Project

General

Profile

Download (35.7 KB) Statistics
| Branch: | Tag: | Revision:
1
<?php
2
/*
3
    system_certmanager.php
4

    
5
    Copyright (C) 2008 Shrew Soft Inc.
6
    All rights reserved.
7

    
8
    Redistribution and use in source and binary forms, with or without
9
    modification, are permitted provided that the following conditions are met:
10

    
11
    1. Redistributions of source code must retain the above copyright notice,
12
       this list of conditions and the following disclaimer.
13

    
14
    2. Redistributions in binary form must reproduce the above copyright
15
       notice, this list of conditions and the following disclaimer in the
16
       documentation and/or other materials provided with the distribution.
17

    
18
    THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
19
    INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
20
    AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
21
    AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
22
    OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
23
    SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
24
    INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
25
    CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
26
    ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
27
    POSSIBILITY OF SUCH DAMAGE.
28
*/
29
/*
30
	pfSense_MODULE:	certificate_managaer
31
*/
32

    
33
##|+PRIV
34
##|*IDENT=page-system-certmanager
35
##|*NAME=System: Certificate Manager
36
##|*DESCR=Allow access to the 'System: Certificate Manager' page.
37
##|*MATCH=system_certmanager.php*
38
##|-PRIV
39

    
40
require("guiconfig.inc");
41
require_once("certs.inc");
42

    
43
$cert_methods = array(
44
	"import" => gettext("Import an existing Certificate"),
45
	"internal" => gettext("Create an internal Certificate"),
46
	"external" => gettext("Create a Certificate Signing Request"),
47
);
48

    
49
$cert_keylens = array( "512", "1024", "2048", "4096");
50
$cert_types = array(	"ca" => "Certificate Authority",
51
			"server" => "Server Certificate",
52
			"user" => "User Certificate");
53

    
54
$pgtitle = array(gettext("System"), gettext("Certificate Manager"));
55

    
56
$userid = $_GET['userid'];
57
if (isset($_POST['userid']))
58
	$userid = $_POST['userid'];
59
if (is_numeric($userid)) {
60
	$cert_methods["existing"] = gettext("Choose an existing certificate");
61
	if (!is_array($config['system']['user']))
62
		$config['system']['user'] = array();
63
	$a_user =& $config['system']['user'];
64
}
65

    
66
$id = $_GET['id'];
67
if (isset($_POST['id']))
68
	$id = $_POST['id'];
69

    
70
if (!is_array($config['ca']))
71
	$config['ca'] = array();
72

    
73
$a_ca =& $config['ca'];
74

    
75
if (!is_array($config['cert']))
76
	$config['cert'] = array();
77

    
78
$a_cert =& $config['cert'];
79

    
80
$internal_ca_count = 0;
81
foreach ($a_ca as $ca)
82
	if ($ca['prv'])	
83
		$internal_ca_count++;
84

    
85
$act = $_GET['act'];
86
if ($_POST['act'])
87
	$act = $_POST['act'];
88

    
89
if ($act == "del") {
90

    
91
	if (!$a_cert[$id]) {
92
		pfSenseHeader("system_certmanager.php");
93
		exit;
94
	}
95

    
96
	$name = $a_cert[$id]['descr'];
97
	unset($a_cert[$id]);
98
	write_config();
99
	$savemsg = sprintf(gettext("Certificate %s successfully deleted"), $name) . "<br/>";
100
	pfSenseHeader("system_certmanager.php");
101
	exit;
102
}
103

    
104
if ($act == "new") {
105
	$pconfig['method'] = $_GET['method'];
106
	$pconfig['keylen'] = "2048";
107
	$pconfig['type'] = "user";
108
	$pconfig['lifetime'] = "3650";
109
}
110

    
111
if ($act == "exp") {
112

    
113
	if (!$a_cert[$id]) {
114
		pfSenseHeader("system_certmanager.php");
115
		exit;
116
	}
117

    
118
	$exp_name = urlencode("{$a_cert[$id]['descr']}.crt");
119
	$exp_data = base64_decode($a_cert[$id]['crt']);
120
	$exp_size = strlen($exp_data);
121

    
122
	header("Content-Type: application/octet-stream");
123
	header("Content-Disposition: attachment; filename={$exp_name}");
124
	header("Content-Length: $exp_size");
125
	echo $exp_data;
126
	exit;
127
}
128

    
129
if ($act == "key") {
130

    
131
	if (!$a_cert[$id]) {
132
		pfSenseHeader("system_certmanager.php");
133
		exit;
134
	}
135

    
136
	$exp_name = urlencode("{$a_cert[$id]['descr']}.key");
137
	$exp_data = base64_decode($a_cert[$id]['prv']);
138
	$exp_size = strlen($exp_data);
139

    
140
	header("Content-Type: application/octet-stream");
141
	header("Content-Disposition: attachment; filename={$exp_name}");
142
	header("Content-Length: $exp_size");
143
	echo $exp_data;
144
	exit;
145
}
146

    
147
if ($act == "p12") {
148
	if (!$a_cert[$id]) {
149
		pfSenseHeader("system_certmanager.php");
150
		exit;
151
	}
152

    
153
	$exp_name = urlencode("{$a_cert[$id]['descr']}.p12");
154

    
155
	$res_crt = openssl_x509_read(base64_decode($a_cert[$id]['crt']));
156
	$res_key = openssl_pkey_get_private(array(0 => base64_decode($a_cert[$id]['prv']) , 1 => ""));
157

    
158
	$exp_data = "";
159
	openssl_pkcs12_export($res_crt, $exp_data, $res_key, null);
160
	$exp_size = strlen($exp_data);
161

    
162
	header("Content-Type: application/octet-stream");
163
	header("Content-Disposition: attachment; filename={$exp_name}");
164
	header("Content-Length: $exp_size");
165
	echo $exp_data;
166
	exit;
167
}
168

    
169
if ($act == "csr") {
170

    
171
	if (!$a_cert[$id]) {
172
		pfSenseHeader("system_certmanager.php");
173
		exit;
174
	}
175

    
176
	$pconfig['descr'] = $a_cert[$id]['descr'];
177
	$pconfig['csr'] = base64_decode($a_cert[$id]['csr']);
178
}
179

    
180
if ($_POST) {
181
	if ($_POST['save'] == gettext("Save")) {
182
		$input_errors = array();
183
		$pconfig = $_POST;
184

    
185
		/* input validation */
186
		if ($pconfig['method'] == "import") {
187
			$reqdfields = explode(" ",
188
					"descr cert key");
189
			$reqdfieldsn = array(
190
					gettext("Descriptive name"),
191
					gettext("Certificate data"),
192
					gettext("Key data"));
193
			if ($_POST['cert'] && (!strstr($_POST['cert'], "BEGIN CERTIFICATE") || !strstr($_POST['cert'], "END CERTIFICATE")))
194
				$input_errors[] = gettext("This certificate does not appear to be valid.");
195
		}
196

    
197
		if ($pconfig['method'] == "internal") {
198
			$reqdfields = explode(" ",
199
					"descr caref keylen type lifetime dn_country dn_state dn_city ".
200
					"dn_organization dn_email dn_commonname");
201
			$reqdfieldsn = array(
202
					gettext("Descriptive name"),
203
					gettext("Certificate authority"),
204
					gettext("Key length"),
205
					gettext("Certificate Type"),
206
					gettext("Lifetime"),
207
					gettext("Distinguished name Country Code"),
208
					gettext("Distinguished name State or Province"),
209
					gettext("Distinguished name City"),
210
					gettext("Distinguished name Organization"),
211
					gettext("Distinguished name Email Address"),
212
					gettext("Distinguished name Common Name"));
213
		}
214

    
215
		if ($pconfig['method'] == "external") {
216
			$reqdfields = explode(" ",
217
					"descr csr_keylen csr_dn_country csr_dn_state csr_dn_city ".
218
					"csr_dn_organization csr_dn_email csr_dn_commonname");
219
			$reqdfieldsn = array(
220
					gettext("Descriptive name"),
221
					gettext("Key length"),
222
					gettext("Distinguished name Country Code"),
223
					gettext("Distinguished name State or Province"),
224
					gettext("Distinguished name City"),
225
					gettext("Distinguished name Organization"),
226
					gettext("Distinguished name Email Address"),
227
					gettext("Distinguished name Common Name"));
228
		}
229

    
230
		if ($pconfig['method'] == "existing") {
231
			$reqdfields = array("certref");
232
			$reqdfieldsn = array(gettext("Existing Certificate Choice"));
233
		}
234

    
235
		do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
236
		if ($pconfig['method'] != "import")
237
			/* Make sure we do not have invalid characters in the fields for the certificate */
238
			for ($i = 0; $i < count($reqdfields); $i++) {
239
				if (preg_match('/email/', $reqdfields[$i])){ /* dn_email or csr_dn_name */
240
				 	if (preg_match("/[\!\#\$\%\^\(\)\~\?\>\<\&\/\\\,\"\']/", $_POST["$reqdfields[$i]"]))
241
						array_push($input_errors, "The field 'Distinguished name Email Address' contains invalid characters.");
242
				}else if (preg_match('/commonname/', $reqdfields[$i])){ /* dn_commonname or csr_dn_commonname */
243
					if (preg_match("/[\!\@\#\$\%\^\(\)\~\?\>\<\&\/\\\,\"\']/", $_POST["$reqdfields[$i]"]))
244
						array_push($input_errors, "The field 'Distinguished name Common Name' contains invalid characters.");
245
				}else if (preg_match("/[\!\@\#\$\%\^\(\)\~\?\>\<\&\/\\\,\.\"\']/", $_POST["$reqdfields[$i]"]))
246
					array_push($input_errors, "The field '" . $reqdfieldsn[$i] . "' contains invalid characters.");
247
			}
248

    
249
		/* if this is an AJAX caller then handle via JSON */
250
		if (isAjax() && is_array($input_errors)) {
251
			input_errors2Ajax($input_errors);
252
			exit;
253
		}
254

    
255
		/* save modifications */
256
		if (!$input_errors) {
257

    
258
			if ($pconfig['method'] == "existing") {
259
				$cert = lookup_cert($pconfig['certref']);
260
				if ($cert && $a_user)
261
					$a_user[$userid]['cert'][] = $cert['refid'];
262
			} else {
263
				$cert = array();
264
				$cert['refid'] = uniqid();
265
				if (isset($id) && $a_cert[$id])
266
					$cert = $a_cert[$id];
267

    
268
				$cert['descr'] = $pconfig['descr'];
269

    
270
				$old_err_level = error_reporting(0); /* otherwise openssl_ functions throw warings directly to a page screwing menu tab */
271

    
272
				if ($pconfig['method'] == "import")
273
					cert_import($cert, $pconfig['cert'], $pconfig['key']);
274

    
275
				if ($pconfig['method'] == "internal") {
276
					$dn = array(
277
						'countryName' => $pconfig['dn_country'],
278
						'stateOrProvinceName' => $pconfig['dn_state'],
279
						'localityName' => $pconfig['dn_city'],
280
						'organizationName' => $pconfig['dn_organization'],
281
						'emailAddress' => $pconfig['dn_email'],
282
						'commonName' => $pconfig['dn_commonname']);
283
	
284
					if (!cert_create($cert, $pconfig['caref'], $pconfig['keylen'],
285
						$pconfig['lifetime'], $dn, $pconfig['type'])){
286
						while($ssl_err = openssl_error_string()){
287
							$input_errors = array();
288
							array_push($input_errors, "openssl library returns: " . $ssl_err);
289
						}
290
					}
291
				}
292

    
293
				if ($pconfig['method'] == "external") {
294
					$dn = array(
295
						'countryName' => $pconfig['csr_dn_country'],
296
						'stateOrProvinceName' => $pconfig['csr_dn_state'],
297
						'localityName' => $pconfig['csr_dn_city'],
298
						'organizationName' => $pconfig['csr_dn_organization'],
299
						'emailAddress' => $pconfig['csr_dn_email'],
300
						'commonName' => $pconfig['csr_dn_commonname']);
301

    
302
					if(!csr_generate($cert, $pconfig['csr_keylen'], $dn)){
303
						while($ssl_err = openssl_error_string()){
304
							$input_errors = array();
305
							array_push($input_errors, "openssl library returns: " . $ssl_err);
306
						}
307
					}
308
				}
309
				error_reporting($old_err_level);
310

    
311
				if (isset($id) && $a_cert[$id])
312
					$a_cert[$id] = $cert;
313
				else
314
					$a_cert[] = $cert;
315
				if (isset($a_user) && isset($userid))
316
					$a_user[$userid]['cert'][] = $cert['refid'];
317
			}
318

    
319
			if (!$input_errors)
320
				write_config();
321

    
322
			if ($userid)
323
				pfSenseHeader("system_usermanager.php?act=edit&id={$userid}");
324
		}
325
	}
326

    
327
	if ($_POST['save'] == gettext("Update")) {
328
		unset($input_errors);
329
		$pconfig = $_POST;
330

    
331
		/* input validation */
332
		$reqdfields = explode(" ", "descr cert");
333
		$reqdfieldsn = array(
334
			gettext("Descriptive name"),
335
			gettext("Final Certificate data"));
336

    
337
		do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
338

    
339
//		old way
340
		/* make sure this csr and certificate subjects match */
341
//		$subj_csr = csr_get_subject($pconfig['csr'], false);
342
//		$subj_cert = cert_get_subject($pconfig['cert'], false);
343
//
344
//		if ( !isset($_POST['ignoresubjectmismatch']) && !($_POST['ignoresubjectmismatch'] == "yes") ) {
345
//			if (strcmp($subj_csr,$subj_cert)) {
346
//				$input_errors[] = sprintf(gettext("The certificate subject '%s' does not match the signing request subject."),$subj_cert);
347
//				$subject_mismatch = true;
348
//			}
349
//		}
350
		$mod_csr  =  csr_get_modulus($pconfig['csr'], false);
351
		$mod_cert = cert_get_modulus($pconfig['cert'], false);
352
		
353
		if (strcmp($mod_csr,$mod_cert)) {
354
			// simply: if the moduli don't match, then the private key and public key won't match
355
			$input_errors[] = sprintf(gettext("The certificate modulus does not match the signing request modulus."),$subj_cert);
356
			$subject_mismatch = true;
357
		}
358

    
359
		/* if this is an AJAX caller then handle via JSON */
360
		if (isAjax() && is_array($input_errors)) {
361
			input_errors2Ajax($input_errors);
362
			exit;
363
		}
364

    
365
		/* save modifications */
366
		if (!$input_errors) {
367

    
368
			$cert = $a_cert[$id];
369

    
370
			$cert['descr'] = $pconfig['descr'];
371

    
372
			csr_complete($cert, $pconfig['cert']);
373

    
374
			$a_cert[$id] = $cert;
375

    
376
			write_config();
377

    
378
			pfSenseHeader("system_certmanager.php");
379
		}
380
	}
381
}
382

    
383
include("head.inc");
384
?>
385

    
386
<body link="#000000" vlink="#000000" alink="#000000" onLoad="<?= $jsevents["body"]["onload"] ?>">
387
<?php include("fbegin.inc"); ?>
388
<script type="text/javascript">
389
<!--
390

    
391
function method_change() {
392

    
393
<?php
394
	if ($internal_ca_count)
395
		$submit_style = "";
396
	else
397
		$submit_style = "none";
398
?>
399

    
400
	method = document.iform.method.selectedIndex;
401

    
402
	switch (method) {
403
		case 0:
404
			document.getElementById("import").style.display="";
405
			document.getElementById("internal").style.display="none";
406
			document.getElementById("external").style.display="none";
407
			document.getElementById("existing").style.display="none";
408
			document.getElementById("descriptivename").style.display="";
409
			document.getElementById("submit").style.display="";
410
			break;
411
		case 1:
412
			document.getElementById("import").style.display="none";
413
			document.getElementById("internal").style.display="";
414
			document.getElementById("external").style.display="none";
415
			document.getElementById("existing").style.display="none";
416
			document.getElementById("descriptivename").style.display="";
417
			document.getElementById("submit").style.display="<?=$submit_style;?>";
418
			break;
419
		case 2:
420
			document.getElementById("import").style.display="none";
421
			document.getElementById("internal").style.display="none";
422
			document.getElementById("external").style.display="";
423
			document.getElementById("existing").style.display="none";
424
			document.getElementById("descriptivename").style.display="";
425
			document.getElementById("submit").style.display="";
426
			break;
427
		case 3:
428
			document.getElementById("import").style.display="none";
429
			document.getElementById("internal").style.display="none";
430
			document.getElementById("external").style.display="none";
431
			document.getElementById("existing").style.display="";
432
			document.getElementById("descriptivename").style.display="none";
433
			document.getElementById("submit").style.display="";
434
			break;
435
	}
436
}
437

    
438
<?php if ($internal_ca_count): ?>
439
function internalca_change() {
440

    
441
	index = document.iform.caref.selectedIndex;
442
	caref = document.iform.caref[index].value;
443

    
444
	switch (caref) {
445
<?php
446
		foreach ($a_ca as $ca):
447
			if (!$ca['prv'])
448
				continue;
449
			$subject = cert_get_subject_array($ca['crt']);
450
?>
451
		case "<?=$ca['refid'];?>":
452
			document.iform.dn_country.value = "<?=$subject[0]['v'];?>";
453
			document.iform.dn_state.value = "<?=$subject[1]['v'];?>";
454
			document.iform.dn_city.value = "<?=$subject[2]['v'];?>";
455
			document.iform.dn_organization.value = "<?=$subject[3]['v'];?>";
456
			document.iform.dn_email.value = "<?=$subject[4]['v'];?>";
457
			break;
458
<?php	endforeach; ?>
459
	}
460
}
461
<?php endif; ?>
462

    
463
//-->
464
</script>
465
<?php
466
	if ($input_errors)
467
		print_input_errors($input_errors);
468
	if ($savemsg)
469
		print_info_box($savemsg);
470

    
471
        // Load valid country codes
472
        $dn_cc = array();
473
        if (file_exists("/etc/ca_countries")){
474
                $dn_cc_file=file("/etc/ca_countries");
475
                foreach($dn_cc_file as $line)
476
                        if (preg_match('/^(\S*)\s(.*)$/', $line, $matches))
477
                                array_push($dn_cc, $matches[1]);
478
        }
479
?>
480
<table width="100%" border="0" cellpadding="0" cellspacing="0">
481
	<tr>
482
		<td class="tabnavtbl">
483
		<?php
484
			$tab_array = array();
485
			$tab_array[] = array(gettext("CAs"), false, "system_camanager.php");
486
			$tab_array[] = array(gettext("Certificates"), true, "system_certmanager.php");
487
			$tab_array[] = array(gettext("Certificate Revocation"), false, "system_crlmanager.php");
488
			display_top_tabs($tab_array);
489
		?>
490
		</td>
491
	</tr>
492
	<tr>
493
		<td id="mainarea">
494
			<div class="tabcont">
495

    
496
				<?php if ($act == "new" || (($_POST['save'] == gettext("Save")) && $input_errors)): ?>
497

    
498
				<form action="system_certmanager.php" method="post" name="iform" id="iform">
499
					<table width="100%" border="0" cellpadding="6" cellspacing="0">
500
						<?php if (!isset($id)): ?>
501
						<tr>
502
							<td width="22%" valign="top" class="vncellreq"><?=gettext("Method");?></td>
503
							<td width="78%" class="vtable">
504
								<select name='method' id='method' class="formselect" onchange='method_change()'>
505
								<?php
506
									foreach($cert_methods as $method => $desc):
507
									$selected = "";
508
									if ($pconfig['method'] == $method)
509
										$selected = "selected";
510
								?>
511
									<option value="<?=$method;?>"<?=$selected;?>><?=$desc;?></option>
512
								<?php endforeach; ?>
513
								</select>
514
							</td>
515
						</tr>
516
						<?php endif; ?>
517
						<tr id="descriptivename">
518
							<?php
519
							if ($a_user && empty($pconfig['descr']))
520
								$pconfig['descr'] = $a_user[$userid]['name'];
521
							?>
522
							<td width="22%" valign="top" class="vncellreq"><?=gettext("Descriptive name");?></td>
523
							<td width="78%" class="vtable">
524
								<input name="descr" type="text" class="formfld unknown" id="descr" size="20" value="<?=htmlspecialchars($pconfig['descr']);?>"/>
525
							</td>
526
						</tr>
527
					</table>
528

    
529
					<table width="100%" border="0" cellpadding="6" cellspacing="0" id="import">
530
						<tr>
531
							<td colspan="2" class="list" height="12"></td>
532
						</tr>
533
						<tr>
534
							<td colspan="2" valign="top" class="listtopic"><?=gettext("Import Certificate");?></td>
535
						</tr>
536

    
537
						<tr>
538
							<td width="22%" valign="top" class="vncellreq"><?=gettext("Certificate data");?></td>
539
							<td width="78%" class="vtable">
540
								<textarea name="cert" id="cert" cols="65" rows="7" class="formfld_cert"><?=htmlspecialchars($pconfig['cert']);?></textarea>
541
								<br>
542
									<?=gettext("Paste a certificate in X.509 PEM format here.");?></td>
543
							</td>
544
						</tr>
545
						<tr>
546
							<td width="22%" valign="top" class="vncellreq"><?=gettext("Private key data");?></td>
547
							<td width="78%" class="vtable">
548
								<textarea name="key" id="key" cols="65" rows="7" class="formfld_cert"><?=htmlspecialchars($pconfig['key']);?></textarea>
549
								<br>
550
								<?=gettext("Paste a private key in X.509 PEM format here.");?></td>
551
							</td>
552
						</tr>
553
					</table>
554

    
555
					<table width="100%" border="0" cellpadding="6" cellspacing="0" id="internal">
556
						<tr>
557
							<td colspan="2" class="list" height="12"></td>
558
						</tr>
559
						<tr>
560
							<td colspan="2" valign="top" class="listtopic"><?=gettext("Internal Certificate");?></td>
561
						</tr>
562

    
563
						<?php if (!$internal_ca_count): ?>
564

    
565
						<tr>
566
							<td colspan="2" align="center" class="vtable">
567
								<?=gettext("No internal Certificate Authorities have been defined. You must");?>
568
								<a href="system_camanager.php?act=new&method=internal"><?=gettext("create");?></a>
569
								<?=gettext("an internal CA before creating an internal certificate.");?>
570
							</td>
571
						</tr>
572

    
573
						<?php else: ?>
574

    
575
						<tr>
576
							<td width="22%" valign="top" class="vncellreq"><?=gettext("Certificate authority");?></td>
577
							<td width="78%" class="vtable">
578
								<select name='caref' id='caref' class="formselect" onChange='internalca_change()'>
579
								<?php
580
									foreach( $a_ca as $ca):
581
									if (!$ca['prv'])
582
										continue;
583
									$selected = "";
584
									if ($pconfig['caref'] == $ca['refid'])
585
										$selected = "selected";
586
								?>
587
									<option value="<?=$ca['refid'];?>"<?=$selected;?>><?=$ca['descr'];?></option>
588
								<?php endforeach; ?>
589
								</select>
590
							</td>
591
						</tr>
592
						<tr>
593
							<td width="22%" valign="top" class="vncellreq"><?=gettext("Key length");?></td>
594
							<td width="78%" class="vtable">
595
								<select name='keylen' class="formselect">
596
								<?php
597
									foreach( $cert_keylens as $len):
598
									$selected = "";
599
									if ($pconfig['keylen'] == $len)
600
										$selected = "selected";
601
								?>
602
									<option value="<?=$len;?>"<?=$selected;?>><?=$len;?></option>
603
								<?php endforeach; ?>
604
								</select>
605
								<?=gettext("bits");?>
606
							</td>
607
						</tr>
608
						<tr>
609
							<td width="22%" valign="top" class="vncellreq"><?=gettext("Certificate Type");?></td>
610
							<td width="78%" class="vtable">
611
								<select name='type' class="formselect">
612
								<?php
613
									foreach( $cert_types as $ct => $ctdesc ):
614
									$selected = "";
615
									if ($pconfig['type'] == $ct)
616
										$selected = "selected";
617
								?>
618
									<option value="<?=$ct;?>"<?=$selected;?>><?=$ctdesc;?></option>
619
								<?php endforeach; ?>
620
								</select>
621
								<br/>
622
								<?=gettext("Type of certificate to generate. Used for placing restrictions on the usage of the generated certificate.");?>
623
							</td>
624
						</tr>
625
						<tr>
626
							<td width="22%" valign="top" class="vncellreq"><?=gettext("Lifetime");?></td>
627
							<td width="78%" class="vtable">
628
								<input name="lifetime" type="text" class="formfld unknown" id="lifetime" size="5" value="<?=htmlspecialchars($pconfig['lifetime']);?>"/>
629
								<?=gettext("days");?>
630
							</td>
631
						</tr>
632
						<tr>
633
							<td width="22%" valign="top" class="vncellreq"><?=gettext("Distinguished name");?></td>
634
							<td width="78%" class="vtable">
635
								<table border="0" cellspacing="0" cellpadding="2">
636
									<tr>
637
										<td align="right"><?=gettext("Country Code");?> : &nbsp;</td>
638
										<td align="left">
639
											<input name="dn_country" type="text" class="formfld unknown" maxlength="2" size="2" value="<?=htmlspecialchars($pconfig['dn_country']);?>"/>
640
										</td>
641
									</tr>
642
									<tr>
643
										<td align="right"><?=gettext("State or Province");?> : &nbsp;</td>
644
										<td align="left">
645
											<input name="dn_state" type="text" class="formfld unknown" size="40" value="<?=htmlspecialchars($pconfig['dn_state']);?>"/>
646
										</td>
647
									</tr>
648
									<tr>
649
										<td align="right"><?=gettext("City");?> : &nbsp;</td>
650
										<td align="left">
651
											<input name="dn_city" type="text" class="formfld unknown" size="40" value="<?=htmlspecialchars($pconfig['dn_city']);?>"/>
652
										</td>
653
									</tr>
654
									<tr>
655
										<td align="right"><?=gettext("Organization");?> : &nbsp;</td>
656
										<td align="left">
657
											<input name="dn_organization" type="text" class="formfld unknown" size="40" value="<?=htmlspecialchars($pconfig['dn_organization']);?>"/>
658
										</td>
659
									</tr>
660
									<tr>
661
										<td align="right"><?=gettext("Email Address");?> : &nbsp;</td>
662
										<td align="left">
663
											<input name="dn_email" type="text" class="formfld unknown" size="25" value="<?=htmlspecialchars($pconfig['dn_email']);?>"/>
664
											&nbsp;
665
											<em>ex:</em>
666
											&nbsp;
667
											<?=gettext("webadmin@mycompany.com");?>
668
										</td>
669
									</tr>
670
									<tr>
671
										<td align="right"><?=gettext("Common Name");?> : &nbsp;</td>
672
										<td align="left">
673
											<?php
674
											if ($a_user && empty($pconfig['dn_commonname']))
675
												$pconfig['dn_commonname'] = $a_user[$userid]['name'];
676
											?>
677
											<input name="dn_commonname" type="text" class="formfld unknown" size="25" value="<?=htmlspecialchars($pconfig['dn_commonname']);?>"/>
678
											&nbsp;
679
											<em>ex:</em>
680
											&nbsp;
681
											<?=gettext("www.example.com");?>
682
										</td>
683
									</tr>
684
								</table>
685
							</td>
686
						</tr>
687

    
688
					<?php endif; ?>
689

    
690
					</table>
691

    
692
					<table width="100%" border="0" cellpadding="6" cellspacing="0" id="external">
693
						<tr>
694
							<td colspan="2" class="list" height="12"></td>
695
						</tr>
696
						<tr>
697
							<td colspan="2" valign="top" class="listtopic"><?=gettext("External Signing Request");?></td>
698
						</tr>
699
						<tr>
700
							<td width="22%" valign="top" class="vncellreq"><?=gettext("Key length");?></td>
701
							<td width="78%" class="vtable">
702
								<select name='csr_keylen' class="formselect">
703
								<?php
704
									if (!isset($pconfig['keylen']) && isset($pconfig['csr_keylen']))
705
										$pconfig['keylen'] = $pconfig['csr_keylen'];
706
									foreach( $cert_keylens as $len):
707
									$selected = "";
708
									if ($pconfig['keylen'] == $len)
709
										$selected = "selected";
710
								?>
711
									<option value="<?=$len;?>"<?=$selected;?>><?=$len;?></option>
712
								<?php endforeach; ?>
713
								</select>
714
								bits
715
							</td>
716
						</tr>
717
						<tr>
718
							<td width="22%" valign="top" class="vncellreq"><?=gettext("Distinguished name");?></td>
719
							<td width="78%" class="vtable">
720
								<table border="0" cellspacing="0" cellpadding="2">
721
									<tr>
722
										<td align="right"><?=gettext("Country Code");?> : &nbsp;</td>
723
										<td align="left">
724
											<select name='csr_dn_country' class="formselect">
725
											<?php
726
											foreach( $dn_cc as $cc){
727
												$selected = "";
728
												if ($pconfig['csr_dn_country'] == $cc) $selected = "selected";
729
												print "<option value=\"$cc\" $selected>$cc</option>";
730
												}
731
											?>
732
											</select>
733
										</td>
734
									</tr>
735
									<tr>
736
										<td align="right"><?=gettext("State or Province");?> : &nbsp;</td>
737
										<td align="left">
738
											<input name="csr_dn_state" type="text" class="formfld unknown" size="40" value="<?=htmlspecialchars($pconfig['csr_dn_state']);?>" />
739
											&nbsp;
740
											<em>ex:</em>
741
											&nbsp;
742
											<?=gettext("Texas");?>
743
										</td>
744
									</tr>
745
									<tr>
746
										<td align="right"><?=gettext("City");?> : &nbsp;</td>
747
										<td align="left">
748
											<input name="csr_dn_city" type="text" class="formfld unknown" size="40" value="<?=htmlspecialchars($pconfig['csr_dn_city']);?>" />
749
											&nbsp;
750
											<em>ex:</em>
751
											&nbsp;
752
											<?=gettext("Austin");?>
753
										</td>
754
									</tr>
755
									<tr>
756
										<td align="right"><?=gettext("Organization");?> : &nbsp;</td>
757
										<td align="left">
758
											<input name="csr_dn_organization" type="text" class="formfld unknown" size="40" value="<?=htmlspecialchars($pconfig['csr_dn_organization']);?>" />
759
											&nbsp;
760
											<em>ex:</em>
761
											&nbsp;
762
											<?=gettext("My Company Inc.");?>
763
										</td>
764
									</tr>
765
									<tr>
766
										<td align="right"><?=gettext("Email Address");?> : &nbsp;</td>
767
										<td align="left">
768
											<input name="csr_dn_email" type="text" class="formfld unknown" size="25" value="<?=htmlspecialchars($pconfig['csr_dn_email']);?>"/>
769
											&nbsp;
770
											<em>ex:</em>
771
											&nbsp;
772
											<?=gettext("webadmin@mycompany.com");?>
773
										</td>
774
									</tr>
775
									<tr>
776
										<td align="right"><?=gettext("Common Name");?> : &nbsp;</td>
777
										<td align="left">
778
											<input name="csr_dn_commonname" type="text" class="formfld unknown" size="25" value="<?=htmlspecialchars($pconfig['csr_dn_commonname']);?>"/>
779
											&nbsp;
780
											<em>ex:</em>
781
											&nbsp;
782
											<?=gettext("www.example.com");?>
783
										</td>
784
									</tr>
785
								</table>
786
							</td>
787
						</tr>
788
					</table>
789

    
790
					<table width="100%" border="0" cellpadding="6" cellspacing="0" id="existing">
791
						<tr>
792
							<td colspan="2" class="list" height="12"></td>
793
						</tr>
794
						<tr>
795
							<td colspan="2" valign="top" class="listtopic"><?=gettext("Choose an Existing Certificate");?></td>
796
						</tr>
797
						<tr>
798
							<td width="22%" valign="top" class="vncellreq"><?=gettext("Existing Certificates");?></td>
799
							<td width="78%" class="vtable">
800
								<?php if (isset($userid) && $a_user): ?>
801
								<input name="userid" type="hidden" value="<?=$userid;?>" />
802
								<?php endif;?>
803
								<select name='certref' class="formselect">
804
								<?php
805
									foreach ($config['cert'] as $cert):
806
										$selected = "";
807
										$caname = "";
808
										$inuse = "";
809
										$revoked = "";
810
										if (in_array($cert['refid'], $config['system']['user'][$userid]['cert']))
811
											continue;
812
										$ca = lookup_ca($cert['caref']);
813
										if ($ca)
814
											$caname = " (CA: {$ca['descr']})";
815
										if ($pconfig['certref'] == $cert['refid'])
816
											$selected = "selected";
817
										if (cert_in_use($cert['refid']))
818
											$inuse = " *In Use";
819
											if (is_cert_revoked($cert))
820
											$revoked = " *Revoked";
821
								?>
822
									<option value="<?=$cert['refid'];?>" <?=$selected;?>><?=$cert['descr'] . $caname . $inuse . $revoked;?></option>
823
								<?php endforeach; ?>
824
								</select>
825
							</td>
826
						</tr>
827
					</table>
828

    
829
					<table width="100%" border="0" cellpadding="6" cellspacing="0">
830
						<tr>
831
							<td width="22%" valign="top">&nbsp;</td>
832
							<td width="78%">
833
								<input id="submit" name="save" type="submit" class="formbtn" value="<?=gettext("Save");?>" />
834
								<?php if (isset($id) && $a_cert[$id]): ?>
835
								<input name="id" type="hidden" value="<?=$id;?>" />
836
								<?php endif;?>
837
							</td>
838
						</tr>
839
					</table>
840
				</form>
841

    
842
				<?php elseif ($act == "csr" || (($_POST['save'] == gettext("Update")) && $input_errors)):?>
843

    
844
				<form action="system_certmanager.php" method="post" name="iform" id="iform">
845
					<table width="100%" border="0" cellpadding="6" cellspacing="0">
846
						<tr>
847
							<td width="22%" valign="top" class="vncellreq"><?=gettext("Descriptive name");?></td>
848
							<td width="78%" class="vtable">
849
								<input name="descr" type="text" class="formfld unknown" id="descr" size="20" value="<?=htmlspecialchars($pconfig['descr']);?>"/>
850
							</td>
851
						</tr>
852
						<tr>
853
							<td colspan="2" class="list" height="12"></td>
854
						</tr>
855
						<tr>
856
							<td colspan="2" valign="top" class="listtopic"><?=gettext("Complete Signing Request");?></td>
857
						</tr>
858

    
859
						<tr>
860
							<td width="22%" valign="top" class="vncellreq"><?=gettext("Signing Request data");?></td>
861
							<td width="78%" class="vtable">
862
								<textarea name="csr" id="csr" cols="65" rows="7" class="formfld_cert" readonly><?=htmlspecialchars($pconfig['csr']);?></textarea>
863
								<br>
864
								<?=gettext("Copy the certificate signing data from here and forward it to your certificate authority for signing.");?></td>
865
							</td>
866
						</tr>
867
						<tr>
868
							<td width="22%" valign="top" class="vncellreq"><?=gettext("Final Certificate data");?></td>
869
							<td width="78%" class="vtable">
870
								<textarea name="cert" id="cert" cols="65" rows="7" class="formfld_cert"><?=htmlspecialchars($pconfig['cert']);?></textarea>
871
								<br>
872
								<?=gettext("Paste the certificate received from your certificate authority here.");?></td>
873
							</td>
874
						</tr>
875
						<tr>
876
							<td width="22%" valign="top">&nbsp;</td>
877
							<td width="78%">
878
								<?php /* if ( isset($subject_mismatch) && $subject_mismatch === true): ?>
879
								<input id="ignoresubjectmismatch" name="ignoresubjectmismatch" type="checkbox" class="formbtn" value="yes" />
880
								<label for="ignoresubjectmismatch"><strong><?=gettext("Ignore certificate subject mismatch"); ?></strong></label><br />
881
								<?php echo gettext("Warning: Using this option may create an " .
882
								"invalid certificate.  Check this box to disable the request -> " .
883
								"response subject verification. ");
884
								?><br/>
885
								<?php endif; */ ?>
886
								<input id="submit" name="save" type="submit" class="formbtn" value="<?=gettext("Update");?>" />
887
								<?php if (isset($id) && $a_cert[$id]): ?>
888
								<input name="id" type="hidden" value="<?=$id;?>" />
889
								<input name="act" type="hidden" value="csr" />
890
								<?php endif;?>
891
							</td>
892
						</tr>
893
					</table>
894
				</form>
895

    
896
				<?php else:?>
897

    
898
				<table width="100%" border="0" cellpadding="0" cellspacing="0">
899
					<tr>
900
						<td width="15%" class="listhdrr"><?=gettext("Name");?></td>
901
						<td width="15%" class="listhdrr"><?=gettext("Issuer");?></td>
902
						<td width="40%" class="listhdrr"><?=gettext("Distinguished Name");?></td>
903
						<td width="10%" class="listhdrr"><?=gettext("In Use");?></td>
904
						<td width="10%" class="list"></td>
905
					</tr>
906
					<?php
907
						$i = 0;
908
						foreach($a_cert as $cert):
909
							$name = htmlspecialchars($cert['descr']);
910
							
911
							if ($cert['crt']) {
912
								$subj = cert_get_subject($cert['crt']);
913
								$issuer = cert_get_issuer($cert['crt']);
914
								$purpose = cert_get_purpose($cert['crt']);
915
								if($subj==$issuer)
916
								  $caname = "<em>" . gettext("self-signed") . "</em>";
917
								else
918
							    $caname = "<em>" . gettext("external"). "</em>";
919
							  $subj = htmlspecialchars($subj);
920
							}
921

    
922
							if ($cert['csr']) {
923
								$subj = htmlspecialchars(csr_get_subject($cert['csr']));
924
								$caname = "<em>" . gettext("external - signature pending") . "</em>";
925
							}
926

    
927
							$ca = lookup_ca($cert['caref']);
928
							if ($ca)
929
								$caname = $ca['descr'];
930

    
931
							if($cert['prv'])
932
								$certimg = "/themes/{$g['theme']}/images/icons/icon_frmfld_cert.png";
933
							else
934
								$certimg = "/themes/{$g['theme']}/images/icons/icon_frmfld_cert.png";
935
					?>
936
					<tr>
937
						<td class="listlr">
938
							<table border="0" cellpadding="0" cellspacing="0">
939
								<tr>
940
									<td align="left" valign="center">
941
										<img src="<?=$certimg;?>" alt="CA" title="CA" border="0" height="16" width="16" />
942
									</td>
943
									<td align="left" valign="middle">
944
										<?=$name;?>
945
									</td>
946
								</tr>
947
								<tr><td>&nbsp;</td></tr>
948
								<?php if ($cert['type']): ?>
949
								<tr><td colspan="2"><em><?php echo $cert_types[$cert['type']]; ?></em></td></tr>
950
								<?php endif; ?>
951
								<?php if (is_array($purpose)): ?>
952
								<tr><td colspan="2">
953
									CA: <?php echo $purpose['ca']; ?>,
954
									Server: <?php echo $purpose['server']; ?>
955
								</td></tr>
956
								<?php endif; ?>
957
							</table>
958
						</td>
959
						<td class="listr"><?=$caname;?>&nbsp;</td>
960
						<td class="listr"><?=$subj;?>&nbsp;</td>
961
						<td class="listr">
962
							<?php if (is_cert_revoked($cert)): ?>
963
							<b>Revoked</b><br/>
964
							<?php endif; ?>
965
							<?php if (is_webgui_cert($cert['refid'])): ?>
966
							webConfigurator<br/>
967
							<?php endif; ?>
968
							<?php if (is_user_cert($cert['refid'])): ?>
969
							User Cert<br/>
970
							<?php endif; ?>
971
							<?php if (is_openvpn_server_cert($cert['refid'])): ?>
972
							OpenVPN Server<br/>
973
							<?php endif; ?>
974
							<?php if (is_openvpn_client_cert($cert['refid'])): ?>
975
							OpenVPN Client<br/>
976
							<?php endif; ?>
977
							<?php if (is_ipsec_cert($cert['refid'])): ?>
978
							IPsec Tunnel<br/>
979
							<?php endif; ?>
980
						</td>
981
						<td valign="middle" nowrap class="list">
982
							<a href="system_certmanager.php?act=exp&id=<?=$i;?>">
983
								<img src="/themes/<?= $g['theme'];?>/images/icons/icon_down.gif" title="<?=gettext("export cert");?>" alt="<?=gettext("export ca");?>" width="17" height="17" border="0" />
984
							</a>
985
							<a href="system_certmanager.php?act=key&id=<?=$i;?>">
986
								<img src="/themes/<?= $g['theme'];?>/images/icons/icon_down.gif" title="<?=gettext("export key");?>" alt="<?=gettext("export ca");?>" width="17" height="17" border="0" />
987
							</a>
988
							<a href="system_certmanager.php?act=p12&id=<?=$i;?>">
989
								<img src="/themes/<?= $g['theme'];?>/images/icons/icon_down.gif" title="<?=gettext("export cert+key in .p12");?>" alt="<?=gettext("export cert+key in .p12");?>" width="17" height="17" border="0" />
990
							</a>
991
							<?php	if (!cert_in_use($cert['refid'])): ?>
992
							<a href="system_certmanager.php?act=del&id=<?=$i;?>" onClick="return confirm('<?=gettext("Do you really want to delete this Certificate?");?>')">
993
								<img src="/themes/<?= $g['theme'];?>/images/icons/icon_x.gif" title="<?=gettext("delete cert");?>" alt="<?=gettext("delete cert");?>" width="17" height="17" border="0" />
994
							</a>
995
							<?php	endif; ?>
996
							<?php	if ($cert['csr']): ?>
997
							&nbsp;
998
								<a href="system_certmanager.php?act=csr&id=<?=$i;?>">
999
								<img src="/themes/<?= $g['theme'];?>/images/icons/icon_e.gif" title="<?=gettext("update csr");?>" alt="<?=gettext("update csr");?>" width="17" height="17" border="0" />
1000
							</a>
1001
							<?php	endif; ?>
1002
						</td>
1003
					</tr>
1004
					<?php
1005
							$i++;
1006
						endforeach;
1007
					?>
1008
					<tr>
1009
						<td class="list" colspan="4"></td>
1010
						<td class="list">
1011
							<a href="system_certmanager.php?act=new">
1012
								<img src="/themes/<?= $g['theme'];?>/images/icons/icon_plus.gif" title="<?=gettext("add or import ca");?>" alt="<?=gettext("add ca");?>" width="17" height="17" border="0" />
1013
							</a>
1014
						</td>
1015
					</tr>
1016
					<tr>
1017
						<td>&nbsp;</td>
1018
						<td colspan="3"><?=gettext("Note: You can only delete a certificate if it is not currently in use.");?></td>
1019
					</tr>
1020
				</table>
1021

    
1022
				<?php endif; ?>
1023

    
1024
			</div>
1025
		</td>
1026
	</tr>
1027
</table>
1028
<?php include("fend.inc");?>
1029
<script type="text/javascript">
1030
<!--
1031

    
1032
method_change();
1033
internalca_change();
1034

    
1035
//-->
1036
</script>
1037

    
1038
</body>
(197-197/240)