/src/usr/local/www/system_certmanager.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/src/usr/local/www/system_certmanager.php @ c6575378

1	64cc39d3	Matthew Grooms	<?php
2			/*
3	aaec5634	Renato Botelho	* system_certmanager.php
4	98402844	Stephen Beaver	*
5	aaec5634	Renato Botelho	* part of pfSense (https://www.pfsense.org)
6	2a2396a6	Renato Botelho	* Copyright (c) 2004-2016 Rubicon Communications, LLC (Netgate)
7	aaec5634	Renato Botelho	* Copyright (c) 2008 Shrew Soft Inc
8			* All rights reserved.
9	98402844	Stephen Beaver	*
10	aaec5634	Renato Botelho	* Redistribution and use in source and binary forms, with or without
11			* modification, are permitted provided that the following conditions are met:
12	98402844	Stephen Beaver	*
13	aaec5634	Renato Botelho	* 1. Redistributions of source code must retain the above copyright notice,
14			* this list of conditions and the following disclaimer.
15	98402844	Stephen Beaver	*
16	aaec5634	Renato Botelho	* 2. Redistributions in binary form must reproduce the above copyright
17			* notice, this list of conditions and the following disclaimer in
18			* the documentation and/or other materials provided with the
19			* distribution.
20	98402844	Stephen Beaver	*
21	aaec5634	Renato Botelho	* 3. All advertising materials mentioning features or use of this software
22			* must display the following acknowledgment:
23			* "This product includes software developed by the pfSense Project
24			* for use in the pfSense® software distribution. (http://www.pfsense.org/).
25	98402844	Stephen Beaver	*
26	aaec5634	Renato Botelho	* 4. The names "pfSense" and "pfSense Project" must not be used to
27			* endorse or promote products derived from this software without
28			* prior written permission. For written permission, please contact
29			* coreteam@pfsense.org.
30	98402844	Stephen Beaver	*
31	aaec5634	Renato Botelho	* 5. Products derived from this software may not be called "pfSense"
32			* nor may "pfSense" appear in their names without prior written
33			* permission of the Electric Sheep Fencing, LLC.
34	98402844	Stephen Beaver	*
35	aaec5634	Renato Botelho	* 6. Redistributions of any form whatsoever must retain the following
36			* acknowledgment:
37	98402844	Stephen Beaver	*
38	aaec5634	Renato Botelho	* "This product includes software developed by the pfSense Project
39			* for use in the pfSense software distribution (http://www.pfsense.org/).
40	98402844	Stephen Beaver	*
41	aaec5634	Renato Botelho	* THIS SOFTWARE IS PROVIDED BY THE pfSense PROJECT ``AS IS'' AND ANY
42			* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43			* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
44			* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE pfSense PROJECT OR
45			* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
46			* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
47			* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
48			* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
49			* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
50			* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
51			* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
52			* OF THE POSSIBILITY OF SUCH DAMAGE.
53	98402844	Stephen Beaver	*/
54	64cc39d3	Matthew Grooms
55			##\|+PRIV
56			##\|*IDENT=page-system-certmanager
57			##\|*NAME=System: Certificate Manager
58			##\|*DESCR=Allow access to the 'System: Certificate Manager' page.
59			##\|MATCH=system_certmanager.php
60			##\|-PRIV
61
62	aceaf18c	Phil Davis	require_once("guiconfig.inc");
63	14f5ae08	Ermal Lu?i	require_once("certs.inc");
64	64cc39d3	Matthew Grooms
65			$cert_methods = array(
66	ad9b5c67	jim-p	"import" => gettext("Import an existing Certificate"),
67	a37753d7	Vinicius Coque	"internal" => gettext("Create an internal Certificate"),
68	ad9b5c67	jim-p	"external" => gettext("Create a Certificate Signing Request"),
69			);
70	64cc39d3	Matthew Grooms
71	dbcc45d1	Phil Davis	$cert_keylens = array("512", "1024", "2048", "3072", "4096", "7680", "8192", "15360", "16384");
72	56b1ed39	Phil Davis	$cert_types = array(
73			"server" => "Server Certificate",
74			"user" => "User Certificate");
75	64cc39d3	Matthew Grooms
76	2f65de89	jim-p	$altname_types = array("DNS", "IP", "email", "URI");
77	dbcc45d1	Phil Davis	$openssl_digest_algs = array("sha1", "sha224", "sha256", "sha384", "sha512", "whirlpool");
78	2f65de89	jim-p
79	56b1ed39	Phil Davis	if (is_numericint($_GET['userid'])) {
80	e41ec584	Renato Botelho	$userid = $_GET['userid'];
81	56b1ed39	Phil Davis	}
82			if (isset($_POST['userid']) && is_numericint($_POST['userid'])) {
83	ad9b5c67	jim-p	$userid = $_POST['userid'];
84	56b1ed39	Phil Davis	}
85	e41ec584	Renato Botelho
86			if (isset($userid)) {
87	ad9b5c67	jim-p	$cert_methods["existing"] = gettext("Choose an existing certificate");
88	56b1ed39	Phil Davis	if (!is_array($config['system']['user'])) {
89	ad9b5c67	jim-p	$config['system']['user'] = array();
90	56b1ed39	Phil Davis	}
91	ad9b5c67	jim-p	$a_user =& $config['system']['user'];
92			}
93
94	56b1ed39	Phil Davis	if (is_numericint($_GET['id'])) {
95	e41ec584	Renato Botelho	$id = $_GET['id'];
96	56b1ed39	Phil Davis	}
97			if (isset($_POST['id']) && is_numericint($_POST['id'])) {
98	64cc39d3	Matthew Grooms	$id = $_POST['id'];
99	56b1ed39	Phil Davis	}
100	64cc39d3	Matthew Grooms
101	56b1ed39	Phil Davis	if (!is_array($config['ca'])) {
102	b4e6524c	jim-p	$config['ca'] = array();
103	56b1ed39	Phil Davis	}
104	64cc39d3	Matthew Grooms
105	b4e6524c	jim-p	$a_ca =& $config['ca'];
106	64cc39d3	Matthew Grooms
107	56b1ed39	Phil Davis	if (!is_array($config['cert'])) {
108	b4e6524c	jim-p	$config['cert'] = array();
109	56b1ed39	Phil Davis	}
110	64cc39d3	Matthew Grooms
111	b4e6524c	jim-p	$a_cert =& $config['cert'];
112	64cc39d3	Matthew Grooms
113			$internal_ca_count = 0;
114	56b1ed39	Phil Davis	foreach ($a_ca as $ca) {
115			if ($ca['prv']) {
116	64cc39d3	Matthew Grooms	$internal_ca_count++;
117	56b1ed39	Phil Davis	}
118			}
119	64cc39d3	Matthew Grooms
120			$act = $_GET['act'];
121	8b35eae5	Stephen Beaver
122	56b1ed39	Phil Davis	if ($_POST['act']) {
123	64cc39d3	Matthew Grooms	$act = $_POST['act'];
124	56b1ed39	Phil Davis	}
125	64cc39d3	Matthew Grooms
126			if ($act == "del") {
127
128	40e6086a	jim-p	if (!isset($a_cert[$id])) {
129	64cc39d3	Matthew Grooms	pfSenseHeader("system_certmanager.php");
130			exit;
131			}
132
133			unset($a_cert[$id]);
134			write_config();
135	8545adde	k-paulius	$savemsg = sprintf(gettext("Certificate %s successfully deleted."), htmlspecialchars($a_cert[$id]['descr']));
136	2f51259b	jim-p	pfSenseHeader("system_certmanager.php");
137			exit;
138	64cc39d3	Matthew Grooms	}
139
140	8b35eae5	Stephen Beaver
141	64cc39d3	Matthew Grooms	if ($act == "new") {
142			$pconfig['method'] = $_GET['method'];
143			$pconfig['keylen'] = "2048";
144	28a20fdb	jim-p	$pconfig['digest_alg'] = "sha256";
145	8f07b51c	PiBa-NL	$pconfig['csr_keylen'] = "2048";
146			$pconfig['csr_digest_alg'] = "sha256";
147	7aaabd69	jim-p	$pconfig['type'] = "user";
148	cf360495	Chris Buechler	$pconfig['lifetime'] = "3650";
149	64cc39d3	Matthew Grooms	}
150
151	93823b10	Matthew Grooms	if ($act == "exp") {
152
153			if (!$a_cert[$id]) {
154			pfSenseHeader("system_certmanager.php");
155			exit;
156			}
157
158	f2a86ca9	jim-p	$exp_name = urlencode("{$a_cert[$id]['descr']}.crt");
159	93823b10	Matthew Grooms	$exp_data = base64_decode($a_cert[$id]['crt']);
160			$exp_size = strlen($exp_data);
161
162			header("Content-Type: application/octet-stream");
163			header("Content-Disposition: attachment; filename={$exp_name}");
164			header("Content-Length: $exp_size");
165			echo $exp_data;
166			exit;
167			}
168
169	53f5b15f	jim-p	if ($act == "req") {
170
171			if (!$a_cert[$id]) {
172			pfSenseHeader("system_certmanager.php");
173			exit;
174			}
175
176			$exp_name = urlencode("{$a_cert[$id]['descr']}.req");
177			$exp_data = base64_decode($a_cert[$id]['csr']);
178			$exp_size = strlen($exp_data);
179
180			header("Content-Type: application/octet-stream");
181			header("Content-Disposition: attachment; filename={$exp_name}");
182			header("Content-Length: $exp_size");
183			echo $exp_data;
184			exit;
185			}
186
187	73fbece8	mgrooms	if ($act == "key") {
188
189			if (!$a_cert[$id]) {
190			pfSenseHeader("system_certmanager.php");
191			exit;
192			}
193
194	f2a86ca9	jim-p	$exp_name = urlencode("{$a_cert[$id]['descr']}.key");
195	73fbece8	mgrooms	$exp_data = base64_decode($a_cert[$id]['prv']);
196			$exp_size = strlen($exp_data);
197
198			header("Content-Type: application/octet-stream");
199			header("Content-Disposition: attachment; filename={$exp_name}");
200			header("Content-Length: $exp_size");
201			echo $exp_data;
202			exit;
203			}
204
205	eaf23c17	jim-p	if ($act == "p12") {
206			if (!$a_cert[$id]) {
207			pfSenseHeader("system_certmanager.php");
208			exit;
209			}
210
211			$exp_name = urlencode("{$a_cert[$id]['descr']}.p12");
212	eed5b507	jim-p	$args = array();
213			$args['friendly_name'] = $a_cert[$id]['descr'];
214
215			$ca = lookup_ca($a_cert[$id]['caref']);
216	56b1ed39	Phil Davis	if ($ca) {
217	eed5b507	jim-p	$args['extracerts'] = openssl_x509_read(base64_decode($ca['crt']));
218	56b1ed39	Phil Davis	}
219	eaf23c17	jim-p
220			$res_crt = openssl_x509_read(base64_decode($a_cert[$id]['crt']));
221			$res_key = openssl_pkey_get_private(array(0 => base64_decode($a_cert[$id]['prv']) , 1 => ""));
222
223			$exp_data = "";
224	eed5b507	jim-p	openssl_pkcs12_export($res_crt, $exp_data, $res_key, null, $args);
225	eaf23c17	jim-p	$exp_size = strlen($exp_data);
226
227			header("Content-Type: application/octet-stream");
228			header("Content-Disposition: attachment; filename={$exp_name}");
229			header("Content-Length: $exp_size");
230			echo $exp_data;
231			exit;
232			}
233
234	64cc39d3	Matthew Grooms	if ($act == "csr") {
235			if (!$a_cert[$id]) {
236			pfSenseHeader("system_certmanager.php");
237			exit;
238			}
239
240	f2a86ca9	jim-p	$pconfig['descr'] = $a_cert[$id]['descr'];
241	64cc39d3	Matthew Grooms	$pconfig['csr'] = base64_decode($a_cert[$id]['csr']);
242			}
243
244			if ($_POST) {
245	762faef5	Phil Davis	// This is just the blank alternate name that is added for display purposes. We don't want to validate/save it
246	78863416	Phil Davis	if ($_POST['altname_value0'] == "") {
247	3f0efd58	Stephen Beaver	unset($_POST['altname_type0']);
248			unset($_POST['altname_value0']);
249			}
250	0edcccc3	Daniel Seebald
251	e64aa6f8	Carlos Eduardo Ramos	if ($_POST['save'] == gettext("Save")) {
252	21cc2faa	Evgeny Yurchenko	$input_errors = array();
253	64cc39d3	Matthew Grooms	$pconfig = $_POST;
254
255			/* input validation */
256	ad9b5c67	jim-p	if ($pconfig['method'] == "import") {
257	64cc39d3	Matthew Grooms	$reqdfields = explode(" ",
258	56b1ed39	Phil Davis	"descr cert key");
259	38fb1109	Vinicius Coque	$reqdfieldsn = array(
260	56b1ed39	Phil Davis	gettext("Descriptive name"),
261			gettext("Certificate data"),
262			gettext("Key data"));
263			if ($_POST['cert'] && (!strstr($_POST['cert'], "BEGIN CERTIFICATE") \|\| !strstr($_POST['cert'], "END CERTIFICATE"))) {
264	396cfe2e	jim-p	$input_errors[] = gettext("This certificate does not appear to be valid.");
265	56b1ed39	Phil Davis	}
266	64cc39d3	Matthew Grooms	}
267
268			if ($pconfig['method'] == "internal") {
269			$reqdfields = explode(" ",
270	56b1ed39	Phil Davis	"descr caref keylen type lifetime dn_country dn_state dn_city ".
271			"dn_organization dn_email dn_commonname");
272	38fb1109	Vinicius Coque	$reqdfieldsn = array(
273	56b1ed39	Phil Davis	gettext("Descriptive name"),
274			gettext("Certificate authority"),
275			gettext("Key length"),
276			gettext("Certificate Type"),
277			gettext("Lifetime"),
278			gettext("Distinguished name Country Code"),
279			gettext("Distinguished name State or Province"),
280			gettext("Distinguished name City"),
281			gettext("Distinguished name Organization"),
282			gettext("Distinguished name Email Address"),
283			gettext("Distinguished name Common Name"));
284	64cc39d3	Matthew Grooms	}
285
286			if ($pconfig['method'] == "external") {
287			$reqdfields = explode(" ",
288	56b1ed39	Phil Davis	"descr csr_keylen csr_dn_country csr_dn_state csr_dn_city ".
289			"csr_dn_organization csr_dn_email csr_dn_commonname");
290	38fb1109	Vinicius Coque	$reqdfieldsn = array(
291	56b1ed39	Phil Davis	gettext("Descriptive name"),
292			gettext("Key length"),
293			gettext("Distinguished name Country Code"),
294			gettext("Distinguished name State or Province"),
295			gettext("Distinguished name City"),
296			gettext("Distinguished name Organization"),
297			gettext("Distinguished name Email Address"),
298			gettext("Distinguished name Common Name"));
299	64cc39d3	Matthew Grooms	}
300
301	ad9b5c67	jim-p	if ($pconfig['method'] == "existing") {
302			$reqdfields = array("certref");
303			$reqdfieldsn = array(gettext("Existing Certificate Choice"));
304			}
305
306	547c56c4	jim-p	$altnames = array();
307	1e9b4611	Renato Botelho	do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors);
308	eecbeec4	Renato Botelho	if ($pconfig['method'] != "import" && $pconfig['method'] != "existing") {
309	2f65de89	jim-p	/* subjectAltNames */
310	bf9d50e8	Stephen Beaver	foreach ($_POST as $key => $value) {
311			$entry = '';
312			if (!substr_compare('altname_type', $key, 0, 12)) {
313			$entry = substr($key, 12);
314			$field = 'type';
315	78863416	Phil Davis	} elseif (!substr_compare('altname_value', $key, 0, 13)) {
316	bf9d50e8	Stephen Beaver	$entry = substr($key, 13);
317			$field = 'value';
318			}
319
320			if (ctype_digit($entry)) {
321	3f0efd58	Stephen Beaver	$entry++; // Pre-bootstrap code is one-indexed, but the bootstrap code is 0-indexed
322	bf9d50e8	Stephen Beaver	$altnames[$entry][$field] = $value;
323			}
324	2f65de89	jim-p	}
325	bf9d50e8	Stephen Beaver
326	edf37d56	Renato Botelho	$pconfig['altnames']['item'] = $altnames;
327	2f65de89	jim-p
328			/* Input validation for subjectAltNames */
329			foreach ($altnames as $idx => $altname) {
330			switch ($altname['type']) {
331			case "DNS":
332	0edcccc3	Daniel Seebald	if (!is_hostname($altname['value'], true)) {
333			array_push($input_errors, "DNS subjectAltName values must be valid hostnames, FQDNs or wildcard domains.");
334	56b1ed39	Phil Davis	}
335	2f65de89	jim-p	break;
336			case "IP":
337	56b1ed39	Phil Davis	if (!is_ipaddr($altname['value'])) {
338	2f65de89	jim-p	array_push($input_errors, "IP subjectAltName values must be valid IP Addresses");
339	56b1ed39	Phil Davis	}
340	2f65de89	jim-p	break;
341			case "email":
342	56b1ed39	Phil Davis	if (empty($altname['value'])) {
343	73ff9530	Stephen Beaver	array_push($input_errors, "An e-mail address must be provided for this type of subjectAltName");
344	56b1ed39	Phil Davis	}
345			if (preg_match("/[\!\#\$\%\^\~\?\>\<\&\/\\\,\"\']/", $altname['value'])) {
346	2f65de89	jim-p	array_push($input_errors, "The e-mail provided in a subjectAltName contains invalid characters.");
347	56b1ed39	Phil Davis	}
348	2f65de89	jim-p	break;
349			case "URI":
350			/* Close enough? */
351	56b1ed39	Phil Davis	if (!is_URL($altname['value'])) {
352	2f65de89	jim-p	$input_errors[] = "URI subjectAltName types must be a valid URI";
353	56b1ed39	Phil Davis	}
354	2f65de89	jim-p	break;
355			default:
356			$input_errors[] = "Unrecognized subjectAltName type.";
357			}
358			}
359
360	21cc2faa	Evgeny Yurchenko	/* Make sure we do not have invalid characters in the fields for the certificate */
361	b741d2ef	jim-p
362			if (preg_match("/[\?\>\<\&\/\\\"\']/", $_POST['descr'])) {
363			array_push($input_errors, "The field 'Descriptive Name' contains invalid characters.");
364			}
365
366	21cc2faa	Evgeny Yurchenko	for ($i = 0; $i < count($reqdfields); $i++) {
367	56b1ed39	Phil Davis	if (preg_match('/email/', $reqdfields[$i])) { /* dn_email or csr_dn_name */
368			if (preg_match("/[\!\#\$\%\^\~\?\>\<\&\/\\\,\"\']/", $_POST[$reqdfields[$i]])) {
369	762faef5	Phil Davis	array_push($input_errors, gettext("The field 'Distinguished name Email Address' contains invalid characters."));
370	56b1ed39	Phil Davis	}
371			} else if (preg_match('/commonname/', $reqdfields[$i])) { /* dn_commonname or csr_dn_commonname */
372			if (preg_match("/[\!\@\#\$\%\^\~\?\>\<\&\/\\\,\"\']/", $_POST[$reqdfields[$i]])) {
373	762faef5	Phil Davis	array_push($input_errors, gettext("The field 'Distinguished name Common Name' contains invalid characters."));
374	56b1ed39	Phil Davis	}
375			} else if (($reqdfields[$i] != "descr") && preg_match("/[\!\@\#\$\%\^\~\?\>\<\&\/\\\,\.\"\']/", $_POST[$reqdfields[$i]])) {
376	762faef5	Phil Davis	array_push($input_errors, sprintf(gettext("The field '%s' contains invalid characters."), $reqdfieldsn[$i]));
377	56b1ed39	Phil Davis	}
378	21cc2faa	Evgeny Yurchenko	}
379	738fab3d	jim-p
380	56b1ed39	Phil Davis	if (($pconfig['method'] != "external") && isset($_POST["keylen"]) && !in_array($_POST["keylen"], $cert_keylens)) {
381	741d748d	jim-p	array_push($input_errors, gettext("Please select a valid Key Length."));
382	56b1ed39	Phil Davis	}
383			if (($pconfig['method'] != "external") && !in_array($_POST["digest_alg"], $openssl_digest_algs)) {
384	8f07b51c	PiBa-NL	array_push($input_errors, gettext("Please select a valid Digest Algorithm."));
385	56b1ed39	Phil Davis	}
386	b49f31d0	Sjon Hortensius
387	56b1ed39	Phil Davis	if (($pconfig['method'] == "external") && isset($_POST["csr_keylen"]) && !in_array($_POST["csr_keylen"], $cert_keylens)) {
388	ca621902	jim-p	array_push($input_errors, gettext("Please select a valid Key Length."));
389	56b1ed39	Phil Davis	}
390			if (($pconfig['method'] == "external") && !in_array($_POST["csr_digest_alg"], $openssl_digest_algs)) {
391	ca621902	jim-p	array_push($input_errors, gettext("Please select a valid Digest Algorithm."));
392	56b1ed39	Phil Davis	}
393	547c56c4	jim-p	}
394	64cc39d3	Matthew Grooms
395			/* save modifications */
396			if (!$input_errors) {
397
398	ad9b5c67	jim-p	if ($pconfig['method'] == "existing") {
399			$cert = lookup_cert($pconfig['certref']);
400	56b1ed39	Phil Davis	if ($cert && $a_user) {
401	ad9b5c67	jim-p	$a_user[$userid]['cert'][] = $cert['refid'];
402	56b1ed39	Phil Davis	}
403	ad9b5c67	jim-p	} else {
404			$cert = array();
405			$cert['refid'] = uniqid();
406	56b1ed39	Phil Davis	if (isset($id) && $a_cert[$id]) {
407	ad9b5c67	jim-p	$cert = $a_cert[$id];
408	56b1ed39	Phil Davis	}
409	ad9b5c67	jim-p
410	f2a86ca9	jim-p	$cert['descr'] = $pconfig['descr'];
411	ad9b5c67	jim-p
412	f416763b	Phil Davis	$old_err_level = error_reporting(0); /* otherwise openssl_ functions throw warnings directly to a page screwing menu tab */
413	22b380aa	Evgeny Yurchenko
414	56b1ed39	Phil Davis	if ($pconfig['method'] == "import") {
415	ad9b5c67	jim-p	cert_import($cert, $pconfig['cert'], $pconfig['key']);
416	56b1ed39	Phil Davis	}
417	ad9b5c67	jim-p
418			if ($pconfig['method'] == "internal") {
419			$dn = array(
420			'countryName' => $pconfig['dn_country'],
421			'stateOrProvinceName' => $pconfig['dn_state'],
422			'localityName' => $pconfig['dn_city'],
423			'organizationName' => $pconfig['dn_organization'],
424			'emailAddress' => $pconfig['dn_email'],
425			'commonName' => $pconfig['dn_commonname']);
426	b8332deb	jim-p	if (!empty($pconfig['dn_organizationalunit'])) {
427			$dn['organizationalUnitName'] = $pconfig['dn_organizationalunit'];
428			}
429	2f65de89	jim-p	if (count($altnames)) {
430			$altnames_tmp = "";
431			foreach ($altnames as $altname) {
432			$altnames_tmp[] = "{$altname['type']}:{$altname['value']}";
433			}
434	bf9d50e8	Stephen Beaver
435	2f65de89	jim-p	$dn['subjectAltName'] = implode(",", $altnames_tmp);
436			}
437	bf9d50e8	Stephen Beaver
438			if (!cert_create($cert, $pconfig['caref'], $pconfig['keylen'], $pconfig['lifetime'], $dn, $pconfig['type'], $pconfig['digest_alg'])) {
439	56b1ed39	Phil Davis	while ($ssl_err = openssl_error_string()) {
440	22b380aa	Evgeny Yurchenko	$input_errors = array();
441			array_push($input_errors, "openssl library returns: " . $ssl_err);
442			}
443			}
444	ad9b5c67	jim-p	}
445
446			if ($pconfig['method'] == "external") {
447			$dn = array(
448			'countryName' => $pconfig['csr_dn_country'],
449			'stateOrProvinceName' => $pconfig['csr_dn_state'],
450			'localityName' => $pconfig['csr_dn_city'],
451			'organizationName' => $pconfig['csr_dn_organization'],
452			'emailAddress' => $pconfig['csr_dn_email'],
453			'commonName' => $pconfig['csr_dn_commonname']);
454	b8332deb	jim-p	if (!empty($pconfig['csr_dn_organizationalunit'])) {
455			$dn['organizationalUnitName'] = $pconfig['csr_dn_organizationalunit'];
456			}
457	2f65de89	jim-p	if (count($altnames)) {
458			$altnames_tmp = "";
459			foreach ($altnames as $altname) {
460			$altnames_tmp[] = "{$altname['type']}:{$altname['value']}";
461			}
462			$dn['subjectAltName'] = implode(",", $altnames_tmp);
463			}
464	b29c322c	Stephen Beaver
465	56b1ed39	Phil Davis	if (!csr_generate($cert, $pconfig['csr_keylen'], $dn, $pconfig['csr_digest_alg'])) {
466			while ($ssl_err = openssl_error_string()) {
467	22b380aa	Evgeny Yurchenko	$input_errors = array();
468			array_push($input_errors, "openssl library returns: " . $ssl_err);
469			}
470			}
471	ad9b5c67	jim-p	}
472	22b380aa	Evgeny Yurchenko	error_reporting($old_err_level);
473
474	56b1ed39	Phil Davis	if (isset($id) && $a_cert[$id]) {
475	ad9b5c67	jim-p	$a_cert[$id] = $cert;
476	56b1ed39	Phil Davis	} else {
477	ad9b5c67	jim-p	$a_cert[] = $cert;
478	56b1ed39	Phil Davis	}
479	bf9d50e8	Stephen Beaver
480	56b1ed39	Phil Davis	if (isset($a_user) && isset($userid)) {
481	ad9b5c67	jim-p	$a_user[$userid]['cert'][] = $cert['refid'];
482	56b1ed39	Phil Davis	}
483	64cc39d3	Matthew Grooms	}
484
485	56b1ed39	Phil Davis	if (!$input_errors) {
486	22b380aa	Evgeny Yurchenko	write_config();
487	56b1ed39	Phil Davis	}
488	64cc39d3	Matthew Grooms
489	1a6769a6	Renato Botelho	if ($userid) {
490			post_redirect("system_usermanager.php", array('act' => 'edit', 'userid' => $userid));
491			exit;
492			}
493	64cc39d3	Matthew Grooms	}
494			}
495
496	a37753d7	Vinicius Coque	if ($_POST['save'] == gettext("Update")) {
497	64cc39d3	Matthew Grooms	unset($input_errors);
498			$pconfig = $_POST;
499
500			/* input validation */
501	5293bfec	jim-p	$reqdfields = explode(" ", "descr cert");
502	76d49f20	Renato Botelho	$reqdfieldsn = array(
503	78863416	Phil Davis	gettext("Descriptive name"),
504			gettext("Final Certificate data"));
505	64cc39d3	Matthew Grooms
506	1e9b4611	Renato Botelho	do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors);
507	64cc39d3	Matthew Grooms
508	b741d2ef	jim-p	if (preg_match("/[\?\>\<\&\/\\\"\']/", $_POST['descr'])) {
509			array_push($input_errors, "The field 'Descriptive Name' contains invalid characters.");
510			}
511
512	a828210b	yakatz	// old way
513	64cc39d3	Matthew Grooms	/* make sure this csr and certificate subjects match */
514	a828210b	yakatz	// $subj_csr = csr_get_subject($pconfig['csr'], false);
515			// $subj_cert = cert_get_subject($pconfig['cert'], false);
516			//
517	56b1ed39	Phil Davis	// if (!isset($_POST['ignoresubjectmismatch']) && !($_POST['ignoresubjectmismatch'] == "yes")) {
518			// if (strcmp($subj_csr, $subj_cert)) {
519			// $input_errors[] = sprintf(gettext("The certificate subject '%s' does not match the signing request subject."), $subj_cert);
520	a828210b	yakatz	// $subject_mismatch = true;
521			// }
522			// }
523	6c07db48	Phil Davis	$mod_csr = csr_get_modulus($pconfig['csr'], false);
524	2594f401	yakatz	$mod_cert = cert_get_modulus($pconfig['cert'], false);
525	b49f31d0	Sjon Hortensius
526	56b1ed39	Phil Davis	if (strcmp($mod_csr, $mod_cert)) {
527	a828210b	yakatz	// simply: if the moduli don't match, then the private key and public key won't match
528	56b1ed39	Phil Davis	$input_errors[] = sprintf(gettext("The certificate modulus does not match the signing request modulus."), $subj_cert);
529	a828210b	yakatz	$subject_mismatch = true;
530			}
531	64cc39d3	Matthew Grooms
532			/* save modifications */
533			if (!$input_errors) {
534
535			$cert = $a_cert[$id];
536
537	f2a86ca9	jim-p	$cert['descr'] = $pconfig['descr'];
538	64cc39d3	Matthew Grooms
539			csr_complete($cert, $pconfig['cert']);
540
541			$a_cert[$id] = $cert;
542
543			write_config();
544
545			pfSenseHeader("system_certmanager.php");
546			}
547			}
548			}
549
550	56c6b1cb	k-paulius	$pgtitle = array(gettext("System"), gettext("Certificate Manager"), gettext("Certificates"));
551
552			if (($act == "new" \|\| ($_POST['save'] == gettext("Save") && $input_errors)) \|\| ($act == "csr" \|\| ($_POST['save'] == gettext("Update") && $input_errors))) {
553			$pgtitle[] = gettext('Edit');
554			}
555	64cc39d3	Matthew Grooms	include("head.inc");
556	b49f31d0	Sjon Hortensius
557	78863416	Phil Davis	if ($input_errors) {
558	b49f31d0	Sjon Hortensius	print_input_errors($input_errors);
559	78863416	Phil Davis	}
560	0edcccc3	Daniel Seebald
561	78863416	Phil Davis	if ($savemsg) {
562	3f0efd58	Stephen Beaver	print_info_box($savemsg, 'success');
563	78863416	Phil Davis	}
564	b49f31d0	Sjon Hortensius
565			$tab_array = array();
566			$tab_array[] = array(gettext("CAs"), false, "system_camanager.php");
567			$tab_array[] = array(gettext("Certificates"), true, "system_certmanager.php");
568			$tab_array[] = array(gettext("Certificate Revocation"), false, "system_crlmanager.php");
569			display_top_tabs($tab_array);
570
571			// Load valid country codes
572			$dn_cc = array();
573	78863416	Phil Davis	if (file_exists("/etc/ca_countries")) {
574	b49f31d0	Sjon Hortensius	$dn_cc_file=file("/etc/ca_countries");
575	78863416	Phil Davis	foreach ($dn_cc_file as $line) {
576	b8f22f61	Stephen Beaver	if (preg_match('/^(\S)\s(.)$/', $line, $matches)) {
577			$dn_cc[$matches[1]] = $matches[1];
578			}
579			}
580	b49f31d0	Sjon Hortensius	}
581
582	b29c322c	Stephen Beaver	if ($act == "new" \|\| (($_POST['save'] == gettext("Save")) && $input_errors)) {
583	b35250d9	NewEraCracker	$form = new Form();
584			$form->setAction('system_certmanager.php?act=edit');
585	b49f31d0	Sjon Hortensius
586	b35250d9	NewEraCracker	if (isset($userid) && $a_user) {
587			$form->addGlobal(new Form_Input(
588			'userid',
589			null,
590			'hidden',
591			$userid
592			));
593			}
594	b49f31d0	Sjon Hortensius
595	78863416	Phil Davis	if (isset($id) && $a_cert[$id]) {
596	b49f31d0	Sjon Hortensius	$form->addGlobal(new Form_Input(
597			'id',
598			null,
599			'hidden',
600			$id
601			));
602	64cc39d3	Matthew Grooms	}
603	b49f31d0	Sjon Hortensius
604	b35250d9	NewEraCracker	$section = new Form_Section('Add a New Certificate');
605
606			if (!isset($id)) {
607			$section->addInput(new Form_Select(
608			'method',
609			'Method',
610			$pconfig['method'],
611			$cert_methods
612			))->toggles();
613			}
614
615	b49f31d0	Sjon Hortensius	$section->addInput(new Form_Input(
616			'descr',
617			'Descriptive name',
618			'text',
619	b35250d9	NewEraCracker	($a_user && empty($pconfig['descr'])) ? $a_user[$userid]['name'] : $pconfig['descr']
620			))->addClass('toggle-existing');
621	b49f31d0	Sjon Hortensius
622	b35250d9	NewEraCracker	$form->add($section);
623			$section = new Form_Section('Import Certificate');
624			$section->addClass('toggle-import collapse');
625	b49f31d0	Sjon Hortensius
626			$section->addInput(new Form_Textarea(
627			'cert',
628	b35250d9	NewEraCracker	'Certificate data',
629	78863416	Phil Davis	$pconfig['cert']
630	b35250d9	NewEraCracker	))->setHelp('Paste a certificate in X.509 PEM format here.');
631
632			$section->addInput(new Form_Textarea(
633			'key',
634			'Private key data',
635			$pconfig['key']
636			))->setHelp('Paste a private key in X.509 PEM format here.');
637	b49f31d0	Sjon Hortensius
638			$form->add($section);
639	b35250d9	NewEraCracker	$section = new Form_Section('Internal Certificate');
640			$section->addClass('toggle-internal collapse');
641
642			if (!$internal_ca_count) {
643			$section->addInput(new Form_StaticText(
644			'Certificate authority',
645	73ff9530	Stephen Beaver	gettext('No internal Certificate Authorities have been defined. ').
646			gettext('An internal CA must be defined in order to create an internal certificate. ').
647			'<a href="system_camanager.php?act=new&method=internal"> '. gettext("Create") .'</a>'.
648			gettext(' an internal CA.')
649	b35250d9	NewEraCracker	));
650			} else {
651			$allCas = array();
652			foreach ($a_ca as $ca) {
653			if (!$ca['prv']) {
654			continue;
655			}
656	b49f31d0	Sjon Hortensius
657	b35250d9	NewEraCracker	$allCas[ $ca['refid'] ] = $ca['descr'];
658			}
659	64cc39d3	Matthew Grooms
660	b35250d9	NewEraCracker	$section->addInput(new Form_Select(
661			'caref',
662			'Certificate authority',
663			$pconfig['caref'],
664			$allCas
665			));
666			}
667	64cc39d3	Matthew Grooms
668	b35250d9	NewEraCracker	$section->addInput(new Form_Select(
669			'keylen',
670			'Key length',
671			$pconfig['keylen'],
672			array_combine($cert_keylens, $cert_keylens)
673	b49f31d0	Sjon Hortensius	));
674	64cc39d3	Matthew Grooms
675	b35250d9	NewEraCracker	$section->addInput(new Form_Select(
676			'digest_alg',
677			'Digest Algorithm',
678			$pconfig['digest_alg'],
679			array_combine($openssl_digest_algs, $openssl_digest_algs)
680			))->setHelp('NOTE: It is recommended to use an algorithm stronger than '.
681			'SHA1 when possible.');
682	b49f31d0	Sjon Hortensius
683			$section->addInput(new Form_Select(
684	b35250d9	NewEraCracker	'type',
685			'Certificate Type',
686			$pconfig['type'],
687			$cert_types
688			))->setHelp('Type of certificate to generate. Used for placing '.
689			'restrictions on the usage of the generated certificate.');
690	b49f31d0	Sjon Hortensius
691	b35250d9	NewEraCracker	$section->addInput(new Form_Input(
692			'lifetime',
693			'Lifetime (days)',
694			'number',
695			$pconfig['lifetime']
696			));
697	b49f31d0	Sjon Hortensius
698			$section->addInput(new Form_Select(
699	b35250d9	NewEraCracker	'dn_country',
700			'Country Code',
701			$pconfig['dn_country'],
702			$dn_cc
703	b49f31d0	Sjon Hortensius	));
704
705	b35250d9	NewEraCracker	$section->addInput(new Form_Input(
706			'dn_state',
707			'State or Province',
708			'text',
709			$pconfig['dn_state'],
710			['placeholder' => 'e.g. Texas']
711	b49f31d0	Sjon Hortensius	));
712
713	b35250d9	NewEraCracker	$section->addInput(new Form_Input(
714			'dn_city',
715			'City',
716			'text',
717			$pconfig['dn_city'],
718			['placeholder' => 'e.g. Austin']
719			));
720
721			$section->addInput(new Form_Input(
722			'dn_organization',
723			'Organization',
724			'text',
725			$pconfig['dn_organization'],
726	b8332deb	jim-p	['placeholder' => 'e.g. My Company Inc']
727			));
728
729			$section->addInput(new Form_Input(
730			'dn_organizationalunit',
731			'Organizational Unit',
732			'text',
733			$pconfig['dn_organizationalunit'],
734			['placeholder' => 'e.g. My Department Name (optional)']
735	b35250d9	NewEraCracker	));
736
737			$section->addInput(new Form_Input(
738			'dn_email',
739			'Email Address',
740			'text',
741			$pconfig['dn_email'],
742			['placeholder' => 'e.g. admin@mycompany.com']
743			));
744
745			$section->addInput(new Form_Input(
746			'dn_commonname',
747			'Common Name',
748			'text',
749			$pconfig['dn_commonname'],
750			['placeholder' => 'e.g. www.example.com']
751			));
752
753			if (empty($pconfig['altnames']['item'])) {
754			$pconfig['altnames']['item'] = array(
755			array('type' => null, 'value' => null)
756			);
757	64cc39d3	Matthew Grooms	}
758	b49f31d0	Sjon Hortensius
759	b35250d9	NewEraCracker	$counter = 0;
760			$numrows = count($pconfig['altnames']['item']) - 1;
761
762			foreach ($pconfig['altnames']['item'] as $item) {
763
764			$group = new Form_Group($counter == 0 ? 'Alternative Names':'');
765
766			$group->add(new Form_Select(
767			'altname_type' . $counter,
768			'Type',
769			$item['type'],
770			array(
771			'DNS' => gettext('FQDN or Hostname'),
772			'IP' => gettext('IP address'),
773			'URI' => gettext('URI'),
774			'email' => gettext('email address'),
775			)
776			))->setHelp(($counter == $numrows) ? 'Type':null);
777
778			$group->add(new Form_Input(
779			'altname_value' . $counter,
780			null,
781			'text',
782			$item['value']
783			))->setHelp(($counter == $numrows) ? 'Value':null);
784
785			$group->add(new Form_Button(
786			'deleterow' . $counter,
787	faab522f	Renato Botelho	'Delete',
788	b35250d9	NewEraCracker	null,
789			'fa-trash'
790			))->addClass('btn-warning');
791
792			$group->addClass('repeatable');
793
794			$section->add($group);
795
796			$counter++;
797	64cc39d3	Matthew Grooms	}
798	b49f31d0	Sjon Hortensius
799	b35250d9	NewEraCracker	$section->addInput(new Form_Button(
800			'addrow',
801	faab522f	Renato Botelho	'Add',
802	b35250d9	NewEraCracker	null,
803			'fa-plus'
804			))->addClass('btn-success');
805
806			$form->add($section);
807			$section = new Form_Section('External Signing Request');
808			$section->addClass('toggle-external collapse');
809
810	b49f31d0	Sjon Hortensius	$section->addInput(new Form_Select(
811	b35250d9	NewEraCracker	'csr_keylen',
812			'Key length',
813			$pconfig['csr_keylen'],
814			array_combine($cert_keylens, $cert_keylens)
815	b49f31d0	Sjon Hortensius	));
816	64cc39d3	Matthew Grooms
817	b35250d9	NewEraCracker	$section->addInput(new Form_Select(
818			'csr_digest_alg',
819			'Digest Algorithm',
820			$pconfig['csr_digest_alg'],
821			array_combine($openssl_digest_algs, $openssl_digest_algs)
822			))->setHelp('NOTE: It is recommended to use an algorithm stronger than '.
823			'SHA1 when possible');
824	b49f31d0	Sjon Hortensius
825	b35250d9	NewEraCracker	$section->addInput(new Form_Select(
826			'csr_dn_country',
827			'Country Code',
828			$pconfig['csr_dn_country'],
829			$dn_cc
830			));
831	bf9d50e8	Stephen Beaver
832	b35250d9	NewEraCracker	$section->addInput(new Form_Input(
833			'csr_dn_state',
834			'State or Province',
835			'text',
836			$pconfig['csr_dn_state'],
837			['placeholder' => 'e.g. Texas']
838			));
839	bf9d50e8	Stephen Beaver
840	b35250d9	NewEraCracker	$section->addInput(new Form_Input(
841			'csr_dn_city',
842			'City',
843			'text',
844			$pconfig['csr_dn_city'],
845			['placeholder' => 'e.g. Austin']
846			));
847	bf9d50e8	Stephen Beaver
848	b35250d9	NewEraCracker	$section->addInput(new Form_Input(
849			'csr_dn_organization',
850			'Organization',
851			'text',
852			$pconfig['csr_dn_organization'],
853	b8332deb	jim-p	['placeholder' => 'e.g. My Company Inc']
854			));
855
856			$section->addInput(new Form_Input(
857			'csr_dn_organizationalunit',
858			'Organizational Unit',
859			'text',
860			$pconfig['csr_dn_organizationalunit'],
861			['placeholder' => 'e.g. My Department Name (optional)']
862	b35250d9	NewEraCracker	));
863	b49f31d0	Sjon Hortensius
864	b35250d9	NewEraCracker	$section->addInput(new Form_Input(
865			'csr_dn_email',
866			'Email Address',
867	b49f31d0	Sjon Hortensius	'text',
868	b35250d9	NewEraCracker	$pconfig['csr_dn_email'],
869			['placeholder' => 'e.g. admin@mycompany.com']
870			));
871	bf9d50e8	Stephen Beaver
872	b35250d9	NewEraCracker	$section->addInput(new Form_Input(
873			'csr_dn_commonname',
874			'Common Name',
875			'text',
876			$pconfig['csr_dn_commonname'],
877			['placeholder' => 'e.g. internal-ca']
878			));
879	bf9d50e8	Stephen Beaver
880	b35250d9	NewEraCracker	$form->add($section);
881			$section = new Form_Section('Choose an Existing Certificate');
882			$section->addClass('toggle-existing collapse');
883	b49f31d0	Sjon Hortensius
884	b35250d9	NewEraCracker	$existCerts = array();
885	bf9d50e8	Stephen Beaver
886	b35250d9	NewEraCracker	foreach ($config['cert'] as $cert) {
887			if (is_array($config['system']['user'][$userid]['cert'])) { // Could be MIA!
888			if (isset($userid) && in_array($cert['refid'], $config['system']['user'][$userid]['cert'])) {
889			continue;
890			}
891			}
892	b49f31d0	Sjon Hortensius
893	b35250d9	NewEraCracker	$ca = lookup_ca($cert['caref']);
894			if ($ca) {
895			$cert['descr'] .= " (CA: {$ca['descr']})";
896	78863416	Phil Davis	}
897	b49f31d0	Sjon Hortensius
898	b35250d9	NewEraCracker	if (cert_in_use($cert['refid'])) {
899			$cert['descr'] .= " <i>In Use</i>";
900			}
901			if (is_cert_revoked($cert)) {
902			$cert['descr'] .= " <b>Revoked</b>";
903			}
904	b49f31d0	Sjon Hortensius
905	b35250d9	NewEraCracker	$existCerts[ $cert['refid'] ] = $cert['descr'];
906	78863416	Phil Davis	}
907	b49f31d0	Sjon Hortensius
908	b35250d9	NewEraCracker	$section->addInput(new Form_Select(
909			'certref',
910			'Existing Certificates',
911			$pconfig['certref'],
912			$existCerts
913			));
914	b49f31d0	Sjon Hortensius
915	b35250d9	NewEraCracker	$form->add($section);
916			print $form;
917	64cc39d3	Matthew Grooms
918	b29c322c	Stephen Beaver	} else if ($act == "csr" \|\| (($_POST['save'] == gettext("Update")) && $input_errors)) {
919	8f58b51b	jim-p	$form = new Form(false);
920	308f0665	NewEraCracker	$form->setAction('system_certmanager.php?act=csr');
921	b29c322c	Stephen Beaver
922	5f88f964	k-paulius	$section = new Form_Section("Complete Signing Request for " . $pconfig['descr']);
923	b29c322c	Stephen Beaver
924	ba5c55e9	Stephen Beaver	$section->addInput(new Form_Input(
925			'descr',
926			'Descriptive name',
927			'text',
928			$pconfig['descr']
929			));
930
931	b29c322c	Stephen Beaver	$section->addInput(new Form_Textarea(
932			'csr',
933			'Signing request data',
934			$pconfig['csr']
935			))->setReadonly()
936	af28e231	Stephen Beaver	->setWidth(7)
937	73ff9530	Stephen Beaver	->setHelp('Copy the certificate signing data from here and forward it to a certificate authority for signing.');
938	b29c322c	Stephen Beaver
939			$section->addInput(new Form_Textarea(
940			'cert',
941			'Final certificate data',
942			$pconfig['cert']
943	af28e231	Stephen Beaver	))->setWidth(7)
944	73ff9530	Stephen Beaver	->setHelp('Paste the certificate received from the certificate authority here.');
945	b29c322c	Stephen Beaver
946			if (isset($id) && $a_cert[$id]) {
947			$section->addInput(new Form_Input(
948			'id',
949			null,
950			'hidden',
951			$id
952			));
953
954			$section->addInput(new Form_Input(
955			'act',
956			null,
957			'hidden',
958			'csr'
959			));
960			}
961
962			$form->add($section);
963	8f58b51b	jim-p
964			$form->addGlobal(new Form_Button(
965	141d8913	jim-p	'save',
966	faab522f	Renato Botelho	'Update',
967	8f58b51b	jim-p	null,
968			'fa-save'
969			))->addClass('btn-primary');
970
971	b29c322c	Stephen Beaver	print($form);
972			} else {
973			?>
974	060ed238	Stephen Beaver	<div class="panel panel-default">
975			<div class="panel-heading"><h2 class="panel-title"><?=gettext('Certificates')?></h2></div>
976			<div class="panel-body">
977			<div class="table-responsive">
978			<table class="table table-striped table-hover">
979			<thead>
980			<tr>
981			<th><?=gettext("Name")?></th>
982			<th><?=gettext("Issuer")?></th>
983			<th><?=gettext("Distinguished Name")?></th>
984			<th><?=gettext("In Use")?></th>
985	4db1f211	Stephen Beaver
986	060ed238	Stephen Beaver	<th class="col-sm-2"><?=gettext("Actions")?></th>
987			</tr>
988			</thead>
989			<tbody>
990	b29c322c	Stephen Beaver	<?php
991	4db1f211	Stephen Beaver
992			$pluginparams = array();
993			$pluginparams['type'] = 'certificates';
994			$pluginparams['event'] = 'used_certificates';
995			$certificates_used_by_packages = pkg_call_plugins('plugin_certificates', $pluginparams);
996			$i = 0;
997	78863416	Phil Davis	foreach ($a_cert as $i => $cert):
998	b29c322c	Stephen Beaver	$name = htmlspecialchars($cert['descr']);
999
1000			if ($cert['crt']) {
1001			$subj = cert_get_subject($cert['crt']);
1002			$issuer = cert_get_issuer($cert['crt']);
1003			$purpose = cert_get_purpose($cert['crt']);
1004			list($startdate, $enddate) = cert_get_dates($cert['crt']);
1005
1006	78863416	Phil Davis	if ($subj == $issuer) {
1007	b29c322c	Stephen Beaver	$caname = '<i>'. gettext("self-signed") .'</i>';
1008	78863416	Phil Davis	} else {
1009	b29c322c	Stephen Beaver	$caname = '<i>'. gettext("external").'</i>';
1010	78863416	Phil Davis	}
1011	b29c322c	Stephen Beaver
1012			$subj = htmlspecialchars($subj);
1013			}
1014
1015			if ($cert['csr']) {
1016			$subj = htmlspecialchars(csr_get_subject($cert['csr']));
1017			$caname = "<em>" . gettext("external - signature pending") . "</em>";
1018			}
1019
1020			$ca = lookup_ca($cert['caref']);
1021	78863416	Phil Davis	if ($ca) {
1022	b29c322c	Stephen Beaver	$caname = $ca['descr'];
1023	78863416	Phil Davis	}
1024	b29c322c	Stephen Beaver	?>
1025	060ed238	Stephen Beaver	<tr>
1026			<td>
1027			<?=$name?><br />
1028			<?php if ($cert['type']): ?>
1029			<i><?=$cert_types[$cert['type']]?></i><br />
1030			<?php endif?>
1031			<?php if (is_array($purpose)): ?>
1032	762faef5	Phil Davis	CA: <b><?=$purpose['ca']?></b>, <?=gettext("Server")?>: <b><?=$purpose['server']?></b>
1033	060ed238	Stephen Beaver	<?php endif?>
1034			</td>
1035			<td><?=$caname?></td>
1036			<td>
1037			<?=$subj?>
1038			<?php if (!$cert['csr']): ?>
1039			<br />
1040			<small>
1041			<?=gettext("Valid From")?>: <b><?=$startdate ?></b><br /><?=gettext("Valid Until")?>: <b><?=$enddate ?></b>
1042			</small>
1043			<?php endif?>
1044			</td>
1045			<td>
1046			<?php if (is_cert_revoked($cert)): ?>
1047	762faef5	Phil Davis	<i><?=gettext("Revoked")?></i>
1048	060ed238	Stephen Beaver	<?php endif?>
1049			<?php if (is_webgui_cert($cert['refid'])): ?>
1050	762faef5	Phil Davis	<?=gettext("webConfigurator")?>
1051	060ed238	Stephen Beaver	<?php endif?>
1052			<?php if (is_user_cert($cert['refid'])): ?>
1053	762faef5	Phil Davis	<?=gettext("User Cert")?>
1054	060ed238	Stephen Beaver	<?php endif?>
1055			<?php if (is_openvpn_server_cert($cert['refid'])): ?>
1056	762faef5	Phil Davis	<?=gettext("OpenVPN Server")?>
1057	060ed238	Stephen Beaver	<?php endif?>
1058			<?php if (is_openvpn_client_cert($cert['refid'])): ?>
1059	762faef5	Phil Davis	<?=gettext("OpenVPN Client")?>
1060	060ed238	Stephen Beaver	<?php endif?>
1061			<?php if (is_ipsec_cert($cert['refid'])): ?>
1062	762faef5	Phil Davis	<?=gettext("IPsec Tunnel")?>
1063	060ed238	Stephen Beaver	<?php endif?>
1064			<?php if (is_captiveportal_cert($cert['refid'])): ?>
1065	762faef5	Phil Davis	<?=gettext("Captive Portal")?>
1066	060ed238	Stephen Beaver	<?php endif?>
1067	4db1f211	Stephen Beaver	<?php
1068			$refid = $cert['refid'];
1069			if (is_array($certificates_used_by_packages)) {
1070			foreach ($certificates_used_by_packages as $name => $package) {
1071			if (isset($package['certificatelist'][$refid])) {
1072			$hint = "" ;
1073			if (is_array($package['certificatelist'][$refid])) {
1074			foreach ($package['certificatelist'][$refid] as $cert_used) {
1075			$hint = $hint . $cert_used['usedby']."\n";
1076			}
1077			}
1078			$count = count($package['certificatelist'][$refid]);
1079			echo "<div title='".htmlspecialchars($hint)."'>";
1080			echo htmlspecialchars($package['pkgname'])." ($count)<br />";
1081			echo "</div>";
1082			}
1083			}
1084			}
1085			?>
1086	060ed238	Stephen Beaver	</td>
1087			<td>
1088			<?php if (!$cert['csr']): ?>
1089	c2dbd6d7	derelict-pf	<a href="system_certmanager.php?act=exp&id=<?=$i?>" class="fa fa-certificate" title="<?=gettext("Export Certificate")?>"></a>
1090	060ed238	Stephen Beaver	<a href="system_certmanager.php?act=key&id=<?=$i?>" class="fa fa-key" title="<?=gettext("Export Key")?>"></a>
1091	c2dbd6d7	derelict-pf	<a href="system_certmanager.php?act=p12&id=<?=$i?>" class="fa fa-archive" title="<?=gettext("Export P12")?>"></a>
1092	060ed238	Stephen Beaver	<?php else: ?>
1093			<a href="system_certmanager.php?act=csr&id=<?=$i?>" class="fa fa-pencil" title="<?=gettext("Update CSR")?>"></a>
1094			<a href="system_certmanager.php?act=req&id=<?=$i?>" class="fa fa-sign-in" title="<?=gettext("Export Request")?>"></a>
1095			<a href="system_certmanager.php?act=key&id=<?=$i?>" class="fa fa-key" title="<?=gettext("Export Key")?>"></a>
1096			<?php endif?>
1097			<?php if (!cert_in_use($cert['refid'])): ?>
1098	b94f1830	Phil Davis	<a href="system_certmanager.php?act=del&id=<?=$i?>" class="fa fa-trash" title="<?=gettext("Delete Certificate")?>"></a>
1099	060ed238	Stephen Beaver	<?php endif?>
1100			</td>
1101			</tr>
1102	4db1f211	Stephen Beaver	<?php
1103			$i++;
1104			endforeach; ?>
1105	060ed238	Stephen Beaver	</tbody>
1106			</table>
1107			</div>
1108			</div>
1109	b29c322c	Stephen Beaver	</div>
1110
1111			<nav class="action-buttons">
1112			<a href="?act=new" class="btn btn-success btn-sm">
1113			<i class="fa fa-plus icon-embed-btn"></i>
1114			<?=gettext("Add")?>
1115			</a>
1116			</nav>
1117	e9258698	NewEraCracker	<?php
1118	b29c322c	Stephen Beaver	include("foot.inc");
1119			exit;
1120			}
1121
1122
1123	51583438	Stephen Beaver	?>
1124	8fd9052f	Colin Fleming	<script type="text/javascript">
1125	51583438	Stephen Beaver	//<![CDATA[
1126	78863416	Phil Davis	events.push(function() {
1127	bf9d50e8	Stephen Beaver
1128	51583438	Stephen Beaver	<?php if ($internal_ca_count): ?>
1129			function internalca_change() {
1130
1131			caref = $('#caref').val();
1132
1133			switch (caref) {
1134			<?php
1135			foreach ($a_ca as $ca):
1136			if (!$ca['prv']) {
1137			continue;
1138			}
1139
1140			$subject = cert_get_subject_array($ca['crt']);
1141
1142			?>
1143			case "<?=$ca['refid'];?>":
1144			$('#dn_country').val("<?=$subject[0]['v'];?>");
1145			$('#dn_state').val("<?=$subject[1]['v'];?>");
1146			$('#dn_city').val("<?=$subject[2]['v'];?>");
1147			$('#dn_organization').val("<?=$subject[3]['v'];?>");
1148			$('#dn_email').val("<?=$subject[4]['v'];?>");
1149	b8332deb	jim-p	$('#dn_organizationalunit').val("<?=$subject[6]['v'];?>");
1150	51583438	Stephen Beaver	break;
1151			<?php
1152			endforeach;
1153			?>
1154			}
1155			}
1156
1157	eef93144	Jared Dillard	// ---------- Click checkbox handlers ---------------------------------------------------------
1158	f74457df	Stephen Beaver
1159	51583438	Stephen Beaver	$('#caref').on('change', function() {
1160			internalca_change();
1161			});
1162
1163	eef93144	Jared Dillard	// ---------- On initial page load ------------------------------------------------------------
1164
1165	51583438	Stephen Beaver	internalca_change();
1166
1167	0bc61baa	Stephen Beaver	// Suppress "Delete row" button if there are fewer than two rows
1168			checkLastRow();
1169
1170	51583438	Stephen Beaver	<?php endif; ?>
1171
1172
1173			});
1174			//]]>
1175			</script>
1176			<?php
1177	0edcccc3	Daniel Seebald	include('foot.inc');

Project

General

Profile

pfSense