/src/usr/local/www/system_camanager.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/src/usr/local/www/system_camanager.php @ 0c7440b1

1	64cc39d3	Matthew Grooms	<?php
2			/*
3	ce77a9c4	Phil Davis	system_camanager.php
4	64cc39d3	Matthew Grooms	*/
5	f74457df	Stephen Beaver	/* ====================================================================
6			* Copyright (c) 2004-2015 Electric Sheep Fencing, LLC. All rights reserved.
7	191cb31d	Stephen Beaver	* Copyright (c) 2008 Shrew Soft Inc.
8	f74457df	Stephen Beaver	*
9			* Redistribution and use in source and binary forms, with or without modification,
10			* are permitted provided that the following conditions are met:
11			*
12			* 1. Redistributions of source code must retain the above copyright notice,
13			* this list of conditions and the following disclaimer.
14			*
15			* 2. Redistributions in binary form must reproduce the above copyright
16			* notice, this list of conditions and the following disclaimer in
17			* the documentation and/or other materials provided with the
18			* distribution.
19			*
20			* 3. All advertising materials mentioning features or use of this software
21			* must display the following acknowledgment:
22			* "This product includes software developed by the pfSense Project
23			* for use in the pfSense software distribution. (http://www.pfsense.org/).
24			*
25			* 4. The names "pfSense" and "pfSense Project" must not be used to
26			* endorse or promote products derived from this software without
27			* prior written permission. For written permission, please contact
28			* coreteam@pfsense.org.
29			*
30			* 5. Products derived from this software may not be called "pfSense"
31			* nor may "pfSense" appear in their names without prior written
32			* permission of the Electric Sheep Fencing, LLC.
33			*
34			* 6. Redistributions of any form whatsoever must retain the following
35			* acknowledgment:
36			*
37			* "This product includes software developed by the pfSense Project
38			* for use in the pfSense software distribution (http://www.pfsense.org/).
39			*
40			* THIS SOFTWARE IS PROVIDED BY THE pfSense PROJECT ``AS IS'' AND ANY
41			* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42			* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
43			* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE pfSense PROJECT OR
44			* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
45			* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
46			* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
47			* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48			* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
49			* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
50			* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
51			* OF THE POSSIBILITY OF SUCH DAMAGE.
52			*
53			* ====================================================================
54			*
55			*/
56	64cc39d3	Matthew Grooms
57			##\|+PRIV
58			##\|*IDENT=page-system-camanager
59			##\|*NAME=System: CA Manager
60			##\|*DESCR=Allow access to the 'System: CA Manager' page.
61			##\|MATCH=system_camanager.php
62			##\|-PRIV
63
64			require("guiconfig.inc");
65	742d9c2d	Ermal Lu?i	require_once("certs.inc");
66	64cc39d3	Matthew Grooms
67			$ca_methods = array(
68	a37753d7	Vinicius Coque	"existing" => gettext("Import an existing Certificate Authority"),
69	95c8cf48	Evgeny Yurchenko	"internal" => gettext("Create an internal Certificate Authority"),
70			"intermediate" => gettext("Create an intermediate Certificate Authority"));
71	64cc39d3	Matthew Grooms
72	56b1ed39	Phil Davis	$ca_keylens = array("512", "1024", "2048", "4096");
73	84197cec	jim-p	$openssl_digest_algs = array("sha1", "sha224", "sha256", "sha384", "sha512");
74	64cc39d3	Matthew Grooms
75	2d0d804b	Phil Davis	$pgtitle = array(gettext("System"), gettext("Certificate Manager"), gettext("CAs"));
76	64cc39d3	Matthew Grooms
77	56b1ed39	Phil Davis	if (is_numericint($_GET['id'])) {
78	e41ec584	Renato Botelho	$id = $_GET['id'];
79	56b1ed39	Phil Davis	}
80			if (isset($_POST['id']) && is_numericint($_POST['id'])) {
81	64cc39d3	Matthew Grooms	$id = $_POST['id'];
82	56b1ed39	Phil Davis	}
83	64cc39d3	Matthew Grooms
84	56b1ed39	Phil Davis	if (!is_array($config['ca'])) {
85	b4e6524c	jim-p	$config['ca'] = array();
86	56b1ed39	Phil Davis	}
87	64cc39d3	Matthew Grooms
88	b4e6524c	jim-p	$a_ca =& $config['ca'];
89	64cc39d3	Matthew Grooms
90	56b1ed39	Phil Davis	if (!is_array($config['cert'])) {
91	b4e6524c	jim-p	$config['cert'] = array();
92	56b1ed39	Phil Davis	}
93	64cc39d3	Matthew Grooms
94	b4e6524c	jim-p	$a_cert =& $config['cert'];
95	64cc39d3	Matthew Grooms
96	56b1ed39	Phil Davis	if (!is_array($config['crl'])) {
97	461aa9d0	jim-p	$config['crl'] = array();
98	56b1ed39	Phil Davis	}
99	461aa9d0	jim-p
100			$a_crl =& $config['crl'];
101
102	64cc39d3	Matthew Grooms	$act = $_GET['act'];
103	56b1ed39	Phil Davis	if ($_POST['act']) {
104	64cc39d3	Matthew Grooms	$act = $_POST['act'];
105	56b1ed39	Phil Davis	}
106	64cc39d3	Matthew Grooms
107			if ($act == "del") {
108
109	40e6086a	jim-p	if (!isset($a_ca[$id])) {
110	64cc39d3	Matthew Grooms	pfSenseHeader("system_camanager.php");
111			exit;
112			}
113
114			$index = count($a_cert) - 1;
115	56b1ed39	Phil Davis	for (;$index >= 0; $index--) {
116			if ($a_cert[$index]['caref'] == $a_ca[$id]['refid']) {
117	64cc39d3	Matthew Grooms	unset($a_cert[$index]);
118	56b1ed39	Phil Davis	}
119			}
120	64cc39d3	Matthew Grooms
121	461aa9d0	jim-p	$index = count($a_crl) - 1;
122	56b1ed39	Phil Davis	for (;$index >= 0; $index--) {
123			if ($a_crl[$index]['caref'] == $a_ca[$id]['refid']) {
124	461aa9d0	jim-p	unset($a_crl[$index]);
125	56b1ed39	Phil Davis	}
126			}
127	461aa9d0	jim-p
128	f2a86ca9	jim-p	$name = $a_ca[$id]['descr'];
129	64cc39d3	Matthew Grooms	unset($a_ca[$id]);
130			write_config();
131	b75cdd94	jim-p	$savemsg = sprintf(gettext("Certificate Authority %s and its CRLs (if any) successfully deleted"), htmlspecialchars($name)) . "<br />";
132	2f51259b	jim-p	pfSenseHeader("system_camanager.php");
133			exit;
134	64cc39d3	Matthew Grooms	}
135
136	bfa992bc	jim-p	if ($act == "edit") {
137			if (!$a_ca[$id]) {
138			pfSenseHeader("system_camanager.php");
139			exit;
140			}
141			$pconfig['descr'] = $a_ca[$id]['descr'];
142			$pconfig['refid'] = $a_ca[$id]['refid'];
143			$pconfig['cert'] = base64_decode($a_ca[$id]['crt']);
144			$pconfig['serial'] = $a_ca[$id]['serial'];
145	56b1ed39	Phil Davis	if (!empty($a_ca[$id]['prv'])) {
146	bfa992bc	jim-p	$pconfig['key'] = base64_decode($a_ca[$id]['prv']);
147	56b1ed39	Phil Davis	}
148	bfa992bc	jim-p	}
149
150	64cc39d3	Matthew Grooms	if ($act == "new") {
151			$pconfig['method'] = $_GET['method'];
152			$pconfig['keylen'] = "2048";
153	28a20fdb	jim-p	$pconfig['digest_alg'] = "sha256";
154	cf360495	Chris Buechler	$pconfig['lifetime'] = "3650";
155	64cc39d3	Matthew Grooms	$pconfig['dn_commonname'] = "internal-ca";
156			}
157
158	93823b10	Matthew Grooms	if ($act == "exp") {
159
160			if (!$a_ca[$id]) {
161			pfSenseHeader("system_camanager.php");
162			exit;
163			}
164
165	f2a86ca9	jim-p	$exp_name = urlencode("{$a_ca[$id]['descr']}.crt");
166	93823b10	Matthew Grooms	$exp_data = base64_decode($a_ca[$id]['crt']);
167			$exp_size = strlen($exp_data);
168
169			header("Content-Type: application/octet-stream");
170			header("Content-Disposition: attachment; filename={$exp_name}");
171			header("Content-Length: $exp_size");
172			echo $exp_data;
173			exit;
174			}
175
176	ecefc738	jim-p	if ($act == "expkey") {
177
178			if (!$a_ca[$id]) {
179			pfSenseHeader("system_camanager.php");
180			exit;
181			}
182
183	f2a86ca9	jim-p	$exp_name = urlencode("{$a_ca[$id]['descr']}.key");
184	ecefc738	jim-p	$exp_data = base64_decode($a_ca[$id]['prv']);
185			$exp_size = strlen($exp_data);
186
187			header("Content-Type: application/octet-stream");
188			header("Content-Disposition: attachment; filename={$exp_name}");
189			header("Content-Length: $exp_size");
190			echo $exp_data;
191			exit;
192			}
193
194	64cc39d3	Matthew Grooms	if ($_POST) {
195
196	95c8cf48	Evgeny Yurchenko	unset($input_errors);
197	2b8bfda4	Phil Davis	$input_errors = array();
198	64cc39d3	Matthew Grooms	$pconfig = $_POST;
199
200			/* input validation */
201			if ($pconfig['method'] == "existing") {
202	5293bfec	jim-p	$reqdfields = explode(" ", "descr cert");
203	38fb1109	Vinicius Coque	$reqdfieldsn = array(
204	56b1ed39	Phil Davis	gettext("Descriptive name"),
205			gettext("Certificate data"));
206			if ($_POST['cert'] && (!strstr($_POST['cert'], "BEGIN CERTIFICATE") \|\| !strstr($_POST['cert'], "END CERTIFICATE"))) {
207	396cfe2e	jim-p	$input_errors[] = gettext("This certificate does not appear to be valid.");
208	56b1ed39	Phil Davis	}
209			if ($_POST['key'] && strstr($_POST['key'], "ENCRYPTED")) {
210	46698c3f	jim-p	$input_errors[] = gettext("Encrypted private keys are not yet supported.");
211	56b1ed39	Phil Davis	}
212	64cc39d3	Matthew Grooms	}
213			if ($pconfig['method'] == "internal") {
214			$reqdfields = explode(" ",
215	56b1ed39	Phil Davis	"descr keylen lifetime dn_country dn_state dn_city ".
216			"dn_organization dn_email dn_commonname");
217	38fb1109	Vinicius Coque	$reqdfieldsn = array(
218	56b1ed39	Phil Davis	gettext("Descriptive name"),
219			gettext("Key length"),
220			gettext("Lifetime"),
221			gettext("Distinguished name Country Code"),
222			gettext("Distinguished name State or Province"),
223			gettext("Distinguished name City"),
224			gettext("Distinguished name Organization"),
225			gettext("Distinguished name Email Address"),
226			gettext("Distinguished name Common Name"));
227	64cc39d3	Matthew Grooms	}
228	95c8cf48	Evgeny Yurchenko	if ($pconfig['method'] == "intermediate") {
229			$reqdfields = explode(" ",
230	56b1ed39	Phil Davis	"descr caref keylen lifetime dn_country dn_state dn_city ".
231			"dn_organization dn_email dn_commonname");
232	95c8cf48	Evgeny Yurchenko	$reqdfieldsn = array(
233	56b1ed39	Phil Davis	gettext("Descriptive name"),
234			gettext("Signing Certificate Authority"),
235			gettext("Key length"),
236			gettext("Lifetime"),
237			gettext("Distinguished name Country Code"),
238			gettext("Distinguished name State or Province"),
239			gettext("Distinguished name City"),
240			gettext("Distinguished name Organization"),
241			gettext("Distinguished name Email Address"),
242			gettext("Distinguished name Common Name"));
243	95c8cf48	Evgeny Yurchenko	}
244	64cc39d3	Matthew Grooms
245	1e9b4611	Renato Botelho	do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors);
246	ca621902	jim-p	if ($pconfig['method'] != "existing") {
247	21cc2faa	Evgeny Yurchenko	/* Make sure we do not have invalid characters in the fields for the certificate */
248	b75cdd94	jim-p	if (preg_match("/[\?\>\<\&\/\\\"\']/", $_POST['descr'])) {
249			array_push($input_errors, "The field 'Descriptive Name' contains invalid characters.");
250			}
251
252	21cc2faa	Evgeny Yurchenko	for ($i = 0; $i < count($reqdfields); $i++) {
253	56b1ed39	Phil Davis	if ($reqdfields[$i] == 'dn_email') {
254			if (preg_match("/[\!\#\$\%\^\~\?\>\<\&\/\\\,\"\']/", $_POST["dn_email"])) {
255	21cc2faa	Evgeny Yurchenko	array_push($input_errors, "The field 'Distinguished name Email Address' contains invalid characters.");
256	56b1ed39	Phil Davis	}
257			} else if ($reqdfields[$i] == 'dn_commonname') {
258			if (preg_match("/[\!\@\#\$\%\^\~\?\>\<\&\/\\\,\"\']/", $_POST["dn_commonname"])) {
259	21cc2faa	Evgeny Yurchenko	array_push($input_errors, "The field 'Distinguished name Common Name' contains invalid characters.");
260	56b1ed39	Phil Davis	}
261			} else if (($reqdfields[$i] != "descr") && preg_match("/[\!\@\#\$\%\^\~\?\>\<\&\/\\\,\.\"\']/", $_POST["$reqdfields[$i]"])) {
262	21cc2faa	Evgeny Yurchenko	array_push($input_errors, "The field '" . $reqdfieldsn[$i] . "' contains invalid characters.");
263	56b1ed39	Phil Davis	}
264	21cc2faa	Evgeny Yurchenko	}
265	56b1ed39	Phil Davis	if (!in_array($_POST["keylen"], $ca_keylens)) {
266	ca621902	jim-p	array_push($input_errors, gettext("Please select a valid Key Length."));
267	56b1ed39	Phil Davis	}
268			if (!in_array($_POST["digest_alg"], $openssl_digest_algs)) {
269	ca621902	jim-p	array_push($input_errors, gettext("Please select a valid Digest Algorithm."));
270	56b1ed39	Phil Davis	}
271	ca621902	jim-p	}
272	1d6f93c5	Stephen Beaver
273	64cc39d3	Matthew Grooms	/* if this is an AJAX caller then handle via JSON */
274			if (isAjax() && is_array($input_errors)) {
275			input_errors2Ajax($input_errors);
276			exit;
277			}
278
279			/* save modifications */
280			if (!$input_errors) {
281			$ca = array();
282	56b1ed39	Phil Davis	if (!isset($pconfig['refid']) \|\| empty($pconfig['refid'])) {
283	bfa992bc	jim-p	$ca['refid'] = uniqid();
284	56b1ed39	Phil Davis	} else {
285	bfa992bc	jim-p	$ca['refid'] = $pconfig['refid'];
286	56b1ed39	Phil Davis	}
287	bfa992bc	jim-p
288	56b1ed39	Phil Davis	if (isset($id) && $a_ca[$id]) {
289	64cc39d3	Matthew Grooms	$ca = $a_ca[$id];
290	56b1ed39	Phil Davis	}
291	64cc39d3	Matthew Grooms
292	bfa992bc	jim-p	$ca['descr'] = $pconfig['descr'];
293
294	5d2edeca	Sjon Hortensius	if ($act == "edit") {
295	bfa992bc	jim-p	$ca['descr'] = $pconfig['descr'];
296			$ca['refid'] = $pconfig['refid'];
297			$ca['serial'] = $pconfig['serial'];
298	51583438	Stephen Beaver	$ca['crt'] = base64_encode($pconfig['cert']);
299	56b1ed39	Phil Davis	if (!empty($pconfig['key'])) {
300	51583438	Stephen Beaver	$ca['prv'] = base64_encode($pconfig['key']);
301	56b1ed39	Phil Davis	}
302	bfa992bc	jim-p	} else {
303	f416763b	Phil Davis	$old_err_level = error_reporting(0); /* otherwise openssl_ functions throw warnings directly to a page screwing menu tab */
304	56b1ed39	Phil Davis	if ($pconfig['method'] == "existing") {
305	bfa992bc	jim-p	ca_import($ca, $pconfig['cert'], $pconfig['key'], $pconfig['serial']);
306	56b1ed39	Phil Davis	} else if ($pconfig['method'] == "internal") {
307	bfa992bc	jim-p	$dn = array(
308			'countryName' => $pconfig['dn_country'],
309			'stateOrProvinceName' => $pconfig['dn_state'],
310			'localityName' => $pconfig['dn_city'],
311			'organizationName' => $pconfig['dn_organization'],
312			'emailAddress' => $pconfig['dn_email'],
313			'commonName' => $pconfig['dn_commonname']);
314	56b1ed39	Phil Davis	if (!ca_create($ca, $pconfig['keylen'], $pconfig['lifetime'], $dn, $pconfig['digest_alg'])) {
315			while ($ssl_err = openssl_error_string()) {
316	1b6d9fa5	Evgeny Yurchenko	$input_errors = array();
317			array_push($input_errors, "openssl library returns: " . $ssl_err);
318			}
319			}
320	78863416	Phil Davis	} else if ($pconfig['method'] == "intermediate") {
321	95c8cf48	Evgeny Yurchenko	$dn = array(
322			'countryName' => $pconfig['dn_country'],
323			'stateOrProvinceName' => $pconfig['dn_state'],
324			'localityName' => $pconfig['dn_city'],
325			'organizationName' => $pconfig['dn_organization'],
326			'emailAddress' => $pconfig['dn_email'],
327			'commonName' => $pconfig['dn_commonname']);
328	1d6f93c5	Stephen Beaver
329	56b1ed39	Phil Davis	if (!ca_inter_create($ca, $pconfig['keylen'], $pconfig['lifetime'], $dn, $pconfig['caref'], $pconfig['digest_alg'])) {
330			while ($ssl_err = openssl_error_string()) {
331	95c8cf48	Evgeny Yurchenko	$input_errors = array();
332			array_push($input_errors, "openssl library returns: " . $ssl_err);
333			}
334			}
335			}
336	1b6d9fa5	Evgeny Yurchenko	error_reporting($old_err_level);
337	64cc39d3	Matthew Grooms	}
338
339	56b1ed39	Phil Davis	if (isset($id) && $a_ca[$id]) {
340	64cc39d3	Matthew Grooms	$a_ca[$id] = $ca;
341	56b1ed39	Phil Davis	} else {
342	64cc39d3	Matthew Grooms	$a_ca[] = $ca;
343	56b1ed39	Phil Davis	}
344	64cc39d3	Matthew Grooms
345	56b1ed39	Phil Davis	if (!$input_errors) {
346	95c8cf48	Evgeny Yurchenko	write_config();
347	56b1ed39	Phil Davis	}
348	64cc39d3	Matthew Grooms
349	683ba309	Stephen Beaver	pfSenseHeader("system_camanager.php");
350	64cc39d3	Matthew Grooms	}
351			}
352
353			include("head.inc");
354
355	78863416	Phil Davis	if ($input_errors) {
356	5d2edeca	Sjon Hortensius	print_input_errors($input_errors);
357	78863416	Phil Davis	}
358	b8f22f61	Stephen Beaver
359	78863416	Phil Davis	if ($savemsg) {
360	b8f22f61	Stephen Beaver	print_info_box($savemsg, 'success');
361	78863416	Phil Davis	}
362	5d2edeca	Sjon Hortensius
363			// Load valid country codes
364			$dn_cc = array();
365	78863416	Phil Davis	if (file_exists("/etc/ca_countries")) {
366	5d2edeca	Sjon Hortensius	$dn_cc_file=file("/etc/ca_countries");
367	78863416	Phil Davis	foreach ($dn_cc_file as $line) {
368	b8f22f61	Stephen Beaver	if (preg_match('/^(\S)\s(.)$/', $line, $matches)) {
369	f74457df	Stephen Beaver	$dn_cc[$matches[1]] = $matches[1];
370	b8f22f61	Stephen Beaver	}
371			}
372	64cc39d3	Matthew Grooms	}
373
374	5d2edeca	Sjon Hortensius	$tab_array = array();
375			$tab_array[] = array(gettext("CAs"), true, "system_camanager.php");
376			$tab_array[] = array(gettext("Certificates"), false, "system_certmanager.php");
377			$tab_array[] = array(gettext("Certificate Revocation"), false, "system_crlmanager.php");
378			display_top_tabs($tab_array);
379
380	78863416	Phil Davis	if (!($act == "new" \|\| $act == "edit" \|\| $act == gettext("Save") \|\| $input_errors)) {
381	5d2edeca	Sjon Hortensius	?>
382			<div class="table-responsive">
383			<table class="table table-striped table-hover">
384			<thead>
385			<tr>
386			<th><?=gettext("Name")?></th>
387			<th><?=gettext("Internal")?></th>
388			<th><?=gettext("Issuer")?></th>
389			<th><?=gettext("Certificates")?></th>
390			<th><?=gettext("Distinguished Name")?></th>
391	f74457df	Stephen Beaver	<th><?=gettext("Actions")?></th>
392	5d2edeca	Sjon Hortensius	</tr>
393			</thead>
394			<tbody>
395	64cc39d3	Matthew Grooms	<?php
396	5d2edeca	Sjon Hortensius	foreach ($a_ca as $i => $ca):
397			$name = htmlspecialchars($ca['descr']);
398			$subj = cert_get_subject($ca['crt']);
399			$issuer = cert_get_issuer($ca['crt']);
400			list($startdate, $enddate) = cert_get_dates($ca['crt']);
401	78863416	Phil Davis	if ($subj == $issuer) {
402	a2a10102	Sjon Hortensius	$issuer_name = gettext("self-signed");
403	78863416	Phil Davis	} else {
404	a2a10102	Sjon Hortensius	$issuer_name = gettext("external");
405	78863416	Phil Davis	}
406	5d2edeca	Sjon Hortensius	$subj = htmlspecialchars($subj);
407			$issuer = htmlspecialchars($issuer);
408			$certcount = 0;
409
410			$issuer_ca = lookup_ca($ca['caref']);
411	78863416	Phil Davis	if ($issuer_ca) {
412	5d2edeca	Sjon Hortensius	$issuer_name = $issuer_ca['descr'];
413	78863416	Phil Davis	}
414	5d2edeca	Sjon Hortensius
415			// TODO : Need gray certificate icon
416			$internal = (!!$ca['prv']);
417
418	78863416	Phil Davis	foreach ($a_cert as $cert) {
419			if ($cert['caref'] == $ca['refid']) {
420	5d2edeca	Sjon Hortensius	$certcount++;
421	78863416	Phil Davis	}
422			}
423	5d2edeca	Sjon Hortensius
424	78863416	Phil Davis	foreach ($a_ca as $cert) {
425			if ($cert['caref'] == $ca['refid']) {
426	5d2edeca	Sjon Hortensius	$certcount++;
427	78863416	Phil Davis	}
428			}
429	64cc39d3	Matthew Grooms	?>
430	5d2edeca	Sjon Hortensius	<tr>
431			<td><?=$name?></td>
432			<td><?=$internal?></td>
433	a2a10102	Sjon Hortensius	<td><i><?=$issuer_name?></i></td>
434	5d2edeca	Sjon Hortensius	<td><?=$certcount?></td>
435	a2a10102	Sjon Hortensius	<td>
436			<?=$subj?>
437			<br />
438			<small>
439	b8f22f61	Stephen Beaver	<?=gettext("Valid From")?>: <b><?=$startdate ?></b><br /><?=gettext("Valid Until")?>: <b><?=$enddate ?></b>
440	a2a10102	Sjon Hortensius	</small>
441	5d2edeca	Sjon Hortensius	</td>
442			<td>
443	6e27d2fc	heper	<a class="fa fa-pencil" title="<?=gettext("Edit")?>" href="system_camanager.php?act=edit&id=<?=$i?>"></a>
444			<a class="fa fa-sign-in" title="<?=gettext("Export")?>" href="system_camanager.php?act=exp&id=<?=$i?>"></a>
445			<?php if ($ca['prv']): ?>
446			<a class="fa fa-key" title="<?=gettext("Export key")?>" href="system_camanager.php?act=expkey&id=<?=$i?>"></a>
447			<?php endif?>
448			<a class="fa fa-trash" title="<?=gettext("Delete")?>" href="system_camanager.php?act=del&id=<?=$i?>"></a>
449	5d2edeca	Sjon Hortensius	</td>
450			</tr>
451			<?php endforeach; ?>
452			</tbody>
453			</table>
454	64cc39d3	Matthew Grooms
455	c10cb196	Stephen Beaver	<nav class="action-buttons">
456	f74457df	Stephen Beaver	<a href="?act=new" class="btn btn-success btn-sm">
457	9d5a20cf	heper	<i class="fa fa-plus icon-embed-btn"></i>
458	f74457df	Stephen Beaver	<?=gettext("Add")?>
459			</a>
460	5d2edeca	Sjon Hortensius	</nav>
461			<?
462			include("foot.inc");
463			exit;
464			}
465	96c7a492	Matthew Grooms
466	5d2edeca	Sjon Hortensius	$form = new Form;
467	b155730f	Stephen Beaver	//$form->setAction('system_camanager.php?act=edit');
468	78863416	Phil Davis	if (isset($id) && $a_ca[$id]) {
469	5d2edeca	Sjon Hortensius	$form->addGlobal(new Form_Input(
470			'id',
471			null,
472			'hidden',
473			$id
474			));
475			}
476	64cc39d3	Matthew Grooms
477	78863416	Phil Davis	if ($act == "edit") {
478	5d2edeca	Sjon Hortensius	$form->addGlobal(new Form_Input(
479			'refid',
480			null,
481			'hidden',
482			$pconfig['refid']
483			));
484			}
485
486			$section = new Form_Section('Create / edit CA');
487
488			$section->addInput(new Form_Input(
489			'descr',
490			'Descriptive name',
491			'text',
492			$pconfig['descr']
493			));
494
495	78863416	Phil Davis	if (!isset($id) \|\| $act == "edit") {
496	5d2edeca	Sjon Hortensius	$section->addInput(new Form_Select(
497			'method',
498			'Method',
499			$pconfig['method'],
500			$ca_methods
501	44d906ca	Sjon Hortensius	))->toggles();
502	5d2edeca	Sjon Hortensius	}
503	64cc39d3	Matthew Grooms
504	5d2edeca	Sjon Hortensius	$form->add($section);
505
506			$section = new Form_Section('Existing Certificate Authority');
507			$section->addClass('toggle-existing collapse');
508
509			$section->addInput(new Form_Textarea(
510			'cert',
511			'Certificate data',
512			$pconfig['cert']
513			))->setHelp('Paste a certificate in X.509 PEM format here.');
514
515			$section->addInput(new Form_Textarea(
516			'key',
517			'Certificate Private Key (optional)',
518			$pconfig['key']
519			))->setHelp('Paste the private key for the above certificate here. This is '.
520			'optional in most cases, but required if you need to generate a '.
521			'Certificate Revocation List (CRL).');
522
523			$section->addInput(new Form_Input(
524			'serial',
525			'Serial for next certificate',
526			'number',
527			$pconfig['serial']
528			))->setHelp('Enter a decimal number to be used as the serial number for the next '.
529			'certificate to be created using this CA.');
530
531			$form->add($section);
532
533			$section = new Form_Section('Internal Certificate Authority');
534			$section->addClass('toggle-internal', 'toggle-intermediate', 'collapse');
535
536			$allCas = array();
537	78863416	Phil Davis	foreach ($a_ca as $ca) {
538			if (!$ca['prv']) {
539	5d2edeca	Sjon Hortensius	continue;
540	78863416	Phil Davis	}
541	5d2edeca	Sjon Hortensius
542			$allCas[ $ca['refid'] ] = $ca['descr'];
543			}
544	64cc39d3	Matthew Grooms
545	5d2edeca	Sjon Hortensius	$group = new Form_Group('Signing Certificate Authority');
546	b8f22f61	Stephen Beaver	$group->addClass('toggle-intermediate', 'collapse');
547	5d2edeca	Sjon Hortensius	$group->add(new Form_Select(
548			'caref',
549			null,
550			$pconfig['caref'],
551			$allCas
552			));
553			$section->add($group);
554
555			$section->addInput(new Form_Select(
556			'keylen',
557			'Key length (bits)',
558			$pconfig['keylen'],
559	b698621d	Stephen Beaver	array_combine($ca_keylens, $ca_keylens)
560	5d2edeca	Sjon Hortensius	));
561
562			$section->addInput(new Form_Select(
563			'digest_alg',
564			'Digest Algorithm',
565			$pconfig['digest_alg'],
566	b698621d	Stephen Beaver	array_combine($openssl_digest_algs, $openssl_digest_algs)
567	5d2edeca	Sjon Hortensius	))->setHelp('NOTE: It is recommended to use an algorithm stronger than SHA1 '.
568			'when possible.');
569
570			$section->addInput(new Form_Input(
571			'lifetime',
572			'Lifetime (days)',
573			'number',
574			$pconfig['lifetime']
575			));
576
577			$section->addInput(new Form_Select(
578			'dn_country',
579			'Country Code',
580			$pconfig['dn_country'],
581			$dn_cc
582			));
583
584			$section->addInput(new Form_Input(
585			'dn_state',
586			'State or Province',
587			'text',
588			$pconfig['dn_state'],
589			['placeholder' => 'e.g. Texas']
590			));
591
592			$section->addInput(new Form_Input(
593			'dn_city',
594			'City',
595			'text',
596			$pconfig['dn_city'],
597			['placeholder' => 'e.g. Austin']
598			));
599
600			$section->addInput(new Form_Input(
601			'dn_organization',
602			'Organization',
603			'text',
604			$pconfig['dn_organization'],
605			['placeholder' => 'e.g. My Company Inc.']
606			));
607
608			$section->addInput(new Form_Input(
609			'dn_email',
610			'Email Address',
611			'email',
612			$pconfig['dn_email'],
613			['placeholder' => 'e.g. admin@mycompany.com']
614			));
615
616			$section->addInput(new Form_Input(
617			'dn_commonname',
618			'Common Name',
619			'text',
620			$pconfig['dn_commonname'],
621			['placeholder' => 'e.g. internal-ca']
622			));
623
624			$form->add($section);
625
626			print $form;
627
628	b8f22f61	Stephen Beaver	$internal_ca_count = 0;
629			foreach ($a_ca as $ca) {
630			if ($ca['prv']) {
631			$internal_ca_count++;
632			}
633			}
634
635	c10cb196	Stephen Beaver	include('foot.inc');

Project

General

Profile

pfSense