1
# Copyright (C) 2009-2012 eBox Technologies S.L.
3
# This program is free software; you can redistribute it and/or modify
4
# it under the terms of the GNU General Public License, version 2, as
5
# published by the Free Software Foundation.
7
# This program is distributed in the hope that it will be useful,
8
# but WITHOUT ANY WARRANTY; without even the implied warranty of
9
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10
# GNU General Public License for more details.
12
# You should have received a copy of the GNU General Public License
13
# along with this program; if not, write to the Free Software
14
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
16
# Class: EBox::CA::Certificates
20
package EBox::CA::Certificates;
22
use base qw(EBox::CA::Observer);
30
use File::Temp qw(tempfile);
32
# Group: Public methods
36
# Create the new CA Certificates model
40
# <EBox::CA::Certificates> - the recently created model
55
# Generates all the certificates requested by all the services
61
my @srvscerts = @{$self->srvsCerts()};
62
foreach my $srvcert (@srvscerts) {
63
$self->_genCert($srvcert);
67
# Method: certificateRevoked
71
# <EBox::CA::Observer::certificateRevoked>
73
sub certificateRevoked
75
my ($self, $commonName, $isCACert) = @_;
77
my $ca = EBox::Global->modInstance('ca');
78
my $model = $ca->model('Certificates');
80
return $model->certUsedByService($commonName);
83
# Method: certificateRenewed
87
# <EBox::CA::Observer::certificateRenewed>
89
sub certificateRenewed
93
$self->genCerts(); #FIXME only regen renewed certs
96
# Method: certificateExpired
100
# <EBox::CA::Observer::certificateExpired>
102
sub certificateExpired
104
my ($self, $commonName, $isCACert) = @_;
106
my $ca = EBox::Global->modInstance('ca');
107
my $model = $ca->model('Certificates');
109
my @srvscerts = @{$self->srvsCerts()};
110
foreach my $srvcert (@srvscerts) {
111
my $service = $srvcert->{'service'};
112
my $cn = $model->cnByService($service);
113
if ($cn eq $commonName) {
114
$model->disableService($service);
119
# Method: freeCertificate
123
# <EBox::CA::Observer::freeCertificate>
127
my ($self, $commonName) = @_;
129
my $ca = EBox::Global->modInstance('ca');
130
my $model = $ca->model('Certificates');
132
my @srvscerts = @{$self->srvsCerts()};
133
foreach my $srvcert (@srvscerts) {
134
my $service = $srvcert->{'service'};
135
my $cn = $model->cnByService($service);
136
if ($cn eq $commonName) {
137
$model->disableService($service);
144
# All services which request a certificate as provided
145
# by EBox::Module::Service::certificates() plus the
146
# module they are from.
150
# A ref to array with all the services information
157
my @mods = @{$self->_modsService()};
158
for my $mod (@mods) {
159
my @modsrvs = @{EBox::Global->modInstance($mod)->certificates()};
160
next unless @modsrvs;
161
for my $srv (@modsrvs) {
162
$srv->{'module'} = $mod;
163
push(@srvscerts, $srv);
170
# Group: Public methods
174
# Generates the certificate for a service
178
my ($self, $srvcert) = @_;
180
my $ca = EBox::Global->modInstance('ca');
182
my $model = $ca->model('Certificates');
184
my $service = $srvcert->{'service'};
185
return undef unless ($model->isEnabledService($service));
187
my $cn = $model->cnByService($service);
188
return undef unless (defined($cn));
190
my $certMD = $ca->getCertificateMetadata(cn => $cn);
191
if ((not defined($certMD)) or ($certMD->{state} ne 'V')) {
192
# Check the expiration date
193
my $caMD = $ca->getCACertificateMetadata();
194
$ca->issueCertificate(
196
endDate => $caMD->{expiryDate},
200
my $cert = $ca->getCertificateMetadata(cn => $cn)->{'path'};
201
my $privkey = $ca->getKeys($cn)->{'privateKey'};
203
my ($tempfile_fh, $tempfile) = tempfile(EBox::Config::tmp . "/ca_certificates_XXXXXX") or
204
throw EBox::Exceptions::Internal("Could not create temporal file.");
206
open(CERT, $cert) or throw EBox::Exceptions::Internal('Could not open certificate file.');
207
my @certdata = <CERT>;
209
open(KEY, $privkey) or throw EBox::Exceptions::Internal('Could not open certificate file.');
210
my @privkeydata = <KEY>;
213
print $tempfile_fh @certdata;
214
print $tempfile_fh @privkeydata;
219
my $user = $srvcert->{'user'};
220
my $group = $srvcert->{'group'};
221
push (@commands, "/bin/chown $user:$group $tempfile");
223
my $mode = $srvcert->{'mode'};
224
push (@commands, "/bin/chmod $mode $tempfile");
226
my $path = $srvcert->{'path'};
227
push (@commands, "mkdir -p `dirname $path`");
228
push (@commands, "mv -f $tempfile $path");
230
EBox::Sudo::root(@commands);
233
# Method: _modsService
235
# All configured service modules (EBox::Module::Service)
236
# which could be implmenting the certificates method.
240
# A ref to array with all the Module::Service names
246
my @names = @{EBox::Global->modInstancesOfType('EBox::Module::Service')};
249
foreach my $name (@names) {
250
$name->configured() or next;
251
push (@mods, $name->name());