File Coverage

blib/lib/OpenCA/CRL.pm

Criterion	Covered	Total	%
statement	3	131	2.2
branch	0	42	0.0
condition	0	8	0.0
subroutine	1	14	7.1
pod	0	13	0.0
total	4	208	1.9

line	stmt	bran	cond	sub	pod	time	code
1							## OpenCA::CRL
2							##
3							## Copyright (C) 1998-1999 Massimiliano Pala (madwolf@openca.org)
4							## All rights reserved.
5							##
6							## This library is free for commercial and non-commercial use as long as
7							## the following conditions are aheared to. The following conditions
8							## apply to all code found in this distribution, be it the RC4, RSA,
9							## lhash, DES, etc., code; not just the SSL code. The documentation
10							## included with this distribution is covered by the same copyright terms
11							##
12							## Copyright remains Massimiliano Pala's, and as such any Copyright notices
13							## in the code are not to be removed.
14							## If this package is used in a product, Massimiliano Pala should be given
15							## attribution as the author of the parts of the library used.
16							## This can be in the form of a textual message at program startup or
17							## in documentation (online or textual) provided with the package.
18							##
19							## Redistribution and use in source and binary forms, with or without
20							## modification, are permitted provided that the following conditions
21							## are met:
22							## 1. Redistributions of source code must retain the copyright
23							## notice, this list of conditions and the following disclaimer.
24							## 2. Redistributions in binary form must reproduce the above copyright
25							## notice, this list of conditions and the following disclaimer in the
26							## documentation and/or other materials provided with the distribution.
27							## 3. All advertising materials mentioning features or use of this software
28							## must display the following acknowledgement:
29							## "This product includes OpenCA software written by Massimiliano Pala
30							## (madwolf@openca.org) and the OpenCA Group (www.openca.org)"
31							## 4. If you include any Windows specific code (or a derivative thereof) from
32							## some directory (application code) you must include an acknowledgement:
33							## "This product includes OpenCA software (www.openca.org)"
34							##
35							## THIS SOFTWARE IS PROVIDED BY OPENCA DEVELOPERS ``AS IS'' AND
36							## ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
37							## IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
38							## ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
39							## FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
40							## DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
41							## OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
42							## HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
43							## LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
44							## OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
45							## SUCH DAMAGE.
46							##
47							## The licence and distribution terms for any publically available version or
48							## derivative of this code cannot be changed. i.e. this code cannot simply be
49							## copied and put under another distribution licence
50							## [including the GNU Public Licence.]
51							##
52
53							## the module's errorcode is 76
54							##
55							## functions:
56							##
57							## new 11
58							## init 12
59							## parseCRL 13
60							## getHeader 21
61							## getBody 22
62							## getTXT 31
63							## getParsed 41
64							## getPEM 32
65							## getDER 33
66							## getItem 51
67							## getSerial 52
68							## setParams 61
69
70	1			1		611	use strict;
	1					2
	1					2126
71
72							package OpenCA::CRL;
73
74							our ($errno, $errval);
75
76							($OpenCA::CRL::VERSION = '$Revision: 1.17 $' )=~ s/(?:^.*: (\d+))\|(?:\s+\$$)/defined $1?"0\.9":""/eg;
77
78							my %params = (
79							crl => undef,
80							item => undef,
81							pwd => undef,
82							crlFormat => undef,
83							pemCRL => undef,
84							derCRL => undef,
85							txtCRL => undef,
86							parsedItem => undef,
87							backend => undef,
88							beginHeader => undef,
89							endHeader => undef
90							);
91
92							sub setError {
93	0			0	0		my $self = shift;
94
95	0	0					if (scalar (@_) == 4) {
96	0						my $keys = { @_ };
97	0						$errval = $keys->{ERRVAL};
98	0						$errno = $keys->{ERRNO};
99							} else {
100	0						$errno = $_[0];
101	0						$errval = $_[1];
102							}
103
104							## support for: return $self->setError (1234, "Something fails.") if (not $xyz);
105	0						return undef;
106							}
107
108							sub new {
109	0			0	0		my $that = shift;
110	0		0				my $class = ref($that) \|\| $that;
111
112	0						my $self = {
113							%params,
114							};
115
116	0						bless $self, $class;
117
118	0						my $keys = { @_ };
119
120	0						$self->{crl} = $keys->{DATA};
121	0						$self->{pwd} = $keys->{PASSWD};
122	0		0				$self->{crlFormat} = ( $keys->{FORMAT} or $keys->{INFORM} or "PEM");
123	0						$self->{backend} = $keys->{SHELL};
124
125	0	0					return $self->setError (7611011, "OpenCA::CRL->new: There is no crypto-backend specified.")
126							if( not $self->{backend} );
127
128	0						my $infile = $keys->{INFILE};
129	0						my $cakey = $keys->{CAKEY};
130	0						my $cacert = $keys->{CACERT};
131	0						my $days = $keys->{DAYS};
132	0						my $exts = $keys->{EXTS};
133
134	0						$self->{beginHeader} = "-----BEGIN HEADER-----";
135	0						$self->{endHeader} = "-----END HEADER-----";
136
137	0	0	0				if (defined($infile) and ($infile ne "") ) {
138	0						my $tmpLine;
139	0	0					open( FD, "<$infile" )
140							or return $self->setError (7611021, "OpenCA::CRL->new: Cannot open infile $infile for reading.");
141	0						while( $tmpLine = ) {
142	0						$self->{crl} .= $tmpLine;
143							}
144	0						close(FD);
145							}
146
147	0	0					if (not $self->{crl})
148							{
149							# the can be stored directly in the token ({backend})
150							#
151							#if( ($cacert) or ($cakey) ) {
152							# return $self->setError (7611031, "OpenCA::CRL->new: You must specify the CA-certificate too ".
153							# "if you want to issue a CRL.")
154							# if (not $cacert);
155							# return $self->setError (7611032, "OpenCA::CRL->new: You must specify the CA's private key too ".
156							# "if you want to issue a CRL.")
157							# if (not $cakey);
158
159	0						$self->{crl} = $self->{backend}->issueCrl(
160							CAKEY => $cakey,
161							USE_ENGINE => 1,
162							CACERT => $cacert,
163							OUTFORM => $self->{crlFormat},
164							DAYS => $days,
165							PASSWD => $self->{pwd},
166							EXTS => $exts,
167							NOUNIQUEDN => $keys->{NOUNIQUEDN} );
168
169	0	0					return $self->setError (7611035, "OpenCA::CRL->new: Failed to issue a new CRL ".
170							"(".$OpenCA::OpenSSL::errno.")\n".$OpenCA::OpenSSL::errval)
171							if ( not $self->{crl} );
172							}
173
174
175	0	0					if ( $self->{crl} ne "" ) {
176	0						$self->{item} = $self->{crl};
177
178	0						$self->{crl} = $self->getBody( ITEM=>$self->{item} );
179
180	0	0					if ( not $self->init()) {
181	0						return $self->setError (7611041, "OpenCA::CRL->new: Failed to issue a new CRL ".
182							"($errno)\n$errval");
183							}
184
185							}
186
187	0						return $self;
188							}
189
190
191							sub init {
192	0			0	0		my $self = shift;
193	0						my $keys = { @_ };
194
195	0	0					return $self->setError (7612011, "OpenCA::CRL->init: There is no CRL present.")
196							if (not $self->{crl});
197
198	0						$self->{pemCRL} = "";
199
200	0						$self->{derCRL} = "";
201
202	0						$self->{txtCRL} = "";
203
204	0						$self->{parsedItem} = $self->parseCRL();
205	0	0					return $self->setError (7612021, "OpenCA::CRL->init: Cannot parse CRL ($errno)\n$errval")
206							if (not $self->{parsedItem});
207
208	0						return 1;
209							}
210
211							sub parseCRL {
212
213	0			0	0		my $self = shift;
214	0						my $keys = { @_ };
215
216	0						my ( $version, $issuer, $last, $next, $alg, $tmp);
217	0						my @list;
218	0						my @certs;
219
220	0						my ( $head, $body );
221
222	0						my @attList = ( "VERSION", "ISSUER", "NEXTUPDATE", "LASTUPDATE", "SIGNATURE_ALGORITHM", "REVOKED" );
223
224	0						my $hret = $self->{backend}->getCRLAttribute(
225							ATTRIBUTE_LIST => \@attList,
226							DATA => $self->{crl},
227							INFORM => $self->{crlFormat});
228	0	0					if (not $hret) {
229	0						return $self->setError (7613015, "OpenCA::CRL->parseCRL: Cryptobackend fails ".
230							"(".$OpenCA::OpenSSL::errno.")\n".$OpenCA::OpenSSL::errval);
231							}
232
233							## Parse lines ...
234	0						@certs = split ( /\n/i, $hret->{REVOKED} );
235	0						for (my $i=0; $i
236							{
237	0						my $serial = $certs[$i++];
238	0						my $date = $certs[$i];
239	0						my $ext = "";
240	0						while ($certs[$i+1] =~ /^ /) {
241	0						$ext .= $certs[++$i]."\n";
242							}
243
244	0						my $entry = {
245							SERIAL => $serial,
246							DATE => $date };
247
248	0						@list = ( @list, $entry );
249							}
250
251	0						my $ret = {
252							VERSION => $hret->{VERSION},
253							ALGORITHM => $hret->{SIGNATURE_ALGORITHM},
254							ISSUER => $hret->{ISSUER},
255							LAST_UPDATE => $hret->{LASTUPDATE},
256							NEXT_UPDATE => $hret->{NEXTUPDATE},
257							BODY => $self->getBody( ITEM=> $self->{item} ),
258							ITEM => $self->getBody( ITEM=> $self->{item} ),
259							HEADER => $self->getHeader ( ITEM=>$self->{item} ),
260							LIST => [ @list ],
261							FLAG_EXPORT_STATE => 0
262							};
263
264	0						return $ret;
265							}
266
267							sub getHeader {
268	0			0	0		my $self = shift;
269	0						my $keys = { @_ };
270	0						my $req = $keys->{ITEM};
271
272	0						my ( $txt, $ret, $i, $key, $val );
273
274	0						my $beginHeader = $self->{beginHeader};
275	0						my $endHeader = $self->{endHeader};
276
277	0	0					if( ($txt) = ( $req =~ /$beginHeader\n([\S\s\n]+)\n$endHeader/m) ) {
278	0						foreach $i ( split ( /\n/, $txt ) ) {
279	0						$i =~ s/\s=\s/=/;
280	0						( $key, $val ) = ( $i =~ /(.)\s=\s(.)\s*/ );
281	0						$ret->{$key} = $val;
282							}
283							}
284
285	0						return $ret;
286							}
287
288							sub getBody {
289	0			0	0		my $self = shift;
290	0						my $keys = { @_ };
291
292	0						my $ret = $keys->{ITEM};
293
294	0						my $beginHeader = $self->{beginHeader};
295	0						my $endHeader = $self->{endHeader};
296
297							## Let's throw away text between the two headers, included
298	0						$ret =~ s/($beginHeader[\S\s\n]+$endHeader\n)//;
299
300	0						return $ret;
301							}
302
303							sub getParsed {
304	0			0	0		my $self = shift;
305
306	0	0					return $self->setError (7641011, "OpenCA::CRL->getParsed: The CRL was not parsed.")
307							if ( not $self->{parsedItem} );
308	0						return $self->{parsedItem};
309							}
310
311							sub getPEM {
312	0			0	0		my $self = shift;
313
314	0	0					if ( $self->{crlFormat} eq 'PEM' ) {
315	0						$self->{crl} =~ s/^\n*//;
316	0						$self->{crl} =~ s/\n*$/\n/;
317	0						return $self->{crl};
318							}
319	0	0					if (not $self->{pemCRL}) {
320	0						$self->{pemCRL} = $self->{backend}->dataConvert( DATA=>$self->{crl},
321							DATATYPE=>"CRL",
322							INFORM=>$self->{crlFormat},
323							OUTFORM=>"PEM" );
324	0	0					return $self->setError (7632011, "OpenCA::CRL->init: Cannot convert CRL to PEM-format ".
325							"(".$OpenCA::OpenSSL::errno.")\n".$OpenCA::OpenSSL::errval)
326							if (not $self->{pemCRL});
327							}
328
329	0						return $self->{pemCRL};
330							}
331
332							sub getDER {
333	0			0	0		my $self = shift;
334
335	0	0					if ( $self->{crlFormat} eq 'DER' ) {
336	0						return $self->{crl};
337							}
338	0	0					if (not $self->{derCRL}) {
339	0						$self->{derCRL} = $self->{backend}->dataConvert( DATA=>$self->{crl},
340							DATATYPE=>"CRL",
341							INFORM=>$self->{crlFormat},
342							OUTFORM=>"DER" );
343	0	0					return $self->setError (7633011, "OpenCA::CRL->getDER: Cannot convert CRL to DER-format ".
344							"(".$OpenCA::OpenSSL::errno.")\n".$OpenCA::OpenSSL::errval)
345							if (not $self->{derCRL});
346							}
347
348	0						return $self->{derCRL};
349							}
350
351							sub getTXT {
352	0			0	0		my $self = shift;
353
354	0	0					if (not $self->{txtCRL}) {
355	0						$self->{txtCRL} = $self->{backend}->dataConvert( DATA=>$self->{crl},
356							DATATYPE=>"CRL",
357							INFORM=>$self->{crlFormat},
358							OUTFORM=>"TXT" );
359	0	0					return $self->setError (7631011, "OpenCA::CRL->getTXT: Cannot convert CRL to TXT-format ".
360							"(".$OpenCA::OpenSSL::errno.")\n".$OpenCA::OpenSSL::errval)
361							if (not $self->{txtCRL});
362							}
363
364	0						return $self->{txtCRL};
365							}
366
367							sub getItem {
368	0			0	0		my $self = shift;
369	0						my $txtItem;
370
371	0						$txtItem = $self->{beginHeader}."\n";
372	0						$txtItem .= $self->getHeader ();
373	0						$txtItem .= $self->{endHeader}."\n";
374	0						$txtItem .= $self->getPEM ();
375
376	0						return $txtItem;
377							}
378
379							sub getSerial {
380	0			0	0		my $self = shift;
381
382	0						return $self->{backend}->getDigest ( DATA => $self->getPEM() );
383							}
384
385							sub setParams {
386
387	0			0	0		my $self = shift;
388	0						my $params = { @_ };
389	0						my $key;
390
391	0						foreach $key ( keys %{$params} ) {
	0
392							## we should place the parameters here
393							}
394
395	0						return 1;
396							}
397
398							# Below is the stub of documentation for your module. You better edit it!
399							1;