Project

General

Profile

Download (34.7 KB) Statistics
| Branch: | Tag: | Revision:
1
<?php
2
/*
3
    system_certmanager.php
4

    
5
    Copyright (C) 2008 Shrew Soft Inc.
6
    All rights reserved.
7

    
8
    Redistribution and use in source and binary forms, with or without
9
    modification, are permitted provided that the following conditions are met:
10

    
11
    1. Redistributions of source code must retain the above copyright notice,
12
       this list of conditions and the following disclaimer.
13

    
14
    2. Redistributions in binary form must reproduce the above copyright
15
       notice, this list of conditions and the following disclaimer in the
16
       documentation and/or other materials provided with the distribution.
17

    
18
    THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
19
    INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
20
    AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
21
    AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
22
    OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
23
    SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
24
    INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
25
    CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
26
    ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
27
    POSSIBILITY OF SUCH DAMAGE.
28
*/
29
/*
30
	pfSense_MODULE:	certificate_managaer
31
*/
32

    
33
##|+PRIV
34
##|*IDENT=page-system-certmanager
35
##|*NAME=System: Certificate Manager
36
##|*DESCR=Allow access to the 'System: Certificate Manager' page.
37
##|*MATCH=system_certmanager.php*
38
##|-PRIV
39

    
40
require("guiconfig.inc");
41
require_once("certs.inc");
42

    
43
$cert_methods = array(
44
	"import" => gettext("Import an existing Certificate"),
45
	"internal" => gettext("Create an internal Certificate"),
46
	"external" => gettext("Create a Certificate Signing Request"),
47
);
48

    
49
$cert_keylens = array( "512", "1024", "2048", "4096");
50
$cert_types = array(	"ca" => "Certificate Authority",
51
			"server" => "Server Certificate",
52
			"user" => "User Certificate");
53

    
54
$pgtitle = array(gettext("System"), gettext("Certificate Manager"));
55

    
56
$userid = $_GET['userid'];
57
if (isset($_POST['userid']))
58
	$userid = $_POST['userid'];
59
if (is_numeric($userid)) {
60
	$cert_methods["existing"] = gettext("Choose an existing certificate");
61
	if (!is_array($config['system']['user']))
62
		$config['system']['user'] = array();
63
	$a_user =& $config['system']['user'];
64
}
65

    
66
$id = $_GET['id'];
67
if (isset($_POST['id']))
68
	$id = $_POST['id'];
69

    
70
if (!is_array($config['ca']))
71
	$config['ca'] = array();
72

    
73
$a_ca =& $config['ca'];
74

    
75
if (!is_array($config['cert']))
76
	$config['cert'] = array();
77

    
78
$a_cert =& $config['cert'];
79

    
80
$internal_ca_count = 0;
81
foreach ($a_ca as $ca)
82
	if ($ca['prv'])	
83
		$internal_ca_count++;
84

    
85
$act = $_GET['act'];
86
if ($_POST['act'])
87
	$act = $_POST['act'];
88

    
89
if ($act == "del") {
90

    
91
	if (!$a_cert[$id]) {
92
		pfSenseHeader("system_certmanager.php");
93
		exit;
94
	}
95

    
96
	$name = $a_cert[$id]['descr'];
97
	unset($a_cert[$id]);
98
	write_config();
99
	$savemsg = sprintf(gettext("Certificate %s successfully deleted"), $name) . "<br/>";
100
	pfSenseHeader("system_certmanager.php");
101
	exit;
102
}
103

    
104
if ($act == "new") {
105
	$pconfig['method'] = $_GET['method'];
106
	$pconfig['keylen'] = "2048";
107
	$pconfig['type'] = "user";
108
	$pconfig['lifetime'] = "3650";
109
}
110

    
111
if ($act == "exp") {
112

    
113
	if (!$a_cert[$id]) {
114
		pfSenseHeader("system_certmanager.php");
115
		exit;
116
	}
117

    
118
	$exp_name = urlencode("{$a_cert[$id]['descr']}.crt");
119
	$exp_data = base64_decode($a_cert[$id]['crt']);
120
	$exp_size = strlen($exp_data);
121

    
122
	header("Content-Type: application/octet-stream");
123
	header("Content-Disposition: attachment; filename={$exp_name}");
124
	header("Content-Length: $exp_size");
125
	echo $exp_data;
126
	exit;
127
}
128

    
129
if ($act == "key") {
130

    
131
	if (!$a_cert[$id]) {
132
		pfSenseHeader("system_certmanager.php");
133
		exit;
134
	}
135

    
136
	$exp_name = urlencode("{$a_cert[$id]['descr']}.key");
137
	$exp_data = base64_decode($a_cert[$id]['prv']);
138
	$exp_size = strlen($exp_data);
139

    
140
	header("Content-Type: application/octet-stream");
141
	header("Content-Disposition: attachment; filename={$exp_name}");
142
	header("Content-Length: $exp_size");
143
	echo $exp_data;
144
	exit;
145
}
146

    
147
if ($act == "csr") {
148

    
149
	if (!$a_cert[$id]) {
150
		pfSenseHeader("system_certmanager.php");
151
		exit;
152
	}
153

    
154
	$pconfig['descr'] = $a_cert[$id]['descr'];
155
	$pconfig['csr'] = base64_decode($a_cert[$id]['csr']);
156
}
157

    
158
if ($_POST) {
159
	if ($_POST['save'] == gettext("Save")) {
160
		$input_errors = array();
161
		$pconfig = $_POST;
162

    
163
		/* input validation */
164
		if ($pconfig['method'] == "import") {
165
			$reqdfields = explode(" ",
166
					"descr cert key");
167
			$reqdfieldsn = array(
168
					gettext("Descriptive name"),
169
					gettext("Certificate data"),
170
					gettext("Key data"));
171
			if ($_POST['cert'] && (!strstr($_POST['cert'], "BEGIN CERTIFICATE") || !strstr($_POST['cert'], "END CERTIFICATE")))
172
				$input_errors[] = gettext("This certificate does not appear to be valid.");
173
		}
174

    
175
		if ($pconfig['method'] == "internal") {
176
			$reqdfields = explode(" ",
177
					"descr caref keylen type lifetime dn_country dn_state dn_city ".
178
					"dn_organization dn_email dn_commonname");
179
			$reqdfieldsn = array(
180
					gettext("Descriptive name"),
181
					gettext("Certificate authority"),
182
					gettext("Key length"),
183
					gettext("Certificate Type"),
184
					gettext("Lifetime"),
185
					gettext("Distinguished name Country Code"),
186
					gettext("Distinguished name State or Province"),
187
					gettext("Distinguished name City"),
188
					gettext("Distinguished name Organization"),
189
					gettext("Distinguished name Email Address"),
190
					gettext("Distinguished name Common Name"));
191
		}
192

    
193
		if ($pconfig['method'] == "external") {
194
			$reqdfields = explode(" ",
195
					"descr csr_keylen csr_dn_country csr_dn_state csr_dn_city ".
196
					"csr_dn_organization csr_dn_email csr_dn_commonname");
197
			$reqdfieldsn = array(
198
					gettext("Descriptive name"),
199
					gettext("Key length"),
200
					gettext("Distinguished name Country Code"),
201
					gettext("Distinguished name State or Province"),
202
					gettext("Distinguished name City"),
203
					gettext("Distinguished name Organization"),
204
					gettext("Distinguished name Email Address"),
205
					gettext("Distinguished name Common Name"));
206
		}
207

    
208
		if ($pconfig['method'] == "existing") {
209
			$reqdfields = array("certref");
210
			$reqdfieldsn = array(gettext("Existing Certificate Choice"));
211
		}
212

    
213
		do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
214
		if ($pconfig['method'] != "import")
215
			/* Make sure we do not have invalid characters in the fields for the certificate */
216
			for ($i = 0; $i < count($reqdfields); $i++) {
217
				if (preg_match('/email/', $reqdfields[$i])){ /* dn_email or csr_dn_name */
218
				 	if (preg_match("/[\!\#\$\%\^\(\)\~\?\>\<\&\/\\\,\"\']/", $_POST["$reqdfields[$i]"]))
219
						array_push($input_errors, "The field 'Distinguished name Email Address' contains invalid characters.");
220
				}else if (preg_match('/commonname/', $reqdfields[$i])){ /* dn_commonname or csr_dn_commonname */
221
					if (preg_match("/[\!\@\#\$\%\^\(\)\~\?\>\<\&\/\\\,\"\']/", $_POST["$reqdfields[$i]"]))
222
						array_push($input_errors, "The field 'Distinguished name Common Name' contains invalid characters.");
223
				}else if (preg_match("/[\!\@\#\$\%\^\(\)\~\?\>\<\&\/\\\,\.\"\']/", $_POST["$reqdfields[$i]"]))
224
					array_push($input_errors, "The field '" . $reqdfieldsn[$i] . "' contains invalid characters.");
225
			}
226

    
227
		/* if this is an AJAX caller then handle via JSON */
228
		if (isAjax() && is_array($input_errors)) {
229
			input_errors2Ajax($input_errors);
230
			exit;
231
		}
232

    
233
		/* save modifications */
234
		if (!$input_errors) {
235

    
236
			if ($pconfig['method'] == "existing") {
237
				$cert = lookup_cert($pconfig['certref']);
238
				if ($cert && $a_user)
239
					$a_user[$userid]['cert'][] = $cert['refid'];
240
			} else {
241
				$cert = array();
242
				$cert['refid'] = uniqid();
243
				if (isset($id) && $a_cert[$id])
244
					$cert = $a_cert[$id];
245

    
246
				$cert['descr'] = $pconfig['descr'];
247

    
248
				$old_err_level = error_reporting(0); /* otherwise openssl_ functions throw warings directly to a page screwing menu tab */
249

    
250
				if ($pconfig['method'] == "import")
251
					cert_import($cert, $pconfig['cert'], $pconfig['key']);
252

    
253
				if ($pconfig['method'] == "internal") {
254
					$dn = array(
255
						'countryName' => $pconfig['dn_country'],
256
						'stateOrProvinceName' => $pconfig['dn_state'],
257
						'localityName' => $pconfig['dn_city'],
258
						'organizationName' => $pconfig['dn_organization'],
259
						'emailAddress' => $pconfig['dn_email'],
260
						'commonName' => $pconfig['dn_commonname']);
261
	
262
					if (!cert_create($cert, $pconfig['caref'], $pconfig['keylen'],
263
						$pconfig['lifetime'], $dn, $pconfig['type'])){
264
						while($ssl_err = openssl_error_string()){
265
							$input_errors = array();
266
							array_push($input_errors, "openssl library returns: " . $ssl_err);
267
						}
268
					}
269
				}
270

    
271
				if ($pconfig['method'] == "external") {
272
					$dn = array(
273
						'countryName' => $pconfig['csr_dn_country'],
274
						'stateOrProvinceName' => $pconfig['csr_dn_state'],
275
						'localityName' => $pconfig['csr_dn_city'],
276
						'organizationName' => $pconfig['csr_dn_organization'],
277
						'emailAddress' => $pconfig['csr_dn_email'],
278
						'commonName' => $pconfig['csr_dn_commonname']);
279

    
280
					if(!csr_generate($cert, $pconfig['csr_keylen'], $dn)){
281
						while($ssl_err = openssl_error_string()){
282
							$input_errors = array();
283
							array_push($input_errors, "openssl library returns: " . $ssl_err);
284
						}
285
					}
286
				}
287
				error_reporting($old_err_level);
288

    
289
				if (isset($id) && $a_cert[$id])
290
					$a_cert[$id] = $cert;
291
				else
292
					$a_cert[] = $cert;
293
				if (isset($a_user) && isset($userid))
294
					$a_user[$userid]['cert'][] = $cert['refid'];
295
			}
296

    
297
			if (!$input_errors)
298
				write_config();
299

    
300
			if ($userid)
301
				pfSenseHeader("system_usermanager.php?act=edit&id={$userid}");
302
		}
303
	}
304

    
305
	if ($_POST['save'] == gettext("Update")) {
306
		unset($input_errors);
307
		$pconfig = $_POST;
308

    
309
		/* input validation */
310
		$reqdfields = explode(" ", "descr cert");
311
		$reqdfieldsn = array(
312
			gettext("Descriptive name"),
313
			gettext("Final Certificate data"));
314

    
315
		do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
316

    
317
//		old way
318
		/* make sure this csr and certificate subjects match */
319
//		$subj_csr = csr_get_subject($pconfig['csr'], false);
320
//		$subj_cert = cert_get_subject($pconfig['cert'], false);
321
//
322
//		if ( !isset($_POST['ignoresubjectmismatch']) && !($_POST['ignoresubjectmismatch'] == "yes") ) {
323
//			if (strcmp($subj_csr,$subj_cert)) {
324
//				$input_errors[] = sprintf(gettext("The certificate subject '%s' does not match the signing request subject."),$subj_cert);
325
//				$subject_mismatch = true;
326
//			}
327
//		}
328
		$mod_csr  =  csr_get_modulus($pconfig['csr'], false);
329
		$mod_cert = cert_get_modulus($pconfig['cert'], false);
330
		
331
		if (strcmp($mod_csr,$mod_cert)) {
332
			// simply: if the moduli don't match, then the private key and public key won't match
333
			$input_errors[] = sprintf(gettext("The certificate modulus does not match the signing request modulus."),$subj_cert);
334
			$subject_mismatch = true;
335
		}
336

    
337
		/* if this is an AJAX caller then handle via JSON */
338
		if (isAjax() && is_array($input_errors)) {
339
			input_errors2Ajax($input_errors);
340
			exit;
341
		}
342

    
343
		/* save modifications */
344
		if (!$input_errors) {
345

    
346
			$cert = $a_cert[$id];
347

    
348
			$cert['descr'] = $pconfig['descr'];
349

    
350
			csr_complete($cert, $pconfig['cert']);
351

    
352
			$a_cert[$id] = $cert;
353

    
354
			write_config();
355

    
356
			pfSenseHeader("system_certmanager.php");
357
		}
358
	}
359
}
360

    
361
include("head.inc");
362
?>
363

    
364
<body link="#000000" vlink="#000000" alink="#000000" onLoad="<?= $jsevents["body"]["onload"] ?>">
365
<?php include("fbegin.inc"); ?>
366
<script type="text/javascript">
367
<!--
368

    
369
function method_change() {
370

    
371
<?php
372
	if ($internal_ca_count)
373
		$submit_style = "";
374
	else
375
		$submit_style = "none";
376
?>
377

    
378
	method = document.iform.method.selectedIndex;
379

    
380
	switch (method) {
381
		case 0:
382
			document.getElementById("import").style.display="";
383
			document.getElementById("internal").style.display="none";
384
			document.getElementById("external").style.display="none";
385
			document.getElementById("existing").style.display="none";
386
			document.getElementById("descriptivename").style.display="";
387
			document.getElementById("submit").style.display="";
388
			break;
389
		case 1:
390
			document.getElementById("import").style.display="none";
391
			document.getElementById("internal").style.display="";
392
			document.getElementById("external").style.display="none";
393
			document.getElementById("existing").style.display="none";
394
			document.getElementById("descriptivename").style.display="";
395
			document.getElementById("submit").style.display="<?=$submit_style;?>";
396
			break;
397
		case 2:
398
			document.getElementById("import").style.display="none";
399
			document.getElementById("internal").style.display="none";
400
			document.getElementById("external").style.display="";
401
			document.getElementById("existing").style.display="none";
402
			document.getElementById("descriptivename").style.display="";
403
			document.getElementById("submit").style.display="";
404
			break;
405
		case 3:
406
			document.getElementById("import").style.display="none";
407
			document.getElementById("internal").style.display="none";
408
			document.getElementById("external").style.display="none";
409
			document.getElementById("existing").style.display="";
410
			document.getElementById("descriptivename").style.display="none";
411
			document.getElementById("submit").style.display="";
412
			break;
413
	}
414
}
415

    
416
<?php if ($internal_ca_count): ?>
417
function internalca_change() {
418

    
419
	index = document.iform.caref.selectedIndex;
420
	caref = document.iform.caref[index].value;
421

    
422
	switch (caref) {
423
<?php
424
		foreach ($a_ca as $ca):
425
			if (!$ca['prv'])
426
				continue;
427
			$subject = cert_get_subject_array($ca['crt']);
428
?>
429
		case "<?=$ca['refid'];?>":
430
			document.iform.dn_country.value = "<?=$subject[0]['v'];?>";
431
			document.iform.dn_state.value = "<?=$subject[1]['v'];?>";
432
			document.iform.dn_city.value = "<?=$subject[2]['v'];?>";
433
			document.iform.dn_organization.value = "<?=$subject[3]['v'];?>";
434
			document.iform.dn_email.value = "<?=$subject[4]['v'];?>";
435
			break;
436
<?php	endforeach; ?>
437
	}
438
}
439
<?php endif; ?>
440

    
441
//-->
442
</script>
443
<?php
444
	if ($input_errors)
445
		print_input_errors($input_errors);
446
	if ($savemsg)
447
		print_info_box($savemsg);
448

    
449
        // Load valid country codes
450
        $dn_cc = array();
451
        if (file_exists("/etc/ca_countries")){
452
                $dn_cc_file=file("/etc/ca_countries");
453
                foreach($dn_cc_file as $line)
454
                        if (preg_match('/^(\S*)\s(.*)$/', $line, $matches))
455
                                array_push($dn_cc, $matches[1]);
456
        }
457
?>
458
<table width="100%" border="0" cellpadding="0" cellspacing="0">
459
	<tr>
460
		<td class="tabnavtbl">
461
		<?php
462
			$tab_array = array();
463
			$tab_array[] = array(gettext("CAs"), false, "system_camanager.php");
464
			$tab_array[] = array(gettext("Certificates"), true, "system_certmanager.php");
465
			$tab_array[] = array(gettext("Certificate Revocation"), false, "system_crlmanager.php");
466
			display_top_tabs($tab_array);
467
		?>
468
		</td>
469
	</tr>
470
	<tr>
471
		<td id="mainarea">
472
			<div class="tabcont">
473

    
474
				<?php if ($act == "new" || (($_POST['save'] == gettext("Save")) && $input_errors)): ?>
475

    
476
				<form action="system_certmanager.php" method="post" name="iform" id="iform">
477
					<table width="100%" border="0" cellpadding="6" cellspacing="0">
478
						<?php if (!isset($id)): ?>
479
						<tr>
480
							<td width="22%" valign="top" class="vncellreq"><?=gettext("Method");?></td>
481
							<td width="78%" class="vtable">
482
								<select name='method' id='method' class="formselect" onchange='method_change()'>
483
								<?php
484
									foreach($cert_methods as $method => $desc):
485
									$selected = "";
486
									if ($pconfig['method'] == $method)
487
										$selected = "selected";
488
								?>
489
									<option value="<?=$method;?>"<?=$selected;?>><?=$desc;?></option>
490
								<?php endforeach; ?>
491
								</select>
492
							</td>
493
						</tr>
494
						<?php endif; ?>
495
						<tr id="descriptivename">
496
							<?php
497
							if ($a_user && empty($pconfig['descr']))
498
								$pconfig['descr'] = $a_user[$userid]['name'];
499
							?>
500
							<td width="22%" valign="top" class="vncellreq"><?=gettext("Descriptive name");?></td>
501
							<td width="78%" class="vtable">
502
								<input name="descr" type="text" class="formfld unknown" id="descr" size="20" value="<?=htmlspecialchars($pconfig['descr']);?>"/>
503
							</td>
504
						</tr>
505
					</table>
506

    
507
					<table width="100%" border="0" cellpadding="6" cellspacing="0" id="import">
508
						<tr>
509
							<td colspan="2" class="list" height="12"></td>
510
						</tr>
511
						<tr>
512
							<td colspan="2" valign="top" class="listtopic"><?=gettext("Import Certificate");?></td>
513
						</tr>
514

    
515
						<tr>
516
							<td width="22%" valign="top" class="vncellreq"><?=gettext("Certificate data");?></td>
517
							<td width="78%" class="vtable">
518
								<textarea name="cert" id="cert" cols="65" rows="7" class="formfld_cert"><?=htmlspecialchars($pconfig['cert']);?></textarea>
519
								<br>
520
									<?=gettext("Paste a certificate in X.509 PEM format here.");?></td>
521
							</td>
522
						</tr>
523
						<tr>
524
							<td width="22%" valign="top" class="vncellreq"><?=gettext("Private key data");?></td>
525
							<td width="78%" class="vtable">
526
								<textarea name="key" id="key" cols="65" rows="7" class="formfld_cert"><?=htmlspecialchars($pconfig['key']);?></textarea>
527
								<br>
528
								<?=gettext("Paste a private key in X.509 PEM format here.");?></td>
529
							</td>
530
						</tr>
531
					</table>
532

    
533
					<table width="100%" border="0" cellpadding="6" cellspacing="0" id="internal">
534
						<tr>
535
							<td colspan="2" class="list" height="12"></td>
536
						</tr>
537
						<tr>
538
							<td colspan="2" valign="top" class="listtopic"><?=gettext("Internal Certificate");?></td>
539
						</tr>
540

    
541
						<?php if (!$internal_ca_count): ?>
542

    
543
						<tr>
544
							<td colspan="2" align="center" class="vtable">
545
								<?=gettext("No internal Certificate Authorities have been defined. You must");?>
546
								<a href="system_camanager.php?act=new&method=internal"><?=gettext("create");?></a>
547
								<?=gettext("an internal CA before creating an internal certificate.");?>
548
							</td>
549
						</tr>
550

    
551
						<?php else: ?>
552

    
553
						<tr>
554
							<td width="22%" valign="top" class="vncellreq"><?=gettext("Certificate authority");?></td>
555
							<td width="78%" class="vtable">
556
								<select name='caref' id='caref' class="formselect" onChange='internalca_change()'>
557
								<?php
558
									foreach( $a_ca as $ca):
559
									if (!$ca['prv'])
560
										continue;
561
									$selected = "";
562
									if ($pconfig['caref'] == $ca['refid'])
563
										$selected = "selected";
564
								?>
565
									<option value="<?=$ca['refid'];?>"<?=$selected;?>><?=$ca['descr'];?></option>
566
								<?php endforeach; ?>
567
								</select>
568
							</td>
569
						</tr>
570
						<tr>
571
							<td width="22%" valign="top" class="vncellreq"><?=gettext("Key length");?></td>
572
							<td width="78%" class="vtable">
573
								<select name='keylen' class="formselect">
574
								<?php
575
									foreach( $cert_keylens as $len):
576
									$selected = "";
577
									if ($pconfig['keylen'] == $len)
578
										$selected = "selected";
579
								?>
580
									<option value="<?=$len;?>"<?=$selected;?>><?=$len;?></option>
581
								<?php endforeach; ?>
582
								</select>
583
								<?=gettext("bits");?>
584
							</td>
585
						</tr>
586
						<tr>
587
							<td width="22%" valign="top" class="vncellreq"><?=gettext("Certificate Type");?></td>
588
							<td width="78%" class="vtable">
589
								<select name='type' class="formselect">
590
								<?php
591
									foreach( $cert_types as $ct => $ctdesc ):
592
									$selected = "";
593
									if ($pconfig['type'] == $ct)
594
										$selected = "selected";
595
								?>
596
									<option value="<?=$ct;?>"<?=$selected;?>><?=$ctdesc;?></option>
597
								<?php endforeach; ?>
598
								</select>
599
								<br/>
600
								<?=gettext("Type of certificate to generate. Used for placing restrictions on the usage of the generated certificate.");?>
601
							</td>
602
						</tr>
603
						<tr>
604
							<td width="22%" valign="top" class="vncellreq"><?=gettext("Lifetime");?></td>
605
							<td width="78%" class="vtable">
606
								<input name="lifetime" type="text" class="formfld unknown" id="lifetime" size="5" value="<?=htmlspecialchars($pconfig['lifetime']);?>"/>
607
								<?=gettext("days");?>
608
							</td>
609
						</tr>
610
						<tr>
611
							<td width="22%" valign="top" class="vncellreq"><?=gettext("Distinguished name");?></td>
612
							<td width="78%" class="vtable">
613
								<table border="0" cellspacing="0" cellpadding="2">
614
									<tr>
615
										<td align="right"><?=gettext("Country Code");?> : &nbsp;</td>
616
										<td align="left">
617
											<input name="dn_country" type="text" class="formfld unknown" maxlength="2" size="2" value="<?=htmlspecialchars($pconfig['dn_country']);?>"/>
618
										</td>
619
									</tr>
620
									<tr>
621
										<td align="right"><?=gettext("State or Province");?> : &nbsp;</td>
622
										<td align="left">
623
											<input name="dn_state" type="text" class="formfld unknown" size="40" value="<?=htmlspecialchars($pconfig['dn_state']);?>"/>
624
										</td>
625
									</tr>
626
									<tr>
627
										<td align="right"><?=gettext("City");?> : &nbsp;</td>
628
										<td align="left">
629
											<input name="dn_city" type="text" class="formfld unknown" size="40" value="<?=htmlspecialchars($pconfig['dn_city']);?>"/>
630
										</td>
631
									</tr>
632
									<tr>
633
										<td align="right"><?=gettext("Organization");?> : &nbsp;</td>
634
										<td align="left">
635
											<input name="dn_organization" type="text" class="formfld unknown" size="40" value="<?=htmlspecialchars($pconfig['dn_organization']);?>"/>
636
										</td>
637
									</tr>
638
									<tr>
639
										<td align="right"><?=gettext("Email Address");?> : &nbsp;</td>
640
										<td align="left">
641
											<input name="dn_email" type="text" class="formfld unknown" size="25" value="<?=htmlspecialchars($pconfig['dn_email']);?>"/>
642
											&nbsp;
643
											<em>ex:</em>
644
											&nbsp;
645
											<?=gettext("webadmin@mycompany.com");?>
646
										</td>
647
									</tr>
648
									<tr>
649
										<td align="right"><?=gettext("Common Name");?> : &nbsp;</td>
650
										<td align="left">
651
											<?php
652
											if ($a_user && empty($pconfig['dn_commonname']))
653
												$pconfig['dn_commonname'] = $a_user[$userid]['name'];
654
											?>
655
											<input name="dn_commonname" type="text" class="formfld unknown" size="25" value="<?=htmlspecialchars($pconfig['dn_commonname']);?>"/>
656
											&nbsp;
657
											<em>ex:</em>
658
											&nbsp;
659
											<?=gettext("www.example.com");?>
660
										</td>
661
									</tr>
662
								</table>
663
							</td>
664
						</tr>
665

    
666
					<?php endif; ?>
667

    
668
					</table>
669

    
670
					<table width="100%" border="0" cellpadding="6" cellspacing="0" id="external">
671
						<tr>
672
							<td colspan="2" class="list" height="12"></td>
673
						</tr>
674
						<tr>
675
							<td colspan="2" valign="top" class="listtopic"><?=gettext("External Signing Request");?></td>
676
						</tr>
677
						<tr>
678
							<td width="22%" valign="top" class="vncellreq"><?=gettext("Key length");?></td>
679
							<td width="78%" class="vtable">
680
								<select name='csr_keylen' class="formselect">
681
								<?php
682
									foreach( $cert_keylens as $len):
683
									$selected = "";
684
									if ($pconfig['keylen'] == $len)
685
										$selected = "selected";
686
								?>
687
									<option value="<?=$len;?>"<?=$selected;?>><?=$len;?></option>
688
								<?php endforeach; ?>
689
								</select>
690
								bits
691
							</td>
692
						</tr>
693
						<tr>
694
							<td width="22%" valign="top" class="vncellreq"><?=gettext("Distinguished name");?></td>
695
							<td width="78%" class="vtable">
696
								<table border="0" cellspacing="0" cellpadding="2">
697
									<tr>
698
										<td align="right"><?=gettext("Country Code");?> : &nbsp;</td>
699
										<td align="left">
700
											<select name='csr_dn_country' class="formselect">
701
											<?php
702
											foreach( $dn_cc as $cc){
703
												$selected = "";
704
												if ($pconfig['csr_dn_country'] == $cc) $selected = "selected";
705
												print "<option value=\"$cc\" $selected>$cc</option>";
706
												}
707
											?>
708
											</select>
709
										</td>
710
									</tr>
711
									<tr>
712
										<td align="right"><?=gettext("State or Province");?> : &nbsp;</td>
713
										<td align="left">
714
											<input name="csr_dn_state" type="text" class="formfld unknown" size="40" value="<?=htmlspecialchars($pconfig['csr_dn_state']);?>" />
715
											&nbsp;
716
											<em>ex:</em>
717
											&nbsp;
718
											<?=gettext("Texas");?>
719
										</td>
720
									</tr>
721
									<tr>
722
										<td align="right"><?=gettext("City");?> : &nbsp;</td>
723
										<td align="left">
724
											<input name="csr_dn_city" type="text" class="formfld unknown" size="40" value="<?=htmlspecialchars($pconfig['csr_dn_city']);?>" />
725
											&nbsp;
726
											<em>ex:</em>
727
											&nbsp;
728
											<?=gettext("Austin");?>
729
										</td>
730
									</tr>
731
									<tr>
732
										<td align="right"><?=gettext("Organization");?> : &nbsp;</td>
733
										<td align="left">
734
											<input name="csr_dn_organization" type="text" class="formfld unknown" size="40" value="<?=htmlspecialchars($pconfig['csr_dn_organization']);?>" />
735
											&nbsp;
736
											<em>ex:</em>
737
											&nbsp;
738
											<?=gettext("My Company Inc.");?>
739
										</td>
740
									</tr>
741
									<tr>
742
										<td align="right"><?=gettext("Email Address");?> : &nbsp;</td>
743
										<td align="left">
744
											<input name="csr_dn_email" type="text" class="formfld unknown" size="25" value="<?=htmlspecialchars($pconfig['csr_dn_email']);?>"/>
745
											&nbsp;
746
											<em>ex:</em>
747
											&nbsp;
748
											<?=gettext("webadmin@mycompany.com");?>
749
										</td>
750
									</tr>
751
									<tr>
752
										<td align="right"><?=gettext("Common Name");?> : &nbsp;</td>
753
										<td align="left">
754
											<input name="csr_dn_commonname" type="text" class="formfld unknown" size="25" value="<?=htmlspecialchars($pconfig['csr_dn_commonname']);?>"/>
755
											&nbsp;
756
											<em>ex:</em>
757
											&nbsp;
758
											<?=gettext("www.example.com");?>
759
										</td>
760
									</tr>
761
								</table>
762
							</td>
763
						</tr>
764
					</table>
765

    
766
					<table width="100%" border="0" cellpadding="6" cellspacing="0" id="existing">
767
						<tr>
768
							<td colspan="2" class="list" height="12"></td>
769
						</tr>
770
						<tr>
771
							<td colspan="2" valign="top" class="listtopic"><?=gettext("Choose an Existing Certificate");?></td>
772
						</tr>
773
						<tr>
774
							<td width="22%" valign="top" class="vncellreq"><?=gettext("Existing Certificates");?></td>
775
							<td width="78%" class="vtable">
776
								<?php if (isset($userid) && $a_user): ?>
777
								<input name="userid" type="hidden" value="<?=$userid;?>" />
778
								<?php endif;?>
779
								<select name='certref' class="formselect">
780
								<?php
781
									foreach ($config['cert'] as $cert):
782
										$selected = "";
783
										$caname = "";
784
										$inuse = "";
785
										$revoked = "";
786
										if (in_array($cert['refid'], $config['system']['user'][$userid]['cert']))
787
											continue;
788
										$ca = lookup_ca($cert['caref']);
789
										if ($ca)
790
											$caname = " (CA: {$ca['descr']})";
791
										if ($pconfig['certref'] == $cert['refid'])
792
											$selected = "selected";
793
										if (cert_in_use($cert['refid']))
794
											$inuse = " *In Use";
795
											if (is_cert_revoked($cert))
796
											$revoked = " *Revoked";
797
								?>
798
									<option value="<?=$cert['refid'];?>" <?=$selected;?>><?=$cert['descr'] . $caname . $inuse . $revoked;?></option>
799
								<?php endforeach; ?>
800
								</select>
801
							</td>
802
						</tr>
803
					</table>
804

    
805
					<table width="100%" border="0" cellpadding="6" cellspacing="0">
806
						<tr>
807
							<td width="22%" valign="top">&nbsp;</td>
808
							<td width="78%">
809
								<input id="submit" name="save" type="submit" class="formbtn" value="<?=gettext("Save");?>" />
810
								<?php if (isset($id) && $a_cert[$id]): ?>
811
								<input name="id" type="hidden" value="<?=$id;?>" />
812
								<?php endif;?>
813
							</td>
814
						</tr>
815
					</table>
816
				</form>
817

    
818
				<?php elseif ($act == "csr" || (($_POST['save'] == gettext("Update")) && $input_errors)):?>
819

    
820
				<form action="system_certmanager.php" method="post" name="iform" id="iform">
821
					<table width="100%" border="0" cellpadding="6" cellspacing="0">
822
						<tr>
823
							<td width="22%" valign="top" class="vncellreq"><?=gettext("Descriptive name");?></td>
824
							<td width="78%" class="vtable">
825
								<input name="descr" type="text" class="formfld unknown" id="descr" size="20" value="<?=htmlspecialchars($pconfig['descr']);?>"/>
826
							</td>
827
						</tr>
828
						<tr>
829
							<td colspan="2" class="list" height="12"></td>
830
						</tr>
831
						<tr>
832
							<td colspan="2" valign="top" class="listtopic"><?=gettext("Complete Signing Request");?></td>
833
						</tr>
834

    
835
						<tr>
836
							<td width="22%" valign="top" class="vncellreq"><?=gettext("Signing Request data");?></td>
837
							<td width="78%" class="vtable">
838
								<textarea name="csr" id="csr" cols="65" rows="7" class="formfld_cert" readonly><?=htmlspecialchars($pconfig['csr']);?></textarea>
839
								<br>
840
								<?=gettext("Copy the certificate signing data from here and forward it to your certificate authority for signing.");?></td>
841
							</td>
842
						</tr>
843
						<tr>
844
							<td width="22%" valign="top" class="vncellreq"><?=gettext("Final Certificate data");?></td>
845
							<td width="78%" class="vtable">
846
								<textarea name="cert" id="cert" cols="65" rows="7" class="formfld_cert"><?=htmlspecialchars($pconfig['cert']);?></textarea>
847
								<br>
848
								<?=gettext("Paste the certificate received from your certificate authority here.");?></td>
849
							</td>
850
						</tr>
851
						<tr>
852
							<td width="22%" valign="top">&nbsp;</td>
853
							<td width="78%">
854
								<?php /* if ( isset($subject_mismatch) && $subject_mismatch === true): ?>
855
								<input id="ignoresubjectmismatch" name="ignoresubjectmismatch" type="checkbox" class="formbtn" value="yes" />
856
								<label for="ignoresubjectmismatch"><strong><?=gettext("Ignore certificate subject mismatch"); ?></strong></label><br />
857
								<?php echo gettext("Warning: Using this option may create an " .
858
								"invalid certificate.  Check this box to disable the request -> " .
859
								"response subject verification. ");
860
								?><br/>
861
								<?php endif; */ ?>
862
								<input id="submit" name="save" type="submit" class="formbtn" value="<?=gettext("Update");?>" />
863
								<?php if (isset($id) && $a_cert[$id]): ?>
864
								<input name="id" type="hidden" value="<?=$id;?>" />
865
								<input name="act" type="hidden" value="csr" />
866
								<?php endif;?>
867
							</td>
868
						</tr>
869
					</table>
870
				</form>
871

    
872
				<?php else:?>
873

    
874
				<table width="100%" border="0" cellpadding="0" cellspacing="0">
875
					<tr>
876
						<td width="15%" class="listhdrr"><?=gettext("Name");?></td>
877
						<td width="15%" class="listhdrr"><?=gettext("Issuer");?></td>
878
						<td width="40%" class="listhdrr"><?=gettext("Distinguished Name");?></td>
879
						<td width="10%" class="listhdrr"><?=gettext("In Use");?></td>
880
						<td width="10%" class="list"></td>
881
					</tr>
882
					<?php
883
						$i = 0;
884
						foreach($a_cert as $cert):
885
							$name = htmlspecialchars($cert['descr']);
886
							
887
							if ($cert['crt']) {
888
								$subj = cert_get_subject($cert['crt']);
889
								$issuer = cert_get_issuer($cert['crt']);
890
								$purpose = cert_get_purpose($cert['crt']);
891
								if($subj==$issuer)
892
								  $caname = "<em>" . gettext("self-signed") . "</em>";
893
								else
894
							    $caname = "<em>" . gettext("external"). "</em>";
895
							  $subj = htmlspecialchars($subj);
896
							}
897

    
898
							if ($cert['csr']) {
899
								$subj = htmlspecialchars(csr_get_subject($cert['csr']));
900
								$caname = "<em>" . gettext("external - signature pending") . "</em>";
901
							}
902

    
903
							$ca = lookup_ca($cert['caref']);
904
							if ($ca)
905
								$caname = $ca['descr'];
906

    
907
							if($cert['prv'])
908
								$certimg = "/themes/{$g['theme']}/images/icons/icon_frmfld_cert.png";
909
							else
910
								$certimg = "/themes/{$g['theme']}/images/icons/icon_frmfld_cert.png";
911
					?>
912
					<tr>
913
						<td class="listlr">
914
							<table border="0" cellpadding="0" cellspacing="0">
915
								<tr>
916
									<td align="left" valign="center">
917
										<img src="<?=$certimg;?>" alt="CA" title="CA" border="0" height="16" width="16" />
918
									</td>
919
									<td align="left" valign="middle">
920
										<?=$name;?>
921
									</td>
922
								</tr>
923
								<tr><td>&nbsp;</td></tr>
924
								<?php if ($cert['type']): ?>
925
								<tr><td colspan="2"><em><?php echo $cert_types[$cert['type']]; ?></em></td></tr>
926
								<?php endif; ?>
927
								<?php if (is_array($purpose)): ?>
928
								<tr><td colspan="2">
929
									CA: <?php echo $purpose['ca']; ?>,
930
									Server: <?php echo $purpose['server']; ?>
931
								</td></tr>
932
								<?php endif; ?>
933
							</table>
934
						</td>
935
						<td class="listr"><?=$caname;?>&nbsp;</td>
936
						<td class="listr"><?=$subj;?>&nbsp;</td>
937
						<td class="listr">
938
							<?php if (is_cert_revoked($cert)): ?>
939
							<b>Revoked</b><br/>
940
							<?php endif; ?>
941
							<?php if (is_webgui_cert($cert['refid'])): ?>
942
							webConfigurator<br/>
943
							<?php endif; ?>
944
							<?php if (is_user_cert($cert['refid'])): ?>
945
							User Cert<br/>
946
							<?php endif; ?>
947
							<?php if (is_openvpn_server_cert($cert['refid'])): ?>
948
							OpenVPN Server<br/>
949
							<?php endif; ?>
950
							<?php if (is_openvpn_client_cert($cert['refid'])): ?>
951
							OpenVPN Client<br/>
952
							<?php endif; ?>
953
							<?php if (is_ipsec_cert($cert['refid'])): ?>
954
							IPsec Tunnel<br/>
955
							<?php endif; ?>
956
						</td>
957
						<td valign="middle" nowrap class="list">
958
							<a href="system_certmanager.php?act=exp&id=<?=$i;?>">
959
								<img src="/themes/<?= $g['theme'];?>/images/icons/icon_down.gif" title="<?=gettext("export cert");?>" alt="<?=gettext("export ca");?>" width="17" height="17" border="0" />
960
							</a>
961
							<a href="system_certmanager.php?act=key&id=<?=$i;?>">
962
								<img src="/themes/<?= $g['theme'];?>/images/icons/icon_down.gif" title="<?=gettext("export key");?>" alt="<?=gettext("export ca");?>" width="17" height="17" border="0" />
963
							</a>
964
							<?php	if (!cert_in_use($cert['refid'])): ?>
965
							<a href="system_certmanager.php?act=del&id=<?=$i;?>" onClick="return confirm('<?=gettext("Do you really want to delete this Certificate?");?>')">
966
								<img src="/themes/<?= $g['theme'];?>/images/icons/icon_x.gif" title="<?=gettext("delete cert");?>" alt="<?=gettext("delete cert");?>" width="17" height="17" border="0" />
967
							</a>
968
							<?php	endif; ?>
969
							<?php	if ($cert['csr']): ?>
970
							&nbsp;
971
								<a href="system_certmanager.php?act=csr&id=<?=$i;?>">
972
								<img src="/themes/<?= $g['theme'];?>/images/icons/icon_e.gif" title="<?=gettext("update csr");?>" alt="<?=gettext("update csr");?>" width="17" height="17" border="0" />
973
							</a>
974
							<?php	endif; ?>
975
						</td>
976
					</tr>
977
					<?php
978
							$i++;
979
						endforeach;
980
					?>
981
					<tr>
982
						<td class="list" colspan="4"></td>
983
						<td class="list">
984
							<a href="system_certmanager.php?act=new">
985
								<img src="/themes/<?= $g['theme'];?>/images/icons/icon_plus.gif" title="<?=gettext("add or import ca");?>" alt="<?=gettext("add ca");?>" width="17" height="17" border="0" />
986
							</a>
987
						</td>
988
					</tr>
989
					<tr>
990
						<td>&nbsp;</td>
991
						<td colspan="3"><?=gettext("Note: You can only delete a certificate if it is not currently in use.");?></td>
992
					</tr>
993
				</table>
994

    
995
				<?php endif; ?>
996

    
997
			</div>
998
		</td>
999
	</tr>
1000
</table>
1001
<?php include("fend.inc");?>
1002
<script type="text/javascript">
1003
<!--
1004

    
1005
method_change();
1006
internalca_change();
1007

    
1008
//-->
1009
</script>
1010

    
1011
</body>
(196-196/238)