[yast-commit] r60358 - in /trunk/ca-management/src: YaPI/CaManagement.pm new_cert_read_write.ycp util.ycp

Author: mcalmer Date: Thu Jan 14 12:53:46 2010 New Revision: 60358 URL: http://svn.opensuse.org/viewcvs/yast?rev=60358&view=rev Log: implement export certificate key to file (fate#305490) Modified: trunk/ca-management/src/YaPI/CaManagement.pm trunk/ca-management/src/new_cert_read_write.ycp trunk/ca-management/src/util.ycp Modified: trunk/ca-management/src/YaPI/CaManagement.pm URL: http://svn.opensuse.org/viewcvs/yast/trunk/ca-management/src/YaPI/CaManagement.pm?rev=60358&r1=60357&r2=60358&view=diff ============================================================================== --- trunk/ca-management/src/YaPI/CaManagement.pm (original) +++ trunk/ca-management/src/YaPI/CaManagement.pm Thu Jan 14 12:53:46 2010 @@ -14,21 +14,21 @@ # my $comp = new LIMAL::StringArray(); # $comp->push_back("*"); - + # my $cat = new LIMAL::StringArray(); # $cat->push_back("FATAL"); # $cat->push_back("ERROR"); # $cat->push_back("INFO"); - + # my $logref = LIMAL::Logger::createFileLogger("YaPI::CaManagement", $comp, $cat, - # "[%d] %p %c %l - %m", + # "[%d] %p %c %l - %m", # "/var/log/YaST2/limal-ca-mgm.log", # 2048, 2); # LIMAL::Logger::setDefaultLogger($logref); #}; # ignore errors here; If we run as none root this happens - + } @@ -78,7 +78,7 @@ $name = AddRequest($valueMap) create a request for a special CA and returns the name - + $name = IssueCertificate($valueMap) issue a certificate and returns the name of the new certificate @@ -98,7 +98,7 @@ $cert = ReadCertificate($valueMap) returns a certificate as plain text or parsed map - + $bool = RevokeCertificate($valueMap) revoke a certificate @@ -204,7 +204,7 @@ =head1 COMMON PARAMETER -Here is a list of common parameter which are often +Here is a list of common parameter which are often used in I<$valueMap> =over 2 @@ -223,12 +223,12 @@ newCaName <directory Name> =item * -request => <filename> +request => <filename> (without suffix) =item * -certificate => <filename> +certificate => <filename> (without suffix) @@ -239,7 +239,7 @@ caPasswd => <string> =item * -commonName => <String> +commonName => <String> (ascii) @@ -278,9 +278,9 @@ =item * crlReason => <value> - allowed values are: + allowed values are: - unspecified, keyCompromise, CACompromise, affiliationChanged, + unspecified, keyCompromise, CACompromise, affiliationChanged, superseded, cessationOfOperation, certificateHold =back @@ -310,7 +310,7 @@ allowed values are: - digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment, + digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment, keyAgreement, keyCertSign, cRLSign, encipherOnly, decipherOnly =item * @@ -332,7 +332,7 @@ allowed values are: - email:<email-address>, URI:<URL>, DNS:, + email:<email-address>, URI:<URL>, DNS:, RID:, IP:, email:copy =item * @@ -340,7 +340,7 @@ allowed values are: - email:<email-address>, URI:<URL>, DNS:, + email:<email-address>, URI:<URL>, DNS:, RID:, IP:, issuer:copy =item * @@ -366,8 +366,8 @@ allowed values are: - serverAuth, clientAuth, codeSigning, emailProtection, timeStamping, - msCodeInd, msCodeCom, msCTLSign, msSGC, msEFS, nsSGC, + serverAuth, clientAuth, codeSigning, emailProtection, timeStamping, + msCodeInd, msCodeCom, msCTLSign, msSGC, msEFS, nsSGC, a list of explanation: @@ -389,7 +389,7 @@ accessOID can be: OCSP, caIssuers or a - location can be: email:<email-address>, URI:<URL>, DNS:, + location can be: email:<email-address>, URI:<URL>, DNS:, RID:, IP: =item * @@ -465,7 +465,7 @@ if(defined $repository) { $list = LIMAL::CaMgm::CA::getCAList($repository); - + } else { $list = LIMAL::CaMgm::CA::getCAList(); @@ -478,7 +478,7 @@ } }; if($@) { - return $self->SetError( summary => __("Cannot read CA list."), + return $self->SetError( summary => __("Cannot read CA list."), description => YaST::caUtils->exception2String($@), code => "LIMAL_CALL_FAILED"); } @@ -488,12 +488,12 @@ =item * C<$caList = ReadCATree()> -Returns a list of lists of the available CAs +Returns a list of lists of the available CAs containing the issuer caName. * $caList->[$x]->[0] is the caName -* $caList->[$x]->[1] is the issuer caName +* $caList->[$x]->[1] is the issuer caName If the issuer caName is empty caName is a root CA. The list is sorted by the first element. @@ -521,9 +521,9 @@ my $tree = undef; if(defined $repository) { - + $tree = LIMAL::CaMgm::CA::getCATree($repository); - + } else { $tree = LIMAL::CaMgm::CA::getCATree(); @@ -539,7 +539,7 @@ } }; if($@) { - return $self->SetError( summary => __("Cannot read CA tree."), + return $self->SetError( summary => __("Cannot read CA tree."), description => YaST::caUtils->exception2String($@), code => "LIMAL_CALL_FAILED"); } @@ -615,7 +615,7 @@ * crlDistributionPoints -The syntax of these values are explained in the +The syntax of these values are explained in the B<COMMON PARAMETER> section. EXAMPLE: @@ -634,7 +634,7 @@ my $res = YaPI::CaManagement->AddRootCA($data); if( not defined $res ) { - # error + # error } else { print "OK\n"; } @@ -687,21 +687,21 @@ } my $rgd = undef; eval { - + if( defined $data->{'repository'}) { - + $rgd = LIMAL::CaMgm::CA::getRootCARequestDefaults($data->{'repository'}); - + } else { - + $rgd = LIMAL::CaMgm::CA::getRootCARequestDefaults(); - + } my $dnl = $rgd->getSubjectDN()->getDN(); my @DN_Values = ('countryName', 'stateOrProvinceName', 'localityName', 'organizationName', 'organizationalUnitName', 'commonName', 'emailAddress'); - + for(my $dnit = $dnl->begin(); !$dnl->iterator_equal($dnit, $dnl->end()); $dnl->iterator_incr($dnit)) @@ -711,7 +711,7 @@ if($dnl->iterator_value($dnit)->getType() =~ /^$v$/i) { if(defined $data->{$v}) { - + $dnl->iterator_value($dnit)->setRDNValue($data->{$v}); } else { @@ -749,7 +749,7 @@ my $exts = $rgd->getExtensions(); - my $e = YaST::caUtils->transformBasicConstaints($exts, + my $e = YaST::caUtils->transformBasicConstaints($exts, $data->{'basicConstraints'}); if(!defined $e) { return undef; @@ -759,24 +759,24 @@ }; if($@) { - + return $self->SetError( summary => __("Modifying RequestGenerationData failed."), description => YaST::caUtils->exception2String($@), code => "LIMAL_CALL_FAILED"); } - - + + my $cid = undef; eval { if( defined $data->{'repository'}) { - + $cid = LIMAL::CaMgm::CA::getRootCAIssueDefaults($data->{'repository'}); - + } else { - + $cid = LIMAL::CaMgm::CA::getRootCAIssueDefaults(); - + } my $start = time(); @@ -785,56 +785,56 @@ $cid->setCertifyPeriode($start, $end); my $exts = $cid->getExtensions(); - - my $e = YaST::caUtils->transformBasicConstaints($exts, + + my $e = YaST::caUtils->transformBasicConstaints($exts, $data->{'basicConstraints'}); if(!defined $e) { return undef; } - $e = YaST::caUtils->transformStringExtension($exts, + $e = YaST::caUtils->transformStringExtension($exts, "nsComment", $data->{'nsComment'}); if(!defined $e) { return undef; } - $e = YaST::caUtils->transformStringExtension($exts, + $e = YaST::caUtils->transformStringExtension($exts, "nsBaseUrl", $data->{'nsBaseUrl'}); if(!defined $e) { return undef; } - $e = YaST::caUtils->transformStringExtension($exts, + $e = YaST::caUtils->transformStringExtension($exts, "nsRevocationUrl", $data->{'nsRevocationUrl'}); if(!defined $e) { return undef; } - $e = YaST::caUtils->transformStringExtension($exts, + $e = YaST::caUtils->transformStringExtension($exts, "nsCaRevocationUrl", $data->{'nsCaRevocationUrl'}); if(!defined $e) { return undef; } - $e = YaST::caUtils->transformStringExtension($exts, + $e = YaST::caUtils->transformStringExtension($exts, "nsRenewalUrl", $data->{'nsRenewalUrl'}); if(!defined $e) { return undef; } - $e = YaST::caUtils->transformStringExtension($exts, + $e = YaST::caUtils->transformStringExtension($exts, "nsSslServerName", $data->{'nsSslServerName'}); if(!defined $e) { return undef; } - $e = YaST::caUtils->transformStringExtension($exts, + $e = YaST::caUtils->transformStringExtension($exts, "nsCaPolicyUrl", $data->{'nsCaPolicyUrl'}); if(!defined $e) { @@ -908,10 +908,10 @@ eval { if( defined $data->{'repository'}) { - + LIMAL::CaMgm::CA::createRootCA($data->{'caName'}, $data->{'keyPasswd'}, - $rgd, $cid, + $rgd, $cid, $data->{'repository'}); } else { @@ -987,11 +987,11 @@ * DN -I<DN> is a hash which contains some values of the +I<DN> is a hash which contains some values of the subject of the CA Certificate (if caName is defined) -The syntax of these values are explained in the +The syntax of these values are explained in the B<COMMON PARAMETER> section. EXAMPLE: @@ -1002,7 +1002,7 @@ 'caName' => 'My_CA', 'certType' => 'client' } - $certValueMap = YaPI::CaManagement->ReadCertificateDefaults($data) + $certValueMap = YaPI::CaManagement->ReadCertificateDefaults($data) if( not defined $certValueMap ) { # error } else { @@ -1012,7 +1012,7 @@ =cut BEGIN { $TYPEINFO{ReadCertificateDefaults} = [ - "function", + "function", ["map", "string", "any"], ["map", "string", "any"] ]; } @@ -1029,7 +1029,7 @@ if (defined $data->{"caName"}) { $caName = $data->{"caName"}; - } + } if (defined $data->{"certType"}) { $certType = $data->{"certType"}; } else { @@ -1057,11 +1057,11 @@ 'authorityInfoAccess' => undef, 'crlDistributionPoints' => undef }; - + my $ca = undef; my $rgd = undef; my $cid = undef; - + my $rType = 0; my $cType = 0; @@ -1079,16 +1079,16 @@ } if(defined $data->{'caName'} && $data->{'caName'} ne "") { - + if(defined $data->{'repository'}) { - - $ca = new LIMAL::CaMgm::CA($data->{'caName'}, + + $ca = new LIMAL::CaMgm::CA($data->{'caName'}, $data->{'caPasswd'}, $data->{'repository'}); } else { - + $ca = new LIMAL::CaMgm::CA($data->{'caName'}, $data->{'caPasswd'}); - + } $rgd = $ca->getRequestDefaults($rType); @@ -1097,15 +1097,15 @@ } else { if( defined $data->{'repository'}) { - + $rgd = LIMAL::CaMgm::CA::getRootCARequestDefaults($data->{'repository'}); $cid = LIMAL::CaMgm::CA::getRootCAIssueDefaults($data->{'repository'}); - + } else { - + $rgd = LIMAL::CaMgm::CA::getRootCARequestDefaults(); $cid = LIMAL::CaMgm::CA::getRootCAIssueDefaults(); - + } } @@ -1118,19 +1118,19 @@ return undef; } - $e = YaST::caUtils->extractStringExtension($cext->getNsComment(), + $e = YaST::caUtils->extractStringExtension($cext->getNsComment(), "nsComment", $ret); if(!defined $e) { return undef; } - $e = YaST::caUtils->extractStringExtension($cext->getNsBaseUrl(), + $e = YaST::caUtils->extractStringExtension($cext->getNsBaseUrl(), "nsBaseUrl", $ret); if(!defined $e) { return undef; } - $e = YaST::caUtils->extractStringExtension($cext->getNsRevocationUrl(), + $e = YaST::caUtils->extractStringExtension($cext->getNsRevocationUrl(), "nsRevocationUrl", $ret); if(!defined $e) { return undef; @@ -1148,13 +1148,13 @@ return undef; } - $e = YaST::caUtils->extractStringExtension($cext->getNsSslServerName(), + $e = YaST::caUtils->extractStringExtension($cext->getNsSslServerName(), "nsSslServerName", $ret); if(!defined $e) { return undef; } - $e = YaST::caUtils->extractStringExtension($cext->getNsCaPolicyUrl(), + $e = YaST::caUtils->extractStringExtension($cext->getNsCaPolicyUrl(), "nsCaPolicyUrl", $ret); if(!defined $e) { return undef; @@ -1221,7 +1221,7 @@ for(my $it = $list->begin(); !$list->iterator_equal($it, $list->end()); - $list->iterator_incr($it)) + $list->iterator_incr($it)) { my $type = $list->iterator_value($it)->getType(); my $value = $list->iterator_value($it)->getValue(); @@ -1299,7 +1299,7 @@ * keyLength -The syntax of these values are explained in the +The syntax of these values are explained in the B<COMMON PARAMETER> section. The return value is "undef" on an error and "1" on success. @@ -1332,7 +1332,7 @@ if (not defined YaST::caUtils->checkCommonValues($data)) { return $self->SetError(%{YaST::caUtils->Error()}); } - + # checking requires if (!defined $data->{"caName"}) { # parameter check failed @@ -1340,7 +1340,7 @@ code => "CHECK_PARAM_FAILED"); } $caName = $data->{"caName"}; - + if(! defined $data->{"certType"}) { # parameter check failed return $self->SetError( summary => __("Missing value 'certType'."), @@ -1352,8 +1352,8 @@ eval { if( defined $data->{'repository'}) { - - $ca = new LIMAL::CaMgm::CA($data->{"caName"}, + + $ca = new LIMAL::CaMgm::CA($data->{"caName"}, $data->{'caPasswd'}, $data->{"repository"}); } else { @@ -1363,7 +1363,7 @@ } }; if($@) { - + return $self->SetError( summary => __("Initializing the CA failed."), description => YaST::caUtils->exception2String($@), code => "LIMAL_CALL_FAILED"); @@ -1394,58 +1394,58 @@ $cid->setCertifyPeriode($start, $end); } - + my $exts = $cid->getExtensions(); - - my $e = YaST::caUtils->transformBasicConstaints($exts, + + my $e = YaST::caUtils->transformBasicConstaints($exts, $data->{'basicConstraints'}); if(!defined $e) { return undef; } - $e = YaST::caUtils->transformStringExtension($exts, + $e = YaST::caUtils->transformStringExtension($exts, "nsComment", $data->{'nsComment'}); if(!defined $e) { return undef; } - $e = YaST::caUtils->transformStringExtension($exts, + $e = YaST::caUtils->transformStringExtension($exts, "nsBaseUrl", $data->{'nsBaseUrl'}); if(!defined $e) { return undef; } - $e = YaST::caUtils->transformStringExtension($exts, + $e = YaST::caUtils->transformStringExtension($exts, "nsRevocationUrl", $data->{'nsRevocationUrl'}); if(!defined $e) { return undef; } - $e = YaST::caUtils->transformStringExtension($exts, + $e = YaST::caUtils->transformStringExtension($exts, "nsCaRevocationUrl", $data->{'nsCaRevocationUrl'}); if(!defined $e) { return undef; } - $e = YaST::caUtils->transformStringExtension($exts, + $e = YaST::caUtils->transformStringExtension($exts, "nsRenewalUrl", $data->{'nsRenewalUrl'}); if(!defined $e) { return undef; } - $e = YaST::caUtils->transformStringExtension($exts, + $e = YaST::caUtils->transformStringExtension($exts, "nsSslServerName", $data->{'nsSslServerName'}); if(!defined $e) { return undef; } - $e = YaST::caUtils->transformStringExtension($exts, + $e = YaST::caUtils->transformStringExtension($exts, "nsCaPolicyUrl", $data->{'nsCaPolicyUrl'}); if(!defined $e) { @@ -1518,7 +1518,7 @@ my $rgd = undef; eval { - + $rgd = $ca->getRequestDefaults($rtype); if( defined $data->{"keyLength"}) { @@ -1528,20 +1528,20 @@ my $exts = $rgd->getExtensions(); - my $e = YaST::caUtils->transformBasicConstaints($exts, + my $e = YaST::caUtils->transformBasicConstaints($exts, $data->{'basicConstraints'}); if(!defined $e) { return undef; } - $e = YaST::caUtils->transformStringExtension($exts, + $e = YaST::caUtils->transformStringExtension($exts, "nsComment", $data->{'nsComment'}); if(!defined $e) { return undef; } - $e = YaST::caUtils->transformStringExtension($exts, + $e = YaST::caUtils->transformStringExtension($exts, "nsSslServerName", $data->{'nsSslServerName'}); if(!defined $e) { @@ -1582,7 +1582,7 @@ }; if($@) { - + return $self->SetError( summary => __("Modifying RequestGenerationData failed."), description => YaST::caUtils->exception2String($@), code => "LIMAL_CALL_FAILED"); @@ -1613,12 +1613,12 @@ y2error($Varray->getitem($i)); } } - + return $self->SetError( summary => __("Writing the defaults failed."), description => YaST::caUtils->exception2String($@), code => "LIMAL_CALL_FAILED"); } - + return 1; } @@ -1679,8 +1679,8 @@ code => "PARAM_CHECK_FAILED"); } $caName = $data->{"caName"}; - - if (! defined $data->{"type"} || + + if (! defined $data->{"type"} || !grep( ( $_ eq $data->{"type"}), ("parsed", "plain", "extended"))) { # parameter check failed return $self->SetError(summary => __("Invalid value for parameter 'type'."), @@ -1691,22 +1691,22 @@ my $ca = undef; eval { if(defined $data->{'repository'}) { - - $ca = new LIMAL::CaMgm::CA($data->{'caName'}, + + $ca = new LIMAL::CaMgm::CA($data->{'caName'}, $data->{'caPasswd'}, $data->{'repository'}); - + } else { - + $ca = new LIMAL::CaMgm::CA($data->{'caName'}, $data->{'caPasswd'}); - + } my $cert = $ca->getCA(); if ($type eq "parsed" || $type eq "extended") { - + $ret = YaST::caUtils->getParsed($cert); my $repos = "$CAM_ROOT"; if(defined $data->{repository}) { @@ -1725,10 +1725,10 @@ } else { $ret = $cert->getCertificateAsText(); } - + }; if($@) { - + return $self->SetError( summary => __("Parsing the CA failed."), description => YaST::caUtils->exception2String($@), code => "LIMAL_CALL_FAILED"); @@ -1783,7 +1783,7 @@ * extendedKeyUsage -The return value is "undef" on an error and the +The return value is "undef" on an error and the filename(without suffix) of the request on success. The syntax of these values are explained in the @@ -1806,7 +1806,7 @@ }; my $res = YaPI::CaManagement->AddRequest($data); if( not defined $res ) { - # error + # error } else { print "OK Name of the request is: '$res'\n"; } @@ -1854,8 +1854,8 @@ eval { if( defined $data->{'repository'}) { - - $ca = new LIMAL::CaMgm::CA($data->{"caName"}, + + $ca = new LIMAL::CaMgm::CA($data->{"caName"}, $data->{'caPasswd'}, $data->{"repository"}); } else { @@ -1865,7 +1865,7 @@ } }; if($@) { - + return $self->SetError( summary => __("Initializing the CA failed."), description => YaST::caUtils->exception2String($@), code => "LIMAL_CALL_FAILED"); @@ -1873,14 +1873,14 @@ my $rgd = undef; eval { - + $rgd = $ca->getRequestDefaults($LIMAL::CaMgm::E_Client_Req); - + my $dnl = $rgd->getSubjectDN()->getDN(); my @DN_Values = ('countryName', 'stateOrProvinceName', 'localityName', 'organizationName', 'organizationalUnitName', 'commonName', 'emailAddress'); - + for(my $dnit = $dnl->begin(); !$dnl->iterator_equal($dnit, $dnl->end()); $dnl->iterator_incr($dnit)) @@ -1890,7 +1890,7 @@ if($dnl->iterator_value($dnit)->getType() =~ /^$v$/i) { if(defined $data->{$v}) { - + $dnl->iterator_value($dnit)->setRDNValue($data->{$v}); } else { @@ -1928,20 +1928,20 @@ my $exts = $rgd->getExtensions(); - my $e = YaST::caUtils->transformBasicConstaints($exts, + my $e = YaST::caUtils->transformBasicConstaints($exts, $data->{'basicConstraints'}); if(!defined $e) { return undef; } - $e = YaST::caUtils->transformStringExtension($exts, + $e = YaST::caUtils->transformStringExtension($exts, "nsComment", $data->{'nsComment'}); if(!defined $e) { return undef; } - $e = YaST::caUtils->transformStringExtension($exts, + $e = YaST::caUtils->transformStringExtension($exts, "nsSslServerName", $data->{'nsSslServerName'}); if(!defined $e) { @@ -1982,7 +1982,7 @@ }; if($@) { - + return $self->SetError( summary => __("Modifying RequestGenerationData failed."), description => YaST::caUtils->exception2String($@), code => "LIMAL_CALL_FAILED"); @@ -1996,7 +1996,7 @@ }; if($@) { - + return $self->SetError( summary => __("Creating request failed."), description => YaST::caUtils->exception2String($@), code => "LIMAL_CALL_FAILED"); @@ -2010,7 +2010,7 @@ Issue a certificate and returns the name of the new certificate. -In I<$valueMap> you can define the following keys: +In I<$valueMap> you can define the following keys: * caName (required) @@ -2056,10 +2056,10 @@ * crlDistributionPoints -The return value is "undef" on an error and the +The return value is "undef" on an error and the filename(without suffix) of the certificate on success. -The syntax of these values are explained in the +The syntax of these values are explained in the B<COMMON PARAMETER> section. EXAMPLE: @@ -2134,7 +2134,7 @@ eval { if( defined $data->{'repository'}) { - + $ca = new LIMAL::CaMgm::CA($data->{"caName"}, $data->{'caPasswd'}, $data->{"repository"}); } else { @@ -2144,7 +2144,7 @@ } }; if($@) { - + return $self->SetError( summary => __("Initializing the CA failed."), description => YaST::caUtils->exception2String($@), code => "LIMAL_CALL_FAILED"); @@ -2170,56 +2170,56 @@ $cid->setCertifyPeriode($start, $end); my $exts = $cid->getExtensions(); - - my $e = YaST::caUtils->transformBasicConstaints($exts, + + my $e = YaST::caUtils->transformBasicConstaints($exts, $data->{'basicConstraints'}); if(!defined $e) { return undef; } - $e = YaST::caUtils->transformStringExtension($exts, + $e = YaST::caUtils->transformStringExtension($exts, "nsComment", $data->{'nsComment'}); if(!defined $e) { return undef; } - $e = YaST::caUtils->transformStringExtension($exts, + $e = YaST::caUtils->transformStringExtension($exts, "nsBaseUrl", $data->{'nsBaseUrl'}); if(!defined $e) { return undef; } - $e = YaST::caUtils->transformStringExtension($exts, + $e = YaST::caUtils->transformStringExtension($exts, "nsRevocationUrl", $data->{'nsRevocationUrl'}); if(!defined $e) { return undef; } - $e = YaST::caUtils->transformStringExtension($exts, + $e = YaST::caUtils->transformStringExtension($exts, "nsCaRevocationUrl", $data->{'nsCaRevocationUrl'}); if(!defined $e) { return undef; } - $e = YaST::caUtils->transformStringExtension($exts, + $e = YaST::caUtils->transformStringExtension($exts, "nsRenewalUrl", $data->{'nsRenewalUrl'}); if(!defined $e) { return undef; } - $e = YaST::caUtils->transformStringExtension($exts, + $e = YaST::caUtils->transformStringExtension($exts, "nsSslServerName", $data->{'nsSslServerName'}); if(!defined $e) { return undef; } - $e = YaST::caUtils->transformStringExtension($exts, + $e = YaST::caUtils->transformStringExtension($exts, "nsCaPolicyUrl", $data->{'nsCaPolicyUrl'}); if(!defined $e) { @@ -2298,7 +2298,7 @@ }; if($@) { - + return $self->SetError( summary => __("Signing certificate failed."), description => YaST::caUtils->exception2String($@), code => "LIMAL_CALL_FAILED"); @@ -2312,7 +2312,7 @@ Create a new Certificate and returns the name -In I<$valueMap> you can define the following keys: +In I<$valueMap> you can define the following keys: * caName (required) @@ -2381,10 +2381,10 @@ * notext (optional - if set to "1" do not output the text version in the PEM file) -The return value is "undef" on an error and the +The return value is "undef" on an error and the filename(without suffix) of the certificate on success. -The syntax of these values are explained in the +The syntax of these values are explained in the B<COMMON PARAMETER> section. EXAMPLE: @@ -2433,7 +2433,7 @@ if(defined $data->{'repository'}) { - $ca = new LIMAL::CaMgm::CA($data->{'caName'}, + $ca = new LIMAL::CaMgm::CA($data->{'caName'}, $data->{'caPasswd'}, $data->{'repository'}); @@ -2447,12 +2447,12 @@ $ca->deleteRequest($request); }; if($@) { - + # ignore error } return undef; } - + return $certificate; } @@ -2461,19 +2461,19 @@ Returns a list of maps with all certificates of the defined CA. -In I<$valueMap> you can define the following keys: +In I<$valueMap> you can define the following keys: * caName (required) * caPasswd (required) -The syntax of these values are explained in the +The syntax of these values are explained in the B<COMMON PARAMETER> section. The return value is "undef" on an error. -On success it returns an array of hashes with all -certificates of this CA. @ret[0..X] can have the +On success it returns an array of hashes with all +certificates of this CA. @ret[0..X] can have the following Hash keys: * certificate (the name of the certificate) @@ -2531,7 +2531,7 @@ } if (! defined $data->{'caPasswd'} ) { - + return $self->SetError(summary => __("Missing parameter 'caPasswd'."), code => "PARAM_CHECK_FAILED"); } @@ -2540,28 +2540,28 @@ eval { if(defined $data->{'repository'}) { - - $ca = new LIMAL::CaMgm::CA($data->{'caName'}, + + $ca = new LIMAL::CaMgm::CA($data->{'caName'}, $data->{'caPasswd'}, $data->{'repository'}); - + } else { - + $ca = new LIMAL::CaMgm::CA($data->{'caName'}, $data->{'caPasswd'}); - + } - + my $list = $ca->getCertificateList(); - + for(my $listIT = $list->begin(); !$list->iterator_equal($listIT, $list->end()); $list->iterator_incr($listIT)) { - + my $hash = undef; my $map = $list->iterator_value($listIT); - + for(my $mapIT = $map->begin(); !$map->iterator_equal($mapIT, $map->end()); $map->iterator_incr($mapIT)) @@ -2579,7 +2579,7 @@ } }; if($@) { - + return $self->SetError( summary => __("Getting the certificate list failed."), description => YaST::caUtils->exception2String($@), code => "LIMAL_CALL_FAILED"); @@ -2591,9 +2591,9 @@ =item * C<$bool = UpdateDB($valueMap)> -Update the internal openssl database. +Update the internal openssl database. -In I<$valueMap> you can define the following keys: +In I<$valueMap> you can define the following keys: * caName (required) @@ -2601,7 +2601,7 @@ The return value is "undef" on an error and "1" on success. -The syntax of these values are explained in the +The syntax of these values are explained in the B<COMMON PARAMETER> section. EXAMPLE: @@ -2624,7 +2624,7 @@ sub UpdateDB { my $self = shift; my $data = shift; - + if (not defined YaST::caUtils->checkCommonValues($data)) { return $self->SetError(%{YaST::caUtils->Error()}); } @@ -2644,31 +2644,31 @@ my $ca = undef; eval { if(defined $data->{'repository'}) { - - $ca = new LIMAL::CaMgm::CA($data->{'caName'}, + + $ca = new LIMAL::CaMgm::CA($data->{'caName'}, $data->{'caPasswd'}, $data->{'repository'}); - + } else { - + $ca = new LIMAL::CaMgm::CA($data->{'caName'}, $data->{'caPasswd'}); - + } - + my $list = $ca->updateDB(); }; if($@) { - + if( (ref($@) eq "HASH" && $@->{code} == $LIMAL::CaMgm::E_INVALID_PASSWD) || - $@ =~ /invalid.*password/i) + $@ =~ /invalid.*password/i) { # error message; displayed in an popup dialog return $self->SetError( summary => __("Invalid password."), description => YaST::caUtils->exception2String($@), code => "LIMAL_CALL_FAILED"); } - else + else { # error message; displayed in an popup dialog return $self->SetError( summary => __("UpdateDB failed."), @@ -2676,7 +2676,7 @@ code => "LIMAL_CALL_FAILED"); } } - + return 1; } @@ -2685,15 +2685,15 @@ Returns a certificate as plain text or parsed map. -In I<$valueMap> you can define the following keys: +In I<$valueMap> you can define the following keys: * caName (required) * certificate (required - name without suffix) -* type (required - allowed values: "parsed", "extended" or "plain") +* type (required - allowed values: "parsed", "extended" or "plain") -The syntax of these values are explained in the +The syntax of these values are explained in the B<COMMON PARAMETER> section. The return value is "undef" on an error. @@ -2743,15 +2743,15 @@ code => "PARAM_CHECK_FAILED"); } $caName = $data->{"caName"}; - - if (! defined $data->{"type"} || + + if (! defined $data->{"type"} || !grep( ( $_ eq $data->{"type"}), ("parsed", "plain", "extended"))) { # parameter check failed return $self->SetError(summary => __("Invalid value for parameter 'type'."), code => "PARAM_CHECK_FAILED"); } $type = $data->{"type"}; - + if (! defined $data->{"certificate"}) { # parameter check failed return $self->SetError(summary => __("Invalid value for parameter 'certificate'."), @@ -2762,22 +2762,22 @@ my $ca = undef; eval { if(defined $data->{'repository'}) { - - $ca = new LIMAL::CaMgm::CA($data->{'caName'}, + + $ca = new LIMAL::CaMgm::CA($data->{'caName'}, $data->{'caPasswd'}, $data->{'repository'}); - + } else { - + $ca = new LIMAL::CaMgm::CA($data->{'caName'}, $data->{'caPasswd'}); - + } my $cert = $ca->getCertificate($certificate); if ($type eq "parsed" || $type eq "extended") { - + $ret = YaST::caUtils->getParsed($cert); my $repos = "$CAM_ROOT"; if(defined $data->{repository}) { @@ -2796,10 +2796,10 @@ } else { $ret = $cert->getCertificateAsText(); } - + }; if($@) { - + return $self->SetError( summary => __("Parsing the certificate failed."), description => YaST::caUtils->exception2String($@), code => "LIMAL_CALL_FAILED"); @@ -2810,9 +2810,9 @@ =item * C<$bool = RevokeCertificate($valueMap)> -Revoke a certificate. +Revoke a certificate. -In I<$valueMap> you can define the following keys: +In I<$valueMap> you can define the following keys: * caName (required) @@ -2822,7 +2822,7 @@ * crlReason -The syntax of these values are explained in the +The syntax of these values are explained in the B<COMMON PARAMETER> section. The return value is "undef" on an error and "1" on success. @@ -2863,7 +2863,7 @@ code => "CHECK_PARAM_FAILED"); } $caName = $data->{"caName"}; - + if (!defined $data->{"caPasswd"} ) { # parameter check failed return $self->SetError( summary => __("Missing value 'caPasswd'."), @@ -2880,16 +2880,16 @@ my $ca = undef; eval { if(defined $data->{'repository'}) { - - $ca = new LIMAL::CaMgm::CA($data->{'caName'}, + + $ca = new LIMAL::CaMgm::CA($data->{'caName'}, $data->{'caPasswd'}, $data->{'repository'}); - + } else { - + $ca = new LIMAL::CaMgm::CA($data->{'caName'}, $data->{'caPasswd'}); - + } my $reason = new LIMAL::CaMgm::CRLReason(); @@ -2897,11 +2897,11 @@ if (defined $data->{'crlReason'}) { $reason->setReason($data->{'crlReason'}); } - + $ca->revokeCertificate($certificate, $reason); }; if($@) { - + return $self->SetError( summary => __("Revoking the certificate failed."), description => YaST::caUtils->exception2String($@), code => "LIMAL_CALL_FAILED"); @@ -2913,9 +2913,9 @@ =item * C<$bool = AddCRL($valueMap)> -Create a new CRL. +Create a new CRL. -In I<$valueMap> you can define the following keys: +In I<$valueMap> you can define the following keys: * caName (required) @@ -2923,7 +2923,7 @@ * days (required) -The syntax of these values are explained in the +The syntax of these values are explained in the B<COMMON PARAMETER> section. The return value is "undef" on an error and "1" on success. @@ -2961,7 +2961,7 @@ code => "CHECK_PARAM_FAILED"); } $caName = $data->{"caName"}; - + if (!defined $data->{"caPasswd"} ) { return $self->SetError( summary => __("Missing value 'caPasswd'."), code => "CHECK_PARAM_FAILED"); @@ -2975,7 +2975,7 @@ eval { if( defined $data->{'repository'}) { - + $ca = new LIMAL::CaMgm::CA($data->{"caName"}, $data->{'caPasswd'}, $data->{"repository"}); } else { @@ -2985,7 +2985,7 @@ } }; if($@) { - + return $self->SetError( summary => __("Initializing the CA failed."), description => YaST::caUtils->exception2String($@), code => "LIMAL_CALL_FAILED"); @@ -3003,7 +3003,7 @@ ###### we use only the default extensions # # my $exts = $cgd->getExtensions(); - + # my $e = YaST::caUtils->transformAuthorityKeyIdentifier($exts, # $data->{'authorityKeyIdentifier'}); # if(!defined $e) { @@ -3031,7 +3031,7 @@ }; if($@) { - + return $self->SetError( summary => __("Creating the CRL failed."), description => YaST::caUtils->exception2String($@), code => "LIMAL_CALL_FAILED"); @@ -3044,13 +3044,13 @@ Returns a CRL as plain text or parsed map. -In I<$valueMap> you can define the following keys: +In I<$valueMap> you can define the following keys: * caName (required) * type (required - allowed values: "parsed", "extended" or "plain") -The syntax of these values are explained in the +The syntax of these values are explained in the B<COMMON PARAMETER> section. The return value is "undef" on an error. @@ -3098,25 +3098,25 @@ code => "PARAM_CHECK_FAILED"); } $caName = $data->{"caName"}; - - if (! defined $data->{"type"} || + + if (! defined $data->{"type"} || !grep( ($_ eq $data->{"type"}), ("parsed", "plain", "extended"))) { # parameter check failed return $self->SetError(summary => __("Invalid value for parameter 'type'."), code => "PARAM_CHECK_FAILED"); } $type = $data->{"type"}; - + my $ca = undef; eval { if(defined $data->{'repository'}) { - + $ca = new LIMAL::CaMgm::CA($data->{'caName'}, $data->{'caPasswd'}, $data->{'repository'}); - + } else { - + $ca = new LIMAL::CaMgm::CA($data->{'caName'}, $data->{'caPasswd'}); } @@ -3142,26 +3142,26 @@ } } else { - + $ret = $crl->getCRLAsText(); - + } }; if($@) { - + if( (ref($@) eq "HASH" && $@->{code} == $LIMAL::CaMgm::E_FILE_NOT_FOUND) || $@ =~ /RuntimeException: File not found/i) { - + return $self->SetError( summary => __("No CRL available."), code => "LIMAL_CALL_FAILED"); } else { - + return $self->SetError( summary => __("Parsing the CRL failed."), description => YaST::caUtils->exception2String($@), code => "LIMAL_CALL_FAILED"); } } - + return $ret; } @@ -3170,7 +3170,7 @@ Export a CA to a file or returns it in different formats. -In I<$valueMap> you can define the following keys: +In I<$valueMap> you can define the following keys: * caName (required) @@ -3180,6 +3180,10 @@ PEM_CERT (export only the Certificate im PEM format) + PEM_KEY (export the Key unencrypted in PEM Format) + + PEM_ENCKEY (export the Key encrypted in PEM Format) + PEM_CERT_KEY (export the Certificate and the Key unencrypted in PEM Format) PEM_CERT_ENCKEY (export the Certificate and the Key encrypted in PEM Format) @@ -3196,7 +3200,7 @@ The return value is "undef" on an error and "1" on success if destinationFile is defined. If destinationFile is not defined, the CA is directly returned. If the exportFormat is -PEM_CERT_KEY or PEM_CERT_ENCKEY the certificate and the key are returned. +PEM_CERT_KEY or PEM_CERT_ENCKEY the certificate and the key are returned. Because of the PEM format it is easy to split them later. @@ -3266,9 +3270,9 @@ $destinationFile = $data->{'destinationFile'}; } - if (!defined $data->{"exportFormat"} || - !grep( ( $_ eq $data->{"exportFormat"}), - ("PEM_CERT", "PEM_CERT_KEY", "PEM_CERT_ENCKEY", + if (!defined $data->{"exportFormat"} || + !grep( ( $_ eq $data->{"exportFormat"}), + ("PEM_CERT", "PEM_KEY", "PEM_ENCKEY", "PEM_CERT_KEY", "PEM_CERT_ENCKEY", "DER_CERT", "PKCS12", "PKCS12_CHAIN"))) { # parameter check failed return $self->SetError(summary => __("Invalid value for parameter 'exportFormat'."), @@ -3306,7 +3310,7 @@ if ($format eq "PEM_CERT") { eval { - + my $buffer = $ca->exportCACert($LIMAL::CaMgm::E_PEM); if (defined $destinationFile) { @@ -3319,33 +3323,78 @@ } }; if($@) { - + + return $self->SetError( summary => __("Export failed."), + description => YaST::caUtils->exception2String($@), + code => "LIMAL_CALL_FAILED"); + } + } elsif ($format eq "PEM_KEY") { + + eval { + + my $buffer1 = $ca->exportCAKeyAsPEM(""); + + if (defined $destinationFile) { + + LIMAL::CaMgm::LocalManagement::writeFile($buffer1, + $destinationFile); + $ret = 1; + } else { + + $ret = $buffer1->data(); + } + }; + if($@) { + + return $self->SetError( summary => __("Export failed."), + description => YaST::caUtils->exception2String($@), + code => "LIMAL_CALL_FAILED"); + } + } elsif ($format eq "PEM_ENCKEY") { + + eval { + + my $buffer1 = $ca->exportCAKeyAsPEM($data->{'caPasswd'}); + + if (defined $destinationFile) { + + LIMAL::CaMgm::LocalManagement::writeFile($buffer1, + $destinationFile); + $ret = 1; + } else { + + $ret = $buffer1->data(); + } + }; + if($@) { + return $self->SetError( summary => __("Export failed."), description => YaST::caUtils->exception2String($@), code => "LIMAL_CALL_FAILED"); } + } elsif ($format eq "PEM_CERT_KEY") { eval { - + my $buffer1 = $ca->exportCACert($LIMAL::CaMgm::E_PEM); my $buffer2 = $ca->exportCAKeyAsPEM(""); $buffer1->append("\n", 1); $buffer1->append($buffer2->data(), $buffer2->size()); - + if (defined $destinationFile) { LIMAL::CaMgm::LocalManagement::writeFile($buffer1, $destinationFile); $ret = 1; } else { - + $ret = $buffer1->data(); } }; if($@) { - + return $self->SetError( summary => __("Export failed."), description => YaST::caUtils->exception2String($@), code => "LIMAL_CALL_FAILED"); @@ -3353,10 +3402,10 @@ } elsif ($format eq "PEM_CERT_ENCKEY") { eval { - + my $buffer1 = $ca->exportCACert($LIMAL::CaMgm::E_PEM); my $buffer2 = $ca->exportCAKeyAsPEM($data->{'caPasswd'}); - + $buffer1->append("\n", 1); $buffer1->append($buffer2->data(), $buffer2->size()); @@ -3371,7 +3420,7 @@ } }; if($@) { - + return $self->SetError( summary => __("Export failed."), description => YaST::caUtils->exception2String($@), code => "LIMAL_CALL_FAILED"); @@ -3380,7 +3429,7 @@ } elsif ($format eq "DER_CERT") { eval { - + my $buffer = $ca->exportCACert($LIMAL::CaMgm::E_DER); if (defined $destinationFile) { @@ -3393,7 +3442,7 @@ } }; if($@) { - + return $self->SetError( summary => __("Export failed."), description => YaST::caUtils->exception2String($@), code => "LIMAL_CALL_FAILED"); @@ -3407,7 +3456,7 @@ } eval { - + my $buffer = $ca->exportCAasPKCS12($data->{'P12Password'}, 0); @@ -3421,7 +3470,7 @@ } }; if($@) { - + return $self->SetError( summary => __("Export failed."), description => YaST::caUtils->exception2String($@), code => "LIMAL_CALL_FAILED"); @@ -3437,7 +3486,7 @@ eval { - + my $buffer = $ca->exportCAasPKCS12($data->{'P12Password'}, 1); @@ -3451,7 +3500,7 @@ } }; if($@) { - + return $self->SetError( summary => __("Export failed."), description => YaST::caUtils->exception2String($@), code => "LIMAL_CALL_FAILED"); @@ -3465,7 +3514,7 @@ Export a certificate to a file or returns it in different formats. -In I<$valueMap> you can define the following keys: +In I<$valueMap> you can define the following keys: * caName (required) @@ -3479,6 +3528,10 @@ PEM_CERT (export only the Certificate im PEM format) + PEM_KEY (export the Key unencrypted in PEM Format) + + PEM_ENCKEY (export the Key encrypted in PEM Format) + PEM_CERT_KEY (export the Certificate and the Key unencrypted in PEM Format) PEM_CERT_ENCKEY (export the Certificate and the Key encrypted in PEM Format) @@ -3495,7 +3548,7 @@ The return value is "undef" on an error and "1" on success if destinationFile is defined. If destinationFile is not defined, the certificate is directly returned. If the exportFormat is -PEM_CERT_KEY or PEM_CERT_ENCKEY the certificate and the key are returned. +PEM_CERT_KEY or PEM_CERT_ENCKEY the certificate and the key are returned. Because of the PEM format it is easy to split them later. @@ -3553,7 +3606,7 @@ return $self->SetError(summary => __("Invalid value for parameter 'caPasswd'."), code => "PARAM_CHECK_FAILED"); } - + if (! defined $data->{'certificate'}) { # parameter check failed return $self->SetError(summary => __("Invalid value for parameter 'certificate'."), @@ -3579,9 +3632,9 @@ $destinationFile = $data->{'destinationFile'}; } - if (! defined $data->{"exportFormat"} || + if (! defined $data->{"exportFormat"} || !grep( ( $_ eq $data->{"exportFormat"}), - ("PEM_CERT", "PEM_CERT_KEY", "PEM_CERT_ENCKEY", + ("PEM_CERT", "PEM_KEY", "PEM_ENCKEY", "PEM_CERT_KEY", "PEM_CERT_ENCKEY", "DER_CERT", "PKCS12", "PKCS12_CHAIN"))) { # parameter check failed return $self->SetError(summary => __("Invalid value for parameter 'exportFormat'."), @@ -3619,7 +3672,7 @@ if ($format eq "PEM_CERT") { eval { - + my $buffer = $ca->exportCertificate($certificate, $LIMAL::CaMgm::E_PEM); @@ -3633,21 +3686,70 @@ } }; if($@) { - + + return $self->SetError( summary => __("Export failed."), + description => YaST::caUtils->exception2String($@), + code => "LIMAL_CALL_FAILED"); + } + } elsif ($format eq "PEM_KEY") { + + eval { + + my $buffer1 = $ca->exportCertificateKeyAsPEM($certificate, + $keyPasswd, + ""); + + if (defined $destinationFile) { + + LIMAL::CaMgm::LocalManagement::writeFile($buffer1, + $destinationFile); + $ret = 1; + } else { + + $ret = $buffer1->data(); + } + }; + if($@) { + + return $self->SetError( summary => __("Export failed."), + description => YaST::caUtils->exception2String($@), + code => "LIMAL_CALL_FAILED"); + } + + } elsif ($format eq "PEM_ENCKEY") { + + eval { + + my $buffer1 = $ca->exportCertificateKeyAsPEM($certificate, + $keyPasswd, + $keyPasswd); + + if (defined $destinationFile) { + + LIMAL::CaMgm::LocalManagement::writeFile($buffer1, + $destinationFile); + $ret = 1; + } else { + $ret = $buffer1->data(); + } + }; + if($@) { + return $self->SetError( summary => __("Export failed."), description => YaST::caUtils->exception2String($@), code => "LIMAL_CALL_FAILED"); } + } elsif ($format eq "PEM_CERT_KEY") { eval { - + my $buffer1 = $ca->exportCertificate($certificate, $LIMAL::CaMgm::E_PEM); my $buffer2 = $ca->exportCertificateKeyAsPEM($certificate, $keyPasswd, ""); - + $buffer1->append("\n", 1); $buffer1->append($buffer2->data(), $buffer2->size()); @@ -3662,7 +3764,7 @@ } }; if($@) { - + return $self->SetError( summary => __("Export failed."), description => YaST::caUtils->exception2String($@), code => "LIMAL_CALL_FAILED"); @@ -3671,13 +3773,13 @@ } elsif ($format eq "PEM_CERT_ENCKEY") { eval { - + my $buffer1 = $ca->exportCertificate($certificate, $LIMAL::CaMgm::E_PEM); my $buffer2 = $ca->exportCertificateKeyAsPEM($certificate, $keyPasswd, $keyPasswd); - + $buffer1->append("\n", 1); $buffer1->append($buffer2->data(), $buffer2->size()); @@ -3691,7 +3793,7 @@ } }; if($@) { - + return $self->SetError( summary => __("Export failed."), description => YaST::caUtils->exception2String($@), code => "LIMAL_CALL_FAILED"); @@ -3700,7 +3802,7 @@ } elsif ($format eq "DER_CERT") { eval { - + my $buffer = $ca->exportCACert($LIMAL::CaMgm::E_DER); if (defined $destinationFile) { @@ -3713,7 +3815,7 @@ } }; if($@) { - + return $self->SetError( summary => __("Export failed."), description => YaST::caUtils->exception2String($@), code => "LIMAL_CALL_FAILED"); @@ -3728,7 +3830,7 @@ } eval { - + my $buffer = $ca->exportCertificateAsPKCS12($certificate, $keyPasswd, $data->{'P12Password'}, @@ -3744,7 +3846,7 @@ } }; if($@) { - + return $self->SetError( summary => __("Export failed."), description => YaST::caUtils->exception2String($@), code => "LIMAL_CALL_FAILED"); @@ -3758,7 +3860,7 @@ } eval { - + my $buffer = $ca->exportCertificateAsPKCS12($certificate, $keyPasswd, $data->{'P12Password'}, @@ -3774,7 +3876,7 @@ } }; if($@) { - + return $self->SetError( summary => __("Export failed."), description => YaST::caUtils->exception2String($@), code => "LIMAL_CALL_FAILED"); @@ -3788,7 +3890,7 @@ Export a CRL to a file or returns it in different formats. -In I<$valueMap> you can define the following keys: +In I<$valueMap> you can define the following keys: * caName (required) @@ -3803,7 +3905,7 @@ * destinationFile (optional) The return value is "undef" on an error and "1" on success, -if 'destinationFile' is defined. +if 'destinationFile' is defined. If 'destinationFile' is not defined the CRL is returned. EXAMPLE: @@ -3814,7 +3916,7 @@ 'caPasswd' => 'system', 'exportFormat' => $ef, }; - + my $res = YaPI::CaManagement->ExportCRL($data); if( not defined $res ) { # error @@ -3848,14 +3950,14 @@ code => "PARAM_CHECK_FAILED"); } $caName = $data->{"caName"}; - + if (!defined $data->{'caPasswd'}) { # parameter check failed return $self->SetError(summary => __("Invalid value for parameter 'caPasswd'."), code => "PARAM_CHECK_FAILED"); } - - if (!defined $data->{"exportFormat"} || + + if (!defined $data->{"exportFormat"} || !grep( ( $_ eq $data->{"exportFormat"}), ("PEM", "DER"))) { # parameter check failed return $self->SetError(summary => __("Invalid value for parameter 'exportFormat'."), @@ -3906,7 +4008,7 @@ if ($format eq "PEM") { eval { - + my $buffer = $ca->exportCRL($LIMAL::CaMgm::E_PEM); if (defined $destinationFile) { @@ -3919,7 +4021,7 @@ } }; if($@) { - + return $self->SetError( summary => __("Export failed."), description => YaST::caUtils->exception2String($@), code => "LIMAL_CALL_FAILED"); @@ -3928,7 +4030,7 @@ } elsif ($format eq "DER") { eval { - + my $buffer = $ca->exportCRL($LIMAL::CaMgm::E_DER); if (defined $destinationFile) { @@ -3941,7 +4043,7 @@ } }; if($@) { - + return $self->SetError( summary => __("Export failed."), description => YaST::caUtils->exception2String($@), code => "LIMAL_CALL_FAILED"); @@ -3960,7 +4062,7 @@ Verify a certificate. -In I<$valueMap> you can define the following keys: +In I<$valueMap> you can define the following keys: * caName (required) @@ -3988,7 +4090,7 @@ * ocsphelper (OCSP helper) -The syntax of the other values are explained in the +The syntax of the other values are explained in the B<COMMON PARAMETER> section. The return value is "undef" if the verification failed. @@ -4047,7 +4149,7 @@ if( defined $data->{'repository'}) { - $ca = new LIMAL::CaMgm::CA($data->{"caName"}, + $ca = new LIMAL::CaMgm::CA($data->{"caName"}, $data->{'caPasswd'}, $data->{"repository"}); } else { @@ -4058,7 +4160,7 @@ my $purpose = "any"; if(defined $data->{'purpose'} && $data->{'purpose'} ne "") { - if(!grep( ($_ eq $data->{'purpose'}), + if(!grep( ($_ eq $data->{'purpose'}), ("sslclient", "sslserver", "nssslserver", "smimesign", "smimeencrypt", "crlsign", "any", "ocsphelper"))) { @@ -4090,7 +4192,7 @@ create a new CA signed by another CA. -In I<$valueMap> you can define the following keys: +In I<$valueMap> you can define the following keys: * newCaName (required - the name of the new CA) @@ -4156,10 +4258,10 @@ * crlDistributionPoints -The syntax of these values are explained in the +The syntax of these values are explained in the B<COMMON PARAMETER> section. -The return value is "undef" on an the +The return value is "undef" on an the filename(without suffix) of the certificate on success. EXAMPLE: @@ -4182,7 +4284,7 @@ my $res = YaPI::CaManagement->AddSubCA($data); if( not defined $res ) { - # error + # error } else { print "OK '$res'\n"; } @@ -4196,7 +4298,7 @@ my @dn = (); my $caName = ""; my $newCaName = ""; - + if (not defined YaST::caUtils->checkCommonValues($data)) { return $self->SetError(%{YaST::caUtils->Error()}); } @@ -4213,7 +4315,7 @@ code => "CHECK_PARAM_FAILED"); } $newCaName = $data->{"newCaName"}; - + if (!defined $data->{"keyPasswd"}) { return $self->SetError( summary => __("Missing value 'keyPasswd'."), code => "CHECK_PARAM_FAILED"); @@ -4248,19 +4350,19 @@ eval { if( defined $data->{'repository'}) { - - $ca = new LIMAL::CaMgm::CA($data->{"caName"}, + + $ca = new LIMAL::CaMgm::CA($data->{"caName"}, $data->{"caPasswd"}, $data->{"repository"}); } else { - $ca = new LIMAL::CaMgm::CA($data->{"caName"}, + $ca = new LIMAL::CaMgm::CA($data->{"caName"}, $data->{"caPasswd"}); } }; if($@) { - + return $self->SetError( summary => __("Initializing the CA failed."), description => YaST::caUtils->exception2String($@), code => "LIMAL_CALL_FAILED"); @@ -4268,14 +4370,14 @@ my $rgd = undef; eval { - + $rgd = $ca->getRequestDefaults($LIMAL::CaMgm::E_CA_Req); - + my $dnl = $rgd->getSubjectDN()->getDN(); my @DN_Values = ('countryName', 'stateOrProvinceName', 'localityName', 'organizationName', 'organizationalUnitName', 'commonName', 'emailAddress'); - + for(my $dnit = $dnl->begin(); !$dnl->iterator_equal($dnit, $dnl->end()); $dnl->iterator_incr($dnit)) @@ -4285,7 +4387,7 @@ if($dnl->iterator_value($dnit)->getType() =~ /^$v$/i) { if(defined $data->{$v}) { - + $dnl->iterator_value($dnit)->setRDNValue($data->{$v}); } else { @@ -4323,20 +4425,20 @@ my $exts = $rgd->getExtensions(); - my $e = YaST::caUtils->transformBasicConstaints($exts, + my $e = YaST::caUtils->transformBasicConstaints($exts, $data->{'basicConstraints'}); if(!defined $e) { return undef; } - $e = YaST::caUtils->transformStringExtension($exts, + $e = YaST::caUtils->transformStringExtension($exts, "nsComment", $data->{'nsComment'}); if(!defined $e) { return undef; } - $e = YaST::caUtils->transformStringExtension($exts, + $e = YaST::caUtils->transformStringExtension($exts, "nsSslServerName", $data->{'nsSslServerName'}); if(!defined $e) { @@ -4377,7 +4479,7 @@ }; if($@) { - + return $self->SetError( summary => __("Modifying RequestGenerationData failed."), description => YaST::caUtils->exception2String($@), code => "LIMAL_CALL_FAILED"); @@ -4394,56 +4496,56 @@ $cid->setCertifyPeriode($start, $end); my $exts = $cid->getExtensions(); - - my $e = YaST::caUtils->transformBasicConstaints($exts, + + my $e = YaST::caUtils->transformBasicConstaints($exts, $data->{'basicConstraints'}); if(!defined $e) { return undef; } - $e = YaST::caUtils->transformStringExtension($exts, + $e = YaST::caUtils->transformStringExtension($exts, "nsComment", $data->{'nsComment'}); if(!defined $e) { return undef; } - $e = YaST::caUtils->transformStringExtension($exts, + $e = YaST::caUtils->transformStringExtension($exts, "nsBaseUrl", $data->{'nsBaseUrl'}); if(!defined $e) { return undef; } - $e = YaST::caUtils->transformStringExtension($exts, + $e = YaST::caUtils->transformStringExtension($exts, "nsRevocationUrl", $data->{'nsRevocationUrl'}); if(!defined $e) { return undef; } - $e = YaST::caUtils->transformStringExtension($exts, + $e = YaST::caUtils->transformStringExtension($exts, "nsCaRevocationUrl", $data->{'nsCaRevocationUrl'}); if(!defined $e) { return undef; } - $e = YaST::caUtils->transformStringExtension($exts, + $e = YaST::caUtils->transformStringExtension($exts, "nsRenewalUrl", $data->{'nsRenewalUrl'}); if(!defined $e) { return undef; } - $e = YaST::caUtils->transformStringExtension($exts, + $e = YaST::caUtils->transformStringExtension($exts, "nsSslServerName", $data->{'nsSslServerName'}); if(!defined $e) { return undef; } - $e = YaST::caUtils->transformStringExtension($exts, + $e = YaST::caUtils->transformStringExtension($exts, "nsCaPolicyUrl", $data->{'nsCaPolicyUrl'}); if(!defined $e) { @@ -4520,15 +4622,15 @@ $certName = $ca->createSubCA($newCaName, $data->{'keyPasswd'}, $rgd, $cid); - + }; if($@) { - + return $self->SetError( summary => __("Creating the SubCA failed."), description => YaST::caUtils->exception2String($@), code => "LIMAL_CALL_FAILED"); } - + return $certName; } @@ -4537,7 +4639,7 @@ Export a CA in a LDAP Directory. -In I<$valueMap> you can define the following keys: +In I<$valueMap> you can define the following keys: * caName (required) @@ -4551,7 +4653,7 @@ * ldapPasswd (required) -B<destinationDN> is the DN to the entry where to store +B<destinationDN> is the DN to the entry where to store the CA. The following objectClasses are used: * cRLDistributionPoint @@ -4600,10 +4702,10 @@ code => "PARAM_CHECK_FAILED"); } $caName = $data->{'caName'}; - + if (! defined $data->{'ldapHostname'} || - !(IP->Check4($data->{'ldapHostname'}) || - IP->Check6($data->{'ldapHostname'}) || + !(IP->Check4($data->{'ldapHostname'}) || + IP->Check6($data->{'ldapHostname'}) || Hostname->CheckFQ($data->{'ldapHostname'})) ) { # parameter check failed @@ -4613,7 +4715,7 @@ if (! defined $data->{'ldapPort'} || $data->{'ldapPort'} eq "") { - # setting default value + # setting default value $data->{'ldapPort'} = 389; } @@ -4624,7 +4726,7 @@ } my $object = X500::DN->ParseRFC2253($data->{'destinationDN'}); - if (! defined $data->{'destinationDN'} || + if (! defined $data->{'destinationDN'} || $data->{'destinationDN'} eq "" || ! defined $object) { # parameter check failed @@ -4641,24 +4743,24 @@ my $container = ""; for(my $i = scalar($object->getRDNs())-2; $i >= 0; $i--) { - + my @a = $object->getRDN($i)->getAttributeTypes(); - + if($container eq "") { $container = $a[0]."=".$object->getRDN($i)->getAttributeValue($a[0]); } else { $container = $container.",".$a[0]."=".$object->getRDN($i)->getAttributeValue($a[0]); - } + } } - if (! defined $data->{'BindDN'} || + if (! defined $data->{'BindDN'} || $data->{'BindDN'} eq "") { # parameter check failed return $self->SetError(summary => __("Invalid value for parameter 'BindDN'."), code => "PARAM_CHECK_FAILED"); } - if (! defined $data->{'ldapPasswd'} || + if (! defined $data->{'ldapPasswd'} || $data->{'ldapPasswd'} eq "") { # parameter check failed return $self->SetError(summary => __("Invalid value for parameter 'ldapPasswd'."), @@ -4689,7 +4791,7 @@ return $self->SetError(summary => __("Cannot parse the CA certificate."), code => "PARSE_ERROR"); } - + # default is try; disable only, if ldap client says no my $use_tls = "try"; @@ -4697,7 +4799,7 @@ my $ldapMap = Ldap->Export(); if(defined $ldapMap->{ldap_tls}) { if($ldapMap->{ldap_tls} == 1) { - $use_tls = "yes" + $use_tls = "yes" } else { $use_tls = "no"; } @@ -4753,7 +4855,7 @@ # entry exists => we have to modify it $action = "modify"; } - + if($action eq "add") { my $entry = { @@ -4780,11 +4882,11 @@ code => "LDAP_MODIFY_FAILED", description => $ldapERR->{'code'}." : ".$ldapERR->{'msg'}); } - + } else { #this should never happen :-) } - + return 1; } @@ -4793,7 +4895,7 @@ Export a CRL in a LDAP Directory -In I<$valueMap> you can define the following keys: +In I<$valueMap> you can define the following keys: * caName (required) @@ -4807,7 +4909,7 @@ * ldapPasswd (required) -B<destinationDN> is the DN to the entry where to store +B<destinationDN> is the DN to the entry where to store the CA. The following objectClasses are used: * cRLDistributionPoint @@ -4856,10 +4958,10 @@ code => "PARAM_CHECK_FAILED"); } $caName = $data->{'caName'}; - + if (! defined $data->{'ldapHostname'} || - !(IP->Check4($data->{'ldapHostname'}) || - IP->Check6($data->{'ldapHostname'}) || + !(IP->Check4($data->{'ldapHostname'}) || + IP->Check6($data->{'ldapHostname'}) || Hostname->CheckFQ($data->{'ldapHostname'})) ) { # parameter check failed @@ -4869,7 +4971,7 @@ if (! defined $data->{'ldapPort'} || $data->{'ldapPort'} eq "") { - # setting default value + # setting default value $data->{'ldapPort'} = 389; } @@ -4880,7 +4982,7 @@ } my $object = X500::DN->ParseRFC2253($data->{'destinationDN'}); - if (! defined $data->{'destinationDN'} || + if (! defined $data->{'destinationDN'} || $data->{'destinationDN'} eq "" || ! defined $object) { # parameter check failed @@ -4896,9 +4998,9 @@ my $container = ""; for(my $i = scalar($object->getRDNs())-2; $i >= 0; $i--) { - + my @a = $object->getRDN($i)->getAttributeTypes(); - + if($container eq "") { $container = $a[0]."=".$object->getRDN($i)->getAttributeValue($a[0]); } else { @@ -4906,14 +5008,14 @@ } } - if (! defined $data->{'BindDN'} || + if (! defined $data->{'BindDN'} || $data->{'BindDN'} eq "") { # parameter check failed return $self->SetError(summary => __("Invalid value for parameter 'BindDN'."), code => "PARAM_CHECK_FAILED"); } - if (! defined $data->{'ldapPasswd'} || + if (! defined $data->{'ldapPasswd'} || $data->{'ldapPasswd'} eq "") { # parameter check failed return $self->SetError(summary => __("Invalid value for parameter 'ldapPasswd'."), @@ -4952,7 +5054,7 @@ my $ldapMap = Ldap->Export(); if(defined $ldapMap->{ldap_tls} && $ldapMap->{ldap_tls} == 0) { if($ldapMap->{ldap_tls} == 1) { - $use_tls = "yes" + $use_tls = "yes" } else { $use_tls = "no"; } @@ -5022,7 +5124,7 @@ description => $ldapERR->{'code'}." : ".$ldapERR->{'msg'}, code => "LDAP_SEARCH_FAILED"); } - if (! defined $attr->[0]->{"certificateRevocationList;binary"} || + if (! defined $attr->[0]->{"certificateRevocationList;binary"} || $attr->{"certificateRevocationList;binary"} eq "") { $doCRLdp = 1; } @@ -5044,7 +5146,7 @@ description => $ldapERR->{'code'}." : ".$ldapERR->{'msg'}); } - + } elsif ($action eq "modify") { my $entry = { @@ -5056,7 +5158,7 @@ code => "LDAP_MODIFY_FAILED", description => $ldapERR->{'code'}." : ".$ldapERR->{'msg'}); } - + } else { #this should never happen :-) } @@ -5065,7 +5167,7 @@ if ( $doCRLdp ) { # seems to be the first export, so # check for crlDistributionPoint in config template - + my $ca = undef; eval { my $crlDP_client = ""; @@ -5081,7 +5183,7 @@ $crlDP_client = "found"; } - + my $defServer = $ca->getIssueDefaults($LIMAL::CaMgm::E_Server_Cert); if($defServer->getExtensions()->getCRLDistributionPoints()->isPresent() && @@ -5098,63 +5200,63 @@ $crlDP_ca = "found"; } - + if ( (! defined $crlDP_client || $crlDP_client eq "") && (! defined $crlDP_server || $crlDP_server eq "") && - (! defined $crlDP_ca || $crlDP_ca eq "") + (! defined $crlDP_ca || $crlDP_ca eq "") ) { # if all crlDP are not defined or empty, than we can add it automaticaly - + #my $crlDP = "URI:"; my $crlDP .= "ldap://".$data->{'ldapHostname'}.":".$data->{'ldapPort'}."/"; $crlDP .= uri_escape($data->{'destinationDN'}); - + my $list = new LIMAL::CaMgm::LiteralValueList(); $list->push_back(new LIMAL::CaMgm::LiteralValue("URI", $crlDP)); - + # client - + my $cdp = $defClient->getExtensions()->getCRLDistributionPoints(); $cdp->setCRLDistributionPoints($list); - + my $ext = $defClient->getExtensions(); $ext->setCRLDistributionPoints($cdp); - + $defClient->setExtensions($ext); - - # server - + + # server + $cdp = $defServer->getExtensions()->getCRLDistributionPoints(); $cdp->setCRLDistributionPoints($list); - + $ext = $defServer->getExtensions(); $ext->setCRLDistributionPoints($cdp); - + $defServer->setExtensions($ext); - + # ca - + $cdp = $defCA->getExtensions()->getCRLDistributionPoints(); $cdp->setCRLDistributionPoints($list); - + $ext = $defCA->getExtensions(); $ext->setCRLDistributionPoints($cdp); - + $defCA->setExtensions($ext); - + $ca->setIssueDefaults($LIMAL::CaMgm::E_Client_Cert, $defClient); - + $ca->setIssueDefaults($LIMAL::CaMgm::E_Server_Cert, $defServer); - + $ca->setIssueDefaults($LIMAL::CaMgm::E_CA_Cert, $defCA); - + } }; if($@) { - + return $self->SetError( summary => __("Checking for new CRL Distribution Point failed."), description => YaST::caUtils->exception2String($@), code => "LIMAL_CALL_FAILED"); @@ -5215,8 +5317,8 @@ =cut -BEGIN { $TYPEINFO{ReadLDAPExportDefaults} = ["function", - ["map", "string", "any"], +BEGIN { $TYPEINFO{ReadLDAPExportDefaults} = ["function", + ["map", "string", "any"], ["map", "string", "any"] ]; } sub ReadLDAPExportDefaults { my $self = shift; @@ -5236,7 +5338,7 @@ if (defined $data->{'caName'} ) { $caName = $data->{'caName'}; } - + if(!defined $data->{'type'} || !grep( ($_ eq $data->{'type'}), ("ca", "crl", "certificate"))) { return $self->SetError(summary => __("Invalid value for parameter 'type'."), @@ -5255,9 +5357,9 @@ if(defined $data->{'emailAddress'} && $data->{'emailAddress'} ne "") { push(@emailAddresses, $data->{'emailAddress'}); } - + # get other email addresses from subject alt name - if(defined $data->{'subjectAltName'} && + if(defined $data->{'subjectAltName'} && $data->{'subjectAltName'} =~ /email/) { my @eaddr = split(/\s*,\s*/, $data->{'subjectAltName'}); @@ -5282,10 +5384,10 @@ } else { return $self->SetError( summary => __("No LDAP server configured."), code => "HOST_NOT_FOUND"); - } + } if(defined $ldapMap->{ldap_tls} ) { if($ldapMap->{ldap_tls} == 1) { - $use_tls = "yes" + $use_tls = "yes" } else { $use_tls = "no"; } @@ -5298,7 +5400,7 @@ return $self->SetError(summary => __("LDAP initialization failed."), code => "SCR_INIT_FAILED"); } - + # anonymous bind if (! SCR->Execute(".ldap.bind", {}) ) { my $ldapERR = SCR->Read(".ldap.error"); @@ -5309,7 +5411,7 @@ if(defined $type && ($type eq "ca" || $type eq "crl")) { # Is there already a ldapconfig object? - + if(defined $caName && $caName ne "") { $ldapret = SCR->Read(".ldap.search", { "base_dn" => $ldapMap->{'base_config_dn'}, @@ -5328,7 +5430,7 @@ $retMap->{'destinationDN'} = $ldapret->[0]->{suseDefaultBase}; } } - + if(!exists $retMap->{'destinationDN'} || $retMap->{'destinationDN'} eq "") { $ldapret = SCR->Read(".ldap.search", { "base_dn" => $ldapMap->{'base_config_dn'}, @@ -5346,20 +5448,20 @@ $retMap->{'destinationDN'} = $ldapret->[0]->{suseDefaultBase}; } } - + if(!exists $retMap->{'destinationDN'} || $retMap->{'destinationDN'} eq "") { return $self->SetError(summary => __("No configuration available in LDAP."), code => "LDAP_CONFIG_NEEDED"); } - - # complete the destinationDN + + # complete the destinationDN for(my $i = 0; $i < scalar(@{$retMap->{'destinationDN'}}); $i++) { $retMap->{'destinationDN'}->[$i] = "cn=$caName,".$retMap->{'destinationDN'}->[$i]; } } else { # type is certificate - + my $filter = undef; if(defined $emailAddresses[0]) { @@ -5390,7 +5492,7 @@ if(@$ldapret > 0) { $retMap->{'destinationDN'} = $ldapret; } - + } $retMap->{'ldapHostname'} = $ldapMap->{'ldap_server'}; $retMap->{'ldapPort'} = $ldapMap->{'ldap_port'}; @@ -5404,7 +5506,7 @@ Creates the default configuration structure in LDAP -In I<$valueMap> you can define the following keys: +In I<$valueMap> you can define the following keys: * ldapPasswd (required) @@ -5425,7 +5527,7 @@ =cut -BEGIN { $TYPEINFO{InitLDAPcaManagement} = ["function", "boolean", +BEGIN { $TYPEINFO{InitLDAPcaManagement} = ["function", "boolean", ["map", "string", "any"] ]; } sub InitLDAPcaManagement { @@ -5453,16 +5555,16 @@ } else { return $self->SetError( summary => __("No LDAP server configured."), code => "HOST_NOT_FOUND"); - } + } } - + my $ret = Ldap->LDAPInit (); if ($ret ne "") { - + return $self->SetError(summary => __("LDAP initialization failed."), code => "SCR_INIT_FAILED"); } - + # bind if (! SCR->Execute(".ldap.bind", { bind_dn => $ldapMap->{'bind_dn'}, bind_pw => $data->{ldapPasswd} @@ -5474,7 +5576,7 @@ } # search for base_config_dn - $ldapret = SCR->Read(".ldap.search", + $ldapret = SCR->Read(".ldap.search", { "base_dn" => $ldapMap->{'base_config_dn'}, "filter" => 'objectClass=*', @@ -5488,23 +5590,23 @@ Ldap->SetGUI(YaST::YCP::Boolean(0)); Ldap->SetBindPassword($data->{ldapPasswd}); - + if(! Ldap->CheckBaseConfig($ldapMap->{'base_config_dn'})) { Ldap->SetGUI(YaST::YCP::Boolean(1)); return $self->SetError(summary => __("Cannot add base configuration entry."), code => "LDAP_ADD_FAILED"); } Ldap->SetGUI(YaST::YCP::Boolean(1)); - + } else { return $self->SetError(summary => __("LDAP search failed."), code => "LDAP_SEARCH_FAILED", description => $ldapERR->{'code'}." : ".$ldapERR->{'msg'}); } } - + # search for default Config entry - $ldapret = SCR->Read(".ldap.search", + $ldapret = SCR->Read(".ldap.search", { "base_dn" => $ldapMap->{'base_config_dn'}, "filter" => '(& (objectClass=suseCaConfiguration) (cn=defaultCA))', @@ -5520,7 +5622,7 @@ if(@$ldapret <= 0) { my $defaultCAcontainer = "ou=PKI,".$ldapMap->{'ldap_domain'}; - # search for the default CA container + # search for the default CA container $ldapret = SCR->Read(".ldap.search", { "base_dn" => $defaultCAcontainer, "filter" => 'objectClass=*', @@ -5536,9 +5638,9 @@ "objectClass" => [ "organizationalUnit" ], "ou" => "PKI", }; - + $ldapret = SCR->Write(".ldap.add", { dn => $defaultCAcontainer }, $entry); - + if(! defined $ldapret) { my $ldapERR = SCR->Read(".ldap.error"); return $self->SetError(summary => __("Cannot add CA configuration entry."), @@ -5553,9 +5655,9 @@ } # create default CA config entry - $ldapret = SCR->Write(".ldap.add", + $ldapret = SCR->Write(".ldap.add", { dn => "cn=defaultCA,".$ldapMap->{'base_config_dn'}}, - { + { "objectClass" => [ "suseCaConfiguration"], "cn" => "defaultCA", "suseDefaultBase", $defaultCAcontainer @@ -5568,7 +5670,7 @@ description => $ldapERR->{'code'}." : ".$ldapERR->{'msg'}); } } - return 1; + return 1; } @@ -5579,7 +5681,7 @@ is designed for exporting user certificates. The destination entry must have the objectClass 'inetOrgPerson'. -In I<$valueMap> you can define the following keys: +In I<$valueMap> you can define the following keys: * caName (required) @@ -5600,7 +5702,7 @@ * ldapPasswd (required) If the private key of the certificate is available and the -parameter 'caPasswd', 'keyPasswd' and 'p12Passwd' are defined, +parameter 'caPasswd', 'keyPasswd' and 'p12Passwd' are defined, an export in PKCS12 format is also done. The return value is "undef" on an error and "1" on success. @@ -5657,10 +5759,10 @@ if(defined $1 && $1 ne "") { $key = $1; } - + if (! defined $data->{'ldapHostname'} || - !(IP->Check4($data->{'ldapHostname'}) || - IP->Check6($data->{'ldapHostname'}) || + !(IP->Check4($data->{'ldapHostname'}) || + IP->Check6($data->{'ldapHostname'}) || Hostname->CheckFQ($data->{'ldapHostname'})) ) { # parameter check failed @@ -5670,7 +5772,7 @@ if (! defined $data->{'ldapPort'} || $data->{'ldapPort'} eq "") { - # setting default value + # setting default value $data->{'ldapPort'} = 389; } @@ -5680,21 +5782,21 @@ code => "PARAM_CHECK_FAILED"); } - if (! defined $data->{'destinationDN'} || + if (! defined $data->{'destinationDN'} || $data->{'destinationDN'} eq "") { # parameter check failed return $self->SetError(summary => __("Invalid value for parameter 'destinationDN'."), code => "PARAM_CHECK_FAILED"); } - if (! defined $data->{'BindDN'} || + if (! defined $data->{'BindDN'} || $data->{'BindDN'} eq "") { # parameter check failed return $self->SetError(summary => __("Invalid value for parameter 'BindDN'."), code => "PARAM_CHECK_FAILED"); } - if (! defined $data->{'ldapPasswd'} || + if (! defined $data->{'ldapPasswd'} || $data->{'ldapPasswd'} eq "") { # parameter check failed return $self->SetError(summary => __("Invalid value for parameter 'ldapPasswd'."), @@ -5728,7 +5830,7 @@ code => "LIMAL_CALL_FAILED"); } my ($body) = ($crt->data() =~ /-----BEGIN[\s\w]+-----\n([\S\s\n]+)\n-----END[\s\w]+-----/); - + if (! defined $body || $body eq "") { return $self->SetError(summary => __("Cannot parse the certificate."), code => "PARSE_ERROR"); @@ -5741,13 +5843,13 @@ my $ldapMap = Ldap->Export(); if(defined $ldapMap->{ldap_tls}) { if($ldapMap->{ldap_tls} == 1) { - $use_tls = "yes" + $use_tls = "yes" } else { $use_tls = "no"; } } } - + if (! SCR->Execute(".ldap", {"hostname" => $data->{'ldapHostname'}, "port" => $data->{'ldapPort'}, "use_tls" => $use_tls })) { @@ -5776,7 +5878,7 @@ code => "LDAP_SEARCH_FAILED", description => $ldapERR->{'code'}." : ".$ldapERR->{'msg'}); } - + my $entry = { 'userCertificate;binary' => YaST::YCP::Byteblock(decode_base64($body)) }; @@ -5786,7 +5888,7 @@ code => "LDAP_MODIFY_FAILED", description => $ldapERR->{'code'}." : ".$ldapERR->{'msg'}); } - + if ( $exportPKCS12 ) { my $ca = undef; @@ -5804,7 +5906,7 @@ description => YaST::caUtils->exception2String($@), code => "LIMAL_CALL_FAILED"); } - + my $entry = { 'userPKCS12' => YaST::YCP::Byteblock($p12->data()) }; @@ -5816,9 +5918,9 @@ description => $ldapERR->{'code'}." : ".$ldapERR->{'msg'}); } } - + return 1; - + } =item * @@ -5827,7 +5929,7 @@ Delete a Certificate. This function removes also the request and the private key. -In I<$valueMap> you can define the following keys: +In I<$valueMap> you can define the following keys: * caName (required) @@ -5835,7 +5937,7 @@ * caPasswd (required) -The syntax of these values are explained in the +The syntax of these values are explained in the B<COMMON PARAMETER> section. The return value is "undef" on an error and "1" on success. @@ -5876,14 +5978,14 @@ code => "PARAM_CHECK_FAILED"); } $caName = $data->{'caName'}; - + if (!defined $data->{'certificate'}) { # parameter check failed return $self->SetError(summary => __("Invalid value for parameter 'certificate'."), code => "PARAM_CHECK_FAILED"); } $certificate = $data->{'certificate'}; - + my $ca = undef; eval { @@ -5918,7 +6020,7 @@ code => "LIMAL_CALL_FAILED"); } - return 1; + return 1; } @@ -5936,7 +6038,7 @@ The private key is copied to '/etc/ssl/servercerts/serverkey.pem' . The private key is unencrypted and only for B<root> readable. -In I<$valueMap> you can define the following keys: +In I<$valueMap> you can define the following keys: * inFile (required) @@ -5945,7 +6047,7 @@ B<inFile> is the path to a certificate in PKCS12 format. B<passwd> is the password which is needed to decrypt the PKCS12 -certificate. A second password is not needed, because the private +certificate. A second password is not needed, because the private key will be unencrypted. The return value is "undef" on an error and "1" on success. @@ -5967,9 +6069,9 @@ =cut BEGIN { $TYPEINFO{ImportCommonServerCertificate} = [ - "function", - "boolean", - ["map", "string", "any"] + "function", + "boolean", + ["map", "string", "any"] ]; } sub ImportCommonServerCertificate { my $self = shift; @@ -6118,7 +6220,7 @@ } if($data->{datatype} eq "CERTIFICATE") { - + my $cert = LIMAL::CaMgm::LocalManagement::getCertificate($data->{inFile}, $inForm); @@ -6139,10 +6241,10 @@ } if($type eq "extended") { - + $ret = YaST::caUtils->extensionParsing($ret); } - + } else { $ret = $cert->getCertificateAsText(); } @@ -6152,7 +6254,7 @@ $inForm); if ($type eq "parsed" || $type eq "extended") { - + $ret = YaST::caUtils->getParsedCRL($crl); @@ -6168,16 +6270,16 @@ } if($type eq "extended") { - + $ret = YaST::caUtils->extensionParsing($ret); } - + } else { - + $ret = $crl->getCRLAsText(); - + } - + } elsif($data->{datatype} eq "REQUEST") { my $req = LIMAL::CaMgm::LocalManagement::getRequest($data->{inFile}, @@ -6199,17 +6301,17 @@ } if($type eq "extended") { - + $ret = YaST::caUtils->extensionParsing($ret); } - + } else { $ret = $req->getRequestAsText(); } } }; if($@) { - + return $self->SetError( summary => __("Parsing failed."), description => YaST::caUtils->exception2String($@), code => "LIMAL_CALL_FAILED"); @@ -6223,15 +6325,15 @@ Returns a request as plain text or parsed map. -In I<$valueMap> you can define the following keys: +In I<$valueMap> you can define the following keys: * caName (required) * request (required - name without suffix) -* type (required - allowed values: "parsed", "extended" or "plain") +* type (required - allowed values: "parsed", "extended" or "plain") -The syntax of these values are explained in the +The syntax of these values are explained in the B<COMMON PARAMETER> section. The return value is "undef" on an error. @@ -6281,15 +6383,15 @@ code => "PARAM_CHECK_FAILED"); } $caName = $data->{"caName"}; - - if (! defined $data->{"type"} || + + if (! defined $data->{"type"} || !grep( ( $_ eq $data->{"type"}), ("parsed", "plain", "extended"))) { # parameter check failed return $self->SetError(summary => __("Invalid value for parameter 'type'."), code => "PARAM_CHECK_FAILED"); } $type = $data->{"type"}; - + if (! defined $data->{"request"}) { # parameter check failed return $self->SetError(summary => __("Invalid value for parameter 'request'."), @@ -6351,17 +6453,17 @@ Returns a list of maps with all requests of the defined CA. -In I<$valueMap> you can define the following keys: +In I<$valueMap> you can define the following keys: * caName (required) -The syntax of these values are explained in the +The syntax of these values are explained in the B<COMMON PARAMETER> section. The return value is "undef" on an error. -On success it returns an array of hashes with all -requests of this CA. @ret[0..X] can have the +On success it returns an array of hashes with all +requests of this CA. @ret[0..X] can have the following Hash keys: * request (the name of the certificate) @@ -6420,15 +6522,15 @@ my $ca = undef; eval { if(defined $data->{'repository'}) { - - $ca = new LIMAL::CaMgm::CA($data->{'caName'}, + + $ca = new LIMAL::CaMgm::CA($data->{'caName'}, $data->{'caPasswd'}, $data->{'repository'}); - + } else { $ca = new LIMAL::CaMgm::CA($data->{'caName'}, $data->{'caPasswd'}); - + } my $list = $ca->getRequestList(); @@ -6466,18 +6568,18 @@ Import a request in a CA repository. -In I<$valueMap> you can define the following keys: +In I<$valueMap> you can define the following keys: * caName (required) -* inFile +* inFile * data * importFormat (default PEM) B<inFile> is the path to a request. -B<data> the request data directly +B<data> the request data directly One of B<inFile> or B<data> is required. @@ -6503,9 +6605,9 @@ =cut BEGIN { $TYPEINFO{ImportRequest} = [ - "function", - "string", - ["map", "string", "any"] + "function", + "string", + ["map", "string", "any"] ]; } sub ImportRequest { my $self = shift; @@ -6531,7 +6633,7 @@ $data->{inFile}), code => "FILE_DOES_NOT_EXIST"); } - + $data->{data} = SCR->Read(".target.string",$data->{inFile}); if(! defined $data->{data}) { return $self->SetError(summary => __("Cannot read the request."), @@ -6565,20 +6667,20 @@ description => YaST::caUtils->exception2String($@), code => "LIMAL_CALL_FAILED"); } - + eval { my $byteBuffer = new LIMAL::ByteBuffer($data->{data}, length($data->{data})); - + if(defined $data->{importFormat} && $data->{importFormat} eq "DER") { - - $ret = $ca->importRequestData($byteBuffer, + + $ret = $ca->importRequestData($byteBuffer, $LIMAL::CaMgm::E_DER); - + } else { - - $ret = $ca->importRequestData($byteBuffer, + + $ret = $ca->importRequestData($byteBuffer, $LIMAL::CaMgm::E_PEM); - + } }; if($@) { @@ -6587,7 +6689,7 @@ description => YaST::caUtils->exception2String($@), code => "LIMAL_CALL_FAILED"); } - + return $ret; } @@ -6598,7 +6700,7 @@ Delete a Request. This function removes also the private key if one is available. -In I<$valueMap> you can define the following keys: +In I<$valueMap> you can define the following keys: * caName (required) @@ -6606,7 +6708,7 @@ * request (required) -The syntax of these values are explained in the +The syntax of these values are explained in the B<COMMON PARAMETER> section. The return value is "undef" on an error and "1" on success. @@ -6647,14 +6749,14 @@ code => "PARAM_CHECK_FAILED"); } $caName = $data->{'caName'}; - + if (!defined $data->{'request'}) { # parameter check failed return $self->SetError(summary => __("Invalid value for parameter 'request'."), code => "PARAM_CHECK_FAILED"); } $req = $data->{'request'}; - + my $ca = undef; eval { if(defined $data->{'repository'}) { @@ -6678,17 +6780,17 @@ description => YaST::caUtils->exception2String($@), code => "LIMAL_CALL_FAILED"); } - return 1; + return 1; } =item * C<$bool = ImportCA($valueMap)> -Import a CA certificate and private key and creates a +Import a CA certificate and private key and creates a infrastructure. -In I<$valueMap> you can define the following keys: +In I<$valueMap> you can define the following keys: * caName (required - A name for this CA) @@ -6722,9 +6824,9 @@ sub ImportCA { my $self = shift; my $data = shift; - + my $caName = ""; - + if (not defined YaST::caUtils->checkCommonValues($data)) { return $self->SetError(%{YaST::caUtils->Error()}); } @@ -6745,7 +6847,7 @@ return $self->SetError(summary => __("Invalid value for parameter 'caKey'."), code => "PARAM_CHECK_FAILED"); } - + my $size = SCR->Read(".target.size", $data->{caKey}); if ($size <= 0) { return $self->SetError(summary => sprintf( @@ -6764,13 +6866,13 @@ my $cert = LIMAL::CaMgm::LocalManagement::readFile($data->{caCertificate}); my $key = LIMAL::CaMgm::LocalManagement::readFile($data->{caKey}); - if( defined $data->{'repository'}) + if( defined $data->{'repository'}) { LIMAL::CaMgm::CA::importCA($caName, $cert, $key, $data->{caPasswd}, $data->{"repository"}); } - else + else { LIMAL::CaMgm::CA::importCA($caName, $cert, $key, $data->{caPasswd}); @@ -6792,7 +6894,7 @@ Delete a Certificate Authority infrastructure -In I<$valueMap> you can define the following keys: +In I<$valueMap> you can define the following keys: * caName (required - A name for this CA) @@ -6801,8 +6903,8 @@ * force (0/1 default is 0) Normaly you can only delete a CA if the CA certificate is expired or -you have never signed a certificate with this CA. In all other cases -you have to set the force parameter to 1 if you realy want to delete +you have never signed a certificate with this CA. In all other cases +you have to set the force parameter to 1 if you realy want to delete the CA and you know what you are doing. The return value is "undef" on an error and "1" on success. @@ -6827,7 +6929,7 @@ sub DeleteCA { my $self = shift; my $data = shift; - + my $caName = ""; my $doDelete = 0; @@ -6848,7 +6950,7 @@ code => "PARAM_CHECK_FAILED"); } - if(exists $data->{force} && + if(exists $data->{force} && defined $data->{force} && $data->{force} == 1) { # force delete @@ -6861,7 +6963,7 @@ if( defined $data->{'repository'}) { - LIMAL::CaMgm::CA::deleteCA($caName, + LIMAL::CaMgm::CA::deleteCA($caName, $data->{caPasswd}, $doDelete, $data->{"repository"}); @@ -6906,7 +7008,7 @@ * issuerAltName -The syntax of these values are explained in the +The syntax of these values are explained in the B<COMMON PARAMETER> section. EXAMPLE: @@ -6916,7 +7018,7 @@ my $data = { 'caName' => 'My_CA' } - $crlValueMap = YaPI::CaManagement->ReadCRLDefaults($data) + $crlValueMap = YaPI::CaManagement->ReadCRLDefaults($data) if( not defined $crlValueMap ) { # error } else { @@ -6926,7 +7028,7 @@ =cut BEGIN { $TYPEINFO{ReadCRLDefaults} = [ - "function", + "function", ["map", "string", "any"], ["map", "string", "any"] ]; } @@ -6958,21 +7060,21 @@ eval { if(defined $data->{'repository'}) { - - $ca = new LIMAL::CaMgm::CA($data->{'caName'}, + + $ca = new LIMAL::CaMgm::CA($data->{'caName'}, $data->{'caPasswd'}, $data->{'repository'}); } else { - + $ca = new LIMAL::CaMgm::CA($data->{'caName'}, $data->{'caPasswd'}); - + } - + $cgd = $ca->getCRLDefaults(); - + my $crlExt = $cgd->getExtensions(); - + my $e = YaST::caUtils->extractAuthorityKeyIdentifier($crlExt->getAuthorityKeyIdentifier(), $ret); if(!defined $e) { @@ -7019,7 +7121,7 @@ * issuerAltName -The syntax of these values are explained in the +The syntax of these values are explained in the B<COMMON PARAMETER> section. The return value is "undef" on an error and "1" on success. @@ -7028,7 +7130,7 @@ my $data = { 'caName' => 'My_CA', - 'days' => '7' + 'days' => '7' }; my $res = YaPI::CaManagement->WriteCRLDefaults($data); if( not defined $res ) { @@ -7050,7 +7152,7 @@ if (not defined YaST::caUtils->checkCommonValues($data)) { return $self->SetError(%{YaST::caUtils->Error()}); } - + # checking requires if (!defined $data->{"caName"}) { # parameter check failed @@ -7058,19 +7160,19 @@ code => "CHECK_PARAM_FAILED"); } $caName = $data->{"caName"}; - + my $ca = undef; eval { - + if( defined $data->{'repository'}) { - - $ca = new LIMAL::CaMgm::CA($data->{"caName"}, + + $ca = new LIMAL::CaMgm::CA($data->{"caName"}, $data->{'caPasswd'}, $data->{"repository"}); } else { - + $ca = new LIMAL::CaMgm::CA($data->{"caName"}, $data->{'caPasswd'}); - + } }; if($@) { @@ -7090,7 +7192,7 @@ } my $exts = $cgd->getExtensions(); - + my $e = YaST::caUtils->transformAuthorityKeyIdentifier($exts, $data->{'authorityKeyIdentifier'}); if(!defined $e) { @@ -7106,18 +7208,18 @@ $cgd->setExtensions($exts); }; if($@) { - + return $self->SetError( summary => __("Modifying CRLGenerationData failed."), description => YaST::caUtils->exception2String($@), code => "LIMAL_CALL_FAILED"); } - + eval { $ca->setCRLDefaults($cgd); }; if($@) { - + return $self->SetError( summary => __("Writing the defaults failed."), description => YaST::caUtils->exception2String($@), code => "LIMAL_CALL_FAILED"); @@ -7144,7 +7246,7 @@ * newPasswd -The syntax of these values are explained in the +The syntax of these values are explained in the B<COMMON PARAMETER> section. The return value is "undef" on an error and "1" on success. @@ -7195,20 +7297,20 @@ { $data->{algorithm} = "des3"; } - + my $oldkey = ""; my $keyfilename = ""; - + if(defined $certificate && $certificate ne "") { my $keyname = ""; - + if($certificate =~ /:([0-9a-fA-F-]+)/) { $keyname = $1; } $keyfilename = "$repos/$caName/keys/$keyname.key"; - + if( -e $keyfilename) { $oldkey = LIMAL::CaMgm::LocalManagement::readFile($keyfilename); @@ -7224,7 +7326,7 @@ { # certificate empty == cpw on the cakey $keyfilename = "$repos/$caName/cacert.key"; - + if( -e $keyfilename) { $oldkey = LIMAL::CaMgm::LocalManagement::readFile($keyfilename); @@ -7236,14 +7338,14 @@ code => "FILE_DOES_NOT_EXIST"); } } - + $newkey = LIMAL::CaMgm::LocalManagement::rsaConvert($oldkey, $LIMAL::CaMgm::E_PEM, $LIMAL::CaMgm::E_PEM, $data->{oldPasswd}, $data->{newPasswd}, $data->{algorithm}); - + LIMAL::CaMgm::LocalManagement::writeFile($newkey, $keyfilename, 1); Modified: trunk/ca-management/src/new_cert_read_write.ycp URL: http://svn.opensuse.org/viewcvs/yast/trunk/ca-management/src/new_cert_read_write.ycp?rev=60358&r1=60357&r2=60358&view=diff ============================================================================== --- trunk/ca-management/src/new_cert_read_write.ycp (original) +++ trunk/ca-management/src/new_cert_read_write.ycp Thu Jan 14 12:53:46 2010 @@ -125,7 +125,7 @@ if (kind == "Sub CA" || kind == "Sub CA Request") { - ret = (map) YaPI::CaManagement::ReadCertificateDefaults ($["caName": CaMgm::currentCA, + ret = (map) YaPI::CaManagement::ReadCertificateDefaults ($["caName": CaMgm::currentCA, "caPasswd":getPassword(CaMgm::currentCA), "certType":"ca"]); y2milestone("ReadCertificateDefaults(%1): %2", @@ -135,7 +135,7 @@ if (kind == "Server Certificate" ||kind == "Server Request") { - ret = (map) YaPI::CaManagement::ReadCertificateDefaults ($["caName": CaMgm::currentCA, + ret = (map) YaPI::CaManagement::ReadCertificateDefaults ($["caName": CaMgm::currentCA, "caPasswd":getPassword(CaMgm::currentCA), "certType":"server"]); y2milestone("ReadCertificateDefaults(%1): %2", @@ -145,7 +145,7 @@ if (kind == "Client Certificate" ||kind == "Client Request") { - ret = (map) YaPI::CaManagement::ReadCertificateDefaults ($["caName": CaMgm::currentCA, + ret = (map) YaPI::CaManagement::ReadCertificateDefaults ($["caName": CaMgm::currentCA, "caPasswd":getPassword(CaMgm::currentCA), "certType":"client"]); y2milestone("ReadCertificateDefaults(%1): %2", @@ -701,7 +701,7 @@ else { // Certificates, Sub-CAs, Requests - map ret = (map) YaPI::CaManagement::ReadCA ($["caName":CaMgm::currentCA, + map ret = (map) YaPI::CaManagement::ReadCA ($["caName":CaMgm::currentCA, "caPasswd":getPassword(CaMgm::currentCA), "type":"parsed"]); y2milestone("ReadCA(%1): %2", CaMgm::currentCA, ret); @@ -758,7 +758,7 @@ param["caPasswd"] = getPassword(CaMgm::currentCA); //param["notext"] = "1"; foreach(map elem, CaMgm::prop_subject_alt_name_list, { - CaMgm::adv_subject_alt_name_list = add (CaMgm::adv_subject_alt_name_list, elem); + CaMgm::adv_subject_alt_name_list = add (CaMgm::adv_subject_alt_name_list, elem); }); } if (kind == "Client Certificate") @@ -1297,7 +1297,7 @@ // fillup parameters depending on kind param["caName"] = CaMgm::currentCA; - // set the real password later. + // set the real password later. param["caPasswd"] = "<was set>"; param["certType"] = kindmap[CaMgm::currentDefault]:""; @@ -1324,7 +1324,7 @@ { param["basicConstraints"] = param["basicConstraints"]:"" + ", pathlen:" + tostring(CaMgm::adv_pathlenValue); - } + } if (CaMgm::adv_cri_nsComment) { Modified: trunk/ca-management/src/util.ycp URL: http://svn.opensuse.org/viewcvs/yast/trunk/ca-management/src/util.ycp?rev=60358&r1=60357&r2=60358&view=diff ============================================================================== --- trunk/ca-management/src/util.ycp (original) +++ trunk/ca-management/src/util.ycp Thu Jan 14 12:53:46 2010 @@ -11,10 +11,10 @@ textdomain "ca-management"; - import "CaMgm"; + import "CaMgm"; import "Label"; import "Popup"; - import "Wizard"; + import "Wizard"; import "Hostname"; import "YaPI::CaManagement"; @@ -51,7 +51,7 @@ { first = first + 1; } - + while(last >= 0 && isBlank(substring(str, last, 1))) { last = last - 1; @@ -63,7 +63,7 @@ return ""; } - + /** * Asking for a existing or new file * @param flag new file, filter, headline @@ -74,7 +74,7 @@ string headline) ``{ map display = UI::GetDisplayInfo (); string ret = ""; - + if (SCR::Read (.target.size, "/opt/kde3/bin/kfiledialog") > 0 && strip (getenv ("KDE_FULL_SESSION")) == "true" && !display["TextMode"]:false) @@ -94,14 +94,14 @@ } else { - ret = UI::AskForExistingFile( ".", filterString, headline ); + ret = UI::AskForExistingFile( ".", filterString, headline ); } } return ret; } - + /** * Creates Country items * @return a list country items formated for a UI table @@ -118,14 +118,14 @@ country_map, { return v; }); name_list = sort (name_list); - + foreach (string name, name_list, ``{ result = add (result, `item (`id (country_index[name]:""), name , CaMgm::country == country_index[name]:"") ); }); return result; } - + /** * See RFC 2822, 3.4 @@ -157,7 +157,7 @@ { title = _("Change CA Password"); } - + // asking user UI::OpenDialog (`opt(`decorated ), `HBox( `HSpacing(2), @@ -175,12 +175,12 @@ `HStretch(), `PushButton (`id(`cancel), `opt( `key_F9), Label::AbortButton()) ), - `VSpacing (1) + `VSpacing (1) ), `HSpacing (2) ) ); - + UI::SetFocus (`id(`oldpw)); symbol ui = nil; repeat @@ -228,7 +228,7 @@ if(certificate == "") { CaMgm::passwdMap[CAname] = newPassword; - Popup::Message(_("CA Password changed.")); + Popup::Message(_("CA Password changed.")); } else { @@ -241,17 +241,17 @@ until (contains ([`ok, `cancel], ui)); UI::CloseDialog (); } - + /** * Dialog for asking a CA password. Returns the password * without asking if is has already input before. - * @param CAname + * @param CAname * @return string password */ define string getPassword(string CAname)``{ string password = nil; - + if (!haskey(CaMgm::passwdMap, CAname)) { // asking user @@ -263,13 +263,13 @@ `Heading (_("Enter CA Password")), `VSpacing (1), `Password( `id (`entry), `opt(`hstretch), _("&Password:")), - `VSpacing (1), + `VSpacing (1), `HBox ( // push button label `PushButton (`id(`ok), `opt(`default, `key_F10), Label::OKButton()), `HStretch(), `PushButton (`id(`cancel), `opt( `key_F9), Label::AbortButton()) ), - `VSpacing (1) + `VSpacing (1) ), `HSpacing (2) ) @@ -313,13 +313,13 @@ // already available password = CaMgm::passwdMap[CAname]:""; } - + return password; } /** * Dialog for exporting CA/Certificate/CRL to LDAP - * + * * @param "CA" "CRL" "CERT" "subjectAltName" * @return true ( success ) */ @@ -336,9 +336,9 @@ y2milestone ("exportToLDAP type: %1; CAname: %2, commonName: %3, email: %4, certificate: %5, subjectAltName: %6", kind,CAname,commonName,email,certificate,subjectAltName); - - passwordTerm = add (passwordTerm, `Password(`id (`password), `opt(`hstretch), _("LDAP P&assword:"))); - + + passwordTerm = add (passwordTerm, `Password(`id (`password), `opt(`hstretch), _("LDAP P&assword:"))); + if (kind == "CERT") { if (size (subjectAltName) > 0) @@ -355,7 +355,7 @@ "caName":CAname, "commonName":commonName, "emailAddress":email]); - } + } passwordTerm = add (passwordTerm, `Password( `id (`keyPasswd), `opt(`hstretch), _("Certificate &Password:"))); passwordTerm = add (passwordTerm, `HBox( `Password( `id (`p12Passwd), `opt(`hstretch), _("&New Password:")), @@ -381,7 +381,7 @@ "commonName":commonName, "emailAddress":email, "subjectAltName":subjectAltName], - messageMap); + messageMap); } else { @@ -389,7 +389,7 @@ $["type":kindmap[kind]:"", "caName":CAname], messageMap); } - + if (messageMap["code"]:"" == "LDAP_CONFIG_NEEDED") { UI::OpenDialog (`opt(`decorated ), @@ -403,13 +403,13 @@ ")), `VSpacing (1), `Password( `id (`password), `opt(`hstretch), _("P&assword:")), - `VSpacing (1), + `VSpacing (1), `HBox ( // push button label `PushButton (`id(`ok), `opt(`default, `key_F10), Label::OKButton()), `HStretch(), `PushButton (`id(`cancel), `opt( `key_F9), Label::AbortButton()) ), - `VSpacing (1) + `VSpacing (1) ), `HSpacing (2) ) @@ -426,7 +426,7 @@ if (YaPI::CaManagement::InitLDAPcaManagement($["ldapPasswd":password])) { if (kind == "CERT") - { + { defaultv = YaPI::CaManagement::ReadLDAPExportDefaults ($["type":kindmap[kind]:"", "caName":CAname, "commonName":commonName, @@ -436,11 +436,11 @@ { defaultv = YaPI::CaManagement::ReadLDAPExportDefaults ($["type":kindmap[kind]:"", "caName":CAname]); - } + } } else { - showErrorCaManagement (); + showErrorCaManagement (); } } } @@ -451,8 +451,8 @@ if (defaultv == nil) { - showErrorCaManagement (); - } + showErrorCaManagement (); + } else { hostname = defaultv["ldapHostname"]:""; @@ -462,7 +462,7 @@ } y2milestone("ReadLDAPExportDefaults() returned %1", defaultv); - + UI::OpenDialog (`opt(`decorated ), `HBox( `HSpacing(2), `VBox ( @@ -475,13 +475,13 @@ `HBox (`HWeight (1, `ComboBox( `id (`dn), `opt(`editable), _("&DN:"), dn))), `TextEntry( `id (`binddn), _("&Bind DN:"), binddn), passwordTerm, - `VSpacing (1), + `VSpacing (1), `HBox ( // push button label `PushButton (`id(`ok), `opt(`default, `key_F10), Label::OKButton()), `HStretch(), `PushButton (`id(`cancel), `opt( `key_F9), Label::AbortButton()) ), - `VSpacing (1) + `VSpacing (1) ), `HSpacing (2) ) @@ -492,13 +492,13 @@ repeat { ui = (symbol) UI::UserInput (); - + password = (string) UI::QueryWidget(`id(`password), `Value); hostname = (string) UI::QueryWidget(`id(`hostname), `Value); port = (string) UI::QueryWidget(`id(`port), `Value); string stringDN = (string) UI::QueryWidget(`id(`dn), `Value); - binddn = (string) UI::QueryWidget(`id(`binddn), `Value); - + binddn = (string) UI::QueryWidget(`id(`binddn), `Value); + if (ui == `cancel) { password = nil; @@ -602,14 +602,18 @@ `Heading (_("Export CA to File")), `VSpacing (1), `Frame ( _("Export Format"), - `RadioButtonGroup(`id(`rb), + `RadioButtonGroup(`id(`rb), `VBox( `Left(`RadioButton(`id(`PEM_CERT), `opt(`notify), _("O&nly the Certificate in PEM Format"), true)), - `Left(`RadioButton(`id(`PEM_CERT_KEY), `opt(`notify), - _("Ce&rtificate and the Key Unencrypted in PEM Format"))), - `Left(`RadioButton(`id(`PEM_CERT_ENCKEY), `opt(`notify), - _("C&ertificate and the Key Encrypted in PEM Format"))), + `Left(`RadioButton(`id(`PEM_KEY), `opt(`notify), + _("Only the Key &Unencrypted in PEM Format"))), + `Left(`RadioButton(`id(`PEM_ENCKEY), `opt(`notify), + _("Only the &Key Encrypted in PEM Format"))), + `Left(`RadioButton(`id(`PEM_CERT_KEY), `opt(`notify), + _("Ce&rtificate and the Key Unencrypted in PEM Format"))), + `Left(`RadioButton(`id(`PEM_CERT_ENCKEY), `opt(`notify), + _("C&ertificate and the Key Encrypted in PEM Format"))), `Left(`RadioButton(`id(`DER_CERT), `opt(`notify), _("&Certificate in DER Format"))), `Left(`RadioButton(`id(`PKCS12), `opt(`notify), @@ -622,21 +626,21 @@ `HBox( `Password( `id (`PK12password), `opt(`hstretch), _("&New Password")), `Password( `id (`verifyPassword), `opt(`hstretch), _("&Verify Password")) - ), - `HBox ( + ), + `HBox ( `HWeight(1, `TextEntry( `id (`filename), _("&File Name:"))), `VBox( `Label(""), `PushButton (`id(`browse), `opt( `notify), Label::BrowseButton()) ) - ), - `VSpacing (1), + ), + `VSpacing (1), `HBox ( // push button label `PushButton (`id(`ok), `opt(`default, `key_F10), Label::OKButton()), `HStretch(), `PushButton (`id(`cancel), `opt( `key_F9), Label::AbortButton()) ), - `VSpacing (1) + `VSpacing (1) ), `HSpacing (2) ) @@ -644,41 +648,45 @@ symbol ui = nil; UI::ChangeWidget (`id (`PK12password), `Enabled, false); - UI::ChangeWidget (`id (`verifyPassword), `Enabled, false); + UI::ChangeWidget (`id (`verifyPassword), `Enabled, false); repeat { ui = (symbol) UI::UserInput (); map kindmap = $[`PEM_CERT:"PEM_CERT", - `PEM_CERT_KEY:"PEM_CERT_KEY", - `PEM_CERT_ENCKEY:"PEM_CERT_ENCKEY", + `PEM_KEY:"PEM_KEY", + `PEM_ENCKEY:"PEM_ENCKEY", + `PEM_CERT_KEY:"PEM_CERT_KEY", + `PEM_CERT_ENCKEY:"PEM_CERT_ENCKEY", `DER_CERT:"DER_CERT", `PKCS12:"PKCS12", `PKCS12_CHAIN:"PKCS12_CHAIN"]; - + string kind = kindmap[(symbol) UI::QueryWidget(`id(`rb), `CurrentButton)]:""; map filtermap = $[`PEM_CERT:"*.pem *.crt *", - `PEM_CERT_KEY:"*.pem *.crt *", - `PEM_CERT_ENCKEY:"*.pem *.crt *", + `PEM_KEY:"*.pem *.key *", + `PEM_ENCKEY:"*.pem *.key *", + `PEM_CERT_KEY:"*.pem *.crt *", + `PEM_CERT_ENCKEY:"*.pem *.crt *", `DER_CERT:"*.der *.crt *", `PKCS12:"*.p12 *.crt *", `PKCS12_CHAIN:"*.p12 *.crt *"]; - + string filterString = filtermap[(symbol) UI::QueryWidget(`id(`rb), - `CurrentButton)]:"*"; + `CurrentButton)]:"*"; if (kind == "PKCS12" || kind == "PKCS12_CHAIN") { UI::ChangeWidget (`id (`PK12password), `Enabled, true); - UI::ChangeWidget (`id (`verifyPassword), `Enabled, true); + UI::ChangeWidget (`id (`verifyPassword), `Enabled, true); } else { UI::ChangeWidget (`id (`PK12password), `Enabled, false); - UI::ChangeWidget (`id (`verifyPassword), `Enabled, false); + UI::ChangeWidget (`id (`verifyPassword), `Enabled, false); } if (ui == `browse) @@ -689,7 +697,7 @@ UI::ChangeWidget(`id(`filename), `Value, name); } } - + if (ui == `ok) { // export to file @@ -701,7 +709,7 @@ Popup::Error(_("New passwords do not match.")); ui = `again; } - + string filename = (string) UI::QueryWidget(`id(`filename), `Value); if (size (filename) == 0) { @@ -738,7 +746,7 @@ || ret != "1") { showErrorCaManagement (); - ui = `again; + ui = `again; } else { @@ -749,7 +757,7 @@ } until (contains ([`ok, `cancel], ui)); UI::CloseDialog (); - } + } /** * Dialog for exporting CRL to file @@ -765,7 +773,7 @@ `Heading (_("Export CRL to File")), `VSpacing (1), `Frame ( _("Export Format"), - `RadioButtonGroup(`id(`rb), + `RadioButtonGroup(`id(`rb), `VBox( `Left(`RadioButton(`id(`PEM), `opt(`notify), _("&PEM Format"), true)), @@ -774,20 +782,20 @@ ) ) ), - `HBox ( + `HBox ( `HWeight(1, `TextEntry( `id (`filename), _("&File Name:"))), `VBox( `Label(""), `PushButton (`id(`browse), `opt( `notify), Label::BrowseButton()) ) - ), - `VSpacing (1), + ), + `VSpacing (1), `HBox ( // push button label `PushButton (`id(`ok), `opt(`default, `key_F10), Label::OKButton()), `HStretch(), `PushButton (`id(`cancel), `opt( `key_F9), Label::AbortButton()) ), - `VSpacing (1) + `VSpacing (1) ), `HSpacing (2) ) @@ -803,10 +811,10 @@ map filtermap = $[`PEM:"*.pem *.crt *", `DER:"*.der *.crt *"]; - + string filterString = filtermap[(symbol) UI::QueryWidget(`id(`rb), - `CurrentButton)]:"*"; - + `CurrentButton)]:"*"; + string kind = kindmap[(symbol) UI::QueryWidget(`id(`rb), `CurrentButton)]:""; @@ -818,7 +826,7 @@ UI::ChangeWidget(`id(`filename), `Value, name); } } - + if (ui == `ok) { // export to file @@ -837,7 +845,7 @@ "exportFormat" : kind, "destinationFile" : filename ]); - + y2milestone ("ExportCRL(%1) return %2", $["caName": CAname, "exportFormat" : kind, "destinationFile" : filename @@ -846,7 +854,7 @@ || ret != "1") { showErrorCaManagement (); - ui = `again; + ui = `again; } else { @@ -873,12 +881,16 @@ `Heading (_("Export Certificate to File")), `VSpacing (1), `Frame ( _("Export Format"), - `RadioButtonGroup(`id(`rb), + `RadioButtonGroup(`id(`rb), `VBox( `Left(`RadioButton(`id(`PEM_CERT), `opt(`notify), _("&Only the Certificate in PEM Format"), true)), - `Left(`RadioButton(`id(`PEM_CERT_KEY), `opt(`notify), - _("Ce&rtificate and the Key Unencrypted in PEM Format"))), + `Left(`RadioButton(`id(`PEM_KEY), `opt(`notify), + _("Only the Key &Unencrypted in PEM Format"))), + `Left(`RadioButton(`id(`PEM_ENCKEY), `opt(`notify), + _("Only the &Key Encrypted in PEM Format"))), + `Left(`RadioButton(`id(`PEM_CERT_KEY), `opt(`notify), + _("Ce&rtificate and the Key Unencrypted in PEM Format"))), `Left(`RadioButton(`id(`PEM_CERT_ENCKEY), `opt(`notify), _("C&ertificate and the Key Encrypted in PEM Format"))), `Left(`RadioButton(`id(`DER_CERT), `opt(`notify), @@ -895,20 +907,20 @@ `Password( `id (`PK12password), `opt(`hstretch), _("&New Password")), `Password( `id (`verifyPassword), `opt(`hstretch), _("&Verify Password")) ), - `HBox ( + `HBox ( `HWeight(1, `TextEntry( `id (`filename), _("&File Name:"))), `VBox( `Label(""), `PushButton (`id(`browse), `opt( `notify), Label::BrowseButton()) ) - ), - `VSpacing (1), + ), + `VSpacing (1), `HBox ( // push button label `PushButton (`id(`ok), `opt(`default, `key_F10), Label::OKButton()), `HStretch(), `PushButton (`id(`cancel), `opt( `key_F9), Label::AbortButton()) ), - `VSpacing (1) + `VSpacing (1) ), `HSpacing (2) ) @@ -916,42 +928,46 @@ symbol ui = nil; UI::ChangeWidget (`id (`PK12password), `Enabled, false); - UI::ChangeWidget (`id (`verifyPassword), `Enabled, false); + UI::ChangeWidget (`id (`verifyPassword), `Enabled, false); repeat { ui = (symbol) UI::UserInput (); map kindmap = $[`PEM_CERT:"PEM_CERT", - `PEM_CERT_KEY:"PEM_CERT_KEY", - `PEM_CERT_ENCKEY:"PEM_CERT_ENCKEY", + `PEM_KEY:"PEM_KEY", + `PEM_ENCKEY:"PEM_ENCKEY", + `PEM_CERT_KEY:"PEM_CERT_KEY", + `PEM_CERT_ENCKEY:"PEM_CERT_ENCKEY", `DER_CERT:"DER_CERT", `PKCS12:"PKCS12", `PKCS12_CHAIN:"PKCS12_CHAIN"]; - + string kind = kindmap[(symbol) UI::QueryWidget(`id(`rb), `CurrentButton)]:""; map filtermap = $[`PEM_CERT:"*.pem *.crt *", - `PEM_CERT_KEY:"*.pem *.crt *", - `PEM_CERT_ENCKEY:"*.pem *.crt *", + `PEM_KEY:"*.pem *.key *", + `PEM_ENCKEY:"*.pem *.key *", + `PEM_CERT_KEY:"*.pem *.crt *", + `PEM_CERT_ENCKEY:"*.pem *.crt *", `DER_CERT:"*.der *.crt *", `PKCS12:"*.p12 *.crt *", `PKCS12_CHAIN:"*.p12 *.crt *"]; - + string filterString = filtermap[(symbol) UI::QueryWidget(`id(`rb), - `CurrentButton)]:"*"; - + `CurrentButton)]:"*"; + if (kind == "PKCS12" || kind == "PKCS12_CHAIN") { UI::ChangeWidget (`id (`PK12password), `Enabled, true); - UI::ChangeWidget (`id (`verifyPassword), `Enabled, true); + UI::ChangeWidget (`id (`verifyPassword), `Enabled, true); } else { UI::ChangeWidget (`id (`PK12password), `Enabled, false); - UI::ChangeWidget (`id (`verifyPassword), `Enabled, false); + UI::ChangeWidget (`id (`verifyPassword), `Enabled, false); } if (ui == `browse) @@ -962,7 +978,7 @@ UI::ChangeWidget(`id(`filename), `Value, name); } } - + if (ui == `ok) { // export to file @@ -1041,13 +1057,13 @@ term contents = `VBox ( `VSpacing (1), - `HBox ( + `HBox ( `HWeight(1, `TextEntry( `id (`filename), _("&File Name:"))), `VBox( `Label(""), `PushButton (`id(`browse), `opt( `notify), Label::BrowseButton()) ) - ), + ), `VSpacing (1), `Password( `id (`password), `opt(`hstretch), _("&Password:")), `VSpacing (1) @@ -1060,12 +1076,12 @@ // help text 2/3 help_text = help_text + _("Import a server certificate and correspondenting CA and copy them to a place where other YaST modules look for such a common certificate."); - + // help text 3/3 help_text = help_text + _("<p><b>Password:</b><br> Certificate password</p> -"); - +"); + Wizard::CreateDialog(); Wizard::SetDesktopIcon("ca-management"); Wizard::SetContents( _("Importing Common Certificate from Disk"), contents, @@ -1080,7 +1096,7 @@ { success = false; ret = UI::UserInput (); - + if (ret == `browse) { string name = selectFile (false, "*.p12", "Import from ..." ); @@ -1088,9 +1104,9 @@ { UI::ChangeWidget(`id(`filename), `Value, name); } - ret = `again; + ret = `again; } - + if (ret == `next) { // reading certificate from disk @@ -1103,14 +1119,14 @@ else { password = (string) UI::QueryWidget (`id(`password), `Value); - + UI::BusyCursor(); UI::OpenDialog(`VBox(`Label(_("Importing certificate...")))); - + boolean yapiret = (boolean) YaPI::CaManagement::ImportCommonServerCertificate ($["passwd" : password, "inFile" : filename]); y2milestone ("ImportCommonServerCertificate(%1) return %2", - filename, + filename, yapiret); if (yapiret == nil || !yapiret) @@ -1122,8 +1138,8 @@ { Popup::Message(_("Certificate has been imported.")); success = true; - } - UI::CloseDialog (); + } + UI::CloseDialog (); } } } @@ -1140,12 +1156,12 @@ * @return success */ define boolean exportCommonServerCertificate (string CAname, string certificate, string commonName) ``{ - + boolean success = false; boolean check = YaPI::CaManagement::Verify ($["caName": CAname, "caPasswd":getPassword(CAname), "certificate" : certificate, - "disableCRLcheck" : "1", + "disableCRLcheck" : "1", "purpose" : "sslserver" ]); // Checking, if the certificate is a server certificate @@ -1161,7 +1177,7 @@ return true; } } - + // evaluate if the common name of the server certificate is the hostname map retmap = (map) SCR::Execute (.target.bash_output, "/bin/hostname --long", @@ -1169,7 +1185,7 @@ y2milestone("Hostname :%1", retmap); if (commonName != strip(retmap["stdout"]:"")) { - string errorString = sformat ( _("The common name of the certificate (%1) is not the name of + string errorString = sformat ( _("The common name of the certificate (%1) is not the name of the server (%2). This certificate might be not practical as a common server certificate. "), @@ -1177,7 +1193,7 @@ strip(retmap["stdout"]:"")); Popup::Warning (errorString); } - + UI::OpenDialog (`opt(`decorated ), `HBox( `HSpacing(2), `VBox ( @@ -1192,7 +1208,7 @@ `HStretch(), `PushButton (`id(`cancel), `opt( `key_F9), Label::AbortButton()) ), - `VSpacing (1) + `VSpacing (1) ), `HSpacing (2) ) @@ -1209,7 +1225,7 @@ UI::BusyCursor(); UI::OpenDialog(`VBox(`Label(_("Exporting certificate...")))); string filename = (string) SCR::Read (.target.tmpdir) + "/commonCertificate"; - + string ret = (string) YaPI::CaManagement::ExportCertificate ($["caName": CAname, "caPasswd" : getPassword (CAname), "certificate" : certificate, @@ -1235,7 +1251,7 @@ boolean yapiret = (boolean) YaPI::CaManagement::ImportCommonServerCertificate ($["passwd" : password, "inFile" : filename]); y2milestone ("ImportCommonServerCertificate(%1) return %2", - filename, + filename, yapiret); if (yapiret == nil || !yapiret) @@ -1247,14 +1263,14 @@ { Popup::Message(_("Certificate has been written as common server certificate.")); success = true; - } + } } - UI::CloseDialog (); + UI::CloseDialog (); } - } + } until (contains ([`ok, `cancel], ui)); - UI::CloseDialog (); - + UI::CloseDialog (); + return success; } @@ -1273,7 +1289,7 @@ `VSpacing (1), `Heading (_("Import Request from Disk")), `VSpacing (1), - `HBox ( + `HBox ( `HWeight(2, `TextEntry( `id (`filename), _("&File Name:"))), `HWeight(1,`VBox( `Label(""), @@ -1281,12 +1297,12 @@ ) ) ), - `VSpacing (1), + `VSpacing (1), `HBox ( // push button label `PushButton (`id(`ok), `opt(`default, `key_F10), Label::OKButton()), `HStretch(), `PushButton (`id(`cancel), `opt( `key_F9), Label::AbortButton()) - ), + ), `VSpacing (1) ) ) @@ -1300,7 +1316,7 @@ { success = false; ret = UI::UserInput (); - + if (ret == `browse) { string name = selectFile ( false, "*.pem *.req *.csr *.der", "Import from ..." ); @@ -1308,9 +1324,9 @@ { UI::ChangeWidget(`id(`filename), `Value, name); } - ret = `again; + ret = `again; } - + if (ret == `ok) { // reading certificate from disk @@ -1343,13 +1359,13 @@ { UI::BusyCursor(); UI::OpenDialog(`VBox(`Label(_("Importing request...")))); - + string yapiret = (string) YaPI::CaManagement::ImportRequest ($["caName" : CaName, "caPasswd":getPassword(CaName), "inFile" : filename, "importFormat" : extention]); y2milestone ("ImportRequest(%1) return %2", - filename, + filename, yapiret); if (yapiret == nil) { @@ -1360,13 +1376,13 @@ { Popup::Message(_("Request has been imported.")); success = true; - } + } UI::CloseDialog (); } } } } - UI::CloseDialog (); + UI::CloseDialog (); return success; } @@ -1384,7 +1400,7 @@ `VSpacing (1), `Heading (_("Import CA from Disk")), `TextEntry( `id (`caName), _("&CA Name:")), - `HBox ( + `HBox ( `HWeight(2, `TextEntry( `id (`pathCert), _("&Path of CA Certificate"))), `HWeight(1,`VBox( `Label(""), @@ -1392,21 +1408,21 @@ ) ) ), - `HBox ( + `HBox ( `HWeight(2, `TextEntry( `id (`pathKey), _("&Path of Key"))), `HWeight(1,`VBox( `Label(""), `PushButton (`id(`browseKey), `opt( `notify), Label::BrowseButton()) ) ) - ), + ), `Password( `id (`passKey), `opt(`hstretch),_("&Key Password")), - `VSpacing (1), + `VSpacing (1), `HBox ( // push button label `PushButton (`id(`ok), `opt(`default, `key_F10), Label::OKButton()), `HStretch(), `PushButton (`id(`cancel), `opt( `key_F9), Label::AbortButton()) - ), + ), `VSpacing (1) ) ) @@ -1420,7 +1436,7 @@ { success = false; ret = UI::UserInput (); - + if (ret == `browseCert) { string name = selectFile (false, "*.pem *.crt", "Import from ..." ); @@ -1428,9 +1444,9 @@ { UI::ChangeWidget(`id(`pathCert), `Value, name); } - ret = `again; + ret = `again; } - + if (ret == `browseKey) { string name = selectFile (false, "*.pem *.key", "Import from ..." ); @@ -1438,13 +1454,13 @@ { UI::ChangeWidget(`id(`pathKey), `Value, name); } - ret = `again; - } - + ret = `again; + } + if (ret == `ok) { // reading CA from disk - + string caCertificate = (string) UI::QueryWidget(`id(`pathCert), `Value); string caKey = (string) UI::QueryWidget(`id(`pathKey), `Value); string caPasswd = (string) UI::QueryWidget(`id(`passKey), `Value); @@ -1472,12 +1488,12 @@ Popup::Error(_("CA name required.")); ret = `again; } - + if (ret == `ok) { UI::BusyCursor(); UI::OpenDialog(`VBox(`Label(_("Importing request...")))); - + boolean yapiret = (boolean) YaPI::CaManagement::ImportCA ($["caName" : caName, "caCertificate" : caCertificate, "caKey" : caKey, @@ -1503,7 +1519,7 @@ } } } - UI::CloseDialog (); + UI::CloseDialog (); return success; } @@ -1511,7 +1527,7 @@ define map getHostIPs () ``{ map ret = $[]; - + list <string> ip_addresses = splitstring( ((map)SCR::Execute(.target.bash_output, "ip -f inet -o addr show scope global | awk '{print $4}' | awk -F \/ '{print $1}' | tr '\n' ','"))["stdout"]:"", ",") ; @@ -1530,11 +1546,11 @@ { // add the IP address ret[ip] = "IP"; - + // first ask the DNS server about the name for this IP address list<string> hostnames = splitstring( ((map)SCR::Execute(.target.bash_output, sformat("dig +noall +answer +time=2 +tries=1 -x %1 | awk '{print $5}' | sed 's/\.$//'| tr '\n' '|'", ip)))["stdout"]:"", "|"); - + boolean found = false; foreach(string hname, hostnames, { if(hname != "" && findfirstof(hname, ".") != nil) @@ -1549,7 +1565,7 @@ { list<string> hostnames = splitstring( ((map)SCR::Execute(.target.bash_output, sformat("getent hosts %1 | awk '{print $2}' | sed 's/\.$//'| tr '\n' '|'", ip)))["stdout"]:"", "|"); - + foreach(string hname, hostnames, { if(hname != "" && findfirstof(hname, ".") != nil) { @@ -1561,9 +1577,9 @@ } }); y2milestone("getHostIPs return: %1", ret); - return ret; + return ret; } - + // EOF } -- To unsubscribe, e-mail: yast-commit+unsubscribe@opensuse.org For additional commands, e-mail: yast-commit+help@opensuse.org