/** * insertNewCertificate() insert the new certificate into the robot hold * * Take a string holding the certificate and insert it into the keyhold * given that the string is actually holding a valid certificate. * * @param String base64 encoded PEM formatted X.509 certificate * @return boolean indicating the success of the opreation (true means inserted OK) */ private function insertCertificate($certificate, $comment) { /* validate certificate */ try { $cert = new Certificate($certificate); } catch (KeyNotFoundException $knfe) { Framework::error_output(htmlentities($knfe->getMessage())); return false; } catch (CertificateException $ce) { Framework::error_output(htmlentities($ce->getMessage())); return false; } /* Find valid_until for cert */ try { $query = "SELECT subscriber_id, uploaded_by, uploaded_date, valid_until, fingerprint "; $query .= "FROM robot_certs WHERE fingerprint = ? OR serial=?"; $res = MDB2Wrapper::execute($query, array('text', 'text'), array($cert->getFingerprint(), $cert->getSerial())); if (count($res) > 0) { Framework::error_output($this->translateTag('l10n_err_certalrthere', 'robot')); return false; } } catch (Exception $e) { /* FIXME, add better exception mask & handling */ Framework::error_output(__FILE__ . ":" . __LINE__ . " FIXME: " . htmlentities($e->getMessage())); return false; } /* Get subscriber, nren and admin_id */ try { $query = "SELECT * FROM admins WHERE admin=? AND subscriber=? AND nren=? "; $params = array('text', 'text', 'text'); $data = array($this->person->getEPPN(), $this->person->getSubscriber()->getDBID(), $this->person->getNREN()->getID()); $res = MDB2Wrapper::execute($query, $params, $data); switch (count($res)) { case 0: /* * Strange error. User is admin, yet not admin. * * Fixme: better error-reporting here, even * though we cannot do much about it. */ $error_code = strtoupper(PW::create(8)); $error_msg = "[error_code: {$error_code}]<br /><br />\n"; $log_msg = "[{$error_code}] "; $query = "SELECT * FROM admins WHERE admin=? AND admin_level=? AND subscriber IS NULL"; $params = array('text', 'text'); $data = array($this->person->getEPPN(), SUBSCRIBER_ADMIN); $admin_query_res = MDB2Wrapper::execute($query, $params, $data); if (count($admin_query_res) != 0) { $error_msg .= "The subscriber-admin (" . htmlentites($this->person->getEPPN()) . ") is not properly connected "; $error_msg .= "to any database. This is due to a database inconsistency "; $error_msg .= "and is a direct result of someone manually adding the admin to the database "; $error_msg .= "without connecting the admin to a subscriber."; $log_msg .= "Subscriber-admin " . $this->person->getEPPN(); $log_msg .= " has not set any affilitated subscriber in the database."; $log_msg .= " It should be " . $this->person->getSubscriber()->getOrgName(); $log_msg .= ", but is NULL. Please update the database."; } else { $error_msg .= "For some reason, the subscriber (" . $this->person->getSubscriber()->getOrgName() . ") "; $error_msg .= "is not properly configured in the database. "; $error_msg .= "The exact reason is unknown. Please contact operational support."; $log_msg .= "Subscriber " . $this->person->getSubscriber()->getOrgName(); $log_msg .= " is not properly configured in the database."; } $error_msg .= "<br /><br />\nThis event has been logged, please contact operational support (provide the error-code) "; $error_msg .= "to resolve this issue."; Framework::error_output($error_msg); Logger::log_event(LOG_ALERT, $log_msg); return false; case 1: $admin_id = $res[0]['admin_id']; $nren_id = $res[0]['nren']; $subscriber_id = $res[0]['subscriber']; break; default: /* FIXME: DB-inconsistency */ $error_code = strtoupper(PW::create(8)); $error_msg = "[error_code: {$error_code}] multiple instances of admin ("; $error_msg .= $this->person->getEPPN() . ") found in the database."; $log_msg = "[{$error_code}] multiple hits (" . count($res) . ")on "; $log_msg .= $this->person->getEPPN() . " in admins-table."; Framework::error_output($error_msg); Logger::log_event(LOG_ALERT, $log_msg); return false; } } catch (Exception $e) { Framework::error_output(hmtlentities($e->getMessage())); /* FIXME, add proper exception handling */ return false; } try { if (!isset($comment) || $comment == "") { $comment = " "; } $update = "INSERT INTO robot_certs (subscriber_id, uploaded_by, uploaded_date, valid_until, cert, fingerprint, serial, comment)"; $update .= " VALUES(?, ?, current_timestamp(), ?, ?, ?, ?, ?)"; $params = array('text', 'text', 'text', 'text', 'text', 'text', 'text'); $data = array($subscriber_id, $admin_id, $cert->getEndDate(), $cert->getPEMContent(), $cert->getFingerprint(), $cert->getSerial(), $comment); MDB2Wrapper::update($update, $params, $data); Logger::log_event(LOG_INFO, "[RI] Added new certificate (" . $cert->getSerial() . ") for subscriber " . $this->person->getSubscriber()->getOrgName() . " associated with admin " . $this->person->getEPPN()); } catch (Exception $e) { /* FIXME */ Framework::error_output("Couldn't update robot_certs, server said:<br />\n" . htmlentities($e->getMessage())); return false; } Framework::success_output($this->translateTag('l10n_suc_insertcert1', 'robot') . " " . $cert->getSerial() . $this->translateTag('l10n_suc_insertcert2', 'robot')); return true; }
/** * Provision the whole CA chain (the signing CA cert plus the intermediate * CA cert, plus the root CA). * * @see makeCRLAvailabe */ private function makeChainAvailable() { if (Config::get_config('ca_mode') == CA_COMODO) { $root_ca_content = CurlWrapper::curlContact(ConfusaConstants::$CAPI_ROOT_CA); $interm_ca_content = CurlWrapper::curlContact(ConfusaConstants::$CAPI_INTERMEDIATE_CA); $actual_ca_cert = CurlWrapper::curlContact($this->cert_url); /* convert from DER to PEM */ $cert = new Certificate($actual_ca_cert); $ca_chain = $root_ca_content . $interm_ca_content . $cert->getPEMContent(true); file_put_contents($this->cert_path, $ca_chain); } }