[OpenCA-Devel] importCACert

Julio Sanchez Fernandez Fri, 19 Oct 2001 07:30:33 -0700


It seems there is an option to send a CSR for the CA to a higher level
CA, but I did not find how to install the returned certificate.


The attached patch provides a rough implementation.

Julio

Index: openca-0.9/src/cgi-bin/cgi-ca/cmds/Makefile
===================================================================
RCS file: /cvsroot/openca/openca-0.9/src/cgi-bin/cgi-ca/cmds/Makefile,v
retrieving revision 1.1
diff -u -u -r1.1 Makefile
--- openca-0.9/src/cgi-bin/cgi-ca/cmds/Makefile 2001/09/13 16:56:42     1.1
+++ openca-0.9/src/cgi-bin/cgi-ca/cmds/Makefile 2001/10/19 14:52:17
@@ -38,6 +38,7 @@
        genCRL                  \
        genSKey                 \
        importAll               \
+       importCACert            \
        importCRR               \
        importConfig            \
        importReqs              \
Index: openca-0.9/src/htdocs/htdocs-ca/init.html.in
===================================================================
RCS file: /cvsroot/openca/openca-0.9/src/htdocs/htdocs-ca/init.html.in,v
retrieving revision 1.1
diff -u -u -r1.1 init.html.in
--- openca-0.9/src/htdocs/htdocs-ca/init.html.in        2001/09/05 13:41:09     1.1
+++ openca-0.9/src/htdocs/htdocs-ca/init.html.in        2001/10/19 14:52:17
@@ -58,7 +58,7 @@
 CA certificate</a>;</font></tt></li>
 
 <li>
-<tt><font color="#999999">Import CA certificate ( approved by Root CA 
);</font></tt></li>
+<tt><font color="#999999"><a href="@ca_cgi_url_prefix2/ca?cmd=importCACert">Import CA 
+certificate ( approved by Root CA )</a>;</font></tt></li>
 
 <li>
 <tt><font color="#999999"><a href="@ca_cgi_url_prefix@/ca?cmd=rebuildChain">Rebuild 
CA Chain</a>;</font></tt></li>
--- openca-0.9/src/cgi-bin/cgi-ca/cmds/importCACert.none        Fri Oct 19 16:49:55 
2001
+++ openca-0.9/src/cgi-bin/cgi-ca/cmds/importCACert     Fri Sep 28 10:15:52 2001
@@ -0,0 +1,96 @@
+
+## OpenCA - CA Command
+## (c) 2001 by OpenCA Group
+##
+##   File Name: importCACert
+##       Brief: Imports CA Certificate
+## Description: Imports Signed CA Certificate from parent CA
+##  Parameters: none
+## Cfg Keyword: UnpackArchive, ImportDev, opencadir
+
+my $cmdName = "importCACert";
+
+if ( $cmd !~ /$cmdName/i ) {
+        configError( "Wrong Command Usage ($cmd over $cmdName)!" );
+        exit 1;
+}
+
+## To import the CA certificate we use the same import device as the
+## one used for the certificates (is there any reason for not doing so ?)
+## Get required parameters from the configuration file
+my $cmd        = getRequired( 'UnpackArchive' );
+my $orig       = getRequired( 'ImportDev' );
+my $opencaDir  = getRequired( 'opencadir' );
+my $makeCmd    = getRequired( 'MakePath');
+
+## Build the right $arc with substitution of the $dest
+## with the 'ExportDest' and in 'TestArchive'
+$arc           = $query->subVar( $arc, '$dest', $dest );
+$test          = $query->subVar( $test, '$dest', $dest );
+
+## Other reserved variables
+my $cacertFile         = "$opencaDir/cacert.pem";
+my $cacertDER  = "$opencaDir/cacert.der";
+
+print startLogPage("Importing CA Certificate");
+$cmd = $query->subVar( $cmd, '$orig', $orig );
+$cmd = $query->subVar( $cmd, '$dest', $opencaDir );
+
+## If there is already a cacertfile, than we should move it to .old
+if ( -e "$cacertFile" ) {
+       $tools->moveFiles( SRC=>"$cacertFile",
+                          DEST=>"$opencaDir/private/cacert_${$}.pem");
+       $msg = "Old certificate file is (private/cacert_${$}.pem)";
+}
+
+unlink( "$cacertDER" ) if ( -e "$cacertDER" );
+
+print addLogSection("Importing Requests ... ");
+my $ret = `$cmd 2>&1`;
+if( $? != 0 ) {
+       print addErrorLog( "Importing CA Certificate Failed from $orig!" );
+       closePage();
+       exit;
+} 
+print addLogLine("Ok.");
+print addPreLogLine( $ret );
+print closeLogSection();
+
+print addLogSection("Importing CA Certificate to dB ... ");
+
+$cryptoShell->dataConvert( DATATYPE=>CERTIFICATE,
+                          INFILE=>$cacertFile,
+                          OUTFILE=>$cacertDER,
+                          OUTFORM=>DER );
+
+configError( "<BR>Error (1) while convertig certificate<BR>" ) if( $? != 0 );
+
+$crt = new OpenCA::X509( SHELL=>$cryptoShell, INFILE=>"$cacertFile" );
+if( not $crt ) {
+       configError( "<BR>Error while loading CA certificate" .
+                    " ($cacertFile)." );
+} else {
+       ## Let's link to the stuff dir
+       $tools->copyFiles ( SRC=>"$cacertFile",
+                           DEST=>"$opencaDir/stuff/cacert.pem");
+
+       ## Let's link to the chain dir
+       $tools->copyFiles ( SRC=>"$cacertFile",
+                           DEST=>"$opencaDir/chain/cacert.crt");
+
+       ## Let's make the links for chain verification
+       $ret = `cd ${opencaDir}/chain; $makeCmd`;
+
+       if ( not $db->storeItem( DATATYPE=>"VALID_CA_CERTIFICATE",
+                                OBJECT=>$crt)) {
+               configError ("Error while storing CA cert to dB!");
+       }
+}
+
+print addLogLine( "Ok." );
+print $crt->getTXT();
+print addPreLogLine( $ret );
+print closeLogSection();
+closePage();
+
+1;


_______________________________________________
OpenCA-Devel mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/openca-devel

[OpenCA-Devel] importCACert

Reply via email to