Project

General

Profile

« Previous | Next » 

Revision 6dc88d53

Added by Ermal Luçi almost 16 years ago

  • Move functions that output html to guiconfig.inc
  • Remove some recursive dependency on some includes
  • Remove ^M or \r from files
  • Remove some entries from functions.inc to avoid including them twice
  • Remove some unneccessary includes from some files

NOTE: There is some more work to be done for pkg-utils.inc to be removed from backend as a dependency.

View differences:

etc/inc/certs.inc
1
<?php
2
/* $Id$ */
3
/*
4
		Copyright (C) 2008 Shrew Soft Inc
5
		All rights reserved.
6

  
7
        Redistribution and use in source and binary forms, with or without
8
        modification, are permitted provided that the following conditions are met:
9

  
10
        1. Redistributions of source code must retain the above copyright notice,
11
           this list of conditions and the following disclaimer.
12

  
13
        2. Redistributions in binary form must reproduce the above copyright
14
           notice, this list of conditions and the following disclaimer in the
15
           documentation and/or other materials provided with the distribution.
16

  
17
        THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
18
        INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
19
        AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
20
        AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
21
        OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
22
        SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
23
        INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
24
        CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
25
        ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
26
        POSSIBILITY OF SUCH DAMAGE.
27

  
28
		DISABLE_PHP_LINT_CHECKING
29
*/
30

  
31
require_once("functions.inc");
32

  
33
function & lookup_ca($refid) {
34
	global $config;
35

  
36
	if (is_array($config['system']['ca']))
37
		foreach ($config['system']['ca'] as & $ca)
38
			if ($ca['refid'] == $refid)
39
				return $ca;
40

  
41
	return false;
42
}
43

  
44
function & lookup_cert($refid) {
45
	global $config;
46

  
47
	if (is_array($config['system']['cert']))
48
		foreach ($config['system']['cert'] as & $cert)
49
			if ($cert['refid'] == $refid)
50
				return $cert;
51

  
52
	return false;
53
}
54

  
55
function ca_import(& $ca, $str) {
56

  
57
	$ca['crt'] = base64_encode($str);
58

  
59
	return true;
60
}
61

  
62
function ca_create(& $ca, $keylen, $lifetime, $dn) {
63

  
64
	$args = array(
65
		"digest_alg" => "sha1",
66
		"private_key_bits" => $keylen,
67
		"private_key_type" => OPENSSL_KEYTYPE_RSA,
68
		"encrypt_key" => false);
69

  
70
	// generate a new key pair
71
	$res_key = openssl_pkey_new();
72

  
73
	// generate a certificate signing request
74
	$res_csr = openssl_csr_new($dn, $res_key, $args);
75

  
76
	// self sign the certificate
77
	$res_crt = openssl_csr_sign($res_csr, null, $res_key, $lifetime, $args);
78

  
79
	// export our certificate data
80
	openssl_pkey_export($res_key, $str_key);
81
	openssl_x509_export($res_crt, $str_crt);
82

  
83
	// return our ca information
84
	$ca['crt'] = base64_encode($str_crt);
85
	$ca['prv'] = base64_encode($str_key);
86
	$ca['serial'] = 0;
87

  
88
	return true;
89
}
90

  
91
function cert_import(& $cert, $crt_str, $key_str) {
92

  
93
	$cert['crt'] = base64_encode($crt_str);
94
	$cert['prv'] = base64_encode($key_str);
95

  
96
	return true;
97
}
98

  
99
function cert_create(& $cert, $caref, $keylen, $lifetime, $dn) {
100

  
101
	$ca =& lookup_ca($caref);
102
	if (!$ca)
103
		return false;
104

  
105
	$ca_str_crt = base64_decode($ca['crt']);
106
	$ca_str_key = base64_decode($ca['prv']);
107
	$ca_res_crt = openssl_x509_read($ca_str_crt);
108
	$ca_res_key = openssl_pkey_get_private($ca_str_key);
109
	$ca_serial = $ca['serial']++;
110

  
111
	$args = array(
112
		"digest_alg" => "sha1",
113
		"private_key_bits" => $keylen,
114
		"private_key_type" => OPENSSL_KEYTYPE_RSA,
115
		"encrypt_key" => false);
116

  
117
	// generate a new key pair
118
	$res_key = openssl_pkey_new();
119

  
120
	// generate a certificate signing request
121
	$res_csr = openssl_csr_new($dn, $res_key, $args);
122

  
123
	// self sign the certificate
124
	$res_crt = openssl_csr_sign($res_csr, $ca_res_crt, $ca_res_key, $lifetime,
125
				 $args, $ca_serial);
126

  
127
	// export our certificate data
128
	openssl_pkey_export($res_key, $str_key);
129
	openssl_x509_export($res_crt, $str_crt);
130

  
131
	// return our certificate information
132
	$cert['caref'] = $caref;
133
	$cert['crt'] = base64_encode($str_crt);
134
	$cert['prv'] = base64_encode($str_key);
135

  
136
	return true;
137
}
138

  
139
function csr_generate(& $cert, $keylen, $dn) {
140

  
141
	$args = array(
142
		"digest_alg" => "sha1",
143
		"private_key_bits" => $keylen,
144
		"private_key_type" => OPENSSL_KEYTYPE_RSA,
145
		"encrypt_key" => false);
146

  
147
	// generate a new key pair
148
	$res_key = openssl_pkey_new();
149

  
150
	// generate a certificate signing request
151
	$res_csr = openssl_csr_new($dn, $res_key, $args);
152

  
153
	// export our request data
154
	openssl_pkey_export($res_key, $str_key);
155
	openssl_csr_export($res_csr, $str_csr);
156

  
157
	// return our request information
158
	$cert['csr'] = base64_encode($str_csr);
159
	$cert['prv'] = base64_encode($str_key);
160

  
161
	return true;
162
}
163

  
164
function csr_complete(& $cert, $str_crt) {
165

  
166
	// return our request information
167
	$cert['crt'] = base64_encode($str_crt);
168
	unset($cert['csr']);
169

  
170
	return true;
171
}
172

  
173
function csr_get_subject($str_crt, $decode = true) {
174

  
175
	if ($decode)
176
		$str_crt = base64_decode($str_crt);
177

  
178
	$components = openssl_csr_get_subject($str_crt);
179

  
180
	if (!is_array($components))
181
		return "unknown";
182

  
183
	foreach ($components as $a => $v) {
184
		if (!strlen($subject))
185
			$subject = "{$a}={$v}";
186
		else
187
			$subject = "{$a}={$v}, {$subject}";
188
	}
189

  
190
	return $subject;
191
}
192

  
193
function cert_get_subject($str_crt, $decode = true) {
194

  
195
	if ($decode)
196
		$str_crt = base64_decode($str_crt);
197

  
198
	$inf_crt = openssl_x509_parse($str_crt);
199
	$components = $inf_crt['subject'];
200

  
201
	if (!is_array($components))
202
		return "unknown";
203

  
204
	foreach ($components as $a => $v) {
205
		if (!strlen($subject))
206
			$subject = "{$a}={$v}";
207
		else
208
			$subject = "{$a}={$v}, {$subject}";
209
	}
210

  
211
	return $subject;
212
}
213

  
214
function cert_get_subject_array($crt) {
215
	$str_crt = base64_decode($crt);
216
	$inf_crt = openssl_x509_parse($str_crt);
217
	$components = $inf_crt['subject'];
218
	$subject_array = array();
219

  
220
	foreach($components as $a => $v)
221
		$subject_array[] = array('a' => $a, 'v' => $v);
222

  
223
	return $subject_array;
224
}
225

  
226
?>
1
<?php
2
/* $Id$ */
3
/*
4
		Copyright (C) 2008 Shrew Soft Inc
5
		All rights reserved.
6

  
7
        Redistribution and use in source and binary forms, with or without
8
        modification, are permitted provided that the following conditions are met:
9

  
10
        1. Redistributions of source code must retain the above copyright notice,
11
           this list of conditions and the following disclaimer.
12

  
13
        2. Redistributions in binary form must reproduce the above copyright
14
           notice, this list of conditions and the following disclaimer in the
15
           documentation and/or other materials provided with the distribution.
16

  
17
        THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
18
        INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
19
        AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
20
        AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
21
        OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
22
        SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
23
        INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
24
        CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
25
        ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
26
        POSSIBILITY OF SUCH DAMAGE.
27

  
28
		DISABLE_PHP_LINT_CHECKING
29
*/
30

  
31
function & lookup_ca($refid) {
32
	global $config;
33

  
34
	if (is_array($config['system']['ca']))
35
		foreach ($config['system']['ca'] as & $ca)
36
			if ($ca['refid'] == $refid)
37
				return $ca;
38

  
39
	return false;
40
}
41

  
42
function & lookup_cert($refid) {
43
	global $config;
44

  
45
	if (is_array($config['system']['cert']))
46
		foreach ($config['system']['cert'] as & $cert)
47
			if ($cert['refid'] == $refid)
48
				return $cert;
49

  
50
	return false;
51
}
52

  
53
function ca_import(& $ca, $str) {
54

  
55
	$ca['crt'] = base64_encode($str);
56

  
57
	return true;
58
}
59

  
60
function ca_create(& $ca, $keylen, $lifetime, $dn) {
61

  
62
	$args = array(
63
		"digest_alg" => "sha1",
64
		"private_key_bits" => $keylen,
65
		"private_key_type" => OPENSSL_KEYTYPE_RSA,
66
		"encrypt_key" => false);
67

  
68
	// generate a new key pair
69
	$res_key = openssl_pkey_new();
70

  
71
	// generate a certificate signing request
72
	$res_csr = openssl_csr_new($dn, $res_key, $args);
73

  
74
	// self sign the certificate
75
	$res_crt = openssl_csr_sign($res_csr, null, $res_key, $lifetime, $args);
76

  
77
	// export our certificate data
78
	openssl_pkey_export($res_key, $str_key);
79
	openssl_x509_export($res_crt, $str_crt);
80

  
81
	// return our ca information
82
	$ca['crt'] = base64_encode($str_crt);
83
	$ca['prv'] = base64_encode($str_key);
84
	$ca['serial'] = 0;
85

  
86
	return true;
87
}
88

  
89
function cert_import(& $cert, $crt_str, $key_str) {
90

  
91
	$cert['crt'] = base64_encode($crt_str);
92
	$cert['prv'] = base64_encode($key_str);
93

  
94
	return true;
95
}
96

  
97
function cert_create(& $cert, $caref, $keylen, $lifetime, $dn) {
98

  
99
	$ca =& lookup_ca($caref);
100
	if (!$ca)
101
		return false;
102

  
103
	$ca_str_crt = base64_decode($ca['crt']);
104
	$ca_str_key = base64_decode($ca['prv']);
105
	$ca_res_crt = openssl_x509_read($ca_str_crt);
106
	$ca_res_key = openssl_pkey_get_private($ca_str_key);
107
	$ca_serial = $ca['serial']++;
108

  
109
	$args = array(
110
		"digest_alg" => "sha1",
111
		"private_key_bits" => $keylen,
112
		"private_key_type" => OPENSSL_KEYTYPE_RSA,
113
		"encrypt_key" => false);
114

  
115
	// generate a new key pair
116
	$res_key = openssl_pkey_new();
117

  
118
	// generate a certificate signing request
119
	$res_csr = openssl_csr_new($dn, $res_key, $args);
120

  
121
	// self sign the certificate
122
	$res_crt = openssl_csr_sign($res_csr, $ca_res_crt, $ca_res_key, $lifetime,
123
				 $args, $ca_serial);
124

  
125
	// export our certificate data
126
	openssl_pkey_export($res_key, $str_key);
127
	openssl_x509_export($res_crt, $str_crt);
128

  
129
	// return our certificate information
130
	$cert['caref'] = $caref;
131
	$cert['crt'] = base64_encode($str_crt);
132
	$cert['prv'] = base64_encode($str_key);
133

  
134
	return true;
135
}
136

  
137
function csr_generate(& $cert, $keylen, $dn) {
138

  
139
	$args = array(
140
		"digest_alg" => "sha1",
141
		"private_key_bits" => $keylen,
142
		"private_key_type" => OPENSSL_KEYTYPE_RSA,
143
		"encrypt_key" => false);
144

  
145
	// generate a new key pair
146
	$res_key = openssl_pkey_new();
147

  
148
	// generate a certificate signing request
149
	$res_csr = openssl_csr_new($dn, $res_key, $args);
150

  
151
	// export our request data
152
	openssl_pkey_export($res_key, $str_key);
153
	openssl_csr_export($res_csr, $str_csr);
154

  
155
	// return our request information
156
	$cert['csr'] = base64_encode($str_csr);
157
	$cert['prv'] = base64_encode($str_key);
158

  
159
	return true;
160
}
161

  
162
function csr_complete(& $cert, $str_crt) {
163

  
164
	// return our request information
165
	$cert['crt'] = base64_encode($str_crt);
166
	unset($cert['csr']);
167

  
168
	return true;
169
}
170

  
171
function csr_get_subject($str_crt, $decode = true) {
172

  
173
	if ($decode)
174
		$str_crt = base64_decode($str_crt);
175

  
176
	$components = openssl_csr_get_subject($str_crt);
177

  
178
	if (!is_array($components))
179
		return "unknown";
180

  
181
	foreach ($components as $a => $v) {
182
		if (!strlen($subject))
183
			$subject = "{$a}={$v}";
184
		else
185
			$subject = "{$a}={$v}, {$subject}";
186
	}
187

  
188
	return $subject;
189
}
190

  
191
function cert_get_subject($str_crt, $decode = true) {
192

  
193
	if ($decode)
194
		$str_crt = base64_decode($str_crt);
195

  
196
	$inf_crt = openssl_x509_parse($str_crt);
197
	$components = $inf_crt['subject'];
198

  
199
	if (!is_array($components))
200
		return "unknown";
201

  
202
	foreach ($components as $a => $v) {
203
		if (!strlen($subject))
204
			$subject = "{$a}={$v}";
205
		else
206
			$subject = "{$a}={$v}, {$subject}";
207
	}
208

  
209
	return $subject;
210
}
211

  
212
function cert_get_subject_array($crt) {
213
	$str_crt = base64_decode($crt);
214
	$inf_crt = openssl_x509_parse($str_crt);
215
	$components = $inf_crt['subject'];
216
	$subject_array = array();
217

  
218
	foreach($components as $a => $v)
219
		$subject_array[] = array('a' => $a, 'v' => $v);
220

  
221
	return $subject_array;
222
}
223

  
224
?>

Also available in: Unified diff