From b5a638bdabe5058ad5c416cf67449152587857fe Mon Sep 17 00:00:00 2001
From: root <root@www.cacert.org>
Date: Wed, 28 Feb 2007 17:22:35 +0000
Subject: [PATCH] Moved to new CommModule

---
 scripts/gpgcerts.php    |  73 +-----------
 scripts/servercerts.php | 250 +---------------------------------------
 2 files changed, 2 insertions(+), 321 deletions(-)

diff --git a/scripts/gpgcerts.php b/scripts/gpgcerts.php
index 84c9eab..93ee4b3 100755
--- a/scripts/gpgcerts.php
+++ b/scripts/gpgcerts.php
@@ -1,72 +1 @@
-#!/usr/bin/php -q
-<? /*
-    Copyright (C) 2004 by Duane Groth <duane_at_CAcert_dot_org>
-
-    This file is part of CAcert.
-
-    CAcert has been released under a CAcert Source License
-    which can be found included with these source files or can
-    be downloaded from the internet from the following address:
-    http://www.cacert.org/src-lic.php
-
-    CAcert is distributed WITHOUT ANY WARRANTY; without even
-    the implied warranty of MERCHANTABILITY or FITNESS FOR A
-    PARTICULAR PURPOSE.  See the License for more details.
-*/
-	include_once("../includes/mysql.php");
-
-        $lck = fopen('/tmp/GPGlock', 'w');
-        while(flock($lck, LOCK_EX) < 0)
-                sleep(rand(100000,200000));
-
-	$query = "select * from `gpg` where `crt`=''";
-	$res = mysql_query($query);
-	while($row = mysql_fetch_assoc($res))
-	{
-		$row['crt'] = "../crt/gpg-".$row['id'].".crt";
-
-		$do = `gpg --homedir /root/.gnupg --import $row[csr] 2>&1`;
-
-		$extras = "";
-		if($row['multiple'] == 1)
-			$extras .= " echo \"y\";";
-		if($row['expires'] == 1)
-			$extras .= " echo \"n\";";
-
-		$do = `( $extras echo "365"; echo "y"; echo "2"; echo "y")|gpg --default-key gpg@cacert.org --homedir /root/.gnupg --batch --no-tty --command-fd 0 \
-					--status-fd 1 --cert-policy-url http://www.cacert.org/index.php?id=10 \
-					--ask-cert-expire --sign-key $row[email] 2>&1`;
-		$do = `gpg --homedir /root/.gnupg --export --armor $row[email] > $row[crt]`;
-		$do = `gpg --homedir /root/.gnupg --batch --yes --delete-key $row[email] 2>&1`;
-
-		$user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='$row[memid]'"));
-		if($user['language'] != "")
-		{
-			$userlang = $user['language'];
-			putenv("LANG=".$_SESSION['_config']['translations'][$userlang]);
-			setlocale(LC_ALL, $_SESSION['_config']['translations'][$userlang]);     
-		} else {
-			putenv("LANG=en_AU");
-			setlocale(LC_ALL, "en_AU");
-		}
-		if(filesize($row['crt']) > 0)
-		{
-			$query = "update `gpg` set `crt`='$row[crt]', `issued`=NOW(), `expire`=FROM_UNIXTIME(UNIX_TIMESTAMP(NOW()) + 31536000) where `id`='".$row['id']."'";
-			mysql_query($query);
-			$body = _("Hi")." $user[fname],\n\n";
-			$body .= sprintf(_("Your CAcert signed key for %s is available online at:")."\n\n", $row['email']);
-			$body .= "https://www.cacert.org/gpg.php?id=3&cert=$row[id]\n\n";
-			$body .= _("To help improve the trust of CAcert in general, it's appreciated if you could also sign our key and upload it to a key server. Below is a copy of our primary key details:")."\n\n";
-			$body .= "pub 1024D/65D0FD58 2003-07-11 CA Cert Signing Authority (Root CA) <gpg@cacert.org>\n";
-			$body .= "Key fingerprint = A31D 4F81 EF4E BD07 B456 FA04 D2BB 0D01 65D0 FD58\n\n";
-			$body .= _("Best regards")."\n"._("CAcert.org Support!")."\n\n";
-			sendmail($user[email], "[CAcert.org] Your GPG/PGP Key", $body, "support@cacert.org", "", "", "CAcert Support");
-		} else {
-			$query = "delete from `gpg` where `id`='".$row['id']."'";
-			mysql_query($query);
-		}
-	}
-
-        flock($lck, LOCK_UN);
-        fclose($lck);
-?>
+<? sleep(3); ?>
diff --git a/scripts/servercerts.php b/scripts/servercerts.php
index 3f565ad..44f7bac 100755
--- a/scripts/servercerts.php
+++ b/scripts/servercerts.php
@@ -1,249 +1 @@
-#!/usr/bin/php -q
-<? /*
-    Copyright (C) 2004 by Duane Groth <duane_at_CAcert_dot_org>
-
-    This file is part of CAcert.
-
-    CAcert has been released under a CAcert Source License
-    which can be found included with these source files or can
-    be downloaded from the internet from the following address:
-    http://www.cacert.org/src-lic.php
-
-    CAcert is distributed WITHOUT ANY WARRANTY; without even
-    the implied warranty of MERCHANTABILITY or FITNESS FOR A
-    PARTICULAR PURPOSE.  See the License for more details.
-*/
-
-	$lck = fopen('/tmp/SslLock', 'w');
-	while(flock($lck, LOCK_EX) < 0)
-		sleep(rand(100000,200000));
-
-	$monarr = array("Jan" => 1, "Feb" => 2, "Mar" => 3, "Apr" => 4, "May" => 5, "Jun" => 6,
-		"Jul" => 7, "Aug" => 8, "Sep" => 9, "Oct" => 10, "Nov" => 11, "Dec" => 12);
-
-	include_once("../includes/mysql.php");
-
-	$query = "select * from `domaincerts` where `crt_name`=''";
-	$res = mysql_query($query);
-	while($row = mysql_fetch_assoc($res))
-	{
-		$query = "select * from `domains`,`users` where `domains`.`id`='".$row['domid']."' and
-				`users`.`id`=`domains`.`memid`";
-		$user = mysql_fetch_assoc(mysql_query($query));
-
-		if($user['language'] != "")
-		{
-			$userlang = $user['language'];
-			putenv("LANG=".$_SESSION['_config']['translations'][$userlang]);
-			setlocale(LC_ALL, $_SESSION['_config']['translations'][$userlang]);
-		} else {
-			putenv("LANG=en_AU");
-			setlocale(LC_ALL, "en_AU");
-		}
-
-		$days = 180;
-
-		if(intval($user['memid']) > 0)
-		{
-			$drow = mysql_fetch_assoc(mysql_query("select sum(`points`) as `total` from `notary`
-					where `to`='".$user['memid']."' group by `to`"));
-			if($drow['total'] >= 50)
-				$days = 730;
-		}
-
-		$row['crt_name'] = "../crt/server-".$row['id'].".crt";
-		$row['csr_name'] = "../..".$row['csr_name'];
-
-		$tmpname = tempnam("/tmp", "servercert");
-
-		// MAKE SURE ALL VARIABLES ARE RESET HERE!!!
-		$SAN = $newsubject = "";
-
-		$fp = fopen($tmpname, "w");
-		fputs($fp, "basicConstraints = critical, CA:FALSE\n");
-		fputs($fp, "extendedKeyUsage = clientAuth, serverAuth, nsSGC, msSGC\n");
-		fputs($fp, "keyUsage = digitalSignature, keyEncipherment\n");
-		fputs($fp, "authorityInfoAccess = OCSP;URI:http://ocsp.cacert.org\n");
-		$bits = explode("/", $row['subject']);
-		foreach($bits as $val)
-		{
-			$bit = explode("=", $val);
-			if($bit['0'] == "subjectAltName")
-			{
-				if($SAN != "")
-					$SAN .= ",";
-				$SAN .= trim($bit['1']);
-			} else {
-				$newsubject .= "/".$val;
-			}
-		}
-		if($SAN != "")
-			fputs($fp, "subjectAltName = $SAN\n");
-		fclose($fp);
-		$newsubject = str_replace("//", "/", $newsubject);
-
-		if($row['rootcert'] == 2)
-			$opensslcnf = "/etc/ssl/class3-server.cnf";
-		else
-			$opensslcnf = "/etc/ssl/openssl-server.cnf";
-
-		$do = `echo "/usr/bin/openssl ca -md $row[md] -config $opensslcnf -in $row[csr_name] -out $row[crt_name] -days $days -key test -batch -subj '$newsubject' -extfile '$tmpname'" >> /tmp/openssl.tmp`;
-		$do = `/usr/bin/openssl ca -md $row[md] -config $opensslcnf -in $row[csr_name] -out $row[crt_name] -days $days -key test -batch -subj '$newsubject' -extfile '$tmpname' 2>&1`;
-//		unlink($tmpname);
-		$dom = mysql_fetch_assoc(mysql_query("select * from `domains` where `id`='$row[domid]'"));
-		$user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='$dom[memid]'"));
-		if(filesize($row['crt_name']) > 0 && intval($user['id']) > 0)
-		{
-			$end = trim(`/usr/bin/openssl x509 -in '$row[crt_name]' -noout -enddate`);
-			$bits = explode("=", $end, 2);
-			$end = trim($bits[1]);
-
-			while(strstr($end, "  "))
-				$end = str_replace("  ", " ", $end);
-			$bits = explode(" ", $end);
-			$month = $bits['0'];
-			$month = $monarr[$month];
-			$day = $bits['1'];
-			$time = $bits['2'];
-			$year = $bits['3'];
-			$bits = explode(":", $time);
-			$hour = $bits['0'];
-			$min = $bits['1'];
-			$sec = $bits['2'];
-			$date = gmmktime($hour, $min, $sec, $month, $day, $year);
-			$cert = trim(`/usr/bin/openssl x509 -in $row[crt_name]`);
-			$bits = explode("=", trim(`/usr/bin/openssl x509 -serial -noout -in '$row[crt_name]'`), 2);
-			$serial = $bits['1'];
-			$query = "update `domaincerts` set `crt_name`='".$row['crt_name']."',
-					`modified`=FROM_UNIXTIME(UNIX_TIMESTAMP()),
-					`serial`='$serial', `expire`=FROM_UNIXTIME($date) where `id`='".$row['id']."'";
-			mysql_query($query);
-			$body = _("Hi")." ".$user['fname'].",\n\n";
-			$body .= sprintf(_("Below you will find your certificate for %s.")."\n\n", $row['CN']);
-			$body .= _("Best regards")."\n"._("CAcert.org Support!")."\n\n".$cert;
-			sendmail($user['email'], "[CAcert.org] "._("Server Certificate"), $body, "support@cacert.org", "", "", "CAcert Support");
-		} else {
-			$query = "delete from `domaincerts` where `id`='".$row['id']."'";
-			mysql_query($query);
-		}
-	}
-
-	$query = "select * from `domaincerts` where `revoked`='1970-01-01 10:00:01'";
-	$res = mysql_query($query);
-	while($row = mysql_fetch_assoc($res))
-	{
-		if($row['rootcert'] == 2)
-			$opensslcnf = "/etc/ssl/class3-server.cnf";
-		else
-			$opensslcnf = "/etc/ssl/openssl-server.cnf";
-
-		$do = `/usr/bin/openssl ca -md $row[md] -config $opensslcnf -key test -batch -revoke $row[crt_name] > /dev/null 2>&1`;
-		$do = `/usr/bin/openssl ca -md $row[md] -config $opensslcnf -key test -batch -gencrl -crldays 7 -crlexts crl_ext -out /tmp/cacert-revoke.crl > /dev/null 2>&1`;
-		$do = `/usr/bin/openssl crl -in /tmp/cacert-revoke.crl -outform DER -out ../www/revoke.crl > /dev/null 2>&1`;
-		$dom = mysql_fetch_assoc(mysql_query("select * from `domains` where `id`='".$row['domid']."'"));
-		$user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".$dom['memid']."'"));
-		if($user['language'] != "")
-		{
-			$userlang = $user['language'];
-			putenv("LANG=".$_SESSION['_config']['translations'][$userlang]);
-			setlocale(LC_ALL, $_SESSION['_config']['translations'][$userlang]);     
-		} else {
-			putenv("LANG=en_AU");
-			setlocale(LC_ALL, "en_AU");
-		}
-		mysql_query("update `domaincerts` set `revoked`=FROM_UNIXTIME(UNIX_TIMESTAMP()) where `id`='".$row['id']."'");
-		$body = _("Hi")." ".$user['fname'].",\n\n";
-		$body .= sprintf(_("Your certificate for %s has been revoked, as per request.")."\n\n", $row['CN']);
-		$body .= _("Best regards")."\n"._("CAcert.org Support!");
-		sendmail($user['email'], "[CAcert.org] ".sprintf(_("Certificate for %s has been revoked"), $row['CN']), $body, "support@cacert.org", "", "", "CAcert Support");
-	}
-
-	$query = "select * from `orgdomaincerts` where `crt_name`=''";
-	$res = mysql_query($query);
-	while($row = mysql_fetch_assoc($res))
-	{
-		$row['crt_name'] = "../crt/orgserver-".$row['id'].".crt";
-		$days = 730;
-		$row['csr_name'] = "../../".$row['csr_name'];
-		$tmpname = tempnam("/tmp", "serverorgcert");
-		$newsubject = "";
-		$fp = fopen($tmpname, "w");
-		fputs($fp, "basicConstraints = critical, CA:FALSE\n");
-		fputs($fp, "extendedKeyUsage = clientAuth, serverAuth, nsSGC, msSGC\n");
-		fputs($fp, "keyUsage = digitalSignature, keyEncipherment\n");
-		fputs($fp, "authorityInfoAccess = OCSP;URI:http://ocsp.cacert.org\n");
-		$bits = explode("/", $row['subject']);
-		foreach($bits as $val)
-		{
-			$bit = explode("=", $val);
-			if($bit['0'] == "subjectAltName")
-			{
-				if($SAN != "")
-					$SAN .= ", ";
-				$SAN .= trim($bit['1']);
-			} else if($bit['0'] != "") {
-				$newsubject .= "/$val";
-			}
-		}
-		if($SAN != "")
-			fputs($fp, "subjectAltName = $SAN\n");
-		fclose($fp);
-		$newsubject = str_replace("//", "/", $newsubject);
-
-		if($row['rootcert'] == 2)
-			$opensslcnf = "/etc/ssl/class3-server-org.cnf";
-		else
-			$opensslcnf = "/etc/ssl/openssl-server-org.cnf";
-
-		$do = `echo "/usr/bin/openssl ca -md $row[md] -config $opensslcnf -in $row[csr_name] -out $row[crt_name] -days $days -key test -batch -subj '$newsubject' -extfile '$tmpname'" >> /tmp/openssl.tmp`;
-		$do = `/usr/bin/openssl ca -md $row[md] -config $opensslcnf -in $row[csr_name] -out $row[crt_name] -days $days -key test -batch -subj '$newsubject' -extfile '$tmpname' > /dev/null 2>&1`;
-//		unlink($tmpname);
-		if(filesize($row['crt_name']) > 0)
-		{
-			$end = trim(`/usr/bin/openssl x509 -in $row[crt_name] -noout -enddate`);
-			$bits = explode("=", $end, 2);
-			$end = trim($bits[1]);
-
-			while(strstr($end, "  "))
-				$end = str_replace("  ", " ", $end);
-			$bits = explode(" ", $end);
-			$month = $bits[0];
-			$month = $monarr[$month];
-			$day = $bits[1];
-			$time = $bits[2];
-			$year = $bits[3];
-			$bits = explode(":", $time);
-			$hour = $bits[0];
-			$min = $bits[1];
-			$sec = $bits[2];
-			$date = gmmktime($hour, $min, $sec, $month, $day, $year);
-			$cert = trim(`/usr/bin/openssl x509 -in $row[crt_name]`);
-			$bits = explode("=", trim(`/usr/bin/openssl x509 -serial -noout -in $row[crt_name]`), 2);
-			$serial = $bits[1];
-			$query = "update `orgdomaincerts` set `crt_name`='$row[crt_name]', `modified`=FROM_UNIXTIME(UNIX_TIMESTAMP()),
-					`serial`='$serial', `expire`=FROM_UNIXTIME($date) where `id`='".$row['id']."'";
-			mysql_query($query);
-		} else {
-			$query = "delete from `orgdomaincerts` where `id`='".$row['id']."'";
-			mysql_query($query);
-		}
-	}
-
-	$query = "select * from `orgdomaincerts` where `revoked`='1970-01-01 10:00:01'";
-	$res = mysql_query($query);
-	while($row = mysql_fetch_assoc($res))
-	{
-		if($row['rootcert'] == 2)
-			$opensslcnf = "/etc/ssl/class3-server-org.cnf";
-		else
-			$opensslcnf = "/etc/ssl/openssl-server-org.cnf";
-
-		$do = `/usr/bin/openssl ca -md $row[md] -config $opensslcnf -key test -batch -revoke $row[crt_name] > /dev/null 2>&1`;
-		$do = `/usr/bin/openssl ca -md $row[md] -config $opensslcnf -key test -batch -gencrl -crldays 7 -crlexts crl_ext -out /tmp/cacert-revoke.crl > /dev/null 2>&1`;
-		$do = `/usr/bin/openssl crl -in /tmp/cacert-revoke.crl -outform DER -out ../www/revoke.crl > /dev/null 2>&1`;
-		mysql_query("update `orgdomaincerts` set `revoked`=FROM_UNIXTIME(UNIX_TIMESTAMP()) where `id`='$row[id]'");
-	}
-
-	flock($lck, LOCK_UN);
-	fclose($lck);
-?>
+<? sleep(30); ?>