Web interface: added forgotten file /lib/display_field.mhtml
[openxpki.git] / trunk / clients / perl / OpenXPKI-Client-SCEP / bin / scep
blob5b0c306d4b4767e3f1eeb619970289445b22c358
1 #!/usr/bin/perl
2 ## scep.pl - CGI script for the OpenXPKI SCEP server
3 ##
4 ## Written by Alexander Klink for the OpenXPKI project
5 ## Copyright (c) 2006 by The OpenXPKI project
7 use strict;
8 use warnings;
9 use CGI qw( -debug );
10 use Config::Std;
11 use NetAddr::IP;
12 use English;
14 require OpenXPKI::Client::SCEP;
15 my $query = new CGI;
17 # Configuration via Config::Std;
18 # set config file in the line below
19 # TODO: depending on performance, change into a simple
20 # include and use perl syntax in config file.
21 my $configfile = -r '/etc/openxpki/scep.conf' ? '/etc/openxpki/scep.conf' : $PROGRAM_NAME . '.cfg';
22 die 'Could not read config file' unless (-r $configfile);
24 read_config $configfile => my %config;
25 my $socket = $config{global}{socket};
26 my $realm = $config{global}{realm};
27 my $iprange = $config{global}{iprange};
28 my $profile = $config{global}{profile};
29 my $server = $config{global}{servername};
30 my $enc_alg = $config{global}{encryption_algorithm};
32 my $allowed_range = new NetAddr::IP $iprange; # the allowed IP range
33 # from the config file
34 my $requesting_host = new NetAddr::IP $ENV{'REMOTE_ADDR'}; # the host
36 # Check if requesting host is allowed to talk to us
37 if (!$requesting_host->within($allowed_range)) {
38 # TODO: better response?
39 print "Content-Type: text/plain\n\nGo away\n";
40 die("Unauthorized access from $requesting_host");
42 else {
43 # Fetch SCEP message from CGI (cf. Section 3.1 of the SCEP draft)
44 # http://www.ietf.org/internet-drafts/draft-nourse-scep-13.txt
45 my $operation = $query->param('operation');
46 my $message = $query->param('message');
48 # OpenXPKI::Client::SCEP does the actual work
49 my $scep_client = OpenXPKI::Client::SCEP->new(
51 SERVICE => 'SCEP',
52 REALM => $realm,
53 SOCKETFILE => $socket,
54 TIMEOUT => 120, # TODO - make configurable?
55 PROFILE => $profile,
56 OPERATION => $operation,
57 MESSAGE => $message,
58 SERVER => $server,
59 ENCRYPTION_ALGORITHM => $enc_alg,
60 });
61 if (! defined $scep_client) {
62 die "SCEP client not defined";
64 my $result = $scep_client->send_request();
65 print $result;