X-Git-Url: http://git.freeside.biz/gitweb/?p=freeside.git;a=blobdiff_plain;f=FS%2FFS%2Fsvc_cert.pm;h=88e4199e8e18472750b25e73de7b2ea77c39c917;hp=e3ef3256f79eb01c1a67d6ea07641e46e8f8beae;hb=20f03d52cc6c930f610c0b4466eeeeda54fdbb40;hpb=cd91e59d897b1359dd91b2b9e5e7e008d2dbd9ed diff --git a/FS/FS/svc_cert.pm b/FS/FS/svc_cert.pm index e3ef3256f..88e4199e8 100644 --- a/FS/FS/svc_cert.pm +++ b/FS/FS/svc_cert.pm @@ -2,6 +2,7 @@ package FS::svc_cert; use strict; use base qw( FS::svc_Common ); +use Tie::IxHash; #use FS::Record qw( qsearch qsearchs ); use FS::cust_svc; @@ -251,14 +252,18 @@ sub check_privatekey { return ($ok =~ /key ok/); } -my %subj = ( +tie my %subj, 'Tie::IxHash', 'CN' => 'common_name', 'O' => 'organization', 'OU' => 'organization_unit', 'L' => 'city', 'ST' => 'state', 'C' => 'country', -); +; + +sub subj_col { + \%subj; +} sub subj { my $self = shift; @@ -298,9 +303,30 @@ sub generate_csr { $self->csr($csr); } -#sub check_csr { -# my $self = shift; -#} +sub check_csr { + my $self = shift; + + my $in = $self->csr; + + run( [qw( openssl req -subject -noout ), ], + '<'=>\$in, + '>pipe'=>\*OUT, '2>'=>'/dev/null' + ) + ;#or die "error running openssl: $!"; + + #subject=/CN=cn.example.com/ST=AK/O=Tofuy/OU=Soybean dept./C=US/L=Tofutown + my $line = ; + $line =~ /^subject=\/(.*)$/ or return (); + my $subj = $1; + + map { if ( /^\s*(\w+)=\s*(.*)\s*$/ ) { + ($1=>$2); + } else { + (); + } + } + split('/', $subj); +} sub generate_selfsigned { my $self = shift; @@ -319,8 +345,8 @@ sub generate_selfsigned { ) or die "error running openssl: $!"; #XXX error checking - my $csr = join('', ); - $self->certificate($csr); + my $certificate = join('', ); + $self->certificate($certificate); } #openssl x509 -in cert -noout -subject -issuer -dates -serial @@ -330,10 +356,13 @@ sub generate_selfsigned { #notAfter=Nov 6 05:07:42 2012 GMT #serial=B1DBF1A799EF207B -sub check_certificate { - my $self = shift; +sub check_certificate { shift->check_x509('certificate'); } +sub check_cacert { shift->check_x509('cacert'); } - my $in = $self->certificate; +sub check_x509 { + my( $self, $field ) = ( shift, shift ); + + my $in = $self->$field; run( [qw( openssl x509 -noout -subject -issuer -dates -serial )], '<'=>\$in, '>pipe'=>\*OUT, '2>'=>'/dev/null' @@ -343,11 +372,25 @@ sub check_certificate { my %hash = (); while () { - warn $_; /^\s*(\w+)=\s*(.*)\s*$/ or next; $hash{$1} = $2; } + for my $f (qw( subject issuer )) { + + $hash{$f} = { map { if ( /^\s*(\w+)=\s*(.*)\s*$/ ) { + ($1=>$2); + } else { + (); + } + } + split('/', $hash{$f}) + }; + + } + + $hash{'selfsigned'} = 1 if $hash{'subject'}->{'O'} eq $hash{'issuer'}->{'O'}; + %hash; }