/src/usr/local/www/system_camanager.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/src/usr/local/www/system_camanager.php @ b09f48fb

1	64cc39d3	Matthew Grooms	<?php
2			/*
3	c5d81585	Renato Botelho	* system_camanager.php
4	f74457df	Stephen Beaver	*
5	c5d81585	Renato Botelho	* part of pfSense (https://www.pfsense.org)
6	b8f91b7c	Luiz Souza	* Copyright (c) 2004-2018 Rubicon Communications, LLC (Netgate)
7	c5d81585	Renato Botelho	* Copyright (c) 2008 Shrew Soft Inc
8			* All rights reserved.
9	f74457df	Stephen Beaver	*
10	b12ea3fb	Renato Botelho	* Licensed under the Apache License, Version 2.0 (the "License");
11			* you may not use this file except in compliance with the License.
12			* You may obtain a copy of the License at
13	f74457df	Stephen Beaver	*
14	b12ea3fb	Renato Botelho	* http://www.apache.org/licenses/LICENSE-2.0
15	f74457df	Stephen Beaver	*
16	b12ea3fb	Renato Botelho	* Unless required by applicable law or agreed to in writing, software
17			* distributed under the License is distributed on an "AS IS" BASIS,
18			* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
19			* See the License for the specific language governing permissions and
20			* limitations under the License.
21	f74457df	Stephen Beaver	*/
22	64cc39d3	Matthew Grooms
23			##\|+PRIV
24			##\|*IDENT=page-system-camanager
25			##\|*NAME=System: CA Manager
26			##\|*DESCR=Allow access to the 'System: CA Manager' page.
27			##\|MATCH=system_camanager.php
28			##\|-PRIV
29
30	c81ef6e2	Phil Davis	require_once("guiconfig.inc");
31	742d9c2d	Ermal Lu?i	require_once("certs.inc");
32	afb7b75e	doktornotor	require_once("pfsense-utils.inc");
33	64cc39d3	Matthew Grooms
34			$ca_methods = array(
35	95c8cf48	Evgeny Yurchenko	"internal" => gettext("Create an internal Certificate Authority"),
36	b0a5c280	jim-p	"existing" => gettext("Import an existing Certificate Authority"),
37	95c8cf48	Evgeny Yurchenko	"intermediate" => gettext("Create an intermediate Certificate Authority"));
38	64cc39d3	Matthew Grooms
39	36cfae5f	Justin Coffman	$ca_keylens = array("1024", "2048", "3072", "4096", "6144", "7680", "8192", "15360", "16384");
40	84141846	jim-p	global $openssl_digest_algs;
41	64cc39d3	Matthew Grooms
42	4611e283	Steve Beaver	if (isset($_REQUEST['id']) && is_numericint($_REQUEST['id'])) {
43			$id = $_REQUEST['id'];
44	56b1ed39	Phil Davis	}
45	64cc39d3	Matthew Grooms
46	56b1ed39	Phil Davis	if (!is_array($config['ca'])) {
47	b4e6524c	jim-p	$config['ca'] = array();
48	56b1ed39	Phil Davis	}
49	64cc39d3	Matthew Grooms
50	b4e6524c	jim-p	$a_ca =& $config['ca'];
51	64cc39d3	Matthew Grooms
52	56b1ed39	Phil Davis	if (!is_array($config['cert'])) {
53	b4e6524c	jim-p	$config['cert'] = array();
54	56b1ed39	Phil Davis	}
55	64cc39d3	Matthew Grooms
56	b4e6524c	jim-p	$a_cert =& $config['cert'];
57	64cc39d3	Matthew Grooms
58	56b1ed39	Phil Davis	if (!is_array($config['crl'])) {
59	461aa9d0	jim-p	$config['crl'] = array();
60	56b1ed39	Phil Davis	}
61	461aa9d0	jim-p
62			$a_crl =& $config['crl'];
63
64	4611e283	Steve Beaver	if ($_REQUEST['act']) {
65			$act = $_REQUEST['act'];
66	56b1ed39	Phil Davis	}
67	64cc39d3	Matthew Grooms
68	4611e283	Steve Beaver	if ($_POST['act'] == "del") {
69	64cc39d3	Matthew Grooms
70	40e6086a	jim-p	if (!isset($a_ca[$id])) {
71	64cc39d3	Matthew Grooms	pfSenseHeader("system_camanager.php");
72			exit;
73			}
74
75	80080a0c	jim-p	/* Only remove CA reference when deleting. It can be reconnected if a new matching CA is imported */
76	64cc39d3	Matthew Grooms	$index = count($a_cert) - 1;
77	56b1ed39	Phil Davis	for (;$index >= 0; $index--) {
78			if ($a_cert[$index]['caref'] == $a_ca[$id]['refid']) {
79	80080a0c	jim-p	unset($a_cert[$index]['caref']);
80	56b1ed39	Phil Davis	}
81			}
82	64cc39d3	Matthew Grooms
83	80080a0c	jim-p	/* Remove any CRLs for this CA, there is no way to recover the connection once the CA has been removed. */
84	461aa9d0	jim-p	$index = count($a_crl) - 1;
85	56b1ed39	Phil Davis	for (;$index >= 0; $index--) {
86			if ($a_crl[$index]['caref'] == $a_ca[$id]['refid']) {
87	461aa9d0	jim-p	unset($a_crl[$index]);
88	56b1ed39	Phil Davis	}
89			}
90	461aa9d0	jim-p
91	f2a86ca9	jim-p	$name = $a_ca[$id]['descr'];
92	64cc39d3	Matthew Grooms	unset($a_ca[$id]);
93			write_config();
94	8545adde	k-paulius	$savemsg = sprintf(gettext("Certificate Authority %s and its CRLs (if any) successfully deleted."), htmlspecialchars($name));
95	2f51259b	jim-p	pfSenseHeader("system_camanager.php");
96			exit;
97	64cc39d3	Matthew Grooms	}
98
99	bfa992bc	jim-p	if ($act == "edit") {
100			if (!$a_ca[$id]) {
101			pfSenseHeader("system_camanager.php");
102			exit;
103			}
104	d43485a9	luckman212	$pconfig['method'] = 'existing';
105	bfa992bc	jim-p	$pconfig['descr'] = $a_ca[$id]['descr'];
106			$pconfig['refid'] = $a_ca[$id]['refid'];
107			$pconfig['cert'] = base64_decode($a_ca[$id]['crt']);
108			$pconfig['serial'] = $a_ca[$id]['serial'];
109	56b1ed39	Phil Davis	if (!empty($a_ca[$id]['prv'])) {
110	bfa992bc	jim-p	$pconfig['key'] = base64_decode($a_ca[$id]['prv']);
111	56b1ed39	Phil Davis	}
112	bfa992bc	jim-p	}
113
114	64cc39d3	Matthew Grooms	if ($act == "new") {
115	d565c182	Steve Beaver	$pconfig['method'] = $_POST['method'];
116	64cc39d3	Matthew Grooms	$pconfig['keylen'] = "2048";
117	28a20fdb	jim-p	$pconfig['digest_alg'] = "sha256";
118	cf360495	Chris Buechler	$pconfig['lifetime'] = "3650";
119	64cc39d3	Matthew Grooms	$pconfig['dn_commonname'] = "internal-ca";
120			}
121
122	93823b10	Matthew Grooms	if ($act == "exp") {
123
124			if (!$a_ca[$id]) {
125			pfSenseHeader("system_camanager.php");
126			exit;
127			}
128
129	f2a86ca9	jim-p	$exp_name = urlencode("{$a_ca[$id]['descr']}.crt");
130	93823b10	Matthew Grooms	$exp_data = base64_decode($a_ca[$id]['crt']);
131			$exp_size = strlen($exp_data);
132
133			header("Content-Type: application/octet-stream");
134			header("Content-Disposition: attachment; filename={$exp_name}");
135			header("Content-Length: $exp_size");
136			echo $exp_data;
137			exit;
138			}
139
140	ecefc738	jim-p	if ($act == "expkey") {
141
142			if (!$a_ca[$id]) {
143			pfSenseHeader("system_camanager.php");
144			exit;
145			}
146
147	f2a86ca9	jim-p	$exp_name = urlencode("{$a_ca[$id]['descr']}.key");
148	ecefc738	jim-p	$exp_data = base64_decode($a_ca[$id]['prv']);
149			$exp_size = strlen($exp_data);
150
151			header("Content-Type: application/octet-stream");
152			header("Content-Disposition: attachment; filename={$exp_name}");
153			header("Content-Length: $exp_size");
154			echo $exp_data;
155			exit;
156			}
157
158	1355f71c	Steve Beaver	if ($_POST['save']) {
159	64cc39d3	Matthew Grooms
160	95c8cf48	Evgeny Yurchenko	unset($input_errors);
161	2b8bfda4	Phil Davis	$input_errors = array();
162	64cc39d3	Matthew Grooms	$pconfig = $_POST;
163
164			/* input validation */
165			if ($pconfig['method'] == "existing") {
166	5293bfec	jim-p	$reqdfields = explode(" ", "descr cert");
167	38fb1109	Vinicius Coque	$reqdfieldsn = array(
168	56b1ed39	Phil Davis	gettext("Descriptive name"),
169			gettext("Certificate data"));
170			if ($_POST['cert'] && (!strstr($_POST['cert'], "BEGIN CERTIFICATE") \|\| !strstr($_POST['cert'], "END CERTIFICATE"))) {
171	396cfe2e	jim-p	$input_errors[] = gettext("This certificate does not appear to be valid.");
172	56b1ed39	Phil Davis	}
173			if ($_POST['key'] && strstr($_POST['key'], "ENCRYPTED")) {
174	46698c3f	jim-p	$input_errors[] = gettext("Encrypted private keys are not yet supported.");
175	56b1ed39	Phil Davis	}
176	1746c5ce	PiBa-NL	if (!$input_errors && !empty($_POST['key']) && cert_get_publickey($_POST['cert'], false) != cert_get_publickey($_POST['key'], false, 'prv')) {
177	2cf5db21	jim-p	$input_errors[] = gettext("The submitted private key does not match the submitted certificate data.");
178			}
179	9e608d7a	jim-p	/* we must ensure the certificate is capable of acting as a CA
180			* https://redmine.pfsense.org/issues/7885
181			*/
182			if (!$input_errors) {
183			$purpose = cert_get_purpose($_POST['cert'], false);
184			if ($purpose['ca'] != 'Yes') {
185			$input_errors[] = gettext("The submitted certificate does not appear to be a Certificate Authority, import it on the Certificates tab instead.");
186			}
187			}
188	64cc39d3	Matthew Grooms	}
189			if ($pconfig['method'] == "internal") {
190			$reqdfields = explode(" ",
191	80d50253	jim-p	"descr keylen lifetime dn_commonname");
192	38fb1109	Vinicius Coque	$reqdfieldsn = array(
193	56b1ed39	Phil Davis	gettext("Descriptive name"),
194			gettext("Key length"),
195			gettext("Lifetime"),
196			gettext("Distinguished name Common Name"));
197	64cc39d3	Matthew Grooms	}
198	95c8cf48	Evgeny Yurchenko	if ($pconfig['method'] == "intermediate") {
199			$reqdfields = explode(" ",
200	80d50253	jim-p	"descr caref keylen lifetime dn_commonname");
201	95c8cf48	Evgeny Yurchenko	$reqdfieldsn = array(
202	56b1ed39	Phil Davis	gettext("Descriptive name"),
203			gettext("Signing Certificate Authority"),
204			gettext("Key length"),
205			gettext("Lifetime"),
206			gettext("Distinguished name Common Name"));
207	95c8cf48	Evgeny Yurchenko	}
208	64cc39d3	Matthew Grooms
209	1e9b4611	Renato Botelho	do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors);
210	ca621902	jim-p	if ($pconfig['method'] != "existing") {
211	21cc2faa	Evgeny Yurchenko	/* Make sure we do not have invalid characters in the fields for the certificate */
212	b75cdd94	jim-p	if (preg_match("/[\?\>\<\&\/\\\"\']/", $_POST['descr'])) {
213	762faef5	Phil Davis	array_push($input_errors, gettext("The field 'Descriptive Name' contains invalid characters."));
214	b75cdd94	jim-p	}
215	56b1ed39	Phil Davis	if (!in_array($_POST["keylen"], $ca_keylens)) {
216	ca621902	jim-p	array_push($input_errors, gettext("Please select a valid Key Length."));
217	56b1ed39	Phil Davis	}
218			if (!in_array($_POST["digest_alg"], $openssl_digest_algs)) {
219	ca621902	jim-p	array_push($input_errors, gettext("Please select a valid Digest Algorithm."));
220	56b1ed39	Phil Davis	}
221	ca621902	jim-p	}
222	1d6f93c5	Stephen Beaver
223	64cc39d3	Matthew Grooms	/* save modifications */
224			if (!$input_errors) {
225			$ca = array();
226	56b1ed39	Phil Davis	if (!isset($pconfig['refid']) \|\| empty($pconfig['refid'])) {
227	bfa992bc	jim-p	$ca['refid'] = uniqid();
228	56b1ed39	Phil Davis	} else {
229	bfa992bc	jim-p	$ca['refid'] = $pconfig['refid'];
230	56b1ed39	Phil Davis	}
231	bfa992bc	jim-p
232	56b1ed39	Phil Davis	if (isset($id) && $a_ca[$id]) {
233	64cc39d3	Matthew Grooms	$ca = $a_ca[$id];
234	56b1ed39	Phil Davis	}
235	64cc39d3	Matthew Grooms
236	bfa992bc	jim-p	$ca['descr'] = $pconfig['descr'];
237
238	5d2edeca	Sjon Hortensius	if ($act == "edit") {
239	bfa992bc	jim-p	$ca['descr'] = $pconfig['descr'];
240			$ca['refid'] = $pconfig['refid'];
241			$ca['serial'] = $pconfig['serial'];
242	51583438	Stephen Beaver	$ca['crt'] = base64_encode($pconfig['cert']);
243	56b1ed39	Phil Davis	if (!empty($pconfig['key'])) {
244	51583438	Stephen Beaver	$ca['prv'] = base64_encode($pconfig['key']);
245	56b1ed39	Phil Davis	}
246	bfa992bc	jim-p	} else {
247	f416763b	Phil Davis	$old_err_level = error_reporting(0); /* otherwise openssl_ functions throw warnings directly to a page screwing menu tab */
248	56b1ed39	Phil Davis	if ($pconfig['method'] == "existing") {
249	bfa992bc	jim-p	ca_import($ca, $pconfig['cert'], $pconfig['key'], $pconfig['serial']);
250	56b1ed39	Phil Davis	} else if ($pconfig['method'] == "internal") {
251	80d50253	jim-p	$dn = array('commonName' => cert_escape_x509_chars($pconfig['dn_commonname']));
252			if (!empty($pconfig['dn_country'])) {
253			$dn['countryName'] = $pconfig['dn_country'];
254			}
255			if (!empty($pconfig['dn_state'])) {
256			$dn['stateOrProvinceName'] = cert_escape_x509_chars($pconfig['dn_state']);
257			}
258			if (!empty($pconfig['dn_city'])) {
259			$dn['localityName'] = cert_escape_x509_chars($pconfig['dn_city']);
260			}
261			if (!empty($pconfig['dn_organization'])) {
262			$dn['organizationName'] = cert_escape_x509_chars($pconfig['dn_organization']);
263			}
264	da0f70ed	jim-p	if (!empty($pconfig['dn_organizationalunit'])) {
265	83d2b83a	jim-p	$dn['organizationalUnitName'] = cert_escape_x509_chars($pconfig['dn_organizationalunit']);
266	da0f70ed	jim-p	}
267	56b1ed39	Phil Davis	if (!ca_create($ca, $pconfig['keylen'], $pconfig['lifetime'], $dn, $pconfig['digest_alg'])) {
268	5ce9bcf5	jim-p	$input_errors = array();
269	56b1ed39	Phil Davis	while ($ssl_err = openssl_error_string()) {
270	5ce9bcf5	jim-p	if (strpos($ssl_err, 'NCONF_get_string:no value') === false) {
271			array_push($input_errors, "openssl library returns: " . $ssl_err);
272			}
273	1b6d9fa5	Evgeny Yurchenko	}
274			}
275	78863416	Phil Davis	} else if ($pconfig['method'] == "intermediate") {
276	80d50253	jim-p	$dn = array('commonName' => cert_escape_x509_chars($pconfig['dn_commonname']));
277			if (!empty($pconfig['dn_country'])) {
278			$dn['countryName'] = $pconfig['dn_country'];
279			}
280			if (!empty($pconfig['dn_state'])) {
281			$dn['stateOrProvinceName'] = cert_escape_x509_chars($pconfig['dn_state']);
282			}
283			if (!empty($pconfig['dn_city'])) {
284			$dn['localityName'] = cert_escape_x509_chars($pconfig['dn_city']);
285			}
286			if (!empty($pconfig['dn_organization'])) {
287			$dn['organizationName'] = cert_escape_x509_chars($pconfig['dn_organization']);
288			}
289	da0f70ed	jim-p	if (!empty($pconfig['dn_organizationalunit'])) {
290	83d2b83a	jim-p	$dn['organizationalUnitName'] = cert_escape_x509_chars($pconfig['dn_organizationalunit']);
291	da0f70ed	jim-p	}
292	56b1ed39	Phil Davis	if (!ca_inter_create($ca, $pconfig['keylen'], $pconfig['lifetime'], $dn, $pconfig['caref'], $pconfig['digest_alg'])) {
293	5ce9bcf5	jim-p	$input_errors = array();
294	56b1ed39	Phil Davis	while ($ssl_err = openssl_error_string()) {
295	5ce9bcf5	jim-p	if (strpos($ssl_err, 'NCONF_get_string:no value') === false) {
296			array_push($input_errors, "openssl library returns: " . $ssl_err);
297			}
298	95c8cf48	Evgeny Yurchenko	}
299			}
300			}
301	1b6d9fa5	Evgeny Yurchenko	error_reporting($old_err_level);
302	64cc39d3	Matthew Grooms	}
303
304	56b1ed39	Phil Davis	if (isset($id) && $a_ca[$id]) {
305	64cc39d3	Matthew Grooms	$a_ca[$id] = $ca;
306	56b1ed39	Phil Davis	} else {
307	64cc39d3	Matthew Grooms	$a_ca[] = $ca;
308	56b1ed39	Phil Davis	}
309	64cc39d3	Matthew Grooms
310	56b1ed39	Phil Davis	if (!$input_errors) {
311	95c8cf48	Evgeny Yurchenko	write_config();
312	5ce9bcf5	jim-p	pfSenseHeader("system_camanager.php");
313	56b1ed39	Phil Davis	}
314	64cc39d3	Matthew Grooms	}
315			}
316
317	56c6b1cb	k-paulius	$pgtitle = array(gettext("System"), gettext("Certificate Manager"), gettext("CAs"));
318	edcd7535	Phil Davis	$pglinks = array("", "system_camanager.php", "system_camanager.php");
319	56c6b1cb	k-paulius
320			if ($act == "new" \|\| $act == "edit" \|\| $act == gettext("Save") \|\| $input_errors) {
321			$pgtitle[] = gettext('Edit');
322	edcd7535	Phil Davis	$pglinks[] = "@self";
323	56c6b1cb	k-paulius	}
324	64cc39d3	Matthew Grooms	include("head.inc");
325
326	78863416	Phil Davis	if ($input_errors) {
327	5d2edeca	Sjon Hortensius	print_input_errors($input_errors);
328	78863416	Phil Davis	}
329	b8f22f61	Stephen Beaver
330	78863416	Phil Davis	if ($savemsg) {
331	b8f22f61	Stephen Beaver	print_info_box($savemsg, 'success');
332	78863416	Phil Davis	}
333	5d2edeca	Sjon Hortensius
334			// Load valid country codes
335			$dn_cc = array();
336	78863416	Phil Davis	if (file_exists("/etc/ca_countries")) {
337	5d2edeca	Sjon Hortensius	$dn_cc_file=file("/etc/ca_countries");
338	80d50253	jim-p	$dn_cc[''] = gettext("None");
339	78863416	Phil Davis	foreach ($dn_cc_file as $line) {
340	b8f22f61	Stephen Beaver	if (preg_match('/^(\S)\s(.)$/', $line, $matches)) {
341	f74457df	Stephen Beaver	$dn_cc[$matches[1]] = $matches[1];
342	b8f22f61	Stephen Beaver	}
343			}
344	64cc39d3	Matthew Grooms	}
345
346	5d2edeca	Sjon Hortensius	$tab_array = array();
347			$tab_array[] = array(gettext("CAs"), true, "system_camanager.php");
348			$tab_array[] = array(gettext("Certificates"), false, "system_certmanager.php");
349			$tab_array[] = array(gettext("Certificate Revocation"), false, "system_crlmanager.php");
350			display_top_tabs($tab_array);
351
352	78863416	Phil Davis	if (!($act == "new" \|\| $act == "edit" \|\| $act == gettext("Save") \|\| $input_errors)) {
353	5d2edeca	Sjon Hortensius	?>
354	060ed238	Stephen Beaver	<div class="panel panel-default">
355			<div class="panel-heading"><h2 class="panel-title"><?=gettext('Certificate Authorities')?></h2></div>
356			<div class="panel-body">
357			<div class="table-responsive">
358	54691fc6	PiBa-NL	<table class="table table-striped table-hover table-rowdblclickedit">
359	060ed238	Stephen Beaver	<thead>
360			<tr>
361			<th><?=gettext("Name")?></th>
362			<th><?=gettext("Internal")?></th>
363			<th><?=gettext("Issuer")?></th>
364			<th><?=gettext("Certificates")?></th>
365			<th><?=gettext("Distinguished Name")?></th>
366	80080a0c	jim-p	<th><?=gettext("In Use")?></th>
367	060ed238	Stephen Beaver	<th><?=gettext("Actions")?></th>
368			</tr>
369			</thead>
370			<tbody>
371	64cc39d3	Matthew Grooms	<?php
372	3bde5cdd	PiBa-NL	$pluginparams = array();
373			$pluginparams['type'] = 'certificates';
374			$pluginparams['event'] = 'used_ca';
375			$certificates_used_by_packages = pkg_call_plugins('plugin_certificates', $pluginparams);
376
377	5d2edeca	Sjon Hortensius	foreach ($a_ca as $i => $ca):
378			$name = htmlspecialchars($ca['descr']);
379			$subj = cert_get_subject($ca['crt']);
380			$issuer = cert_get_issuer($ca['crt']);
381			list($startdate, $enddate) = cert_get_dates($ca['crt']);
382	78863416	Phil Davis	if ($subj == $issuer) {
383	a2a10102	Sjon Hortensius	$issuer_name = gettext("self-signed");
384	78863416	Phil Davis	} else {
385	a2a10102	Sjon Hortensius	$issuer_name = gettext("external");
386	78863416	Phil Davis	}
387	83d2b83a	jim-p	$subj = htmlspecialchars(cert_escape_x509_chars($subj, true));
388	5d2edeca	Sjon Hortensius	$issuer = htmlspecialchars($issuer);
389			$certcount = 0;
390
391			$issuer_ca = lookup_ca($ca['caref']);
392	78863416	Phil Davis	if ($issuer_ca) {
393	5d2edeca	Sjon Hortensius	$issuer_name = $issuer_ca['descr'];
394	78863416	Phil Davis	}
395	5d2edeca	Sjon Hortensius
396	78863416	Phil Davis	foreach ($a_cert as $cert) {
397			if ($cert['caref'] == $ca['refid']) {
398	5d2edeca	Sjon Hortensius	$certcount++;
399	78863416	Phil Davis	}
400			}
401	5d2edeca	Sjon Hortensius
402	78863416	Phil Davis	foreach ($a_ca as $cert) {
403			if ($cert['caref'] == $ca['refid']) {
404	5d2edeca	Sjon Hortensius	$certcount++;
405	78863416	Phil Davis	}
406			}
407	64cc39d3	Matthew Grooms	?>
408	060ed238	Stephen Beaver	<tr>
409			<td><?=$name?></td>
410	ce883f9f	jim-p	<td><i class="fa fa-<?= (!empty($ca['prv'])) ? "check" : "times" ; ?>"></i></td>
411	060ed238	Stephen Beaver	<td><i><?=$issuer_name?></i></td>
412			<td><?=$certcount?></td>
413			<td>
414			<?=$subj?>
415			<br />
416			<small>
417			<?=gettext("Valid From")?>: <b><?=$startdate ?></b><br /><?=gettext("Valid Until")?>: <b><?=$enddate ?></b>
418			</small>
419			</td>
420	80080a0c	jim-p	<td class="text-nowrap">
421			<?php if (is_openvpn_server_ca($ca['refid'])): ?>
422			<?=gettext("OpenVPN Server")?><br/>
423			<?php endif?>
424			<?php if (is_openvpn_client_ca($ca['refid'])): ?>
425			<?=gettext("OpenVPN Client")?><br/>
426			<?php endif?>
427			<?php if (is_ipsec_peer_ca($ca['refid'])): ?>
428			<?=gettext("IPsec Tunnel")?><br/>
429			<?php endif?>
430			<?php if (is_ldap_peer_ca($ca['refid'])): ?>
431			<?=gettext("LDAP Server")?>
432			<?php endif?>
433	3bde5cdd	PiBa-NL	<?php echo cert_usedby_description($ca['refid'], $certificates_used_by_packages); ?>
434	80080a0c	jim-p	</td>
435			<td class="text-nowrap">
436	4611e283	Steve Beaver	<a class="fa fa-pencil" title="<?=gettext("Edit CA")?>" href="system_camanager.php?act=edit&id=<?=$i?>"></a>
437			<a class="fa fa-certificate" title="<?=gettext("Export CA")?>" href="system_camanager.php?act=exp&id=<?=$i?>"></a>
438	060ed238	Stephen Beaver	<?php if ($ca['prv']): ?>
439	4611e283	Steve Beaver	<a class="fa fa-key" title="<?=gettext("Export key")?>" href="system_camanager.php?act=expkey&id=<?=$i?>"></a>
440	060ed238	Stephen Beaver	<?php endif?>
441	80080a0c	jim-p	<?php if (!ca_in_use($ca['refid'])): ?>
442	e8afd822	Steve Beaver	<a class="fa fa-trash" title="<?=gettext("Delete CA and its CRLs")?>" href="system_camanager.php?act=del&id=<?=$i?>" usepost ></a>
443	80080a0c	jim-p	<?php endif?>
444	060ed238	Stephen Beaver	</td>
445			</tr>
446	5d2edeca	Sjon Hortensius	<?php endforeach; ?>
447	060ed238	Stephen Beaver	</tbody>
448			</table>
449			</div>
450			</div>
451	04f1a496	NOYB	</div>
452	64cc39d3	Matthew Grooms
453	c10cb196	Stephen Beaver	<nav class="action-buttons">
454	4611e283	Steve Beaver	<a href="?act=new" class="btn btn-success btn-sm">
455	9d5a20cf	heper	<i class="fa fa-plus icon-embed-btn"></i>
456	f74457df	Stephen Beaver	<?=gettext("Add")?>
457			</a>
458	5d2edeca	Sjon Hortensius	</nav>
459	e9258698	NewEraCracker	<?php
460	5d2edeca	Sjon Hortensius	include("foot.inc");
461			exit;
462			}
463	96c7a492	Matthew Grooms
464	5d2edeca	Sjon Hortensius	$form = new Form;
465	b155730f	Stephen Beaver	//$form->setAction('system_camanager.php?act=edit');
466	78863416	Phil Davis	if (isset($id) && $a_ca[$id]) {
467	5d2edeca	Sjon Hortensius	$form->addGlobal(new Form_Input(
468			'id',
469			null,
470			'hidden',
471			$id
472			));
473			}
474	64cc39d3	Matthew Grooms
475	78863416	Phil Davis	if ($act == "edit") {
476	5d2edeca	Sjon Hortensius	$form->addGlobal(new Form_Input(
477			'refid',
478			null,
479			'hidden',
480			$pconfig['refid']
481			));
482			}
483
484	5f88f964	k-paulius	$section = new Form_Section('Create / Edit CA');
485	5d2edeca	Sjon Hortensius
486			$section->addInput(new Form_Input(
487			'descr',
488	153c3aa6	Phil Davis	'*Descriptive name',
489	5d2edeca	Sjon Hortensius	'text',
490			$pconfig['descr']
491			));
492
493	78863416	Phil Davis	if (!isset($id) \|\| $act == "edit") {
494	5d2edeca	Sjon Hortensius	$section->addInput(new Form_Select(
495			'method',
496	153c3aa6	Phil Davis	'*Method',
497	5d2edeca	Sjon Hortensius	$pconfig['method'],
498			$ca_methods
499	44d906ca	Sjon Hortensius	))->toggles();
500	5d2edeca	Sjon Hortensius	}
501	64cc39d3	Matthew Grooms
502	5d2edeca	Sjon Hortensius	$form->add($section);
503
504			$section = new Form_Section('Existing Certificate Authority');
505			$section->addClass('toggle-existing collapse');
506
507			$section->addInput(new Form_Textarea(
508			'cert',
509	153c3aa6	Phil Davis	'*Certificate data',
510	5d2edeca	Sjon Hortensius	$pconfig['cert']
511			))->setHelp('Paste a certificate in X.509 PEM format here.');
512
513			$section->addInput(new Form_Textarea(
514			'key',
515			'Certificate Private Key (optional)',
516			$pconfig['key']
517			))->setHelp('Paste the private key for the above certificate here. This is '.
518	10ddac8a	NOYB	'optional in most cases, but is required when generating a '.
519	5d2edeca	Sjon Hortensius	'Certificate Revocation List (CRL).');
520
521			$section->addInput(new Form_Input(
522			'serial',
523			'Serial for next certificate',
524			'number',
525			$pconfig['serial']
526			))->setHelp('Enter a decimal number to be used as the serial number for the next '.
527			'certificate to be created using this CA.');
528
529			$form->add($section);
530
531			$section = new Form_Section('Internal Certificate Authority');
532			$section->addClass('toggle-internal', 'toggle-intermediate', 'collapse');
533
534			$allCas = array();
535	78863416	Phil Davis	foreach ($a_ca as $ca) {
536			if (!$ca['prv']) {
537	5d2edeca	Sjon Hortensius	continue;
538	78863416	Phil Davis	}
539	5d2edeca	Sjon Hortensius
540			$allCas[ $ca['refid'] ] = $ca['descr'];
541			}
542	64cc39d3	Matthew Grooms
543	153c3aa6	Phil Davis	$group = new Form_Group('*Signing Certificate Authority');
544	b8f22f61	Stephen Beaver	$group->addClass('toggle-intermediate', 'collapse');
545	5d2edeca	Sjon Hortensius	$group->add(new Form_Select(
546			'caref',
547			null,
548			$pconfig['caref'],
549			$allCas
550			));
551			$section->add($group);
552
553			$section->addInput(new Form_Select(
554			'keylen',
555	153c3aa6	Phil Davis	'*Key length (bits)',
556	5d2edeca	Sjon Hortensius	$pconfig['keylen'],
557	b698621d	Stephen Beaver	array_combine($ca_keylens, $ca_keylens)
558	5d2edeca	Sjon Hortensius	));
559
560			$section->addInput(new Form_Select(
561			'digest_alg',
562	153c3aa6	Phil Davis	'*Digest Algorithm',
563	5d2edeca	Sjon Hortensius	$pconfig['digest_alg'],
564	b698621d	Stephen Beaver	array_combine($openssl_digest_algs, $openssl_digest_algs)
565	5d2edeca	Sjon Hortensius	))->setHelp('NOTE: It is recommended to use an algorithm stronger than SHA1 '.
566			'when possible.');
567
568			$section->addInput(new Form_Input(
569			'lifetime',
570	153c3aa6	Phil Davis	'*Lifetime (days)',
571	5d2edeca	Sjon Hortensius	'number',
572			$pconfig['lifetime']
573			));
574
575	26e3967a	jim-p	$section->addInput(new Form_Input(
576			'dn_commonname',
577			'*Common Name',
578			'text',
579			$pconfig['dn_commonname'],
580			['placeholder' => 'e.g. internal-ca']
581			));
582
583			$section->addInput(new Form_StaticText(
584			null,
585			gettext('The following certificate authority subject components are optional and may be left blank.')
586			));
587
588	5d2edeca	Sjon Hortensius	$section->addInput(new Form_Select(
589			'dn_country',
590	80d50253	jim-p	'Country Code',
591	5d2edeca	Sjon Hortensius	$pconfig['dn_country'],
592			$dn_cc
593			));
594
595			$section->addInput(new Form_Input(
596			'dn_state',
597	80d50253	jim-p	'State or Province',
598	5d2edeca	Sjon Hortensius	'text',
599			$pconfig['dn_state'],
600			['placeholder' => 'e.g. Texas']
601			));
602
603			$section->addInput(new Form_Input(
604			'dn_city',
605	80d50253	jim-p	'City',
606	5d2edeca	Sjon Hortensius	'text',
607			$pconfig['dn_city'],
608			['placeholder' => 'e.g. Austin']
609			));
610
611			$section->addInput(new Form_Input(
612			'dn_organization',
613	80d50253	jim-p	'Organization',
614	5d2edeca	Sjon Hortensius	'text',
615			$pconfig['dn_organization'],
616	da0f70ed	jim-p	['placeholder' => 'e.g. My Company Inc']
617			));
618
619			$section->addInput(new Form_Input(
620			'dn_organizationalunit',
621			'Organizational Unit',
622			'text',
623			$pconfig['dn_organizationalunit'],
624			['placeholder' => 'e.g. My Department Name (optional)']
625	5d2edeca	Sjon Hortensius	));
626
627			$form->add($section);
628
629			print $form;
630
631	b8f22f61	Stephen Beaver	$internal_ca_count = 0;
632			foreach ($a_ca as $ca) {
633			if ($ca['prv']) {
634			$internal_ca_count++;
635			}
636			}
637
638	c10cb196	Stephen Beaver	include('foot.inc');
639	097094bd	Phil Davis	?>

Project

General

Profile

pfSense