#! PERL # # pending.pl CGI-Script to create a list of pending SCEP requests and # to sign some of them # # (c) 2001 Dr. Andreas Mueller, Beratung und Entwicklung # # $Id: pending.pl.in,v 1.6 2001/05/16 23:18:47 afm Exp $ # $libdir = "LIBDIR"; $sbindir = "SBINDIR"; $openscepdir = "OPENSCEPDIR"; $cacert = $openscepdir."/cacert.pem"; $cader = $openscepdir."/cacert.der"; $pendingdir = $openscepdir."/pending"; $granteddir = $openscepdir."/granted"; $rejecteddir = $openscepdir."/rejected"; $scepgrant = $sbindir."/scepgrant"; $scepreject = $sbindir."/scepreject"; $cafingerprint = $sbindir."/cafingerprint"; # read through the openscep.cnf configuration file and extrat ldap parameters sub scepconf { local($cmd) = "${scepconf} ". join(' ', @_)." 2>/dev/null |"; open(CONF, $cmd) || die "cannot open scepconf: $!\n"; $value = ; chop $value; close(CONF); return $value; } $openssl = &scepconf("scepd", "openssl"); use CGI qw(param); printf("Content-Type: text/html\n\n"); printf q( Pending SCEP Requests

Pending SCEP requests

); $old_fh = select(STDOUT); $| = 1; select($old_fh); open(CAF, "$cafingerprint $cader |") || die "cannot start cafingerprint: $!\n"; $fingerprint = ; close(CAF); printf("

CA key fingerprint: %s

\n", $fingerprint); printf("
\n"); printf("\n"); opendir(DIR, $pendingdir) or die "cannot open pending requests directory: $!\n"; $count = 0; while (defined($infofile = readdir(DIR))) { if (!($infofile =~ m/\S+.info$/)) { next; } $derfile = $infofile; $derfile =~ s/\.info$/.der/; open(INFO, $pendingdir."/".$infofile) || die "cannot open infofile: $!\n"; while ($_ = ) { if (m/^subject: (.*)/) { $subject = $1; } if (m/^transId: (.*)/) { $transid = $1; } if (m/^fingerprint: (.*)/) { $fingerprint = $1; } } close INFO; $grant = param($transid); if ($grant eq "Grant") { open(GRANT, "SBINDIR/scepgrant ".$transid." 2>&1 |") || ($grantfailed = 1); unless ($grantfailed == 1) { close GRANT || ($grantfailed = 1); } $grantlog .= "". "". "\n"; next; } if ($grant eq "Reject") { $grantlog .= "". "\n"; next; } $count++; printf("\n"); printf("\n"); printf("\n", $subject); printf("\n"); printf("\n"); $fingerprint =~ s/ /-/g; printf("\n", $fingerprint); printf("\n"); printf("\n", $transid); printf("". "\n"); printf("\n"); printf("\n"); } close(DIR); printf("
".$subject."".$fingerprint."". (($grantfailed == 1) ? "failed" : "")."
".$subject."".$fingerprint."
Subject:". "%s". "
\n");
	open(CERT, $openssl." req -config $openscepdir/openscep.cnf -in ".
		"$pendingdir/$derfile -inform DER -text 2>/dev/null|");
	$printit = 0;
	while ($_ = ) {
		if (m/Version:/) { $printit = 1; }
		if (m/Signature/) { $printit = 0; }
		s/^........//;
		if ($printit == 1) { print; }
	}
	printf("
Fingerprint:". "%s
Transaction ID:". "%s
GrantRejectKeep
\n"); if ($count > 0) { printf("\n"); } else { printf("

none

"); } printf("
\n"); if ($grantlog) { printf("

Requests Granted

\n"); printf("\n". "\n". "\n". "%s
SubjectFingerprint
\n", $grantlog); } if ($rejectlog) { printf("

Requests Rejected

\n"); printf("\n". "\n". "\n". "%s
SubjectFingerprint
\n", $reject); } printf q(
© 2001 The OpenSCEP Project ); exit 0;