1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
|
#!/usr/bin/perl
#
# --- BEGIN COPYRIGHT BLOCK ---
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; version 2 of the License.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along
# with this program; if not, write to the Free Software Foundation, Inc.,
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
#
# Copyright (C) 2007 Red Hat, Inc.
# All rights reserved.
# --- END COPYRIGHT BLOCK ---
#
#
#
#
package op;
use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl";
use MIME::Base64;
use CGI;
use PKI::Service::Op;
use Template::Velocity;
use PKI::Base::Conf;
use PKI::Base::Registry;
use PKI::Request::Queue;
use PKI::Conn::CA;
use PKI::Base::PinStore;
use PKI::Base::Util;
use vars qw (@ISA);
@ISA = qw(PKI::Service::Op);
sub new {
my $self = {};
bless ($self);
return $self;
}
sub process()
{
my $self = shift;
my $q = CGI->new();
my $util = PKI::Base::Util->new();
my $docroot = PKI::Base::Registry->get_docroot();
my $parser = PKI::Base::Registry->get_parser();
my $cfg = PKI::Base::Registry->get_config();
$self->debug_params($cfg, $q);
my $uid = $util->get_val($q->param('uid'));
my $pin = $util->get_alphanum_val($q->param('pin'));
my $csr = $util->get_val($q->param('csr'));
$csr = $util->normalize_csr($csr);
my $key = $uid;
my $pin_store = PKI::Base::PinStore->new();
$pin_store->open($cfg);
my $pinref = $pin_store->read_pin($key);
if (defined($pinref) && $pinref->{'pin'} eq $pin) {
$pin_store->delete($key);
} else {
$pin_store->close();
print $q->redirect("/ee/error.cgi?error=Invalid Pin");
return;
}
my $rid = $pinref->{'rid'};
$pin_store->close();
my $profile_id = $cfg->get("request.agent.profileId");
my $cert_request_type = $cfg->get("request.agent.reqType");
my $queue = PKI::Request::Queue->new();
$queue->open($cfg);
my $req = $queue->read_request($rid);
$queue->set_request($rid, "subject_dn", "uid=$uid, e=$req->{'created_by'}");
my $ca = PKI::Conn::CA->new();
$ca->open($cfg);
my $cert = $ca->enroll($rid, "ca1", $profile_id, $cert_request_type, $csr);
$ca->close();
$queue->set_request($rid, "output", $cert);
$req = $queue->read_request($rid);
if ($cert eq "") {
my $error = $req->{'errorString'};
$queue->close();
print $q->redirect("/ee/error.cgi?error=$error");
return;
}
my $decoded = decode_base64($cert);
my $encoded = encode_base64($decoded);
my %context;
$context{cert} = $encoded;
$context{rid} = $util->html_encode($rid);
$context{subject_dn} = $util->html_encode($req->{'subject_dn'});
$queue->close();
my $result = $parser->execute_file_with_context("ee/agent/enroll.vm",
\%context);
my $xml = $q->param('xml');
if ($xml eq "true") {
print "Content-Type: text/xml\n\n";
print $self->xml_output(\%context);
} else {
print "Content-Type: text/html\n\n";
print "$result";
}
}
my $op = op->new();
$op->execute();
|