trunk/clients/perl/OpenXPKI-Client-SCEP/bin/scep

   1 #!/usr/bin/perl
   2 ## scep.pl - CGI script for the OpenXPKI SCEP server
   3 ##
   4 ## Written by Alexander Klink for the OpenXPKI project
   5 ## Copyright (c) 2006 by The OpenXPKI project
   6
   7 use strict;
   8 use warnings;
   9 use CGI qw( -debug );
  10 use Config::Std;
  11 use NetAddr::IP;
  12 use English;
  13
  14 require OpenXPKI::Client::SCEP;
  15 my $query = new CGI;
  16
  17 # Configuration via Config::Std;
  18 # set config file in the line below
  19 # TODO: depending on performance, change into a simple
  20 #       include and use perl syntax in config file.
  21 my $configfile = -r '/etc/openxpki/scep.conf' ? '/etc/openxpki/scep.conf' : $PROGRAM_NAME . '.cfg';
  22 die 'Could not read config file' unless (-r $configfile);
  23
  24 read_config $configfile => my %config;
  25 my $socket  = $config{global}{socket};
  26 my $realm   = $config{global}{realm};
  27 my $iprange = $config{global}{iprange};
  28 my $profile = $config{global}{profile};
  29 my $server  = $config{global}{servername};
  30 my $enc_alg = $config{global}{encryption_algorithm};
  31
  32 my $allowed_range = new NetAddr::IP $iprange; # the allowed IP range
  33                                               # from the config file
  34 my $requesting_host = new NetAddr::IP $ENV{'REMOTE_ADDR'}; # the host
  35
  36 # Check if requesting host is allowed to talk to us
  37 if (!$requesting_host->within($allowed_range)) {
  38 # TODO: better response?
  39     print "Content-Type: text/plain\n\nGo away\n";
  40     die("Unauthorized access from $requesting_host");
  41 }
  42 else {
  43     # Fetch SCEP message from CGI (cf. Section 3.1 of the SCEP draft)
  44     # http://www.ietf.org/internet-drafts/draft-nourse-scep-13.txt
  45     my $operation = $query->param('operation');
  46     my $message   = $query->param('message');
  47
  48     # OpenXPKI::Client::SCEP does the actual work
  49     my $scep_client = OpenXPKI::Client::SCEP->new(
  50         {
  51         SERVICE    => 'SCEP',
  52         REALM      => $realm,
  53         SOCKETFILE => $socket,
  54         TIMEOUT    => 120, # TODO - make configurable?
  55         PROFILE    => $profile,
  56         OPERATION  => $operation,
  57         MESSAGE    => $message,
  58         SERVER     => $server,
  59         ENCRYPTION_ALGORITHM => $enc_alg,
  60         });
  61     if (! defined $scep_client) {
  62         die "SCEP client not defined";
  63     }
  64     my $result = $scep_client->send_request();
  65     print $result;
  66 }
  67