Revision 26308930
Added by Marcos M about 1 year ago
| src/usr/local/www/system_certmanager.php | ||
|---|---|---|
| 65 | 65 |
config_init_path('system/user');
|
| 66 | 66 |
} |
| 67 | 67 |
|
| 68 |
init_config_arr(array('ca'));
|
|
| 69 |
$a_ca = &$config['ca']; |
|
| 70 |
|
|
| 71 |
init_config_arr(array('cert'));
|
|
| 72 |
$a_cert = &$config['cert']; |
|
| 68 |
config_init_path('ca');
|
|
| 69 |
config_init_path('cert');
|
|
| 73 | 70 |
|
| 74 | 71 |
$internal_ca_count = 0; |
| 75 |
foreach ($a_ca as $ca) {
|
|
| 72 |
foreach (config_get_path('cert', []) as $ca) {
|
|
| 76 | 73 |
if ($ca['prv']) {
|
| 77 | 74 |
$internal_ca_count++; |
| 78 | 75 |
} |
| ... | ... | |
| 96 | 93 |
$id = $_REQUEST['id']; |
| 97 | 94 |
} |
| 98 | 95 |
if (!empty($id)) {
|
| 99 |
$thiscert =& lookup_cert($id); |
|
| 96 |
$cert_item_config = lookup_cert($id); |
|
| 97 |
$thiscert = &$cert_item_config['item']; |
|
| 100 | 98 |
} |
| 101 | 99 |
|
| 102 | 100 |
/* Actions other than 'new' require an ID. |
| ... | ... | |
| 116 | 114 |
$savemsg = sprintf(gettext("Certificate %s is in use and cannot be deleted"), $name);
|
| 117 | 115 |
$class = "danger"; |
| 118 | 116 |
} else {
|
| 119 |
foreach ($a_cert as $cid => $acrt) {
|
|
| 117 |
foreach (config_get_path('cert', []) as $cid => $acrt) {
|
|
| 120 | 118 |
if ($acrt['refid'] == $thiscert['refid']) {
|
| 121 |
unset($a_cert[$cid]);
|
|
| 119 |
config_del_path("cert/{$cid}");
|
|
| 122 | 120 |
} |
| 123 | 121 |
} |
| 124 | 122 |
$savemsg = sprintf(gettext("Deleted certificate %s"), $name);
|
| ... | ... | |
| 462 | 460 |
case 'sign': |
| 463 | 461 |
/* Sign a CSR */ |
| 464 | 462 |
$csrid = lookup_cert($pconfig['csrtosign']); |
| 465 |
$ca = & lookup_ca($pconfig['catosignwith']); |
|
| 466 |
// Read the CSR from $config, or if a new one, from the textarea |
|
| 463 |
$csrid = $csrid['item']; |
|
| 464 |
$ca_item_config = lookup_ca($pconfig['catosignwith']); |
|
| 465 |
$ca = &$ca_item_config['item']; |
|
| 466 |
// Read the CSR from config array, or if a new one, from the textarea |
|
| 467 | 467 |
if ($pconfig['csrtosign'] === "new") {
|
| 468 | 468 |
$csr = $pconfig['csrpaste']; |
| 469 | 469 |
} else {
|
| ... | ... | |
| 476 | 476 |
$altname_str = implode(",", $altnames_tmp);
|
| 477 | 477 |
} |
| 478 | 478 |
$n509 = csr_sign($csr, $ca, $pconfig['csrsign_lifetime'], $pconfig['type'], $altname_str, $pconfig['csrsign_digest_alg']); |
| 479 |
config_set_path("ca/{$ca_item_config['idx']}", $ca);
|
|
| 479 | 480 |
if ($n509) {
|
| 480 | 481 |
// Gather the details required to save the new cert |
| 481 | 482 |
$newcert = array(); |
| ... | ... | |
| 490 | 491 |
$newcert['prv'] = $csrid['prv']; |
| 491 | 492 |
} |
| 492 | 493 |
// Add it to the config file |
| 493 |
$config['cert'][] = $newcert;
|
|
| 494 |
config_set_path('cert/', $newcert);
|
|
| 494 | 495 |
$savemsg = sprintf(gettext("Signed certificate %s"), htmlspecialchars($newcert['descr']));
|
| 495 | 496 |
unset($act); |
| 496 | 497 |
} |
| ... | ... | |
| 513 | 514 |
$cn = $int_data['subject']['CN']; |
| 514 | 515 |
$int_ca = array('descr' => $cn, 'refid' => uniqid());
|
| 515 | 516 |
if (ca_import($int_ca, $intermediate)) {
|
| 516 |
$a_ca[] = $int_ca;
|
|
| 517 |
config_set_path('ca/', $int_ca);
|
|
| 517 | 518 |
} |
| 518 | 519 |
} |
| 519 | 520 |
} |
| ... | ... | |
| 619 | 620 |
|
| 620 | 621 |
if (isset($id) && $thiscert) {
|
| 621 | 622 |
$thiscert = $cert; |
| 623 |
config_set_path("cert/{$cert_item_config['idx']}", $thiscert);
|
|
| 622 | 624 |
} elseif ($cert) {
|
| 623 |
$a_cert[] = $cert;
|
|
| 625 |
config_set_path('cert/', $cert);
|
|
| 624 | 626 |
} |
| 625 | 627 |
|
| 626 | 628 |
if (isset($userid) && (config_get_path('system/user') !== null)) {
|
| ... | ... | |
| 668 | 670 |
$cert['descr'] = $pconfig['descr']; |
| 669 | 671 |
csr_complete($cert, $pconfig['cert']); |
| 670 | 672 |
$thiscert = $cert; |
| 673 |
config_set_path("cert/{$cert_item_config['idx']}", $thiscert);
|
|
| 671 | 674 |
$savemsg = sprintf(gettext("Updated certificate signing request %s"), htmlspecialchars($pconfig['descr']));
|
| 672 | 675 |
write_config($savemsg); |
| 673 | 676 |
pfSenseHeader("system_certmanager.php");
|
| ... | ... | |
| 771 | 774 |
|
| 772 | 775 |
// Return an array containing the IDs od all CAs |
| 773 | 776 |
function list_cas() {
|
| 774 |
global $a_ca; |
|
| 775 | 777 |
$allCas = array(); |
| 776 | 778 |
|
| 777 |
foreach ($a_ca as $ca) {
|
|
| 779 |
foreach (config_get_path('ca', []) as $ca) {
|
|
| 778 | 780 |
if ($ca['prv']) {
|
| 779 | 781 |
$allCas[$ca['refid']] = $ca['descr']; |
| 780 | 782 |
} |
| ... | ... | |
| 938 | 940 |
)); |
| 939 | 941 |
} else {
|
| 940 | 942 |
$allCas = array(); |
| 941 |
foreach ($a_ca as $ca) {
|
|
| 943 |
foreach (config_get_path('ca', []) as $ca) {
|
|
| 942 | 944 |
if (!$ca['prv']) {
|
| 943 | 945 |
continue; |
| 944 | 946 |
} |
| ... | ... | |
| 1165 | 1167 |
} |
| 1166 | 1168 |
|
| 1167 | 1169 |
$ca = lookup_ca($cert['caref']); |
| 1170 |
$ca = $ca['item']; |
|
| 1168 | 1171 |
if ($ca) {
|
| 1169 | 1172 |
$cert['descr'] .= " (CA: {$ca['descr']})";
|
| 1170 | 1173 |
} |
| ... | ... | |
| 1402 | 1405 |
$pluginparams['type'] = 'certificates'; |
| 1403 | 1406 |
$pluginparams['event'] = 'used_certificates'; |
| 1404 | 1407 |
$certificates_used_by_packages = pkg_call_plugins('plugin_certificates', $pluginparams);
|
| 1405 |
foreach ($a_cert as $cert):
|
|
| 1408 |
foreach (config_get_path('cert', []) as $cert):
|
|
| 1406 | 1409 |
if (!is_array($cert) || empty($cert)) {
|
| 1407 | 1410 |
continue; |
| 1408 | 1411 |
} |
| ... | ... | |
| 1434 | 1437 |
} |
| 1435 | 1438 |
|
| 1436 | 1439 |
$ca = lookup_ca($cert['caref']); |
| 1440 |
$ca = $ca['item']; |
|
| 1437 | 1441 |
if ($ca) {
|
| 1438 | 1442 |
$caname = htmlspecialchars($ca['descr']); |
| 1439 | 1443 |
} |
| ... | ... | |
| 1616 | 1620 |
|
| 1617 | 1621 |
switch (caref) {
|
| 1618 | 1622 |
<?php |
| 1619 |
foreach ($a_ca as $ca):
|
|
| 1623 |
foreach (config_get_path('ca', []) as $ca):
|
|
| 1620 | 1624 |
if (!$ca['prv']) {
|
| 1621 | 1625 |
continue; |
| 1622 | 1626 |
} |
Also available in: Unified diff
Use config accessors in certificate functions