## OpenCA - Public Web-Gateway Command
## (c) Copyright 1998-2004 The OpenCA Project
##
##   File Name: approveCRRnotSigned
##       Brief: store the revreq to the DB
##     Version: $Revision: 1.13.2.2 $
## Description: store the revreq to the DB for RA Operator approval
##  Parameters: head, text, signature

use strict;

sub cmdApproveCRRnotSigned {

our ($cryptoShell, $query, $db);

## Reserved variables
my ( $text, $cert, @search, $certTable );

## To aprove a Request, we need it signed by the RA operator
my $beginHeader = "-----BEGIN HEADER-----";
my $endHeader = "-----END HEADER-----";

## Get the parameters
my $head        = $query->param('head');
my $body        = $query->param('text');

my $req_txt = $head . $body;

## Try to build the REQ object
my $req = new OpenCA::REQ ( SHELL   => $cryptoShell,
                            GETTEXT => \&i18nGettext,
                            DATA    => $req_txt );
if( not $req ) {
	configError( gettext ("Error while creating the request."));
}

## check for the old request and attach the signature of the user
my $h = $db->getItem (DATATYPE => "CRR", KEY => $req->getSerial());
$req_txt .= $h->getParsed()->{SIGNATURE} if ($h);

$req = new OpenCA::REQ ( SHELL   => $cryptoShell,
                         GETTEXT => \&i18nGettext,
                         DATA    => $req_txt );
if( not $req ) {
	configError( gettext ("Error while creating the request."));
}

## download the certificate
my $cert = $db->getItem ( DATATYPE => "CERTIFICATE", KEY => $req->getParsed()->{REVOKE_CERTIFICATE_SERIAL} );
if (not $cert) {
	##// it's not good to show the user the detailed problem
	print STDERR "SECURITY ALERT BY PKI: database failed during loading the certificate ".
                $req->getParsed()->{REVOKE_CERTIFICATE_SERIAL}."\n";
	configError( gettext ("Error while loading the affected certificate."));
}

if ( not $db->updateStatus ( OBJECT=>$req, DATATYPE=>"PENDING_CRR", NEWTYPE => "APPROVED_CRR" ) and
     not $db->updateStatus ( OBJECT=>$req, DATATYPE=>"SIGNED_CRR", NEWTYPE => "APPROVED_CRR" ) and
     not $db->updateStatus ( OBJECT=>$req, DATATYPE=>"NEW_CRR", NEWTYPE => "APPROVED_CRR" )) {
	if ( not $db->storeItem( OBJECT=>$req, DATATYPE=>"APPROVED_CRR", MODE => "INSERT" )) {
		print STDERR "SECURITY ALERT BY PKI: database failed during storing a correct CRR which follows\n".
			$req_txt."\n";
		configError( gettext ("Error while storing the request."));
	}
}

if (not (
     $db->updateStatus ( OBJECT => $cert, DATATYPE=>"VALID_CERTIFICATE", NEWTYPE => "SUSPENDED_CERTIFICATE") or
     $db->updateStatus ( OBJECT => $cert, DATATYPE=>"EXPIRED_CERTIFICATE", NEWTYPE => "SUSPENDED_CERTIFICATE"))) {
	if ( not $db->getItem (DATATYPE=>"SUSPENDED_CERTIFICATE", KEY=>$cert->getSerial()) and
	     not $db->getItem (DATATYPE=>"REVOKED_CERTIFICATE",   KEY=>$cert->getSerial()) ) {
		print STDERR "SECURITY ALERT BY PKI: database failed during storing a correct CRR which follows\n".
			$req_txt."\n";
		configError( gettext ("Failed to change the certificate's state."));
	}
}

my $message = i18nGettext ("Your revocation request has been accepted and is now <B>waiting to be processed</B>.\n If you want to check out if the request has been correctly received, you can see the __BEGIN_LINK__ Approved Revocation Requests List __END_LINK__.",
                           "__BEGIN_LINK__", '<a href="?cmd=listCRR&dataType=APPROVED_CRR">',
                           "__END_LINK__", "</a>");

return libSendReply (
                     "TIMESTAMP"   => 1,
                     "NAME"        => gettext ("Revocation Request Approved without Signature"),
                     "EXPLANATION" => $message
                    );
}

1;
