## OpenCA - RA Server Command
## (c) 1998-2001 by Massimiliano Pala and OpenCA Group
## (c) Copyright 2002-2004 The OpenCA Project
##
##   File Name: approveCSRnotSigned
##       Brief: approve Request
##     Version: $Revision: 1.12.2.2 $
## Description: Adds a confirmed request into the APPROVED_REQUEST dB
##  Parameters: key, dataType, text, signature

use strict;

sub cmdApproveCSRnotSigned {

our ($db, $query, $cryptoShell, $errval);

## Get the parameters
my $key 	= $query->param( 'key' );
my $dataType 	= $query->param( 'dataType' );
my $text 	= $query->param( 'text' );
my $head 	= $query->param( 'head' );
my $inform	= "PEM";

## Get Conf Parameters
my $tempDir	= getRequired('tempDir');

my ( $req, $item, $sig, $sigStatus, $signer );

# $signature =~ s/\n*$//;

$text  = "$head" . "$text\n";

if( not $req = $db->getItem( DATATYPE=>$dataType, KEY=>$key) ) {
	generalError( i18nGettext ("Cannot find __DATATYPE__ REQ in DB!", "__DATATYPE__", $dataType));
}

$text .= $req->getParsed()->{KEY};

## FIXME: should we check the subject here if it is not dynamic via serials?

if ($dataType !~ /RENEW/i and not $req->getParsed()->{HEADER}->{RENEW}) {
	# check the public key
	## Check if there are certificates with the same keys
	my @certList = $db->searchItems( DATATYPE=>    "CERTIFICATE",
					PUBKEY => $req->getParsed()->{PUBKEY});
 
	my $errorString = gettext ("A Certificate with the same public key exists!")."<br>\n".
			          gettext ("This is a keycompromise of the certificates with the serial:")."\n".
			"<ul>\n";
	foreach my $h (@certList) {
		$errorString .= "<li>".$h->getSerial()."</li>\n";
	}
	$errorString .= gettext ("Please revoke the certificates and delete the request.")."\n";
 
	generalError( $errorString ) if($#certList > -1);
}

if( $req->getParsed()->{HEADER}->{TYPE} =~ /(PKCS#10|IE)/i ) {
	$inform = "PEM";
} else {
	$inform = $req->getParsed()->{HEADER}->{TYPE};
}

if( not $item = new OpenCA::REQ ( SHELL   => $cryptoShell, 
                                  GETTEXT => \&i18nGettext,
			          INFORM  => $inform,
                                  DATA    => $text )) {
	generalError( i18nGettext ("Cannot create a new REQ object (__KEY__)!", "__KEY__", $key));
}

if (not crypto_check_lifetime ($item, $req->getParsed()->{HEADER}->{ROLE}))
{
    generalError ($errval, $errval);
}

if ( not $db->updateStatus ( DATATYPE=>$dataType, OBJECT => $item, NEWTYPE=>"APPROVED_REQUEST") ) {
	generalError( i18nGettext ("Error while updating the status uf the request (__KEY__)!", "__KEY__", $key));
}

return libSendReply (
                     "TIMESTAMP"   => 1,
                     "NAME"        => gettext ("Certificate Signing Request Approved"),
                     "EXPLANATION" => gettext ("Certificate Request Successfully approved.")."\n".
                                      gettext ("Signature: not available because the request was not signed")
                    );
}

1;

