/usr/local/www/system_certmanager.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/usr/local/www/system_certmanager.php @ 1e9b4611

1	64cc39d3	Matthew Grooms	<?php
2			/*
3			system_certmanager.php
4
5			Copyright (C) 2008 Shrew Soft Inc.
6			All rights reserved.
7
8			Redistribution and use in source and binary forms, with or without
9			modification, are permitted provided that the following conditions are met:
10
11			1. Redistributions of source code must retain the above copyright notice,
12			this list of conditions and the following disclaimer.
13
14			2. Redistributions in binary form must reproduce the above copyright
15			notice, this list of conditions and the following disclaimer in the
16			documentation and/or other materials provided with the distribution.
17
18			THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
19			INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
20			AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
21			AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
22			OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
23			SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
24			INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
25			CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
26			ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
27			POSSIBILITY OF SUCH DAMAGE.
28			*/
29	1d333258	Scott Ullrich	/*
30			pfSense_MODULE: certificate_managaer
31			*/
32	64cc39d3	Matthew Grooms
33			##\|+PRIV
34			##\|*IDENT=page-system-certmanager
35			##\|*NAME=System: Certificate Manager
36			##\|*DESCR=Allow access to the 'System: Certificate Manager' page.
37			##\|MATCH=system_certmanager.php
38			##\|-PRIV
39
40			require("guiconfig.inc");
41	14f5ae08	Ermal Lu?i	require_once("certs.inc");
42	64cc39d3	Matthew Grooms
43			$cert_methods = array(
44	ad9b5c67	jim-p	"import" => gettext("Import an existing Certificate"),
45	a37753d7	Vinicius Coque	"internal" => gettext("Create an internal Certificate"),
46	ad9b5c67	jim-p	"external" => gettext("Create a Certificate Signing Request"),
47			);
48	64cc39d3	Matthew Grooms
49			$cert_keylens = array( "512", "1024", "2048", "4096");
50	7aaabd69	jim-p	$cert_types = array( "ca" => "Certificate Authority",
51			"server" => "Server Certificate",
52			"user" => "User Certificate");
53	64cc39d3	Matthew Grooms
54	2f65de89	jim-p	$altname_types = array("DNS", "IP", "email", "URI");
55	84197cec	jim-p	$openssl_digest_algs = array("sha1", "sha224", "sha256", "sha384", "sha512");
56	2f65de89	jim-p
57	51e4f7a3	Vinicius Coque	$pgtitle = array(gettext("System"), gettext("Certificate Manager"));
58	64cc39d3	Matthew Grooms
59	ad9b5c67	jim-p	$userid = $_GET['userid'];
60			if (isset($_POST['userid']))
61			$userid = $_POST['userid'];
62	baa29749	jim-p	if (is_numeric($userid)) {
63	ad9b5c67	jim-p	$cert_methods["existing"] = gettext("Choose an existing certificate");
64			if (!is_array($config['system']['user']))
65			$config['system']['user'] = array();
66			$a_user =& $config['system']['user'];
67			}
68
69	64cc39d3	Matthew Grooms	$id = $_GET['id'];
70			if (isset($_POST['id']))
71			$id = $_POST['id'];
72
73	b4e6524c	jim-p	if (!is_array($config['ca']))
74			$config['ca'] = array();
75	64cc39d3	Matthew Grooms
76	b4e6524c	jim-p	$a_ca =& $config['ca'];
77	64cc39d3	Matthew Grooms
78	b4e6524c	jim-p	if (!is_array($config['cert']))
79			$config['cert'] = array();
80	64cc39d3	Matthew Grooms
81	b4e6524c	jim-p	$a_cert =& $config['cert'];
82	64cc39d3	Matthew Grooms
83			$internal_ca_count = 0;
84			foreach ($a_ca as $ca)
85			if ($ca['prv'])
86			$internal_ca_count++;
87
88			$act = $_GET['act'];
89			if ($_POST['act'])
90			$act = $_POST['act'];
91
92			if ($act == "del") {
93
94	40e6086a	jim-p	if (!isset($a_cert[$id])) {
95	64cc39d3	Matthew Grooms	pfSenseHeader("system_certmanager.php");
96			exit;
97			}
98
99	f2a86ca9	jim-p	$name = $a_cert[$id]['descr'];
100	64cc39d3	Matthew Grooms	unset($a_cert[$id]);
101			write_config();
102	ea53e38f	Renato Botelho	$savemsg = sprintf(gettext("Certificate %s successfully deleted"), $name) . "<br/>";
103	2f51259b	jim-p	pfSenseHeader("system_certmanager.php");
104			exit;
105	64cc39d3	Matthew Grooms	}
106
107			if ($act == "new") {
108			$pconfig['method'] = $_GET['method'];
109			$pconfig['keylen'] = "2048";
110	28a20fdb	jim-p	$pconfig['digest_alg'] = "sha256";
111	8f07b51c	PiBa-NL	$pconfig['csr_keylen'] = "2048";
112			$pconfig['csr_digest_alg'] = "sha256";
113	7aaabd69	jim-p	$pconfig['type'] = "user";
114	cf360495	Chris Buechler	$pconfig['lifetime'] = "3650";
115	64cc39d3	Matthew Grooms	}
116
117	93823b10	Matthew Grooms	if ($act == "exp") {
118
119			if (!$a_cert[$id]) {
120			pfSenseHeader("system_certmanager.php");
121			exit;
122			}
123
124	f2a86ca9	jim-p	$exp_name = urlencode("{$a_cert[$id]['descr']}.crt");
125	93823b10	Matthew Grooms	$exp_data = base64_decode($a_cert[$id]['crt']);
126			$exp_size = strlen($exp_data);
127
128			header("Content-Type: application/octet-stream");
129			header("Content-Disposition: attachment; filename={$exp_name}");
130			header("Content-Length: $exp_size");
131			echo $exp_data;
132			exit;
133			}
134
135	73fbece8	mgrooms	if ($act == "key") {
136
137			if (!$a_cert[$id]) {
138			pfSenseHeader("system_certmanager.php");
139			exit;
140			}
141
142	f2a86ca9	jim-p	$exp_name = urlencode("{$a_cert[$id]['descr']}.key");
143	73fbece8	mgrooms	$exp_data = base64_decode($a_cert[$id]['prv']);
144			$exp_size = strlen($exp_data);
145
146			header("Content-Type: application/octet-stream");
147			header("Content-Disposition: attachment; filename={$exp_name}");
148			header("Content-Length: $exp_size");
149			echo $exp_data;
150			exit;
151			}
152
153	eaf23c17	jim-p	if ($act == "p12") {
154			if (!$a_cert[$id]) {
155			pfSenseHeader("system_certmanager.php");
156			exit;
157			}
158
159			$exp_name = urlencode("{$a_cert[$id]['descr']}.p12");
160	eed5b507	jim-p	$args = array();
161			$args['friendly_name'] = $a_cert[$id]['descr'];
162
163			$ca = lookup_ca($a_cert[$id]['caref']);
164			if ($ca)
165			$args['extracerts'] = openssl_x509_read(base64_decode($ca['crt']));
166	eaf23c17	jim-p
167			$res_crt = openssl_x509_read(base64_decode($a_cert[$id]['crt']));
168			$res_key = openssl_pkey_get_private(array(0 => base64_decode($a_cert[$id]['prv']) , 1 => ""));
169
170			$exp_data = "";
171	eed5b507	jim-p	openssl_pkcs12_export($res_crt, $exp_data, $res_key, null, $args);
172	eaf23c17	jim-p	$exp_size = strlen($exp_data);
173
174			header("Content-Type: application/octet-stream");
175			header("Content-Disposition: attachment; filename={$exp_name}");
176			header("Content-Length: $exp_size");
177			echo $exp_data;
178			exit;
179			}
180
181	64cc39d3	Matthew Grooms	if ($act == "csr") {
182
183			if (!$a_cert[$id]) {
184			pfSenseHeader("system_certmanager.php");
185			exit;
186			}
187
188	f2a86ca9	jim-p	$pconfig['descr'] = $a_cert[$id]['descr'];
189	64cc39d3	Matthew Grooms	$pconfig['csr'] = base64_decode($a_cert[$id]['csr']);
190			}
191
192			if ($_POST) {
193	e64aa6f8	Carlos Eduardo Ramos	if ($_POST['save'] == gettext("Save")) {
194	21cc2faa	Evgeny Yurchenko	$input_errors = array();
195	64cc39d3	Matthew Grooms	$pconfig = $_POST;
196
197			/* input validation */
198	ad9b5c67	jim-p	if ($pconfig['method'] == "import") {
199	64cc39d3	Matthew Grooms	$reqdfields = explode(" ",
200	5293bfec	jim-p	"descr cert key");
201	38fb1109	Vinicius Coque	$reqdfieldsn = array(
202			gettext("Descriptive name"),
203			gettext("Certificate data"),
204			gettext("Key data"));
205	396cfe2e	jim-p	if ($_POST['cert'] && (!strstr($_POST['cert'], "BEGIN CERTIFICATE") \|\| !strstr($_POST['cert'], "END CERTIFICATE")))
206			$input_errors[] = gettext("This certificate does not appear to be valid.");
207	64cc39d3	Matthew Grooms	}
208
209			if ($pconfig['method'] == "internal") {
210			$reqdfields = explode(" ",
211	7aaabd69	jim-p	"descr caref keylen type lifetime dn_country dn_state dn_city ".
212	64cc39d3	Matthew Grooms	"dn_organization dn_email dn_commonname");
213	38fb1109	Vinicius Coque	$reqdfieldsn = array(
214			gettext("Descriptive name"),
215			gettext("Certificate authority"),
216			gettext("Key length"),
217	7aaabd69	jim-p	gettext("Certificate Type"),
218	38fb1109	Vinicius Coque	gettext("Lifetime"),
219			gettext("Distinguished name Country Code"),
220			gettext("Distinguished name State or Province"),
221			gettext("Distinguished name City"),
222			gettext("Distinguished name Organization"),
223			gettext("Distinguished name Email Address"),
224	a37753d7	Vinicius Coque	gettext("Distinguished name Common Name"));
225	64cc39d3	Matthew Grooms	}
226
227			if ($pconfig['method'] == "external") {
228			$reqdfields = explode(" ",
229	5293bfec	jim-p	"descr csr_keylen csr_dn_country csr_dn_state csr_dn_city ".
230	64cc39d3	Matthew Grooms	"csr_dn_organization csr_dn_email csr_dn_commonname");
231	38fb1109	Vinicius Coque	$reqdfieldsn = array(
232			gettext("Descriptive name"),
233			gettext("Key length"),
234			gettext("Distinguished name Country Code"),
235			gettext("Distinguished name State or Province"),
236			gettext("Distinguished name City"),
237			gettext("Distinguished name Organization"),
238			gettext("Distinguished name Email Address"),
239	a37753d7	Vinicius Coque	gettext("Distinguished name Common Name"));
240	64cc39d3	Matthew Grooms	}
241
242	ad9b5c67	jim-p	if ($pconfig['method'] == "existing") {
243			$reqdfields = array("certref");
244			$reqdfieldsn = array(gettext("Existing Certificate Choice"));
245			}
246
247	547c56c4	jim-p	$altnames = array();
248	1e9b4611	Renato Botelho	do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors);
249	547c56c4	jim-p	if ($pconfig['method'] != "import") {
250	2f65de89	jim-p	/* subjectAltNames */
251			foreach ($_POST as $key => $value) {
252			$entry = '';
253			if (!substr_compare('altname_type', $key, 0, 12)) {
254			$entry = substr($key, 12);
255			$field = 'type';
256			}
257			elseif (!substr_compare('altname_value', $key, 0, 13)) {
258			$entry = substr($key, 13);
259			$field = 'value';
260			}
261			if (ctype_digit($entry)) {
262			$altnames[$entry][$field] = $value;
263			}
264			}
265			$pconfig['aliases']['item'] = $aliases;
266
267			/* Input validation for subjectAltNames */
268			foreach ($altnames as $idx => $altname) {
269			switch ($altname['type']) {
270			case "DNS":
271			if (!is_hostname($altname['value']))
272			array_push($input_errors, "DNS subjectAltName values must be valid hostnames or FQDNs");
273			break;
274			case "IP":
275			if (!is_ipaddr($altname['value']))
276			array_push($input_errors, "IP subjectAltName values must be valid IP Addresses");
277			break;
278			case "email":
279			if (empty($altname['value']))
280			array_push($input_errors, "You must provide an e-mail address for this type of subjectAltName");
281			if (preg_match("/[\!\#\$\%\^\~\?\>\<\&\/\\\,\"\']/", $altname['value']))
282			array_push($input_errors, "The e-mail provided in a subjectAltName contains invalid characters.");
283			break;
284			case "URI":
285			/* Close enough? */
286			if (!is_URL($altname['value']))
287			$input_errors[] = "URI subjectAltName types must be a valid URI";
288			break;
289			default:
290			$input_errors[] = "Unrecognized subjectAltName type.";
291			}
292			}
293
294	21cc2faa	Evgeny Yurchenko	/* Make sure we do not have invalid characters in the fields for the certificate */
295			for ($i = 0; $i < count($reqdfields); $i++) {
296			if (preg_match('/email/', $reqdfields[$i])){ /* dn_email or csr_dn_name */
297			if (preg_match("/[\!\#\$\%\^\~\?\>\<\&\/\\\,\"\']/", $_POST["$reqdfields[$i]"]))
298			array_push($input_errors, "The field 'Distinguished name Email Address' contains invalid characters.");
299			}else if (preg_match('/commonname/', $reqdfields[$i])){ /* dn_commonname or csr_dn_commonname */
300			if (preg_match("/[\!\@\#\$\%\^\~\?\>\<\&\/\\\,\"\']/", $_POST["$reqdfields[$i]"]))
301			array_push($input_errors, "The field 'Distinguished name Common Name' contains invalid characters.");
302	00a695c8	jim-p	}else if (($reqdfields[$i] != "descr") && preg_match("/[\!\@\#\$\%\^\~\?\>\<\&\/\\\,\.\"\']/", $_POST["$reqdfields[$i]"]))
303	21cc2faa	Evgeny Yurchenko	array_push($input_errors, "The field '" . $reqdfieldsn[$i] . "' contains invalid characters.");
304			}
305	8f07b51c	PiBa-NL
306	741d748d	jim-p	if (isset($_POST["keylen"]) && !in_array($_POST["keylen"], $cert_keylens))
307			array_push($input_errors, gettext("Please select a valid Key Length."));
308	8f07b51c	PiBa-NL	if (!in_array($_POST["digest_alg"], $openssl_digest_algs))
309			array_push($input_errors, gettext("Please select a valid Digest Algorithm."));
310
311	741d748d	jim-p	if (isset($_POST["csr_keylen"]) && !in_array($_POST["csr_keylen"], $cert_keylens))
312	ca621902	jim-p	array_push($input_errors, gettext("Please select a valid Key Length."));
313	8f07b51c	PiBa-NL	if (!in_array($_POST["csr_digest_alg"], $openssl_digest_algs))
314	ca621902	jim-p	array_push($input_errors, gettext("Please select a valid Digest Algorithm."));
315	547c56c4	jim-p	}
316	64cc39d3	Matthew Grooms
317			/* if this is an AJAX caller then handle via JSON */
318			if (isAjax() && is_array($input_errors)) {
319			input_errors2Ajax($input_errors);
320			exit;
321			}
322
323			/* save modifications */
324			if (!$input_errors) {
325
326	ad9b5c67	jim-p	if ($pconfig['method'] == "existing") {
327			$cert = lookup_cert($pconfig['certref']);
328			if ($cert && $a_user)
329			$a_user[$userid]['cert'][] = $cert['refid'];
330			} else {
331			$cert = array();
332			$cert['refid'] = uniqid();
333			if (isset($id) && $a_cert[$id])
334			$cert = $a_cert[$id];
335
336	f2a86ca9	jim-p	$cert['descr'] = $pconfig['descr'];
337	ad9b5c67	jim-p
338	22b380aa	Evgeny Yurchenko	$old_err_level = error_reporting(0); /* otherwise openssl_ functions throw warings directly to a page screwing menu tab */
339
340	ad9b5c67	jim-p	if ($pconfig['method'] == "import")
341			cert_import($cert, $pconfig['cert'], $pconfig['key']);
342
343			if ($pconfig['method'] == "internal") {
344			$dn = array(
345			'countryName' => $pconfig['dn_country'],
346			'stateOrProvinceName' => $pconfig['dn_state'],
347			'localityName' => $pconfig['dn_city'],
348			'organizationName' => $pconfig['dn_organization'],
349			'emailAddress' => $pconfig['dn_email'],
350			'commonName' => $pconfig['dn_commonname']);
351	2f65de89	jim-p	if (count($altnames)) {
352			$altnames_tmp = "";
353			foreach ($altnames as $altname) {
354			$altnames_tmp[] = "{$altname['type']}:{$altname['value']}";
355			}
356			$dn['subjectAltName'] = implode(",", $altnames_tmp);
357			}
358	22b380aa	Evgeny Yurchenko	if (!cert_create($cert, $pconfig['caref'], $pconfig['keylen'],
359	ca621902	jim-p	$pconfig['lifetime'], $dn, $pconfig['type'], $pconfig['digest_alg'])){
360	22b380aa	Evgeny Yurchenko	while($ssl_err = openssl_error_string()){
361			$input_errors = array();
362			array_push($input_errors, "openssl library returns: " . $ssl_err);
363			}
364			}
365	ad9b5c67	jim-p	}
366
367			if ($pconfig['method'] == "external") {
368			$dn = array(
369			'countryName' => $pconfig['csr_dn_country'],
370			'stateOrProvinceName' => $pconfig['csr_dn_state'],
371			'localityName' => $pconfig['csr_dn_city'],
372			'organizationName' => $pconfig['csr_dn_organization'],
373			'emailAddress' => $pconfig['csr_dn_email'],
374			'commonName' => $pconfig['csr_dn_commonname']);
375	2f65de89	jim-p	if (count($altnames)) {
376			$altnames_tmp = "";
377			foreach ($altnames as $altname) {
378			$altnames_tmp[] = "{$altname['type']}:{$altname['value']}";
379			}
380			$dn['subjectAltName'] = implode(",", $altnames_tmp);
381			}
382	8f07b51c	PiBa-NL	if(!csr_generate($cert, $pconfig['csr_keylen'], $dn, $pconfig['csr_digest_alg'])){
383	22b380aa	Evgeny Yurchenko	while($ssl_err = openssl_error_string()){
384			$input_errors = array();
385			array_push($input_errors, "openssl library returns: " . $ssl_err);
386			}
387			}
388	ad9b5c67	jim-p	}
389	22b380aa	Evgeny Yurchenko	error_reporting($old_err_level);
390
391	ad9b5c67	jim-p	if (isset($id) && $a_cert[$id])
392			$a_cert[$id] = $cert;
393			else
394			$a_cert[] = $cert;
395			if (isset($a_user) && isset($userid))
396			$a_user[$userid]['cert'][] = $cert['refid'];
397	64cc39d3	Matthew Grooms	}
398
399	22b380aa	Evgeny Yurchenko	if (!$input_errors)
400			write_config();
401	64cc39d3	Matthew Grooms
402	ad9b5c67	jim-p	if ($userid)
403			pfSenseHeader("system_usermanager.php?act=edit&id={$userid}");
404	64cc39d3	Matthew Grooms	}
405			}
406
407	a37753d7	Vinicius Coque	if ($_POST['save'] == gettext("Update")) {
408	64cc39d3	Matthew Grooms	unset($input_errors);
409			$pconfig = $_POST;
410
411			/* input validation */
412	5293bfec	jim-p	$reqdfields = explode(" ", "descr cert");
413	76d49f20	Renato Botelho	$reqdfieldsn = array(
414			gettext("Descriptive name"),
415			gettext("Final Certificate data"));
416	64cc39d3	Matthew Grooms
417	1e9b4611	Renato Botelho	do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors);
418	64cc39d3	Matthew Grooms
419	a828210b	yakatz	// old way
420	64cc39d3	Matthew Grooms	/* make sure this csr and certificate subjects match */
421	a828210b	yakatz	// $subj_csr = csr_get_subject($pconfig['csr'], false);
422			// $subj_cert = cert_get_subject($pconfig['cert'], false);
423			//
424			// if ( !isset($_POST['ignoresubjectmismatch']) && !($_POST['ignoresubjectmismatch'] == "yes") ) {
425			// if (strcmp($subj_csr,$subj_cert)) {
426			// $input_errors[] = sprintf(gettext("The certificate subject '%s' does not match the signing request subject."),$subj_cert);
427			// $subject_mismatch = true;
428			// }
429			// }
430	2594f401	yakatz	$mod_csr = csr_get_modulus($pconfig['csr'], false);
431			$mod_cert = cert_get_modulus($pconfig['cert'], false);
432	a828210b	yakatz
433			if (strcmp($mod_csr,$mod_cert)) {
434			// simply: if the moduli don't match, then the private key and public key won't match
435			$input_errors[] = sprintf(gettext("The certificate modulus does not match the signing request modulus."),$subj_cert);
436			$subject_mismatch = true;
437			}
438	64cc39d3	Matthew Grooms
439			/* if this is an AJAX caller then handle via JSON */
440			if (isAjax() && is_array($input_errors)) {
441			input_errors2Ajax($input_errors);
442			exit;
443			}
444
445			/* save modifications */
446			if (!$input_errors) {
447
448			$cert = $a_cert[$id];
449
450	f2a86ca9	jim-p	$cert['descr'] = $pconfig['descr'];
451	64cc39d3	Matthew Grooms
452			csr_complete($cert, $pconfig['cert']);
453
454			$a_cert[$id] = $cert;
455
456			write_config();
457
458			pfSenseHeader("system_certmanager.php");
459			}
460			}
461			}
462
463			include("head.inc");
464			?>
465
466	b8e1877f	Colin Fleming	<body link="#000000" vlink="#000000" alink="#000000" onload="<?= $jsevents["body"]["onload"] ?>">
467	64cc39d3	Matthew Grooms	<?php include("fbegin.inc"); ?>
468			<script type="text/javascript">
469	b8e1877f	Colin Fleming	//<![CDATA[
470	64cc39d3	Matthew Grooms
471			function method_change() {
472
473			<?php
474			if ($internal_ca_count)
475			$submit_style = "";
476			else
477			$submit_style = "none";
478			?>
479
480			method = document.iform.method.selectedIndex;
481
482			switch (method) {
483			case 0:
484	ad9b5c67	jim-p	document.getElementById("import").style.display="";
485	64cc39d3	Matthew Grooms	document.getElementById("internal").style.display="none";
486			document.getElementById("external").style.display="none";
487	ad9b5c67	jim-p	document.getElementById("existing").style.display="none";
488			document.getElementById("descriptivename").style.display="";
489	96c7a492	Matthew Grooms	document.getElementById("submit").style.display="";
490	64cc39d3	Matthew Grooms	break;
491			case 1:
492	ad9b5c67	jim-p	document.getElementById("import").style.display="none";
493	64cc39d3	Matthew Grooms	document.getElementById("internal").style.display="";
494			document.getElementById("external").style.display="none";
495	ad9b5c67	jim-p	document.getElementById("existing").style.display="none";
496			document.getElementById("descriptivename").style.display="";
497	64cc39d3	Matthew Grooms	document.getElementById("submit").style.display="<?=$submit_style;?>";
498			break;
499			case 2:
500	ad9b5c67	jim-p	document.getElementById("import").style.display="none";
501	64cc39d3	Matthew Grooms	document.getElementById("internal").style.display="none";
502			document.getElementById("external").style.display="";
503	ad9b5c67	jim-p	document.getElementById("existing").style.display="none";
504			document.getElementById("descriptivename").style.display="";
505			document.getElementById("submit").style.display="";
506			break;
507			case 3:
508			document.getElementById("import").style.display="none";
509			document.getElementById("internal").style.display="none";
510			document.getElementById("external").style.display="none";
511			document.getElementById("existing").style.display="";
512			document.getElementById("descriptivename").style.display="none";
513	96c7a492	Matthew Grooms	document.getElementById("submit").style.display="";
514	64cc39d3	Matthew Grooms	break;
515			}
516			}
517
518			<?php if ($internal_ca_count): ?>
519			function internalca_change() {
520
521			index = document.iform.caref.selectedIndex;
522			caref = document.iform.caref[index].value;
523
524			switch (caref) {
525			<?php
526			foreach ($a_ca as $ca):
527			if (!$ca['prv'])
528			continue;
529			$subject = cert_get_subject_array($ca['crt']);
530			?>
531			case "<?=$ca['refid'];?>":
532			document.iform.dn_country.value = "<?=$subject[0]['v'];?>";
533			document.iform.dn_state.value = "<?=$subject[1]['v'];?>";
534			document.iform.dn_city.value = "<?=$subject[2]['v'];?>";
535			document.iform.dn_organization.value = "<?=$subject[3]['v'];?>";
536	ad9b5c67	jim-p	document.iform.dn_email.value = "<?=$subject[4]['v'];?>";
537	64cc39d3	Matthew Grooms	break;
538			<?php endforeach; ?>
539			}
540			}
541			<?php endif; ?>
542
543	b8e1877f	Colin Fleming	//]]>
544	2f65de89	jim-p	</script>
545	b8e1877f	Colin Fleming	<script type="text/javascript" src="/javascript/row_helper_dynamic.js"></script>
546	2f65de89	jim-p	<input type='hidden' name='altname_value_type' value='select' />
547			<input type='hidden' name='altname_type_type' value='textbox' />
548			<script type="text/javascript">
549	b8e1877f	Colin Fleming	//<![CDATA[
550	2f65de89	jim-p	rowname[0] = "altname_type";
551			rowtype[0] = "textbox";
552			rowsize[0] = "10";
553			rowname[1] = "altname_value";
554			rowtype[1] = "textbox";
555			rowsize[1] = "30";
556	b8e1877f	Colin Fleming	//]]>
557	2f65de89	jim-p	</script>
558	64cc39d3	Matthew Grooms	<?php
559			if ($input_errors)
560			print_input_errors($input_errors);
561			if ($savemsg)
562			print_info_box($savemsg);
563	24cbe7a8	Evgeny Yurchenko
564			// Load valid country codes
565			$dn_cc = array();
566			if (file_exists("/etc/ca_countries")){
567			$dn_cc_file=file("/etc/ca_countries");
568			foreach($dn_cc_file as $line)
569			if (preg_match('/^(\S)\s(.)$/', $line, $matches))
570			array_push($dn_cc, $matches[1]);
571			}
572	64cc39d3	Matthew Grooms	?>
573	b8e1877f	Colin Fleming	<table width="100%" border="0" cellpadding="0" cellspacing="0" summary="cert manager">
574	64cc39d3	Matthew Grooms	<tr>
575			<td class="tabnavtbl">
576			<?php
577			$tab_array = array();
578			$tab_array[] = array(gettext("CAs"), false, "system_camanager.php");
579			$tab_array[] = array(gettext("Certificates"), true, "system_certmanager.php");
580	3d57d2d5	jim-p	$tab_array[] = array(gettext("Certificate Revocation"), false, "system_crlmanager.php");
581	64cc39d3	Matthew Grooms	display_top_tabs($tab_array);
582			?>
583			</td>
584			</tr>
585			<tr>
586	96c7a492	Matthew Grooms	<td id="mainarea">
587			<div class="tabcont">
588
589	e64aa6f8	Carlos Eduardo Ramos	<?php if ($act == "new" \|\| (($_POST['save'] == gettext("Save")) && $input_errors)): ?>
590	96c7a492	Matthew Grooms
591			<form action="system_certmanager.php" method="post" name="iform" id="iform">
592	b8e1877f	Colin Fleming	<table width="100%" border="0" cellpadding="6" cellspacing="0" summary="main area">
593	96c7a492	Matthew Grooms	<?php if (!isset($id)): ?>
594			<tr>
595			<td width="22%" valign="top" class="vncellreq"><?=gettext("Method");?></td>
596			<td width="78%" class="vtable">
597			<select name='method' id='method' class="formselect" onchange='method_change()'>
598			<?php
599			foreach($cert_methods as $method => $desc):
600			$selected = "";
601			if ($pconfig['method'] == $method)
602	b8e1877f	Colin Fleming	$selected = " selected=\"selected\"";
603	96c7a492	Matthew Grooms	?>
604			<option value="<?=$method;?>"<?=$selected;?>><?=$desc;?></option>
605			<?php endforeach; ?>
606			</select>
607			</td>
608			</tr>
609			<?php endif; ?>
610	ad9b5c67	jim-p	<tr id="descriptivename">
611			<?php
612	f2a86ca9	jim-p	if ($a_user && empty($pconfig['descr']))
613			$pconfig['descr'] = $a_user[$userid]['name'];
614	ad9b5c67	jim-p	?>
615			<td width="22%" valign="top" class="vncellreq"><?=gettext("Descriptive name");?></td>
616			<td width="78%" class="vtable">
617	f2a86ca9	jim-p	<input name="descr" type="text" class="formfld unknown" id="descr" size="20" value="<?=htmlspecialchars($pconfig['descr']);?>"/>
618	ad9b5c67	jim-p	</td>
619			</tr>
620	96c7a492	Matthew Grooms	</table>
621
622	b8e1877f	Colin Fleming	<table width="100%" border="0" cellpadding="6" cellspacing="0" id="import" summary="import">
623	96c7a492	Matthew Grooms	<tr>
624			<td colspan="2" class="list" height="12"></td>
625			</tr>
626			<tr>
627	ad9b5c67	jim-p	<td colspan="2" valign="top" class="listtopic"><?=gettext("Import Certificate");?></td>
628	96c7a492	Matthew Grooms	</tr>
629
630			<tr>
631	a37753d7	Vinicius Coque	<td width="22%" valign="top" class="vncellreq"><?=gettext("Certificate data");?></td>
632	96c7a492	Matthew Grooms	<td width="78%" class="vtable">
633	dd5bf424	Scott Ullrich	<textarea name="cert" id="cert" cols="65" rows="7" class="formfld_cert"><?=htmlspecialchars($pconfig['cert']);?></textarea>
634	b8e1877f	Colin Fleming	<br/>
635			<?=gettext("Paste a certificate in X.509 PEM format here.");?>
636	96c7a492	Matthew Grooms	</td>
637			</tr>
638			<tr>
639	a37753d7	Vinicius Coque	<td width="22%" valign="top" class="vncellreq"><?=gettext("Private key data");?></td>
640	96c7a492	Matthew Grooms	<td width="78%" class="vtable">
641	dd5bf424	Scott Ullrich	<textarea name="key" id="key" cols="65" rows="7" class="formfld_cert"><?=htmlspecialchars($pconfig['key']);?></textarea>
642	b8e1877f	Colin Fleming	<br/>
643	3065c8cd	bcyrill	<?=gettext("Paste a private key in X.509 PEM format here.");?>
644	96c7a492	Matthew Grooms	</td>
645			</tr>
646			</table>
647
648	b8e1877f	Colin Fleming	<table width="100%" border="0" cellpadding="6" cellspacing="0" id="internal" summary="internal">
649	96c7a492	Matthew Grooms	<tr>
650			<td colspan="2" class="list" height="12"></td>
651			</tr>
652			<tr>
653	a37753d7	Vinicius Coque	<td colspan="2" valign="top" class="listtopic"><?=gettext("Internal Certificate");?></td>
654	96c7a492	Matthew Grooms	</tr>
655
656			<?php if (!$internal_ca_count): ?>
657
658			<tr>
659			<td colspan="2" align="center" class="vtable">
660	a37753d7	Vinicius Coque	<?=gettext("No internal Certificate Authorities have been defined. You must");?>
661	b8e1877f	Colin Fleming	<a href="system_camanager.php?act=new&method=internal"><?=gettext("create");?></a>
662	a37753d7	Vinicius Coque	<?=gettext("an internal CA before creating an internal certificate.");?>
663	96c7a492	Matthew Grooms	</td>
664			</tr>
665
666			<?php else: ?>
667
668			<tr>
669			<td width="22%" valign="top" class="vncellreq"><?=gettext("Certificate authority");?></td>
670			<td width="78%" class="vtable">
671	b8e1877f	Colin Fleming	<select name='caref' id='caref' class="formselect" onchange='internalca_change()'>
672	96c7a492	Matthew Grooms	<?php
673			foreach( $a_ca as $ca):
674			if (!$ca['prv'])
675			continue;
676			$selected = "";
677			if ($pconfig['caref'] == $ca['refid'])
678	b8e1877f	Colin Fleming	$selected = " selected=\"selected\"";
679	96c7a492	Matthew Grooms	?>
680	f2a86ca9	jim-p	<option value="<?=$ca['refid'];?>"<?=$selected;?>><?=$ca['descr'];?></option>
681	96c7a492	Matthew Grooms	<?php endforeach; ?>
682			</select>
683			</td>
684			</tr>
685			<tr>
686			<td width="22%" valign="top" class="vncellreq"><?=gettext("Key length");?></td>
687			<td width="78%" class="vtable">
688			<select name='keylen' class="formselect">
689			<?php
690			foreach( $cert_keylens as $len):
691			$selected = "";
692			if ($pconfig['keylen'] == $len)
693	b8e1877f	Colin Fleming	$selected = " selected=\"selected\"";
694	96c7a492	Matthew Grooms	?>
695			<option value="<?=$len;?>"<?=$selected;?>><?=$len;?></option>
696			<?php endforeach; ?>
697			</select>
698	a37753d7	Vinicius Coque	<?=gettext("bits");?>
699	96c7a492	Matthew Grooms	</td>
700			</tr>
701	ca621902	jim-p	<tr>
702			<td width="22%" valign="top" class="vncellreq"><?=gettext("Digest Algorithm");?></td>
703			<td width="78%" class="vtable">
704			<select name='digest_alg' id='digest_alg' class="formselect">
705			<?php
706			foreach( $openssl_digest_algs as $digest_alg):
707			$selected = "";
708			if ($pconfig['digest_alg'] == $digest_alg)
709	b8e1877f	Colin Fleming	$selected = " selected=\"selected\"";
710	ca621902	jim-p	?>
711			<option value="<?=$digest_alg;?>"<?=$selected;?>><?=strtoupper($digest_alg);?></option>
712			<?php endforeach; ?>
713			</select>
714			<br/><?= gettext("NOTE: It is recommended to use an algorithm stronger than SHA1 when possible.") ?>
715			</td>
716			</tr>
717	7aaabd69	jim-p	<tr>
718			<td width="22%" valign="top" class="vncellreq"><?=gettext("Certificate Type");?></td>
719			<td width="78%" class="vtable">
720			<select name='type' class="formselect">
721			<?php
722			foreach( $cert_types as $ct => $ctdesc ):
723			$selected = "";
724			if ($pconfig['type'] == $ct)
725	b8e1877f	Colin Fleming	$selected = " selected=\"selected\"";
726	7aaabd69	jim-p	?>
727			<option value="<?=$ct;?>"<?=$selected;?>><?=$ctdesc;?></option>
728			<?php endforeach; ?>
729			</select>
730			<br/>
731			<?=gettext("Type of certificate to generate. Used for placing restrictions on the usage of the generated certificate.");?>
732			</td>
733			</tr>
734	96c7a492	Matthew Grooms	<tr>
735			<td width="22%" valign="top" class="vncellreq"><?=gettext("Lifetime");?></td>
736			<td width="78%" class="vtable">
737			<input name="lifetime" type="text" class="formfld unknown" id="lifetime" size="5" value="<?=htmlspecialchars($pconfig['lifetime']);?>"/>
738	a37753d7	Vinicius Coque	<?=gettext("days");?>
739	96c7a492	Matthew Grooms	</td>
740			</tr>
741			<tr>
742			<td width="22%" valign="top" class="vncellreq"><?=gettext("Distinguished name");?></td>
743			<td width="78%" class="vtable">
744	b8e1877f	Colin Fleming	<table border="0" cellspacing="0" cellpadding="2" summary="name">
745	96c7a492	Matthew Grooms	<tr>
746	a37753d7	Vinicius Coque	<td align="right"><?=gettext("Country Code");?> :  </td>
747	96c7a492	Matthew Grooms	<td align="left">
748	0fcaf4f2	jim-p	<input name="dn_country" type="text" class="formfld unknown" maxlength="2" size="2" value="<?=htmlspecialchars($pconfig['dn_country']);?>"/>
749	96c7a492	Matthew Grooms	</td>
750			</tr>
751			<tr>
752	a37753d7	Vinicius Coque	<td align="right"><?=gettext("State or Province");?> :  </td>
753	96c7a492	Matthew Grooms	<td align="left">
754	0fcaf4f2	jim-p	<input name="dn_state" type="text" class="formfld unknown" size="40" value="<?=htmlspecialchars($pconfig['dn_state']);?>"/>
755	96c7a492	Matthew Grooms	</td>
756			</tr>
757			<tr>
758	a37753d7	Vinicius Coque	<td align="right"><?=gettext("City");?> :  </td>
759	96c7a492	Matthew Grooms	<td align="left">
760	0fcaf4f2	jim-p	<input name="dn_city" type="text" class="formfld unknown" size="40" value="<?=htmlspecialchars($pconfig['dn_city']);?>"/>
761	96c7a492	Matthew Grooms	</td>
762			</tr>
763			<tr>
764	a37753d7	Vinicius Coque	<td align="right"><?=gettext("Organization");?> :  </td>
765	96c7a492	Matthew Grooms	<td align="left">
766	0fcaf4f2	jim-p	<input name="dn_organization" type="text" class="formfld unknown" size="40" value="<?=htmlspecialchars($pconfig['dn_organization']);?>"/>
767	96c7a492	Matthew Grooms	</td>
768			</tr>
769			<tr>
770	a37753d7	Vinicius Coque	<td align="right"><?=gettext("Email Address");?> :  </td>
771	96c7a492	Matthew Grooms	<td align="left">
772			<input name="dn_email" type="text" class="formfld unknown" size="25" value="<?=htmlspecialchars($pconfig['dn_email']);?>"/>
773
774			<em>ex:</em>
775
776	a37753d7	Vinicius Coque	<?=gettext("webadmin@mycompany.com");?>
777	96c7a492	Matthew Grooms	</td>
778			</tr>
779			<tr>
780	a37753d7	Vinicius Coque	<td align="right"><?=gettext("Common Name");?> :  </td>
781	96c7a492	Matthew Grooms	<td align="left">
782	ad9b5c67	jim-p	<?php
783			if ($a_user && empty($pconfig['dn_commonname']))
784			$pconfig['dn_commonname'] = $a_user[$userid]['name'];
785			?>
786	96c7a492	Matthew Grooms	<input name="dn_commonname" type="text" class="formfld unknown" size="25" value="<?=htmlspecialchars($pconfig['dn_commonname']);?>"/>
787
788			<em>ex:</em>
789
790	a37753d7	Vinicius Coque	<?=gettext("www.example.com");?>
791	96c7a492	Matthew Grooms	</td>
792			</tr>
793	2f65de89	jim-p	<tr>
794			<td align="right"><?=gettext("Alternative Names");?> :  </td>
795			<td align="left">
796			<table id="altNametable">
797			<thead>
798			<tr>
799			<th><div id="onecolumn"><?=gettext("Type");?></div></th>
800			<th><div id="twocolumn"><?=gettext("Value");?></div></th>
801			</tr>
802			</thead>
803			<tbody>
804			<?php
805			$counter = 0;
806			if($pconfig['altnames']['item']):
807			foreach($pconfig['altnames']['item'] as $item):
808			$type = $item['type'];
809			$value = $item['value'];
810			?>
811			<tr>
812			<td>
813			<input autocomplete="off" name="altname_type<?php echo $counter; ?>" type="text" class="formfld unknown" id="altname_type<?php echo $counter; ?>" size="20" value="<?=htmlspecialchars($value);?>" />
814			</td>
815			<td>
816			<input autocomplete="off" name="altname_value<?php echo $counter; ?>" type="text" class="formfld unknown" id="altname_value<?php echo $counter; ?>" size="20" value="<?=htmlspecialchars($value);?>" />
817			</td>
818			<td>
819			<a onclick="removeRow(this); return false;" href="#"><img border="0" src="/themes/<?echo $g['theme'];?>/images/icons/icon_x.gif" alt="" title="<?=gettext("remove this entry"); ?>" /></a>
820			</td>
821			</tr>
822			<?php
823			$counter++;
824			endforeach;
825			endif;
826			?>
827	b8e1877f	Colin Fleming	<tr><td> </td></tr>
828	2f65de89	jim-p	</tbody>
829			</table>
830			<a onclick="javascript:addRowTo('altNametable', 'formfldalias'); return false;" href="#">
831			<img border="0" src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" alt="" title="<?=gettext("add another entry");?>" />
832			</a>
833			<script type="text/javascript">
834	b8e1877f	Colin Fleming	//<![CDATA[
835	2f65de89	jim-p	field_counter_js = 3;
836			rows = 1;
837			totalrows = <?php echo $counter; ?>;
838			loaded = <?php echo $counter; ?>;
839	b8e1877f	Colin Fleming	//]]>
840	2f65de89	jim-p	</script>
841			<br/>NOTE: Type must be one of DNS (FQDN or Hostname), IP (IP address), URI, or email.
842			</td>
843			</tr>
844	96c7a492	Matthew Grooms	</table>
845			</td>
846			</tr>
847	64cc39d3	Matthew Grooms
848			<?php endif; ?>
849
850	96c7a492	Matthew Grooms	</table>
851
852	b8e1877f	Colin Fleming	<table width="100%" border="0" cellpadding="6" cellspacing="0" id="external" summary="external">
853	96c7a492	Matthew Grooms	<tr>
854			<td colspan="2" class="list" height="12"></td>
855			</tr>
856			<tr>
857	a37753d7	Vinicius Coque	<td colspan="2" valign="top" class="listtopic"><?=gettext("External Signing Request");?></td>
858	96c7a492	Matthew Grooms	</tr>
859			<tr>
860			<td width="22%" valign="top" class="vncellreq"><?=gettext("Key length");?></td>
861			<td width="78%" class="vtable">
862			<select name='csr_keylen' class="formselect">
863			<?php
864	741d748d	jim-p	if (!isset($pconfig['csr_keylen']) && isset($pconfig['csr_keylen']))
865			$pconfig['csr_keylen'] = $pconfig['csr_keylen'];
866	96c7a492	Matthew Grooms	foreach( $cert_keylens as $len):
867			$selected = "";
868	741d748d	jim-p	if ($pconfig['csr_keylen'] == $len)
869	b8e1877f	Colin Fleming	$selected = " selected=\"selected\"";
870	96c7a492	Matthew Grooms	?>
871			<option value="<?=$len;?>"<?=$selected;?>><?=$len;?></option>
872			<?php endforeach; ?>
873			</select>
874			bits
875			</td>
876			</tr>
877	24c0145c	jim-p	<tr>
878			<td width="22%" valign="top" class="vncellreq"><?=gettext("Digest Algorithm");?></td>
879			<td width="78%" class="vtable">
880	8f07b51c	PiBa-NL	<select name='csr_digest_alg' id='csr_digest_alg' class="formselect">
881	24c0145c	jim-p	<?php
882	8f07b51c	PiBa-NL	foreach( $openssl_digest_algs as $csr_digest_alg):
883	24c0145c	jim-p	$selected = "";
884	8f07b51c	PiBa-NL	if ($pconfig['csr_digest_alg'] == $csr_digest_alg)
885	b8e1877f	Colin Fleming	$selected = " selected=\"selected\"";
886	24c0145c	jim-p	?>
887	8f07b51c	PiBa-NL	<option value="<?=$csr_digest_alg;?>"<?=$selected;?>><?=strtoupper($csr_digest_alg);?></option>
888	24c0145c	jim-p	<?php endforeach; ?>
889			</select>
890			<br/><?= gettext("NOTE: It is recommended to use an algorithm stronger than SHA1 when possible.") ?>
891			</td>
892			</tr>
893	96c7a492	Matthew Grooms	<tr>
894			<td width="22%" valign="top" class="vncellreq"><?=gettext("Distinguished name");?></td>
895			<td width="78%" class="vtable">
896	b8e1877f	Colin Fleming	<table border="0" cellspacing="0" cellpadding="2" summary="name">
897	96c7a492	Matthew Grooms	<tr>
898	a37753d7	Vinicius Coque	<td align="right"><?=gettext("Country Code");?> :  </td>
899	96c7a492	Matthew Grooms	<td align="left">
900	24cbe7a8	Evgeny Yurchenko	<select name='csr_dn_country' class="formselect">
901			<?php
902			foreach( $dn_cc as $cc){
903			$selected = "";
904	3065c8cd	bcyrill	if ($pconfig['csr_dn_country'] == $cc)
905	b8e1877f	Colin Fleming	$selected = " selected=\"selected\"";
906	3065c8cd	bcyrill	print "<option value=\"$cc\"$selected>$cc</option>";
907	24cbe7a8	Evgeny Yurchenko	}
908			?>
909			</select>
910	96c7a492	Matthew Grooms	</td>
911			</tr>
912			<tr>
913	a37753d7	Vinicius Coque	<td align="right"><?=gettext("State or Province");?> :  </td>
914	96c7a492	Matthew Grooms	<td align="left">
915			<input name="csr_dn_state" type="text" class="formfld unknown" size="40" value="<?=htmlspecialchars($pconfig['csr_dn_state']);?>" />
916
917			<em>ex:</em>
918
919	a37753d7	Vinicius Coque	<?=gettext("Texas");?>
920	96c7a492	Matthew Grooms	</td>
921			</tr>
922			<tr>
923	a37753d7	Vinicius Coque	<td align="right"><?=gettext("City");?> :  </td>
924	96c7a492	Matthew Grooms	<td align="left">
925			<input name="csr_dn_city" type="text" class="formfld unknown" size="40" value="<?=htmlspecialchars($pconfig['csr_dn_city']);?>" />
926
927			<em>ex:</em>
928
929	a37753d7	Vinicius Coque	<?=gettext("Austin");?>
930	96c7a492	Matthew Grooms	</td>
931			</tr>
932			<tr>
933	a37753d7	Vinicius Coque	<td align="right"><?=gettext("Organization");?> :  </td>
934	96c7a492	Matthew Grooms	<td align="left">
935			<input name="csr_dn_organization" type="text" class="formfld unknown" size="40" value="<?=htmlspecialchars($pconfig['csr_dn_organization']);?>" />
936
937			<em>ex:</em>
938
939	a37753d7	Vinicius Coque	<?=gettext("My Company Inc.");?>
940	96c7a492	Matthew Grooms	</td>
941			</tr>
942			<tr>
943	a37753d7	Vinicius Coque	<td align="right"><?=gettext("Email Address");?> :  </td>
944	96c7a492	Matthew Grooms	<td align="left">
945			<input name="csr_dn_email" type="text" class="formfld unknown" size="25" value="<?=htmlspecialchars($pconfig['csr_dn_email']);?>"/>
946
947			<em>ex:</em>
948
949	a37753d7	Vinicius Coque	<?=gettext("webadmin@mycompany.com");?>
950	96c7a492	Matthew Grooms	</td>
951			</tr>
952			<tr>
953	a37753d7	Vinicius Coque	<td align="right"><?=gettext("Common Name");?> :  </td>
954	96c7a492	Matthew Grooms	<td align="left">
955			<input name="csr_dn_commonname" type="text" class="formfld unknown" size="25" value="<?=htmlspecialchars($pconfig['csr_dn_commonname']);?>"/>
956
957			<em>ex:</em>
958
959	a37753d7	Vinicius Coque	<?=gettext("www.example.com");?>
960	96c7a492	Matthew Grooms	</td>
961			</tr>
962			</table>
963			</td>
964			</tr>
965			</table>
966
967	b8e1877f	Colin Fleming	<table width="100%" border="0" cellpadding="6" cellspacing="0" id="existing" summary="existing">
968	ad9b5c67	jim-p	<tr>
969			<td colspan="2" class="list" height="12"></td>
970			</tr>
971			<tr>
972			<td colspan="2" valign="top" class="listtopic"><?=gettext("Choose an Existing Certificate");?></td>
973			</tr>
974			<tr>
975			<td width="22%" valign="top" class="vncellreq"><?=gettext("Existing Certificates");?></td>
976			<td width="78%" class="vtable">
977			<?php if (isset($userid) && $a_user): ?>
978			<input name="userid" type="hidden" value="<?=$userid;?>" />
979			<?php endif;?>
980			<select name='certref' class="formselect">
981			<?php
982			foreach ($config['cert'] as $cert):
983			$selected = "";
984			$caname = "";
985			$inuse = "";
986	6a0b3ea4	jim-p	$revoked = "";
987	f0664ac7	bcyrill	if (isset($userid) && in_array($cert['refid'], $config['system']['user'][$userid]['cert']))
988	ad9b5c67	jim-p	continue;
989			$ca = lookup_ca($cert['caref']);
990			if ($ca)
991	f2a86ca9	jim-p	$caname = " (CA: {$ca['descr']})";
992	ad9b5c67	jim-p	if ($pconfig['certref'] == $cert['refid'])
993	b8e1877f	Colin Fleming	$selected = " selected=\"selected\"";
994	ad9b5c67	jim-p	if (cert_in_use($cert['refid']))
995			$inuse = " *In Use";
996	6a0b3ea4	jim-p	if (is_cert_revoked($cert))
997			$revoked = " *Revoked";
998	ad9b5c67	jim-p	?>
999	3065c8cd	bcyrill	<option value="<?=$cert['refid'];?>"<?=$selected;?>><?=$cert['descr'] . $caname . $inuse . $revoked;?></option>
1000	ad9b5c67	jim-p	<?php endforeach; ?>
1001			</select>
1002			</td>
1003			</tr>
1004			</table>
1005
1006	b8e1877f	Colin Fleming	<table width="100%" border="0" cellpadding="6" cellspacing="0" summary="save">
1007	96c7a492	Matthew Grooms	<tr>
1008			<td width="22%" valign="top"> </td>
1009			<td width="78%">
1010	e64aa6f8	Carlos Eduardo Ramos	<input id="submit" name="save" type="submit" class="formbtn" value="<?=gettext("Save");?>" />
1011	96c7a492	Matthew Grooms	<?php if (isset($id) && $a_cert[$id]): ?>
1012			<input name="id" type="hidden" value="<?=$id;?>" />
1013			<?php endif;?>
1014			</td>
1015			</tr>
1016			</table>
1017			</form>
1018
1019	e64aa6f8	Carlos Eduardo Ramos	<?php elseif ($act == "csr" \|\| (($_POST['save'] == gettext("Update")) && $input_errors)):?>
1020	96c7a492	Matthew Grooms
1021			<form action="system_certmanager.php" method="post" name="iform" id="iform">
1022	b8e1877f	Colin Fleming	<table width="100%" border="0" cellpadding="6" cellspacing="0" summary="name">
1023	96c7a492	Matthew Grooms	<tr>
1024			<td width="22%" valign="top" class="vncellreq"><?=gettext("Descriptive name");?></td>
1025			<td width="78%" class="vtable">
1026	f2a86ca9	jim-p	<input name="descr" type="text" class="formfld unknown" id="descr" size="20" value="<?=htmlspecialchars($pconfig['descr']);?>"/>
1027	96c7a492	Matthew Grooms	</td>
1028			</tr>
1029			<tr>
1030			<td colspan="2" class="list" height="12"></td>
1031			</tr>
1032			<tr>
1033	a37753d7	Vinicius Coque	<td colspan="2" valign="top" class="listtopic"><?=gettext("Complete Signing Request");?></td>
1034	96c7a492	Matthew Grooms	</tr>
1035
1036			<tr>
1037	5077b1e4	Chris Buechler	<td width="22%" valign="top" class="vncellreq"><?=gettext("Signing request data");?></td>
1038	96c7a492	Matthew Grooms	<td width="78%" class="vtable">
1039	b8e1877f	Colin Fleming	<textarea name="csr" id="csr" cols="65" rows="7" class="formfld_cert" readonly="readonly"><?=htmlspecialchars($pconfig['csr']);?></textarea>
1040			<br/>
1041	a37753d7	Vinicius Coque	<?=gettext("Copy the certificate signing data from here and forward it to your certificate authority for signing.");?></td>
1042	96c7a492	Matthew Grooms	</td>
1043			</tr>
1044			<tr>
1045	5077b1e4	Chris Buechler	<td width="22%" valign="top" class="vncellreq"><?=gettext("Final certificate data");?></td>
1046	96c7a492	Matthew Grooms	<td width="78%" class="vtable">
1047	dd5bf424	Scott Ullrich	<textarea name="cert" id="cert" cols="65" rows="7" class="formfld_cert"><?=htmlspecialchars($pconfig['cert']);?></textarea>
1048	b8e1877f	Colin Fleming	<br/>
1049	1dfb7795	Chris Buechler	<?=gettext("Paste the certificate received from your certificate authority here.");?></td>
1050	96c7a492	Matthew Grooms	</td>
1051			</tr>
1052			<tr>
1053			<td width="22%" valign="top"> </td>
1054			<td width="78%">
1055	a828210b	yakatz	<?php /* if ( isset($subject_mismatch) && $subject_mismatch === true): ?>
1056	e2e934e0	yakatz	<input id="ignoresubjectmismatch" name="ignoresubjectmismatch" type="checkbox" class="formbtn" value="yes" />
1057			<label for="ignoresubjectmismatch"><strong><?=gettext("Ignore certificate subject mismatch"); ?></strong></label><br />
1058			<?php echo gettext("Warning: Using this option may create an " .
1059			"invalid certificate. Check this box to disable the request -> " .
1060			"response subject verification. ");
1061			?><br/>
1062	a828210b	yakatz	<?php endif; */ ?>
1063	e64aa6f8	Carlos Eduardo Ramos	<input id="submit" name="save" type="submit" class="formbtn" value="<?=gettext("Update");?>" />
1064	96c7a492	Matthew Grooms	<?php if (isset($id) && $a_cert[$id]): ?>
1065			<input name="id" type="hidden" value="<?=$id;?>" />
1066			<input name="act" type="hidden" value="csr" />
1067			<?php endif;?>
1068			</td>
1069			</tr>
1070			</table>
1071			</form>
1072
1073			<?php else:?>
1074
1075	b8e1877f	Colin Fleming	<table width="100%" border="0" cellpadding="0" cellspacing="0" summary="details">
1076	64cc39d3	Matthew Grooms	<tr>
1077	d590fa20	jim-p	<td width="15%" class="listhdrr"><?=gettext("Name");?></td>
1078			<td width="15%" class="listhdrr"><?=gettext("Issuer");?></td>
1079	a37753d7	Vinicius Coque	<td width="40%" class="listhdrr"><?=gettext("Distinguished Name");?></td>
1080	d590fa20	jim-p	<td width="10%" class="listhdrr"><?=gettext("In Use");?></td>
1081	96c7a492	Matthew Grooms	<td width="10%" class="list"></td>
1082	64cc39d3	Matthew Grooms	</tr>
1083	96c7a492	Matthew Grooms	<?php
1084			$i = 0;
1085			foreach($a_cert as $cert):
1086	f2a86ca9	jim-p	$name = htmlspecialchars($cert['descr']);
1087	a828210b	yakatz
1088	96c7a492	Matthew Grooms	if ($cert['crt']) {
1089	2cf6ddcb	Nigel Graham	$subj = cert_get_subject($cert['crt']);
1090			$issuer = cert_get_issuer($cert['crt']);
1091	1379d66f	jim-p	$purpose = cert_get_purpose($cert['crt']);
1092	2b333210	jim-p	list($startdate, $enddate) = cert_get_dates($cert['crt']);
1093	2cf6ddcb	Nigel Graham	if($subj==$issuer)
1094	a37753d7	Vinicius Coque	$caname = "<em>" . gettext("self-signed") . "</em>";
1095	2cf6ddcb	Nigel Graham	else
1096	a37753d7	Vinicius Coque	$caname = "<em>" . gettext("external"). "</em>";
1097	2cf6ddcb	Nigel Graham	$subj = htmlspecialchars($subj);
1098	96c7a492	Matthew Grooms	}
1099
1100			if ($cert['csr']) {
1101			$subj = htmlspecialchars(csr_get_subject($cert['csr']));
1102	a37753d7	Vinicius Coque	$caname = "<em>" . gettext("external - signature pending") . "</em>";
1103	96c7a492	Matthew Grooms	}
1104
1105			$ca = lookup_ca($cert['caref']);
1106			if ($ca)
1107	f2a86ca9	jim-p	$caname = $ca['descr'];
1108	96c7a492	Matthew Grooms
1109			if($cert['prv'])
1110			$certimg = "/themes/{$g['theme']}/images/icons/icon_frmfld_cert.png";
1111			else
1112			$certimg = "/themes/{$g['theme']}/images/icons/icon_frmfld_cert.png";
1113			?>
1114	64cc39d3	Matthew Grooms	<tr>
1115	96c7a492	Matthew Grooms	<td class="listlr">
1116	b8e1877f	Colin Fleming	<table border="0" cellpadding="0" cellspacing="0" summary="icon">
1117	64cc39d3	Matthew Grooms	<tr>
1118	b8e1877f	Colin Fleming	<td align="left" valign="middle">
1119	96c7a492	Matthew Grooms	<img src="<?=$certimg;?>" alt="CA" title="CA" border="0" height="16" width="16" />
1120	64cc39d3	Matthew Grooms	</td>
1121	96c7a492	Matthew Grooms	<td align="left" valign="middle">
1122			<?=$name;?>
1123	64cc39d3	Matthew Grooms	</td>
1124			</tr>
1125	1379d66f	jim-p	<tr><td> </td></tr>
1126	7aaabd69	jim-p	<?php if ($cert['type']): ?>
1127			<tr><td colspan="2"><em><?php echo $cert_types[$cert['type']]; ?></em></td></tr>
1128			<?php endif; ?>
1129	1379d66f	jim-p	<?php if (is_array($purpose)): ?>
1130			<tr><td colspan="2">
1131			CA: <?php echo $purpose['ca']; ?>,
1132			Server: <?php echo $purpose['server']; ?>
1133			</td></tr>
1134			<?php endif; ?>
1135	64cc39d3	Matthew Grooms	</table>
1136			</td>
1137	96c7a492	Matthew Grooms	<td class="listr"><?=$caname;?> </td>
1138	2b333210	jim-p	<td class="listr"><?=$subj;?> <br />
1139	b8e1877f	Colin Fleming	<table width="100%" style="font-size: 9px" summary="valid">
1140	2b333210	jim-p	<tr>
1141			<td width="10%"> </td>
1142			<td width="20%"><?=gettext("Valid From")?>:</td>
1143			<td width="70%"><?= $startdate ?></td>
1144			</tr>
1145			<tr>
1146			<td> </td>
1147			<td><?=gettext("Valid Until")?>:</td>
1148			<td><?= $enddate ?></td>
1149			</tr>
1150			</table>
1151			</td>
1152	d590fa20	jim-p	<td class="listr">
1153	150bbe09	jim-p	<?php if (is_cert_revoked($cert)): ?>
1154			<b>Revoked</b><br/>
1155			<?php endif; ?>
1156	d590fa20	jim-p	<?php if (is_webgui_cert($cert['refid'])): ?>
1157			webConfigurator<br/>
1158			<?php endif; ?>
1159			<?php if (is_user_cert($cert['refid'])): ?>
1160			User Cert<br/>
1161			<?php endif; ?>
1162			<?php if (is_openvpn_server_cert($cert['refid'])): ?>
1163			OpenVPN Server<br/>
1164			<?php endif; ?>
1165			<?php if (is_openvpn_client_cert($cert['refid'])): ?>
1166			OpenVPN Client<br/>
1167			<?php endif; ?>
1168			<?php if (is_ipsec_cert($cert['refid'])): ?>
1169			IPsec Tunnel<br/>
1170			<?php endif; ?>
1171	36f6ed35	bcyrill	<?php if (is_captiveportal_cert($cert['refid'])): ?>
1172			Captive Portal<br/>
1173			<?php endif; ?>
1174	d590fa20	jim-p	</td>
1175	b8e1877f	Colin Fleming	<td valign="middle" class="list nowrap">
1176	c1d1844a	bcyrill	<a href="system_certmanager.php?act=exp&id=<?=$i;?>">
1177	a37753d7	Vinicius Coque	<img src="/themes/<?= $g['theme'];?>/images/icons/icon_down.gif" title="<?=gettext("export cert");?>" alt="<?=gettext("export ca");?>" width="17" height="17" border="0" />
1178	96c7a492	Matthew Grooms	</a>
1179	c1d1844a	bcyrill	<a href="system_certmanager.php?act=key&id=<?=$i;?>">
1180	a37753d7	Vinicius Coque	<img src="/themes/<?= $g['theme'];?>/images/icons/icon_down.gif" title="<?=gettext("export key");?>" alt="<?=gettext("export ca");?>" width="17" height="17" border="0" />
1181	73fbece8	mgrooms	</a>
1182	c1d1844a	bcyrill	<a href="system_certmanager.php?act=p12&id=<?=$i;?>">
1183	eed5b507	jim-p	<img src="/themes/<?= $g['theme'];?>/images/icons/icon_down.gif" title="<?=gettext("export ca cert+user cert+user cert key in .p12 format");?>" alt="<?=gettext("export ca cert+user cert+user cert key in .p12 format");?>" width="17" height="17" border="0" />
1184	eaf23c17	jim-p	</a>
1185	0879599c	jim-p	<?php if (!cert_in_use($cert['refid'])): ?>
1186	b8e1877f	Colin Fleming	<a href="system_certmanager.php?act=del&id=<?=$i;?>" onclick="return confirm('<?=gettext("Do you really want to delete this Certificate?");?>')">
1187	a37753d7	Vinicius Coque	<img src="/themes/<?= $g['theme'];?>/images/icons/icon_x.gif" title="<?=gettext("delete cert");?>" alt="<?=gettext("delete cert");?>" width="17" height="17" border="0" />
1188	96c7a492	Matthew Grooms	</a>
1189	0879599c	jim-p	<?php endif; ?>
1190	96c7a492	Matthew Grooms	<?php if ($cert['csr']): ?>
1191
1192	c1d1844a	bcyrill	<a href="system_certmanager.php?act=csr&id=<?=$i;?>">
1193	a37753d7	Vinicius Coque	<img src="/themes/<?= $g['theme'];?>/images/icons/icon_e.gif" title="<?=gettext("update csr");?>" alt="<?=gettext("update csr");?>" width="17" height="17" border="0" />
1194	96c7a492	Matthew Grooms	</a>
1195			<?php endif; ?>
1196	64cc39d3	Matthew Grooms	</td>
1197			</tr>
1198	96c7a492	Matthew Grooms	<?php
1199			$i++;
1200			endforeach;
1201			?>
1202	64cc39d3	Matthew Grooms	<tr>
1203	0879599c	jim-p	<td class="list" colspan="4"></td>
1204	96c7a492	Matthew Grooms	<td class="list">
1205			<a href="system_certmanager.php?act=new">
1206	d4090fbf	jim-p	<img src="/themes/<?= $g['theme'];?>/images/icons/icon_plus.gif" title="<?=gettext("add or import certificate");?>" alt="<?=gettext("add certificate");?>" width="17" height="17" border="0" />
1207	96c7a492	Matthew Grooms	</a>
1208	64cc39d3	Matthew Grooms	</td>
1209			</tr>
1210	0879599c	jim-p	<tr>
1211			<td> </td>
1212	9338cf35	Warren Baker	<td colspan="3"><?=gettext("Note: You can only delete a certificate if it is not currently in use.");?></td>
1213	0879599c	jim-p	</tr>
1214	64cc39d3	Matthew Grooms	</table>
1215
1216	96c7a492	Matthew Grooms	<?php endif; ?>
1217	64cc39d3	Matthew Grooms
1218	96c7a492	Matthew Grooms	</div>
1219	64cc39d3	Matthew Grooms	</td>
1220			</tr>
1221			</table>
1222			<?php include("fend.inc");?>
1223			<script type="text/javascript">
1224	b8e1877f	Colin Fleming	//<![CDATA[
1225	64cc39d3	Matthew Grooms
1226			method_change();
1227			internalca_change();
1228
1229	b8e1877f	Colin Fleming	//]]>
1230	64cc39d3	Matthew Grooms	</script>
1231
1232			</body>
1233	b8e1877f	Colin Fleming	</html>

Project

General

Profile

pfSense