certmgr/gencsr.cgi

   1 #!/usr/local/bin/perl
   2 # gencsr.cgi
   3 # Generates certificates signing requests (CSRs)
   4
   5 require './certmgr-lib.pl';
   6 &ReadParse();
   7 $access{'gencsr'} || &error($text{'ecannot'});
   8 &header($text{'gencsr_title'}, "");
   9
  10 if ($in{'keysize'}==512){$checked[0]=" checked";}
  11 elsif ($in{'keysize'}==2048){$checked[2]=" checked";}
  12 else {$checked[1]=" checked";}  # Default keysize 1024
  13 $in{'c'}=~tr/[a-z]/[A-Z]/;
  14 if ($in{'submitted'} eq "generate") {
  15         if (!$in{'cn'}) { $error.=$text{'gencert_e_nocn'}."<br>\n"; }
  16         if ($in{'password'} ne $in{'confirm_password'}) {
  17                 $error.=$text{'gencert_e_badpw'}."<br>\n";
  18                 $in{'password'}="";
  19                 $in{'confirm_password'}="";
  20         }
  21         if (!($in{'csrfile'} && $in{'keyfile'} )){
  22                 $error.=$text{'gencsr_e_nofilename'}."<br>\n";
  23         }
  24         if (!$error) {
  25                 &process();
  26                 exit;
  27         }
  28 }
  29
  30 if ($error) {
  31         print "<hr> <b>$text{'gencsr_error'}</b>\n<ul>\n";
  32         print "$error</ul>\n$text{'gencsr_pleasefix'}\n";
  33 } else {
  34         if (!$in{'csrfile'}) { $in{'csrfile'}=$config{'ssl_csr_dir'}."/".
  35                 $config{'csr_filename'}; }
  36         if (!$in{'keyfile'}) { $in{'keyfile'}=$config{'ssl_key_dir'}."/".
  37                 $config{'key_filename'}; }
  38         if (!$in{'cn'}) { $in{'cn'}=&get_system_hostname(); }
  39         if (!$in{'o'}) { $in{'o'}=$config{'default_o'}; }
  40         if (!$in{'ou'}) { $in{'ou'}=$config{'default_ou'}; }
  41         if (!$in{'l'}) { $in{'l'}=$config{'default_l'}; }
  42         if (!$in{'st'}) { $in{'st'}=$config{'default_st'}; }
  43         if (!$in{'c'}) { $in{'c'}=$config{'default_c'}; }
  44         $in{'c'}=~tr/[a-z]/[A-Z]/;
  45         if (!$in{'emailAddress'}) { $in{'emailAddress'}=$config{'default_email'}; }
  46 }
  47
  48 print &ui_hr();
  49 &print_cert_form("gencsr");
  50 print &ui_hr();
  51 &footer("", $text{'index_return'});
  52
  53 sub process{
  54         $conffilename=&tempname();
  55         $outfile=&tempname();
  56         if (((-e $in{'csrfile'})||(-e $in{'keyfile'}))&&($in{'overwrite'} ne "yes")) {
  57                 &overwriteprompt();
  58                 print &ui_hr();
  59                 &footer("", $text{'index_return'});
  60                 exit;
  61         }
  62         open(CONF,">$conffilename");
  63         print CONF <<EOF;
  64 [ req ]
  65  distinguished_name = req_dn
  66  prompt = no
  67 [ req_dn ]
  68  CN = $in{'cn'}
  69 EOF
  70         if ($in{'o'}) {print CONF " O = $in{'o'}\n";}
  71         if ($in{'ou'}) {print CONF " OU = $in{'ou'}\n";}
  72         if ($in{'l'}) {print CONF " L = $in{'l'}\n";}
  73         if ($in{'st'}) {print CONF " ST = $in{'st'}\n";}
  74         if ($in{'c'}) {print CONF " C = $in{'c'}\n";}
  75         if ($in{'emailAddress'}) {print CONF " emailAddress = $in{'emailAddress'}\n";}
  76         close(CONF);
  77         if ($in{'password'}){ $des="-passout pass:".quotemeta($in{'password'}); }
  78         else { $des="-nodes"; }
  79         if (!(open(OPENSSL,"|$config{'openssl_cmd'} req $des -newkey rsa:$in{'keysize'} -keyout $in{'keyfile'} -new \\
  80                                 -out $in{'csrfile'} -config $conffilename >$outfile 2>&1"))) {
  81                 $error="$e_genfailed: $!";
  82         } else {
  83                 close(OPENSSL);
  84                 open(ERROR,"<$outfile");
  85                 while(<ERROR>){$out.=$_;}
  86                 close(ERROR);
  87                 if (!((-e $in{'csrfile'})&&(-e $in{'keyfile'}))) {
  88                         $error=$out;
  89                 } else {
  90                         $error=0;
  91                         chmod(0400,$in{'keyfile'});
  92                 }
  93         }
  94         unlink($outfile);
  95         unlink($conffilename);
  96         print &ui_hr();
  97         if ($error){ print "<b>$text{'gencsr_e_genfailed'}</b>\n<pre>$error</pre>\n<hr>\n";}
  98         else {
  99                 print "<b>$text{'gencsr_genworked'}</b>\n<pre>$out</pre>\n";
 100                 $url="\"view.cgi?csrfile=".&my_urlize($in{'csrfile'}).'"';
 101                 print "<b>$text{'gencsr_saved_csr'} <a href=$url>$in{'csrfile'}</a></b><br>\n";
 102                 $url="\"view.cgi?keyfile=".&my_urlize($in{'keyfile'}).'"';
 103                 print "<b>$text{'gencert_saved_key'} <a href=$url>$in{'keyfile'}</a></b><br>\n";
 104         }
 105         print &ui_hr();
 106         &footer("", $text{'index_return'});
 107 }
 108
 109 sub overwriteprompt{
 110         my($buffer1,$buffer2,$buffer,$key,$temp_pem,$url);
 111
 112         print "<table>\n<tr valign=top>";
 113         if (-e $in{'csrfile'}) {
 114                 open(OPENSSL,"$config{'openssl_cmd'} req -in $in{'csrfile'} -text -noout|");
 115                 while(<OPENSSL>){ $buffer1.=$_; }
 116                 close(OPENSSL);
 117                 $url="\"view.cgi?csrfile=".&my_urlize($in{'csrfile'}).'"';
 118                 print "<td><table border><tr $tb><td align=center><b><a href=$url>$in{'csrfile'}</a></b></td> </tr>\n<tr $cb> <td>\n";
 119                 if (!$buffer1) { print $text{'e_file'};}
 120                 else { &print_cert_info(0,$buffer1); }
 121                 print "</td></tr></table></td>\n";
 122         }
 123         if (-e $in{'keyfile'}) {
 124                 open(OPENSSL,"$config{'openssl_cmd'} rsa -in $in{'keyfile'} -text -noout|");
 125                 while(<OPENSSL>){ $buffer.=$_; }
 126                 close(OPENSSL);
 127                 $url="\"view.cgi?keyfile=".&my_urlize($in{'keyfile'}).'"';
 128                 print "<td><table border><tr $tb> <td align=center><b><a href=$url>$in{'keyfile'}</a></b></td> </tr>\n<tr $cb> <td>\n";
 129                 if (!$buffer) { print $text{'e_file'};}
 130                 else { &print_key_info(0,$buffer); }
 131                 print "</td></tr></table></td>\n";
 132         }
 133         print "</tr></table>\n";
 134         print "$text{'gencsr_moreinfo'}";
 135         print "<hr>\n$text{'gencsr_overwrite'}\n<p>\n";
 136
 137         print "<form action=gencsr.cgi method=post>\n";
 138         foreach $key (keys %in) {
 139                 print "<input name=\"$key\" type=hidden value=\"$in{$key}\">\n";
 140         }
 141         print "<input name=overwrite value=\"yes\" type=hidden>\n";
 142         print "<input type=submit value=\"$text{'continue'}\"></form>\n";
 143 }