X-Git-Url: http://git.freeside.biz/gitweb/?p=freeside.git;a=blobdiff_plain;f=FS%2FFS%2Fsvc_cert.pm;h=b77ff521de14411a46a133b6e0fcf00ac35f006c;hp=08bb8c09442e839b59a812b3926b5fe965c674c7;hb=e50b6ec8d63afe4c04ae33384758d8786fcc7cfe;hpb=2d73473ce78c22160b618e93802a9551c9c77d69 diff --git a/FS/FS/svc_cert.pm b/FS/FS/svc_cert.pm index 08bb8c094..b77ff521d 100644 --- a/FS/FS/svc_cert.pm +++ b/FS/FS/svc_cert.pm @@ -2,6 +2,7 @@ package FS::svc_cert; use strict; use base qw( FS::svc_Common ); +use Tie::IxHash; #use FS::Record qw( qsearch qsearchs ); use FS::cust_svc; @@ -79,9 +80,9 @@ state country -=item contact +=item cert_contact -contact +contact email =back @@ -124,7 +125,7 @@ sub table_info { 'city' => { label=>'City', %dis, }, 'state' => { label=>'State', %dis, }, 'country' => { label=>'Country', %dis, }, - 'cert_contact' => { label=>'Contact', %dis, }, + 'cert_contact' => { label=>'Contact email', %dis, }, #'another_field' => { # 'label' => 'Description', @@ -213,7 +214,7 @@ sub check { || $self->ut_textn('city') || $self->ut_textn('state') || $self->ut_textn('country') #XXX char(2) or NULL - || $self->ut_textn('contact') + || $self->ut_textn('cert_contact') ; return $error if $error; @@ -251,14 +252,18 @@ sub check_privatekey { return ($ok =~ /key ok/); } -my %subj = ( +tie my %subj, 'Tie::IxHash', 'CN' => 'common_name', 'O' => 'organization', 'OU' => 'organization_unit', 'L' => 'city', 'ST' => 'state', 'C' => 'country', -); +; + +sub subj_col { + \%subj; +} sub subj { my $self = shift; @@ -271,14 +276,23 @@ sub subj { ); } -sub generate_csr { +sub _file { my $self = shift; - my $in = $self->privatekey; + my $field = shift; my $dir = $FS::UID::conf_dir. "/cache.". $FS::UID::datasrc; #XXX actual cache dir my $fh = new File::Temp( - TEMPLATE => 'certkey.'. '.XXXXXXXX', + TEMPLATE => 'cert.'. '.XXXXXXXX', DIR => $dir, ) or die "can't open temp file: $!\n"; + print $fh $self->$field; + close $fh; + $fh; +} + +sub generate_csr { + my $self = shift; + + my $fh = $self->_file('privatekey'); run( [qw( openssl req -new -key ), $fh->filename, '-subj', $self->subj ], '>pipe'=>\*OUT, '2>'=>'/dev/null' @@ -289,6 +303,76 @@ sub generate_csr { $self->csr($csr); } +#sub check_csr { +# my $self = shift; +#} + +sub generate_selfsigned { + my $self = shift; + + my $days = 730; + + my $key = $self->_file('privatekey'); + my $csr = $self->_file('csr'); + + run( [qw( openssl req -x509 -nodes ), + '-days' => $days, + '-key' => $key->filename, + '-in' => $csr->filename, + ], + '>pipe'=>\*OUT, '2>'=>'/dev/null' + ) + or die "error running openssl: $!"; + #XXX error checking + my $csr = join('', ); + $self->certificate($csr); +} + +#openssl x509 -in cert -noout -subject -issuer -dates -serial +#subject= /CN=cn.example.com/ST=AK/O=Tofuy/OU=Soybean dept./C=US/L=Tofutown +#issuer= /CN=cn.example.com/ST=AK/O=Tofuy/OU=Soybean dept./C=US/L=Tofutown +#notBefore=Nov 7 05:07:42 2010 GMT +#notAfter=Nov 6 05:07:42 2012 GMT +#serial=B1DBF1A799EF207B + +sub check_certificate { shift->check_x509('certificate'); } +sub check_cacert { shift->check_x509('cacert'); } + +sub check_x509 { + my( $self, $field ) = ( shift, shift ); + + my $in = $self->$field; + run( [qw( openssl x509 -noout -subject -issuer -dates -serial )], + '<'=>\$in, + '>pipe'=>\*OUT, '2>'=>'/dev/null' + ) + or die "error running openssl: $!"; + #XXX error checking + + my %hash = (); + while () { + /^\s*(\w+)=\s*(.*)\s*$/ or next; + $hash{$1} = $2; + } + + for my $f (qw( subject issuer )) { + + $hash{$f} = { map { if ( /^\s*(\w+)=\s*(.*)\s*$/ ) { + ($1=>$2); + } else { + (''=>''); + } + } + split('/', $hash{$f}) + }; + + } + + $hash{'selfsigned'} = 1 if $hash{'subject'}->{'O'} eq $hash{'issuer'}->{'O'}; + + %hash; +} + =back =head1 BUGS