## OpenCA - RA Server Command## (c) 1998-2001 by Massimiliano Pala and OpenCA Group####   File Name: importCerts##       Brief: Import Certificates exported by the CA## Description: Import Certificates exported by the CA on a removable##              media and imports them into the VALID_CERTIFICATE dB.##  Parameters: dataTypeif ( $cmd !~ /importCerts/i ) {        configError( "Wrong Command Usage ($cmd/importReqs)!" );        exit 1;}## GNU Tar suggested for exporting Certification Request## to the CA. We use the GNU tar because of its availability## for all the platforms and its stability.## Get required parameters from the configuration filemy $command	= getRequired( 'UnpackArchive' );my $dev  	= getRequired( 'ImportDev' );my $tmp  	= getRequired( 'TempDir' );my $serverDir	= getRequired( 'ServerDir' );my $CACertsDir	= getRequired( 'CACertsDir' );my $makeCmd	= getRequired( 'MakePath' );my ( @lastImport );my ( $dir, $filter, $ret, $ca );my $dataType = $query->param( 'dataType' );if( $dataType eq "VALID_CERTIFICATE" ) {		$filter = '[0-9A-F]+\.pem';		$dir = $tmp;		$ca = 0;} elsif ( $dataType eq "VALID_CA_CERTIFICATE") {	$dir = "$serverDir";	$filter = 'cacert\.(der|pem)';	$ca = 1;} else {	configError( "Unsupported dataType ($dataType)" );	exit 1;}## Subtitute $orig and $dest$command = $query->subVar( $command, '$orig', $dev );$command = $query->subVar( $command, '$dest', $tmp );print startLogPage( "Certificate Importing Page");print addLogSection("Certificate Importing ... ");if( not chdir("$tmp")) {	print addErrorLog("Can not change dir to $tmp.");	closePage();	exit 1;}$ret = `$command 2>&1`;if( $? != 0 ) {	print addErrorLog( "De-Archiving Failed from $dev!" );	closePage();	exit;} print addLogLine("Ok.");print addPreLogLine( $ret );print closeLogSection();## we copy to $dir if we have to import cacert.(der|pem)if( $dataType eq "VALID_CA_CERTIFICATE" ) {	print addLogSection( "Copying certificates to ($dir) ... " );	if( $ret = copyCerts( "$tmp","$dir", $filter ) ) {        	print addLogLine("Ok.");		print addPreLogLine( $ret );		print closeLogSection();	} else {		print addErrorLog("Copying failed ($dir)!");		closePage();		exit;	}	# Now we copy the CA's certificate to the chain dir	$tools->copyFiles( SRC => "${serverDir}/cacert.pem",			   DEST => "${serverDir}/chain/cacert.crt" );	# Let's make Chain verification	print addLogSection("Re-Building CA Chain ... ");	chdir( "${serverDir}/chain" );	$ret = `$makeCmd`;	print addLogLine("Ok.");	print addPreLogLine( $ret );	print closeLogSection();}print addLogSection( "Importing new Certificates to dB ... ");opendir( CERTS, "$tmp" );	my @certsList = grep( /$filter/i, readdir( CERTS ) );closedir( CERTS );$ret = "";foreach $tmpCert (@certsList) {	my $tmpSerial, $tmpFormat;	my $fileName = "$tmp/$tmpCert";	my $certFile = $query->getFile( $fileName );	if ( not $certFile ) {		print addErrorLog( "Failed opening ($fileName).");		closePage();		exit;	}	if( $certFile =~ /BEGIN/gi ) {		$tmpFormat = "PEM";	} else {		$tmpFormat = "DER";	}	my $data = new OpenCA::X509( SHELL =>$cryptoShell,				     INFILE=>$fileName,				     FORMAT=>$tmpFormat );	if ( (not $data) or ( not $tmpSerial = $data->getParsed()->{SERIAL})) {		print addErrorLog("Failed adding cert to dB(1)!");		closePage();		exit;	}	if ( not $db->storeItem( DATATYPE=>$dataType, OBJECT=>$data)) {		print addErrorLog("Failed adding cert to dB!");		closeLogPage();		exit;	} else {		my ($tmpLine, $line, $txt);		$tmpLine = $data->getParsed()->{SERIAL} . "\n";		push ( @lastImport, $tmpLine );		$txt = "";		foreach $line  (@lastImport) {			$txt .= $line;		};		unlink( "$serverDir/stuff/lastImport.txt" );		save( FILENAME=>"$serverDir/stuff/lastImport.txt", DATA=>$txt );		unlink( "$fileName" );	}	$ret .= "Added <I>" . $data->getParsed()->{CN} .		" (" . $data->getParsed->{SERIAL} . ")</I><BR>\n";}print addLogLine("Ok.");print addPreLogLine( $ret );print closeLogSection();closePage();1;