system_certmanager.php 53 KB
Newer Older
Ad Schellevis's avatar
Ad Schellevis committed
1
<?php
2

3
/*
4
    Copyright (C) 2014-2015 Deciso B.V.
Ad Schellevis's avatar
Ad Schellevis committed
5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29
    Copyright (C) 2008 Shrew Soft Inc.
    All rights reserved.

    Redistribution and use in source and binary forms, with or without
    modification, are permitted provided that the following conditions are met:

    1. Redistributions of source code must retain the above copyright notice,
       this list of conditions and the following disclaimer.

    2. Redistributions in binary form must reproduce the above copyright
       notice, this list of conditions and the following disclaimer in the
       documentation and/or other materials provided with the distribution.

    THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
    INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
    AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
    AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
    OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
    SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
    INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
    CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
    ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
    POSSIBILITY OF SUCH DAMAGE.
*/

30
require_once('guiconfig.inc');
31
require_once("system.inc");
Ad Schellevis's avatar
Ad Schellevis committed
32

33 34
function csr_generate(&$cert, $keylen, $dn, $digest_alg = 'sha256')
{
35
	$args = array(
36 37 38 39 40 41 42
		'config' => '/usr/local/etc/ssl/opnsense.cnf',
		'private_key_type' => OPENSSL_KEYTYPE_RSA,
		'private_key_bits' => (int)$keylen,
		'x509_extensions' => 'v3_req',
		'digest_alg' => $digest_alg,
		'encrypt_key' => false
	);
43 44 45

	// generate a new key pair
	$res_key = openssl_pkey_new($args);
46 47 48
	if (!$res_key) {
		return false;
	}
49 50 51

	// generate a certificate signing request
	$res_csr = openssl_csr_new($dn, $res_key, $args);
52 53 54
	if (!$res_csr) {
		return false;
	}
55 56 57

	// export our request data
	if (!openssl_pkey_export($res_key, $str_key) ||
58
	    !openssl_csr_export($res_csr, $str_csr)) {
59
		return false;
60
	}
61 62 63 64 65 66 67 68

	// return our request information
	$cert['csr'] = base64_encode($str_csr);
	$cert['prv'] = base64_encode($str_key);

	return true;
}

69 70
function csr_complete(& $cert, $str_crt)
{
71 72 73 74 75 76 77 78 79 80 81 82
	// return our request information
	$cert['crt'] = base64_encode($str_crt);
	unset($cert['csr']);

	return true;
}

function csr_get_modulus($str_crt, $decode = true)
{
	return cert_get_modulus($str_crt, $decode, 'csr');
}

Ad Schellevis's avatar
Ad Schellevis committed
83
$cert_methods = array(
84 85 86
    "import" => gettext("Import an existing Certificate"),
    "internal" => gettext("Create an internal Certificate"),
    "external" => gettext("Create a Certificate Signing Request"),
Ad Schellevis's avatar
Ad Schellevis committed
87 88 89 90 91 92 93 94 95
);

$cert_keylens = array( "512", "1024", "2048", "4096");

$altname_types = array("DNS", "IP", "email", "URI");
$openssl_digest_algs = array("sha1", "sha224", "sha256", "sha384", "sha512");

$pgtitle = array(gettext("System"), gettext("Certificate Manager"));

96
if (isset($_GET['userid']) && is_numericint($_GET['userid'])) {
97 98 99 100 101
    $userid = $_GET['userid'];
}
if (isset($_POST['userid']) && is_numericint($_POST['userid'])) {
    $userid = $_POST['userid'];
}
Ad Schellevis's avatar
Ad Schellevis committed
102 103

if (isset($userid)) {
104 105 106 107 108
    $cert_methods["existing"] = gettext("Choose an existing certificate");
    if (!is_array($config['system']['user'])) {
        $config['system']['user'] = array();
    }
    $a_user =& $config['system']['user'];
Ad Schellevis's avatar
Ad Schellevis committed
109 110
}

111
if (isset($_GET['id']) && is_numericint($_GET['id'])) {
112 113 114 115 116
    $id = $_GET['id'];
}
if (isset($_POST['id']) && is_numericint($_POST['id'])) {
    $id = $_POST['id'];
}
Ad Schellevis's avatar
Ad Schellevis committed
117

118
if (!isset($config['ca']) || !is_array($config['ca'])) {
119 120
    $config['ca'] = array();
}
Ad Schellevis's avatar
Ad Schellevis committed
121 122 123

$a_ca =& $config['ca'];

124 125 126
if (!is_array($config['cert'])) {
    $config['cert'] = array();
}
Ad Schellevis's avatar
Ad Schellevis committed
127 128 129 130

$a_cert =& $config['cert'];

$internal_ca_count = 0;
131 132 133 134 135
foreach ($a_ca as $ca) {
    if ($ca['prv']) {
        $internal_ca_count++;
    }
}
Ad Schellevis's avatar
Ad Schellevis committed
136

137 138 139 140
$act = null;
if (isset($_GET['act'])) {
	$act = $_GET['act'];
} elseif (isset($_POST['act'])) {
141 142
    $act = $_POST['act'];
}
Ad Schellevis's avatar
Ad Schellevis committed
143 144

if ($act == "del") {
145 146 147 148
    if (!isset($a_cert[$id])) {
        redirectHeader("system_certmanager.php");
        exit;
    }
Ad Schellevis's avatar
Ad Schellevis committed
149

150 151 152 153 154 155
    $name = $a_cert[$id]['descr'];
    unset($a_cert[$id]);
    write_config();
    $savemsg = sprintf(gettext("Certificate %s successfully deleted"), $name) . "<br />";
    redirectHeader("system_certmanager.php");
    exit;
Ad Schellevis's avatar
Ad Schellevis committed
156 157 158
}

if ($act == "new") {
159 160 161
    if (isset($_GET['method'])) {
	$pconfig['method'] = $_GET['method'];
    } else {
162
	$pconfig['method'] = null;
163
    }
164 165 166 167 168
    $pconfig['keylen'] = "2048";
    $pconfig['digest_alg'] = "sha256";
    $pconfig['csr_keylen'] = "2048";
    $pconfig['csr_digest_alg'] = "sha256";
    $pconfig['lifetime'] = "365";
Ad Schellevis's avatar
Ad Schellevis committed
169 170 171
}

if ($act == "exp") {
172 173 174 175
    if (!$a_cert[$id]) {
        redirectHeader("system_certmanager.php");
        exit;
    }
Ad Schellevis's avatar
Ad Schellevis committed
176

177 178 179
    $exp_name = urlencode("{$a_cert[$id]['descr']}.crt");
    $exp_data = base64_decode($a_cert[$id]['crt']);
    $exp_size = strlen($exp_data);
Ad Schellevis's avatar
Ad Schellevis committed
180

181 182 183 184 185
    header("Content-Type: application/octet-stream");
    header("Content-Disposition: attachment; filename={$exp_name}");
    header("Content-Length: $exp_size");
    echo $exp_data;
    exit;
Ad Schellevis's avatar
Ad Schellevis committed
186 187 188
}

if ($act == "key") {
189 190 191 192
    if (!$a_cert[$id]) {
        redirectHeader("system_certmanager.php");
        exit;
    }
Ad Schellevis's avatar
Ad Schellevis committed
193

194 195 196
    $exp_name = urlencode("{$a_cert[$id]['descr']}.key");
    $exp_data = base64_decode($a_cert[$id]['prv']);
    $exp_size = strlen($exp_data);
Ad Schellevis's avatar
Ad Schellevis committed
197

198 199 200 201 202
    header("Content-Type: application/octet-stream");
    header("Content-Disposition: attachment; filename={$exp_name}");
    header("Content-Length: $exp_size");
    echo $exp_data;
    exit;
Ad Schellevis's avatar
Ad Schellevis committed
203 204 205
}

if ($act == "p12") {
206 207 208 209
    if (!$a_cert[$id]) {
        redirectHeader("system_certmanager.php");
        exit;
    }
Ad Schellevis's avatar
Ad Schellevis committed
210

211 212 213
    $exp_name = urlencode("{$a_cert[$id]['descr']}.p12");
    $args = array();
    $args['friendly_name'] = $a_cert[$id]['descr'];
Ad Schellevis's avatar
Ad Schellevis committed
214

215 216 217 218
    $ca = lookup_ca($a_cert[$id]['caref']);
    if ($ca) {
        $args['extracerts'] = openssl_x509_read(base64_decode($ca['crt']));
    }
Ad Schellevis's avatar
Ad Schellevis committed
219

220 221
    $res_crt = openssl_x509_read(base64_decode($a_cert[$id]['crt']));
    $res_key = openssl_pkey_get_private(array(0 => base64_decode($a_cert[$id]['prv']) , 1 => ""));
Ad Schellevis's avatar
Ad Schellevis committed
222

223 224 225
    $exp_data = "";
    openssl_pkcs12_export($res_crt, $exp_data, $res_key, null, $args);
    $exp_size = strlen($exp_data);
Ad Schellevis's avatar
Ad Schellevis committed
226

227 228 229 230 231
    header("Content-Type: application/octet-stream");
    header("Content-Disposition: attachment; filename={$exp_name}");
    header("Content-Length: $exp_size");
    echo $exp_data;
    exit;
Ad Schellevis's avatar
Ad Schellevis committed
232 233 234
}

if ($act == "csr") {
235 236 237 238
    if (!$a_cert[$id]) {
        redirectHeader("system_certmanager.php");
        exit;
    }
Ad Schellevis's avatar
Ad Schellevis committed
239

240 241
    $pconfig['descr'] = $a_cert[$id]['descr'];
    $pconfig['csr'] = base64_decode($a_cert[$id]['csr']);
Ad Schellevis's avatar
Ad Schellevis committed
242 243 244
}

if ($_POST) {
245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328
    if ($_POST['save'] == gettext("Save")) {
        $input_errors = array();
        $pconfig = $_POST;

        /* input validation */
        if ($pconfig['method'] == "import") {
            $reqdfields = explode(
                " ",
                "descr cert key"
            );
            $reqdfieldsn = array(
                    gettext("Descriptive name"),
                    gettext("Certificate data"),
                    gettext("Key data"));
            if ($_POST['cert'] && (!strstr($_POST['cert'], "BEGIN CERTIFICATE") || !strstr($_POST['cert'], "END CERTIFICATE"))) {
                $input_errors[] = gettext("This certificate does not appear to be valid.");
            }
        }

        if ($pconfig['method'] == "internal") {
            $reqdfields = explode(
                " ",
                "descr caref keylen lifetime dn_country dn_state dn_city ".
                "dn_organization dn_email dn_commonname"
            );
            $reqdfieldsn = array(
                    gettext("Descriptive name"),
                    gettext("Certificate authority"),
                    gettext("Key length"),
                    gettext("Lifetime"),
                    gettext("Distinguished name Country Code"),
                    gettext("Distinguished name State or Province"),
                    gettext("Distinguished name City"),
                    gettext("Distinguished name Organization"),
                    gettext("Distinguished name Email Address"),
                    gettext("Distinguished name Common Name"));
        }

        if ($pconfig['method'] == "external") {
            $reqdfields = explode(
                " ",
                "descr csr_keylen csr_dn_country csr_dn_state csr_dn_city ".
                "csr_dn_organization csr_dn_email csr_dn_commonname"
            );
            $reqdfieldsn = array(
                    gettext("Descriptive name"),
                    gettext("Key length"),
                    gettext("Distinguished name Country Code"),
                    gettext("Distinguished name State or Province"),
                    gettext("Distinguished name City"),
                    gettext("Distinguished name Organization"),
                    gettext("Distinguished name Email Address"),
                    gettext("Distinguished name Common Name"));
        }

        if ($pconfig['method'] == "existing") {
            $reqdfields = array("certref");
            $reqdfieldsn = array(gettext("Existing Certificate Choice"));
        }

        $altnames = array();
        do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors);
        if ($pconfig['method'] != "import" && $pconfig['method'] != "existing") {
            /* subjectAltNames */
            foreach ($_POST as $key => $value) {
                $entry = '';
                if (!substr_compare('altname_type', $key, 0, 12)) {
                    $entry = substr($key, 12);
                    $field = 'type';
                } elseif (!substr_compare('altname_value', $key, 0, 13)) {
                    $entry = substr($key, 13);
                    $field = 'value';
                }
                if (ctype_digit($entry)) {
                    $altnames[$entry][$field] = $value;
                }
            }
            $pconfig['altnames']['item'] = $altnames;

            /* Input validation for subjectAltNames */
            foreach ($altnames as $idx => $altname) {
                switch ($altname['type']) {
                    case "DNS":
                        if (!is_hostname($altname['value'])) {
329
                            $input_errors[] = gettext("DNS subjectAltName values must be valid hostnames or FQDNs");
330 331 332 333
                        }
                        break;
                    case "IP":
                        if (!is_ipaddr($altname['value'])) {
334
                            $input_errors[] = gettext("IP subjectAltName values must be valid IP Addresses");
335 336 337 338
                        }
                        break;
                    case "email":
                        if (empty($altname['value'])) {
339
                            $input_errors[] = gettext("You must provide an e-mail address for this type of subjectAltName");
340 341
                        }
                        if (preg_match("/[\!\#\$\%\^\(\)\~\?\>\<\&\/\\\,\"\']/", $altname['value'])) {
342
                            $input_errors[] = gettext("The e-mail provided in a subjectAltName contains invalid characters.");
343 344 345 346 347
                        }
                        break;
                    case "URI":
                        /* Close enough? */
                        if (!is_URL($altname['value'])) {
348
                            $input_errors[] = gettext("URI subjectAltName types must be a valid URI");
349 350 351
                        }
                        break;
                    default:
352
                        $input_errors[] = gettext("Unrecognized subjectAltName type.");
353 354 355 356 357 358 359 360
                }
            }

            /* Make sure we do not have invalid characters in the fields for the certificate */
            for ($i = 0; $i < count($reqdfields); $i++) {
                if (preg_match('/email/', $reqdfields[$i])) {
/* dn_email or csr_dn_name */
                    if (preg_match("/[\!\#\$\%\^\(\)\~\?\>\<\&\/\\\,\"\']/", $_POST[$reqdfields[$i]])) {
361
                        $input_errors[] = gettext("The field 'Distinguished name Email Address' contains invalid characters.");
362 363 364 365
                    }
                } elseif (preg_match('/commonname/', $reqdfields[$i])) {
/* dn_commonname or csr_dn_commonname */
                    if (preg_match("/[\!\@\#\$\%\^\(\)\~\?\>\<\&\/\\\,\"\']/", $_POST[$reqdfields[$i]])) {
366
                        $input_errors[] = gettext("The field 'Distinguished name Common Name' contains invalid characters.");
367 368
                    }
                } elseif (($reqdfields[$i] != "descr") && preg_match("/[\!\@\#\$\%\^\(\)\~\?\>\<\&\/\\\,\.\"\']/", $_POST[$reqdfields[$i]])) {
369
                    $input_errors[] = sprintf(gettext("The field '%s' contains invalid characters."), $reqdfieldsn[$i]);
370 371 372 373
                }
            }

            if (($pconfig['method'] != "external") && isset($_POST["keylen"]) && !in_array($_POST["keylen"], $cert_keylens)) {
374
                $input_errors[] = gettext("Please select a valid Key Length.");
375 376
            }
            if (($pconfig['method'] != "external") && !in_array($_POST["digest_alg"], $openssl_digest_algs)) {
377
                $input_errors[] = gettext("Please select a valid Digest Algorithm.");
378 379 380
            }

            if (($pconfig['method'] == "external") && isset($_POST["csr_keylen"]) && !in_array($_POST["csr_keylen"], $cert_keylens)) {
381
                $input_errors[] = gettext("Please select a valid Key Length.");
382 383
            }
            if (($pconfig['method'] == "external") && !in_array($_POST["csr_digest_alg"], $openssl_digest_algs)) {
384
                $input_errors[] = gettext("Please select a valid Digest Algorithm.");
385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438
            }
        }

        /* if this is an AJAX caller then handle via JSON */
        if (isAjax() && is_array($input_errors)) {
            input_errors2Ajax($input_errors);
            exit;
        }

        /* save modifications */
        if (!$input_errors) {
            if ($pconfig['method'] == "existing") {
                $cert = lookup_cert($pconfig['certref']);
                if ($cert && $a_user) {
                    $a_user[$userid]['cert'][] = $cert['refid'];
                }
            } else {
                $cert = array();
                $cert['refid'] = uniqid();
                if (isset($id) && $a_cert[$id]) {
                    $cert = $a_cert[$id];
                }

                $cert['descr'] = $pconfig['descr'];

                $old_err_level = error_reporting(0); /* otherwise openssl_ functions throw warings directly to a page screwing menu tab */

                if ($pconfig['method'] == "import") {
                    cert_import($cert, $pconfig['cert'], $pconfig['key']);
                }

                if ($pconfig['method'] == "internal") {
                    $dn = array(
                        'countryName' => $pconfig['dn_country'],
                        'stateOrProvinceName' => $pconfig['dn_state'],
                        'localityName' => $pconfig['dn_city'],
                        'organizationName' => $pconfig['dn_organization'],
                        'emailAddress' => $pconfig['dn_email'],
                        'commonName' => $pconfig['dn_commonname']);
                    if (count($altnames)) {
                        $altnames_tmp = "";
                        foreach ($altnames as $altname) {
                            $altnames_tmp[] = "{$altname['type']}:{$altname['value']}";
                        }
                        $dn['subjectAltName'] = implode(",", $altnames_tmp);
                    }
                    if (!cert_create(
                        $cert,
                        $pconfig['caref'],
                        $pconfig['keylen'],
                        $pconfig['lifetime'],
                        $dn,
                        $pconfig['digest_alg']
                    )) {
439
                        $input_errors = array();
440
                        while ($ssl_err = openssl_error_string()) {
441
                            $input_errors[] = gettext("openssl library returns:") . " " . $ssl_err;
442 443 444 445 446 447 448 449 450 451 452 453 454 455 456 457 458 459 460 461
                        }
                    }
                }

                if ($pconfig['method'] == "external") {
                    $dn = array(
                        'countryName' => $pconfig['csr_dn_country'],
                        'stateOrProvinceName' => $pconfig['csr_dn_state'],
                        'localityName' => $pconfig['csr_dn_city'],
                        'organizationName' => $pconfig['csr_dn_organization'],
                        'emailAddress' => $pconfig['csr_dn_email'],
                        'commonName' => $pconfig['csr_dn_commonname']);
                    if (count($altnames)) {
                        $altnames_tmp = "";
                        foreach ($altnames as $altname) {
                            $altnames_tmp[] = "{$altname['type']}:{$altname['value']}";
                        }
                        $dn['subjectAltName'] = implode(",", $altnames_tmp);
                    }
                    if (!csr_generate($cert, $pconfig['csr_keylen'], $dn, $pconfig['csr_digest_alg'])) {
462
                        $input_errors = array();
463
                        while ($ssl_err = openssl_error_string()) {
464
                            $input_errors[] = gettext("openssl library returns:") . " " . $ssl_err;
465 466 467 468 469 470 471 472 473 474 475 476 477 478 479 480 481 482 483
                        }
                    }
                }
                error_reporting($old_err_level);

                if (isset($id) && $a_cert[$id]) {
                    $a_cert[$id] = $cert;
                } else {
                    $a_cert[] = $cert;
                }
                if (isset($a_user) && isset($userid)) {
                    $a_user[$userid]['cert'][] = $cert['refid'];
                }
            }

            if (!$input_errors) {
                write_config();
            }

484
            if (isset($userid)) {
485
                redirectHeader("system_usermanager.php?act=edit&userid=".$userid);
486 487 488 489
                exit;
            }
        }
    }
Ad Schellevis's avatar
Ad Schellevis committed
490

491 492 493
    if ($_POST['save'] == gettext("Update")) {
        unset($input_errors);
        $pconfig = $_POST;
Ad Schellevis's avatar
Ad Schellevis committed
494

495 496 497 498 499
        /* input validation */
        $reqdfields = explode(" ", "descr cert");
        $reqdfieldsn = array(
            gettext("Descriptive name"),
            gettext("Final Certificate data"));
Ad Schellevis's avatar
Ad Schellevis committed
500

501
        do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors);
Ad Schellevis's avatar
Ad Schellevis committed
502 503

//		old way
504
        /* make sure this csr and certificate subjects match */
Ad Schellevis's avatar
Ad Schellevis committed
505 506 507 508 509 510 511 512 513
//		$subj_csr = csr_get_subject($pconfig['csr'], false);
//		$subj_cert = cert_get_subject($pconfig['cert'], false);
//
//		if ( !isset($_POST['ignoresubjectmismatch']) && !($_POST['ignoresubjectmismatch'] == "yes") ) {
//			if (strcmp($subj_csr,$subj_cert)) {
//				$input_errors[] = sprintf(gettext("The certificate subject '%s' does not match the signing request subject."),$subj_cert);
//				$subject_mismatch = true;
//			}
//		}
514 515
        $mod_csr  =  csr_get_modulus($pconfig['csr'], false);
        $mod_cert = cert_get_modulus($pconfig['cert'], false);
Ad Schellevis's avatar
Ad Schellevis committed
516

517 518
        if (strcmp($mod_csr, $mod_cert)) {
            // simply: if the moduli don't match, then the private key and public key won't match
519
            $input_errors[] = gettext("The certificate modulus does not match the signing request modulus.");
520 521
            $subject_mismatch = true;
        }
Ad Schellevis's avatar
Ad Schellevis committed
522

523 524 525 526 527
        /* if this is an AJAX caller then handle via JSON */
        if (isAjax() && is_array($input_errors)) {
            input_errors2Ajax($input_errors);
            exit;
        }
Ad Schellevis's avatar
Ad Schellevis committed
528

529 530 531
        /* save modifications */
        if (!$input_errors) {
            $cert = $a_cert[$id];
Ad Schellevis's avatar
Ad Schellevis committed
532

533
            $cert['descr'] = $pconfig['descr'];
Ad Schellevis's avatar
Ad Schellevis committed
534

535
            csr_complete($cert, $pconfig['cert']);
Ad Schellevis's avatar
Ad Schellevis committed
536

537
            $a_cert[$id] = $cert;
Ad Schellevis's avatar
Ad Schellevis committed
538

539
            write_config();
Ad Schellevis's avatar
Ad Schellevis committed
540

541 542 543
            redirectHeader("system_certmanager.php");
        }
    }
Ad Schellevis's avatar
Ad Schellevis committed
544 545 546
}

include("head.inc");
Ad Schellevis's avatar
Ad Schellevis committed
547 548

$main_buttons = array(
549
    array('label'=>gettext("add or import certificate"), 'href'=>'system_certmanager.php?act=new'),
Ad Schellevis's avatar
Ad Schellevis committed
550 551 552 553
);



Ad Schellevis's avatar
Ad Schellevis committed
554 555
?>

556
<body>
Ad Schellevis's avatar
Ad Schellevis committed
557 558 559 560 561 562 563
<?php include("fbegin.inc"); ?>
<script type="text/javascript">
//<![CDATA[

function method_change() {

<?php
564 565 566 567 568
if ($internal_ca_count) {
    $submit_style = "";
} else {
    $submit_style = "none";
}
Ad Schellevis's avatar
Ad Schellevis committed
569 570 571 572 573 574 575 576 577 578 579 580 581 582 583 584 585 586 587 588 589 590 591 592 593 594 595 596 597 598 599 600 601 602 603 604 605 606 607 608
?>

	method = document.iform.method.selectedIndex;

	switch (method) {
		case 0:
			document.getElementById("import").style.display="";
			document.getElementById("internal").style.display="none";
			document.getElementById("external").style.display="none";
			document.getElementById("existing").style.display="none";
			document.getElementById("descriptivename").style.display="";
			document.getElementById("submit").style.display="";
			break;
		case 1:
			document.getElementById("import").style.display="none";
			document.getElementById("internal").style.display="";
			document.getElementById("external").style.display="none";
			document.getElementById("existing").style.display="none";
			document.getElementById("descriptivename").style.display="";
			document.getElementById("submit").style.display="<?=$submit_style;?>";
			break;
		case 2:
			document.getElementById("import").style.display="none";
			document.getElementById("internal").style.display="none";
			document.getElementById("external").style.display="";
			document.getElementById("existing").style.display="none";
			document.getElementById("descriptivename").style.display="";
			document.getElementById("submit").style.display="";
			break;
		case 3:
			document.getElementById("import").style.display="none";
			document.getElementById("internal").style.display="none";
			document.getElementById("external").style.display="none";
			document.getElementById("existing").style.display="";
			document.getElementById("descriptivename").style.display="none";
			document.getElementById("submit").style.display="";
			break;
	}
}

609 610
<?php if ($internal_ca_count) :
?>
Ad Schellevis's avatar
Ad Schellevis committed
611 612 613 614 615 616 617
function internalca_change() {

	index = document.iform.caref.selectedIndex;
	caref = document.iform.caref[index].value;

	switch (caref) {
<?php
618 619 620 621 622
foreach ($a_ca as $ca) :
    if (!$ca['prv']) {
        continue;
    }
    $subject = cert_get_subject_array($ca['crt']);
Ad Schellevis's avatar
Ad Schellevis committed
623
?>
624 625 626 627 628 629 630 631 632
case "<?=$ca['refid'];?>":
    document.iform.dn_country.value = "<?=$subject[0]['v'];?>";
    document.iform.dn_state.value = "<?=$subject[1]['v'];?>";
    document.iform.dn_city.value = "<?=$subject[2]['v'];?>";
    document.iform.dn_organization.value = "<?=$subject[3]['v'];?>";
    document.iform.dn_email.value = "<?=$subject[4]['v'];?>";
    break;
<?php
endforeach; ?>
Ad Schellevis's avatar
Ad Schellevis committed
633 634
	}
}
635 636
<?php
endif; ?>
Ad Schellevis's avatar
Ad Schellevis committed
637 638 639 640 641 642 643 644 645 646 647 648 649 650 651 652

//]]>
</script>
<script type="text/javascript" src="/javascript/row_helper_dynamic.js"></script>
<input type='hidden' name='altname_value_type' value='select' />
<input type='hidden' name='altname_type_type' value='textbox' />
<script type="text/javascript">
//<![CDATA[
	rowname[0] = "altname_type";
	rowtype[0] = "textbox";
	rowsize[0] = "10";
	rowname[1] = "altname_value";
	rowtype[1] = "textbox";
	rowsize[1] = "30";
//]]>
</script>
653 654 655 656

<!-- row -->
<section class="page-content-main">
	<div class="container-fluid">
657

658 659
        <div class="row">
            <?php
660
            if (isset($input_errors) && count($input_errors) > 0) {
661 662
                print_input_errors($input_errors);
            }
663
            if (isset($savemsg)) {
664 665
                print_info_box($savemsg);
            }
666 667
            ?>
            <section class="col-xs-12">
668
                <div class="content-box tab-content table-responsive">
Ad Schellevis's avatar
Ad Schellevis committed
669

670
					<?php if ($act == "new" || ((isset($_POST['save']) && $_POST['save'] == gettext("Save")) && $input_errors)) :
671
?>
672 673 674

					<form action="system_certmanager.php" method="post" name="iform" id="iform" >
						<table width="100%" border="0" cellpadding="6" cellspacing="0" summary="main area" class="table table-striped">
675 676
							<?php if (!isset($id)) :
?>
677 678 679 680 681
							<tr>
								<td width="22%" valign="top" class="vncellreq"><?=gettext("Method");?></td>
								<td width="78%" class="vtable">
									<select name='method' id='method' class="formselect" onchange='method_change()'>
									<?php
682 683 684 685 686 687 688 689 690 691 692
                                    foreach ($cert_methods as $method => $desc) :
                                        $selected = "";
                                        if ($pconfig['method'] == $method) {
                                            $selected = " selected=\"selected\"";
                                        }
                                    ?>
                                    <option value="<?=$method;
?>"<?=$selected;
?>><?=$desc;?></option>
									<?php
                                    endforeach; ?>
693 694 695
									</select>
								</td>
							</tr>
696 697
							<?php
endif; ?>
698
							<tr id="descriptivename">
Ad Schellevis's avatar
Ad Schellevis committed
699
								<?php
700
                                if (isset($a_user) && empty($pconfig['descr'])) {
701 702 703
                                    $pconfig['descr'] = $a_user[$userid]['name'];
                                }
                                ?>
704 705
								<td width="22%" valign="top" class="vncellreq"><?=gettext("Descriptive name");?></td>
								<td width="78%" class="vtable">
706
									<input name="descr" type="text" class="formfld unknown" id="descr" size="20" value="<?php if(isset($pconfig['descr'])) echo htmlspecialchars($pconfig['descr']);?>"/>
707 708 709
								</td>
							</tr>
						</table>
Ad Schellevis's avatar
Ad Schellevis committed
710

711
						<table width="100%" border="0" cellpadding="6" cellspacing="0" id="import" summary="import" class="table table-striped">
712
						<thead>
713 714 715
							<tr>
								<th colspan="2" valign="top" class="listtopic"><?=gettext("Import Certificate");?></th>
							</tr>
716
						</thead>
717

718 719 720 721
	                        <tbody>
							<tr>
								<td width="22%" valign="top" class="vncellreq"><?=gettext("Certificate data");?></td>
								<td width="78%" class="vtable">
722
									<textarea name="cert" id="cert" cols="65" rows="7" class="formfld_cert"><?php if(isset($pconfig['cert'])) echo htmlspecialchars($pconfig['cert']);?></textarea>
723 724 725 726 727 728 729
									<br />
									<?=gettext("Paste a certificate in X.509 PEM format here.");?>
								</td>
							</tr>
							<tr>
								<td width="22%" valign="top" class="vncellreq"><?=gettext("Private key data");?></td>
								<td width="78%" class="vtable">
730
									<textarea name="key" id="key" cols="65" rows="7" class="formfld_cert"><?php  if(isset($pconfig['key'])) echo htmlspecialchars($pconfig['key']);?></textarea>
731 732 733 734 735 736
									<br />
									<?=gettext("Paste a private key in X.509 PEM format here.");?>
								</td>
							</tr>
	                        </tbody>
						</table>
Ad Schellevis's avatar
Ad Schellevis committed
737

738 739 740 741 742 743 744 745
						<table width="100%" border="0" cellpadding="6" cellspacing="0" id="internal" summary="internal" class="table table-striped">
							<thead>
							<tr>
								<th colspan="2" valign="top" class="listtopic"><?=gettext("Internal Certificate");?></th>
							</tr>
							</thead>

	                        <tbody>
746 747
							<?php if (!$internal_ca_count) :
?>
748 749 750 751 752 753 754 755 756

							<tr>
								<td colspan="2" align="center" class="vtable">
									<?=gettext("No internal Certificate Authorities have been defined. You must");?>
									<a href="system_camanager.php?act=new&amp;method=internal"><?=gettext("create");?></a>
									<?=gettext("an internal CA before creating an internal certificate.");?>
								</td>
							</tr>

757 758 759
							<?php
else :
?>
760 761 762 763 764 765

							<tr>
								<td width="22%" valign="top" class="vncellreq"><?=gettext("Certificate authority");?></td>
								<td width="78%" class="vtable">
									<select name='caref' id='caref' class="formselect" onchange='internalca_change()'>
									<?php
766 767 768 769 770
                                    foreach ($a_ca as $ca) :
                                        if (!$ca['prv']) {
                                            continue;
                                        }
                                        $selected = "";
771
                                        if (isset($pconfig['caref']) && isset($ca['refid']) && $pconfig['caref'] == $ca['refid']) {
772 773 774 775 776 777 778 779
                                            $selected = " selected=\"selected\"";
                                        }
                                    ?>
                                    <option value="<?=$ca['refid'];
?>"<?=$selected;
?>><?=$ca['descr'];?></option>
									<?php
                                    endforeach; ?>
780 781 782 783 784 785 786 787
									</select>
								</td>
							</tr>
							<tr>
								<td width="22%" valign="top" class="vncellreq"><?=gettext("Key length");?></td>
								<td width="78%" class="vtable">
									<select name='keylen' class="formselect">
									<?php
788 789 790 791 792 793 794 795 796 797 798
                                    foreach ($cert_keylens as $len) :
                                        $selected = "";
                                        if ($pconfig['keylen'] == $len) {
                                            $selected = " selected=\"selected\"";
                                        }
                                    ?>
                                    <option value="<?=$len;
?>"<?=$selected;
?>><?=$len;?></option>
									<?php
                                    endforeach; ?>
799 800 801 802 803 804 805 806 807
									</select>
									<?=gettext("bits");?>
								</td>
							</tr>
							<tr>
								<td width="22%" valign="top" class="vncellreq"><?=gettext("Digest Algorithm");?></td>
								<td width="78%" class="vtable">
									<select name='digest_alg' id='digest_alg' class="formselect">
									<?php
808 809 810 811 812 813 814 815 816 817 818
                                    foreach ($openssl_digest_algs as $digest_alg) :
                                        $selected = "";
                                        if ($pconfig['digest_alg'] == $digest_alg) {
                                            $selected = " selected=\"selected\"";
                                        }
                                    ?>
                                    <option value="<?=$digest_alg;
?>"<?=$selected;
?>><?=strtoupper($digest_alg);?></option>
									<?php
                                    endforeach; ?>
819 820 821 822 823 824 825 826 827 828 829 830 831 832 833 834 835 836
									</select>
									<br /><?= gettext("NOTE: It is recommended to use an algorithm stronger than SHA1 when possible.") ?>
								</td>
							</tr>
							<tr>
								<td width="22%" valign="top" class="vncellreq"><?=gettext("Lifetime");?></td>
								<td width="78%" class="vtable">
									<input name="lifetime" type="text" class="formfld unknown" id="lifetime" size="5" value="<?=htmlspecialchars($pconfig['lifetime']);?>"/>
									<?=gettext("days");?>
								</td>
							</tr>
							<tr>
								<td width="22%" valign="top" class="vncellreq"><?=gettext("Distinguished name");?></td>
								<td width="78%" class="vtable">
									<table border="0" cellspacing="0" cellpadding="2" summary="name">
										<tr>
											<td align="right"><?=gettext("Country Code");?> : &nbsp;</td>
											<td align="left">
837
												<input name="dn_country" type="text" class="formfld unknown" maxlength="2" size="2" value="<?php if (isset($pconfig['dn_country'])) echo htmlspecialchars($pconfig['dn_country']);?>"/>
838 839 840 841 842
											</td>
										</tr>
										<tr>
											<td align="right"><?=gettext("State or Province");?> : &nbsp;</td>
											<td align="left">
843
												<input name="dn_state" type="text" class="formfld unknown" size="40" value="<?php if (isset($pconfig['dn_state'])) echo htmlspecialchars($pconfig['dn_state']);?>"/>
844 845 846 847 848
											</td>
										</tr>
										<tr>
											<td align="right"><?=gettext("City");?> : &nbsp;</td>
											<td align="left">
849
												<input name="dn_city" type="text" class="formfld unknown" size="40" value="<?php if (isset($pconfig['dn_city'])) echo htmlspecialchars($pconfig['dn_city']);?>"/>
850 851 852 853 854
											</td>
										</tr>
										<tr>
											<td align="right"><?=gettext("Organization");?> : &nbsp;</td>
											<td align="left">
855
												<input name="dn_organization" type="text" class="formfld unknown" size="40" value="<?php if (isset($pconfig['dn_organization'])) echo htmlspecialchars($pconfig['dn_organization']);?>"/>
856 857 858 859 860
											</td>
										</tr>
										<tr>
											<td align="right"><?=gettext("Email Address");?> : &nbsp;</td>
											<td align="left">
861
												<input name="dn_email" type="text" class="formfld unknown" size="25" value="<?php if (isset($pconfig['dn_email'])) echo htmlspecialchars($pconfig['dn_email']);?>"/>
862 863 864 865 866 867 868 869 870 871
												&nbsp;
												<em>ex:</em>
												&nbsp;
												<?=gettext("webadmin@mycompany.com");?>
											</td>
										</tr>
										<tr>
											<td align="right"><?=gettext("Common Name");?> : &nbsp;</td>
											<td align="left">
												<?php
872
                                                if (isset($a_user) && empty($pconfig['dn_commonname'])) {
873 874 875
                                                    $pconfig['dn_commonname'] = $a_user[$userid]['name'];
                                                }
                                                ?>
876
												<input name="dn_commonname" type="text" class="formfld unknown" size="25" value="<?php if (isset($pconfig['dn_commonname'])) htmlspecialchars($pconfig['dn_commonname']);?>"/>
877 878 879 880 881 882 883 884 885 886 887 888 889 890 891 892 893 894
												&nbsp;
												<em>ex:</em>
												&nbsp;
												<?=gettext("www.example.com");?>
											</td>
										</tr>
										<tr>
											<td align="right"><?=gettext("Alternative Names");?> : &nbsp;</td>
											<td align="left">
												<table id="altNametable">
												<thead>
												<tr>
													<th><div id="onecolumn"><?=gettext("Type");?></div></th>
													<th><div id="twocolumn"><?=gettext("Value");?></div></th>
												</tr>
												</thead>
												<tbody>
												<?php
895
                                                    $counter = 0;
896
                                                if (isset($pconfig['altnames']['item'])) :
897 898 899 900
                                                    foreach ($pconfig['altnames']['item'] as $item) :
                                                        $type = $item['type'];
                                                        $value = $item['value'];
                                                ?>
901 902
												<tr>
													<td>
903 904
													<input autocomplete="off" name="altname_type<?php echo $counter; ?>" type="text" class="formfld unknown" id="altname_type<?php echo $counter;
?>" size="20" value="<?=htmlspecialchars($type);?>" />
905 906
													</td>
													<td>
907 908
													<input autocomplete="off" name="altname_value<?php echo $counter; ?>" type="text" class="formfld unknown" id="altname_value<?php echo $counter;
?>" size="20" value="<?=htmlspecialchars($value);?>" />
909 910 911 912 913 914
													</td>
													<td>
													<a onclick="removeRow(this); return false;" href="#" title="<?=gettext("remove this entry"); ?>" class="btn btn-default btn-xs"><span class="glyphicon glyphicon-remove"></span></a>
													</td>
												</tr>
												<?php
915 916 917 918
                                                        $counter++;
                                                    endforeach;
                                                endif;
                                                ?>
919 920 921 922 923 924 925 926 927 928 929 930 931 932 933 934 935 936 937
												<tr><td>&nbsp;</td></tr>
												</tbody>
												</table>
												<a onclick="javascript:addRowTo('altNametable', 'formfldalias'); return false;" href="#" title="<?=gettext("add another entry");?>"  class="btn btn-default btn-xs"><span class="glyphicon glyphicon-plus"></span></a>
												<script type="text/javascript">
												//<![CDATA[
													field_counter_js = 3;
													rows = 1;
													totalrows = <?php echo $counter; ?>;
													loaded = <?php echo $counter; ?>;
												//]]>
												</script>
												<br />NOTE: Type must be one of DNS (FQDN or Hostname), IP (IP address), URI, or email.
											</td>
										</tr>
									</table>
								</td>
							</tr>
	                    </tbody>
Ad Schellevis's avatar
Ad Schellevis committed
938

939 940
						<?php
endif; ?>
Ad Schellevis's avatar
Ad Schellevis committed
941

942
						</table>
Ad Schellevis's avatar
Ad Schellevis committed
943

944 945 946 947 948 949 950 951 952 953 954 955
						<table width="100%" border="0" cellpadding="6" cellspacing="0" id="external" summary="external" class="table table-striped">
							<thead>
							<tr>
								<td colspan="2" valign="top" class="listtopic"><?=gettext("External Signing Request");?></td>
							</tr>
							</thead>
							<tbody>
							<tr>
								<td width="22%" valign="top" class="vncellreq"><?=gettext("Key length");?></td>
								<td width="78%" class="vtable">
									<select name='csr_keylen' class="formselect">
									<?php
956 957 958 959 960 961 962 963 964 965 966 967 968 969
                                    if (!isset($pconfig['csr_keylen']) && isset($pconfig['csr_keylen'])) {
                                        $pconfig['csr_keylen'] = $pconfig['csr_keylen'];
                                    }
                                    foreach ($cert_keylens as $len) :
                                        $selected = "";
                                        if ($pconfig['csr_keylen'] == $len) {
                                            $selected = " selected=\"selected\"";
                                        }
                                    ?>
                                    <option value="<?=$len;
?>"<?=$selected;
?>><?=$len;?></option>
									<?php
                                    endforeach; ?>
970 971 972 973 974 975 976 977 978
									</select>
									bits
								</td>
							</tr>
							<tr>
								<td width="22%" valign="top" class="vncellreq"><?=gettext("Digest Algorithm");?></td>
								<td width="78%" class="vtable">
									<select name='csr_digest_alg' id='csr_digest_alg' class="formselect">
									<?php
979 980 981 982 983 984 985 986 987 988 989
                                    foreach ($openssl_digest_algs as $csr_digest_alg) :
                                        $selected = "";
                                        if ($pconfig['csr_digest_alg'] == $csr_digest_alg) {
                                            $selected = " selected=\"selected\"";
                                        }
                                    ?>
                                    <option value="<?=$csr_digest_alg;
?>"<?=$selected;
?>><?=strtoupper($csr_digest_alg);?></option>
									<?php
                                    endforeach; ?>
990 991 992 993 994 995 996 997 998 999 1000 1001 1002
									</select>
									<br /><?= gettext("NOTE: It is recommended to use an algorithm stronger than SHA1 when possible.") ?>
								</td>
							</tr>
							<tr>
								<td width="22%" valign="top" class="vncellreq"><?=gettext("Distinguished name");?></td>
								<td width="78%" class="vtable">
									<table border="0" cellspacing="0" cellpadding="2" summary="name">
										<tr>
											<td align="right"><?=gettext("Country Code");?> : &nbsp;</td>
											<td align="left">
												<select name='csr_dn_country' class="formselect">
												<?php
1003 1004 1005
                                                $dn_cc = get_country_codes();
                                                foreach ($dn_cc as $cc => $cn) {
                                                    $selected = '';
1006
                                                    if (isset($pconfig['csr_dn_country']) && $pconfig['csr_dn_country'] == $cc) {
1007
                                                        $selected = ' selected="selected"';
1008
                                                    }
1009
                                                    print "<option value=\"$cc\"$selected>$cc ($cn)</option>";
1010 1011
                                                }
                                                ?>
1012 1013 1014 1015 1016 1017
												</select>
											</td>
										</tr>
										<tr>
											<td align="right"><?=gettext("State or Province");?> : &nbsp;</td>
											<td align="left">
1018
												<input name="csr_dn_state" type="text" class="formfld unknown" size="40" value="<?php if (isset($pconfig['csr_dn_state'])) echo htmlspecialchars($pconfig['csr_dn_state']);?>" />
1019 1020 1021
												&nbsp;
												<em>ex:</em>
												&nbsp;
1022
												<?=gettext("Sachsen");?>
1023 1024 1025 1026 1027
											</td>
										</tr>
										<tr>
											<td align="right"><?=gettext("City");?> : &nbsp;</td>
											<td align="left">
1028
												<input name="csr_dn_city" type="text" class="formfld unknown" size="40" value="<?php if (isset($pconfig['csr_dn_city'])) echo htmlspecialchars($pconfig['csr_dn_city']);?>" />
1029 1030 1031
												&nbsp;
												<em>ex:</em>
												&nbsp;
1032
												<?=gettext("Leipzig");?>
1033 1034 1035 1036 1037
											</td>
										</tr>
										<tr>
											<td align="right"><?=gettext("Organization");?> : &nbsp;</td>
											<td align="left">
1038
												<input name="csr_dn_organization" type="text" class="formfld unknown" size="40" value="<?php if (isset($pconfig['csr_dn_organization'])) echo htmlspecialchars($pconfig['csr_dn_organization']);?>" />
1039 1040 1041 1042 1043 1044 1045 1046 1047
												&nbsp;
												<em>ex:</em>
												&nbsp;
												<?=gettext("My Company Inc.");?>
											</td>
										</tr>
										<tr>
											<td align="right"><?=gettext("Email Address");?> : &nbsp;</td>
											<td align="left">
1048
												<input name="csr_dn_email" type="text" class="formfld unknown" size="25" value="<?php if (isset($pconfig['csr_dn_email'])) echo htmlspecialchars($pconfig['csr_dn_email']);?>"/>
1049 1050 1051 1052 1053 1054 1055 1056 1057
												&nbsp;
												<em>ex:</em>
												&nbsp;
												<?=gettext("webadmin@mycompany.com");?>
											</td>
										</tr>
										<tr>
											<td align="right"><?=gettext("Common Name");?> : &nbsp;</td>
											<td align="left">
1058
												<input name="csr_dn_commonname" type="text" class="formfld unknown" size="25" value="<?php if(isset($pconfig['csr_dn_commonname'])) echo htmlspecialchars($pconfig['csr_dn_commonname']);?>"/>
1059 1060 1061 1062 1063 1064 1065 1066 1067 1068 1069
												&nbsp;
												<em>ex:</em>
												&nbsp;
												<?=gettext("www.example.com");?>
											</td>
										</tr>
									</table>
								</td>
							</tr>
							</tbody>
						</table>
Ad Schellevis's avatar
Ad Schellevis committed
1070

1071 1072 1073 1074 1075 1076 1077 1078 1079 1080
						<table width="100%" border="0" cellpadding="6" cellspacing="0" id="existing" summary="existing" class="table table-striped">
							<thead>
							<tr>
								<th colspan="2" valign="top" class="listtopic"><?=gettext("Choose an Existing Certificate");?></th>
							</tr>
							</thead>
							<tbody>
							<tr>
								<td width="22%" valign="top" class="vncellreq"><?=gettext("Existing Certificates");?></td>
								<td width="78%" class="vtable">
1081 1082
									<?php if (isset($userid) && $a_user) :
?>
1083
									<input name="userid" type="hidden" value="<?=htmlspecialchars($userid);?>" />
1084 1085
									<?php
endif;?>
1086 1087
									<select name='certref' class="formselect">
									<?php
1088 1089 1090 1091 1092
                                    foreach ($config['cert'] as $cert) :
                                        $selected = "";
                                        $caname = "";
                                        $inuse = "";
                                        $revoked = "";
1093 1094
                                        $usercert = isset($config['system']['user'][$userid]['cert']) ? $config['system']['user'][$userid]['cert'] : array();
                                        if (isset($userid) && in_array($cert['refid'], $usercert)) {
1095 1096
                                            continue;
                                        }
1097 1098
                                        if (isset($cert['caref'])) {
	                                        $ca = lookup_ca($cert['caref']);
1099 1100 1101
		                                if ($ca) {
			                            $caname = " (CA: {$ca['descr']})";
				                }
1102 1103 1104 1105
					} else {
						$ca = null;
					}
                                        if (isset($pconfig['certref']) && isset($cert['refid']) && $pconfig['certref'] == $cert['refid']) {
1106 1107
                                            $selected = " selected=\"selected\"";
                                        }
1108
                                        if (isset($cert['refid']) && cert_in_use($cert['refid'])) {
1109 1110 1111 1112 1113 1114 1115 1116 1117 1118 1119
                                            $inuse = " *In Use";
                                        }
                                        if (is_cert_revoked($cert)) {
                                            $revoked = " *Revoked";
                                        }
                                    ?>
                                    <option value="<?=$cert['refid'];
?>"<?=$selected;
?>><?=$cert['descr'] . $caname . $inuse . $revoked;?></option>
									<?php
                                    endforeach; ?>
1120 1121 1122 1123 1124
									</select>
								</td>
							</tr>
							</tbody>
						</table>
Ad Schellevis's avatar
Ad Schellevis committed
1125

1126 1127 1128 1129 1130
						<table width="100%" border="0" cellpadding="6" cellspacing="0" summary="save" class="table">
							<tr>
								<td width="22%" valign="top">&nbsp;</td>
								<td width="78%">
									<input id="submit" name="save" type="submit" class="btn btn-primary" value="<?=gettext("Save");?>" />
1131 1132
									<?php if (isset($id) && $a_cert[$id]) :
?>
1133
									<input name="id" type="hidden" value="<?=htmlspecialchars($id);?>" />
1134 1135
									<?php
endif;?>
1136 1137 1138 1139 1140
								</td>
							</tr>
						</table>
					</form>

1141
					<?php
1142
elseif ($act == "csr" || ((isset($_POST['save']) && $_POST['save'] == gettext("Update")) && $input_errors)) :
1143
?>
1144 1145

					<form action="system_certmanager.php" method="post" name="iform" id="iform">
1146
						<table width="100%" border="0" cellpadding="6" cellspacing="0" summary="name"  class="table table-striped">
1147 1148 1149 1150 1151 1152 1153 1154 1155 1156 1157 1158 1159 1160 1161 1162 1163 1164 1165 1166 1167 1168 1169 1170 1171 1172 1173 1174 1175 1176 1177 1178 1179 1180 1181 1182 1183 1184 1185 1186 1187
							<tr>
								<td width="22%" valign="top" class="vncellreq"><?=gettext("Descriptive name");?></td>
								<td width="78%" class="vtable">
									<input name="descr" type="text" class="formfld unknown" id="descr" size="20" value="<?=htmlspecialchars($pconfig['descr']);?>"/>
								</td>
							</tr>
							<tr>
								<td colspan="2" class="list" height="12"></td>
							</tr>
							<tr>
								<td colspan="2" valign="top" class="listtopic"><?=gettext("Complete Signing Request");?></td>
							</tr>

							<tr>
								<td width="22%" valign="top" class="vncellreq"><?=gettext("Signing request data");?></td>
								<td width="78%" class="vtable">
									<textarea name="csr" id="csr" cols="65" rows="7" class="formfld_cert" readonly="readonly"><?=htmlspecialchars($pconfig['csr']);?></textarea>
									<br />
									<?=gettext("Copy the certificate signing data from here and forward it to your certificate authority for signing.");?></td>
								</td>
							</tr>
							<tr>
								<td width="22%" valign="top" class="vncellreq"><?=gettext("Final certificate data");?></td>
								<td width="78%" class="vtable">
									<textarea name="cert" id="cert" cols="65" rows="7" class="formfld_cert"><?=htmlspecialchars($pconfig['cert']);?></textarea>
									<br />
									<?=gettext("Paste the certificate received from your certificate authority here.");?></td>
								</td>
							</tr>
							<tr>
								<td width="22%" valign="top">&nbsp;</td>
								<td width="78%">
									<?php /* if ( isset($subject_mismatch) && $subject_mismatch === true): ?>
									<input id="ignoresubjectmismatch" name="ignoresubjectmismatch" type="checkbox" class="formbtn" value="yes" />
									<label for="ignoresubjectmismatch"><strong><?=gettext("Ignore certificate subject mismatch"); ?></strong></label><br />
									<?php echo gettext("Warning: Using this option may create an " .
									"invalid certificate.  Check this box to disable the request -> " .
									"response subject verification. ");
									?><br />
									<?php endif; */ ?>
									<input id="submit" name="save" type="submit" class="btn btn-primary" value="<?=gettext("Update");?>" />
1188 1189
									<?php if (isset($id) && $a_cert[$id]) :
?>
1190 1191
									<input name="id" type="hidden" value="<?=htmlspecialchars($id);?>" />
									<input name="act" type="hidden" value="csr" />
1192 1193
									<?php
endif;?>
1194 1195 1196 1197 1198
								</td>
							</tr>
						</table>
					</form>

1199 1200 1201
					<?php
else :
?>
1202

1203
					<table summary="details"  class="table table-striped">
1204
						<thead>
1205
						<tr>
1206 1207 1208 1209
							<td width="15%" class="listhdrr"><?=gettext("Name");?></td>
							<td width="15%" class="listhdrr"><?=gettext("Issuer");?></td>
							<td width="40%" class="listhdrr"><?=gettext("Distinguished Name");?></td>
							<td width="10%" class="listhdrr"><?=gettext("In Use");?></td>
1210
						</tr>
1211 1212
						</thead>
						<tbody>
1213
						<?php
1214 1215 1216 1217 1218 1219 1220 1221 1222 1223 1224 1225 1226 1227 1228 1229 1230
                            $i = 0;
                        foreach ($a_cert as $cert) :
                            $name = htmlspecialchars($cert['descr']);

                            if ($cert['crt']) {
                                $subj = cert_get_subject($cert['crt']);
                                $issuer = cert_get_issuer($cert['crt']);
                                $purpose = cert_get_purpose($cert['crt']);
                                list($startdate, $enddate) = cert_get_dates($cert['crt']);
                                if ($subj==$issuer) {
                                    $caname = "<em>" . gettext("self-signed") . "</em>";
                                } else {
                                    $caname = "<em>" . gettext("external"). "</em>";
                                }
                                $subj = htmlspecialchars($subj);
                            }

1231
                            if (isset($cert['csr'])) {
1232 1233 1234
                                $subj = htmlspecialchars(csr_get_subject($cert['csr']));
                                $caname = "<em>" . gettext("external - signature pending") . "</em>";
                            }
1235 1236 1237 1238 1239 1240
                            if (isset($cert['caref'])) {
				$ca = lookup_ca($cert['caref']);
				if ($ca) {
					$caname = $ca['descr'];
				}
			}
1241 1242 1243

                            $certimg = '<span class="glyphicon glyphicon-certificate __iconspacer"></span>';
                        ?>
1244
						<tr>
1245 1246 1247 1248 1249 1250 1251 1252 1253 1254 1255 1256 1257
                        <td class="listlr">
                            <table summary="icon">
                                <tr>
                                    <td align="left" valign="middle">
                                        <?=$certimg;?>
                                    </td>
                                    <td align="left" valign="middle">
                                        <?=$name;?>
                                    </td>
                                </tr>
                                <tr><td>&nbsp;</td></tr>
                                <?php if (is_array($purpose)) :
?>
1258 1259 1260 1261
									<tr><td colspan="2">
										CA: <?php echo $purpose['ca']; ?>,
										Server: <?php echo $purpose['server']; ?>
									</td></tr>
1262 1263 1264
									<?php
endif; ?>
                            </table>
Ad Schellevis's avatar
Ad Schellevis committed
1265 1266 1267
						</td>
						<td class="listr"><?=$caname;?>&nbsp;</td>
						<td class="listr"><?=$subj;?>&nbsp;<br />
1268 1269 1270 1271 1272 1273 1274 1275 1276 1277 1278 1279
                        <table summary="valid">
                            <tr>
                                <td width="10%">&nbsp;</td>
                                <td width="20%"><?=gettext("Valid From")?>:</td>
                                <td width="70%"><?= $startdate ?></td>
                            </tr>
                            <tr>
                                <td>&nbsp;</td>
                                <td><?=gettext("Valid Until")?>:</td>
                                <td><?= $enddate ?></td>
                            </tr>
                        </table>
Ad Schellevis's avatar
Ad Schellevis committed
1280 1281
						</td>
						<td class="listr">
1282 1283
                        <?php if (is_cert_revoked($cert)) :
?>
Ad Schellevis's avatar
Ad Schellevis committed
1284
							<b>Revoked</b><br />
1285 1286 1287 1288
							<?php
endif; ?>
                        <?php if (is_webgui_cert($cert['refid'])) :
?>
Ad Schellevis's avatar
Ad Schellevis committed
1289
							webConfigurator<br />
1290 1291 1292 1293
							<?php
endif; ?>
                        <?php if (is_user_cert($cert['refid'])) :
?>
Ad Schellevis's avatar
Ad Schellevis committed
1294
							User Cert<br />
1295 1296 1297 1298
							<?php
endif; ?>
                        <?php if (is_openvpn_server_cert($cert['refid'])) :
?>
Ad Schellevis's avatar
Ad Schellevis committed
1299
							OpenVPN Server<br />
1300 1301 1302 1303
							<?php
endif; ?>
                        <?php if (is_openvpn_client_cert($cert['refid'])) :
?>
Ad Schellevis's avatar
Ad Schellevis committed
1304
							OpenVPN Client<br />
1305 1306 1307 1308
							<?php
endif; ?>
                        <?php if (is_ipsec_cert($cert['refid'])) :
?>
Ad Schellevis's avatar
Ad Schellevis committed
1309
							IPsec Tunnel<br />
1310 1311
							<?php
endif; ?>
1312 1313


1314 1315 1316 1317
                        <a href="system_certmanager.php?act=exp&amp;id=<?=$i;
?>" class="btn btn-default btn-xs" data-toggle="tooltip" data-placement="left" title="<?=gettext("export ca");?>">
                        <span class="glyphicon glyphicon-download"></span>
                        </a>
1318

1319 1320 1321 1322
                        <a href="system_certmanager.php?act=key&amp;id=<?=$i;
?>" class="btn btn-default btn-xs" data-toggle="tooltip" data-placement="left" title="<?=gettext("export key");?>">
                        <span class="glyphicon glyphicon-download"></span>
                        </a>
1323

1324 1325 1326 1327 1328 1329
                        <a href="system_certmanager.php?act=p12&amp;id=<?=$i;
?>" class="btn btn-default btn-xs" data-toggle="tooltip" data-placement="left" title="<?=gettext("export ca cert+user cert+user cert key in .p12 format");?>">
                            <span class="glyphicon glyphicon-download"></span>
                        </a>
						<?php if (!cert_in_use($cert['refid'])) :
?>
1330

1331 1332 1333
							<a href="system_certmanager.php?act=del&amp;id=<?=$i;
?>" class="btn btn-default btn-xs" onclick="return confirm('<?=gettext("Do you really want to delete this Certificate?");
?>')" data-toggle="tooltip" data-placement="left" title="<?=gettext("delete cert");?>">
1334 1335 1336
								<span class="glyphicon glyphicon-remove"></span>
							</a>

1337 1338
						<?php
endif; ?>
1339
						<?php if (isset($cert['csr'])) :
1340
?>
1341

1342 1343
							<a href="system_certmanager.php?act=csr&amp;id=<?=$i;
?>" class="btn btn-default btn-xs" data-toggle="tooltip" data-placement="left" title="<?=gettext("update csr");?>">
1344 1345
							<span class="glyphicon glyphicon-edit"></span>
							</a>
1346 1347
						<?php
endif; ?>
1348 1349
						</td>
					</tr>
1350 1351 1352
						<?php $i++;

                        endforeach; ?>
1353 1354 1355

						<tr>
							<td>&nbsp;</td>
1356
							<td colspan="3"><?=gettext("Note: You can only delete a certificate if it is not currently in use.");?></td>
1357 1358 1359
						</tr>
						</tbody>
					</table>
1360 1361
					<?php
endif; ?>
1362 1363 1364 1365 1366 1367
				</div>
			</section>
		</div>
	</div>
</section>

Ad Schellevis's avatar
Ad Schellevis committed
1368 1369 1370 1371 1372 1373 1374 1375 1376
<script type="text/javascript">
//<![CDATA[

method_change();
internalca_change();

//]]>
</script>

1377
<?php include("foot.inc");