Project

General

Profile

Download (8.14 KB) Statistics
| Branch: | Tag: | Revision:
1
<?php
2
/*
3
    system_usermanager_addcert.php
4

    
5
    Copyright (C) 2008 Shrew Soft Inc.
6
    All rights reserved.
7

    
8
    Redistribution and use in source and binary forms, with or without
9
    modification, are permitted provided that the following conditions are met:
10

    
11
    1. Redistributions of source code must retain the above copyright notice,
12
       this list of conditions and the following disclaimer.
13

    
14
    2. Redistributions in binary form must reproduce the above copyright
15
       notice, this list of conditions and the following disclaimer in the
16
       documentation and/or other materials provided with the distribution.
17

    
18
    THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
19
    INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
20
    AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
21
    AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
22
    OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
23
    SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
24
    INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
25
    CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
26
    ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
27
    POSSIBILITY OF SUCH DAMAGE.
28
*/
29
/*
30
	pfSense_MODULE:	certificate_manager
31
*/
32

    
33
##|+PRIV
34
##|*IDENT=page-system-usermanager_addcert
35
##|*NAME=System: User Manager: Add Certificate
36
##|*DESCR=Allow access to the 'User Manager: Add Certificate' page.
37
##|*MATCH=system_usermanager_addcert.php*
38
##|-PRIV
39

    
40
require("guiconfig.inc");
41
require_once("certs.inc");
42

    
43
$cert_keylens = array( "512", "1024", "2048", "4096");
44

    
45
$pgtitle = array("System", "User Manager: Add Certificate");
46

    
47
$userid = $_GET['userid'];
48
if (isset($_POST['userid']))
49
	$userid = $_POST['userid'];
50

    
51
if (!is_array($config['system']['user']))
52
	$config['system']['user'] = array();
53

    
54
$a_user =& $config['system']['user'];
55

    
56
if (!is_array($config['system']['ca']))
57
	$config['system']['ca'] = array();
58

    
59
$a_ca =& $config['system']['ca'];
60

    
61
$internal_ca_count = 0;
62
foreach ($a_ca as $ca)
63
	if ($ca['prv'])	
64
		$internal_ca_count++;
65

    
66
if ($_GET) {
67
	$pconfig['keylen'] = "2048";
68
	$pconfig['lifetime'] = "365";
69
}
70

    
71
if ($_POST) {
72
	conf_mount_rw();
73
	
74
	unset($input_errors);
75
	$pconfig = $_POST;
76

    
77
	/* input validation */
78
	if ($pconfig['method'] == "existing") {
79
		$reqdfields = explode(" ",
80
				"name cert key");
81
		$reqdfieldsn = explode(",",
82
				"Descriptive name,Certificate data,Key data");
83
	}
84

    
85
	if ($pconfig['method'] == "internal") {
86
		$reqdfields = explode(" ",
87
				"name caref keylen lifetime");
88
		$reqdfieldsn = explode(",",
89
				"Descriptive name,Certificate authority,Key length,Lifetime");
90
	}
91

    
92
	do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
93

    
94
	$ca = lookup_ca($pconfig['caref']);
95
	if (!$ca)
96
		$input_errors[] = "Invalid internal Certificate Authority\n";
97

    
98
	/* if this is an AJAX caller then handle via JSON */
99
	if (isAjax() && is_array($input_errors)) {
100
		input_errors2Ajax($input_errors);
101
		conf_mount_ro();
102
		exit;
103
	}
104

    
105
	/* save modifications */
106
	if (!$input_errors) {
107

    
108
		$cert = array();
109
		if (!is_array($a_user[$userid]['cert']))
110
			$a_user[$userid]['cert'] = array();
111

    
112
	    $cert['name'] = $pconfig['name'];
113

    
114
		$subject = cert_get_subject_array($ca['crt']);
115

    
116
		$dn = array(
117
			'countryName' => $subject[0]['v'],
118
			'stateOrProvinceName' => $subject[1]['v'],
119
			'localityName' => $subject[2]['v'],
120
			'organizationName' => $subject[3]['v'],
121
			'emailAddress' => $subject[4]['v'],
122
			'commonName' => $a_user[$userid]['name']);
123

    
124
		cert_create($cert, $pconfig['caref'], $pconfig['keylen'],
125
			$pconfig['lifetime'], $dn);
126

    
127
		$a_user[$userid]['cert'][] = $cert;
128

    
129
		write_config();
130

    
131
		conf_mount_ro();
132
		
133
		pfSenseHeader("system_usermanager.php?act=edit&id={$userid}");
134
	}
135
}
136

    
137
include("head.inc");
138
?>
139

    
140
<body link="#000000" vlink="#000000" alink="#000000" onload="<?= $jsevents["body"]["onload"] ?>">
141
<?php include("fbegin.inc"); ?>
142
<script type="text/javascript">
143
<!--
144

    
145
<?php if ($internal_ca_count): ?>
146
function internalca_change() {
147

    
148
	index = document.iform.caref.selectedIndex;
149
	caref = document.iform.caref[index].value;
150

    
151
	switch (caref) {
152
<?php
153
		foreach ($a_ca as $ca):
154
			if (!$ca['prv'])
155
				continue;
156
			$subject = cert_get_subject_array($ca['crt']);
157
?>
158
		case "<?=$ca['refid'];?>":
159
			document.iform.dn_country.value = "<?=$subject[0]['v'];?>";
160
			document.iform.dn_state.value = "<?=$subject[1]['v'];?>";
161
			document.iform.dn_city.value = "<?=$subject[2]['v'];?>";
162
			document.iform.dn_organization.value = "<?=$subject[3]['v'];?>";
163
			break;
164
<?php	endforeach; ?>
165
	}
166
}
167
<?php endif; ?>
168

    
169
//-->
170
</script>
171
<?php
172
	if ($input_errors)
173
		print_input_errors($input_errors);
174
	if ($savemsg)
175
		print_info_box($savemsg);
176
?>
177
<table width="100%" border="0" cellpadding="0" cellspacing="0">
178
	<tr>
179
		<td>
180
		<?php
181
			$tab_array = array();
182
			$tab_array[] = array(gettext("Users"), true, "system_usermanager.php");
183
			$tab_array[] = array(gettext("Groups"), false, "system_groupmanager.php");
184
			$tab_array[] = array(gettext("Settings"), false, "system_usermanager_settings.php");
185
			$tab_array[] = array(gettext("Servers"), false, "system_authservers.php");
186
			display_top_tabs($tab_array);
187
		?>
188
		</td>
189
	</tr>
190
	<tr>
191
		<td id="mainarea">
192
			<div class="tabcont">
193
				<form action="system_usermanager_addcert.php" method="post" name="iform" id="iform">
194
					<table width="100%" border="0" cellpadding="6" cellspacing="0">
195

    
196
						<?php if (!$internal_ca_count): ?>
197

    
198
						<tr>
199
							<td colspan="2" align="center" class="vtable">
200
								No internal Certificate Authorities have been defined. You must
201
								<a href="system_camanager.php?act=new&method=internal">create</a>
202
								an internal CA before creating an internal certificate.
203
							</td>
204
						</tr>
205

    
206
						<?php else: ?>
207

    
208
						<tr>
209
							<td width="22%" valign="top" class="vncellreq"><?=gettext("Descriptive name");?></td>
210
							<td width="78%" class="vtable">
211
								<input name="name" type="text" class="formfld unknown" id="name" size="20" value="<?=htmlspecialchars($pconfig['name']);?>"/>
212
							</td>
213
						</tr>
214
						<tr>
215
							<td width="22%" valign="top" class="vncellreq"><?=gettext("Certificate authority");?></td>
216
							<td width="78%" class="vtable">
217
								<select name='caref' id='caref' class="formselect" onChange='internalca_change()'>
218
								<?php
219
									foreach( $a_ca as $ca):
220
									if (!$ca['prv'])
221
										continue;
222
									$selected = "";
223
									if ($pconfig['caref'] == $ca['refid'])
224
										$selected = "selected";
225
								?>
226
									<option value="<?=$ca['refid'];?>"<?=$selected;?>><?=$ca['name'];?></option>
227
								<?php endforeach; ?>
228
								</select>
229
							</td>
230
						</tr>
231
						<tr>
232
							<td width="22%" valign="top" class="vncellreq"><?=gettext("Key length");?></td>
233
							<td width="78%" class="vtable">
234
								<select name='keylen' class="formselect">
235
								<?php
236
									foreach( $cert_keylens as $len):
237
									$selected = "";
238
									if ($pconfig['keylen'] == $len)
239
										$selected = "selected";
240
								?>
241
									<option value="<?=$len;?>"<?=$selected;?>><?=$len;?></option>
242
								<?php endforeach; ?>
243
								</select>
244
								bits
245
							</td>
246
						</tr>
247
						<tr>
248
							<td width="22%" valign="top" class="vncellreq"><?=gettext("Lifetime");?></td>
249
							<td width="78%" class="vtable">
250
								<input name="lifetime" type="text" class="formfld unknown" id="lifetime" size="5" value="<?=htmlspecialchars($pconfig['lifetime']);?>"/>
251
								days
252
							</td>
253
						</tr>
254

    
255
						<?php endif; ?>
256

    
257
						<tr>
258
							<td width="22%" valign="top">&nbsp;</td>
259
							<td width="78%">
260
								<?php if ($internal_ca_count): ?>
261
								<input id="submit" name="save" type="submit" class="formbtn" value="Save" />
262
								<input id="cancelbutton" class="formbtn" type="button" value="<?=gettext("Cancel");?>" onclick="history.back()" />
263
								<?php endif; ?>
264
								<?php if (isset($userid) && $a_user[$userid]): ?>
265
								<input name="userid" type="hidden" value="<?=$userid;?>" />
266
								<?php endif;?>
267
							</td>
268
						</tr>
269
					</table>
270
				</form>
271
			</div>
272
		</td>
273
	</tr>
274
</table>
275
<?php include("fend.inc");?>
276
<script type="text/javascript">
277
<!--
278

    
279
internalca_change();
280

    
281
//-->
282
</script>
283

    
284
</body>
(191-191/216)