use strict;
use base qw( FS::svc_Common );
+use Tie::IxHash;
#use FS::Record qw( qsearch qsearchs );
use FS::cust_svc;
return ($ok =~ /key ok/);
}
-my %subj = (
+tie my %subj, 'Tie::IxHash',
'CN' => 'common_name',
'O' => 'organization',
'OU' => 'organization_unit',
'L' => 'city',
'ST' => 'state',
'C' => 'country',
-);
+;
+
+sub subj_col {
+ \%subj;
+}
sub subj {
my $self = shift;
$self->csr($csr);
}
-#sub check_csr {
-# my $self = shift;
-#}
+sub check_csr {
+ my $self = shift;
+
+ my $in = $self->csr;
+
+ run( [qw( openssl req -subject -noout ), ],
+ '<'=>\$in,
+ '>pipe'=>\*OUT, '2>'=>'/dev/null'
+ )
+ ;#or die "error running openssl: $!";
+
+ #subject=/CN=cn.example.com/ST=AK/O=Tofuy/OU=Soybean dept./C=US/L=Tofutown
+ my $line = <OUT>;
+ $line =~ /^subject=\/(.*)$/ or return ();
+ my $subj = $1;
+
+ map { if ( /^\s*(\w+)=\s*(.*)\s*$/ ) {
+ ($1=>$2);
+ } else {
+ ();
+ }
+ }
+ split('/', $subj);
+}
sub generate_selfsigned {
my $self = shift;
)
or die "error running openssl: $!";
#XXX error checking
- my $csr = join('', <OUT>);
- $self->certificate($csr);
+ my $certificate = join('', <OUT>);
+ $self->certificate($certificate);
}
#openssl x509 -in cert -noout -subject -issuer -dates -serial
#notAfter=Nov 6 05:07:42 2012 GMT
#serial=B1DBF1A799EF207B
-sub check_certificate {
- my $self = shift;
+sub check_certificate { shift->check_x509('certificate'); }
+sub check_cacert { shift->check_x509('cacert'); }
- my $in = $self->certificate;
+sub check_x509 {
+ my( $self, $field ) = ( shift, shift );
+
+ my $in = $self->$field;
run( [qw( openssl x509 -noout -subject -issuer -dates -serial )],
'<'=>\$in,
'>pipe'=>\*OUT, '2>'=>'/dev/null'
my %hash = ();
while (<OUT>) {
- warn $_;
/^\s*(\w+)=\s*(.*)\s*$/ or next;
$hash{$1} = $2;
}
+ for my $f (qw( subject issuer )) {
+
+ $hash{$f} = { map { if ( /^\s*(\w+)=\s*(.*)\s*$/ ) {
+ ($1=>$2);
+ } else {
+ ();
+ }
+ }
+ split('/', $hash{$f})
+ };
+
+ }
+
+ $hash{'selfsigned'} = 1 if $hash{'subject'}->{'O'} eq $hash{'issuer'}->{'O'};
+
%hash;
}