4 ### Insert a certificate request into the database.
6 ### (c) 2011 Mark Wooding
9 ###----- Licensing notice ---------------------------------------------------
11 ### This program is free software; you can redistribute it and/or modify
12 ### it under the terms of the GNU General Public License as published by
13 ### the Free Software Foundation; either version 2 of the License, or
14 ### (at your option) any later version.
16 ### This program is distributed in the hope that it will be useful,
17 ### but WITHOUT ANY WARRANTY; without even the implied warranty of
18 ### MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 ### GNU General Public License for more details.
21 ### You should have received a copy of the GNU General Public License
22 ### along with this program; if not, write to the Free Software Foundation,
23 ### Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
25 ## Find the common utilities.
26 source [file join [file dirname $argv0] "../lib/func.tcl"]
28 ## Parse the command line.
30 set usage "usage: $argv0 \[-replace\] PROFILE TAG FILE"
31 for {set i 0} {$i < [llength $argv]} {incr i} {
32 switch -glob -- [lindex $argv $i] {
49 set args [lrange $argv $i end]
50 if {[llength $args] != 3} {
54 lassign $args profile tag file
57 sqlite3 db "$CERTROOT/state/ca.db"
59 ## Do most of the work in a transaction.
63 ## Check whether this tag is already taken.
64 if {!$O(replace) && [db exists {
66 WHERE tag = $tag AND st = 'active';
68 error "request `$tag' already active"
71 ## Check whether the profile exists.
73 SELECT 1 FROM profile WHERE label = $profile AND tombstone = 0;
75 error "unknown profile `$profile'"
78 ## Copy the file away.
79 fresh-temp "$CERTROOT/tmp" tmp {
80 exec openssl req -text -in $file -out $tmp
82 cleanup { file delete $tmp }
84 ## Get lots of information about the request.
86 set hash [req-key-hash $tmp]
88 ## Get an id number for the new request.
91 SET request_seq = request_seq + 1;
94 SELECT request_seq FROM meta;
97 ## Insert the new record into the request table.
99 UPDATE request SET st = 'withdrawn' WHERE tag = $tag AND st = 'active';
100 INSERT INTO request(id, tag, dn, hash, st, profile)
101 VALUES ($id, $tag, $dn, @hash, 'active', $profile);
104 ## Link the file into the right place.
105 file link -hard "$CERTROOT/req/by-id/$id" $tmp
106 exec ln -sf "../by-id/$id" "$CERTROOT/req/active/$tag"
109 ## Issue a shiny new certificate.
113 ## Publish any necessary changes.