/**
* Verify if the subject DN matches the received sets of attributes.
* Sign a key using the local CA-key.
* Store the public key of the request in the database.
*
* @throws: KeySignException
*/
public function signKey($csr)
{
if (!$this->person->getSubscriber()->isSubscribed()) {
throw new KeySignException("Subscriber not subscribed, cannot create certificate!");
}
$auth_key = $csr->getAuthToken();
if ($this->verifyCSR($csr->getPEMContent())) {
$cert_file_name = tempnam("/tmp/", "REV_CERT_");
$cert_file = fopen($cert_file_name, "w");
fclose($cert_file);
$path = dirname(dirname(dirname(__FILE__))) . "/cert_handle/sign_key.sh";
if (!file_exists($path)) {
throw new KeySignException("sign_key.sh does not exist!");
}
$cmd = "{$path} {$auth_key} {$cert_file_name} " . ConfusaConstants::$OPENSSL_SERIAL_FILE . " " . $this->validityDays;
$res = shell_exec($cmd);
$val = explode("\n", $res);
/* FIXME: add better logic here.
*/
switch ((int) $val[0]) {
case 0:
break;
default:
throw new KeySignException("Unable to sign certificate (" . $val[1] . ")");
}
if (!file_exists($cert_file_name)) {
$errorCode = PW::create(8);
$msg = "Cannot find temporar certificate file. Please forward the following ";
$msg .= "error-code to the aministrators: [{$errorCode}]";
$logMsg = "Temporary certificate file vanished before it could be read. ";
$logMsg .= "Please investigate.";
Logger::log_event(LOG_ALERT, __FILE__ . ":" . __LINE__ . "[errorCode] {$logMsg}");
throw new FileNotFoundException($msg);
}
$cert = file_get_contents($cert_file_name);
unlink($cert_file_name);
if ($cert == null || $cert == "") {
$msg = "Unable to sign certificate using backend scripts.<br />\n";
$msg .= "The certificate was not found in local file ({$cert_file_name}) where it was expected to be.<br />\n";
throw new KeySignException($msg);
}
$cert_array = openssl_x509_parse($cert);
$diff = (int) $cert_array['validTo_time_t'] - (int) $cert_array['validFrom_time_t'];
$timeout = array($diff, 'SECOND');
try {
$insert = "INSERT INTO cert_cache (cert, auth_key, cert_owner, organization, valid_untill) ";
$insert .= "VALUES(?, ?, ?, ?, timestampadd({$timeout['1']}, {$timeout['0']},current_timestamp()))";
MDB2Wrapper::update($insert, array('text', 'text', 'text', 'text'), array($cert, $auth_key, $this->person->getX509ValidCN(), $this->person->getSubscriber()->getIdPName()));
} catch (DBStatementException $dbse) {
$error_key = PW::create(8);
Logger::log_event(LOG_NOTICE, __FILE__ . ":" . __LINE__ . " Error in query-syntax. Make sure the query matches the db-schema. ({$error_key})");
throw new KeySignException("Cannot insert certificate into database.<BR />error-reference: {$error_key}");
} catch (DBQueryException $dbqe) {
$error_key = PW::create(8);
Logger::log_event(LOG_NOTICE, __FILE__ . ":" . __LINE__ . " Error with values passed to the query. Check for constraint-violations");
throw new KeySignException("Cannot insert certificate into database.<BR />error-reference: {$error_key}");
}
$timezone = new DateTimeZone($this->person->getTimezone());
$dt = new DateTime("now", $timezone);
CA::sendMailNotification($auth_key, $dt->format('Y-m-d H:i T'), $_SERVER['REMOTE_ADDR'], $this->person, $this->getFullDN());
Logger::log_event(LOG_INFO, "Certificate successfully signed for " . stripslashes($this->person->getX509ValidCN()) . " Contacting us from " . $_SERVER['REMOTE_ADDR']);
} else {
Logger::log_event(LOG_INFO, "Will not sign invalid CSR for user " . stripslashes($this->person->getX509ValidCN()) . " from ip " . $_SERVER['REMOTE_ADDR']);
throw new KeySignException("CSR subject verification failed!");
}
}
/**
* Sign the CSR identified by auth_key using the Online-CA's remote API
*
* @param String the auth-key used to identify the CSR in the database
* @param CSR the CSR to be signed
* @return void
* @access public
*
* @fixme make sure all callers of signKey is updated to use CSR.
*/
public function signKey($csr)
{
if (!$this->person->getSubscriber()->isSubscribed()) {
throw new KeySignException("Subscriber not subscribed, cannot create certificate!");
}
$authKey = $csr->getAuthToken();
Logger::logEvent(LOG_INFO, __CLASS__, "signKey()", "Preparing to sign CSR ({$authKey}) " . $this->owner_string, __LINE__);
/* FIXME: better solution */
if ($csr instanceof CSR_PKCS10) {
$this->capiUploadCSR($authKey, $csr->getPEMContent(), ConfusaConstants::$CAPI_FORMAT_PKCS10);
} else {
if ($csr instanceof CSR_SPKAC) {
$this->capiUploadCSR($authKey, $csr->getDERContent(), ConfusaConstants::$CAPI_FORMAT_SPKAC);
}
}
$this->capiAuthorizeCSR();
CS::deleteSessionKey('rawCertList');
$timezone = new DateTimeZone($this->person->getTimezone());
$dt = new DateTime("now", $timezone);
CA::sendMailNotification($this->order_number, $dt->format('Y-m-d H:i T'), $_SERVER['REMOTE_ADDR'], $this->person, $this->getFullDN());
Logger::log_event(LOG_INFO, "Successfully signed new certificate. " . $this->owner_string);
return $this->order_number;
}
/**
* Send a test mail to the given recipient using the customized NREN
* template of the recipient.
*
* @param $recipient Person The recipient to which the test-email is sent
*/
private function sendNRENTestMail($recipient, $template)
{
require_once 'MailManager.php';
require_once 'CA.php';
$timezone = new DateTimeZone($this->person->getTimezone());
$dt = new DateTime("now", $timezone);
$ip = $_SERVER['REMOTE_ADDR'];
$order_number = '1234567890 (invalid example)';
CA::sendMailNotification($order_number, $dt->format('Y-m-d H:i T'), $ip, $recipient, $this->ca->getFullDN(), $template);
$email = $recipient->getEmail();
Framework::success_output($this->translateTag('l10n_suc_testmailsent', 'stylist') . " " . $email);
}
$fd = $objCb->add(3, 4);
$arr = array(4, 5, 6);
return $fd;
}
function look_cost()
{
$this->fun1();
$this->fun2();
$this->fun3();
usleep(300000);
}
function fun1()
{
usleep(100000);
return;
}
function fun2()
{
usleep(200000);
return;
}
function fun3()
{
usleep(500000);
return;
}
}
$objAt = new CA();
$res = $objAt->look_value(1, 2);
$res = $objAt->look_cost();
echo "should not be here";
*
* @package sv
* @name candidato.php
* @version 1.0.0
* @license http://www.gnu.org/licenses/gpl.html GNU/GPL v.3
* @copyright 2014 Copyleft Porto Idéias
* @author Joao Paulo Bastos L. <jpbl.bastos at gmail dot com>
* @date 15-Ago-2014
*
*/
/* Define diretorio da aplicação */
$raizDir = dirname(dirname(__FILE__)) . DIRECTORY_SEPARATOR;
// zera variaveis
$return = '';
//$data = '';
/* Carrega biblioteca eleitor */
include $raizDir . 'lib' . DIRECTORY_SEPARATOR . 'candidato.class.php';
/* Recebe consulta e faz tratamento */
if (isset($_GET["modo"])) {
$modo = $_GET["modo"];
//instancia classe
$candidato = new CA();
// trata o modo passado
if ($modo === "listar_candidato") {
$return .= $candidato->listar_candidato($_GET["tipo"]);
$return .= "<input type='hidden' name='ideleitor' id='ideleitor' value='" . $_GET["ideleitor"] . "'>";
echo $return;
}
} else {
echo $return .= "<h3 class='text-muted'>Erro receber variaveis</h3>";
}
