1## OpenXPKI::Crypto::Backend::OpenSSL::Command 2## (C)opyright 2005 Michael Bell 3 4use strict; 5use warnings; 6 7use OpenXPKI::Crypto::Backend::OpenSSL::Command::create_random; 8use OpenXPKI::Crypto::Backend::OpenSSL::Command::create_pkcs10; 9use OpenXPKI::Crypto::Backend::OpenSSL::Command::create_pkcs12; 10use OpenXPKI::Crypto::Backend::OpenSSL::Command::issue_cert; 11use OpenXPKI::Crypto::Backend::OpenSSL::Command::issue_crl; 12 13use OpenXPKI::Crypto::Backend::OpenSSL::Command::convert_pkey; 14use OpenXPKI::Crypto::Backend::OpenSSL::Command::convert_pkcs8; 15use OpenXPKI::Crypto::Backend::OpenSSL::Command::convert_pkcs10; 16use OpenXPKI::Crypto::Backend::OpenSSL::Command::convert_cert; 17use OpenXPKI::Crypto::Backend::OpenSSL::Command::convert_crl; 18 19use OpenXPKI::Crypto::Backend::OpenSSL::Command::pkcs7_sign; 20use OpenXPKI::Crypto::Backend::OpenSSL::Command::pkcs7_encrypt; 21use OpenXPKI::Crypto::Backend::OpenSSL::Command::pkcs7_decrypt; 22use OpenXPKI::Crypto::Backend::OpenSSL::Command::pkcs7_verify; 23use OpenXPKI::Crypto::Backend::OpenSSL::Command::pkcs7_get_chain; 24 25use OpenXPKI::Crypto::Backend::OpenSSL::Command::create_pkey; 26use OpenXPKI::Crypto::Backend::OpenSSL::Command::create_params; 27 28package OpenXPKI::Crypto::Backend::OpenSSL::Command; 29 30use OpenXPKI::Debug; 31use OpenXPKI::DN; 32use OpenXPKI::FileUtils; 33use OpenXPKI::Exception; 34use English; 35 36sub new 37{ 38 ##! 1: "start" 39 my $that = shift; 40 my $class = ref($that) || $that; 41 my $self = shift; 42 bless $self, $class; 43 44 ##! 2: "check engine availability" 45 if (not exists $self->{ENGINE} or not ref $self->{ENGINE}) 46 { 47 OpenXPKI::Exception->throw ( 48 message => "I18N_OPENXPKI_CRYPTO_OPENSSL_COMMAND_MISSING_ENGINE"); 49 } 50 51 ##! 2: "check config availability" 52 if (not exists $self->{CONFIG} or not ref $self->{CONFIG}) 53 { 54 OpenXPKI::Exception->throw ( 55 message => "I18N_OPENXPKI_CRYPTO_OPENSSL_COMMAND_MISSING_CONFIG"); 56 } 57 58 ##! 2: "$self->{TMP} will be checked by the central OpenSSL module" 59 if (not $self->{TMP}) 60 { 61 OpenXPKI::Exception->throw ( 62 message => "I18N_OPENXPKI_CRYPTO_OPENSSL_COMMAND_TEMPORARY_DIRECTORY_UNAVAILABLE"); 63 } 64 65 $self->{FU} = OpenXPKI::FileUtils->new({ TMP => $self->{TMP}}); 66 67 ##! 1: "end" 68 return $self; 69} 70 71sub write_temp_file { 72 73 my $self = shift; 74 return $self->{FU}->write_temp_file( @_ ); 75 76} 77 78sub get_outfile { 79 80 my $self = shift; 81 82 if (!$self->{OUTFILE}) { 83 $self->{OUTFILE} = $self->get_tmpfile(); 84 } 85 86 return $self->{OUTFILE}; 87 88} 89 90sub get_tmpfile { 91 my $self = shift; 92 93 if (scalar(@_) != 0) { 94 OpenXPKI::Exception->throw ( 95 message => "Call to get_tmpfile with arguments is no longer supported", 96 params => { ARGS => \@_ } 97 ); 98 } 99 100 return $self->{FU}->get_tmp_handle()->filename(); 101 102} 103 104sub set_env 105{ 106 my $self = shift; 107 my $keys = { @_ }; 108 109 foreach my $key (keys %{$keys}) 110 { 111 push @{$self->{CLEANUP}->{ENV}}, $key; 112 $ENV{$key} = $keys->{$key}; 113 } 114 return 1; 115} 116 117sub cleanup 118{ 119 my $self = shift; 120 121 $self->{CONFIG}->cleanup() if ($self->{CONFIG}); 122 123 $self->{FU}->cleanup(); 124 125 foreach my $variable (@{$self->{CLEANUP}->{ENV}}) 126 { 127 delete $ENV{$variable}; 128 if (exists $ENV{$variable}) 129 { 130 OpenXPKI::Exception->throw ( 131 message => "I18N_OPENXPKI_CRYPTO_OPENSSL_COMMAND_CLEANUP_ENV_FAILED", 132 params => {"VARIABLE" => $variable}); 133 } 134 } 135 136 return 1; 137} 138 139sub get_openssl_dn 140{ 141 my $self = shift; 142 my $dn = shift; 143 144 ##! 2: "rfc2253: $dn" 145 my $dn_obj = OpenXPKI::DN->new ($dn); 146 if (not $dn_obj) { 147 OpenXPKI::Exception->throw ( 148 message => "I18N_OPENXPKI_CRYPTO_OPENSSL_COMMAND_DN_FAILURE", 149 params => {"DN" => $dn}); 150 } 151 152 $dn = $dn_obj->get_openssl_dn(); 153 ##! 2: "OpenSSL X.500: $dn" 154 return $dn; 155} 156 157sub get_result 158{ 159 my $self = shift; 160 my $encoding = shift || ''; 161 162 if (!defined $self->{OUTFILE}) { 163 OpenXPKI::Exception->throw ( 164 message => "I18N_OPENXPKI_CRYPTO_OPENSSL_OUTFILE_NOT_DEFINED", 165 ); 166 } 167 168 my $ret = $self->{FU}->read_file($self->get_outfile(), $encoding ); 169 170 if (!defined $ret || $ret eq '') { 171 OpenXPKI::Exception->throw ( 172 message => "I18N_OPENXPKI_CRYPTO_OPENSSL_OUTFILE_IS_EMPTY", 173 ); 174 } 175 176 return $ret; 177} 178 179sub DESTROY 180{ 181 my $self = shift; 182 $self->cleanup(); 183} 184 1851; 186 187__END__ 188 189=head1 Name 190 191OpenXPKI::Crypto::Backend::OpenSSL::Command 192 193=head1 Description 194 195This function is the base class for all available OpenSSL commands 196from the OpenSSL command line interface. All commands are executed 197inside of the OpenSSL shell. 198 199=head1 Functions 200 201=head2 new 202 203is the constructor. The ENGINE and the TMP parameter must be always 204present. All other parameters will be passed without any checks to 205the hash of the class instance. The real checks must be implemented 206by the commands itself. 207 208=head2 get_tmpfile 209 210Returns the filename of a temporary file. 211 212 my $tmpfile = $self->get_tmpfile(); 213 214The files are created using File::Temp, handles are held by the command 215base class to ensure the files remain available while the class exists and 216are cleaned up when the command class is destroyed! 217 218B<NOTE>: The synatax with arguments to create one or multiple filename in 219the class namespace is no longer supported! 220 221=head2 set_env 222 223This function works exactly like set_tmpfile but without any 224automatical prefixes or suffixes. The environment is also 225cleaned up automatically. 226 227=head2 cleanup 228 229performs the cleanup of any temporary stuff like files from 230get_tmpfile and environment variables from set_env. 231 232=head2 get_openssl_dn 233 234expects a RFC2253 compliant DN and returns an OpenSSL DN. 235 236=head2 get_result 237 238The default handler returns the content of OUTFILE. Must be overriden 239in the child class if a different handling is required. Will throw an 240exception if OUTFILE is not set, not readable or zero size. 241