Add routine to create certificate

1 files changed, 35 insertions, 0 deletions

diff --git a/src/libtdeldap.cpp b/src/libtdeldap.cpp
index 936bb94..34123cd 100644
--- a/src/libtdeldap.cpp
+++ b/src/libtdeldap.cpp
@@ -32,6 +32,8 @@
 #include <klineedit.h>
 #include <kpassdlg.h>
 #include <ksimpleconfig.h>
+#include <tdesu/process.h>
+#include <ksslcertificate.h>
 
 #include <ldap.h>
 #include <stdlib.h>
@@ -1678,6 +1680,39 @@ void LDAPManager::writeTDERealmList(LDAPRealmConfigList realms, KSimpleConfig* c
 	}
 }
 
+TQDateTime LDAPManager::getCertificateExpiration(TQString certfile) {
+	TQDateTime ret;
+
+	TQFile file(certfile);
+	if (file.open(IO_ReadOnly)) {
+		TQByteArray ba = file.readAll();
+		file.close();
+
+		TQCString ssldata(ba);
+		ssldata.replace("-----BEGIN CERTIFICATE-----", "");
+		ssldata.replace("-----END CERTIFICATE-----", "");
+		ssldata.replace("\n", "");
+		KSSLCertificate* cert = KSSLCertificate::fromString(ssldata);
+		if (cert) {
+			ret = cert->getQDTNotAfter();
+			delete cert;
+		}
+	}
+
+	return ret;
+}
+
+int LDAPManager::generatePublicKerberosCACertificate(LDAPCertConfig certinfo) {
+	TQString command;
+
+	command = TQString("openssl req -key %1 -new -x509 -out %2 -subj \"/C=%3/ST=%4/L=%5/O=%6/OU=%7/CN=%8/emailAddress=%9\"").arg(KERBEROS_PKI_PEMKEY_FILE).arg(KERBEROS_PKI_PEM_FILE).arg(certinfo.countryName).arg(certinfo.stateOrProvinceName).arg(certinfo.localityName).arg(certinfo.organizationName).arg(certinfo.orgUnitName).arg(certinfo.commonName).arg(certinfo.emailAddress);
+	system(command);
+	chmod(KERBEROS_PKI_PEM_FILE, S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH);
+	chown(KERBEROS_PKI_PEM_FILE, 0, 0);
+
+	return 0;
+}
+
 TQString LDAPManager::getMachineFQDN() {
 	struct addrinfo hints, *info, *p;
 	int gai_result;