cacert/cacert-webdb
9
0
Fork 0
Code Issues Pull requests 3 Projects Releases 4 Wiki Activity

http://bugs.cacert.org/view.php?id=796

Browse source
This commit is contained in:
Philipp Dunkel 2009-12-15 22:18:56 +00:00
parent 036ed5b131
commit 1d22e387c4
1 changed files with 101 additions and 48 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

149
CommModule/client.pl
View file

@ -65,14 +65,19 @@ my %monarr = ("Jan" => 1, "Feb" => 2, "Mar" => 3, "Apr" => 4, "May" => 5, "Jun"
my $password="";
if(open IN,"<$mysqlphp")
{
my $content="";
my $content="";
undef $/;
$content=<IN>;
$password=$1 if($content=~m/mysql_connect\("[^"]+",\s*"\w+",\s*"(\w+)"/);
$password=$1 if($content=~m/mysql_connect\s*\("[^"]+",\s*"\w+",\s*"(\w+)"/);
close IN;
$/="\n";
}
else
{
die "Could not read file: $!\n";
}
my $dbh = DBI->connect("DBI:mysql:cacert:localhost","cacert",$password, { RaiseError => 1, AutoCommit => 1 }) || die ("Error with the database connection.\n");
@ -88,13 +93,6 @@ sub readfile($)
}
#mkdir "revokehashes";
foreach (keys %revokefile)
{
my $revokehash=sha1_hex(readfile($revokefile{$_}));
print "Root $_: Hash $revokefile{$_} = $revokehash\n";
}
#Logging functions:
my $lastdate = "";
@ -125,6 +123,15 @@ die $_[0];
my $timestamp=strftime("%Y-%m-%d %H:%M:%S",localtime);
#mkdir "revokehashes";
foreach (keys %revokefile)
{
next unless (-f $revokefile{$_});
my $revokehash=sha1_hex(readfile($revokefile{$_}));
SysLog "Root $_: Hash $revokefile{$_} = $revokehash";
}
sub mysql_query($)
{
@ -364,7 +371,7 @@ my $tries=100000;
while(!$blockfinished)
{
Error("Tried reading too often\n") if(($tries--)<=0);
print ("tries: $tries\n") if(!($tries%10));
# SysLog ("tries: $tries") if(!($tries%10));
$data="";
if(!scalar($sel->can_read(5)))
@ -487,10 +494,11 @@ sub X509extractExpiryDate($)
sub CRLuptodate($)
{
# TIMEZONE ?!?
my $data=`$opensslbin crl -in "$_[0]" -noout -lastupdate`; #inform=der ?
return 0 unless(-f $_[0]);
my $data=`$opensslbin crl -in "$_[0]" -noout -lastupdate -inform der`;
SysLog "CRL: $data";
#lastUpdate=Aug 8 10:26:34 2007 GMT
# Is the timezone handled properly?
if($data=~m/lastUpdate=(\w{2,4}) *(\d{1,2}) *(\d{1,2}:\d{1,2}:\d{1,2}) (\d{4}) GMT/)
{
my $date=sprintf("%04d-%02d-%02d",$4,$monarr{$1},$2);
@ -506,6 +514,7 @@ sub CRLuptodate($)
return 0;
}
sub X509extractSerialNumber($)
{
# TIMEZONE ?!?
@ -697,7 +706,9 @@ sub sendmail($$$$$$$)
{
print $smtp "Content-Type: text/plain; charset=\"utf-8\"\r\n";
print $smtp "Content-Transfer-Encoding: 8bit\r\n";
} else {
}
else
{
print $smtp "Content-Type: text/plain; charset=\"iso-8859-1\"\r\n";
print $smtp "Content-Transfer-Encoding: quoted-printable\r\n";
print $smtp "Content-Disposition: inline\r\n";
@ -882,8 +893,9 @@ sub HandleCerts($$)
$body .= "Root cert fingerprint = 135C EC36 F49C B8E9 3B1A B270 CD80 8846 76CE 8F33\n\n";
$body .= _("Best regards")."\n"._("CAcert.org Support!")."\n\n";
sendmail($user{email}, "[CAcert.org] "._("Your certificate"), $body, "support\@cacert.org", "", "", "CAcert Support");
} else {
}
else
{
SysLog("Could not find the issued certificate. $crtname ".$row{"id"}."\n");
$dbh->do("update `$table` set warning=warning+1 where `id`='".$row{'id'}."'");
}
@ -891,6 +903,75 @@ sub HandleCerts($$)
}
sub DoCRL($$)
{
my $crl=$_[0];
my $crlname=$_[1];
if(length($crl))
{
if($crl=~m/^-----BEGIN X509 CRL-----/)
{
open OUT,">$crlname.pem";
print OUT $crl;
close OUT;
system "$opensslbin crl -in $crlname.pem -outform der -out $crlname.tmp";
}
else
{
open OUT,">$crlname.patch";
print OUT $crl;
close OUT;
my $res=system "xdelta patch $crlname.patch $crlname $crlname.tmp";
#print "xdelta res: $res\n";
if($res==512)
{
open OUT,">$crlname.tmp";
print OUT $crl;
close OUT;
}
}
my $res=`openssl crl -verify -in $crlname.tmp -inform der -noout 2>&1`;
SysLog "verify: $res";
if($res=~m/verify OK/)
{
rename "$crlname.tmp","$crlname";
}
else
{
SysLog "VERIFICATION OF NEW CRL DID NOT SUCCEED! PLEASE REPAIR!";
SysLog "Broken CRL is available as $crlname.tmp\n";
#Override for testing:
rename "$crlname.tmp","$crlname";
}
return 1;
}
else
{
SysLog("RECEIVED AN EMPTY CRL!\n");
}
return 0;
}
sub RefreshCRLs()
{
foreach my $rootcert (keys %revokefile)
{
if(!CRLuptodate($revokefile{$rootcert}))
{
SysLog "Update of the CRL $rootcert is necessary!\n";
my $crlname = $revokefile{$rootcert};
my $revokehash=sha1_hex(readfile($crlname));
my $crl=Request($ver,2,1,$rootcert-1,0,0,365,0,"","",$revokehash);
#print "Received ".length($crl)." ".hexdump($crl)."\n";
DoCRL($crl,$crlname);
}
}
}
sub RevokeCerts($$)
{
my $org=$_[0]?"org":"";
@ -931,38 +1012,9 @@ sub RevokeCerts($$)
my $revokehash=sha1_hex(readfile($crlname));
my $crl=Request($ver,2,1,$row{'rootcert'}-1,0,0,365,0,$content,"",$revokehash);
if(length($crl))
{
if(1)
{
open OUT,">$crlname.patch";
print OUT $crl;
close OUT;
system "xdelta patch $crlname.patch $crlname $crlname.tmp";
my $result=DoCRL($crl,$crlname);
}
#if($crl=~m/^-----BEGIN X509 CRL-----/)
#{
# open OUT,">$crlname.pem";
# print OUT $crl;
# close OUT;
# system "$opensslbin crl -in $crlname.pem -outform der -out $crlname.tmp";
#}
#else
#{
# open OUT,">$crlname.tmp";
# print OUT $crl;
# close OUT;
#}
#
#
#!!! We should verify the CRL format and validity here, before we rename it.
#
rename "$crlname.tmp","$crlname";
}
if(-s $crlname)
if($result)
{
setUsersLanguage($row{memid});
@ -990,7 +1042,6 @@ sub RevokeCerts($$)
sub HandleGPG()
{
my $sth = $dbh->prepare("select * from gpg where crt='' and csr!='' ");
@ -1082,6 +1133,8 @@ while(1)
RevokeCerts(1,0); #org client certs
RevokeCerts(1,1); #org server certs
RefreshCRLs();
#print "Sign Request X.509, Root0\n";
#my $reqcontent="";
#Request($ver,1,1,0,5,2,365,0,$reqcontent,"","/CN=supertest.cacert.at");