1package OpenXPKI::Server::Workflow::Condition::KeyParams; 2 3use strict; 4use warnings; 5use base qw( OpenXPKI::Server::Workflow::Condition ); 6use Workflow::Exception qw( condition_error configuration_error ); 7use OpenXPKI::Server::Context qw( CTX ); 8use OpenXPKI::DateTime; 9use OpenXPKI::Debug; 10use Data::Dumper; 11use English; 12 13sub _evaluate 14{ 15 ##! 64: 'start' 16 my ( $self, $wf ) = @_; 17 18 my $key_alg = $self->param('key_alg'); 19 my $key_params = $self->param('key_params'); 20 my $cert_profile = $self->param('cert_profile'); 21 my $key_rules = $self->param('key_rules'); 22 23 24 if (!$key_alg || !$key_params || ref $key_params ne 'HASH') { 25 configuration_error('Key algorithm and/or key parameter not found!'); 26 } 27 28 ##! 16: "Alg: $key_alg" 29 ##! 16: 'Params ' . Dumper $key_params 30 31 if ($key_rules) { 32 33 # for explicit key rules we expect the algorithms on the first level 34 if (!$key_rules->{$key_alg}) { 35 condition_error('Used key algorithm is not allowed'); 36 } 37 $key_rules = $key_rules->{$key_alg}; 38 39 } else { 40 41 if (!$cert_profile) { 42 configuration_error('You must pass either the profile name or the key_rules directly'); 43 } 44 45 # get the list of allowed algorithms from the config 46 my $algs = CTX('api2')->get_key_algs( profile => $cert_profile, nohide => 1 ); 47 48 ##! 32: 'Alg expected ' . Dumper $algs 49 50 if (!grep(/\A$key_alg\z/, @{$algs})) { 51 ##! 8: "KeyParam validation failed on algo $key_alg" 52 CTX('log')->application()->debug("KeyParam validation failed on algo $key_alg"); 53 condition_error('Used key algorithm is not allowed'); 54 } 55 56 $key_rules = CTX('api2')->get_key_params( profile => $cert_profile, alg => $key_alg, showall => 1 ); 57 58 } 59 60 ##! 32: 'Params expected ' . Dumper $params 61 62 my $result = CTX('api2')->validate_ruleset( 63 input => $key_params, 64 ruleset => $key_rules, 65 ); 66 67 if (@{$result}) { 68 my $err = ''; 69 map { $err .= $_.': '.($key_params->{$_} // '?') } @{$result}; 70 CTX('log')->application()->debug("KeyParam validation failed: $err"); 71 condition_error("Invalid key parameters used: $err"); 72 } 73 74 ##! 1: 'Validation succeeded' 75 CTX('log')->application()->debug("KeyParam validation succeeded"); 76 77 78 return 1; 79} 80 811; 82 83__END__ 84 85=head1 NAME 86 87OpenXPKI::Server::Workflow::Condition::KeyParams 88 89=head1 Description 90 91Validate the given key parameters against the definitions read from 92the profile or from the key_rules parameter. 93 94=head1 Configuration 95 96 is_key_param_valid: 97 class: OpenXPKI::Server::Workflow::Condition::KeyParams 98 param: 99 _map_cert_profile: $cert_profile 100 _map_key_params: $csr_key_params 101 _map_key_alg: $csr_key_alg 102 103=head2 Arguments 104 105=over 106 107=item key_alg 108 109The algorithm of the key, must match a key on the top level of 110the key_rules. 111 112=item key_params 113 114The parameters of the key to validate as hashref. 115 116=item key_rules 117 118Ruleset to validate against, if not given the paramter I<cert_profile> 119is mandatory and the rules are read from the profile definition. 120 121=item cert_profile 122 123Name of the certificate profile, only used if I<key_rules> is not set. 124 125=back 126