/src/usr/local/www/system_certmanager.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/src/usr/local/www/system_certmanager.php @ 1f954318

1	64cc39d3	Matthew Grooms	<?php
2			/*
3	c5d81585	Renato Botelho	* system_certmanager.php
4	98402844	Stephen Beaver	*
5	c5d81585	Renato Botelho	* part of pfSense (https://www.pfsense.org)
6			* Copyright (c) 2004-2016 Electric Sheep Fencing, LLC
7			* Copyright (c) 2008 Shrew Soft Inc
8			* All rights reserved.
9	98402844	Stephen Beaver	*
10	c5d81585	Renato Botelho	* Redistribution and use in source and binary forms, with or without
11			* modification, are permitted provided that the following conditions are met:
12	98402844	Stephen Beaver	*
13	c5d81585	Renato Botelho	* 1. Redistributions of source code must retain the above copyright notice,
14			* this list of conditions and the following disclaimer.
15	98402844	Stephen Beaver	*
16	c5d81585	Renato Botelho	* 2. Redistributions in binary form must reproduce the above copyright
17			* notice, this list of conditions and the following disclaimer in
18			* the documentation and/or other materials provided with the
19			* distribution.
20	98402844	Stephen Beaver	*
21	c5d81585	Renato Botelho	* 3. All advertising materials mentioning features or use of this software
22			* must display the following acknowledgment:
23			* "This product includes software developed by the pfSense Project
24			* for use in the pfSense® software distribution. (http://www.pfsense.org/).
25	98402844	Stephen Beaver	*
26	c5d81585	Renato Botelho	* 4. The names "pfSense" and "pfSense Project" must not be used to
27			* endorse or promote products derived from this software without
28			* prior written permission. For written permission, please contact
29			* coreteam@pfsense.org.
30	98402844	Stephen Beaver	*
31	c5d81585	Renato Botelho	* 5. Products derived from this software may not be called "pfSense"
32			* nor may "pfSense" appear in their names without prior written
33			* permission of the Electric Sheep Fencing, LLC.
34	98402844	Stephen Beaver	*
35	c5d81585	Renato Botelho	* 6. Redistributions of any form whatsoever must retain the following
36			* acknowledgment:
37	98402844	Stephen Beaver	*
38	c5d81585	Renato Botelho	* "This product includes software developed by the pfSense Project
39			* for use in the pfSense software distribution (http://www.pfsense.org/).
40	98402844	Stephen Beaver	*
41	c5d81585	Renato Botelho	* THIS SOFTWARE IS PROVIDED BY THE pfSense PROJECT ``AS IS'' AND ANY
42			* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43			* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
44			* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE pfSense PROJECT OR
45			* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
46			* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
47			* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
48			* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
49			* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
50			* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
51			* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
52			* OF THE POSSIBILITY OF SUCH DAMAGE.
53	98402844	Stephen Beaver	*/
54	64cc39d3	Matthew Grooms
55			##\|+PRIV
56			##\|*IDENT=page-system-certmanager
57			##\|*NAME=System: Certificate Manager
58			##\|*DESCR=Allow access to the 'System: Certificate Manager' page.
59			##\|MATCH=system_certmanager.php
60			##\|-PRIV
61
62	c81ef6e2	Phil Davis	require_once("guiconfig.inc");
63	14f5ae08	Ermal Lu?i	require_once("certs.inc");
64	64cc39d3	Matthew Grooms
65			$cert_methods = array(
66	ad9b5c67	jim-p	"import" => gettext("Import an existing Certificate"),
67	a37753d7	Vinicius Coque	"internal" => gettext("Create an internal Certificate"),
68	ad9b5c67	jim-p	"external" => gettext("Create a Certificate Signing Request"),
69			);
70	64cc39d3	Matthew Grooms
71	5065aa44	stilez	$cert_keylens = array("512", "1024", "2048", "3072", "4096", "7680", "8192", "15360", "16384");
72	56b1ed39	Phil Davis	$cert_types = array(
73			"server" => "Server Certificate",
74			"user" => "User Certificate");
75	64cc39d3	Matthew Grooms
76	2f65de89	jim-p	$altname_types = array("DNS", "IP", "email", "URI");
77	5065aa44	stilez	$openssl_digest_algs = array("sha1", "sha224", "sha256", "sha384", "sha512", "whirlpool");
78	2f65de89	jim-p
79	56b1ed39	Phil Davis	if (is_numericint($_GET['userid'])) {
80	e41ec584	Renato Botelho	$userid = $_GET['userid'];
81	56b1ed39	Phil Davis	}
82			if (isset($_POST['userid']) && is_numericint($_POST['userid'])) {
83	ad9b5c67	jim-p	$userid = $_POST['userid'];
84	56b1ed39	Phil Davis	}
85	e41ec584	Renato Botelho
86			if (isset($userid)) {
87	ad9b5c67	jim-p	$cert_methods["existing"] = gettext("Choose an existing certificate");
88	56b1ed39	Phil Davis	if (!is_array($config['system']['user'])) {
89	ad9b5c67	jim-p	$config['system']['user'] = array();
90	56b1ed39	Phil Davis	}
91	ad9b5c67	jim-p	$a_user =& $config['system']['user'];
92			}
93
94	56b1ed39	Phil Davis	if (is_numericint($_GET['id'])) {
95	e41ec584	Renato Botelho	$id = $_GET['id'];
96	56b1ed39	Phil Davis	}
97			if (isset($_POST['id']) && is_numericint($_POST['id'])) {
98	64cc39d3	Matthew Grooms	$id = $_POST['id'];
99	56b1ed39	Phil Davis	}
100	64cc39d3	Matthew Grooms
101	56b1ed39	Phil Davis	if (!is_array($config['ca'])) {
102	b4e6524c	jim-p	$config['ca'] = array();
103	56b1ed39	Phil Davis	}
104	64cc39d3	Matthew Grooms
105	b4e6524c	jim-p	$a_ca =& $config['ca'];
106	64cc39d3	Matthew Grooms
107	56b1ed39	Phil Davis	if (!is_array($config['cert'])) {
108	b4e6524c	jim-p	$config['cert'] = array();
109	56b1ed39	Phil Davis	}
110	64cc39d3	Matthew Grooms
111	b4e6524c	jim-p	$a_cert =& $config['cert'];
112	64cc39d3	Matthew Grooms
113			$internal_ca_count = 0;
114	56b1ed39	Phil Davis	foreach ($a_ca as $ca) {
115			if ($ca['prv']) {
116	64cc39d3	Matthew Grooms	$internal_ca_count++;
117	56b1ed39	Phil Davis	}
118			}
119	64cc39d3	Matthew Grooms
120			$act = $_GET['act'];
121	8b35eae5	Stephen Beaver
122	56b1ed39	Phil Davis	if ($_POST['act']) {
123	64cc39d3	Matthew Grooms	$act = $_POST['act'];
124	56b1ed39	Phil Davis	}
125	64cc39d3	Matthew Grooms
126			if ($act == "del") {
127
128	40e6086a	jim-p	if (!isset($a_cert[$id])) {
129	64cc39d3	Matthew Grooms	pfSenseHeader("system_certmanager.php");
130			exit;
131			}
132
133			unset($a_cert[$id]);
134			write_config();
135	8545adde	k-paulius	$savemsg = sprintf(gettext("Certificate %s successfully deleted."), htmlspecialchars($a_cert[$id]['descr']));
136	2f51259b	jim-p	pfSenseHeader("system_certmanager.php");
137			exit;
138	64cc39d3	Matthew Grooms	}
139
140	8b35eae5	Stephen Beaver
141	64cc39d3	Matthew Grooms	if ($act == "new") {
142			$pconfig['method'] = $_GET['method'];
143			$pconfig['keylen'] = "2048";
144	28a20fdb	jim-p	$pconfig['digest_alg'] = "sha256";
145	8f07b51c	PiBa-NL	$pconfig['csr_keylen'] = "2048";
146			$pconfig['csr_digest_alg'] = "sha256";
147	7aaabd69	jim-p	$pconfig['type'] = "user";
148	cf360495	Chris Buechler	$pconfig['lifetime'] = "3650";
149	64cc39d3	Matthew Grooms	}
150
151	93823b10	Matthew Grooms	if ($act == "exp") {
152
153			if (!$a_cert[$id]) {
154			pfSenseHeader("system_certmanager.php");
155			exit;
156			}
157
158	f2a86ca9	jim-p	$exp_name = urlencode("{$a_cert[$id]['descr']}.crt");
159	93823b10	Matthew Grooms	$exp_data = base64_decode($a_cert[$id]['crt']);
160			$exp_size = strlen($exp_data);
161
162			header("Content-Type: application/octet-stream");
163			header("Content-Disposition: attachment; filename={$exp_name}");
164			header("Content-Length: $exp_size");
165			echo $exp_data;
166			exit;
167			}
168
169	53f5b15f	jim-p	if ($act == "req") {
170
171			if (!$a_cert[$id]) {
172			pfSenseHeader("system_certmanager.php");
173			exit;
174			}
175
176			$exp_name = urlencode("{$a_cert[$id]['descr']}.req");
177			$exp_data = base64_decode($a_cert[$id]['csr']);
178			$exp_size = strlen($exp_data);
179
180			header("Content-Type: application/octet-stream");
181			header("Content-Disposition: attachment; filename={$exp_name}");
182			header("Content-Length: $exp_size");
183			echo $exp_data;
184			exit;
185			}
186
187	73fbece8	mgrooms	if ($act == "key") {
188
189			if (!$a_cert[$id]) {
190			pfSenseHeader("system_certmanager.php");
191			exit;
192			}
193
194	f2a86ca9	jim-p	$exp_name = urlencode("{$a_cert[$id]['descr']}.key");
195	73fbece8	mgrooms	$exp_data = base64_decode($a_cert[$id]['prv']);
196			$exp_size = strlen($exp_data);
197
198			header("Content-Type: application/octet-stream");
199			header("Content-Disposition: attachment; filename={$exp_name}");
200			header("Content-Length: $exp_size");
201			echo $exp_data;
202			exit;
203			}
204
205	eaf23c17	jim-p	if ($act == "p12") {
206			if (!$a_cert[$id]) {
207			pfSenseHeader("system_certmanager.php");
208			exit;
209			}
210
211			$exp_name = urlencode("{$a_cert[$id]['descr']}.p12");
212	eed5b507	jim-p	$args = array();
213			$args['friendly_name'] = $a_cert[$id]['descr'];
214
215			$ca = lookup_ca($a_cert[$id]['caref']);
216	56b1ed39	Phil Davis	if ($ca) {
217	eed5b507	jim-p	$args['extracerts'] = openssl_x509_read(base64_decode($ca['crt']));
218	56b1ed39	Phil Davis	}
219	eaf23c17	jim-p
220			$res_crt = openssl_x509_read(base64_decode($a_cert[$id]['crt']));
221			$res_key = openssl_pkey_get_private(array(0 => base64_decode($a_cert[$id]['prv']) , 1 => ""));
222
223			$exp_data = "";
224	eed5b507	jim-p	openssl_pkcs12_export($res_crt, $exp_data, $res_key, null, $args);
225	eaf23c17	jim-p	$exp_size = strlen($exp_data);
226
227			header("Content-Type: application/octet-stream");
228			header("Content-Disposition: attachment; filename={$exp_name}");
229			header("Content-Length: $exp_size");
230			echo $exp_data;
231			exit;
232			}
233
234	64cc39d3	Matthew Grooms	if ($act == "csr") {
235			if (!$a_cert[$id]) {
236			pfSenseHeader("system_certmanager.php");
237			exit;
238			}
239
240	f2a86ca9	jim-p	$pconfig['descr'] = $a_cert[$id]['descr'];
241	64cc39d3	Matthew Grooms	$pconfig['csr'] = base64_decode($a_cert[$id]['csr']);
242			}
243
244			if ($_POST) {
245	762faef5	Phil Davis	// This is just the blank alternate name that is added for display purposes. We don't want to validate/save it
246	78863416	Phil Davis	if ($_POST['altname_value0'] == "") {
247	3f0efd58	Stephen Beaver	unset($_POST['altname_type0']);
248			unset($_POST['altname_value0']);
249			}
250	0edcccc3	Daniel Seebald
251	e64aa6f8	Carlos Eduardo Ramos	if ($_POST['save'] == gettext("Save")) {
252	21cc2faa	Evgeny Yurchenko	$input_errors = array();
253	64cc39d3	Matthew Grooms	$pconfig = $_POST;
254
255			/* input validation */
256	ad9b5c67	jim-p	if ($pconfig['method'] == "import") {
257	64cc39d3	Matthew Grooms	$reqdfields = explode(" ",
258	56b1ed39	Phil Davis	"descr cert key");
259	38fb1109	Vinicius Coque	$reqdfieldsn = array(
260	56b1ed39	Phil Davis	gettext("Descriptive name"),
261			gettext("Certificate data"),
262			gettext("Key data"));
263			if ($_POST['cert'] && (!strstr($_POST['cert'], "BEGIN CERTIFICATE") \|\| !strstr($_POST['cert'], "END CERTIFICATE"))) {
264	396cfe2e	jim-p	$input_errors[] = gettext("This certificate does not appear to be valid.");
265	56b1ed39	Phil Davis	}
266	64cc39d3	Matthew Grooms	}
267
268			if ($pconfig['method'] == "internal") {
269			$reqdfields = explode(" ",
270	56b1ed39	Phil Davis	"descr caref keylen type lifetime dn_country dn_state dn_city ".
271			"dn_organization dn_email dn_commonname");
272	38fb1109	Vinicius Coque	$reqdfieldsn = array(
273	56b1ed39	Phil Davis	gettext("Descriptive name"),
274			gettext("Certificate authority"),
275			gettext("Key length"),
276			gettext("Certificate Type"),
277			gettext("Lifetime"),
278			gettext("Distinguished name Country Code"),
279			gettext("Distinguished name State or Province"),
280			gettext("Distinguished name City"),
281			gettext("Distinguished name Organization"),
282			gettext("Distinguished name Email Address"),
283			gettext("Distinguished name Common Name"));
284	64cc39d3	Matthew Grooms	}
285
286			if ($pconfig['method'] == "external") {
287			$reqdfields = explode(" ",
288	56b1ed39	Phil Davis	"descr csr_keylen csr_dn_country csr_dn_state csr_dn_city ".
289			"csr_dn_organization csr_dn_email csr_dn_commonname");
290	38fb1109	Vinicius Coque	$reqdfieldsn = array(
291	56b1ed39	Phil Davis	gettext("Descriptive name"),
292			gettext("Key length"),
293			gettext("Distinguished name Country Code"),
294			gettext("Distinguished name State or Province"),
295			gettext("Distinguished name City"),
296			gettext("Distinguished name Organization"),
297			gettext("Distinguished name Email Address"),
298			gettext("Distinguished name Common Name"));
299	64cc39d3	Matthew Grooms	}
300
301	ad9b5c67	jim-p	if ($pconfig['method'] == "existing") {
302			$reqdfields = array("certref");
303			$reqdfieldsn = array(gettext("Existing Certificate Choice"));
304			}
305
306	547c56c4	jim-p	$altnames = array();
307	1e9b4611	Renato Botelho	do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors);
308	eecbeec4	Renato Botelho	if ($pconfig['method'] != "import" && $pconfig['method'] != "existing") {
309	2f65de89	jim-p	/* subjectAltNames */
310	bf9d50e8	Stephen Beaver	foreach ($_POST as $key => $value) {
311			$entry = '';
312			if (!substr_compare('altname_type', $key, 0, 12)) {
313			$entry = substr($key, 12);
314			$field = 'type';
315	78863416	Phil Davis	} elseif (!substr_compare('altname_value', $key, 0, 13)) {
316	bf9d50e8	Stephen Beaver	$entry = substr($key, 13);
317			$field = 'value';
318			}
319
320			if (ctype_digit($entry)) {
321	3f0efd58	Stephen Beaver	$entry++; // Pre-bootstrap code is one-indexed, but the bootstrap code is 0-indexed
322	bf9d50e8	Stephen Beaver	$altnames[$entry][$field] = $value;
323			}
324	2f65de89	jim-p	}
325	bf9d50e8	Stephen Beaver
326	edf37d56	Renato Botelho	$pconfig['altnames']['item'] = $altnames;
327	2f65de89	jim-p
328			/* Input validation for subjectAltNames */
329			foreach ($altnames as $idx => $altname) {
330			switch ($altname['type']) {
331			case "DNS":
332	0edcccc3	Daniel Seebald	if (!is_hostname($altname['value'], true)) {
333			array_push($input_errors, "DNS subjectAltName values must be valid hostnames, FQDNs or wildcard domains.");
334	56b1ed39	Phil Davis	}
335	2f65de89	jim-p	break;
336			case "IP":
337	56b1ed39	Phil Davis	if (!is_ipaddr($altname['value'])) {
338	2f65de89	jim-p	array_push($input_errors, "IP subjectAltName values must be valid IP Addresses");
339	56b1ed39	Phil Davis	}
340	2f65de89	jim-p	break;
341			case "email":
342	56b1ed39	Phil Davis	if (empty($altname['value'])) {
343	813c6673	NOYB	array_push($input_errors, "An e-mail address must be provided for this type of subjectAltName");
344	56b1ed39	Phil Davis	}
345			if (preg_match("/[\!\#\$\%\^\~\?\>\<\&\/\\\,\"\']/", $altname['value'])) {
346	2f65de89	jim-p	array_push($input_errors, "The e-mail provided in a subjectAltName contains invalid characters.");
347	56b1ed39	Phil Davis	}
348	2f65de89	jim-p	break;
349			case "URI":
350			/* Close enough? */
351	56b1ed39	Phil Davis	if (!is_URL($altname['value'])) {
352	2f65de89	jim-p	$input_errors[] = "URI subjectAltName types must be a valid URI";
353	56b1ed39	Phil Davis	}
354	2f65de89	jim-p	break;
355			default:
356			$input_errors[] = "Unrecognized subjectAltName type.";
357			}
358			}
359
360	21cc2faa	Evgeny Yurchenko	/* Make sure we do not have invalid characters in the fields for the certificate */
361	b741d2ef	jim-p
362			if (preg_match("/[\?\>\<\&\/\\\"\']/", $_POST['descr'])) {
363			array_push($input_errors, "The field 'Descriptive Name' contains invalid characters.");
364			}
365
366	21cc2faa	Evgeny Yurchenko	for ($i = 0; $i < count($reqdfields); $i++) {
367	56b1ed39	Phil Davis	if (preg_match('/email/', $reqdfields[$i])) { /* dn_email or csr_dn_name */
368			if (preg_match("/[\!\#\$\%\^\~\?\>\<\&\/\\\,\"\']/", $_POST[$reqdfields[$i]])) {
369	762faef5	Phil Davis	array_push($input_errors, gettext("The field 'Distinguished name Email Address' contains invalid characters."));
370	56b1ed39	Phil Davis	}
371			} else if (preg_match('/commonname/', $reqdfields[$i])) { /* dn_commonname or csr_dn_commonname */
372			if (preg_match("/[\!\@\#\$\%\^\~\?\>\<\&\/\\\,\"\']/", $_POST[$reqdfields[$i]])) {
373	762faef5	Phil Davis	array_push($input_errors, gettext("The field 'Distinguished name Common Name' contains invalid characters."));
374	56b1ed39	Phil Davis	}
375			} else if (($reqdfields[$i] != "descr") && preg_match("/[\!\@\#\$\%\^\~\?\>\<\&\/\\\,\.\"\']/", $_POST[$reqdfields[$i]])) {
376	762faef5	Phil Davis	array_push($input_errors, sprintf(gettext("The field '%s' contains invalid characters."), $reqdfieldsn[$i]));
377	56b1ed39	Phil Davis	}
378	21cc2faa	Evgeny Yurchenko	}
379	738fab3d	jim-p
380	56b1ed39	Phil Davis	if (($pconfig['method'] != "external") && isset($_POST["keylen"]) && !in_array($_POST["keylen"], $cert_keylens)) {
381	741d748d	jim-p	array_push($input_errors, gettext("Please select a valid Key Length."));
382	56b1ed39	Phil Davis	}
383			if (($pconfig['method'] != "external") && !in_array($_POST["digest_alg"], $openssl_digest_algs)) {
384	8f07b51c	PiBa-NL	array_push($input_errors, gettext("Please select a valid Digest Algorithm."));
385	56b1ed39	Phil Davis	}
386	b49f31d0	Sjon Hortensius
387	56b1ed39	Phil Davis	if (($pconfig['method'] == "external") && isset($_POST["csr_keylen"]) && !in_array($_POST["csr_keylen"], $cert_keylens)) {
388	ca621902	jim-p	array_push($input_errors, gettext("Please select a valid Key Length."));
389	56b1ed39	Phil Davis	}
390			if (($pconfig['method'] == "external") && !in_array($_POST["csr_digest_alg"], $openssl_digest_algs)) {
391	ca621902	jim-p	array_push($input_errors, gettext("Please select a valid Digest Algorithm."));
392	56b1ed39	Phil Davis	}
393	547c56c4	jim-p	}
394	64cc39d3	Matthew Grooms
395			/* save modifications */
396			if (!$input_errors) {
397
398	ad9b5c67	jim-p	if ($pconfig['method'] == "existing") {
399			$cert = lookup_cert($pconfig['certref']);
400	56b1ed39	Phil Davis	if ($cert && $a_user) {
401	ad9b5c67	jim-p	$a_user[$userid]['cert'][] = $cert['refid'];
402	56b1ed39	Phil Davis	}
403	ad9b5c67	jim-p	} else {
404			$cert = array();
405			$cert['refid'] = uniqid();
406	56b1ed39	Phil Davis	if (isset($id) && $a_cert[$id]) {
407	ad9b5c67	jim-p	$cert = $a_cert[$id];
408	56b1ed39	Phil Davis	}
409	ad9b5c67	jim-p
410	f2a86ca9	jim-p	$cert['descr'] = $pconfig['descr'];
411	ad9b5c67	jim-p
412	f416763b	Phil Davis	$old_err_level = error_reporting(0); /* otherwise openssl_ functions throw warnings directly to a page screwing menu tab */
413	22b380aa	Evgeny Yurchenko
414	56b1ed39	Phil Davis	if ($pconfig['method'] == "import") {
415	ad9b5c67	jim-p	cert_import($cert, $pconfig['cert'], $pconfig['key']);
416	56b1ed39	Phil Davis	}
417	ad9b5c67	jim-p
418			if ($pconfig['method'] == "internal") {
419			$dn = array(
420			'countryName' => $pconfig['dn_country'],
421			'stateOrProvinceName' => $pconfig['dn_state'],
422			'localityName' => $pconfig['dn_city'],
423			'organizationName' => $pconfig['dn_organization'],
424			'emailAddress' => $pconfig['dn_email'],
425			'commonName' => $pconfig['dn_commonname']);
426	bf9d50e8	Stephen Beaver
427	2f65de89	jim-p	if (count($altnames)) {
428			$altnames_tmp = "";
429			foreach ($altnames as $altname) {
430			$altnames_tmp[] = "{$altname['type']}:{$altname['value']}";
431			}
432	bf9d50e8	Stephen Beaver
433	2f65de89	jim-p	$dn['subjectAltName'] = implode(",", $altnames_tmp);
434			}
435	bf9d50e8	Stephen Beaver
436			if (!cert_create($cert, $pconfig['caref'], $pconfig['keylen'], $pconfig['lifetime'], $dn, $pconfig['type'], $pconfig['digest_alg'])) {
437	56b1ed39	Phil Davis	while ($ssl_err = openssl_error_string()) {
438	22b380aa	Evgeny Yurchenko	$input_errors = array();
439			array_push($input_errors, "openssl library returns: " . $ssl_err);
440			}
441			}
442	ad9b5c67	jim-p	}
443
444			if ($pconfig['method'] == "external") {
445			$dn = array(
446			'countryName' => $pconfig['csr_dn_country'],
447			'stateOrProvinceName' => $pconfig['csr_dn_state'],
448			'localityName' => $pconfig['csr_dn_city'],
449			'organizationName' => $pconfig['csr_dn_organization'],
450			'emailAddress' => $pconfig['csr_dn_email'],
451			'commonName' => $pconfig['csr_dn_commonname']);
452	2f65de89	jim-p	if (count($altnames)) {
453			$altnames_tmp = "";
454			foreach ($altnames as $altname) {
455			$altnames_tmp[] = "{$altname['type']}:{$altname['value']}";
456			}
457			$dn['subjectAltName'] = implode(",", $altnames_tmp);
458			}
459	b29c322c	Stephen Beaver
460	56b1ed39	Phil Davis	if (!csr_generate($cert, $pconfig['csr_keylen'], $dn, $pconfig['csr_digest_alg'])) {
461			while ($ssl_err = openssl_error_string()) {
462	22b380aa	Evgeny Yurchenko	$input_errors = array();
463			array_push($input_errors, "openssl library returns: " . $ssl_err);
464			}
465			}
466	ad9b5c67	jim-p	}
467	22b380aa	Evgeny Yurchenko	error_reporting($old_err_level);
468
469	56b1ed39	Phil Davis	if (isset($id) && $a_cert[$id]) {
470	ad9b5c67	jim-p	$a_cert[$id] = $cert;
471	56b1ed39	Phil Davis	} else {
472	ad9b5c67	jim-p	$a_cert[] = $cert;
473	56b1ed39	Phil Davis	}
474	bf9d50e8	Stephen Beaver
475	56b1ed39	Phil Davis	if (isset($a_user) && isset($userid)) {
476	ad9b5c67	jim-p	$a_user[$userid]['cert'][] = $cert['refid'];
477	56b1ed39	Phil Davis	}
478	64cc39d3	Matthew Grooms	}
479
480	56b1ed39	Phil Davis	if (!$input_errors) {
481	22b380aa	Evgeny Yurchenko	write_config();
482	56b1ed39	Phil Davis	}
483	64cc39d3	Matthew Grooms
484	1a6769a6	Renato Botelho	if ($userid) {
485			post_redirect("system_usermanager.php", array('act' => 'edit', 'userid' => $userid));
486			exit;
487			}
488	64cc39d3	Matthew Grooms	}
489			}
490
491	a37753d7	Vinicius Coque	if ($_POST['save'] == gettext("Update")) {
492	64cc39d3	Matthew Grooms	unset($input_errors);
493			$pconfig = $_POST;
494
495			/* input validation */
496	5293bfec	jim-p	$reqdfields = explode(" ", "descr cert");
497	76d49f20	Renato Botelho	$reqdfieldsn = array(
498	78863416	Phil Davis	gettext("Descriptive name"),
499			gettext("Final Certificate data"));
500	64cc39d3	Matthew Grooms
501	1e9b4611	Renato Botelho	do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors);
502	64cc39d3	Matthew Grooms
503	b741d2ef	jim-p	if (preg_match("/[\?\>\<\&\/\\\"\']/", $_POST['descr'])) {
504			array_push($input_errors, "The field 'Descriptive Name' contains invalid characters.");
505			}
506
507	a828210b	yakatz	// old way
508	64cc39d3	Matthew Grooms	/* make sure this csr and certificate subjects match */
509	a828210b	yakatz	// $subj_csr = csr_get_subject($pconfig['csr'], false);
510			// $subj_cert = cert_get_subject($pconfig['cert'], false);
511			//
512	56b1ed39	Phil Davis	// if (!isset($_POST['ignoresubjectmismatch']) && !($_POST['ignoresubjectmismatch'] == "yes")) {
513			// if (strcmp($subj_csr, $subj_cert)) {
514			// $input_errors[] = sprintf(gettext("The certificate subject '%s' does not match the signing request subject."), $subj_cert);
515	a828210b	yakatz	// $subject_mismatch = true;
516			// }
517			// }
518	6c07db48	Phil Davis	$mod_csr = csr_get_modulus($pconfig['csr'], false);
519	2594f401	yakatz	$mod_cert = cert_get_modulus($pconfig['cert'], false);
520	b49f31d0	Sjon Hortensius
521	56b1ed39	Phil Davis	if (strcmp($mod_csr, $mod_cert)) {
522	a828210b	yakatz	// simply: if the moduli don't match, then the private key and public key won't match
523	56b1ed39	Phil Davis	$input_errors[] = sprintf(gettext("The certificate modulus does not match the signing request modulus."), $subj_cert);
524	a828210b	yakatz	$subject_mismatch = true;
525			}
526	64cc39d3	Matthew Grooms
527			/* save modifications */
528			if (!$input_errors) {
529
530			$cert = $a_cert[$id];
531
532	f2a86ca9	jim-p	$cert['descr'] = $pconfig['descr'];
533	64cc39d3	Matthew Grooms
534			csr_complete($cert, $pconfig['cert']);
535
536			$a_cert[$id] = $cert;
537
538			write_config();
539
540			pfSenseHeader("system_certmanager.php");
541			}
542			}
543			}
544
545	56c6b1cb	k-paulius	$pgtitle = array(gettext("System"), gettext("Certificate Manager"), gettext("Certificates"));
546
547			if (($act == "new" \|\| ($_POST['save'] == gettext("Save") && $input_errors)) \|\| ($act == "csr" \|\| ($_POST['save'] == gettext("Update") && $input_errors))) {
548			$pgtitle[] = gettext('Edit');
549			}
550	64cc39d3	Matthew Grooms	include("head.inc");
551	b49f31d0	Sjon Hortensius
552	78863416	Phil Davis	if ($input_errors) {
553	b49f31d0	Sjon Hortensius	print_input_errors($input_errors);
554	78863416	Phil Davis	}
555	0edcccc3	Daniel Seebald
556	78863416	Phil Davis	if ($savemsg) {
557	3f0efd58	Stephen Beaver	print_info_box($savemsg, 'success');
558	78863416	Phil Davis	}
559	b49f31d0	Sjon Hortensius
560			$tab_array = array();
561			$tab_array[] = array(gettext("CAs"), false, "system_camanager.php");
562			$tab_array[] = array(gettext("Certificates"), true, "system_certmanager.php");
563			$tab_array[] = array(gettext("Certificate Revocation"), false, "system_crlmanager.php");
564			display_top_tabs($tab_array);
565
566			// Load valid country codes
567			$dn_cc = array();
568	78863416	Phil Davis	if (file_exists("/etc/ca_countries")) {
569	b49f31d0	Sjon Hortensius	$dn_cc_file=file("/etc/ca_countries");
570	78863416	Phil Davis	foreach ($dn_cc_file as $line) {
571	b8f22f61	Stephen Beaver	if (preg_match('/^(\S)\s(.)$/', $line, $matches)) {
572			$dn_cc[$matches[1]] = $matches[1];
573			}
574			}
575	b49f31d0	Sjon Hortensius	}
576
577	b29c322c	Stephen Beaver	if ($act == "new" \|\| (($_POST['save'] == gettext("Save")) && $input_errors)) {
578	b35250d9	NewEraCracker	$form = new Form();
579			$form->setAction('system_certmanager.php?act=edit');
580	b49f31d0	Sjon Hortensius
581	b35250d9	NewEraCracker	if (isset($userid) && $a_user) {
582			$form->addGlobal(new Form_Input(
583			'userid',
584			null,
585			'hidden',
586			$userid
587			));
588			}
589	b49f31d0	Sjon Hortensius
590	78863416	Phil Davis	if (isset($id) && $a_cert[$id]) {
591	b49f31d0	Sjon Hortensius	$form->addGlobal(new Form_Input(
592			'id',
593			null,
594			'hidden',
595			$id
596			));
597	64cc39d3	Matthew Grooms	}
598	b49f31d0	Sjon Hortensius
599	b35250d9	NewEraCracker	$section = new Form_Section('Add a New Certificate');
600
601			if (!isset($id)) {
602			$section->addInput(new Form_Select(
603			'method',
604			'Method',
605			$pconfig['method'],
606			$cert_methods
607			))->toggles();
608			}
609
610	b49f31d0	Sjon Hortensius	$section->addInput(new Form_Input(
611			'descr',
612			'Descriptive name',
613			'text',
614	b35250d9	NewEraCracker	($a_user && empty($pconfig['descr'])) ? $a_user[$userid]['name'] : $pconfig['descr']
615			))->addClass('toggle-existing');
616	b49f31d0	Sjon Hortensius
617	b35250d9	NewEraCracker	$form->add($section);
618			$section = new Form_Section('Import Certificate');
619			$section->addClass('toggle-import collapse');
620	b49f31d0	Sjon Hortensius
621			$section->addInput(new Form_Textarea(
622			'cert',
623	b35250d9	NewEraCracker	'Certificate data',
624	78863416	Phil Davis	$pconfig['cert']
625	b35250d9	NewEraCracker	))->setHelp('Paste a certificate in X.509 PEM format here.');
626
627			$section->addInput(new Form_Textarea(
628			'key',
629			'Private key data',
630			$pconfig['key']
631			))->setHelp('Paste a private key in X.509 PEM format here.');
632	b49f31d0	Sjon Hortensius
633			$form->add($section);
634	b35250d9	NewEraCracker	$section = new Form_Section('Internal Certificate');
635			$section->addClass('toggle-internal collapse');
636
637			if (!$internal_ca_count) {
638			$section->addInput(new Form_StaticText(
639			'Certificate authority',
640	813c6673	NOYB	gettext('No internal Certificate Authorities have been defined. ').
641			gettext('An internal CA must be defined in order to create an internal certificate. ').
642			'<a href="system_camanager.php?act=new&method=internal"> '. gettext("Create") .'</a>'.
643			gettext(' an internal CA.')
644	b35250d9	NewEraCracker	));
645			} else {
646			$allCas = array();
647			foreach ($a_ca as $ca) {
648			if (!$ca['prv']) {
649			continue;
650			}
651	b49f31d0	Sjon Hortensius
652	b35250d9	NewEraCracker	$allCas[ $ca['refid'] ] = $ca['descr'];
653			}
654	64cc39d3	Matthew Grooms
655	b35250d9	NewEraCracker	$section->addInput(new Form_Select(
656			'caref',
657			'Certificate authority',
658			$pconfig['caref'],
659			$allCas
660			));
661			}
662	64cc39d3	Matthew Grooms
663	b35250d9	NewEraCracker	$section->addInput(new Form_Select(
664			'keylen',
665			'Key length',
666			$pconfig['keylen'],
667			array_combine($cert_keylens, $cert_keylens)
668	b49f31d0	Sjon Hortensius	));
669	64cc39d3	Matthew Grooms
670	b35250d9	NewEraCracker	$section->addInput(new Form_Select(
671			'digest_alg',
672			'Digest Algorithm',
673			$pconfig['digest_alg'],
674			array_combine($openssl_digest_algs, $openssl_digest_algs)
675			))->setHelp('NOTE: It is recommended to use an algorithm stronger than '.
676			'SHA1 when possible.');
677	b49f31d0	Sjon Hortensius
678			$section->addInput(new Form_Select(
679	b35250d9	NewEraCracker	'type',
680			'Certificate Type',
681			$pconfig['type'],
682			$cert_types
683			))->setHelp('Type of certificate to generate. Used for placing '.
684			'restrictions on the usage of the generated certificate.');
685	b49f31d0	Sjon Hortensius
686	b35250d9	NewEraCracker	$section->addInput(new Form_Input(
687			'lifetime',
688			'Lifetime (days)',
689			'number',
690			$pconfig['lifetime']
691			));
692	b49f31d0	Sjon Hortensius
693			$section->addInput(new Form_Select(
694	b35250d9	NewEraCracker	'dn_country',
695			'Country Code',
696			$pconfig['dn_country'],
697			$dn_cc
698	b49f31d0	Sjon Hortensius	));
699
700	b35250d9	NewEraCracker	$section->addInput(new Form_Input(
701			'dn_state',
702			'State or Province',
703			'text',
704			$pconfig['dn_state'],
705			['placeholder' => 'e.g. Texas']
706	b49f31d0	Sjon Hortensius	));
707
708	b35250d9	NewEraCracker	$section->addInput(new Form_Input(
709			'dn_city',
710			'City',
711			'text',
712			$pconfig['dn_city'],
713			['placeholder' => 'e.g. Austin']
714			));
715
716			$section->addInput(new Form_Input(
717			'dn_organization',
718			'Organization',
719			'text',
720			$pconfig['dn_organization'],
721			['placeholder' => 'e.g. My Company Inc.']
722			));
723
724			$section->addInput(new Form_Input(
725			'dn_email',
726			'Email Address',
727			'text',
728			$pconfig['dn_email'],
729			['placeholder' => 'e.g. admin@mycompany.com']
730			));
731
732			$section->addInput(new Form_Input(
733			'dn_commonname',
734			'Common Name',
735			'text',
736			$pconfig['dn_commonname'],
737			['placeholder' => 'e.g. www.example.com']
738			));
739
740			if (empty($pconfig['altnames']['item'])) {
741			$pconfig['altnames']['item'] = array(
742			array('type' => null, 'value' => null)
743			);
744	64cc39d3	Matthew Grooms	}
745	b49f31d0	Sjon Hortensius
746	b35250d9	NewEraCracker	$counter = 0;
747			$numrows = count($pconfig['altnames']['item']) - 1;
748
749			foreach ($pconfig['altnames']['item'] as $item) {
750
751			$group = new Form_Group($counter == 0 ? 'Alternative Names':'');
752
753			$group->add(new Form_Select(
754			'altname_type' . $counter,
755			'Type',
756			$item['type'],
757			array(
758			'DNS' => gettext('FQDN or Hostname'),
759			'IP' => gettext('IP address'),
760			'URI' => gettext('URI'),
761			'email' => gettext('email address'),
762			)
763			))->setHelp(($counter == $numrows) ? 'Type':null);
764
765			$group->add(new Form_Input(
766			'altname_value' . $counter,
767			null,
768			'text',
769			$item['value']
770			))->setHelp(($counter == $numrows) ? 'Value':null);
771
772			$group->add(new Form_Button(
773			'deleterow' . $counter,
774	faab522f	Renato Botelho	'Delete',
775	b35250d9	NewEraCracker	null,
776			'fa-trash'
777			))->addClass('btn-warning');
778
779			$group->addClass('repeatable');
780
781			$section->add($group);
782
783			$counter++;
784	64cc39d3	Matthew Grooms	}
785	b49f31d0	Sjon Hortensius
786	b35250d9	NewEraCracker	$section->addInput(new Form_Button(
787			'addrow',
788	faab522f	Renato Botelho	'Add',
789	b35250d9	NewEraCracker	null,
790			'fa-plus'
791			))->addClass('btn-success');
792
793			$form->add($section);
794			$section = new Form_Section('External Signing Request');
795			$section->addClass('toggle-external collapse');
796
797	b49f31d0	Sjon Hortensius	$section->addInput(new Form_Select(
798	b35250d9	NewEraCracker	'csr_keylen',
799			'Key length',
800			$pconfig['csr_keylen'],
801			array_combine($cert_keylens, $cert_keylens)
802	b49f31d0	Sjon Hortensius	));
803	64cc39d3	Matthew Grooms
804	b35250d9	NewEraCracker	$section->addInput(new Form_Select(
805			'csr_digest_alg',
806			'Digest Algorithm',
807			$pconfig['csr_digest_alg'],
808			array_combine($openssl_digest_algs, $openssl_digest_algs)
809			))->setHelp('NOTE: It is recommended to use an algorithm stronger than '.
810			'SHA1 when possible');
811	b49f31d0	Sjon Hortensius
812	b35250d9	NewEraCracker	$section->addInput(new Form_Select(
813			'csr_dn_country',
814			'Country Code',
815			$pconfig['csr_dn_country'],
816			$dn_cc
817			));
818	bf9d50e8	Stephen Beaver
819	b35250d9	NewEraCracker	$section->addInput(new Form_Input(
820			'csr_dn_state',
821			'State or Province',
822			'text',
823			$pconfig['csr_dn_state'],
824			['placeholder' => 'e.g. Texas']
825			));
826	bf9d50e8	Stephen Beaver
827	b35250d9	NewEraCracker	$section->addInput(new Form_Input(
828			'csr_dn_city',
829			'City',
830			'text',
831			$pconfig['csr_dn_city'],
832			['placeholder' => 'e.g. Austin']
833			));
834	bf9d50e8	Stephen Beaver
835	b35250d9	NewEraCracker	$section->addInput(new Form_Input(
836			'csr_dn_organization',
837			'Organization',
838			'text',
839			$pconfig['csr_dn_organization'],
840			['placeholder' => 'e.g. My Company Inc.']
841			));
842	b49f31d0	Sjon Hortensius
843	b35250d9	NewEraCracker	$section->addInput(new Form_Input(
844			'csr_dn_email',
845			'Email Address',
846	b49f31d0	Sjon Hortensius	'text',
847	b35250d9	NewEraCracker	$pconfig['csr_dn_email'],
848			['placeholder' => 'e.g. admin@mycompany.com']
849			));
850	bf9d50e8	Stephen Beaver
851	b35250d9	NewEraCracker	$section->addInput(new Form_Input(
852			'csr_dn_commonname',
853			'Common Name',
854			'text',
855			$pconfig['csr_dn_commonname'],
856			['placeholder' => 'e.g. internal-ca']
857			));
858	bf9d50e8	Stephen Beaver
859	b35250d9	NewEraCracker	$form->add($section);
860			$section = new Form_Section('Choose an Existing Certificate');
861			$section->addClass('toggle-existing collapse');
862	b49f31d0	Sjon Hortensius
863	b35250d9	NewEraCracker	$existCerts = array();
864	bf9d50e8	Stephen Beaver
865	b35250d9	NewEraCracker	foreach ($config['cert'] as $cert) {
866			if (is_array($config['system']['user'][$userid]['cert'])) { // Could be MIA!
867			if (isset($userid) && in_array($cert['refid'], $config['system']['user'][$userid]['cert'])) {
868			continue;
869			}
870			}
871	b49f31d0	Sjon Hortensius
872	b35250d9	NewEraCracker	$ca = lookup_ca($cert['caref']);
873			if ($ca) {
874			$cert['descr'] .= " (CA: {$ca['descr']})";
875	78863416	Phil Davis	}
876	b49f31d0	Sjon Hortensius
877	b35250d9	NewEraCracker	if (cert_in_use($cert['refid'])) {
878			$cert['descr'] .= " <i>In Use</i>";
879			}
880			if (is_cert_revoked($cert)) {
881			$cert['descr'] .= " <b>Revoked</b>";
882			}
883	b49f31d0	Sjon Hortensius
884	b35250d9	NewEraCracker	$existCerts[ $cert['refid'] ] = $cert['descr'];
885	78863416	Phil Davis	}
886	b49f31d0	Sjon Hortensius
887	b35250d9	NewEraCracker	$section->addInput(new Form_Select(
888			'certref',
889			'Existing Certificates',
890			$pconfig['certref'],
891			$existCerts
892			));
893	b49f31d0	Sjon Hortensius
894	b35250d9	NewEraCracker	$form->add($section);
895			print $form;
896	64cc39d3	Matthew Grooms
897	b29c322c	Stephen Beaver	} else if ($act == "csr" \|\| (($_POST['save'] == gettext("Update")) && $input_errors)) {
898	8f58b51b	jim-p	$form = new Form(false);
899	308f0665	NewEraCracker	$form->setAction('system_certmanager.php?act=csr');
900	b29c322c	Stephen Beaver
901	5f88f964	k-paulius	$section = new Form_Section("Complete Signing Request for " . $pconfig['descr']);
902	b29c322c	Stephen Beaver
903	ba5c55e9	Stephen Beaver	$section->addInput(new Form_Input(
904			'descr',
905			'Descriptive name',
906			'text',
907			$pconfig['descr']
908			));
909
910	b29c322c	Stephen Beaver	$section->addInput(new Form_Textarea(
911			'csr',
912			'Signing request data',
913			$pconfig['csr']
914			))->setReadonly()
915	af28e231	Stephen Beaver	->setWidth(7)
916	813c6673	NOYB	->setHelp('Copy the certificate signing data from here and forward it to a certificate authority for signing.');
917	b29c322c	Stephen Beaver
918			$section->addInput(new Form_Textarea(
919			'cert',
920			'Final certificate data',
921			$pconfig['cert']
922	af28e231	Stephen Beaver	))->setWidth(7)
923	813c6673	NOYB	->setHelp('Paste the certificate received from the certificate authority here.');
924	b29c322c	Stephen Beaver
925			if (isset($id) && $a_cert[$id]) {
926			$section->addInput(new Form_Input(
927			'id',
928			null,
929			'hidden',
930			$id
931			));
932
933			$section->addInput(new Form_Input(
934			'act',
935			null,
936			'hidden',
937			'csr'
938			));
939			}
940
941			$form->add($section);
942	8f58b51b	jim-p
943			$form->addGlobal(new Form_Button(
944	141d8913	jim-p	'save',
945	faab522f	Renato Botelho	'Update',
946	8f58b51b	jim-p	null,
947			'fa-save'
948			))->addClass('btn-primary');
949
950	b29c322c	Stephen Beaver	print($form);
951			} else {
952			?>
953	060ed238	Stephen Beaver	<div class="panel panel-default">
954			<div class="panel-heading"><h2 class="panel-title"><?=gettext('Certificates')?></h2></div>
955			<div class="panel-body">
956			<div class="table-responsive">
957			<table class="table table-striped table-hover">
958			<thead>
959			<tr>
960			<th><?=gettext("Name")?></th>
961			<th><?=gettext("Issuer")?></th>
962			<th><?=gettext("Distinguished Name")?></th>
963			<th><?=gettext("In Use")?></th>
964	4db1f211	Stephen Beaver
965	060ed238	Stephen Beaver	<th class="col-sm-2"><?=gettext("Actions")?></th>
966			</tr>
967			</thead>
968			<tbody>
969	b29c322c	Stephen Beaver	<?php
970	4db1f211	Stephen Beaver
971			$pluginparams = array();
972			$pluginparams['type'] = 'certificates';
973			$pluginparams['event'] = 'used_certificates';
974			$certificates_used_by_packages = pkg_call_plugins('plugin_certificates', $pluginparams);
975			$i = 0;
976	78863416	Phil Davis	foreach ($a_cert as $i => $cert):
977	b29c322c	Stephen Beaver	$name = htmlspecialchars($cert['descr']);
978
979			if ($cert['crt']) {
980			$subj = cert_get_subject($cert['crt']);
981			$issuer = cert_get_issuer($cert['crt']);
982			$purpose = cert_get_purpose($cert['crt']);
983			list($startdate, $enddate) = cert_get_dates($cert['crt']);
984
985	78863416	Phil Davis	if ($subj == $issuer) {
986	b29c322c	Stephen Beaver	$caname = '<i>'. gettext("self-signed") .'</i>';
987	78863416	Phil Davis	} else {
988	b29c322c	Stephen Beaver	$caname = '<i>'. gettext("external").'</i>';
989	78863416	Phil Davis	}
990	b29c322c	Stephen Beaver
991			$subj = htmlspecialchars($subj);
992			}
993
994			if ($cert['csr']) {
995			$subj = htmlspecialchars(csr_get_subject($cert['csr']));
996			$caname = "<em>" . gettext("external - signature pending") . "</em>";
997			}
998
999			$ca = lookup_ca($cert['caref']);
1000	78863416	Phil Davis	if ($ca) {
1001	b29c322c	Stephen Beaver	$caname = $ca['descr'];
1002	78863416	Phil Davis	}
1003	b29c322c	Stephen Beaver	?>
1004	060ed238	Stephen Beaver	<tr>
1005			<td>
1006			<?=$name?><br />
1007			<?php if ($cert['type']): ?>
1008			<i><?=$cert_types[$cert['type']]?></i><br />
1009			<?php endif?>
1010			<?php if (is_array($purpose)): ?>
1011	762faef5	Phil Davis	CA: <b><?=$purpose['ca']?></b>, <?=gettext("Server")?>: <b><?=$purpose['server']?></b>
1012	060ed238	Stephen Beaver	<?php endif?>
1013			</td>
1014			<td><?=$caname?></td>
1015			<td>
1016			<?=$subj?>
1017			<?php if (!$cert['csr']): ?>
1018			<br />
1019			<small>
1020			<?=gettext("Valid From")?>: <b><?=$startdate ?></b><br /><?=gettext("Valid Until")?>: <b><?=$enddate ?></b>
1021			</small>
1022			<?php endif?>
1023			</td>
1024			<td>
1025			<?php if (is_cert_revoked($cert)): ?>
1026	762faef5	Phil Davis	<i><?=gettext("Revoked")?></i>
1027	060ed238	Stephen Beaver	<?php endif?>
1028			<?php if (is_webgui_cert($cert['refid'])): ?>
1029	762faef5	Phil Davis	<?=gettext("webConfigurator")?>
1030	060ed238	Stephen Beaver	<?php endif?>
1031			<?php if (is_user_cert($cert['refid'])): ?>
1032	762faef5	Phil Davis	<?=gettext("User Cert")?>
1033	060ed238	Stephen Beaver	<?php endif?>
1034			<?php if (is_openvpn_server_cert($cert['refid'])): ?>
1035	762faef5	Phil Davis	<?=gettext("OpenVPN Server")?>
1036	060ed238	Stephen Beaver	<?php endif?>
1037			<?php if (is_openvpn_client_cert($cert['refid'])): ?>
1038	762faef5	Phil Davis	<?=gettext("OpenVPN Client")?>
1039	060ed238	Stephen Beaver	<?php endif?>
1040			<?php if (is_ipsec_cert($cert['refid'])): ?>
1041	762faef5	Phil Davis	<?=gettext("IPsec Tunnel")?>
1042	060ed238	Stephen Beaver	<?php endif?>
1043			<?php if (is_captiveportal_cert($cert['refid'])): ?>
1044	762faef5	Phil Davis	<?=gettext("Captive Portal")?>
1045	060ed238	Stephen Beaver	<?php endif?>
1046	4db1f211	Stephen Beaver	<?php
1047			$refid = $cert['refid'];
1048			if (is_array($certificates_used_by_packages)) {
1049			foreach ($certificates_used_by_packages as $name => $package) {
1050			if (isset($package['certificatelist'][$refid])) {
1051			$hint = "" ;
1052			if (is_array($package['certificatelist'][$refid])) {
1053			foreach ($package['certificatelist'][$refid] as $cert_used) {
1054			$hint = $hint . $cert_used['usedby']."\n";
1055			}
1056			}
1057			$count = count($package['certificatelist'][$refid]);
1058			echo "<div title='".htmlspecialchars($hint)."'>";
1059			echo htmlspecialchars($package['pkgname'])." ($count)<br />";
1060			echo "</div>";
1061			}
1062			}
1063			}
1064			?>
1065	060ed238	Stephen Beaver	</td>
1066			<td>
1067			<?php if (!$cert['csr']): ?>
1068	c2dbd6d7	derelict-pf	<a href="system_certmanager.php?act=exp&id=<?=$i?>" class="fa fa-certificate" title="<?=gettext("Export Certificate")?>"></a>
1069	060ed238	Stephen Beaver	<a href="system_certmanager.php?act=key&id=<?=$i?>" class="fa fa-key" title="<?=gettext("Export Key")?>"></a>
1070	c2dbd6d7	derelict-pf	<a href="system_certmanager.php?act=p12&id=<?=$i?>" class="fa fa-archive" title="<?=gettext("Export P12")?>"></a>
1071	060ed238	Stephen Beaver	<?php else: ?>
1072			<a href="system_certmanager.php?act=csr&id=<?=$i?>" class="fa fa-pencil" title="<?=gettext("Update CSR")?>"></a>
1073			<a href="system_certmanager.php?act=req&id=<?=$i?>" class="fa fa-sign-in" title="<?=gettext("Export Request")?>"></a>
1074			<a href="system_certmanager.php?act=key&id=<?=$i?>" class="fa fa-key" title="<?=gettext("Export Key")?>"></a>
1075			<?php endif?>
1076			<?php if (!cert_in_use($cert['refid'])): ?>
1077	b94f1830	Phil Davis	<a href="system_certmanager.php?act=del&id=<?=$i?>" class="fa fa-trash" title="<?=gettext("Delete Certificate")?>"></a>
1078	060ed238	Stephen Beaver	<?php endif?>
1079			</td>
1080			</tr>
1081	4db1f211	Stephen Beaver	<?php
1082			$i++;
1083			endforeach; ?>
1084	060ed238	Stephen Beaver	</tbody>
1085			</table>
1086			</div>
1087			</div>
1088	b29c322c	Stephen Beaver	</div>
1089
1090			<nav class="action-buttons">
1091			<a href="?act=new" class="btn btn-success btn-sm">
1092			<i class="fa fa-plus icon-embed-btn"></i>
1093			<?=gettext("Add")?>
1094			</a>
1095			</nav>
1096	e9258698	NewEraCracker	<?php
1097	b29c322c	Stephen Beaver	include("foot.inc");
1098			exit;
1099			}
1100
1101
1102	51583438	Stephen Beaver	?>
1103	8fd9052f	Colin Fleming	<script type="text/javascript">
1104	51583438	Stephen Beaver	//<![CDATA[
1105	78863416	Phil Davis	events.push(function() {
1106	bf9d50e8	Stephen Beaver
1107	51583438	Stephen Beaver	<?php if ($internal_ca_count): ?>
1108			function internalca_change() {
1109
1110			caref = $('#caref').val();
1111
1112			switch (caref) {
1113			<?php
1114			foreach ($a_ca as $ca):
1115			if (!$ca['prv']) {
1116			continue;
1117			}
1118
1119			$subject = cert_get_subject_array($ca['crt']);
1120
1121			?>
1122			case "<?=$ca['refid'];?>":
1123			$('#dn_country').val("<?=$subject[0]['v'];?>");
1124			$('#dn_state').val("<?=$subject[1]['v'];?>");
1125			$('#dn_city').val("<?=$subject[2]['v'];?>");
1126			$('#dn_organization').val("<?=$subject[3]['v'];?>");
1127			$('#dn_email').val("<?=$subject[4]['v'];?>");
1128			break;
1129			<?php
1130			endforeach;
1131			?>
1132			}
1133			}
1134
1135	eef93144	Jared Dillard	// ---------- Click checkbox handlers ---------------------------------------------------------
1136	f74457df	Stephen Beaver
1137	51583438	Stephen Beaver	$('#caref').on('change', function() {
1138			internalca_change();
1139			});
1140
1141	eef93144	Jared Dillard	// ---------- On initial page load ------------------------------------------------------------
1142
1143	51583438	Stephen Beaver	internalca_change();
1144
1145	0bc61baa	Stephen Beaver	// Suppress "Delete row" button if there are fewer than two rows
1146			checkLastRow();
1147
1148	51583438	Stephen Beaver	<?php endif; ?>
1149
1150
1151			});
1152			//]]>
1153			</script>
1154			<?php
1155	0edcccc3	Daniel Seebald	include('foot.inc');

Project

General

Profile

pfSense