ACL for hardware class config, RT#85057

[freeside.git] / FS / FS / svc_cert.pm

diff --git a/FS/FS/svc_cert.pm b/FS/FS/svc_cert.pm
index e3ef325..88e4199 100644 (file)
--- a/FS/FS/svc_cert.pm
+++ b/FS/FS/svc_cert.pm
@@ -2,6 +2,7 @@ package FS::svc_cert;
 
 use strict;
 use base qw( FS::svc_Common );
+use Tie::IxHash;
 #use FS::Record qw( qsearch qsearchs );
 use FS::cust_svc;
 
@@ -251,14 +252,18 @@ sub check_privatekey {
   return ($ok =~ /key ok/);
 }
 
-my %subj = (
+tie my %subj, 'Tie::IxHash',
   'CN' => 'common_name',
   'O'  => 'organization',
   'OU'  => 'organization_unit',
   'L' => 'city',
   'ST' => 'state',
   'C' => 'country',
-);
+;
+
+sub subj_col {
+  \%subj;
+}
 
 sub subj {
   my $self = shift;
@@ -298,9 +303,30 @@ sub generate_csr {
   $self->csr($csr);
 }
 
-#sub check_csr {
-#  my $self = shift;
-#}
+sub check_csr {
+  my $self = shift;
+
+  my $in = $self->csr;
+
+  run( [qw( openssl req -subject -noout ), ],
+       '<'=>\$in,
+       '>pipe'=>\*OUT, '2>'=>'/dev/null'
+     ) 
+    ;#or die "error running openssl: $!";
+
+   #subject=/CN=cn.example.com/ST=AK/O=Tofuy/OU=Soybean dept./C=US/L=Tofutown
+   my $line = <OUT>;
+   $line =~ /^subject=\/(.*)$/ or return ();
+   my $subj = $1;
+
+   map { if ( /^\s*(\w+)=\s*(.*)\s*$/ ) {
+           ($1=>$2);
+         } else {
+           ();
+         }
+       }
+       split('/', $subj);
+}
 
 sub generate_selfsigned {
   my $self = shift;
@@ -319,8 +345,8 @@ sub generate_selfsigned {
      ) 
     or die "error running openssl: $!";
   #XXX error checking
-  my $csr = join('', <OUT>);
-  $self->certificate($csr);
+  my $certificate = join('', <OUT>);
+  $self->certificate($certificate);
 }
 
 #openssl x509 -in cert -noout -subject -issuer -dates -serial
@@ -330,10 +356,13 @@ sub generate_selfsigned {
 #notAfter=Nov  6 05:07:42 2012 GMT
 #serial=B1DBF1A799EF207B
 
-sub check_certificate {
-  my $self = shift;
+sub check_certificate { shift->check_x509('certificate'); }
+sub check_cacert      { shift->check_x509('cacert');      }
 
-  my $in = $self->certificate;
+sub check_x509 {
+  my( $self, $field ) = ( shift, shift );
+
+  my $in = $self->$field;
   run( [qw( openssl x509 -noout -subject -issuer -dates -serial )],
        '<'=>\$in,
        '>pipe'=>\*OUT, '2>'=>'/dev/null'
@@ -343,11 +372,25 @@ sub check_certificate {
 
   my %hash = ();
   while (<OUT>) {
-    warn $_;
     /^\s*(\w+)=\s*(.*)\s*$/ or next;
     $hash{$1} = $2;
   }
 
+  for my $f (qw( subject issuer )) {
+
+    $hash{$f} = { map { if ( /^\s*(\w+)=\s*(.*)\s*$/ ) {
+                          ($1=>$2);
+                        } else {
+                          ();
+                        }
+                      }
+                      split('/', $hash{$f})
+                };
+
+  }
+
+  $hash{'selfsigned'} = 1 if $hash{'subject'}->{'O'} eq $hash{'issuer'}->{'O'};
+
   %hash;
 }