(legacy) refactor system_camanager.php

3cb09b78 · Ad Schellevis · da8a2bed · 3cb09b78
Commit 3cb09b78 authored Dec 10, 2015 by Ad Schellevis
Hide whitespace changes
Inline Side-by-side

Showing with 676 additions and 738 deletions

system_camanager.php src/www/system_camanager.php +676 -738

No files found.
--- a/src/www/system_camanager.php
+++ b/src/www/system_camanager.php
@@ -31,380 +31,384 @@ require_once('guiconfig.inc');
 require_once("system.inc");
 function ca_import(& $ca, $str, $key="", $serial=0) {
-	global $config;
+    global $config;
-	$ca['crt'] = base64_encode($str);
+    $ca['crt'] = base64_encode($str);
-	if (!empty($key))
+    if (!empty($key)) {
-		$ca['prv'] = base64_encode($key);
+        $ca['prv'] = base64_encode($key);
-	if (!empty($serial))
+    }
-		$ca['serial'] = $serial;
+    if (!empty($serial)) {
-	$subject = cert_get_subject($str, false);
+        $ca['serial'] = $serial;
-	$issuer = cert_get_issuer($str, false);
+    }
+    $subject = cert_get_subject($str, false);
-	// Find my issuer unless self-signed
+    $issuer = cert_get_issuer($str, false);
-	if($issuer <> $subject) {
-		$issuer_crt =& lookup_ca_by_subject($issuer);
+    // Find my issuer unless self-signed
-		if($issuer_crt)
+    if($issuer <> $subject) {
-			$ca['caref'] = $issuer_crt['refid'];
+        $issuer_crt =& lookup_ca_by_subject($issuer);
-	}
+        if($issuer_crt) {
+            $ca['caref'] = $issuer_crt['refid'];
-	/* Correct if child certificate was loaded first */
+        }
-	if (is_array($config['ca']))
+    }
-		foreach ($config['ca'] as & $oca)
-		{
+    /* Correct if child certificate was loaded first */
-			$issuer = cert_get_issuer($oca['crt']);
+    if (is_array($config['ca'])) {
-			if($ca['refid']<>$oca['refid'] && $issuer==$subject)
+        foreach ($config['ca'] as & $oca) {
-				$oca['caref'] = $ca['refid'];
+            $issuer = cert_get_issuer($oca['crt']);
-		}
+            if($ca['refid']<>$oca['refid'] && $issuer==$subject) {
-	if (is_array($config['cert']))
+                $oca['caref'] = $ca['refid'];
-		foreach ($config['cert'] as & $cert)
+            }
-		{
+        }
-			$issuer = cert_get_issuer($cert['crt']);
+    }
-			if($issuer==$subject)
+    if (is_array($config['cert'])) {
-				$cert['caref'] = $ca['refid'];
+        foreach ($config['cert'] as & $cert) {
-		}
+            $issuer = cert_get_issuer($cert['crt']);
-	return true;
+            if($issuer==$subject) {
+                $cert['caref'] = $ca['refid'];
+            }
+        }
+    }
+    return true;
 }
 function ca_inter_create(&$ca, $keylen, $lifetime, $dn, $caref, $digest_alg = 'sha256')
 {
-	// Create Intermediate Certificate Authority
+    // Create Intermediate Certificate Authority
-	$signing_ca = &lookup_ca($caref);
+    $signing_ca = &lookup_ca($caref);
-	if (!$signing_ca) {
+    if (!$signing_ca) {
-		return false;
+        return false;
-	}
+    }
-	$signing_ca_res_crt = openssl_x509_read(base64_decode($signing_ca['crt']));
-	$signing_ca_res_key = openssl_pkey_get_private(array(0 => base64_decode($signing_ca['prv']) , 1 => ""));
-	if (!$signing_ca_res_crt || !$signing_ca_res_key) {
-		return false;
-	}
-	$signing_ca_serial = ++$signing_ca['serial'];
-	$args = array(
-		'config' => '/usr/local/etc/ssl/opnsense.cnf',
-		'private_key_type' => OPENSSL_KEYTYPE_RSA,
-		'private_key_bits' => (int)$keylen,
-		'x509_extensions' => 'v3_ca',
-		'digest_alg' => $digest_alg,
-		'encrypt_key' => false
-	);
-	// generate a new key pair
-	$res_key = openssl_pkey_new($args);
-	if (!$res_key) {
-		return false;
-	}
-	// generate a certificate signing request
-	$res_csr = openssl_csr_new($dn, $res_key, $args);
-	if (!$res_csr) {
-		return false;
-	}
-	// Sign the certificate
-	$res_crt = openssl_csr_sign($res_csr, $signing_ca_res_crt, $signing_ca_res_key, $lifetime, $args, $signing_ca_serial);
-	if (!$res_crt) {
-		return false;
-	}
-	// export our certificate data
-	if (!openssl_pkey_export($res_key, $str_key) ||
-	    !openssl_x509_export($res_crt, $str_crt)) {
-		return false;
-	}
-	// return our ca information
-	$ca['crt'] = base64_encode($str_crt);
-	$ca['prv'] = base64_encode($str_key);
-	$ca['serial'] = 0;
-	return true;
-}
-$ca_methods = array(
+    $signing_ca_res_crt = openssl_x509_read(base64_decode($signing_ca['crt']));
-    "existing" => gettext("Import an existing Certificate Authority"),
+    $signing_ca_res_key = openssl_pkey_get_private(array(0 => base64_decode($signing_ca['prv']) , 1 => ""));
-    "internal" => gettext("Create an internal Certificate Authority"),
+    if (!$signing_ca_res_crt || !$signing_ca_res_key) {
-    "intermediate" => gettext("Create an intermediate Certificate Authority"));
+        return false;
+    }
+    $signing_ca_serial = ++$signing_ca['serial'];
+    $args = array(
+        'config' => '/usr/local/etc/ssl/opnsense.cnf',
+        'private_key_type' => OPENSSL_KEYTYPE_RSA,
+        'private_key_bits' => (int)$keylen,
+        'x509_extensions' => 'v3_ca',
+        'digest_alg' => $digest_alg,
+        'encrypt_key' => false
+    );
+    // generate a new key pair
+    $res_key = openssl_pkey_new($args);
+    if (!$res_key) {
+        return false;
+    }
-$ca_keylens = array( "512", "1024", "2048", "4096");
+    // generate a certificate signing request
-$openssl_digest_algs = array("sha1", "sha224", "sha256", "sha384", "sha512");
+    $res_csr = openssl_csr_new($dn, $res_key, $args);
+    if (!$res_csr) {
+        return false;
+    }
-if (isset($_GET['id']) && is_numericint($_GET['id'])) {
+    // Sign the certificate
-    $id = $_GET['id'];
+    $res_crt = openssl_csr_sign($res_csr, $signing_ca_res_crt, $signing_ca_res_key, $lifetime, $args, $signing_ca_serial);
-}
+    if (!$res_crt) {
-if (isset($_POST['id']) && is_numericint($_POST['id'])) {
+        return false;
-    $id = $_POST['id'];
+    }
-}
-if (!isset($config['ca']) || !is_array($config['ca'])) {
+    // export our certificate data
-    $config['ca'] = array();
+    if (!openssl_pkey_export($res_key, $str_key) ||
+        !openssl_x509_export($res_crt, $str_crt)) {
+        return false;
+    }
+    // return our ca information
+    $ca['crt'] = base64_encode($str_crt);
+    $ca['prv'] = base64_encode($str_key);
+    $ca['serial'] = 0;
+    return true;
 }
-$a_ca =& $config['ca'];
+$ca_keylens = array( "512", "1024", "2048", "4096");
+$openssl_digest_algs = array("sha1", "sha224", "sha256", "sha384", "sha512");
 if (!is_array($config['cert'])) {
    $config['cert'] = array();
 }
-$a_cert =& $config['cert'];
 if (!isset($config['crl']) || !is_array($config['crl'])) {
    $config['crl'] = array();
 }
-$a_crl =& $config['crl'];
+if (!isset($config['ca']) || !is_array($config['ca'])) {
+    $config['ca'] = array();
-$act=null;
-if (isset($_GET['act'])) {
-    $act = $_GET['act'];
-} elseif (isset($_POST['act'])) {
-    $act = $_POST['act'];
 }
-if ($act == "del") {
+$a_ca =& $config['ca'];
-    if (!isset($a_ca[$id])) {
-        header("Location: system_camanager.php");
+if ($_SERVER['REQUEST_METHOD'] === 'GET') {
-        exit;
+    if (isset($a_ca[$_GET['id']])) {
+        $id = $_GET['id'];
    }
-    $index = count($a_cert) - 1;
+    if (isset($_GET['act'])) {
-    for (; $index >=0; $index--) {
+        $act = $_GET['act'];
-        if (isset($a_cert[$index]['caref']) && isset($a_ca[$id]['refid']) && $a_cert[$index]['caref'] == $a_ca[$id]['refid']) {
+    } else {
-            unset($a_cert[$index]);
+        $act = null;
-        }
    }
-    $index = count($a_crl) - 1;
+    // set defaults
-    for (; $index >=0; $index--) {
+    $pconfig = array();
-        if ($a_crl[$index]['caref'] == $a_ca[$id]['refid']) {
+    $pconfig['camethod'] = null ;
-            unset($a_crl[$index]);
+    $pconfig['descr'] = null;
+    $pconfig['serial'] = null;
+    $pconfig['lifetime'] = null;
+    $pconfig['dn_country'] = null;
+    $pconfig['dn_state'] = null;
+    $pconfig['dn_city'] = null;
+    $pconfig['dn_organization'] = null;
+    $pconfig['dn_email'] = null;
+    $pconfig['dn_commonname'] = null;
+    if ($act == "edit") {
+        if (!isset($id)) {
+            header("Location: system_camanager.php");
+            exit;
+        }
+        $pconfig['descr']  = $a_ca[$id]['descr'];
+        $pconfig['refid']  = $a_ca[$id]['refid'];
+        $pconfig['cert']   = base64_decode($a_ca[$id]['crt']);
+        $pconfig['serial'] = $a_ca[$id]['serial'];
+        if (!empty($a_ca[$id]['prv'])) {
+            $pconfig['key'] = base64_decode($a_ca[$id]['prv']);
+        }
+    } elseif ($act == "new") {
+        if (isset($_GET['method'])) {
+            $pconfig['camethod'] = $_GET['method'];
+        }
+        $pconfig['refid'] = null;
+        $pconfig['keylen'] = "2048";
+        $pconfig['digest_alg'] = "sha256";
+        $pconfig['lifetime'] = "365";
+        $pconfig['dn_commonname'] = "internal-ca";
+    } elseif ($act == "exp") {
+        if (!isset($id)) {
+            header("Location: system_camanager.php");
+            exit;
        }
-    }
-    $name = $a_ca[$id]['descr'];
+        $exp_name = urlencode("{$a_ca[$id]['descr']}.crt");
-    unset($a_ca[$id]);
+        $exp_data = base64_decode($a_ca[$id]['crt']);
-    write_config();
+        $exp_size = strlen($exp_data);
-    $savemsg = sprintf(gettext("Certificate Authority %s and its CRLs (if any) successfully deleted"), $name) . "<br />";
-    header("Location: system_camanager.php");
-    exit;
-}
-if ($act == "edit") {
+        header("Content-Type: application/octet-stream");
-    if (!isset($a_ca[$id])) {
+        header("Content-Disposition: attachment; filename={$exp_name}");
-        header("Location: system_camanager.php");
+        header("Content-Length: $exp_size");
+        echo $exp_data;
        exit;
-    }
+    } elseif ($act == "expkey") {
-    $pconfig['descr']  = $a_ca[$id]['descr'];
+        if (!isset($id)) {
-    $pconfig['refid']  = $a_ca[$id]['refid'];
+            header("Location: system_camanager.php");
-    $pconfig['cert']   = base64_decode($a_ca[$id]['crt']);
+            exit;
-    $pconfig['serial'] = $a_ca[$id]['serial'];
+        }
-    if (!empty($a_ca[$id]['prv'])) {
-        $pconfig['key'] = base64_decode($a_ca[$id]['prv']);
-    }
-}
-if ($act == "new") {
+        $exp_name = urlencode("{$a_ca[$id]['descr']}.key");
-    if (isset($_GET['method'])) {
+        $exp_data = base64_decode($a_ca[$id]['prv']);
-        $pconfig['method'] = $_GET['method'];
+        $exp_size = strlen($exp_data);
-    } else {
-        $pconfig['method'] = null ;
-    }
-    $pconfig['keylen'] = "2048";
-    $pconfig['digest_alg'] = "sha256";
-    $pconfig['lifetime'] = "365";
-    $pconfig['dn_commonname'] = "internal-ca";
-}
-if ($act == "exp") {
+        header("Content-Type: application/octet-stream");
-    if (!$a_ca[$id]) {
+        header("Content-Disposition: attachment; filename={$exp_name}");
-        header("Location: system_camanager.php");
+        header("Content-Length: $exp_size");
+        echo $exp_data;
        exit;
    }
+} elseif ($_SERVER['REQUEST_METHOD'] === 'POST') {
+    if (isset($a_ca[$_POST['id']])) {
+        $id = $_POST['id'];
+    }
+    if (isset($_POST['act'])) {
+        $act = $_POST['act'];
+    } else {
+        $act = null;
+    }
-    $exp_name = urlencode("{$a_ca[$id]['descr']}.crt");
+    if ($act == "del") {
-    $exp_data = base64_decode($a_ca[$id]['crt']);
+        if (!isset($id)) {
-    $exp_size = strlen($exp_data);
+            header("Location: system_camanager.php");
+            exit;
+        }
+        $a_cert =& $config['cert'];
+        $index = count($a_cert) - 1;
+        for (; $index >=0; $index--) {
+            if (isset($a_cert[$index]['caref']) && isset($a_ca[$id]['refid']) && $a_cert[$index]['caref'] == $a_ca[$id]['refid']) {
+                unset($a_cert[$index]);
+            }
+        }
-    header("Content-Type: application/octet-stream");
+        $a_crl =& $config['crl'];
-    header("Content-Disposition: attachment; filename={$exp_name}");
+        $index = count($a_crl) - 1;
-    header("Content-Length: $exp_size");
+        for (; $index >=0; $index--) {
-    echo $exp_data;
+            if ($a_crl[$index]['caref'] == $a_ca[$id]['refid']) {
-    exit;
+                unset($a_crl[$index]);
-}
+            }
+        }
-if ($act == "expkey") {
+        unset($a_ca[$id]);
-    if (!$a_ca[$id]) {
+        write_config();
        header("Location: system_camanager.php");
        exit;
-    }
+    } else {
+        $input_errors = array();
-    $exp_name = urlencode("{$a_ca[$id]['descr']}.key");
+        $pconfig = $_POST;
-    $exp_data = base64_decode($a_ca[$id]['prv']);
-    $exp_size = strlen($exp_data);
+        /* input validation */
+        if ($pconfig['camethod'] == "existing") {
-    header("Content-Type: application/octet-stream");
+            $reqdfields = explode(" ", "descr cert");
-    header("Content-Disposition: attachment; filename={$exp_name}");
+            $reqdfieldsn = array(
-    header("Content-Length: $exp_size");
+                    gettext("Descriptive name"),
-    echo $exp_data;
+                    gettext("Certificate data"));
-    exit;
+            if (!empty($pconfig['cert']) && (!strstr($pconfig['cert'], "BEGIN CERTIFICATE") || !strstr($pconfig['cert'], "END CERTIFICATE"))) {
-}
+                $input_errors[] = gettext("This certificate does not appear to be valid.");
+            }
-if ($_POST) {
+            if (!empty($pconfig['key']) && strstr($pconfig['key'], "ENCRYPTED")) {
-    unset($input_errors);
+                $input_errors[] = gettext("Encrypted private keys are not yet supported.");
-    $input_errors = array();
+            }
-    $pconfig = $_POST;
+        } elseif ($pconfig['camethod'] == "internal") {
+            $reqdfields = explode(
-    /* input validation */
+                " ",
-    if ($pconfig['method'] == "existing") {
+                "descr keylen lifetime dn_country dn_state dn_city ".
-        $reqdfields = explode(" ", "descr cert");
+                "dn_organization dn_email dn_commonname"
-        $reqdfieldsn = array(
+            );
-                gettext("Descriptive name"),
+            $reqdfieldsn = array(
-                gettext("Certificate data"));
+                    gettext("Descriptive name"),
-        if ($_POST['cert'] && (!strstr($_POST['cert'], "BEGIN CERTIFICATE") || !strstr($_POST['cert'], "END CERTIFICATE"))) {
+                    gettext("Key length"),
-            $input_errors[] = gettext("This certificate does not appear to be valid.");
+                    gettext("Lifetime"),
-        }
+                    gettext("Distinguished name Country Code"),
-        if ($_POST['key'] && strstr($_POST['key'], "ENCRYPTED")) {
+                    gettext("Distinguished name State or Province"),
-            $input_errors[] = gettext("Encrypted private keys are not yet supported.");
+                    gettext("Distinguished name City"),
+                    gettext("Distinguished name Organization"),
+                    gettext("Distinguished name Email Address"),
+                    gettext("Distinguished name Common Name"));
+        } elseif ($pconfig['camethod'] == "intermediate") {
+            $reqdfields = explode(
+                " ",
+                "descr caref keylen lifetime dn_country dn_state dn_city ".
+                "dn_organization dn_email dn_commonname"
+            );
+            $reqdfieldsn = array(
+                    gettext("Descriptive name"),
+                    gettext("Signing Certificate Authority"),
+                    gettext("Key length"),
+                    gettext("Lifetime"),
+                    gettext("Distinguished name Country Code"),
+                    gettext("Distinguished name State or Province"),
+                    gettext("Distinguished name City"),
+                    gettext("Distinguished name Organization"),
+                    gettext("Distinguished name Email Address"),
+                    gettext("Distinguished name Common Name"));
        }
-    }
-    if ($pconfig['method'] == "internal") {
-        $reqdfields = explode(
-            " ",
-            "descr keylen lifetime dn_country dn_state dn_city ".
-            "dn_organization dn_email dn_commonname"
-        );
-        $reqdfieldsn = array(
-                gettext("Descriptive name"),
-                gettext("Key length"),
-                gettext("Lifetime"),
-                gettext("Distinguished name Country Code"),
-                gettext("Distinguished name State or Province"),
-                gettext("Distinguished name City"),
-                gettext("Distinguished name Organization"),
-                gettext("Distinguished name Email Address"),
-                gettext("Distinguished name Common Name"));
-    }
-    if ($pconfig['method'] == "intermediate") {
-        $reqdfields = explode(
-            " ",
-            "descr caref keylen lifetime dn_country dn_state dn_city ".
-            "dn_organization dn_email dn_commonname"
-        );
-        $reqdfieldsn = array(
-                gettext("Descriptive name"),
-                gettext("Signing Certificate Authority"),
-                gettext("Key length"),
-                gettext("Lifetime"),
-                gettext("Distinguished name Country Code"),
-                gettext("Distinguished name State or Province"),
-                gettext("Distinguished name City"),
-                gettext("Distinguished name Organization"),
-                gettext("Distinguished name Email Address"),
-                gettext("Distinguished name Common Name"));
-    }
-    do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors);
+        do_input_validation($pconfig, $reqdfields, $reqdfieldsn, $input_errors);
-    if ($pconfig['method'] != "existing") {
+        if ($pconfig['camethod'] != "existing") {
-        /* Make sure we do not have invalid characters in the fields for the certificate */
+            /* Make sure we do not have invalid characters in the fields for the certificate */
-        for ($i = 0; $i < count($reqdfields); $i++) {
+            for ($i = 0; $i < count($reqdfields); $i++) {
-            if ($reqdfields[$i] == 'dn_email') {
+                if ($reqdfields[$i] == 'dn_email') {
-                if (preg_match("/[\!\#\$\%\^\(\)\~\?\>\<\&\/\\\,\"\']/", $_POST["dn_email"])) {
+                    if (preg_match("/[\!\#\$\%\^\(\)\~\?\>\<\&\/\\\,\"\']/", $pconfig["dn_email"])) {
-                    $input_errors[] = gettext("The field 'Distinguished name Email Address' contains invalid characters.");
+                        $input_errors[] = gettext("The field 'Distinguished name Email Address' contains invalid characters.");
-                }
+                    }
-            } elseif ($reqdfields[$i] == 'dn_commonname') {
+                } elseif ($reqdfields[$i] == 'dn_commonname') {
-                if (preg_match("/[\!\@\#\$\%\^\(\)\~\?\>\<\&\/\\\,\"\']/", $_POST["dn_commonname"])) {
+                    if (preg_match("/[\!\@\#\$\%\^\(\)\~\?\>\<\&\/\\\,\"\']/", $pconfig["dn_commonname"])) {
-                    $input_errors[] = gettext("The field 'Distinguished name Common Name' contains invalid characters.");
+                        $input_errors[] = gettext("The field 'Distinguished name Common Name' contains invalid characters.");
+                    }
+                } elseif (($reqdfields[$i] != "descr") && preg_match("/[\!\@\#\$\%\^\(\)\~\?\>\<\&\/\\\,\.\"\']/", $pconfig["$reqdfields[$i]"])) {
+                    $input_errors[] = sprintf(gettext("The field '%s' contains invalid characters."), $reqdfieldsn[$i]);
                }
-            } elseif (($reqdfields[$i] != "descr") && preg_match("/[\!\@\#\$\%\^\(\)\~\?\>\<\&\/\\\,\.\"\']/", $_POST["$reqdfields[$i]"])) {
+            }
-                $input_errors[] = sprintf(gettext("The field '%s' contains invalid characters."), $reqdfieldsn[$i]);
+            if (!in_array($pconfig["keylen"], $ca_keylens)) {
+                $input_errors[] = gettext("Please select a valid Key Length.");
+            }
+            if (!in_array($pconfig["digest_alg"], $openssl_digest_algs)) {
+                $input_errors[] = gettext("Please select a valid Digest Algorithm.");
            }
        }
-        if (!in_array($_POST["keylen"], $ca_keylens)) {
-            $input_errors[] = gettext("Please select a valid Key Length.");
-        }
-        if (!in_array($_POST["digest_alg"], $openssl_digest_algs)) {
-            $input_errors[] = gettext("Please select a valid Digest Algorithm.");
-        }
-    }
-    /* save modifications */
+        /* save modifications */
-    if (!$input_errors) {
+        if (count($input_errors) == 0) {
-        $ca = array();
+            $ca = array();
-        if (!isset($pconfig['refid']) || empty($pconfig['refid'])) {
-            $ca['refid'] = uniqid();
-        } else {
-            $ca['refid'] = $pconfig['refid'];
-        }
-        if (isset($id) && $a_ca[$id]) {
+            if (isset($id)) {
-            $ca = $a_ca[$id];
+                $ca = $a_ca[$id];
-        }
+            } else {
+                $ca['refid'] = uniqid();
+            }
-        if (isset($pconfig['descr'])) {
+            if (isset($pconfig['descr'])) {
-            $ca['descr'] = $pconfig['descr'];
+                $ca['descr'] = $pconfig['descr'];
-        } else {
+            } else {
-            $ca['descr'] = null;
+                $ca['descr'] = null;
-        }
+            }
-        if (isset($_POST['edit']) && $_POST['edit'] == "edit") {
+            if (!empty($pconfig['serial'])) {
-            $ca['descr']  = $pconfig['descr'];
+                $ca['serial'] = $pconfig['serial'];
-            $ca['refid']  = $pconfig['refid'];
-            $ca['serial'] = $pconfig['serial'];
-            $ca['crt']    = base64_encode($pconfig['cert']);
-            if (!empty($pconfig['key'])) {
-                $ca['prv']    = base64_encode($pconfig['key']);
            }
-        } else {
-            $old_err_level = error_reporting(0); /* otherwise openssl_ functions throw warings directly to a page screwing menu tab */
+            if (isset($id)) {
-            if ($pconfig['method'] == "existing") {
+                // edit existing
-                ca_import($ca, $pconfig['cert'], $pconfig['key'], $pconfig['serial']);
+                $ca['crt']    = base64_encode($pconfig['cert']);
-            } elseif ($pconfig['method'] == "internal") {
+                if (!empty($pconfig['key'])) {
-                $dn = array(
+                    $ca['prv']    = base64_encode($pconfig['key']);
-                    'countryName' => $pconfig['dn_country'],
-                    'stateOrProvinceName' => $pconfig['dn_state'],
-                    'localityName' => $pconfig['dn_city'],
-                    'organizationName' => $pconfig['dn_organization'],
-                    'emailAddress' => $pconfig['dn_email'],
-                    'commonName' => $pconfig['dn_commonname']);
-                if (!ca_create($ca, $pconfig['keylen'], $pconfig['lifetime'], $dn, $pconfig['digest_alg'])) {
-                    $input_errors = array();
-                    while ($ssl_err = openssl_error_string()) {
-                        $input_errors[] = gettext("openssl library returns:") . " " . $ssl_err;
-                    }
                }
-            } elseif ($pconfig['method'] == "intermediate") {
+            } else {
-                $dn = array(
+                $old_err_level = error_reporting(0); /* otherwise openssl_ functions throw warnings directly to a page screwing menu tab */
-                    'countryName' => $pconfig['dn_country'],
+                if ($pconfig['camethod'] == "existing") {
-                    'stateOrProvinceName' => $pconfig['dn_state'],
+                    ca_import($ca, $pconfig['cert'], $pconfig['key'], $pconfig['serial']);
-                    'localityName' => $pconfig['dn_city'],
+                } elseif ($pconfig['camethod'] == "internal") {
-                    'organizationName' => $pconfig['dn_organization'],
+                    $dn = array(
-                    'emailAddress' => $pconfig['dn_email'],
+                        'countryName' => $pconfig['dn_country'],
-                    'commonName' => $pconfig['dn_commonname']);
+                        'stateOrProvinceName' => $pconfig['dn_state'],
-                if (!ca_inter_create($ca, $pconfig['keylen'], $pconfig['lifetime'], $dn, $pconfig['caref'], $pconfig['digest_alg'])) {
+                        'localityName' => $pconfig['dn_city'],
-                    $input_errors = array();
+                        'organizationName' => $pconfig['dn_organization'],
-                    while ($ssl_err = openssl_error_string()) {
+                        'emailAddress' => $pconfig['dn_email'],
-                        $input_errors[] = gettext("openssl library returns:") . " " . $ssl_err;
+                        'commonName' => $pconfig['dn_commonname']);
+                    if (!ca_create($ca, $pconfig['keylen'], $pconfig['lifetime'], $dn, $pconfig['digest_alg'])) {
+                        $input_errors = array();
+                        while ($ssl_err = openssl_error_string()) {
+                            $input_errors[] = gettext("openssl library returns:") . " " . $ssl_err;
+                        }
+                    }
+                } elseif ($pconfig['camethod'] == "intermediate") {
+                    $dn = array(
+                        'countryName' => $pconfig['dn_country'],
+                        'stateOrProvinceName' => $pconfig['dn_state'],
+                        'localityName' => $pconfig['dn_city'],
+                        'organizationName' => $pconfig['dn_organization'],
+                        'emailAddress' => $pconfig['dn_email'],
+                        'commonName' => $pconfig['dn_commonname']);
+                    if (!ca_inter_create($ca, $pconfig['keylen'], $pconfig['lifetime'], $dn, $pconfig['caref'], $pconfig['digest_alg'])) {
+                        $input_errors = array();
+                        while ($ssl_err = openssl_error_string()) {
+                            $input_errors[] = gettext("openssl library returns:") . " " . $ssl_err;
+                        }
                    }
                }
+                error_reporting($old_err_level);
            }
-            error_reporting($old_err_level);
-        }
-        if (isset($id) && $a_ca[$id]) {
+            if (isset($id) && $a_ca[$id]) {
-            $a_ca[$id] = $ca;
+                $a_ca[$id] = $ca;
-        } else {
+            } else {
-            $a_ca[] = $ca;
+                $a_ca[] = $ca;
-        }
+            }
-        if (!$input_errors) {
+            if (count($input_errors) == 0) {
-            write_config();
+                write_config();
-            unset($input_errors);
+                header("Location: system_camanager.php");
+            }
        }
-//		header("Location: system_camanager.php");
    }
 }
+legacy_html_escape_form_data($pconfig);
 include("head.inc");
 $main_buttons = array(
@@ -415,438 +419,372 @@ $main_buttons = array(
 ?>
 <body>
+  <script type="text/javascript">
+  $( document ).ready(function() {
+    // delete entry
+    $(".act_delete").click(function(event){
+      event.preventDefault();
+      var id = $(this).data('id');
+      BootstrapDialog.show({
+        type:BootstrapDialog.TYPE_INFO,
+        title: "<?= gettext("Authorities");?>",
+        message: "<?=gettext("Do you really want to delete this Certificate Authority and its CRLs, and unreference any associated certificates?");?>",
+        buttons: [{
+                  label: "<?=gettext("No");?>",
+                  action: function(dialogRef) {
+                      dialogRef.close();
+                  }}, {
+                  label: "<?=gettext("Yes");?>",
+                  action: function(dialogRef) {
+                    $("#id").val(id);
+                    $("#action").val("del");
+                    $("#iform").submit()
+                }
+              }]
+      });
+    });
+    $("#camethod").change(function(){
+        $("#existing").addClass("hidden");
+        $("#internal").addClass("hidden");
+        $("#intermediate").addClass("hidden");
+        if ($(this).val() == "existing") {
+            $("#existing").removeClass("hidden");
+        } else if ($(this).val() == "internal") {
+            $("#internal").removeClass("hidden");
+        } else {
+            $("#internal").removeClass("hidden");
+            $("#intermediate").removeClass("hidden");
+        }
+    });
-<?php include("fbegin.inc"); ?>
+    $("#camethod").change();
+  });
-<script type="text/javascript">
+  </script>
-//<![CDATA[
-function method_change() {
-	method = document.iform.method.selectedIndex;
-	switch (method) {
-		case 0:
-			document.getElementById("existing").style.display="";
-			document.getElementById("internal").style.display="none";
-			document.getElementById("intermediate").style.display="none";
-			break;
-		case 1:
-			document.getElementById("existing").style.display="none";
-			document.getElementById("internal").style.display="";
-			document.getElementById("intermediate").style.display="none";
-			break;
-		case 2:
-			document.getElementById("existing").style.display="none";
-			document.getElementById("internal").style.display="";
-			document.getElementById("intermediate").style.display="";
-			break;
-	}
-}
-//]]>
-</script>
-<!-- row -->
+<?php include("fbegin.inc"); ?>
 <section class="page-content-main">
-	<div class="container-fluid">
+  <div class="container-fluid">
+    <div class="row">
-        <div class="row">
+<?php
+    if (isset($input_errors) && count($input_errors) > 0) {
-            <?php
+        print_input_errors($input_errors);
-            if (isset($input_errors) && count($input_errors) > 0) {
+    }
-                print_input_errors($input_errors);
+    if (isset($savemsg)) {
-            }
+        print_info_box($savemsg);
-            if (isset($savemsg)) {
+    }
-                print_info_box($savemsg);
-            }
-            ?>
-            <section class="col-xs-12">
-                <div class="content-box tab-content table-responsive" style="overflow: auto;">
-				<?php if ($act == "new" || $act == "edit" || $act == gettext("Save") || isset($input_errors)) :
 ?>
+    <section class="col-xs-12">
+      <div class="content-box tab-content table-responsive">
-				<form action="system_camanager.php" method="post" name="iform" id="iform" class="table table-striped">
+        <?php if ($act == "new" || $act == "edit") :
-					<?php if ($act == "edit") :
-?>
-					    <input type="hidden" name="edit" value="edit" id="edit" />
-                            <input type="hidden" name="id" value="<?php echo htmlspecialchars($id); ?>" id="id" />
-                            <input type="hidden" name="refid" value="<?php echo $pconfig['refid']; ?>" id="refid" />
-					<?php
-endif; ?>
-					<table width="100%" border="0" cellpadding="6" cellspacing="0" summary="main area" class="table table-striped">
-						<tr>
-							<td width="22%" valign="top" class="vncellreq"><?=gettext("Descriptive name");?></td>
-							<td width="78%" class="vtable">
-								<input name="descr" type="text" class="formfld unknown" id="descr" size="20" value="<?php if (isset($pconfig['descr'])) echo htmlspecialchars($pconfig['descr']);?>"/>
-							</td>
-						</tr>
-						<?php if (!isset($id) || $act == "edit") :
-?>
-						<tr>
-							<td width="22%" valign="top" class="vncellreq"><?=gettext("Method");?></td>
-							<td width="78%" class="vtable">
-								<select name='method' id='method' class="selectpicker" data-style="btn-default" onchange='method_change()'>
-								<?php
-                                foreach ($ca_methods as $method => $desc) :
-                                    $selected = "";
-                                    if (isset($pconfig['method']) && $pconfig['method'] == $method) {
-                                        $selected = " selected=\"selected\"";
-                                    }
-                                ?>
-                                <option value="<?=$method;
-?>"<?=$selected;
-?>><?=$desc;?></option>
-								<?php
-                                endforeach; ?>
-								</select>
-							</td>
-						</tr>
-						<?php
-endif; ?>
-					</table>
-					<table width="100%" border="0" cellpadding="6" cellspacing="0" id="existing" summary="existing" class="table table-striped">
-						<thead>
-							<tr>
-								<th colspan="2" valign="top" class="listtopic"><?=gettext("Existing Certificate Authority");?></th>
-							</tr>
-						</thead>
-                            <tbody>
-						<tr>
-							<td width="22%" valign="top" class="vncellreq"><?=gettext("Certificate data");?></td>
-							<td width="78%" class="vtable">
-								<textarea name="cert" id="cert" cols="65" rows="7" class="formfld_cert"><?php if (isset($pconfig['cert'])) echo htmlspecialchars($pconfig['cert']);?></textarea>
-								<br />
-								<?=gettext("Paste a certificate in X.509 PEM format here.");?>
-							</td>
-						</tr>
-						<tr>
-							<td width="22%" valign="top" class="vncellreq"><?=gettext("Certificate Private Key");
-?><br /><?=gettext("(optional)");?></td>
-							<td width="78%" class="vtable">
-								<textarea name="key" id="key" cols="65" rows="7" class="formfld_cert"><?php if (isset($pconfig['key'])) echo htmlspecialchars($pconfig['key']);?></textarea>
-								<br />
-								<?=gettext("Paste the private key for the above certificate here. This is optional in most cases, but required if you need to generate a Certificate Revocation List (CRL).");?>
-							</td>
-						</tr>
-					<?php if (!isset($id) || $act == "edit") :
-?>
-						<tr>
-							<td width="22%" valign="top" class="vncellreq"><?=gettext("Serial for next certificate");?></td>
-							<td width="78%" class="vtable">
-								<input name="serial" type="text" class="formfld unknown" id="serial" size="20" value="<?php if(isset($pconfig['serial'])) echo htmlspecialchars($pconfig['serial']);?>"/>
-								<br /><?=gettext("Enter a decimal number to be used as the serial number for the next certificate to be created using this CA.");?>
-							</td>
-						</tr>
-					<?php
-endif; ?>
-                            </tbody>
-					</table>
-					<table width="100%" border="0" cellpadding="6" cellspacing="0" id="internal" summary="internal" class="table table-striped">
-						<thead>
-							<tr>
-								<th colspan="2" valign="top" class="listtopic"><?=gettext("Internal Certificate Authority");?></th>
-							</tr>
-						</thead>
-						<tbody>
-						<tr id='intermediate'>
-							<td width="22%" valign="top" class="vncellreq"><?=gettext("Signing Certificate Authority");?></td>
-							<td width="78%" class="vtable">
-                                    <select name='caref' id='caref' class="selectpicker" onchange='internalca_change()'>
-                                    <?php
-                                    foreach ($a_ca as $ca) :
-                                        if (!$ca['prv']) {
-                                            continue;
-                                        }
-                                        $selected = "";
-                                        if (isset($pconfig['caref']) && isset($ca['refid']) && $pconfig['caref'] == $ca['refid']) {
-                                            $selected = " selected=\"selected\"";
-                                        }
-                                    ?>
-                                    <option value="<?=$ca['refid'];
-?>"<?=$selected;
-?>><?=htmlspecialchars($ca['descr']);?></option>
-                                    <?php
-                                    endforeach; ?>
-                                    </select>
-							</td>
-						</tr>
-						<tr>
-							<td width="22%" valign="top" class="vncellreq"><?=gettext("Key length");?></td>
-							<td width="78%" class="vtable">
-								<select name='keylen' id='keylen' class="selectpicker">
-								<?php
-                                foreach ($ca_keylens as $len) :
-                                    $selected = "";
-                                    if (isset($pconfig['keylen']) && $pconfig['keylen'] == $len) {
-                                        $selected = " selected=\"selected\"";
-                                    }
-                                ?>
-                                <option value="<?=$len;
-?>"<?=$selected;
-?>><?=$len;?></option>
-								<?php
-                                endforeach; ?>
-								</select>
-								<?=gettext("bits");?>
-							</td>
-						</tr>
-						<tr>
-							<td width="22%" valign="top" class="vncellreq"><?=gettext("Digest Algorithm");?></td>
-							<td width="78%" class="vtable">
-								<select name='digest_alg' id='digest_alg' class="selectpicker">
-								<?php
-                                foreach ($openssl_digest_algs as $digest_alg) :
-                                    $selected = "";
-                                    if (isset($pconfig['digest_alg']) && $pconfig['digest_alg'] == $digest_alg) {
-                                        $selected = " selected=\"selected\"";
-                                    }
-                                ?>
-                                <option value="<?=$digest_alg;
-?>"<?=$selected;
-?>><?=strtoupper($digest_alg);?></option>
-								<?php
-                                endforeach; ?>
-								</select>
-								<br /><?= gettext("NOTE: It is recommended to use an algorithm stronger than SHA1 when possible.") ?>
-							</td>
-						</tr>
-						<tr>
-							<td width="22%" valign="top" class="vncellreq"><?=gettext("Lifetime");?></td>
-							<td width="78%" class="vtable">
-								<input name="lifetime" type="text" class="formfld unknown" id="lifetime" size="5" value="<?php if (isset($pconfig['lifetime'])) echo htmlspecialchars($pconfig['lifetime']);?>"/>
-								<?=gettext("days");?>
-							</td>
-						</tr>
-						<tr>
-							<td width="22%" valign="top" class="vncellreq"><?=gettext("Distinguished name");?></td>
-							<td width="78%" class="vtable">
-								<table border="0" cellspacing="0" cellpadding="2" summary="name">
-									<tr>
-										<td align="right"><?=gettext("Country Code");?> : &nbsp;</td>
-										<td align="left">
-											<select name='dn_country' class="selectpicker">
-											<?php
-                                            $dn_cc = get_country_codes();
-                                            foreach ($dn_cc as $cc => $cn) {
-                                                $selected = '';
-                                                if (isset($pconfig['dn_country']) && $pconfig['dn_country'] == $cc) {
-                                                    $selected = ' selected="selected"';
-                                                }
-                                                print "<option value=\"$cc\"$selected>$cc ($cn)</option>";
-                                            }
-                                            ?>
-											</select>
-										</td>
-									</tr>
-									<tr>
-										<td align="right"><?=gettext("State or Province");?> : &nbsp;</td>
-										<td align="left">
-											<input name="dn_state" type="text" class="formfld unknown" size="40" value="<?php if (isset($pconfig['dn_state'])) echo htmlspecialchars($pconfig['dn_state']);?>"/>
-											&nbsp;
-											<em><?=gettext("ex:");?></em>
-											&nbsp;
-											<?=gettext("Sachsen");?>
-										</td>
-									</tr>
-									<tr>
-										<td align="right"><?=gettext("City");?> : &nbsp;</td>
-										<td align="left">
-											<input name="dn_city" type="text" class="formfld unknown" size="40" value="<?php if (isset($pconfig['dn_city'])) echo htmlspecialchars($pconfig['dn_city']);?>"/>
-											&nbsp;
-											<em><?=gettext("ex:");?></em>
-											&nbsp;
-											<?=gettext("Leipzig");?>
-										</td>
-									</tr>
-									<tr>
-										<td align="right"><?=gettext("Organization");?> : &nbsp;</td>
-										<td align="left">
-											<input name="dn_organization" type="text" class="formfld unknown" size="40" value="<?php if (isset($pconfig['dn_organization'])) echo htmlspecialchars($pconfig['dn_organization']);?>"/>
-											&nbsp;
-											<em><?=gettext("ex:");?></em>
-											&nbsp;
-											<?=gettext("My Company Inc");?>
-										</td>
-									</tr>
-									<tr>
-										<td align="right"><?=gettext("Email Address");?> : &nbsp;</td>
-										<td align="left">
-											<input name="dn_email" type="text" class="formfld unknown" size="25" value="<?php if (isset($pconfig['dn_email'])) echo htmlspecialchars($pconfig['dn_email']);?>"/>
-											&nbsp;
-											<em><?=gettext("ex:");?></em>
-											&nbsp;
-											<?=gettext("admin@mycompany.com");?>
-										</td>
-									</tr>
-									<tr>
-										<td align="right"><?=gettext("Common Name");?> : &nbsp;</td>
-										<td align="left">
-											<input name="dn_commonname" type="text" class="formfld unknown" size="25" value="<?php if (isset($pconfig['dn_commonname'])) echo htmlspecialchars($pconfig['dn_commonname']);?>"/>
-											&nbsp;
-											<em><?=gettext("ex:");?></em>
-											&nbsp;
-											<?=gettext("internal-ca");?>
-										</td>
-									</tr>
-								</table>
-							</td>
-						</tr>
-						</tbody>
-					</table>
-					<table width="100%" border="0" cellpadding="6" cellspacing="0" summary="save" class="table">
-						<tr>
-							<td width="22%" valign="top">&nbsp;</td>
-							<td width="78%">
-								<input id="submit" name="save" type="submit" class="btn btn-primary" value="<?=gettext("Save"); ?>" />
-								<?php if (isset($id) && $a_ca[$id]) :
-?>
-								<input name="id" type="hidden" value="<?=htmlspecialchars($id);?>" />
-								<?php
-endif;?>
-							</td>
-						</tr>
-					</table>
-				</form>
-				<?php
-else :
 ?>
-				<table width="100%" border="0" cellpadding="0" cellspacing="0" summary="" class="table table-striped">
+        <form action="system_camanager.php" method="post" name="iform" id="iform">
-					<thead>
+          <input type="hidden" name="id" id="id" value="<?=isset($id) ? $id :"";?>"/>
-						<tr>
+          <input type="hidden" name="act" id="action" value="<?=$act;?>"/>
-							<th width="18%" class="listhdrr"><?=gettext("Name");?></th>
+          <table class="table table-striped">
-							<th width="10%" class="listhdrr"><?=gettext("Internal");?></th>
+            <tr>
-							<th width="10%" class="listhdrr"><?=gettext("Issuer");?></th>
+              <td width="22%"><?=gettext("Descriptive name");?></td>
-							<th width="10%" class="listhdrr"><?=gettext("Certificates");?></th>
+              <td width="78%">
-							<th width="40%" class="listhdrr"><?=gettext("Distinguished Name");?></th>
+                <input name="descr" type="text" id="descr" size="20" value="<?=$pconfig['descr'];?>"/>
-							<th width="12%" class="list"></th>
+              </td>
-						</tr>
+            </tr>
-					</thead>
+            <tr class="<?=isset($id) ? "hidden" : "";?>">
+              <td><i class="fa fa-info-circle text-muted"></i> <?=gettext("Method");?></td>
-					<tbody>
+              <td>
-					<?php
+                <select name='camethod' id='camethod' class="selectpicker" data-style="btn-default">
-                        $i = 0;
+                  <option value="existing" <?=$pconfig['camethod'] == "existing" ? "selected=\"selected\"" : "";?>>
+                    <?=gettext("Import an existing Certificate Authority");?>
+                  </option>
+                  <option value="internal" <?=$pconfig['camethod'] == "internal" ? "selected=\"selected\"" : "";?>>
+                    <?=gettext("Create an internal Certificate Authority");?>
+                  </option>
+                  <option value="intermediate" <?=$pconfig['camethod'] == "intermediate" ? "selected=\"selected\"" : "";?>>
+                    <?=gettext("Create an intermediate Certificate Authority");?>
+                  </option>
+                </select>
+              </td>
+            </tr>
+          </table>
+          <!-- existing ca -->
+          <table id="existing" class="table table-striped">
+            <thead>
+              <tr>
+                <th colspan="2"><?=gettext("Existing Certificate Authority");?></th>
+              </tr>
+            </thead>
+            <tbody>
+              <tr>
+                <td width="22%"><a id="help_for_cert" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Certificate data");?></td>
+                <td width="78%">
+                  <textarea name="cert" cols="65" rows="7" id="cert"><?=isset($pconfig['cert']) ? $pconfig['cert'] : "";?></textarea>
+                  <div class="hidden" for="help_for_cert">
+                    <?=gettext("Paste a certificate in X.509 PEM format here.");?>
+                  </div>
+                </td>
+              </tr>
+              <tr>
+                <td>
+                  <a id="help_for_key" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Certificate Private Key");?><br />
+                  <?=gettext("(optional)");?>
+                </td>
+                <td width="78%">
+                  <textarea name="key" id="key" cols="65" rows="7"><?= isset($pconfig['key']) ? $pconfig['key'] : "";?></textarea>
+                  <div class="hidden" for="help_for_key">
+                    <?=gettext("Paste the private key for the above certificate here. This is optional in most cases, but required if you need to generate a Certificate Revocation List (CRL).");?>
+                  </div>
+                </td>
+              </tr>
+              <tr>
+                <td><a id="help_for_serial" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Serial for next certificate");?></td>
+                <td>
+                  <input name="serial" type="text" id="serial" size="20" value="<?=$pconfig['serial'];?>"/>
+                  <div class="hidden" for="help_for_serial">
+                    <?=gettext("Enter a decimal number to be used as the serial number for the next certificate to be created using this CA.");?>
+                  </div>
+                </td>
+              </tr>
+              </tbody>
+            </table>
+            <!-- internal ca -->
+            <table  id="internal" class="table table-striped">
+              <thead>
+                <tr>
+                  <th colspan="2"><?=gettext("Internal Certificate Authority");?></th>
+                </tr>
+              </thead>
+              <tbody>
+                <tr id='intermediate'>
+                  <td width="22%"> <i class="fa fa-info-circle text-muted"></i>  <?=gettext("Signing Certificate Authority");?></td>
+                  <td width="78%">
+                    <select name='caref' id='caref' class="selectpicker" onchange='internalca_change()'>
+<?php
                    foreach ($a_ca as $ca) :
-                        $name = htmlspecialchars($ca['descr']);
+                        if (!$ca['prv']) {
-                        $subj = cert_get_subject($ca['crt']);
+                            continue;
-                        $issuer = cert_get_issuer($ca['crt']);
+                        }?>
-                        list($startdate, $enddate) = cert_get_dates($ca['crt']);
+                      <option value="<?=$ca['refid'];?>"<?=isset($pconfig['caref']) && isset($ca['refid']) && $pconfig['caref'] == $ca['refid'] ? " selected=\"selected\"" :"" ;?>><?=htmlspecialchars($ca['descr']);?></option>
-                        if ($subj == $issuer) {
+<?php
-                            $issuer_name = "<em>" . gettext("self-signed") . "</em>";
+                    endforeach; ?>
-                        } else {
+                    </select>
-                            $issuer_name = "<em>" . gettext("external") . "</em>";
+                  </td>
-                        }
+                </tr>
-                        $subj = htmlspecialchars($subj);
+                <tr>
-                        $issuer = htmlspecialchars($issuer);
+                  <td><i class="fa fa-info-circle text-muted"></i> <?=gettext("Key length");?> (<?=gettext("bits");?>)</td>
-                        $certcount = 0;
+                  <td width="78%">
+                    <select name='keylen' id='keylen' class="selectpicker">
-                        if (isset($ca['caref'])) {
+<?php
-                            $issuer_ca = lookup_ca($ca['caref']);
+                    foreach ($ca_keylens as $len) :?>
-                            if ($issuer_ca) {
+                      <option value="<?=$len;?>" <?=isset($pconfig['keylen']) && $pconfig['keylen'] == $len ? "selected=\"selected\"" : "";?>><?=$len;?></option>
-                                $issuer_name = $issuer_ca['descr'];
+<?php
-                            }
+                    endforeach; ?>
-                            foreach ($a_cert as $cert) {
+                    </select>
-                                if ($cert['caref'] == $ca['refid']) {
+                  </td>
-                                    $certcount++;
+                </tr>
-                                }
+                <tr>
-                            }
+                  <td><a id="help_for_digest_alg" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Digest Algorithm");?></td>
-                            foreach ($a_ca as $cert) {
+                  <td>
-                                if ($cert['caref'] == $ca['refid']) {
+                    <select name='digest_alg' id='digest_alg' class="selectpicker">
-                                    $certcount++;
+<?php
-                                }
+                    foreach ($openssl_digest_algs as $digest_alg) :?>
-                            }
+                      <option value="<?=$digest_alg;?>" <?=isset($pconfig['digest_alg']) && $pconfig['digest_alg'] == $digest_alg ? "selected=\"selected\"" : "";?>><?=strtoupper($digest_alg);?></option>
-                        }
+<?php
+                    endforeach; ?>
-                        // TODO : Need gray certificate icon
+                    </select>
+                    <div class="hidden" for="help_for_digest_alg">
-                        if ($ca['prv']) {
+                      <?= gettext("NOTE: It is recommended to use an algorithm stronger than SHA1 when possible.") ?>
-                            $internal = "YES";
+                    </div>
+                  </td>
+                </tr>
+                <tr>
+                  <td><i class="fa fa-info-circle text-muted"></i> <?=gettext("Lifetime");?> (<?=gettext("days");?>)</td>
+                  <td>
+                    <input name="lifetime" type="text" id="lifetime"  value="<?=$pconfig['lifetime'];?>"/>
+                  </td>
+                </tr>
+                <tr>
+                  <th colspan="2"><?=gettext("Distinguished name");?></th>
+                </tr>
+                <tr>
+                  <td><i class="fa fa-info-circle text-muted"></i> <?=gettext("Country Code");?> : &nbsp;</td>
+                  <td>
+                      <select name="dn_country" class="selectpicker">
+<?php
+                      foreach (get_country_codes() as $cc => $cn):?>
+                        <option value="<?=$cc;?>" <?=$pconfig['dn_country'] == $cc ? "selected=\"selected\"" : "";?>>
+                          <?=$cc;?> (<?=$cn;?>)
+                        </option>
+<?php
+                      endforeach;?>
+                      </select>
+                  </td>
+                </tr>
+                <tr>
+                  <td><a id="help_for_digest_dn_state" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("State or Province");?> : &nbsp;</td>
+                  <td>
+                    <input name="dn_state" type="text" size="40" value="<?=$pconfig['dn_state'];?>"/>
+                    <div class="hidden" for="help_for_digest_dn_state">
+                      <em><?=gettext("ex:");?></em>
+                      &nbsp;
+                      <?=gettext("Sachsen");?>
+                    </div>
+                  </td>
+                </tr>
+                <tr>
+                  <td><a id="help_for_digest_dn_city" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("City");?> : &nbsp;</td>
+                  <td>
+                    <input name="dn_city" type="text" size="40" value="<?=$pconfig['dn_city'];?>"/>
+                    <div class="hidden" for="help_for_digest_dn_city">
+                      <em><?=gettext("ex:");?></em>
+                      &nbsp;
+                      <?=gettext("Leipzig");?>
+                    </div>
+                  </td>
+                </tr>
+                <tr>
+                  <td><a id="help_for_digest_dn_organization" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Organization");?> : &nbsp;</td>
+                  <td>
+                    <input name="dn_organization" type="text" size="40" value="<?=$pconfig['dn_organization'];?>"/>
+                    <div class="hidden" for="help_for_digest_dn_organization">
+                      <em><?=gettext("ex:");?></em>
+                      &nbsp;
+                      <?=gettext("My Company Inc");?>
+                    </div>
+                  </td>
+                </tr>
+                <tr>
+                  <td><a id="help_for_digest_dn_email" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Email Address");?> : &nbsp;</td>
+                  <td>
+                    <input name="dn_email" type="text" size="25" value="<?=$pconfig['dn_email'];?>"/>
+                    <div class="hidden" for="help_for_digest_dn_email">
+                      <em><?=gettext("ex:");?></em>
+                      &nbsp;
+                      <?=gettext("admin@mycompany.com");?>
+                    </div>
+                  </td>
+                </tr>
+                <tr>
+                  <td><a id="help_for_digest_dn_commonname" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Common Name");?> : &nbsp;</td>
+                  <td>
+                    <input name="dn_commonname" type="text" size="25" value="<?=$pconfig['dn_commonname'];?>"/>
+                    <div class="hidden" for="help_for_digest_dn_commonname">
+                      <em><?=gettext("ex:");?></em>
+                      &nbsp;
+                      <?=gettext("internal-ca");?>
+                    </div>
+                  </td>
+                </tr>
+              </tbody>
+            </table>
+            <table class="table">
+            <tr>
+              <td width="22%">&nbsp;</td>
+              <td width="78%">
+                <input id="submit" name="save" type="submit" class="btn btn-primary" value="<?=gettext("Save"); ?>" />
+              </td>
+            </tr>
+          </table>
+        </form>
-                        } else {
+<?php
-                            $internal = "NO";
+        else :?>
-                        }
+        <form action="system_camanager.php" method="post" name="iform" id="iform">
-                    ?>
+          <input type="hidden" name="id" id="id" value="<?=isset($id) ? $id :"";?>"/>
-					<tr>
+          <input type="hidden" name="act" id="action" value="<?=$act;?>"/>
-                    <td class="listlr">
+        </form>
-                        <?=$name;?>
+        <table width="100%" border="0" cellpadding="0" cellspacing="0" summary="" class="table table-striped">
-                    </td>
+          <thead>
-                    <td class="listr"><?=$internal;?>&nbsp;</td>
+            <tr>
-                    <td class="listr"><?=$issuer_name;?>&nbsp;</td>
+              <th><?=gettext("Name");?></th>
-                    <td class="listr"><?=$certcount;?>&nbsp;</td>
+              <th><?=gettext("Internal");?></th>
-                    <td class="listr"><?=$subj;?><br />
+              <th><?=gettext("Issuer");?></th>
-                        <table width="100%" style="font-size: 9px" summary="valid">
+              <th><?=gettext("Certificates");?></th>
-                            <tr>
+              <th><?=gettext("Distinguished Name");?></th>
-                                <td width="10%">&nbsp;</td>
+              <th></th>
-                                <td width="20%"><?=gettext("Valid From")?>:</td>
+            </tr>
-                                <td width="70%"><?= $startdate ?></td>
+          </thead>
-                            </tr>
+          <tbody>
-                            <tr>
+<?php
-                                <td>&nbsp;</td>
+          $i = 0;
-                                <td><?=gettext("Valid Until")?>:</td>
+          foreach ($a_ca as $ca) :
-                                <td><?= $enddate ?></td>
+              $issuer = htmlspecialchars(cert_get_issuer($ca['crt']));
-                            </tr>
+              $subj = htmlspecialchars(cert_get_subject($ca['crt']));
-                        </table>
+              list($startdate, $enddate) = cert_get_dates($ca['crt']);
-                    </td>
+              if ($subj == $issuer) {
-                    <td valign="middle" class="list nowrap">
+                  $issuer_name = "<em>" . gettext("self-signed") . "</em>";
-                        <a href="system_camanager.php?act=edit&amp;id=<?=$i;
+              } else {
-?>" data-toggle="tooltip" data-placement="left" title="<?=gettext("edit CA");
+                  $issuer_name = "<em>" . gettext("external") . "</em>";
-?>" alt="<?=gettext("edit CA");?>" class="btn btn-default btn-xs"><span class="glyphicon glyphicon-pencil"></span></a>
+              }
-                        <a href="system_camanager.php?act=exp&amp;id=<?=$i;
+              $certcount = 0;
-?>" data-toggle="tooltip" data-placement="left" title="<?=gettext("export CA cert");
-?>" alt="<?=gettext("export CA cert");?>" class="btn btn-default btn-xs"><span class="glyphicon glyphicon-download"></span></a>
+              if (isset($ca['caref'])) {
-                        <?php if ($ca['prv']) :
+                  $issuer_ca = lookup_ca($ca['caref']);
+                  if ($issuer_ca) {
+                      $issuer_name = $issuer_ca['descr'];
+                  }
+                  foreach ($config['cert'] as $cert) {
+                      if ($cert['caref'] == $ca['refid']) {
+                          $certcount++;
+                      }
+                  }
+                  foreach ($a_ca as $cert) {
+                      if ($cert['caref'] == $ca['refid']) {
+                          $certcount++;
+                      }
+                  }
+              }
 ?>
-							<a href="system_camanager.php?act=expkey&amp;id=<?=$i;
+            <tr>
-?>" data-toggle="tooltip" data-placement="left" title="<?=gettext("export CA private key");?>" class="btn btn-default btn-xs"><span class="glyphicon glyphicon-download"></span></a>
+              <td><?=htmlspecialchars($ca['descr']);?></td>
-							<?php
+              <td><?=!empty($ca['prv']) ? gettext("YES") : gettext("NO");?>&nbsp;</td>
-endif; ?>
+              <td><?=$issuer_name;?>&nbsp;</td>
-                        <a href="system_camanager.php?act=del&amp;id=<?=$i;
+              <td><?=$certcount;?>&nbsp;</td>
-?>" data-toggle="tooltip" data-placement="left" onclick="return confirm('<?=gettext("Do you really want to delete this Certificate Authority and its CRLs, and unreference any associated certificates?");
+              <td><?=$subj;?><br />
-?>')" title="<?=gettext("delete ca");?>" class="btn btn-default btn-xs"><span class="glyphicon glyphicon-remove"></span></a>
+                  <table width="100%" style="font-size: 9px">
-                    </td>
+                    <tr>
-					</tr>
+                      <td>&nbsp;</td>
-					<?php
+                      <td width="20%"><?=gettext("Valid From")?>:</td>
-                        $i++;
+                      <td width="70%"><?= $startdate ?></td>
-                    endforeach;
+                    </tr>
-                    ?>
+                    <tr>
+                      <td>&nbsp;</td>
+                      <td><?=gettext("Valid Until")?>:</td>
-					</tbody>
+                      <td><?= $enddate ?></td>
-				</table>
+                    </tr>
+                  </table>
-				<?php
+                </td>
-endif; ?>
+                <td>
+                  <a href="system_camanager.php?act=edit&amp;id=<?=$i;?>" data-toggle="tooltip" data-placement="left" title="<?=gettext("edit CA");?>" alt="<?=gettext("edit CA");?>" class="btn btn-default btn-xs">
+                    <span class="glyphicon glyphicon-pencil"></span>
+                  </a>
-                </div>
+                  <a href="system_camanager.php?act=exp&amp;id=<?=$i;?>" data-toggle="tooltip" data-placement="left" title="<?=gettext("export CA cert");?>" alt="<?=gettext("export CA cert");?>" class="btn btn-default btn-xs">
-            </section>
+                    <span class="glyphicon glyphicon-download"></span>
+                  </a>
+<?php
+                  if ($ca['prv']) :?>
+                  <a href="system_camanager.php?act=expkey&amp;id=<?=$i;?>" data-toggle="tooltip" data-placement="left" title="<?=gettext("export CA private key");?>" class="btn btn-default btn-xs">
+                    <span class="glyphicon glyphicon-download"></span>
+                  </a>
+<?php
+                  endif; ?>
+                  <a id="del_<?=$i;?>" data-id="<?=$i;?>" title="<?=gettext("delete ca"); ?>" data-toggle="tooltip"  class="act_delete btn btn-default btn-xs">
+                    <span class="glyphicon glyphicon-remove"></span>
+                  </a>
+                </td>
+              </tr>
+<?php
+              $i++;
+              endforeach;?>
+            </tbody>
+          </table>
+<?php
+          endif; ?>
        </div>
-	</div>
+      </section>
+    </div>
+  </div>
 </section>
-<script type="text/javascript">
-//<![CDATA[
-method_change();
-//]]>
-</script>
 <?php include("foot.inc");