use strict;
use base qw( FS::svc_Common );
+use Tie::IxHash;
#use FS::Record qw( qsearch qsearchs );
use FS::cust_svc;
country
-=item contact
+=item cert_contact
-contact
+contact email
=back
'city' => { label=>'City', %dis, },
'state' => { label=>'State', %dis, },
'country' => { label=>'Country', %dis, },
- 'cert_contact' => { label=>'Contact', %dis, },
+ 'cert_contact' => { label=>'Contact email', %dis, },
#'another_field' => {
# 'label' => 'Description',
|| $self->ut_textn('city')
|| $self->ut_textn('state')
|| $self->ut_textn('country') #XXX char(2) or NULL
- || $self->ut_textn('contact')
+ || $self->ut_textn('cert_contact')
;
return $error if $error;
return ($ok =~ /key ok/);
}
-my %subj = (
+tie my %subj, 'Tie::IxHash',
'CN' => 'common_name',
'O' => 'organization',
'OU' => 'organization_unit',
'L' => 'city',
'ST' => 'state',
'C' => 'country',
-);
+;
+
+sub subj_col {
+ \%subj;
+}
sub subj {
my $self = shift;
);
}
-sub generate_csr {
+sub _file {
my $self = shift;
- my $in = $self->privatekey;
+ my $field = shift;
my $dir = $FS::UID::conf_dir. "/cache.". $FS::UID::datasrc; #XXX actual cache dir
my $fh = new File::Temp(
- TEMPLATE => 'certkey.'. '.XXXXXXXX',
+ TEMPLATE => 'cert.'. '.XXXXXXXX',
DIR => $dir,
) or die "can't open temp file: $!\n";
+ print $fh $self->$field;
+ close $fh;
+ $fh;
+}
+
+sub generate_csr {
+ my $self = shift;
+
+ my $fh = $self->_file('privatekey');
run( [qw( openssl req -new -key ), $fh->filename, '-subj', $self->subj ],
'>pipe'=>\*OUT, '2>'=>'/dev/null'
$self->csr($csr);
}
+sub check_csr {
+ my $self = shift;
+
+ my $in = $self->csr;
+
+ run( [qw( openssl req -subject -noout ), ],
+ '<'=>\$in,
+ '>pipe'=>\*OUT, '2>'=>'/dev/null'
+ )
+ ;#or die "error running openssl: $!";
+
+ #subject=/CN=cn.example.com/ST=AK/O=Tofuy/OU=Soybean dept./C=US/L=Tofutown
+ my $line = <OUT>;
+ $line =~ /^subject=\/(.*)$/ or return ();
+ my $subj = $1;
+
+ map { if ( /^\s*(\w+)=\s*(.*)\s*$/ ) {
+ ($1=>$2);
+ } else {
+ ();
+ }
+ }
+ split('/', $subj);
+}
+
+sub generate_selfsigned {
+ my $self = shift;
+
+ my $days = 730;
+
+ my $key = $self->_file('privatekey');
+ my $csr = $self->_file('csr');
+
+ run( [qw( openssl req -x509 -nodes ),
+ '-days' => $days,
+ '-key' => $key->filename,
+ '-in' => $csr->filename,
+ ],
+ '>pipe'=>\*OUT, '2>'=>'/dev/null'
+ )
+ or die "error running openssl: $!";
+ #XXX error checking
+ my $certificate = join('', <OUT>);
+ $self->certificate($certificate);
+}
+
+#openssl x509 -in cert -noout -subject -issuer -dates -serial
+#subject= /CN=cn.example.com/ST=AK/O=Tofuy/OU=Soybean dept./C=US/L=Tofutown
+#issuer= /CN=cn.example.com/ST=AK/O=Tofuy/OU=Soybean dept./C=US/L=Tofutown
+#notBefore=Nov 7 05:07:42 2010 GMT
+#notAfter=Nov 6 05:07:42 2012 GMT
+#serial=B1DBF1A799EF207B
+
+sub check_certificate { shift->check_x509('certificate'); }
+sub check_cacert { shift->check_x509('cacert'); }
+
+sub check_x509 {
+ my( $self, $field ) = ( shift, shift );
+
+ my $in = $self->$field;
+ run( [qw( openssl x509 -noout -subject -issuer -dates -serial )],
+ '<'=>\$in,
+ '>pipe'=>\*OUT, '2>'=>'/dev/null'
+ )
+ or die "error running openssl: $!";
+ #XXX error checking
+
+ my %hash = ();
+ while (<OUT>) {
+ /^\s*(\w+)=\s*(.*)\s*$/ or next;
+ $hash{$1} = $2;
+ }
+
+ for my $f (qw( subject issuer )) {
+
+ $hash{$f} = { map { if ( /^\s*(\w+)=\s*(.*)\s*$/ ) {
+ ($1=>$2);
+ } else {
+ ();
+ }
+ }
+ split('/', $hash{$f})
+ };
+
+ }
+
+ $hash{'selfsigned'} = 1 if $hash{'subject'}->{'O'} eq $hash{'issuer'}->{'O'};
+
+ %hash;
+}
+
=back
=head1 BUGS