4 $CRLURINEW_PATH = "/var/lib/3gates/crlurinew";
5 $CRLURI_PATH = "/var/lib/3gates/crluri";
6 $CRL_PATH = "/var/lib/3gates/crl";
7 $OPENSSL_PATH = "/usr/bin/openssl";
9 /* function crgt_certgate() return values */
10 define("CRGT_TRUE", 0);
11 define("CRGT_FALSE", 1);
12 define("CRGT_RETRY", 2);
17 * string crgt_ret2str(er)
20 * convert the return value of crgt_certgate() to a string
22 * er - value returned by crgt_certgate()
25 * Return a string description of the returned value of crgt_certgate() function, "value unknown"
29 function crgt_ret2str($er)
42 $ret = "value unknown";
51 * lock_handle crgt_lock(mode)
54 * lock the shared dir where cooperate with certgate python script
56 * mode - LOCK_SH or LOCK_EX - to share as a reader or a writer
59 * Return a handle to lock the locked file, FALSE elseXXX.
67 function crgt_lock () {
74 GLOBAL $CRLURINEW_PATH;
76 $umask_old = umask(002);
77 if (($this->fp = fopen($CRLURINEW_PATH."/certgate.lck", "w+")) == FALSE) {
82 $lck = flock($this->fp, $mode);
89 flock($this->lck, LOCK_UN);
104 * lock_handle crgt_lock(mode)
107 * lock the shared dir where cooperate with certgate python script
109 * mode - LOCK_SH or LOCK_EX - to share as a reader or a writer
112 * Return a handle to lock the locked file, FALSE elseXXX.
115 function crgt_lock($mode)
117 GLOBAL $CRLURINEW_PATH;
119 $umask_old = umask(002);
120 if (($fp = fopen($CRLURINEW_PATH."/certgate.lck", "w+")) == FALSE) {
125 return (flock($fp, $mode));
130 * void crgt_lock(lock_handle)
133 * unlock a previews locked session
135 * lock_handle - the handle of the lock
138 function crgt_unlock($lck)
140 flock($lck, LOCK_UN);
146 * array &crgt_getcrluri($cert)
149 * get crl URIS from a client certificate
152 * return an array of URIS (string) or FALSE if an error is occurred
155 function &crgt_getcrluri($cert)
157 GLOBAL $OPENSSL_PATH;
164 $descriptorspec = array(
165 0 => array("pipe", "r"), // stdin is a pipe that the child will read from
166 1 => array("pipe", "w"), // stdout is a pipe that the child will write to
167 2 => array("pipe", "w") // stderr is a file to write to
171 $process = proc_open($OPENSSL_PATH.' x509 -text -noout', $descriptorspec, $pipes);
172 if (is_resource($process)) {
173 // $pipes now looks like this:
174 // 0 => writeable handle connected to child stdin
175 // 1 => readable handle connected to child stdout
176 // Any error output will be appended to /tmp/error-output.txt
178 fwrite($pipes[0], $cert);
180 while (!feof($pipes[1])) {
181 $buffer = fgets($pipes[1], 4096);
183 if (stristr($buffer, 'CRL Distribution Points')) {
188 // if (strstr($buffer, 'URI:')) {
189 if (eregi('^ *URI:', $buffer)) {
190 $retarr[$retarr_n++] = eregi_replace('^ *URI:', '', rtrim($buffer, "\r\n"));
192 else if ($buffer != "\n")
201 // It is important that you close any pipes before calling
202 // proc_close in order to avoid a deadlock
203 $return_value = proc_close($process);
206 if ($st != 2 || $return_value != 0)
214 * string crgt_crluri2str(crluri)
217 * convert the crluri array to a string
219 * crluri - array of crluri (strings)
222 * return a string that is the sum of all crluri array entries ('\n' separated)
225 function crgt_crluri2str($crluri)
229 for ($i = 0 ; $i < count($crluri) ; $i++)
230 $crluri_str .= $crluri[$i]."\n";
232 return ($crluri_str);
238 * string crgt_str2hash(str)
241 * compute the hash of a string
243 * str - string to be hashed
246 * return the computed hash
249 function crgt_str2hash($str)
251 $hash = mhash(MHASH_CRC32, $str);
256 function crgt_certgate($cert, $onlycheck)
258 GLOBAL $CRLURI_PATH, $CRLURINEW_PATH, $CRL_PATH;
265 $lock = new crgt_lock();
267 if (($lock->lock(LOCK_SH)) == FALSE)
269 if (($crluri = crgt_getcrluri($cert)) == FALSE)
272 if (!is_array($crluri))
275 $crluri_str = crgt_crluri2str($crluri);
277 $crluri_hash = crgt_str2hash($crluri_str);
279 $crluri_file = sprintf("%s/%s.cont", $CRLURI_PATH, bin2hex($crluri_hash));
280 $crlurinew_file = sprintf("%s/%s.cont", $CRLURINEW_PATH, bin2hex($crluri_hash));
281 $crluri_exists = file_exists($crluri_file);
282 $crlurinew_exists = file_exists($crlurinew_file);
285 // if crluri file don't exists:
286 if (!$crluri_exists && !$crlurinew_exists) {
288 // if onlycheck return false
292 // else add it in the list of crluri list
295 // lock the dir as writer
296 if (($lock->lock(LOCK_EX)) == FALSE)
299 $umask_old = umask(002);
300 if (($fp = fopen($crlurinew_file, "w")) == FALSE)
302 if (fwrite($fp, $crluri_str) < strlen($crluri_str))
308 $crl_file = sprintf("%s/%s.crl", $CRL_PATH, bin2hex($crluri_hash));
309 if (($crl_exists = file_exists($crl_file)) == FALSE) {
318 if ($umask_old != -1)