1package OpenXPKI::Server::Workflow::Activity::Tools::CalculateRequestHMAC; 2 3use warnings; 4use strict; 5use Data::Dumper; 6use OpenXPKI::Debug; 7use OpenXPKI::Server::Context qw( CTX ); 8use MIME::Base64 qw(decode_base64); 9use Digest::SHA qw(hmac_sha256_hex); 10use Workflow::Exception qw(configuration_error workflow_error); 11 12use base qw( OpenXPKI::Server::Workflow::Activity ); 13 14sub execute { 15 16 my $self = shift; 17 my $workflow = shift; 18 my $context = $workflow->context(); 19 20 my $target_key = $self->param('target_key') || 'csr_hmac'; 21 my $secret = $self->param('secret'); 22 23 if (!defined $secret) { 24 ##! 32: 'No secret in context - looking via service' 25 $secret = CTX('config')->get( $self->_get_service_config_path('hmac') ); 26 } 27 28 if (!$secret) { 29 configuration_error('Unable to find a secret for HMAC calculation'); 30 } 31 32 my $pkcs10 = $self->param('pkcs10') || $context->param('pkcs10'); 33 workflow_error('No PKCS10 container was provided') unless($pkcs10); 34 my $pkcs10obj = OpenXPKI::Crypt::PKCS10->new( $pkcs10 ); 35 36 my $data = $self->param('key_only') ? $pkcs10obj->get_pub_key : $pkcs10obj->data; 37 38 $context->param( $target_key => hmac_sha256_hex( $data, $secret) ); 39 40} 41 421; 43 44__END__; 45 46 47=head1 OpenXPKI::Server::Workflow::Activity::Tools::CalculateRequestHMAC 48 49Calculate the SHA256 HMAC for a PEM encoded CSR 50 51=head1 Configuration 52 53=head2 Parameters 54 55=over 56 57=item secret 58 59The secret key of the HMAC 60 61=item key_only 62 63Boolean, calculate the HMAC based on the public key instead of the full CSR. 64 65=item config_path 66 67If secert is not set explicit, defines a config path to read the secret from. 68Default is to look up <interface>.<servername>.hmac 69 70=item target_key 71 72context item to write the hmac to (hex formated) 73 74=back 75