/usr/local/www/system_certmanager.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/usr/local/www/system_certmanager.php @ 2f51259b

1	64cc39d3	Matthew Grooms	<?php
2			/*
3			system_certmanager.php
4
5			Copyright (C) 2008 Shrew Soft Inc.
6			All rights reserved.
7
8			Redistribution and use in source and binary forms, with or without
9			modification, are permitted provided that the following conditions are met:
10
11			1. Redistributions of source code must retain the above copyright notice,
12			this list of conditions and the following disclaimer.
13
14			2. Redistributions in binary form must reproduce the above copyright
15			notice, this list of conditions and the following disclaimer in the
16			documentation and/or other materials provided with the distribution.
17
18			THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
19			INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
20			AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
21			AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
22			OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
23			SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
24			INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
25			CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
26			ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
27			POSSIBILITY OF SUCH DAMAGE.
28			*/
29	1d333258	Scott Ullrich	/*
30			pfSense_MODULE: certificate_managaer
31			*/
32	64cc39d3	Matthew Grooms
33			##\|+PRIV
34			##\|*IDENT=page-system-certmanager
35			##\|*NAME=System: Certificate Manager
36			##\|*DESCR=Allow access to the 'System: Certificate Manager' page.
37			##\|MATCH=system_certmanager.php
38			##\|-PRIV
39
40			require("guiconfig.inc");
41	14f5ae08	Ermal Lu?i	require_once("certs.inc");
42	64cc39d3	Matthew Grooms
43			$cert_methods = array(
44	ad9b5c67	jim-p	"import" => gettext("Import an existing Certificate"),
45	a37753d7	Vinicius Coque	"internal" => gettext("Create an internal Certificate"),
46	ad9b5c67	jim-p	"external" => gettext("Create a Certificate Signing Request"),
47			);
48	64cc39d3	Matthew Grooms
49			$cert_keylens = array( "512", "1024", "2048", "4096");
50
51	51e4f7a3	Vinicius Coque	$pgtitle = array(gettext("System"), gettext("Certificate Manager"));
52	64cc39d3	Matthew Grooms
53	ad9b5c67	jim-p	$userid = $_GET['userid'];
54			if (isset($_POST['userid']))
55			$userid = $_POST['userid'];
56			if ($userid) {
57			$cert_methods["existing"] = gettext("Choose an existing certificate");
58			if (!is_array($config['system']['user']))
59			$config['system']['user'] = array();
60			$a_user =& $config['system']['user'];
61			}
62
63	64cc39d3	Matthew Grooms	$id = $_GET['id'];
64			if (isset($_POST['id']))
65			$id = $_POST['id'];
66
67	b4e6524c	jim-p	if (!is_array($config['ca']))
68			$config['ca'] = array();
69	64cc39d3	Matthew Grooms
70	b4e6524c	jim-p	$a_ca =& $config['ca'];
71	64cc39d3	Matthew Grooms
72	b4e6524c	jim-p	if (!is_array($config['cert']))
73			$config['cert'] = array();
74	64cc39d3	Matthew Grooms
75	b4e6524c	jim-p	$a_cert =& $config['cert'];
76	64cc39d3	Matthew Grooms
77			$internal_ca_count = 0;
78			foreach ($a_ca as $ca)
79			if ($ca['prv'])
80			$internal_ca_count++;
81
82			$act = $_GET['act'];
83			if ($_POST['act'])
84			$act = $_POST['act'];
85
86			if ($act == "del") {
87
88			if (!$a_cert[$id]) {
89			pfSenseHeader("system_certmanager.php");
90			exit;
91			}
92
93	f2a86ca9	jim-p	$name = $a_cert[$id]['descr'];
94	64cc39d3	Matthew Grooms	unset($a_cert[$id]);
95			write_config();
96	ea53e38f	Renato Botelho	$savemsg = sprintf(gettext("Certificate %s successfully deleted"), $name) . "<br/>";
97	2f51259b	jim-p	pfSenseHeader("system_certmanager.php");
98			exit;
99	64cc39d3	Matthew Grooms	}
100
101			if ($act == "new") {
102			$pconfig['method'] = $_GET['method'];
103			$pconfig['keylen'] = "2048";
104	cf360495	Chris Buechler	$pconfig['lifetime'] = "3650";
105	64cc39d3	Matthew Grooms	}
106
107	93823b10	Matthew Grooms	if ($act == "exp") {
108
109			if (!$a_cert[$id]) {
110			pfSenseHeader("system_certmanager.php");
111			exit;
112			}
113
114	f2a86ca9	jim-p	$exp_name = urlencode("{$a_cert[$id]['descr']}.crt");
115	93823b10	Matthew Grooms	$exp_data = base64_decode($a_cert[$id]['crt']);
116			$exp_size = strlen($exp_data);
117
118			header("Content-Type: application/octet-stream");
119			header("Content-Disposition: attachment; filename={$exp_name}");
120			header("Content-Length: $exp_size");
121			echo $exp_data;
122			exit;
123			}
124
125	73fbece8	mgrooms	if ($act == "key") {
126
127			if (!$a_cert[$id]) {
128			pfSenseHeader("system_certmanager.php");
129			exit;
130			}
131
132	f2a86ca9	jim-p	$exp_name = urlencode("{$a_cert[$id]['descr']}.key");
133	73fbece8	mgrooms	$exp_data = base64_decode($a_cert[$id]['prv']);
134			$exp_size = strlen($exp_data);
135
136			header("Content-Type: application/octet-stream");
137			header("Content-Disposition: attachment; filename={$exp_name}");
138			header("Content-Length: $exp_size");
139			echo $exp_data;
140			exit;
141			}
142
143	64cc39d3	Matthew Grooms	if ($act == "csr") {
144
145			if (!$a_cert[$id]) {
146			pfSenseHeader("system_certmanager.php");
147			exit;
148			}
149
150	f2a86ca9	jim-p	$pconfig['descr'] = $a_cert[$id]['descr'];
151	64cc39d3	Matthew Grooms	$pconfig['csr'] = base64_decode($a_cert[$id]['csr']);
152			}
153
154			if ($_POST) {
155	e64aa6f8	Carlos Eduardo Ramos	if ($_POST['save'] == gettext("Save")) {
156	64cc39d3	Matthew Grooms	unset($input_errors);
157			$pconfig = $_POST;
158
159			/* input validation */
160	ad9b5c67	jim-p	if ($pconfig['method'] == "import") {
161	64cc39d3	Matthew Grooms	$reqdfields = explode(" ",
162	5293bfec	jim-p	"descr cert key");
163	38fb1109	Vinicius Coque	$reqdfieldsn = array(
164			gettext("Descriptive name"),
165			gettext("Certificate data"),
166			gettext("Key data"));
167	396cfe2e	jim-p	if ($_POST['cert'] && (!strstr($_POST['cert'], "BEGIN CERTIFICATE") \|\| !strstr($_POST['cert'], "END CERTIFICATE")))
168			$input_errors[] = gettext("This certificate does not appear to be valid.");
169	64cc39d3	Matthew Grooms	}
170
171			if ($pconfig['method'] == "internal") {
172			$reqdfields = explode(" ",
173	5293bfec	jim-p	"descr caref keylen lifetime dn_country dn_state dn_city ".
174	64cc39d3	Matthew Grooms	"dn_organization dn_email dn_commonname");
175	38fb1109	Vinicius Coque	$reqdfieldsn = array(
176			gettext("Descriptive name"),
177			gettext("Certificate authority"),
178			gettext("Key length"),
179			gettext("Lifetime"),
180			gettext("Distinguished name Country Code"),
181			gettext("Distinguished name State or Province"),
182			gettext("Distinguished name City"),
183			gettext("Distinguished name Organization"),
184			gettext("Distinguished name Email Address"),
185	a37753d7	Vinicius Coque	gettext("Distinguished name Common Name"));
186	64cc39d3	Matthew Grooms	}
187
188			if ($pconfig['method'] == "external") {
189			$reqdfields = explode(" ",
190	5293bfec	jim-p	"descr csr_keylen csr_dn_country csr_dn_state csr_dn_city ".
191	64cc39d3	Matthew Grooms	"csr_dn_organization csr_dn_email csr_dn_commonname");
192	38fb1109	Vinicius Coque	$reqdfieldsn = array(
193			gettext("Descriptive name"),
194			gettext("Key length"),
195			gettext("Distinguished name Country Code"),
196			gettext("Distinguished name State or Province"),
197			gettext("Distinguished name City"),
198			gettext("Distinguished name Organization"),
199			gettext("Distinguished name Email Address"),
200	a37753d7	Vinicius Coque	gettext("Distinguished name Common Name"));
201	64cc39d3	Matthew Grooms	}
202
203	ad9b5c67	jim-p	if ($pconfig['method'] == "existing") {
204			$reqdfields = array("certref");
205			$reqdfieldsn = array(gettext("Existing Certificate Choice"));
206			}
207
208	64cc39d3	Matthew Grooms	do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
209
210			/* if this is an AJAX caller then handle via JSON */
211			if (isAjax() && is_array($input_errors)) {
212			input_errors2Ajax($input_errors);
213			exit;
214			}
215
216			/* save modifications */
217			if (!$input_errors) {
218
219	ad9b5c67	jim-p	if ($pconfig['method'] == "existing") {
220			$cert = lookup_cert($pconfig['certref']);
221			if ($cert && $a_user)
222			$a_user[$userid]['cert'][] = $cert['refid'];
223			} else {
224			$cert = array();
225			$cert['refid'] = uniqid();
226			if (isset($id) && $a_cert[$id])
227			$cert = $a_cert[$id];
228
229	f2a86ca9	jim-p	$cert['descr'] = $pconfig['descr'];
230	ad9b5c67	jim-p
231			if ($pconfig['method'] == "import")
232			cert_import($cert, $pconfig['cert'], $pconfig['key']);
233
234			if ($pconfig['method'] == "internal") {
235			$dn = array(
236			'countryName' => $pconfig['dn_country'],
237			'stateOrProvinceName' => $pconfig['dn_state'],
238			'localityName' => $pconfig['dn_city'],
239			'organizationName' => $pconfig['dn_organization'],
240			'emailAddress' => $pconfig['dn_email'],
241			'commonName' => $pconfig['dn_commonname']);
242
243			cert_create($cert, $pconfig['caref'], $pconfig['keylen'],
244			$pconfig['lifetime'], $dn);
245			}
246
247			if ($pconfig['method'] == "external") {
248			$dn = array(
249			'countryName' => $pconfig['csr_dn_country'],
250			'stateOrProvinceName' => $pconfig['csr_dn_state'],
251			'localityName' => $pconfig['csr_dn_city'],
252			'organizationName' => $pconfig['csr_dn_organization'],
253			'emailAddress' => $pconfig['csr_dn_email'],
254			'commonName' => $pconfig['csr_dn_commonname']);
255
256			csr_generate($cert, $pconfig['csr_keylen'], $dn);
257			}
258			if (isset($id) && $a_cert[$id])
259			$a_cert[$id] = $cert;
260			else
261			$a_cert[] = $cert;
262			if (isset($a_user) && isset($userid))
263			$a_user[$userid]['cert'][] = $cert['refid'];
264	64cc39d3	Matthew Grooms	}
265
266			write_config();
267
268	ad9b5c67	jim-p	if ($userid)
269			pfSenseHeader("system_usermanager.php?act=edit&id={$userid}");
270	64cc39d3	Matthew Grooms	}
271			}
272
273	a37753d7	Vinicius Coque	if ($_POST['save'] == gettext("Update")) {
274	64cc39d3	Matthew Grooms	unset($input_errors);
275			$pconfig = $_POST;
276
277			/* input validation */
278	5293bfec	jim-p	$reqdfields = explode(" ", "descr cert");
279	76d49f20	Renato Botelho	$reqdfieldsn = array(
280			gettext("Descriptive name"),
281			gettext("Final Certificate data"));
282	64cc39d3	Matthew Grooms
283			do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
284
285	a828210b	yakatz	// old way
286	64cc39d3	Matthew Grooms	/* make sure this csr and certificate subjects match */
287	a828210b	yakatz	// $subj_csr = csr_get_subject($pconfig['csr'], false);
288			// $subj_cert = cert_get_subject($pconfig['cert'], false);
289			//
290			// if ( !isset($_POST['ignoresubjectmismatch']) && !($_POST['ignoresubjectmismatch'] == "yes") ) {
291			// if (strcmp($subj_csr,$subj_cert)) {
292			// $input_errors[] = sprintf(gettext("The certificate subject '%s' does not match the signing request subject."),$subj_cert);
293			// $subject_mismatch = true;
294			// }
295			// }
296	2594f401	yakatz	$mod_csr = csr_get_modulus($pconfig['csr'], false);
297			$mod_cert = cert_get_modulus($pconfig['cert'], false);
298	a828210b	yakatz
299			if (strcmp($mod_csr,$mod_cert)) {
300			// simply: if the moduli don't match, then the private key and public key won't match
301			$input_errors[] = sprintf(gettext("The certificate modulus does not match the signing request modulus."),$subj_cert);
302			$subject_mismatch = true;
303			}
304	64cc39d3	Matthew Grooms
305			/* if this is an AJAX caller then handle via JSON */
306			if (isAjax() && is_array($input_errors)) {
307			input_errors2Ajax($input_errors);
308			exit;
309			}
310
311			/* save modifications */
312			if (!$input_errors) {
313
314			$cert = $a_cert[$id];
315
316	f2a86ca9	jim-p	$cert['descr'] = $pconfig['descr'];
317	64cc39d3	Matthew Grooms
318			csr_complete($cert, $pconfig['cert']);
319
320			$a_cert[$id] = $cert;
321
322			write_config();
323
324			pfSenseHeader("system_certmanager.php");
325			}
326			}
327			}
328
329			include("head.inc");
330			?>
331
332	a828210b	yakatz	<body link="#000000" vlink="#000000" alink="#000000" onLoad="<?= $jsevents["body"]["onload"] ?>">
333	64cc39d3	Matthew Grooms	<?php include("fbegin.inc"); ?>
334			<script type="text/javascript">
335			<!--
336
337			function method_change() {
338
339			<?php
340			if ($internal_ca_count)
341			$submit_style = "";
342			else
343			$submit_style = "none";
344			?>
345
346			method = document.iform.method.selectedIndex;
347
348			switch (method) {
349			case 0:
350	ad9b5c67	jim-p	document.getElementById("import").style.display="";
351	64cc39d3	Matthew Grooms	document.getElementById("internal").style.display="none";
352			document.getElementById("external").style.display="none";
353	ad9b5c67	jim-p	document.getElementById("existing").style.display="none";
354			document.getElementById("descriptivename").style.display="";
355	96c7a492	Matthew Grooms	document.getElementById("submit").style.display="";
356	64cc39d3	Matthew Grooms	break;
357			case 1:
358	ad9b5c67	jim-p	document.getElementById("import").style.display="none";
359	64cc39d3	Matthew Grooms	document.getElementById("internal").style.display="";
360			document.getElementById("external").style.display="none";
361	ad9b5c67	jim-p	document.getElementById("existing").style.display="none";
362			document.getElementById("descriptivename").style.display="";
363	64cc39d3	Matthew Grooms	document.getElementById("submit").style.display="<?=$submit_style;?>";
364			break;
365			case 2:
366	ad9b5c67	jim-p	document.getElementById("import").style.display="none";
367	64cc39d3	Matthew Grooms	document.getElementById("internal").style.display="none";
368			document.getElementById("external").style.display="";
369	ad9b5c67	jim-p	document.getElementById("existing").style.display="none";
370			document.getElementById("descriptivename").style.display="";
371			document.getElementById("submit").style.display="";
372			break;
373			case 3:
374			document.getElementById("import").style.display="none";
375			document.getElementById("internal").style.display="none";
376			document.getElementById("external").style.display="none";
377			document.getElementById("existing").style.display="";
378			document.getElementById("descriptivename").style.display="none";
379	96c7a492	Matthew Grooms	document.getElementById("submit").style.display="";
380	64cc39d3	Matthew Grooms	break;
381			}
382			}
383
384			<?php if ($internal_ca_count): ?>
385			function internalca_change() {
386
387			index = document.iform.caref.selectedIndex;
388			caref = document.iform.caref[index].value;
389
390			switch (caref) {
391			<?php
392			foreach ($a_ca as $ca):
393			if (!$ca['prv'])
394			continue;
395			$subject = cert_get_subject_array($ca['crt']);
396			?>
397			case "<?=$ca['refid'];?>":
398			document.iform.dn_country.value = "<?=$subject[0]['v'];?>";
399			document.iform.dn_state.value = "<?=$subject[1]['v'];?>";
400			document.iform.dn_city.value = "<?=$subject[2]['v'];?>";
401			document.iform.dn_organization.value = "<?=$subject[3]['v'];?>";
402	ad9b5c67	jim-p	document.iform.dn_email.value = "<?=$subject[4]['v'];?>";
403	64cc39d3	Matthew Grooms	break;
404			<?php endforeach; ?>
405			}
406			}
407			<?php endif; ?>
408
409			//-->
410			</script>
411			<?php
412			if ($input_errors)
413			print_input_errors($input_errors);
414			if ($savemsg)
415			print_info_box($savemsg);
416			?>
417			<table width="100%" border="0" cellpadding="0" cellspacing="0">
418			<tr>
419			<td class="tabnavtbl">
420			<?php
421			$tab_array = array();
422			$tab_array[] = array(gettext("CAs"), false, "system_camanager.php");
423			$tab_array[] = array(gettext("Certificates"), true, "system_certmanager.php");
424	3d57d2d5	jim-p	$tab_array[] = array(gettext("Certificate Revocation"), false, "system_crlmanager.php");
425	64cc39d3	Matthew Grooms	display_top_tabs($tab_array);
426			?>
427			</td>
428			</tr>
429			<tr>
430	96c7a492	Matthew Grooms	<td id="mainarea">
431			<div class="tabcont">
432
433	e64aa6f8	Carlos Eduardo Ramos	<?php if ($act == "new" \|\| (($_POST['save'] == gettext("Save")) && $input_errors)): ?>
434	96c7a492	Matthew Grooms
435			<form action="system_certmanager.php" method="post" name="iform" id="iform">
436			<table width="100%" border="0" cellpadding="6" cellspacing="0">
437			<?php if (!isset($id)): ?>
438			<tr>
439			<td width="22%" valign="top" class="vncellreq"><?=gettext("Method");?></td>
440			<td width="78%" class="vtable">
441			<select name='method' id='method' class="formselect" onchange='method_change()'>
442			<?php
443			foreach($cert_methods as $method => $desc):
444			$selected = "";
445			if ($pconfig['method'] == $method)
446			$selected = "selected";
447			?>
448			<option value="<?=$method;?>"<?=$selected;?>><?=$desc;?></option>
449			<?php endforeach; ?>
450			</select>
451			</td>
452			</tr>
453			<?php endif; ?>
454	ad9b5c67	jim-p	<tr id="descriptivename">
455			<?php
456	f2a86ca9	jim-p	if ($a_user && empty($pconfig['descr']))
457			$pconfig['descr'] = $a_user[$userid]['name'];
458	ad9b5c67	jim-p	?>
459			<td width="22%" valign="top" class="vncellreq"><?=gettext("Descriptive name");?></td>
460			<td width="78%" class="vtable">
461	f2a86ca9	jim-p	<input name="descr" type="text" class="formfld unknown" id="descr" size="20" value="<?=htmlspecialchars($pconfig['descr']);?>"/>
462	ad9b5c67	jim-p	</td>
463			</tr>
464	96c7a492	Matthew Grooms	</table>
465
466	ad9b5c67	jim-p	<table width="100%" border="0" cellpadding="6" cellspacing="0" id="import">
467	96c7a492	Matthew Grooms	<tr>
468			<td colspan="2" class="list" height="12"></td>
469			</tr>
470			<tr>
471	ad9b5c67	jim-p	<td colspan="2" valign="top" class="listtopic"><?=gettext("Import Certificate");?></td>
472	96c7a492	Matthew Grooms	</tr>
473
474			<tr>
475	a37753d7	Vinicius Coque	<td width="22%" valign="top" class="vncellreq"><?=gettext("Certificate data");?></td>
476	96c7a492	Matthew Grooms	<td width="78%" class="vtable">
477	dd5bf424	Scott Ullrich	<textarea name="cert" id="cert" cols="65" rows="7" class="formfld_cert"><?=htmlspecialchars($pconfig['cert']);?></textarea>
478	96c7a492	Matthew Grooms	<br>
479	a37753d7	Vinicius Coque	<?=gettext("Paste a certificate in X.509 PEM format here.");?></td>
480	96c7a492	Matthew Grooms	</td>
481			</tr>
482			<tr>
483	a37753d7	Vinicius Coque	<td width="22%" valign="top" class="vncellreq"><?=gettext("Private key data");?></td>
484	96c7a492	Matthew Grooms	<td width="78%" class="vtable">
485	dd5bf424	Scott Ullrich	<textarea name="key" id="key" cols="65" rows="7" class="formfld_cert"><?=htmlspecialchars($pconfig['key']);?></textarea>
486	96c7a492	Matthew Grooms	<br>
487	a37753d7	Vinicius Coque	<?=gettext("Paste a private key in X.509 PEM format here.");?></td>
488	96c7a492	Matthew Grooms	</td>
489			</tr>
490			</table>
491
492			<table width="100%" border="0" cellpadding="6" cellspacing="0" id="internal">
493			<tr>
494			<td colspan="2" class="list" height="12"></td>
495			</tr>
496			<tr>
497	a37753d7	Vinicius Coque	<td colspan="2" valign="top" class="listtopic"><?=gettext("Internal Certificate");?></td>
498	96c7a492	Matthew Grooms	</tr>
499
500			<?php if (!$internal_ca_count): ?>
501
502			<tr>
503			<td colspan="2" align="center" class="vtable">
504	a37753d7	Vinicius Coque	<?=gettext("No internal Certificate Authorities have been defined. You must");?>
505			<a href="system_camanager.php?act=new&method=internal"><?=gettext("create");?></a>
506			<?=gettext("an internal CA before creating an internal certificate.");?>
507	96c7a492	Matthew Grooms	</td>
508			</tr>
509
510			<?php else: ?>
511
512			<tr>
513			<td width="22%" valign="top" class="vncellreq"><?=gettext("Certificate authority");?></td>
514			<td width="78%" class="vtable">
515			<select name='caref' id='caref' class="formselect" onChange='internalca_change()'>
516			<?php
517			foreach( $a_ca as $ca):
518			if (!$ca['prv'])
519			continue;
520			$selected = "";
521			if ($pconfig['caref'] == $ca['refid'])
522			$selected = "selected";
523			?>
524	f2a86ca9	jim-p	<option value="<?=$ca['refid'];?>"<?=$selected;?>><?=$ca['descr'];?></option>
525	96c7a492	Matthew Grooms	<?php endforeach; ?>
526			</select>
527			</td>
528			</tr>
529			<tr>
530			<td width="22%" valign="top" class="vncellreq"><?=gettext("Key length");?></td>
531			<td width="78%" class="vtable">
532			<select name='keylen' class="formselect">
533			<?php
534			foreach( $cert_keylens as $len):
535			$selected = "";
536			if ($pconfig['keylen'] == $len)
537			$selected = "selected";
538			?>
539			<option value="<?=$len;?>"<?=$selected;?>><?=$len;?></option>
540			<?php endforeach; ?>
541			</select>
542	a37753d7	Vinicius Coque	<?=gettext("bits");?>
543	96c7a492	Matthew Grooms	</td>
544			</tr>
545			<tr>
546			<td width="22%" valign="top" class="vncellreq"><?=gettext("Lifetime");?></td>
547			<td width="78%" class="vtable">
548			<input name="lifetime" type="text" class="formfld unknown" id="lifetime" size="5" value="<?=htmlspecialchars($pconfig['lifetime']);?>"/>
549	a37753d7	Vinicius Coque	<?=gettext("days");?>
550	96c7a492	Matthew Grooms	</td>
551			</tr>
552			<tr>
553			<td width="22%" valign="top" class="vncellreq"><?=gettext("Distinguished name");?></td>
554			<td width="78%" class="vtable">
555			<table border="0" cellspacing="0" cellpadding="2">
556			<tr>
557	a37753d7	Vinicius Coque	<td align="right"><?=gettext("Country Code");?> :  </td>
558	96c7a492	Matthew Grooms	<td align="left">
559	cee476e8	Ermal Lu?i	<input name="dn_country" type="text" class="formfld unknown" maxlength="2" size="2" value="<?=htmlspecialchars($pconfig['dn_country']);?>" readonly/>
560	96c7a492	Matthew Grooms	</td>
561			</tr>
562			<tr>
563	a37753d7	Vinicius Coque	<td align="right"><?=gettext("State or Province");?> :  </td>
564	96c7a492	Matthew Grooms	<td align="left">
565			<input name="dn_state" type="text" class="formfld unknown" size="40" value="<?=htmlspecialchars($pconfig['dn_state']);?>" readonly/>
566			</td>
567			</tr>
568			<tr>
569	a37753d7	Vinicius Coque	<td align="right"><?=gettext("City");?> :  </td>
570	96c7a492	Matthew Grooms	<td align="left">
571			<input name="dn_city" type="text" class="formfld unknown" size="40" value="<?=htmlspecialchars($pconfig['dn_city']);?>" readonly/>
572			</td>
573			</tr>
574			<tr>
575	a37753d7	Vinicius Coque	<td align="right"><?=gettext("Organization");?> :  </td>
576	96c7a492	Matthew Grooms	<td align="left">
577			<input name="dn_organization" type="text" class="formfld unknown" size="40" value="<?=htmlspecialchars($pconfig['dn_organization']);?>" readonly/>
578			</td>
579			</tr>
580			<tr>
581	a37753d7	Vinicius Coque	<td align="right"><?=gettext("Email Address");?> :  </td>
582	96c7a492	Matthew Grooms	<td align="left">
583			<input name="dn_email" type="text" class="formfld unknown" size="25" value="<?=htmlspecialchars($pconfig['dn_email']);?>"/>
584
585			<em>ex:</em>
586
587	a37753d7	Vinicius Coque	<?=gettext("webadmin@mycompany.com");?>
588	96c7a492	Matthew Grooms	</td>
589			</tr>
590			<tr>
591	a37753d7	Vinicius Coque	<td align="right"><?=gettext("Common Name");?> :  </td>
592	96c7a492	Matthew Grooms	<td align="left">
593	ad9b5c67	jim-p	<?php
594			if ($a_user && empty($pconfig['dn_commonname']))
595			$pconfig['dn_commonname'] = $a_user[$userid]['name'];
596			?>
597	96c7a492	Matthew Grooms	<input name="dn_commonname" type="text" class="formfld unknown" size="25" value="<?=htmlspecialchars($pconfig['dn_commonname']);?>"/>
598
599			<em>ex:</em>
600
601	a37753d7	Vinicius Coque	<?=gettext("www.example.com");?>
602	96c7a492	Matthew Grooms	</td>
603			</tr>
604			</table>
605			</td>
606			</tr>
607	64cc39d3	Matthew Grooms
608			<?php endif; ?>
609
610	96c7a492	Matthew Grooms	</table>
611
612			<table width="100%" border="0" cellpadding="6" cellspacing="0" id="external">
613			<tr>
614			<td colspan="2" class="list" height="12"></td>
615			</tr>
616			<tr>
617	a37753d7	Vinicius Coque	<td colspan="2" valign="top" class="listtopic"><?=gettext("External Signing Request");?></td>
618	96c7a492	Matthew Grooms	</tr>
619			<tr>
620			<td width="22%" valign="top" class="vncellreq"><?=gettext("Key length");?></td>
621			<td width="78%" class="vtable">
622			<select name='csr_keylen' class="formselect">
623			<?php
624			foreach( $cert_keylens as $len):
625			$selected = "";
626			if ($pconfig['keylen'] == $len)
627			$selected = "selected";
628			?>
629			<option value="<?=$len;?>"<?=$selected;?>><?=$len;?></option>
630			<?php endforeach; ?>
631			</select>
632			bits
633			</td>
634			</tr>
635			<tr>
636			<td width="22%" valign="top" class="vncellreq"><?=gettext("Distinguished name");?></td>
637			<td width="78%" class="vtable">
638			<table border="0" cellspacing="0" cellpadding="2">
639			<tr>
640	a37753d7	Vinicius Coque	<td align="right"><?=gettext("Country Code");?> :  </td>
641	96c7a492	Matthew Grooms	<td align="left">
642			<input name="csr_dn_country" type="text" class="formfld unknown" size="2" value="<?=htmlspecialchars($pconfig['csr_dn_country']);?>" />
643
644			<em>ex:</em>
645
646			US
647
648	a37753d7	Vinicius Coque	<em><?=gettext("( two letters )");?></em>
649	96c7a492	Matthew Grooms	</td>
650			</tr>
651			<tr>
652	a37753d7	Vinicius Coque	<td align="right"><?=gettext("State or Province");?> :  </td>
653	96c7a492	Matthew Grooms	<td align="left">
654			<input name="csr_dn_state" type="text" class="formfld unknown" size="40" value="<?=htmlspecialchars($pconfig['csr_dn_state']);?>" />
655
656			<em>ex:</em>
657
658	a37753d7	Vinicius Coque	<?=gettext("Texas");?>
659	96c7a492	Matthew Grooms	</td>
660			</tr>
661			<tr>
662	a37753d7	Vinicius Coque	<td align="right"><?=gettext("City");?> :  </td>
663	96c7a492	Matthew Grooms	<td align="left">
664			<input name="csr_dn_city" type="text" class="formfld unknown" size="40" value="<?=htmlspecialchars($pconfig['csr_dn_city']);?>" />
665
666			<em>ex:</em>
667
668	a37753d7	Vinicius Coque	<?=gettext("Austin");?>
669	96c7a492	Matthew Grooms	</td>
670			</tr>
671			<tr>
672	a37753d7	Vinicius Coque	<td align="right"><?=gettext("Organization");?> :  </td>
673	96c7a492	Matthew Grooms	<td align="left">
674			<input name="csr_dn_organization" type="text" class="formfld unknown" size="40" value="<?=htmlspecialchars($pconfig['csr_dn_organization']);?>" />
675
676			<em>ex:</em>
677
678	a37753d7	Vinicius Coque	<?=gettext("My Company Inc.");?>
679	96c7a492	Matthew Grooms	</td>
680			</tr>
681			<tr>
682	a37753d7	Vinicius Coque	<td align="right"><?=gettext("Email Address");?> :  </td>
683	96c7a492	Matthew Grooms	<td align="left">
684			<input name="csr_dn_email" type="text" class="formfld unknown" size="25" value="<?=htmlspecialchars($pconfig['csr_dn_email']);?>"/>
685
686			<em>ex:</em>
687
688	a37753d7	Vinicius Coque	<?=gettext("webadmin@mycompany.com");?>
689	96c7a492	Matthew Grooms	</td>
690			</tr>
691			<tr>
692	a37753d7	Vinicius Coque	<td align="right"><?=gettext("Common Name");?> :  </td>
693	96c7a492	Matthew Grooms	<td align="left">
694			<input name="csr_dn_commonname" type="text" class="formfld unknown" size="25" value="<?=htmlspecialchars($pconfig['csr_dn_commonname']);?>"/>
695
696			<em>ex:</em>
697
698	a37753d7	Vinicius Coque	<?=gettext("www.example.com");?>
699	96c7a492	Matthew Grooms	</td>
700			</tr>
701			</table>
702			</td>
703			</tr>
704			</table>
705
706	ad9b5c67	jim-p	<table width="100%" border="0" cellpadding="6" cellspacing="0" id="existing">
707			<tr>
708			<td colspan="2" class="list" height="12"></td>
709			</tr>
710			<tr>
711			<td colspan="2" valign="top" class="listtopic"><?=gettext("Choose an Existing Certificate");?></td>
712			</tr>
713			<tr>
714			<td width="22%" valign="top" class="vncellreq"><?=gettext("Existing Certificates");?></td>
715			<td width="78%" class="vtable">
716			<?php if (isset($userid) && $a_user): ?>
717			<input name="userid" type="hidden" value="<?=$userid;?>" />
718			<?php endif;?>
719			<select name='certref' class="formselect">
720			<?php
721			foreach ($config['cert'] as $cert):
722			$selected = "";
723			$caname = "";
724			$inuse = "";
725	6a0b3ea4	jim-p	$revoked = "";
726	ad9b5c67	jim-p	if (in_array($cert['refid'], $config['system']['user'][$userid]['cert']))
727			continue;
728			$ca = lookup_ca($cert['caref']);
729			if ($ca)
730	f2a86ca9	jim-p	$caname = " (CA: {$ca['descr']})";
731	ad9b5c67	jim-p	if ($pconfig['certref'] == $cert['refid'])
732			$selected = "selected";
733			if (cert_in_use($cert['refid']))
734			$inuse = " *In Use";
735	6a0b3ea4	jim-p	if (is_cert_revoked($cert))
736			$revoked = " *Revoked";
737	ad9b5c67	jim-p	?>
738	6a0b3ea4	jim-p	<option value="<?=$cert['refid'];?>" <?=$selected;?>><?=$cert['descr'] . $caname . $inuse . $revoked;?></option>
739	ad9b5c67	jim-p	<?php endforeach; ?>
740			</select>
741			</td>
742			</tr>
743			</table>
744
745	96c7a492	Matthew Grooms	<table width="100%" border="0" cellpadding="6" cellspacing="0">
746			<tr>
747			<td width="22%" valign="top"> </td>
748			<td width="78%">
749	e64aa6f8	Carlos Eduardo Ramos	<input id="submit" name="save" type="submit" class="formbtn" value="<?=gettext("Save");?>" />
750	96c7a492	Matthew Grooms	<?php if (isset($id) && $a_cert[$id]): ?>
751			<input name="id" type="hidden" value="<?=$id;?>" />
752			<?php endif;?>
753			</td>
754			</tr>
755			</table>
756			</form>
757
758	e64aa6f8	Carlos Eduardo Ramos	<?php elseif ($act == "csr" \|\| (($_POST['save'] == gettext("Update")) && $input_errors)):?>
759	96c7a492	Matthew Grooms
760			<form action="system_certmanager.php" method="post" name="iform" id="iform">
761			<table width="100%" border="0" cellpadding="6" cellspacing="0">
762			<tr>
763			<td width="22%" valign="top" class="vncellreq"><?=gettext("Descriptive name");?></td>
764			<td width="78%" class="vtable">
765	f2a86ca9	jim-p	<input name="descr" type="text" class="formfld unknown" id="descr" size="20" value="<?=htmlspecialchars($pconfig['descr']);?>"/>
766	96c7a492	Matthew Grooms	</td>
767			</tr>
768			<tr>
769			<td colspan="2" class="list" height="12"></td>
770			</tr>
771			<tr>
772	a37753d7	Vinicius Coque	<td colspan="2" valign="top" class="listtopic"><?=gettext("Complete Signing Request");?></td>
773	96c7a492	Matthew Grooms	</tr>
774
775			<tr>
776	a37753d7	Vinicius Coque	<td width="22%" valign="top" class="vncellreq"><?=gettext("Signing Request data");?></td>
777	96c7a492	Matthew Grooms	<td width="78%" class="vtable">
778	dd5bf424	Scott Ullrich	<textarea name="csr" id="csr" cols="65" rows="7" class="formfld_cert" readonly><?=htmlspecialchars($pconfig['csr']);?></textarea>
779	96c7a492	Matthew Grooms	<br>
780	a37753d7	Vinicius Coque	<?=gettext("Copy the certificate signing data from here and forward it to your certificate authority for signing.");?></td>
781	96c7a492	Matthew Grooms	</td>
782			</tr>
783			<tr>
784	a37753d7	Vinicius Coque	<td width="22%" valign="top" class="vncellreq"><?=gettext("Final Certificate data");?></td>
785	96c7a492	Matthew Grooms	<td width="78%" class="vtable">
786	dd5bf424	Scott Ullrich	<textarea name="cert" id="cert" cols="65" rows="7" class="formfld_cert"><?=htmlspecialchars($pconfig['cert']);?></textarea>
787	96c7a492	Matthew Grooms	<br>
788	1dfb7795	Chris Buechler	<?=gettext("Paste the certificate received from your certificate authority here.");?></td>
789	96c7a492	Matthew Grooms	</td>
790			</tr>
791			<tr>
792			<td width="22%" valign="top"> </td>
793			<td width="78%">
794	a828210b	yakatz	<?php /* if ( isset($subject_mismatch) && $subject_mismatch === true): ?>
795	e2e934e0	yakatz	<input id="ignoresubjectmismatch" name="ignoresubjectmismatch" type="checkbox" class="formbtn" value="yes" />
796			<label for="ignoresubjectmismatch"><strong><?=gettext("Ignore certificate subject mismatch"); ?></strong></label><br />
797			<?php echo gettext("Warning: Using this option may create an " .
798			"invalid certificate. Check this box to disable the request -> " .
799			"response subject verification. ");
800			?><br/>
801	a828210b	yakatz	<?php endif; */ ?>
802	e64aa6f8	Carlos Eduardo Ramos	<input id="submit" name="save" type="submit" class="formbtn" value="<?=gettext("Update");?>" />
803	96c7a492	Matthew Grooms	<?php if (isset($id) && $a_cert[$id]): ?>
804			<input name="id" type="hidden" value="<?=$id;?>" />
805			<input name="act" type="hidden" value="csr" />
806			<?php endif;?>
807			</td>
808			</tr>
809			</table>
810			</form>
811
812			<?php else:?>
813
814			<table width="100%" border="0" cellpadding="0" cellspacing="0">
815	64cc39d3	Matthew Grooms	<tr>
816	d590fa20	jim-p	<td width="15%" class="listhdrr"><?=gettext("Name");?></td>
817			<td width="15%" class="listhdrr"><?=gettext("Issuer");?></td>
818	a37753d7	Vinicius Coque	<td width="40%" class="listhdrr"><?=gettext("Distinguished Name");?></td>
819	d590fa20	jim-p	<td width="10%" class="listhdrr"><?=gettext("In Use");?></td>
820	96c7a492	Matthew Grooms	<td width="10%" class="list"></td>
821	64cc39d3	Matthew Grooms	</tr>
822	96c7a492	Matthew Grooms	<?php
823			$i = 0;
824			foreach($a_cert as $cert):
825	f2a86ca9	jim-p	$name = htmlspecialchars($cert['descr']);
826	a828210b	yakatz
827	96c7a492	Matthew Grooms	if ($cert['crt']) {
828	2cf6ddcb	Nigel Graham	$subj = cert_get_subject($cert['crt']);
829			$issuer = cert_get_issuer($cert['crt']);
830			if($subj==$issuer)
831	a37753d7	Vinicius Coque	$caname = "<em>" . gettext("self-signed") . "</em>";
832	2cf6ddcb	Nigel Graham	else
833	a37753d7	Vinicius Coque	$caname = "<em>" . gettext("external"). "</em>";
834	2cf6ddcb	Nigel Graham	$subj = htmlspecialchars($subj);
835	96c7a492	Matthew Grooms	}
836
837			if ($cert['csr']) {
838			$subj = htmlspecialchars(csr_get_subject($cert['csr']));
839	a37753d7	Vinicius Coque	$caname = "<em>" . gettext("external - signature pending") . "</em>";
840	96c7a492	Matthew Grooms	}
841
842			$ca = lookup_ca($cert['caref']);
843			if ($ca)
844	f2a86ca9	jim-p	$caname = $ca['descr'];
845	96c7a492	Matthew Grooms
846			if($cert['prv'])
847			$certimg = "/themes/{$g['theme']}/images/icons/icon_frmfld_cert.png";
848			else
849			$certimg = "/themes/{$g['theme']}/images/icons/icon_frmfld_cert.png";
850			?>
851	64cc39d3	Matthew Grooms	<tr>
852	96c7a492	Matthew Grooms	<td class="listlr">
853			<table border="0" cellpadding="0" cellspacing="0">
854	64cc39d3	Matthew Grooms	<tr>
855	96c7a492	Matthew Grooms	<td align="left" valign="center">
856			<img src="<?=$certimg;?>" alt="CA" title="CA" border="0" height="16" width="16" />
857	64cc39d3	Matthew Grooms	</td>
858	96c7a492	Matthew Grooms	<td align="left" valign="middle">
859			<?=$name;?>
860	64cc39d3	Matthew Grooms	</td>
861			</tr>
862			</table>
863			</td>
864	96c7a492	Matthew Grooms	<td class="listr"><?=$caname;?> </td>
865			<td class="listr"><?=$subj;?> </td>
866	d590fa20	jim-p	<td class="listr">
867	150bbe09	jim-p	<?php if (is_cert_revoked($cert)): ?>
868			<b>Revoked</b><br/>
869			<?php endif; ?>
870	d590fa20	jim-p	<?php if (is_webgui_cert($cert['refid'])): ?>
871			webConfigurator<br/>
872			<?php endif; ?>
873			<?php if (is_user_cert($cert['refid'])): ?>
874			User Cert<br/>
875			<?php endif; ?>
876			<?php if (is_openvpn_server_cert($cert['refid'])): ?>
877			OpenVPN Server<br/>
878			<?php endif; ?>
879			<?php if (is_openvpn_client_cert($cert['refid'])): ?>
880			OpenVPN Client<br/>
881			<?php endif; ?>
882			<?php if (is_ipsec_cert($cert['refid'])): ?>
883			IPsec Tunnel<br/>
884			<?php endif; ?>
885			</td>
886	96c7a492	Matthew Grooms	<td valign="middle" nowrap class="list">
887	ea53e38f	Renato Botelho	<a href="system_certmanager.php?act=exp&id=<?=$i;?>">
888	a37753d7	Vinicius Coque	<img src="/themes/<?= $g['theme'];?>/images/icons/icon_down.gif" title="<?=gettext("export cert");?>" alt="<?=gettext("export ca");?>" width="17" height="17" border="0" />
889	96c7a492	Matthew Grooms	</a>
890	ea53e38f	Renato Botelho	<a href="system_certmanager.php?act=key&id=<?=$i;?>">
891	a37753d7	Vinicius Coque	<img src="/themes/<?= $g['theme'];?>/images/icons/icon_down.gif" title="<?=gettext("export key");?>" alt="<?=gettext("export ca");?>" width="17" height="17" border="0" />
892	73fbece8	mgrooms	</a>
893	0879599c	jim-p	<?php if (!cert_in_use($cert['refid'])): ?>
894	a828210b	yakatz	<a href="system_certmanager.php?act=del&id=<?=$i;?>" onClick="return confirm('<?=gettext("Do you really want to delete this Certificate?");?>')">
895	a37753d7	Vinicius Coque	<img src="/themes/<?= $g['theme'];?>/images/icons/icon_x.gif" title="<?=gettext("delete cert");?>" alt="<?=gettext("delete cert");?>" width="17" height="17" border="0" />
896	96c7a492	Matthew Grooms	</a>
897	0879599c	jim-p	<?php endif; ?>
898	96c7a492	Matthew Grooms	<?php if ($cert['csr']): ?>
899
900			<a href="system_certmanager.php?act=csr&id=<?=$i;?>">
901	a37753d7	Vinicius Coque	<img src="/themes/<?= $g['theme'];?>/images/icons/icon_e.gif" title="<?=gettext("update csr");?>" alt="<?=gettext("update csr");?>" width="17" height="17" border="0" />
902	96c7a492	Matthew Grooms	</a>
903			<?php endif; ?>
904	64cc39d3	Matthew Grooms	</td>
905			</tr>
906	96c7a492	Matthew Grooms	<?php
907			$i++;
908			endforeach;
909			?>
910	64cc39d3	Matthew Grooms	<tr>
911	0879599c	jim-p	<td class="list" colspan="4"></td>
912	96c7a492	Matthew Grooms	<td class="list">
913			<a href="system_certmanager.php?act=new">
914	a37753d7	Vinicius Coque	<img src="/themes/<?= $g['theme'];?>/images/icons/icon_plus.gif" title="<?=gettext("add or import ca");?>" alt="<?=gettext("add ca");?>" width="17" height="17" border="0" />
915	96c7a492	Matthew Grooms	</a>
916	64cc39d3	Matthew Grooms	</td>
917			</tr>
918	0879599c	jim-p	<tr>
919			<td> </td>
920			<td colspan="3">NOTE: You can only delete a certificate if it is not currently in use.</td>
921			</tr>
922	64cc39d3	Matthew Grooms	</table>
923
924	96c7a492	Matthew Grooms	<?php endif; ?>
925	64cc39d3	Matthew Grooms
926	96c7a492	Matthew Grooms	</div>
927	64cc39d3	Matthew Grooms	</td>
928			</tr>
929			</table>
930			<?php include("fend.inc");?>
931			<script type="text/javascript">
932			<!--
933
934			method_change();
935			internalca_change();
936
937			//-->
938			</script>
939
940			</body>

Project

General

Profile

pfSense