ACL for hardware class config, RT#85057

[freeside.git] / FS / FS / svc_cert.pm

diff --git a/FS/FS/svc_cert.pm b/FS/FS/svc_cert.pm
index 36e7582..88e4199 100644 (file)
--- a/FS/FS/svc_cert.pm
+++ b/FS/FS/svc_cert.pm
@@ -303,9 +303,30 @@ sub generate_csr {
   $self->csr($csr);
 }
 
-#sub check_csr {
-#  my $self = shift;
-#}
+sub check_csr {
+  my $self = shift;
+
+  my $in = $self->csr;
+
+  run( [qw( openssl req -subject -noout ), ],
+       '<'=>\$in,
+       '>pipe'=>\*OUT, '2>'=>'/dev/null'
+     ) 
+    ;#or die "error running openssl: $!";
+
+   #subject=/CN=cn.example.com/ST=AK/O=Tofuy/OU=Soybean dept./C=US/L=Tofutown
+   my $line = <OUT>;
+   $line =~ /^subject=\/(.*)$/ or return ();
+   my $subj = $1;
+
+   map { if ( /^\s*(\w+)=\s*(.*)\s*$/ ) {
+           ($1=>$2);
+         } else {
+           ();
+         }
+       }
+       split('/', $subj);
+}
 
 sub generate_selfsigned {
   my $self = shift;
@@ -324,8 +345,8 @@ sub generate_selfsigned {
      ) 
     or die "error running openssl: $!";
   #XXX error checking
-  my $csr = join('', <OUT>);
-  $self->certificate($csr);
+  my $certificate = join('', <OUT>);
+  $self->certificate($certificate);
 }
 
 #openssl x509 -in cert -noout -subject -issuer -dates -serial
@@ -335,10 +356,13 @@ sub generate_selfsigned {
 #notAfter=Nov  6 05:07:42 2012 GMT
 #serial=B1DBF1A799EF207B
 
-sub check_certificate {
-  my $self = shift;
+sub check_certificate { shift->check_x509('certificate'); }
+sub check_cacert      { shift->check_x509('cacert');      }
+
+sub check_x509 {
+  my( $self, $field ) = ( shift, shift );
 
-  my $in = $self->certificate;
+  my $in = $self->$field;
   run( [qw( openssl x509 -noout -subject -issuer -dates -serial )],
        '<'=>\$in,
        '>pipe'=>\*OUT, '2>'=>'/dev/null'
@@ -357,7 +381,7 @@ sub check_certificate {
     $hash{$f} = { map { if ( /^\s*(\w+)=\s*(.*)\s*$/ ) {
                           ($1=>$2);
                         } else {
-                          (''=>'');
+                          ();
                         }
                       }
                       split('/', $hash{$f})