Miroslav Hrad schrieb:
>
> On Tue, 5 Feb 2002, Michael Bell wrote:
> > more complete cut&paste:
> > ----------------------------------------------------------------
> > $count = 0;
> >
> > ## If $count is 0 at the end, then it is a searchList
> > foreach( $self->getSearchAttributes( $dataType )) {
> > $count++ if( exists $keys->{$_} );
> > }
> >
> > if( $count == 0 ) {
> > push (@retList, $self->listItems(DATATYPE=>$dataType));
> > } else {
> > ....
> > ----------------------------------------------------------------
> > If something fails then it is listItems.
> >.....
> > Michael
> >
>
> I'm sorry I think that no SERIAL number is going into function listItems.
> Then listItems returns correctly list (array) of all certificates to function
>searchItems. Finally in 'confirm_revreq' the first certificate is taken and so
>SERIAL=01 (and everything from the Distinguished Name etc. is from the first
>certificate too).
The mistake was the USAGE of searchItems. The correct function is
getItem. I attached the fixed script from CVS. (DB.pm was fixed too but
the fix is not relevant for this problem.)
Michael
--
-------------------------------------------------------------------
Michael Bell Email (private): [EMAIL PROTECTED]
Rechenzentrum - Datacenter Email: [EMAIL PROTECTED]
Humboldt-University of Berlin Tel.: +49 (0)30-2093 2482
Unter den Linden 6 Fax: +49 (0)30-2093 2959
10099 Berlin
Germany [OpenCA Core Developer]
http://www.openca.org
## OpenCA - Public Web-Gateway Command
## (c) 1998-2001 by OpenCA Group
##
## File Name: new_ask4rev
## Brief: begin to revoke a certificate
## Description: get the certificate which should be revoked and prompt
## the user to a second ok
## Parameters: serial, crin, crin2, reason
use Digest::MD5;
print "Content-type: text/html\n\n";
if ( $cmd !~ /confirm_revreq/i ) {
configError( "Wrong Command Usage ($cmd over confirm_revreq)!" );
exit 1;
}
## Reserved variables
my ( $text, $cert, @search, $certTable, $md5, $certKey );
## Get required configuration parametes
my $basedoc = getRequired( "RevReqConfirmSheet" );
## To aprove a Request, we need it signed by the RA operator
my $beginHeader = "-----BEGIN HEADER-----";
my $endHeader = "-----END HEADER-----";
## Get the parameters
my $serial = $query->param('serial');
my $crin = $query->param('crin');
my $crin2 = $query->param('crin2');
my $reason = $query->param('reason');
## Check for equal crin codes
if ( $crin ne $crin2 ) {
configError( "CRIN codes are different, go back and check it." );
exit 1;
} else {
$md5 = new Digest::MD5;
$md5->add( $crin );
$crin = $md5->hexdigest();
}
## Strip html and \n\r code from reason
$reason =~ s/<[^\>]*>/ /g;
$reason =~ s/(\n|\r)/ /g;
$reason =~ s/^\s+//g;
$reason =~ s/[\s]+/ /g;
## Load base page
my $page = $query->getFile ( $basedoc );
## Get the certificate serial number of the submitter
my $sslCert =($ENV{'SSL_CLIENT_CERT_SERIAL'} or $ENV{'SSL_CLIENT_M_SERIAL'});
my $sslDn = $ENV{'SSL_CLIENT_S_DN'};
my $issuerDn = $ENV{'SSL_CLIENT_I_DN'};
$sslDn =~ s/^\///;
$sslDn =~ s/\/([^=]+)=/\, $1=/g;
$issuerDn =~ s/^\///;
$issuerDn =~ s/\/([^=]+)=/\, $1=/g;
if( $sslCert eq "" ) {
$sslCert = "n/a";
} else {
if ( length( $sslCert ) % 2 ) {
$sslCert = "0" . $sslCert;
}
}
## Try to get the corresponding certificate
$cert = $db->getItem( DATATYPE=>"CERTIFICATE", KEY=>"$serial");
if( not defined $cert or not $cert ) {
configError( "Cannot find requested certificate in db!");
exit 1;
}
$parsed = $cert->getParsed();
## MD5 of the certificate pubkey
$md5 = new Digest::MD5;
$md5->add( $parsed->{KEY} );
$certKey = $md5->hexdigest();
## Set Text to sign
$head = "$beginHeader\n";
$head .= "TYPE = CRR\n";
$head .= "SSL_CERT_SERIAL = $sslCert\n";
$head .= "SSL_CERT_DN = $sslDn\n";
$head .= "SSL_CERT_ISSUER = $issuerDn\n";
$head .= "$endHeader\n";
$text = "SERIAL = $$\n";
$text .= "SUBMIT_DATE = " . $tools->getDate() . "\n";
$text .= "CRIN = $crin\n";
$text .= "REVOKE_REASON = $reason\n";
$text .= "REVOKE_CERTIFICATE_DN = " . $parsed->{DN} . "\n";
$text .= "REVOKE_CERTIFICATE_NOTBEFORE = " . $parsed->{NOTBEFORE} . "\n";
$text .= "REVOKE_CERTIFICATE_NOTAFTER = " . $parsed->{NOTAFTER} . "\n";
$text .= "REVOKE_CERTIFICATE_SERIAL = " . $parsed->{SERIAL} . "\n";
$text .= "REVOKE_CERTIFICATE_ISSUER_DN = " . $parsed->{ISSUER} . "\n";
$text .= "REVOKE_CERTIFICATE_KEY_DIGEST = " . $parsed->{KEY_DIGEST} . "\n";
my $parsed = $cert->getParsed();
my $tmpIssuer = $parsed->{ISSUER};
my $tmpDN = $parsed->{DN};
my $tmpStatus = $status;
$tmpIssuer =~ s/\,\s*/<BR>\n/g;
$tmpDN =~ s/\,\s*/<BR>\n/g;
$certTable .= $query->startTable( COLS=>[ @cols ], WIDTH=>"100%",
BGCOLOR=>"#EEEEF1",
TITLE_BGCOLOR=>"#DDCCFF" );
$certTable .=$query->addTableLine(DATA=>["<B>Certificate Version:</B>",
($parsed->{VERSION} or "n/a") ]);
$certTable .=$query->addTableLine(DATA=>[ "<B>Serial Number:</B>",
($parsed->{SERIAL} or "n/a") ]);
$certTable .=$query->addTableLine(DATA=>[ "<B>Distinguished Name:</B>",
($tmpDN or "n/a") ]);
$certTable .=$query->addTableLine(DATA=>[ "<B>Issued by:</B>",
($tmpIssuer or "n/a") ]);
$certTable .=$query->addTableLine(DATA=>[ "<B>Valid From:</B>",
($parsed->{NOTBEFORE} or "n/a") ]);
$certTable .=$query->addTableLine(DATA=>[ "<B>Exipration on:</B>",
($parsed->{NOTAFTER} or "n/a") ]);
$certTable .=$query->addTableLine(DATA=>[ "<B>Revoke Reason:</B>",
($reason or "n/a") ]);
$certTable .= $query->endTable();
## Substitute the Variables in the $page
$page = $query->subVar( $page, '@TEXT@', $text );
$page = $query->subVar( $page, '@HEADER@', $head );
$page = $query->subVar( $page, '@TABLE@', $certTable );
$page = $query->subVar( $page, '@CRIN@', $crin );
print "$page";
exit 0;
