# certmgr-lib.pl do '../web-lib.pl'; &init_config(); %access = &get_module_acl(); @pages = ( "gencert", "gencsr", "signcsr", "import", "view", "manual" ); sub my_urlize{ my $temp=$_[0]; $temp=~s~([^/:.a-zA-Z0-9])~sprintf("%%%2x",ord($1))~eg; return($temp); } sub print_cert_form{ my $form=$_[0]; my $certfield; if ($form=~/^gen(.*)$/) {$certfield=$1."file";} print <
$text{$form.'_header'}
EOF if ($form eq "gencert"){ print ""; } print < EOF if ($form eq "gencert"){ print < EOF } print <
$text{$form.'_'.$certfield}
$text{'keyfile'}
$text{'keycertfile'}
$text{'password'}
$text{'confirm_password'}
$text{'keysize'}
512 1024 2048
$text{$form.'_days'}
$text{'cn'}
$text{'o'}
$text{'ou'}
$text{'l'}
$text{'st'}
$text{'c'}
$text{'emailAddress'}
EOF } sub print_sign_form { my $form=$_[0]; my $certfield; print <
$text{'signcsr_header'}
$text{'signcsr_csrfile'}
$text{'signcsr_signfile'}
$text{'signcsr_keyfile'}
$text{'signcsr_keycertfile'}
$text{'signcsr_ca_passphrase'}
$text{'signcsr_days'}
EOF } sub print_cert_info{ my $full=$_[0]; my $certdata=$_[1]; my %issuer; my %subject; my @fields=('CN','O','OU','L','ST','C'); my $field; foreach $field (@fields){ if ($certdata=~/^\s*Issuer:.*?\s+$field=(.*?)(, [A-Z]{1,2}|\/\w+=|$)/m) { $issuer{$field}=$1; } if ($certdata=~/^\s*Subject:.*?\s+$field=(.*?)(, [A-Z]{1,2}|\/\w+=|$)/m) { $subject{$field}=$1; } } if (!($certdata=~/^\s*Issuer:/m)) { $text{'certmgrlib_issuer'}=""; } if ($certdata=~/^\s*Issuer:.*?\/Email=(\S*?)(,\s*|$)/m) { $issuer{'emailAddress'}=$1;} if ($certdata=~/^\s*Subject:.*?\/Email=(\S*?)(,\s*|$)/m) { $subject{'emailAddress'}=$1;} if ($certdata=~/^\s*Not\s*After\s*:\s*(.*?)\s*$/m) { $subject{'expires'}=$1;} if ($certdata=~/^\s*Not\s*Before\s*:\s*(.*?)\s*$/m) { $subject{'issued'}=$1;} if ($certdata=~/^\s*MD5\s*Fingerprint=(.*?)\s*$/m) { $subject{'md5fingerprint'}=$1;} if ($certdata=~/^\s*(\S*)\s*Public\s*Key:\s*\((.*?)\s*bit\)\s*$/m) { $subject{'keytype'}=$1; $subject{'keysize'}=$2;} if ($certdata=~/^\s*Modulus\s*\(\d*\s*bit\):\s*((([0-9a-fA-F]{2}:)*\s*)*[0-9a-fA-F]{2})/ms) { $subject{'modulus'}=$1; } if ($certdata=~/^\s*Exponent:\s*(.*?)\s*?$/m) { $subject{'exponent'}=$1; } if ($subject{'L'} && ($subject{'ST'} || $subject{'C'})) {$subject{'L'}.=',';} #Append commas if ($subject{'ST'} && $subject{'C'}) {$subject{'ST'}.=',';} #Append commas if ($issuer{'L'} && ($issuer{'ST'} || $issuer{'C'})) {$issuer{'L'}.=',';} #Append commas if ($issuer{'ST'} && $issuer{'C'}) {$issuer{'ST'}.=',';} #Append commas $subject{'modulus'}=~s/$/<\/code>
/msg; $subject{'modulus'}=~s/^//msg; $subject{'modulus'}=~s/\s+//msg; print "\n"; print "\n"; print "\n"; print "\n"; print "\n"; print "\n"; print "\n"; if ($subject{'issued'}){ print "\n"; print "\n"; } if ($full){ print "\n"; print "\n"; } if ($full){ print "\n"; print "\n"; } if ($subject{'md5fingerprint'}){ print "\n"; } print "
$text{'certmgrlib_subject'}$text{'certmgrlib_issuer'}
$subject{'CN'}$issuer{'CN'}
$subject{'O'}$issuer{'O'}
$subject{'OU'}$issuer{'OU'}
$subject{'L'} $subject{'ST'} $subject{'C'}$issuer{'L'} $issuer{'ST'} $issuer{'C'}
$subject{'emailAddress'}$issuer{'emailAddress'}
$text{'issued_on'} $subject{'issued'}
$text{'expires_on'} $subject{'expires'}
$text{'keysize'}$subject{'keysize'}
$text{'keytype'}$subject{'keytype'}
$text{'publicExponent'}$subject{'exponent'}
$text{'modulus'}:
$subject{'modulus'}
$text{'md5fingerprint'}:
$subject{'md5fingerprint'}
\n"; } sub print_key_info{ my $full=$_[0]; my $keydata=$_[1]; my %key; my @fields=('modulus','privateExponent','prime1','prime2','exponent1','exponent2','coefficient'); my $field; $keydata=~/^publicExponent:\s*(.*?)\s*?$/ms; $key{'publicExponent'}=$1; $keydata=~/^Private-Key:\s*\((\d*)\s*bit\)\s*?$/ms; $key{'keysize'}=$1; foreach $field (@fields){ if ($keydata=~/^$field:\s*((([0-9a-fA-F]{2}:)*\s*)*[0-9a-fA-F]{2})/ms) { $key{$field}=$1; } } print "\n"; print "\n"; splice(@fields,1,0,'publicExponent'); if ($full) { foreach $field (@fields){ $key{$field}=~s/$/<\/code>
/msg; $key{$field}=~s/^//msg; $key{$field}=~s/\s+//msg; print "\n"; } } print "
$text{'keysize'}:$key{'keysize'}
$text{$field}:$key{$field}
\n"; } sub pem_or_der{ my $filename=$_[0]; my $filetype=$_[1]; my $format; my $cipher; my $flag; if ($filetype=~/^cert(ificate)?$/i){ open(PEM_OR_DER,$filename)||return("$text{'certmgrlib_e_file_open'} $filename"); while(){ if (/^\s*-+BEGIN\s*CERTIFICATE-*\s*$/i) { $format="PEM" } } close(PEM_OR_DER); if (!$format) {$format="DER";} open(PEM_OR_DER,"$config{'openssl_cmd'} x509 -in $filename -inform $format -text|")||return($text{'certmgrlib_e_exec'}); while (){ if (/^\s*Certificate:\s$/) { close(PEM_OR_DER); return($format); } } close(PEM_OR_DER); return($text{'certmgrlib_e_cert'}); } if ($filetype=~/^key$/i){ open(PEM_OR_DER,$filename)||return("$text{'certmgrlib_e_file_open'} $filename"); while(){ if (/^\s*-+BEGIN\s*RSA\s*PRIVATE\s*KEY-*\s*$/i) { $format="PEM" } if (/^\s*Proc-Type:\s*\d*,ENCRYPTED\s*$/) { $flag=1; } if (($flag)&&(/^DEK-Info:\s*(.*?),.*$/i)) { $cipher=$1 } } close(PEM_OR_DER); if ($cipher) { if (wantarray) {return(($format,$cipher));} return($format); } else {$cipher="none";} if (!$format) {$format="DER";} open(PEM_OR_DER,"$config{'openssl_cmd'} rsa -in $filename -inform $format -text|")||return($text{'certmgrlib_e_exec'}); while (){ if (/^\s*Private-Key:\s(\d*\sbit)\s*$/) { close(PEM_OR_DER); if (wantarray) {return(($format,$cipher));} return($format); } } close(PEM_OR_DER); return($text{'certmgrlib_e_key'}); } } sub getfiles { my(@dirs,@files,$thisdir,$dir); $thisdir=$_[0]; opendir(DIR, $thisdir); @dirs= sort grep { !/^[.]{1,2}$/ && -d "$thisdir/$_" } readdir(DIR); closedir(DIR); opendir(DIR,$thisdir); @files= sort grep { -f "$thisdir/$_" } readdir(DIR); closedir(DIR); foreach $dir (@dirs) { push(@files, grep { $_=$dir.'/'.$_ } &getfiles($thisdir."/".$dir)); } return(@files); } 1;