#!/usr/bin/perl -w

use Crypt::OpenSSL::Random;
use Crypt::OpenSSL::RSA;


print "Now the CA is working on the request:\n";

Crypt::OpenSSL::RSA->import_random_seed();

print "Loading the vendor public key:\n";

open IN,"<vendor-pub.pem";
undef $/;
my $pub_string=<IN>;
close IN;
$rsa_pub = Crypt::OpenSSL::RSA->new_public_key($pub_string);




$plaintext= `openssl req -in server.csr -pubkey -noout`;

print "Plaintext: \n$plaintext\n\n";

print "Parsing the request\n";

my $output=`openssl req -in server.csr -text -noout`;

#    print $output;

print "Looking for the QCSR\n";

    if($output=~m/1\.3\.6\.1\.4\.1\.18506\.1\.1\s*:\s*([0-9A-F]{256})\s/)
    {
      print "QCSR was found in the request.\n";
      my $signature=pack("H*",$1);

      open OUT,">verified_qcsr.bin";
      print OUT $signature;
      close OUT;

      if ($rsa_pub->verify($plaintext, $signature))
      {
        print "Signed correctly, issueing a qualified certificate\n" ;
      }
      else
      {
        print "Signature is not correct\n" ;
      }
    }
    else
    {
      print "Not a qualified request\n";
    }