Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
OpenXPKI::Server::WorkUsernContributedrPerlrDocumentativity::Tools::Approve(3)

    if (defined	$context->param('_signature')) {
	# we have a signature
	##! 16:	'signature present'
	my $sig	     = $context->param('_signature');
	if ($sig !~ m{\A .* \n\z}xms) {
	    ##!	64: 'sig does not end with \n, add it'
	    $sig .= "\n";
	}
	my $sig_text = $context->param('_signature_text');
	##! 64:	'sig: '	. $sig
	##! 64:	'sig_text: ' . $sig_text

	my $pkcs7 = "-----BEGIN	PKCS7-----\n"
		. $sig
		. "-----END PKCS7-----\n";

	##! 32:	'pkcs7:	' . $pkcs7

	my $default_token = CTX('api')->get_default_token();
	my @signer_chain = @{ $default_token->command({
	    COMMAND	   => 'pkcs7_get_chain',
	    PKCS7	   => $pkcs7,
	}) };
	##! 64:	'signer_chain: ' . Dumper \@signer_chain

	my $x509_signer	= OpenXPKI::Crypto::X509->new(
	    TOKEN => $default_token,
	    DATA  => $signer_chain[0]
	);

	my $sig_identifier = $x509_signer->get_identifier();
	my $signer_subject = $x509_signer->get_subject();

	if (! defined $sig_identifier || $sig_identifier eq '')	{
	    OpenXPKI::Exception->throw(
		message	=> 'I18N_OPENXPKI_SERVER_WORKFLOW_ACTIVITY_TOOLS_APPROVE_COULD_NOT_DETERMINE_SIGNER_CERTIFICATE_IDENTIFIER',
		log	=> {
		    logger   =>	CTX('log'),
		    priority =>	'info',
		    facility =>	'system',
		},
	    );
	}

	CTX('log')->log(
	    MESSAGE => 'Signed approval	for workflow ' . $workflow->id() . " by	user $user, role $role",
	    PRIORITY =>	'info',
	    FACILITY =>	['audit', 'application'	],
	);

	# look for already present approvals by	someone	with the same
	# certificate and role
	if ($self->param('multi_role_approval')	&&
	  (! grep {$_->{session_user} eq $user &&
		   $_->{session_role} eq $role}	@approvals)) {
	    ##!	64: 'multi role	approval enabled and (user, role) pair not found in present approvals'
	    push @approvals, {
		'session_user'	    => $user,
		'session_role'	    => $role,
		'signature'	    => $sig,
		'plaintext'	    => $sig_text,
		'signer_identifier' => $sig_identifier,
		'signer_subject'    => $signer_subject,
	    },
	}
	elsif (! $self->param('multi_role_approval') &&
	       ! grep {$_->{session_user} eq $user} @approvals)	{
	    ##!	64: 'multi role	approval disabled and user not found in	present	approvals'
	    push @approvals, {
		'session_user'	    => $user,
		'session_role'	    => $role,
		'signature'	    => $sig,
		'plaintext'	    => $sig_text,
		'signer_identifier' => $sig_identifier,
		'signer_subject'    => $signer_subject,
	    },
	}
    }
    # Unsigned Approvals
    else {

Name
       OpenXPKI::Server::Workflow::Activity::Tools::Approve

Description
       This class implements simple possibility	to store approvals as a
       serialized array. This allows for easy evaluation of needed approvals
       in the condition	class Condition::Approved.

       The activity has	several	operational modes, that	are determined by the
       mode parameter.

   Session Based Approval
       This is the default mode, it adds the user and role from	the current
       session to the list of approvals. Only one approval by the same user is
       allowed,	if the action is called	by the same user mutliple times, the
       activity	will not update	the list of approvals.

       If you set the mutli_role_approval parameter to a true value, a user
       can approve one time with each role he can impersonate.

   Generated Approval
       Adds the	information passed via the comment parameter as	approval.
       Note that there is no duplicate check like in the session approval, if
       you call	this multiple times you	will end up with multiple valid
       approvals.

       The comment is mandatory, if not	given the action will exit with	a
       workflow	configuration error.

Configuration
   Activity Parameters
       mode
	   Operation mode, possible values are session or generated

       mutli_role_approval
	   Boolean, allow multiple approvals by	same user with differen	roles

       comment
	   The approval	comment	to add for generated approvals,	mandatory in
	   generated mode.

   Context Parameters
       approvals
	   The serialized array	of given approvals, each item is a hash
	   holding the approval	information.

perl v5.24.1	       OpenXPKI::Server::Workflow::Activity::Tools::Approve(3)

Name | Description | Configuration

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=OpenXPKI::Server::Workflow::Activity::Tools::Approve&sektion=3&manpath=FreeBSD+12.0-RELEASE+and+Ports>

home | help