/src/usr/local/www/system_camanager.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/src/usr/local/www/system_camanager.php @ 83d2b83a

1	64cc39d3	Matthew Grooms	<?php
2			/*
3	c5d81585	Renato Botelho	* system_camanager.php
4	f74457df	Stephen Beaver	*
5	c5d81585	Renato Botelho	* part of pfSense (https://www.pfsense.org)
6	81299b5c	Renato Botelho	* Copyright (c) 2004-2016 Rubicon Communications, LLC (Netgate)
7	c5d81585	Renato Botelho	* Copyright (c) 2008 Shrew Soft Inc
8			* All rights reserved.
9	f74457df	Stephen Beaver	*
10	b12ea3fb	Renato Botelho	* Licensed under the Apache License, Version 2.0 (the "License");
11			* you may not use this file except in compliance with the License.
12			* You may obtain a copy of the License at
13	f74457df	Stephen Beaver	*
14	b12ea3fb	Renato Botelho	* http://www.apache.org/licenses/LICENSE-2.0
15	f74457df	Stephen Beaver	*
16	b12ea3fb	Renato Botelho	* Unless required by applicable law or agreed to in writing, software
17			* distributed under the License is distributed on an "AS IS" BASIS,
18			* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
19			* See the License for the specific language governing permissions and
20			* limitations under the License.
21	f74457df	Stephen Beaver	*/
22	64cc39d3	Matthew Grooms
23			##\|+PRIV
24			##\|*IDENT=page-system-camanager
25			##\|*NAME=System: CA Manager
26			##\|*DESCR=Allow access to the 'System: CA Manager' page.
27			##\|MATCH=system_camanager.php
28			##\|-PRIV
29
30	c81ef6e2	Phil Davis	require_once("guiconfig.inc");
31	742d9c2d	Ermal Lu?i	require_once("certs.inc");
32	afb7b75e	doktornotor	require_once("pfsense-utils.inc");
33	64cc39d3	Matthew Grooms
34			$ca_methods = array(
35	a37753d7	Vinicius Coque	"existing" => gettext("Import an existing Certificate Authority"),
36	95c8cf48	Evgeny Yurchenko	"internal" => gettext("Create an internal Certificate Authority"),
37			"intermediate" => gettext("Create an intermediate Certificate Authority"));
38	64cc39d3	Matthew Grooms
39	04c7b6bb	stilez	$ca_keylens = array("512", "1024", "2048", "3072", "4096", "7680", "8192", "15360", "16384");
40	84141846	jim-p	global $openssl_digest_algs;
41	64cc39d3	Matthew Grooms
42	4611e283	Steve Beaver	if (isset($_REQUEST['id']) && is_numericint($_REQUEST['id'])) {
43			$id = $_REQUEST['id'];
44	56b1ed39	Phil Davis	}
45	64cc39d3	Matthew Grooms
46	56b1ed39	Phil Davis	if (!is_array($config['ca'])) {
47	b4e6524c	jim-p	$config['ca'] = array();
48	56b1ed39	Phil Davis	}
49	64cc39d3	Matthew Grooms
50	b4e6524c	jim-p	$a_ca =& $config['ca'];
51	64cc39d3	Matthew Grooms
52	56b1ed39	Phil Davis	if (!is_array($config['cert'])) {
53	b4e6524c	jim-p	$config['cert'] = array();
54	56b1ed39	Phil Davis	}
55	64cc39d3	Matthew Grooms
56	b4e6524c	jim-p	$a_cert =& $config['cert'];
57	64cc39d3	Matthew Grooms
58	56b1ed39	Phil Davis	if (!is_array($config['crl'])) {
59	461aa9d0	jim-p	$config['crl'] = array();
60	56b1ed39	Phil Davis	}
61	461aa9d0	jim-p
62			$a_crl =& $config['crl'];
63
64	4611e283	Steve Beaver	if ($_REQUEST['act']) {
65			$act = $_REQUEST['act'];
66	56b1ed39	Phil Davis	}
67	64cc39d3	Matthew Grooms
68	4611e283	Steve Beaver	if ($_POST['act'] == "del") {
69	64cc39d3	Matthew Grooms
70	40e6086a	jim-p	if (!isset($a_ca[$id])) {
71	64cc39d3	Matthew Grooms	pfSenseHeader("system_camanager.php");
72			exit;
73			}
74
75	80080a0c	jim-p	/* Only remove CA reference when deleting. It can be reconnected if a new matching CA is imported */
76	64cc39d3	Matthew Grooms	$index = count($a_cert) - 1;
77	56b1ed39	Phil Davis	for (;$index >= 0; $index--) {
78			if ($a_cert[$index]['caref'] == $a_ca[$id]['refid']) {
79	80080a0c	jim-p	unset($a_cert[$index]['caref']);
80	56b1ed39	Phil Davis	}
81			}
82	64cc39d3	Matthew Grooms
83	80080a0c	jim-p	/* Remove any CRLs for this CA, there is no way to recover the connection once the CA has been removed. */
84	461aa9d0	jim-p	$index = count($a_crl) - 1;
85	56b1ed39	Phil Davis	for (;$index >= 0; $index--) {
86			if ($a_crl[$index]['caref'] == $a_ca[$id]['refid']) {
87	461aa9d0	jim-p	unset($a_crl[$index]);
88	56b1ed39	Phil Davis	}
89			}
90	461aa9d0	jim-p
91	f2a86ca9	jim-p	$name = $a_ca[$id]['descr'];
92	64cc39d3	Matthew Grooms	unset($a_ca[$id]);
93			write_config();
94	8545adde	k-paulius	$savemsg = sprintf(gettext("Certificate Authority %s and its CRLs (if any) successfully deleted."), htmlspecialchars($name));
95	2f51259b	jim-p	pfSenseHeader("system_camanager.php");
96			exit;
97	64cc39d3	Matthew Grooms	}
98
99	bfa992bc	jim-p	if ($act == "edit") {
100			if (!$a_ca[$id]) {
101			pfSenseHeader("system_camanager.php");
102			exit;
103			}
104			$pconfig['descr'] = $a_ca[$id]['descr'];
105			$pconfig['refid'] = $a_ca[$id]['refid'];
106			$pconfig['cert'] = base64_decode($a_ca[$id]['crt']);
107			$pconfig['serial'] = $a_ca[$id]['serial'];
108	56b1ed39	Phil Davis	if (!empty($a_ca[$id]['prv'])) {
109	bfa992bc	jim-p	$pconfig['key'] = base64_decode($a_ca[$id]['prv']);
110	56b1ed39	Phil Davis	}
111	bfa992bc	jim-p	}
112
113	64cc39d3	Matthew Grooms	if ($act == "new") {
114	d565c182	Steve Beaver	$pconfig['method'] = $_POST['method'];
115	64cc39d3	Matthew Grooms	$pconfig['keylen'] = "2048";
116	28a20fdb	jim-p	$pconfig['digest_alg'] = "sha256";
117	cf360495	Chris Buechler	$pconfig['lifetime'] = "3650";
118	64cc39d3	Matthew Grooms	$pconfig['dn_commonname'] = "internal-ca";
119			}
120
121	93823b10	Matthew Grooms	if ($act == "exp") {
122
123			if (!$a_ca[$id]) {
124			pfSenseHeader("system_camanager.php");
125			exit;
126			}
127
128	f2a86ca9	jim-p	$exp_name = urlencode("{$a_ca[$id]['descr']}.crt");
129	93823b10	Matthew Grooms	$exp_data = base64_decode($a_ca[$id]['crt']);
130			$exp_size = strlen($exp_data);
131
132			header("Content-Type: application/octet-stream");
133			header("Content-Disposition: attachment; filename={$exp_name}");
134			header("Content-Length: $exp_size");
135			echo $exp_data;
136			exit;
137			}
138
139	ecefc738	jim-p	if ($act == "expkey") {
140
141			if (!$a_ca[$id]) {
142			pfSenseHeader("system_camanager.php");
143			exit;
144			}
145
146	f2a86ca9	jim-p	$exp_name = urlencode("{$a_ca[$id]['descr']}.key");
147	ecefc738	jim-p	$exp_data = base64_decode($a_ca[$id]['prv']);
148			$exp_size = strlen($exp_data);
149
150			header("Content-Type: application/octet-stream");
151			header("Content-Disposition: attachment; filename={$exp_name}");
152			header("Content-Length: $exp_size");
153			echo $exp_data;
154			exit;
155			}
156
157	1355f71c	Steve Beaver	if ($_POST['save']) {
158	64cc39d3	Matthew Grooms
159	95c8cf48	Evgeny Yurchenko	unset($input_errors);
160	2b8bfda4	Phil Davis	$input_errors = array();
161	64cc39d3	Matthew Grooms	$pconfig = $_POST;
162
163			/* input validation */
164			if ($pconfig['method'] == "existing") {
165	5293bfec	jim-p	$reqdfields = explode(" ", "descr cert");
166	38fb1109	Vinicius Coque	$reqdfieldsn = array(
167	56b1ed39	Phil Davis	gettext("Descriptive name"),
168			gettext("Certificate data"));
169			if ($_POST['cert'] && (!strstr($_POST['cert'], "BEGIN CERTIFICATE") \|\| !strstr($_POST['cert'], "END CERTIFICATE"))) {
170	396cfe2e	jim-p	$input_errors[] = gettext("This certificate does not appear to be valid.");
171	56b1ed39	Phil Davis	}
172			if ($_POST['key'] && strstr($_POST['key'], "ENCRYPTED")) {
173	46698c3f	jim-p	$input_errors[] = gettext("Encrypted private keys are not yet supported.");
174	56b1ed39	Phil Davis	}
175	1746c5ce	PiBa-NL	if (!$input_errors && !empty($_POST['key']) && cert_get_publickey($_POST['cert'], false) != cert_get_publickey($_POST['key'], false, 'prv')) {
176	2cf5db21	jim-p	$input_errors[] = gettext("The submitted private key does not match the submitted certificate data.");
177			}
178	64cc39d3	Matthew Grooms	}
179			if ($pconfig['method'] == "internal") {
180			$reqdfields = explode(" ",
181	56b1ed39	Phil Davis	"descr keylen lifetime dn_country dn_state dn_city ".
182			"dn_organization dn_email dn_commonname");
183	38fb1109	Vinicius Coque	$reqdfieldsn = array(
184	56b1ed39	Phil Davis	gettext("Descriptive name"),
185			gettext("Key length"),
186			gettext("Lifetime"),
187			gettext("Distinguished name Country Code"),
188			gettext("Distinguished name State or Province"),
189			gettext("Distinguished name City"),
190			gettext("Distinguished name Organization"),
191			gettext("Distinguished name Email Address"),
192			gettext("Distinguished name Common Name"));
193	64cc39d3	Matthew Grooms	}
194	95c8cf48	Evgeny Yurchenko	if ($pconfig['method'] == "intermediate") {
195			$reqdfields = explode(" ",
196	56b1ed39	Phil Davis	"descr caref keylen lifetime dn_country dn_state dn_city ".
197			"dn_organization dn_email dn_commonname");
198	95c8cf48	Evgeny Yurchenko	$reqdfieldsn = array(
199	56b1ed39	Phil Davis	gettext("Descriptive name"),
200			gettext("Signing Certificate Authority"),
201			gettext("Key length"),
202			gettext("Lifetime"),
203			gettext("Distinguished name Country Code"),
204			gettext("Distinguished name State or Province"),
205			gettext("Distinguished name City"),
206			gettext("Distinguished name Organization"),
207			gettext("Distinguished name Email Address"),
208			gettext("Distinguished name Common Name"));
209	95c8cf48	Evgeny Yurchenko	}
210	64cc39d3	Matthew Grooms
211	1e9b4611	Renato Botelho	do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors);
212	ca621902	jim-p	if ($pconfig['method'] != "existing") {
213	21cc2faa	Evgeny Yurchenko	/* Make sure we do not have invalid characters in the fields for the certificate */
214	b75cdd94	jim-p	if (preg_match("/[\?\>\<\&\/\\\"\']/", $_POST['descr'])) {
215	762faef5	Phil Davis	array_push($input_errors, gettext("The field 'Descriptive Name' contains invalid characters."));
216	b75cdd94	jim-p	}
217
218	21cc2faa	Evgeny Yurchenko	for ($i = 0; $i < count($reqdfields); $i++) {
219	56b1ed39	Phil Davis	if ($reqdfields[$i] == 'dn_email') {
220			if (preg_match("/[\!\#\$\%\^\~\?\>\<\&\/\\\,\"\']/", $_POST["dn_email"])) {
221	762faef5	Phil Davis	array_push($input_errors, gettext("The field 'Distinguished name Email Address' contains invalid characters."));
222	56b1ed39	Phil Davis	}
223			}
224	21cc2faa	Evgeny Yurchenko	}
225	56b1ed39	Phil Davis	if (!in_array($_POST["keylen"], $ca_keylens)) {
226	ca621902	jim-p	array_push($input_errors, gettext("Please select a valid Key Length."));
227	56b1ed39	Phil Davis	}
228			if (!in_array($_POST["digest_alg"], $openssl_digest_algs)) {
229	ca621902	jim-p	array_push($input_errors, gettext("Please select a valid Digest Algorithm."));
230	56b1ed39	Phil Davis	}
231	ca621902	jim-p	}
232	1d6f93c5	Stephen Beaver
233	64cc39d3	Matthew Grooms	/* save modifications */
234			if (!$input_errors) {
235			$ca = array();
236	56b1ed39	Phil Davis	if (!isset($pconfig['refid']) \|\| empty($pconfig['refid'])) {
237	bfa992bc	jim-p	$ca['refid'] = uniqid();
238	56b1ed39	Phil Davis	} else {
239	bfa992bc	jim-p	$ca['refid'] = $pconfig['refid'];
240	56b1ed39	Phil Davis	}
241	bfa992bc	jim-p
242	56b1ed39	Phil Davis	if (isset($id) && $a_ca[$id]) {
243	64cc39d3	Matthew Grooms	$ca = $a_ca[$id];
244	56b1ed39	Phil Davis	}
245	64cc39d3	Matthew Grooms
246	bfa992bc	jim-p	$ca['descr'] = $pconfig['descr'];
247
248	5d2edeca	Sjon Hortensius	if ($act == "edit") {
249	bfa992bc	jim-p	$ca['descr'] = $pconfig['descr'];
250			$ca['refid'] = $pconfig['refid'];
251			$ca['serial'] = $pconfig['serial'];
252	51583438	Stephen Beaver	$ca['crt'] = base64_encode($pconfig['cert']);
253	56b1ed39	Phil Davis	if (!empty($pconfig['key'])) {
254	51583438	Stephen Beaver	$ca['prv'] = base64_encode($pconfig['key']);
255	56b1ed39	Phil Davis	}
256	bfa992bc	jim-p	} else {
257	f416763b	Phil Davis	$old_err_level = error_reporting(0); /* otherwise openssl_ functions throw warnings directly to a page screwing menu tab */
258	56b1ed39	Phil Davis	if ($pconfig['method'] == "existing") {
259	bfa992bc	jim-p	ca_import($ca, $pconfig['cert'], $pconfig['key'], $pconfig['serial']);
260	56b1ed39	Phil Davis	} else if ($pconfig['method'] == "internal") {
261	bfa992bc	jim-p	$dn = array(
262			'countryName' => $pconfig['dn_country'],
263	83d2b83a	jim-p	'stateOrProvinceName' => cert_escape_x509_chars($pconfig['dn_state']),
264			'localityName' => cert_escape_x509_chars($pconfig['dn_city']),
265			'organizationName' => cert_escape_x509_chars($pconfig['dn_organization']),
266			'emailAddress' => cert_escape_x509_chars($pconfig['dn_email']),
267			'commonName' => cert_escape_x509_chars($pconfig['dn_commonname']));
268	da0f70ed	jim-p	if (!empty($pconfig['dn_organizationalunit'])) {
269	83d2b83a	jim-p	$dn['organizationalUnitName'] = cert_escape_x509_chars($pconfig['dn_organizationalunit']);
270	da0f70ed	jim-p	}
271	56b1ed39	Phil Davis	if (!ca_create($ca, $pconfig['keylen'], $pconfig['lifetime'], $dn, $pconfig['digest_alg'])) {
272	5ce9bcf5	jim-p	$input_errors = array();
273	56b1ed39	Phil Davis	while ($ssl_err = openssl_error_string()) {
274	5ce9bcf5	jim-p	if (strpos($ssl_err, 'NCONF_get_string:no value') === false) {
275			array_push($input_errors, "openssl library returns: " . $ssl_err);
276			}
277	1b6d9fa5	Evgeny Yurchenko	}
278			}
279	78863416	Phil Davis	} else if ($pconfig['method'] == "intermediate") {
280	95c8cf48	Evgeny Yurchenko	$dn = array(
281			'countryName' => $pconfig['dn_country'],
282	83d2b83a	jim-p	'stateOrProvinceName' => cert_escape_x509_chars($pconfig['dn_state']),
283			'localityName' => cert_escape_x509_chars($pconfig['dn_city']),
284			'organizationName' => cert_escape_x509_chars($pconfig['dn_organization']),
285			'emailAddress' => cert_escape_x509_chars($pconfig['dn_email']),
286			'commonName' => cert_escape_x509_chars($pconfig['dn_commonname']));
287	da0f70ed	jim-p	if (!empty($pconfig['dn_organizationalunit'])) {
288	83d2b83a	jim-p	$dn['organizationalUnitName'] = cert_escape_x509_chars($pconfig['dn_organizationalunit']);
289	da0f70ed	jim-p	}
290	56b1ed39	Phil Davis	if (!ca_inter_create($ca, $pconfig['keylen'], $pconfig['lifetime'], $dn, $pconfig['caref'], $pconfig['digest_alg'])) {
291	5ce9bcf5	jim-p	$input_errors = array();
292	56b1ed39	Phil Davis	while ($ssl_err = openssl_error_string()) {
293	5ce9bcf5	jim-p	if (strpos($ssl_err, 'NCONF_get_string:no value') === false) {
294			array_push($input_errors, "openssl library returns: " . $ssl_err);
295			}
296	95c8cf48	Evgeny Yurchenko	}
297			}
298			}
299	1b6d9fa5	Evgeny Yurchenko	error_reporting($old_err_level);
300	64cc39d3	Matthew Grooms	}
301
302	56b1ed39	Phil Davis	if (isset($id) && $a_ca[$id]) {
303	64cc39d3	Matthew Grooms	$a_ca[$id] = $ca;
304	56b1ed39	Phil Davis	} else {
305	64cc39d3	Matthew Grooms	$a_ca[] = $ca;
306	56b1ed39	Phil Davis	}
307	64cc39d3	Matthew Grooms
308	56b1ed39	Phil Davis	if (!$input_errors) {
309	95c8cf48	Evgeny Yurchenko	write_config();
310	5ce9bcf5	jim-p	pfSenseHeader("system_camanager.php");
311	56b1ed39	Phil Davis	}
312	64cc39d3	Matthew Grooms	}
313			}
314
315	56c6b1cb	k-paulius	$pgtitle = array(gettext("System"), gettext("Certificate Manager"), gettext("CAs"));
316	edcd7535	Phil Davis	$pglinks = array("", "system_camanager.php", "system_camanager.php");
317	56c6b1cb	k-paulius
318			if ($act == "new" \|\| $act == "edit" \|\| $act == gettext("Save") \|\| $input_errors) {
319			$pgtitle[] = gettext('Edit');
320	edcd7535	Phil Davis	$pglinks[] = "@self";
321	56c6b1cb	k-paulius	}
322	64cc39d3	Matthew Grooms	include("head.inc");
323
324	78863416	Phil Davis	if ($input_errors) {
325	5d2edeca	Sjon Hortensius	print_input_errors($input_errors);
326	78863416	Phil Davis	}
327	b8f22f61	Stephen Beaver
328	78863416	Phil Davis	if ($savemsg) {
329	b8f22f61	Stephen Beaver	print_info_box($savemsg, 'success');
330	78863416	Phil Davis	}
331	5d2edeca	Sjon Hortensius
332			// Load valid country codes
333			$dn_cc = array();
334	78863416	Phil Davis	if (file_exists("/etc/ca_countries")) {
335	5d2edeca	Sjon Hortensius	$dn_cc_file=file("/etc/ca_countries");
336	78863416	Phil Davis	foreach ($dn_cc_file as $line) {
337	b8f22f61	Stephen Beaver	if (preg_match('/^(\S)\s(.)$/', $line, $matches)) {
338	f74457df	Stephen Beaver	$dn_cc[$matches[1]] = $matches[1];
339	b8f22f61	Stephen Beaver	}
340			}
341	64cc39d3	Matthew Grooms	}
342
343	5d2edeca	Sjon Hortensius	$tab_array = array();
344			$tab_array[] = array(gettext("CAs"), true, "system_camanager.php");
345			$tab_array[] = array(gettext("Certificates"), false, "system_certmanager.php");
346			$tab_array[] = array(gettext("Certificate Revocation"), false, "system_crlmanager.php");
347			display_top_tabs($tab_array);
348
349	78863416	Phil Davis	if (!($act == "new" \|\| $act == "edit" \|\| $act == gettext("Save") \|\| $input_errors)) {
350	5d2edeca	Sjon Hortensius	?>
351	060ed238	Stephen Beaver	<div class="panel panel-default">
352			<div class="panel-heading"><h2 class="panel-title"><?=gettext('Certificate Authorities')?></h2></div>
353			<div class="panel-body">
354			<div class="table-responsive">
355	54691fc6	PiBa-NL	<table class="table table-striped table-hover table-rowdblclickedit">
356	060ed238	Stephen Beaver	<thead>
357			<tr>
358			<th><?=gettext("Name")?></th>
359			<th><?=gettext("Internal")?></th>
360			<th><?=gettext("Issuer")?></th>
361			<th><?=gettext("Certificates")?></th>
362			<th><?=gettext("Distinguished Name")?></th>
363	80080a0c	jim-p	<th><?=gettext("In Use")?></th>
364	060ed238	Stephen Beaver	<th><?=gettext("Actions")?></th>
365			</tr>
366			</thead>
367			<tbody>
368	64cc39d3	Matthew Grooms	<?php
369	3bde5cdd	PiBa-NL	$pluginparams = array();
370			$pluginparams['type'] = 'certificates';
371			$pluginparams['event'] = 'used_ca';
372			$certificates_used_by_packages = pkg_call_plugins('plugin_certificates', $pluginparams);
373
374	5d2edeca	Sjon Hortensius	foreach ($a_ca as $i => $ca):
375			$name = htmlspecialchars($ca['descr']);
376			$subj = cert_get_subject($ca['crt']);
377			$issuer = cert_get_issuer($ca['crt']);
378			list($startdate, $enddate) = cert_get_dates($ca['crt']);
379	78863416	Phil Davis	if ($subj == $issuer) {
380	a2a10102	Sjon Hortensius	$issuer_name = gettext("self-signed");
381	78863416	Phil Davis	} else {
382	a2a10102	Sjon Hortensius	$issuer_name = gettext("external");
383	78863416	Phil Davis	}
384	83d2b83a	jim-p	$subj = htmlspecialchars(cert_escape_x509_chars($subj, true));
385	5d2edeca	Sjon Hortensius	$issuer = htmlspecialchars($issuer);
386			$certcount = 0;
387
388			$issuer_ca = lookup_ca($ca['caref']);
389	78863416	Phil Davis	if ($issuer_ca) {
390	5d2edeca	Sjon Hortensius	$issuer_name = $issuer_ca['descr'];
391	78863416	Phil Davis	}
392	5d2edeca	Sjon Hortensius
393	78863416	Phil Davis	foreach ($a_cert as $cert) {
394			if ($cert['caref'] == $ca['refid']) {
395	5d2edeca	Sjon Hortensius	$certcount++;
396	78863416	Phil Davis	}
397			}
398	5d2edeca	Sjon Hortensius
399	78863416	Phil Davis	foreach ($a_ca as $cert) {
400			if ($cert['caref'] == $ca['refid']) {
401	5d2edeca	Sjon Hortensius	$certcount++;
402	78863416	Phil Davis	}
403			}
404	64cc39d3	Matthew Grooms	?>
405	060ed238	Stephen Beaver	<tr>
406			<td><?=$name?></td>
407	ce883f9f	jim-p	<td><i class="fa fa-<?= (!empty($ca['prv'])) ? "check" : "times" ; ?>"></i></td>
408	060ed238	Stephen Beaver	<td><i><?=$issuer_name?></i></td>
409			<td><?=$certcount?></td>
410			<td>
411			<?=$subj?>
412			<br />
413			<small>
414			<?=gettext("Valid From")?>: <b><?=$startdate ?></b><br /><?=gettext("Valid Until")?>: <b><?=$enddate ?></b>
415			</small>
416			</td>
417	80080a0c	jim-p	<td class="text-nowrap">
418			<?php if (is_openvpn_server_ca($ca['refid'])): ?>
419			<?=gettext("OpenVPN Server")?><br/>
420			<?php endif?>
421			<?php if (is_openvpn_client_ca($ca['refid'])): ?>
422			<?=gettext("OpenVPN Client")?><br/>
423			<?php endif?>
424			<?php if (is_ipsec_peer_ca($ca['refid'])): ?>
425			<?=gettext("IPsec Tunnel")?><br/>
426			<?php endif?>
427			<?php if (is_ldap_peer_ca($ca['refid'])): ?>
428			<?=gettext("LDAP Server")?>
429			<?php endif?>
430	3bde5cdd	PiBa-NL	<?php echo cert_usedby_description($ca['refid'], $certificates_used_by_packages); ?>
431	80080a0c	jim-p	</td>
432			<td class="text-nowrap">
433	4611e283	Steve Beaver	<a class="fa fa-pencil" title="<?=gettext("Edit CA")?>" href="system_camanager.php?act=edit&id=<?=$i?>"></a>
434			<a class="fa fa-certificate" title="<?=gettext("Export CA")?>" href="system_camanager.php?act=exp&id=<?=$i?>"></a>
435	060ed238	Stephen Beaver	<?php if ($ca['prv']): ?>
436	4611e283	Steve Beaver	<a class="fa fa-key" title="<?=gettext("Export key")?>" href="system_camanager.php?act=expkey&id=<?=$i?>"></a>
437	060ed238	Stephen Beaver	<?php endif?>
438	80080a0c	jim-p	<?php if (!ca_in_use($ca['refid'])): ?>
439	e8afd822	Steve Beaver	<a class="fa fa-trash" title="<?=gettext("Delete CA and its CRLs")?>" href="system_camanager.php?act=del&id=<?=$i?>" usepost ></a>
440	80080a0c	jim-p	<?php endif?>
441	060ed238	Stephen Beaver	</td>
442			</tr>
443	5d2edeca	Sjon Hortensius	<?php endforeach; ?>
444	060ed238	Stephen Beaver	</tbody>
445			</table>
446			</div>
447			</div>
448	04f1a496	NOYB	</div>
449	64cc39d3	Matthew Grooms
450	c10cb196	Stephen Beaver	<nav class="action-buttons">
451	4611e283	Steve Beaver	<a href="?act=new" class="btn btn-success btn-sm">
452	9d5a20cf	heper	<i class="fa fa-plus icon-embed-btn"></i>
453	f74457df	Stephen Beaver	<?=gettext("Add")?>
454			</a>
455	5d2edeca	Sjon Hortensius	</nav>
456	e9258698	NewEraCracker	<?php
457	5d2edeca	Sjon Hortensius	include("foot.inc");
458			exit;
459			}
460	96c7a492	Matthew Grooms
461	5d2edeca	Sjon Hortensius	$form = new Form;
462	b155730f	Stephen Beaver	//$form->setAction('system_camanager.php?act=edit');
463	78863416	Phil Davis	if (isset($id) && $a_ca[$id]) {
464	5d2edeca	Sjon Hortensius	$form->addGlobal(new Form_Input(
465			'id',
466			null,
467			'hidden',
468			$id
469			));
470			}
471	64cc39d3	Matthew Grooms
472	78863416	Phil Davis	if ($act == "edit") {
473	5d2edeca	Sjon Hortensius	$form->addGlobal(new Form_Input(
474			'refid',
475			null,
476			'hidden',
477			$pconfig['refid']
478			));
479			}
480
481	5f88f964	k-paulius	$section = new Form_Section('Create / Edit CA');
482	5d2edeca	Sjon Hortensius
483			$section->addInput(new Form_Input(
484			'descr',
485	153c3aa6	Phil Davis	'*Descriptive name',
486	5d2edeca	Sjon Hortensius	'text',
487			$pconfig['descr']
488			));
489
490	78863416	Phil Davis	if (!isset($id) \|\| $act == "edit") {
491	5d2edeca	Sjon Hortensius	$section->addInput(new Form_Select(
492			'method',
493	153c3aa6	Phil Davis	'*Method',
494	5d2edeca	Sjon Hortensius	$pconfig['method'],
495			$ca_methods
496	44d906ca	Sjon Hortensius	))->toggles();
497	5d2edeca	Sjon Hortensius	}
498	64cc39d3	Matthew Grooms
499	5d2edeca	Sjon Hortensius	$form->add($section);
500
501			$section = new Form_Section('Existing Certificate Authority');
502			$section->addClass('toggle-existing collapse');
503
504			$section->addInput(new Form_Textarea(
505			'cert',
506	153c3aa6	Phil Davis	'*Certificate data',
507	5d2edeca	Sjon Hortensius	$pconfig['cert']
508			))->setHelp('Paste a certificate in X.509 PEM format here.');
509
510			$section->addInput(new Form_Textarea(
511			'key',
512			'Certificate Private Key (optional)',
513			$pconfig['key']
514			))->setHelp('Paste the private key for the above certificate here. This is '.
515	10ddac8a	NOYB	'optional in most cases, but is required when generating a '.
516	5d2edeca	Sjon Hortensius	'Certificate Revocation List (CRL).');
517
518			$section->addInput(new Form_Input(
519			'serial',
520			'Serial for next certificate',
521			'number',
522			$pconfig['serial']
523			))->setHelp('Enter a decimal number to be used as the serial number for the next '.
524			'certificate to be created using this CA.');
525
526			$form->add($section);
527
528			$section = new Form_Section('Internal Certificate Authority');
529			$section->addClass('toggle-internal', 'toggle-intermediate', 'collapse');
530
531			$allCas = array();
532	78863416	Phil Davis	foreach ($a_ca as $ca) {
533			if (!$ca['prv']) {
534	5d2edeca	Sjon Hortensius	continue;
535	78863416	Phil Davis	}
536	5d2edeca	Sjon Hortensius
537			$allCas[ $ca['refid'] ] = $ca['descr'];
538			}
539	64cc39d3	Matthew Grooms
540	153c3aa6	Phil Davis	$group = new Form_Group('*Signing Certificate Authority');
541	b8f22f61	Stephen Beaver	$group->addClass('toggle-intermediate', 'collapse');
542	5d2edeca	Sjon Hortensius	$group->add(new Form_Select(
543			'caref',
544			null,
545			$pconfig['caref'],
546			$allCas
547			));
548			$section->add($group);
549
550			$section->addInput(new Form_Select(
551			'keylen',
552	153c3aa6	Phil Davis	'*Key length (bits)',
553	5d2edeca	Sjon Hortensius	$pconfig['keylen'],
554	b698621d	Stephen Beaver	array_combine($ca_keylens, $ca_keylens)
555	5d2edeca	Sjon Hortensius	));
556
557			$section->addInput(new Form_Select(
558			'digest_alg',
559	153c3aa6	Phil Davis	'*Digest Algorithm',
560	5d2edeca	Sjon Hortensius	$pconfig['digest_alg'],
561	b698621d	Stephen Beaver	array_combine($openssl_digest_algs, $openssl_digest_algs)
562	5d2edeca	Sjon Hortensius	))->setHelp('NOTE: It is recommended to use an algorithm stronger than SHA1 '.
563			'when possible.');
564
565			$section->addInput(new Form_Input(
566			'lifetime',
567	153c3aa6	Phil Davis	'*Lifetime (days)',
568	5d2edeca	Sjon Hortensius	'number',
569			$pconfig['lifetime']
570			));
571
572			$section->addInput(new Form_Select(
573			'dn_country',
574	153c3aa6	Phil Davis	'*Country Code',
575	5d2edeca	Sjon Hortensius	$pconfig['dn_country'],
576			$dn_cc
577			));
578
579			$section->addInput(new Form_Input(
580			'dn_state',
581	153c3aa6	Phil Davis	'*State or Province',
582	5d2edeca	Sjon Hortensius	'text',
583			$pconfig['dn_state'],
584			['placeholder' => 'e.g. Texas']
585			));
586
587			$section->addInput(new Form_Input(
588			'dn_city',
589	153c3aa6	Phil Davis	'*City',
590	5d2edeca	Sjon Hortensius	'text',
591			$pconfig['dn_city'],
592			['placeholder' => 'e.g. Austin']
593			));
594
595			$section->addInput(new Form_Input(
596			'dn_organization',
597	153c3aa6	Phil Davis	'*Organization',
598	5d2edeca	Sjon Hortensius	'text',
599			$pconfig['dn_organization'],
600	da0f70ed	jim-p	['placeholder' => 'e.g. My Company Inc']
601			));
602
603			$section->addInput(new Form_Input(
604			'dn_organizationalunit',
605			'Organizational Unit',
606			'text',
607			$pconfig['dn_organizationalunit'],
608			['placeholder' => 'e.g. My Department Name (optional)']
609	5d2edeca	Sjon Hortensius	));
610
611			$section->addInput(new Form_Input(
612			'dn_email',
613	153c3aa6	Phil Davis	'*Email Address',
614	5d2edeca	Sjon Hortensius	'email',
615			$pconfig['dn_email'],
616			['placeholder' => 'e.g. admin@mycompany.com']
617			));
618
619			$section->addInput(new Form_Input(
620			'dn_commonname',
621	153c3aa6	Phil Davis	'*Common Name',
622	5d2edeca	Sjon Hortensius	'text',
623			$pconfig['dn_commonname'],
624			['placeholder' => 'e.g. internal-ca']
625			));
626
627			$form->add($section);
628
629			print $form;
630
631	b8f22f61	Stephen Beaver	$internal_ca_count = 0;
632			foreach ($a_ca as $ca) {
633			if ($ca['prv']) {
634			$internal_ca_count++;
635			}
636			}
637
638	c10cb196	Stephen Beaver	include('foot.inc');
639	097094bd	Phil Davis	?>

Project

General

Profile

pfSense