/usr/local/www/system_certmanager.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/usr/local/www/system_certmanager.php @ ce77a9c4

1	64cc39d3	Matthew Grooms	<?php
2			/*
3	ce77a9c4	Phil Davis	system_certmanager.php
4
5			Copyright (C) 2008 Shrew Soft Inc.
6			Copyright (C) 2013-2015 Electric Sheep Fencing, LP
7			All rights reserved.
8
9			Redistribution and use in source and binary forms, with or without
10			modification, are permitted provided that the following conditions are met:
11
12			1. Redistributions of source code must retain the above copyright notice,
13			this list of conditions and the following disclaimer.
14
15			2. Redistributions in binary form must reproduce the above copyright
16			notice, this list of conditions and the following disclaimer in the
17			documentation and/or other materials provided with the distribution.
18
19			THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
20			INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
21			AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
22			AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
23			OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
24			SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
25			INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
26			CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
27			ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
28			POSSIBILITY OF SUCH DAMAGE.
29	64cc39d3	Matthew Grooms	*/
30	1d333258	Scott Ullrich	/*
31	ce77a9c4	Phil Davis	pfSense_MODULE: certificate_manager
32	1d333258	Scott Ullrich	*/
33	64cc39d3	Matthew Grooms
34			##\|+PRIV
35			##\|*IDENT=page-system-certmanager
36			##\|*NAME=System: Certificate Manager
37			##\|*DESCR=Allow access to the 'System: Certificate Manager' page.
38			##\|MATCH=system_certmanager.php
39			##\|-PRIV
40
41			require("guiconfig.inc");
42	14f5ae08	Ermal Lu?i	require_once("certs.inc");
43	64cc39d3	Matthew Grooms
44			$cert_methods = array(
45	ad9b5c67	jim-p	"import" => gettext("Import an existing Certificate"),
46	a37753d7	Vinicius Coque	"internal" => gettext("Create an internal Certificate"),
47	ad9b5c67	jim-p	"external" => gettext("Create a Certificate Signing Request"),
48			);
49	64cc39d3	Matthew Grooms
50			$cert_keylens = array( "512", "1024", "2048", "4096");
51	7aaabd69	jim-p	$cert_types = array( "ca" => "Certificate Authority",
52			"server" => "Server Certificate",
53			"user" => "User Certificate");
54	64cc39d3	Matthew Grooms
55	2f65de89	jim-p	$altname_types = array("DNS", "IP", "email", "URI");
56	84197cec	jim-p	$openssl_digest_algs = array("sha1", "sha224", "sha256", "sha384", "sha512");
57	2f65de89	jim-p
58	51e4f7a3	Vinicius Coque	$pgtitle = array(gettext("System"), gettext("Certificate Manager"));
59	64cc39d3	Matthew Grooms
60	e41ec584	Renato Botelho	if (is_numericint($_GET['userid']))
61			$userid = $_GET['userid'];
62			if (isset($_POST['userid']) && is_numericint($_POST['userid']))
63	ad9b5c67	jim-p	$userid = $_POST['userid'];
64	e41ec584	Renato Botelho
65			if (isset($userid)) {
66	ad9b5c67	jim-p	$cert_methods["existing"] = gettext("Choose an existing certificate");
67			if (!is_array($config['system']['user']))
68			$config['system']['user'] = array();
69			$a_user =& $config['system']['user'];
70			}
71
72	e41ec584	Renato Botelho	if (is_numericint($_GET['id']))
73			$id = $_GET['id'];
74			if (isset($_POST['id']) && is_numericint($_POST['id']))
75	64cc39d3	Matthew Grooms	$id = $_POST['id'];
76
77	b4e6524c	jim-p	if (!is_array($config['ca']))
78			$config['ca'] = array();
79	64cc39d3	Matthew Grooms
80	b4e6524c	jim-p	$a_ca =& $config['ca'];
81	64cc39d3	Matthew Grooms
82	b4e6524c	jim-p	if (!is_array($config['cert']))
83			$config['cert'] = array();
84	64cc39d3	Matthew Grooms
85	b4e6524c	jim-p	$a_cert =& $config['cert'];
86	64cc39d3	Matthew Grooms
87			$internal_ca_count = 0;
88			foreach ($a_ca as $ca)
89			if ($ca['prv'])
90			$internal_ca_count++;
91
92			$act = $_GET['act'];
93			if ($_POST['act'])
94			$act = $_POST['act'];
95
96			if ($act == "del") {
97
98	40e6086a	jim-p	if (!isset($a_cert[$id])) {
99	64cc39d3	Matthew Grooms	pfSenseHeader("system_certmanager.php");
100			exit;
101			}
102
103	f2a86ca9	jim-p	$name = $a_cert[$id]['descr'];
104	64cc39d3	Matthew Grooms	unset($a_cert[$id]);
105			write_config();
106	8cd558b6	ayvis	$savemsg = sprintf(gettext("Certificate %s successfully deleted"), $name) . "<br />";
107	2f51259b	jim-p	pfSenseHeader("system_certmanager.php");
108			exit;
109	64cc39d3	Matthew Grooms	}
110
111			if ($act == "new") {
112			$pconfig['method'] = $_GET['method'];
113			$pconfig['keylen'] = "2048";
114	28a20fdb	jim-p	$pconfig['digest_alg'] = "sha256";
115	8f07b51c	PiBa-NL	$pconfig['csr_keylen'] = "2048";
116			$pconfig['csr_digest_alg'] = "sha256";
117	7aaabd69	jim-p	$pconfig['type'] = "user";
118	cf360495	Chris Buechler	$pconfig['lifetime'] = "3650";
119	64cc39d3	Matthew Grooms	}
120
121	93823b10	Matthew Grooms	if ($act == "exp") {
122
123			if (!$a_cert[$id]) {
124			pfSenseHeader("system_certmanager.php");
125			exit;
126			}
127
128	f2a86ca9	jim-p	$exp_name = urlencode("{$a_cert[$id]['descr']}.crt");
129	93823b10	Matthew Grooms	$exp_data = base64_decode($a_cert[$id]['crt']);
130			$exp_size = strlen($exp_data);
131
132			header("Content-Type: application/octet-stream");
133			header("Content-Disposition: attachment; filename={$exp_name}");
134			header("Content-Length: $exp_size");
135			echo $exp_data;
136			exit;
137			}
138
139	73fbece8	mgrooms	if ($act == "key") {
140
141			if (!$a_cert[$id]) {
142			pfSenseHeader("system_certmanager.php");
143			exit;
144			}
145
146	f2a86ca9	jim-p	$exp_name = urlencode("{$a_cert[$id]['descr']}.key");
147	73fbece8	mgrooms	$exp_data = base64_decode($a_cert[$id]['prv']);
148			$exp_size = strlen($exp_data);
149
150			header("Content-Type: application/octet-stream");
151			header("Content-Disposition: attachment; filename={$exp_name}");
152			header("Content-Length: $exp_size");
153			echo $exp_data;
154			exit;
155			}
156
157	eaf23c17	jim-p	if ($act == "p12") {
158			if (!$a_cert[$id]) {
159			pfSenseHeader("system_certmanager.php");
160			exit;
161			}
162
163			$exp_name = urlencode("{$a_cert[$id]['descr']}.p12");
164	eed5b507	jim-p	$args = array();
165			$args['friendly_name'] = $a_cert[$id]['descr'];
166
167			$ca = lookup_ca($a_cert[$id]['caref']);
168			if ($ca)
169			$args['extracerts'] = openssl_x509_read(base64_decode($ca['crt']));
170	eaf23c17	jim-p
171			$res_crt = openssl_x509_read(base64_decode($a_cert[$id]['crt']));
172			$res_key = openssl_pkey_get_private(array(0 => base64_decode($a_cert[$id]['prv']) , 1 => ""));
173
174			$exp_data = "";
175	eed5b507	jim-p	openssl_pkcs12_export($res_crt, $exp_data, $res_key, null, $args);
176	eaf23c17	jim-p	$exp_size = strlen($exp_data);
177
178			header("Content-Type: application/octet-stream");
179			header("Content-Disposition: attachment; filename={$exp_name}");
180			header("Content-Length: $exp_size");
181			echo $exp_data;
182			exit;
183			}
184
185	64cc39d3	Matthew Grooms	if ($act == "csr") {
186
187			if (!$a_cert[$id]) {
188			pfSenseHeader("system_certmanager.php");
189			exit;
190			}
191
192	f2a86ca9	jim-p	$pconfig['descr'] = $a_cert[$id]['descr'];
193	64cc39d3	Matthew Grooms	$pconfig['csr'] = base64_decode($a_cert[$id]['csr']);
194			}
195
196			if ($_POST) {
197	e64aa6f8	Carlos Eduardo Ramos	if ($_POST['save'] == gettext("Save")) {
198	21cc2faa	Evgeny Yurchenko	$input_errors = array();
199	64cc39d3	Matthew Grooms	$pconfig = $_POST;
200
201			/* input validation */
202	ad9b5c67	jim-p	if ($pconfig['method'] == "import") {
203	64cc39d3	Matthew Grooms	$reqdfields = explode(" ",
204	5293bfec	jim-p	"descr cert key");
205	38fb1109	Vinicius Coque	$reqdfieldsn = array(
206			gettext("Descriptive name"),
207			gettext("Certificate data"),
208			gettext("Key data"));
209	396cfe2e	jim-p	if ($_POST['cert'] && (!strstr($_POST['cert'], "BEGIN CERTIFICATE") \|\| !strstr($_POST['cert'], "END CERTIFICATE")))
210			$input_errors[] = gettext("This certificate does not appear to be valid.");
211	64cc39d3	Matthew Grooms	}
212
213			if ($pconfig['method'] == "internal") {
214			$reqdfields = explode(" ",
215	7aaabd69	jim-p	"descr caref keylen type lifetime dn_country dn_state dn_city ".
216	64cc39d3	Matthew Grooms	"dn_organization dn_email dn_commonname");
217	38fb1109	Vinicius Coque	$reqdfieldsn = array(
218			gettext("Descriptive name"),
219			gettext("Certificate authority"),
220			gettext("Key length"),
221	7aaabd69	jim-p	gettext("Certificate Type"),
222	38fb1109	Vinicius Coque	gettext("Lifetime"),
223			gettext("Distinguished name Country Code"),
224			gettext("Distinguished name State or Province"),
225			gettext("Distinguished name City"),
226			gettext("Distinguished name Organization"),
227			gettext("Distinguished name Email Address"),
228	a37753d7	Vinicius Coque	gettext("Distinguished name Common Name"));
229	64cc39d3	Matthew Grooms	}
230
231			if ($pconfig['method'] == "external") {
232			$reqdfields = explode(" ",
233	5293bfec	jim-p	"descr csr_keylen csr_dn_country csr_dn_state csr_dn_city ".
234	64cc39d3	Matthew Grooms	"csr_dn_organization csr_dn_email csr_dn_commonname");
235	38fb1109	Vinicius Coque	$reqdfieldsn = array(
236			gettext("Descriptive name"),
237			gettext("Key length"),
238			gettext("Distinguished name Country Code"),
239			gettext("Distinguished name State or Province"),
240			gettext("Distinguished name City"),
241			gettext("Distinguished name Organization"),
242			gettext("Distinguished name Email Address"),
243	a37753d7	Vinicius Coque	gettext("Distinguished name Common Name"));
244	64cc39d3	Matthew Grooms	}
245
246	ad9b5c67	jim-p	if ($pconfig['method'] == "existing") {
247			$reqdfields = array("certref");
248			$reqdfieldsn = array(gettext("Existing Certificate Choice"));
249			}
250
251	547c56c4	jim-p	$altnames = array();
252	1e9b4611	Renato Botelho	do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors);
253	eecbeec4	Renato Botelho	if ($pconfig['method'] != "import" && $pconfig['method'] != "existing") {
254	2f65de89	jim-p	/* subjectAltNames */
255			foreach ($_POST as $key => $value) {
256			$entry = '';
257			if (!substr_compare('altname_type', $key, 0, 12)) {
258			$entry = substr($key, 12);
259			$field = 'type';
260			}
261			elseif (!substr_compare('altname_value', $key, 0, 13)) {
262			$entry = substr($key, 13);
263			$field = 'value';
264			}
265			if (ctype_digit($entry)) {
266			$altnames[$entry][$field] = $value;
267			}
268			}
269	edf37d56	Renato Botelho	$pconfig['altnames']['item'] = $altnames;
270	2f65de89	jim-p
271			/* Input validation for subjectAltNames */
272			foreach ($altnames as $idx => $altname) {
273			switch ($altname['type']) {
274			case "DNS":
275			if (!is_hostname($altname['value']))
276			array_push($input_errors, "DNS subjectAltName values must be valid hostnames or FQDNs");
277			break;
278			case "IP":
279			if (!is_ipaddr($altname['value']))
280			array_push($input_errors, "IP subjectAltName values must be valid IP Addresses");
281			break;
282			case "email":
283			if (empty($altname['value']))
284			array_push($input_errors, "You must provide an e-mail address for this type of subjectAltName");
285			if (preg_match("/[\!\#\$\%\^\~\?\>\<\&\/\\\,\"\']/", $altname['value']))
286			array_push($input_errors, "The e-mail provided in a subjectAltName contains invalid characters.");
287			break;
288			case "URI":
289			/* Close enough? */
290			if (!is_URL($altname['value']))
291			$input_errors[] = "URI subjectAltName types must be a valid URI";
292			break;
293			default:
294			$input_errors[] = "Unrecognized subjectAltName type.";
295			}
296			}
297
298	21cc2faa	Evgeny Yurchenko	/* Make sure we do not have invalid characters in the fields for the certificate */
299			for ($i = 0; $i < count($reqdfields); $i++) {
300			if (preg_match('/email/', $reqdfields[$i])){ /* dn_email or csr_dn_name */
301	4655b2cd	Renato Botelho	if (preg_match("/[\!\#\$\%\^\~\?\>\<\&\/\\\,\"\']/", $_POST[$reqdfields[$i]]))
302	21cc2faa	Evgeny Yurchenko	array_push($input_errors, "The field 'Distinguished name Email Address' contains invalid characters.");
303			}else if (preg_match('/commonname/', $reqdfields[$i])){ /* dn_commonname or csr_dn_commonname */
304	4655b2cd	Renato Botelho	if (preg_match("/[\!\@\#\$\%\^\~\?\>\<\&\/\\\,\"\']/", $_POST[$reqdfields[$i]]))
305	21cc2faa	Evgeny Yurchenko	array_push($input_errors, "The field 'Distinguished name Common Name' contains invalid characters.");
306	4655b2cd	Renato Botelho	}else if (($reqdfields[$i] != "descr") && preg_match("/[\!\@\#\$\%\^\~\?\>\<\&\/\\\,\.\"\']/", $_POST[$reqdfields[$i]]))
307	21cc2faa	Evgeny Yurchenko	array_push($input_errors, "The field '" . $reqdfieldsn[$i] . "' contains invalid characters.");
308			}
309	738fab3d	jim-p
310			if (($pconfig['method'] != "external") && isset($_POST["keylen"]) && !in_array($_POST["keylen"], $cert_keylens))
311	741d748d	jim-p	array_push($input_errors, gettext("Please select a valid Key Length."));
312	738fab3d	jim-p	if (($pconfig['method'] != "external") && !in_array($_POST["digest_alg"], $openssl_digest_algs))
313	8f07b51c	PiBa-NL	array_push($input_errors, gettext("Please select a valid Digest Algorithm."));
314
315	738fab3d	jim-p	if (($pconfig['method'] == "external") && isset($_POST["csr_keylen"]) && !in_array($_POST["csr_keylen"], $cert_keylens))
316	ca621902	jim-p	array_push($input_errors, gettext("Please select a valid Key Length."));
317	738fab3d	jim-p	if (($pconfig['method'] == "external") && !in_array($_POST["csr_digest_alg"], $openssl_digest_algs))
318	ca621902	jim-p	array_push($input_errors, gettext("Please select a valid Digest Algorithm."));
319	547c56c4	jim-p	}
320	64cc39d3	Matthew Grooms
321			/* if this is an AJAX caller then handle via JSON */
322			if (isAjax() && is_array($input_errors)) {
323			input_errors2Ajax($input_errors);
324			exit;
325			}
326
327			/* save modifications */
328			if (!$input_errors) {
329
330	ad9b5c67	jim-p	if ($pconfig['method'] == "existing") {
331			$cert = lookup_cert($pconfig['certref']);
332			if ($cert && $a_user)
333			$a_user[$userid]['cert'][] = $cert['refid'];
334			} else {
335			$cert = array();
336			$cert['refid'] = uniqid();
337			if (isset($id) && $a_cert[$id])
338			$cert = $a_cert[$id];
339
340	f2a86ca9	jim-p	$cert['descr'] = $pconfig['descr'];
341	ad9b5c67	jim-p
342	22b380aa	Evgeny Yurchenko	$old_err_level = error_reporting(0); /* otherwise openssl_ functions throw warings directly to a page screwing menu tab */
343
344	ad9b5c67	jim-p	if ($pconfig['method'] == "import")
345			cert_import($cert, $pconfig['cert'], $pconfig['key']);
346
347			if ($pconfig['method'] == "internal") {
348			$dn = array(
349			'countryName' => $pconfig['dn_country'],
350			'stateOrProvinceName' => $pconfig['dn_state'],
351			'localityName' => $pconfig['dn_city'],
352			'organizationName' => $pconfig['dn_organization'],
353			'emailAddress' => $pconfig['dn_email'],
354			'commonName' => $pconfig['dn_commonname']);
355	2f65de89	jim-p	if (count($altnames)) {
356			$altnames_tmp = "";
357			foreach ($altnames as $altname) {
358			$altnames_tmp[] = "{$altname['type']}:{$altname['value']}";
359			}
360			$dn['subjectAltName'] = implode(",", $altnames_tmp);
361			}
362	22b380aa	Evgeny Yurchenko	if (!cert_create($cert, $pconfig['caref'], $pconfig['keylen'],
363	ca621902	jim-p	$pconfig['lifetime'], $dn, $pconfig['type'], $pconfig['digest_alg'])){
364	22b380aa	Evgeny Yurchenko	while($ssl_err = openssl_error_string()){
365			$input_errors = array();
366			array_push($input_errors, "openssl library returns: " . $ssl_err);
367			}
368			}
369	ad9b5c67	jim-p	}
370
371			if ($pconfig['method'] == "external") {
372			$dn = array(
373			'countryName' => $pconfig['csr_dn_country'],
374			'stateOrProvinceName' => $pconfig['csr_dn_state'],
375			'localityName' => $pconfig['csr_dn_city'],
376			'organizationName' => $pconfig['csr_dn_organization'],
377			'emailAddress' => $pconfig['csr_dn_email'],
378			'commonName' => $pconfig['csr_dn_commonname']);
379	2f65de89	jim-p	if (count($altnames)) {
380			$altnames_tmp = "";
381			foreach ($altnames as $altname) {
382			$altnames_tmp[] = "{$altname['type']}:{$altname['value']}";
383			}
384			$dn['subjectAltName'] = implode(",", $altnames_tmp);
385			}
386	8f07b51c	PiBa-NL	if(!csr_generate($cert, $pconfig['csr_keylen'], $dn, $pconfig['csr_digest_alg'])){
387	22b380aa	Evgeny Yurchenko	while($ssl_err = openssl_error_string()){
388			$input_errors = array();
389			array_push($input_errors, "openssl library returns: " . $ssl_err);
390			}
391			}
392	ad9b5c67	jim-p	}
393	22b380aa	Evgeny Yurchenko	error_reporting($old_err_level);
394
395	ad9b5c67	jim-p	if (isset($id) && $a_cert[$id])
396			$a_cert[$id] = $cert;
397			else
398			$a_cert[] = $cert;
399			if (isset($a_user) && isset($userid))
400			$a_user[$userid]['cert'][] = $cert['refid'];
401	64cc39d3	Matthew Grooms	}
402
403	22b380aa	Evgeny Yurchenko	if (!$input_errors)
404			write_config();
405	64cc39d3	Matthew Grooms
406	1a6769a6	Renato Botelho	if ($userid) {
407			post_redirect("system_usermanager.php", array('act' => 'edit', 'userid' => $userid));
408			exit;
409			}
410	64cc39d3	Matthew Grooms	}
411			}
412
413	a37753d7	Vinicius Coque	if ($_POST['save'] == gettext("Update")) {
414	64cc39d3	Matthew Grooms	unset($input_errors);
415			$pconfig = $_POST;
416
417			/* input validation */
418	5293bfec	jim-p	$reqdfields = explode(" ", "descr cert");
419	76d49f20	Renato Botelho	$reqdfieldsn = array(
420			gettext("Descriptive name"),
421			gettext("Final Certificate data"));
422	64cc39d3	Matthew Grooms
423	1e9b4611	Renato Botelho	do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors);
424	64cc39d3	Matthew Grooms
425	a828210b	yakatz	// old way
426	64cc39d3	Matthew Grooms	/* make sure this csr and certificate subjects match */
427	a828210b	yakatz	// $subj_csr = csr_get_subject($pconfig['csr'], false);
428			// $subj_cert = cert_get_subject($pconfig['cert'], false);
429			//
430			// if ( !isset($_POST['ignoresubjectmismatch']) && !($_POST['ignoresubjectmismatch'] == "yes") ) {
431			// if (strcmp($subj_csr,$subj_cert)) {
432			// $input_errors[] = sprintf(gettext("The certificate subject '%s' does not match the signing request subject."),$subj_cert);
433			// $subject_mismatch = true;
434			// }
435			// }
436	2594f401	yakatz	$mod_csr = csr_get_modulus($pconfig['csr'], false);
437			$mod_cert = cert_get_modulus($pconfig['cert'], false);
438	a828210b	yakatz
439			if (strcmp($mod_csr,$mod_cert)) {
440			// simply: if the moduli don't match, then the private key and public key won't match
441			$input_errors[] = sprintf(gettext("The certificate modulus does not match the signing request modulus."),$subj_cert);
442			$subject_mismatch = true;
443			}
444	64cc39d3	Matthew Grooms
445			/* if this is an AJAX caller then handle via JSON */
446			if (isAjax() && is_array($input_errors)) {
447			input_errors2Ajax($input_errors);
448			exit;
449			}
450
451			/* save modifications */
452			if (!$input_errors) {
453
454			$cert = $a_cert[$id];
455
456	f2a86ca9	jim-p	$cert['descr'] = $pconfig['descr'];
457	64cc39d3	Matthew Grooms
458			csr_complete($cert, $pconfig['cert']);
459
460			$a_cert[$id] = $cert;
461
462			write_config();
463
464			pfSenseHeader("system_certmanager.php");
465			}
466			}
467			}
468
469			include("head.inc");
470			?>
471
472	b8e1877f	Colin Fleming	<body link="#000000" vlink="#000000" alink="#000000" onload="<?= $jsevents["body"]["onload"] ?>">
473	64cc39d3	Matthew Grooms	<?php include("fbegin.inc"); ?>
474			<script type="text/javascript">
475	b8e1877f	Colin Fleming	//<![CDATA[
476	64cc39d3	Matthew Grooms
477			function method_change() {
478
479			<?php
480			if ($internal_ca_count)
481			$submit_style = "";
482			else
483			$submit_style = "none";
484			?>
485
486			method = document.iform.method.selectedIndex;
487
488			switch (method) {
489			case 0:
490	ad9b5c67	jim-p	document.getElementById("import").style.display="";
491	64cc39d3	Matthew Grooms	document.getElementById("internal").style.display="none";
492			document.getElementById("external").style.display="none";
493	ad9b5c67	jim-p	document.getElementById("existing").style.display="none";
494			document.getElementById("descriptivename").style.display="";
495	96c7a492	Matthew Grooms	document.getElementById("submit").style.display="";
496	64cc39d3	Matthew Grooms	break;
497			case 1:
498	ad9b5c67	jim-p	document.getElementById("import").style.display="none";
499	64cc39d3	Matthew Grooms	document.getElementById("internal").style.display="";
500			document.getElementById("external").style.display="none";
501	ad9b5c67	jim-p	document.getElementById("existing").style.display="none";
502			document.getElementById("descriptivename").style.display="";
503	64cc39d3	Matthew Grooms	document.getElementById("submit").style.display="<?=$submit_style;?>";
504			break;
505			case 2:
506	ad9b5c67	jim-p	document.getElementById("import").style.display="none";
507	64cc39d3	Matthew Grooms	document.getElementById("internal").style.display="none";
508			document.getElementById("external").style.display="";
509	ad9b5c67	jim-p	document.getElementById("existing").style.display="none";
510			document.getElementById("descriptivename").style.display="";
511			document.getElementById("submit").style.display="";
512			break;
513			case 3:
514			document.getElementById("import").style.display="none";
515			document.getElementById("internal").style.display="none";
516			document.getElementById("external").style.display="none";
517			document.getElementById("existing").style.display="";
518			document.getElementById("descriptivename").style.display="none";
519	96c7a492	Matthew Grooms	document.getElementById("submit").style.display="";
520	64cc39d3	Matthew Grooms	break;
521			}
522			}
523
524			<?php if ($internal_ca_count): ?>
525			function internalca_change() {
526
527			index = document.iform.caref.selectedIndex;
528			caref = document.iform.caref[index].value;
529
530			switch (caref) {
531			<?php
532			foreach ($a_ca as $ca):
533			if (!$ca['prv'])
534			continue;
535			$subject = cert_get_subject_array($ca['crt']);
536			?>
537			case "<?=$ca['refid'];?>":
538			document.iform.dn_country.value = "<?=$subject[0]['v'];?>";
539			document.iform.dn_state.value = "<?=$subject[1]['v'];?>";
540			document.iform.dn_city.value = "<?=$subject[2]['v'];?>";
541			document.iform.dn_organization.value = "<?=$subject[3]['v'];?>";
542	ad9b5c67	jim-p	document.iform.dn_email.value = "<?=$subject[4]['v'];?>";
543	64cc39d3	Matthew Grooms	break;
544			<?php endforeach; ?>
545			}
546			}
547			<?php endif; ?>
548
549	b8e1877f	Colin Fleming	//]]>
550	2f65de89	jim-p	</script>
551	b8e1877f	Colin Fleming	<script type="text/javascript" src="/javascript/row_helper_dynamic.js"></script>
552	2f65de89	jim-p	<input type='hidden' name='altname_value_type' value='select' />
553			<input type='hidden' name='altname_type_type' value='textbox' />
554			<script type="text/javascript">
555	b8e1877f	Colin Fleming	//<![CDATA[
556	2f65de89	jim-p	rowname[0] = "altname_type";
557			rowtype[0] = "textbox";
558			rowsize[0] = "10";
559			rowname[1] = "altname_value";
560			rowtype[1] = "textbox";
561			rowsize[1] = "30";
562	b8e1877f	Colin Fleming	//]]>
563	2f65de89	jim-p	</script>
564	64cc39d3	Matthew Grooms	<?php
565			if ($input_errors)
566			print_input_errors($input_errors);
567			if ($savemsg)
568			print_info_box($savemsg);
569	24cbe7a8	Evgeny Yurchenko
570			// Load valid country codes
571			$dn_cc = array();
572			if (file_exists("/etc/ca_countries")){
573			$dn_cc_file=file("/etc/ca_countries");
574			foreach($dn_cc_file as $line)
575			if (preg_match('/^(\S)\s(.)$/', $line, $matches))
576			array_push($dn_cc, $matches[1]);
577			}
578	64cc39d3	Matthew Grooms	?>
579	b8e1877f	Colin Fleming	<table width="100%" border="0" cellpadding="0" cellspacing="0" summary="cert manager">
580	64cc39d3	Matthew Grooms	<tr>
581			<td class="tabnavtbl">
582			<?php
583			$tab_array = array();
584			$tab_array[] = array(gettext("CAs"), false, "system_camanager.php");
585			$tab_array[] = array(gettext("Certificates"), true, "system_certmanager.php");
586	3d57d2d5	jim-p	$tab_array[] = array(gettext("Certificate Revocation"), false, "system_crlmanager.php");
587	64cc39d3	Matthew Grooms	display_top_tabs($tab_array);
588			?>
589			</td>
590			</tr>
591			<tr>
592	96c7a492	Matthew Grooms	<td id="mainarea">
593			<div class="tabcont">
594
595	e64aa6f8	Carlos Eduardo Ramos	<?php if ($act == "new" \|\| (($_POST['save'] == gettext("Save")) && $input_errors)): ?>
596	96c7a492	Matthew Grooms
597			<form action="system_certmanager.php" method="post" name="iform" id="iform">
598	b8e1877f	Colin Fleming	<table width="100%" border="0" cellpadding="6" cellspacing="0" summary="main area">
599	96c7a492	Matthew Grooms	<?php if (!isset($id)): ?>
600			<tr>
601			<td width="22%" valign="top" class="vncellreq"><?=gettext("Method");?></td>
602			<td width="78%" class="vtable">
603			<select name='method' id='method' class="formselect" onchange='method_change()'>
604			<?php
605			foreach($cert_methods as $method => $desc):
606			$selected = "";
607			if ($pconfig['method'] == $method)
608	b8e1877f	Colin Fleming	$selected = " selected=\"selected\"";
609	96c7a492	Matthew Grooms	?>
610			<option value="<?=$method;?>"<?=$selected;?>><?=$desc;?></option>
611			<?php endforeach; ?>
612			</select>
613			</td>
614			</tr>
615			<?php endif; ?>
616	ad9b5c67	jim-p	<tr id="descriptivename">
617			<?php
618	f2a86ca9	jim-p	if ($a_user && empty($pconfig['descr']))
619			$pconfig['descr'] = $a_user[$userid]['name'];
620	ad9b5c67	jim-p	?>
621			<td width="22%" valign="top" class="vncellreq"><?=gettext("Descriptive name");?></td>
622			<td width="78%" class="vtable">
623	f2a86ca9	jim-p	<input name="descr" type="text" class="formfld unknown" id="descr" size="20" value="<?=htmlspecialchars($pconfig['descr']);?>"/>
624	ad9b5c67	jim-p	</td>
625			</tr>
626	96c7a492	Matthew Grooms	</table>
627
628	b8e1877f	Colin Fleming	<table width="100%" border="0" cellpadding="6" cellspacing="0" id="import" summary="import">
629	96c7a492	Matthew Grooms	<tr>
630			<td colspan="2" class="list" height="12"></td>
631			</tr>
632			<tr>
633	ad9b5c67	jim-p	<td colspan="2" valign="top" class="listtopic"><?=gettext("Import Certificate");?></td>
634	96c7a492	Matthew Grooms	</tr>
635
636			<tr>
637	a37753d7	Vinicius Coque	<td width="22%" valign="top" class="vncellreq"><?=gettext("Certificate data");?></td>
638	96c7a492	Matthew Grooms	<td width="78%" class="vtable">
639	dd5bf424	Scott Ullrich	<textarea name="cert" id="cert" cols="65" rows="7" class="formfld_cert"><?=htmlspecialchars($pconfig['cert']);?></textarea>
640	8cd558b6	ayvis	<br />
641	b8e1877f	Colin Fleming	<?=gettext("Paste a certificate in X.509 PEM format here.");?>
642	96c7a492	Matthew Grooms	</td>
643			</tr>
644			<tr>
645	a37753d7	Vinicius Coque	<td width="22%" valign="top" class="vncellreq"><?=gettext("Private key data");?></td>
646	96c7a492	Matthew Grooms	<td width="78%" class="vtable">
647	dd5bf424	Scott Ullrich	<textarea name="key" id="key" cols="65" rows="7" class="formfld_cert"><?=htmlspecialchars($pconfig['key']);?></textarea>
648	8cd558b6	ayvis	<br />
649	3065c8cd	bcyrill	<?=gettext("Paste a private key in X.509 PEM format here.");?>
650	96c7a492	Matthew Grooms	</td>
651			</tr>
652			</table>
653
654	b8e1877f	Colin Fleming	<table width="100%" border="0" cellpadding="6" cellspacing="0" id="internal" summary="internal">
655	96c7a492	Matthew Grooms	<tr>
656			<td colspan="2" class="list" height="12"></td>
657			</tr>
658			<tr>
659	a37753d7	Vinicius Coque	<td colspan="2" valign="top" class="listtopic"><?=gettext("Internal Certificate");?></td>
660	96c7a492	Matthew Grooms	</tr>
661
662			<?php if (!$internal_ca_count): ?>
663
664			<tr>
665			<td colspan="2" align="center" class="vtable">
666	a37753d7	Vinicius Coque	<?=gettext("No internal Certificate Authorities have been defined. You must");?>
667	b8e1877f	Colin Fleming	<a href="system_camanager.php?act=new&method=internal"><?=gettext("create");?></a>
668	a37753d7	Vinicius Coque	<?=gettext("an internal CA before creating an internal certificate.");?>
669	96c7a492	Matthew Grooms	</td>
670			</tr>
671
672			<?php else: ?>
673
674			<tr>
675			<td width="22%" valign="top" class="vncellreq"><?=gettext("Certificate authority");?></td>
676			<td width="78%" class="vtable">
677	b8e1877f	Colin Fleming	<select name='caref' id='caref' class="formselect" onchange='internalca_change()'>
678	96c7a492	Matthew Grooms	<?php
679			foreach( $a_ca as $ca):
680			if (!$ca['prv'])
681			continue;
682			$selected = "";
683			if ($pconfig['caref'] == $ca['refid'])
684	b8e1877f	Colin Fleming	$selected = " selected=\"selected\"";
685	96c7a492	Matthew Grooms	?>
686	f2a86ca9	jim-p	<option value="<?=$ca['refid'];?>"<?=$selected;?>><?=$ca['descr'];?></option>
687	96c7a492	Matthew Grooms	<?php endforeach; ?>
688			</select>
689			</td>
690			</tr>
691			<tr>
692			<td width="22%" valign="top" class="vncellreq"><?=gettext("Key length");?></td>
693			<td width="78%" class="vtable">
694			<select name='keylen' class="formselect">
695			<?php
696			foreach( $cert_keylens as $len):
697			$selected = "";
698			if ($pconfig['keylen'] == $len)
699	b8e1877f	Colin Fleming	$selected = " selected=\"selected\"";
700	96c7a492	Matthew Grooms	?>
701			<option value="<?=$len;?>"<?=$selected;?>><?=$len;?></option>
702			<?php endforeach; ?>
703			</select>
704	a37753d7	Vinicius Coque	<?=gettext("bits");?>
705	96c7a492	Matthew Grooms	</td>
706			</tr>
707	ca621902	jim-p	<tr>
708			<td width="22%" valign="top" class="vncellreq"><?=gettext("Digest Algorithm");?></td>
709			<td width="78%" class="vtable">
710			<select name='digest_alg' id='digest_alg' class="formselect">
711			<?php
712			foreach( $openssl_digest_algs as $digest_alg):
713			$selected = "";
714			if ($pconfig['digest_alg'] == $digest_alg)
715	b8e1877f	Colin Fleming	$selected = " selected=\"selected\"";
716	ca621902	jim-p	?>
717			<option value="<?=$digest_alg;?>"<?=$selected;?>><?=strtoupper($digest_alg);?></option>
718			<?php endforeach; ?>
719			</select>
720	8cd558b6	ayvis	<br /><?= gettext("NOTE: It is recommended to use an algorithm stronger than SHA1 when possible.") ?>
721	ca621902	jim-p	</td>
722			</tr>
723	7aaabd69	jim-p	<tr>
724			<td width="22%" valign="top" class="vncellreq"><?=gettext("Certificate Type");?></td>
725			<td width="78%" class="vtable">
726			<select name='type' class="formselect">
727			<?php
728			foreach( $cert_types as $ct => $ctdesc ):
729			$selected = "";
730			if ($pconfig['type'] == $ct)
731	b8e1877f	Colin Fleming	$selected = " selected=\"selected\"";
732	7aaabd69	jim-p	?>
733			<option value="<?=$ct;?>"<?=$selected;?>><?=$ctdesc;?></option>
734			<?php endforeach; ?>
735			</select>
736	8cd558b6	ayvis	<br />
737	7aaabd69	jim-p	<?=gettext("Type of certificate to generate. Used for placing restrictions on the usage of the generated certificate.");?>
738			</td>
739			</tr>
740	96c7a492	Matthew Grooms	<tr>
741			<td width="22%" valign="top" class="vncellreq"><?=gettext("Lifetime");?></td>
742			<td width="78%" class="vtable">
743			<input name="lifetime" type="text" class="formfld unknown" id="lifetime" size="5" value="<?=htmlspecialchars($pconfig['lifetime']);?>"/>
744	a37753d7	Vinicius Coque	<?=gettext("days");?>
745	96c7a492	Matthew Grooms	</td>
746			</tr>
747			<tr>
748			<td width="22%" valign="top" class="vncellreq"><?=gettext("Distinguished name");?></td>
749			<td width="78%" class="vtable">
750	b8e1877f	Colin Fleming	<table border="0" cellspacing="0" cellpadding="2" summary="name">
751	96c7a492	Matthew Grooms	<tr>
752	a37753d7	Vinicius Coque	<td align="right"><?=gettext("Country Code");?> :  </td>
753	96c7a492	Matthew Grooms	<td align="left">
754	0fcaf4f2	jim-p	<input name="dn_country" type="text" class="formfld unknown" maxlength="2" size="2" value="<?=htmlspecialchars($pconfig['dn_country']);?>"/>
755	96c7a492	Matthew Grooms	</td>
756			</tr>
757			<tr>
758	a37753d7	Vinicius Coque	<td align="right"><?=gettext("State or Province");?> :  </td>
759	96c7a492	Matthew Grooms	<td align="left">
760	0fcaf4f2	jim-p	<input name="dn_state" type="text" class="formfld unknown" size="40" value="<?=htmlspecialchars($pconfig['dn_state']);?>"/>
761	96c7a492	Matthew Grooms	</td>
762			</tr>
763			<tr>
764	a37753d7	Vinicius Coque	<td align="right"><?=gettext("City");?> :  </td>
765	96c7a492	Matthew Grooms	<td align="left">
766	0fcaf4f2	jim-p	<input name="dn_city" type="text" class="formfld unknown" size="40" value="<?=htmlspecialchars($pconfig['dn_city']);?>"/>
767	96c7a492	Matthew Grooms	</td>
768			</tr>
769			<tr>
770	a37753d7	Vinicius Coque	<td align="right"><?=gettext("Organization");?> :  </td>
771	96c7a492	Matthew Grooms	<td align="left">
772	0fcaf4f2	jim-p	<input name="dn_organization" type="text" class="formfld unknown" size="40" value="<?=htmlspecialchars($pconfig['dn_organization']);?>"/>
773	96c7a492	Matthew Grooms	</td>
774			</tr>
775			<tr>
776	a37753d7	Vinicius Coque	<td align="right"><?=gettext("Email Address");?> :  </td>
777	96c7a492	Matthew Grooms	<td align="left">
778			<input name="dn_email" type="text" class="formfld unknown" size="25" value="<?=htmlspecialchars($pconfig['dn_email']);?>"/>
779
780			<em>ex:</em>
781
782	a37753d7	Vinicius Coque	<?=gettext("webadmin@mycompany.com");?>
783	96c7a492	Matthew Grooms	</td>
784			</tr>
785			<tr>
786	a37753d7	Vinicius Coque	<td align="right"><?=gettext("Common Name");?> :  </td>
787	96c7a492	Matthew Grooms	<td align="left">
788	ad9b5c67	jim-p	<?php
789			if ($a_user && empty($pconfig['dn_commonname']))
790			$pconfig['dn_commonname'] = $a_user[$userid]['name'];
791			?>
792	96c7a492	Matthew Grooms	<input name="dn_commonname" type="text" class="formfld unknown" size="25" value="<?=htmlspecialchars($pconfig['dn_commonname']);?>"/>
793
794			<em>ex:</em>
795
796	a37753d7	Vinicius Coque	<?=gettext("www.example.com");?>
797	96c7a492	Matthew Grooms	</td>
798			</tr>
799	2f65de89	jim-p	<tr>
800			<td align="right"><?=gettext("Alternative Names");?> :  </td>
801			<td align="left">
802			<table id="altNametable">
803			<thead>
804			<tr>
805			<th><div id="onecolumn"><?=gettext("Type");?></div></th>
806			<th><div id="twocolumn"><?=gettext("Value");?></div></th>
807			</tr>
808			</thead>
809			<tbody>
810			<?php
811			$counter = 0;
812			if($pconfig['altnames']['item']):
813			foreach($pconfig['altnames']['item'] as $item):
814			$type = $item['type'];
815			$value = $item['value'];
816			?>
817			<tr>
818			<td>
819	4287c73a	Renato Botelho	<input autocomplete="off" name="altname_type<?php echo $counter; ?>" type="text" class="formfld unknown" id="altname_type<?php echo $counter; ?>" size="20" value="<?=htmlspecialchars($type);?>" />
820	2f65de89	jim-p	</td>
821			<td>
822			<input autocomplete="off" name="altname_value<?php echo $counter; ?>" type="text" class="formfld unknown" id="altname_value<?php echo $counter; ?>" size="20" value="<?=htmlspecialchars($value);?>" />
823			</td>
824			<td>
825			<a onclick="removeRow(this); return false;" href="#"><img border="0" src="/themes/<?echo $g['theme'];?>/images/icons/icon_x.gif" alt="" title="<?=gettext("remove this entry"); ?>" /></a>
826			</td>
827			</tr>
828			<?php
829			$counter++;
830			endforeach;
831			endif;
832			?>
833	b8e1877f	Colin Fleming	<tr><td> </td></tr>
834	2f65de89	jim-p	</tbody>
835			</table>
836			<a onclick="javascript:addRowTo('altNametable', 'formfldalias'); return false;" href="#">
837			<img border="0" src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" alt="" title="<?=gettext("add another entry");?>" />
838			</a>
839			<script type="text/javascript">
840	b8e1877f	Colin Fleming	//<![CDATA[
841	2f65de89	jim-p	field_counter_js = 3;
842			rows = 1;
843			totalrows = <?php echo $counter; ?>;
844			loaded = <?php echo $counter; ?>;
845	b8e1877f	Colin Fleming	//]]>
846	2f65de89	jim-p	</script>
847	8cd558b6	ayvis	<br />NOTE: Type must be one of DNS (FQDN or Hostname), IP (IP address), URI, or email.
848	2f65de89	jim-p	</td>
849			</tr>
850	96c7a492	Matthew Grooms	</table>
851			</td>
852			</tr>
853	64cc39d3	Matthew Grooms
854			<?php endif; ?>
855
856	96c7a492	Matthew Grooms	</table>
857
858	b8e1877f	Colin Fleming	<table width="100%" border="0" cellpadding="6" cellspacing="0" id="external" summary="external">
859	96c7a492	Matthew Grooms	<tr>
860			<td colspan="2" class="list" height="12"></td>
861			</tr>
862			<tr>
863	a37753d7	Vinicius Coque	<td colspan="2" valign="top" class="listtopic"><?=gettext("External Signing Request");?></td>
864	96c7a492	Matthew Grooms	</tr>
865			<tr>
866			<td width="22%" valign="top" class="vncellreq"><?=gettext("Key length");?></td>
867			<td width="78%" class="vtable">
868			<select name='csr_keylen' class="formselect">
869			<?php
870	741d748d	jim-p	if (!isset($pconfig['csr_keylen']) && isset($pconfig['csr_keylen']))
871			$pconfig['csr_keylen'] = $pconfig['csr_keylen'];
872	96c7a492	Matthew Grooms	foreach( $cert_keylens as $len):
873			$selected = "";
874	741d748d	jim-p	if ($pconfig['csr_keylen'] == $len)
875	b8e1877f	Colin Fleming	$selected = " selected=\"selected\"";
876	96c7a492	Matthew Grooms	?>
877			<option value="<?=$len;?>"<?=$selected;?>><?=$len;?></option>
878			<?php endforeach; ?>
879			</select>
880			bits
881			</td>
882			</tr>
883	24c0145c	jim-p	<tr>
884			<td width="22%" valign="top" class="vncellreq"><?=gettext("Digest Algorithm");?></td>
885			<td width="78%" class="vtable">
886	8f07b51c	PiBa-NL	<select name='csr_digest_alg' id='csr_digest_alg' class="formselect">
887	24c0145c	jim-p	<?php
888	8f07b51c	PiBa-NL	foreach( $openssl_digest_algs as $csr_digest_alg):
889	24c0145c	jim-p	$selected = "";
890	8f07b51c	PiBa-NL	if ($pconfig['csr_digest_alg'] == $csr_digest_alg)
891	b8e1877f	Colin Fleming	$selected = " selected=\"selected\"";
892	24c0145c	jim-p	?>
893	8f07b51c	PiBa-NL	<option value="<?=$csr_digest_alg;?>"<?=$selected;?>><?=strtoupper($csr_digest_alg);?></option>
894	24c0145c	jim-p	<?php endforeach; ?>
895			</select>
896	8cd558b6	ayvis	<br /><?= gettext("NOTE: It is recommended to use an algorithm stronger than SHA1 when possible.") ?>
897	24c0145c	jim-p	</td>
898			</tr>
899	96c7a492	Matthew Grooms	<tr>
900			<td width="22%" valign="top" class="vncellreq"><?=gettext("Distinguished name");?></td>
901			<td width="78%" class="vtable">
902	b8e1877f	Colin Fleming	<table border="0" cellspacing="0" cellpadding="2" summary="name">
903	96c7a492	Matthew Grooms	<tr>
904	a37753d7	Vinicius Coque	<td align="right"><?=gettext("Country Code");?> :  </td>
905	96c7a492	Matthew Grooms	<td align="left">
906	24cbe7a8	Evgeny Yurchenko	<select name='csr_dn_country' class="formselect">
907			<?php
908			foreach( $dn_cc as $cc){
909			$selected = "";
910	3065c8cd	bcyrill	if ($pconfig['csr_dn_country'] == $cc)
911	b8e1877f	Colin Fleming	$selected = " selected=\"selected\"";
912	3065c8cd	bcyrill	print "<option value=\"$cc\"$selected>$cc</option>";
913	24cbe7a8	Evgeny Yurchenko	}
914			?>
915			</select>
916	96c7a492	Matthew Grooms	</td>
917			</tr>
918			<tr>
919	a37753d7	Vinicius Coque	<td align="right"><?=gettext("State or Province");?> :  </td>
920	96c7a492	Matthew Grooms	<td align="left">
921			<input name="csr_dn_state" type="text" class="formfld unknown" size="40" value="<?=htmlspecialchars($pconfig['csr_dn_state']);?>" />
922
923			<em>ex:</em>
924
925	a37753d7	Vinicius Coque	<?=gettext("Texas");?>
926	96c7a492	Matthew Grooms	</td>
927			</tr>
928			<tr>
929	a37753d7	Vinicius Coque	<td align="right"><?=gettext("City");?> :  </td>
930	96c7a492	Matthew Grooms	<td align="left">
931			<input name="csr_dn_city" type="text" class="formfld unknown" size="40" value="<?=htmlspecialchars($pconfig['csr_dn_city']);?>" />
932
933			<em>ex:</em>
934
935	a37753d7	Vinicius Coque	<?=gettext("Austin");?>
936	96c7a492	Matthew Grooms	</td>
937			</tr>
938			<tr>
939	a37753d7	Vinicius Coque	<td align="right"><?=gettext("Organization");?> :  </td>
940	96c7a492	Matthew Grooms	<td align="left">
941			<input name="csr_dn_organization" type="text" class="formfld unknown" size="40" value="<?=htmlspecialchars($pconfig['csr_dn_organization']);?>" />
942
943			<em>ex:</em>
944
945	a37753d7	Vinicius Coque	<?=gettext("My Company Inc.");?>
946	96c7a492	Matthew Grooms	</td>
947			</tr>
948			<tr>
949	a37753d7	Vinicius Coque	<td align="right"><?=gettext("Email Address");?> :  </td>
950	96c7a492	Matthew Grooms	<td align="left">
951			<input name="csr_dn_email" type="text" class="formfld unknown" size="25" value="<?=htmlspecialchars($pconfig['csr_dn_email']);?>"/>
952
953			<em>ex:</em>
954
955	a37753d7	Vinicius Coque	<?=gettext("webadmin@mycompany.com");?>
956	96c7a492	Matthew Grooms	</td>
957			</tr>
958			<tr>
959	a37753d7	Vinicius Coque	<td align="right"><?=gettext("Common Name");?> :  </td>
960	96c7a492	Matthew Grooms	<td align="left">
961			<input name="csr_dn_commonname" type="text" class="formfld unknown" size="25" value="<?=htmlspecialchars($pconfig['csr_dn_commonname']);?>"/>
962
963			<em>ex:</em>
964
965	a37753d7	Vinicius Coque	<?=gettext("www.example.com");?>
966	96c7a492	Matthew Grooms	</td>
967			</tr>
968			</table>
969			</td>
970			</tr>
971			</table>
972
973	b8e1877f	Colin Fleming	<table width="100%" border="0" cellpadding="6" cellspacing="0" id="existing" summary="existing">
974	ad9b5c67	jim-p	<tr>
975			<td colspan="2" class="list" height="12"></td>
976			</tr>
977			<tr>
978			<td colspan="2" valign="top" class="listtopic"><?=gettext("Choose an Existing Certificate");?></td>
979			</tr>
980			<tr>
981			<td width="22%" valign="top" class="vncellreq"><?=gettext("Existing Certificates");?></td>
982			<td width="78%" class="vtable">
983			<?php if (isset($userid) && $a_user): ?>
984	e41ec584	Renato Botelho	<input name="userid" type="hidden" value="<?=htmlspecialchars($userid);?>" />
985	ad9b5c67	jim-p	<?php endif;?>
986			<select name='certref' class="formselect">
987			<?php
988			foreach ($config['cert'] as $cert):
989			$selected = "";
990			$caname = "";
991			$inuse = "";
992	6a0b3ea4	jim-p	$revoked = "";
993	f0664ac7	bcyrill	if (isset($userid) && in_array($cert['refid'], $config['system']['user'][$userid]['cert']))
994	ad9b5c67	jim-p	continue;
995			$ca = lookup_ca($cert['caref']);
996			if ($ca)
997	f2a86ca9	jim-p	$caname = " (CA: {$ca['descr']})";
998	ad9b5c67	jim-p	if ($pconfig['certref'] == $cert['refid'])
999	b8e1877f	Colin Fleming	$selected = " selected=\"selected\"";
1000	ad9b5c67	jim-p	if (cert_in_use($cert['refid']))
1001			$inuse = " *In Use";
1002	6a0b3ea4	jim-p	if (is_cert_revoked($cert))
1003			$revoked = " *Revoked";
1004	ad9b5c67	jim-p	?>
1005	3065c8cd	bcyrill	<option value="<?=$cert['refid'];?>"<?=$selected;?>><?=$cert['descr'] . $caname . $inuse . $revoked;?></option>
1006	ad9b5c67	jim-p	<?php endforeach; ?>
1007			</select>
1008			</td>
1009			</tr>
1010			</table>
1011
1012	b8e1877f	Colin Fleming	<table width="100%" border="0" cellpadding="6" cellspacing="0" summary="save">
1013	96c7a492	Matthew Grooms	<tr>
1014			<td width="22%" valign="top"> </td>
1015			<td width="78%">
1016	e64aa6f8	Carlos Eduardo Ramos	<input id="submit" name="save" type="submit" class="formbtn" value="<?=gettext("Save");?>" />
1017	96c7a492	Matthew Grooms	<?php if (isset($id) && $a_cert[$id]): ?>
1018	e41ec584	Renato Botelho	<input name="id" type="hidden" value="<?=htmlspecialchars($id);?>" />
1019	96c7a492	Matthew Grooms	<?php endif;?>
1020			</td>
1021			</tr>
1022			</table>
1023			</form>
1024
1025	e64aa6f8	Carlos Eduardo Ramos	<?php elseif ($act == "csr" \|\| (($_POST['save'] == gettext("Update")) && $input_errors)):?>
1026	96c7a492	Matthew Grooms
1027			<form action="system_certmanager.php" method="post" name="iform" id="iform">
1028	b8e1877f	Colin Fleming	<table width="100%" border="0" cellpadding="6" cellspacing="0" summary="name">
1029	96c7a492	Matthew Grooms	<tr>
1030			<td width="22%" valign="top" class="vncellreq"><?=gettext("Descriptive name");?></td>
1031			<td width="78%" class="vtable">
1032	f2a86ca9	jim-p	<input name="descr" type="text" class="formfld unknown" id="descr" size="20" value="<?=htmlspecialchars($pconfig['descr']);?>"/>
1033	96c7a492	Matthew Grooms	</td>
1034			</tr>
1035			<tr>
1036			<td colspan="2" class="list" height="12"></td>
1037			</tr>
1038			<tr>
1039	a37753d7	Vinicius Coque	<td colspan="2" valign="top" class="listtopic"><?=gettext("Complete Signing Request");?></td>
1040	96c7a492	Matthew Grooms	</tr>
1041
1042			<tr>
1043	5077b1e4	Chris Buechler	<td width="22%" valign="top" class="vncellreq"><?=gettext("Signing request data");?></td>
1044	96c7a492	Matthew Grooms	<td width="78%" class="vtable">
1045	b8e1877f	Colin Fleming	<textarea name="csr" id="csr" cols="65" rows="7" class="formfld_cert" readonly="readonly"><?=htmlspecialchars($pconfig['csr']);?></textarea>
1046	8cd558b6	ayvis	<br />
1047	a37753d7	Vinicius Coque	<?=gettext("Copy the certificate signing data from here and forward it to your certificate authority for signing.");?></td>
1048	96c7a492	Matthew Grooms	</td>
1049			</tr>
1050			<tr>
1051	5077b1e4	Chris Buechler	<td width="22%" valign="top" class="vncellreq"><?=gettext("Final certificate data");?></td>
1052	96c7a492	Matthew Grooms	<td width="78%" class="vtable">
1053	dd5bf424	Scott Ullrich	<textarea name="cert" id="cert" cols="65" rows="7" class="formfld_cert"><?=htmlspecialchars($pconfig['cert']);?></textarea>
1054	8cd558b6	ayvis	<br />
1055	1dfb7795	Chris Buechler	<?=gettext("Paste the certificate received from your certificate authority here.");?></td>
1056	96c7a492	Matthew Grooms	</td>
1057			</tr>
1058			<tr>
1059			<td width="22%" valign="top"> </td>
1060			<td width="78%">
1061	a828210b	yakatz	<?php /* if ( isset($subject_mismatch) && $subject_mismatch === true): ?>
1062	e2e934e0	yakatz	<input id="ignoresubjectmismatch" name="ignoresubjectmismatch" type="checkbox" class="formbtn" value="yes" />
1063			<label for="ignoresubjectmismatch"><strong><?=gettext("Ignore certificate subject mismatch"); ?></strong></label><br />
1064			<?php echo gettext("Warning: Using this option may create an " .
1065			"invalid certificate. Check this box to disable the request -> " .
1066			"response subject verification. ");
1067	8cd558b6	ayvis	?><br />
1068	a828210b	yakatz	<?php endif; */ ?>
1069	e64aa6f8	Carlos Eduardo Ramos	<input id="submit" name="save" type="submit" class="formbtn" value="<?=gettext("Update");?>" />
1070	96c7a492	Matthew Grooms	<?php if (isset($id) && $a_cert[$id]): ?>
1071	e41ec584	Renato Botelho	<input name="id" type="hidden" value="<?=htmlspecialchars($id);?>" />
1072	96c7a492	Matthew Grooms	<input name="act" type="hidden" value="csr" />
1073			<?php endif;?>
1074			</td>
1075			</tr>
1076			</table>
1077			</form>
1078
1079			<?php else:?>
1080
1081	b8e1877f	Colin Fleming	<table width="100%" border="0" cellpadding="0" cellspacing="0" summary="details">
1082	64cc39d3	Matthew Grooms	<tr>
1083	d590fa20	jim-p	<td width="15%" class="listhdrr"><?=gettext("Name");?></td>
1084			<td width="15%" class="listhdrr"><?=gettext("Issuer");?></td>
1085	a37753d7	Vinicius Coque	<td width="40%" class="listhdrr"><?=gettext("Distinguished Name");?></td>
1086	d590fa20	jim-p	<td width="10%" class="listhdrr"><?=gettext("In Use");?></td>
1087	96c7a492	Matthew Grooms	<td width="10%" class="list"></td>
1088	64cc39d3	Matthew Grooms	</tr>
1089	96c7a492	Matthew Grooms	<?php
1090			$i = 0;
1091			foreach($a_cert as $cert):
1092	f2a86ca9	jim-p	$name = htmlspecialchars($cert['descr']);
1093	a828210b	yakatz
1094	96c7a492	Matthew Grooms	if ($cert['crt']) {
1095	2cf6ddcb	Nigel Graham	$subj = cert_get_subject($cert['crt']);
1096			$issuer = cert_get_issuer($cert['crt']);
1097	1379d66f	jim-p	$purpose = cert_get_purpose($cert['crt']);
1098	2b333210	jim-p	list($startdate, $enddate) = cert_get_dates($cert['crt']);
1099	2cf6ddcb	Nigel Graham	if($subj==$issuer)
1100	a37753d7	Vinicius Coque	$caname = "<em>" . gettext("self-signed") . "</em>";
1101	2cf6ddcb	Nigel Graham	else
1102	a37753d7	Vinicius Coque	$caname = "<em>" . gettext("external"). "</em>";
1103	2cf6ddcb	Nigel Graham	$subj = htmlspecialchars($subj);
1104	96c7a492	Matthew Grooms	}
1105
1106			if ($cert['csr']) {
1107			$subj = htmlspecialchars(csr_get_subject($cert['csr']));
1108	a37753d7	Vinicius Coque	$caname = "<em>" . gettext("external - signature pending") . "</em>";
1109	96c7a492	Matthew Grooms	}
1110
1111			$ca = lookup_ca($cert['caref']);
1112			if ($ca)
1113	f2a86ca9	jim-p	$caname = $ca['descr'];
1114	96c7a492	Matthew Grooms
1115			if($cert['prv'])
1116			$certimg = "/themes/{$g['theme']}/images/icons/icon_frmfld_cert.png";
1117			else
1118			$certimg = "/themes/{$g['theme']}/images/icons/icon_frmfld_cert.png";
1119			?>
1120	64cc39d3	Matthew Grooms	<tr>
1121	96c7a492	Matthew Grooms	<td class="listlr">
1122	b8e1877f	Colin Fleming	<table border="0" cellpadding="0" cellspacing="0" summary="icon">
1123	64cc39d3	Matthew Grooms	<tr>
1124	b8e1877f	Colin Fleming	<td align="left" valign="middle">
1125	96c7a492	Matthew Grooms	<img src="<?=$certimg;?>" alt="CA" title="CA" border="0" height="16" width="16" />
1126	64cc39d3	Matthew Grooms	</td>
1127	96c7a492	Matthew Grooms	<td align="left" valign="middle">
1128			<?=$name;?>
1129	64cc39d3	Matthew Grooms	</td>
1130			</tr>
1131	1379d66f	jim-p	<tr><td> </td></tr>
1132	7aaabd69	jim-p	<?php if ($cert['type']): ?>
1133			<tr><td colspan="2"><em><?php echo $cert_types[$cert['type']]; ?></em></td></tr>
1134			<?php endif; ?>
1135	1379d66f	jim-p	<?php if (is_array($purpose)): ?>
1136			<tr><td colspan="2">
1137			CA: <?php echo $purpose['ca']; ?>,
1138			Server: <?php echo $purpose['server']; ?>
1139			</td></tr>
1140			<?php endif; ?>
1141	64cc39d3	Matthew Grooms	</table>
1142			</td>
1143	96c7a492	Matthew Grooms	<td class="listr"><?=$caname;?> </td>
1144	2b333210	jim-p	<td class="listr"><?=$subj;?> <br />
1145	b8e1877f	Colin Fleming	<table width="100%" style="font-size: 9px" summary="valid">
1146	2b333210	jim-p	<tr>
1147			<td width="10%"> </td>
1148			<td width="20%"><?=gettext("Valid From")?>:</td>
1149			<td width="70%"><?= $startdate ?></td>
1150			</tr>
1151			<tr>
1152			<td> </td>
1153			<td><?=gettext("Valid Until")?>:</td>
1154			<td><?= $enddate ?></td>
1155			</tr>
1156			</table>
1157			</td>
1158	d590fa20	jim-p	<td class="listr">
1159	150bbe09	jim-p	<?php if (is_cert_revoked($cert)): ?>
1160	8cd558b6	ayvis	<b>Revoked</b><br />
1161	150bbe09	jim-p	<?php endif; ?>
1162	d590fa20	jim-p	<?php if (is_webgui_cert($cert['refid'])): ?>
1163	8cd558b6	ayvis	webConfigurator<br />
1164	d590fa20	jim-p	<?php endif; ?>
1165			<?php if (is_user_cert($cert['refid'])): ?>
1166	8cd558b6	ayvis	User Cert<br />
1167	d590fa20	jim-p	<?php endif; ?>
1168			<?php if (is_openvpn_server_cert($cert['refid'])): ?>
1169	8cd558b6	ayvis	OpenVPN Server<br />
1170	d590fa20	jim-p	<?php endif; ?>
1171			<?php if (is_openvpn_client_cert($cert['refid'])): ?>
1172	8cd558b6	ayvis	OpenVPN Client<br />
1173	d590fa20	jim-p	<?php endif; ?>
1174			<?php if (is_ipsec_cert($cert['refid'])): ?>
1175	8cd558b6	ayvis	IPsec Tunnel<br />
1176	d590fa20	jim-p	<?php endif; ?>
1177	36f6ed35	bcyrill	<?php if (is_captiveportal_cert($cert['refid'])): ?>
1178	8cd558b6	ayvis	Captive Portal<br />
1179	36f6ed35	bcyrill	<?php endif; ?>
1180	d590fa20	jim-p	</td>
1181	b8e1877f	Colin Fleming	<td valign="middle" class="list nowrap">
1182	c1d1844a	bcyrill	<a href="system_certmanager.php?act=exp&id=<?=$i;?>">
1183	a37753d7	Vinicius Coque	<img src="/themes/<?= $g['theme'];?>/images/icons/icon_down.gif" title="<?=gettext("export cert");?>" alt="<?=gettext("export ca");?>" width="17" height="17" border="0" />
1184	96c7a492	Matthew Grooms	</a>
1185	c1d1844a	bcyrill	<a href="system_certmanager.php?act=key&id=<?=$i;?>">
1186	a37753d7	Vinicius Coque	<img src="/themes/<?= $g['theme'];?>/images/icons/icon_down.gif" title="<?=gettext("export key");?>" alt="<?=gettext("export ca");?>" width="17" height="17" border="0" />
1187	73fbece8	mgrooms	</a>
1188	c1d1844a	bcyrill	<a href="system_certmanager.php?act=p12&id=<?=$i;?>">
1189	eed5b507	jim-p	<img src="/themes/<?= $g['theme'];?>/images/icons/icon_down.gif" title="<?=gettext("export ca cert+user cert+user cert key in .p12 format");?>" alt="<?=gettext("export ca cert+user cert+user cert key in .p12 format");?>" width="17" height="17" border="0" />
1190	eaf23c17	jim-p	</a>
1191	0879599c	jim-p	<?php if (!cert_in_use($cert['refid'])): ?>
1192	b8e1877f	Colin Fleming	<a href="system_certmanager.php?act=del&id=<?=$i;?>" onclick="return confirm('<?=gettext("Do you really want to delete this Certificate?");?>')">
1193	a37753d7	Vinicius Coque	<img src="/themes/<?= $g['theme'];?>/images/icons/icon_x.gif" title="<?=gettext("delete cert");?>" alt="<?=gettext("delete cert");?>" width="17" height="17" border="0" />
1194	96c7a492	Matthew Grooms	</a>
1195	0879599c	jim-p	<?php endif; ?>
1196	96c7a492	Matthew Grooms	<?php if ($cert['csr']): ?>
1197
1198	c1d1844a	bcyrill	<a href="system_certmanager.php?act=csr&id=<?=$i;?>">
1199	a37753d7	Vinicius Coque	<img src="/themes/<?= $g['theme'];?>/images/icons/icon_e.gif" title="<?=gettext("update csr");?>" alt="<?=gettext("update csr");?>" width="17" height="17" border="0" />
1200	96c7a492	Matthew Grooms	</a>
1201			<?php endif; ?>
1202	64cc39d3	Matthew Grooms	</td>
1203			</tr>
1204	96c7a492	Matthew Grooms	<?php
1205			$i++;
1206			endforeach;
1207			?>
1208	64cc39d3	Matthew Grooms	<tr>
1209	0879599c	jim-p	<td class="list" colspan="4"></td>
1210	96c7a492	Matthew Grooms	<td class="list">
1211			<a href="system_certmanager.php?act=new">
1212	d4090fbf	jim-p	<img src="/themes/<?= $g['theme'];?>/images/icons/icon_plus.gif" title="<?=gettext("add or import certificate");?>" alt="<?=gettext("add certificate");?>" width="17" height="17" border="0" />
1213	96c7a492	Matthew Grooms	</a>
1214	64cc39d3	Matthew Grooms	</td>
1215			</tr>
1216	0879599c	jim-p	<tr>
1217			<td> </td>
1218	9338cf35	Warren Baker	<td colspan="3"><?=gettext("Note: You can only delete a certificate if it is not currently in use.");?></td>
1219	0879599c	jim-p	</tr>
1220	64cc39d3	Matthew Grooms	</table>
1221
1222	96c7a492	Matthew Grooms	<?php endif; ?>
1223	64cc39d3	Matthew Grooms
1224	96c7a492	Matthew Grooms	</div>
1225	64cc39d3	Matthew Grooms	</td>
1226			</tr>
1227			</table>
1228			<?php include("fend.inc");?>
1229			<script type="text/javascript">
1230	b8e1877f	Colin Fleming	//<![CDATA[
1231	64cc39d3	Matthew Grooms
1232			method_change();
1233			internalca_change();
1234
1235	b8e1877f	Colin Fleming	//]]>
1236	64cc39d3	Matthew Grooms	</script>
1237
1238			</body>
1239	edf37d56	Renato Botelho	</html>

Project

General

Profile

pfSense