Skip to content

O
OpnSense
Commit 3cb09b78 authored by Ad Schellevis's avatar Ad Schellevis
Browse files
Options

(legacy) refactor system_camanager.php

parent da8a2bed
Show whitespace changes
Inline Side-by-side
Showing with 676 additions and 738 deletions
src/www/system_camanager.php
View file @ 3cb09b78
...@@ -34,35 +34,40 @@ function ca_import(& $ca, $str, $key="", $serial=0) { ...@@ -34,35 +34,40 @@ function ca_import(& $ca, $str, $key="", $serial=0) {
global $config; global $config;
$ca['crt'] = base64_encode($str); $ca['crt'] = base64_encode($str);
if (!empty($key)) if (!empty($key)) {
$ca['prv'] = base64_encode($key); $ca['prv'] = base64_encode($key);
if (!empty($serial)) }
if (!empty($serial)) {
$ca['serial'] = $serial; $ca['serial'] = $serial;
}
$subject = cert_get_subject($str, false); $subject = cert_get_subject($str, false);
$issuer = cert_get_issuer($str, false); $issuer = cert_get_issuer($str, false);
// Find my issuer unless self-signed // Find my issuer unless self-signed
if($issuer <> $subject) { if($issuer <> $subject) {
$issuer_crt =& lookup_ca_by_subject($issuer); $issuer_crt =& lookup_ca_by_subject($issuer);
if($issuer_crt) if($issuer_crt) {
$ca['caref'] = $issuer_crt['refid']; $ca['caref'] = $issuer_crt['refid'];
} }
}
/* Correct if child certificate was loaded first */ /* Correct if child certificate was loaded first */
if (is_array($config['ca'])) if (is_array($config['ca'])) {
foreach ($config['ca'] as & $oca) foreach ($config['ca'] as & $oca) {
{
$issuer = cert_get_issuer($oca['crt']); $issuer = cert_get_issuer($oca['crt']);
if($ca['refid']<>$oca['refid'] && $issuer==$subject) if($ca['refid']<>$oca['refid'] && $issuer==$subject) {
$oca['caref'] = $ca['refid']; $oca['caref'] = $ca['refid'];
} }
if (is_array($config['cert'])) }
foreach ($config['cert'] as & $cert) }
{ if (is_array($config['cert'])) {
foreach ($config['cert'] as & $cert) {
$issuer = cert_get_issuer($cert['crt']); $issuer = cert_get_issuer($cert['crt']);
if($issuer==$subject) if($issuer==$subject) {
$cert['caref'] = $ca['refid']; $cert['caref'] = $ca['refid'];
} }
}
}
return true; return true;
} }
...@@ -122,76 +127,50 @@ function ca_inter_create(&$ca, $keylen, $lifetime, $dn, $caref, $digest_alg = 's ...@@ -122,76 +127,50 @@ function ca_inter_create(&$ca, $keylen, $lifetime, $dn, $caref, $digest_alg = 's
return true; return true;
} }
$ca_methods = array(
"existing" => gettext("Import an existing Certificate Authority"),
"internal" => gettext("Create an internal Certificate Authority"),
"intermediate" => gettext("Create an intermediate Certificate Authority"));
$ca_keylens = array( "512", "1024", "2048", "4096"); $ca_keylens = array( "512", "1024", "2048", "4096");
$openssl_digest_algs = array("sha1", "sha224", "sha256", "sha384", "sha512"); $openssl_digest_algs = array("sha1", "sha224", "sha256", "sha384", "sha512");
if (isset($_GET['id']) && is_numericint($_GET['id'])) {
$id = $_GET['id'];
}
if (isset($_POST['id']) && is_numericint($_POST['id'])) {
$id = $_POST['id'];
}
if (!isset($config['ca']) || !is_array($config['ca'])) {
$config['ca'] = array();
}
$a_ca =& $config['ca'];
if (!is_array($config['cert'])) { if (!is_array($config['cert'])) {
$config['cert'] = array(); $config['cert'] = array();
} }
$a_cert =& $config['cert'];
if (!isset($config['crl']) || !is_array($config['crl'])) { if (!isset($config['crl']) || !is_array($config['crl'])) {
$config['crl'] = array(); $config['crl'] = array();
} }
$a_crl =& $config['crl']; if (!isset($config['ca']) || !is_array($config['ca'])) {
$config['ca'] = array();
$act=null;
if (isset($_GET['act'])) {
$act = $_GET['act'];
} elseif (isset($_POST['act'])) {
$act = $_POST['act'];
} }
if ($act == "del") { $a_ca =& $config['ca'];
if (!isset($a_ca[$id])) {
header("Location: system_camanager.php");
exit;
}
$index = count($a_cert) - 1; if ($_SERVER['REQUEST_METHOD'] === 'GET') {
for (; $index >=0; $index--) { if (isset($a_ca[$_GET['id']])) {
if (isset($a_cert[$index]['caref']) && isset($a_ca[$id]['refid']) && $a_cert[$index]['caref'] == $a_ca[$id]['refid']) { $id = $_GET['id'];
unset($a_cert[$index]);
}
} }
$index = count($a_crl) - 1; if (isset($_GET['act'])) {
for (; $index >=0; $index--) { $act = $_GET['act'];
if ($a_crl[$index]['caref'] == $a_ca[$id]['refid']) { } else {
unset($a_crl[$index]); $act = null;
}
} }
$name = $a_ca[$id]['descr']; // set defaults
unset($a_ca[$id]); $pconfig = array();
write_config(); $pconfig['camethod'] = null ;
$savemsg = sprintf(gettext("Certificate Authority %s and its CRLs (if any) successfully deleted"), $name) . "<br />"; $pconfig['descr'] = null;
header("Location: system_camanager.php"); $pconfig['serial'] = null;
exit; $pconfig['lifetime'] = null;
} $pconfig['dn_country'] = null;
$pconfig['dn_state'] = null;
$pconfig['dn_city'] = null;
$pconfig['dn_organization'] = null;
$pconfig['dn_email'] = null;
$pconfig['dn_commonname'] = null;
if ($act == "edit") { if ($act == "edit") {
if (!isset($a_ca[$id])) { if (!isset($id)) {
header("Location: system_camanager.php"); header("Location: system_camanager.php");
exit; exit;
} }
...@@ -202,22 +181,17 @@ if ($act == "edit") { ...@@ -202,22 +181,17 @@ if ($act == "edit") {
if (!empty($a_ca[$id]['prv'])) { if (!empty($a_ca[$id]['prv'])) {
$pconfig['key'] = base64_decode($a_ca[$id]['prv']); $pconfig['key'] = base64_decode($a_ca[$id]['prv']);
} }
} } elseif ($act == "new") {
if ($act == "new") {
if (isset($_GET['method'])) { if (isset($_GET['method'])) {
$pconfig['method'] = $_GET['method']; $pconfig['camethod'] = $_GET['method'];
} else {
$pconfig['method'] = null ;
} }
$pconfig['refid'] = null;
$pconfig['keylen'] = "2048"; $pconfig['keylen'] = "2048";
$pconfig['digest_alg'] = "sha256"; $pconfig['digest_alg'] = "sha256";
$pconfig['lifetime'] = "365"; $pconfig['lifetime'] = "365";
$pconfig['dn_commonname'] = "internal-ca"; $pconfig['dn_commonname'] = "internal-ca";
} } elseif ($act == "exp") {
if (!isset($id)) {
if ($act == "exp") {
if (!$a_ca[$id]) {
header("Location: system_camanager.php"); header("Location: system_camanager.php");
exit; exit;
} }
...@@ -231,10 +205,8 @@ if ($act == "exp") { ...@@ -231,10 +205,8 @@ if ($act == "exp") {
header("Content-Length: $exp_size"); header("Content-Length: $exp_size");
echo $exp_data; echo $exp_data;
exit; exit;
} } elseif ($act == "expkey") {
if (!isset($id)) {
if ($act == "expkey") {
if (!$a_ca[$id]) {
header("Location: system_camanager.php"); header("Location: system_camanager.php");
exit; exit;
} }
...@@ -248,27 +220,59 @@ if ($act == "expkey") { ...@@ -248,27 +220,59 @@ if ($act == "expkey") {
header("Content-Length: $exp_size"); header("Content-Length: $exp_size");
echo $exp_data; echo $exp_data;
exit; exit;
} }
} elseif ($_SERVER['REQUEST_METHOD'] === 'POST') {
if (isset($a_ca[$_POST['id']])) {
$id = $_POST['id'];
}
if (isset($_POST['act'])) {
$act = $_POST['act'];
} else {
$act = null;
}
if ($act == "del") {
if (!isset($id)) {
header("Location: system_camanager.php");
exit;
}
$a_cert =& $config['cert'];
$index = count($a_cert) - 1;
for (; $index >=0; $index--) {
if (isset($a_cert[$index]['caref']) && isset($a_ca[$id]['refid']) && $a_cert[$index]['caref'] == $a_ca[$id]['refid']) {
unset($a_cert[$index]);
}
}
if ($_POST) { $a_crl =& $config['crl'];
unset($input_errors); $index = count($a_crl) - 1;
for (; $index >=0; $index--) {
if ($a_crl[$index]['caref'] == $a_ca[$id]['refid']) {
unset($a_crl[$index]);
}
}
unset($a_ca[$id]);
write_config();
header("Location: system_camanager.php");
exit;
} else {
$input_errors = array(); $input_errors = array();
$pconfig = $_POST; $pconfig = $_POST;
/* input validation */ /* input validation */
if ($pconfig['method'] == "existing") { if ($pconfig['camethod'] == "existing") {
$reqdfields = explode(" ", "descr cert"); $reqdfields = explode(" ", "descr cert");
$reqdfieldsn = array( $reqdfieldsn = array(
gettext("Descriptive name"), gettext("Descriptive name"),
gettext("Certificate data")); gettext("Certificate data"));
if ($_POST['cert'] && (!strstr($_POST['cert'], "BEGIN CERTIFICATE") || !strstr($_POST['cert'], "END CERTIFICATE"))) { if (!empty($pconfig['cert']) && (!strstr($pconfig['cert'], "BEGIN CERTIFICATE") || !strstr($pconfig['cert'], "END CERTIFICATE"))) {
$input_errors[] = gettext("This certificate does not appear to be valid."); $input_errors[] = gettext("This certificate does not appear to be valid.");
} }
if ($_POST['key'] && strstr($_POST['key'], "ENCRYPTED")) { if (!empty($pconfig['key']) && strstr($pconfig['key'], "ENCRYPTED")) {
$input_errors[] = gettext("Encrypted private keys are not yet supported."); $input_errors[] = gettext("Encrypted private keys are not yet supported.");
} }
} } elseif ($pconfig['camethod'] == "internal") {
if ($pconfig['method'] == "internal") {
$reqdfields = explode( $reqdfields = explode(
" ", " ",
"descr keylen lifetime dn_country dn_state dn_city ". "descr keylen lifetime dn_country dn_state dn_city ".
...@@ -284,8 +288,7 @@ if ($_POST) { ...@@ -284,8 +288,7 @@ if ($_POST) {
gettext("Distinguished name Organization"), gettext("Distinguished name Organization"),
gettext("Distinguished name Email Address"), gettext("Distinguished name Email Address"),
gettext("Distinguished name Common Name")); gettext("Distinguished name Common Name"));
} } elseif ($pconfig['camethod'] == "intermediate") {
if ($pconfig['method'] == "intermediate") {
$reqdfields = explode( $reqdfields = explode(
" ", " ",
"descr caref keylen lifetime dn_country dn_state dn_city ". "descr caref keylen lifetime dn_country dn_state dn_city ".
...@@ -304,41 +307,38 @@ if ($_POST) { ...@@ -304,41 +307,38 @@ if ($_POST) {
gettext("Distinguished name Common Name")); gettext("Distinguished name Common Name"));
} }
do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors); do_input_validation($pconfig, $reqdfields, $reqdfieldsn, $input_errors);
if ($pconfig['method'] != "existing") { if ($pconfig['camethod'] != "existing") {
/* Make sure we do not have invalid characters in the fields for the certificate */ /* Make sure we do not have invalid characters in the fields for the certificate */
for ($i = 0; $i < count($reqdfields); $i++) { for ($i = 0; $i < count($reqdfields); $i++) {
if ($reqdfields[$i] == 'dn_email') { if ($reqdfields[$i] == 'dn_email') {
if (preg_match("/[\!\#\$\%\^\(\)\~\?\>\<\&\/\\\,\"\']/", $_POST["dn_email"])) { if (preg_match("/[\!\#\$\%\^\(\)\~\?\>\<\&\/\\\,\"\']/", $pconfig["dn_email"])) {
$input_errors[] = gettext("The field 'Distinguished name Email Address' contains invalid characters."); $input_errors[] = gettext("The field 'Distinguished name Email Address' contains invalid characters.");
} }
} elseif ($reqdfields[$i] == 'dn_commonname') { } elseif ($reqdfields[$i] == 'dn_commonname') {
if (preg_match("/[\!\@\#\$\%\^\(\)\~\?\>\<\&\/\\\,\"\']/", $_POST["dn_commonname"])) { if (preg_match("/[\!\@\#\$\%\^\(\)\~\?\>\<\&\/\\\,\"\']/", $pconfig["dn_commonname"])) {
$input_errors[] = gettext("The field 'Distinguished name Common Name' contains invalid characters."); $input_errors[] = gettext("The field 'Distinguished name Common Name' contains invalid characters.");
} }
} elseif (($reqdfields[$i] != "descr") && preg_match("/[\!\@\#\$\%\^\(\)\~\?\>\<\&\/\\\,\.\"\']/", $_POST["$reqdfields[$i]"])) { } elseif (($reqdfields[$i] != "descr") && preg_match("/[\!\@\#\$\%\^\(\)\~\?\>\<\&\/\\\,\.\"\']/", $pconfig["$reqdfields[$i]"])) {
$input_errors[] = sprintf(gettext("The field '%s' contains invalid characters."), $reqdfieldsn[$i]); $input_errors[] = sprintf(gettext("The field '%s' contains invalid characters."), $reqdfieldsn[$i]);
} }
} }
if (!in_array($_POST["keylen"], $ca_keylens)) { if (!in_array($pconfig["keylen"], $ca_keylens)) {
$input_errors[] = gettext("Please select a valid Key Length."); $input_errors[] = gettext("Please select a valid Key Length.");
} }
if (!in_array($_POST["digest_alg"], $openssl_digest_algs)) { if (!in_array($pconfig["digest_alg"], $openssl_digest_algs)) {
$input_errors[] = gettext("Please select a valid Digest Algorithm."); $input_errors[] = gettext("Please select a valid Digest Algorithm.");
} }
} }
/* save modifications */ /* save modifications */
if (!$input_errors) { if (count($input_errors) == 0) {
$ca = array(); $ca = array();
if (!isset($pconfig['refid']) || empty($pconfig['refid'])) {
$ca['refid'] = uniqid();
} else {
$ca['refid'] = $pconfig['refid'];
}
if (isset($id) && $a_ca[$id]) { if (isset($id)) {
$ca = $a_ca[$id]; $ca = $a_ca[$id];
} else {
$ca['refid'] = uniqid();
} }
if (isset($pconfig['descr'])) { if (isset($pconfig['descr'])) {
...@@ -347,19 +347,21 @@ if ($_POST) { ...@@ -347,19 +347,21 @@ if ($_POST) {
$ca['descr'] = null; $ca['descr'] = null;
} }
if (isset($_POST['edit']) && $_POST['edit'] == "edit") { if (!empty($pconfig['serial'])) {
$ca['descr'] = $pconfig['descr'];
$ca['refid'] = $pconfig['refid'];
$ca['serial'] = $pconfig['serial']; $ca['serial'] = $pconfig['serial'];
}
if (isset($id)) {
// edit existing
$ca['crt'] = base64_encode($pconfig['cert']); $ca['crt'] = base64_encode($pconfig['cert']);
if (!empty($pconfig['key'])) { if (!empty($pconfig['key'])) {
$ca['prv'] = base64_encode($pconfig['key']); $ca['prv'] = base64_encode($pconfig['key']);
} }
} else { } else {
$old_err_level = error_reporting(0); /* otherwise openssl_ functions throw warings directly to a page screwing menu tab */ $old_err_level = error_reporting(0); /* otherwise openssl_ functions throw warnings directly to a page screwing menu tab */
if ($pconfig['method'] == "existing") { if ($pconfig['camethod'] == "existing") {
ca_import($ca, $pconfig['cert'], $pconfig['key'], $pconfig['serial']); ca_import($ca, $pconfig['cert'], $pconfig['key'], $pconfig['serial']);
} elseif ($pconfig['method'] == "internal") { } elseif ($pconfig['camethod'] == "internal") {
$dn = array( $dn = array(
'countryName' => $pconfig['dn_country'], 'countryName' => $pconfig['dn_country'],
'stateOrProvinceName' => $pconfig['dn_state'], 'stateOrProvinceName' => $pconfig['dn_state'],
...@@ -373,7 +375,7 @@ if ($_POST) { ...@@ -373,7 +375,7 @@ if ($_POST) {
$input_errors[] = gettext("openssl library returns:") . " " . $ssl_err; $input_errors[] = gettext("openssl library returns:") . " " . $ssl_err;
} }
} }
} elseif ($pconfig['method'] == "intermediate") { } elseif ($pconfig['camethod'] == "intermediate") {
$dn = array( $dn = array(
'countryName' => $pconfig['dn_country'], 'countryName' => $pconfig['dn_country'],
'stateOrProvinceName' => $pconfig['dn_state'], 'stateOrProvinceName' => $pconfig['dn_state'],
...@@ -397,14 +399,16 @@ if ($_POST) { ...@@ -397,14 +399,16 @@ if ($_POST) {
$a_ca[] = $ca; $a_ca[] = $ca;
} }
if (!$input_errors) { if (count($input_errors) == 0) {
write_config(); write_config();
unset($input_errors); header("Location: system_camanager.php");
}
} }
// header("Location: system_camanager.php");
} }
} }
legacy_html_escape_form_data($pconfig);
include("head.inc"); include("head.inc");
$main_buttons = array( $main_buttons = array(
...@@ -415,345 +419,305 @@ $main_buttons = array( ...@@ -415,345 +419,305 @@ $main_buttons = array(
?> ?>
<body> <body>
<script type="text/javascript">
<?php include("fbegin.inc"); ?> $( document ).ready(function() {
// delete entry
<script type="text/javascript"> $(".act_delete").click(function(event){
//<![CDATA[ event.preventDefault();
function method_change() { var id = $(this).data('id');
BootstrapDialog.show({
method = document.iform.method.selectedIndex; type:BootstrapDialog.TYPE_INFO,
title: "<?= gettext("Authorities");?>",
switch (method) { message: "<?=gettext("Do you really want to delete this Certificate Authority and its CRLs, and unreference any associated certificates?");?>",
case 0: buttons: [{
document.getElementById("existing").style.display=""; label: "<?=gettext("No");?>",
document.getElementById("internal").style.display="none"; action: function(dialogRef) {
document.getElementById("intermediate").style.display="none"; dialogRef.close();
break; }}, {
case 1: label: "<?=gettext("Yes");?>",
document.getElementById("existing").style.display="none"; action: function(dialogRef) {
document.getElementById("internal").style.display=""; $("#id").val(id);
document.getElementById("intermediate").style.display="none"; $("#action").val("del");
break; $("#iform").submit()
case 2: }
document.getElementById("existing").style.display="none"; }]
document.getElementById("internal").style.display=""; });
document.getElementById("intermediate").style.display=""; });
break;
$("#camethod").change(function(){
$("#existing").addClass("hidden");
$("#internal").addClass("hidden");
$("#intermediate").addClass("hidden");
if ($(this).val() == "existing") {
$("#existing").removeClass("hidden");
} else if ($(this).val() == "internal") {
$("#internal").removeClass("hidden");
} else {
$("#internal").removeClass("hidden");
$("#intermediate").removeClass("hidden");
} }
} });
//]]>
</script> $("#camethod").change();
});
</script>
<!-- row --> <?php include("fbegin.inc"); ?>
<section class="page-content-main"> <section class="page-content-main">
<div class="container-fluid"> <div class="container-fluid">
<div class="row"> <div class="row">
<?php
<?php
if (isset($input_errors) && count($input_errors) > 0) { if (isset($input_errors) && count($input_errors) > 0) {
print_input_errors($input_errors); print_input_errors($input_errors);
} }
if (isset($savemsg)) { if (isset($savemsg)) {
print_info_box($savemsg); print_info_box($savemsg);
} }
?>
<section class="col-xs-12">
<div class="content-box tab-content table-responsive" style="overflow: auto;">
<?php if ($act == "new" || $act == "edit" || $act == gettext("Save") || isset($input_errors)) :
?> ?>
<section class="col-xs-12">
<div class="content-box tab-content table-responsive">
<form action="system_camanager.php" method="post" name="iform" id="iform" class="table table-striped"> <?php if ($act == "new" || $act == "edit") :
<?php if ($act == "edit") :
?> ?>
<input type="hidden" name="edit" value="edit" id="edit" />
<input type="hidden" name="id" value="<?php echo htmlspecialchars($id); ?>" id="id" />
<input type="hidden" name="refid" value="<?php echo $pconfig['refid']; ?>" id="refid" />
<?php
endif; ?>
<table width="100%" border="0" cellpadding="6" cellspacing="0" summary="main area" class="table table-striped"> <form action="system_camanager.php" method="post" name="iform" id="iform">
<input type="hidden" name="id" id="id" value="<?=isset($id) ? $id :"";?>"/>
<input type="hidden" name="act" id="action" value="<?=$act;?>"/>
<table class="table table-striped">
<tr> <tr>
<td width="22%" valign="top" class="vncellreq"><?=gettext("Descriptive name");?></td> <td width="22%"><?=gettext("Descriptive name");?></td>
<td width="78%" class="vtable"> <td width="78%">
<input name="descr" type="text" class="formfld unknown" id="descr" size="20" value="<?php if (isset($pconfig['descr'])) echo htmlspecialchars($pconfig['descr']);?>"/> <input name="descr" type="text" id="descr" size="20" value="<?=$pconfig['descr'];?>"/>
</td> </td>
</tr> </tr>
<tr class="<?=isset($id) ? "hidden" : "";?>">
<?php if (!isset($id) || $act == "edit") : <td><i class="fa fa-info-circle text-muted"></i> <?=gettext("Method");?></td>
?> <td>
<tr> <select name='camethod' id='camethod' class="selectpicker" data-style="btn-default">
<td width="22%" valign="top" class="vncellreq"><?=gettext("Method");?></td> <option value="existing" <?=$pconfig['camethod'] == "existing" ? "selected=\"selected\"" : "";?>>
<td width="78%" class="vtable"> <?=gettext("Import an existing Certificate Authority");?>
<select name='method' id='method' class="selectpicker" data-style="btn-default" onchange='method_change()'> </option>
<?php <option value="internal" <?=$pconfig['camethod'] == "internal" ? "selected=\"selected\"" : "";?>>
foreach ($ca_methods as $method => $desc) : <?=gettext("Create an internal Certificate Authority");?>
$selected = ""; </option>
if (isset($pconfig['method']) && $pconfig['method'] == $method) { <option value="intermediate" <?=$pconfig['camethod'] == "intermediate" ? "selected=\"selected\"" : "";?>>
$selected = " selected=\"selected\""; <?=gettext("Create an intermediate Certificate Authority");?>
} </option>
?>
<option value="<?=$method;
?>"<?=$selected;
?>><?=$desc;?></option>
<?php
endforeach; ?>
</select> </select>
</td> </td>
</tr> </tr>
<?php
endif; ?>
</table> </table>
<!-- existing ca -->
<table width="100%" border="0" cellpadding="6" cellspacing="0" id="existing" summary="existing" class="table table-striped"> <table id="existing" class="table table-striped">
<thead> <thead>
<tr> <tr>
<th colspan="2" valign="top" class="listtopic"><?=gettext("Existing Certificate Authority");?></th> <th colspan="2"><?=gettext("Existing Certificate Authority");?></th>
</tr> </tr>
</thead> </thead>
<tbody> <tbody>
<tr> <tr>
<td width="22%" valign="top" class="vncellreq"><?=gettext("Certificate data");?></td> <td width="22%"><a id="help_for_cert" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Certificate data");?></td>
<td width="78%" class="vtable"> <td width="78%">
<textarea name="cert" id="cert" cols="65" rows="7" class="formfld_cert"><?php if (isset($pconfig['cert'])) echo htmlspecialchars($pconfig['cert']);?></textarea> <textarea name="cert" cols="65" rows="7" id="cert"><?=isset($pconfig['cert']) ? $pconfig['cert'] : "";?></textarea>
<br /> <div class="hidden" for="help_for_cert">
<?=gettext("Paste a certificate in X.509 PEM format here.");?> <?=gettext("Paste a certificate in X.509 PEM format here.");?>
</div>
</td> </td>
</tr> </tr>
<tr> <tr>
<td width="22%" valign="top" class="vncellreq"><?=gettext("Certificate Private Key"); <td>
?><br /><?=gettext("(optional)");?></td> <a id="help_for_key" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Certificate Private Key");?><br />
<td width="78%" class="vtable"> <?=gettext("(optional)");?>
<textarea name="key" id="key" cols="65" rows="7" class="formfld_cert"><?php if (isset($pconfig['key'])) echo htmlspecialchars($pconfig['key']);?></textarea> </td>
<br /> <td width="78%">
<textarea name="key" id="key" cols="65" rows="7"><?= isset($pconfig['key']) ? $pconfig['key'] : "";?></textarea>
<div class="hidden" for="help_for_key">
<?=gettext("Paste the private key for the above certificate here. This is optional in most cases, but required if you need to generate a Certificate Revocation List (CRL).");?> <?=gettext("Paste the private key for the above certificate here. This is optional in most cases, but required if you need to generate a Certificate Revocation List (CRL).");?>
</div>
</td> </td>
</tr> </tr>
<?php if (!isset($id) || $act == "edit") :
?>
<tr> <tr>
<td width="22%" valign="top" class="vncellreq"><?=gettext("Serial for next certificate");?></td> <td><a id="help_for_serial" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Serial for next certificate");?></td>
<td width="78%" class="vtable"> <td>
<input name="serial" type="text" class="formfld unknown" id="serial" size="20" value="<?php if(isset($pconfig['serial'])) echo htmlspecialchars($pconfig['serial']);?>"/> <input name="serial" type="text" id="serial" size="20" value="<?=$pconfig['serial'];?>"/>
<br /><?=gettext("Enter a decimal number to be used as the serial number for the next certificate to be created using this CA.");?> <div class="hidden" for="help_for_serial">
<?=gettext("Enter a decimal number to be used as the serial number for the next certificate to be created using this CA.");?>
</div>
</td> </td>
</tr> </tr>
<?php
endif; ?>
</tbody> </tbody>
</table> </table>
<!-- internal ca -->
<table width="100%" border="0" cellpadding="6" cellspacing="0" id="internal" summary="internal" class="table table-striped"> <table id="internal" class="table table-striped">
<thead> <thead>
<tr> <tr>
<th colspan="2" valign="top" class="listtopic"><?=gettext("Internal Certificate Authority");?></th> <th colspan="2"><?=gettext("Internal Certificate Authority");?></th>
</tr> </tr>
</thead> </thead>
<tbody> <tbody>
<tr id='intermediate'> <tr id='intermediate'>
<td width="22%" valign="top" class="vncellreq"><?=gettext("Signing Certificate Authority");?></td> <td width="22%"> <i class="fa fa-info-circle text-muted"></i> <?=gettext("Signing Certificate Authority");?></td>
<td width="78%" class="vtable"> <td width="78%">
<select name='caref' id='caref' class="selectpicker" onchange='internalca_change()'> <select name='caref' id='caref' class="selectpicker" onchange='internalca_change()'>
<?php <?php
foreach ($a_ca as $ca) : foreach ($a_ca as $ca) :
if (!$ca['prv']) { if (!$ca['prv']) {
continue; continue;
} }?>
$selected = ""; <option value="<?=$ca['refid'];?>"<?=isset($pconfig['caref']) && isset($ca['refid']) && $pconfig['caref'] == $ca['refid'] ? " selected=\"selected\"" :"" ;?>><?=htmlspecialchars($ca['descr']);?></option>
if (isset($pconfig['caref']) && isset($ca['refid']) && $pconfig['caref'] == $ca['refid']) { <?php
$selected = " selected=\"selected\"";
}
?>
<option value="<?=$ca['refid'];
?>"<?=$selected;
?>><?=htmlspecialchars($ca['descr']);?></option>
<?php
endforeach; ?> endforeach; ?>
</select> </select>
</td> </td>
</tr> </tr>
<tr> <tr>
<td width="22%" valign="top" class="vncellreq"><?=gettext("Key length");?></td> <td><i class="fa fa-info-circle text-muted"></i> <?=gettext("Key length");?> (<?=gettext("bits");?>)</td>
<td width="78%" class="vtable"> <td width="78%">
<select name='keylen' id='keylen' class="selectpicker"> <select name='keylen' id='keylen' class="selectpicker">
<?php <?php
foreach ($ca_keylens as $len) : foreach ($ca_keylens as $len) :?>
$selected = ""; <option value="<?=$len;?>" <?=isset($pconfig['keylen']) && $pconfig['keylen'] == $len ? "selected=\"selected\"" : "";?>><?=$len;?></option>
if (isset($pconfig['keylen']) && $pconfig['keylen'] == $len) { <?php
$selected = " selected=\"selected\"";
}
?>
<option value="<?=$len;
?>"<?=$selected;
?>><?=$len;?></option>
<?php
endforeach; ?> endforeach; ?>
</select> </select>
<?=gettext("bits");?>
</td> </td>
</tr> </tr>
<tr> <tr>
<td width="22%" valign="top" class="vncellreq"><?=gettext("Digest Algorithm");?></td> <td><a id="help_for_digest_alg" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Digest Algorithm");?></td>
<td width="78%" class="vtable"> <td>
<select name='digest_alg' id='digest_alg' class="selectpicker"> <select name='digest_alg' id='digest_alg' class="selectpicker">
<?php <?php
foreach ($openssl_digest_algs as $digest_alg) : foreach ($openssl_digest_algs as $digest_alg) :?>
$selected = ""; <option value="<?=$digest_alg;?>" <?=isset($pconfig['digest_alg']) && $pconfig['digest_alg'] == $digest_alg ? "selected=\"selected\"" : "";?>><?=strtoupper($digest_alg);?></option>
if (isset($pconfig['digest_alg']) && $pconfig['digest_alg'] == $digest_alg) { <?php
$selected = " selected=\"selected\"";
}
?>
<option value="<?=$digest_alg;
?>"<?=$selected;
?>><?=strtoupper($digest_alg);?></option>
<?php
endforeach; ?> endforeach; ?>
</select> </select>
<br /><?= gettext("NOTE: It is recommended to use an algorithm stronger than SHA1 when possible.") ?> <div class="hidden" for="help_for_digest_alg">
<?= gettext("NOTE: It is recommended to use an algorithm stronger than SHA1 when possible.") ?>
</div>
</td> </td>
</tr> </tr>
<tr> <tr>
<td width="22%" valign="top" class="vncellreq"><?=gettext("Lifetime");?></td> <td><i class="fa fa-info-circle text-muted"></i> <?=gettext("Lifetime");?> (<?=gettext("days");?>)</td>
<td width="78%" class="vtable"> <td>
<input name="lifetime" type="text" class="formfld unknown" id="lifetime" size="5" value="<?php if (isset($pconfig['lifetime'])) echo htmlspecialchars($pconfig['lifetime']);?>"/> <input name="lifetime" type="text" id="lifetime" value="<?=$pconfig['lifetime'];?>"/>
<?=gettext("days");?>
</td> </td>
</tr> </tr>
<tr> <tr>
<td width="22%" valign="top" class="vncellreq"><?=gettext("Distinguished name");?></td> <th colspan="2"><?=gettext("Distinguished name");?></th>
<td width="78%" class="vtable"> </tr>
<table border="0" cellspacing="0" cellpadding="2" summary="name">
<tr> <tr>
<td align="right"><?=gettext("Country Code");?> : &nbsp;</td> <td><i class="fa fa-info-circle text-muted"></i> <?=gettext("Country Code");?> : &nbsp;</td>
<td align="left"> <td>
<select name='dn_country' class="selectpicker"> <select name="dn_country" class="selectpicker">
<?php <?php
$dn_cc = get_country_codes(); foreach (get_country_codes() as $cc => $cn):?>
foreach ($dn_cc as $cc => $cn) { <option value="<?=$cc;?>" <?=$pconfig['dn_country'] == $cc ? "selected=\"selected\"" : "";?>>
$selected = ''; <?=$cc;?> (<?=$cn;?>)
if (isset($pconfig['dn_country']) && $pconfig['dn_country'] == $cc) { </option>
$selected = ' selected="selected"'; <?php
} endforeach;?>
print "<option value=\"$cc\"$selected>$cc ($cn)</option>";
}
?>
</select> </select>
</td> </td>
</tr> </tr>
<tr> <tr>
<td align="right"><?=gettext("State or Province");?> : &nbsp;</td> <td><a id="help_for_digest_dn_state" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("State or Province");?> : &nbsp;</td>
<td align="left"> <td>
<input name="dn_state" type="text" class="formfld unknown" size="40" value="<?php if (isset($pconfig['dn_state'])) echo htmlspecialchars($pconfig['dn_state']);?>"/> <input name="dn_state" type="text" size="40" value="<?=$pconfig['dn_state'];?>"/>
&nbsp; <div class="hidden" for="help_for_digest_dn_state">
<em><?=gettext("ex:");?></em> <em><?=gettext("ex:");?></em>
&nbsp; &nbsp;
<?=gettext("Sachsen");?> <?=gettext("Sachsen");?>
</div>
</td> </td>
</tr> </tr>
<tr> <tr>
<td align="right"><?=gettext("City");?> : &nbsp;</td> <td><a id="help_for_digest_dn_city" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("City");?> : &nbsp;</td>
<td align="left"> <td>
<input name="dn_city" type="text" class="formfld unknown" size="40" value="<?php if (isset($pconfig['dn_city'])) echo htmlspecialchars($pconfig['dn_city']);?>"/> <input name="dn_city" type="text" size="40" value="<?=$pconfig['dn_city'];?>"/>
&nbsp; <div class="hidden" for="help_for_digest_dn_city">
<em><?=gettext("ex:");?></em> <em><?=gettext("ex:");?></em>
&nbsp; &nbsp;
<?=gettext("Leipzig");?> <?=gettext("Leipzig");?>
</div>
</td> </td>
</tr> </tr>
<tr> <tr>
<td align="right"><?=gettext("Organization");?> : &nbsp;</td> <td><a id="help_for_digest_dn_organization" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Organization");?> : &nbsp;</td>
<td align="left"> <td>
<input name="dn_organization" type="text" class="formfld unknown" size="40" value="<?php if (isset($pconfig['dn_organization'])) echo htmlspecialchars($pconfig['dn_organization']);?>"/> <input name="dn_organization" type="text" size="40" value="<?=$pconfig['dn_organization'];?>"/>
&nbsp; <div class="hidden" for="help_for_digest_dn_organization">
<em><?=gettext("ex:");?></em> <em><?=gettext("ex:");?></em>
&nbsp; &nbsp;
<?=gettext("My Company Inc");?> <?=gettext("My Company Inc");?>
</div>
</td> </td>
</tr> </tr>
<tr> <tr>
<td align="right"><?=gettext("Email Address");?> : &nbsp;</td> <td><a id="help_for_digest_dn_email" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Email Address");?> : &nbsp;</td>
<td align="left"> <td>
<input name="dn_email" type="text" class="formfld unknown" size="25" value="<?php if (isset($pconfig['dn_email'])) echo htmlspecialchars($pconfig['dn_email']);?>"/> <input name="dn_email" type="text" size="25" value="<?=$pconfig['dn_email'];?>"/>
&nbsp; <div class="hidden" for="help_for_digest_dn_email">
<em><?=gettext("ex:");?></em> <em><?=gettext("ex:");?></em>
&nbsp; &nbsp;
<?=gettext("admin@mycompany.com");?> <?=gettext("admin@mycompany.com");?>
</div>
</td> </td>
</tr> </tr>
<tr> <tr>
<td align="right"><?=gettext("Common Name");?> : &nbsp;</td> <td><a id="help_for_digest_dn_commonname" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Common Name");?> : &nbsp;</td>
<td align="left"> <td>
<input name="dn_commonname" type="text" class="formfld unknown" size="25" value="<?php if (isset($pconfig['dn_commonname'])) echo htmlspecialchars($pconfig['dn_commonname']);?>"/> <input name="dn_commonname" type="text" size="25" value="<?=$pconfig['dn_commonname'];?>"/>
&nbsp; <div class="hidden" for="help_for_digest_dn_commonname">
<em><?=gettext("ex:");?></em> <em><?=gettext("ex:");?></em>
&nbsp; &nbsp;
<?=gettext("internal-ca");?> <?=gettext("internal-ca");?>
</div>
</td> </td>
</tr> </tr>
</table>
</td>
</tr>
</tbody> </tbody>
</table> </table>
<table width="100%" border="0" cellpadding="6" cellspacing="0" summary="save" class="table"> <table class="table">
<tr> <tr>
<td width="22%" valign="top">&nbsp;</td> <td width="22%">&nbsp;</td>
<td width="78%"> <td width="78%">
<input id="submit" name="save" type="submit" class="btn btn-primary" value="<?=gettext("Save"); ?>" /> <input id="submit" name="save" type="submit" class="btn btn-primary" value="<?=gettext("Save"); ?>" />
<?php if (isset($id) && $a_ca[$id]) :
?>
<input name="id" type="hidden" value="<?=htmlspecialchars($id);?>" />
<?php
endif;?>
</td> </td>
</tr> </tr>
</table> </table>
</form> </form>
<?php <?php
else : else :?>
?> <form action="system_camanager.php" method="post" name="iform" id="iform">
<input type="hidden" name="id" id="id" value="<?=isset($id) ? $id :"";?>"/>
<input type="hidden" name="act" id="action" value="<?=$act;?>"/>
</form>
<table width="100%" border="0" cellpadding="0" cellspacing="0" summary="" class="table table-striped"> <table width="100%" border="0" cellpadding="0" cellspacing="0" summary="" class="table table-striped">
<thead> <thead>
<tr> <tr>
<th width="18%" class="listhdrr"><?=gettext("Name");?></th> <th><?=gettext("Name");?></th>
<th width="10%" class="listhdrr"><?=gettext("Internal");?></th> <th><?=gettext("Internal");?></th>
<th width="10%" class="listhdrr"><?=gettext("Issuer");?></th> <th><?=gettext("Issuer");?></th>
<th width="10%" class="listhdrr"><?=gettext("Certificates");?></th> <th><?=gettext("Certificates");?></th>
<th width="40%" class="listhdrr"><?=gettext("Distinguished Name");?></th> <th><?=gettext("Distinguished Name");?></th>
<th width="12%" class="list"></th> <th></th>
</tr> </tr>
</thead> </thead>
<tbody> <tbody>
<?php <?php
$i = 0; $i = 0;
foreach ($a_ca as $ca) : foreach ($a_ca as $ca) :
$name = htmlspecialchars($ca['descr']); $issuer = htmlspecialchars(cert_get_issuer($ca['crt']));
$subj = cert_get_subject($ca['crt']); $subj = htmlspecialchars(cert_get_subject($ca['crt']));
$issuer = cert_get_issuer($ca['crt']);
list($startdate, $enddate) = cert_get_dates($ca['crt']); list($startdate, $enddate) = cert_get_dates($ca['crt']);
if ($subj == $issuer) { if ($subj == $issuer) {
$issuer_name = "<em>" . gettext("self-signed") . "</em>"; $issuer_name = "<em>" . gettext("self-signed") . "</em>";
} else { } else {
$issuer_name = "<em>" . gettext("external") . "</em>"; $issuer_name = "<em>" . gettext("external") . "</em>";
} }
$subj = htmlspecialchars($subj);
$issuer = htmlspecialchars($issuer);
$certcount = 0; $certcount = 0;
if (isset($ca['caref'])) { if (isset($ca['caref'])) {
...@@ -761,7 +725,7 @@ else : ...@@ -761,7 +725,7 @@ else :
if ($issuer_ca) { if ($issuer_ca) {
$issuer_name = $issuer_ca['descr']; $issuer_name = $issuer_ca['descr'];
} }
foreach ($a_cert as $cert) { foreach ($config['cert'] as $cert) {
if ($cert['caref'] == $ca['refid']) { if ($cert['caref'] == $ca['refid']) {
$certcount++; $certcount++;
} }
...@@ -772,27 +736,16 @@ else : ...@@ -772,27 +736,16 @@ else :
} }
} }
} }
?>
// TODO : Need gray certificate icon
if ($ca['prv']) {
$internal = "YES";
} else {
$internal = "NO";
}
?>
<tr> <tr>
<td class="listlr"> <td><?=htmlspecialchars($ca['descr']);?></td>
<?=$name;?> <td><?=!empty($ca['prv']) ? gettext("YES") : gettext("NO");?>&nbsp;</td>
</td> <td><?=$issuer_name;?>&nbsp;</td>
<td class="listr"><?=$internal;?>&nbsp;</td> <td><?=$certcount;?>&nbsp;</td>
<td class="listr"><?=$issuer_name;?>&nbsp;</td> <td><?=$subj;?><br />
<td class="listr"><?=$certcount;?>&nbsp;</td> <table width="100%" style="font-size: 9px">
<td class="listr"><?=$subj;?><br />
<table width="100%" style="font-size: 9px" summary="valid">
<tr> <tr>
<td width="10%">&nbsp;</td> <td>&nbsp;</td>
<td width="20%"><?=gettext("Valid From")?>:</td> <td width="20%"><?=gettext("Valid From")?>:</td>
<td width="70%"><?= $startdate ?></td> <td width="70%"><?= $startdate ?></td>
</tr> </tr>
...@@ -803,50 +756,35 @@ else : ...@@ -803,50 +756,35 @@ else :
</tr> </tr>
</table> </table>
</td> </td>
<td valign="middle" class="list nowrap"> <td>
<a href="system_camanager.php?act=edit&amp;id=<?=$i; <a href="system_camanager.php?act=edit&amp;id=<?=$i;?>" data-toggle="tooltip" data-placement="left" title="<?=gettext("edit CA");?>" alt="<?=gettext("edit CA");?>" class="btn btn-default btn-xs">
?>" data-toggle="tooltip" data-placement="left" title="<?=gettext("edit CA"); <span class="glyphicon glyphicon-pencil"></span>
?>" alt="<?=gettext("edit CA");?>" class="btn btn-default btn-xs"><span class="glyphicon glyphicon-pencil"></span></a> </a>
<a href="system_camanager.php?act=exp&amp;id=<?=$i; <a href="system_camanager.php?act=exp&amp;id=<?=$i;?>" data-toggle="tooltip" data-placement="left" title="<?=gettext("export CA cert");?>" alt="<?=gettext("export CA cert");?>" class="btn btn-default btn-xs">
?>" data-toggle="tooltip" data-placement="left" title="<?=gettext("export CA cert"); <span class="glyphicon glyphicon-download"></span>
?>" alt="<?=gettext("export CA cert");?>" class="btn btn-default btn-xs"><span class="glyphicon glyphicon-download"></span></a> </a>
<?php if ($ca['prv']) : <?php
?> if ($ca['prv']) :?>
<a href="system_camanager.php?act=expkey&amp;id=<?=$i; <a href="system_camanager.php?act=expkey&amp;id=<?=$i;?>" data-toggle="tooltip" data-placement="left" title="<?=gettext("export CA private key");?>" class="btn btn-default btn-xs">
?>" data-toggle="tooltip" data-placement="left" title="<?=gettext("export CA private key");?>" class="btn btn-default btn-xs"><span class="glyphicon glyphicon-download"></span></a> <span class="glyphicon glyphicon-download"></span>
<?php </a>
endif; ?> <?php
<a href="system_camanager.php?act=del&amp;id=<?=$i; endif; ?>
?>" data-toggle="tooltip" data-placement="left" onclick="return confirm('<?=gettext("Do you really want to delete this Certificate Authority and its CRLs, and unreference any associated certificates?"); <a id="del_<?=$i;?>" data-id="<?=$i;?>" title="<?=gettext("delete ca"); ?>" data-toggle="tooltip" class="act_delete btn btn-default btn-xs">
?>')" title="<?=gettext("delete ca");?>" class="btn btn-default btn-xs"><span class="glyphicon glyphicon-remove"></span></a> <span class="glyphicon glyphicon-remove"></span>
</a>
</td> </td>
</tr> </tr>
<?php <?php
$i++; $i++;
endforeach; endforeach;?>
?>
</tbody> </tbody>
</table> </table>
<?php
<?php endif; ?>
endif; ?>
</div> </div>
</section> </section>
</div> </div>
</div> </div>
</section> </section>
<script type="text/javascript">
//<![CDATA[
method_change();
//]]>
</script>
<?php include("foot.inc"); <?php include("foot.inc");
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

Technounit-GROUP 2023