/src/usr/local/www/system_camanager.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/src/usr/local/www/system_camanager.php @ 7847e55f

1	64cc39d3	Matthew Grooms	<?php
2			/*
3	c5d81585	Renato Botelho	* system_camanager.php
4	f74457df	Stephen Beaver	*
5	c5d81585	Renato Botelho	* part of pfSense (https://www.pfsense.org)
6	0b4c14a4	Steve Beaver	* Copyright (c) 2004-2019 Rubicon Communications, LLC (Netgate)
7	c5d81585	Renato Botelho	* Copyright (c) 2008 Shrew Soft Inc
8			* All rights reserved.
9	f74457df	Stephen Beaver	*
10	b12ea3fb	Renato Botelho	* Licensed under the Apache License, Version 2.0 (the "License");
11			* you may not use this file except in compliance with the License.
12			* You may obtain a copy of the License at
13	f74457df	Stephen Beaver	*
14	b12ea3fb	Renato Botelho	* http://www.apache.org/licenses/LICENSE-2.0
15	f74457df	Stephen Beaver	*
16	b12ea3fb	Renato Botelho	* Unless required by applicable law or agreed to in writing, software
17			* distributed under the License is distributed on an "AS IS" BASIS,
18			* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
19			* See the License for the specific language governing permissions and
20			* limitations under the License.
21	f74457df	Stephen Beaver	*/
22	64cc39d3	Matthew Grooms
23			##\|+PRIV
24			##\|*IDENT=page-system-camanager
25			##\|*NAME=System: CA Manager
26			##\|*DESCR=Allow access to the 'System: CA Manager' page.
27			##\|MATCH=system_camanager.php
28			##\|-PRIV
29
30	c81ef6e2	Phil Davis	require_once("guiconfig.inc");
31	742d9c2d	Ermal Lu?i	require_once("certs.inc");
32	afb7b75e	doktornotor	require_once("pfsense-utils.inc");
33	64cc39d3	Matthew Grooms
34			$ca_methods = array(
35	95c8cf48	Evgeny Yurchenko	"internal" => gettext("Create an internal Certificate Authority"),
36	b0a5c280	jim-p	"existing" => gettext("Import an existing Certificate Authority"),
37	95c8cf48	Evgeny Yurchenko	"intermediate" => gettext("Create an intermediate Certificate Authority"));
38	64cc39d3	Matthew Grooms
39	36cfae5f	Justin Coffman	$ca_keylens = array("1024", "2048", "3072", "4096", "6144", "7680", "8192", "15360", "16384");
40	84141846	jim-p	global $openssl_digest_algs;
41	64cc39d3	Matthew Grooms
42	4611e283	Steve Beaver	if (isset($_REQUEST['id']) && is_numericint($_REQUEST['id'])) {
43			$id = $_REQUEST['id'];
44	56b1ed39	Phil Davis	}
45	64cc39d3	Matthew Grooms
46	c6c398c6	jim-p	init_config_arr(array('ca'));
47			$a_ca = &$config['ca'];
48	64cc39d3	Matthew Grooms
49	c6c398c6	jim-p	init_config_arr(array('cert'));
50			$a_cert = &$config['cert'];
51	461aa9d0	jim-p
52	c6c398c6	jim-p	init_config_arr(array('crl'));
53			$a_crl = &$config['crl'];
54	461aa9d0	jim-p
55	4611e283	Steve Beaver	if ($_REQUEST['act']) {
56			$act = $_REQUEST['act'];
57	56b1ed39	Phil Davis	}
58	64cc39d3	Matthew Grooms
59	4611e283	Steve Beaver	if ($_POST['act'] == "del") {
60	64cc39d3	Matthew Grooms
61	40e6086a	jim-p	if (!isset($a_ca[$id])) {
62	64cc39d3	Matthew Grooms	pfSenseHeader("system_camanager.php");
63			exit;
64			}
65
66	80080a0c	jim-p	/* Only remove CA reference when deleting. It can be reconnected if a new matching CA is imported */
67	64cc39d3	Matthew Grooms	$index = count($a_cert) - 1;
68	56b1ed39	Phil Davis	for (;$index >= 0; $index--) {
69			if ($a_cert[$index]['caref'] == $a_ca[$id]['refid']) {
70	80080a0c	jim-p	unset($a_cert[$index]['caref']);
71	56b1ed39	Phil Davis	}
72			}
73	64cc39d3	Matthew Grooms
74	80080a0c	jim-p	/* Remove any CRLs for this CA, there is no way to recover the connection once the CA has been removed. */
75	461aa9d0	jim-p	$index = count($a_crl) - 1;
76	56b1ed39	Phil Davis	for (;$index >= 0; $index--) {
77			if ($a_crl[$index]['caref'] == $a_ca[$id]['refid']) {
78	461aa9d0	jim-p	unset($a_crl[$index]);
79	56b1ed39	Phil Davis	}
80			}
81	461aa9d0	jim-p
82	f2a86ca9	jim-p	$name = $a_ca[$id]['descr'];
83	64cc39d3	Matthew Grooms	unset($a_ca[$id]);
84			write_config();
85	8545adde	k-paulius	$savemsg = sprintf(gettext("Certificate Authority %s and its CRLs (if any) successfully deleted."), htmlspecialchars($name));
86	2f51259b	jim-p	pfSenseHeader("system_camanager.php");
87			exit;
88	64cc39d3	Matthew Grooms	}
89
90	bfa992bc	jim-p	if ($act == "edit") {
91			if (!$a_ca[$id]) {
92			pfSenseHeader("system_camanager.php");
93			exit;
94			}
95	3319f34d	luckman212	$pconfig['method'] = 'existing';
96	bfa992bc	jim-p	$pconfig['descr'] = $a_ca[$id]['descr'];
97			$pconfig['refid'] = $a_ca[$id]['refid'];
98			$pconfig['cert'] = base64_decode($a_ca[$id]['crt']);
99			$pconfig['serial'] = $a_ca[$id]['serial'];
100	56b1ed39	Phil Davis	if (!empty($a_ca[$id]['prv'])) {
101	bfa992bc	jim-p	$pconfig['key'] = base64_decode($a_ca[$id]['prv']);
102	56b1ed39	Phil Davis	}
103	bfa992bc	jim-p	}
104
105	64cc39d3	Matthew Grooms	if ($act == "new") {
106	d565c182	Steve Beaver	$pconfig['method'] = $_POST['method'];
107	64cc39d3	Matthew Grooms	$pconfig['keylen'] = "2048";
108	28a20fdb	jim-p	$pconfig['digest_alg'] = "sha256";
109	cf360495	Chris Buechler	$pconfig['lifetime'] = "3650";
110	64cc39d3	Matthew Grooms	$pconfig['dn_commonname'] = "internal-ca";
111			}
112
113	93823b10	Matthew Grooms	if ($act == "exp") {
114
115			if (!$a_ca[$id]) {
116			pfSenseHeader("system_camanager.php");
117			exit;
118			}
119
120	f2a86ca9	jim-p	$exp_name = urlencode("{$a_ca[$id]['descr']}.crt");
121	93823b10	Matthew Grooms	$exp_data = base64_decode($a_ca[$id]['crt']);
122			$exp_size = strlen($exp_data);
123
124			header("Content-Type: application/octet-stream");
125			header("Content-Disposition: attachment; filename={$exp_name}");
126			header("Content-Length: $exp_size");
127			echo $exp_data;
128			exit;
129			}
130
131	ecefc738	jim-p	if ($act == "expkey") {
132
133			if (!$a_ca[$id]) {
134			pfSenseHeader("system_camanager.php");
135			exit;
136			}
137
138	f2a86ca9	jim-p	$exp_name = urlencode("{$a_ca[$id]['descr']}.key");
139	ecefc738	jim-p	$exp_data = base64_decode($a_ca[$id]['prv']);
140			$exp_size = strlen($exp_data);
141
142			header("Content-Type: application/octet-stream");
143			header("Content-Disposition: attachment; filename={$exp_name}");
144			header("Content-Length: $exp_size");
145			echo $exp_data;
146			exit;
147			}
148
149	1355f71c	Steve Beaver	if ($_POST['save']) {
150	64cc39d3	Matthew Grooms
151	95c8cf48	Evgeny Yurchenko	unset($input_errors);
152	2b8bfda4	Phil Davis	$input_errors = array();
153	64cc39d3	Matthew Grooms	$pconfig = $_POST;
154
155			/* input validation */
156			if ($pconfig['method'] == "existing") {
157	5293bfec	jim-p	$reqdfields = explode(" ", "descr cert");
158	38fb1109	Vinicius Coque	$reqdfieldsn = array(
159	56b1ed39	Phil Davis	gettext("Descriptive name"),
160			gettext("Certificate data"));
161			if ($_POST['cert'] && (!strstr($_POST['cert'], "BEGIN CERTIFICATE") \|\| !strstr($_POST['cert'], "END CERTIFICATE"))) {
162	396cfe2e	jim-p	$input_errors[] = gettext("This certificate does not appear to be valid.");
163	56b1ed39	Phil Davis	}
164			if ($_POST['key'] && strstr($_POST['key'], "ENCRYPTED")) {
165	46698c3f	jim-p	$input_errors[] = gettext("Encrypted private keys are not yet supported.");
166	56b1ed39	Phil Davis	}
167	1746c5ce	PiBa-NL	if (!$input_errors && !empty($_POST['key']) && cert_get_publickey($_POST['cert'], false) != cert_get_publickey($_POST['key'], false, 'prv')) {
168	2cf5db21	jim-p	$input_errors[] = gettext("The submitted private key does not match the submitted certificate data.");
169			}
170	9e608d7a	jim-p	/* we must ensure the certificate is capable of acting as a CA
171			* https://redmine.pfsense.org/issues/7885
172			*/
173			if (!$input_errors) {
174			$purpose = cert_get_purpose($_POST['cert'], false);
175			if ($purpose['ca'] != 'Yes') {
176			$input_errors[] = gettext("The submitted certificate does not appear to be a Certificate Authority, import it on the Certificates tab instead.");
177			}
178			}
179	64cc39d3	Matthew Grooms	}
180			if ($pconfig['method'] == "internal") {
181			$reqdfields = explode(" ",
182	80d50253	jim-p	"descr keylen lifetime dn_commonname");
183	38fb1109	Vinicius Coque	$reqdfieldsn = array(
184	56b1ed39	Phil Davis	gettext("Descriptive name"),
185			gettext("Key length"),
186			gettext("Lifetime"),
187			gettext("Distinguished name Common Name"));
188	64cc39d3	Matthew Grooms	}
189	95c8cf48	Evgeny Yurchenko	if ($pconfig['method'] == "intermediate") {
190			$reqdfields = explode(" ",
191	80d50253	jim-p	"descr caref keylen lifetime dn_commonname");
192	95c8cf48	Evgeny Yurchenko	$reqdfieldsn = array(
193	56b1ed39	Phil Davis	gettext("Descriptive name"),
194			gettext("Signing Certificate Authority"),
195			gettext("Key length"),
196			gettext("Lifetime"),
197			gettext("Distinguished name Common Name"));
198	95c8cf48	Evgeny Yurchenko	}
199	64cc39d3	Matthew Grooms
200	1e9b4611	Renato Botelho	do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors);
201	ca621902	jim-p	if ($pconfig['method'] != "existing") {
202	21cc2faa	Evgeny Yurchenko	/* Make sure we do not have invalid characters in the fields for the certificate */
203	b75cdd94	jim-p	if (preg_match("/[\?\>\<\&\/\\\"\']/", $_POST['descr'])) {
204	762faef5	Phil Davis	array_push($input_errors, gettext("The field 'Descriptive Name' contains invalid characters."));
205	b75cdd94	jim-p	}
206	56b1ed39	Phil Davis	if (!in_array($_POST["keylen"], $ca_keylens)) {
207	ca621902	jim-p	array_push($input_errors, gettext("Please select a valid Key Length."));
208	56b1ed39	Phil Davis	}
209			if (!in_array($_POST["digest_alg"], $openssl_digest_algs)) {
210	ca621902	jim-p	array_push($input_errors, gettext("Please select a valid Digest Algorithm."));
211	56b1ed39	Phil Davis	}
212	ca621902	jim-p	}
213	1d6f93c5	Stephen Beaver
214	64cc39d3	Matthew Grooms	/* save modifications */
215			if (!$input_errors) {
216			$ca = array();
217	56b1ed39	Phil Davis	if (!isset($pconfig['refid']) \|\| empty($pconfig['refid'])) {
218	bfa992bc	jim-p	$ca['refid'] = uniqid();
219	56b1ed39	Phil Davis	} else {
220	bfa992bc	jim-p	$ca['refid'] = $pconfig['refid'];
221	56b1ed39	Phil Davis	}
222	bfa992bc	jim-p
223	56b1ed39	Phil Davis	if (isset($id) && $a_ca[$id]) {
224	64cc39d3	Matthew Grooms	$ca = $a_ca[$id];
225	56b1ed39	Phil Davis	}
226	64cc39d3	Matthew Grooms
227	bfa992bc	jim-p	$ca['descr'] = $pconfig['descr'];
228
229	5d2edeca	Sjon Hortensius	if ($act == "edit") {
230	bfa992bc	jim-p	$ca['descr'] = $pconfig['descr'];
231			$ca['refid'] = $pconfig['refid'];
232			$ca['serial'] = $pconfig['serial'];
233	51583438	Stephen Beaver	$ca['crt'] = base64_encode($pconfig['cert']);
234	56b1ed39	Phil Davis	if (!empty($pconfig['key'])) {
235	51583438	Stephen Beaver	$ca['prv'] = base64_encode($pconfig['key']);
236	56b1ed39	Phil Davis	}
237	bfa992bc	jim-p	} else {
238	f416763b	Phil Davis	$old_err_level = error_reporting(0); /* otherwise openssl_ functions throw warnings directly to a page screwing menu tab */
239	56b1ed39	Phil Davis	if ($pconfig['method'] == "existing") {
240	bfa992bc	jim-p	ca_import($ca, $pconfig['cert'], $pconfig['key'], $pconfig['serial']);
241	56b1ed39	Phil Davis	} else if ($pconfig['method'] == "internal") {
242	80d50253	jim-p	$dn = array('commonName' => cert_escape_x509_chars($pconfig['dn_commonname']));
243			if (!empty($pconfig['dn_country'])) {
244			$dn['countryName'] = $pconfig['dn_country'];
245			}
246			if (!empty($pconfig['dn_state'])) {
247			$dn['stateOrProvinceName'] = cert_escape_x509_chars($pconfig['dn_state']);
248			}
249			if (!empty($pconfig['dn_city'])) {
250			$dn['localityName'] = cert_escape_x509_chars($pconfig['dn_city']);
251			}
252			if (!empty($pconfig['dn_organization'])) {
253			$dn['organizationName'] = cert_escape_x509_chars($pconfig['dn_organization']);
254			}
255	da0f70ed	jim-p	if (!empty($pconfig['dn_organizationalunit'])) {
256	83d2b83a	jim-p	$dn['organizationalUnitName'] = cert_escape_x509_chars($pconfig['dn_organizationalunit']);
257	da0f70ed	jim-p	}
258	56b1ed39	Phil Davis	if (!ca_create($ca, $pconfig['keylen'], $pconfig['lifetime'], $dn, $pconfig['digest_alg'])) {
259	5ce9bcf5	jim-p	$input_errors = array();
260	56b1ed39	Phil Davis	while ($ssl_err = openssl_error_string()) {
261	5ce9bcf5	jim-p	if (strpos($ssl_err, 'NCONF_get_string:no value') === false) {
262			array_push($input_errors, "openssl library returns: " . $ssl_err);
263			}
264	1b6d9fa5	Evgeny Yurchenko	}
265			}
266	78863416	Phil Davis	} else if ($pconfig['method'] == "intermediate") {
267	80d50253	jim-p	$dn = array('commonName' => cert_escape_x509_chars($pconfig['dn_commonname']));
268			if (!empty($pconfig['dn_country'])) {
269			$dn['countryName'] = $pconfig['dn_country'];
270			}
271			if (!empty($pconfig['dn_state'])) {
272			$dn['stateOrProvinceName'] = cert_escape_x509_chars($pconfig['dn_state']);
273			}
274			if (!empty($pconfig['dn_city'])) {
275			$dn['localityName'] = cert_escape_x509_chars($pconfig['dn_city']);
276			}
277			if (!empty($pconfig['dn_organization'])) {
278			$dn['organizationName'] = cert_escape_x509_chars($pconfig['dn_organization']);
279			}
280	da0f70ed	jim-p	if (!empty($pconfig['dn_organizationalunit'])) {
281	83d2b83a	jim-p	$dn['organizationalUnitName'] = cert_escape_x509_chars($pconfig['dn_organizationalunit']);
282	da0f70ed	jim-p	}
283	56b1ed39	Phil Davis	if (!ca_inter_create($ca, $pconfig['keylen'], $pconfig['lifetime'], $dn, $pconfig['caref'], $pconfig['digest_alg'])) {
284	5ce9bcf5	jim-p	$input_errors = array();
285	56b1ed39	Phil Davis	while ($ssl_err = openssl_error_string()) {
286	5ce9bcf5	jim-p	if (strpos($ssl_err, 'NCONF_get_string:no value') === false) {
287			array_push($input_errors, "openssl library returns: " . $ssl_err);
288			}
289	95c8cf48	Evgeny Yurchenko	}
290			}
291			}
292	1b6d9fa5	Evgeny Yurchenko	error_reporting($old_err_level);
293	64cc39d3	Matthew Grooms	}
294
295	56b1ed39	Phil Davis	if (isset($id) && $a_ca[$id]) {
296	64cc39d3	Matthew Grooms	$a_ca[$id] = $ca;
297	56b1ed39	Phil Davis	} else {
298	64cc39d3	Matthew Grooms	$a_ca[] = $ca;
299	56b1ed39	Phil Davis	}
300	64cc39d3	Matthew Grooms
301	56b1ed39	Phil Davis	if (!$input_errors) {
302	95c8cf48	Evgeny Yurchenko	write_config();
303	5ce9bcf5	jim-p	pfSenseHeader("system_camanager.php");
304	56b1ed39	Phil Davis	}
305	64cc39d3	Matthew Grooms	}
306			}
307
308	56c6b1cb	k-paulius	$pgtitle = array(gettext("System"), gettext("Certificate Manager"), gettext("CAs"));
309	edcd7535	Phil Davis	$pglinks = array("", "system_camanager.php", "system_camanager.php");
310	56c6b1cb	k-paulius
311			if ($act == "new" \|\| $act == "edit" \|\| $act == gettext("Save") \|\| $input_errors) {
312			$pgtitle[] = gettext('Edit');
313	edcd7535	Phil Davis	$pglinks[] = "@self";
314	56c6b1cb	k-paulius	}
315	64cc39d3	Matthew Grooms	include("head.inc");
316
317	78863416	Phil Davis	if ($input_errors) {
318	5d2edeca	Sjon Hortensius	print_input_errors($input_errors);
319	78863416	Phil Davis	}
320	b8f22f61	Stephen Beaver
321	78863416	Phil Davis	if ($savemsg) {
322	b8f22f61	Stephen Beaver	print_info_box($savemsg, 'success');
323	78863416	Phil Davis	}
324	5d2edeca	Sjon Hortensius
325			// Load valid country codes
326			$dn_cc = array();
327	78863416	Phil Davis	if (file_exists("/etc/ca_countries")) {
328	5d2edeca	Sjon Hortensius	$dn_cc_file=file("/etc/ca_countries");
329	80d50253	jim-p	$dn_cc[''] = gettext("None");
330	78863416	Phil Davis	foreach ($dn_cc_file as $line) {
331	b8f22f61	Stephen Beaver	if (preg_match('/^(\S)\s(.)$/', $line, $matches)) {
332	f74457df	Stephen Beaver	$dn_cc[$matches[1]] = $matches[1];
333	b8f22f61	Stephen Beaver	}
334			}
335	64cc39d3	Matthew Grooms	}
336
337	5d2edeca	Sjon Hortensius	$tab_array = array();
338			$tab_array[] = array(gettext("CAs"), true, "system_camanager.php");
339			$tab_array[] = array(gettext("Certificates"), false, "system_certmanager.php");
340			$tab_array[] = array(gettext("Certificate Revocation"), false, "system_crlmanager.php");
341			display_top_tabs($tab_array);
342
343	78863416	Phil Davis	if (!($act == "new" \|\| $act == "edit" \|\| $act == gettext("Save") \|\| $input_errors)) {
344	5d2edeca	Sjon Hortensius	?>
345	060ed238	Stephen Beaver	<div class="panel panel-default">
346			<div class="panel-heading"><h2 class="panel-title"><?=gettext('Certificate Authorities')?></h2></div>
347			<div class="panel-body">
348			<div class="table-responsive">
349	54691fc6	PiBa-NL	<table class="table table-striped table-hover table-rowdblclickedit">
350	060ed238	Stephen Beaver	<thead>
351			<tr>
352			<th><?=gettext("Name")?></th>
353			<th><?=gettext("Internal")?></th>
354			<th><?=gettext("Issuer")?></th>
355			<th><?=gettext("Certificates")?></th>
356			<th><?=gettext("Distinguished Name")?></th>
357	80080a0c	jim-p	<th><?=gettext("In Use")?></th>
358	060ed238	Stephen Beaver	<th><?=gettext("Actions")?></th>
359			</tr>
360			</thead>
361			<tbody>
362	64cc39d3	Matthew Grooms	<?php
363	3bde5cdd	PiBa-NL	$pluginparams = array();
364			$pluginparams['type'] = 'certificates';
365			$pluginparams['event'] = 'used_ca';
366			$certificates_used_by_packages = pkg_call_plugins('plugin_certificates', $pluginparams);
367
368	5d2edeca	Sjon Hortensius	foreach ($a_ca as $i => $ca):
369			$name = htmlspecialchars($ca['descr']);
370			$subj = cert_get_subject($ca['crt']);
371			$issuer = cert_get_issuer($ca['crt']);
372			list($startdate, $enddate) = cert_get_dates($ca['crt']);
373	78863416	Phil Davis	if ($subj == $issuer) {
374	a2a10102	Sjon Hortensius	$issuer_name = gettext("self-signed");
375	78863416	Phil Davis	} else {
376	a2a10102	Sjon Hortensius	$issuer_name = gettext("external");
377	78863416	Phil Davis	}
378	83d2b83a	jim-p	$subj = htmlspecialchars(cert_escape_x509_chars($subj, true));
379	5d2edeca	Sjon Hortensius	$issuer = htmlspecialchars($issuer);
380			$certcount = 0;
381
382			$issuer_ca = lookup_ca($ca['caref']);
383	78863416	Phil Davis	if ($issuer_ca) {
384	5d2edeca	Sjon Hortensius	$issuer_name = $issuer_ca['descr'];
385	78863416	Phil Davis	}
386	5d2edeca	Sjon Hortensius
387	78863416	Phil Davis	foreach ($a_cert as $cert) {
388			if ($cert['caref'] == $ca['refid']) {
389	5d2edeca	Sjon Hortensius	$certcount++;
390	78863416	Phil Davis	}
391			}
392	5d2edeca	Sjon Hortensius
393	78863416	Phil Davis	foreach ($a_ca as $cert) {
394			if ($cert['caref'] == $ca['refid']) {
395	5d2edeca	Sjon Hortensius	$certcount++;
396	78863416	Phil Davis	}
397			}
398	64cc39d3	Matthew Grooms	?>
399	060ed238	Stephen Beaver	<tr>
400			<td><?=$name?></td>
401	ce883f9f	jim-p	<td><i class="fa fa-<?= (!empty($ca['prv'])) ? "check" : "times" ; ?>"></i></td>
402	060ed238	Stephen Beaver	<td><i><?=$issuer_name?></i></td>
403			<td><?=$certcount?></td>
404			<td>
405			<?=$subj?>
406			<br />
407			<small>
408			<?=gettext("Valid From")?>: <b><?=$startdate ?></b><br /><?=gettext("Valid Until")?>: <b><?=$enddate ?></b>
409			</small>
410			</td>
411	80080a0c	jim-p	<td class="text-nowrap">
412			<?php if (is_openvpn_server_ca($ca['refid'])): ?>
413			<?=gettext("OpenVPN Server")?><br/>
414			<?php endif?>
415			<?php if (is_openvpn_client_ca($ca['refid'])): ?>
416			<?=gettext("OpenVPN Client")?><br/>
417			<?php endif?>
418			<?php if (is_ipsec_peer_ca($ca['refid'])): ?>
419			<?=gettext("IPsec Tunnel")?><br/>
420			<?php endif?>
421			<?php if (is_ldap_peer_ca($ca['refid'])): ?>
422			<?=gettext("LDAP Server")?>
423			<?php endif?>
424	3bde5cdd	PiBa-NL	<?php echo cert_usedby_description($ca['refid'], $certificates_used_by_packages); ?>
425	80080a0c	jim-p	</td>
426			<td class="text-nowrap">
427	4611e283	Steve Beaver	<a class="fa fa-pencil" title="<?=gettext("Edit CA")?>" href="system_camanager.php?act=edit&id=<?=$i?>"></a>
428			<a class="fa fa-certificate" title="<?=gettext("Export CA")?>" href="system_camanager.php?act=exp&id=<?=$i?>"></a>
429	060ed238	Stephen Beaver	<?php if ($ca['prv']): ?>
430	4611e283	Steve Beaver	<a class="fa fa-key" title="<?=gettext("Export key")?>" href="system_camanager.php?act=expkey&id=<?=$i?>"></a>
431	060ed238	Stephen Beaver	<?php endif?>
432	80080a0c	jim-p	<?php if (!ca_in_use($ca['refid'])): ?>
433	e8afd822	Steve Beaver	<a class="fa fa-trash" title="<?=gettext("Delete CA and its CRLs")?>" href="system_camanager.php?act=del&id=<?=$i?>" usepost ></a>
434	80080a0c	jim-p	<?php endif?>
435	060ed238	Stephen Beaver	</td>
436			</tr>
437	5d2edeca	Sjon Hortensius	<?php endforeach; ?>
438	060ed238	Stephen Beaver	</tbody>
439			</table>
440			</div>
441			</div>
442	04f1a496	NOYB	</div>
443	64cc39d3	Matthew Grooms
444	c10cb196	Stephen Beaver	<nav class="action-buttons">
445	4611e283	Steve Beaver	<a href="?act=new" class="btn btn-success btn-sm">
446	9d5a20cf	heper	<i class="fa fa-plus icon-embed-btn"></i>
447	f74457df	Stephen Beaver	<?=gettext("Add")?>
448			</a>
449	5d2edeca	Sjon Hortensius	</nav>
450	e9258698	NewEraCracker	<?php
451	5d2edeca	Sjon Hortensius	include("foot.inc");
452			exit;
453			}
454	96c7a492	Matthew Grooms
455	5d2edeca	Sjon Hortensius	$form = new Form;
456	b155730f	Stephen Beaver	//$form->setAction('system_camanager.php?act=edit');
457	78863416	Phil Davis	if (isset($id) && $a_ca[$id]) {
458	5d2edeca	Sjon Hortensius	$form->addGlobal(new Form_Input(
459			'id',
460			null,
461			'hidden',
462			$id
463			));
464			}
465	64cc39d3	Matthew Grooms
466	78863416	Phil Davis	if ($act == "edit") {
467	5d2edeca	Sjon Hortensius	$form->addGlobal(new Form_Input(
468			'refid',
469			null,
470			'hidden',
471			$pconfig['refid']
472			));
473			}
474
475	5f88f964	k-paulius	$section = new Form_Section('Create / Edit CA');
476	5d2edeca	Sjon Hortensius
477			$section->addInput(new Form_Input(
478			'descr',
479	153c3aa6	Phil Davis	'*Descriptive name',
480	5d2edeca	Sjon Hortensius	'text',
481			$pconfig['descr']
482			));
483
484	78863416	Phil Davis	if (!isset($id) \|\| $act == "edit") {
485	5d2edeca	Sjon Hortensius	$section->addInput(new Form_Select(
486			'method',
487	153c3aa6	Phil Davis	'*Method',
488	5d2edeca	Sjon Hortensius	$pconfig['method'],
489			$ca_methods
490	44d906ca	Sjon Hortensius	))->toggles();
491	5d2edeca	Sjon Hortensius	}
492	64cc39d3	Matthew Grooms
493	5d2edeca	Sjon Hortensius	$form->add($section);
494
495			$section = new Form_Section('Existing Certificate Authority');
496			$section->addClass('toggle-existing collapse');
497
498			$section->addInput(new Form_Textarea(
499			'cert',
500	153c3aa6	Phil Davis	'*Certificate data',
501	5d2edeca	Sjon Hortensius	$pconfig['cert']
502			))->setHelp('Paste a certificate in X.509 PEM format here.');
503
504			$section->addInput(new Form_Textarea(
505			'key',
506			'Certificate Private Key (optional)',
507			$pconfig['key']
508			))->setHelp('Paste the private key for the above certificate here. This is '.
509	10ddac8a	NOYB	'optional in most cases, but is required when generating a '.
510	5d2edeca	Sjon Hortensius	'Certificate Revocation List (CRL).');
511
512			$section->addInput(new Form_Input(
513			'serial',
514			'Serial for next certificate',
515			'number',
516			$pconfig['serial']
517			))->setHelp('Enter a decimal number to be used as the serial number for the next '.
518			'certificate to be created using this CA.');
519
520			$form->add($section);
521
522			$section = new Form_Section('Internal Certificate Authority');
523			$section->addClass('toggle-internal', 'toggle-intermediate', 'collapse');
524
525			$allCas = array();
526	78863416	Phil Davis	foreach ($a_ca as $ca) {
527			if (!$ca['prv']) {
528	5d2edeca	Sjon Hortensius	continue;
529	78863416	Phil Davis	}
530	5d2edeca	Sjon Hortensius
531			$allCas[ $ca['refid'] ] = $ca['descr'];
532			}
533	64cc39d3	Matthew Grooms
534	153c3aa6	Phil Davis	$group = new Form_Group('*Signing Certificate Authority');
535	b8f22f61	Stephen Beaver	$group->addClass('toggle-intermediate', 'collapse');
536	5d2edeca	Sjon Hortensius	$group->add(new Form_Select(
537			'caref',
538			null,
539			$pconfig['caref'],
540			$allCas
541			));
542			$section->add($group);
543
544			$section->addInput(new Form_Select(
545			'keylen',
546	153c3aa6	Phil Davis	'*Key length (bits)',
547	5d2edeca	Sjon Hortensius	$pconfig['keylen'],
548	b698621d	Stephen Beaver	array_combine($ca_keylens, $ca_keylens)
549	5d2edeca	Sjon Hortensius	));
550
551			$section->addInput(new Form_Select(
552			'digest_alg',
553	153c3aa6	Phil Davis	'*Digest Algorithm',
554	5d2edeca	Sjon Hortensius	$pconfig['digest_alg'],
555	b698621d	Stephen Beaver	array_combine($openssl_digest_algs, $openssl_digest_algs)
556	5d2edeca	Sjon Hortensius	))->setHelp('NOTE: It is recommended to use an algorithm stronger than SHA1 '.
557			'when possible.');
558
559			$section->addInput(new Form_Input(
560			'lifetime',
561	153c3aa6	Phil Davis	'*Lifetime (days)',
562	5d2edeca	Sjon Hortensius	'number',
563			$pconfig['lifetime']
564			));
565
566	26e3967a	jim-p	$section->addInput(new Form_Input(
567			'dn_commonname',
568			'*Common Name',
569			'text',
570			$pconfig['dn_commonname'],
571			['placeholder' => 'e.g. internal-ca']
572			));
573
574			$section->addInput(new Form_StaticText(
575			null,
576			gettext('The following certificate authority subject components are optional and may be left blank.')
577			));
578
579	5d2edeca	Sjon Hortensius	$section->addInput(new Form_Select(
580			'dn_country',
581	80d50253	jim-p	'Country Code',
582	5d2edeca	Sjon Hortensius	$pconfig['dn_country'],
583			$dn_cc
584			));
585
586			$section->addInput(new Form_Input(
587			'dn_state',
588	80d50253	jim-p	'State or Province',
589	5d2edeca	Sjon Hortensius	'text',
590			$pconfig['dn_state'],
591			['placeholder' => 'e.g. Texas']
592			));
593
594			$section->addInput(new Form_Input(
595			'dn_city',
596	80d50253	jim-p	'City',
597	5d2edeca	Sjon Hortensius	'text',
598			$pconfig['dn_city'],
599			['placeholder' => 'e.g. Austin']
600			));
601
602			$section->addInput(new Form_Input(
603			'dn_organization',
604	80d50253	jim-p	'Organization',
605	5d2edeca	Sjon Hortensius	'text',
606			$pconfig['dn_organization'],
607	da0f70ed	jim-p	['placeholder' => 'e.g. My Company Inc']
608			));
609
610			$section->addInput(new Form_Input(
611			'dn_organizationalunit',
612			'Organizational Unit',
613			'text',
614			$pconfig['dn_organizationalunit'],
615			['placeholder' => 'e.g. My Department Name (optional)']
616	5d2edeca	Sjon Hortensius	));
617
618			$form->add($section);
619
620			print $form;
621
622	b8f22f61	Stephen Beaver	$internal_ca_count = 0;
623			foreach ($a_ca as $ca) {
624			if ($ca['prv']) {
625			$internal_ca_count++;
626			}
627			}
628
629	c10cb196	Stephen Beaver	include('foot.inc');
630	097094bd	Phil Davis	?>

Project

General

Profile

pfSense