::GlobalVar; -use PKI::Base::Conf; -use PKI::Base::Util; -use PKI::Request::Queue; -use PKI::Base::Registry; - -use vars qw (@ISA); -use PKI::Service::Op; -@ISA = qw(PKI::Service::Op); - -sub new { - my $self = {}; - bless ($self); - return $self; -} - -sub process() -{ - my $self = shift; - my $q = CGI->new(); - - my $util = PKI::Base::Util->new(); - - my $cfg = PKI::Base::Registry->get_config(); - - $self->debug_params($cfg, $q); - - if (!$self->admin_auth($cfg)) { - print $q->redirect("/admin/error.cgi"); - return; - } - my $uid = $self->get_current_uid($cfg); - - my %context; - $context{uid} = $util->html_encode($uid); - - my $gid = $util->get_val($q->param('gid')); - my $name = $util->get_val($q->param('name')); - - my $store = PKI::Base::UserStore->new(); - $store->open($cfg); - my $ref = $store->read_group($gid); - if (defined($ref)) { - # gid used - print $q->redirect("/admin/group/add_new.cgi?error=exist"); - return; - } - my $ref = $store->add_group($gid, $name); - $store->close(); - - print $q->redirect("/admin/group/index.cgi"); -} - -my $op = op->new(); -$op->execute(); diff --git a/pki/base/ra/forms/admin/group/add_member.cgi b/pki/base/ra/forms/admin/group/add_member.cgi deleted file mode 100755 index d60fe965e..000000000 --- a/pki/base/ra/forms/admin/group/add_member.cgi +++ /dev/null @@ -1,80 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package op; - -use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; - -use DBI; -use CGI; -use Template::Velocity; -use PKI::RA::GlobalVar; -use PKI::Base::Conf; -use PKI::Base::Util; -use PKI::Base::Registry; -use PKI::Request::Queue; - -use vars qw (@ISA); -use PKI::Service::Op; -@ISA = qw(PKI::Service::Op); - -sub new { - my $self = {}; - bless ($self); - return $self; -} - -sub process() -{ - my $self = shift; - my $q = CGI->new(); - - my $util = PKI::Base::Util->new(); - - my $cfg = PKI::Base::Registry->get_config(); - - $self->debug_params($cfg, $q); - - if (!$self->admin_auth($cfg)) { - print $q->redirect("/admin/error.cgi"); - return; - } - my $uid = $self->get_current_uid($cfg); - - my %context; - $context{uid} = $util->html_encode($uid); - - my $gid = $util->get_val($q->param('gid')); - my $userid = $util->get_val($q->param('uid')); - - my $store = PKI::Base::UserStore->new(); - $store->open($cfg); - $store->add_user_to_group($gid, $userid); - $store->close(); - - print $q->redirect("/admin/group/read.cgi?gid=" . $gid); -} - -my $op = op->new(); -$op->execute(); diff --git a/pki/base/ra/forms/admin/group/add_new.cgi b/pki/base/ra/forms/admin/group/add_new.cgi deleted file mode 100755 index 5a1ca7eda..000000000 --- a/pki/base/ra/forms/admin/group/add_new.cgi +++ /dev/null @@ -1,86 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package op; - -use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; - -use DBI; -use CGI; -use Template::Velocity; -use PKI::RA::GlobalVar; -use PKI::Base::Conf; -use PKI::Base::Util; -use PKI::Request::Queue; -use PKI::Base::Registry; - -use vars qw (@ISA); -use PKI::Service::Op; -@ISA = qw(PKI::Service::Op); - -sub new { - my $self = {}; - bless ($self); - return $self; -} - -sub process() -{ - my $self = shift; - my $q = CGI->new(); - - my $util = PKI::Base::Util->new(); - - my $docroot = PKI::Base::Registry->get_docroot(); - my $parser = PKI::Base::Registry->get_parser(); - my $cfg = PKI::Base::Registry->get_config(); - - $self->debug_params($cfg, $q); - - if (!$self->admin_auth($cfg)) { - print $q->redirect("/admin/error.cgi"); - return; - } - my $uid = $self->get_current_uid($cfg); - - my %context; - $context{uid} = $util->html_encode($uid); - my $error = $q->param('error'); - $context{error} = $util->html_encode($error); - - my $result = $parser->execute_file_with_context("admin/group/add_new.vm", - \%context); - - my $xml = $q->param('xml'); - if ($xml eq "true") { - print "Content-Type: text/xml\n\n"; - print $self->xml_output(\%context); - } else { - print "Content-Type: text/html\n\n"; - print "$result"; - } -} - -my $op = op->new(); -$op->execute(); diff --git a/pki/base/ra/forms/admin/group/delete.cgi b/pki/base/ra/forms/admin/group/delete.cgi deleted file mode 100755 index 5fb1f22ce..000000000 --- a/pki/base/ra/forms/admin/group/delete.cgi +++ /dev/null @@ -1,79 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package op; - -use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; - -use DBI; -use CGI; -use Template::Velocity; -use PKI::RA::GlobalVar; -use PKI::Base::Conf; -use PKI::Base::Util; -use PKI::Request::Queue; -use PKI::Base::Registry; - -use vars qw (@ISA); -use PKI::Service::Op; -@ISA = qw(PKI::Service::Op); - -sub new { - my $self = {}; - bless ($self); - return $self; -} - -sub process() -{ - my $self = shift; - my $q = CGI->new(); - - my $util = PKI::Base::Util->new(); - - my $cfg = PKI::Base::Registry->get_config(); - - $self->debug_params($cfg, $q); - - if (!$self->admin_auth($cfg)) { - print $q->redirect("/admin/error.cgi"); - return; - } - my $uid = $self->get_current_uid($cfg); - - my %context; - $context{uid} = $util->html_encode($uid); - - my $gid = $util->get_val($q->param('gid')); - - my $store = PKI::Base::UserStore->new(); - $store->open($cfg); - $store->delete_group($gid); - $store->close(); - - print $q->redirect("/admin/group/index.cgi"); -} - -my $op = op->new(); -$op->execute(); diff --git a/pki/base/ra/forms/admin/group/delete_member.cgi b/pki/base/ra/forms/admin/group/delete_member.cgi deleted file mode 100755 index 2e516eeee..000000000 --- a/pki/base/ra/forms/admin/group/delete_member.cgi +++ /dev/null @@ -1,79 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package op; - -use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; - -use DBI; -use CGI; -use Template::Velocity; -use PKI::RA::GlobalVar; -use PKI::Base::Conf; -use PKI::Base::Util; -use PKI::Request::Queue; -use PKI::Base::Registry; - -use vars qw (@ISA); -use PKI::Service::Op; -@ISA = qw(PKI::Service::Op); - -sub new { - my $self = {}; - bless ($self); - return $self; -} - -sub process() -{ - my $self = shift; - my $q = CGI->new(); - - my $util = PKI::Base::Util->new(); - my $cfg = PKI::Base::Registry->get_config(); - - $self->debug_params($cfg, $q); - - if (!$self->admin_auth($cfg)) { - print $q->redirect("/admin/error.cgi"); - return; - } - my $uid = $self->get_current_uid($cfg); - - my %context; - $context{uid} = $util->html_encode($uid); - - my $gid = $util->get_val($q->param('gid')); - my $userid = $util->get_val($q->param('uid')); - - my $store = PKI::Base::UserStore->new(); - $store->open($cfg); - $store->delete_user_from_group($gid, $userid); - $store->close(); - - print $q->redirect("/admin/group/read.cgi?gid=" . $gid); -} - -my $op = op->new(); -$op->execute(); diff --git a/pki/base/ra/forms/admin/group/index.cgi b/pki/base/ra/forms/admin/group/index.cgi deleted file mode 100755 index 07dc653e6..000000000 --- a/pki/base/ra/forms/admin/group/index.cgi +++ /dev/null @@ -1,115 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package op; - -use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; - -use DBI; -use CGI; -use Template::Velocity; -use PKI::RA::GlobalVar; -use PKI::Base::Conf; -use PKI::Base::Util; -use PKI::Request::Queue; -use PKI::Base::Registry; -use Encode; - -use vars qw (@ISA); -use PKI::Service::Op; -@ISA = qw(PKI::Service::Op); - -sub new { - my $self = {}; - bless ($self); - return $self; -} - -sub process() -{ - my $self = shift; - my $q = CGI->new(); - - my $docroot = PKI::Base::Registry->get_docroot(); - my $parser = PKI::Base::Registry->get_parser(); - my $cfg = PKI::Base::Registry->get_config(); - - - my $util = PKI::Base::Util->new(); - - $self->debug_params($cfg, $q); - - if (!$self->admin_auth($cfg)) { - print $q->redirect("/admin/error.cgi"); - return; - } - my $uid = $self->get_current_uid($cfg); - - my %context; - $context{uid} = $util->html_encode($uid); - - my $sp = $util->get_alphanum_val($q->param('sp')); - if ($sp eq "") { - $sp = "0"; - } - $context{sp} = $sp; - my $mc = $util->get_alphanum_val($q->param('mc')); - if ($mc eq "") { - $mc = "20"; - } - $context{mc} = $mc; - $context{pp} = $sp - $mc; # previous pos (for paging) - $context{np} = $sp + $mc; # next pos (for paging) - - my $store = PKI::Base::UserStore->new(); - $store->open($cfg); - my @groups = $store->list_groups($sp, $mc); - $store->close(); - - my @r; - my $i = 0; - foreach my $group (@groups) { - $r[$i] = new PKI::RA::GlobalVar( - getGID => sub { return $util->html_encode(Encode::decode('UTF-8', $group->{'gid'})) }, - getName => sub { return $util->html_encode(Encode::decode('UTF-8', $group->{'name'})) }, - ); - $i++; - } - $context{rows} = \@r; - - my $result = $parser->execute_file_with_context("admin/group/index.vm", - \%context); - - my $xml = $q->param('xml'); - if ($xml eq "true") { - print "Content-Type: text/xml\n\n"; - print $self->xml_output(\%context); - } else { - print "Content-Type: text/html\n\n"; - print "$result"; - } -} - -my $op = op->new(); -$op->execute(); diff --git a/pki/base/ra/forms/admin/group/read.cgi b/pki/base/ra/forms/admin/group/read.cgi deleted file mode 100755 index 9ede3aa53..000000000 --- a/pki/base/ra/forms/admin/group/read.cgi +++ /dev/null @@ -1,125 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package op; - -use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; - -use DBI; -use CGI; -use Template::Velocity; -use PKI::RA::GlobalVar; -use PKI::Base::Conf; -use PKI::Base::Util; -use PKI::Request::Queue; -use PKI::Base::Registry; -use Encode; - -use vars qw (@ISA); -use PKI::Service::Op; -@ISA = qw(PKI::Service::Op); - -sub new { - my $self = {}; - bless ($self); - return $self; -} - -sub process() -{ - my $self = shift; - my $q = CGI->new(); - - my $util = PKI::Base::Util->new(); - - my $docroot = PKI::Base::Registry->get_docroot(); - my $parser = PKI::Base::Registry->get_parser(); - my $cfg = PKI::Base::Registry->get_config(); - - $self->debug_params($cfg, $q); - - if (!$self->admin_auth($cfg)) { - print $q->redirect("/admin/error.cgi"); - return; - } - my $uid = $self->get_current_uid($cfg); - - my %context; - $context{uid} = $util->html_encode($uid); - - my $gid = $util->get_val($q->param('gid')); - - my $store = PKI::Base::UserStore->new(); - $store->open($cfg); - my $ref = $store->read_group($gid); - - $context{gid} = $util->html_encode(Encode::decode('UTF-8', $ref->{'gid'})); - $context{name} = $util->html_encode(Encode::decode('UTF-8', $ref->{'name'})); - - my @members = $store->list_all_members($gid); - my @users = $store->list_all_non_members($gid); - $store->close(); - - # new member in the group - my @r; - my $i = 0; - foreach my $member (@members) { - $r[$i] = new PKI::RA::GlobalVar( - getUID => sub { return $util->html_encode($member->{'uid'}) }, - ); - $i++; - } - $context{members} = \@r; - - # read users - my @u; - $i = 0; - foreach my $user (@users) { - $u[$i] = new PKI::RA::GlobalVar( - getUID => sub { return $util->html_encode($user->{'uid'}) }, - ); - $i++; - } - if ($i == 0) { - $context{non_member_exists} = 0; - } else { - $context{non_member_exists} = 1; - } - $context{users} = \@u; - - my $result = $parser->execute_file_with_context("admin/group/read.vm", - \%context); - - my $xml = $q->param('xml'); - if ($xml eq "true") { - print "Content-Type: text/xml\n\n"; - print $self->xml_output(\%context); - } else { - print "Content-Type: text/html\n\n"; - print "$result"; - } -} - -my $op = op->new(); -$op->execute(); diff --git a/pki/base/ra/forms/admin/index.cgi b/pki/base/ra/forms/admin/index.cgi deleted file mode 100755 index 2db7b2500..000000000 --- a/pki/base/ra/forms/admin/index.cgi +++ /dev/null @@ -1,80 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package op; - -use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; - -use CGI; -use Template::Velocity; -use PKI::Base::Conf; -use PKI::Base::UserStore; -use PKI::Base::Registry; - -use vars qw (@ISA); -use PKI::Service::Op; -@ISA = qw(PKI::Service::Op); - -sub new { - my $self = {}; - bless ($self); - return $self; -} - -sub process() -{ - my $self = shift; - - my $q = CGI->new(); - - my $docroot = PKI::Base::Registry->get_docroot(); - my $parser = PKI::Base::Registry->get_parser(); - my $cfg = PKI::Base::Registry->get_config(); - - $self->debug_params($cfg, $q); - - if (!$self->admin_auth($cfg)) { - print $q->redirect("/agent/error.cgi?error=Authentication%20Error"); - return; - } - my $uid = $self->get_current_uid($cfg); - - my %context; - $context{uid} = $uid; - - my $result = $parser->execute_file_with_context("admin/index.vm", - \%context); - - my $xml = $q->param('xml'); - if ($xml eq "true") { - print "Content-Type: text/xml\n\n"; - print $self->xml_output(\%context); - } else { - print "Content-Type: text/html\n\n"; - print "$result"; - } -} - -my $op = op->new(); -$op->execute(); diff --git a/pki/base/ra/forms/admin/user/add.cgi b/pki/base/ra/forms/admin/user/add.cgi deleted file mode 100755 index 94c4bae81..000000000 --- a/pki/base/ra/forms/admin/user/add.cgi +++ /dev/null @@ -1,99 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package op; - -use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; - -use DBI; -use CGI; -use Template::Velocity; -use PKI::RA::GlobalVar; -use PKI::Base::Conf; -use PKI::Base::Util; -use PKI::Request::Queue; -use PKI::Base::Registry; - -use vars qw (@ISA); -use PKI::Service::Op; -@ISA = qw(PKI::Service::Op); - -sub new { - my $self = {}; - bless ($self); - return $self; -} - -sub process() -{ - my $self = shift; - my $q = CGI->new(); - - my $util = PKI::Base::Util->new(); - - my $cfg = PKI::Base::Registry->get_config(); - - $self->debug_params($cfg, $q); - - if (!$self->admin_auth($cfg)) { - print $q->redirect("/admin/error.cgi"); - return; - } - my $uid = $self->get_current_uid($cfg); - - my %context; - $context{uid} = $uid; - - my $userid = $util->get_val($q->param('uid')); - my $name = $util->get_val($q->param('name')); - my $email = $util->get_val($q->param('email')); - my $certificate = $util->get_val($q->param('certificate')); - - if ($certificate =~ /BEGIN CERTIFICATE/ || - $certificate =~ /END CERTIFICATE/) { - # do nothing - } else { - print $q->redirect("/admin/user/add_new.cgi?error=cert_header"); - return; - } - $certificate =~ s/-----BEGIN CERTIFICATE-----//g; - $certificate =~ s/-----END CERTIFICATE-----//g; - $certificate =~ s/[\r\n]//g; - - my $store = PKI::Base::UserStore->new(); - $store->open($cfg); - my $ref = $store->read_user($userid); - if (defined($ref)) { - # uid used - print $q->redirect("/admin/user/add_new.cgi?error=exist"); - return; - } - my $ref = $store->add_user($userid, $name, $email, $certificate); - $store->close(); - - print $q->redirect("/admin/user/index.cgi"); -} - -my $op = op->new(); -$op->execute(); diff --git a/pki/base/ra/forms/admin/user/add_new.cgi b/pki/base/ra/forms/admin/user/add_new.cgi deleted file mode 100755 index 8bfbd0e9e..000000000 --- a/pki/base/ra/forms/admin/user/add_new.cgi +++ /dev/null @@ -1,87 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package op; - -use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; - -use DBI; -use CGI; -use Template::Velocity; -use PKI::RA::GlobalVar; -use PKI::Base::Conf; -use PKI::Base::Util; -use PKI::Request::Queue; -use PKI::Base::Registry; - -use vars qw (@ISA); -use PKI::Service::Op; -@ISA = qw(PKI::Service::Op); - -sub new { - my $self = {}; - bless ($self); - return $self; -} - -sub process() -{ - my $self = shift; - my $q = CGI->new(); - - my $util = PKI::Base::Util->new(); - - my $docroot = PKI::Base::Registry->get_docroot(); - my $parser = PKI::Base::Registry->get_parser(); - my $cfg = PKI::Base::Registry->get_config(); - - $self->debug_params($cfg, $q); - - if (!$self->admin_auth($cfg)) { - print $q->redirect("/admin/error.cgi"); - return; - } - my $uid = $self->get_current_uid($cfg); - - my %context; - $context{uid} = $uid; - - my $error = $util->get_val($q->param('error')); - $context{error} = $error; - - my $result = $parser->execute_file_with_context("admin/user/add_new.vm", - \%context); - - my $xml = $q->param('xml'); - if ($xml eq "true") { - print "Content-Type: text/xml\n\n"; - print $self->xml_output(\%context); - } else { - print "Content-Type: text/html\n\n"; - print "$result"; - } -} - -my $op = op->new(); -$op->execute(); diff --git a/pki/base/ra/forms/admin/user/delete.cgi b/pki/base/ra/forms/admin/user/delete.cgi deleted file mode 100755 index 707035edb..000000000 --- a/pki/base/ra/forms/admin/user/delete.cgi +++ /dev/null @@ -1,79 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package op; - -use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; - -use DBI; -use CGI; -use Template::Velocity; -use PKI::RA::GlobalVar; -use PKI::Base::Conf; -use PKI::Base::Util; -use PKI::Request::Queue; -use PKI::Base::Registry; - -use vars qw (@ISA); -use PKI::Service::Op; -@ISA = qw(PKI::Service::Op); - -sub new { - my $self = {}; - bless ($self); - return $self; -} - -sub process() -{ - my $self = shift; - my $q = CGI->new(); - - my $cfg = PKI::Base::Registry->get_config(); - - my $util = PKI::Base::Util->new(); - - $self->debug_params($cfg, $q); - - if (!$self->admin_auth($cfg)) { - print $q->redirect("/admin/error.cgi"); - return; - } - my $uid = $self->get_current_uid($cfg); - - my %context; - $context{uid} = $uid; - - my $userid = $util->get_val($q->param('uid')); - - my $store = PKI::Base::UserStore->new(); - $store->open($cfg); - $store->delete_user($userid); - $store->close(); - - print $q->redirect("/admin/user/index.cgi"); -} - -my $op = op->new(); -$op->execute(); diff --git a/pki/base/ra/forms/admin/user/index.cgi b/pki/base/ra/forms/admin/user/index.cgi deleted file mode 100755 index c845ae1dc..000000000 --- a/pki/base/ra/forms/admin/user/index.cgi +++ /dev/null @@ -1,118 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package op; - -use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; - -use DBI; -use CGI; -use Template::Velocity; -use PKI::RA::GlobalVar; -use PKI::Base::Conf; -use PKI::Base::Util; -use PKI::Request::Queue; -use PKI::Base::Registry; -use Encode; - -use vars qw (@ISA); -use PKI::Service::Op; -@ISA = qw(PKI::Service::Op); - -sub new { - my $self = {}; - bless ($self); - return $self; -} - -sub process() -{ - my $self = shift; - my $q = CGI->new(); - - my $docroot = PKI::Base::Registry->get_docroot(); - my $parser = PKI::Base::Registry->get_parser(); - my $cfg = PKI::Base::Registry->get_config(); - - my $util = PKI::Base::Util->new(); - - $self->debug_params($cfg, $q); - - if (!$self->admin_auth($cfg)) { - print $q->redirect("/admin/error.cgi"); - return; - } - my $uid = $self->get_current_uid($cfg); - - my %context; - $context{uid} = $uid; - - my $status = $util->get_alphanum_val($q->param('status')); - $context{status} = $status; - - my $sp = $util->get_alphanum_val($q->param('sp')); - if ($sp eq "") { - $sp = "0"; - } - $context{sp} = $sp; - my $mc = $util->get_alphanum_val($q->param('mc')); - if ($mc eq "") { - $mc = "20"; - } - $context{mc} = $mc; - $context{pp} = $sp - $mc; # previous pos (for paging) - $context{np} = $sp + $mc; # next pos (for paging) - - my $store = PKI::Base::UserStore->new(); - $store->open($cfg); - my @users = $store->list_users($sp, $mc); - $store->close(); - - my @r; - my $i = 0; - foreach my $user (@users) { - $r[$i] = new PKI::RA::GlobalVar( - getUID => sub { return $util->html_encode($user->{'uid'}) }, - getName => sub { return $util->html_encode(Encode::decode('UTF-8',$user->{'name'})) }, - getEmail => sub { return $util->html_encode($user->{'email'}) }, - ); - $i++; - } - $context{rows} = \@r; - - my $result = $parser->execute_file_with_context("admin/user/index.vm", - \%context); - - my $xml = $q->param('xml'); - if ($xml eq "true") { - print "Content-Type: text/xml\n\n"; - print $self->xml_output(\%context); - } else { - print "Content-Type: text/html\n\n"; - print "$result"; - } -} - -my $op = op->new(); -$op->execute(); diff --git a/pki/base/ra/forms/admin/user/read.cgi b/pki/base/ra/forms/admin/user/read.cgi deleted file mode 100755 index 08d2fd3f7..000000000 --- a/pki/base/ra/forms/admin/user/read.cgi +++ /dev/null @@ -1,97 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package op; - -use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; - -use DBI; -use CGI; -use Template::Velocity; -use PKI::RA::GlobalVar; -use PKI::Base::Conf; -use PKI::Base::Util; -use PKI::Base::Registry; -use PKI::Request::Queue; -use Encode; - -use vars qw (@ISA); -use PKI::Service::Op; -@ISA = qw(PKI::Service::Op); - -sub new { - my $self = {}; - bless ($self); - return $self; -} - -sub process() -{ - my $self = shift; - my $q = CGI->new(); - - my $util = PKI::Base::Util->new(); - - my $docroot = PKI::Base::Registry->get_docroot(); - my $parser = PKI::Base::Registry->get_parser(); - my $cfg = PKI::Base::Registry->get_config(); - - $self->debug_params($cfg, $q); - - if (!$self->admin_auth($cfg)) { - print $q->redirect("/admin/error.cgi"); - return; - } - my $uid = $self->get_current_uid($cfg); - - my %context; - $context{uid} = $uid; - - my $userid = $util->get_val($q->param('uid')); - - my $store = PKI::Base::UserStore->new(); - $store->open($cfg); - my $ref = $store->read_user($userid); - $store->close(); - - $context{userid} = $util->html_encode($ref->{'uid'}); - $context{name} = $util->html_encode(Encode::decode('UTF-8', $ref->{'name'})); - $context{email} = $util->html_encode($ref->{'email'}); - $context{certificate} = $util->breakline($util->html_encode($ref->{'certificate'}),40); - - my $result = $parser->execute_file_with_context("admin/user/read.vm", - \%context); - - my $xml = $q->param('xml'); - if ($xml eq "true") { - print "Content-Type: text/xml\n\n"; - print $self->xml_output(\%context); - } else { - print "Content-Type: text/html\n\n"; - print "$result"; - } -} - -my $op = op->new(); -$op->execute(); diff --git a/pki/base/ra/forms/agent/cert/index.cgi b/pki/base/ra/forms/agent/cert/index.cgi deleted file mode 100755 index 46e5b8c2c..000000000 --- a/pki/base/ra/forms/agent/cert/index.cgi +++ /dev/null @@ -1,119 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package op; - -use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; - -use DBI; -use CGI; -use Template::Velocity; -use PKI::RA::GlobalVar; -use PKI::Base::Conf; -use PKI::Base::Util; -use PKI::Base::Registry; -use PKI::Base::CertStore; - -use vars qw (@ISA); -use PKI::Service::Op; -@ISA = qw(PKI::Service::Op); - -sub new { - my $self = {}; - bless ($self); - return $self; -} - -sub process() -{ - my $self = shift; - my $q = CGI->new(); - - my $util = PKI::Base::Util->new(); - my $docroot = PKI::Base::Registry->get_docroot(); - my $parser = PKI::Base::Registry->get_parser(); - my $cfg = PKI::Base::Registry->get_config(); - - $self->debug_params($cfg, $q); - - if (!$self->agent_auth($cfg)) { - print $q->redirect("/agent/error.cgi"); - return; - } - my $uid = $self->get_current_uid($cfg); - - my %context; - $context{uid} = $util->html_encode($uid); - - my @roles = $self->get_current_roles($cfg); - my $r = join(",",@roles); - - my $sp = $util->get_alphanum_val($q->param('sp')); - if ($sp eq "") { - $sp = "0"; - } - $context{sp} = $sp; - my $mc = $util->get_alphanum_val($q->param('mc')); - if ($mc eq "") { - $mc = "20"; - } - $context{mc} = $mc; - $context{pp} = $sp - $mc; # previous pos (for paging) - $context{np} = $sp + $mc; # next pos (for paging) - - my $cs = PKI::Base::CertStore->new(); - $cs->open($cfg); - my @certs = $cs->list_certs_by_approver($uid, $sp, $mc); - $cs->close(); - - my @r; - my $i = 0; - foreach my $cert (@certs) { - $r[$i] = new PKI::RA::GlobalVar( - getReqId => sub { return $util->html_encode($cert->{'rid'}) }, - getSerialno => sub { return $util->html_encode($cert->{'serialno'}) }, - getSubjectDN => sub { return $util->html_encode($cert->{'subject_dn'}) }, - getCertificate => sub { return $util->html_encode($cert->{'certificate'}) }, - getApprovedBy => sub { return $util->html_encode($cert->{'approved_by'}) }, - getCreatedAt => sub { return $util->html_encode($cert->{'created_at'}); }, - ); - $i++; - } - $context{rows} = \@r; - - my $result = $parser->execute_file_with_context("agent/cert/index.vm", - \%context); - - my $xml = $q->param('xml'); - if ($xml eq "true") { - print "Content-Type: text/xml\n\n"; - print $self->xml_output(\%context); - } else { - print "Content-Type: text/html\n\n"; - print "$result"; - } -} - -my $op = op->new(); -$op->execute(); diff --git a/pki/base/ra/forms/agent/cert/read.cgi b/pki/base/ra/forms/agent/cert/read.cgi deleted file mode 100755 index f434baedb..000000000 --- a/pki/base/ra/forms/agent/cert/read.cgi +++ /dev/null @@ -1,104 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package op; - -use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; - -use DBI; -use CGI; -use Template::Velocity; -use PKI::Base::Conf; -use PKI::Base::Util; -use PKI::Base::Registry; -use PKI::Conn::CA; -use Encode; -use vars qw (@ISA); -use PKI::Service::Op; - -@ISA = qw(PKI::Service::Op); - -sub new { - my $self = {}; - bless ($self); - return $self; -} - -sub process() -{ - my $self = shift; - my $q = CGI->new(); - - my $util = PKI::Base::Util->new(); - my $docroot = PKI::Base::Registry->get_docroot(); - my $parser = PKI::Base::Registry->get_parser(); - my $cfg = PKI::Base::Registry->get_config(); - $self->debug_params($cfg, $q); - - if (!$self->agent_auth($cfg)) { - print $q->redirect("/agent/error.cgi"); - return; - } - my $uid = $self->get_current_uid($cfg); - - my %context; - $context{uid} = $util->html_encode($uid); - - my $serialno = $util->get_alphanum_val($q->param('serialno')); - - my $cs = PKI::Base::CertStore->new(); - $cs->open($cfg); - my $ref = $cs->read_certificate_by_approver($uid, $serialno); - $cs->close(); - - my $ca = PKI::Conn::CA->new(); - $ca->open($cfg); - my $certStatus = $ca->getCertStatus("ca1", $serialno); - $ca->close(); - - - $context{certificate} = $util->breakline($util->html_encode($ref->{'certificate'}), 40); - - $context{serialno} = $util->html_encode($ref->{'serialno'}); - $context{subject_dn} = $util->html_encode(Encode::decode('UTF-8', $ref->{'subject_dn'})); - $context{created_at} = $util->html_encode($ref->{'created_at'}); - $context{approved_by} = $util->html_encode($ref->{'approved_by'}); - $context{rid} = $util->html_encode($ref->{'rid'}); - $context{certStatus} = $util->html_encode($certStatus); - - my $result = $parser->execute_file_with_context("agent/cert/read.vm", - \%context); - - my $xml = $q->param('xml'); - if ($xml eq "true") { - print "Content-Type: text/xml\n\n"; - print $self->xml_output(\%context); - } else { - print "Content-Type: text/html\n\n"; - print "$result"; - } -} - -my $op = op->new(); -$op->execute(); diff --git a/pki/base/ra/forms/agent/cert/revoke.cgi b/pki/base/ra/forms/agent/cert/revoke.cgi deleted file mode 100755 index 1e483aea0..000000000 --- a/pki/base/ra/forms/agent/cert/revoke.cgi +++ /dev/null @@ -1,89 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package op; - -use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; - -use DBI; -use CGI; -use Template::Velocity; -use PKI::Base::Conf; -use PKI::Base::Registry; -use PKI::Base::Util; -use Encode; - -use vars qw (@ISA); -use PKI::Service::Op; -@ISA = qw(PKI::Service::Op); - -sub new { - my $self = {}; - bless ($self); - return $self; -} - -sub process() -{ - my $self = shift; - my $q = CGI->new(); - - my $util = PKI::Base::Util->new(); - my $docroot = PKI::Base::Registry->get_docroot(); - my $parser = PKI::Base::Registry->get_parser(); - my $cfg = PKI::Base::Registry->get_config(); - $self->debug_params($cfg, $q); - - if (!$self->agent_auth($cfg)) { - print $q->redirect("/agent/error.cgi"); - return; - } - my $uid = $self->get_current_uid($cfg); - - my %context; - $context{uid} = $util->html_encode($uid); - - my $serialno = $util->get_alphanum_val($q->param('serialno')); - my $subject_dn = $util->get_val($q->param('subject_dn')); - my $rid = $util->get_alphanum_val($q->param('rid')); - - $context{serialno} = $util->html_encode($serialno); - $context{subject_dn} = $util->html_encode(Encode::decode('UTF-8',$subject_dn)); - $context{rid} = $util->html_encode($rid); - - my $result = $parser->execute_file_with_context("agent/cert/revoke.vm", - \%context); - - my $xml = $q->param('xml'); - if ($xml eq "true") { - print "Content-Type: text/xml\n\n"; - print $self->xml_output(\%context); - } else { - print "Content-Type: text/html\n\n"; - print "$result"; - } -} - -my $op = op->new(); -$op->execute(); diff --git a/pki/base/ra/forms/agent/cert/submit.cgi b/pki/base/ra/forms/agent/cert/submit.cgi deleted file mode 100755 index 571385f3a..000000000 --- a/pki/base/ra/forms/agent/cert/submit.cgi +++ /dev/null @@ -1,104 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package op; - -use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; - -use DBI; -use CGI; -use Template::Velocity; -use PKI::Base::Conf; -use PKI::Base::Util; -use PKI::Base::Registry; -use PKI::Conn::CA; -use Encode; - -use vars qw (@ISA); -use PKI::Service::Op; -@ISA = qw(PKI::Service::Op); - -sub new { - my $self = {}; - bless ($self); - return $self; -} - -sub process() -{ - my $self = shift; - my $q = CGI->new(); - - my $util = PKI::Base::Util->new(); - my $docroot = PKI::Base::Registry->get_docroot(); - my $parser = PKI::Base::Registry->get_parser(); - my $cfg = PKI::Base::Registry->get_config(); - - $self->debug_params($cfg, $q); - - if (!$self->agent_auth($cfg)) { - print $q->redirect("/agent/error.cgi"); - return; - } - my $uid = $self->get_current_uid($cfg); - - my %context; - $context{uid} = $util->html_encode($uid); - - my $serialno = $util->get_alphanum_val($q->param('serialno')); - my $subject_dn = $util->get_val($q->param('subject_dn')); - my $reason = $util->get_alphanum_val($q->param('reason')); - my $rid = $util->get_alphanum_val($q->param('rid')); - - my $ca = PKI::Conn::CA->new(); - $ca->open($cfg); - $ca->revoke($rid, "ca1", $serialno, $reason); - $ca->close(); - - my $queue = PKI::Request::Queue->new(); - $queue->open($cfg); - - my $ref = $queue->read_request($rid); - $context{errorString} = $util->html_encode($ref->{'errorString'}); - $queue->close(); - - $context{rid} = $util->html_encode($rid); - $context{serialno} = $util->html_encode($serialno); - $context{subject_dn} = $util->html_encode(Encode::decode('UTF-8', $subject_dn)); - - my $result = $parser->execute_file_with_context("agent/cert/submit.vm", - \%context); - - my $xml = $q->param('xml'); - if ($xml eq "true") { - print "Content-Type: text/xml\n\n"; - print $self->xml_output(\%context); - } else { - print "Content-Type: text/html\n\n"; - print "$result"; - } -} - -my $op = op->new(); -$op->execute(); diff --git a/pki/base/ra/forms/agent/error.cgi b/pki/base/ra/forms/agent/error.cgi deleted file mode 100755 index fa13365a7..000000000 --- a/pki/base/ra/forms/agent/error.cgi +++ /dev/null @@ -1,81 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package op; - -use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; - -use CGI; -use Template::Velocity; -use PKI::Base::Conf; -use PKI::Base::UserStore; -use PKI::Base::Util; -use PKI::Base::Registry; - -use vars qw (@ISA); -use PKI::Service::Op; -@ISA = qw(PKI::Service::Op); - -sub new { - my $self = {}; - bless ($self); - return $self; -} - -sub process() -{ - my $self = shift; - - my $q = CGI->new(); - - my $docroot = PKI::Base::Registry->get_docroot(); - my $parser = PKI::Base::Registry->get_parser(); - my $cfg = PKI::Base::Registry->get_config(); - - $self->debug_params($cfg, $q); - - my $util = PKI::Base::Util->new(); - - my $error = $util->get_val($q->param('error')); - - my %context; - if ($error ne "") { - $context{has_error} = 1; - $context{'error'} = $util->html_encode($error); - } - - my $result = $parser->execute_file_with_context("agent/error.vm", \%context); - - my $xml = $q->param('xml'); - if ($xml eq "true") { - print "Content-Type: text/xml\n\n"; - print $self->xml_output(\%context); - } else { - print "Content-Type: text/html\n\n"; - print "$result"; - } -} - -my $op = op->new(); -$op->execute(); diff --git a/pki/base/ra/forms/agent/index.cgi b/pki/base/ra/forms/agent/index.cgi deleted file mode 100755 index c8f2040fe..000000000 --- a/pki/base/ra/forms/agent/index.cgi +++ /dev/null @@ -1,83 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package op; - -use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; - -use CGI; -use Template::Velocity; -use PKI::Base::Conf; -use PKI::Base::UserStore; -use PKI::Base::Registry; -use PKI::Base::Util; - -use vars qw (@ISA); -use PKI::Service::Op; -@ISA = qw(PKI::Service::Op); - -sub new { - my $self = {}; - bless ($self); - return $self; -} - -sub process() -{ - my $self = shift; - - my $q = CGI->new(); - - my $util = PKI::Base::Util->new(); - - my $docroot = PKI::Base::Registry->get_docroot(); - my $parser = PKI::Base::Registry->get_parser(); - my $cfg = PKI::Base::Registry->get_config(); - - $self->debug_params($cfg, $q); - - if (!$self->agent_auth($cfg)) { - print $q->redirect("/agent/error.cgi?error=Authentication%20Error"); - return; - } - my $uid = $self->get_current_uid($cfg); - - my %context; - $context{uid} = $util->html_encode($uid); - - my $result = $parser->execute_file_with_context("agent/index.vm", - \%context); - - my $xml = $q->param('xml'); - if ($xml eq "true") { - print "Content-Type: text/xml\n\n"; - print $self->xml_output(\%context); - } else { - print "Content-Type: text/html\n\n"; - print "$result"; - } -} - -my $op = op->new(); -$op->execute(); diff --git a/pki/base/ra/forms/agent/request/add_note.cgi b/pki/base/ra/forms/agent/request/add_note.cgi deleted file mode 100755 index 0ffac91c7..000000000 --- a/pki/base/ra/forms/agent/request/add_note.cgi +++ /dev/null @@ -1,93 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package op; - -use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; - -use CGI; -use Template::Velocity; -use PKI::Base::Conf; -use PKI::Base::Util; -use PKI::Base::Registry; -use PKI::Request::Queue; -use PKI::Base::TimeTool; - -use vars qw (@ISA); -use PKI::Service::Op; -@ISA = qw(PKI::Service::Op); - -sub new { - my $self = {}; - bless ($self); - return $self; -} - -sub process() -{ - my $self = shift; - - my $q = CGI->new(); - - my $util = PKI::Base::Util->new(); - my $docroot = PKI::Base::Registry->get_docroot(); - my $parser = PKI::Base::Registry->get_parser(); - my $cfg = PKI::Base::Registry->get_config(); - - $self->debug_params($cfg, $q); - - if (!$self->agent_auth($cfg)) { - print $q->redirect("/agent/error.cgi"); - return; - } - my $uid = $self->get_current_uid($cfg); - - my %context; - $context{uid} = $util->html_encode($uid); - - my $id = $util->get_alphanum_val($q->param('id')); - my $note = $util->get_val($q->param('note')); - - if ($note eq "") { - # dont add anything - print $q->redirect("/agent/request/read.cgi?id=" . $id); - return; - } - - my $timet = PKI::Base::TimeTool->new(); - my $now = $timet->get_time(); - my $new_note = "==== Note created by $uid at $now ====\n" . - $note . "\n"; - - my $queue = PKI::Request::Queue->new(); - $queue->open($cfg); - my $ref = $queue->read_request($id); - $queue->set_request($id, "note", $ref->{'note'} . $new_note); - $queue->close(); - - print $q->redirect("/agent/request/read.cgi?id=" . $id); -} - -my $op = op->new(); -$op->execute(); diff --git a/pki/base/ra/forms/agent/request/index.cgi b/pki/base/ra/forms/agent/request/index.cgi deleted file mode 100755 index 81b25977a..000000000 --- a/pki/base/ra/forms/agent/request/index.cgi +++ /dev/null @@ -1,146 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package op; - -use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; - -use DBI; -use CGI; -use Template::Velocity; -use PKI::RA::GlobalVar; -use PKI::Base::Conf; -use PKI::Base::Util; -use PKI::Base::Registry; -use PKI::Request::Queue; -use PKI::Service::Op; - -use vars qw (@ISA); -use PKI::Service::Op; -@ISA = qw(PKI::Service::Op); - -sub new { - my $self = {}; - bless ($self); - return $self; -} - -sub process() -{ - my $self = shift; - my $q = CGI->new(); - - my $util = PKI::Base::Util->new(); - my $docroot = PKI::Base::Registry->get_docroot(); - my $parser = PKI::Base::Registry->get_parser(); - my $cfg = PKI::Base::Registry->get_config(); - - $self->debug_params($cfg, $q); - - if (!$self->agent_auth($cfg)) { - print $q->redirect("/agent/error.cgi"); - return; - } - my $uid = $self->get_current_uid($cfg); - $self->debug_log( $cfg, "in request/index.cgi, uid == $uid"); - - my %context; - $context{uid} = $util->html_encode($uid); - - my @roles = $self->get_current_roles($cfg); -# my $r = join(",",@roles); - - my $status = $util->get_alphanum_val($q->param('status')); - if ($status eq "") { - $context{status} = ""; - } else { - $context{status} = $util->html_encode($status); - } - - my $sp = $util->get_alphanum_val($q->param('sp')); - if ($sp eq "") { - $sp = "0"; - } - $context{sp} = $sp; - my $mc = $util->get_alphanum_val($q->param('mc')); - if ($mc eq "") { - $mc = "20"; - } - $context{mc} = $mc; - $context{pp} = $sp - $mc; # previous pos (for paging) - $context{np} = $sp + $mc; # next pos (for paging) - - my $queue = PKI::Request::Queue->new(); - $queue->open($cfg); - my $total = $queue->count_requests_by_roles(\@roles, $status); - $context{total} = $util->html_encode($total); - - my @reqs = $queue->list_requests_by_roles(\@roles, $status, $sp, $mc); -# my @reqs = $queue->list_requests_by_roles($r, $status, $sp, $mc); - $queue->close(); - - my @r; - my $i = 0; - foreach my $req (@reqs) { - $r[$i] = new PKI::RA::GlobalVar( - getId => sub { return $util->html_encode($req->{'rowid'}) }, - getType => sub { return $util->html_encode($req->{'type'}) }, - getStatus => sub { return $util->html_encode($req->{'status'}) }, - getError => sub { return $util->html_encode($req->{'errorString'}) }, - getAssignedTo => sub { return $util->html_encode($req->{'assigned_to'}) }, - getData => sub { return $util->html_encode($req->{'data'}); }, - getCreatedBy => sub { return $util->html_encode($req->{'created_by'}); }, - getCreatedAt => sub { return $util->html_encode($req->{'created_at'}); }, - ); - $i++; - } - $context{rows} = \@r; - - if ($sp - $mc < 0) { - $context{show_previous} = "no"; - } else { - $context{show_previous} = "yes"; - } - - if ($i < 20) { - $context{show_next} = "no"; - } else { - $context{show_next} = "yes"; - } - - my $result = $parser->execute_file_with_context("agent/request/index.vm", - \%context); - - my $xml = $q->param('xml'); - if ($xml eq "true") { - print "Content-Type: text/xml\n\n"; - print $self->xml_output(\%context); - } else { - print "Content-Type: text/html\n\n"; - print "$result"; - } -} - -my $op = op->new(); -$op->execute(); diff --git a/pki/base/ra/forms/agent/request/op.cgi b/pki/base/ra/forms/agent/request/op.cgi deleted file mode 100755 index 363d7121b..000000000 --- a/pki/base/ra/forms/agent/request/op.cgi +++ /dev/null @@ -1,153 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package op; - -use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; - -use Benchmark; -use CGI; -use Template::Velocity; -use PKI::Base::Conf; -use PKI::Base::Registry; -use PKI::Request::Queue; -use PKI::Base::Util; -use Encode; - -use vars qw (@ISA); -use PKI::Service::Op; -@ISA = qw(PKI::Service::Op); - -sub new { - my $self = {}; - bless ($self); - return $self; -} - -sub process() -{ - my $self = shift; - - my $q = CGI->new(); - - my $st = new Benchmark; - - my $util = PKI::Base::Util->new(); - my $docroot = PKI::Base::Registry->get_docroot(); - my $parser = PKI::Base::Registry->get_parser(); - my $cfg = PKI::Base::Registry->get_config(); - - $self->debug_params($cfg, $q); - - if (!$self->agent_auth($cfg)) { - print $q->redirect("/agent/error.cgi"); - return; - } - my $uid = $self->get_current_uid($cfg); - - my %context; - $context{uid} = $util->html_encode($uid); - - my $type = $util->get_alphanum_val($q->param('type')); - my $id = $util->get_alphanum_val($q->param('id')); - - my $db_st = new Benchmark; - my $queue = PKI::Request::Queue->new(); - $queue->open($cfg); - - my $ref; - - my @roles = $self->get_current_roles($cfg); - my $pref = $queue->read_request_by_roles(\@roles, $id); - - if (! defined $pref) { - $queue->close(); - $self->debug_log($cfg, "Invalid attempt to process request id= " . $id . - " by userid= " . $uid); - print $q->redirect("/agent/error.cgi"); - return; - } - - my $curr_status = $pref->{'status'}; - if ($type eq "approve") { - if (($curr_status ne "OPEN") && ($curr_status ne "ERROR")) { - $queue->close(); - print $q->redirect("/agent/request/read.cgi?id=$id"); - return; - } - - $ref = $queue->approve_request($id, $uid); - } elsif ($type eq "reject") { - if (($curr_status ne "OPEN") && ($curr_status ne "ERROR")) { - $queue->close(); - print $q->redirect("/agent/request/read.cgi?id=$id"); - return; - } - - $ref = $queue->reject_request($id, $uid); - } - $queue->close(); - my $db_et = new Benchmark; - - $context{data} = $util->breakline($util->html_encode(Encode::decode('UTF-8', $ref->{'data'})), 40); - $context{output} = $util->breakline($util->html_encode($ref->{'output'}), 40); - $context{serialno} = $util->html_encode($ref->{'serialno'}); - $context{type} = $util->html_encode($ref->{'type'}); - $context{ip} = $util->html_encode($ref->{'ip'}); - $context{note} = $util->html_encode($ref->{'note'}); - $context{note} =~ s/\n/<br\/>/g; - $context{created_at} = $util->html_encode($ref->{'created_at'}); - $context{updated_at} = $util->html_encode($ref->{'updated_at'}); - $context{assigned_to} = $util->html_encode($ref->{'assigned_to'}); - $context{processed_by} = $util->html_encode($ref->{'processed_by'}); - $context{created_by} = $util->html_encode($ref->{'created_by'}); - $context{status} = $util->html_encode($ref->{'status'}); - $context{errorString} = $util->html_encode($ref->{'errorString'}); - $context{id} = $util->html_encode($ref->{'rowid'}); - - my $t_st = new Benchmark; - my $result = $parser->execute_file_with_context("agent/request/op.vm", - \%context); - my $t_et = new Benchmark; - - my $xml = $q->param('xml'); - if ($xml eq "true") { - print "Content-Type: text/xml\n\n"; - print $self->xml_output(\%context); - } else { - print "Content-Type: text/html\n\n"; - print "$result"; - } - - my $et = new Benchmark; - - $self->debug_log($cfg, "benchmark " . - "total=" . timestr(timediff($et, $st)) . " " . - "db total=" . timestr(timediff($db_et, $db_st)) . " " . - "template total=" . timestr(timediff($t_et, $t_st)) . " " - ); -} - -my $op = op->new(); -$op->execute(); diff --git a/pki/base/ra/forms/agent/request/read.cgi b/pki/base/ra/forms/agent/request/read.cgi deleted file mode 100755 index d1633c164..000000000 --- a/pki/base/ra/forms/agent/request/read.cgi +++ /dev/null @@ -1,119 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package op; - -use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; - -use DBI; -use CGI; -use Template::Velocity; -use PKI::Base::Conf; -use PKI::Base::Registry; -use PKI::Base::Util; -use PKI::Request::Queue; -use Encode; - -use vars qw (@ISA); -use PKI::Service::Op; -@ISA = qw(PKI::Service::Op); - -sub new { - my $self = {}; - bless ($self); - return $self; -} - -sub process() -{ - my $self = shift; - my $q = CGI->new(); - - my $util = PKI::Base::Util->new(); - my $docroot = PKI::Base::Registry->get_docroot(); - my $parser = PKI::Base::Registry->get_parser(); - my $cfg = PKI::Base::Registry->get_config(); - - $self->debug_params($cfg, $q); - - if (!$self->agent_auth($cfg)) { - print $q->redirect("/agent/error.cgi"); - return; - } - my $uid = $self->get_current_uid($cfg); - - my %context; - $context{uid} = $util->html_encode($uid); - - - my @roles = $self->get_current_roles($cfg); -# my $r = join(",",@roles); - - my $id = $util->get_alphanum_val($q->param('id')); - - my $queue = PKI::Request::Queue->new(); - $queue->open($cfg); - my $ref = $queue->read_request_by_roles(\@roles, $id); - $queue->close(); - - $context{data} = $util->breakline($util->html_encode(Encode::decode('UTF-8',$ref->{'data'})), 40); - $context{output} = $util->breakline($util->html_encode($ref->{'output'}), 40); - $context{meta_info} = $util->breakline($util->html_encode($ref->{'meta_info'}), 40); - - $context{serialno} = $util->html_encode($ref->{'serialno'}); - $context{subject_dn} = $util->html_encode($ref->{'subject_dn'}); - $context{type} = $util->html_encode($ref->{'type'}); - $context{created_at} = $util->html_encode($ref->{'created_at'}); - $context{created_by} = $util->html_encode($ref->{'created_by'}); - $context{updated_at} = $util->html_encode($ref->{'updated_at'}); - $context{ip} = $util->html_encode($ref->{'ip'}); - $context{processed_by} = $util->html_encode($ref->{'processed_by'}); - $context{note} = $util->html_encode($ref->{'note'}); - $context{note} =~ s/\n/<br\/>/g; - $context{assigned_to} = $util->html_encode($ref->{'assigned_to'}); - $context{status} = $util->html_encode($ref->{'status'}); - if ($ref->{'status'} eq "OPEN") { - $context{is_open} = 1; - } - if ($ref->{'status'} eq "ERROR") { - $context{is_error} = 1; - } - $context{errorString} = $util->html_encode($ref->{'errorString'}); - $context{id} = $util->html_encode($ref->{'rowid'}); - - my $result = $parser->execute_file_with_context("agent/request/read.vm", - \%context); - - my $xml = $q->param('xml'); - if ($xml eq "true") { - print "Content-Type: text/xml\n\n"; - print $self->xml_output(\%context); - } else { - print "Content-Type: text/html\n\n"; - print "$result"; - } -} - -my $op = op->new(); -$op->execute(); diff --git a/pki/base/ra/forms/ee/agent/enroll.cgi b/pki/base/ra/forms/ee/agent/enroll.cgi deleted file mode 100755 index 4f1af8f16..000000000 --- a/pki/base/ra/forms/ee/agent/enroll.cgi +++ /dev/null @@ -1,127 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package op; - -use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; - -use MIME::Base64; -use CGI; -use PKI::Service::Op; -use Template::Velocity; -use PKI::Base::Conf; -use PKI::Base::Registry; -use PKI::Request::Queue; -use PKI::Conn::CA; -use PKI::Base::PinStore; -use PKI::Base::Util; - -use vars qw (@ISA); -@ISA = qw(PKI::Service::Op); - -sub new { - my $self = {}; - bless ($self); - return $self; -} - -sub process() -{ - my $self = shift; - my $q = CGI->new(); - - my $util = PKI::Base::Util->new(); - - my $docroot = PKI::Base::Registry->get_docroot(); - my $parser = PKI::Base::Registry->get_parser(); - my $cfg = PKI::Base::Registry->get_config(); - - $self->debug_params($cfg, $q); - - my $uid = $util->get_val($q->param('uid')); - my $pin = $util->get_alphanum_val($q->param('pin')); - my $csr = $util->get_val($q->param('csr')); - $csr = $util->normalize_csr($csr); - - my $key = $uid; - - my $pin_store = PKI::Base::PinStore->new(); - $pin_store->open($cfg); - my $pinref = $pin_store->read_pin($key); - if (defined($pinref) && $pinref->{'pin'} eq $pin) { - $pin_store->delete($key); - } else { - $pin_store->close(); - print $q->redirect("/ee/error.cgi?error=Invalid Pin"); - return; - } - my $rid = $pinref->{'rid'}; - $pin_store->close(); - - my $profile_id = $cfg->get("request.agent.profileId"); - my $cert_request_type = $cfg->get("request.agent.reqType"); - - my $queue = PKI::Request::Queue->new(); - $queue->open($cfg); - my $req = $queue->read_request($rid); - $queue->set_request($rid, "subject_dn", "uid=$uid, e=$req->{'created_by'}"); - - my $ca = PKI::Conn::CA->new(); - $ca->open($cfg); - my $cert = $ca->enroll($rid, "ca1", $profile_id, $cert_request_type, $csr); - $ca->close(); - $queue->set_request($rid, "output", $cert); - - $req = $queue->read_request($rid); - if ($cert eq "") { - my $error = $req->{'errorString'}; - $queue->close(); - print $q->redirect("/ee/error.cgi?error=$error"); - return; - } - - my $decoded = decode_base64($cert); - my $encoded = encode_base64($decoded); - - my %context; - $context{cert} = $encoded; - $context{rid} = $util->html_encode($rid); - $context{subject_dn} = $util->html_encode($req->{'subject_dn'}); - $queue->close(); - - my $result = $parser->execute_file_with_context("ee/agent/enroll.vm", - \%context); - - my $xml = $q->param('xml'); - if ($xml eq "true") { - print "Content-Type: text/xml\n\n"; - print $self->xml_output(\%context); - } else { - print "Content-Type: text/html\n\n"; - print "$result"; - } -} - -my $op = op->new(); -$op->execute(); diff --git a/pki/base/ra/forms/ee/agent/index.cgi b/pki/base/ra/forms/ee/agent/index.cgi deleted file mode 100755 index 66fceb8ff..000000000 --- a/pki/base/ra/forms/ee/agent/index.cgi +++ /dev/null @@ -1,68 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package op; - -use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; - -use CGI; -use PKI::Service::Op; -use PKI::Base::Registry; -use Template::Velocity; - -use vars qw (@ISA); -use PKI::Service::Op; -@ISA = qw(PKI::Service::Op); - -sub new { - my $self = {}; - bless ($self); - return $self; -} - -sub process() -{ - my $self = shift; - my $q = CGI->new(); - - my $docroot = PKI::Base::Registry->get_docroot(); - my $parser = PKI::Base::Registry->get_parser(); - my $cfg = PKI::Base::Registry->get_config(); - - my %context; - my $result = $parser->execute_file_with_context("ee/agent/index.vm", - \%context); - - my $xml = $q->param('xml'); - if ($xml eq "true") { - print "Content-Type: text/xml\n\n"; - print $self->xml_output(\%context); - } else { - print "Content-Type: text/html\n\n"; - print "$result"; - } -} - -my $op = op->new(); -$op->execute(); diff --git a/pki/base/ra/forms/ee/agent/new.cgi b/pki/base/ra/forms/ee/agent/new.cgi deleted file mode 100755 index c209f5e74..000000000 --- a/pki/base/ra/forms/ee/agent/new.cgi +++ /dev/null @@ -1,68 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package op; - -use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; - -use CGI; -use PKI::Service::Op; -use PKI::Base::Registry; -use Template::Velocity; - -use vars qw (@ISA); -use PKI::Service::Op; -@ISA = qw(PKI::Service::Op); - -sub new { - my $self = {}; - bless ($self); - return $self; -} - -sub process() -{ - my $self = shift; - my $q = CGI->new(); - - my $docroot = PKI::Base::Registry->get_docroot(); - my $parser = PKI::Base::Registry->get_parser(); - my $cfg = PKI::Base::Registry->get_config(); - - my %context; - my $result = $parser->execute_file_with_context("ee/agent/new.vm", \%context); - - my $xml = $q->param('xml'); - if ($xml eq "true") { - print "Content-Type: text/xml\n\n"; - print $self->xml_output(\%context); - } else { - print "Content-Type: text/html\n\n"; - print "$result"; - } - -} - -my $op = op->new(); -$op->execute(); diff --git a/pki/base/ra/forms/ee/agent/start.cgi b/pki/base/ra/forms/ee/agent/start.cgi deleted file mode 100755 index 27aedb546..000000000 --- a/pki/base/ra/forms/ee/agent/start.cgi +++ /dev/null @@ -1,69 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package op; - -use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; - -use CGI; -use PKI::Service::Op; -use PKI::Base::Registry; -use Template::Velocity; - -use vars qw (@ISA); -use PKI::Service::Op; -@ISA = qw(PKI::Service::Op); - -sub new { - my $self = {}; - bless ($self); - return $self; -} - -sub process() -{ - my $self = shift; - my $q = CGI->new(); - - my $docroot = PKI::Base::Registry->get_docroot(); - my $parser = PKI::Base::Registry->get_parser(); - my $cfg = PKI::Base::Registry->get_config(); - - my %context; - - my $result = $parser->execute_file_with_context("ee/agent/start.vm", - \%context); - - my $xml = $q->param('xml'); - if ($xml eq "true") { - print "Content-Type: text/xml\n\n"; - print $self->xml_output(\%context); - } else { - print "Content-Type: text/html\n\n"; - print "$result"; - } -} - -my $op = op->new(); -$op->execute(); diff --git a/pki/base/ra/forms/ee/agent/submit.cgi b/pki/base/ra/forms/ee/agent/submit.cgi deleted file mode 100755 index a68242114..000000000 --- a/pki/base/ra/forms/ee/agent/submit.cgi +++ /dev/null @@ -1,88 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package op; - -use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; - -use CGI; -use PKI::Service::Op; -use Template::Velocity; -use PKI::Base::Conf; -use PKI::Base::Util; -use PKI::Base::Registry; -use PKI::Request::Queue; - -use vars qw (@ISA); -use PKI::Service::Op; -@ISA = qw(PKI::Service::Op); - -sub new { - my $self = {}; - bless ($self); - return $self; -} - -sub process() -{ - my $self = shift; - my $q = CGI->new(); - - my $util = PKI::Base::Util->new(); - - my $docroot = PKI::Base::Registry->get_docroot(); - my $parser = PKI::Base::Registry->get_parser(); - my $cfg = PKI::Base::Registry->get_config(); - - my $uid = $util->get_val($q->param('uid')); - my $email = $util->get_val($q->param('email')); - - $self->debug_params($cfg, $q); - - my $queue = PKI::Request::Queue->new(); - $queue->open($cfg); - my $request_id = $queue->create_request("agent", - "uid=" . $uid, - "0", - $email); - my %context; - $context{request_id} = $util->html_encode($request_id); - $self->debug_log($cfg, "request $request_id created"); - $queue->close(); - - my $result = $parser->execute_file_with_context("ee/agent/submit.vm", - \%context); - - my $xml = $q->param('xml'); - if ($xml eq "true") { - print "Content-Type: text/xml\n\n"; - print $self->xml_output(\%context); - } else { - print "Content-Type: text/html\n\n"; - print "$result"; - } -} - -my $op = op->new(); -$op->execute(); diff --git a/pki/base/ra/forms/ee/error.cgi b/pki/base/ra/forms/ee/error.cgi deleted file mode 100755 index 1417d4b61..000000000 --- a/pki/base/ra/forms/ee/error.cgi +++ /dev/null @@ -1,81 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package op; - -use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; - -use CGI; -use Template::Velocity; -use PKI::Base::Conf; -use PKI::Base::UserStore; -use PKI::Base::Util; -use PKI::Base::Registry; - -use vars qw (@ISA); -use PKI::Service::Op; -@ISA = qw(PKI::Service::Op); - -sub new { - my $self = {}; - bless ($self); - return $self; -} - -sub process() -{ - my $self = shift; - - my $q = CGI->new(); - - my $docroot = PKI::Base::Registry->get_docroot(); - my $parser = PKI::Base::Registry->get_parser(); - my $cfg = PKI::Base::Registry->get_config(); - - $self->debug_params($cfg, $q); - - my $util = PKI::Base::Util->new(); - - my %context; - - my $error = $util->get_val($q->param('error')); - if ($error ne "") { - $context{has_error} = 1; - $context{'error'} = $util->html_encode($error); - } - - my $result = $parser->execute_file_with_context("ee/error.vm", \%context); - - my $xml = $q->param('xml'); - if ($xml eq "true") { - print "Content-Type: text/xml\n\n"; - print $self->xml_output(\%context); - } else { - print "Content-Type: text/html\n\n"; - print "$result"; - } -} - -my $op = op->new(); -$op->execute(); diff --git a/pki/base/ra/forms/ee/index.cgi b/pki/base/ra/forms/ee/index.cgi deleted file mode 100755 index 453b2873b..000000000 --- a/pki/base/ra/forms/ee/index.cgi +++ /dev/null @@ -1,68 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package op; - -use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; - -use CGI; -use PKI::Service::Op; -use Template::Velocity; -use PKI::Base::Registry; - -use vars qw (@ISA); -use PKI::Service::Op; -@ISA = qw(PKI::Service::Op); - -sub new { - my $self = {}; - bless ($self); - return $self; -} - -sub process() -{ - my $self = shift; - - my $q = CGI->new(); - - my $docroot = PKI::Base::Registry->get_docroot(); - my $parser = PKI::Base::Registry->get_parser(); - my $cfg = PKI::Base::Registry->get_config(); - - my %context; - my $result = $parser->execute_file_with_context("ee/index.vm", \%context); - - my $xml = $q->param('xml'); - if ($xml eq "true") { - print "Content-Type: text/xml\n\n"; - print $self->xml_output(\%context); - } else { - print "Content-Type: text/html\n\n"; - print "$result"; - } -} - -my $op = op->new(); -$op->execute(); diff --git a/pki/base/ra/forms/ee/request/getcert.cgi b/pki/base/ra/forms/ee/request/getcert.cgi deleted file mode 100755 index b22444dc1..000000000 --- a/pki/base/ra/forms/ee/request/getcert.cgi +++ /dev/null @@ -1,93 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package op; - -use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; - -use DBI; -use CGI; -use PKI::Service::Op; -use PKI::Base::Conf; -use PKI::Base::Util; -use PKI::Base::Registry; -use PKI::Request::Queue; -use Template::Velocity; -use MIME::Base64; -use Encode; - -use vars qw (@ISA); -use PKI::Service::Op; -@ISA = qw(PKI::Service::Op); - -sub new { - my $self = {}; - bless ($self); - return $self; -} - -sub process() -{ - my $self = shift; - my $q = CGI->new(); - - my $util = PKI::Base::Util->new(); - - my $id = $util->get_alphanum_val($q->param('id')); - - my $docroot = PKI::Base::Registry->get_docroot(); - my $parser = PKI::Base::Registry->get_parser(); - my $cfg = PKI::Base::Registry->get_config(); - - $self->debug_params($cfg, $q); - - my $queue = PKI::Request::Queue->new(); - $queue->open($cfg); - my $req = $queue->read_request($id); - $queue->close(); - - my %context; - $context{id} = $util->html_encode($req->{'rowid'}); - $context{serialno} = $util->html_encode($req->{'serialno'}); - $context{subject_dn} = $util->html_encode(Encode::decode('UTF-8', $req->{'subject_dn'})); - if ($req->{'serialno'} eq "unavailable") { - $context{output} = ""; - } else { - $context{output} = "-----BEGIN CERTIFICATE-----\n".$util->breakline($util->html_encode($req->{'output'}), 40)."\n-----END CERTIFICATE-----"; - } - my $result = $parser->execute_file_with_context("ee/request/getcert.vm", - \%context); - - my $xml = $q->param('xml'); - if ($xml eq "true") { - print "Content-Type: text/xml\n\n"; - print $self->xml_output(\%context); - } else { - print "Content-Type: text/html\n\n"; - print "$result"; - } -} - -my $op = op->new(); -$op->execute(); diff --git a/pki/base/ra/forms/ee/request/importcert.cgi b/pki/base/ra/forms/ee/request/importcert.cgi deleted file mode 100755 index fdc309746..000000000 --- a/pki/base/ra/forms/ee/request/importcert.cgi +++ /dev/null @@ -1,82 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package op; - -use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; - -use DBI; -use CGI; -use PKI::Service::Op; -use PKI::Base::Conf; -use PKI::Base::Util; -use PKI::Base::Registry; -use PKI::Request::Queue; -use Template::Velocity; -use MIME::Base64; - -use vars qw (@ISA); -use PKI::Service::Op; -@ISA = qw(PKI::Service::Op); - -sub new { - my $self = {}; - bless ($self); - return $self; -} - -sub process() -{ - my $self = shift; - my $q = CGI->new(); - - my $util = PKI::Base::Util->new(); - - my $id = $util->get_alphanum_val($q->param('id')); - - my $docroot = PKI::Base::Registry->get_docroot(); - my $parser = PKI::Base::Registry->get_parser(); - my $cfg = PKI::Base::Registry->get_config(); - - $self->debug_params($cfg, $q); - - my $queue = PKI::Request::Queue->new(); - $queue->open($cfg); - my $req = $queue->read_request($id); - $queue->close(); - - my %context; -# $::symbol{id} = $req->{'rowid'}; -# $::symbol{status} = $req->{'status'}; - -# my $result = $parser->execute_file("ee/request/status.vm"); - - my $cert = MIME::Base64::decode($req->{'output'}); - - print "Content-Type: application/x-x509-user-cert\n\n"; - print $cert; -} - -my $op = op->new(); -$op->execute(); diff --git a/pki/base/ra/forms/ee/request/index.cgi b/pki/base/ra/forms/ee/request/index.cgi deleted file mode 100755 index ef2a68b23..000000000 --- a/pki/base/ra/forms/ee/request/index.cgi +++ /dev/null @@ -1,68 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package op; - -use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; - -use CGI; -use PKI::Service::Op; -use Template::Velocity; -use PKI::Base::Registry; - -use vars qw (@ISA); -use PKI::Service::Op; -@ISA = qw(PKI::Service::Op); - -sub new { - my $self = {}; - bless ($self); - return $self; -} - -sub process() -{ - my $self = shift; - my $q = CGI->new(); - - my $docroot = PKI::Base::Registry->get_docroot(); - my $parser = PKI::Base::Registry->get_parser(); - my $cfg = PKI::Base::Registry->get_config(); - - my %context; - my $result = $parser->execute_file_with_context("ee/request/index.vm", - \%context); - - my $xml = $q->param('xml'); - if ($xml eq "true") { - print "Content-Type: text/xml\n\n"; - print $self->xml_output(\%context); - } else { - print "Content-Type: text/html\n\n"; - print "$result"; - } -} - -my $op = op->new(); -$op->execute(); diff --git a/pki/base/ra/forms/ee/request/status.cgi b/pki/base/ra/forms/ee/request/status.cgi deleted file mode 100755 index 6a3154716..000000000 --- a/pki/base/ra/forms/ee/request/status.cgi +++ /dev/null @@ -1,94 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package op; - -use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; - -use DBI; -use CGI; -use PKI::Service::Op; -use PKI::Base::Conf; -use PKI::Base::Util; -use PKI::Base::Registry; -use PKI::Request::Queue; -use Template::Velocity; - -use vars qw (@ISA); -use PKI::Service::Op; -@ISA = qw(PKI::Service::Op); - -sub new { - my $self = {}; - bless ($self); - return $self; -} - -sub process() -{ - my $self = shift; - my $q = CGI->new(); - - - my $util = PKI::Base::Util->new(); - - my $id = $util->get_alphanum_val($q->param('id')); - - my $docroot = PKI::Base::Registry->get_docroot(); - my $parser = PKI::Base::Registry->get_parser(); - my $cfg = PKI::Base::Registry->get_config(); - - $self->debug_params($cfg, $q); - - my $queue = PKI::Request::Queue->new(); - $queue->open($cfg); - my $req = $queue->read_request($id); - $queue->close(); - if ($req == "") { - print $q->redirect("/ee/error.cgi?error=request%20not%20found"); - return; - } - - my %context; - $context{id} = $util->html_encode($req->{'rowid'}); - $context{type} =$util->html_encode($req->{'type'}); - $context{status} = $util->html_encode($req->{'status'}); - $context{serialno} = $util->html_encode($req->{'serialno'}); - $context{errorString} = $util->html_encode($req->{'errorString'}); - - my $result = $parser->execute_file_with_context("ee/request/status.vm", - \%context); - - my $xml = $q->param('xml'); - if ($xml eq "true") { - print "Content-Type: text/xml\n\n"; - print $self->xml_output(\%context); - } else { - print "Content-Type: text/html\n\n"; - print "$result"; - } -} - -my $op = op->new(); -$op->execute(); diff --git a/pki/base/ra/forms/ee/scep/enroll.cgi b/pki/base/ra/forms/ee/scep/enroll.cgi deleted file mode 100755 index 53291636a..000000000 --- a/pki/base/ra/forms/ee/scep/enroll.cgi +++ /dev/null @@ -1,112 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package op; - -use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; - -use MIME::Base64; -use URI::URL; -use URI::Escape; -use XML::Simple; -use CGI; -use PKI::Base::Conf; -use PKI::Base::Util; -use PKI::Base::Registry; -use PKI::Service::Op; -use Template::Velocity; -use PKI::Conn::CA; -use PKI::Base::PinStore; - -use vars qw (@ISA); -use PKI::Service::Op; -@ISA = qw(PKI::Service::Op); - -sub new { - my $self = {}; - bless ($self); - return $self; -} - -sub process() -{ - my $self = shift; - my $q = CGI->new(); - - my $util = PKI::Base::Util->new(); - - my $docroot = PKI::Base::Registry->get_docroot(); - my $parser = PKI::Base::Registry->get_parser(); - my $cfg = PKI::Base::Registry->get_config(); - - $self->debug_params($cfg, $q); - - my $client_id = $util->get_val($q->param('client_id')); - my $site_id = $util->get_val($q->param('site_id')); - my $pin = $util->get_alphanum_val($q->param('pin')); - my $csr = $util->get_val($q->param('csr')); - - my $key = $client_id . "/" . $site_id; - - my $pin_store = PKI::Base::PinStore->new(); - $pin_store->open($cfg); - my $pinref = $pin_store->read_pin($key); - if (defined($pinref) && $pinref->{'pin'} eq $pin) { - $pin_store->delete($key); - } else { - $pin_store->close(); - # error, redirect user back to the original enrollment page - print $q->redirect("/ee/scep/installer.cgi"); - return; - } - $pin_store->close(); - - my $profile_id = $cfg->get("request.scep.profileId"); - my $cert_request_type = $cfg->get("request.scep.reqType"); - - my $ca = PKI::Conn::CA->new(); - $ca->open($cfg); - my $cert = $ca->enroll($pinref->{'rid'}, "ca1", $profile_id, $cert_request_type, $csr); - $ca->close(); - my $decoded = decode_base64($cert); - my $encoded = encode_base64($decoded); - - my %context; - $context{cert} = $encoded; - - my $result = $parser->execute_file_with_context("ee/scep/enroll.vm", - \%context); - - my $xml = $q->param('xml'); - if ($xml eq "true") { - print "Content-Type: text/xml\n\n"; - print $self->xml_output(\%context); - } else { - print "Content-Type: text/html\n\n"; - print "$result"; - } -} - -my $op = op->new(); -$op->execute(); diff --git a/pki/base/ra/forms/ee/scep/index.cgi b/pki/base/ra/forms/ee/scep/index.cgi deleted file mode 100755 index c73fc379a..000000000 --- a/pki/base/ra/forms/ee/scep/index.cgi +++ /dev/null @@ -1,68 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package op; - -use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; - -use CGI; -use PKI::Service::Op; -use Template::Velocity; -use PKI::Base::Registry; - -use vars qw (@ISA); -use PKI::Service::Op; -@ISA = qw(PKI::Service::Op); - -sub new { - my $self = {}; - bless ($self); - return $self; -} - -sub process() -{ - my $self = shift; - my $q = CGI->new(); - - my $docroot = PKI::Base::Registry->get_docroot(); - my $parser = PKI::Base::Registry->get_parser(); - my $cfg = PKI::Base::Registry->get_config(); - - my %context; - my $result = $parser->execute_file_with_context("ee/scep/index.vm", - \%context); - - my $xml = $q->param('xml'); - if ($xml eq "true") { - print "Content-Type: text/xml\n\n"; - print $self->xml_output(\%context); - } else { - print "Content-Type: text/html\n\n"; - print "$result"; - } -} - -my $op = op->new(); -$op->execute(); diff --git a/pki/base/ra/forms/ee/scep/installer.cgi b/pki/base/ra/forms/ee/scep/installer.cgi deleted file mode 100755 index 8453c2cc4..000000000 --- a/pki/base/ra/forms/ee/scep/installer.cgi +++ /dev/null @@ -1,74 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package op; - -use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; - -use CGI; -use PKI::Service::Op; -use Template::Velocity; -use PKI::Base::Conf; -use PKI::Base::Registry; - -use vars qw (@ISA); -use PKI::Service::Op; -@ISA = qw(PKI::Service::Op); - -sub new { - my $self = {}; - bless ($self); - return $self; -} - -sub process() -{ - my $self = shift; - my $q = CGI->new(); - - my $docroot = PKI::Base::Registry->get_docroot(); - my $parser = PKI::Base::Registry->get_parser(); - my $cfg = PKI::Base::Registry->get_config(); - - $self->debug_params($cfg, $q); - - my %context; - $context{machine} = $cfg->get("service.machineName"); - $context{port} = $cfg->get("service.unsecurePort"); - - my $result = $parser->execute_file_with_context("ee/scep/installer.vm", - \%context); - - my $xml = $q->param('xml'); - if ($xml eq "true") { - print "Content-Type: text/xml\n\n"; - print $self->xml_output(\%context); - } else { - print "Content-Type: text/html\n\n"; - print "$result"; - } -} - -my $op = op->new(); -$op->execute(); diff --git a/pki/base/ra/forms/ee/scep/manager.cgi b/pki/base/ra/forms/ee/scep/manager.cgi deleted file mode 100755 index 8b547a928..000000000 --- a/pki/base/ra/forms/ee/scep/manager.cgi +++ /dev/null @@ -1,68 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package op; - -use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; - -use CGI; -use PKI::Service::Op; -use Template::Velocity; -use PKI::Base::Registry; - -use vars qw (@ISA); -use PKI::Service::Op; -@ISA = qw(PKI::Service::Op); - -sub new { - my $self = {}; - bless ($self); - return $self; -} - -sub process() -{ - my $self = shift; - my $q = CGI->new(); - - my $docroot = PKI::Base::Registry->get_docroot(); - my $parser = PKI::Base::Registry->get_parser(); - my $cfg = PKI::Base::Registry->get_config(); - - my %context; - my $result = $parser->execute_file_with_context("ee/scep/manager.vm", - \%context); - - my $xml = $q->param('xml'); - if ($xml eq "true") { - print "Content-Type: text/xml\n\n"; - print $self->xml_output(\%context); - } else { - print "Content-Type: text/html\n\n"; - print "$result"; - } -} - -my $op = op->new(); -$op->execute(); diff --git a/pki/base/ra/forms/ee/scep/pkiclient.cgi b/pki/base/ra/forms/ee/scep/pkiclient.cgi deleted file mode 100755 index a54558f37..000000000 --- a/pki/base/ra/forms/ee/scep/pkiclient.cgi +++ /dev/null @@ -1,113 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package op; - -use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; - -use MIME::Base64; -use URI::URL; -use URI::Escape; -use XML::Simple; -use CGI; -use PKI::Base::Conf; -use PKI::Base::Util; -use PKI::Service::Op; -use Template::Velocity; -use PKI::Conn::CA; -use PKI::Base::PinStore; -use PKI::Base::Registry; - -use vars qw (@ISA); -use PKI::Service::Op; -@ISA = qw(PKI::Service::Op); - -sub new { - my $self = {}; - bless ($self); - return $self; -} - -sub process() -{ - my $self = shift; - my $q = CGI->new(); - - my $util = PKI::Base::Util->new(); - - my $docroot = PKI::Base::Registry->get_docroot(); - my $parser = PKI::Base::Registry->get_parser(); - my $cfg = PKI::Base::Registry->get_config(); - - $self->debug_params($cfg, $q); - - my $operation = $util->get_alphanum_val($q->param('operation')); - my $message = $util->get_val($q->param('message')); - $message = uri_escape($message); - - my $ca = PKI::Conn::CA->new(); - $ca->open($cfg); - if ($operation eq "GetCACert") { - my $content = $ca->scep_get_ca_cert("ca1", $operation, $message); - - print "Content-Type: application/x-x509-ca-cert\n\n"; - print $content; - } elsif ($operation eq "PKIOperation") { - my $decoded = $ca->scep_decode("ca1", $operation, $message); - $decoded =~ /(\<XMLResponse\>.*\<\/XMLResponse\>)/; - $decoded = $1; - my $parser = XML::Simple->new(); - my $response = $parser->XMLin($decoded); - - # one time pin - my $pin = $response->{'PKCS10'}->{'ChallengePassword'}->{'Password'} ; - # IP Address - my $key = $ENV{'REMOTE_ADDR'}; - - # check PIN - if (1) { - my $pin_store = PKI::Base::PinStore->new(); - $pin_store->open($cfg); - my $pinref = $pin_store->read_pin($key); - if (defined($pinref) && $pinref->{'pin'} eq $pin) { - $pin_store->delete($key); - } else { - $pin_store->close(); - # XXX - return SCEP error - print $q->redirect("/ee/scep/installer.cgi"); - return; - } - $pin_store->close(); - } - - my $content = $ca->scep_pki_message("ca1", $operation, $message); - - print "Content-Type: application/x-pki-message\n\n"; - print $content; - } - $ca->close(); -} - -my $op = op->new(); -$op->execute(); diff --git a/pki/base/ra/forms/ee/scep/submit.cgi b/pki/base/ra/forms/ee/scep/submit.cgi deleted file mode 100755 index b3dfd7a5d..000000000 --- a/pki/base/ra/forms/ee/scep/submit.cgi +++ /dev/null @@ -1,91 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package op; - -use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; - -use DBI; -use CGI; -use PKI::Service::Op; -use PKI::Base::Conf; -use PKI::Base::Util; -use PKI::Request::Queue; -use Template::Velocity; -use PKI::Base::Registry; - -use vars qw (@ISA); -use PKI::Service::Op; -@ISA = qw(PKI::Service::Op); - -sub new { - my $self = {}; - bless ($self); - return $self; -} - -sub process() -{ - my $self = shift; - my $q = CGI->new(); - - my $util = PKI::Base::Util->new(); - - my $client_id = $util->get_val($q->param('client_id')); - my $site_id = $util->get_val($q->param('site_id')); - my $email = $util->get_val($q->param('email')); - - my $docroot = PKI::Base::Registry->get_docroot(); - my $parser = PKI::Base::Registry->get_parser(); - my $cfg = PKI::Base::Registry->get_config(); - - $self->debug_params($cfg, $q); - - my $queue = PKI::Request::Queue->new(); - $queue->open($cfg); - my $request_id = $queue->create_request("scep", - "client_id=" . $client_id . ";" . - "site_id=" . $site_id, - "0", - $email); - my %context; - $context{request_id} = $util->html_encode($request_id); - $self->debug_log($cfg, "request $request_id created"); - $queue->close(); - - my $result = $parser->execute_file_with_context("ee/scep/submit.vm", - \%context); - - my $xml = $q->param('xml'); - if ($xml eq "true") { - print "Content-Type: text/xml\n\n"; - print $self->xml_output(\%context); - } else { - print "Content-Type: text/html\n\n"; - print "$result"; - } -} - -my $op = op->new(); -$op->execute(); diff --git a/pki/base/ra/forms/ee/server/admin.cgi b/pki/base/ra/forms/ee/server/admin.cgi deleted file mode 100755 index 18945da02..000000000 --- a/pki/base/ra/forms/ee/server/admin.cgi +++ /dev/null @@ -1,68 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package op; - -use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; - -use CGI; -use PKI::Service::Op; -use Template::Velocity; -use PKI::Base::Registry; - -use vars qw (@ISA); -use PKI::Service::Op; -@ISA = qw(PKI::Service::Op); - -sub new { - my $self = {}; - bless ($self); - return $self; -} - -sub process() -{ - my $self = shift; - my $q = CGI->new(); - - my $docroot = PKI::Base::Registry->get_docroot(); - my $parser = PKI::Base::Registry->get_parser(); - my $cfg = PKI::Base::Registry->get_config(); - - my %context; - my $result = $parser->execute_file_with_context("ee/server/admin.vm", - \%context); - - my $xml = $q->param('xml'); - if ($xml eq "true") { - print "Content-Type: text/xml\n\n"; - print $self->xml_output(\%context); - } else { - print "Content-Type: text/html\n\n"; - print "$result"; - } -} - -my $op = op->new(); -$op->execute(); diff --git a/pki/base/ra/forms/ee/server/index.cgi b/pki/base/ra/forms/ee/server/index.cgi deleted file mode 100755 index 830409a8b..000000000 --- a/pki/base/ra/forms/ee/server/index.cgi +++ /dev/null @@ -1,68 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package op; - -use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; - -use CGI; -use PKI::Service::Op; -use Template::Velocity; -use PKI::Base::Registry; - -use vars qw (@ISA); -use PKI::Service::Op; -@ISA = qw(PKI::Service::Op); - -sub new { - my $self = {}; - bless ($self); - return $self; -} - -sub process() -{ - my $self = shift; - my $q = CGI->new(); - - my $docroot = PKI::Base::Registry->get_docroot(); - my $parser = PKI::Base::Registry->get_parser(); - my $cfg = PKI::Base::Registry->get_config(); - - my %context; - my $result = $parser->execute_file_with_context("ee/server/index.vm", - \%context); - - my $xml = $q->param('xml'); - if ($xml eq "true") { - print "Content-Type: text/xml\n\n"; - print $self->xml_output(\%context); - } else { - print "Content-Type: text/html\n\n"; - print "$result"; - } -} - -my $op = op->new(); -$op->execute(); diff --git a/pki/base/ra/forms/ee/server/submit.cgi b/pki/base/ra/forms/ee/server/submit.cgi deleted file mode 100755 index 4916033ee..000000000 --- a/pki/base/ra/forms/ee/server/submit.cgi +++ /dev/null @@ -1,93 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package op; -use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; - -use CGI; -use PKI::Service::Op; -use PKI::Base::Conf; -use PKI::Base::Util; -use PKI::Request::Queue; -use Template::Velocity; -use PKI::Base::Registry; - -use vars qw (@ISA); -use PKI::Service::Op; -@ISA = qw(PKI::Service::Op); - -sub new { - my $self = {}; - bless ($self); - return $self; -} - -sub process() -{ - my $self = shift; - my $q = CGI->new(); - - my $util = PKI::Base::Util->new(); - - my $server_id = $util->get_val($q->param('server_id')); - my $site_id = $util->get_val($q->param('site_id')); - my $email = $util->get_val($q->param('email')); - my $csr = $util->get_val($q->param('csr')); - - $csr = $util->normalize_csr($csr); - - my $docroot = PKI::Base::Registry->get_docroot(); - my $parser = PKI::Base::Registry->get_parser(); - my $cfg = PKI::Base::Registry->get_config(); - - $self->debug_params($cfg, $q); - - my $queue = PKI::Request::Queue->new(); - $queue->open($cfg); - my $request_id = $queue->create_request("server", - "server_id=" . $server_id . ";" . - "site_id=" . $site_id . ";" . - "csr=" . $csr, - "0", - $email); - my %context; - $context{request_id} = $util->html_encode($request_id); - $self->debug_log($cfg, "request $request_id created"); - $queue->close(); - - my $result = $parser->execute_file_with_context("ee/server/submit.vm", - \%context); - - my $xml = $q->param('xml'); - if ($xml eq "true") { - print "Content-Type: text/xml\n\n"; - print $self->xml_output(\%context); - } else { - print "Content-Type: text/html\n\n"; - print "$result"; - } -} - -my $op = op->new(); -$op->execute(); diff --git a/pki/base/ra/forms/ee/user/index.cgi b/pki/base/ra/forms/ee/user/index.cgi deleted file mode 100755 index ef6b3aa47..000000000 --- a/pki/base/ra/forms/ee/user/index.cgi +++ /dev/null @@ -1,68 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package op; - -use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; - -use CGI; -use PKI::Service::Op; -use Template::Velocity; -use PKI::Base::Registry; - -use vars qw (@ISA); -use PKI::Service::Op; -@ISA = qw(PKI::Service::Op); - -sub new { - my $self = {}; - bless ($self); - return $self; -} - -sub process() -{ - my $self = shift; - my $q = CGI->new(); - - my $docroot = PKI::Base::Registry->get_docroot(); - my $parser = PKI::Base::Registry->get_parser(); - my $cfg = PKI::Base::Registry->get_config(); - - my %context; - my $result = $parser->execute_file_with_context("ee/user/index.vm", - \%context); - - my $xml = $q->param('xml'); - if ($xml eq "true") { - print "Content-Type: text/xml\n\n"; - print $self->xml_output(\%context); - } else { - print "Content-Type: text/html\n\n"; - print "$result"; - } -} - -my $op = op->new(); -$op->execute(); diff --git a/pki/base/ra/forms/ee/user/renew.cgi b/pki/base/ra/forms/ee/user/renew.cgi deleted file mode 100755 index 63d646ec9..000000000 --- a/pki/base/ra/forms/ee/user/renew.cgi +++ /dev/null @@ -1,165 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package op; - -use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; - -use CGI; -use PKI::Base::Conf; -use PKI::Request::Queue; -use Template::Velocity; -use PKI::Service::Op; -use PKI::Base::Util; -use PKI::Base::Registry; - -use vars qw (@ISA); -@ISA = qw(PKI::Service::Op); - -sub new { - my $self = {}; - bless ($self); - return $self; -} - -sub process() -{ - my $self = shift; - my $q = CGI->new(); - - my $docroot = PKI::Base::Registry->get_docroot(); - my $parser = PKI::Base::Registry->get_parser(); - my $cfg = PKI::Base::Registry->get_config(); - - my $util = PKI::Base::Util->new(); - my $error = ""; - - my $host = $cfg->get("service.machineName"); - my $port = $cfg->get("service.non_clientauth_securePort"); - - $self->debug_params($cfg, $q); - - my $cert = $self->get_cert_record($cfg); - $self->debug_log( $cfg, "after get_cert_record"); - if (!defined($cert) || ($cert eq "")) { - $self->debug_log( $cfg, "cert not defined"); - $error = "certificate not found in database"; - print $q->redirect("/ee/error.cgi?error=$error"); - return; - } - $self->debug_log( $cfg, "got cert"); - - my $csr = $cert->{'csr'}; - if ($csr eq "") { - $error = "csr not found in database"; - print $q->redirect("/ee/error.cgi?error=$error"); - return; - } - $self->debug_log( $cfg, "got csr"); - - my $req_id = $cert->{'rid'}; - if ($req_id eq "") { - $error = "reqid not found in database"; - print $q->redirect("/ee/error.cgi?error=$error"); - return; - } - $self->debug_log( $cfg, "got req_id = $req_id"); - $self->debug_log( $cfg, "before renewl read/create request"); - my $queue = PKI::Request::Queue->new(); - $queue->open($cfg); - my $o_req = $queue->read_request($req_id); - if ($o_req eq "") { - $self->debug_log( $cfg, "got null o_req"); - print $q->redirect("/ee/error.cgi?error=$error"); - return; - } - - my $uid = ""; - my $site_id = ""; - my $org_csr = ""; - my $csr_type = ""; - - my $data = $o_req->{'data'}; - foreach $nv (split(/;/, $data)) { - my ($n, $v) = split(/=/, $nv); - if ($n eq "uid") { - $uid = $v; - } - if ($n eq "site_id") { - $site_id = $v; - } - if ($n eq "csr") { - $org_csr = $v; - } - if ($n eq "csr_type") { - $csr_type = $v; - } - } - - my $new_request = $queue->create_request("renewal", - "uid=" . $uid . ";" . - "site_id=" . $site_id . ";" . - "csr_type=" . $csr_type . ";" . - "csr=" . $csr, - "orig_reqid=" . $o_req->{'rowid'}, - $o_req->{'created_by'}); - - #self-renewal is created and processed by the same user - $ref = $queue->approve_request($new_request, $o_req->{'created_by'}); - my $nreq = $queue->read_request($new_request); - $error = $nreq->{'errorString'}; - if ($error ne "0") { - $self->debug_log( $cfg, "after approve request, got error=$error"); - print $q->redirect("/ee/error.cgi?error=$error"); - return; - } - - my %context; - $context{request_id} = $util->html_encode($new_request); - $self->debug_log($cfg, "request $new_request created"); - $queue->close(); - $self->debug_log( $cfg, "after renewl read/create request $new_request"); - - $context{data} = $util->breakline($util->html_encode($ref->{'data'}), 40); - $context{output} = $util->breakline($util->html_encode($ref->{'output'}), 40); - $context{serialno} = $util->html_encode($ref->{'serialno'}); - $context{host} = $util->html_encode($host); - $context{port} = $util->html_encode($port); - - #print $q->redirect("/ee/request/getcert.cgi?id=$new_request"); - my $result = $parser->execute_file_with_context("ee/user/renew.vm", - \%context); - - my $xml = $q->param('xml'); - if ($xml eq "true") { - print "Content-Type: text/xml\n\n"; - print $self->xml_output(\%context); - } else { - print "Content-Type: text/html\n\n"; - print "$result"; - } -} - -my $op = op->new(); -$op->execute(); diff --git a/pki/base/ra/forms/ee/user/renewal.cgi b/pki/base/ra/forms/ee/user/renewal.cgi deleted file mode 100755 index 63a211eff..000000000 --- a/pki/base/ra/forms/ee/user/renewal.cgi +++ /dev/null @@ -1,74 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package op; - -use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; - -use CGI; -use PKI::Service::Op; -use Template::Velocity; -use PKI::Base::Conf; -use PKI::Base::Registry; - -use vars qw (@ISA); -@ISA = qw(PKI::Service::Op); - -sub new { - my $self = {}; - bless ($self); - return $self; -} - -sub process() -{ - my $self = shift; - my $q = CGI->new(); - - my $docroot = PKI::Base::Registry->get_docroot(); - my $parser = PKI::Base::Registry->get_parser(); - my $cfg = PKI::Base::Registry->get_config(); - - $self->debug_params($cfg, $q); - - my $host = $cfg->get("service.machineName"); - my $port = $cfg->get("service.securePort"); - - my %context; - $context{url} = "https://$host:$port/ee/user/renew.cgi"; - my $result = $parser->execute_file_with_context("ee/user/renewal.vm", - \%context); - - my $xml = $q->param('xml'); - if ($xml eq "true") { - print "Content-Type: text/xml\n\n"; - print $self->xml_output(\%context); - } else { - print "Content-Type: text/html\n\n"; - print "$result"; - } -} - -my $op = op->new(); -$op->execute(); diff --git a/pki/base/ra/forms/ee/user/submit.cgi b/pki/base/ra/forms/ee/user/submit.cgi deleted file mode 100755 index 26c900e00..000000000 --- a/pki/base/ra/forms/ee/user/submit.cgi +++ /dev/null @@ -1,112 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package op; - -use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; - -use Benchmark; -use CGI; -use PKI::Service::Op; -use Template::Velocity; -use PKI::Base::Conf; -use PKI::Base::Util; -use PKI::Base::Registry; -use PKI::Request::Queue; - -use vars qw (@ISA); -use PKI::Service::Op; -@ISA = qw(PKI::Service::Op); - -sub new { - my $self = {}; - bless ($self); - return $self; -} - -sub process() -{ - my $self = shift; - my $q = CGI->new(); - - my $st = new Benchmark; - - my $util = PKI::Base::Util->new(); - - my $userid = $util->get_val($q->param('uid')); - my $fullname = $util->get_val($q->param('cn')); - my $site_id = $util->get_val($q->param('site_id')); - my $email = $util->get_val($q->param('email')); - my $csr_type = $util->get_alphanum_val($q->param('csr_type')); - my $csr = $util->get_val($q->param('csr')); - - $csr = $util->normalize_csr($csr); - - my $docroot = PKI::Base::Registry->get_docroot(); - my $parser = PKI::Base::Registry->get_parser(); - my $cfg = PKI::Base::Registry->get_config(); - - $self->debug_params($cfg, $q); - - my $db_st = new Benchmark; - my $queue = PKI::Request::Queue->new(); - $queue->open($cfg); - my $request_id = $queue->create_request("user", - "uid=" . $userid . ";" . - "cn=" . $fullname . ";" . - "site_id=" . $site_id . ";" . - "csr_type=" . $csr_type . ";" . - "csr=" . $csr, - "0", - $email); - my %context; - $context{request_id} = $util->html_encode($request_id); - $self->debug_log($cfg, "request $request_id created"); - $queue->close(); - my $db_et = new Benchmark; - - my $t_st = new Benchmark; - my $result = $parser->execute_file_with_context("ee/user/submit.vm", - \%context); - my $t_et = new Benchmark; - - my $xml = $q->param('xml'); - if ($xml eq "true") { - print "Content-Type: text/xml\n\n"; - print $self->xml_output(\%context); - } else { - print "Content-Type: text/html\n\n"; - print "$result"; - } - - my $et = new Benchmark; - $self->debug_log($cfg, "benchmark " . - "total=" . timestr(timediff($et, $st)) . " " . - "db total=" . timestr(timediff($db_et, $db_st)) . " " . - "template total=" . timestr(timediff($t_et, $t_st)) . " " - ); -} - -my $op = op->new(); -$op->execute(); diff --git a/pki/base/ra/forms/ee/user/user.cgi b/pki/base/ra/forms/ee/user/user.cgi deleted file mode 100755 index 2d58a532b..000000000 --- a/pki/base/ra/forms/ee/user/user.cgi +++ /dev/null @@ -1,68 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package op; - -use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; - -use CGI; -use PKI::Service::Op; -use Template::Velocity; -use PKI::Base::Registry; - -use vars qw (@ISA); -use PKI::Service::Op; -@ISA = qw(PKI::Service::Op); - -sub new { - my $self = {}; - bless ($self); - return $self; -} - -sub process() -{ - my $self = shift; - my $q = CGI->new(); - - my $docroot = PKI::Base::Registry->get_docroot(); - my $parser = PKI::Base::Registry->get_parser(); - my $cfg = PKI::Base::Registry->get_config(); - - my %context; - my $result = $parser->execute_file_with_context("ee/user/user.vm", - \%context); - - my $xml = $q->param('xml'); - if ($xml eq "true") { - print "Content-Type: text/xml\n\n"; - print $self->xml_output(\%context); - } else { - print "Content-Type: text/html\n\n"; - print "$result"; - } -} - -my $op = op->new(); -$op->execute(); diff --git a/pki/base/ra/forms/index.cgi b/pki/base/ra/forms/index.cgi deleted file mode 100755 index 0e643166b..000000000 --- a/pki/base/ra/forms/index.cgi +++ /dev/null @@ -1,76 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package op; - -use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; - -use CGI; -use PKI::Service::Op; -use Template::Velocity; -use PKI::Base::Conf; -use PKI::Base::Registry; - -use vars qw (@ISA); -use PKI::Service::Op; -@ISA = qw(PKI::Service::Op); - -sub new { - my $self = {}; - bless ($self); - return $self; -} - -sub process() -{ - my $self = shift; - - my $q = CGI->new(); - - my $docroot = PKI::Base::Registry->get_docroot(); - my $parser = PKI::Base::Registry->get_parser(); - my $cfg = PKI::Base::Registry->get_config(); - - $self->debug_params($cfg, $q); - - $::symbol{machineName} = $cfg->get("service.machineName"); - $::symbol{non_clientauth_securePort} = $cfg->get("service.non_clientauth_securePort"); - $::symbol{securePort} = $cfg->get("service.securePort"); - $::symbol{unsecurePort} = $cfg->get("service.unsecurePort"); - - my $result = $parser->execute_file("index.vm"); - - my $xml = $q->param('xml'); - if ($xml eq "true") { - print "Content-Type: text/xml\n\n"; - print $self->xml_output(\%::symbol); - } else { - print "Content-Type: text/html\n\n"; - print "$result"; - } -} - - -my $op = op->new(); -$op->execute(); diff --git a/pki/base/ra/lib/perl/PKI/Base/CertStore.pm b/pki/base/ra/lib/perl/PKI/Base/CertStore.pm deleted file mode 100644 index 1a31ff971..000000000 --- a/pki/base/ra/lib/perl/PKI/Base/CertStore.pm +++ /dev/null @@ -1,151 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# -package PKI::Base::CertStore; - -use DBI; -use PKI::Base::TimeTool; - -####################################### -# Constructs a cert store -####################################### -sub new { - my $self = {}; - bless ($self); - return $self; -} - -####################################### -# Opens this store -####################################### -sub open { - my ($self, $cfg) = @_; - $self->{cfg} = $cfg; - my $dbfile = $cfg->get("database.dbfile"); - $self->{dbh} = DBI->connect("dbi:SQLite:dbname=$dbfile","",""); -} - -sub read_certificate { - my ($self, $serialno) = @_; - my $dbh = $self->{dbh}; - my $select = "select * from certificates " . - "where serialno=" . $dbh->quote($serialno); - my $sth = $dbh->prepare($select); - $sth->execute(); - my $ref = $sth->fetchrow_hashref(); - $sth->finish(); - return $ref; -} - -sub map_certificate { - my ($self, $certificate) = @_; - my $dbh = $self->{dbh}; - my $select = "select * from certificates " . - "where " . - "certificate=" . $dbh->quote($certificate); - my $sth = $dbh->prepare($select); - $sth->execute(); - my $ref = $sth->fetchrow_hashref(); - $sth->finish(); - return $ref; -} - -sub read_certificate_by_approver { - my ($self, $uid, $serialno) = @_; - my $dbh = $self->{dbh}; - my $select = "select * from certificates " . - "where approved_by=". $dbh->quote($uid). - "AND serialno=" . $dbh->quote($serialno); - my $sth = $dbh->prepare($select); - $sth->execute(); - my $ref = $sth->fetchrow_hashref(); - $sth->finish(); - return $ref; -} - -sub list_certs_by_approver { - my ($self, $uid, $startpos, $maxcount) = @_; - my $dbh = $self->{dbh}; - my $select = "select *,approved_by from certificates " . - "where " . - "approved_by=". $dbh->quote($uid). - " limit $startpos, $maxcount"; - - my $sth = $dbh->prepare($select); - $sth->execute(); - my @certs; - while (my $ref = $sth->fetchrow_hashref()) { - push(@certs, $ref); - } - $sth->finish(); - return @certs; - - -} - -sub add_certificate { - my ($self, $serialno, $csr, $subject_dn, $certificate, $reqid, $approved_by) = @_; - my $dbh = $self->{dbh}; - - my $timet = PKI::Base::TimeTool->new(); - my $now = $timet->get_time(); - - # sqlite is not thread safe, do our own lock here - my $cmd = "insert into certificates (" . - "subject_dn" . "," . - "certificate" . "," . - "csr" . "," . - "serialno" . "," . - "rid" . "," . - "approved_by" . "," . - "created_at" . - ") values (" . - $dbh->quote($subject_dn) . "," . - $dbh->quote($certificate) . "," . - $dbh->quote($csr) . "," . - $dbh->quote($serialno) . "," . - $dbh->quote($reqid) . "," . - $dbh->quote($approved_by) . "," . - $dbh->quote($now) . - ")"; -REDO_ADD_CERT: - eval { - $dbh->do($cmd); - }; - if ($dbh->err == 5) { - sleep(1); - goto REDO_ADD_CERT; - } - -} - -####################################### -# Closes this store -####################################### -sub close { - my ($self) = @_; - my $dbh = $self->{dbh}; - $dbh->disconnect(); -} - -1; diff --git a/pki/base/ra/lib/perl/PKI/Base/Conf.pm b/pki/base/ra/lib/perl/PKI/Base/Conf.pm deleted file mode 100755 index 895ab28a3..000000000 --- a/pki/base/ra/lib/perl/PKI/Base/Conf.pm +++ /dev/null @@ -1,130 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package PKI::Base::Conf; - -use strict; -use warnings; -use Exporter; - -$PKI::Base::Conf::VERSION = '1.00'; - -####################################################### -# Configuration Store -####################################################### -sub new { - my $class = shift; - my $self = {}; - my %hash = (); - $self->{filename} = ""; - $self->{hash} = \%hash; - bless $self,$class; - return $self; -} - -sub load_file -{ - my ($self, $filename) = @_; - - $self->{filename} = $filename; - if (-e $filename) { - open(CF, "<$filename"); - if (defined fileno CF) { - while (<CF>) { - if (/^#/) { - # comments - } elsif (/([^=]+)=(.*)$/) { - # print "$1 = $2\n"; - $self->{hash}{$1} = $2; - } else { - # preserve comments - } - } - } - close(CF); - } -} - -sub get_filename -{ - my ($self) = @_; - return $self->{filename}; -} - -sub get -{ - my ($self, $n) = @_; - return $self->{hash}{$n}; -} - -sub put -{ - my ($self, $n, $v) = @_; - $self->{hash}{$n} = $v; -} - -sub commit -{ - my ($self) = @_; - - # write stuff back to the file -# print $self->{filename} . "\n"; - my $hash = $self->{hash}; - my $suffix = time(); - - if (-e $self->{filename}) { - system("mv \"" . $self->{filename} . "\" \"" . - $self->{filename} . "." . $suffix . "\""); - } - - open(F, ">" . $self->{filename}); - foreach my $k (sort keys %{$hash}) { - print F "$k=$self->{hash}{$k}\n"; - } - close(F); - - if (-e $self->{filename} . "." . $suffix) { - system("rm \"" . $self->{filename} . "." . $suffix . "\""); - } -} - -sub commit_with_backup -{ - my ($self) = @_; - - # write stuff back to the file -# print $self->{filename} . "\n"; - my $hash = $self->{hash}; - my $suffix = time(); - system("mv \"" . $self->{filename} . "\" \"" . - $self->{filename} . "." . $suffix . "\""); - - open(F, ">" . $self->{filename}); - foreach my $k (sort keys %{$hash}) { - print F "$k=$self->{hash}{$k}\n"; - } - close(F); -} - -1; diff --git a/pki/base/ra/lib/perl/PKI/Base/PinStore.pm b/pki/base/ra/lib/perl/PKI/Base/PinStore.pm deleted file mode 100644 index 437d259ff..000000000 --- a/pki/base/ra/lib/perl/PKI/Base/PinStore.pm +++ /dev/null @@ -1,180 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# -package PKI::Base::PinStore; - -use DBI; -use PKI::Base::TimeTool; - -####################################### -# Constructs a request queue -####################################### -sub new { - my $self = {}; - bless ($self); - return $self; -} - -####################################### -# Opens request queue -####################################### -sub open { - my ($self, $cfg) = @_; - $self->{cfg} = $cfg; - my $dbfile = $cfg->get("database.dbfile"); - $self->{dbh} = DBI->connect("dbi:SQLite:dbname=$dbfile","",""); -} - -####################################### -# Creates a new request -####################################### -sub generate_random -{ - my $low = $_[0]; - my $high = $_[1]; - - my $number = 0; - - if( $low >= $high || $low < 0 || $high < 0 ) { - return -1; - } - - $number = int( rand( $high -$low +1 ) ) + $low; - - return $number; -} - - -# arg0 length of string -# return random string -sub generate_random_string() -{ - my $length_of_randomstring=shift; # the length of the string - - my @chars=( 'a'..'z','A'..'Z','0'..'9' ); - my $random_string; - - foreach( 1..$length_of_randomstring ) { - $random_string .= $chars[rand @chars]; - } - - return $random_string; -} - -sub create_pin { - my ($self, $key, $rid, $created_by) = @_; - my $dbh = $self->{dbh}; - - my $pin = &generate_random_string(10); - my $timet = PKI::Base::TimeTool->new(); - my $now = $timet->get_time(); - - # delete previous pin - my $delete = "delete from pins where key=" . $dbh->quote($key); - $dbh->do($delete); - - my $insert = "insert into pins (" . - "key" . "," . - "pin" . "," . - "rid" . "," . - "created_by" . "," . - "created_at" . - ") values (" . - $dbh->quote($key) . "," . - $dbh->quote($pin) . "," . - $dbh->quote($rid) . "," . - $dbh->quote($created_by) . "," . - $dbh->quote($now) . - ")"; -REDO_CREATE_PIN: - eval { - $dbh->do($insert); - }; - if ($dbh->err == 5) { - sleep(1); - goto REDO_CREATE_PIN; - } - - my $rid = $dbh->func('last_insert_rowid'); - -# my $ref = $self->read_pin($rid); - - return $pin; -} - -####################################### -# Matches pin -####################################### -sub match { - my ($self, $key, $pin) = @_; - my $dbh = $self->{dbh}; - my $select = "select * from pins " . - "where " . - "key=" . $dbh->quote($key) . " AND " . - "pin=" . $dbh->quote($pin); - my $sth = $dbh->prepare($select); - $sth->execute(); - my $ref = $sth->fetchrow_hashref(); - $sth->finish(); - if (defined($ref)) { - return 1; - } else { - return 0; - } -} - -sub read_pin { - my ($self, $key) = @_; - my $dbh = $self->{dbh}; - my $select = "select * from pins " . - "where " . - "key=" . $dbh->quote($key); - my $sth = $dbh->prepare($select); - $sth->execute(); - my $ref = $sth->fetchrow_hashref(); - $sth->finish(); - return $ref; -} - -####################################### -# Deletes pin -####################################### -sub delete { - my ($self, $key) = @_; - my $dbh = $self->{dbh}; - my $cmd = "delete from pins " . - "where " . - "key=" . $dbh->quote($key); - $dbh->do($cmd); -} - -####################################### -# Closes request queue -####################################### -sub close { - my ($self) = @_; - my $dbh = $self->{dbh}; - $dbh->disconnect(); -} - -1; diff --git a/pki/base/ra/lib/perl/PKI/Base/Registry.pm b/pki/base/ra/lib/perl/PKI/Base/Registry.pm deleted file mode 100644 index a4fb83f28..000000000 --- a/pki/base/ra/lib/perl/PKI/Base/Registry.pm +++ /dev/null @@ -1,55 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# -package PKI::Base::Registry; - -use PKI::Base::Conf; - -my $docroot; -my $cfg; -my $parser; - -BEGIN { - $docroot = $ENV{DOCUMENT_ROOT}; - $cfg = PKI::Base::Conf->new(); - $cfg->load_file("$docroot/../conf/CS.cfg"); - $parser = new Template::Velocity($docroot); - -} - -sub get_docroot { - my ($self) = @_; - return $docroot; -} - -sub get_parser { - my ($self) = @_; - return $parser; -} - -sub get_config { - my ($self) = @_; - return $cfg; -} - -1; diff --git a/pki/base/ra/lib/perl/PKI/Base/TimeTool.pm b/pki/base/ra/lib/perl/PKI/Base/TimeTool.pm deleted file mode 100755 index 11f4be208..000000000 --- a/pki/base/ra/lib/perl/PKI/Base/TimeTool.pm +++ /dev/null @@ -1,54 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# -package PKI::Base::TimeTool; - -use Time::Local; - -use DBI; -use PKI::Base::TimeTool; - -####################################### -# Constructs a request queue -####################################### -sub new { - my $self = {}; - bless ($self); - return $self; -} - -sub get_time() -{ - my ($self) = @_; - my ($sec, $min, $hr, $mday, $mnth, $y, $wd, $yd, $ds) = localtime(); - my $r_year = 1900 + $y; - my $r_mnth; - my $r_day; - $r_day = $mday; - $mnth = $mnth + 1; - $r_mnth = $mnth; - return "$r_year-$r_mnth-$r_day $hr:$min:$sec"; -} - - -1; diff --git a/pki/base/ra/lib/perl/PKI/Base/UserStore.pm b/pki/base/ra/lib/perl/PKI/Base/UserStore.pm deleted file mode 100644 index c05683792..000000000 --- a/pki/base/ra/lib/perl/PKI/Base/UserStore.pm +++ /dev/null @@ -1,343 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# -package PKI::Base::UserStore; - -use DBI; -use PKI::Base::TimeTool; - -####################################### -# Constructs a request queue -####################################### -sub new { - my $self = {}; - bless ($self); - return $self; -} - -####################################### -# Opens this store -####################################### -sub open { - my ($self, $cfg) = @_; - $self->{cfg} = $cfg; - my $dbfile = $cfg->get("database.dbfile"); - $self->{dbh} = DBI->connect("dbi:SQLite:dbname=$dbfile","",""); - my $timeout = $self->{dbh}->func("busy_timeout"); - $self->{dbh}->func($timeout * 10, "busy_timeout"); -} - -####################################### -# Maps user -####################################### -sub map_user { - my ($self, $certificate) = @_; - my $dbh = $self->{dbh}; - my $select = "select * from users " . - "where " . - "certificate=" . $dbh->quote($certificate); - my $sth = $dbh->prepare($select); - $sth->execute(); - my $ref = $sth->fetchrow_hashref(); - $sth->finish(); - return $ref; -} - -####################################### -# Gets roles of the given user -####################################### -sub get_roles { - my ($self, $uid) = @_; - my $dbh = $self->{dbh}; - my $select = "select * from roles " . - "where " . - "uid=" . $dbh->quote($uid); - my @roles; - my $sth = $dbh->prepare($select); - $sth->execute(); - while (my $ref = $sth->fetchrow_hashref()) { - push(@roles, $ref->{'gid'}); - } - $sth->finish(); - return @roles; -} - - -####################################### -# Reads a user -####################################### -sub read_group { - my ($self, $gid) = @_; - my $dbh = $self->{dbh}; - my $select = "select * from groups " . - "where gid=" . $dbh->quote($gid); - my $sth = $dbh->prepare($select); - $sth->execute(); - my $ref = $sth->fetchrow_hashref(); - $sth->finish(); - return $ref; -} - -sub read_user { - my ($self, $uid) = @_; - my $dbh = $self->{dbh}; - my $select = "select * from users " . - "where uid=" . $dbh->quote($uid); - my $sth = $dbh->prepare($select); - $sth->execute(); - my $ref = $sth->fetchrow_hashref(); - $sth->finish(); - return $ref; -} - -sub set_user { - my ($self, $uid, $name, $value) = @_; - my $dbh = $self->{dbh}; - - my $timet = PKI::Base::TimeTool->new(); - my $now = $timet->get_time(); - my $update = "update users set " . - $name . "=" . $dbh->quote($value) . "," . - "updated_at=" . $dbh->quote($now) . " " . - "where uid=" . $dbh->quote($uid); - $dbh->do($update); - - my $select = "select * from users " . - "where uid=" . $dbh->quote($uid); - my $sth = $dbh->prepare($select); - $sth->execute(); - my $ref = $sth->fetchrow_hashref(); - $sth->finish(); - - return $ref; -} - -####################################### -# Lists all members in the given group -####################################### -sub list_all_members { - my ($self, $gid) = @_; - my $dbh = $self->{dbh}; - my $select = "select * from roles where " . - "gid=" . $dbh->quote($gid) . " " . - "order by uid desc "; - my $sth = $dbh->prepare($select); - $sth->execute(); - my @reqs; - while (my $ref = $sth->fetchrow_hashref()) { - push(@reqs, $ref); - } - $sth->finish(); - return @reqs; -} - -####################################### -# Lists -####################################### -sub list_all_non_members { - my ($self, $gid) = @_; - my $dbh = $self->{dbh}; - # find members of the given group - my $select1 = "select * from roles where " . - "gid=" . $dbh->quote($gid); - my $sth1 = $dbh->prepare($select1); - $sth1->execute(); - my $filter = ""; - while (my $ref1 = $sth1->fetchrow_hashref()) { - if ($filter eq "") { - $filter = "uid<>" . $dbh->quote($ref1->{'uid'}); - } else { - $filter = $filter . " AND " . "uid<>" . $dbh->quote($ref1->{'uid'}); - } - } - $sth1->finish(); - - my $select; - if ($filter eq "") { - $select = "select * from users " . - "order by uid desc "; - } else { - $select = "select * from users where (" . - $filter . ") " . - "order by uid desc "; - } - my $sth = $dbh->prepare($select); - $sth->execute(); - my @reqs; - while (my $ref = $sth->fetchrow_hashref()) { - push(@reqs, $ref); - } - $sth->finish(); - return @reqs; -} - -sub delete_user { - my ($self, $userid) = @_; - my $dbh = $self->{dbh}; - - my $cmd = "delete from roles where uid=" . $dbh->quote($userid); - $dbh->do($cmd); - $cmd = "delete from users where uid=" . $dbh->quote($userid); - $dbh->do($cmd); -} - -sub add_user_to_group { - my ($self, $gid, $userid) = @_; - my $dbh = $self->{dbh}; - - my $timet = PKI::Base::TimeTool->new(); - my $now = $timet->get_time(); - - my $cmd = "insert into roles (" . - "gid" . "," . - "uid" . - ") values (" . - $dbh->quote($gid) . "," . - $dbh->quote($userid) . - ")"; - $dbh->do($cmd); -} - -sub delete_user_from_group { - my ($self, $gid, $userid) = @_; - my $dbh = $self->{dbh}; - - my $timet = PKI::Base::TimeTool->new(); - my $now = $timet->get_time(); - - my $cmd = "delete from roles where " . - "gid=" . $dbh->quote($gid) . " AND " . - "uid=" . $dbh->quote($userid); - $dbh->do($cmd); -} - -sub add_user { - my ($self, $userid, $name, $email, $certificate) = @_; - my $dbh = $self->{dbh}; - - my $timet = PKI::Base::TimeTool->new(); - my $now = $timet->get_time(); - - my $cmd = "insert into users (" . - "uid" . "," . - "name" . "," . - "email" . "," . - "certificate" . "," . - "created_at" . - ") values (" . - $dbh->quote($userid) . "," . - $dbh->quote($name) . "," . - $dbh->quote($email) . "," . - $dbh->quote($certificate) . "," . - $dbh->quote($now) . - ")"; -REDO_ADD_USER: - eval { - $dbh->do($cmd); - }; - if ($dbh->err == 5) { - sleep(1); - goto REDO_ADD_USER; - } -} - -sub add_group { - my ($self, $gid, $name) = @_; - my $dbh = $self->{dbh}; - - my $timet = PKI::Base::TimeTool->new(); - my $now = $timet->get_time(); - - my $cmd = "insert into groups (" . - "gid" . "," . - "name" . "," . - "created_at" . - ") values (" . - $dbh->quote($gid) . "," . - $dbh->quote($name) . "," . - $dbh->quote($now) . - ")"; -REDO_ADD_GROUP: - eval { - $dbh->do($cmd); - }; - if ($dbh->err == 5) { - sleep(1); - goto REDO_ADD_GROUP; - } -} - -sub delete_group { - my ($self, $gid) = @_; - my $dbh = $self->{dbh}; - - my $timet = PKI::Base::TimeTool->new(); - my $now = $timet->get_time(); - - my $cmd = "delete from roles where gid=" . $dbh->quote($gid); - $dbh->do($cmd); - $cmd = "delete from groups where gid=" . $dbh->quote($gid); - $dbh->do($cmd); -} - -sub list_users { - my ($self, $startpos, $maxcount) = @_; - my $dbh = $self->{dbh}; - my $select = "select * from users " . - "order by uid desc " . - "limit $startpos, $maxcount"; - my $sth = $dbh->prepare($select); - $sth->execute(); - my @reqs; - while (my $ref = $sth->fetchrow_hashref()) { - push(@reqs, $ref); - } - $sth->finish(); - return @reqs; -} - -sub list_groups { - my ($self, $startpos, $maxcount) = @_; - my $dbh = $self->{dbh}; - my $select = "select * from groups " . - "order by gid desc " . - "limit $startpos, $maxcount"; - my $sth = $dbh->prepare($select); - $sth->execute(); - my @reqs; - while (my $ref = $sth->fetchrow_hashref()) { - push(@reqs, $ref); - } - $sth->finish(); - return @reqs; -} -####################################### -# Closes this store -####################################### -sub close { - my ($self) = @_; - my $dbh = $self->{dbh}; - $dbh->disconnect(); -} - -1; diff --git a/pki/base/ra/lib/perl/PKI/Base/Util.pm b/pki/base/ra/lib/perl/PKI/Base/Util.pm deleted file mode 100755 index f01062e42..000000000 --- a/pki/base/ra/lib/perl/PKI/Base/Util.pm +++ /dev/null @@ -1,155 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# -package PKI::Base::Util; - -use Time::Local; - -use DBI; -use HTML::Entities; - -####################################### -# Constructs a util -####################################### -sub new { - my $self = {}; - bless ($self); - return $self; -} - -sub get_val() -{ - my ($self, $s) = @_; - return $s; -} - -sub get_integer_val() -{ - my ($self, $s) = @_; - return $s; -} - -sub get_string_val() -{ - my ($self, $s) = @_; - return $s; -} - -sub get_alphanum_val() -{ - my ($self, $s) = @_; - $s =~ s/[^A-Za-z0-9 ]*//g; - return $s; -} - -sub normalize_csr() -{ - my ($self, $s) = @_; - $s =~ s/-----BEGIN CERTIFICATE REQUEST-----//g; - $s =~ s/-----END CERTIFICATE REQUEST-----//g; - $s =~ s/-----BEGIN NEW CERTIFICATE REQUEST-----//g; - $s =~ s/-----END NEW CERTIFICATE REQUEST-----//g; - $s =~ s/\s//g; - return $s; -} - -sub breakline() -{ - my ($self, $s, $maxlen) = @_; - - my $new_s; - my $i = 0; - foreach my $c (split(//, $s)) { - if ($i == $maxlen) { - $i = 0; - $new_s = $new_s . "<br/>"; - } - $new_s = $new_s . $c; - $i++; - } - return $new_s; -} - -sub nv_to_hash() -{ - my ($self, $s) = @_; - my %hash; - my @pairs = split(/;/, $s); - foreach $pair (@pairs) { - my $i = index('=', $pair); - my $n = substr($pair, 0, $i-1); - my $v = substr($pair, $i); - $hash{$n} = $v; - } - return \%hash; -} - -sub nv_to_str() -{ - my ($self, $hash) = @_; - my $s = ""; - foreach $k (keys %$hash) { - if ($s eq "") { - $s = $k . "=" . $$hash{$k}; - } else { - $s = $s . ";" . $k . "=" . $$hash{$k}; - } - } - return $s; -} - -sub test() -{ - my %h; - $h{'x'} = 'y'; - $h{'z'} = 'y'; - my $o = PKI::Base::NameValueUtil->new(); - print $o->to_str(\%h) . "\n"; - print $o->to_str($o->to_hash("5=1;c=2")) . "\n"; -} - -sub html_encode() -{ - my ($self, $s) = @_; - return HTML::Entities::encode($s); -} - -sub html_encode_and_break() -{ - my ($self, $s, $maxlen) = @_; - my $new_s = ''; - my $i = 0; - foreach my $c (split(//, $s)) { - if ($i == $maxlen) { - $i = 0; - $new_s = $new_s . '***'; - } - $new_s = $new_s . $c; - $i++; - } - $s = HTML::Entities::encode($new_s); - $s =~ s/\*\*\*/<br\/>/g; - return $s; -} - -1; diff --git a/pki/base/ra/lib/perl/PKI/Conn/CA.pm b/pki/base/ra/lib/perl/PKI/Conn/CA.pm deleted file mode 100644 index f3c8834ed..000000000 --- a/pki/base/ra/lib/perl/PKI/Conn/CA.pm +++ /dev/null @@ -1,390 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# -package PKI::Conn::CA; - -use URI::URL; -use URI::Escape; -use XML::Simple; -use Data::Dumper; -use DBI; -use PKI::Base::TimeTool; -use PKI::Base::CertStore; -use PKI::Base::Util; -use PKI::Request::Queue; - -####################################### -# Constructs a request queue -####################################### -sub new { - my $self = {}; - bless ($self); - return $self; -} - -####################################### -# Opens request queue -####################################### -sub open { - my ($self, $cfg) = @_; - $self->{cfg} = $cfg; - my $certstore = PKI::Base::CertStore->new(); - $certstore->open($cfg); - $self->{certstore} = $certstore; -} - -####################################### -# Enrolls -####################################### -sub enroll { - my ($self, $rid, $con_id, $profile_id, $cert_request_type, $cert_request) = @_; - - my $cfg = $self->{cfg}; - my $instdir = $cfg->get("service.instanceDir"); - my $db_password; - - my $nickname = $cfg->get("conn." . $con_id . ".clientNickname"); - my $cahostport = $cfg->get("conn." . $con_id . ".hostport"); - my ($host, $port) = split(/:/, $cahostport); - - if ($nickname =~ /(.*):(.*)/) { - $db_password = `grep \"$1:\" \"$instdir/conf/password.conf\" | awk -F: '{print \$2}'`; - } else { - $db_password = `grep \"internal:\" \"$instdir/conf/password.conf\" | cut -c10-`; - } - $db_password =~ s/\n$//g; - - my $queue = PKI::Request::Queue->new(); - $queue->open($cfg); - my $req = $queue->read_request($rid); - if ($req->{'subject_dn'} ne "unavailable") { - $subject = $req->{'subject_dn'}; - } - - my $tmpfile = "/tmp/tmp-$rid-$$"; - my $params = "profileId=" . $profile_id . "&" . - "requestor_name=" . - URI::Escape::uri_escape("$requestor_name") . "&" . - "cert_request_type=" . $cert_request_type . "&" . - "subject=" . - URI::Escape::uri_escape("$subject") . "&" . - "cert_request=" . - URI::Escape::uri_escape("$cert_request") . "&" . - "xmlOutput=true"; - - system("/usr/bin/sslget -e \"$params\" -d \"$instdir/alias\" -p \"$db_password\" -v -n \"$nickname\" -r \"/ca/ee/ca/profileSubmit\" $host:$port > $tmpfile"); - - my $content = `cat $tmpfile`; - if ($content eq "") { - $queue->set_request($rid, "errorString", "CA Connection Error"); - $queue->set_request($rid, "status", "ERROR"); - $queue->close(); - - $queue->close(); - return ""; - } - - $content =~ /(\<XMLResponse\>.*\<\/XMLResponse\>)/; - $content = $1; - $content =~ s/\n//g; - - my $xmlparser = XML::Simple->new(); - my $response = $xmlparser->XMLin($content); - - my $status = $response->{Status}; - if ($status ne "0") { - my $errorString = $response->{Error}; - - $queue->set_request($rid, "errorString", "CA: ".$errorString); - $queue->set_request($rid, "status", "ERROR"); - - $queue->close(); - return ""; - } - - #reset to 0 in case of re-approval - $queue->set_request($rid, "errorString", "0"); - my $req = $queue->read_request($rid); - my $approved_by = $req->{'processed_by'}; - my $serialno = $response->{Requests}->{Request}->{serialno}; - $queue->set_request($rid, "serialno", $serialno); - my $subject_dn = $response->{Requests}->{Request}->{SubjectDN}; - $queue->set_request($rid, "subject_dn", $subject_dn); - my $cert = $response->{Requests}->{Request}->{b64}; - $queue->close(); - - my $util = PKI::Base::Util->new(); - my $csr = $cert_request; - $csr = $util->normalize_csr($csr); - - $self->{certstore}->add_certificate($serialno, $csr, $subject_dn, $cert, $rid, $approved_by); - - system("rm $tmpfile"); - - return $cert; -} - -sub get_http_content -{ - my ($self, $filename) = @_; - my $data = ""; - my $count = `grep -a Content-Length $filename | cut -d' ' -f2`; - chomp($count); - my $file_size = -s $filename; - my $offset = $file_size - $count; - - open(FP, "<$filename"); - binmode(FP); - seek(FP, $offset-1, 0); - read(FP, $data, $count); - close(FP); - return $data; -} - -####################################### -# Revoke -####################################### -sub revoke { - my ($self, $rid, $con_id, $serialno, $reason) = @_; - - my $cfg = $self->{cfg}; - my $instdir = $cfg->get("service.instanceDir"); - my $db_password; - - my $nickname = $cfg->get("conn." . $con_id . ".clientNickname"); - my $cahostport = $cfg->get("conn." . $con_id . ".hostagentport"); - - if ($nickname =~ /(.*):(.*)/) { - $db_password = `grep \"$1:\" \"$instdir/conf/password.conf\" | awk -F: '{print \$2}'`; - } else { - $db_password = `grep \"internal:\" \"$instdir/conf/password.conf\" | cut -c10-`; - } - $db_password =~ s/\n$//g; - - my $tmpfile = "/tmp/tmp-revoke-$serialno-$$"; - my ($host, $port) = split(/:/, $cahostport); - my $params = "op=" . "revoke" . "&" . - "revocationReason=" .$reason . "&" . - "revokeAll=(certRecordId=" ."0x".$serialno . ")&" . - "totalRecordCount=" ."1" . "&" . - "xml=true"; - system("/usr/bin/sslget -e \"$params\" -d \"$instdir/alias\" -p \"$db_password\" -v -n \"$nickname\" -r \"/ca/agent/ca/doRevoke\" $host:$port > $tmpfile"); - - my $content = `cat $tmpfile`; - my $queue = PKI::Request::Queue->new(); - $queue->open($cfg); - if ($content eq "") { - $queue->set_request($rid, "errorString", "CA Connection Error"); -# $queue->set_request($rid, "status", "ERROR"); - $queue->close(); - - $queue->close(); - return ""; - } - $content =~ s/\000//; - $content =~ /(\<xml\>.*\<\/xml\>)/s; - $content = $1; - $content =~ s/\n//g; - - my $req = $queue->read_request($rid); - - my $xmlparser = XML::Simple->new(NormalizeSpace => 2); - my $response = $xmlparser->XMLin($content); - - my $errorString = $response->{fixed}->{errorDetails}; - my $revoked = $response->{header}->{revoked}; - - if ($revoked ne "yes") { - $queue->set_request($rid, "errorString", "CA:".$errorString); - } else { - $queue->set_request($rid, "errorString", "0"); - } - system("rm $tmpfile"); - - $queue->close(); - return; -} - -####################################### -# Get Certificate Status -####################################### -sub getCertStatus { - my ($self, $con_id, $serialno) = @_; - - my $cfg = $self->{cfg}; - my $instdir = $cfg->get("service.instanceDir"); - my $db_password; - - my $nickname = $cfg->get("conn." . $con_id . ".clientNickname"); - my $cahostport = $cfg->get("conn." . $con_id . ".hostport"); - my ($host, $port) = split(/:/, $cahostport); - - if ($nickname =~ /(.*):(.*)/) { - $db_password = `grep \"$1:\" \"$instdir/conf/password.conf\" | awk -F: '{print \$2}'`; - } else { - $db_password = `grep \"internal:\" \"$instdir/conf/password.conf\" | cut -c10-`; - } - $db_password =~ s/\n$//g; - - - my $tmpfile = "/tmp/tmp-$serialno-$$"; - my $params = "serialNumber=" . "0x".$serialno . "&" . - "xml=true"; - system("/usr/bin/sslget -e \"$params\" -d \"$instdir/alias\" -p \"$db_password\" -v -n \"$nickname\" -r \"/ca/ee/ca/displayBySerial\" $host:$port > $tmpfile"); - - my $content = `cat $tmpfile`; - system("rm $tmpfile"); - if ($content eq "") { - return "CA: Connection Error"; - system("rm $tmpfile"); - } - - $content =~ /(\<xml\>.*\<\/xml\>)/s; - $content = $1; - $content =~ s/\n//g; - - my $xmlparser = XML::Simple->new(NormalizeSpace => 2); - my $response = $xmlparser->XMLin($content); - - my $errorString = $response->{fixed}->{errorDetails}; - my $revokeReason = $response->{header}->{revocationReason}; - - if ($revokeReason eq "") { - if ($errorString eq "") { - return "not revoked"; - } else { - return "CA:".$errorString; - } - } else { - return "revoked:".$revokeReason; - } -} - -####################################### -# SCEP -####################################### -sub scep_get_ca_cert { - my ($self, $con_id, $operation, $message) = @_; - - my $cfg = $self->{cfg}; - my $instdir = $cfg->get("service.instanceDir"); - my $db_password; - - my $nickname = $cfg->get("conn." . $con_id . ".clientNickname"); - my $cahostport = $cfg->get("conn." . $con_id . ".hostport"); - my ($host, $port) = split(/:/, $cahostport); - - if ($nickname =~ /(.*):(.*)/) { - $db_password = `grep \"$1:\" \"$instdir/conf/password.conf\" | awk -F: '{print \$2}'`; - } else { - $db_password = `grep \"internal:\" \"$instdir/conf/password.conf\" | cut -c10-`; - } - $db_password =~ s/\n$//g; - - my $tmpfile = "/tmp/tmp-$$"; - my $params = "operation=" . $operation . "&" . - "message=" . $message; - system("/usr/bin/sslget -e \"$params\" -d \"$instdir/alias\" -p \"$db_password\" -n \"$nickname\" -r \"/ca/ee/ca/pkiclient\" $host:$port > $tmpfile"); - - - my $content = $self->get_http_content($tmpfile); - - system("rm $tmpfile"); - - return $content; -} - -# decode PKI Message -sub scep_decode { - my ($self, $con_id, $operation, $message) = @_; - - my $cfg = $self->{cfg}; - my $instdir = $cfg->get("service.instanceDir"); - my $db_password; - - my $nickname = $cfg->get("conn." . $con_id . ".clientNickname"); - my $cahostport = $cfg->get("conn." . $con_id . ".hostport"); - my ($host, $port) = split(/:/, $cahostport); - - if ($nickname =~ /(.*):(.*)/) { - $db_password = `grep \"$1:\" \"$instdir/conf/password.conf\" | awk -F: '{print \$2}'`; - } else { - $db_password = `grep \"internal:\" \"$instdir/conf/password.conf\" | cut -c10-`; - } - $db_password =~ s/\n$//g; - - my $tmpfile = "/tmp/tmp-$$"; - my $params = "operation=" . $operation . "&" . - "message=" . $message . "&" . - "decode=true"; - system("/usr/bin/sslget -e \"$params\" -d \"$instdir/alias\" -p \"$db_password\" -n \"$nickname\" -r \"/ca/ee/ca/pkiclient\" $host:$port > $tmpfile"); - - - my $content = $self->get_http_content($tmpfile); - - system("rm $tmpfile"); - - return $content; -} - -sub scep_pki_message { - my ($self, $con_id, $operation, $message) = @_; - - my $cfg = $self->{cfg}; - my $instdir = $cfg->get("service.instanceDir"); - my $db_password; - - my $nickname = $cfg->get("conn." . $con_id . ".clientNickname"); - my $cahostport = $cfg->get("conn." . $con_id . ".hostport"); - my ($host, $port) = split(/:/, $cahostport); - - if ($nickname =~ /(.*):(.*)/) { - $db_password = `grep \"$1:\" \"$instdir/conf/password.conf\" | awk -F: '{print \$2}'`; - } else { - $db_password = `grep \"internal:\" \"$instdir/conf/password.conf\" | cut -c10-`; - } - $db_password =~ s/\n$//g; - - my $tmpfile = "/tmp/tmp-$$"; - my $params = "operation=" . $operation . "&" . - "message=" . $message; - system("/usr/bin/sslget -e \"$params\" -d \"$instdir/alias\" -p \"$db_password\" -n \"$nickname\" -r \"/ca/ee/ca/pkiclient\" $host:$port > $tmpfile"); - - - my $content = $self->get_http_content($tmpfile); - - system("rm $tmpfile"); - - return $content; -} - - -####################################### -# Closes connection -####################################### -sub close { - my ($self) = @_; - $self->{certstore}->close(); -} - -1; diff --git a/pki/base/ra/lib/perl/PKI/RA/AdminAuthPanel.pm b/pki/base/ra/lib/perl/PKI/RA/AdminAuthPanel.pm deleted file mode 100755 index 656dc2d5e..000000000 --- a/pki/base/ra/lib/perl/PKI/RA/AdminAuthPanel.pm +++ /dev/null @@ -1,86 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -use strict; -use warnings; -use PKI::RA::GlobalVar; -use PKI::RA::Common; - -package PKI::RA::AdminAuthPanel; -$PKI::RA::AdminAuthPanel::VERSION = '1.00'; - -use PKI::RA::BasePanel; -our @ISA = qw(PKI::RA::BasePanel); - -sub new { - my $class = shift; - my $self = {}; - - $self->{"isSubPanel"} = \&is_sub_panel; - $self->{"hasSubPanel"} = \&has_sub_panel; - $self->{"isPanelDone"} = \&PKI::RA::Common::no; - $self->{"getPanelNo"} = &PKI::RA::Common::r(8); - $self->{"getName"} = &PKI::RA::Common::r("Admin Authentication"); - $self->{"vmfile"} = "adminauthenticatepanel.vm"; - $self->{"update"} = \&update; - $self->{"panelvars"} = \&display; - - bless $self,$class; - return $self; -} - -sub is_sub_panel -{ - my ($q) = @_; - return 0; -} - -sub has_sub_panel -{ - my ($q) = @_; - return 0; -} - -sub validate -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("AdminAuthPanel: validate"); - return 1; -} - -sub update -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("AdminAuthPanel: update"); - return 1; -} - -sub display -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("AdminAuthPanel: display"); - return 1; -} - -1; diff --git a/pki/base/ra/lib/perl/PKI/RA/AdminPanel.pm b/pki/base/ra/lib/perl/PKI/RA/AdminPanel.pm deleted file mode 100755 index a5538ef54..000000000 --- a/pki/base/ra/lib/perl/PKI/RA/AdminPanel.pm +++ /dev/null @@ -1,227 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -use strict; -use warnings; -use PKI::RA::GlobalVar; -use PKI::RA::Common; -use URI::URL; -use URI::Escape; -use DBI; - -package PKI::RA::AdminPanel; -$PKI::RA::AdminPanel::VERSION = '1.00'; - -use PKI::RA::BasePanel; -our @ISA = qw(PKI::RA::BasePanel); - -sub new { - my $class = shift; - my $self = {}; - - $self->{"isSubPanel"} = \&is_sub_panel; - $self->{"hasSubPanel"} = \&has_sub_panel; - $self->{"isPanelDone"} = \&PKI::RA::Common::no; - $self->{"getPanelNo"} = &PKI::RA::Common::r(14); - $self->{"getName"} = &PKI::RA::Common::r("Administrator"); - $self->{"vmfile"} = "adminpanel.vm"; - $self->{"update"} = \&update; - $self->{"panelvars"} = \&display; - bless $self,$class; - return $self; -} - -sub is_sub_panel -{ - my ($q) = @_; - return 0; -} - -sub has_sub_panel -{ - my ($q) = @_; - return 0; -} - -sub validate -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("AdminPanel: validate"); - return 1; -} - - -sub update -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("AdminPanel: update"); - - my $uid = $q->param("uid"); - my $name = $q->param("name"); - my $email = $q->param("email"); - my $password = $q->param("__pwd"); - my $password_again = $q->param("__admin_password_again"); - - my $cert_request = $q->param("cert_request"); - my $subject = $q->param("subject"); - my $profile_id = $q->param("profileId"); - my $cert_request_type = $q->param("cert_request_type"); - - $cert_request =~ s/%0D%0A//g; # remove carraige return - - # submit request to CA - - # Admin Certificate should be obtained from the ca selected in the - # name panel. If name panel use External CA, the admin certificate - # will be issued by the security domain CA. - my $cainfo = $::config->get("preop.ca.url"); - &PKI::RA::Wizard::debug_log("AdminPanel: preop.ca.url=$cainfo"); - if ($cainfo eq "" || $cainfo =~ /:$/) { - $cainfo = $::config->get("config.sdomainEEURL"); - &PKI::RA::Wizard::debug_log("AdminPanel: config.sdomainEEURL=$cainfo"); - } - &PKI::RA::Wizard::debug_log("AdminPanel: Connecting to CA: $cainfo"); - my $cainfo_url = new URI::URL($cainfo); - my $sdom = $::config->get("config.sdomainEEURL"); - my $sdom_url = new URI::URL($sdom); - - my $machineName = $::config->get("service.machineName"); - my $securePort = $::config->get("service.securePort"); - my $session_id = $::config->get("preop.sessionID"); - - my $tokenname = $::config->get("preop.module.token"); - my $token_pwd = $::pwdconf->get($tokenname); - my $nickname = $::config->get("preop.cert.sslserver.nickname"); - my $instanceID = $::config->get("service.instanceID"); - my $instanceDir = $::config->get("service.instanceDir"); - my $db_password = `grep \"internal:\" \"$instanceDir/conf/password.conf\" | cut -c10-`; - $db_password =~ s/\n$//g; - - my $requestor_name = "RA-" . $machineName . "-" . $securePort; - - my $params = "profileId=" . $profile_id . "&" . - "requestor_name=" . $requestor_name . "&" . - "cert_request_type=" . $cert_request_type . "&" . - "subject=" . $subject . "&" . - "cert_request=" . - URI::Escape::uri_escape("$cert_request") . "&" . - "xmlOutput=true" . "&" . - "sessionID=" . $session_id . "&" . - "auth_hostname=" . $sdom_url->host . "&" . - "auth_port=" . $sdom_url->port; - - my $ca_host = $cainfo_url->host; - my $https_ee_port = $cainfo_url->port; - my $content = ""; - my $tmpfile = "/tmp/admin-$$"; - if (($tokenname eq "") || ($tokenname eq "NSS Certificate DB")) { - system("/usr/bin/sslget -e \"$params\" -d \"$instanceDir/alias\" -p \"$db_password\" -v -n \"$nickname\" -r \"/ca/ee/ca/profileSubmit\" $ca_host:$https_ee_port > $tmpfile"); - $content = `cat $tmpfile`; - } else { - system("/usr/bin/sslget -e \"$params\" -d \"$instanceDir/alias\" -p \"$token_pwd\" -v -n \"$nickname\" -r \"/ca/ee/ca/profileSubmit\" $ca_host:$https_ee_port > $tmpfile"); - $content = `cat $tmpfile`; - } - system("rm $tmpfile"); - &PKI::RA::Wizard::debug_log("req = " . $content); - - $content =~ /(\<XMLResponse\>.*\<\/XMLResponse\>)/; - $content = $1; - - # create user in internal database - &PKI::RA::Wizard::debug_log("AdminPanel: Creating user in internal database"); - # use scripts/addAgents.ldif - - my $parser = XML::Simple->new(); - my $response = $parser->XMLin($content); - my $admincert = $response->{Requests}->{Request}->{b64}; - &PKI::RA::Wizard::debug_log("AdminPanel: admincert " . $admincert); - - # create local database - my $dbh = DBI->connect( - "dbi:SQLite:dbname=$instanceDir/conf/dbfile","",""); - my $insert = "insert into users (" . - "uid" . "," . - "name" . "," . - "password" . "," . - "email" . "," . - "certificate" . - ") values (" . - $dbh->quote($uid) . "," . - $dbh->quote($name) . "," . - $dbh->quote($password) . "," . - $dbh->quote($email) . "," . - $dbh->quote($admincert) . - ")"; - $dbh->do($insert); - $insert = "insert into roles (" . - "uid" . "," . - "gid" . - ") values (" . - $dbh->quote($uid) . "," . - $dbh->quote("administrators") . - ")"; - $dbh->do($insert); - $insert = "insert into roles (" . - "uid" . "," . - "gid" . - ") values (" . - $dbh->quote($uid) . "," . - $dbh->quote("agents") . - ")"; - $dbh->do($insert); - $dbh->disconnect(); - - my $reqid = $response->{Requests}->{Request}->{Id}; - $::config->put("preop.admincert.requestId.0", $reqid); - my $sn = $response->{Requests}->{Request}->{serialno}; - $::config->put("preop.admincert.serialno.0", $sn); - - # update email address - $::config->put("request.agent.create_request.1.mailTo", $email); - $::config->put("request.scep.create_request.1.mailTo", $email); - $::config->put("request.server.create_request.1.mailTo", $email); - $::config->put("request.user.create_request.1.mailTo", $email); - - $::config->commit(); - - return 1; -} - -sub display -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("AdminPanel: display"); - $::symbol{admin_uid} = "admin"; - $::symbol{admin_name} = "RA Administrator"; - $::symbol{admin_email} = ""; - $::symbol{admin_pwd} = ""; - $::symbol{admin_pwd_again} = ""; - $::symbol{import} = "true"; - my $domain_name = $::config->get("preop.securitydomain.name"); - $::symbol{securityDomain} = $domain_name; - - return 1; -} - -1; diff --git a/pki/base/ra/lib/perl/PKI/RA/AgentAuthPanel.pm b/pki/base/ra/lib/perl/PKI/RA/AgentAuthPanel.pm deleted file mode 100755 index 1ada5ad54..000000000 --- a/pki/base/ra/lib/perl/PKI/RA/AgentAuthPanel.pm +++ /dev/null @@ -1,86 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -use strict; -use warnings; -use PKI::RA::GlobalVar; -use PKI::RA::Common; - -package PKI::RA::AgentAuthPanel; -$PKI::RA::AgentAuthPanel::VERSION = '1.00'; - -use PKI::RA::BasePanel; -our @ISA = qw(PKI::RA::BasePanel); - -sub new { - my $class = shift; - my $self = {}; - - $self->{"isSubPanel"} = \&is_sub_panel; - $self->{"hasSubPanel"} = \&has_sub_panel; - $self->{"isPanelDone"} = \&PKI::RA::Common::no; - $self->{"getPanelNo"} = &PKI::RA::Common::r(7); - $self->{"getName"} = &PKI::RA::Common::r("Agent Authentication"); - $self->{"vmfile"} = "agentauthenticatepanel.vm"; - $self->{"update"} = \&update; - $self->{"panelvars"} = \&display; - bless $self,$class; - return $self; -} - -sub is_sub_panel -{ - my ($q) = @_; - return 0; -} - -sub has_sub_panel -{ - my ($q) = @_; - return 0; -} - -sub validate -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("AgentAuthPanel: validate"); - return 1; -} - -sub update -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("AgentAuthPanel: update"); - return 1; -} - -sub display -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("AgentAuthPanel: display"); - return 1; -} - - -1; diff --git a/pki/base/ra/lib/perl/PKI/RA/BasePanel.pm b/pki/base/ra/lib/perl/PKI/RA/BasePanel.pm deleted file mode 100755 index 5cb4d7697..000000000 --- a/pki/base/ra/lib/perl/PKI/RA/BasePanel.pm +++ /dev/null @@ -1,40 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -use strict; -use warnings; -use PKI::RA::GlobalVar; -use PKI::RA::Common; - -package PKI::RA::BasePanel; -$PKI::RA::BasePanel::VERSION = '1.00'; - -sub new { - my ($class) = @_; - my $self = {}; - bless $self, $class; - return $self; -} - -1; diff --git a/pki/base/ra/lib/perl/PKI/RA/CAInfoPanel.pm b/pki/base/ra/lib/perl/PKI/RA/CAInfoPanel.pm deleted file mode 100755 index 4cc65e5cf..000000000 --- a/pki/base/ra/lib/perl/PKI/RA/CAInfoPanel.pm +++ /dev/null @@ -1,289 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -use strict; -use warnings; -use PKI::RA::GlobalVar; -use PKI::RA::Common; -use URI::URL; - -package PKI::RA::CAInfoPanel; -$PKI::RA::CAInfoPanel::VERSION = '1.00'; - -use PKI::RA::BasePanel; -our @ISA = qw(PKI::RA::BasePanel); - -our $cert_header="-----BEGIN CERTIFICATE-----"; -our $cert_footer="-----END CERTIFICATE-----"; - -sub new { - my $class = shift; - my $self = {}; - - $self->{"isSubPanel"} = \&is_sub_panel; - $self->{"hasSubPanel"} = \&has_sub_panel; - $self->{"isPanelDone"} = \&PKI::RA::Common::no; - $self->{"getPanelNo"} = &PKI::RA::Common::r(4); - $self->{"getName"} = &PKI::RA::Common::r("CA Information"); - $self->{"vmfile"} = "cainfopanel.vm"; - $self->{"update"} = \&update; - $self->{"panelvars"} = \&display; - bless $self,$class; - return $self; -} - -sub is_sub_panel -{ - my ($q) = @_; - return 0; -} - -sub has_sub_panel -{ - my ($q) = @_; - return 0; -} - -sub validate -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("CAInfoPanel: validate"); - return 1; -} - -sub update -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("CAInfoPanel: update"); - - my $count = $q->param('urls'); - &PKI::RA::Wizard::debug_log("CAInfoPanel: update - got urls = $count"); - - &PKI::RA::Wizard::debug_log("CAInfoPanel: update - selected ca= $count"); - - my $instanceID = $::config->get("service.instanceID"); - my $host = ""; - my $https_ee_port = ""; - my $https_agent_port = ""; - my $https_admin_port = ""; - my $domain_xml = ""; - - if ($count =~ /http/) { - my $info = new URI::URL($count); - $host = $info->host; - $https_ee_port = $info->port; - $domain_xml = get_domain_xml($host, $https_ee_port); - if ($domain_xml eq "") { - $::symbol{errorString} = "missing security domain. CA must be installed prior to RA installation"; - return 0; - } - - $https_agent_port = get_secure_agent_port_from_domain_xml($domain_xml, $host, $https_ee_port); - $https_admin_port = get_secure_admin_port_from_domain_xml($domain_xml, $host, $https_ee_port); - - if(($https_admin_port eq "") || ($https_agent_port eq "")) { - $::symbol{errorString} = "missing secure CA admin or agent port. CA must be installed prior to RA installation"; - return 0; - } - } else { - $host = $::config->get("preop.securitydomain.ca$count.host"); - $https_ee_port = $::config->get("preop.securitydomain.ca$count.secureport"); - $https_agent_port = $::config->get("preop.securitydomain.ca$count.secureagentport"); - $https_admin_port = $::config->get("preop.securitydomain.ca$count.secureadminport"); - } - - if (($host eq "") || ($https_ee_port eq "") || ($https_admin_port eq "") || ($https_agent_port eq "")) { - $::symbol{errorString} = "no CA found. CA must be installed prior to RA installation"; - return 0; - } - - &PKI::RA::Wizard::debug_log("CAInfoPanel: update - host= $host, https_ee_port= $https_ee_port"); - - $::config->put("preop.cainfo.select", "https://$host:$https_admin_port"); - my $serverCertNickName = $::config->get("preop.cert.sslserver.nickname"); - - my $subsystemCertNickName = $::config->get("preop.cert.subsystem.nickname"); - $::config->put("conn.ca1.clientNickname", $subsystemCertNickName); - $::config->put("conn.ca1.hostport", $host . ":" . $https_ee_port); - $::config->put("conn.ca1.hostagentport", $host . ":" . $https_agent_port); - $::config->put("conn.ca1.hostadminport", $host . ":" . $https_admin_port); - - $::config->commit(); - - # connect to the CA, and retrieve the CA certificate - &PKI::RA::Wizard::debug_log("CAInfoPanel: update connecting to CA and retrieve cert chain"); - my $instanceDir = $::config->get("service.instanceDir"); - my $db_password = `grep \"internal:\" \"$instanceDir/conf/password.conf\" | cut -c10-`; - $db_password =~ s/\n$//g; - my $tmpfile = "/tmp/ca-$$"; - system("/usr/bin/sslget -d \"$instanceDir/alias\" -p \"$db_password\" -v -n \"$serverCertNickName\" -r \"/ca/ee/ca/getCertChain\" $host:$https_ee_port > $tmpfile"); - my $cmd = `cat $tmpfile`; - system("rm $tmpfile"); - my $caCert; - if ($cmd =~ /\<ChainBase64\>(.*)\<\/ChainBase64\>/) { - $caCert = $1; - &PKI::RA::Wizard::debug_log("CAInfoPanel: ca= $caCert"); - } - if ($caCert eq "") { - &PKI::RA::Wizard::debug_log("CAInfoPanel: update no cert chain found"); - return 0; - } - open(F, ">$instanceDir/conf/caCertChain2.txt"); - print F $cert_header."\n".$caCert."\n".$cert_footer; - close(F); - - &PKI::RA::Wizard::debug_log("CAInfoPanel: update retrieve cert chain done"); - - #import cert chain - system("p7tool -d $instanceDir/alias -p $instanceDir/conf/chain2cert -a -i $instanceDir/conf/caCertChain2.txt -o $instanceDir/conf/CAchain2_pp.txt"); - my $r = $? >> 8; - my $failed = $? & 127; - if (($r > 0) && ($r < 10) && !$failed) { - my $i = 0; - while ($i ne $r) { - my $tmp = `certutil -d $instanceDir/alias -D -n "Trusted CA c2cert$i"`; - $tmp = `certutil -d $instanceDir/alias -A -f $instanceDir/conf/.pwfile -n "Trusted CA c2cert$i" -t "CT,C,C" -i $instanceDir/conf/chain2cert$i.der`; - $i++; - } - } - - return 1; -} - -sub display -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("CAInfoPanel: display"); - - $::symbol{urls} = []; -# unshift(@{$::symbol{urls}}, "External CA"); - my $count = 0; - my $first = 1; - my $list = ""; - while (1) { - my $host = $::config->get("preop.securitydomain.ca$count.host"); - if ($host eq "") { - goto DONE; - } - my $https_ee_port = $::config->get("preop.securitydomain.ca$count.secureport"); - my $name = $::config->get("preop.securitydomain.ca$count.subsystemname"); - my $item = $name . " - https://" . $host . ":" . $https_ee_port; -# my $item = "https://" . $host . ":" . $https_ee_port; -# unshift(@{$::symbol{urls}}, $item); - $::symbol{urls}[$count++] = $item; - if ($first eq 1) { - $list = $item; - $first = 0; - } else { - $list = $list.",".$item; - } - } -DONE: -# $list = $list.",External CA"; - $::config->put("preop.ca.list", $list); - - $::symbol{urls_size} = $count; - if ($count eq 0) { - $::symbol{errorString} = "no CA found. CA, TKS, and optionally DRM must be installed prior to RA installation"; - return 0; - } - return 1; -} - -sub get_domain_xml -{ - my $host = $1; - my $https_ee_port = $2; - - # get the domain xml - # e. g. - https://water.sfbay.redhat.com:9445/ca/admin/ca/getDomainXML - - my $nickname = $::config->get("preop.cert.sslserver.nickname"); - my $instanceID = $::config->get("service.instanceID"); - my $instanceDir = $::config->get("service.instanceDir"); - my $db_password = `grep \"internal:\" \"$instanceDir/conf/password.conf\" | cut -c10-`; - $db_password =~ s/\n$//g; - - my $sd_host = $::config->get("securitydomain.host"); - my $sd_admin_port = $::config->get("securitydomain.httpsadminport"); - my $content = `/usr/bin/sslget -d \"$instanceDir/alias\" -p \"$db_password\" -v -r \"/ca/admin/ca/getDomainXML\" $sd_host:$sd_admin_port`; - - $content =~ /(\<XMLResponse\>.*\<\/XMLResponse\>)/; - $content = $1; - return $content; -} - -sub get_secure_admin_port_from_domain_xml -{ - my $content = $1; - my $host = $2; - my $https_ee_port = $3; - - # Retrieve the secure admin port corresponding - # to the selected host and secure ee port. - my $parser = XML::Simple->new(); - my $response = $parser->XMLin($content); - my $xml = $parser->XMLin( $response->{'DomainInfo'}, - ForceArray => 1 ); - my $https_admin_port = ""; - my $count = 0; - foreach my $c (@{$xml->{'CAList'}[0]->{'CA'}}) { - if( ( $host eq $c->{'Host'}[0] ) && - ( $https_ee_port eq $c->{'SecurePort'}[0] ) ) { - $https_admin_port = https_$c->{'SecureAdminPort'}[0]; - } - - $count++; - } - - return $https_admin_port; -} - -sub get_secure_agent_port_from_domain_xml -{ - my $content = $1; - my $host = $2; - my $https_ee_port = $3; - - # Retrieve the secure agent port corresponding - # to the selected host and secure ee port. - my $parser = XML::Simple->new(); - my $response = $parser->XMLin($content); - my $xml = $parser->XMLin( $response->{'DomainInfo'}, - ForceArray => 1 ); - my $https_agent_port = ""; - my $count = 0; - foreach my $c (@{$xml->{'CAList'}[0]->{'CA'}}) { - if( ( $host eq $c->{'Host'}[0] ) && - ( $https_ee_port eq $c->{'SecurePort'}[0] ) ) { - $https_agent_port = https_$c->{'SecureAgentPort'}[0]; - } - - $count++; - } - - return $https_agent_port; -} - -1; diff --git a/pki/base/ra/lib/perl/PKI/RA/CertInfo.pm b/pki/base/ra/lib/perl/PKI/RA/CertInfo.pm deleted file mode 100755 index d1a8c3817..000000000 --- a/pki/base/ra/lib/perl/PKI/RA/CertInfo.pm +++ /dev/null @@ -1,133 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -use strict; -use warnings; -use PKI::RA::GlobalVar; -use PKI::RA::Common; - -package PKI::RA::CertInfo; -$PKI::RA::CertInfo::VERSION = '1.00'; - -sub new { - my ($class, $name, $dn, $tag) = @_; - my $self = {}; - - &PKI::RA::Wizard::debug_log("CertInfo: start new"); - $self->{"getUserFriendlyName"} = \&get_user_friendly_name; - $self->{"getCertTag"} = \&get_cert_tag; - $self->{"getDN"} = \&get_dn; - $self->{"getNickname"} = \&get_nickname; - $self->{"useDefaultKey"} = \&use_default_key; - $self->{"getCustomKeysize"} = \&get_custom_keysize; - $self->{"keyOption"} = \&get_key_option; - &PKI::RA::Wizard::debug_log("CertInfo: end new"); - - $self->{name} = $name; - $self->{dn} = $dn; - $self->{tag} = $tag; - - bless $self, $class; - return $self; -} - -sub get_user_friendly_name -{ - my ($self) = @_; - &PKI::RA::Wizard::debug_log("CertInfo: get_user_friendly_name"); - return $self->{name}; -} - -sub get_cert_tag -{ - my ($self) = @_; - &PKI::RA::Wizard::debug_log("CertInfo: get_cert_tag"); - return $self->{tag}; -} - -sub get_dn -{ - my ($self) = @_; - &PKI::RA::Wizard::debug_log("CertInfo: get_cert_dn"); - return $self->{dn}; -} - -sub use_default_key -{ - my ($self) = @_; - &PKI::RA::Wizard::debug_log("CertInfo: use_default_key"); - my $option = $::config->get("preop.cert.$self->{tag}.keysize.select"); - if (($option ne "") && ($option ne "default")) { - return 0; - } - return 1; -} - -sub get_nickname -{ - my ($self) = @_; - &PKI::RA::Wizard::debug_log("CertInfo: get_nickname"); - my $nickname = $::config->get("preop.cert.$self->{tag}.nickname"); - - my $flavor = "pki"; - $flavor =~ s/\n//g; - - if ($nickname ne "") { - return $nickname; - } else { - return $self->{tag}."cert cert-$flavor-ra"; - } -} - -sub get_key_option -{ - my ($self) = @_; - &PKI::RA::Wizard::debug_log("CertInfo: get_key_option"); - my $option = $::config->get("preop.cert.$self->{tag}.keysize.select"); - - if ($option ne "") { - &PKI::RA::Wizard::debug_log("CertInfo: get_key_option from config = $option"); - return $option; - } else { - &PKI::RA::Wizard::debug_log("CertInfo: get_key_option not from config"); - return "default"; - } -} - -sub get_custom_keysize -{ - my ($self) = @_; - &PKI::RA::Wizard::debug_log("CertInfo: get_custom_keysize"); - my $size = $::config->get("preop.cert.$self->{tag}.keysize.customsize"); - &PKI::RA::Wizard::debug_log("CertInfo: get_custom_keysize for preop.cert.$self->{tag}.keysize.customsize is $size"); - if ($size ne "") { - &PKI::RA::Wizard::debug_log("CertInfo: get_custom_keysize from config is $size"); - return $size; - } else { - &PKI::RA::Wizard::debug_log("CertInfo: get_custom_keysize not from config"); - return 2048; - } -} - -1; diff --git a/pki/base/ra/lib/perl/PKI/RA/CertPrettyPrintPanel.pm b/pki/base/ra/lib/perl/PKI/RA/CertPrettyPrintPanel.pm deleted file mode 100755 index cf58d2327..000000000 --- a/pki/base/ra/lib/perl/PKI/RA/CertPrettyPrintPanel.pm +++ /dev/null @@ -1,85 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -use strict; -use warnings; -use PKI::RA::GlobalVar; -use PKI::RA::Common; - -package PKI::RA::CertPrettyPrintPanel; -$PKI::RA::CertPrettyPrintPanel::VERSION = '1.00'; - -use PKI::RA::BasePanel; -our @ISA = qw(PKI::RA::BasePanel); - -sub new { - my $class = shift; - my $self = {}; - - $self->{"isSubPanel"} = \&is_sub_panel; - $self->{"hasSubPanel"} = \&has_sub_panel; - $self->{"isPanelDone"} = \&PKI::RA::Common::no; - $self->{"getPanelNo"} = &PKI::RA::Common::r(13); - $self->{"getName"} = &PKI::RA::Common::r("Certificates"); - $self->{"vmfile"} = "certprettyprintpanel.vm"; - $self->{"update"} = \&update; - $self->{"panelvars"} = \&display; - bless $self,$class; - return $self; -} - -sub is_sub_panel -{ - my ($q) = @_; - return 0; -} - -sub has_sub_panel -{ - my ($q) = @_; - return 0; -} - -sub validate -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("CertPrettyPrintPanel: validate"); - return 1; -} - -sub update -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("CertPrettyPrintPanel: update"); - return 1; -} - -sub display -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("CertPrettyPrintPanel: display"); - return 1; -} - -1; diff --git a/pki/base/ra/lib/perl/PKI/RA/CertRequestPanel.pm b/pki/base/ra/lib/perl/PKI/RA/CertRequestPanel.pm deleted file mode 100755 index 51eb1d400..000000000 --- a/pki/base/ra/lib/perl/PKI/RA/CertRequestPanel.pm +++ /dev/null @@ -1,301 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -use strict; -use warnings; -use PKI::RA::GlobalVar; -use PKI::RA::Common; -use PKI::RA::ReqCertInfo; -use FileHandle; - -package PKI::RA::CertRequestPanel; -$PKI::RA::CertRequestPanel::VERSION = '1.00'; - -use PKI::RA::BasePanel; -our @ISA = qw(PKI::RA::BasePanel); - -our $cert_req_header="-----BEGIN NEW CERTIFICATE REQUEST-----"; -our $cert_req_footer="-----END NEW CERTIFICATE REQUEST-----"; -our $cert_header="-----BEGIN CERTIFICATE-----"; -our $cert_footer="-----END CERTIFICATE-----"; - -sub new { - my $class = shift; - my $self = {}; - - $self->{"isSubPanel"} = \&is_sub_panel; - $self->{"hasSubPanel"} = \&has_sub_panel; - $self->{"isPanelDone"} = \&PKI::RA::Common::no; - $self->{"getPanelNo"} = &PKI::RA::Common::r(13); - $self->{"getName"} = &PKI::RA::Common::r("Certificate Requests"); - $self->{"vmfile"} = "certrequestpanel.vm"; - $self->{"update"} = \&update; - $self->{"panelvars"} = \&display; - bless $self,$class; - return $self; -} - -sub is_sub_panel -{ - my ($q) = @_; - return 0; -} - -sub has_sub_panel -{ - my ($q) = @_; - return 0; -} - -sub validate -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("CertRequestPanel: validate"); - return 1; -} - -sub update -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("CertRequestPanel: update"); - - my $i = 0; - - my $instanceDir = $::config->get("service.instanceDir"); - - my $useExternalCA = $::config->get("preop.certenroll.useExternalCA"); - if ($useExternalCA eq "on") { - &PKI::RA::Wizard::debug_log("CertRequestPanel: update: useExternalCA is on"); - } else { - &PKI::RA::Wizard::debug_log("CertRequestPanel: update: useExternalCA is off"); - &PKI::RA::Wizard::debug_log("CertRequestPanel: update auto enrollment should have been done, no more action needed"); - return 1; - } - - &PKI::RA::Wizard::debug_log("CertRequestPanel: update External CA selected, retrieve/process user input"); - - my $tokenname = $::config->get("preop.module.token"); - &PKI::RA::Wizard::debug_log("CertRequestPanel: update got token name = $tokenname"); - my $token_pwd = $::pwdconf->get($tokenname); - $token_pwd =~ s/\n//g; - open FILE, ">$instanceDir/conf/.pwfile"; - system( "chmod 00660 $instanceDir/conf/.pwfile" ); - print FILE $token_pwd; - close FILE; - - my $hw; - my $tk; - - if (($tokenname eq "") || ($tokenname eq "NSS Certificate DB")) { - $hw = ""; - $tk = ""; - } else { - $hw = "-h $tokenname"; - $tk = $tokenname.":"; - } - - foreach my $certtag (@PKI::RA::Wizard::certtags) { - if ($certtag eq "subsystem") { - &PKI::RA::Wizard::debug_log("CertRequestPanel: update: subsystem cert is pre-generated by the security domain"); - return 1; - } - &PKI::RA::Wizard::debug_log("CertRequestPanel: update: for certag= $certtag"); - my $ccert = $::config->get("preop.cert.$certtag.cert"); - if ($ccert ne "") { - &PKI::RA::Wizard::debug_log("CertRequestPanel: update: cert already exists in CS.cfg, go to next"); - next; - } - my $certchain = $q->param($certtag.'_cc'); - if ($certchain ne "") { - &PKI::RA::Wizard::debug_log("CertRequestPanel: update: $certtag certchain is $certchain"); - my $cc_fn = "$instanceDir/conf/caCertChain.txt"; - my $tmp = `echo "$certchain" > $cc_fn`; - # remove existing one - &PKI::RA::Wizard::debug_log("CertRequestPanel: update: try to delete existing certchain, if any....ok if it fails"); -# XXX remove should not be done lightly... - $tmp = `p7tool -d $instanceDir/alias -p $instanceDir/conf/chain1cert -a -i $cc_fn -o $instanceDir/conf/CAchain_pp.txt`; - my $r = $? >> 8; - my $failed = $? & 127; - if (($r > 0) && ($r < 10) && !$failed) { - my $i = 0; - while ($i ne $r) { - $tmp = `certutil -d $instanceDir/alias -D -n "Trusted CA $certtag cert$i"`; - $tmp = `certutil -d $instanceDir/alias -A -f $instanceDir/conf/.pwfile -n "Trusted CA $certtag cert$i" -t "CT,C,C" -i $instanceDir/conf/chain1cert$i.der`; -# $tmp = `rm $cc_fn`; - $i++ - } - } - } else { - &PKI::RA::Wizard::debug_log("CertRequestPanel: update: no certchain included for certtag $certtag"); - } - - my $cert = $q->param($certtag); - if ($cert ne "") { - &PKI::RA::Wizard::debug_log("CertRequestPanel: update: $certtag cert is $cert"); - my $nickname = $::config->get("preop.cert.$certtag.nickname"); - if ($nickname eq "") { - $nickname = "RA ".$certtag." cert"; - $::config->put("preop.cert.$certtag.nickname", $nickname); - &PKI::RA::Wizard::debug_log("CertRequestPanel: update: $certtag cert nickname not found in CS.cfg, generating one= $nickname"); - } - #remove existing one - &PKI::RA::Wizard::debug_log("CertRequestPanel: update: try to delete existing cert $nickname, if any....ok if it fails"); -#XXX remove should not be done lightly... - my $tmp = `certutil -d $instanceDir/alias -D -n "$nickname"`; - $tmp = `certutil -d $instanceDir/alias -D $hw -f $instanceDir/conf/.pwfile -n "$tk$nickname"`; - #now import the cert - &PKI::RA::Wizard::debug_log("CertRequestPanel: update: try to import cert"); - my $cert_fn = "$instanceDir/conf/$certtag"."_cert.txt"; - $tmp = `echo "$cert" > $cert_fn`; - -# $cert = extract_cert_from_file_sans_header_and_footer($cert_fn); - my $certa =""; - my $save_line = 0; - my @cert_a = split "\n", $cert; - foreach my $line (@cert_a) { - chomp( $line ); - $line =~ s/\r//g; - if ($line eq $cert_header) { - $save_line = 1; - } elsif( $line eq $cert_footer ) { - $save_line = 0; - last; - } elsif( $save_line == 1 ) { - $certa .= "$line"; - } - } - - &PKI::RA::Wizard::debug_log("CertRequestPanel: update putting cert in CS.cfg: $certa"); - - $::config->put("preop.cert.$certtag.cert", $certa); - - &PKI::RA::Wizard::debug_log("CertRequestPanel: update: about to certutil -d $instanceDir/alias $hw -A -f $instanceDir/conf/.pwfile -n $nickname -t u,u,u -a -i $cert_fn"); - $tmp = `certutil -d $instanceDir/alias $hw -A -f $instanceDir/conf/.pwfile -n "$nickname" -t "u,u,u" -a -i $cert_fn`; - &PKI::RA::Wizard::debug_log("CertRequestPanel: update: done certutil: $tmp"); - $tmp = `rm $cert_fn`; - - # changed the cert, need to change nickname too, if necessary - if ($hw ne "") { - $::config->put("preop.cert.$certtag.nickname", "$tk$nickname"); - if ($certtag eq "subsystem") { - $::config->put("conn.ca1.clientNickname","$tk$nickname"); - $::config->put("conn.drm1.clientNickname","$tk$nickname"); - $::config->put("conn.tks1.clientNickname","$tk$nickname"); - } - } - - } else { - &PKI::RA::Wizard::debug_log("CertRequestPanel: update: no cert"); - } - } - -DONE: - $::config->commit(); - my $tmp = `rm $instanceDir/conf/.pwfile`; - - return 1; -} - -sub display -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("CertRequestPanel: display"); - - my $domain_name = $::config->get("preop.securitydomain.name"); - if ($domain_name eq "") { - $domain_name = "RA Domain"; - } - my $machine_name = $::config->get("service.machineName"); - my $instance_id = $::config->get("service.instanceID"); - - my $i = 0; - foreach my $certtag (@PKI::RA::Wizard::certtags) { - my $cert_dn = $::config->get("preop.cert.".$certtag.".dn"); - if ($cert_dn eq "") { - if ($certtag eq "subsystem") { - $cert_dn = "CN=RA Subsystem, " . - "OU=" . $instance_id . ", " . - "O=" . $domain_name; - } elsif ($certtag eq "sslserver") { - $cert_dn ="CN=" . $machine_name . ", " . - "OU=" . $instance_id . ", " . - "O=" . $domain_name; - } else { - $cert_dn = $certtag; - } - } - - my $name = $::config->get("preop.cert.".$certtag.".userfriendlyname"); - if ($name eq "") { - $name = $certtag."Cert ".$instance_id; - } - - my $reqcert = new PKI::RA::ReqCertInfo($name, - $cert_dn, $certtag); - $::symbol{reqscerts}[$i++] = $reqcert; - } - - $::symbol{errorString} = ""; - $::symbol{showApplyButton} = "true"; - - return 1; -} - -# arg0 message containing certificate -# return certificate sans header and footer -# -- all in a one-liner -sub extract_cert_from_file_sans_header_and_footer -{ - my $filename = $_[0]; - my $save_line = 0; - - my $fd = new FileHandle; - - my $cert = ""; - - $fd->open( "<$filename" ) or die "Could not open '$filename'!\n"; - - while( <$fd> ) - { - my $line = $_; - chomp( $line ); - $line =~ s/^M//g; - - if( $line eq $cert_header ) { - $save_line = 1; - } elsif( $line eq $cert_footer ) { - $save_line = 0; - last; - } elsif( $save_line == 1 ) { - $cert .= "$line"; - } - } - - $fd->close(); - - return $cert; -} - - -1; diff --git a/pki/base/ra/lib/perl/PKI/RA/Common.pm b/pki/base/ra/lib/perl/PKI/RA/Common.pm deleted file mode 100755 index 8deab8c6c..000000000 --- a/pki/base/ra/lib/perl/PKI/RA/Common.pm +++ /dev/null @@ -1,50 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package PKI::RA::Common; - -use strict; -use warnings; -use Exporter; - -use vars qw(@ISA @EXPORT @EXPORT_OK); -@ISA = qw(Exporter Autoloader); -@EXPORT = qw(r yes no); - -$PKI::RA::Common::VERSION = '1.00'; - -sub yes { - return sub {1}; -} - -sub no { - return sub {0}; -} - -sub r { - my $a = shift; - return sub { $a; } -} - -1; diff --git a/pki/base/ra/lib/perl/PKI/RA/Config.pm b/pki/base/ra/lib/perl/PKI/RA/Config.pm deleted file mode 100755 index f1ace5b03..000000000 --- a/pki/base/ra/lib/perl/PKI/RA/Config.pm +++ /dev/null @@ -1,170 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package PKI::RA::Config; - -use strict; -use warnings; -use Exporter; - -$PKI::RA::Config::VERSION = '1.00'; - -####################################################### -# Configuration Store -####################################################### -sub new { - my $class = shift; - my $self = {}; - my %hash = (); - $self->{filename} = ""; - $self->{hash} = \%hash; - bless $self,$class; - return $self; -} - -sub load_file -{ - my ($self, $filename) = @_; - - $self->{filename} = $filename; - if (-e $filename) { - open(CF, "<$filename"); - if (defined fileno CF) { - while (<CF>) { - if (/^#/) { - # comments - } elsif (/([^=]+)=(.*)$/) { - # print "$1 = $2\n"; - $self->{hash}{$1} = $2; - } else { - # preserve comments - } - } - } - close(CF); - } -} - -sub get_filename -{ - my ($self) = @_; - return $self->{filename}; -} - -sub get -{ - my ($self, $n) = @_; - return $self->{hash}{$n}; -} - -sub put -{ - my ($self, $n, $v) = @_; - $self->{hash}{$n} = $v; -} - -sub deleteSubstore -{ - my ($self, $n) = @_; - foreach my $xkey (keys %{$self->{hash}}) { - if ($xkey =~ /^\Q$n\E/) { - delete $self->{hash}{$xkey}; - } - } -} - -sub commit -{ - my ($self) = @_; - - # write stuff back to the file -# print $self->{filename} . "\n"; - my $hash = $self->{hash}; - my $suffix = time(); - - if (-e $self->{filename}) { - # Create a copy of the original file which - # preserves the original file permissions - system("cp -p \"" . $self->{filename} . "\" \"" . - $self->{filename} . "." . $suffix . "\""); - } - - # Overwrite the contents of the original file - # to preserve the original file permissions - open(F, ">" . $self->{filename}); - foreach my $k (sort keys %{$hash}) { - print F "$k=$self->{hash}{$k}\n"; - } - close(F); - - if (-e $self->{filename} . "." . $suffix) { - system("rm \"" . $self->{filename} . "." . $suffix . "\""); - } -} - -sub commit_with_backup -{ - my ($self) = @_; - - # write stuff back to the file -# print $self->{filename} . "\n"; - my $hash = $self->{hash}; - my $suffix = time(); - # Create a copy of the original file which - # preserves the original file permissions - system("cp -p \"" . $self->{filename} . "\" \"" . - $self->{filename} . "." . $suffix . "\""); - - # Overwrite the contents of the original file - # to preserve the original file permissions - open(F, ">" . $self->{filename}); - foreach my $k (sort keys %{$hash}) { - print F "$k=$self->{hash}{$k}\n"; - } - close(F); -} - -1; - -####################################################### -# Test Program -####################################################### -#my $config = PKI::RA::Config->new(); -#$config->load_file("/tmp/CS.cfg"); -#print $config->get("tokendb.indexAdminTemplate") . "\n"; -#$config->put("tokendb.indexAdminTemplate", "Testing"); -#print $config->get("tokendb.indexAdminTemplate") . "\n"; -#$config->commit(); - -1; - -####################################################### -# Test Program -####################################################### -#my $config = PKI::RA::Config->new(); -#$config->load_file("/tmp/CS.cfg"); -#print $config->get("tokendb.indexAdminTemplate") . "\n"; -#$config->put("tokendb.indexAdminTemplate", "Testing"); -#print $config->get("tokendb.indexAdminTemplate") . "\n"; -#$config->commit(); diff --git a/pki/base/ra/lib/perl/PKI/RA/ConfigHSMLoginPanel.pm b/pki/base/ra/lib/perl/PKI/RA/ConfigHSMLoginPanel.pm deleted file mode 100755 index bf74890cc..000000000 --- a/pki/base/ra/lib/perl/PKI/RA/ConfigHSMLoginPanel.pm +++ /dev/null @@ -1,104 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -use strict; -use warnings; -use PKI::RA::GlobalVar; -use PKI::RA::Common; - -package PKI::RA::ConfigHSMLoginPanel; -$PKI::RA::ConfigHSMLoginPanel::VERSION = '1.00'; - -use PKI::RA::BasePanel; -our @ISA = qw(PKI::RA::BasePanel); - -sub new { - my $class = shift; - my $self = {}; - - $self->{"isSubPanel"} = \&is_sub_panel; - $self->{"hasSubPanel"} = \&has_sub_panel; - $self->{"isPanelDone"} = \&PKI::RA::Common::no; - $self->{"getPanelNo"} = &PKI::RA::Common::r(9); - $self->{"getName"} = &PKI::RA::Common::r("Security Modules Login"); - $self->{"vmfile"} = "config_hsmloginpanel.vm"; - $self->{"update"} = \&update; - $self->{"panelvars"} = \&display; - bless $self,$class; - return $self; -} - -sub is_sub_panel -{ - my ($q) = @_; - return 1; -} - -sub has_sub_panel -{ - my ($q) = @_; - return 0; -} - -sub validate -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("ConfigHSMLoginPanel: validate"); - return 1; -} - -sub update -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("ConfigHSMLoginPanel: update"); - my $uTokName = $q->param('uTokName'); - my $uPasswd = $q->param('__uPasswd'); - -# &PKI::RA::Wizard::debug_log("ConfigHSMLoginPanel: update tokname= $uTokName pwd =$uPasswd"); - - $::pwdconf->put($uTokName, $uPasswd); - $::pwdconf->commit(); - - return 1; -} - -sub display -{ - my ($q) = @_; - use Data::Dumper; - $Data::Dumper::Indent = 1; -# &PKI::RA::Wizard::debug_log("ConfigHSMLoginPanel -> dump of q= ". Dumper($q)); - $::symbol{SecToken} = $q->param('SecToken'); -# &PKI::RA::Wizard::debug_log("ConfigHSMLoginPanel -> display has ".$q->param('SecToken')); - - &PKI::RA::Wizard::debug_log("ConfigHSMLoginPanel -> display retrieving $q->param('SecToken') "); - my $pwd = $::pwdconf->get( $q->param('SecToken')); - if ($pwd ne "") { - &PKI::RA::Wizard::debug_log("ConfigHSMLoginPanel -> display retrieved pwd from pwdconf"); - } - - return 1; -} - -1; diff --git a/pki/base/ra/lib/perl/PKI/RA/ConfigHSMPanel.pm b/pki/base/ra/lib/perl/PKI/RA/ConfigHSMPanel.pm deleted file mode 100755 index 095ed5879..000000000 --- a/pki/base/ra/lib/perl/PKI/RA/ConfigHSMPanel.pm +++ /dev/null @@ -1,72 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -use strict; -use warnings; -use PKI::RA::GlobalVar; -use PKI::RA::Common; - -package PKI::RA::ConfigHSMPanel; -$PKI::RA::ConfigHSMPanel::VERSION = '1.00'; - -use PKI::RA::BasePanel; -our @ISA = qw(PKI::RA::BasePanel); - -sub new { - my $class = shift; - my $self = {}; - - $self->{"isSubPanel"} = \&PKI::RA::Common::no; - $self->{"isPanelDone"} = \&PKI::RA::Common::no; - $self->{"getPanelNo"} = &PKI::RA::Common::r(12); - $self->{"getName"} = &PKI::RA::Common::r("ConfigHSMLogin"); - $self->{"vmfile"} = "config_hsm.vm"; - $self->{"update"} = \&update; - $self->{"panelvars"} = \&display; - bless $self,$class; - return $self; -} - -sub validate -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("ConfigHSMPanel: validate"); - return 1; -} - -sub update -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("ConfigHSMPanel: update"); - return 1; -} - -sub display -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("ConfigHSMPanel: display"); - return 1; -} - -1; diff --git a/pki/base/ra/lib/perl/PKI/RA/DRMInfoPanel.pm b/pki/base/ra/lib/perl/PKI/RA/DRMInfoPanel.pm deleted file mode 100755 index fadd7727c..000000000 --- a/pki/base/ra/lib/perl/PKI/RA/DRMInfoPanel.pm +++ /dev/null @@ -1,140 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -use strict; -use warnings; -use PKI::RA::GlobalVar; -use PKI::RA::Common; -use URI::URL; - -package PKI::RA::DRMInfoPanel; -$PKI::RA::DRMInfoPanel::VERSION = '1.00'; - -use PKI::RA::BasePanel; -our @ISA = qw(PKI::RA::BasePanel); - -sub new { - my $class = shift; - my $self = {}; - - $self->{"isSubPanel"} = \&is_sub_panel; - $self->{"hasSubPanel"} = \&has_sub_panel; - $self->{"isPanelDone"} = \&PKI::RA::Common::no; - $self->{"getPanelNo"} = &PKI::RA::Common::r(6); - $self->{"getName"} = &PKI::RA::Common::r("DRM Information"); - $self->{"vmfile"} = "drminfopanel.vm"; - $self->{"update"} = \&update; - $self->{"panelvars"} = \&display; - bless $self,$class; - return $self; -} - -sub is_sub_panel -{ - my ($q) = @_; - return 0; -} - -sub has_sub_panel -{ - my ($q) = @_; - return 0; -} - -sub validate -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("DRMInfoPanel: validate"); - return 1; -} - -sub update -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("DRMInfoPanel: update"); - - my $choice = $q->param('choice'); - $::config->put("preop.krainfo.keygen", $choice); - - if ($choice eq "keygen") { - my $count = $q->param('urls'); - my $instanceID = $::config->get("service.instanceID"); - my $host = ""; - my $https_agent_port = ""; - if ($count =~ /http/) { - my $info = new URI::URL($count); - $host = $info->host; - $https_agent_port = $info->port; - } else { - $host = $::config->get("preop.securitydomain.kra$count.host"); - $https_agent_port = $::config->get("preop.securitydomain.kra$count.secureagentport"); - } - if (($host eq "") || ($https_agent_port eq "")) { - $::symbol{errorString} = "no DRM found. CA, TKS and DRM must be installed prior to RA installation"; - return 0; - } - - $::config->put("preop.krainfo.select", "https://$host:$https_agent_port"); - my $subsystemCertNickName = $::config->get("preop.cert.subsystem.nickname"); - $::config->put("conn.drm1.clientNickname", $subsystemCertNickName); - $::config->put("conn.drm1.hostport", $host . ":" . $https_agent_port); - $::config->put("conn.tks1.serverKeygen", "true"); - $::config->put("op.enroll.userKey.keyGen.encryption.serverKeygen.enable", "true"); - $::config->put("op.enroll.userKeyTemporary.keyGen.encryption.serverKeygen.enable", "true"); - } else { - # no keygen - $::config->put("conn.tks1.serverKeygen", "false"); - $::config->put("op.enroll.userKey.keyGen.encryption.serverKeygen.enable", "false"); - $::config->put("op.enroll.userKeyTemporary.keyGen.encryption.serverKeygen.enable", "false"); - $::config->put("conn.drm1.clientNickname", ""); - $::config->put("conn.drm1.hostport", ""); - } - $::config->commit(); - - return 1; -} - -sub display -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("DRMInfoPanel: display"); - - $::symbol{urls} = []; - my $count = 0; - while (1) { - my $host = $::config->get("preop.securitydomain.kra$count.host"); - if ($host eq "") { - goto DONE; - } - my $https_agent_port = $::config->get("preop.securitydomain.kra$count.secureagentport"); - my $name = $::config->get("preop.securitydomain.kra$count.subsystemname"); - $::symbol{urls}[$count++] = $name . " - https://" . $host . ":" . $https_agent_port; - } -DONE: - $::symbol{urls_size} = $count; - - return 1; -} - -1; diff --git a/pki/base/ra/lib/perl/PKI/RA/DatabasePanel.pm b/pki/base/ra/lib/perl/PKI/RA/DatabasePanel.pm deleted file mode 100755 index e469e51f8..000000000 --- a/pki/base/ra/lib/perl/PKI/RA/DatabasePanel.pm +++ /dev/null @@ -1,109 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -use strict; -use warnings; -use PKI::RA::GlobalVar; -use PKI::RA::Common; - -use DBI; -package PKI::RA::DatabasePanel; -$PKI::RA::DatabasePanel::VERSION = '1.00'; - -use PKI::RA::BasePanel; -our @ISA = qw(PKI::RA::BasePanel); - -sub new { - my $class = shift; - my $self = {}; - - $self->{"isSubPanel"} = \&is_sub_panel; - $self->{"hasSubPanel"} = \&has_sub_panel; - $self->{"isPanelDone"} = \&PKI::RA::Common::no; - $self->{"getPanelNo"} = &PKI::RA::Common::r(8); - $self->{"getName"} = &PKI::RA::Common::r("Internal Database"); - $self->{"vmfile"} = "databasepanel.vm"; - $self->{"update"} = \&update; - $self->{"panelvars"} = \&display; - bless $self,$class; - return $self; -} - -sub is_sub_panel -{ - my ($q) = @_; - return 0; -} - -sub has_sub_panel -{ - my ($q) = @_; - return 0; -} - -sub validate -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("DatabasePanel: validate"); - return 1; -} - -sub update -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("DatabasePanel: update"); - my $instDir = $::config->get("service.instanceDir"); - - # create local database - my $dbh = DBI->connect( - "dbi:SQLite:dbname=$instDir/conf/dbfile","",""); - - # create database lockfile - system("touch $instDir/conf/dblock"); - - open(F, "/usr/share/pki/ra/scripts/schema.sql"); - while (<F>) { - if (!($_ =~ /^#/)) { - $dbh->do($_); - } - } - close(F); - - $dbh->disconnect(); - - return 1; -} - -sub display -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("DatabasePanel: display"); - - my $machineName = $::config->get("service.machineName"); - my $instanceId = $::config->get("service.instanceID"); - - return 1; -} - -1; diff --git a/pki/base/ra/lib/perl/PKI/RA/DisplayCertChain2Panel.pm b/pki/base/ra/lib/perl/PKI/RA/DisplayCertChain2Panel.pm deleted file mode 100755 index 46c8a2902..000000000 --- a/pki/base/ra/lib/perl/PKI/RA/DisplayCertChain2Panel.pm +++ /dev/null @@ -1,179 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -use strict; -use warnings; -use PKI::RA::GlobalVar; -use PKI::RA::Common; -use FileHandle; - -package PKI::RA::DisplayCertChain2Panel; -$PKI::RA::DisplayCertChain2Panel::VERSION = '1.00'; - -use PKI::RA::BasePanel; -our @ISA = qw(PKI::RA::BasePanel); - -our $cert_header="-----BEGIN CERTIFICATE-----"; -our $cert_footer="-----END CERTIFICATE-----"; - -sub new { - my $class = shift; - my $self = {}; - - $self->{"isSubPanel"} = \&is_sub_panel; - $self->{"hasSubPanel"} = \&has_sub_panel; - $self->{"isPanelDone"} = \&PKI::RA::Common::no; - $self->{"getPanelNo"} = &PKI::RA::Common::r(7); - $self->{"getName"} = &PKI::RA::Common::r("Display Certificate Chain"); - $self->{"vmfile"} = "displaycertchain2panel.vm"; - $self->{"update"} = \&update; - $self->{"panelvars"} = \&display; - bless $self,$class; - return $self; -} - -sub is_sub_panel -{ - my ($q) = @_; - return 0; -} - -sub has_sub_panel -{ - my ($q) = @_; - return 0; -} - -sub readFile -{ - my $fn = $_[0]; - open FILE, "< $fn" or return ""; - my $content = join "",<FILE>; - close FILE; - - return $content; -} - -sub validate -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("DisplayCertChain2Panel: validate"); - return 1; -} - -sub update -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("DisplayCertChain2Panel: update"); - - my $instanceDir = $::config->get("service.instanceDir"); - -# my $caCert = readFile("$instanceDir/conf/caCertChain2.txt"); - my $caCert = extract_cert_from_file_sans_header_and_footer("$instanceDir/conf/caCertChain2.txt"); - - #store in config - $::config->put("preop.ca.certchain", $caCert); - $::config->commit(); - # import it into the security database - my $tmp = `p7tool -d $instanceDir/alias -p $instanceDir/conf/chain2cert -a -i $instanceDir/conf/caCertChain2.txt -o $instanceDir/conf/CAchain2_pp.txt`; - my $r = $? >> 8; - my $failed = $? & 127; - if (($r > 0) && ($r < 10) && !$failed) { - my $i = 0; - while ($i ne $r) { - $tmp = `certutil -d $instanceDir/alias -D -n "Trusted CA c2cert$i"`; - $tmp = `certutil -d $instanceDir/alias -A -f $instanceDir/conf/.pwfile -n "Trusted CA c2cert$i" -t "CT,C,C" -i $instanceDir/conf/chain2cert$i.der`; - $i++ - } - } - - # clean up -# my $tmp = `rm $instanceDir/conf/caCertChain2.txt`; -# $tmp = `rm $instanceDir/conf/CAchain2_pp.txt`; - - return 1; -} - -sub display -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("DisplayCertChain2Panel: display"); - my $instanceDir = $::config->get("service.instanceDir"); - - my $found = -e "$instanceDir/conf/caCertChain2.txt"; - my $certpp = ""; - if ($found) { - &PKI::RA::Wizard::debug_log("DisplayCertChain2Panel: display found caCertChain2.txt"); - my $tmp = `p7tool -d $instanceDir/alias -p $instanceDir/conf/chain2cert -a -i $instanceDir/conf/caCertChain2.txt -o $instanceDir/conf/CAchain2_pp.txt`; - - $certpp = readFile("$instanceDir/conf/CAchain2_pp.txt"); - &PKI::RA::Wizard::debug_log("DisplayCertChain2Panel: display read CAchain2_pp.txt"); - $certpp =~ s/"//g; - &PKI::RA::Wizard::debug_log("DisplayCertChain2Panel: certpp2= $certpp"); - } - -# $symbol{certchain} = [ "cert1", "cert2" ]; -# $symbol{certchain_size} = 2; - $::symbol{certchain} = "$certpp"; - $::symbol{certchain_size} = 1; - - &PKI::RA::Wizard::debug_log("DisplayCertChain2Panel: display done"); - return 1; -} - -# return certificate sans header and footer -# -- all in a one-liner -sub extract_cert_from_file_sans_header_and_footer -{ - my $filename = $_[0]; - my $save_line = 0; - - my $fd = new FileHandle; - - my $cert = ""; - - $fd->open( "<$filename" ) or die "Could not open '$filename'!\n"; - - while( <$fd> ) - { - my $line = $_; - chomp( $line ); - $line =~ s/^M//g; - - if( $line eq $cert_header ) { - $save_line = 1; - } elsif( $line eq $cert_footer ) { - $save_line = 0; - last; - } elsif( $save_line == 1 ) { - $cert .= "$line"; - } - } - - $fd->close(); - - return $cert; -} - -1; diff --git a/pki/base/ra/lib/perl/PKI/RA/DisplayCertChainPanel.pm b/pki/base/ra/lib/perl/PKI/RA/DisplayCertChainPanel.pm deleted file mode 100755 index dd991a917..000000000 --- a/pki/base/ra/lib/perl/PKI/RA/DisplayCertChainPanel.pm +++ /dev/null @@ -1,348 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -use strict; -use warnings; -use PKI::RA::GlobalVar; -use PKI::RA::Common; -use URI::URL; -use MIME::Base64; - -package PKI::RA::DisplayCertChainPanel; -$PKI::RA::DisplayCertChainPanel::VERSION = '1.00'; - -use PKI::RA::BasePanel; -our @ISA = qw(PKI::RA::BasePanel); - -sub new { - my $class = shift; - my $self = {}; - - $self->{"isSubPanel"} = \&is_sub_panel; - $self->{"hasSubPanel"} = \&has_sub_panel; - $self->{"isPanelDone"} = \&PKI::RA::Common::no; - $self->{"getPanelNo"} = &PKI::RA::Common::r(2); - $self->{"getName"} = &PKI::RA::Common::r("Display Certificate Chain"); - $self->{"vmfile"} = "displaycertchainpanel.vm"; - $self->{"update"} = \&update; - $self->{"panelvars"} = \&display; - bless $self,$class; - return $self; -} - -sub is_sub_panel -{ - my ($q) = @_; - return 1; -} - -sub has_sub_panel -{ - my ($q) = @_; - return 0; -} - -sub validate -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("DisplayCertChainPanel: validate"); - return 1; -} - -sub readFile -{ - my $fn = $_[0]; - open FILE, "< $fn" or return ""; - my $content = join "",<FILE>; - close FILE; - - return $content; -} - -sub update -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("DisplayCertChainPanel: update"); - - my $instanceDir = $::config->get("service.instanceDir"); - - my $caCert = readFile("$instanceDir/conf/caCert.txt"); - - #store in config - $::config->put("preop.ca.certchain", $caCert); - $::config->commit(); - - # import it into the security database -# my $cmd1 = `/usr/bin/AtoB $instanceDir/conf/caCert.txt $instanceDir/conf/caCert.der`; - my $cmd2 = `/usr/bin/certutil -A -d \"$instanceDir/alias\" -t \"CT,CT,CT\" -n \"caCert\" -i $instanceDir/conf/caCert.der`; - - # clean up - my $tmp = `rm $instanceDir/conf/caCert.txt`; - $tmp = `rm $instanceDir/conf/caCert.der`; - $tmp = `rm $instanceDir/conf/caCert_pp.txt`; - - # complete the SecurityDomain task - my $sdomainAdminURL = $::config->get("config.sdomainAdminURL"); - if ($sdomainAdminURL eq "") { - return 2; - } - - my $machineName = $::config->get("service.machineName"); - my $non_clientauth_securePort = $::config->get("service.non_clientauth_securePort"); - my $unsecurePort = $::config->get("service.unsecurePort"); - - # check if url is accessible - # redirect to the security domain authentication - if ($ENV{'SERVER_PORT'} eq $unsecurePort) { - $::symbol{redirect} = $sdomainAdminURL . "/ca/admin/ca/securityDomainLogin?url=http%3A%2F%2F" . $machineName . "%3A" . $unsecurePort . "%2Fra%2Fadmin%2Fconsole%2Fconfig%2Fwizard%3Fp%3D3%26subsystem%3DRA"; - } else { - $::symbol{redirect} = $sdomainAdminURL . "/ca/admin/ca/securityDomainLogin?url=https%3A%2F%2F" . $machineName . "%3A" . $non_clientauth_securePort . "%2Fra%2Fadmin%2Fconsole%2Fconfig%2Fwizard%3Fp%3D3%26subsystem%3DRA"; - } - - get_domain_xml($sdomainAdminURL); - - - return 3; -} - -sub display -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("DisplayCertChainPanel: display"); - - # connect to the CA, and retrieve the CA certificate - &PKI::RA::Wizard::debug_log("DisplayCertChainPanel: update connecting to CA and retrieve cert chain"); - my $instanceID = $::config->get("service.instanceID"); - my $instanceDir = $::config->get("service.instanceDir"); - my $sdomainAdminURL = $::config->get("config.sdomainAdminURL"); - if ($sdomainAdminURL eq "") { - return 2; - } - - my $db_password = `grep \"internal:\" \"$instanceDir/conf/password.conf\" | cut -c10-`; - $db_password =~ s/\n$//g; - - my $url_info = new URI::URL($sdomainAdminURL); - my $sd_host = $url_info->host; - my $sd_admin_port = $url_info->port; - my $nickname = $::config->get("preop.cert.sslserver.nickname"); - my $cmd = `/usr/bin/sslget -d \"$instanceDir/alias\" -p \"$db_password\" -v -r \"/ca/admin/ca/getCertChain\" $sd_host:$sd_admin_port`; - - my $caCert = ""; - if ($cmd =~ /\<ChainBase64\>(.*)\<\/ChainBase64\>/) { - $caCert = $1; - &PKI::RA::Wizard::debug_log("DisplayCertChainPanel: ca= $caCert"); - } - - my $certpp = ""; - if ($caCert ne "") { - open(F, ">$instanceDir/conf/caCert.txt"); - print F $caCert; - close(F); - - # test to see if tmp directory exists, if not, create - my $found = -e "$instanceDir/conf/tmp"; - if (! $found) { - my $tmp = `mkdir $instanceDir/conf/tmp`; - } - - # import it into a temporary security database -# my $cmd1 = `/usr/bin/AtoB $instanceDir/conf/caCert.txt $instanceDir/conf/caCert.der`; - # my $cmd1 = `/usr/bin/openssl base64 -d -A -in $instanceDir/conf/caCert.txt -out $instanceDir/conf/caCert.der`; - - my $txt = `cat $instanceDir/conf/caCert.txt`; - open(OUT, ">$instanceDir/conf/caCert.der"); - print OUT MIME::Base64::decode($txt); - close(OUT); - - my $cmd2 = `/usr/bin/certutil -A -d \"$instanceDir/conf/tmp\" -t \"CT,CT,CT\" -n \"caCert\" -i $instanceDir/conf/caCert.der`; - - # get pretty print from temp db - my $tmp = `certutil -d $instanceDir/conf/tmp -n "caCert" -L > $instanceDir/conf/caCert_pp.txt`; - $certpp = readFile("$instanceDir/conf/caCert_pp.txt"); - $certpp =~ s/"//g; - &PKI::RA::Wizard::debug_log("DisplayCertChainPanel: certpp= $certpp"); - # clean up temp db - $tmp = `certutil -d $instanceDir/alias/tmp -D -n "caCert"`; - } else { - &PKI::RA::Wizard::debug_log("DisplayCertChainPanel: update no certchain found"); - } - - &PKI::RA::Wizard::debug_log("DisplayCertChainPanel: display certchain=$caCert"); - -# $symbol{certchain} = [ "cert1", "cert2" ]; -# $symbol{certchain_size} = 2; - $::symbol{certchain} = "$certpp"; -# This certchain_size does not matter - $::symbol{certchain_size} = 1; - - return 1; -} - -sub get_domain_xml -{ - my ($sdomainAdminURL) = @_; - - my $sdom_info = new URI::URL($sdomainAdminURL); - # get the domain xml - # e. g. - https://water.sfbay.redhat.com:9445/ca/admin/ca/getDomainXML - - my $nickname = $::config->get("preop.cert.sslserver.nickname"); - my $instanceID = $::config->get("service.instanceID"); - my $instanceDir = $::config->get("service.instanceDir"); - my $db_password = `grep \"internal:\" \"$instanceDir/conf/password.conf\" | cut -c10-`; - $db_password =~ s/\n$//g; - - my $sd_host = $sdom_info->host; - my $sd_admin_port = $sdom_info->port; - my $content = `/usr/bin/sslget -d \"$instanceDir/alias\" -p \"$db_password\" -v -r \"/ca/admin/ca/getDomainXML\" $sd_host:$sd_admin_port`; - - $content =~ /(\<XMLResponse\>.*\<\/XMLResponse\>)/; - $content = $1; - - &PKI::RA::Wizard::debug_log("content = " . $content); - - my $parser = XML::Simple->new(); - my $response = $parser->XMLin($content); - my $xml = $parser->XMLin($response->{'DomainInfo'}, - ForceArray => 1); - - &PKI::RA::Wizard::debug_log("DisplayCertChainPanel: security domain '" . - $xml->{'Name'}[0] . "'"); - $::config->put("preop.securitydomain.name", $xml->{'Name'}[0]); - $::config->put("securitydomain.name", $xml->{'Name'}[0]); - - # parse xml and store information in CS.cfg - my $count = 0; - $count = 0; - foreach my $c (@{$xml->{'CAList'}[0]->{'CA'}}) { - &PKI::RA::Wizard::debug_log("DisplayCertChainPanel: Found CA '" . - $c->{'SubsystemName'}[0] . "'"); - $::config->put("preop.securitydomain.ca" . $count . ".subsystemname", - $c->{'SubsystemName'}[0]); - $::config->put("preop.securitydomain.ca" . $count . ".secureport", - $c->{'SecurePort'}[0]); - $::config->put("preop.securitydomain.ca" . $count . ".secureagentport", - $c->{'SecureAgentPort'}[0]); - $::config->put("preop.securitydomain.ca" . $count . ".secureadminport", - $c->{'SecureAdminPort'}[0]); - $::config->put("preop.securitydomain.ca" . $count . ".unsecureport", - $c->{'UnSecurePort'}[0]); - $::config->put("preop.securitydomain.ca" . $count . ".host", - $c->{'Host'}[0]); - - # The user previously specified the CA Security Domain's - # SSL Admin URL in the "Security Domain Panel"; - # now retrieve this specified CA Security Domain's - # non-SSL EE, SSL Agent, and SSL EE URLs: - if( $sd_admin_port eq $c->{'SecureAdminPort'}[0] ) { - # Build the URLs - my $http_ee_port = "https://" - . $c->{'Host'}[0] - . ":" - . $c->{'UnSecurePort'}[0]; - my $https_agent_port = "https://" - . $c->{'Host'}[0] - . ":" - . $c->{'SecureAgentPort'}[0]; - my $https_ee_port = "https://" - . $c->{'Host'}[0] - . ":" - . $c->{'SecurePort'}[0]; - - # Store the URLs - $::config->put( "config.sdomainHttpURL", $http_ee_port ); - $::config->put( "config.sdomainAgentURL", $https_agent_port ); - $::config->put( "config.sdomainEEURL", $https_ee_port ); - - # Store additional values necessary for 'pkiremove' . . . - $::config->put( "securitydomain.httpport", - $c->{'UnSecurePort'}[0] ); - $::config->put( "securitydomain.httpsagentport", - $c->{'SecureAgentPort'}[0] ); - $::config->put( "securitydomain.httpseeport", - $c->{'SecurePort'}[0] ); - } - - $count++; - } - - $count = 0; - foreach my $c (@{$xml->{'TKSList'}[0]->{'TKS'}}) { - &PKI::RA::Wizard::debug_log("DisplayCertChainPanel: Found TKS '" . - $c->{'SubsystemName'}[0] . "'"); - $::config->put("preop.securitydomain.tks" . $count . ".subsystemname", - $c->{'SubsystemName'}[0]); - $::config->put("preop.securitydomain.tks" . $count . ".secureport", - $c->{'SecurePort'}[0]); - $::config->put("preop.securitydomain.tks" . $count . ".secureagentport", - $c->{'SecureAgentPort'}[0]); - $::config->put("preop.securitydomain.tks" . $count . ".secureadminport", - $c->{'SecureAdminPort'}[0]); - $::config->put("preop.securitydomain.tks" . $count . ".unsecureport", - $c->{'UnSecurePort'}[0]); - $::config->put("preop.securitydomain.tks" . $count . ".host", - $c->{'Host'}[0]); - $count++; - } - - $count = 0; - foreach my $c (@{$xml->{'KRAList'}[0]->{'KRA'}}) { - &PKI::RA::Wizard::debug_log("DisplayCertChainPanel: Found KRA '" . - $c->{'SubsystemName'}[0] . "'"); - $::config->put("preop.securitydomain.kra" . $count . ".subsystemname", - $c->{'SubsystemName'}[0]); - $::config->put("preop.securitydomain.kra" . $count . ".secureport", - $c->{'SecurePort'}[0]); - $::config->put("preop.securitydomain.kra" . $count . ".secureagentport", - $c->{'SecureAgentPort'}[0]); - $::config->put("preop.securitydomain.kra" . $count . ".secureadminport", - $c->{'SecureAdminPort'}[0]); - $::config->put("preop.securitydomain.kra" . $count . ".unsecureport", - $c->{'UnSecurePort'}[0]); - $::config->put("preop.securitydomain.kra" . $count . ".host", - $c->{'Host'}[0]); - $count++; - } - - $count = 0; - foreach my $c (@{$xml->{'RAList'}[0]->{'RA'}}) { - &PKI::RA::Wizard::debug_log("DisplayCertChainPanel: Found RA '" . - $c->{'SubsystemName'}[0] . "'"); - $::config->put("preop.securitydomain.ra" . $count . ".subsystemname", - $c->{'SubsystemName'}[0]); - $::config->put("preop.securitydomain.ra" . $count . ".secureport", - $c->{'SecureAgentPort'}[0]); - $::config->put("preop.securitydomain.ra" . $count . ".non_clientauth_secure_port", - $c->{'SecurePort'}[0]); - $::config->put("preop.securitydomain.ra" . $count . ".unsecureport", - $c->{'UnSecurePort'}[0]); - $::config->put("preop.securitydomain.ra" . $count . ".host", - $c->{'Host'}[0]); - $count++; - } - $::config->commit(); -} - -1; diff --git a/pki/base/ra/lib/perl/PKI/RA/DonePanel.pm b/pki/base/ra/lib/perl/PKI/RA/DonePanel.pm deleted file mode 100755 index 4a32a8270..000000000 --- a/pki/base/ra/lib/perl/PKI/RA/DonePanel.pm +++ /dev/null @@ -1,399 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -use strict; -use warnings; -use PKI::RA::GlobalVar; -use PKI::RA::Common; -use URI::URL; -use XML::Simple; - -package PKI::RA::DonePanel; -$PKI::RA::DonePanel::VERSION = '1.00'; - -use PKI::RA::BasePanel; -our @ISA = qw(PKI::RA::BasePanel); - -sub new { - my $class = shift; - my $self = {}; - - $self->{"isSubPanel"} = \&is_sub_panel; - $self->{"hasSubPanel"} = \&has_sub_panel; - $self->{"isPanelDone"} = \&PKI::RA::Common::no; - $self->{"getPanelNo"} = &PKI::RA::Common::r(16); - $self->{"getName"} = &PKI::RA::Common::r("Done"); - $self->{"vmfile"} = "donepanel.vm"; - $self->{"update"} = \&update; - $self->{"panelvars"} = \&display; - bless $self,$class; - return $self; -} - -sub is_sub_panel -{ - my ($q) = @_; - return 0; -} - -sub has_sub_panel -{ - my ($q) = @_; - return 0; -} - -sub validate -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("DonePanel: validate"); - return 1; -} -sub update -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("DonePanel: update"); - return 1; -} - -sub register_ra -{ - my ($sdom, $url, $uri, $xname) = @_; - - &PKI::RA::Wizard::debug_log("DonePanel: register_ra at $url"); - &PKI::RA::Wizard::debug_log("DonePanel: subsystem $xname uri=$uri"); - - my $url_info = new URI::URL($url); - my $sdom_info = new URI::URL($sdom); - - # register RA to Security Domain - # submit request to CA - &PKI::RA::Wizard::debug_log("DonePanel: Connecting to Security Domain"); - - my $machineName = $::config->get("service.machineName"); - my $unsecurePort = $::config->get("service.unsecurePort"); - my $securePort = $::config->get("service.securePort"); - my $non_clientauth_securePort = $::config->get("service.non_clientauth_securePort"); - my $session_id = $::config->get("preop.sessionID"); - - &PKI::RA::Wizard::debug_log("DonePanel: Security Domain Info " . $url); - - # add service.securityDomainPort to the config file in case pkiremove - # needs to remove system reference from the security domain - $::config->put("service.securityDomainPort", $securePort); - $::config->commit(); - - my $uid = "RA-" . $machineName . "-" . $securePort; - my $name = "Registration Authority Subsystem"; - - my $instDir = $::config->get("service.instanceDir"); - my $nickname = $::config->get("preop.cert.sslserver.nickname"); - - my $hw; - my $tk; - my $tokenname = $::config->get("preop.module.token"); - &PKI::RA::Wizard::debug_log("ReqCertInfo: update got token name = $tokenname"); - - if (($tokenname eq "") || ($tokenname eq "NSS Certificate DB")) { - $hw = ""; - $tk = ""; - } else { - $hw = "-h $tokenname"; - $tk = $tokenname.":"; - } - - my $token_pwd = $::pwdconf->get($tokenname); - open FILE, ">$instDir/conf/.pwfile"; - system( "chmod 00660 $instDir/conf/.pwfile" ); - $token_pwd =~ s/\n//g; - print FILE $token_pwd; - close FILE; - - my $subsystemNickname = $::config->get("preop.cert.subsystem.nickname"); - my $certificate = `/usr/bin/certutil -d "$instDir/alias" -L $hw -f "$instDir/conf/.pwfile" -n "$subsystemNickname" -a`; - $certificate =~ s/-----BEGIN CERTIFICATE-----//g; - $certificate =~ s/-----END CERTIFICATE-----//g; - $certificate =~ s/\n$//g; - - - &PKI::RA::Wizard::debug_log("DonePanel: Connecting"); - - my $instanceID = $::config->get("service.instanceID"); - my $instanceDir = $::config->get("service.instanceDir"); - my $db_password = `grep \"internal:\" \"$instanceDir/conf/password.conf\" | cut -c10-`; - $db_password =~ s/\n$//g; - - my $params = "uid=" . $uid . "&" . - "name=" . $name . "&" . - "certificate=" . - URI::Escape::uri_escape("$certificate") . "&" . - "xmlOutput=true" . "&" . - "sessionID=" . $session_id . "&" . - "auth_hostname=" . $sdom_info->host . "&" . - "auth_port=" . $sdom_info->port; - - my $host = $url_info->host; - my $port = $url_info->port; - my $tmpfile = "/tmp/donepanel-$$"; - if (($tokenname eq "") || ($tokenname eq "NSS Certificate DB")) { - system("/usr/bin/sslget -e \"$params\" -d \"$instanceDir/alias\" -p \"$db_password\" -v -n \"$nickname\" -r \"$uri\" $host:$port > $tmpfile"); - } else { - system("/usr/bin/sslget -e \"$params\" -d \"$instanceDir/alias\" -p \"$token_pwd\" -v -n \"$nickname\" -r \"$uri\" $host:$port > $tmpfile"); - } - my $content = `cat $tmpfile`; - system("rm $tmpfile"); - - &PKI::RA::Wizard::debug_log("req = " . $content); - $content =~ /(\<XMLResponse\>.*\<\/XMLResponse\>)/; - $content = $1; - - &PKI::RA::Wizard::debug_log("DonePanel: result " . $content); - my $tmp = `rm $instDir/conf/.pwfile`; -} - -sub get_kra_transport_cert -{ - my ($sdom) = @_; - - my $sdom_info = new URI::URL($sdom); - - # register RA to Security Domain - # submit request to CA - &PKI::RA::Wizard::debug_log("DonePanel: Connecting to KRA"); - - my $krainfo = $::config->get("preop.krainfo.select"); - my $krainfo_url = new URI::URL($krainfo); - - my $machineName = $::config->get("service.machineName"); - my $unsecurePort = $::config->get("service.unsecurePort"); - my $securePort = $::config->get("service.securePort"); - my $non_clientauth_securePort = $::config->get("service.non_clientauth_securePort"); - my $session_id = $::config->get("preop.sessionID"); - - my $nickname = $::config->get("preop.cert.sslserver.nickname"); - my $tokenname = $::config->get("preop.module.token"); - my $token_pwd = $::pwdconf->get($tokenname); - my $instanceID = $::config->get("service.instanceID"); - my $instanceDir = $::config->get("service.instanceDir"); - my $db_password = `grep \"internal:\" \"$instanceDir/conf/password.conf\" | cut -c10-`; - $db_password =~ s/\n$//g; - - my $params = "sessionID=" . $session_id . "&" . - "auth_hostname=" . $sdom_info->host . "&" . - "auth_port=" . $sdom_info->port; - - my $host = $krainfo_url->host; - my $port = $krainfo_url->port; - my $tmpfile = "/tmp/donepanel-$$"; - if (($tokenname eq "") || ($tokenname eq "NSS Certificate DB")) { - system("/usr/bin/sslget -e \"$params\" -d \"$instanceDir/alias\" -p \"$db_password\" -v -r \"/kra/admin/kra/getTransportCert\" $host:$port > $tmpfile"); - } else { - system("/usr/bin/sslget -e \"$params\" -d \"$instanceDir/alias\" -p \"$token_pwd\" -v -r \"/kra/admin/kra/getTransportCert\" $host:$port > $tmpfile"); - } - my $content = `cat $tmpfile`; - system("rm $tmpfile"); - - $content =~ /(\<XMLResponse\>.*\<\/XMLResponse\>)/; - $content = $1; - - my $parser = XML::Simple->new(); - my $response = $parser->XMLin($content); - my $transportCert = $response->{TransportCert}; - - &PKI::RA::Wizard::debug_log("DonePanel: TransportCert " . $transportCert); - - return $transportCert; -} - -sub send_kra_transport_cert -{ - my ($sdom, $certificate) = @_; - - my $sdom_info = new URI::URL($sdom); - - # register RA to Security Domain - # submit request to CA - &PKI::RA::Wizard::debug_log("DonePanel: Connecting to TKS"); - my $tksinfo = $::config->get("preop.tksinfo.select"); - my $tksinfo_url = new URI::URL($tksinfo); - - my $machineName = $::config->get("service.machineName"); - my $unsecurePort = $::config->get("service.unsecurePort"); - my $securePort = $::config->get("service.securePort"); - my $non_clientauth_securePort = $::config->get("service.non_clientauth_securePort"); - my $session_id = $::config->get("preop.sessionID"); - - my $nickname = $::config->get("preop.cert.sslserver.nickname"); - my $tokenname = $::config->get("preop.module.token"); - my $token_pwd = $::pwdconf->get($tokenname); - my $instanceID = $::config->get("service.instanceID"); - my $instanceDir = $::config->get("service.instanceDir"); - my $db_password = `grep \"internal:\" \"$instanceDir/conf/password.conf\" | cut -c10-`; - $db_password =~ s/\n$//g; - - my $name = "transportCert-" . $machineName . "-" . $securePort; - my $params = "name=" . $name . "&" . - "certificate=" . - URI::Escape::uri_escape("$certificate") . "&" . - "xmlOutput=true" . "&" . - "sessionID=" . $session_id . "&" . - "auth_hostname=" . $sdom_info->host . "&" . - "auth_port=" . $sdom_info->port; - - my $host = $tksinfo_url->host; - my $port = $tksinfo_url->port; - my $tmpfile = "/tmp/donepanel-$$"; - if (($tokenname eq "") || ($tokenname eq "NSS Certificate DB")) { - system("/usr/bin/sslget -e \"$params\" -d \"$instanceDir/alias\" -p \"$db_password\" -v -r \"/tks/admin/tks/importTransportCert\" $host:$port > $tmpfile"); - } else { - system("/usr/bin/sslget -e \"$params\" -d \"$instanceDir/alias\" -p \"$token_pwd\" -v -r \"/tks/admin/tks/importTransportCert\" $host:$port > $tmpfile"); - } - - my $content = `cat $tmpfile`; - system("rm $tmpfile"); - - $content =~ /(\<XMLResponse\>.*\<\/XMLResponse\>)/; - $content = $1; - - &PKI::RA::Wizard::debug_log("DonePanel: Response from TKS " . $content); -} - -sub display -{ - my ($q) = @_; - # $symbol{systemType} = "ra"; - # $symbol{host} = "chico"; - # $symbol{port} = "443"; - &PKI::RA::Wizard::debug_log("DonePanel: display"); - - my $status = $::config->get("preop.done.status"); - if ($status eq "done") { - return 1; - } - - my $instDir = $::config->get("service.instanceDir"); - my $tokenname = $::config->get("preop.module.token"); - my $token_pwd = $::pwdconf->get($tokenname); - my $nickname = $::config->get("preop.cert.sslserver.nickname"); - if (($tokenname ne "") && ($tokenname ne "NSS Certificate DB")) { - open(PWD_CONF, ">>$instDir/conf/password.conf"); - print PWD_CONF "$tokenname:$token_pwd\n"; - close (PWD_CONF); - } - - # Add this RA's server certificate to the subsystems - my $sdom = $::config->get("config.sdomainEEURL"); - my $cainfo = $::config->get("preop.cainfo.select"); - $cainfo =~ s/.* - //g; - ®ister_ra($sdom, $cainfo, $::config->get("conn.ca1.servlet.addagent"), "CA"); - - $::config->put("preop.done.status", "done"); - $::config->commit(); - - # update httpd.conf - open(TMP_HTTPD_CONF, ">$instDir/conf/httpd.conf.tmp"); - system( "chmod 00660 $instDir/conf/httpd.conf.tmp" ); - open(HTTPD_CONF, "<$instDir/conf/httpd.conf"); - while (<HTTPD_CONF>) { - if (/^#\[ErrorDocument_404\]/) { - print TMP_HTTPD_CONF "ErrorDocument 404 /404.html\n"; - } elsif (/^#\[ErrorDocument_500\]/) { - print TMP_HTTPD_CONF "ErrorDocument 500 /500.html\n"; - } else { - print TMP_HTTPD_CONF $_; - } - } - close(HTTPD_CONF); - close(TMP_HTTPD_CONF); - - # Create a copy of the original file which - # preserves the original file permissions - system( "cp -p $instDir/conf/httpd.conf.tmp $instDir/conf/httpd.conf" ); - - # Remove the original file only if the backup copy was successful - if( -e "$instDir/conf/httpd.conf" ) { - system( "rm $instDir/conf/httpd.conf.tmp" ); - } - - # update nss.conf - open(TMP_NSS_CONF, ">$instDir/conf/nss.conf.tmp"); - system( "chmod 00660 $instDir/conf/nss.conf.tmp" ); - open(NSS_CONF, "<$instDir/conf/nss.conf"); - while (<NSS_CONF>) { - if (/^NSSNickname/) { - print TMP_NSS_CONF "NSSNickname \"$nickname\"\n"; - } else { - print TMP_NSS_CONF $_; - } - } - close(NSS_CONF); - close(TMP_NSS_CONF); - - # Create a copy of the original file which - # preserves the original file permissions - system( "cp -p $instDir/conf/nss.conf.tmp $instDir/conf/nss.conf" ); - - # Remove the original file only if the backup copy was successful - if( -e "$instDir/conf/nss.conf" ) { - system( "rm $instDir/conf/nss.conf.tmp" ); - } - - &PKI::RA::Wizard::debug_log("DonePanel: Connecting to Security Domain"); - - my $machineName = $::config->get("service.machineName"); - my $unsecurePort = $::config->get("service.unsecurePort"); - my $securePort = $::config->get("service.securePort"); - my $non_clientauth_securePort = $::config->get("service.non_clientauth_securePort"); - my $instanceID = $::config->get("service.instanceID"); - - my $initDaemon = "pki-rad"; - my $initCommand = ""; - if( $^O eq "linux" ) { - $initCommand = "/sbin/service $initDaemon"; - } else { - ## default case: e. g. - ( $^O eq "solaris" ) - $initCommand = "/etc/init.d/$initDaemon"; - } - - $::symbol{host} = $machineName; - $::symbol{unsecurePort} = $unsecurePort; - $::symbol{port} = $securePort; - $::symbol{non_clientauth_port} = $non_clientauth_securePort; - $::symbol{initCommand} = $initCommand; - $::symbol{instanceID} = $instanceID; - - $::config->deleteSubstore("preop."); - $::config->commit(); - - ## Create an empty file that designates the fact that although - ## this server instance has been configured, it has NOT yet - ## been restarted! - my $restart_server = "$instDir/conf/restart_server_after_configuration"; - system( "touch $restart_server" ); - system( "chmod 00660 $restart_server" ); - - system("rm $instDir/conf/*.txt $instDir/conf/*.der"); - return 1; -} - -1; diff --git a/pki/base/ra/lib/perl/PKI/RA/GlobalVar.pm b/pki/base/ra/lib/perl/PKI/RA/GlobalVar.pm deleted file mode 100755 index 388a41349..000000000 --- a/pki/base/ra/lib/perl/PKI/RA/GlobalVar.pm +++ /dev/null @@ -1,42 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -use strict; -use warnings; - -package PKI::RA::GlobalVar; -$PKI::RA::GlobalVar::VERSION = '1.00'; - -sub new { - my $class = shift; - my $self = {}; - my %args = (@_); - foreach my $q (keys %args) { - $self->{$q} = $args{$q}; - } - bless $self,$class; - return $self; -} - -1; diff --git a/pki/base/ra/lib/perl/PKI/RA/ImportAdminCertPanel.pm b/pki/base/ra/lib/perl/PKI/RA/ImportAdminCertPanel.pm deleted file mode 100755 index 9f9bef94a..000000000 --- a/pki/base/ra/lib/perl/PKI/RA/ImportAdminCertPanel.pm +++ /dev/null @@ -1,142 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -use strict; -use warnings; -use PKI::RA::GlobalVar; -use PKI::RA::Common; -use URI::URL; - -package PKI::RA::ImportAdminCertPanel; -$PKI::RA::ImportAdminCertPanel::VERSION = '1.00'; - -use PKI::RA::BasePanel; -our @ISA = qw(PKI::RA::BasePanel); - -sub new { - my $class = shift; - my $self = {}; - - $self->{"isSubPanel"} = \&is_sub_panel; - $self->{"hasSubPanel"} = \&has_sub_panel; - $self->{"isPanelDone"} = \&PKI::RA::Common::no; - $self->{"getPanelNo"} = &PKI::RA::Common::r(15); - $self->{"getName"} = &PKI::RA::Common::r("Import Administrator Certificate"); - $self->{"vmfile"} = "importadmincertpanel.vm"; - $self->{"update"} = \&update; - $self->{"panelvars"} = \&display; - bless $self,$class; - return $self; -} - -sub is_sub_panel -{ - my ($q) = @_; - return 0; -} - -sub has_sub_panel -{ - my ($q) = @_; - return 0; -} - -sub validate -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("ImportAdminCertPanel: validate"); - return 1; -} - -sub update -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("ImportAdminCertPanel: update"); - - # register to Security Domain - my $sdom = $::config->get("config.sdomainAgentURL"); - my $sdom_url = new URI::URL($sdom); - - # - # we need to authenticate to the security domain with the subsystem - # certificate - # - my $machineName = $::config->get("service.machineName"); - my $instanceID = $::config->get("service.instanceID"); - my $instanceDir = $::config->get("service.instanceDir"); - my $securePort = $::config->get("service.securePort"); - my $subsystemName = $::config->get("preop.subsystem.name"); - my $db_password = `grep \"internal:\" \"$instanceDir/conf/password.conf\" | cut -c10-`; - my $name = $subsystemName; - my $subCertNickName = $::config->get("preop.cert.subsystem.nickname"); - - $db_password =~ s/\n$//g; - - my $params = "list=" . "RAList" . "&" . - "type=" . "RA" . "&" . - "host=" . $machineName . "&" . - "name=" . $name . "&" . - "sport=" . $securePort . "&" . - "dm=false"; # domain manager or not - - my $cmd = `/usr/bin/sslget -d \"$instanceDir/alias\" -p \"$db_password\" -v -n \"$subCertNickName\" -r \"/ca/agent/ca/updateDomainXML?$params\" $sdom_url->host:$sdom_url->port`; - - # Fetch the "updated" security domain and display it - &PKI::RA::Wizard::debug_log("ImportAdminCertPanel: Dump contents of updated Security Domain . . ."); - my $sdomainAdminURL = $::config->get("config.sdomainAdminURL"); - my $sdom_info = new URI::URL($sdomainAdminURL); - my $nickname = $::config->get("preop.cert.sslserver.nickname"); - my $sd_host = $sdom_info->host; - my $sd_admin_port = $sdom_info->port; - my $content = `/usr/bin/sslget -d \"$instanceDir/alias\" -p \"$db_password\" -v -r \"/ca/admin/ca/getDomainXML\" $sd_host:$sd_admin_port`; - $content =~ /(\<XMLResponse\>.*\<\/XMLResponse\>)/; - $content = $1; - &PKI::RA::Wizard::debug_log($content); - - return 1; -} - -sub display -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("ImportAdminCertPanel: display"); - - my $cainfo = $::config->get("preop.cainfo.select"); - - my $cainfo_url = new URI::URL($cainfo); - my $serialNumber = $::config->get("preop.admincert.serialno.0"); - - $::symbol{info} = ""; - $::symbol{errorString} = ""; - $::symbol{import} = "true"; - $::symbol{ca} = "false"; - $::symbol{caType} = "ca"; - $::symbol{caHost} = $cainfo_url->host; - $::symbol{caPort} = $cainfo_url->port; - $::symbol{serialNumber} = $serialNumber; - - return 1; -} - -1; diff --git a/pki/base/ra/lib/perl/PKI/RA/Login.pm b/pki/base/ra/lib/perl/PKI/RA/Login.pm deleted file mode 100755 index d248e5481..000000000 --- a/pki/base/ra/lib/perl/PKI/RA/Login.pm +++ /dev/null @@ -1,466 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -# wizard - -# Fedora Certificate System - Registration Authority System configuration wizard - - -# This script is run as a 'mod_perl' CGI. Configure mod_perl by adding -# the following to /etc/httpd/conf.d/perl.conf -# -# PerlModule ModPerl::Registry -# PerlModule Apache::compat -# PerlModule PKI::RA::Wizard -# PerlSetEnv PKI_DOCROOT /u/sparkins/t/cs_tip/certsystem/prj/common/ui -# <Location /wizard> -# SetHandler perl-script -# PerlHandler PKI::RA::Wizard -# Order deny,allow -# Allow from all -# </Location> - - -# Note: The Velocity parser is not very helpful when it comes to -# errors right now. Here are some common errors, and what they mean: -# -# ERROR: -# [Mon Apr 03 13:57:33 2006] [error] [client 172.16.24.26] -# Can't use string ("0") as an ARRAY ref while "strict refs" -# in use at /usr/lib/perl5/site_perl/5.8.5/Template/Velocity.pm -# line 423.\n, referer: http://chico/wizard?p=2 -# MEANING -# This probably means that your *.vm file refers to an array -# variable in a foreach statement that is not defined -# Check your foreach array variables. - -use warnings; -use ModPerl::Registry; -use Template::Velocity; -use Getopt::Std; -use Data::Dumper; -use CGI::Carp qw(fatalsToBrowser); -use CGI; -use APR::Const -compile => qw(:error SUCCESS); -use PKI::RA::GlobalVar; -use PKI::RA::WelcomePanel; -use PKI::RA::SecurityDomainPanel; -use PKI::RA::DisplayCertChainPanel; -use PKI::RA::SubsystemTypePanel; -use PKI::RA::CAInfoPanel; -use PKI::RA::TKSInfoPanel; -use PKI::RA::DRMInfoPanel; -use PKI::RA::DisplayCertChain2Panel; -use PKI::RA::AdminAuthPanel; -use PKI::RA::AgentAuthPanel; -use PKI::RA::DatabasePanel; -use PKI::RA::ModulePanel; -use PKI::RA::SizePanel; -use PKI::RA::NamePanel; -use PKI::RA::ConfigHSMLoginPanel; -use PKI::RA::CertRequestPanel; -use PKI::RA::AdminPanel; -use PKI::RA::ImportAdminCertPanel; -use PKI::RA::LoginPanel; -use PKI::RA::DonePanel; -use PKI::RA::Config; - -use PKI::RA::Common qw(yes no r); - -package PKI::RA::Login; -$PKI::RA::Login::VERSION = '1.00'; - -# read configuration file -my $flavor = "pki"; -$flavor =~ s/\n//g; - -my $pkiroot = $ENV{PKI_ROOT}; - -my $config = PKI::RA::Config->new(); -$config->load_file("$pkiroot/conf/CS.cfg"); -# read password cache file -my $pwdconf = PKI::RA::Config->new(); -$pwdconf->load_file("$pkiroot/conf/pwcache.conf"); -# SELinux disallows performing a "chmod" on this file -if( $^O ne "linux" ) { - system( "chmod 00660 $pkiroot/conf/pwcache.conf" ); -} - -# create cfg debug log -my $logfile = $config->get("service.instanceDir") . "/logs/debug"; -open( DEBUG, ">>" . $logfile ) || -warn( "Could not open '" . $logfile . "': $!" ); - -# apache server - -our $debug; - -my $STATUS_OK = 1; -my $STATUS_ERROR = 2; -my $STATUS_REDIRECT = 3; - -&debug_log("RA wizard: starting up"); - -my $docroot = $ENV{PKI_DOCROOT}; - -if (! $docroot) { - &debug_log("RA wizard: ERROR: PKI_DOCROOT is null"); - return 0; -} - -our $parser = new Template::Velocity($docroot); -our $symbol; -our @certtags; - -makepanels(); - -&debug_log("RA wizard: start up complete"); - -1; - -sub debug_log -{ - my ($msg) = @_; - my $date = `date`; - chomp($date); - if( -w $logfile ) { - print DEBUG "$date - $msg\n"; - } -} - - # initializes entries in parser's global symbol table for panels -sub makepanels -{ - #REAL PANELS BELOW - my $login = new PKI::RA::LoginPanel(); - - $symbol{panels} = [ - $login, # com.netscape.cms.servlet.csadmin.WelcomePanel - ]; -}; - -sub render_panel -{ - my ($panelnum, $q) = @_; - - $symbol{errorString} = ""; - - my $currentpanel; - - if ($q->param('op') && $q->param('op') eq "next") { - $currentpanel = $symbol{panels}[$panelnum]; - # validate variables for panel - if ($currentpanel->{validate}) { - $currentpanel->{validate}($q); - } - # execute current panel - my $status = "0"; - - if ($currentpanel->{update}) { - $status = $currentpanel->{update}($q); - &debug_log("RA wizard: update returns status '" . - $status . "'"); - if ($status == $STATUS_REDIRECT) { - return $STATUS_REDIRECT; - } - - } - - &debug_log("RA wizard: about to find out about sub panel"); - if ($status eq "1") { - if ($currentpanel->{hasSubPanel} && &{$currentpanel->{hasSubPanel}}($q)) { - &debug_log("RA wizard: has sub panel"); - $panelnum = $panelnum + 2; - } elsif ($currentpanel->{isSubPanel} && &{$currentpanel->{isSubPanel}}($q)) { - &debug_log("RA wizard: is sub panel"); - $panelnum = $panelnum - 1; - } else { - &debug_log("RA wizard: no sub panel and is not subpanel"); - $panelnum = $panelnum + 1; - } - } - } elsif ($q->param('op') && $q->param('op') eq "back") { - $panelnum = $panelnum - 1; - #check if this a subpanel, if so, go back to it's parent. - #only handles one-deep at this point - my $panel = $symbol{panels}[$panelnum]; - if (&{$panel->{isSubPanel}}($q)) { - $panelnum = $panelnum - 1; - } - } elsif ($q->param('op') && $q->param('op') eq "apply") { - &debug_log("RA wizard: update : apply button pressed"); - $currentpanel = $symbol{panels}[$panelnum]; - # validate variables for panel - if ($currentpanel->{validate}) { - $currentpanel->{validate}($q); - } - # execute current panel - if ($currentpanel->{update}) { - my $status = $currentpanel->{update}($q); - &debug_log("RA wizard: update returns status '" . - $status . "'"); - if ($status == $STATUS_REDIRECT) { - return $STATUS_REDIRECT; - } - - } - } - - &debug_log("RA wizard: after looking into about sub panel"); - - # advance to next panel - $currentpanel = $symbol{panels}[$panelnum]; - - # initialize symbol table values - $symbol{showApplyButton} = "false"; - - # fill in variables for new panel - if ($currentpanel->{panelvars}) { - $Data::Dumper::Indent = 1; - # The '&debug_log("q=".Dumper($q));' call must be commented out to fix - # Bugzilla Bug #249923: Incorrect file permissions on - # various files and/or directories - # &debug_log("q=".Dumper($q)); - $currentpanel->{panelvars}($q); - } - - $symbol{panel} = "ra/admin/console/config/".$currentpanel->{vmfile}; - - #wizard.vm: - $symbol{name} = "Registration Authority System"; - $symbol{title} = $currentpanel->{getName}(); - if ($panelnum == 0) { - $symbol{firstpanel} = "1"; - } else { - $symbol{firstpanel} = "0"; - } - if ($panelnum == 17) { - $symbol{lastpanel} = "1"; - } else { - $symbol{lastpanel} = "0"; - } - $symbol{p} = $panelnum; - $symbol{subpanelno} = $panelnum+1; - $symbol{csstate} = "1"; - -# $symbol{urls} = [ "cert1", "cert2" ]; #createsubsystem -# $symbol{urls_size} = 2; -# $symbol{instanceId} = "ra"; -# $symbol{errorString} = ""; - - #modulepanel -# $symbol{certs} = [ ]; -# $symbol{reqscerts} = [ ]; - $symbol{ppcerts} = [ ]; - - return $STATUS_OK; -} - - - -sub dbg { - my $msg = shift; - $::symbol{dbg} .= "$msg\n"; -} - -sub handler { - my $r = shift; - - *::symbol = \%symbol; - *::s = \$s; - *::config = \$config; - *::pwdconf = \$pwdconf; - - &debug_log("RA wizard: in handler"); - if ($#ARGV == -1) { - $r->send_http_header('text/html'); - } - - my $q = new CGI; - - # check cookie - my $pin = $q->param('pin'); - if (defined($pin)) { - my $cookie = $q->cookie( - -name=>'pin', - -value=> $pin, - -expires=>'+1y', - -path=>'/'); - print $q->redirect(-location => "wizard", -cookie => $cookie); - return; - } - - # output http parameters - &debug_log("RA wizard: uri='" . $ENV{REQUEST_URI} . "'"); - my @pnames = $q->param(); - foreach $pn (@pnames) { - # added this facility so that password can be hidden, - # all sensitive parameters should be prefixed with - # __ (double underscores); however, in the event that - # a security parameter slips through, we perform multiple - # additional checks to insure that it is NOT displayed - if( $pn =~ /^__/ || - $pn =~ /password$/ || - $pn =~ /passwd$/ || - $pn =~ /pwd$/ || - $pn =~ /admin_password_again/i || - $pn =~ /directoryManagerPwd/i || - $pn =~ /bindpassword/i || - $pn =~ /bindpwd/i || - $pn =~ /passwd/i || - $pn =~ /password/i || - $pn =~ /pin/i || - $pn =~ /pwd/i || - $pn =~ /pwdagain/i || - $pn =~ /uPasswd/i ) { - &debug_log("RA wizard: http parameter name='" . $pn . "' value='(sensitive)'"); - } else { - &debug_log("RA wizard: http parameter name='" . $pn . "' value='" . $q->param($pn) . "'"); - } - } - - my $panelnum = $q->param('p'); - if (!defined($panelnum) || $panelnum eq "") { - # Apache fails to pick up the p parameter after - # redirecting from the security domain. This is - # a quick hack to solve the issue. - if ($ENV{'QUERY_STRING'} ne "") { - $ENV{'QUERY_STRING'} =~ /p=([0-9]+)&/; - $panelnum = $1; - } - } - - use subs qw(debug); - *debug = \&Template::Velocity::Executor::debug; - - $::symbol{dbg} = ""; - - &debug_log("RA wizard: before argparsing"); - if ($#ARGV == -1) { - $Data::Dumper::Maxdepth = 7; - $startfile = "ra/admin/console/config/login.vm"; - } - - &debug_log("RA wizard: setting up test objects"); - - #initialize from config file - my $certlist = $::config->get("preop.cert.list"); - if ($certlist eq "") { - $certlist = "sslserver,subsystem"; - } - @certtags = split(/,/, $certlist); - $numtags = @certtags; - if ($numtags eq 0) { - @certtags = ("sslserver", "subsystem"); - } - &debug_log("RA wizard: found $numtags certtags"); - - if (! $panelnum) { - $panelnum = 0; - } - - my $status = render_panel($panelnum, $q); - if ($status == 3) { - $r->header_out(Location => $symbol{redirect}); - $r->status(301); - $r->send_http_header(); - return; - } - - use Data::Dumper; - &debug_log("RA wizard: executing file $startfile"); - foreach $q (sort keys %symbol) { - &debug_log("RA wizard:/config/wizard?p=9&SecToken=NSS%20Generic%20Crypto%20Services sym{$q}=".$symbol{$q}); - } - - my $result; - if ($q->param("xml") eq "true") { - $r->send_http_header('text/xml'); - $result = "<xml>"; - foreach $s (sort keys %symbol) { - if ($s =~ /^__/) { - next; - } - $result .= "<" . $s . ">"; - my $v = $symbol{$s}; - $result .= &get_xml($s, $v); - $result .= "</" . $s . ">"; - } - $result .= "</xml>"; - } else { - $result = $parser->execute_file($startfile); - if (!defined $result) { - die("Couldn't execute template file: $docroot/$startfile"); - } - } - - print "$result\n"; - return $STATUS_OK; -} - -sub get_xml -{ - my ($s, $v) = @_; - - my $result; - if (ref($v) eq "HASH") { - foreach my $xkey (keys %$v) { - $result .= "<" . $xkey . ">"; - $result .= &get_xml($xkey, $v{$xkey}); - # $result .= "-" . ref($xkey); - $result .= "</" . $xkey . ">"; - } - } elsif (ref($v) eq "PKI::RA::CertInfo") { - my $certinfo = $v; - $result .= "<certinfo>"; - $result .= "<dn>" . $certinfo->get_dn() ."</dn>"; - $result .= "<tag>" . $certinfo->get_cert_tag() . "</tag>"; - $result .= "<friendly>" . $certinfo->get_user_friendly_name() . - "</friendly>"; - $result .= "</certinfo>"; - } elsif (ref($v) eq "PKI::RA::ReqCertInfo") { - my $reqcertinfo = $v; - $result .= "<reqcertinfo>"; - $result .= "<name>" . $reqcertinfo->get_user_friendly_name() ."</name>"; - $result .= "<req>" . $reqcertinfo->get_request() ."</req>"; - $result .= "<cert>" . $reqcertinfo->get_cert() ."</cert>"; - $result .= "<certpp>" . $reqcertinfo->get_cert_pp() ."</certpp>"; - $result .= "<tag>" . $reqcertinfo->get_cert_tag() ."</tag>"; - $result .= "<dn>" . $reqcertinfo->get_cert_tag() ."</dn>"; - $result .= "</reqcertinfo>"; - } elsif (ref($v) eq "ARRAY") { - my $pos = 0; - foreach my $item (@$v) { - $result .= "<element>"; - $result .= &get_xml("p" . $pos, $item); - # $result .= "-" . ref($item); - $result .= "</element>"; - $pos++; - } - } else { - $result .= $v; - } - return $result; -} - -1; diff --git a/pki/base/ra/lib/perl/PKI/RA/LoginPanel.pm b/pki/base/ra/lib/perl/PKI/RA/LoginPanel.pm deleted file mode 100755 index 66f40acfe..000000000 --- a/pki/base/ra/lib/perl/PKI/RA/LoginPanel.pm +++ /dev/null @@ -1,91 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -use strict; -use warnings; -use PKI::RA::GlobalVar; -use PKI::RA::Common; - -package PKI::RA::LoginPanel; -$PKI::RA::LoginPanel::VERSION = '1.00'; - -use PKI::RA::BasePanel; -our @ISA = qw(PKI::RA::BasePanel); - -sub new { - my $class = shift; - my $self = {}; - - $self->{"isSubPanel"} = \&is_sub_panel; - $self->{"hasSubPanel"} = \&has_sub_panel; - $self->{"isPanelDone"} = \&PKI::RA::Common::no; - $self->{"getPanelNo"} = &PKI::RA::Common::r(0); - $self->{"getName"} = &PKI::RA::Common::r("Welcome"); - $self->{"vmfile"} = "login.vm"; - $self->{"update"} = \&update; - $self->{"panelvars"} = \&display; - bless $self,$class; - return $self; -} - -sub is_sub_panel -{ - my ($q) = @_; - return 0; -} - -sub has_sub_panel -{ - my ($q) = @_; - return 0; -} - -sub validate -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("WelcomePanel: validate"); - return 1; -} - -sub update -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("WelcomePanel: update"); - return 1; -} - -sub display -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log($ENV{'SERVER_PORT'}); - &PKI::RA::Wizard::debug_log("Debug=" . $::config->get("logging.debug.enable")); - &PKI::RA::Wizard::debug_log("WelcomePanel: display"); - $::symbol{wizardname} = "RA Configuration Wizard"; - $::symbol{systemname} = "RA"; - $::symbol{fullsystemname} = "Registration Authority"; - - return 1; -} - -1; diff --git a/pki/base/ra/lib/perl/PKI/RA/ModulePanel.pm b/pki/base/ra/lib/perl/PKI/RA/ModulePanel.pm deleted file mode 100755 index 87ce056bc..000000000 --- a/pki/base/ra/lib/perl/PKI/RA/ModulePanel.pm +++ /dev/null @@ -1,273 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -use strict; -use warnings; -use PKI::RA::GlobalVar; -use PKI::RA::Common; -use PKI::RA::Modutil; - -package PKI::RA::ModulePanel; -$PKI::RA::ModulePanel::VERSION = '1.00'; - -use PKI::RA::BasePanel; -our @ISA = qw(PKI::RA::BasePanel); - -our $modutil; - -sub new { - my $class = shift; - my $self = {}; - - $self->{"isSubPanel"} = \&is_sub_panel; - $self->{"hasSubPanel"} = \&has_sub_panel; - $self->{"isPanelDone"} = \&PKI::RA::Common::no; - $self->{"getPanelNo"} = &PKI::RA::Common::r(9); - $self->{"getName"} = &PKI::RA::Common::r("Security Modules"); - $self->{"vmfile"} = "modulepanel.vm"; - $self->{"update"} = \&update; - $self->{"panelvars"} = \&display; - - my $flavor = "pki"; - $flavor =~ s/\n//g; - - my $pkiroot = $ENV{PKI_ROOT}; - $modutil = new PKI::RA::Modutil("$pkiroot/alias"); - - bless $self,$class; - return $self; -} - -sub is_sub_panel -{ - my ($q) = @_; - return 0; -} - -sub has_sub_panel -{ - my ($q) = @_; - return 1; -} - -sub validate -{ - my ($q) = @_; - return 1; -} - -sub update -{ - my ($q) = @_; - my $defTok = $::config->get("preop.module.token"); - my $select = $q->param('choice'); - if ($select eq "") { - &PKI::RA::Wizard::debug_log("ModulePanel -> update no selection found"); - $::symbol{errorString} = "No selection found"; - return 0; - } elsif ($defTok ne $select) { - &PKI::RA::Wizard::debug_log("ModulePanel -> update changing defTok to $select"); - $::config->put("preop.module.token", $select); - $::config->put("preop.ModulePanel.done", "true"); - } else { - # this is not an error...just information - &PKI::RA::Wizard::debug_log("ModulePanel -> update defTok not changed"); - } - - $::config->commit(); - return 1; -} - -sub display -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("ModulePanel -> display"); - getModules(); - my $defTok = $::config->get("preop.module.token"); - - $::symbol{defTok} = $defTok; - - return 1; -} - -use Data::Dumper; -sub getTokens { - my $modulename = shift; - - &PKI::RA::Wizard::debug_log("ModulePanel -> getTokens"); - -#$Data::Dumper::Indent = 0; -#PKI::RA::Wizard::dbg("in gettokens. modutil = ".Dumper($modutil)); - my @tokens; - my $mod = $modutil->getmodule($modulename); - foreach my $tokenname (keys %{$mod->{tokens}}) { - #PKI::RA::Wizard::dbg("found token $tokenname"); - if ($tokenname ne "NSS Generic Crypto Services") { - my $token = $modutil->gettoken($tokenname); - my $t = new PKI::RA::GlobalVar( - getNickName => sub { return $tokenname; }, - isLoggedIn => sub { return isLoggedIn($tokenname); }, - isPresent => sub { return 1; }, - ); - push @tokens, $t; - } else { - &PKI::RA::Wizard::debug_log("ModulePanel -> getTokens token NSS Generic Crypto Services not available for key generation"); - - } - } - - return \@tokens; -} - -# if password is found, then it's considered "logged in" -# otherwise it is "not logged in" -sub Login { - my $tokenname = $_[0]; - my $pwd = $::pwdconf->get($tokenname); - if ($pwd ne "") { - &PKI::RA::Wizard::debug_log("ModulePanel -> isLoggedIn retrieved pwd from pwdconf"); - return 1; - } - &PKI::RA::Wizard::debug_log("ModulePanel -> isLoggedIn pwd not found from pwdconf for token: $tokenname"); - - if ($tokenname eq "NSS Certificate DB") { - my $instanceDir = $::config->get("service.instanceDir"); - &PKI::RA::Wizard::debug_log("ModulePanel -> isLoggedIn get internal password for $tokenname"); - # these are referred as "internal" in password.conf - $pwd = `grep \"internal:\" \"$instanceDir/conf/password.conf\" | cut -c10-`; - $pwd =~ s/\n//g; - $::pwdconf->put($tokenname, $pwd); - $::pwdconf->commit(); - - return 1; - } - return 0; -} - -sub isLoggedIn { - my $tokenname = $_[0]; - return &Login($tokenname); -} - -sub getModules { - my $count; - my $i; - my @supportedModules; - - &PKI::RA::Wizard::debug_log("ModulePanel -> getModules"); - $count = $::config->get("preop.configModules.count"); - &PKI::RA::Wizard::debug_log("ModulePanel -> getModules count =$count"); - - my @modules = $modutil->getmodules(); - # $::symbol{steve} = join ",Module:", @modules; - # $::symbol{steve}.= "\n"; - - my $x = " - preop.configModules.count=3 - preop.configModules.module0.commonName=NSS Internal PKCS #11 Module - preop.configModules.module0.imagePath=../img/mozilla.png - preop.configModules.module0.userFriendlyName=NSS Internal PKCS #11 Module - preop.configModules.module1.commonName=nfast - preop.configModules.module1.imagePath=../img/ncipher.png - preop.configModules.module1.userFriendlyName=nCipher's nFast Token Hardware Module - preop.configModules.module2.commonName=lunasa - preop.configModules.module2.imagePath=../img/safenet.png - preop.configModules.module2.userFriendlyName=SafeNet's LunaSA Token Hardware Module - "; - - my %supmodules; - for ($i=0; $i <$count; $i++) { - my $cn; - my $pn; - my $img; -# &PKI::RA::Wizard::debug_log("ModulePanel -> getModules look for cn=","preop.configModules.module" , $i , ".commonName"); - $cn = $::config->get("preop.configModules.module$i.commonName"); - $supmodules{$cn} = 1; - - $pn = $::config->get("preop.configModules.module$i.userFriendlyName"); - $img = $::config->get("preop.configModules.module$i.imagePath"); - &PKI::RA::Wizard::debug_log("ModulePanel -> getModules: got module $cn from config"); - - my $module = $modutil->getmodule($cn); - my $file = $module->{detail}->{"Library file"}; - &PKI::RA::Wizard::debug_log("ModulePanel -> getModules Library file = $file"); - my $found = 0; - if ($file) { - $found = ($file =~ /Internal ONLY module/) || -e $file; - } - - my $name = $module->{detail}->{Name}; -# PKI::RA::Wizard::dbg("name: $name"); - - $supportedModules[$i] = new PKI::RA::GlobalVar( - getImagePath => sub { return $img; }, - getUserFriendlyName => sub { return $pn; }, - isFound => sub { return $found; }, - getTokens => sub { return getTokens($name); }, - ); - - # login to tokens - &PKI::RA::Wizard::debug_log("Ready to login to tokens for $name"); - my $mod = $modutil->getmodule($name); - foreach my $tokenname (keys %{$mod->{tokens}}) { - &PKI::RA::Wizard::debug_log("Logging in Module $name Token " . $tokenname); - &Login($tokenname); - } - - } - - my @otherModules; - #compile the "others" modules - - foreach my $modname (@modules) { - #is this modname in the supported modules list? - if ($supmodules{$modname}) { - &PKI::RA::Wizard::debug_log("ModulePanel -> getModules: found module $modname supported"); - # does not belong to "others" - } else { - &PKI::RA::Wizard::debug_log("ModulePanel -> getModules: found module $modname unsupported"); - #add the module to "others" list - my $m = $modutil->getmodule($modname); - my $mod = new PKI::RA::GlobalVar( - getImagePath => sub { return ""; }, - getUserFriendlyName => sub { return $m->{modulename}; }, - isFound => sub { return 1; }, - getTokens => sub { return getTokens($m->{detail}->{Name});} - ); - - push @otherModules, $mod; - - &PKI::RA::Wizard::debug_log("ModulePanel -> getModules: module $modname added to otherModules list"); - } - } - - $::symbol{sms} = \@supportedModules; - $::symbol{oms} = \@otherModules; -# PKI::RA::Wizard::dbg("oms: ". Dumper([@otherModules])); -# PKI::RA::Wizard::dbg("sms: ". Dumper([@supportedModules])); - - &PKI::RA::Wizard::debug_log("ModulePanel -> set sms, oms"); -} - -1; diff --git a/pki/base/ra/lib/perl/PKI/RA/Modutil.pm b/pki/base/ra/lib/perl/PKI/RA/Modutil.pm deleted file mode 100755 index 82c66e87d..000000000 --- a/pki/base/ra/lib/perl/PKI/RA/Modutil.pm +++ /dev/null @@ -1,262 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package PKI::RA::Modutil; - - -sub new { - my $class = shift; - my ($dir) = @_; - - if (! $dir) { die "no module directory provided\n"; } - - my $self = {}; - - $self->{dir} = $dir; - $self->{modules} = makemodules($self); - - bless $self, $class; - return $self; -} - -sub exists { - my $self = shift; - - return -e "$self->{dir}/secmod.db"; -} - -sub create { - my $self = shift; - - my $mods = `modutil -force -dbdir '$self->{dir}' -nocertdb -create`; - return $mods; -} - -use Data::Dumper; - -sub makemodules { - my $self = shift; - my $modules = {}; - - my $mods = `modutil -force -dbdir '$self->{dir}' -nocertdb -list`; - #my $mods = join "",<::DATA>; - - #print "raw mods = $mods"; - - my (@modules) = ( - $mods =~ / - ^ #beginning of a line - \s+ #some spaces - \d+\.\s* #some digits - (.*?) #lots of text - ((?=^\s*\d+)|(?=------)) #if we would next match some spaces and digits - /msxg ); - - @modules = grep /.+/ms, @modules; - - foreach $module (@modules) { - #print "Module #$i:$module --\n"; - $module = "modulename:$module"; - my ($moduleheader, $rest) = ( - $module =~ / - (.*status: .*?\n) # moduleheader - (\s*slot:.*) # slot - (?=\n(\n|$)) #empty line - /msxg ); - #print "moduleheader: $moduleheader\n"; - my $m = makehash($moduleheader); - $modules->{$m->{modulename}} = $m; - $m->{tokens} = {}; - - my @tokens = split "\n\n", $rest; - - - -# get summary slot info with: -list - foreach my $token (@tokens) { - #print "slottext: $slot\n"; - my $slh = makehash($token); - $m->{tokens}->{$slh->{token}} = $slh; - } - -# get detailed slot info with: -list "modulename" - - my $moduledetail = `modutil -force -dbdir '$self->{dir}' -nocertdb -list "$m->{modulename}" 2> /dev/null`; - my @details= split "\n\n", $moduledetail; - while ($details[0] !~ /.*Name:.*/) { - shift @details; - }; - $m->{detail} = makehash(shift @details); - foreach $d (@details) { - my $sdh = makehash($d); - my $tokenname = $sdh->{"Token Name"}; - $tokenname =~ s/\s+$//; # remove trailing spaces - if ($tokenname) { - $m->{tokens}->{$tokenname}->{detail} = $sdh; - } - } - $i++; - - } - return $modules; -} - -# input: a multi-list string with nv/pairs -# return a hashtable reference -sub makehash { - my $str = shift; - my $ht = { }; - my @lines = split "\n", $str; - my $line; -LINE: - foreach $line (@lines) { - if ($line =~ /Using database directory/) { next LINE; } - if ($line =~ /--------------/) { next LINE; } - my ($name, $value) = ($line =~ /^\s*(.*?):\s*(.*?)\s*$/); - if ($name) { - #print "name:$name\n"; - #print "value:$value\n"; - $ht->{$name} = $value; - } - } - return $ht; -} - -sub getmodules { - my $self = shift; - #print "modules: ".$self->{modules}. "\n"; - #print "keys: ".(join ",",keys %{$self->{modules}})."\n"; - return keys %{$self->{modules}}; -} - -sub getmodule { - my $self = shift; - my $modulename = shift; - - #print Dumper($self->{modules}); - return $self->{modules}->{$modulename}; -} - - -sub gettokens { - my $self = shift; - my $module = shift; - - return keys %{$module->{tokens}}; -} - -sub gettoken { - my $self = shift; - my $token= shift; - foreach my $m (values %{$self->{modules}}) { - foreach $t (values %{$m->{tokens}}) { - #print join ",", keys %{$t}; - #print Dumper($t->{detail}); - if ($t->{detail}->{"Token Name"} eq $token) { - return $t; - } - } - } -} - - - -package main; - -sub ::test { - -# initialize - my $modutil = new PKI::RA::Modutil("."); - -#make database if it doesn't exist - if (! $modutil->exists()) { - $modutil->create(); - } - -#get an array of module names - my @mods = $modutil->getmodules(); - - print "Found ".@mods." pkcs#11 modules\n"; - -#for each module... - foreach my $modname (@mods) { - my $module = $modutil->getmodule($modname); - - print "Module: $modname\n"; - print "Library: ".$module->{detail}->{"Library file"}."\n"; - print "Other keys: ".(join ",", keys %{$module->{detail}})."\n"; - -#find all the tokens in a module, e.g. each partition for a lunasa - foreach my $tokenname ($modutil->gettokens($module)) { - print " token: $tokenname\n"; - my $token = $modutil->gettoken($tokenname); - -#dump out the information we have on the token - foreach my $key (keys %{$token}) { - print " token keys/values: $key: ".$token->{$key}."\n"; - } - my @detailkeys = (keys %{$token->{detail}}) ; - print " token detail keys:". (join ",", @detailkeys)."\n"; - print " token detail Manufacturer:". $token->{detail}->{Manufacturer}."\n"; - print "\n"; - } - print "\n"; - } - -} - -# this is where 'main' starts - -if ($ARGV[0] eq "--test") { - ::test(); -} - -1; - -__DATA__ -Listing of PKCS #11 Modules ------------------------------------------------------------ - 1. NSS Internal PKCS #11 Module - slots: 2 slots attached - status: loaded - - slot: NSS Internal Cryptographic Services - token: NSS Generic Crypto Services - - slot: NSS User Private Key and Certificate Services - token: NSS Certificate DB - - 2. lunasa - library name: /usr/lunasa/lib/libCryptoki2.so - slots: 2 slots attached - status: loaded - - slot: LunaNet Slot - token: lunasa1-ca - - slot: LunaNet Slot - token: lunasa2-ca ------------------------------------------------------------ - - diff --git a/pki/base/ra/lib/perl/PKI/RA/NamePanel.pm b/pki/base/ra/lib/perl/PKI/RA/NamePanel.pm deleted file mode 100755 index c30715aa2..000000000 --- a/pki/base/ra/lib/perl/PKI/RA/NamePanel.pm +++ /dev/null @@ -1,570 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -use strict; -use warnings; -use FileHandle; -use PKI::RA::GlobalVar; -use PKI::RA::Common; -use PKI::RA::CertInfo; -use URI::URL; -use URI::Escape; - -package PKI::RA::NamePanel; -$PKI::RA::NamePanel::VERSION = '1.00'; - -use PKI::RA::BasePanel; -our @ISA = qw(PKI::RA::BasePanel); -our $cert_req_header="-----BEGIN NEW CERTIFICATE REQUEST-----"; -our $cert_req_footer="-----END NEW CERTIFICATE REQUEST-----"; -our $cert_header="-----BEGIN CERTIFICATE-----"; -our $cert_footer="-----END CERTIFICATE-----"; - -sub new { - my $class = shift; - my $self = {}; - - $self->{"isSubPanel"} = \&is_sub_panel; - $self->{"hasSubPanel"} = \&has_sub_panel; - $self->{"isPanelDone"} = \&PKI::RA::Common::no; - $self->{"getPanelNo"} = &PKI::RA::Common::r(12); - $self->{"getName"} = &PKI::RA::Common::r("Subject Names"); - $self->{"vmfile"} = "namepanel.vm"; - $self->{"update"} = \&update; - $self->{"panelvars"} = \&display; - bless $self,$class; - return $self; -} - -sub is_sub_panel -{ - my ($q) = @_; - return 0; -} - -sub has_sub_panel -{ - my ($q) = @_; - return 0; -} - -sub validate -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("NamePanel: validate"); - return 1; -} - -sub update -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("NamePanel: update"); - my $instanceDir = $::config->get("service.instanceDir"); - - my $count = $q->param('urls'); - - &PKI::RA::Wizard::debug_log("NamePanel: update - selected ca= $count"); - - my $host = ""; - my $https_ee_port = ""; - - my $useExternalCA = "off"; - if ($count =~ /http/) { - my $info = new URI::URL($count); - $host = $info->host; - $https_ee_port = $info->port; - } else { - $host = $::config->get("preop.securitydomain.ca$count.host"); - if ($host eq "") { - $useExternalCA = "on"; - } else { - $https_ee_port = $::config->get("preop.securitydomain.ca$count.secureport"); - &PKI::RA::Wizard::debug_log("NamePanel: update - host= $host, https_ee_port= $https_ee_port"); - } - } - $::config->put("preop.certenroll.useExternalCA", $useExternalCA); - - $::config->put("preop.ca.url", "https://" . $host . ":" . $https_ee_port); - - my $tokenname = $::config->get("preop.module.token"); - &PKI::RA::Wizard::debug_log("NamePanel: update got token name = $tokenname"); - my $hw; - my $tk; - - if (($tokenname eq "") || ($tokenname eq "NSS Certificate DB")) { - $hw = ""; - $tk = ""; - } else { - $hw = "-h $tokenname"; - $tk = $tokenname.":"; - } - - # is nickname changed because of token (hardware) selection? - my $changed = "false"; - foreach my $certtag (@PKI::RA::Wizard::certtags) { - &PKI::RA::Wizard::debug_log("NamePanel: update begins for certag= $certtag"); - my $cert_dn = $q->param($certtag); - $::config->put("preop.cert.".$certtag.".dn", $cert_dn); - $::config->commit(); - - my $sslnickname = $::config->get("preop.cert.sslserver.nickname"); - my $nickname = $q->param($certtag . "_nick"); - if ($nickname ne "") { - &PKI::RA::Wizard::debug_log("NamePanel: update nickname for $certtag set to $nickname"); - &PKI::RA::Wizard::debug_log("NamePanel: update nickname for $certtag being updated in config file"); - $::config->put("preop.cert.".$certtag.".nickname", $nickname); - $::config->commit(); - } else { - $nickname = $::config->get("preop.cert.$certtag.nickname"); - if ($nickname eq "") { - $nickname = "RA ".$certtag." cert"; - &PKI::RA::Wizard::debug_log("NamePanel: update nickname not found for $certtag -- try $nickname"); - } - } - - my $cert_request = $::config->get("preop.cert.$certtag.certreq"); - if ($cert_request ne "") { - &PKI::RA::Wizard::debug_log("NamePanel: update do not generate new keys"); - goto GEN_CERT; - } - &PKI::RA::Wizard::debug_log("NamePanel: update generate new keys"); - - # =====generate requests======== - # getting new request should void old cert - - my $file= "$instanceDir/conf/".$certtag."_cert.txt"; - my $tmp = `rm $file`; - - &PKI::RA::Wizard::debug_log("NamePanel: retrieving $tokenname from pwdconf"); - my $token_pwd = $::pwdconf->get($tokenname); - &PKI::RA::Wizard::debug_log("NamePanel: creating pwfile"); - open FILE, ">$instanceDir/conf/.pwfile"; - system( "chmod 00660 $instanceDir/conf/.pwfile" ); - $token_pwd =~ s/\n//g; - print FILE $token_pwd; - close FILE; - - my $keytype = $::config->get("preop.cert.$certtag.keytype"); - if ($keytype eq "") { - $keytype = "rsa"; - } - - my $select = $::config->get("preop.cert.$certtag.keysize.select"); - - my $keysize; - - if ($keytype eq "rsa") { - $keysize = 2048; - } elsif ($keytype eq "ecc") { - $keysize = 256; - } - - if (($select eq "") || ($select eq "default")) { - my $size = $::config->get("preop.cert.$certtag.keysize.size"); - if ($size ne "") { - $keysize = $size; - } - } else { - my $size = $::config->get("preop.cert.$certtag.keysize.customsize"); - if ($size ne "") { - $keysize = $size; - } - if (($keytype eq "ecc") && ($keysize ne 256)) { - &PKI::RA::Wizard::debug_log("NamePanel: update got keysize from config= $keysize changing to 256, the only supported ECC strength"); - $keysize = 256; - } - } - - &PKI::RA::Wizard::debug_log("NamePanel: update got key type $keytype"); - my $req; - my $debug_req; - my $filename = "/tmp/random.$$"; - `dd if\=/dev/urandom of\=\"$filename\" count\=256 bs\=1`; - if ($keytype eq "rsa") { - #XXX temporary - &PKI::RA::Wizard::debug_log("NamePanel: update "."certutil -R -s $cert_dn -k $keytype -g $keysize -d $instanceDir/alias $hw -f $instanceDir/conf/.pwfile -a -z $filename"); - my $tmpfile = "/tmp/req$$"; - system("certutil -R -s \"$cert_dn\" -k $keytype -g $keysize -d $instanceDir/alias $hw -f $instanceDir/conf/.pwfile -a -z $filename > $tmpfile"); - $req = `cat $tmpfile`; - system("rm $tmpfile"); - } elsif ($keytype eq "ecc") { - #only support curve nistp256 for now - my $tmpfile = "/tmp/req$$"; - system("certutil -d $instanceDir/alias $hw -f $instanceDir/conf/.pwfile -R -s \"$cert_dn\" -k ec -q nistp256 -a -z $filename> $tmpfile"); - $req = `cat $tmpfile`; - system("rm $tmpfile"); - } else { - &PKI::RA::Wizard::debug_log("NamePanel: update unsupported keytype $keytype"); - } - system("rm $filename"); - - my $save_line = 0; - my @req_a = split "\n", $req; - foreach my $line (@req_a) { - chomp( $line ); - $line =~ s/
//g; - if ($line eq $cert_req_header) { - $save_line = 1; - } elsif( $line eq $cert_req_footer ) { - $save_line = 0; - last; - } elsif( $save_line == 1 ) { - $cert_request .= "$line"; - } - } - &PKI::RA::Wizard::debug_log("NamePanel: update putting cert_request in CS.cfg: $cert_request"); - $::config->put("preop.cert.$certtag.certreq", $cert_request); - $::config->commit(); - -GEN_CERT: -# =====request for certs======== -# see if there is an existing cert - - my $cert = $::config->get("preop.cert.$certtag.cert"); - my $sdom = $::config->get("config.sdomainEEURL"); - my $sdom_url = new URI::URL($sdom); - - if (($useExternalCA eq "on") && ($certtag ne "subsystem")) { - &PKI::RA::Wizard::debug_log("NamePanel: update External CA selected"); - if ($cert eq "") { - &PKI::RA::Wizard::debug_log("NamePanel: update no cert found...need manual enrollment"); - } - } else { - if ($cert eq "") { - &PKI::RA::Wizard::debug_log("NamePanel: update External CA not selected...need automatic enrollment"); - - my $machineName = $::config->get("service.machineName"); - my $securePort = $::config->get("service.securePort"); - my $session_id = $::config->get("preop.sessionID"); - - if ($cert_request ne "") { - &PKI::RA::Wizard::debug_log("NamePanel: update found existing request: $cert_request"); - } else { - &PKI::RA::Wizard::debug_log("NamePanel: update existing request not found"); - #something is wrong...no request, no cert - goto DONE; - return $cert; - } - - my $instanceID = $::config->get("service.instanceID"); - my $instanceDir = $::config->get("service.instanceDir"); - my $db_password = ""; - &PKI::RA::Wizard::debug_log("NamePanel: greping password"); - - my $tmpfile = "/tmp/grep$$"; - system ("grep \"internal:\" \"$instanceDir/conf/password.conf\" | cut -c10- > $tmpfile"); - $db_password = `cat $tmpfile`; - $db_password =~ s/\n$//g; - system("rm $tmpfile"); - - my $profile_id = $::config->get("preop.cert.$certtag.profile"); - &PKI::RA::Wizard::debug_log("NamePanel: profileId=" . $profile_id); - my $requestor_name = "RA-" . $machineName . "-" . $securePort; - my $params = "profileId=" . $profile_id . "&" . - "cert_request_type=" . "pkcs10" . "&" . - "requestor_name=" . $requestor_name . "&" . - "cert_request=" . - URI::Escape::uri_escape("$cert_request") . "&" . - "xmlOutput=true" . "&" . - "sessionID=" . $session_id . "&" . - "auth_hostname=" . $sdom_url->host . "&" . - "auth_port=" . $sdom_url->port; - - if ($certtag eq "subsystem") { - $host = $sdom_url->host; - $https_ee_port = $sdom_url->port; - } - if ($changed eq "true") { -$req = "/usr/bin/sslget -e \"$params\" -d \"$instanceDir/alias\" -p \"$token_pwd\" -v -n \"$sslnickname\" -r \"/ca/ee/ca/profileSubmit\" $host:$https_ee_port"; -$debug_req = "/usr/bin/sslget -e \"$params\" -d \"$instanceDir/alias\" -p \"(sensitive)\" -v -n \"$sslnickname\" -r \"/ca/ee/ca/profileSubmit\" $host:$https_ee_port"; - } else { -$req = "/usr/bin/sslget -e \"$params\" -d \"$instanceDir/alias\" -p \"$db_password\" -v -n \"$sslnickname\" -r \"/ca/ee/ca/profileSubmit\" $host:$https_ee_port"; -$debug_req = "/usr/bin/sslget -e \"$params\" -d \"$instanceDir/alias\" -p \"(sensitive)\" -v -n \"$sslnickname\" -r \"/ca/ee/ca/profileSubmit\" $host:$https_ee_port"; - } - - &PKI::RA::Wizard::debug_log("debug_req = " . $debug_req); - my $content = `$req`; - &PKI::RA::Wizard::debug_log("content = " . $content); - - $content =~ /(\<XMLResponse\>.*\<\/XMLResponse\>)/; - $content = $1; - - if ($content eq "") { - $::symbol{errorString} = "CA returned no response. Please check that the CA is available and also check the host's firewall settings."; - return 0; - } - - my $parser = XML::Simple->new(); - &PKI::RA::Wizard::debug_log("NamePanel: response content= " . $content); - my $response = $parser->XMLin($content); - my $status = $response->{Status}; - if ($status ne "0") { - my $error = $response->{Error}; - &PKI::RA::Wizard::debug_log("NamePanel: Error = $error"); - $::symbol{errorString} = "CA response: $error. Please check previous related panels." . " Please check that the CA is available and also check the host's firewall settings."; - return 0; - } - $cert = $response->{Requests}->{Request}->{b64}; - &PKI::RA::Wizard::debug_log("NamePanel: new cert generated= " . $cert); - -# my $reqid = $response->{Requests}->{Request}->{Id}; -# $::config->put("preop.admincert.requestId.0", $reqid); -# my $sn = $response->{Requests}->{Request}->{serialno}; -# $::config->put("preop.admincert.serialno.0", $sn); -# $::config->commit(); - - &PKI::RA::Wizard::debug_log("NamePanel: update putting cert in CS.cfg: $cert"); - $::config->put("preop.cert.$certtag.cert", $cert); - $::config->commit(); - - } else { - # cert is not null - &PKI::RA::Wizard::debug_log("NamePanel: update External CA not selected. Cert found...no need for enrollment"); - } - -# write cert to file so certutil can import - my $cert_fn = "$instanceDir/conf/".$certtag."_cert.txt"; - open FILE, "> $cert_fn"; - print FILE $cert_header."\n".$cert."\n".$cert_footer; - close FILE; - - # import cert, whether it was imported before or not - my $nickname = $::config->get("preop.cert.$certtag.nickname"); - if ($nickname eq "") { - #XXX - $nickname = "RA ".$certtag." cert"; - &PKI::RA::Wizard::debug_log("NamePanel: update nickname not found for $certtag -- try $nickname"); - } - - if ($certtag ne "sslserver") { - &PKI::RA::Wizard::debug_log("NamePanel: update: try to delete existing cert $nickname, if any....ok if it fails"); - $tmp = `certutil -d $instanceDir/alias -D -n "$nickname"`; - $tmp = `certutil -d $instanceDir/alias -D $hw -f $instanceDir/conf/.pwfile -n "$tk$nickname"`; - } else { - &PKI::RA::Wizard::debug_log("NamePanel: update: try to delete existing cert $sslnickname, if any....ok if it fails"); - $tmp = `certutil -d $instanceDir/alias -D -n "$sslnickname"`; - $tmp = `certutil -d $instanceDir/alias -D $hw -f $instanceDir/conf/.pwfile -n "$tk$sslnickname"`; - } - - &PKI::RA::Wizard::debug_log("NamePanel: update: try to import cert from $cert_fn"); - $tmp = `certutil -d $instanceDir/alias $hw -f $instanceDir/conf/.pwfile -A -n "$nickname" -t "u,u,u" -a -i $cert_fn`; - # changed the cert, need to change nickname too, if necessary - if ($hw ne "") { - if ($certtag eq "sslserver") { - if ($changed eq "false") { - $::config->put("preop.cert.$certtag.nickname", "$tk$nickname"); - } - $changed = "true"; - } elsif ($certtag eq "subsystem") { - &PKI::RA::Wizard::debug_log("NamePanel: update: subsystem nickname changed"); - $::config->put("preop.cert.$certtag.nickname", "$tk$nickname"); - $::config->put("conn.ca1.clientNickname", "$tk$nickname"); - $::config->put("conn.drm1.clientNickname", "$tk$nickname"); - $::config->put("conn.tks1.clientNickname", "$tk$nickname"); - $::config->put( "ra.cert.subsystem.nickname", "$tk$nickname"); - } else { - &PKI::RA::Wizard::debug_log("NamePanel: update: $certtag nickname changed"); - $::config->put("preop.cert.$certtag.nickname", "$tk$nickname"); - } - $::config->commit(); - } else { - if ($certtag eq "subsystem") { - # setting these just in case the subsystem nickname changed. - &PKI::RA::Wizard::debug_log("NamePanel: update: setting in case the subsystem nickname changed"); - $::config->put("conn.ca1.clientNickname", "$nickname"); - $::config->put("conn.drm1.clientNickname", "$nickname"); - $::config->put("conn.tks1.clientNickname", "$nickname"); - $::config->put("ra.cert.subsystem.nickname", "$nickname"); - } - $::config->commit(); - } - - &PKI::RA::Wizard::debug_log("NamePanel: update: done importing cert: $tk$nickname"); - $tmp = `rm $cert_fn`; - } - } - -DONE: - &PKI::RA::Wizard::debug_log("NamePanel: removing pwfile"); - my $tmp = `rm $instanceDir/conf/.pwfile`; - return 1; -} - -sub readFile -{ - my $fn = $_[0]; - open FILE, "< $fn" or return ""; - my $content = join "",<FILE>; - close FILE; - - return $content; -} - -use Data::Dumper; - -sub display -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("NamePanel: display"); - - my $domain_name = $::config->get("preop.securitydomain.name"); - if ($domain_name eq "") { - $domain_name = "RA Domain"; - } - my $machine_name = $::config->get("service.machineName"); - my $instance_id = $::config->get("service.instanceID"); - - my $i = 0; - foreach my $certtag (@PKI::RA::Wizard::certtags) { - &PKI::RA::Wizard::debug_log("NamePanel: display certtag=$certtag"); - my $cert_dn = $::config->get("preop.cert.".$certtag.".dn"); - if ($cert_dn eq "") { - if ($certtag eq "subsystem") { - $cert_dn = "CN=RA Subsystem, " . - "OU=" . $instance_id . ", " . - "O=" . $domain_name; - } elsif ($certtag eq "sslserver") { - $cert_dn ="CN=" . $machine_name . ", " . - "OU=" . $instance_id . ", " . - "O=" . $domain_name; - } else { - &PKI::RA::Wizard::debug_log("NamePanel: display other certtag=$certtag"); - $cert_dn = $certtag; - } - $::config->put("preop.cert.".$certtag.".dn", $cert_dn); - $::config->commit(); - } else { - if (!($cert_dn =~ /O=/)) { - $cert_dn .= ", O=" . $domain_name; - $::config->put("preop.cert.".$certtag.".dn", $cert_dn); - $::config->commit(); - } - } - - my $name = $::config->get("preop.cert.".$certtag.".userfriendlyname"); - if ($name eq "") { - $name = $certtag."Cert ".$instance_id; - $::config->put("preop.cert.".$certtag.".userfriendlyname", $name); - $::config->commit(); - } - - my $cert = new PKI::RA::CertInfo($name, - $cert_dn, $certtag); - $::symbol{certs}[$i++] = $cert; - } - - &PKI::RA::Wizard::debug_log("NamePanel: getting CA info"); - $::symbol{urls} = []; - my $count = 0; - - while (1) { - my $host = $::config->get("preop.securitydomain.ca$count.host"); - if ($host eq "") { - goto DONE; - } - my $https_ee_port = $::config->get("preop.securitydomain.ca$count.secureport"); - my $name = $::config->get("preop.securitydomain.ca$count.subsystemname"); - my $item = $name . " - https://" . $host . ":" . $https_ee_port; - $::symbol{urls}[$count++] = $item; - - } -DONE: - - $::symbol{urls}[$count++] = "External CA"; - $::symbol{urls_size} = $count+1; - - return 1; -} - - -# arg0 filename containing certificate request -# return certificate request plus header and footer -sub extract_cert_req_from_file -{ - my $save_line = 0; - - my $filename = $_[0]; - - my $fd = new FileHandle; - - my $cert_request = ""; - - $fd->open( "<$filename" ) or die "Could not open '$filename'!\n"; - - while( <$fd> ) - { - my $line = $_; - chomp( $line ); - - if( $line eq $cert_req_header ) { - $save_line = 1; - $cert_request .= "$line\n"; - } elsif( $line eq $cert_req_footer ) { - $cert_request .= "$line\n"; - $save_line = 0; - last; - } elsif( $save_line == 1 ) { - $cert_request .= "$line\n"; - } - } - - $fd->close(); - - return $cert_request; -} - -# arg0 message containing certificate request -# return certificate request sans header and footer -sub extract_cert_req_from_file_sans_header_and_footer -{ - my $filename = $_[0]; - my $save_line = 0; - - my $fd = new FileHandle; - - my $cert_request = ""; - - $fd->open( "<$filename" ) or die "Could not open '$filename'!\n"; - - while( <$fd> ) - { - my $line = $_; - chomp( $line ); - - if( $line eq $cert_req_header ) { - $save_line = 1; - } elsif( $line eq $cert_req_footer ) { - $save_line = 0; - last; - } elsif( $save_line == 1 ) { - $cert_request .= "$line\n"; - } - } - - $fd->close(); - - return $cert_request; -} - -1; diff --git a/pki/base/ra/lib/perl/PKI/RA/ReqCertInfo.pm b/pki/base/ra/lib/perl/PKI/RA/ReqCertInfo.pm deleted file mode 100755 index 51c22cd24..000000000 --- a/pki/base/ra/lib/perl/PKI/RA/ReqCertInfo.pm +++ /dev/null @@ -1,235 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -use strict; -use warnings; -use PKI::RA::GlobalVar; -use PKI::RA::Common; - -package PKI::RA::ReqCertInfo; -$PKI::RA::ReqCertInfo::VERSION = '1.00'; - -our $cert_req_header="-----BEGIN NEW CERTIFICATE REQUEST-----"; -our $cert_req_footer="-----END NEW CERTIFICATE REQUEST-----"; -our $cert_header="-----BEGIN CERTIFICATE-----"; -our $cert_footer="-----END CERTIFICATE-----"; - -sub new { - my ($class, $name, $dn, $tag) = @_; - my $self = {}; - &PKI::RA::Wizard::debug_log("ReqCertInfo: start new"); - &PKI::RA::Wizard::debug_log("ReqCertInfo: creating name: $name, dn: $dn, tag: $tag"); - - $self->{"getUserFriendlyName"} = \&get_user_friendly_name; - $self->{"getCertTag"} = \&get_cert_tag; - $self->{"getCert"} = \&get_cert; - $self->{"getCertpp"} = \&get_cert_pp; - $self->{"getRequest"} = \&get_request; - $self->{"getDN"} = \&get_dn; - $self->{"useDefaultKey"} = \&use_default_key; - $self->{"getCustomKeysize"} = \&get_custom_keysize; - &PKI::RA::Wizard::debug_log("ReqCertInfo: end new"); - - $self->{name} = $name; - $self->{dn} = $dn; - $self->{tag} = $tag; - - bless $self, $class; - return $self; -} - -sub get_user_friendly_name -{ - my ($self) = @_; - &PKI::RA::Wizard::debug_log("ReqCertInfo: get_user_friendly_name"); - return $self->{name}; -} - -sub readFile -{ - my $fn = $_[0]; - open FILE, "< $fn" or return ""; - my $content = join "",<FILE>; - close FILE; - - return $content; -} - -sub wrap_lines -{ - my $lines = shift; - my $temp ; - foreach my $line (split "\n", $lines) { - if (length $line > 59) { - $line =~ s/(.{0,60})/$1\n/g; - } - # get rid of a line that is just an empty newline - $line =~ s/^\n$//gms; - $temp .= $line; - } - # collapse multiple newlines into one - $temp =~ s/\n+/\n/gms; - $temp =~ s/\n$//gms; - $temp; - -} - -sub get_request -{ - my ($self) = @_; - &PKI::RA::Wizard::debug_log("ReqCertInfo: get_request"); - # first, try to see if request has been made before -# my $req = readFile( "/var/lib/pki-ra/conf/$self->{tag}_cert_request.txt"); - - my $req = $::config->get("preop.cert.$self->{tag}.certreq"); - - $req = wrap_lines($req); - - if ($req ne "") { - &PKI::RA::Wizard::debug_log("ReqCertInfo: get_request found existing request"); - return $cert_req_header."\n".$req."\n".$cert_req_footer;; - } else { - &PKI::RA::Wizard::debug_log("ReqCertInfo: get_request existing request not found"); - } - - return $req; -} - -sub get_cert -{ - my ($self) = @_; - &PKI::RA::Wizard::debug_log("ReqCertInfo: get_cert"); -# see if there is an existing cert -# my $cert = readFile("/var/lib/pki-ra/conf/".$self->{tag}."_cert.txt"); - my $cert = $::config->get("preop.cert.$self->{tag}.cert"); - - $cert = wrap_lines($cert); - if ($cert ne "") { - &PKI::RA::Wizard::debug_log("ReqCertInfo: get_cert found existing cert"); - return $cert_header."\n".$cert."\n".$cert_footer;; - } else { - &PKI::RA::Wizard::debug_log("ReqCertInfo: get_cert existing cert not found"); - } - if ($cert eq "") { - $cert = "...paste certificate here..."; - } - - - return $cert; -} - -sub get_cert_pp -{ - my ($self) = @_; - &PKI::RA::Wizard::debug_log("ReqCertInfo: get_cert_pp"); - my $instanceDir = $::config->get("service.instanceDir"); - - my $hw; - my $tokenname = $::config->get("preop.module.token"); - &PKI::RA::Wizard::debug_log("ReqCertInfo: update got token name = $tokenname"); - - if (($tokenname eq "") || ($tokenname eq "NSS Certificate DB")) { - $hw = ""; - } else { - $hw = "-h $tokenname"; - } - - my $token_pwd = $::pwdconf->get($tokenname); - open FILE, ">$instanceDir/conf/.pwfile"; - system( "chmod 00660 $instanceDir/conf/.pwfile" ); - $token_pwd =~ s/\n//g; - print FILE $token_pwd; - close FILE; - - my $nickname = $::config->get("preop.cert.$self->{tag}.nickname"); - if ($nickname eq "") { -#XXX - $nickname = "RA ".$self->{tag}." cert"; - &PKI::RA::Wizard::debug_log("ReqCertInfo: get_cert_pp nickname not found for $self->{tag} -- try $nickname"); - } - my $certpp=""; -# my $found = -e "/var/lib/pki-ra/conf/$self->{tag}_cert.txt"; - my $cert = $::config->get("preop.cert.$self->{tag}.cert"); - - if ($cert ne "") { - &PKI::RA::Wizard::debug_log("ReqCertInfo: get_cert_pp found request, ready to get prettyprint"); - my $tmp = `certutil -d $instanceDir/alias $hw -f $instanceDir/conf/.pwfile -n "$nickname" -L > $instanceDir/conf/$self->{tag}_cert_pp.txt`; - $certpp = readFile("$instanceDir/conf/$self->{tag}_cert_pp.txt"); - $certpp =~ s/"//g; - &PKI::RA::Wizard::debug_log("ReqCertInfo: get_cert_pp pp=$certpp"); - $tmp =`rm $instanceDir/conf/$self->{tag}_cert_pp.txt`; - } else { - &PKI::RA::Wizard::debug_log("ReqCertInfo: get_cert_pp cert not found, will not get prettyprint"); - } - my $tmp = `rm $instanceDir/conf/.pwfile`; - - return $certpp; -} - -sub get_cert_tag -{ - my ($self) = @_; - &PKI::RA::Wizard::debug_log("ReqCertInfo: get_cert_tag"); - return $self->{tag}; -} - -sub get_dn -{ - my ($self) = @_; - &PKI::RA::Wizard::debug_log("ReqCertInfo: get_cert_dn"); - return $self->{dn}; -} - -sub use_default_key -{ - my ($self) = @_; - &PKI::RA::Wizard::debug_log("ReqCertInfo: use_default_key"); - my $select = $::config->get("preop.cert.$self->{tag}.keysize.select"); - if ($select ne "") { - if ($select eq "custom") { - &PKI::RA::Wizard::debug_log("ReqCertInfo: use_default_key from config = $select returning 0"); - return 0; - } - } - - &PKI::RA::Wizard::debug_log("ReqCertInfo: use_default_key returning 1"); - return 1; -} - -sub get_custom_keysize -{ - my ($self) = @_; - &PKI::RA::Wizard::debug_log("ReqCertInfo: get_custom_keysize"); - my $keysize = $::config->get("preop.cert.$self->{tag}.keysize.customsize"); - if ($keysize ne "") { - &PKI::RA::Wizard::debug_log("ReqCertInfo: get_custom_keysize from config = $keysize"); - return $keysize; - } else { - &PKI::RA::Wizard::debug_log("ReqCertInfo: get_custom_keysize not from config"); - } - return 2048; -} - - -1; diff --git a/pki/base/ra/lib/perl/PKI/RA/SecurityDomainPanel.pm b/pki/base/ra/lib/perl/PKI/RA/SecurityDomainPanel.pm deleted file mode 100755 index 114b19ef0..000000000 --- a/pki/base/ra/lib/perl/PKI/RA/SecurityDomainPanel.pm +++ /dev/null @@ -1,199 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -use strict; -use warnings; -use PKI::RA::GlobalVar; -use PKI::RA::Common; -use URI::URL; -use XML::Simple; -use Data::Dumper; - -package PKI::RA::SecurityDomainPanel; -$PKI::RA::SecurityDomainPanel::VERSION = '1.00'; - -use PKI::RA::BasePanel; -our @ISA = qw(PKI::RA::BasePanel); - -sub new { - my $class = shift; - my $self = {}; - - $self->{"isSubPanel"} = \&is_sub_panel; - $self->{"hasSubPanel"} = \&has_sub_panel; - $self->{"isPanelDone"} = \&PKI::RA::Common::no; - $self->{"getPanelNo"} = &PKI::RA::Common::r(1); - $self->{"getName"} = &PKI::RA::Common::r("Security Domain"); - $self->{"vmfile"} = "securitydomainpanel.vm"; - $self->{"update"} = \&update; - $self->{"panelvars"} = \&display; - bless $self,$class; - return $self; -} - -sub validate -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("SecurityPanel: validate"); - - return 1; -} - -sub is_sub_panel -{ - my ($q) = @_; - return 0; -} - -sub has_sub_panel -{ - my ($q) = @_; - return 0; -} - -sub pingCS -{ - my( $instanceDir ) = $_[0]; - my( $db_password ) = $_[1]; - my( $nickname ) = $_[2]; - my( $hostname ) = $_[3]; - my( $port ) = $_[4]; - - my $content = `/usr/bin/sslget -d $instanceDir/alias -p $db_password -v -r "/ca/admin/ca/getStatus" $hostname:$port`; - if( "$content" eq "" ) { - return 0; - } else { - $content =~ /(\<XMLResponse\>.*\<\/XMLResponse\>)/; - $content = $1; - - my $parser = XML::Simple->new(); - my $response = $parser->XMLin($content); - my $state = $response->{State}; - - if( "$state" eq "1" ) { - return 1; - } else { - return 0; - } - } -} - -sub display -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("SecurityPanel: display"); - $::symbol{panelname} = "Security Domain"; - $::symbol{sdomainName} = "Security Domain"; - - my $instanceDir = $::config->get("service.instanceDir"); - my $db_password = `grep \"internal:\" \"$instanceDir/conf/password.conf\" | cut -c10-`; - $db_password =~ s/\n$//g; - my $nickname = $::config->get("preop.cert.sslserver.nickname"); - my $hostname = $::config->get("service.machineName"); - my $default_https_admin_port = 9445; - - # check to see if "default" security domain exists on local machine - my $status = pingCS( $instanceDir, - $db_password, - $nickname, - $hostname, - $default_https_admin_port ); - if( "$status" eq "1" ) { - # "default" security domain exists on local machine; - # fill "sdomainURL" in with "default" security domain - # as an initial "guess" - $::symbol{sdomainURL} = "https://" . $hostname . ":" - . $default_https_admin_port; - } else { - # "default" security domain does NOT exist on local machine; - # leave "sdomainURL" blank - $::symbol{sdomainURL} = ""; - } - - $::symbol{sdomainAdminURL} = "https://" . $hostname . ":" - . $default_https_admin_port; - - my $initDaemon = "pki-cad"; - my $initCommand = ""; - my $instanceID ="<security_domain_instance_name> "; - if( $^O eq "linux" ) { - $initCommand = "/sbin/service $initDaemon"; - } else { - ## default case: e. g. - ( $^O eq "solaris" ) - $initCommand = "/etc/init.d/$initDaemon"; - } - $::symbol{initCommand} = $initCommand; - $::symbol{instanceID} = $instanceID; - return 1; -} - - -sub update -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("SecurityPanel: update"); - my $sdomainURL = $q->param("sdomainURL"); - - if ($sdomainURL eq "") { - &PKI::RA::Wizard::debug_log("SecurityPanel: sdomainURL has not been specified!"); - $::symbol{errorString} = "Security Domain HTTPS has not been specified!"; - return 0; - } - - my $sdomainURL_info = new URI::URL($sdomainURL); - - my $instanceDir = $::config->get("service.instanceDir"); - my $db_password = `grep \"internal:\" \"$instanceDir/conf/password.conf\" | cut -c10-`; - $db_password =~ s/\n$//g; - my $nickname = $::config->get("preop.cert.sslserver.nickname"); - my $hostname = $sdomainURL_info->host; - my $https_admin_port = $sdomainURL_info->port; - - # check to see if "default" security domain exists on local machine - my $status = pingCS( $instanceDir, - $db_password, - $nickname, - $hostname, - $https_admin_port ); - if( "$status" ne "1" ) { - # invalid security domain specified - &PKI::RA::Wizard::debug_log("SecurityPanel: sdomainURL not found"); - $::symbol{errorString} = "Security Domain HTTPS Admin URL not found"; - return 0; - } - - # save urls in CS.cfg - &PKI::RA::Wizard::debug_log("SecurityPanel: sdomainURL=" . $sdomainURL); - $::config->put("config.sdomainAdminURL", $sdomainURL); - - # Add values necessary for 'pkiremove' . . . - $::config->put("securitydomain.select", "existing"); - $::config->put("securitydomain.host", $sdomainURL_info->host); - $::config->put("securitydomain.httpsadminport", $sdomainURL_info->port); - $::config->commit(); - - return 1; -} - -1; diff --git a/pki/base/ra/lib/perl/PKI/RA/SizePanel.pm b/pki/base/ra/lib/perl/PKI/RA/SizePanel.pm deleted file mode 100755 index f55dc41e9..000000000 --- a/pki/base/ra/lib/perl/PKI/RA/SizePanel.pm +++ /dev/null @@ -1,245 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -use strict; -use warnings; -use PKI::RA::GlobalVar; -use PKI::RA::Common; -use PKI::RA::CertInfo; - -package PKI::RA::SizePanel; -$PKI::RA::SizePanel::VERSION = '1.00'; - -use PKI::RA::BasePanel; -our @ISA = qw(PKI::RA::BasePanel); - -sub new { - my $class = shift; - my $self = {}; - - $self->{"isSubPanel"} = \&is_sub_panel; - $self->{"hasSubPanel"} = \&has_sub_panel; - $self->{"isPanelDone"} = \&PKI::RA::Common::no; - $self->{"getPanelNo"} = &PKI::RA::Common::r(11); - $self->{"getName"} = &PKI::RA::Common::r("Key Pairs"); - $self->{"vmfile"} = "sizepanel.vm"; - $self->{"update"} = \&update; - $self->{"panelvars"} = \&display; - bless $self,$class; - return $self; -} - -sub is_sub_panel -{ - my ($q) = @_; - return 0; -} - -sub has_sub_panel -{ - my ($q) = @_; - return 0; -} - -sub validate -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("SizePanel: validate"); - return 1; -} - -sub update -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("SizePanel: update"); - - my $instanceDir = $::config->get("service.instanceDir"); - my $done = $::config->get("preop.SizePanel.done"); - my $genKeyPair = $q->param('generateKeyPair'); - &PKI::RA::Wizard::debug_log("SizePanel: update generateKeyPair value=$genKeyPair"); - if ($done eq "true") { - if ($genKeyPair eq "") { - &PKI::RA::Wizard::debug_log("SizePanel: update generateKeyPair value not found, turn to off"); - $genKeyPair = "off"; - } - } else { - # firstime should always generate keys - $genKeyPair = "on"; - } - - foreach my $certtag (@PKI::RA::Wizard::certtags) { - my $select = $q->param($certtag.'_choice'); - my $keytype = $q->param($certtag.'_keytype'); - my $size = $q->param($certtag.'_custom_size'); - - &PKI::RA::Wizard::debug_log("SizePanel: update $certtag _choice=$select $certtag _keytype=$keytype customsize= $size"); - - $::config->put("preop.keysize.select", $select); - $::config->put("preop.cert.".$certtag.".keysize.select", $select); - - if (! isSupportedSize($keytype, $size)) { - &PKI::RA::Wizard::debug_log("SizePanel: update size $size not supported"); - return 0; - } - $::config->put("preop.cert.".$certtag.".keysize.customsize", $size); - $::config->put("preop.cert.".$certtag.".keytype", $keytype); - - if ($select eq "default") { - my $defaultSize = getDefaultSize($keytype); - &PKI::RA::Wizard::debug_log("SizePanel: update in default, defaultsize = $defaultSize"); - $::config->put("preop.keysize.customsize", $defaultSize); - $::config->put("preop.keysize.size", $defaultSize); - $::config->put("preop.cert.".$certtag.".keysize.size", $defaultSize); - - } elsif ($select eq "custom") { - &PKI::RA::Wizard::debug_log("SizePanel: update in custom, customsize = $size"); - $::config->put("preop.keysize.size", $size); - $::config->put("preop.cert.".$certtag.".keysize.size", $size); - } - - if ($genKeyPair eq "on") { - $::config->put("preop.cert.".$certtag.".certreq", ""); - $::config->put("preop.cert.".$certtag.".cert", ""); - } - } -#XXX should have better error checking to work better - $done = $::config->put("preop.SizePanel.done", "true"); - $::config->commit(); - - return 1; -} - -sub getDefaultSize { - my $keytype = $_[0]; - - if ($keytype eq "ecc") { - return 256; - } elsif ($keytype eq "rsa") { - return 2048; - } - - $::symbol{errorString} = "Unsupported keytype $keytype"; - return 0; -} - -sub isSupportedSize { - my $keytype = $_[0]; - my $size = $_[1]; - - if (($keytype eq "ecc") && ($size ne "256")) { - &PKI::RA::Wizard::debug_log("SizePanel: isSupportedSize ECC only supports size 256"); - $::symbol{errorString} = "Unsupported Size $size. ECC only supports size 256"; - return 0; - } - - if (($size eq "256") || ($size eq "512") || ($size eq "1024") || - ($size eq "2048") || ($size eq "4096")) { - return 1; - } - # wrong size - $::symbol{errorString} = "Unsupported Size $size. RSA only supports sizes 256, 512, 1024, 2048, and 4096"; - return 0; -} - -sub display -{ - my ($q) = @_; - - &PKI::RA::Wizard::debug_log("SizePanel: display"); - - my $done = $::config->get("preop.SizePanel.done"); - &PKI::RA::Wizard::debug_log("SizePanel: display is panel done? $done"); - if ($done eq "true") { - $::symbol{firsttime} = "false"; - } else { - $::symbol{firsttime} = "true"; - } - - my $domain_name = $::config->get("preop.securitydomain.name"); - if ($domain_name eq "") { - $domain_name = "RA Domain"; - } - - my $machine_name = $::config->get("service.machineName"); - my $instance_id = $::config->get("service.instanceID"); - - my $i = 0; - foreach my $certtag (@PKI::RA::Wizard::certtags) { - my $cert_dn = $::config->get("preop.cert.".$certtag.".dn"); - if ($cert_dn eq "") { - if ($certtag eq "subsystem") { - $cert_dn = "CN=RA Subsystem, " . - "OU=" . $instance_id . ", " . - "O=" . $domain_name; - } elsif ($certtag eq "sslserver") { - $cert_dn ="CN=" . $machine_name . ", " . - "OU=" . $instance_id . ", " . - "O=" . $domain_name; - } else { - $cert_dn = $certtag; - } - } - my $name = $::config->get("preop.cert.".$certtag.".userfriendlyname"); - if ($name eq "") { - $name = $certtag."Cert ".$instance_id; - } - my $cert = new PKI::RA::CertInfo($name, - $cert_dn, $certtag); - $::symbol{certs}[$i++] = $cert; - } - - #for "common key settings" - my $select = $::config->get("preop.keysize.select"); - if (($select eq "") || ($select eq "default")) { - $::symbol{select} = "default"; - } else { - &PKI::RA::Wizard::debug_log("SizePanel: display keysize select= $select"); - $::symbol{select} = $select; - } - my $default_size = $::config->get("preop.keysize.size"); - if ($default_size eq "") { - $::symbol{default_keysize} = 2048; - } else { - $::symbol{default_keysize} = $default_size; - } - - my $default_ecc_size = $::config->get("preop.keysize.ecc.size"); - if ($default_ecc_size eq "") { - $::symbol{default_ecc_keysize} = 256; - } else { - $::symbol{default_ecc_keysize} = $default_ecc_size; - } - - my $custom_size = $::config->get("preop.keysize.customsize"); - if ($custom_size eq "") { - $::symbol{custom_size} = 2048; - } else { - $::symbol{custom_size} = $default_size; - } - - - return 1; -} - -1; diff --git a/pki/base/ra/lib/perl/PKI/RA/SubsystemTypePanel.pm b/pki/base/ra/lib/perl/PKI/RA/SubsystemTypePanel.pm deleted file mode 100755 index 3d946bca0..000000000 --- a/pki/base/ra/lib/perl/PKI/RA/SubsystemTypePanel.pm +++ /dev/null @@ -1,142 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -use strict; -use warnings; -use PKI::RA::GlobalVar; -use PKI::RA::Common; - -package PKI::RA::SubsystemTypePanel; -$PKI::RA::SubsystemTypePanel::VERSION = '1.00'; - -use PKI::RA::BasePanel; -our @ISA = qw(PKI::RA::BasePanel); - -sub new { - my $class = shift; - my $self = {}; - - $self->{"isSubPanel"} = \&is_sub_panel; - $self->{"hasSubPanel"} = \&has_sub_panel; - $self->{"isPanelDone"} = \&PKI::RA::Common::no; - $self->{"getPanelNo"} = &PKI::RA::Common::r(3); - $self->{"getName"} = &PKI::RA::Common::r("Subsystem Type"); - $self->{"vmfile"} = "createsubsystempanel.vm"; - $self->{"update"} = \&update; - $self->{"panelvars"} = \&display; - bless $self,$class; - return $self; -} - -sub is_sub_panel -{ - my ($q) = @_; - return 0; -} - -sub has_sub_panel -{ - my ($q) = @_; - return 0; -} - -sub validate -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("SubsystemTypePanel: validate"); - return 1; -} - -sub update -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("SubsystemTypePanel: update"); - $::symbol{systemname} = "Registration Authority "; - $::symbol{subsystemName} = "Registration Authority"; - $::symbol{fullsystemname} = "Registration Authority"; - $::symbol{machineName} = "localhost"; - $::symbol{http_port} = "12888"; - $::symbol{https_port} = "12889"; - $::symbol{non_clientauth_https_port} = "12890"; - $::symbol{check_clonesubsystem} = " "; - $::symbol{check_newsubsystem} = " "; - $::symbol{disableClone} = 1; - - my $subsystemName = $q->param('subsystemName'); - $::config->put("preop.subsystem.name", $subsystemName); - $::config->commit(); - - return 1; -} - -sub display -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("SubsystemTypePanel: display"); - $::symbol{systemname} = "Registration Authority "; - $::symbol{subsystemName} = "Registration Authority"; - $::symbol{fullsystemname} = "Registration Authority "; - - my $machineName = $::config->get("service.machineName"); - my $unsecurePort = $::config->get("service.unsecurePort"); - my $securePort = $::config->get("service.securePort"); - my $non_clientauth_securePort = $::config->get("service.non_clientauth_securePort"); - - - $::symbol{machineName} = $machineName; - $::symbol{http_port} = $unsecurePort; - $::symbol{https_port} = $securePort; - $::symbol{non_clientauth_https_port} = $non_clientauth_securePort; - $::symbol{check_clonesubsystem} = ""; - $::symbol{check_newsubsystem} = "checked "; - - my $session_id = $q->param("session_id"); - $::config->put("preop.sessionID", $session_id); - $::config->commit(); - - $::symbol{urls} = []; - my $count = 0; - while (1) { - my $host = $::config->get("preop.securitydomain.ra$count.host"); - if ($host eq "") { - goto DONE; - } - my $port = $::config->get("preop.securitydomain.ra$count.non_clientauth_secure_port"); - my $name = $::config->get("preop.securitydomain.ra$count.subsystemname"); - unshift(@{$::symbol{urls}}, "https://" . $host . ":" . $port); - $count++; - } -DONE: - $::symbol{urls_size} = $count; - -# if ($count == 0) { - $::symbol{disableClone} = 1; -# } - - # XXX - how to deal with urls - return 1; -} - - -1; diff --git a/pki/base/ra/lib/perl/PKI/RA/TKSInfoPanel.pm b/pki/base/ra/lib/perl/PKI/RA/TKSInfoPanel.pm deleted file mode 100755 index ddf1124a9..000000000 --- a/pki/base/ra/lib/perl/PKI/RA/TKSInfoPanel.pm +++ /dev/null @@ -1,134 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -use strict; -use warnings; -use PKI::RA::GlobalVar; -use PKI::RA::Common; -use URI::URL; - -package PKI::RA::TKSInfoPanel; -$PKI::RA::TKSInfoPanel::VERSION = '1.00'; - -use PKI::RA::BasePanel; -our @ISA = qw(PKI::RA::BasePanel); - -sub new { - my $class = shift; - my $self = {}; - - $self->{"isSubPanel"} = \&is_sub_panel; - $self->{"hasSubPanel"} = \&has_sub_panel; - $self->{"isPanelDone"} = \&PKI::RA::Common::no; - $self->{"getPanelNo"} = &PKI::RA::Common::r(5); - $self->{"getName"} = &PKI::RA::Common::r("TKS Information"); - $self->{"vmfile"} = "tksinfopanel.vm"; - $self->{"update"} = \&update; - $self->{"panelvars"} = \&display; - bless $self,$class; - return $self; -} - -sub is_sub_panel -{ - my ($q) = @_; - return 0; -} - -sub has_sub_panel -{ - my ($q) = @_; - return 0; -} - -sub validate -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("TKSInfoPanel: validate"); - return 1; -} - -sub update -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("TKSInfoPanel: update"); - - my $count = $q->param('urls'); - - my $instanceID = $::config->get("service.instanceID"); - - my $host = ""; - my $https_agent_port = ""; - if ($count =~ /http/) { - my $info = new URI::URL($count); - $host = $info->host; - $https_agent_port = $info->port; - if (($host eq "") || ($https_agent_port eq "")) { - $::symbol{errorString} = "no TKS found. CA, TKS and optionally DRM must be installed prior to RA installation"; - return 0; - } - $::config->put("preop.tksinfo.select", $count); - } else { - $host = $::config->get("preop.securitydomain.tks$count.host"); - $https_agent_port = $::config->get("preop.securitydomain.tks$count.secureagentport"); - if (($host eq "") || ($https_agent_port eq "")) { - $::symbol{errorString} = "no TKS found. CA, TKS and optionally DRM must be installed prior to RA installation"; - return 0; - } - $::config->put("preop.tksinfo.select", "https://$host:$https_agent_port"); - } - my $subsystemCertNickName = $::config->get("preop.cert.subsystem.nickname"); - $::config->put("conn.tks1.clientNickname", $subsystemCertNickName); - $::config->put("conn.tks1.hostport", $host . ":" . $https_agent_port); - $::config->commit(); - - return 1; -} - -sub display -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("TKSInfoPanel: display"); - $::symbol{urls} = []; - my $count = 0; - while (1) { - my $host = $::config->get("preop.securitydomain.tks$count.host"); - if ($host eq "") { - goto DONE; - } - my $https_agent_port = $::config->get("preop.securitydomain.tks$count.secureagentport"); - my $name = $::config->get("preop.securitydomain.tks$count.subsystemname"); - $::symbol{urls}[$count++] = $name . " - https://" . $host . ":" . $https_agent_port; - } -DONE: - $::symbol{urls_size} = $count; - if ($count eq 0) { - $::symbol{errorString} = "no TKS found. CA, TKS and optionally DRM must be installed prior to RA installation"; - return 0; - } - - return 1; -} - -1; diff --git a/pki/base/ra/lib/perl/PKI/RA/WelcomePanel.pm b/pki/base/ra/lib/perl/PKI/RA/WelcomePanel.pm deleted file mode 100755 index c88c138be..000000000 --- a/pki/base/ra/lib/perl/PKI/RA/WelcomePanel.pm +++ /dev/null @@ -1,90 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -use strict; -use warnings; -use PKI::RA::GlobalVar; -use PKI::RA::Common; - -package PKI::RA::WelcomePanel; -$PKI::RA::WelcomePanel::VERSION = '1.00'; - -use PKI::RA::BasePanel; -our @ISA = qw(PKI::RA::BasePanel); - -sub new { - my $class = shift; - my $self = {}; - - $self->{"isSubPanel"} = \&is_sub_panel; - $self->{"hasSubPanel"} = \&has_sub_panel; - $self->{"isPanelDone"} = \&PKI::RA::Common::no; - $self->{"getPanelNo"} = &PKI::RA::Common::r(0); - $self->{"getName"} = &PKI::RA::Common::r("Welcome"); - $self->{"vmfile"} = "welcomepanel.vm"; - $self->{"update"} = \&update; - $self->{"panelvars"} = \&display; - bless $self,$class; - return $self; -} - -sub is_sub_panel -{ - my ($q) = @_; - return 0; -} - -sub has_sub_panel -{ - my ($q) = @_; - return 0; -} - -sub validate -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("WelcomePanel: validate"); - return 1; -} - -sub update -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("WelcomePanel: update"); - return 1; -} - -sub display -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("XXX " . $::config->get("logging.debug.enable")); - &PKI::RA::Wizard::debug_log("WelcomePanel: display"); - $::symbol{wizardname} = "RA Configuration Wizard"; - $::symbol{systemname} = "RA"; - $::symbol{fullsystemname} = "Registration Authority"; - - return 1; -} - -1; diff --git a/pki/base/ra/lib/perl/PKI/RA/wizard.pm b/pki/base/ra/lib/perl/PKI/RA/wizard.pm deleted file mode 100755 index 5fe1e7536..000000000 --- a/pki/base/ra/lib/perl/PKI/RA/wizard.pm +++ /dev/null @@ -1,502 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -# wizard - -# Fedora Certificate System - Registration Authority System configuration wizard - - -# This script is run as a 'mod_perl' CGI. Configure mod_perl by adding -# the following to /etc/httpd/conf.d/perl.conf -# -# PerlModule ModPerl::Registry -# PerlModule Apache::compat -# PerlModule PKI::RA::Wizard -# PerlSetEnv PKI_DOCROOT /u/sparkins/t/cs_tip/certsystem/prj/common/ui -# <Location /wizard> -# SetHandler perl-script -# PerlHandler PKI::RA::Wizard -# Order deny,allow -# Allow from all -# </Location> - - -# Note: The Velocity parser is not very helpful when it comes to -# errors right now. Here are some common errors, and what they mean: -# -# ERROR: -# [Mon Apr 03 13:57:33 2006] [error] [client 172.16.24.26] -# Can't use string ("0") as an ARRAY ref while "strict refs" -# in use at /usr/lib/perl5/site_perl/5.8.5/Template/Velocity.pm -# line 423.\n, referer: http://chico/wizard?p=2 -# MEANING -# This probably means that your *.vm file refers to an array -# variable in a foreach statement that is not defined -# Check your foreach array variables. - -use warnings; -use ModPerl::Registry; -use Template::Velocity; -use Getopt::Std; -use Data::Dumper; -use CGI::Carp qw(fatalsToBrowser); -use CGI; -use APR::Const -compile => qw(:error SUCCESS); -use PKI::RA::GlobalVar; -use PKI::RA::WelcomePanel; -use PKI::RA::SecurityDomainPanel; -use PKI::RA::DisplayCertChainPanel; -use PKI::RA::SubsystemTypePanel; -use PKI::RA::CAInfoPanel; -use PKI::RA::DisplayCertChain2Panel; -use PKI::RA::AdminAuthPanel; -use PKI::RA::AgentAuthPanel; -use PKI::RA::DatabasePanel; -use PKI::RA::ModulePanel; -use PKI::RA::SizePanel; -use PKI::RA::NamePanel; -use PKI::RA::ConfigHSMLoginPanel; -use PKI::RA::CertRequestPanel; -use PKI::RA::AdminPanel; -use PKI::RA::ImportAdminCertPanel; -use PKI::RA::DonePanel; -use PKI::RA::Config; - -use PKI::RA::Common qw(yes no r); - -package PKI::RA::Wizard; -$PKI::RA::Wizard::VERSION = '1.00'; - -# read configuration file -my $flavor = "pki"; -$flavor =~ s/\n//g; - -my $pkiroot = $ENV{PKI_ROOT}; - -my $config = PKI::RA::Config->new(); -$config->load_file("$pkiroot/conf/CS.cfg"); -# read password cache file -my $pwdconf = PKI::RA::Config->new(); -$pwdconf->load_file("$pkiroot/conf/pwcache.conf"); -# SELinux disallows performing a "chmod" on this file -if( $^O ne "linux" ) { - system( "chmod 00660 $pkiroot/conf/pwcache.conf" ); -} - -# create cfg debug log -my $logfile = $config->get("service.instanceDir") . "/logs/debug"; -system( "touch $logfile" ); -system( "chmod 00640 $logfile" ); -open( DEBUG, ">>" . $logfile ) || -warn( "Could not open '" . $logfile . "': $!" ); - -# apache server - -our $debug; - -my $HTTP_OK = 0; - -my $STATUS_OK = 0; # Apache 2 needs this to be zero -my $STATUS_ERROR = 2; -my $STATUS_REDIRECT = 3; - -&debug_log("RA wizard: starting up"); - -my $docroot = $ENV{PKI_DOCROOT}; - -if (! $docroot) { - &debug_log("RA wizard: ERROR: PKI_DOCROOT is null"); - return 0; -} - -our $parser = new Template::Velocity($docroot); -our $symbol; -our @certtags; - -makepanels(); - -&debug_log("RA wizard: start up complete"); - -1; - -sub debug_log -{ - my ($msg) = @_; - my $date = `date`; - chomp($date); - if( -w $logfile ) { - print DEBUG "$date - $msg\n"; - } -} - - # initializes entries in parser's global symbol table for panels -sub makepanels -{ - #REAL PANELS BELOW - my $welcome = new PKI::RA::WelcomePanel(); - my $securitydomain = new PKI::RA::SecurityDomainPanel(); - my $displaycertchain = new PKI::RA::DisplayCertChainPanel(); - my $subsystem = new PKI::RA::SubsystemTypePanel(); - my $cainfopanel = new PKI::RA::CAInfoPanel(); -# my $displaycertchain2 = new PKI::RA::DisplayCertChain2Panel(); - my $databasepanel = new PKI::RA::DatabasePanel(); - my $modulepanel = new PKI::RA::ModulePanel(); - my $confighsmloginpanel = new PKI::RA::ConfigHSMLoginPanel(); - my $sizepanel = new PKI::RA::SizePanel(); - my $namepanel = new PKI::RA::NamePanel(); - my $certrequestpanel = new PKI::RA::CertRequestPanel(); - my $adminpanel = new PKI::RA::AdminPanel(); - my $importadmincertpanel = new PKI::RA::ImportAdminCertPanel(); - my $donepanel = new PKI::RA::DonePanel(); - - $symbol{panels} = [ - $welcome, # com.netscape.cms.servlet.csadmin.WelcomePanel - $securitydomain, # com.netscape.cms.servlet.csadmin.SecurityDomainPanel - $displaycertchain, # com.netscape.cms.servlet.csadmin.DisplayCertChainPanel - $subsystem, # com.netscape.cms.servlet.csadmin.CreateSubsystemPanel - $cainfopanel, # com.netscape.cms.servlet.csadmin.CAInfoPanel -# $displaycertchain2, # com.netscape.cms.servlet.csadmin.DisplayCertChain2Panel - $databasepanel, # com.netscape.cms.servlet.csadmin.DatabasePanel - $modulepanel, # com.netscape.cms.servlet.csadmin.ModulePanel - $confighsmloginpanel, # com.netscape.cms.servlet.csadmin.ConfigHSMLoginPanel - $sizepanel, # com.netscape.cms.servlet.csadmin.SizePanel - $namepanel, # com.netscape.cms.servlet.csadmin.NamePanel - $certrequestpanel, # com.netscape.cms.servlet.csadmin.CertRequestPanel - $adminpanel, # com.netscape.cms.servlet.csadmin.AdminPanel - $importadmincertpanel, # com.netscape.cms.servlet.csadmin.ImportAdminCertPanel - $donepanel, # com.netscape.cms.servlet.csadmin.DonePanel</param-value> - ]; -}; - -sub render_panel -{ - my ($panelnum, $q) = @_; - - $symbol{errorString} = ""; - - my $currentpanel; - - if ($q->param('op') && $q->param('op') eq "next") { - $currentpanel = $symbol{panels}[$panelnum]; - # validate variables for panel - if ($currentpanel->{validate}) { - $currentpanel->{validate}($q); - } - # execute current panel - my $status = "0"; - - if ($currentpanel->{update}) { - $status = $currentpanel->{update}($q); - &debug_log("RA wizard: update returns status '" . - $status . "'"); - if ($status == $STATUS_REDIRECT) { - return $STATUS_REDIRECT; - } - - } - - &debug_log("RA wizard: about to find out about sub panel"); - if ($status eq "1") { - if ($currentpanel->{hasSubPanel} && &{$currentpanel->{hasSubPanel}}($q)) { - &debug_log("RA wizard: has sub panel"); - $panelnum = $panelnum + 2; - } elsif ($currentpanel->{isSubPanel} && &{$currentpanel->{isSubPanel}}($q)) { - &debug_log("RA wizard: is sub panel"); - $panelnum = $panelnum - 1; - } else { - &debug_log("RA wizard: no sub panel and is not subpanel"); - $panelnum = $panelnum + 1; - } - } - } elsif ($q->param('op') && $q->param('op') eq "back") { - $panelnum = $panelnum - 1; - #check if this a subpanel, if so, go back to it's parent. - #only handles one-deep at this point - my $panel = $symbol{panels}[$panelnum]; - if (&{$panel->{isSubPanel}}($q)) { - $panelnum = $panelnum - 1; - } - } elsif ($q->param('op') && $q->param('op') eq "apply") { - &debug_log("RA wizard: update : apply button pressed"); - $currentpanel = $symbol{panels}[$panelnum]; - # validate variables for panel - if ($currentpanel->{validate}) { - $currentpanel->{validate}($q); - } - # execute current panel - if ($currentpanel->{update}) { - my $status = $currentpanel->{update}($q); - &debug_log("RA wizard: update returns status '" . - $status . "'"); - if ($status == $STATUS_REDIRECT) { - return $STATUS_REDIRECT; - } - - } - } - - &debug_log("RA wizard: after looking into about sub panel"); - - # advance to next panel - $currentpanel = $symbol{panels}[$panelnum]; - - # initialize symbol table values - $symbol{showApplyButton} = "false"; - - # fill in variables for new panel - if ($currentpanel->{panelvars}) { - $Data::Dumper::Indent = 1; - # The '&debug_log("q=".Dumper($q));' call must be commented out to fix - # Bugzilla Bug #249923: Incorrect file permissions on - # various files and/or directories - # &debug_log("q=".Dumper($q)); - $currentpanel->{panelvars}($q); - } - - $symbol{panel} = "ra/admin/console/config/".$currentpanel->{vmfile}; - - #wizard.vm: - $symbol{name} = "Registration Authority"; - $symbol{title} = $currentpanel->{getName}(); - if ($panelnum == 0) { - $symbol{firstpanel} = "1"; - } else { - $symbol{firstpanel} = "0"; - } - if ($panelnum == 13) { - $symbol{lastpanel} = "1"; - } else { - $symbol{lastpanel} = "0"; - } - $symbol{p} = $panelnum; - $symbol{subpanelno} = $panelnum+1; - $symbol{productversion} = $::config->get("preop.product.version"); - $symbol{csstate} = "1"; - -# $symbol{urls} = [ "cert1", "cert2" ]; #createsubsystem -# $symbol{urls_size} = 2; -# $symbol{instanceId} = "ra"; -# $symbol{errorString} = ""; - - #modulepanel -# $symbol{certs} = [ ]; -# $symbol{reqscerts} = [ ]; - $symbol{ppcerts} = [ ]; - - return $STATUS_OK; -} - - - -sub dbg { - my $msg = shift; - $::symbol{dbg} .= "$msg\n"; -} - -sub handler { - my $r = shift; - - *::symbol = \%symbol; - *::s = \$s; - *::config = \$config; - *::pwdconf = \$pwdconf; - - &debug_log("RA wizard: in handler"); - - my $q = new CGI; - - # check cookie - my $cookie = $q->cookie('pin'); - my $pin = $::config->get("preop.pin"); - if ($cookie ne $pin) { - print $q->redirect("login"); - return; - } - - # output http parameters - &debug_log("RA wizard: uri='" . $ENV{REQUEST_URI} . "'"); - my @pnames = $q->param(); - foreach $pn (@pnames) { - # added this facility so that password can be hidden, - # all sensitive parameters should be prefixed with - # __ (double underscores); however, in the event that - # a security parameter slips through, we perform multiple - # additional checks to insure that it is NOT displayed - if( $pn =~ /^__/ || - $pn =~ /password$/ || - $pn =~ /passwd$/ || - $pn =~ /pwd$/ || - $pn =~ /admin_password_again/i || - $pn =~ /directoryManagerPwd/i || - $pn =~ /bindpassword/i || - $pn =~ /bindpwd/i || - $pn =~ /passwd/i || - $pn =~ /password/i || - $pn =~ /pin/i || - $pn =~ /pwd/i || - $pn =~ /pwdagain/i || - $pn =~ /uPasswd/i ) { - &debug_log("RA wizard: http parameter name='" . $pn . "' value='(sensitive)'"); - } else { - &debug_log("RA wizard: http parameter name='" . $pn . "' value='" . $q->param($pn) . "'"); - } - } - - my $panelnum = $q->param('p'); - if (!defined($panelnum) || $panelnum eq "") { - # Apache fails to pick up the p parameter after - # redirecting from the security domain. This is - # a quick hack to solve the issue. - if ($ENV{'QUERY_STRING'} ne "") { - $ENV{'QUERY_STRING'} =~ /p=([0-9]+)&/; - $panelnum = $1; - } - } - - use subs qw(debug); - *debug = \&Template::Velocity::Executor::debug; - - $::symbol{dbg} = ""; - - &debug_log("RA wizard: before argparsing"); - if ($#ARGV == -1) { - $Data::Dumper::Maxdepth = 7; - $startfile = "ra/admin/console/config/wizard.vm"; - } - - &debug_log("RA wizard: setting up test objects"); - - #initialize from config file - my $certlist = $::config->get("preop.cert.list"); - if ($certlist eq "") { - $certlist = "sslserver,subsystem"; - } - @certtags = split(/,/, $certlist); - $numtags = @certtags; - if ($numtags eq 0) { - @certtags = ("sslserver", "subsystem"); - } - &debug_log("RA wizard: found $numtags certtags"); - - if (! $panelnum) { - $panelnum = 0; - } - - my $status = render_panel($panelnum, $q); - if ($status == 3) { - $r->header_out(Location => $symbol{redirect}); - $r->status(301); - $r->send_http_header(); - return; - } - - use Data::Dumper; - &debug_log("RA wizard: executing file $startfile"); - foreach $q (sort keys %symbol) { - &debug_log("RA wizard:/config/wizard?p=9&SecToken=NSS%20Generic%20Crypto%20Services sym{$q}=".$symbol{$q}); - } - - my $result; - if ($q->param('xml') && $q->param('xml') eq "true") { - $r->send_http_header('text/xml'); - $result = "<xml>"; - foreach $s (sort keys %symbol) { - if ($s =~ /^__/) { - next; - } - $result .= "<" . $s . ">"; - my $v = $symbol{$s}; - $result .= &get_xml($s, $v); - $result .= "</" . $s . ">"; - } - $result .= "</xml>"; - } else { - $result = $parser->execute_file($startfile); - if (!defined $result) { - die("Couldn't execute template file: $docroot/$startfile"); - } - } - - $r->send_http_header('text/html'); - print "$result\n"; - - return $HTTP_OK; -} - -sub escape_xml -{ - my ($v) = @_; - $v =~ s/\"/"/g; - $v =~ s/\'/'/g; - $v =~ s/\&/&/g; - $v =~ s/</</g; - $v =~ s/>/>/g; - return $v; -} - -sub get_xml -{ - my ($s, $v) = @_; - - my $result; - if (ref($v) eq "HASH") { - foreach my $xkey (keys %$v) { - $result .= "<" . $xkey . ">"; - $result .= &get_xml($xkey, $v{$xkey}); - # $result .= "-" . ref($xkey); - $result .= "</" . $xkey . ">"; - } - } elsif (ref($v) eq "PKI::RA::CertInfo") { - my $certinfo = $v; - $result .= "<certinfo>"; - $result .= "<dn>" . $certinfo->get_dn() ."</dn>"; - $result .= "<tag>" . $certinfo->get_cert_tag() . "</tag>"; - $result .= "<friendly>" . $certinfo->get_user_friendly_name() . - "</friendly>"; - $result .= "</certinfo>"; - } elsif (ref($v) eq "PKI::RA::ReqCertInfo") { - my $reqcertinfo = $v; - $result .= "<reqcertinfo>"; - $result .= "<name>" . $reqcertinfo->get_user_friendly_name() ."</name>"; - $result .= "<req>" . $reqcertinfo->get_request() ."</req>"; - $result .= "<cert>" . $reqcertinfo->get_cert() ."</cert>"; - $result .= "<certpp>" . &escape_xml($reqcertinfo->get_cert_pp()) ."</certpp>"; - $result .= "<tag>" . $reqcertinfo->get_cert_tag() ."</tag>"; - $result .= "<dn>" . $reqcertinfo->get_cert_tag() ."</dn>"; - $result .= "</reqcertinfo>"; - } elsif (ref($v) eq "ARRAY") { - my $pos = 0; - foreach my $item (@$v) { - $result .= "<element>"; - $result .= &get_xml("p" . $pos, $item); - # $result .= "-" . ref($item); - $result .= "</element>"; - $pos++; - } - } else { - $result .= &escape_xml($v); - } - return $result; -} - -1; diff --git a/pki/base/ra/lib/perl/PKI/Request/Plugin/AutoAssign.pm b/pki/base/ra/lib/perl/PKI/Request/Plugin/AutoAssign.pm deleted file mode 100644 index 671f2418d..000000000 --- a/pki/base/ra/lib/perl/PKI/Request/Plugin/AutoAssign.pm +++ /dev/null @@ -1,52 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -####################################### -# This plugins assigns a request to a group. -####################################### -package PKI::Request::Plugin::AutoAssign; - -use DBI; -use PKI::Base::TimeTool; - -####################################### -# Instantiate this plugin -####################################### -sub new { - my $self = {}; - bless ($self); - return $self; -} - -####################################### -# Processes plugin -####################################### -sub process { - my ($self, $cfg, $queue, $prefix, $req) = @_; - - my $assignTo = $cfg->get($prefix . ".assignTo"); - $queue->set_request($req->{'rowid'}, "assigned_to", $assignTo); -} - -1; diff --git a/pki/base/ra/lib/perl/PKI/Request/Plugin/CreatePin.pm b/pki/base/ra/lib/perl/PKI/Request/Plugin/CreatePin.pm deleted file mode 100644 index b90096664..000000000 --- a/pki/base/ra/lib/perl/PKI/Request/Plugin/CreatePin.pm +++ /dev/null @@ -1,75 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -####################################### -# This plugins creates a one time pin. -####################################### -package PKI::Request::Plugin::CreatePin; - -use DBI; -use PKI::Base::TimeTool; -use PKI::Base::PinStore; - -####################################### -# Instantiates this plugin -####################################### -sub new { - my $self = {}; - bless ($self); - return $self; -} - -####################################### -# Processes plugin -####################################### -sub process { - my ($self, $cfg, $queue, $prefix, $req) = @_; - - my $pin_store = PKI::Base::PinStore->new(); - $pin_store->open($cfg); - - - my $pin_format = $cfg->get($prefix . ".pinFormat"); - - my $client_id = ""; - my $site_id = ""; - - my $data = $req->{'data'}; - foreach $nv (split(/;/, $data)) { - my ($n, $v) = split(/=/, $nv); - $pin_format =~ s/\$$n/$v/g; - } - my $created_by = "admin"; - my $pin = $pin_store->create_pin($pin_format, $req->{'rowid'}, $created_by); - - # save pin to output - $output = "pin=" . $pin; - $queue->set_request_output($req->{'rowid'}, $output); - - $req->{'output'} = $output; - - $pin_store->close(); -} - -1; diff --git a/pki/base/ra/lib/perl/PKI/Request/Plugin/EmailNotification.pm b/pki/base/ra/lib/perl/PKI/Request/Plugin/EmailNotification.pm deleted file mode 100644 index 95274bfa7..000000000 --- a/pki/base/ra/lib/perl/PKI/Request/Plugin/EmailNotification.pm +++ /dev/null @@ -1,100 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -####################################### -# This plugins mails a notification -# to an email specified in the request. -####################################### -package PKI::Request::Plugin::EmailNotification; - -use DBI; -use PKI::Base::TimeTool; - -####################################### -# Instantiate this plugin -####################################### -sub new { - my $self = {}; - bless ($self); - return $self; -} - -sub substitute { - my ($self, $cfg, $queue, $prefix, $req, $line) = @_; - - my $mail_to = $cfg->get($prefix . ".mailTo"); - - # if mail_to starts with $, retrieve value from request - if ($mail_to =~ /^\$/) { - $mail_to =~ s/\$//g; - $mail_to = $req->{$mail_to}; - } - my $machineName = $cfg->get("service.machineName"); - my $securePort = $cfg->get("service.securePort"); - my $unsecurePort = $cfg->get("service.unsecurePort"); - my $nonClientAuthSecurePort = $cfg->get("service.non_clientauth_securePort"); - my $subject_dn = $req->{'subject_dn'}; - - $line =~ s/\$mail_to/$mail_to/g; - $line =~ s/\$request_id/$req->{'rowid'}/g; - $line =~ s/\$machineName/$machineName/g; - $line =~ s/\$securePort/$securePort/g; - $line =~ s/\$unsecurePort/$unsecurePort/g; - $line =~ s/\$subject_dn/$subject_dn/g; - $line =~ s/\$nonClientAuthSecurePort/$nonClientAuthSecurePort/g; - return $line; -} - -####################################### -# Processes plugin -####################################### -sub process { - my ($self, $cfg, $queue, $prefix, $req) = @_; - my $queue = PKI::Request::Queue->new(); - $queue->open($cfg); - my $ref = $queue->read_request($req->{rowid}); - - my $req_err = $ref->{errorString}; - if ($req_err ne "0") { - return; - } - - my $mail_to = $cfg->get($prefix . ".mailTo"); - if ($mail_to eq "") { - return; - } - - my $template_dir = $cfg->get($prefix . ".templateDir"); - my $template_file = $cfg->get($prefix . ".templateFile"); - - open(SENDMAIL, "|/usr/sbin/sendmail -t"); - open(F,"$template_dir/$template_file"); - while (<F>) { - print SENDMAIL $self->substitute($cfg, $queue, $prefix, $ref, $_); - } - close(F); - close(SENDMAIL); -} - -1; diff --git a/pki/base/ra/lib/perl/PKI/Request/Plugin/RequestToCA.pm b/pki/base/ra/lib/perl/PKI/Request/Plugin/RequestToCA.pm deleted file mode 100644 index 1c5b7d6b2..000000000 --- a/pki/base/ra/lib/perl/PKI/Request/Plugin/RequestToCA.pm +++ /dev/null @@ -1,89 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -####################################### -# This plugins mails a notification -# to an email specified in the request. -####################################### -package PKI::Request::Plugin::RequestToCA; - -use DBI; -use PKI::Base::TimeTool; -use PKI::Conn::CA; - -####################################### -# Instantiate this plugin -####################################### -sub new { - my $self = {}; - bless ($self); - return $self; -} - -####################################### -# Processes plugin -####################################### -sub process { - my ($self, $cfg, $queue, $prefix, $req) = @_; - - my $ca = $cfg->get($prefix . ".ca"); - my $profile_id = $cfg->get($prefix . ".profileId"); - my $req_type = $cfg->get($prefix . ".reqType"); - - my $server_id = ""; - my $site_id = ""; - my $csr = ""; - my $csr_type = ""; - - my $data = $req->{'data'}; - foreach $nv (split(/;/, $data)) { - my ($n, $v) = split(/=/, $nv); - if ($n eq "server_id") { - $server_id = $v; - } - if ($n eq "site_id") { - $site_id = $v; - } - if ($n eq "csr") { - $csr = $v; - } - if ($n eq "csr_type") { - $csr_type = $v; - } - } - - if ($csr_type ne "") { - $req_type = $csr_type; - } - - my $ca_conn = PKI::Conn::CA->new(); - $ca_conn->open($cfg); - my $cert = $ca_conn->enroll($req->{'rowid'}, $ca, $profile_id, $req_type, $csr); - $queue->set_request($req->{'rowid'}, "output", $cert); - $req->{'output'} = $cert; - $ca_conn->close(); - -} - -1; diff --git a/pki/base/ra/lib/perl/PKI/Request/Queue.pm b/pki/base/ra/lib/perl/PKI/Request/Queue.pm deleted file mode 100644 index dc8418d22..000000000 --- a/pki/base/ra/lib/perl/PKI/Request/Queue.pm +++ /dev/null @@ -1,387 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# -package PKI::Request::Queue; - -use DBI; -use PKI::Base::TimeTool; - -####################################### -# Constructs a request queue -####################################### -sub new { - my $self = {}; - bless ($self); - return $self; -} - -####################################### -# Opens request queue -####################################### -sub open { - my ($self, $cfg) = @_; - $self->{cfg} = $cfg; - my $dbfile = $cfg->get("database.dbfile"); - $self->{dbh} = DBI->connect("dbi:SQLite:dbname=$dbfile","",""); - my $timeout = $self->{dbh}->func("busy_timeout"); - $self->{dbh}->func($timeout * 10, "busy_timeout"); -} - -####################################### -# Creates a new request -####################################### -sub invoke_plugins { - my ($self, $prefix, $type, $ref) = @_; - - my $num_plugins = $self->{cfg}->get($prefix . ".num_plugins"); - for (my $i = 0; $i < $num_plugins; $i++) { - my $plugin = $self->{cfg}->get($prefix . "." . $i . ".plugin"); - eval("require $plugin"); - my $p = $plugin->new(); - $p->process($self->{cfg}, $self, $prefix . "." . $i, $ref); - } -} - -####################################### -# Creates a new request -####################################### -sub create_request { - my ($self, $type, $data, $meta_info, $created_by) = @_; - my $dbh = $self->{dbh}; - - my $timet = PKI::Base::TimeTool->new(); - my $now = $timet->get_time(); - - my $insert = "insert into requests (" . - "type" . "," . - "status" . "," . - "errorString" . "," . - "ip" . "," . - "data" . "," . - "serialno" . "," . - "subject_dn" . "," . - "meta_info" . "," . - "created_by" . "," . - "updated_at" . "," . - "created_at" . - ") values (" . - $dbh->quote($type) . "," . - $dbh->quote("OPEN") . "," . - $dbh->quote("0") . "," . - $dbh->quote($ENV{REMOTE_ADDR}) . "," . - $dbh->quote($data) . "," . - $dbh->quote("unavailable") . "," . - $dbh->quote("unavailable") . "," . - $dbh->quote($meta_info) . "," . - $dbh->quote($created_by) . "," . - $dbh->quote($now) . "," . - $dbh->quote($now) . - ")"; -REDO_CREATE_REQUEST: - eval { - $dbh->do($insert); - }; - if ($dbh->err == 5) { - sleep(1); - goto REDO_CREATE_REQUEST; - } - my $rid = $dbh->func('last_insert_rowid'); - - my $ref = $self->read_request($rid); - - # call plugins - my $prefix = "request." . $type . ".create_request"; - $self->invoke_plugins($prefix, $type, $ref); - - return $rid; -} - -####################################### -# Reads a request -####################################### -sub read_request { - my ($self, $reqid) = @_; - my $dbh = $self->{dbh}; - my $select = "select *,rowid from requests " . - "where rowid=" . $dbh->quote($reqid); - my $sth = $dbh->prepare($select); - $sth->execute(); - my $ref = $sth->fetchrow_hashref(); - $sth->finish(); - return $ref; -} - -sub read_request_by_roles { - my ($self, $roles, $reqid) = @_; - my $dbh = $self->{dbh}; - - my $select; - if (grep /^administrators/, @$roles) { - # administrator see all requests - $select = "select *,rowid from requests " . - "where rowid=" . $dbh->quote($reqid); - } else { - my $filter = $self->get_role_filter($roles); - $select = "select *,rowid from requests where " . - "(" . $filter . ")" . " AND " . - "rowid=" . $dbh->quote($reqid); - } - my $sth = $dbh->prepare($select); - $sth->execute(); - my $ref = $sth->fetchrow_hashref(); - $sth->finish(); - return $ref; -} - -####################################### -# Sets request attributes -####################################### -sub set_request { - my ($self, $reqid, $name, $value) = @_; - my $dbh = $self->{dbh}; - - my $timet = PKI::Base::TimeTool->new(); - my $now = $timet->get_time(); - my $update = "update requests set " . - $name . "=" . $dbh->quote($value) . "," . - "updated_at=" . $dbh->quote($now) . " " . - "where rowid=" . $dbh->quote($reqid); -REDO_SET_REQUEST: - eval { - $dbh->do($update); - }; - if ($dbh->err == 5) { - sleep(1); - goto REDO_SET_REQUEST; - } - - my $select = "select *,rowid from requests " . - "where rowid=" . $dbh->quote($reqid); - my $sth = $dbh->prepare($select); - $sth->execute(); - my $ref = $sth->fetchrow_hashref(); - $sth->finish(); - - return $ref; -} - -####################################### -# Sets output -####################################### -sub set_request_output { - my ($self, $reqid, $output) = @_; - - return $self->set_request($reqid, "output", $output); -} - -####################################### -# Approves a request -####################################### -sub approve_request { - my ($self, $reqid, $processed_by) = @_; - my $dbh = $self->{dbh}; - - # XXX - check assigned_to - - my $timet = PKI::Base::TimeTool->new(); - my $now = $timet->get_time(); - my $update = "update requests set " . - "processed_by=" . $dbh->quote($processed_by) . "," . - "status='APPROVED' " . "," . - "errorString='0' " . "," . - "updated_at=" . $dbh->quote($now) . " " . - "where rowid=" . $dbh->quote($reqid); -REDO_APPROVE_REQUEST: - eval { - $dbh->do($update); - }; - if ($dbh->err == 5) { - sleep(1); - goto REDO_APPROVE_REQUEST; - } - - my $select = "select *,rowid from requests " . - "where rowid=" . $dbh->quote($reqid); - my $sth = $dbh->prepare($select); - $sth->execute(); - my $ref = $sth->fetchrow_hashref(); - $sth->finish(); - - # call plugins - my $prefix = "request." . $ref->{'type'} . ".approve_request"; - $self->invoke_plugins($prefix, $ref->{'type'}, $ref); - - my $select = "select *,rowid from requests " . - "where rowid=" . $dbh->quote($reqid); - my $sth = $dbh->prepare($select); - $sth->execute(); - my $ref = $sth->fetchrow_hashref(); - $sth->finish(); - - return $ref; -} - -####################################### -# Rejects a request -####################################### -sub reject_request { - my ($self, $reqid, $processed_by) = @_; - my $dbh = $self->{dbh}; - - my $timet = PKI::Base::TimeTool->new(); - my $now = $timet->get_time(); - my $update = "update requests set " . - "processed_by=" . $dbh->quote($processed_by) . "," . - "status='REJECTED' " . "," . - "updated_at=" . $dbh->quote($now) . " " . - "where rowid=" . $dbh->quote($reqid); -REDO_REJECT_REQUEST: - eval { - $dbh->do($update); - }; - if ($dbh->err == 5) { - sleep(1); - goto REDO_REJECT_REQUEST; - } - - my $select = "select *,rowid from requests " . - "where rowid=" . $dbh->quote($reqid); - my $sth = $dbh->prepare($select); - $sth->execute(); - my $ref = $sth->fetchrow_hashref(); - $sth->finish(); - - # call plugins - my $prefix = "request." . $ref->{'type'} . ".reject_request"; - $self->invoke_plugins($prefix, $ref->{'type'}, $ref); - - my $select = "select *,rowid from requests " . - "where rowid=" . $dbh->quote($reqid); - my $sth = $dbh->prepare($select); - $sth->execute(); - my $ref = $sth->fetchrow_hashref(); - $sth->finish(); - - return $ref; -} - -sub get_role_filter { - my ($self, $roles) = @_; - my $dbh = $self->{dbh}; - - my $filter = ""; - foreach $rr (@$roles) { - if ($filter eq "") { - $filter = "assigned_to=" . $dbh->quote($rr); - } else { - $filter = $filter . " OR " . "assigned_to=" . $dbh->quote($rr); - } - } - return $filter; -} - -####################################### -# Lists requests -####################################### -sub list_requests { - my ($self, $startpos, $maxcount) = @_; - my $dbh = $self->{dbh}; - my $select = "select *,rowid from requests " . - "order by rowid desc " . - "limit $startpos, $maxcount"; - my $sth = $dbh->prepare($select); - $sth->execute(); - my @reqs; - while (my $ref = $sth->fetchrow_hashref()) { - push(@reqs, $ref); - } - $sth->finish(); - return @reqs; -} - -sub count_requests_by_roles { - my ($self, $roles, $status) = @_; - my $dbh = $self->{dbh}; - - my $select; - - if (grep /^administrators$/, @$roles) { - # administrator sees everything - $select = "select count(*) from requests where " . - "status like '$status%' "; - } else { - # shows requests that are owned by the groups - my $filter = $self->get_role_filter($roles); - $select = "select count(*) from requests where " . - "status like '$status%' AND " . - "(" . $filter . ") "; - } - my $sth = $dbh->prepare($select); - $sth->execute(); - my $ref = $sth->fetchrow_hashref(); - $sth->finish(); - return $ref->{'count(*)'}; -} - -sub list_requests_by_roles { - my ($self, $roles, $status, $startpos, $maxcount) = @_; - my $dbh = $self->{dbh}; - - my $select; - -# if ($roles =~ /administrators/) { - if (grep /^administrators$/, @$roles) { - # administrator sees everything - $select = "select *,rowid from requests where " . - "status like '$status%' " . - "order by rowid desc " . - "limit $startpos, $maxcount"; - } else { - # shows requests that are owned by the groups - my $filter = $self->get_role_filter($roles); - $select = "select *,rowid from requests where " . - "status like '$status%' AND " . - "(" . $filter . ") " . - "order by rowid desc " . - "limit $startpos, $maxcount"; - } - my $sth = $dbh->prepare($select); - $sth->execute(); - my @reqs; - while (my $ref = $sth->fetchrow_hashref()) { - push(@reqs, $ref); - } - $sth->finish(); - return @reqs; -} - -####################################### -# Closes request queue -####################################### -sub close { - my ($self) = @_; - my $dbh = $self->{dbh}; - $dbh->disconnect(); -} - -1; diff --git a/pki/base/ra/lib/perl/PKI/Service/Op.pm b/pki/base/ra/lib/perl/PKI/Service/Op.pm deleted file mode 100644 index 602f1a29f..000000000 --- a/pki/base/ra/lib/perl/PKI/Service/Op.pm +++ /dev/null @@ -1,290 +0,0 @@ -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package PKI::Service::Op; - -use PKI::Base::UserStore; -use PKI::Base::CertStore; - -sub new { - my $self = {}; - bless ($self); - return $self; -} - -sub debug_log() -{ - my ($self, $cfg, $msg) = @_; - - my $date = `date`; - chomp($date); - open(DEBUG, ">>" . $cfg->get("logging.debug.filename")); - print DEBUG "$date - $msg\n"; - close(DEBUG); -} - -sub debug_params() -{ - my ($self, $cfg, $q) = @_; - - my $date = `date`; - chomp($date); - $self->debug_log($cfg, "$date - URL '" . $ENV{REQUEST_URI} . "'"); - my @names = $q->param(); - foreach my $k (@names) { - $self->debug_log($cfg, "$date - Param $k='" . $q->param($k) . "'"); - } -} - -sub get_client_certificate() -{ - my ($self) = @_; - - my $user_cert = $ENV{"SSL_CLIENT_CERT"}; - $user_cert =~ s/-----BEGIN CERTIFICATE-----//g; - $user_cert =~ s/-----END CERTIFICATE-----//g; - $user_cert =~ s/\n//g; - - return $user_cert; -} - -sub get_current_uid() -{ - my ($self, $cfg) = @_; - - my $user_cert = $self->get_client_certificate(); - - my $us = PKI::Base::UserStore->new(); - $us->open($cfg); - my $ref = $us->map_user($user_cert); - if (!defined($ref)) { - return ""; - } - $us->close(); - - return $ref->{'uid'}; -} - -sub get_csr_by_cert() -{ - my ($self, $cfg) = @_; - - my $user_cert = $self->get_client_certificate(); - my $cs = PKI::Base::CertStore->new(); - $cs->open($cfg); - my $ref = $cs->map_certificate($user_cert); - if (!defined($ref)) { - return ""; - } - $us->close(); - - return $ref->{'csr'}; -} - -sub get_cert_record() -{ - my ($self, $cfg) = @_; - -$self->debug_log( $cfg, "in get_cert_record"); - my $user_cert = $self->get_client_certificate(); - my $cs = PKI::Base::CertStore->new(); - $cs->open($cfg); - my $ref = $cs->map_certificate($user_cert); - if (!defined($ref)) { -$self->debug_log( $cfg, "in get_cert_record: map_certificate ref none"); - return ""; - } -$self->debug_log( $cfg, "in get_cert_record: got map_certificate ref"); - $cs->close(); - - return $ref; -} - -sub get_current_roles() -{ - my ($self, $cfg) = @_; - - my $uid = $self->get_current_uid($cfg); - my $us = PKI::Base::UserStore->new(); - $us->open($cfg); - my @roles = $us->get_roles($uid); - $us->close(); - - return @roles; -} - -sub get_roles_of() -{ - my ($self, $cfg, $uid) = @_; - - my $us = PKI::Base::UserStore->new(); - $us->open($cfg); - my @roles = $us->get_roles($uid); - $us->close(); - - return @roles; -} - -sub admin_auth() -{ - my ($self, $cfg) = @_; - - my $user_cert = $self->get_client_certificate(); - - # authentication - my $us = PKI::Base::UserStore->new(); - $us->open($cfg); - my $ref = $us->map_user($user_cert); - if (!defined($ref)) { - return 0; - } - my @roles = $us->get_roles($ref->{'uid'}); - $us->close(); - - # authorization - my $authorized_groups = $cfg->get("admin.authorized_groups"); - $self->debug_log( $cfg, "in admin_auth: authorized groups are: $authorized_groups"); - my @authorizedGroups = split(/,/, $authorized_groups); - my $authorized = 0; - foreach my $role (@roles) { - $self->debug_log( $cfg, "in admin_auth: user has group $role"); - if (grep /^$role$/, @authorizedGroups) { - $self->debug_log( $cfg, "in admin_auth: group matched"); - $authorized = 1; - } - } - if (!$authorized) { - $self->debug_log( $cfg, "in admin_auth: no group matched"); - return 0; - } - return 1; -} - -sub agent_auth() -{ - my ($self, $cfg) = @_; - - my $user_cert = $self->get_client_certificate(); - - # authentication - my $us = PKI::Base::UserStore->new(); - $us->open($cfg); - my $ref = $us->map_user($user_cert); - if (!defined($ref)) { - return 0; - } - my @roles = $us->get_roles($ref->{'uid'}); - my $j = join(",", @roles); - $self->debug_log( $cfg, "in agent_auth: $ref->{'uid'} has roles: $j"); - $us->close(); - - # authorization - my $authorized_groups = $cfg->get("agent.authorized_groups"); - $self->debug_log( $cfg, "in agent_auth: authorized groups are: $authorized_groups"); - my @authorizedGroups = split(/,/, $authorized_groups); - my $authorized = 0; - foreach $role (@roles) { - if (grep /^$role$/, @authorizedGroups) { - $self->debug_log( $cfg, "in agent_auth: group matched"); - $authorized = 1; - } - } - if (!$authorized) { - $self->debug_log( $cfg, "in agent_auth: no group matched"); - return 0; - } - return 1; -} - -sub process { - my ($self) = @_; -} - -sub escape_xml -{ - my ($v) = @_; - $v =~ s/\"/"/g; - $v =~ s/\'/'/g; - $v =~ s/\&/&/g; - $v =~ s/</</g; - $v =~ s/>/>/g; - return $v; -} - -sub get_xml -{ - my ($s, $v) = @_; - - my $result; - if (ref($v) eq "HASH") { - foreach my $xkey (keys %$v) { - $result .= "<" . $xkey . ">"; - $result .= &get_xml($xkey, $v{$xkey}); - # $result .= "-" . ref($xkey); - $result .= "</" . $xkey . ">"; - } - } elsif (ref($v) eq "PKI::RA::GlobalVar") { - foreach my $xkey (keys %$v) { - $result .= "<" . $xkey . ">"; - $result .= &get_xml($xkey, $$v{$xkey}->()); - # $result .= "-" . ref($xkey); - $result .= "</" . $xkey . ">"; - } - } elsif (ref($v) eq "ARRAY") { - my $pos = 0; - foreach my $item (@$v) { - $result .= "<element>"; - $result .= &get_xml("p" . $pos, $item); - # $result .= "-" . ref($item); - $result .= "</element>"; - $pos++; - } - } else { - $result .= &escape_xml($v); - } - return $result; -} - -sub xml_output { - my ($self, $c) = @_; - - my $result = "<xml>"; - foreach $s (sort keys %$c) { - if ($s =~ /^__/) { - next; - } - $result .= "<" . $s . ">"; - my $v = $$c{$s}; - $result .= &get_xml($s, $v); - $result .= "</" . $s . ">"; - } - $result .= "</xml>"; - return "$result\n"; -} - -sub execute { - my ($self) = @_; - $self->process(); -} - -1; diff --git a/pki/base/ra/lib/perl/Template/Velocity.pm b/pki/base/ra/lib/perl/Template/Velocity.pm deleted file mode 100755 index 848de65fd..000000000 --- a/pki/base/ra/lib/perl/Template/Velocity.pm +++ /dev/null @@ -1,1099 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -use strict; - -package Template::Velocity::Executor; -sub new; - -package Template::Velocity; - - -# The Template::Velocity package implements a Template execution -# engine similar to the Java Velocity package. - -use Parse::RecDescent; -use Data::Dumper; -use Thread::Semaphore; - - -$Template::Velocity::parser; - -our $docroot="docroot"; -our $parser; -my %parsetrees = (); -my $debugflag = 0; -my $semaphore; - - -#GRAMMAR defined here - -my $vmgrammar = q{ - - { - use Data::Dumper; - sub Dumper - { - $::debugdumper = undef; - if ($::debugflag && $::debugdumper ) { return Data::Dumper(@_); } - else {""}; - } - - } - - -# Template is the top-level object - template: <skip:'[ \t]*'> section(s) /\Z/ - - section: blockdirective - | nonblockdirective - | plainline - - blockdirective: ifblock - | foreachblock - - plainline : <skip:''> /[ \t]*/ ...!'#' linecomp(s?) /\n*/ - - HASH: '#' - -# HMM - this doesn't handle multiple variables on one line? - linecomp: variable - | <skip:'[ \t]*'> /[^\$\n]*/ - - nonblockdirective: '#' 'include' <commit> includeargs /\n*/ { $item[4] ; } - | '#' 'parse' <commit> parseargs /\n*/ { $item[4] ; } - | '#' 'set' <commit> setargs /\n*/ { $item[4] ; } - | <error:unknown command $text> - - - ifblock: ifdirective section(s) elseclause(?) enddirective - - -# this bubbles up the result of the expression inside the if() -# which is from the 'ifargs' rule - ifdirective: '#' 'if' <skip:'[ \t]*'> ifargs /\n/ - - enddirective: <skip:'[ \t]*'> '#' 'end' "\n" - - elseclause: elsedirective section(s) - - elsedirective: '#' 'else' "\n" - - foreachblock: foreachdirective section(s) enddirective - - foreachdirective: '#' 'foreach' foreachargs "\n" - - ifargs: '(' expression ')' - | <error:Argument to if must be an expression: $text> - - foreachargs: '(' variablename 'in' variable ')' - | <error:Arguments to 'foreach' must be of form \$a in \$b: $text> - - includeargs: '(' string ')' - | <error:invalid argument to include: $text> - - parseargs: '(' expression ')' - | <error:invalid argument to parsearges: $text> - - - setargs: <skip:'[ \t]*'> '(' assignment ')' - | <error:Argument to set must be an assignment : $text> - - -# expression evaluation - -# this goes roughly in order of precendence: -# == -# &&, || -# +, - -# * -# ! - -# does not properly distinguish between lvalues and rvalues - - - expression: boolean - | <error> - - - assignment: variablename '=' boolean - - boolean: equality (boolean_operator equality)(?) - - boolean_operator: ( '&&' | '||' ) - - equality: summation (equality_operator summation)(?) - - - equality_operator: ( '==' | '!=' ) - - summation: product (summation_operator summation)(?) - - summation_operator: ( '+' | '-' ) - - -# must parenthesize operator '*' to get it to appear in the $item array - - product: negation ('*' product)(?) - -#XXX need to implement - negation: notoperator(?) factor - - notoperator: "!" - - factor: number - | string - | variable - - - -# These rules deal with variables -# handles $process -# $file.executablename -# $process.getpid() -# $person.getparent().getbrother().slap() -# $fred.getchildren() - -# You'd make a dependency on the 'variable' rule if you want the value -# of the variable. -# You'd make a dependency on the 'variablename' rule if you want the -# name of the variable. -# (There's no real difference here - the expression evaluation is -# in the variable() subroutine) - - variable: variablename { ["variable", $item[1][1] ]; } - - variablename: '$' identifier subfield(s?) - { - my $variableinfo = { - top => $item{identifier}, - fields => $item{'subfield(s?)'} - }; - $return = [ "variablename", \$variableinfo ]; - } - - subfield: '.' identifier arglist(?) - { - my $d; - my $a = $item{"arglist(?)"}; - my $args; - - #::debug "arglist = ".Dumper($a)."\n"; - if ($a) { - - my ($argcount, $al, $alpresent); - - #$args = @{$a}->[2]; - $args = $a->[0][2]; - #::debug "arglist args=".Dumper($args)."\n"; - $alpresent = $args; - $argcount = $#$args; - if ($alpresent && $argcount == -1) { - $args->[0] = [ ]; - } - } - - #::debug "arglist identifier=".$item{identifier}."\n"; - $return = [ "subfield", { - fieldname => $item{identifier}, - arglist => $args->[0], - } ]; - } - - arglist: '(' list(?) ')' - - list: expression (',' list)(s?) - - -# Basic data types -# identifiers, numbers and strings - - identifier: /[A-Za-z0-9_]+/ { $item[1]; } - - number: /\d+/ {$item[1]; } - - #XXX skip is all wrong here... should be in [] - string: <skip:'[ \t]'> '"' <skip:""> /[^"]*/ '"' { $return = ["string",$item[4]]; } - | <skip:'[ \t]'> "'" <skip:""> /[^']*/ "'" { $return = ["string",$item[4]]; } - - -# other literals - whitespace: /\s*/ - - -}; - - -# Get a parser object (transforming the built-in text grammar into RecDescent -# data structure). This object can be reused for parsing multiple velocity files -sub new -{ - #$::debugflag = 0; - my $class = shift; - $docroot = shift; - undef $::RD_HINT; - undef $::RD_WARN; - #$::RD_TRACE = 1; - $parser = new Parse::RecDescent($vmgrammar) or die "Bad Grammar\n"; - $semaphore = new Thread::Semaphore; - $Data::Dumper::Maxdepth = 1;; - my $self = {}; - $self->{parser} = $parser; - # ugly - :-( - $Template::Velocity::parser = $parser; - bless $self, $class; - return $self; -} - - -# Execute a template. Given a text string and a parser object, will return -# a parse tree, useful for feeding into the executor. -sub execute_string -{ - my $self = shift; - my $string = shift; - my $rule = shift; - if (! $rule ) { $rule = "template"; } - #print Dumper($self); - - my $parser = $self->{parser}; - my $parsetree = $parser->$rule($string); - my $executor = new Template::Velocity::Executor($parsetree, $parser ); - - my @value = $executor->run(); - #my @value = Template::Velocity::Executor::execute($parsetree, $parser); - my $value = shift @value; - return $value; -} - -sub execute_file_with_context -{ - - my $self = shift; - my $filename = shift; - my $hash = shift; - - # This perl Velocity implementation uses global variable to - # store values that go to the template. This is not thread - # safe and should be fixed in near future. - # - # For this release, we just a lock to prevent the global - # variable (i.e. symbol) being changed by multiple threads - # at the same time. - - $semaphore->down; - my %c = %$hash; - foreach my $h (keys %c) { - $::symbol{$h} = $c{$h}; - } - - my $rule; - my $tree = $parsetrees{$filename}; - - if (! $tree) { - $rule = "template"; - open my $fh, "<$docroot/$filename" or return undef; - my $string = join "",<$fh>; - close $fh; - $tree = $parser->$rule($string); - $parsetrees{$filename} = $tree; - } - - my $executor = new Template::Velocity::Executor($tree, $parser ); - - my @value = $executor->run(); - my $value = shift @value; - - $semaphore->up; - - return $value; - - -} - -sub execute_file -{ - - my $self = shift; - my $filename = shift; - - my $rule; - my $tree = $parsetrees{$filename}; - - if (! $tree) { - $rule = "template"; - open my $fh, "<$docroot/$filename" or return undef; - my $string = join "",<$fh>; - close $fh; - $tree = $parser->$rule($string); - $parsetrees{$filename} = $tree; - } - - my $executor = new Template::Velocity::Executor($tree, $parser ); - - my @value = $executor->run(); - my $value = shift @value; - return $value; - - -} - - - - - - - - -sub Dumper -{ - return ""; - if ($::debugflag && $::debugdumper) { - return Data::Dumper->Dump([@_]); - } - else {""}; -} - - - - -# This autoaction returns an array of each parse element -# The net result is a parse tree -# I couldn't use <autotree> because I wanted to preserve -# the order of the elements, and <autotree> returns a -# hashtable, not an array - -$::RD_AUTOACTION = q{ - [@item]; -}; - -# debug flags set here - - - - - - -######### EXECUTE FUNCTIONS - - -# These functions deal with executing the velocity parse tree -{ - package Template::Velocity::Executor::Rules; - use Data::Dumper; - - # this imports symbols from these other packages, so - # we don't have to always use the fully-qualified names - *exe_all = \&Template::Velocity::Executor::exe_all; - *exe_optional = \&Template::Velocity::Executor::exe_optional; - *execute = \&Template::Velocity::Executor::execute; - *debug = \&Template::Velocity::Executor::debug; - *indent = \&Template::Velocity::Executor::indent; - *deindent = \&Template::Velocity::Executor::deindent; -#XXX probably should be $, not & - *docroot = \&Template::Velocity::docroot; - - sub Dumper - { - return ""; - if ($::debugflag && $::debugdumper) { return Dumper(@_); } - else {""}; - } - - #template: <skip:'[ \t]*'> section(s) /\Z/ - sub template { - my $f = "template"; - my @item = exe_all(@_); - debug ("$::level $f - sections should be an array of text: .".Dumper($item[2])."\n"); - my $sections = $item[2]; - debug ("sections is a: ".(ref $sections)." - it should be an array\n"); - my $r= ( join "", @{$item[2]}); - return $r; - } - - - #linecomp: variable - # | <skip:'[ \t]*'> /[^\$\n]*/ - sub linecomp { - my $item; - debug ("linecomp: _[2] = '".$_[2]."'\n"); - if ($_[2]) { - debug ("linecomp: inside if\n"); - $item = $_[1].$_[2]; - } else { - debug ("linecomp: inside else{\n"); - ($item) = exe_all($_[1]); - debug ("linecomp: end of else}\n"); - debug ("linecomp: item =\n".Dumper($item)."\n"); - } - debug ("linecomp: returning $item\n"); - return $item; - } - - # plainline : <skip:''> /[ \t]*/ ...!'#' linecomp(s?) /\n+/ - sub plainline { - my @item = exe_all(@_); - debug ("$::level in plainline - linecomps should be an array of text: .".Dumper($item[4])."\n"); - my $r = join "", @{$item[4]}; - debug ("$::level in plainline - joined as: $r\n"); - $r = $item[2] . $r. $item[5]; - debug ("$::level in plainline - returning : $r\n"); - return $r; - } - - sub expression { - debug ("$::level expression = ".Dumper($_[1])."\n"); - my ($item) = exe_all($_[1]); - debug ("$::level expression returning $item\n"); - return $item; - } - - #foreachblock: foreachdirective section(s) enddirective - sub foreachblock { - my $f = "foreachblock"; - debug ("$::level $f started!\n"); - my ($directive) = exe_all($_[1]); - debug ("$::level $f directive = \n".Dumper($directive)."\n"); - my ($variable, $list) = @{$directive}; - my $variablename = $$variable->{top}; - debug ("$::level $f variable = $variablename\n"); - debug ("$::level $f list = \n".Dumper($list)."\n"); - - my $result = ""; - foreach my $q (@{$list}) { - debug ("$::level $f q=$q\n"); - $::symbol{$variablename} = $q; - debug ("$::level $f setting variable $variablename = $q\n"); - - my ($sections) = exe_all($_[2]); - debug ("$::level $f sections was: ".Dumper($sections)."\n"); - $result .= join "",@{$sections}; - } - return $result; - } - - #foreachdirective: '#' 'foreach' foreachargs "\n" - sub foreachdirective { - my ($item) = exe_all($_[3]); - return $item; - } - - #foreachargs: '(' variablename 'in' expression ')' - sub foreachargs { - my $f = "foreachargs"; - my ($variable, $list) = exe_all($_[2], $_[4]); - debug ("$::level $f variable = \n".Dumper($variable)."\n"); - debug ("$::level $f list = \n".Dumper($list)."\n"); - return [$variable, $list]; - } - - # XXX if block should only execute section(s) if if arg is positve) - # likewise for else - #ifblock: ifdirective section(s) elseclause(?) enddirective - sub ifblock { - my $f = "ifblock"; - my @item = exe_all(@_); - debug ("$::level $f - sections should be an array of text: .".Dumper($item[2])."\n"); - my $sections = $item[2]; - my $else = $item[3]; - debug ("$::level $f sections is a: ".(ref $sections)." - it should be an array\n"); - debug ("$::level item1: if expression = ".$item[1]."\n"); - debug ("$::level $f elseclause is a: ".(ref $else)." - it should be an scalar\n"); - my $r= ( - $item[1]>0 ? # if expression - (join "", @{$item[2]}) : - ($item[3] ? join "",@{$item[3]} : "") - ); - # this is not quite right ... elseclause returns a scalar (it joins the sections) - # so why do I have to join again here? possibly because it's a '?' - return $r; - } - - #elseclause: elsedirective section(s) - sub elseclause { - my $f = "elseclause"; - my ($sections) = exe_all($_[2]); - debug ("$::level $f sections is a: ".(ref $sections)." - it should be an array\n"); - my $return = join "", @{$sections}; - debug ("$::level $f returning: $return\n"); - return $return; - } - - sub ifargs { - debug ("$::level ifargs [2] = ".Dumper($_[2])."\n"); - my ($item) = exe_all($_[2]); - debug ("$::level item = ".Dumper($item)."\n"); - my $r = $item>0 ? 1 : 0; - debug ("$::level ifargs returning $r\n"); - return $r; - } - - #ifdirective: '#' 'if' <skip:'[ \t]*'> ifargs /\n/ - sub ifdirective { - my ($item) = exe_all($_[4]); - my $r = $item>0 ? 1 : 0; - debug ("$::level ifdirective returning $r\n"); - return $r; - } - - #boolean: equality (boolean_operator equality)(?) - sub boolean { - my $f = "boolean"; - my ($equality, $alt) = ( execute($_[1]), $_[2]); - my $r = $equality; - if (scalar @$alt) { - my ($op, $equality2) = exe_optional($alt, 1,2); - - if ($op eq '&&') { - $r = $equality && $equality2; - } - if ($op eq '||') { - $r = $equality || $equality2; - } - } - - return $r; - } - - - #summation: product (summation_operator summation)(?) - sub summation { - #my @item = exe_all(@_); - my $f = "summation"; - my ($product, $alt) = ( execute($_[1]), $_[2]); - debug("$::level $f - product = $product, alternation = $alt\n"); - debug("$::level $f - alternation = \n".Dumper($alt)."\n"); - - if (scalar @$alt) { - if (0) { - debug("$::level $f - alt1= \n".Dumper($alt->[0][1])."\n"); - debug("$::level $f - alt2= \n".Dumper($alt->[0][2])."\n"); - my ($operator, $summation) = ( execute($alt->[0][1]), execute($alt->[0][2]),); - } - my ($operator, $summation) = exe_optional($alt, 1,2); - - if ($operator eq '+') { return $product + $summation; - } else { return $product - $summation; } - } else { - return $product; - } - } - - - - #equality: summation (equality_operator summation)(?) - sub equality { - my $f = "equality"; - my ($summation, $alt) = ( execute($_[1]), $_[2] ); - - if (scalar @$alt) { - my ($operator, $summation2) = exe_optional($alt, 1,2); - - # string comparison used, so (0.0) is NOT equal to (0) - if ($operator eq '==') { return ($summation eq $summation2) ? 1:0; } - else { return ($summation eq $summation2) ? 0:1; } - } else { - return $summation; - } - } - - - sub product { - my $f = "product"; - my ($negation, $alt) = ( execute($_[1]), $_[2]); - debug("$::level $f negation = $negation, alternation = $alt\n"); - debug("$::level $f - alternation = ".Dumper($alt)."\n"); - - if (scalar @$alt) { - if (0) { - debug("$::level $f - alt1= \n".Dumper($alt->[0][1])."\n"); - debug("$::level $f - alt2= \n".Dumper($alt->[0][2])."\n"); - my ($operator, $product) = ( execute($alt->[0][1]), execute($alt->[0][2]),); - } - my ($operator, $product) = exe_optional($alt,1,2); - return ($negation * $product); - } else { - return $negation; - } - } - - sub factor { - my ($value) = exe_all($_[1]); - return $value; - } - - #negation: notoperator(?) factor - sub negation { - debug ("$::level in negation... input = ".(join ",",@_)."\n"); - #my @item = exe_all(@_); - my ($alt, $value) = ( $_[1], execute($_[2]) ); - debug ("$::level negation: alternation= $alt\n"); - debug ("$::level negation: value = $value\n"); - my $operator = execute($alt->[0][1]); - - my $r; - if ($operator && $operator eq '!') { - if ($value ) { $r = 0; } - else { $r = 1; } - debug ("$::level negation: inverting\n"); - } else { - debug ("$::level negation: not inverting\n"); - $r = $value; - } - debug ("$::level negation: returning $r\n"); - return $r; - } - - #setargs: <skip:'[ \t]*'> '(' assignment ')' - sub setargs { - my $f = "setargs"; - my ($args) = exe_all($_[3]); - debug("$::level $f args = \n".Dumper($args)."\n"); - my ($variable, $value) = @{$args}; - debug("$::level $f variable type =".(ref $variable)."\n"); - debug("$::level $f variable = \n".Dumper($variable)."\n"); - my $symbolname = $$variable->{top}; - debug("$::level $f setting variable '$symbolname' = $value\n"); - $::symbol{$symbolname} = $value; - return ""; - } - - #assignment: variablename '=' boolean - sub assignment { - my $f = "assignment"; - my ($variable, $value) = exe_all($_[1],$_[3]); - debug("$::level $f variable = \n".Dumper($variable)."\n"); - my $r = [ $variable, $value ]; - debug("$::level $f returning: \n".Dumper($r)."\n"); - return $r; - } - - #includeargs: '(' string ')' - sub includeargs { - my $f = "includeargs"; - my ($filename ) = execute($_[2]); - - debug("including file: $filename\n"); - open my $fh, "<$docroot/$filename" or return "filenotfound $docroot/$filename!\n"; - my $file = join "", <$fh>; - close FILE; - - return $file; - } - - sub parseargs { - my $f = "parseargs"; - my ($filename ) = execute($_[2]); - - debug("parsing file: $filename\n"); - - #open my $fh, "<$docroot/$filename" or return "filenotfound $docroot/$filename!\n"; - #my $file = join "", <$fh>; - #close FILE; - - #my $parsetree = $Template::Velocity::parser->template($file); - #my @value = execute($parsetree); - #my $value = shift @value; - - my @value = Template::Velocity::execute_file(undef,$filename); - my $value = shift @value; - - return $value; - } - -# variables - -# variables -# this rule converts a variable name/identifier into its value -# $main.subfield(argument1,argument2).subfield2(arg1,arg2) -# There are two data structures at work here. -# 1. the data structure specifying the variable name to be queried -# this represents $a.b.c(100,9,5,4) -#{ -# 'top' => 'a' -# 'fields' => [ -# { 'fieldname' => 'b', 'arglist' => undef }, -# { 'fieldname' => 'c', 'arglist' => [ '100', 9, 5, '4', ], } -# ], -#} -# 2. Data structure specifying the symbol table - -# return value could be: -# a scalar: either a string/number value or reference to an array of values -# an array - - sub variable { -# look up the root object in the symbol table - my $f = "variable"; - debug("$::level $f: input\n".Dumper(\@_)."\n"); - my $var = $_[1]; - debug("$::level $f var=\n".Dumper($var)."\n"); -# $$var works with # 27: '#set (\$a=1+3)\n\$a\n' -#0 REF(0x8fa0510) -# -> HASH(0x8fa1454) -# 'fields' => ARRAY(0x8fa8c08) -# empty array -# 'top' => 'a' - -# $var works with # 25: '$employee.add(100,4+5,2+3,4,4,5,6)' -#DB<2> x $var -#0 HASH(0x9c7a340) -# 'fields' => ARRAY(0xa06e7d8) -# 0 ARRAY(0xa06e9ac) -# 0 'subfield' -# 1 HASH(0xa06e880) -# 'arglist' => ARRAY(0xa074184) - - my $top = $$var->{top}; # name of the root object - debug("$::level $f top=\n".Dumper($top)."\n"); - my $fields = $$var->{fields}; # array of the subidentifiers - my $val = ""; - - debug("$::level $f - top_id = $top\n"); - debug("$::level $f : var: \n".Dumper($var)."\n"); - debug("$::level $f - fields = \n".Dumper($fields)."\n"); - - - debug("$::level $f : top = ".$top."\n"); - if (! defined $::symbol{$top} ) { -# XXX - debug ("symbol table = ",(join ",",sort keys %::symbol)."\n"); - debug ("undefined variable: $top\n"); - return 0; - } - debug("$::level $f symbol table: \n".Dumper(\%::symbol)."\n"); - $val = $::symbol{$top}; - debug("$::level $f val before: \n".Dumper($val)."\n"); - - debug("$::level $f - fields = \n".Dumper($fields)."\n"); - my $pass = 1; - foreach my $field (@$fields) { - my $args; - - my ($fieldname, $values); - { - debug("$::level $f pass $pass \@_=\n".Dumper(\@_)."\n"); - debug("$::level $f before strip field = \n".Dumper($field)."\n"); -#shift @$fn; # 'subfield' string -#$fn = $fn->[0]; -#$fn = [ (@{$fn}) ]; -#shift @$fn; - debug("$::level $f after strip fn = \n".Dumper($field)."\n"); - - $fieldname = $field->[1]->{fieldname}; - debug("$::level $f processing field: $fieldname\n"); - $args= $field->[1]->{arglist}; - - -# convert the argument list (which could be expressions, other -# variables, etc) into raw values - if ($args) { - debug("$::level $f executing $fieldname with args:\n".Dumper($args)."\n"); - ($values) = execute($args); - debug("$::level $f returned values:\n".Dumper($values)."\n"); - } - } - - debug("$::level $f after execute, \@_=\n".Dumper(\@_)."\n"); - -#call the function - if (ref $val) { - debug("$::level $f : inside loop(before) {\n".Dumper($val)."\n"); - debug("$::level $f : inside loop(before) {\n".Dumper($val)."\n"); - if ($args) { - debug("$::level $f: function call\n"); -#$val = $$val->$fieldname ($args); # method call - my $func = $val->{$fieldname}; # method call - debug("$::level $f: $fieldname func=\n ".Dumper($func)."\n"); - no strict; - $val = &$func($val, @$values); - debug("$::level $f: $fieldname result=$val\n"); - debug("$::level $f: $fieldname result=\n".Dumper($val)."\n"); - - } else { - &::debug("$::level $f: plain field access\n"); - if (ref $val eq "REF") { - $val = $$val->{$fieldname}; # field access - } else { - $val = $val->{$fieldname}; # field access - } - } - debug("$::level $f } inside loop(after val retrieval) val=\n".Dumper($val)."\n"); - } - $pass++; - - } - - return $val; - } - - #$return = [ "variablename", \$variableinfo ]; - sub variablename { - my $f = "variablename"; - debug("$::level $f: input\n".Dumper(\@_)."\n"); - my $var = $_[1]; - return $var; - } - - #arglist: '(' list(?) ')' - sub arglist { - my ($list) = exe_all($_[2]); - debug("$::level list: ".Dumper($list)."\n"); - if ($list) { - my $ll = $list->[0]; - debug("$::level ll \n".Dumper($ll)."\n"); - debug("$::level \$\$list: \n"); - return $ll; - } - return undef; - } - - #list: expression (',' list)(s?) - sub list { - my ($expr, $alt) = ( execute($_[1]), $_[2] ); - - if (scalar @$alt) { - my ($list) = exe_optional($alt, 2); - - debug("$::level list: expr: $expr\n"); - debug("$::level list: list: $list\n:"); - debug("$::level list ".Dumper($list)."\n"); - my $r = [ $expr, (@$list) ]; - return $r; - } - debug("$::level returning simple expression: $expr\n:"); - return [$expr]; - } - - - - sub _default { - debug ("$::level default rule {\n"); - indent(); - debug ("$::level parsing parameters\n"); - my @item = exe_all(@_); - debug ("$::level default rule - last item in array is: ".$item[$#item]."\n"); - my $r = join "",@item[1..$#item]; - debug ("$::level default rule - returning: $r\n"); - deindent(); - debug ("$::level }\n"); - return $r; - - } - - -} - - -package Template::Velocity::Executor; - -use Data::Dumper; - - - -sub new -{ - my $class = shift; - - my $parsetree = shift; - my $parser = shift; - - my $self = {}; - $self->{parser} = $parser; - $self->{parsetree} = $parsetree; - bless $self, $class; - return $self; -} - - -sub run { - my $self = shift; - - return (execute($self->{parsetree})); -} - - - -my $level = " "; - -sub debug { - if ($::debugflag) { - print @_; - } -} - -# This basically all works calling execute($parsetree). -# Execute will look the Parsetree, which is built by a special autoaction -# -# It will call top-down, into functions called 'Executor::XXX', (where XXX is -# the name of the production) -# -# Additional trees, representing child productions, will be passed in -# as arguments to the Executor::XXX function. These arguments be processed -# before the Executor::XXX function can proceed. -# -# If no such function is present, Executor:_default will be run -# -# To process the arguments, use this in the Executor function: -# my @item = exe(@_); -# Which will give you an @item array similar to that in the RD rules, one -# exception being that productions which return arrays are flattened into -# the @item array. (bad idea?) -# - - - -# executes a parsetree (gotten as a result of calling recdescent $parser->rule() -# and returns the string value of the result. - -sub Dumper { - ""; -} - -sub execute { - my $result; - my $tree = shift; # a reference to a tree is passed in - debug "$level execute: {\n"; - indent(); - debug ("$level tree = \n".Dumper($tree)."\n"); - -# there are 3 possible things this tree could be: - -# 1 a scalar .. in which case this rule represents a literal, and the -# the literal is just returned -# -# 2 an array of the form (array, ...) - in which case this is the result of a production -# which returned an array of trees. This happens -# if you specify (s), (?), etc, in a production. -# 3 an array of the form (scalar, ...) - in which case this refers to a subrule -# - -# case 1... - my $type = ref $tree; - if ($type) { - debug "\n$level tree type: ".(ref $tree)." \n"; - } else { - debug "\n$level tree type: scalar \n"; - } - if ($type ne "ARRAY") { - debug "$level returning literal: '$tree'\n"; - deindent(); - debug "$level }\n\n"; - return $tree; - } - - my @result; - -# if this tree is the result of a auto-generated rule (e.g. alternation) -# then tree[0] is not a name.. it is an array. just call the default action with -# the arguments - - my $rule = @{$tree}->[0]; # rule name is first - - if ($rule && ref $rule eq "ARRAY") { # case 2 - debug "$level element[0] is an array (case 2) \n"; - debug "$level contents of input: \n".Dumper(\@{$tree})."\n"; - #@result = exe(@{$rule}); - debug "$level running exe on the array..\n"; - # not sure about this... - @result = (exe_all(@{$tree})); - debug "$level contents of output: \n".Dumper(\@result)."\n"; - #shift @result; # get rid of function name - $result = \@result; - - } else { # case 3 - my @args = @{$tree}; - - debug "$level rule is a function to execute (case 3): '$rule'\n"; - indent(); - my $qr = "Template::Velocity::Executor::Rules::$rule"; - if (defined &$qr) { - no strict ; - $result = (&$qr(@args)); - } else { - debug "$level no function defined for: '$rule' - calling default action\n"; - $result = Template::Velocity::Executor::Rules::_default(@args); - } - } - deindent(); - debug "$level function: $rule returned=\n".Dumper($result)."\n"; - - debug "$level }\n"; - return $result; - - } - -# these hold and set the current indent level. It's only used for nested debug messages -sub indent { - if (!$debugflag) { return; } - $level .= " "; - $Data::Dumper::Pad = $level." "; -} -sub deindent { - if (!$debugflag) { return; } - $level = substr ($level,0,-2); - $Data::Dumper::Pad = $level." "; -} - - -sub exe_optional { - my @r; - my $f = shift; - foreach my $q (@_) { - debug("$level: getting arg# $q\n"); - push @r, execute($f->[0][$q]); - } - return @r; -} - -# exe: for each argument, run the 'execute' function -# - -sub exe_all { - my $d = $Data::Dumper::Maxdepth; - $Data::Dumper::Maxdepth = 9; - debug "\n$level exe_all (".$_[0].") arguments: {\n".Dumper(\@_)." \n"; - my @r; - indent(); - - foreach my $i (@_) { - push @r, execute($i); - } - deindent(); - debug "$level exe_all: returning: \n".Dumper(\@r)."$level}\n\n"; - $Data::Dumper::Maxdepth = $d; - return @r; -} - - - - - -#package PKI::RA::GlobalVar; - -#sub new { my $self = {}; bless $self; return $self; } - - -1; - diff --git a/pki/base/ra/scripts/nss_pcache b/pki/base/ra/scripts/nss_pcache deleted file mode 100755 index bf978b48b..000000000 --- a/pki/base/ra/scripts/nss_pcache +++ /dev/null @@ -1,66 +0,0 @@ -#!/bin/bash -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -# Check to insure that this script's original invocation directory -# has not been deleted! -CWD=`/bin/pwd > /dev/null 2>&1` -if [ $? -ne 0 ] ; then - echo "Cannot invoke '$0' from non-existent directory!" - exit 255 -fi - -OS=`uname -s` - -if [ $OS = "Linux" ]; then - PLATFORM=`uname -i` - if [ $PLATFORM = "i386" ]; then - # 32-bit Linux - LD_LIBRARY_PATH=/usr/lib/dirsec:/usr/lib:$LD_LIBRARY_PATH - elif [ $PLATFORM = "x86_64" ]; then - # 64-bit Linux - LD_LIBRARY_PATH=/usr/lib64/dirsec:/usr/lib64:/usr/lib:$LD_LIBRARY_PATH - fi - export LD_LIBRARY_PATH -elif [ $OS = "SunOS" ]; then - PLATFORM=`uname -p` - if [ "${PLATFORM}" = "sparc" ] && - [ -d "/usr/lib/sparcv9/" ] ; then - PLATFORM="sparcv9" - fi - if [ $PLATFORM = "sparc" ]; then - # 32-bit Solaris - LD_LIBRARY_PATH=/usr/lib/dirsec:/usr/lib:$LD_LIBRARY_PATH - elif [ $PLATFORM = "sparcv9" ]; then - # 64-bit Solaris - LD_LIBRARY_PATH=/usr/lib/sparcv9/dirsec:/usr/lib/sparcv9:/usr/lib/dirsec:/usr/lib:$LD_LIBRARY_PATH - fi - export LD_LIBRARY_PATH -fi - -FORTITUDE_DIR=/usr/sbin -if [ $OS = "SunOS" ]; then - FORTITUDE_DIR=/opt/fortitude/bin -fi - -$FORTITUDE_DIR/nss_pcache $@ diff --git a/pki/base/ra/scripts/schema.sql b/pki/base/ra/scripts/schema.sql deleted file mode 100644 index 18fd8a39c..000000000 --- a/pki/base/ra/scripts/schema.sql +++ /dev/null @@ -1,33 +0,0 @@ -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# sql schema -# -CREATE TABLE requests ( type TEXT, ip TEXT, note TEXT, data TEXT, output TEXT, serialno TEXT, subject_dn TEXT, meta_info TEXT, status TEXT, errorString TEXT, processed_by TEXT, assigned_to TEXT, updated_at TEXT, created_at TEXT, created_by TEXT ) -CREATE TABLE users ( uid TEXT, name TEXT, password TEXT, email TEXT, certificate TEXT, created_at TEXT, created_by TEXT ) -CREATE TABLE groups ( gid TEXT, name TEXT, created_at TEXT, created_by TEXT ) -CREATE TABLE roles ( uid TEXT, gid TEXT ) -CREATE TABLE pins ( key TEXT, pin TEXT, rid TEXT, created_at TEXT, created_by TEXT ) -CREATE TABLE certificates ( rid TEXT, csr TEXT, subject_dn TEXT, certificate TEXT, serialno TEXT, approved_by TEXT, created_at TEXT ) -# -# add defaults -# -INSERT INTO groups (gid, name) values ('administrators','Administrators'); -INSERT INTO groups (gid, name) values ('agents','Agents'); diff --git a/pki/base/ra/setup/CMakeLists.txt b/pki/base/ra/setup/CMakeLists.txt deleted file mode 100644 index f5f069cdb..000000000 --- a/pki/base/ra/setup/CMakeLists.txt +++ /dev/null @@ -1,8 +0,0 @@ -set(VERSION ${APPLICATION_VERSION}) - -install( - FILES - registry_instance - DESTINATION - ${SHARE_INSTALL_PREFIX}/${APPLICATION_NAME}/${PROJECT_NAME}/setup -) diff --git a/pki/base/ra/setup/registry_instance b/pki/base/ra/setup/registry_instance deleted file mode 100644 index 64a73197f..000000000 --- a/pki/base/ra/setup/registry_instance +++ /dev/null @@ -1,116 +0,0 @@ -# Establish PKI Variable "Slot" Substitutions - -PKI_FLAVOR=[PKI_FLAVOR] -export PKI_FLAVOR - -PKI_SUBSYSTEM_TYPE=[PKI_SUBSYSTEM_TYPE] -export PKI_SUBSYSTEM_TYPE - -PKI_USER=[PKI_USER] -export PKI_USER - -PKI_GROUP=[PKI_GROUP] -export PKI_GROUP - -PKI_INSTANCE_ID=[PKI_INSTANCE_ID] -export PKI_INSTANCE_ID - -PKI_INSTANCE_INITSCRIPT=[PKI_INSTANCE_INITSCRIPT] -export PKI_INSTANCE_INITSCRIPT - -PKI_HTTPD_CONF=[HTTPD_CONF] -export PKI_HTTPD_CONF - -PKI_SERVER_ROOT=[SERVER_ROOT] -export PKI_SERVER_ROOT - -PKI_SYSTEM_USER_LIBRARIES=[SYSTEM_USER_LIBRARIES] -export PKI_SYSTEM_USER_LIBRARIES - -PKI_FORTITUDE_DIR=[FORTITUDE_DIR] -export PKI_FORTITUDE_DIR - -PKI_NSS_CONF=[NSS_CONF] -export PKI_NSS_CONF - -PKI_SERVER_NAME=[SERVER_NAME] -export PKI_SERVER_NAME - -PKI_LOCK_FILE="[PKI_LOCKDIR]/${PKI_INSTANCE_ID}.pid" -export PKI_LOCK_FILE - -PKI_PID_FILE="[PKI_PIDDIR]/${PKI_INSTANCE_ID}.pid" -export PKI_PID_FILE - -PKI_SELINUX_TYPE="pki_ra_t" -export PKI_SELINUX_TYPE - -pki_instance_configuration_file=${PKI_SERVER_ROOT}/conf/CS.cfg -export pki_instance_configuration_file - -RESTART_SERVER=${PKI_SERVER_ROOT}/conf/restart_server_after_configuration -export RESTART_SERVER - -######################################################################## -# This section contains modified content of "/etc/sysconfig/httpd" # -######################################################################## -# Configuration file for the ${PKI_INSTANCE_ID} service. - -# -# The default processing model (MPM) is the process-based -# 'prefork' model. A thread-based model, 'worker', is also -# available, but does not work with some modules (such as PHP). -# The service must be stopped before changing this variable. -# -PKI_HTTPD=${PKI_FORTITUDE_DIR}/sbin/httpd.worker -export PKI_HTTPD - -# -# To pass additional options (for instance, -D definitions) to the -# httpd binary at startup, set PKI_OPTIONS here. -# -PKI_OPTIONS="-f ${PKI_HTTPD_CONF}" -export PKI_OPTIONS - -# -# By default, the httpd process is started in the C locale; to -# change the locale in which the server runs, the PKI_HTTPD_LANG -# variable can be set. -# -PKI_HTTPD_LANG=C -export PKI_HTTPD_LANG -######################################################################## -# # -######################################################################## - -# This will prevent initlog from swallowing up a pass-phrase prompt if -# mod_ssl needs a pass-phrase from the user. -PKI_INITLOG_ARGS="" -export PKI_INITLOG_ARGS - -# Set PKI_HTTPD=/usr/sbin/httpd.worker in /etc/sysconfig/httpd to use a server -# with the thread-based "worker" MPM; BE WARNED that some modules may not -# work correctly with a thread-based MPM; notably PHP will refuse to start. - -# Path to the server binary and short-form for messages. -httpd=${PKI_HTTPD} -export httpd - -pki_logs_directory=${PKI_SERVER_ROOT}/logs -export pki_logs_directory - -# see if httpd is linked with the openldap libraries - we need to override -# their use of OpenSSL -if [ ${OS} = "Linux" ]; then - hasopenldap=0 - - /usr/bin/ldd ${httpd} 2>&1 | grep libldap- > /dev/null 2>&1 && hasopenldap=1 - - if [ ${hasopenldap} -eq 1 ] ; then - LD_PRELOAD="${PKI_SYSTEM_USER_LIBRARIES}/libssl3.so:${LD_PRELOAD}" - export LD_PRELOAD - fi -elif [ ${OS} = "SunOS" ]; then - LD_PRELOAD_64="${PKI_SYSTEM_USER_LIBRARIES}/dirsec/libssl3.so:${LD_PRELOAD_64}" - export LD_PRELOAD_64 -fi |