#! /usr/bin/perl -w # # # ------------------------------------------------------------------- # X-BONE # # http://www.isi.edu/xbone # USC Information Sciences Institute (USC/ISI) # Marina del Rey, California 90292, USA # Copyright (c) 1998-2005 # # ------------------------------------------------------------------- # # Copyright (c) 1998-2005 by the University of Southern California. # All rights reserved. # # Permission to use, copy, modify, and distribute this software and # its documentation in source and binary forms for non-commercial # purposes and without fee is hereby granted, provided that the above # copyright notice appear in all copies and that both the copyright # notice and this permission notice appear in supporting # documentation, and that any documentation, advertising materials, # and other materials related to such distribution and use acknowledge # that the software was developed by the University of Southern # California, Information Sciences Institute. The name of the # University may not be used to endorse or promote products derived # from this software without specific prior written permission. # # THE UNIVERSITY OF SOUTHERN CALIFORNIA MAKES NO REPRESENTATIONS ABOUT # THE SUITABILITY OF THIS SOFTWARE FOR ANY PURPOSE. THIS SOFTWARE IS # PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, # INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF # MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. # # Other copyrights might apply to parts of this software and are so # noted when applicable. # # ------------------------------------------------------------------- # # Effort partly sponsored by the Defense Advanced Research Projects # Agency (DARPA) and Air Force Research Laboratory, Air Force Materiel # Command, USAF, under agreement numbers F30602-98-1-0200 (X-Bone) and # F30602-01-2-0529 (DynaBone). The views and conclusions contained # herein are those of the authors and should not be interpreted as # necessarily representing the official policies or endorsements, # either expressed or implied, of the Defense Advanced Research # Projects Agency (DARPA), the Air Force Research Laboratory, or the # U.S. Government. # # This work was partly supported by the NSF STI-XTEND (ANI-0230789) # and NETFS (ANI-0129689) projects. Any opinions, findings, and # conclusions or recommendations expressed in this material are those # of the authors and do not necessarily reflect the views of the # National Science Foundation. # # ------------------------------------------------------------------- # $RCSfile: xb-req-host-cert.pl,v $ # # $Revision: 1.26 $ # $Author: pingali $ # $Date: 2005/03/31 07:04:03 $ # $State: Exp $ # ---------------------------------------------------------------------------- # # Primary Author: Lars Eggert use strict; use sigtrap; use lib qw(../lib); use CGI qw(:standard :html3); use CGI::Carp qw(fatalsToBrowser); use File::CounterFile; # module to maintain certificate request counter use Mail::Sendmail; use XB_Common; use XB_Params; # suppress warning when this is undefined unless(defined param("commonName")) { param("commonName", ""); } # which form fields correspond to which user cert fields my %field = ( emailAddress => $ENV{SSL_CLIENT_S_DN_Email}, organizationName => $ENV{SSL_CLIENT_S_DN_O}, organizationalUnitName => $ENV{SSL_CLIENT_S_DN_OU}, localityName => $ENV{SSL_CLIENT_S_DN_L}, stateOrProvinceName => $ENV{SSL_CLIENT_S_DN_ST}, countryName => $ENV{SSL_CLIENT_S_DN_C} ); # init params from cert if they're undefined foreach my $v ( keys(%field) ) { unless(defined param($v)) { param($v, $field{$v}); } } # redirect to secure port if user came in on insecure one my $url = self_url; unless($url =~ /https/) { $url =~ s/http/https/; print redirect($url); exit(0); } # die if we cannot authenticate the user unless(CGI::https()) { fail_page "Secure Connection Required", "Host certificates must be requested over a secure, " . "authenticated connection."; } # if we have all required parameters, process request, else display form if(param("commonName") and param("emailAddress") and param("organizationName") and param("SPKAC")) { # try to verify the DNS name the user gave us unless(gethostbyname(param("commonName"))) { fail_page "Host Not Found", p("DNS lookup for host \"" . param("commonName") . "\" failed. ") . p("Did you spell the hostname correctly?"); } process_req; print header, start_html(-title => "Certificate Request Submission Succeeded", -background => "/xml/images/background_med_tan.gif", -style => { -src =>"/xml/xbone.css" }), h1({-class => "secheader"}, "Certificate Request Submission Succeeded"), p("We will now have to verify your host information."), p("You will be contacted by the X-Bone CA."), p("As soon as your identity has been confirmed, we will e-mail you " . "the URL of your signed X-Bone host certificate along with " . "instructions to install it."), p("Back to the ", a({-href => "/"}, "Main X-Bone page") . "."), end_html; } else { my $title = "X-Bone Host Certificate Request"; print header, start_html(-title => $title, -background => "/xml/images/background_med_tan.gif", -style => {-src =>"/xml/xbone.css"}). h1({-class => "secheader"}, $title), p("The fields below have been initialized with information from your user ", "certificate. Edit as appropriate. Note that you cannot change the ", "contact e-mail address; it must be yours. You must fill out ", span({-class => "secheader"}, "all highlighted fields"). ", all others are optional."), p("Key generation only works with browsers that support the Netscape/Mozilla ", "key generation API. If the \"Key Length\"", "field below is empty, your current browser does not!"), p("You may still be able to use X-Bone with this browsers, however:"), ol(li("Create a key using Netscape/Mozilla."), li("Export your key from Netscape/Mozilla into a file."), li("Import the exported key file into the browser of your choice.")), p("For example, Microsoft Internet Explorer (recent versions) can be used ", "with X-Bone with these steps."), startform(-action => url(-relative => "1"), -method => "post"), table(Tr(th({-class => "secheader"}, "commonName", "DNS Host Name"), td(textfield(-name => "commonName", -size => "40", -maxlength => "64"))), Tr(th( {-class => "secheader"}, "emailAddress", "Contact E-Mail"), td(tt(param("emailAddress")))), Tr(th({-class => "secheader"}, "organizationName", "Organization"), td(textfield(-name => "organizationName", -size => "40", -maxlength => "64"))), Tr(th({-class => "normalheader"}, b("Organizational Unit")), td(textfield(-name => "organizationalUnitName", -size => "40", -maxlength => "64"))), Tr(th({-class => "normalheader"}, b("City")), td(textfield(-name => "localityName", -size => "20", -maxlength => "32"))), Tr(th({-class => "normalheader"}, b("State")), td(textfield(-name => "stateOrProvinceName", -size => "20", -maxlength => "32"))), Tr(th({-class => "normalheader"}, b("Country")), td(textfield(-name => "countryName", -size => "2", -maxlength => "2"))), Tr(th({-class => "normalheader"}, "Key Length"), td(''))), br, submit(-name => "SUBMIT", -value => "Submit $title"), " ", CGI::reset({-class => "black"}, "Undo Changes"), end_form, p("Back to the ", a({-href => "/"}, "main X-Bone page") . "."), end_html; }