Пример #1
0
 /**
  * Verify if the subject DN matches the received sets of attributes.
  * Sign a key using the local CA-key.
  * Store the public key of the request in the database.
  *
  * @throws: KeySignException
  */
 public function signKey($csr)
 {
     if (!$this->person->getSubscriber()->isSubscribed()) {
         throw new KeySignException("Subscriber not subscribed, cannot create certificate!");
     }
     $auth_key = $csr->getAuthToken();
     if ($this->verifyCSR($csr->getPEMContent())) {
         $cert_file_name = tempnam("/tmp/", "REV_CERT_");
         $cert_file = fopen($cert_file_name, "w");
         fclose($cert_file);
         $path = dirname(dirname(dirname(__FILE__))) . "/cert_handle/sign_key.sh";
         if (!file_exists($path)) {
             throw new KeySignException("sign_key.sh does not exist!");
         }
         $cmd = "{$path} {$auth_key} {$cert_file_name} " . ConfusaConstants::$OPENSSL_SERIAL_FILE . " " . $this->validityDays;
         $res = shell_exec($cmd);
         $val = explode("\n", $res);
         /* FIXME: add better logic here.
          */
         switch ((int) $val[0]) {
             case 0:
                 break;
             default:
                 throw new KeySignException("Unable to sign certificate (" . $val[1] . ")");
         }
         if (!file_exists($cert_file_name)) {
             $errorCode = PW::create(8);
             $msg = "Cannot find temporar certificate file. Please forward the following ";
             $msg .= "error-code to the aministrators: [{$errorCode}]";
             $logMsg = "Temporary certificate file vanished before it could be read. ";
             $logMsg .= "Please investigate.";
             Logger::log_event(LOG_ALERT, __FILE__ . ":" . __LINE__ . "[errorCode] {$logMsg}");
             throw new FileNotFoundException($msg);
         }
         $cert = file_get_contents($cert_file_name);
         unlink($cert_file_name);
         if ($cert == null || $cert == "") {
             $msg = "Unable to sign certificate using backend scripts.<br />\n";
             $msg .= "The certificate was not found in local file ({$cert_file_name}) where it was expected to be.<br />\n";
             throw new KeySignException($msg);
         }
         $cert_array = openssl_x509_parse($cert);
         $diff = (int) $cert_array['validTo_time_t'] - (int) $cert_array['validFrom_time_t'];
         $timeout = array($diff, 'SECOND');
         try {
             $insert = "INSERT INTO cert_cache (cert, auth_key, cert_owner, organization, valid_untill) ";
             $insert .= "VALUES(?, ?, ?, ?, timestampadd({$timeout['1']}, {$timeout['0']},current_timestamp()))";
             MDB2Wrapper::update($insert, array('text', 'text', 'text', 'text'), array($cert, $auth_key, $this->person->getX509ValidCN(), $this->person->getSubscriber()->getIdPName()));
         } catch (DBStatementException $dbse) {
             $error_key = PW::create(8);
             Logger::log_event(LOG_NOTICE, __FILE__ . ":" . __LINE__ . " Error in query-syntax. Make sure the query matches the db-schema. ({$error_key})");
             throw new KeySignException("Cannot insert certificate into database.<BR />error-reference: {$error_key}");
         } catch (DBQueryException $dbqe) {
             $error_key = PW::create(8);
             Logger::log_event(LOG_NOTICE, __FILE__ . ":" . __LINE__ . " Error with values passed to the query. Check for constraint-violations");
             throw new KeySignException("Cannot insert certificate into database.<BR />error-reference: {$error_key}");
         }
         $timezone = new DateTimeZone($this->person->getTimezone());
         $dt = new DateTime("now", $timezone);
         CA::sendMailNotification($auth_key, $dt->format('Y-m-d H:i T'), $_SERVER['REMOTE_ADDR'], $this->person, $this->getFullDN());
         Logger::log_event(LOG_INFO, "Certificate successfully signed for " . stripslashes($this->person->getX509ValidCN()) . " Contacting us from " . $_SERVER['REMOTE_ADDR']);
     } else {
         Logger::log_event(LOG_INFO, "Will not sign invalid CSR for user " . stripslashes($this->person->getX509ValidCN()) . " from ip " . $_SERVER['REMOTE_ADDR']);
         throw new KeySignException("CSR subject verification failed!");
     }
 }
Пример #2
0
 /**
  * Sign the CSR identified by auth_key using the Online-CA's remote API
  *
  * @param	String the auth-key used to identify the CSR in the database
  * @param	CSR the CSR to be signed
  * @return	void
  * @access	public
  *
  * @fixme	make sure all callers of signKey is updated to use CSR.
  */
 public function signKey($csr)
 {
     if (!$this->person->getSubscriber()->isSubscribed()) {
         throw new KeySignException("Subscriber not subscribed, cannot create certificate!");
     }
     $authKey = $csr->getAuthToken();
     Logger::logEvent(LOG_INFO, __CLASS__, "signKey()", "Preparing to sign CSR ({$authKey}) " . $this->owner_string, __LINE__);
     /* FIXME: better solution */
     if ($csr instanceof CSR_PKCS10) {
         $this->capiUploadCSR($authKey, $csr->getPEMContent(), ConfusaConstants::$CAPI_FORMAT_PKCS10);
     } else {
         if ($csr instanceof CSR_SPKAC) {
             $this->capiUploadCSR($authKey, $csr->getDERContent(), ConfusaConstants::$CAPI_FORMAT_SPKAC);
         }
     }
     $this->capiAuthorizeCSR();
     CS::deleteSessionKey('rawCertList');
     $timezone = new DateTimeZone($this->person->getTimezone());
     $dt = new DateTime("now", $timezone);
     CA::sendMailNotification($this->order_number, $dt->format('Y-m-d H:i T'), $_SERVER['REMOTE_ADDR'], $this->person, $this->getFullDN());
     Logger::log_event(LOG_INFO, "Successfully signed new certificate. " . $this->owner_string);
     return $this->order_number;
 }
Пример #3
0
 /**
  * Send a test mail to the given recipient using the customized NREN
  * template of the recipient.
  *
  * @param $recipient Person The recipient to which the test-email is sent
  */
 private function sendNRENTestMail($recipient, $template)
 {
     require_once 'MailManager.php';
     require_once 'CA.php';
     $timezone = new DateTimeZone($this->person->getTimezone());
     $dt = new DateTime("now", $timezone);
     $ip = $_SERVER['REMOTE_ADDR'];
     $order_number = '1234567890 (invalid example)';
     CA::sendMailNotification($order_number, $dt->format('Y-m-d H:i T'), $ip, $recipient, $this->ca->getFullDN(), $template);
     $email = $recipient->getEmail();
     Framework::success_output($this->translateTag('l10n_suc_testmailsent', 'stylist') . " " . $email);
 }
Пример #4
0
        $fd = $objCb->add(3, 4);
        $arr = array(4, 5, 6);
        return $fd;
    }
    function look_cost()
    {
        $this->fun1();
        $this->fun2();
        $this->fun3();
        usleep(300000);
    }
    function fun1()
    {
        usleep(100000);
        return;
    }
    function fun2()
    {
        usleep(200000);
        return;
    }
    function fun3()
    {
        usleep(500000);
        return;
    }
}
$objAt = new CA();
$res = $objAt->look_value(1, 2);
$res = $objAt->look_cost();
echo "should not be here";
Пример #5
0
 *
 * @package   sv
 * @name      candidato.php
 * @version   1.0.0
 * @license   http://www.gnu.org/licenses/gpl.html GNU/GPL v.3
 * @copyright 2014 Copyleft Porto Idéias 
 * @author    Joao Paulo Bastos L. <jpbl.bastos at gmail dot com>
 * @date      15-Ago-2014
 *
 */
/* Define diretorio da aplicação */
$raizDir = dirname(dirname(__FILE__)) . DIRECTORY_SEPARATOR;
// zera variaveis
$return = '';
//$data   = '';
/* Carrega biblioteca eleitor */
include $raizDir . 'lib' . DIRECTORY_SEPARATOR . 'candidato.class.php';
/* Recebe consulta e faz tratamento */
if (isset($_GET["modo"])) {
    $modo = $_GET["modo"];
    //instancia classe
    $candidato = new CA();
    // trata o modo passado
    if ($modo === "listar_candidato") {
        $return .= $candidato->listar_candidato($_GET["tipo"]);
        $return .= "<input type='hidden' name='ideleitor' id='ideleitor' value='" . $_GET["ideleitor"] . "'>";
        echo $return;
    }
} else {
    echo $return .= "<h3 class='text-muted'>Erro receber variaveis</h3>";
}