/src/usr/local/www/system_camanager.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/src/usr/local/www/system_camanager.php @ 9014e27c

1	64cc39d3	Matthew Grooms	<?php
2			/*
3	ce77a9c4	Phil Davis	system_camanager.php
4	64cc39d3	Matthew Grooms	*/
5	f74457df	Stephen Beaver	/* ====================================================================
6			* Copyright (c) 2004-2015 Electric Sheep Fencing, LLC. All rights reserved.
7	191cb31d	Stephen Beaver	* Copyright (c) 2008 Shrew Soft Inc.
8	f74457df	Stephen Beaver	*
9			* Redistribution and use in source and binary forms, with or without modification,
10			* are permitted provided that the following conditions are met:
11			*
12			* 1. Redistributions of source code must retain the above copyright notice,
13			* this list of conditions and the following disclaimer.
14			*
15			* 2. Redistributions in binary form must reproduce the above copyright
16			* notice, this list of conditions and the following disclaimer in
17			* the documentation and/or other materials provided with the
18			* distribution.
19			*
20			* 3. All advertising materials mentioning features or use of this software
21			* must display the following acknowledgment:
22			* "This product includes software developed by the pfSense Project
23			* for use in the pfSense software distribution. (http://www.pfsense.org/).
24			*
25			* 4. The names "pfSense" and "pfSense Project" must not be used to
26			* endorse or promote products derived from this software without
27			* prior written permission. For written permission, please contact
28			* coreteam@pfsense.org.
29			*
30			* 5. Products derived from this software may not be called "pfSense"
31			* nor may "pfSense" appear in their names without prior written
32			* permission of the Electric Sheep Fencing, LLC.
33			*
34			* 6. Redistributions of any form whatsoever must retain the following
35			* acknowledgment:
36			*
37			* "This product includes software developed by the pfSense Project
38			* for use in the pfSense software distribution (http://www.pfsense.org/).
39			*
40			* THIS SOFTWARE IS PROVIDED BY THE pfSense PROJECT ``AS IS'' AND ANY
41			* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42			* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
43			* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE pfSense PROJECT OR
44			* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
45			* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
46			* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
47			* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48			* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
49			* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
50			* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
51			* OF THE POSSIBILITY OF SUCH DAMAGE.
52			*
53			* ====================================================================
54			*
55			*/
56	64cc39d3	Matthew Grooms
57			##\|+PRIV
58			##\|*IDENT=page-system-camanager
59			##\|*NAME=System: CA Manager
60			##\|*DESCR=Allow access to the 'System: CA Manager' page.
61			##\|MATCH=system_camanager.php
62			##\|-PRIV
63
64			require("guiconfig.inc");
65	742d9c2d	Ermal Lu?i	require_once("certs.inc");
66	64cc39d3	Matthew Grooms
67			$ca_methods = array(
68	a37753d7	Vinicius Coque	"existing" => gettext("Import an existing Certificate Authority"),
69	95c8cf48	Evgeny Yurchenko	"internal" => gettext("Create an internal Certificate Authority"),
70			"intermediate" => gettext("Create an intermediate Certificate Authority"));
71	64cc39d3	Matthew Grooms
72	56b1ed39	Phil Davis	$ca_keylens = array("512", "1024", "2048", "4096");
73	84197cec	jim-p	$openssl_digest_algs = array("sha1", "sha224", "sha256", "sha384", "sha512");
74	64cc39d3	Matthew Grooms
75	56b1ed39	Phil Davis	if (is_numericint($_GET['id'])) {
76	e41ec584	Renato Botelho	$id = $_GET['id'];
77	56b1ed39	Phil Davis	}
78			if (isset($_POST['id']) && is_numericint($_POST['id'])) {
79	64cc39d3	Matthew Grooms	$id = $_POST['id'];
80	56b1ed39	Phil Davis	}
81	64cc39d3	Matthew Grooms
82	56b1ed39	Phil Davis	if (!is_array($config['ca'])) {
83	b4e6524c	jim-p	$config['ca'] = array();
84	56b1ed39	Phil Davis	}
85	64cc39d3	Matthew Grooms
86	b4e6524c	jim-p	$a_ca =& $config['ca'];
87	64cc39d3	Matthew Grooms
88	56b1ed39	Phil Davis	if (!is_array($config['cert'])) {
89	b4e6524c	jim-p	$config['cert'] = array();
90	56b1ed39	Phil Davis	}
91	64cc39d3	Matthew Grooms
92	b4e6524c	jim-p	$a_cert =& $config['cert'];
93	64cc39d3	Matthew Grooms
94	56b1ed39	Phil Davis	if (!is_array($config['crl'])) {
95	461aa9d0	jim-p	$config['crl'] = array();
96	56b1ed39	Phil Davis	}
97	461aa9d0	jim-p
98			$a_crl =& $config['crl'];
99
100	64cc39d3	Matthew Grooms	$act = $_GET['act'];
101	56b1ed39	Phil Davis	if ($_POST['act']) {
102	64cc39d3	Matthew Grooms	$act = $_POST['act'];
103	56b1ed39	Phil Davis	}
104	64cc39d3	Matthew Grooms
105			if ($act == "del") {
106
107	40e6086a	jim-p	if (!isset($a_ca[$id])) {
108	64cc39d3	Matthew Grooms	pfSenseHeader("system_camanager.php");
109			exit;
110			}
111
112			$index = count($a_cert) - 1;
113	56b1ed39	Phil Davis	for (;$index >= 0; $index--) {
114			if ($a_cert[$index]['caref'] == $a_ca[$id]['refid']) {
115	64cc39d3	Matthew Grooms	unset($a_cert[$index]);
116	56b1ed39	Phil Davis	}
117			}
118	64cc39d3	Matthew Grooms
119	461aa9d0	jim-p	$index = count($a_crl) - 1;
120	56b1ed39	Phil Davis	for (;$index >= 0; $index--) {
121			if ($a_crl[$index]['caref'] == $a_ca[$id]['refid']) {
122	461aa9d0	jim-p	unset($a_crl[$index]);
123	56b1ed39	Phil Davis	}
124			}
125	461aa9d0	jim-p
126	f2a86ca9	jim-p	$name = $a_ca[$id]['descr'];
127	64cc39d3	Matthew Grooms	unset($a_ca[$id]);
128			write_config();
129	8545adde	k-paulius	$savemsg = sprintf(gettext("Certificate Authority %s and its CRLs (if any) successfully deleted."), htmlspecialchars($name));
130	2f51259b	jim-p	pfSenseHeader("system_camanager.php");
131			exit;
132	64cc39d3	Matthew Grooms	}
133
134	bfa992bc	jim-p	if ($act == "edit") {
135			if (!$a_ca[$id]) {
136			pfSenseHeader("system_camanager.php");
137			exit;
138			}
139			$pconfig['descr'] = $a_ca[$id]['descr'];
140			$pconfig['refid'] = $a_ca[$id]['refid'];
141			$pconfig['cert'] = base64_decode($a_ca[$id]['crt']);
142			$pconfig['serial'] = $a_ca[$id]['serial'];
143	56b1ed39	Phil Davis	if (!empty($a_ca[$id]['prv'])) {
144	bfa992bc	jim-p	$pconfig['key'] = base64_decode($a_ca[$id]['prv']);
145	56b1ed39	Phil Davis	}
146	bfa992bc	jim-p	}
147
148	64cc39d3	Matthew Grooms	if ($act == "new") {
149			$pconfig['method'] = $_GET['method'];
150			$pconfig['keylen'] = "2048";
151	28a20fdb	jim-p	$pconfig['digest_alg'] = "sha256";
152	cf360495	Chris Buechler	$pconfig['lifetime'] = "3650";
153	64cc39d3	Matthew Grooms	$pconfig['dn_commonname'] = "internal-ca";
154			}
155
156	93823b10	Matthew Grooms	if ($act == "exp") {
157
158			if (!$a_ca[$id]) {
159			pfSenseHeader("system_camanager.php");
160			exit;
161			}
162
163	f2a86ca9	jim-p	$exp_name = urlencode("{$a_ca[$id]['descr']}.crt");
164	93823b10	Matthew Grooms	$exp_data = base64_decode($a_ca[$id]['crt']);
165			$exp_size = strlen($exp_data);
166
167			header("Content-Type: application/octet-stream");
168			header("Content-Disposition: attachment; filename={$exp_name}");
169			header("Content-Length: $exp_size");
170			echo $exp_data;
171			exit;
172			}
173
174	ecefc738	jim-p	if ($act == "expkey") {
175
176			if (!$a_ca[$id]) {
177			pfSenseHeader("system_camanager.php");
178			exit;
179			}
180
181	f2a86ca9	jim-p	$exp_name = urlencode("{$a_ca[$id]['descr']}.key");
182	ecefc738	jim-p	$exp_data = base64_decode($a_ca[$id]['prv']);
183			$exp_size = strlen($exp_data);
184
185			header("Content-Type: application/octet-stream");
186			header("Content-Disposition: attachment; filename={$exp_name}");
187			header("Content-Length: $exp_size");
188			echo $exp_data;
189			exit;
190			}
191
192	64cc39d3	Matthew Grooms	if ($_POST) {
193
194	95c8cf48	Evgeny Yurchenko	unset($input_errors);
195	2b8bfda4	Phil Davis	$input_errors = array();
196	64cc39d3	Matthew Grooms	$pconfig = $_POST;
197
198			/* input validation */
199			if ($pconfig['method'] == "existing") {
200	5293bfec	jim-p	$reqdfields = explode(" ", "descr cert");
201	38fb1109	Vinicius Coque	$reqdfieldsn = array(
202	56b1ed39	Phil Davis	gettext("Descriptive name"),
203			gettext("Certificate data"));
204			if ($_POST['cert'] && (!strstr($_POST['cert'], "BEGIN CERTIFICATE") \|\| !strstr($_POST['cert'], "END CERTIFICATE"))) {
205	396cfe2e	jim-p	$input_errors[] = gettext("This certificate does not appear to be valid.");
206	56b1ed39	Phil Davis	}
207			if ($_POST['key'] && strstr($_POST['key'], "ENCRYPTED")) {
208	46698c3f	jim-p	$input_errors[] = gettext("Encrypted private keys are not yet supported.");
209	56b1ed39	Phil Davis	}
210	64cc39d3	Matthew Grooms	}
211			if ($pconfig['method'] == "internal") {
212			$reqdfields = explode(" ",
213	56b1ed39	Phil Davis	"descr keylen lifetime dn_country dn_state dn_city ".
214			"dn_organization dn_email dn_commonname");
215	38fb1109	Vinicius Coque	$reqdfieldsn = array(
216	56b1ed39	Phil Davis	gettext("Descriptive name"),
217			gettext("Key length"),
218			gettext("Lifetime"),
219			gettext("Distinguished name Country Code"),
220			gettext("Distinguished name State or Province"),
221			gettext("Distinguished name City"),
222			gettext("Distinguished name Organization"),
223			gettext("Distinguished name Email Address"),
224			gettext("Distinguished name Common Name"));
225	64cc39d3	Matthew Grooms	}
226	95c8cf48	Evgeny Yurchenko	if ($pconfig['method'] == "intermediate") {
227			$reqdfields = explode(" ",
228	56b1ed39	Phil Davis	"descr caref keylen lifetime dn_country dn_state dn_city ".
229			"dn_organization dn_email dn_commonname");
230	95c8cf48	Evgeny Yurchenko	$reqdfieldsn = array(
231	56b1ed39	Phil Davis	gettext("Descriptive name"),
232			gettext("Signing Certificate Authority"),
233			gettext("Key length"),
234			gettext("Lifetime"),
235			gettext("Distinguished name Country Code"),
236			gettext("Distinguished name State or Province"),
237			gettext("Distinguished name City"),
238			gettext("Distinguished name Organization"),
239			gettext("Distinguished name Email Address"),
240			gettext("Distinguished name Common Name"));
241	95c8cf48	Evgeny Yurchenko	}
242	64cc39d3	Matthew Grooms
243	1e9b4611	Renato Botelho	do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors);
244	ca621902	jim-p	if ($pconfig['method'] != "existing") {
245	21cc2faa	Evgeny Yurchenko	/* Make sure we do not have invalid characters in the fields for the certificate */
246	b75cdd94	jim-p	if (preg_match("/[\?\>\<\&\/\\\"\']/", $_POST['descr'])) {
247	762faef5	Phil Davis	array_push($input_errors, gettext("The field 'Descriptive Name' contains invalid characters."));
248	b75cdd94	jim-p	}
249
250	21cc2faa	Evgeny Yurchenko	for ($i = 0; $i < count($reqdfields); $i++) {
251	56b1ed39	Phil Davis	if ($reqdfields[$i] == 'dn_email') {
252			if (preg_match("/[\!\#\$\%\^\~\?\>\<\&\/\\\,\"\']/", $_POST["dn_email"])) {
253	762faef5	Phil Davis	array_push($input_errors, gettext("The field 'Distinguished name Email Address' contains invalid characters."));
254	56b1ed39	Phil Davis	}
255			} else if ($reqdfields[$i] == 'dn_commonname') {
256			if (preg_match("/[\!\@\#\$\%\^\~\?\>\<\&\/\\\,\"\']/", $_POST["dn_commonname"])) {
257	762faef5	Phil Davis	array_push($input_errors, gettext("The field 'Distinguished name Common Name' contains invalid characters."));
258	56b1ed39	Phil Davis	}
259			} else if (($reqdfields[$i] != "descr") && preg_match("/[\!\@\#\$\%\^\~\?\>\<\&\/\\\,\.\"\']/", $_POST["$reqdfields[$i]"])) {
260	762faef5	Phil Davis	array_push($input_errors, sprintf(gettext("The field '%s' contains invalid characters."), $reqdfieldsn[$i]));
261	56b1ed39	Phil Davis	}
262	21cc2faa	Evgeny Yurchenko	}
263	56b1ed39	Phil Davis	if (!in_array($_POST["keylen"], $ca_keylens)) {
264	ca621902	jim-p	array_push($input_errors, gettext("Please select a valid Key Length."));
265	56b1ed39	Phil Davis	}
266			if (!in_array($_POST["digest_alg"], $openssl_digest_algs)) {
267	ca621902	jim-p	array_push($input_errors, gettext("Please select a valid Digest Algorithm."));
268	56b1ed39	Phil Davis	}
269	ca621902	jim-p	}
270	1d6f93c5	Stephen Beaver
271	64cc39d3	Matthew Grooms	/* if this is an AJAX caller then handle via JSON */
272			if (isAjax() && is_array($input_errors)) {
273			input_errors2Ajax($input_errors);
274			exit;
275			}
276
277			/* save modifications */
278			if (!$input_errors) {
279			$ca = array();
280	56b1ed39	Phil Davis	if (!isset($pconfig['refid']) \|\| empty($pconfig['refid'])) {
281	bfa992bc	jim-p	$ca['refid'] = uniqid();
282	56b1ed39	Phil Davis	} else {
283	bfa992bc	jim-p	$ca['refid'] = $pconfig['refid'];
284	56b1ed39	Phil Davis	}
285	bfa992bc	jim-p
286	56b1ed39	Phil Davis	if (isset($id) && $a_ca[$id]) {
287	64cc39d3	Matthew Grooms	$ca = $a_ca[$id];
288	56b1ed39	Phil Davis	}
289	64cc39d3	Matthew Grooms
290	bfa992bc	jim-p	$ca['descr'] = $pconfig['descr'];
291
292	5d2edeca	Sjon Hortensius	if ($act == "edit") {
293	bfa992bc	jim-p	$ca['descr'] = $pconfig['descr'];
294			$ca['refid'] = $pconfig['refid'];
295			$ca['serial'] = $pconfig['serial'];
296	51583438	Stephen Beaver	$ca['crt'] = base64_encode($pconfig['cert']);
297	56b1ed39	Phil Davis	if (!empty($pconfig['key'])) {
298	51583438	Stephen Beaver	$ca['prv'] = base64_encode($pconfig['key']);
299	56b1ed39	Phil Davis	}
300	bfa992bc	jim-p	} else {
301	f416763b	Phil Davis	$old_err_level = error_reporting(0); /* otherwise openssl_ functions throw warnings directly to a page screwing menu tab */
302	56b1ed39	Phil Davis	if ($pconfig['method'] == "existing") {
303	bfa992bc	jim-p	ca_import($ca, $pconfig['cert'], $pconfig['key'], $pconfig['serial']);
304	56b1ed39	Phil Davis	} else if ($pconfig['method'] == "internal") {
305	bfa992bc	jim-p	$dn = array(
306			'countryName' => $pconfig['dn_country'],
307			'stateOrProvinceName' => $pconfig['dn_state'],
308			'localityName' => $pconfig['dn_city'],
309			'organizationName' => $pconfig['dn_organization'],
310			'emailAddress' => $pconfig['dn_email'],
311			'commonName' => $pconfig['dn_commonname']);
312	56b1ed39	Phil Davis	if (!ca_create($ca, $pconfig['keylen'], $pconfig['lifetime'], $dn, $pconfig['digest_alg'])) {
313			while ($ssl_err = openssl_error_string()) {
314	1b6d9fa5	Evgeny Yurchenko	$input_errors = array();
315			array_push($input_errors, "openssl library returns: " . $ssl_err);
316			}
317			}
318	78863416	Phil Davis	} else if ($pconfig['method'] == "intermediate") {
319	95c8cf48	Evgeny Yurchenko	$dn = array(
320			'countryName' => $pconfig['dn_country'],
321			'stateOrProvinceName' => $pconfig['dn_state'],
322			'localityName' => $pconfig['dn_city'],
323			'organizationName' => $pconfig['dn_organization'],
324			'emailAddress' => $pconfig['dn_email'],
325			'commonName' => $pconfig['dn_commonname']);
326	1d6f93c5	Stephen Beaver
327	56b1ed39	Phil Davis	if (!ca_inter_create($ca, $pconfig['keylen'], $pconfig['lifetime'], $dn, $pconfig['caref'], $pconfig['digest_alg'])) {
328			while ($ssl_err = openssl_error_string()) {
329	95c8cf48	Evgeny Yurchenko	$input_errors = array();
330			array_push($input_errors, "openssl library returns: " . $ssl_err);
331			}
332			}
333			}
334	1b6d9fa5	Evgeny Yurchenko	error_reporting($old_err_level);
335	64cc39d3	Matthew Grooms	}
336
337	56b1ed39	Phil Davis	if (isset($id) && $a_ca[$id]) {
338	64cc39d3	Matthew Grooms	$a_ca[$id] = $ca;
339	56b1ed39	Phil Davis	} else {
340	64cc39d3	Matthew Grooms	$a_ca[] = $ca;
341	56b1ed39	Phil Davis	}
342	64cc39d3	Matthew Grooms
343	56b1ed39	Phil Davis	if (!$input_errors) {
344	95c8cf48	Evgeny Yurchenko	write_config();
345	56b1ed39	Phil Davis	}
346	64cc39d3	Matthew Grooms
347	683ba309	Stephen Beaver	pfSenseHeader("system_camanager.php");
348	64cc39d3	Matthew Grooms	}
349			}
350
351	56c6b1cb	k-paulius	$pgtitle = array(gettext("System"), gettext("Certificate Manager"), gettext("CAs"));
352
353			if ($act == "new" \|\| $act == "edit" \|\| $act == gettext("Save") \|\| $input_errors) {
354			$pgtitle[] = gettext('Edit');
355			}
356	64cc39d3	Matthew Grooms	include("head.inc");
357
358	78863416	Phil Davis	if ($input_errors) {
359	5d2edeca	Sjon Hortensius	print_input_errors($input_errors);
360	78863416	Phil Davis	}
361	b8f22f61	Stephen Beaver
362	78863416	Phil Davis	if ($savemsg) {
363	b8f22f61	Stephen Beaver	print_info_box($savemsg, 'success');
364	78863416	Phil Davis	}
365	5d2edeca	Sjon Hortensius
366			// Load valid country codes
367			$dn_cc = array();
368	78863416	Phil Davis	if (file_exists("/etc/ca_countries")) {
369	5d2edeca	Sjon Hortensius	$dn_cc_file=file("/etc/ca_countries");
370	78863416	Phil Davis	foreach ($dn_cc_file as $line) {
371	b8f22f61	Stephen Beaver	if (preg_match('/^(\S)\s(.)$/', $line, $matches)) {
372	f74457df	Stephen Beaver	$dn_cc[$matches[1]] = $matches[1];
373	b8f22f61	Stephen Beaver	}
374			}
375	64cc39d3	Matthew Grooms	}
376
377	5d2edeca	Sjon Hortensius	$tab_array = array();
378			$tab_array[] = array(gettext("CAs"), true, "system_camanager.php");
379			$tab_array[] = array(gettext("Certificates"), false, "system_certmanager.php");
380			$tab_array[] = array(gettext("Certificate Revocation"), false, "system_crlmanager.php");
381			display_top_tabs($tab_array);
382
383	78863416	Phil Davis	if (!($act == "new" \|\| $act == "edit" \|\| $act == gettext("Save") \|\| $input_errors)) {
384	5d2edeca	Sjon Hortensius	?>
385	060ed238	Stephen Beaver	<div class="panel panel-default">
386			<div class="panel-heading"><h2 class="panel-title"><?=gettext('Certificate Authorities')?></h2></div>
387			<div class="panel-body">
388			<div class="table-responsive">
389			<table class="table table-striped table-hover">
390			<thead>
391			<tr>
392			<th><?=gettext("Name")?></th>
393			<th><?=gettext("Internal")?></th>
394			<th><?=gettext("Issuer")?></th>
395			<th><?=gettext("Certificates")?></th>
396			<th><?=gettext("Distinguished Name")?></th>
397			<th><?=gettext("Actions")?></th>
398			</tr>
399			</thead>
400			<tbody>
401	64cc39d3	Matthew Grooms	<?php
402	5d2edeca	Sjon Hortensius	foreach ($a_ca as $i => $ca):
403			$name = htmlspecialchars($ca['descr']);
404			$subj = cert_get_subject($ca['crt']);
405			$issuer = cert_get_issuer($ca['crt']);
406			list($startdate, $enddate) = cert_get_dates($ca['crt']);
407	78863416	Phil Davis	if ($subj == $issuer) {
408	a2a10102	Sjon Hortensius	$issuer_name = gettext("self-signed");
409	78863416	Phil Davis	} else {
410	a2a10102	Sjon Hortensius	$issuer_name = gettext("external");
411	78863416	Phil Davis	}
412	5d2edeca	Sjon Hortensius	$subj = htmlspecialchars($subj);
413			$issuer = htmlspecialchars($issuer);
414			$certcount = 0;
415
416			$issuer_ca = lookup_ca($ca['caref']);
417	78863416	Phil Davis	if ($issuer_ca) {
418	5d2edeca	Sjon Hortensius	$issuer_name = $issuer_ca['descr'];
419	78863416	Phil Davis	}
420	5d2edeca	Sjon Hortensius
421			// TODO : Need gray certificate icon
422			$internal = (!!$ca['prv']);
423
424	78863416	Phil Davis	foreach ($a_cert as $cert) {
425			if ($cert['caref'] == $ca['refid']) {
426	5d2edeca	Sjon Hortensius	$certcount++;
427	78863416	Phil Davis	}
428			}
429	5d2edeca	Sjon Hortensius
430	78863416	Phil Davis	foreach ($a_ca as $cert) {
431			if ($cert['caref'] == $ca['refid']) {
432	5d2edeca	Sjon Hortensius	$certcount++;
433	78863416	Phil Davis	}
434			}
435	64cc39d3	Matthew Grooms	?>
436	060ed238	Stephen Beaver	<tr>
437			<td><?=$name?></td>
438			<td><?=$internal?></td>
439			<td><i><?=$issuer_name?></i></td>
440			<td><?=$certcount?></td>
441			<td>
442			<?=$subj?>
443			<br />
444			<small>
445			<?=gettext("Valid From")?>: <b><?=$startdate ?></b><br /><?=gettext("Valid Until")?>: <b><?=$enddate ?></b>
446			</small>
447			</td>
448			<td>
449	097094bd	Phil Davis	<a class="fa fa-pencil" title="<?=gettext("Edit CA")?>" href="system_camanager.php?act=edit&id=<?=$i?>"></a>
450			<a class="fa fa-sign-in" title="<?=gettext("Export CA")?>" href="system_camanager.php?act=exp&id=<?=$i?>"></a>
451	060ed238	Stephen Beaver	<?php if ($ca['prv']): ?>
452			<a class="fa fa-key" title="<?=gettext("Export key")?>" href="system_camanager.php?act=expkey&id=<?=$i?>"></a>
453			<?php endif?>
454	097094bd	Phil Davis	<a class="fa fa-trash" title="<?=gettext("Delete CA")?>" href="system_camanager.php?act=del&id=<?=$i?>"></a>
455	060ed238	Stephen Beaver	</td>
456			</tr>
457	5d2edeca	Sjon Hortensius	<?php endforeach; ?>
458	060ed238	Stephen Beaver	</tbody>
459			</table>
460			</div>
461			</div>
462	04f1a496	NOYB	</div>
463	64cc39d3	Matthew Grooms
464	c10cb196	Stephen Beaver	<nav class="action-buttons">
465	f74457df	Stephen Beaver	<a href="?act=new" class="btn btn-success btn-sm">
466	9d5a20cf	heper	<i class="fa fa-plus icon-embed-btn"></i>
467	f74457df	Stephen Beaver	<?=gettext("Add")?>
468			</a>
469	5d2edeca	Sjon Hortensius	</nav>
470	e9258698	NewEraCracker	<?php
471	5d2edeca	Sjon Hortensius	include("foot.inc");
472			exit;
473			}
474	96c7a492	Matthew Grooms
475	5d2edeca	Sjon Hortensius	$form = new Form;
476	b155730f	Stephen Beaver	//$form->setAction('system_camanager.php?act=edit');
477	78863416	Phil Davis	if (isset($id) && $a_ca[$id]) {
478	5d2edeca	Sjon Hortensius	$form->addGlobal(new Form_Input(
479			'id',
480			null,
481			'hidden',
482			$id
483			));
484			}
485	64cc39d3	Matthew Grooms
486	78863416	Phil Davis	if ($act == "edit") {
487	5d2edeca	Sjon Hortensius	$form->addGlobal(new Form_Input(
488			'refid',
489			null,
490			'hidden',
491			$pconfig['refid']
492			));
493			}
494
495	5f88f964	k-paulius	$section = new Form_Section('Create / Edit CA');
496	5d2edeca	Sjon Hortensius
497			$section->addInput(new Form_Input(
498			'descr',
499			'Descriptive name',
500			'text',
501			$pconfig['descr']
502			));
503
504	78863416	Phil Davis	if (!isset($id) \|\| $act == "edit") {
505	5d2edeca	Sjon Hortensius	$section->addInput(new Form_Select(
506			'method',
507			'Method',
508			$pconfig['method'],
509			$ca_methods
510	44d906ca	Sjon Hortensius	))->toggles();
511	5d2edeca	Sjon Hortensius	}
512	64cc39d3	Matthew Grooms
513	5d2edeca	Sjon Hortensius	$form->add($section);
514
515			$section = new Form_Section('Existing Certificate Authority');
516			$section->addClass('toggle-existing collapse');
517
518			$section->addInput(new Form_Textarea(
519			'cert',
520			'Certificate data',
521			$pconfig['cert']
522			))->setHelp('Paste a certificate in X.509 PEM format here.');
523
524			$section->addInput(new Form_Textarea(
525			'key',
526			'Certificate Private Key (optional)',
527			$pconfig['key']
528			))->setHelp('Paste the private key for the above certificate here. This is '.
529			'optional in most cases, but required if you need to generate a '.
530			'Certificate Revocation List (CRL).');
531
532			$section->addInput(new Form_Input(
533			'serial',
534			'Serial for next certificate',
535			'number',
536			$pconfig['serial']
537			))->setHelp('Enter a decimal number to be used as the serial number for the next '.
538			'certificate to be created using this CA.');
539
540			$form->add($section);
541
542			$section = new Form_Section('Internal Certificate Authority');
543			$section->addClass('toggle-internal', 'toggle-intermediate', 'collapse');
544
545			$allCas = array();
546	78863416	Phil Davis	foreach ($a_ca as $ca) {
547			if (!$ca['prv']) {
548	5d2edeca	Sjon Hortensius	continue;
549	78863416	Phil Davis	}
550	5d2edeca	Sjon Hortensius
551			$allCas[ $ca['refid'] ] = $ca['descr'];
552			}
553	64cc39d3	Matthew Grooms
554	5d2edeca	Sjon Hortensius	$group = new Form_Group('Signing Certificate Authority');
555	b8f22f61	Stephen Beaver	$group->addClass('toggle-intermediate', 'collapse');
556	5d2edeca	Sjon Hortensius	$group->add(new Form_Select(
557			'caref',
558			null,
559			$pconfig['caref'],
560			$allCas
561			));
562			$section->add($group);
563
564			$section->addInput(new Form_Select(
565			'keylen',
566			'Key length (bits)',
567			$pconfig['keylen'],
568	b698621d	Stephen Beaver	array_combine($ca_keylens, $ca_keylens)
569	5d2edeca	Sjon Hortensius	));
570
571			$section->addInput(new Form_Select(
572			'digest_alg',
573			'Digest Algorithm',
574			$pconfig['digest_alg'],
575	b698621d	Stephen Beaver	array_combine($openssl_digest_algs, $openssl_digest_algs)
576	5d2edeca	Sjon Hortensius	))->setHelp('NOTE: It is recommended to use an algorithm stronger than SHA1 '.
577			'when possible.');
578
579			$section->addInput(new Form_Input(
580			'lifetime',
581			'Lifetime (days)',
582			'number',
583			$pconfig['lifetime']
584			));
585
586			$section->addInput(new Form_Select(
587			'dn_country',
588			'Country Code',
589			$pconfig['dn_country'],
590			$dn_cc
591			));
592
593			$section->addInput(new Form_Input(
594			'dn_state',
595			'State or Province',
596			'text',
597			$pconfig['dn_state'],
598			['placeholder' => 'e.g. Texas']
599			));
600
601			$section->addInput(new Form_Input(
602			'dn_city',
603			'City',
604			'text',
605			$pconfig['dn_city'],
606			['placeholder' => 'e.g. Austin']
607			));
608
609			$section->addInput(new Form_Input(
610			'dn_organization',
611			'Organization',
612			'text',
613			$pconfig['dn_organization'],
614			['placeholder' => 'e.g. My Company Inc.']
615			));
616
617			$section->addInput(new Form_Input(
618			'dn_email',
619			'Email Address',
620			'email',
621			$pconfig['dn_email'],
622			['placeholder' => 'e.g. admin@mycompany.com']
623			));
624
625			$section->addInput(new Form_Input(
626			'dn_commonname',
627			'Common Name',
628			'text',
629			$pconfig['dn_commonname'],
630			['placeholder' => 'e.g. internal-ca']
631			));
632
633			$form->add($section);
634
635			print $form;
636
637	b8f22f61	Stephen Beaver	$internal_ca_count = 0;
638			foreach ($a_ca as $ca) {
639			if ($ca['prv']) {
640			$internal_ca_count++;
641			}
642			}
643
644	c10cb196	Stephen Beaver	include('foot.inc');
645	097094bd	Phil Davis	?>

Project

General

Profile

pfSense