Hello,

I found something within the lib/openca/cmds

    ## is there a signature?
    #$signature = libGetSignatureObject (OBJECT => $request);
    #if (not $signature) {
    #    print addPreLogLine ("<FONT COLOR=#FF0000>".
    #            i18nGettext (
        #          "CSR __CSR_SERIAL__ ignored because there is no signature.",
        #          "__CSR_SERIAL__", $request->getSerial()).
    #            "</FONT>");
    #    next;
    #}

    ## check the signature
    #if (not libCheckSignature (OBJECT => $request, SIGNATURE => $signature)) {
    #    print addPreLogLine ("<FONT COLOR=#FF0000>".
    #            i18nGettext (
        #          "CSR __CSR_SERIAL__ ignored because the verification of the 
signature fails. Error: __ERRNO__.",
        #          "__ERRNO__", $errno,
        #          "__CSR_SERIAL__", $request->getSerial()).
    #            "<br>\n$errval".
    #            "</FONT>");
    #    next;
    #}

    ##// load the signer's cert
    #$operator_cert = libGetSignerCertificateDB (SIGNATURE => $signature);
    #if (not $operator_cert) {
    #    print addPreLogLine ("<FONT COLOR=#FF0000>".
    #            i18nGettext (
    #              "CSR __CSR_SERIAL__ ignored because the signer's certificate 
is not loadable.",
        #          "__CSR_SERIAL__", $request->getSerial()).
    #            "</FONT>");
    #    next;
    #}

    ## check role of signer
    #if ($operator_cert->getParsed()->{HEADER}->{ROLE} !~ /^$operator$/) {
    #    print addPreLogLine ("<FONT COLOR=#FF0000>".
    #            i18nGettext (
    #              "CSR __CSR_SERIAL__ ignored because the signer's role is 
__ROLE__.",
        #          "__CSR_SERIAL__", $request->getSerial(),
    #              "__ROLE__", $operator_cert->getParsed()->{HEADER}->{ROLE}).
    #            "</FONT>");
    #    next;
    #}

As you can see the checks have been deactivated but the approved requests are 
still not handled by the batc processing.
So my question is what has to be done to issue certificates with the batch 
processing.

The output when starting the batch processing to issue certificates is:
Operator's role ... NOS Box
Requested role ... NOS Box
Running batch processor ...Batch processor finished


So the code that is executed is:
use strict;

sub cmdBpIssueCertificate {

    our ($db, $query, $errno, $errval, $cryptoShell);

    ## get the parameters
    ## Get the parameters
    my $operator = $query->param('operator');
    my $role     = $query->param('role');
    my $chainDir = getRequired('ChainDir');

    my ($request, $operator_cert, $operator_serial, $signature, $role_sig, 
$cert);

    configError ("The operator role must be specified") if (not $operator);
    configError ("The requested role must be specified") if (not $role);
    generalError ($errval, $errno) if (not crypto_get_ca_token ());

    print startLogPage (gettext ("Issue Certificate Batch Processor"));

    print addLogSection (gettext ("Operator's role ... "));
    print addLogLine    ($operator);
    print closeLogSection ();

    print addLogSection (gettext ("Requested role ... "));
    print addLogLine    ($role);
    print closeLogSection ();

    print addLogSection (gettext ("Running batch processor ..."));

    my $tempDir = getRequired ('TempDir');

    ## loop
    ## there can never be a request 0
    my $key = 0;
    while ($request = $db->getNextItem(DATATYPE => "APPROVED_REQUEST", KEY => 
$key)) {

    $key = $request->getSerial();

    ## check the requsted role
    if ($request->getParsed()->{HEADER}->{ROLE} !~ /^$role$/) {
        print addPreLogLine (
                i18nGettext (
                  "CSR __CSR_SERIAL__ ignored because the requested role is 
__ROLE__.",
                  "__CSR_SERIAL__", $request->getSerial(),
                  "__ROLE__", $request->getParsed()->{HEADER}->{ROLE}));
        next;
    }
    ## issue certificate
    $cert = libIssueCertificate (KEY      => $request->getSerial(),
                    DATATYPE => "APPROVED_REQUEST");
    if (not $cert) {
        print addPreLogLine ("<FONT COLOR=#FF0000>".
                i18nGettext ("CSR __CSR_SERIAL__ failed.", "__CSR_SERIAL__", 
$request->getSerial()).
                "<br>\n".
                i18nGettext ("Errorcode: __ERRNO__.", "__ERRNO__", $errno).
                "<br>\n".
                i18nGettext ("Errormessage: __ERRVAL__.", "__ERRVAL__", 
$errval).
                "</FONT>");
    } else {
        print addPreLogLine ("<FONT COLOR=#00FF00>".
                i18nGettext (
                  "Certificate __CERT_SERIAL__ issued from request 
__CSR_SERIAL__.",
                  "__CERT_SERIAL__", $cert->getSerial(),
                  "__CSR_SERIAL__", $request->getSerial()).
                "</FONT>");
    }

    }

    print addLogLine (gettext ("Batch processor finished"));
    print closeLogSection ();

    print closePage();

}


This works fine with OpenCA 1.0.2 and is not working with OpenCA 1.5.1 and the 
version of both files are the same.
Can someone help please?

                                          
------------------------------------------------------------------------------
Slashdot TV.  
Video for Nerds.  Stuff that matters.
http://tv.slashdot.org/
_______________________________________________
Openca-Users mailing list
Openca-Users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openca-users

Reply via email to