#! /usr/bin/perl -w
#
#
# -------------------------------------------------------------------
# X-BONE
#
# http://www.isi.edu/xbone
# USC Information Sciences Institute (USC/ISI)
# Marina del Rey, California 90292, USA
# Copyright (c) 1998-2005
#
# -------------------------------------------------------------------
#
# Copyright (c) 1998-2005 by the University of Southern California.
# All rights reserved.
#
# Permission to use, copy, modify, and distribute this software and
# its documentation in source and binary forms for non-commercial
# purposes and without fee is hereby granted, provided that the above
# copyright notice appear in all copies and that both the copyright
# notice and this permission notice appear in supporting
# documentation, and that any documentation, advertising materials,
# and other materials related to such distribution and use acknowledge
# that the software was developed by the University of Southern
# California, Information Sciences Institute. The name of the
# University may not be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THE UNIVERSITY OF SOUTHERN CALIFORNIA MAKES NO REPRESENTATIONS ABOUT
# THE SUITABILITY OF THIS SOFTWARE FOR ANY PURPOSE. THIS SOFTWARE IS
# PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES,
# INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
#
# Other copyrights might apply to parts of this software and are so
# noted when applicable.
#
# -------------------------------------------------------------------
#
# Effort partly sponsored by the Defense Advanced Research Projects
# Agency (DARPA) and Air Force Research Laboratory, Air Force Materiel
# Command, USAF, under agreement numbers F30602-98-1-0200 (X-Bone) and
# F30602-01-2-0529 (DynaBone). The views and conclusions contained
# herein are those of the authors and should not be interpreted as
# necessarily representing the official policies or endorsements,
# either expressed or implied, of the Defense Advanced Research
# Projects Agency (DARPA), the Air Force Research Laboratory, or the
# U.S. Government.
#
# This work was partly supported by the NSF STI-XTEND (ANI-0230789)
# and NETFS (ANI-0129689) projects. Any opinions, findings, and
# conclusions or recommendations expressed in this material are those
# of the authors and do not necessarily reflect the views of the
# National Science Foundation.
#
# -------------------------------------------------------------------
# $RCSfile: xb-req-host-cert.pl,v $
#
# $Revision: 1.26 $
# $Author: pingali $
# $Date: 2005/03/31 07:04:03 $
# $State: Exp $
# ----------------------------------------------------------------------------
#
# Primary Author: Lars Eggert
use strict;
use sigtrap;
use lib qw(../lib);
use CGI qw(:standard :html3);
use CGI::Carp qw(fatalsToBrowser);
use File::CounterFile; # module to maintain certificate request counter
use Mail::Sendmail;
use XB_Common;
use XB_Params;
# suppress warning when this is undefined
unless(defined param("commonName")) { param("commonName", ""); }
# which form fields correspond to which user cert fields
my %field = ( emailAddress => $ENV{SSL_CLIENT_S_DN_Email},
organizationName => $ENV{SSL_CLIENT_S_DN_O},
organizationalUnitName => $ENV{SSL_CLIENT_S_DN_OU},
localityName => $ENV{SSL_CLIENT_S_DN_L},
stateOrProvinceName => $ENV{SSL_CLIENT_S_DN_ST},
countryName => $ENV{SSL_CLIENT_S_DN_C} );
# init params from cert if they're undefined
foreach my $v ( keys(%field) ) {
unless(defined param($v)) { param($v, $field{$v}); }
}
# redirect to secure port if user came in on insecure one
my $url = self_url;
unless($url =~ /https/) {
$url =~ s/http/https/;
print redirect($url);
exit(0);
}
# die if we cannot authenticate the user
unless(CGI::https()) {
fail_page "Secure Connection Required",
"Host certificates must be requested over a secure, " .
"authenticated connection.";
}
# if we have all required parameters, process request, else display form
if(param("commonName") and param("emailAddress")
and param("organizationName") and param("SPKAC")) {
# try to verify the DNS name the user gave us
unless(gethostbyname(param("commonName"))) {
fail_page "Host Not Found",
p("DNS lookup for host \"" . param("commonName") . "\" failed. ") .
p("Did you spell the hostname correctly?");
}
process_req;
print header,
start_html(-title => "Certificate Request Submission Succeeded",
-background => "/xml/images/background_med_tan.gif",
-style => { -src =>"/xml/xbone.css" }),
h1({-class => "secheader"}, "Certificate Request Submission Succeeded"),
p("We will now have to verify your host information."),
p("You will be contacted by the X-Bone CA."),
p("As soon as your identity has been confirmed, we will e-mail you " .
"the URL of your signed X-Bone host certificate along with " .
"instructions to install it."),
p("Back to the ", a({-href => "/"}, "Main X-Bone page") . "."),
end_html;
} else {
my $title = "X-Bone Host Certificate Request";
print header, start_html(-title => $title,
-background => "/xml/images/background_med_tan.gif",
-style => {-src =>"/xml/xbone.css"}).
h1({-class => "secheader"}, $title),
p("The fields below have been initialized with information from your user ",
"certificate. Edit as appropriate. Note that you cannot change the ",
"contact e-mail address; it must be yours. You must fill out ",
span({-class => "secheader"}, "all highlighted fields").
", all others are optional."),
p("Key generation only works with browsers that support the Netscape/Mozilla ",
"key generation API. If the \"Key Length\"",
"field below is empty, your current browser does not!"),
p("You may still be able to use X-Bone with this browsers, however:"),
ol(li("Create a key using Netscape/Mozilla."),
li("Export your key from Netscape/Mozilla into a file."),
li("Import the exported key file into the browser of your choice.")),
p("For example, Microsoft Internet Explorer (recent versions) can be used ",
"with X-Bone with these steps."),
startform(-action => url(-relative => "1"), -method => "post"),
table(Tr(th({-class => "secheader"}, "commonName", "DNS Host Name"),
td(textfield(-name => "commonName", -size => "40",
-maxlength => "64"))),
Tr(th( {-class => "secheader"}, "emailAddress", "Contact E-Mail"),
td(tt(param("emailAddress")))),
Tr(th({-class => "secheader"}, "organizationName", "Organization"),
td(textfield(-name => "organizationName", -size => "40",
-maxlength => "64"))),
Tr(th({-class => "normalheader"}, b("Organizational Unit")),
td(textfield(-name => "organizationalUnitName", -size => "40",
-maxlength => "64"))),
Tr(th({-class => "normalheader"}, b("City")),
td(textfield(-name => "localityName", -size => "20",
-maxlength => "32"))),
Tr(th({-class => "normalheader"}, b("State")),
td(textfield(-name => "stateOrProvinceName", -size => "20",
-maxlength => "32"))),
Tr(th({-class => "normalheader"}, b("Country")),
td(textfield(-name => "countryName", -size => "2",
-maxlength => "2"))),
Tr(th({-class => "normalheader"}, "Key Length"),
td('<keygen name="SPKAC" challenge="challengePassword">'))), br,
submit(-name => "SUBMIT", -value => "Submit $title"), " ",
CGI::reset({-class => "black"}, "Undo Changes"), end_form,
p("Back to the ", a({-href => "/"}, "main X-Bone page") . "."),
end_html;
}
syntax highlighted by Code2HTML, v. 0.9.1