| 1 |
64cc39d3
|
Matthew Grooms
|
<?php
|
| 2 |
|
|
/*
|
| 3 |
c5d81585
|
Renato Botelho
|
* system_camanager.php
|
| 4 |
f74457df
|
Stephen Beaver
|
*
|
| 5 |
c5d81585
|
Renato Botelho
|
* part of pfSense (https://www.pfsense.org)
|
| 6 |
0b4c14a4
|
Steve Beaver
|
* Copyright (c) 2004-2019 Rubicon Communications, LLC (Netgate)
|
| 7 |
c5d81585
|
Renato Botelho
|
* Copyright (c) 2008 Shrew Soft Inc
|
| 8 |
|
|
* All rights reserved.
|
| 9 |
f74457df
|
Stephen Beaver
|
*
|
| 10 |
b12ea3fb
|
Renato Botelho
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
| 11 |
|
|
* you may not use this file except in compliance with the License.
|
| 12 |
|
|
* You may obtain a copy of the License at
|
| 13 |
f74457df
|
Stephen Beaver
|
*
|
| 14 |
b12ea3fb
|
Renato Botelho
|
* http://www.apache.org/licenses/LICENSE-2.0
|
| 15 |
f74457df
|
Stephen Beaver
|
*
|
| 16 |
b12ea3fb
|
Renato Botelho
|
* Unless required by applicable law or agreed to in writing, software
|
| 17 |
|
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
| 18 |
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
| 19 |
|
|
* See the License for the specific language governing permissions and
|
| 20 |
|
|
* limitations under the License.
|
| 21 |
f74457df
|
Stephen Beaver
|
*/
|
| 22 |
64cc39d3
|
Matthew Grooms
|
|
| 23 |
|
|
##|+PRIV
|
| 24 |
|
|
##|*IDENT=page-system-camanager
|
| 25 |
|
|
##|*NAME=System: CA Manager
|
| 26 |
|
|
##|*DESCR=Allow access to the 'System: CA Manager' page.
|
| 27 |
|
|
##|*MATCH=system_camanager.php*
|
| 28 |
|
|
##|-PRIV
|
| 29 |
|
|
|
| 30 |
c81ef6e2
|
Phil Davis
|
require_once("guiconfig.inc");
|
| 31 |
742d9c2d
|
Ermal Lu?i
|
require_once("certs.inc");
|
| 32 |
afb7b75e
|
doktornotor
|
require_once("pfsense-utils.inc");
|
| 33 |
64cc39d3
|
Matthew Grooms
|
|
| 34 |
|
|
$ca_methods = array(
|
| 35 |
95c8cf48
|
Evgeny Yurchenko
|
"internal" => gettext("Create an internal Certificate Authority"),
|
| 36 |
b0a5c280
|
jim-p
|
"existing" => gettext("Import an existing Certificate Authority"),
|
| 37 |
95c8cf48
|
Evgeny Yurchenko
|
"intermediate" => gettext("Create an intermediate Certificate Authority"));
|
| 38 |
64cc39d3
|
Matthew Grooms
|
|
| 39 |
36cfae5f
|
Justin Coffman
|
$ca_keylens = array("1024", "2048", "3072", "4096", "6144", "7680", "8192", "15360", "16384");
|
| 40 |
84141846
|
jim-p
|
global $openssl_digest_algs;
|
| 41 |
64cc39d3
|
Matthew Grooms
|
|
| 42 |
4611e283
|
Steve Beaver
|
if (isset($_REQUEST['id']) && is_numericint($_REQUEST['id'])) {
|
| 43 |
|
|
$id = $_REQUEST['id'];
|
| 44 |
56b1ed39
|
Phil Davis
|
}
|
| 45 |
64cc39d3
|
Matthew Grooms
|
|
| 46 |
c6c398c6
|
jim-p
|
init_config_arr(array('ca'));
|
| 47 |
|
|
$a_ca = &$config['ca'];
|
| 48 |
64cc39d3
|
Matthew Grooms
|
|
| 49 |
c6c398c6
|
jim-p
|
init_config_arr(array('cert'));
|
| 50 |
|
|
$a_cert = &$config['cert'];
|
| 51 |
461aa9d0
|
jim-p
|
|
| 52 |
c6c398c6
|
jim-p
|
init_config_arr(array('crl'));
|
| 53 |
|
|
$a_crl = &$config['crl'];
|
| 54 |
461aa9d0
|
jim-p
|
|
| 55 |
4611e283
|
Steve Beaver
|
if ($_REQUEST['act']) {
|
| 56 |
|
|
$act = $_REQUEST['act'];
|
| 57 |
56b1ed39
|
Phil Davis
|
}
|
| 58 |
64cc39d3
|
Matthew Grooms
|
|
| 59 |
4611e283
|
Steve Beaver
|
if ($_POST['act'] == "del") {
|
| 60 |
64cc39d3
|
Matthew Grooms
|
|
| 61 |
40e6086a
|
jim-p
|
if (!isset($a_ca[$id])) {
|
| 62 |
64cc39d3
|
Matthew Grooms
|
pfSenseHeader("system_camanager.php");
|
| 63 |
|
|
exit;
|
| 64 |
|
|
}
|
| 65 |
|
|
|
| 66 |
80080a0c
|
jim-p
|
/* Only remove CA reference when deleting. It can be reconnected if a new matching CA is imported */
|
| 67 |
64cc39d3
|
Matthew Grooms
|
$index = count($a_cert) - 1;
|
| 68 |
56b1ed39
|
Phil Davis
|
for (;$index >= 0; $index--) {
|
| 69 |
|
|
if ($a_cert[$index]['caref'] == $a_ca[$id]['refid']) {
|
| 70 |
80080a0c
|
jim-p
|
unset($a_cert[$index]['caref']);
|
| 71 |
56b1ed39
|
Phil Davis
|
}
|
| 72 |
|
|
}
|
| 73 |
64cc39d3
|
Matthew Grooms
|
|
| 74 |
80080a0c
|
jim-p
|
/* Remove any CRLs for this CA, there is no way to recover the connection once the CA has been removed. */
|
| 75 |
461aa9d0
|
jim-p
|
$index = count($a_crl) - 1;
|
| 76 |
56b1ed39
|
Phil Davis
|
for (;$index >= 0; $index--) {
|
| 77 |
|
|
if ($a_crl[$index]['caref'] == $a_ca[$id]['refid']) {
|
| 78 |
461aa9d0
|
jim-p
|
unset($a_crl[$index]);
|
| 79 |
56b1ed39
|
Phil Davis
|
}
|
| 80 |
|
|
}
|
| 81 |
461aa9d0
|
jim-p
|
|
| 82 |
f2a86ca9
|
jim-p
|
$name = $a_ca[$id]['descr'];
|
| 83 |
64cc39d3
|
Matthew Grooms
|
unset($a_ca[$id]);
|
| 84 |
|
|
write_config();
|
| 85 |
8545adde
|
k-paulius
|
$savemsg = sprintf(gettext("Certificate Authority %s and its CRLs (if any) successfully deleted."), htmlspecialchars($name));
|
| 86 |
2f51259b
|
jim-p
|
pfSenseHeader("system_camanager.php");
|
| 87 |
|
|
exit;
|
| 88 |
64cc39d3
|
Matthew Grooms
|
}
|
| 89 |
|
|
|
| 90 |
bfa992bc
|
jim-p
|
if ($act == "edit") {
|
| 91 |
|
|
if (!$a_ca[$id]) {
|
| 92 |
|
|
pfSenseHeader("system_camanager.php");
|
| 93 |
|
|
exit;
|
| 94 |
|
|
}
|
| 95 |
3319f34d
|
luckman212
|
$pconfig['method'] = 'existing';
|
| 96 |
bfa992bc
|
jim-p
|
$pconfig['descr'] = $a_ca[$id]['descr'];
|
| 97 |
|
|
$pconfig['refid'] = $a_ca[$id]['refid'];
|
| 98 |
|
|
$pconfig['cert'] = base64_decode($a_ca[$id]['crt']);
|
| 99 |
|
|
$pconfig['serial'] = $a_ca[$id]['serial'];
|
| 100 |
56b1ed39
|
Phil Davis
|
if (!empty($a_ca[$id]['prv'])) {
|
| 101 |
bfa992bc
|
jim-p
|
$pconfig['key'] = base64_decode($a_ca[$id]['prv']);
|
| 102 |
56b1ed39
|
Phil Davis
|
}
|
| 103 |
bfa992bc
|
jim-p
|
}
|
| 104 |
|
|
|
| 105 |
64cc39d3
|
Matthew Grooms
|
if ($act == "new") {
|
| 106 |
d565c182
|
Steve Beaver
|
$pconfig['method'] = $_POST['method'];
|
| 107 |
64cc39d3
|
Matthew Grooms
|
$pconfig['keylen'] = "2048";
|
| 108 |
28a20fdb
|
jim-p
|
$pconfig['digest_alg'] = "sha256";
|
| 109 |
cf360495
|
Chris Buechler
|
$pconfig['lifetime'] = "3650";
|
| 110 |
64cc39d3
|
Matthew Grooms
|
$pconfig['dn_commonname'] = "internal-ca";
|
| 111 |
|
|
}
|
| 112 |
|
|
|
| 113 |
93823b10
|
Matthew Grooms
|
if ($act == "exp") {
|
| 114 |
|
|
|
| 115 |
|
|
if (!$a_ca[$id]) {
|
| 116 |
|
|
pfSenseHeader("system_camanager.php");
|
| 117 |
|
|
exit;
|
| 118 |
|
|
}
|
| 119 |
|
|
|
| 120 |
f2a86ca9
|
jim-p
|
$exp_name = urlencode("{$a_ca[$id]['descr']}.crt");
|
| 121 |
93823b10
|
Matthew Grooms
|
$exp_data = base64_decode($a_ca[$id]['crt']);
|
| 122 |
|
|
$exp_size = strlen($exp_data);
|
| 123 |
|
|
|
| 124 |
|
|
header("Content-Type: application/octet-stream");
|
| 125 |
|
|
header("Content-Disposition: attachment; filename={$exp_name}");
|
| 126 |
|
|
header("Content-Length: $exp_size");
|
| 127 |
|
|
echo $exp_data;
|
| 128 |
|
|
exit;
|
| 129 |
|
|
}
|
| 130 |
|
|
|
| 131 |
ecefc738
|
jim-p
|
if ($act == "expkey") {
|
| 132 |
|
|
|
| 133 |
|
|
if (!$a_ca[$id]) {
|
| 134 |
|
|
pfSenseHeader("system_camanager.php");
|
| 135 |
|
|
exit;
|
| 136 |
|
|
}
|
| 137 |
|
|
|
| 138 |
f2a86ca9
|
jim-p
|
$exp_name = urlencode("{$a_ca[$id]['descr']}.key");
|
| 139 |
ecefc738
|
jim-p
|
$exp_data = base64_decode($a_ca[$id]['prv']);
|
| 140 |
|
|
$exp_size = strlen($exp_data);
|
| 141 |
|
|
|
| 142 |
|
|
header("Content-Type: application/octet-stream");
|
| 143 |
|
|
header("Content-Disposition: attachment; filename={$exp_name}");
|
| 144 |
|
|
header("Content-Length: $exp_size");
|
| 145 |
|
|
echo $exp_data;
|
| 146 |
|
|
exit;
|
| 147 |
|
|
}
|
| 148 |
|
|
|
| 149 |
1355f71c
|
Steve Beaver
|
if ($_POST['save']) {
|
| 150 |
64cc39d3
|
Matthew Grooms
|
|
| 151 |
95c8cf48
|
Evgeny Yurchenko
|
unset($input_errors);
|
| 152 |
2b8bfda4
|
Phil Davis
|
$input_errors = array();
|
| 153 |
64cc39d3
|
Matthew Grooms
|
$pconfig = $_POST;
|
| 154 |
|
|
|
| 155 |
|
|
/* input validation */
|
| 156 |
|
|
if ($pconfig['method'] == "existing") {
|
| 157 |
5293bfec
|
jim-p
|
$reqdfields = explode(" ", "descr cert");
|
| 158 |
38fb1109
|
Vinicius Coque
|
$reqdfieldsn = array(
|
| 159 |
56b1ed39
|
Phil Davis
|
gettext("Descriptive name"),
|
| 160 |
|
|
gettext("Certificate data"));
|
| 161 |
|
|
if ($_POST['cert'] && (!strstr($_POST['cert'], "BEGIN CERTIFICATE") || !strstr($_POST['cert'], "END CERTIFICATE"))) {
|
| 162 |
396cfe2e
|
jim-p
|
$input_errors[] = gettext("This certificate does not appear to be valid.");
|
| 163 |
56b1ed39
|
Phil Davis
|
}
|
| 164 |
|
|
if ($_POST['key'] && strstr($_POST['key'], "ENCRYPTED")) {
|
| 165 |
46698c3f
|
jim-p
|
$input_errors[] = gettext("Encrypted private keys are not yet supported.");
|
| 166 |
56b1ed39
|
Phil Davis
|
}
|
| 167 |
1746c5ce
|
PiBa-NL
|
if (!$input_errors && !empty($_POST['key']) && cert_get_publickey($_POST['cert'], false) != cert_get_publickey($_POST['key'], false, 'prv')) {
|
| 168 |
2cf5db21
|
jim-p
|
$input_errors[] = gettext("The submitted private key does not match the submitted certificate data.");
|
| 169 |
|
|
}
|
| 170 |
9e608d7a
|
jim-p
|
/* we must ensure the certificate is capable of acting as a CA
|
| 171 |
|
|
* https://redmine.pfsense.org/issues/7885
|
| 172 |
|
|
*/
|
| 173 |
|
|
if (!$input_errors) {
|
| 174 |
|
|
$purpose = cert_get_purpose($_POST['cert'], false);
|
| 175 |
|
|
if ($purpose['ca'] != 'Yes') {
|
| 176 |
|
|
$input_errors[] = gettext("The submitted certificate does not appear to be a Certificate Authority, import it on the Certificates tab instead.");
|
| 177 |
|
|
}
|
| 178 |
|
|
}
|
| 179 |
64cc39d3
|
Matthew Grooms
|
}
|
| 180 |
|
|
if ($pconfig['method'] == "internal") {
|
| 181 |
|
|
$reqdfields = explode(" ",
|
| 182 |
80d50253
|
jim-p
|
"descr keylen lifetime dn_commonname");
|
| 183 |
38fb1109
|
Vinicius Coque
|
$reqdfieldsn = array(
|
| 184 |
56b1ed39
|
Phil Davis
|
gettext("Descriptive name"),
|
| 185 |
|
|
gettext("Key length"),
|
| 186 |
|
|
gettext("Lifetime"),
|
| 187 |
|
|
gettext("Distinguished name Common Name"));
|
| 188 |
64cc39d3
|
Matthew Grooms
|
}
|
| 189 |
95c8cf48
|
Evgeny Yurchenko
|
if ($pconfig['method'] == "intermediate") {
|
| 190 |
|
|
$reqdfields = explode(" ",
|
| 191 |
80d50253
|
jim-p
|
"descr caref keylen lifetime dn_commonname");
|
| 192 |
95c8cf48
|
Evgeny Yurchenko
|
$reqdfieldsn = array(
|
| 193 |
56b1ed39
|
Phil Davis
|
gettext("Descriptive name"),
|
| 194 |
|
|
gettext("Signing Certificate Authority"),
|
| 195 |
|
|
gettext("Key length"),
|
| 196 |
|
|
gettext("Lifetime"),
|
| 197 |
|
|
gettext("Distinguished name Common Name"));
|
| 198 |
95c8cf48
|
Evgeny Yurchenko
|
}
|
| 199 |
64cc39d3
|
Matthew Grooms
|
|
| 200 |
1e9b4611
|
Renato Botelho
|
do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors);
|
| 201 |
ca621902
|
jim-p
|
if ($pconfig['method'] != "existing") {
|
| 202 |
21cc2faa
|
Evgeny Yurchenko
|
/* Make sure we do not have invalid characters in the fields for the certificate */
|
| 203 |
b75cdd94
|
jim-p
|
if (preg_match("/[\?\>\<\&\/\\\"\']/", $_POST['descr'])) {
|
| 204 |
762faef5
|
Phil Davis
|
array_push($input_errors, gettext("The field 'Descriptive Name' contains invalid characters."));
|
| 205 |
b75cdd94
|
jim-p
|
}
|
| 206 |
56b1ed39
|
Phil Davis
|
if (!in_array($_POST["keylen"], $ca_keylens)) {
|
| 207 |
ca621902
|
jim-p
|
array_push($input_errors, gettext("Please select a valid Key Length."));
|
| 208 |
56b1ed39
|
Phil Davis
|
}
|
| 209 |
|
|
if (!in_array($_POST["digest_alg"], $openssl_digest_algs)) {
|
| 210 |
ca621902
|
jim-p
|
array_push($input_errors, gettext("Please select a valid Digest Algorithm."));
|
| 211 |
56b1ed39
|
Phil Davis
|
}
|
| 212 |
ca621902
|
jim-p
|
}
|
| 213 |
1d6f93c5
|
Stephen Beaver
|
|
| 214 |
64cc39d3
|
Matthew Grooms
|
/* save modifications */
|
| 215 |
|
|
if (!$input_errors) {
|
| 216 |
|
|
$ca = array();
|
| 217 |
56b1ed39
|
Phil Davis
|
if (!isset($pconfig['refid']) || empty($pconfig['refid'])) {
|
| 218 |
bfa992bc
|
jim-p
|
$ca['refid'] = uniqid();
|
| 219 |
56b1ed39
|
Phil Davis
|
} else {
|
| 220 |
bfa992bc
|
jim-p
|
$ca['refid'] = $pconfig['refid'];
|
| 221 |
56b1ed39
|
Phil Davis
|
}
|
| 222 |
bfa992bc
|
jim-p
|
|
| 223 |
56b1ed39
|
Phil Davis
|
if (isset($id) && $a_ca[$id]) {
|
| 224 |
64cc39d3
|
Matthew Grooms
|
$ca = $a_ca[$id];
|
| 225 |
56b1ed39
|
Phil Davis
|
}
|
| 226 |
64cc39d3
|
Matthew Grooms
|
|
| 227 |
bfa992bc
|
jim-p
|
$ca['descr'] = $pconfig['descr'];
|
| 228 |
|
|
|
| 229 |
5d2edeca
|
Sjon Hortensius
|
if ($act == "edit") {
|
| 230 |
bfa992bc
|
jim-p
|
$ca['descr'] = $pconfig['descr'];
|
| 231 |
|
|
$ca['refid'] = $pconfig['refid'];
|
| 232 |
|
|
$ca['serial'] = $pconfig['serial'];
|
| 233 |
51583438
|
Stephen Beaver
|
$ca['crt'] = base64_encode($pconfig['cert']);
|
| 234 |
56b1ed39
|
Phil Davis
|
if (!empty($pconfig['key'])) {
|
| 235 |
51583438
|
Stephen Beaver
|
$ca['prv'] = base64_encode($pconfig['key']);
|
| 236 |
56b1ed39
|
Phil Davis
|
}
|
| 237 |
bfa992bc
|
jim-p
|
} else {
|
| 238 |
f416763b
|
Phil Davis
|
$old_err_level = error_reporting(0); /* otherwise openssl_ functions throw warnings directly to a page screwing menu tab */
|
| 239 |
56b1ed39
|
Phil Davis
|
if ($pconfig['method'] == "existing") {
|
| 240 |
bfa992bc
|
jim-p
|
ca_import($ca, $pconfig['cert'], $pconfig['key'], $pconfig['serial']);
|
| 241 |
56b1ed39
|
Phil Davis
|
} else if ($pconfig['method'] == "internal") {
|
| 242 |
80d50253
|
jim-p
|
$dn = array('commonName' => cert_escape_x509_chars($pconfig['dn_commonname']));
|
| 243 |
|
|
if (!empty($pconfig['dn_country'])) {
|
| 244 |
|
|
$dn['countryName'] = $pconfig['dn_country'];
|
| 245 |
|
|
}
|
| 246 |
|
|
if (!empty($pconfig['dn_state'])) {
|
| 247 |
|
|
$dn['stateOrProvinceName'] = cert_escape_x509_chars($pconfig['dn_state']);
|
| 248 |
|
|
}
|
| 249 |
|
|
if (!empty($pconfig['dn_city'])) {
|
| 250 |
|
|
$dn['localityName'] = cert_escape_x509_chars($pconfig['dn_city']);
|
| 251 |
|
|
}
|
| 252 |
|
|
if (!empty($pconfig['dn_organization'])) {
|
| 253 |
|
|
$dn['organizationName'] = cert_escape_x509_chars($pconfig['dn_organization']);
|
| 254 |
|
|
}
|
| 255 |
da0f70ed
|
jim-p
|
if (!empty($pconfig['dn_organizationalunit'])) {
|
| 256 |
83d2b83a
|
jim-p
|
$dn['organizationalUnitName'] = cert_escape_x509_chars($pconfig['dn_organizationalunit']);
|
| 257 |
da0f70ed
|
jim-p
|
}
|
| 258 |
56b1ed39
|
Phil Davis
|
if (!ca_create($ca, $pconfig['keylen'], $pconfig['lifetime'], $dn, $pconfig['digest_alg'])) {
|
| 259 |
5ce9bcf5
|
jim-p
|
$input_errors = array();
|
| 260 |
56b1ed39
|
Phil Davis
|
while ($ssl_err = openssl_error_string()) {
|
| 261 |
5ce9bcf5
|
jim-p
|
if (strpos($ssl_err, 'NCONF_get_string:no value') === false) {
|
| 262 |
|
|
array_push($input_errors, "openssl library returns: " . $ssl_err);
|
| 263 |
|
|
}
|
| 264 |
1b6d9fa5
|
Evgeny Yurchenko
|
}
|
| 265 |
|
|
}
|
| 266 |
78863416
|
Phil Davis
|
} else if ($pconfig['method'] == "intermediate") {
|
| 267 |
80d50253
|
jim-p
|
$dn = array('commonName' => cert_escape_x509_chars($pconfig['dn_commonname']));
|
| 268 |
|
|
if (!empty($pconfig['dn_country'])) {
|
| 269 |
|
|
$dn['countryName'] = $pconfig['dn_country'];
|
| 270 |
|
|
}
|
| 271 |
|
|
if (!empty($pconfig['dn_state'])) {
|
| 272 |
|
|
$dn['stateOrProvinceName'] = cert_escape_x509_chars($pconfig['dn_state']);
|
| 273 |
|
|
}
|
| 274 |
|
|
if (!empty($pconfig['dn_city'])) {
|
| 275 |
|
|
$dn['localityName'] = cert_escape_x509_chars($pconfig['dn_city']);
|
| 276 |
|
|
}
|
| 277 |
|
|
if (!empty($pconfig['dn_organization'])) {
|
| 278 |
|
|
$dn['organizationName'] = cert_escape_x509_chars($pconfig['dn_organization']);
|
| 279 |
|
|
}
|
| 280 |
da0f70ed
|
jim-p
|
if (!empty($pconfig['dn_organizationalunit'])) {
|
| 281 |
83d2b83a
|
jim-p
|
$dn['organizationalUnitName'] = cert_escape_x509_chars($pconfig['dn_organizationalunit']);
|
| 282 |
da0f70ed
|
jim-p
|
}
|
| 283 |
56b1ed39
|
Phil Davis
|
if (!ca_inter_create($ca, $pconfig['keylen'], $pconfig['lifetime'], $dn, $pconfig['caref'], $pconfig['digest_alg'])) {
|
| 284 |
5ce9bcf5
|
jim-p
|
$input_errors = array();
|
| 285 |
56b1ed39
|
Phil Davis
|
while ($ssl_err = openssl_error_string()) {
|
| 286 |
5ce9bcf5
|
jim-p
|
if (strpos($ssl_err, 'NCONF_get_string:no value') === false) {
|
| 287 |
|
|
array_push($input_errors, "openssl library returns: " . $ssl_err);
|
| 288 |
|
|
}
|
| 289 |
95c8cf48
|
Evgeny Yurchenko
|
}
|
| 290 |
|
|
}
|
| 291 |
|
|
}
|
| 292 |
1b6d9fa5
|
Evgeny Yurchenko
|
error_reporting($old_err_level);
|
| 293 |
64cc39d3
|
Matthew Grooms
|
}
|
| 294 |
|
|
|
| 295 |
56b1ed39
|
Phil Davis
|
if (isset($id) && $a_ca[$id]) {
|
| 296 |
64cc39d3
|
Matthew Grooms
|
$a_ca[$id] = $ca;
|
| 297 |
56b1ed39
|
Phil Davis
|
} else {
|
| 298 |
64cc39d3
|
Matthew Grooms
|
$a_ca[] = $ca;
|
| 299 |
56b1ed39
|
Phil Davis
|
}
|
| 300 |
64cc39d3
|
Matthew Grooms
|
|
| 301 |
56b1ed39
|
Phil Davis
|
if (!$input_errors) {
|
| 302 |
95c8cf48
|
Evgeny Yurchenko
|
write_config();
|
| 303 |
5ce9bcf5
|
jim-p
|
pfSenseHeader("system_camanager.php");
|
| 304 |
56b1ed39
|
Phil Davis
|
}
|
| 305 |
64cc39d3
|
Matthew Grooms
|
}
|
| 306 |
|
|
}
|
| 307 |
|
|
|
| 308 |
56c6b1cb
|
k-paulius
|
$pgtitle = array(gettext("System"), gettext("Certificate Manager"), gettext("CAs"));
|
| 309 |
edcd7535
|
Phil Davis
|
$pglinks = array("", "system_camanager.php", "system_camanager.php");
|
| 310 |
56c6b1cb
|
k-paulius
|
|
| 311 |
|
|
if ($act == "new" || $act == "edit" || $act == gettext("Save") || $input_errors) {
|
| 312 |
|
|
$pgtitle[] = gettext('Edit');
|
| 313 |
edcd7535
|
Phil Davis
|
$pglinks[] = "@self";
|
| 314 |
56c6b1cb
|
k-paulius
|
}
|
| 315 |
64cc39d3
|
Matthew Grooms
|
include("head.inc");
|
| 316 |
|
|
|
| 317 |
78863416
|
Phil Davis
|
if ($input_errors) {
|
| 318 |
5d2edeca
|
Sjon Hortensius
|
print_input_errors($input_errors);
|
| 319 |
78863416
|
Phil Davis
|
}
|
| 320 |
b8f22f61
|
Stephen Beaver
|
|
| 321 |
78863416
|
Phil Davis
|
if ($savemsg) {
|
| 322 |
b8f22f61
|
Stephen Beaver
|
print_info_box($savemsg, 'success');
|
| 323 |
78863416
|
Phil Davis
|
}
|
| 324 |
5d2edeca
|
Sjon Hortensius
|
|
| 325 |
|
|
$tab_array = array();
|
| 326 |
|
|
$tab_array[] = array(gettext("CAs"), true, "system_camanager.php");
|
| 327 |
|
|
$tab_array[] = array(gettext("Certificates"), false, "system_certmanager.php");
|
| 328 |
|
|
$tab_array[] = array(gettext("Certificate Revocation"), false, "system_crlmanager.php");
|
| 329 |
|
|
display_top_tabs($tab_array);
|
| 330 |
|
|
|
| 331 |
78863416
|
Phil Davis
|
if (!($act == "new" || $act == "edit" || $act == gettext("Save") || $input_errors)) {
|
| 332 |
5d2edeca
|
Sjon Hortensius
|
?>
|
| 333 |
14973058
|
jim-p
|
<div class="panel panel-default" id="search-panel">
|
| 334 |
|
|
<div class="panel-heading">
|
| 335 |
|
|
<h2 class="panel-title">
|
| 336 |
|
|
<?=gettext('Search')?>
|
| 337 |
|
|
<span class="widget-heading-icon pull-right">
|
| 338 |
|
|
<a data-toggle="collapse" href="#search-panel_panel-body">
|
| 339 |
|
|
<i class="fa fa-plus-circle"></i>
|
| 340 |
|
|
</a>
|
| 341 |
|
|
</span>
|
| 342 |
|
|
</h2>
|
| 343 |
|
|
</div>
|
| 344 |
|
|
<div id="search-panel_panel-body" class="panel-body collapse in">
|
| 345 |
|
|
<div class="form-group">
|
| 346 |
|
|
<label class="col-sm-2 control-label">
|
| 347 |
|
|
<?=gettext("Search term")?>
|
| 348 |
|
|
</label>
|
| 349 |
|
|
<div class="col-sm-5"><input class="form-control" name="searchstr" id="searchstr" type="text"/></div>
|
| 350 |
|
|
<div class="col-sm-2">
|
| 351 |
|
|
<select id="where" class="form-control">
|
| 352 |
|
|
<option value="0"><?=gettext("Name")?></option>
|
| 353 |
|
|
<option value="1"><?=gettext("Distinguished Name")?></option>
|
| 354 |
|
|
<option value="2" selected><?=gettext("Both")?></option>
|
| 355 |
|
|
</select>
|
| 356 |
|
|
</div>
|
| 357 |
|
|
<div class="col-sm-3">
|
| 358 |
|
|
<a id="btnsearch" title="<?=gettext("Search")?>" class="btn btn-primary btn-sm"><i class="fa fa-search icon-embed-btn"></i><?=gettext("Search")?></a>
|
| 359 |
|
|
<a id="btnclear" title="<?=gettext("Clear")?>" class="btn btn-info btn-sm"><i class="fa fa-undo icon-embed-btn"></i><?=gettext("Clear")?></a>
|
| 360 |
|
|
</div>
|
| 361 |
|
|
<div class="col-sm-10 col-sm-offset-2">
|
| 362 |
f30da999
|
jim-p
|
<span class="help-block"><?=gettext('Enter a search string or *nix regular expression to search certificate names and distinguished names.')?></span>
|
| 363 |
14973058
|
jim-p
|
</div>
|
| 364 |
|
|
</div>
|
| 365 |
|
|
</div>
|
| 366 |
|
|
</div>
|
| 367 |
|
|
|
| 368 |
060ed238
|
Stephen Beaver
|
<div class="panel panel-default">
|
| 369 |
|
|
<div class="panel-heading"><h2 class="panel-title"><?=gettext('Certificate Authorities')?></h2></div>
|
| 370 |
|
|
<div class="panel-body">
|
| 371 |
|
|
<div class="table-responsive">
|
| 372 |
14973058
|
jim-p
|
<table id="catable" class="table table-striped table-hover table-rowdblclickedit sortable-theme-bootstrap" data-sortable>
|
| 373 |
060ed238
|
Stephen Beaver
|
<thead>
|
| 374 |
|
|
<tr>
|
| 375 |
|
|
<th><?=gettext("Name")?></th>
|
| 376 |
|
|
<th><?=gettext("Internal")?></th>
|
| 377 |
|
|
<th><?=gettext("Issuer")?></th>
|
| 378 |
|
|
<th><?=gettext("Certificates")?></th>
|
| 379 |
|
|
<th><?=gettext("Distinguished Name")?></th>
|
| 380 |
80080a0c
|
jim-p
|
<th><?=gettext("In Use")?></th>
|
| 381 |
060ed238
|
Stephen Beaver
|
<th><?=gettext("Actions")?></th>
|
| 382 |
|
|
</tr>
|
| 383 |
|
|
</thead>
|
| 384 |
|
|
<tbody>
|
| 385 |
64cc39d3
|
Matthew Grooms
|
<?php
|
| 386 |
3bde5cdd
|
PiBa-NL
|
$pluginparams = array();
|
| 387 |
|
|
$pluginparams['type'] = 'certificates';
|
| 388 |
|
|
$pluginparams['event'] = 'used_ca';
|
| 389 |
|
|
$certificates_used_by_packages = pkg_call_plugins('plugin_certificates', $pluginparams);
|
| 390 |
|
|
|
| 391 |
5d2edeca
|
Sjon Hortensius
|
foreach ($a_ca as $i => $ca):
|
| 392 |
|
|
$name = htmlspecialchars($ca['descr']);
|
| 393 |
|
|
$subj = cert_get_subject($ca['crt']);
|
| 394 |
|
|
$issuer = cert_get_issuer($ca['crt']);
|
| 395 |
|
|
list($startdate, $enddate) = cert_get_dates($ca['crt']);
|
| 396 |
78863416
|
Phil Davis
|
if ($subj == $issuer) {
|
| 397 |
a2a10102
|
Sjon Hortensius
|
$issuer_name = gettext("self-signed");
|
| 398 |
78863416
|
Phil Davis
|
} else {
|
| 399 |
a2a10102
|
Sjon Hortensius
|
$issuer_name = gettext("external");
|
| 400 |
78863416
|
Phil Davis
|
}
|
| 401 |
83d2b83a
|
jim-p
|
$subj = htmlspecialchars(cert_escape_x509_chars($subj, true));
|
| 402 |
5d2edeca
|
Sjon Hortensius
|
$issuer = htmlspecialchars($issuer);
|
| 403 |
|
|
$certcount = 0;
|
| 404 |
|
|
|
| 405 |
|
|
$issuer_ca = lookup_ca($ca['caref']);
|
| 406 |
78863416
|
Phil Davis
|
if ($issuer_ca) {
|
| 407 |
5d2edeca
|
Sjon Hortensius
|
$issuer_name = $issuer_ca['descr'];
|
| 408 |
78863416
|
Phil Davis
|
}
|
| 409 |
5d2edeca
|
Sjon Hortensius
|
|
| 410 |
78863416
|
Phil Davis
|
foreach ($a_cert as $cert) {
|
| 411 |
|
|
if ($cert['caref'] == $ca['refid']) {
|
| 412 |
5d2edeca
|
Sjon Hortensius
|
$certcount++;
|
| 413 |
78863416
|
Phil Davis
|
}
|
| 414 |
|
|
}
|
| 415 |
5d2edeca
|
Sjon Hortensius
|
|
| 416 |
78863416
|
Phil Davis
|
foreach ($a_ca as $cert) {
|
| 417 |
|
|
if ($cert['caref'] == $ca['refid']) {
|
| 418 |
5d2edeca
|
Sjon Hortensius
|
$certcount++;
|
| 419 |
78863416
|
Phil Davis
|
}
|
| 420 |
|
|
}
|
| 421 |
64cc39d3
|
Matthew Grooms
|
?>
|
| 422 |
060ed238
|
Stephen Beaver
|
<tr>
|
| 423 |
|
|
<td><?=$name?></td>
|
| 424 |
ce883f9f
|
jim-p
|
<td><i class="fa fa-<?= (!empty($ca['prv'])) ? "check" : "times" ; ?>"></i></td>
|
| 425 |
060ed238
|
Stephen Beaver
|
<td><i><?=$issuer_name?></i></td>
|
| 426 |
|
|
<td><?=$certcount?></td>
|
| 427 |
|
|
<td>
|
| 428 |
|
|
<?=$subj?>
|
| 429 |
|
|
<br />
|
| 430 |
|
|
<small>
|
| 431 |
|
|
<?=gettext("Valid From")?>: <b><?=$startdate ?></b><br /><?=gettext("Valid Until")?>: <b><?=$enddate ?></b>
|
| 432 |
|
|
</small>
|
| 433 |
|
|
</td>
|
| 434 |
80080a0c
|
jim-p
|
<td class="text-nowrap">
|
| 435 |
|
|
<?php if (is_openvpn_server_ca($ca['refid'])): ?>
|
| 436 |
|
|
<?=gettext("OpenVPN Server")?><br/>
|
| 437 |
|
|
<?php endif?>
|
| 438 |
|
|
<?php if (is_openvpn_client_ca($ca['refid'])): ?>
|
| 439 |
|
|
<?=gettext("OpenVPN Client")?><br/>
|
| 440 |
|
|
<?php endif?>
|
| 441 |
|
|
<?php if (is_ipsec_peer_ca($ca['refid'])): ?>
|
| 442 |
|
|
<?=gettext("IPsec Tunnel")?><br/>
|
| 443 |
|
|
<?php endif?>
|
| 444 |
|
|
<?php if (is_ldap_peer_ca($ca['refid'])): ?>
|
| 445 |
|
|
<?=gettext("LDAP Server")?>
|
| 446 |
|
|
<?php endif?>
|
| 447 |
3bde5cdd
|
PiBa-NL
|
<?php echo cert_usedby_description($ca['refid'], $certificates_used_by_packages); ?>
|
| 448 |
80080a0c
|
jim-p
|
</td>
|
| 449 |
|
|
<td class="text-nowrap">
|
| 450 |
4611e283
|
Steve Beaver
|
<a class="fa fa-pencil" title="<?=gettext("Edit CA")?>" href="system_camanager.php?act=edit&id=<?=$i?>"></a>
|
| 451 |
|
|
<a class="fa fa-certificate" title="<?=gettext("Export CA")?>" href="system_camanager.php?act=exp&id=<?=$i?>"></a>
|
| 452 |
060ed238
|
Stephen Beaver
|
<?php if ($ca['prv']): ?>
|
| 453 |
4611e283
|
Steve Beaver
|
<a class="fa fa-key" title="<?=gettext("Export key")?>" href="system_camanager.php?act=expkey&id=<?=$i?>"></a>
|
| 454 |
060ed238
|
Stephen Beaver
|
<?php endif?>
|
| 455 |
80080a0c
|
jim-p
|
<?php if (!ca_in_use($ca['refid'])): ?>
|
| 456 |
e8afd822
|
Steve Beaver
|
<a class="fa fa-trash" title="<?=gettext("Delete CA and its CRLs")?>" href="system_camanager.php?act=del&id=<?=$i?>" usepost ></a>
|
| 457 |
80080a0c
|
jim-p
|
<?php endif?>
|
| 458 |
060ed238
|
Stephen Beaver
|
</td>
|
| 459 |
|
|
</tr>
|
| 460 |
5d2edeca
|
Sjon Hortensius
|
<?php endforeach; ?>
|
| 461 |
060ed238
|
Stephen Beaver
|
</tbody>
|
| 462 |
|
|
</table>
|
| 463 |
|
|
</div>
|
| 464 |
|
|
</div>
|
| 465 |
04f1a496
|
NOYB
|
</div>
|
| 466 |
64cc39d3
|
Matthew Grooms
|
|
| 467 |
c10cb196
|
Stephen Beaver
|
<nav class="action-buttons">
|
| 468 |
4611e283
|
Steve Beaver
|
<a href="?act=new" class="btn btn-success btn-sm">
|
| 469 |
9d5a20cf
|
heper
|
<i class="fa fa-plus icon-embed-btn"></i>
|
| 470 |
f74457df
|
Stephen Beaver
|
<?=gettext("Add")?>
|
| 471 |
|
|
</a>
|
| 472 |
5d2edeca
|
Sjon Hortensius
|
</nav>
|
| 473 |
14973058
|
jim-p
|
<script type="text/javascript">
|
| 474 |
|
|
//<![CDATA[
|
| 475 |
|
|
|
| 476 |
|
|
events.push(function() {
|
| 477 |
|
|
|
| 478 |
|
|
// Make these controls plain buttons
|
| 479 |
|
|
$("#btnsearch").prop('type', 'button');
|
| 480 |
|
|
$("#btnclear").prop('type', 'button');
|
| 481 |
|
|
|
| 482 |
|
|
// Search for a term in the entry name and/or dn
|
| 483 |
|
|
$("#btnsearch").click(function() {
|
| 484 |
|
|
var searchstr = $('#searchstr').val().toLowerCase();
|
| 485 |
|
|
var table = $("table tbody");
|
| 486 |
|
|
var where = $('#where').val();
|
| 487 |
|
|
|
| 488 |
|
|
table.find('tr').each(function (i) {
|
| 489 |
|
|
var $tds = $(this).find('td'),
|
| 490 |
|
|
shortname = $tds.eq(0).text().trim().toLowerCase(),
|
| 491 |
|
|
dn = $tds.eq(4).text().trim().toLowerCase();
|
| 492 |
|
|
|
| 493 |
|
|
regexp = new RegExp(searchstr);
|
| 494 |
|
|
if (searchstr.length > 0) {
|
| 495 |
|
|
if (!(regexp.test(shortname) && (where != 1)) && !(regexp.test(dn) && (where != 0))) {
|
| 496 |
|
|
$(this).hide();
|
| 497 |
|
|
} else {
|
| 498 |
|
|
$(this).show();
|
| 499 |
|
|
}
|
| 500 |
|
|
} else {
|
| 501 |
|
|
$(this).show(); // A blank search string shows all
|
| 502 |
|
|
}
|
| 503 |
|
|
});
|
| 504 |
|
|
});
|
| 505 |
|
|
|
| 506 |
|
|
// Clear the search term and unhide all rows (that were hidden during a previous search)
|
| 507 |
|
|
$("#btnclear").click(function() {
|
| 508 |
|
|
var table = $("table tbody");
|
| 509 |
|
|
|
| 510 |
|
|
$('#searchstr').val("");
|
| 511 |
|
|
|
| 512 |
|
|
table.find('tr').each(function (i) {
|
| 513 |
|
|
$(this).show();
|
| 514 |
|
|
});
|
| 515 |
|
|
});
|
| 516 |
|
|
|
| 517 |
|
|
// Hitting the enter key will do the same as clicking the search button
|
| 518 |
|
|
$("#searchstr").on("keyup", function (event) {
|
| 519 |
|
|
if (event.keyCode == 13) {
|
| 520 |
|
|
$("#btnsearch").get(0).click();
|
| 521 |
|
|
}
|
| 522 |
|
|
});
|
| 523 |
|
|
});
|
| 524 |
|
|
//]]>
|
| 525 |
|
|
</script>
|
| 526 |
|
|
|
| 527 |
e9258698
|
NewEraCracker
|
<?php
|
| 528 |
5d2edeca
|
Sjon Hortensius
|
include("foot.inc");
|
| 529 |
|
|
exit;
|
| 530 |
|
|
}
|
| 531 |
96c7a492
|
Matthew Grooms
|
|
| 532 |
5d2edeca
|
Sjon Hortensius
|
$form = new Form;
|
| 533 |
b155730f
|
Stephen Beaver
|
//$form->setAction('system_camanager.php?act=edit');
|
| 534 |
78863416
|
Phil Davis
|
if (isset($id) && $a_ca[$id]) {
|
| 535 |
5d2edeca
|
Sjon Hortensius
|
$form->addGlobal(new Form_Input(
|
| 536 |
|
|
'id',
|
| 537 |
|
|
null,
|
| 538 |
|
|
'hidden',
|
| 539 |
|
|
$id
|
| 540 |
|
|
));
|
| 541 |
|
|
}
|
| 542 |
64cc39d3
|
Matthew Grooms
|
|
| 543 |
78863416
|
Phil Davis
|
if ($act == "edit") {
|
| 544 |
5d2edeca
|
Sjon Hortensius
|
$form->addGlobal(new Form_Input(
|
| 545 |
|
|
'refid',
|
| 546 |
|
|
null,
|
| 547 |
|
|
'hidden',
|
| 548 |
|
|
$pconfig['refid']
|
| 549 |
|
|
));
|
| 550 |
|
|
}
|
| 551 |
|
|
|
| 552 |
5f88f964
|
k-paulius
|
$section = new Form_Section('Create / Edit CA');
|
| 553 |
5d2edeca
|
Sjon Hortensius
|
|
| 554 |
|
|
$section->addInput(new Form_Input(
|
| 555 |
|
|
'descr',
|
| 556 |
153c3aa6
|
Phil Davis
|
'*Descriptive name',
|
| 557 |
5d2edeca
|
Sjon Hortensius
|
'text',
|
| 558 |
|
|
$pconfig['descr']
|
| 559 |
|
|
));
|
| 560 |
|
|
|
| 561 |
78863416
|
Phil Davis
|
if (!isset($id) || $act == "edit") {
|
| 562 |
5d2edeca
|
Sjon Hortensius
|
$section->addInput(new Form_Select(
|
| 563 |
|
|
'method',
|
| 564 |
153c3aa6
|
Phil Davis
|
'*Method',
|
| 565 |
5d2edeca
|
Sjon Hortensius
|
$pconfig['method'],
|
| 566 |
|
|
$ca_methods
|
| 567 |
44d906ca
|
Sjon Hortensius
|
))->toggles();
|
| 568 |
5d2edeca
|
Sjon Hortensius
|
}
|
| 569 |
64cc39d3
|
Matthew Grooms
|
|
| 570 |
5d2edeca
|
Sjon Hortensius
|
$form->add($section);
|
| 571 |
|
|
|
| 572 |
|
|
$section = new Form_Section('Existing Certificate Authority');
|
| 573 |
|
|
$section->addClass('toggle-existing collapse');
|
| 574 |
|
|
|
| 575 |
|
|
$section->addInput(new Form_Textarea(
|
| 576 |
|
|
'cert',
|
| 577 |
153c3aa6
|
Phil Davis
|
'*Certificate data',
|
| 578 |
5d2edeca
|
Sjon Hortensius
|
$pconfig['cert']
|
| 579 |
|
|
))->setHelp('Paste a certificate in X.509 PEM format here.');
|
| 580 |
|
|
|
| 581 |
|
|
$section->addInput(new Form_Textarea(
|
| 582 |
|
|
'key',
|
| 583 |
|
|
'Certificate Private Key (optional)',
|
| 584 |
|
|
$pconfig['key']
|
| 585 |
|
|
))->setHelp('Paste the private key for the above certificate here. This is '.
|
| 586 |
10ddac8a
|
NOYB
|
'optional in most cases, but is required when generating a '.
|
| 587 |
5d2edeca
|
Sjon Hortensius
|
'Certificate Revocation List (CRL).');
|
| 588 |
|
|
|
| 589 |
|
|
$section->addInput(new Form_Input(
|
| 590 |
|
|
'serial',
|
| 591 |
|
|
'Serial for next certificate',
|
| 592 |
|
|
'number',
|
| 593 |
|
|
$pconfig['serial']
|
| 594 |
|
|
))->setHelp('Enter a decimal number to be used as the serial number for the next '.
|
| 595 |
|
|
'certificate to be created using this CA.');
|
| 596 |
|
|
|
| 597 |
|
|
$form->add($section);
|
| 598 |
|
|
|
| 599 |
|
|
$section = new Form_Section('Internal Certificate Authority');
|
| 600 |
|
|
$section->addClass('toggle-internal', 'toggle-intermediate', 'collapse');
|
| 601 |
|
|
|
| 602 |
|
|
$allCas = array();
|
| 603 |
78863416
|
Phil Davis
|
foreach ($a_ca as $ca) {
|
| 604 |
|
|
if (!$ca['prv']) {
|
| 605 |
5d2edeca
|
Sjon Hortensius
|
continue;
|
| 606 |
78863416
|
Phil Davis
|
}
|
| 607 |
5d2edeca
|
Sjon Hortensius
|
|
| 608 |
|
|
$allCas[ $ca['refid'] ] = $ca['descr'];
|
| 609 |
|
|
}
|
| 610 |
64cc39d3
|
Matthew Grooms
|
|
| 611 |
153c3aa6
|
Phil Davis
|
$group = new Form_Group('*Signing Certificate Authority');
|
| 612 |
b8f22f61
|
Stephen Beaver
|
$group->addClass('toggle-intermediate', 'collapse');
|
| 613 |
5d2edeca
|
Sjon Hortensius
|
$group->add(new Form_Select(
|
| 614 |
|
|
'caref',
|
| 615 |
|
|
null,
|
| 616 |
|
|
$pconfig['caref'],
|
| 617 |
|
|
$allCas
|
| 618 |
|
|
));
|
| 619 |
|
|
$section->add($group);
|
| 620 |
|
|
|
| 621 |
|
|
$section->addInput(new Form_Select(
|
| 622 |
|
|
'keylen',
|
| 623 |
153c3aa6
|
Phil Davis
|
'*Key length (bits)',
|
| 624 |
5d2edeca
|
Sjon Hortensius
|
$pconfig['keylen'],
|
| 625 |
b698621d
|
Stephen Beaver
|
array_combine($ca_keylens, $ca_keylens)
|
| 626 |
5d2edeca
|
Sjon Hortensius
|
));
|
| 627 |
|
|
|
| 628 |
|
|
$section->addInput(new Form_Select(
|
| 629 |
|
|
'digest_alg',
|
| 630 |
153c3aa6
|
Phil Davis
|
'*Digest Algorithm',
|
| 631 |
5d2edeca
|
Sjon Hortensius
|
$pconfig['digest_alg'],
|
| 632 |
b698621d
|
Stephen Beaver
|
array_combine($openssl_digest_algs, $openssl_digest_algs)
|
| 633 |
5d2edeca
|
Sjon Hortensius
|
))->setHelp('NOTE: It is recommended to use an algorithm stronger than SHA1 '.
|
| 634 |
|
|
'when possible.');
|
| 635 |
|
|
|
| 636 |
|
|
$section->addInput(new Form_Input(
|
| 637 |
|
|
'lifetime',
|
| 638 |
153c3aa6
|
Phil Davis
|
'*Lifetime (days)',
|
| 639 |
5d2edeca
|
Sjon Hortensius
|
'number',
|
| 640 |
|
|
$pconfig['lifetime']
|
| 641 |
|
|
));
|
| 642 |
|
|
|
| 643 |
26e3967a
|
jim-p
|
$section->addInput(new Form_Input(
|
| 644 |
|
|
'dn_commonname',
|
| 645 |
|
|
'*Common Name',
|
| 646 |
|
|
'text',
|
| 647 |
|
|
$pconfig['dn_commonname'],
|
| 648 |
|
|
['placeholder' => 'e.g. internal-ca']
|
| 649 |
|
|
));
|
| 650 |
|
|
|
| 651 |
|
|
$section->addInput(new Form_StaticText(
|
| 652 |
|
|
null,
|
| 653 |
|
|
gettext('The following certificate authority subject components are optional and may be left blank.')
|
| 654 |
|
|
));
|
| 655 |
|
|
|
| 656 |
5d2edeca
|
Sjon Hortensius
|
$section->addInput(new Form_Select(
|
| 657 |
|
|
'dn_country',
|
| 658 |
80d50253
|
jim-p
|
'Country Code',
|
| 659 |
5d2edeca
|
Sjon Hortensius
|
$pconfig['dn_country'],
|
| 660 |
232b1a69
|
Renato Botelho
|
get_cert_country_codes()
|
| 661 |
5d2edeca
|
Sjon Hortensius
|
));
|
| 662 |
|
|
|
| 663 |
|
|
$section->addInput(new Form_Input(
|
| 664 |
|
|
'dn_state',
|
| 665 |
80d50253
|
jim-p
|
'State or Province',
|
| 666 |
5d2edeca
|
Sjon Hortensius
|
'text',
|
| 667 |
|
|
$pconfig['dn_state'],
|
| 668 |
|
|
['placeholder' => 'e.g. Texas']
|
| 669 |
|
|
));
|
| 670 |
|
|
|
| 671 |
|
|
$section->addInput(new Form_Input(
|
| 672 |
|
|
'dn_city',
|
| 673 |
80d50253
|
jim-p
|
'City',
|
| 674 |
5d2edeca
|
Sjon Hortensius
|
'text',
|
| 675 |
|
|
$pconfig['dn_city'],
|
| 676 |
|
|
['placeholder' => 'e.g. Austin']
|
| 677 |
|
|
));
|
| 678 |
|
|
|
| 679 |
|
|
$section->addInput(new Form_Input(
|
| 680 |
|
|
'dn_organization',
|
| 681 |
80d50253
|
jim-p
|
'Organization',
|
| 682 |
5d2edeca
|
Sjon Hortensius
|
'text',
|
| 683 |
|
|
$pconfig['dn_organization'],
|
| 684 |
da0f70ed
|
jim-p
|
['placeholder' => 'e.g. My Company Inc']
|
| 685 |
|
|
));
|
| 686 |
|
|
|
| 687 |
|
|
$section->addInput(new Form_Input(
|
| 688 |
|
|
'dn_organizationalunit',
|
| 689 |
|
|
'Organizational Unit',
|
| 690 |
|
|
'text',
|
| 691 |
|
|
$pconfig['dn_organizationalunit'],
|
| 692 |
|
|
['placeholder' => 'e.g. My Department Name (optional)']
|
| 693 |
5d2edeca
|
Sjon Hortensius
|
));
|
| 694 |
|
|
|
| 695 |
|
|
$form->add($section);
|
| 696 |
|
|
|
| 697 |
|
|
print $form;
|
| 698 |
|
|
|
| 699 |
b8f22f61
|
Stephen Beaver
|
$internal_ca_count = 0;
|
| 700 |
|
|
foreach ($a_ca as $ca) {
|
| 701 |
|
|
if ($ca['prv']) {
|
| 702 |
|
|
$internal_ca_count++;
|
| 703 |
|
|
}
|
| 704 |
|
|
}
|
| 705 |
|
|
|
| 706 |
c10cb196
|
Stephen Beaver
|
include('foot.inc');
|
| 707 |
097094bd
|
Phil Davis
|
?>
|