/usr/local/www/system_certmanager.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/usr/local/www/system_certmanager.php @ d57725aa

1	64cc39d3	Matthew Grooms	<?php
2			/*
3			system_certmanager.php
4
5			Copyright (C) 2008 Shrew Soft Inc.
6			All rights reserved.
7
8			Redistribution and use in source and binary forms, with or without
9			modification, are permitted provided that the following conditions are met:
10
11			1. Redistributions of source code must retain the above copyright notice,
12			this list of conditions and the following disclaimer.
13
14			2. Redistributions in binary form must reproduce the above copyright
15			notice, this list of conditions and the following disclaimer in the
16			documentation and/or other materials provided with the distribution.
17
18			THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
19			INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
20			AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
21			AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
22			OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
23			SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
24			INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
25			CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
26			ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
27			POSSIBILITY OF SUCH DAMAGE.
28			*/
29	1d333258	Scott Ullrich	/*
30			pfSense_MODULE: certificate_managaer
31			*/
32	64cc39d3	Matthew Grooms
33			##\|+PRIV
34			##\|*IDENT=page-system-certmanager
35			##\|*NAME=System: Certificate Manager
36			##\|*DESCR=Allow access to the 'System: Certificate Manager' page.
37			##\|MATCH=system_certmanager.php
38			##\|-PRIV
39
40			require("guiconfig.inc");
41	14f5ae08	Ermal Lu?i	require_once("certs.inc");
42	64cc39d3	Matthew Grooms
43			$cert_methods = array(
44	ad9b5c67	jim-p	"import" => gettext("Import an existing Certificate"),
45	a37753d7	Vinicius Coque	"internal" => gettext("Create an internal Certificate"),
46	ad9b5c67	jim-p	"external" => gettext("Create a Certificate Signing Request"),
47			);
48	64cc39d3	Matthew Grooms
49			$cert_keylens = array( "512", "1024", "2048", "4096");
50	7aaabd69	jim-p	$cert_types = array( "ca" => "Certificate Authority",
51			"server" => "Server Certificate",
52			"user" => "User Certificate");
53	64cc39d3	Matthew Grooms
54	2f65de89	jim-p	$altname_types = array("DNS", "IP", "email", "URI");
55	84197cec	jim-p	$openssl_digest_algs = array("sha1", "sha224", "sha256", "sha384", "sha512");
56	2f65de89	jim-p
57	51e4f7a3	Vinicius Coque	$pgtitle = array(gettext("System"), gettext("Certificate Manager"));
58	64cc39d3	Matthew Grooms
59	ad9b5c67	jim-p	$userid = $_GET['userid'];
60			if (isset($_POST['userid']))
61			$userid = $_POST['userid'];
62	baa29749	jim-p	if (is_numeric($userid)) {
63	ad9b5c67	jim-p	$cert_methods["existing"] = gettext("Choose an existing certificate");
64			if (!is_array($config['system']['user']))
65			$config['system']['user'] = array();
66			$a_user =& $config['system']['user'];
67			}
68
69	64cc39d3	Matthew Grooms	$id = $_GET['id'];
70			if (isset($_POST['id']))
71			$id = $_POST['id'];
72
73	b4e6524c	jim-p	if (!is_array($config['ca']))
74			$config['ca'] = array();
75	64cc39d3	Matthew Grooms
76	b4e6524c	jim-p	$a_ca =& $config['ca'];
77	64cc39d3	Matthew Grooms
78	b4e6524c	jim-p	if (!is_array($config['cert']))
79			$config['cert'] = array();
80	64cc39d3	Matthew Grooms
81	b4e6524c	jim-p	$a_cert =& $config['cert'];
82	64cc39d3	Matthew Grooms
83			$internal_ca_count = 0;
84			foreach ($a_ca as $ca)
85			if ($ca['prv'])
86			$internal_ca_count++;
87
88			$act = $_GET['act'];
89			if ($_POST['act'])
90			$act = $_POST['act'];
91
92			if ($act == "del") {
93
94			if (!$a_cert[$id]) {
95			pfSenseHeader("system_certmanager.php");
96			exit;
97			}
98
99	f2a86ca9	jim-p	$name = $a_cert[$id]['descr'];
100	64cc39d3	Matthew Grooms	unset($a_cert[$id]);
101			write_config();
102	ea53e38f	Renato Botelho	$savemsg = sprintf(gettext("Certificate %s successfully deleted"), $name) . "<br/>";
103	2f51259b	jim-p	pfSenseHeader("system_certmanager.php");
104			exit;
105	64cc39d3	Matthew Grooms	}
106
107			if ($act == "new") {
108			$pconfig['method'] = $_GET['method'];
109			$pconfig['keylen'] = "2048";
110	741d748d	jim-p	$pconfig['csr_keylen'] = "2048";
111	28a20fdb	jim-p	$pconfig['digest_alg'] = "sha256";
112	7aaabd69	jim-p	$pconfig['type'] = "user";
113	cf360495	Chris Buechler	$pconfig['lifetime'] = "3650";
114	64cc39d3	Matthew Grooms	}
115
116	93823b10	Matthew Grooms	if ($act == "exp") {
117
118			if (!$a_cert[$id]) {
119			pfSenseHeader("system_certmanager.php");
120			exit;
121			}
122
123	f2a86ca9	jim-p	$exp_name = urlencode("{$a_cert[$id]['descr']}.crt");
124	93823b10	Matthew Grooms	$exp_data = base64_decode($a_cert[$id]['crt']);
125			$exp_size = strlen($exp_data);
126
127			header("Content-Type: application/octet-stream");
128			header("Content-Disposition: attachment; filename={$exp_name}");
129			header("Content-Length: $exp_size");
130			echo $exp_data;
131			exit;
132			}
133
134	73fbece8	mgrooms	if ($act == "key") {
135
136			if (!$a_cert[$id]) {
137			pfSenseHeader("system_certmanager.php");
138			exit;
139			}
140
141	f2a86ca9	jim-p	$exp_name = urlencode("{$a_cert[$id]['descr']}.key");
142	73fbece8	mgrooms	$exp_data = base64_decode($a_cert[$id]['prv']);
143			$exp_size = strlen($exp_data);
144
145			header("Content-Type: application/octet-stream");
146			header("Content-Disposition: attachment; filename={$exp_name}");
147			header("Content-Length: $exp_size");
148			echo $exp_data;
149			exit;
150			}
151
152	eaf23c17	jim-p	if ($act == "p12") {
153			if (!$a_cert[$id]) {
154			pfSenseHeader("system_certmanager.php");
155			exit;
156			}
157
158			$exp_name = urlencode("{$a_cert[$id]['descr']}.p12");
159
160			$res_crt = openssl_x509_read(base64_decode($a_cert[$id]['crt']));
161			$res_key = openssl_pkey_get_private(array(0 => base64_decode($a_cert[$id]['prv']) , 1 => ""));
162
163			$exp_data = "";
164			openssl_pkcs12_export($res_crt, $exp_data, $res_key, null);
165			$exp_size = strlen($exp_data);
166
167			header("Content-Type: application/octet-stream");
168			header("Content-Disposition: attachment; filename={$exp_name}");
169			header("Content-Length: $exp_size");
170			echo $exp_data;
171			exit;
172			}
173
174	64cc39d3	Matthew Grooms	if ($act == "csr") {
175
176			if (!$a_cert[$id]) {
177			pfSenseHeader("system_certmanager.php");
178			exit;
179			}
180
181	f2a86ca9	jim-p	$pconfig['descr'] = $a_cert[$id]['descr'];
182	64cc39d3	Matthew Grooms	$pconfig['csr'] = base64_decode($a_cert[$id]['csr']);
183			}
184
185			if ($_POST) {
186	e64aa6f8	Carlos Eduardo Ramos	if ($_POST['save'] == gettext("Save")) {
187	21cc2faa	Evgeny Yurchenko	$input_errors = array();
188	64cc39d3	Matthew Grooms	$pconfig = $_POST;
189
190			/* input validation */
191	ad9b5c67	jim-p	if ($pconfig['method'] == "import") {
192	64cc39d3	Matthew Grooms	$reqdfields = explode(" ",
193	5293bfec	jim-p	"descr cert key");
194	38fb1109	Vinicius Coque	$reqdfieldsn = array(
195			gettext("Descriptive name"),
196			gettext("Certificate data"),
197			gettext("Key data"));
198	396cfe2e	jim-p	if ($_POST['cert'] && (!strstr($_POST['cert'], "BEGIN CERTIFICATE") \|\| !strstr($_POST['cert'], "END CERTIFICATE")))
199			$input_errors[] = gettext("This certificate does not appear to be valid.");
200	64cc39d3	Matthew Grooms	}
201
202			if ($pconfig['method'] == "internal") {
203			$reqdfields = explode(" ",
204	7aaabd69	jim-p	"descr caref keylen type lifetime dn_country dn_state dn_city ".
205	64cc39d3	Matthew Grooms	"dn_organization dn_email dn_commonname");
206	38fb1109	Vinicius Coque	$reqdfieldsn = array(
207			gettext("Descriptive name"),
208			gettext("Certificate authority"),
209			gettext("Key length"),
210	7aaabd69	jim-p	gettext("Certificate Type"),
211	38fb1109	Vinicius Coque	gettext("Lifetime"),
212			gettext("Distinguished name Country Code"),
213			gettext("Distinguished name State or Province"),
214			gettext("Distinguished name City"),
215			gettext("Distinguished name Organization"),
216			gettext("Distinguished name Email Address"),
217	a37753d7	Vinicius Coque	gettext("Distinguished name Common Name"));
218	64cc39d3	Matthew Grooms	}
219
220			if ($pconfig['method'] == "external") {
221			$reqdfields = explode(" ",
222	5293bfec	jim-p	"descr csr_keylen csr_dn_country csr_dn_state csr_dn_city ".
223	64cc39d3	Matthew Grooms	"csr_dn_organization csr_dn_email csr_dn_commonname");
224	38fb1109	Vinicius Coque	$reqdfieldsn = array(
225			gettext("Descriptive name"),
226			gettext("Key length"),
227			gettext("Distinguished name Country Code"),
228			gettext("Distinguished name State or Province"),
229			gettext("Distinguished name City"),
230			gettext("Distinguished name Organization"),
231			gettext("Distinguished name Email Address"),
232	a37753d7	Vinicius Coque	gettext("Distinguished name Common Name"));
233	64cc39d3	Matthew Grooms	}
234
235	ad9b5c67	jim-p	if ($pconfig['method'] == "existing") {
236			$reqdfields = array("certref");
237			$reqdfieldsn = array(gettext("Existing Certificate Choice"));
238			}
239
240	547c56c4	jim-p	$altnames = array();
241	64cc39d3	Matthew Grooms	do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
242	547c56c4	jim-p	if ($pconfig['method'] != "import") {
243	2f65de89	jim-p	/* subjectAltNames */
244			foreach ($_POST as $key => $value) {
245			$entry = '';
246			if (!substr_compare('altname_type', $key, 0, 12)) {
247			$entry = substr($key, 12);
248			$field = 'type';
249			}
250			elseif (!substr_compare('altname_value', $key, 0, 13)) {
251			$entry = substr($key, 13);
252			$field = 'value';
253			}
254			if (ctype_digit($entry)) {
255			$altnames[$entry][$field] = $value;
256			}
257			}
258			$pconfig['aliases']['item'] = $aliases;
259
260			/* Input validation for subjectAltNames */
261			foreach ($altnames as $idx => $altname) {
262			switch ($altname['type']) {
263			case "DNS":
264			if (!is_hostname($altname['value']))
265			array_push($input_errors, "DNS subjectAltName values must be valid hostnames or FQDNs");
266			break;
267			case "IP":
268			if (!is_ipaddr($altname['value']))
269			array_push($input_errors, "IP subjectAltName values must be valid IP Addresses");
270			break;
271			case "email":
272			if (empty($altname['value']))
273			array_push($input_errors, "You must provide an e-mail address for this type of subjectAltName");
274			if (preg_match("/[\!\#\$\%\^\~\?\>\<\&\/\\\,\"\']/", $altname['value']))
275			array_push($input_errors, "The e-mail provided in a subjectAltName contains invalid characters.");
276			break;
277			case "URI":
278			/* Close enough? */
279			if (!is_URL($altname['value']))
280			$input_errors[] = "URI subjectAltName types must be a valid URI";
281			break;
282			default:
283			$input_errors[] = "Unrecognized subjectAltName type.";
284			}
285			}
286
287	21cc2faa	Evgeny Yurchenko	/* Make sure we do not have invalid characters in the fields for the certificate */
288			for ($i = 0; $i < count($reqdfields); $i++) {
289			if (preg_match('/email/', $reqdfields[$i])){ /* dn_email or csr_dn_name */
290			if (preg_match("/[\!\#\$\%\^\~\?\>\<\&\/\\\,\"\']/", $_POST["$reqdfields[$i]"]))
291			array_push($input_errors, "The field 'Distinguished name Email Address' contains invalid characters.");
292			}else if (preg_match('/commonname/', $reqdfields[$i])){ /* dn_commonname or csr_dn_commonname */
293			if (preg_match("/[\!\@\#\$\%\^\~\?\>\<\&\/\\\,\"\']/", $_POST["$reqdfields[$i]"]))
294			array_push($input_errors, "The field 'Distinguished name Common Name' contains invalid characters.");
295			}else if (preg_match("/[\!\@\#\$\%\^\~\?\>\<\&\/\\\,\.\"\']/", $_POST["$reqdfields[$i]"]))
296			array_push($input_errors, "The field '" . $reqdfieldsn[$i] . "' contains invalid characters.");
297			}
298	741d748d	jim-p	if (isset($_POST["keylen"]) && !in_array($_POST["keylen"], $cert_keylens))
299			array_push($input_errors, gettext("Please select a valid Key Length."));
300			if (isset($_POST["csr_keylen"]) && !in_array($_POST["csr_keylen"], $cert_keylens))
301	ca621902	jim-p	array_push($input_errors, gettext("Please select a valid Key Length."));
302			if (!in_array($_POST["digest_alg"], $openssl_digest_algs))
303			array_push($input_errors, gettext("Please select a valid Digest Algorithm."));
304	547c56c4	jim-p	}
305	64cc39d3	Matthew Grooms
306			/* if this is an AJAX caller then handle via JSON */
307			if (isAjax() && is_array($input_errors)) {
308			input_errors2Ajax($input_errors);
309			exit;
310			}
311
312			/* save modifications */
313			if (!$input_errors) {
314
315	ad9b5c67	jim-p	if ($pconfig['method'] == "existing") {
316			$cert = lookup_cert($pconfig['certref']);
317			if ($cert && $a_user)
318			$a_user[$userid]['cert'][] = $cert['refid'];
319			} else {
320			$cert = array();
321			$cert['refid'] = uniqid();
322			if (isset($id) && $a_cert[$id])
323			$cert = $a_cert[$id];
324
325	f2a86ca9	jim-p	$cert['descr'] = $pconfig['descr'];
326	ad9b5c67	jim-p
327	22b380aa	Evgeny Yurchenko	$old_err_level = error_reporting(0); /* otherwise openssl_ functions throw warings directly to a page screwing menu tab */
328
329	ad9b5c67	jim-p	if ($pconfig['method'] == "import")
330			cert_import($cert, $pconfig['cert'], $pconfig['key']);
331
332			if ($pconfig['method'] == "internal") {
333			$dn = array(
334			'countryName' => $pconfig['dn_country'],
335			'stateOrProvinceName' => $pconfig['dn_state'],
336			'localityName' => $pconfig['dn_city'],
337			'organizationName' => $pconfig['dn_organization'],
338			'emailAddress' => $pconfig['dn_email'],
339			'commonName' => $pconfig['dn_commonname']);
340	2f65de89	jim-p	if (count($altnames)) {
341			$altnames_tmp = "";
342			foreach ($altnames as $altname) {
343			$altnames_tmp[] = "{$altname['type']}:{$altname['value']}";
344			}
345			$dn['subjectAltName'] = implode(",", $altnames_tmp);
346			}
347	22b380aa	Evgeny Yurchenko	if (!cert_create($cert, $pconfig['caref'], $pconfig['keylen'],
348	ca621902	jim-p	$pconfig['lifetime'], $dn, $pconfig['type'], $pconfig['digest_alg'])){
349	22b380aa	Evgeny Yurchenko	while($ssl_err = openssl_error_string()){
350			$input_errors = array();
351			array_push($input_errors, "openssl library returns: " . $ssl_err);
352			}
353			}
354	ad9b5c67	jim-p	}
355
356			if ($pconfig['method'] == "external") {
357			$dn = array(
358			'countryName' => $pconfig['csr_dn_country'],
359			'stateOrProvinceName' => $pconfig['csr_dn_state'],
360			'localityName' => $pconfig['csr_dn_city'],
361			'organizationName' => $pconfig['csr_dn_organization'],
362			'emailAddress' => $pconfig['csr_dn_email'],
363			'commonName' => $pconfig['csr_dn_commonname']);
364	2f65de89	jim-p	if (count($altnames)) {
365			$altnames_tmp = "";
366			foreach ($altnames as $altname) {
367			$altnames_tmp[] = "{$altname['type']}:{$altname['value']}";
368			}
369			$dn['subjectAltName'] = implode(",", $altnames_tmp);
370			}
371	ca621902	jim-p	if(!csr_generate($cert, $pconfig['csr_keylen'], $dn, $pconfig['digest_alg'])){
372	22b380aa	Evgeny Yurchenko	while($ssl_err = openssl_error_string()){
373			$input_errors = array();
374			array_push($input_errors, "openssl library returns: " . $ssl_err);
375			}
376			}
377	ad9b5c67	jim-p	}
378	22b380aa	Evgeny Yurchenko	error_reporting($old_err_level);
379
380	ad9b5c67	jim-p	if (isset($id) && $a_cert[$id])
381			$a_cert[$id] = $cert;
382			else
383			$a_cert[] = $cert;
384			if (isset($a_user) && isset($userid))
385			$a_user[$userid]['cert'][] = $cert['refid'];
386	64cc39d3	Matthew Grooms	}
387
388	22b380aa	Evgeny Yurchenko	if (!$input_errors)
389			write_config();
390	64cc39d3	Matthew Grooms
391	ad9b5c67	jim-p	if ($userid)
392			pfSenseHeader("system_usermanager.php?act=edit&id={$userid}");
393	64cc39d3	Matthew Grooms	}
394			}
395
396	a37753d7	Vinicius Coque	if ($_POST['save'] == gettext("Update")) {
397	64cc39d3	Matthew Grooms	unset($input_errors);
398			$pconfig = $_POST;
399
400			/* input validation */
401	5293bfec	jim-p	$reqdfields = explode(" ", "descr cert");
402	76d49f20	Renato Botelho	$reqdfieldsn = array(
403			gettext("Descriptive name"),
404			gettext("Final Certificate data"));
405	64cc39d3	Matthew Grooms
406			do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
407
408	a828210b	yakatz	// old way
409	64cc39d3	Matthew Grooms	/* make sure this csr and certificate subjects match */
410	a828210b	yakatz	// $subj_csr = csr_get_subject($pconfig['csr'], false);
411			// $subj_cert = cert_get_subject($pconfig['cert'], false);
412			//
413			// if ( !isset($_POST['ignoresubjectmismatch']) && !($_POST['ignoresubjectmismatch'] == "yes") ) {
414			// if (strcmp($subj_csr,$subj_cert)) {
415			// $input_errors[] = sprintf(gettext("The certificate subject '%s' does not match the signing request subject."),$subj_cert);
416			// $subject_mismatch = true;
417			// }
418			// }
419	2594f401	yakatz	$mod_csr = csr_get_modulus($pconfig['csr'], false);
420			$mod_cert = cert_get_modulus($pconfig['cert'], false);
421	a828210b	yakatz
422			if (strcmp($mod_csr,$mod_cert)) {
423			// simply: if the moduli don't match, then the private key and public key won't match
424			$input_errors[] = sprintf(gettext("The certificate modulus does not match the signing request modulus."),$subj_cert);
425			$subject_mismatch = true;
426			}
427	64cc39d3	Matthew Grooms
428			/* if this is an AJAX caller then handle via JSON */
429			if (isAjax() && is_array($input_errors)) {
430			input_errors2Ajax($input_errors);
431			exit;
432			}
433
434			/* save modifications */
435			if (!$input_errors) {
436
437			$cert = $a_cert[$id];
438
439	f2a86ca9	jim-p	$cert['descr'] = $pconfig['descr'];
440	64cc39d3	Matthew Grooms
441			csr_complete($cert, $pconfig['cert']);
442
443			$a_cert[$id] = $cert;
444
445			write_config();
446
447			pfSenseHeader("system_certmanager.php");
448			}
449			}
450			}
451
452			include("head.inc");
453			?>
454
455	b8e1877f	Colin Fleming	<body link="#000000" vlink="#000000" alink="#000000" onload="<?= $jsevents["body"]["onload"] ?>">
456	64cc39d3	Matthew Grooms	<?php include("fbegin.inc"); ?>
457			<script type="text/javascript">
458	b8e1877f	Colin Fleming	//<![CDATA[
459	64cc39d3	Matthew Grooms
460			function method_change() {
461
462			<?php
463			if ($internal_ca_count)
464			$submit_style = "";
465			else
466			$submit_style = "none";
467			?>
468
469			method = document.iform.method.selectedIndex;
470
471			switch (method) {
472			case 0:
473	ad9b5c67	jim-p	document.getElementById("import").style.display="";
474	64cc39d3	Matthew Grooms	document.getElementById("internal").style.display="none";
475			document.getElementById("external").style.display="none";
476	ad9b5c67	jim-p	document.getElementById("existing").style.display="none";
477			document.getElementById("descriptivename").style.display="";
478	96c7a492	Matthew Grooms	document.getElementById("submit").style.display="";
479	64cc39d3	Matthew Grooms	break;
480			case 1:
481	ad9b5c67	jim-p	document.getElementById("import").style.display="none";
482	64cc39d3	Matthew Grooms	document.getElementById("internal").style.display="";
483			document.getElementById("external").style.display="none";
484	ad9b5c67	jim-p	document.getElementById("existing").style.display="none";
485			document.getElementById("descriptivename").style.display="";
486	64cc39d3	Matthew Grooms	document.getElementById("submit").style.display="<?=$submit_style;?>";
487			break;
488			case 2:
489	ad9b5c67	jim-p	document.getElementById("import").style.display="none";
490	64cc39d3	Matthew Grooms	document.getElementById("internal").style.display="none";
491			document.getElementById("external").style.display="";
492	ad9b5c67	jim-p	document.getElementById("existing").style.display="none";
493			document.getElementById("descriptivename").style.display="";
494			document.getElementById("submit").style.display="";
495			break;
496			case 3:
497			document.getElementById("import").style.display="none";
498			document.getElementById("internal").style.display="none";
499			document.getElementById("external").style.display="none";
500			document.getElementById("existing").style.display="";
501			document.getElementById("descriptivename").style.display="none";
502	96c7a492	Matthew Grooms	document.getElementById("submit").style.display="";
503	64cc39d3	Matthew Grooms	break;
504			}
505			}
506
507			<?php if ($internal_ca_count): ?>
508			function internalca_change() {
509
510			index = document.iform.caref.selectedIndex;
511			caref = document.iform.caref[index].value;
512
513			switch (caref) {
514			<?php
515			foreach ($a_ca as $ca):
516			if (!$ca['prv'])
517			continue;
518			$subject = cert_get_subject_array($ca['crt']);
519			?>
520			case "<?=$ca['refid'];?>":
521			document.iform.dn_country.value = "<?=$subject[0]['v'];?>";
522			document.iform.dn_state.value = "<?=$subject[1]['v'];?>";
523			document.iform.dn_city.value = "<?=$subject[2]['v'];?>";
524			document.iform.dn_organization.value = "<?=$subject[3]['v'];?>";
525	ad9b5c67	jim-p	document.iform.dn_email.value = "<?=$subject[4]['v'];?>";
526	64cc39d3	Matthew Grooms	break;
527			<?php endforeach; ?>
528			}
529			}
530			<?php endif; ?>
531
532	b8e1877f	Colin Fleming	//]]>
533	2f65de89	jim-p	</script>
534	b8e1877f	Colin Fleming	<script type="text/javascript" src="/javascript/row_helper_dynamic.js"></script>
535	2f65de89	jim-p	<input type='hidden' name='altname_value_type' value='select' />
536			<input type='hidden' name='altname_type_type' value='textbox' />
537			<script type="text/javascript">
538	b8e1877f	Colin Fleming	//<![CDATA[
539	2f65de89	jim-p	rowname[0] = "altname_type";
540			rowtype[0] = "textbox";
541			rowsize[0] = "10";
542			rowname[1] = "altname_value";
543			rowtype[1] = "textbox";
544			rowsize[1] = "30";
545	b8e1877f	Colin Fleming	//]]>
546	2f65de89	jim-p	</script>
547	64cc39d3	Matthew Grooms	<?php
548			if ($input_errors)
549			print_input_errors($input_errors);
550			if ($savemsg)
551			print_info_box($savemsg);
552	24cbe7a8	Evgeny Yurchenko
553			// Load valid country codes
554			$dn_cc = array();
555			if (file_exists("/etc/ca_countries")){
556			$dn_cc_file=file("/etc/ca_countries");
557			foreach($dn_cc_file as $line)
558			if (preg_match('/^(\S)\s(.)$/', $line, $matches))
559			array_push($dn_cc, $matches[1]);
560			}
561	64cc39d3	Matthew Grooms	?>
562	b8e1877f	Colin Fleming	<table width="100%" border="0" cellpadding="0" cellspacing="0" summary="cert manager">
563	64cc39d3	Matthew Grooms	<tr>
564			<td class="tabnavtbl">
565			<?php
566			$tab_array = array();
567			$tab_array[] = array(gettext("CAs"), false, "system_camanager.php");
568			$tab_array[] = array(gettext("Certificates"), true, "system_certmanager.php");
569	3d57d2d5	jim-p	$tab_array[] = array(gettext("Certificate Revocation"), false, "system_crlmanager.php");
570	64cc39d3	Matthew Grooms	display_top_tabs($tab_array);
571			?>
572			</td>
573			</tr>
574			<tr>
575	96c7a492	Matthew Grooms	<td id="mainarea">
576			<div class="tabcont">
577
578	e64aa6f8	Carlos Eduardo Ramos	<?php if ($act == "new" \|\| (($_POST['save'] == gettext("Save")) && $input_errors)): ?>
579	96c7a492	Matthew Grooms
580			<form action="system_certmanager.php" method="post" name="iform" id="iform">
581	b8e1877f	Colin Fleming	<table width="100%" border="0" cellpadding="6" cellspacing="0" summary="main area">
582	96c7a492	Matthew Grooms	<?php if (!isset($id)): ?>
583			<tr>
584			<td width="22%" valign="top" class="vncellreq"><?=gettext("Method");?></td>
585			<td width="78%" class="vtable">
586			<select name='method' id='method' class="formselect" onchange='method_change()'>
587			<?php
588			foreach($cert_methods as $method => $desc):
589			$selected = "";
590			if ($pconfig['method'] == $method)
591	b8e1877f	Colin Fleming	$selected = " selected=\"selected\"";
592	96c7a492	Matthew Grooms	?>
593			<option value="<?=$method;?>"<?=$selected;?>><?=$desc;?></option>
594			<?php endforeach; ?>
595			</select>
596			</td>
597			</tr>
598			<?php endif; ?>
599	ad9b5c67	jim-p	<tr id="descriptivename">
600			<?php
601	f2a86ca9	jim-p	if ($a_user && empty($pconfig['descr']))
602			$pconfig['descr'] = $a_user[$userid]['name'];
603	ad9b5c67	jim-p	?>
604			<td width="22%" valign="top" class="vncellreq"><?=gettext("Descriptive name");?></td>
605			<td width="78%" class="vtable">
606	f2a86ca9	jim-p	<input name="descr" type="text" class="formfld unknown" id="descr" size="20" value="<?=htmlspecialchars($pconfig['descr']);?>"/>
607	ad9b5c67	jim-p	</td>
608			</tr>
609	96c7a492	Matthew Grooms	</table>
610
611	b8e1877f	Colin Fleming	<table width="100%" border="0" cellpadding="6" cellspacing="0" id="import" summary="import">
612	96c7a492	Matthew Grooms	<tr>
613			<td colspan="2" class="list" height="12"></td>
614			</tr>
615			<tr>
616	ad9b5c67	jim-p	<td colspan="2" valign="top" class="listtopic"><?=gettext("Import Certificate");?></td>
617	96c7a492	Matthew Grooms	</tr>
618
619			<tr>
620	a37753d7	Vinicius Coque	<td width="22%" valign="top" class="vncellreq"><?=gettext("Certificate data");?></td>
621	96c7a492	Matthew Grooms	<td width="78%" class="vtable">
622	dd5bf424	Scott Ullrich	<textarea name="cert" id="cert" cols="65" rows="7" class="formfld_cert"><?=htmlspecialchars($pconfig['cert']);?></textarea>
623	b8e1877f	Colin Fleming	<br/>
624			<?=gettext("Paste a certificate in X.509 PEM format here.");?>
625	96c7a492	Matthew Grooms	</td>
626			</tr>
627			<tr>
628	a37753d7	Vinicius Coque	<td width="22%" valign="top" class="vncellreq"><?=gettext("Private key data");?></td>
629	96c7a492	Matthew Grooms	<td width="78%" class="vtable">
630	dd5bf424	Scott Ullrich	<textarea name="key" id="key" cols="65" rows="7" class="formfld_cert"><?=htmlspecialchars($pconfig['key']);?></textarea>
631	b8e1877f	Colin Fleming	<br/>
632	3065c8cd	bcyrill	<?=gettext("Paste a private key in X.509 PEM format here.");?>
633	96c7a492	Matthew Grooms	</td>
634			</tr>
635			</table>
636
637	b8e1877f	Colin Fleming	<table width="100%" border="0" cellpadding="6" cellspacing="0" id="internal" summary="internal">
638	96c7a492	Matthew Grooms	<tr>
639			<td colspan="2" class="list" height="12"></td>
640			</tr>
641			<tr>
642	a37753d7	Vinicius Coque	<td colspan="2" valign="top" class="listtopic"><?=gettext("Internal Certificate");?></td>
643	96c7a492	Matthew Grooms	</tr>
644
645			<?php if (!$internal_ca_count): ?>
646
647			<tr>
648			<td colspan="2" align="center" class="vtable">
649	a37753d7	Vinicius Coque	<?=gettext("No internal Certificate Authorities have been defined. You must");?>
650	b8e1877f	Colin Fleming	<a href="system_camanager.php?act=new&method=internal"><?=gettext("create");?></a>
651	a37753d7	Vinicius Coque	<?=gettext("an internal CA before creating an internal certificate.");?>
652	96c7a492	Matthew Grooms	</td>
653			</tr>
654
655			<?php else: ?>
656
657			<tr>
658			<td width="22%" valign="top" class="vncellreq"><?=gettext("Certificate authority");?></td>
659			<td width="78%" class="vtable">
660	b8e1877f	Colin Fleming	<select name='caref' id='caref' class="formselect" onchange='internalca_change()'>
661	96c7a492	Matthew Grooms	<?php
662			foreach( $a_ca as $ca):
663			if (!$ca['prv'])
664			continue;
665			$selected = "";
666			if ($pconfig['caref'] == $ca['refid'])
667	b8e1877f	Colin Fleming	$selected = " selected=\"selected\"";
668	96c7a492	Matthew Grooms	?>
669	f2a86ca9	jim-p	<option value="<?=$ca['refid'];?>"<?=$selected;?>><?=$ca['descr'];?></option>
670	96c7a492	Matthew Grooms	<?php endforeach; ?>
671			</select>
672			</td>
673			</tr>
674			<tr>
675			<td width="22%" valign="top" class="vncellreq"><?=gettext("Key length");?></td>
676			<td width="78%" class="vtable">
677			<select name='keylen' class="formselect">
678			<?php
679			foreach( $cert_keylens as $len):
680			$selected = "";
681			if ($pconfig['keylen'] == $len)
682	b8e1877f	Colin Fleming	$selected = " selected=\"selected\"";
683	96c7a492	Matthew Grooms	?>
684			<option value="<?=$len;?>"<?=$selected;?>><?=$len;?></option>
685			<?php endforeach; ?>
686			</select>
687	a37753d7	Vinicius Coque	<?=gettext("bits");?>
688	96c7a492	Matthew Grooms	</td>
689			</tr>
690	ca621902	jim-p	<tr>
691			<td width="22%" valign="top" class="vncellreq"><?=gettext("Digest Algorithm");?></td>
692			<td width="78%" class="vtable">
693			<select name='digest_alg' id='digest_alg' class="formselect">
694			<?php
695			foreach( $openssl_digest_algs as $digest_alg):
696			$selected = "";
697			if ($pconfig['digest_alg'] == $digest_alg)
698	b8e1877f	Colin Fleming	$selected = " selected=\"selected\"";
699	ca621902	jim-p	?>
700			<option value="<?=$digest_alg;?>"<?=$selected;?>><?=strtoupper($digest_alg);?></option>
701			<?php endforeach; ?>
702			</select>
703			<br/><?= gettext("NOTE: It is recommended to use an algorithm stronger than SHA1 when possible.") ?>
704			</td>
705			</tr>
706	7aaabd69	jim-p	<tr>
707			<td width="22%" valign="top" class="vncellreq"><?=gettext("Certificate Type");?></td>
708			<td width="78%" class="vtable">
709			<select name='type' class="formselect">
710			<?php
711			foreach( $cert_types as $ct => $ctdesc ):
712			$selected = "";
713			if ($pconfig['type'] == $ct)
714	b8e1877f	Colin Fleming	$selected = " selected=\"selected\"";
715	7aaabd69	jim-p	?>
716			<option value="<?=$ct;?>"<?=$selected;?>><?=$ctdesc;?></option>
717			<?php endforeach; ?>
718			</select>
719			<br/>
720			<?=gettext("Type of certificate to generate. Used for placing restrictions on the usage of the generated certificate.");?>
721			</td>
722			</tr>
723	96c7a492	Matthew Grooms	<tr>
724			<td width="22%" valign="top" class="vncellreq"><?=gettext("Lifetime");?></td>
725			<td width="78%" class="vtable">
726			<input name="lifetime" type="text" class="formfld unknown" id="lifetime" size="5" value="<?=htmlspecialchars($pconfig['lifetime']);?>"/>
727	a37753d7	Vinicius Coque	<?=gettext("days");?>
728	96c7a492	Matthew Grooms	</td>
729			</tr>
730			<tr>
731			<td width="22%" valign="top" class="vncellreq"><?=gettext("Distinguished name");?></td>
732			<td width="78%" class="vtable">
733	b8e1877f	Colin Fleming	<table border="0" cellspacing="0" cellpadding="2" summary="name">
734	96c7a492	Matthew Grooms	<tr>
735	a37753d7	Vinicius Coque	<td align="right"><?=gettext("Country Code");?> :  </td>
736	96c7a492	Matthew Grooms	<td align="left">
737	0fcaf4f2	jim-p	<input name="dn_country" type="text" class="formfld unknown" maxlength="2" size="2" value="<?=htmlspecialchars($pconfig['dn_country']);?>"/>
738	96c7a492	Matthew Grooms	</td>
739			</tr>
740			<tr>
741	a37753d7	Vinicius Coque	<td align="right"><?=gettext("State or Province");?> :  </td>
742	96c7a492	Matthew Grooms	<td align="left">
743	0fcaf4f2	jim-p	<input name="dn_state" type="text" class="formfld unknown" size="40" value="<?=htmlspecialchars($pconfig['dn_state']);?>"/>
744	96c7a492	Matthew Grooms	</td>
745			</tr>
746			<tr>
747	a37753d7	Vinicius Coque	<td align="right"><?=gettext("City");?> :  </td>
748	96c7a492	Matthew Grooms	<td align="left">
749	0fcaf4f2	jim-p	<input name="dn_city" type="text" class="formfld unknown" size="40" value="<?=htmlspecialchars($pconfig['dn_city']);?>"/>
750	96c7a492	Matthew Grooms	</td>
751			</tr>
752			<tr>
753	a37753d7	Vinicius Coque	<td align="right"><?=gettext("Organization");?> :  </td>
754	96c7a492	Matthew Grooms	<td align="left">
755	0fcaf4f2	jim-p	<input name="dn_organization" type="text" class="formfld unknown" size="40" value="<?=htmlspecialchars($pconfig['dn_organization']);?>"/>
756	96c7a492	Matthew Grooms	</td>
757			</tr>
758			<tr>
759	a37753d7	Vinicius Coque	<td align="right"><?=gettext("Email Address");?> :  </td>
760	96c7a492	Matthew Grooms	<td align="left">
761			<input name="dn_email" type="text" class="formfld unknown" size="25" value="<?=htmlspecialchars($pconfig['dn_email']);?>"/>
762
763			<em>ex:</em>
764
765	a37753d7	Vinicius Coque	<?=gettext("webadmin@mycompany.com");?>
766	96c7a492	Matthew Grooms	</td>
767			</tr>
768			<tr>
769	a37753d7	Vinicius Coque	<td align="right"><?=gettext("Common Name");?> :  </td>
770	96c7a492	Matthew Grooms	<td align="left">
771	ad9b5c67	jim-p	<?php
772			if ($a_user && empty($pconfig['dn_commonname']))
773			$pconfig['dn_commonname'] = $a_user[$userid]['name'];
774			?>
775	96c7a492	Matthew Grooms	<input name="dn_commonname" type="text" class="formfld unknown" size="25" value="<?=htmlspecialchars($pconfig['dn_commonname']);?>"/>
776
777			<em>ex:</em>
778
779	a37753d7	Vinicius Coque	<?=gettext("www.example.com");?>
780	96c7a492	Matthew Grooms	</td>
781			</tr>
782	2f65de89	jim-p	<tr>
783			<td align="right"><?=gettext("Alternative Names");?> :  </td>
784			<td align="left">
785			<table id="altNametable">
786			<thead>
787			<tr>
788			<th><div id="onecolumn"><?=gettext("Type");?></div></th>
789			<th><div id="twocolumn"><?=gettext("Value");?></div></th>
790			</tr>
791			</thead>
792			<tbody>
793			<?php
794			$counter = 0;
795			if($pconfig['altnames']['item']):
796			foreach($pconfig['altnames']['item'] as $item):
797			$type = $item['type'];
798			$value = $item['value'];
799			?>
800			<tr>
801			<td>
802			<input autocomplete="off" name="altname_type<?php echo $counter; ?>" type="text" class="formfld unknown" id="altname_type<?php echo $counter; ?>" size="20" value="<?=htmlspecialchars($value);?>" />
803			</td>
804			<td>
805			<input autocomplete="off" name="altname_value<?php echo $counter; ?>" type="text" class="formfld unknown" id="altname_value<?php echo $counter; ?>" size="20" value="<?=htmlspecialchars($value);?>" />
806			</td>
807			<td>
808			<a onclick="removeRow(this); return false;" href="#"><img border="0" src="/themes/<?echo $g['theme'];?>/images/icons/icon_x.gif" alt="" title="<?=gettext("remove this entry"); ?>" /></a>
809			</td>
810			</tr>
811			<?php
812			$counter++;
813			endforeach;
814			endif;
815			?>
816	b8e1877f	Colin Fleming	<tr><td> </td></tr>
817	2f65de89	jim-p	</tbody>
818			</table>
819			<a onclick="javascript:addRowTo('altNametable', 'formfldalias'); return false;" href="#">
820			<img border="0" src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" alt="" title="<?=gettext("add another entry");?>" />
821			</a>
822			<script type="text/javascript">
823	b8e1877f	Colin Fleming	//<![CDATA[
824	2f65de89	jim-p	field_counter_js = 3;
825			rows = 1;
826			totalrows = <?php echo $counter; ?>;
827			loaded = <?php echo $counter; ?>;
828	b8e1877f	Colin Fleming	//]]>
829	2f65de89	jim-p	</script>
830			<br/>NOTE: Type must be one of DNS (FQDN or Hostname), IP (IP address), URI, or email.
831			</td>
832			</tr>
833	96c7a492	Matthew Grooms	</table>
834			</td>
835			</tr>
836	64cc39d3	Matthew Grooms
837			<?php endif; ?>
838
839	96c7a492	Matthew Grooms	</table>
840
841	b8e1877f	Colin Fleming	<table width="100%" border="0" cellpadding="6" cellspacing="0" id="external" summary="external">
842	96c7a492	Matthew Grooms	<tr>
843			<td colspan="2" class="list" height="12"></td>
844			</tr>
845			<tr>
846	a37753d7	Vinicius Coque	<td colspan="2" valign="top" class="listtopic"><?=gettext("External Signing Request");?></td>
847	96c7a492	Matthew Grooms	</tr>
848			<tr>
849			<td width="22%" valign="top" class="vncellreq"><?=gettext("Key length");?></td>
850			<td width="78%" class="vtable">
851			<select name='csr_keylen' class="formselect">
852			<?php
853	741d748d	jim-p	if (!isset($pconfig['csr_keylen']) && isset($pconfig['csr_keylen']))
854			$pconfig['csr_keylen'] = $pconfig['csr_keylen'];
855	96c7a492	Matthew Grooms	foreach( $cert_keylens as $len):
856			$selected = "";
857	741d748d	jim-p	if ($pconfig['csr_keylen'] == $len)
858	b8e1877f	Colin Fleming	$selected = " selected=\"selected\"";
859	96c7a492	Matthew Grooms	?>
860			<option value="<?=$len;?>"<?=$selected;?>><?=$len;?></option>
861			<?php endforeach; ?>
862			</select>
863			bits
864			</td>
865			</tr>
866	24c0145c	jim-p	<tr>
867			<td width="22%" valign="top" class="vncellreq"><?=gettext("Digest Algorithm");?></td>
868			<td width="78%" class="vtable">
869			<select name='digest_alg' id='digest_alg' class="formselect">
870			<?php
871			foreach( $openssl_digest_algs as $digest_alg):
872			$selected = "";
873			if ($pconfig['digest_alg'] == $digest_alg)
874	b8e1877f	Colin Fleming	$selected = " selected=\"selected\"";
875	24c0145c	jim-p	?>
876			<option value="<?=$digest_alg;?>"<?=$selected;?>><?=strtoupper($digest_alg);?></option>
877			<?php endforeach; ?>
878			</select>
879			<br/><?= gettext("NOTE: It is recommended to use an algorithm stronger than SHA1 when possible.") ?>
880			</td>
881			</tr>
882	96c7a492	Matthew Grooms	<tr>
883			<td width="22%" valign="top" class="vncellreq"><?=gettext("Distinguished name");?></td>
884			<td width="78%" class="vtable">
885	b8e1877f	Colin Fleming	<table border="0" cellspacing="0" cellpadding="2" summary="name">
886	96c7a492	Matthew Grooms	<tr>
887	a37753d7	Vinicius Coque	<td align="right"><?=gettext("Country Code");?> :  </td>
888	96c7a492	Matthew Grooms	<td align="left">
889	24cbe7a8	Evgeny Yurchenko	<select name='csr_dn_country' class="formselect">
890			<?php
891			foreach( $dn_cc as $cc){
892			$selected = "";
893	3065c8cd	bcyrill	if ($pconfig['csr_dn_country'] == $cc)
894	b8e1877f	Colin Fleming	$selected = " selected=\"selected\"";
895	3065c8cd	bcyrill	print "<option value=\"$cc\"$selected>$cc</option>";
896	24cbe7a8	Evgeny Yurchenko	}
897			?>
898			</select>
899	96c7a492	Matthew Grooms	</td>
900			</tr>
901			<tr>
902	a37753d7	Vinicius Coque	<td align="right"><?=gettext("State or Province");?> :  </td>
903	96c7a492	Matthew Grooms	<td align="left">
904			<input name="csr_dn_state" type="text" class="formfld unknown" size="40" value="<?=htmlspecialchars($pconfig['csr_dn_state']);?>" />
905
906			<em>ex:</em>
907
908	a37753d7	Vinicius Coque	<?=gettext("Texas");?>
909	96c7a492	Matthew Grooms	</td>
910			</tr>
911			<tr>
912	a37753d7	Vinicius Coque	<td align="right"><?=gettext("City");?> :  </td>
913	96c7a492	Matthew Grooms	<td align="left">
914			<input name="csr_dn_city" type="text" class="formfld unknown" size="40" value="<?=htmlspecialchars($pconfig['csr_dn_city']);?>" />
915
916			<em>ex:</em>
917
918	a37753d7	Vinicius Coque	<?=gettext("Austin");?>
919	96c7a492	Matthew Grooms	</td>
920			</tr>
921			<tr>
922	a37753d7	Vinicius Coque	<td align="right"><?=gettext("Organization");?> :  </td>
923	96c7a492	Matthew Grooms	<td align="left">
924			<input name="csr_dn_organization" type="text" class="formfld unknown" size="40" value="<?=htmlspecialchars($pconfig['csr_dn_organization']);?>" />
925
926			<em>ex:</em>
927
928	a37753d7	Vinicius Coque	<?=gettext("My Company Inc.");?>
929	96c7a492	Matthew Grooms	</td>
930			</tr>
931			<tr>
932	a37753d7	Vinicius Coque	<td align="right"><?=gettext("Email Address");?> :  </td>
933	96c7a492	Matthew Grooms	<td align="left">
934			<input name="csr_dn_email" type="text" class="formfld unknown" size="25" value="<?=htmlspecialchars($pconfig['csr_dn_email']);?>"/>
935
936			<em>ex:</em>
937
938	a37753d7	Vinicius Coque	<?=gettext("webadmin@mycompany.com");?>
939	96c7a492	Matthew Grooms	</td>
940			</tr>
941			<tr>
942	a37753d7	Vinicius Coque	<td align="right"><?=gettext("Common Name");?> :  </td>
943	96c7a492	Matthew Grooms	<td align="left">
944			<input name="csr_dn_commonname" type="text" class="formfld unknown" size="25" value="<?=htmlspecialchars($pconfig['csr_dn_commonname']);?>"/>
945
946			<em>ex:</em>
947
948	a37753d7	Vinicius Coque	<?=gettext("www.example.com");?>
949	96c7a492	Matthew Grooms	</td>
950			</tr>
951			</table>
952			</td>
953			</tr>
954			</table>
955
956	b8e1877f	Colin Fleming	<table width="100%" border="0" cellpadding="6" cellspacing="0" id="existing" summary="existing">
957	ad9b5c67	jim-p	<tr>
958			<td colspan="2" class="list" height="12"></td>
959			</tr>
960			<tr>
961			<td colspan="2" valign="top" class="listtopic"><?=gettext("Choose an Existing Certificate");?></td>
962			</tr>
963			<tr>
964			<td width="22%" valign="top" class="vncellreq"><?=gettext("Existing Certificates");?></td>
965			<td width="78%" class="vtable">
966			<?php if (isset($userid) && $a_user): ?>
967			<input name="userid" type="hidden" value="<?=$userid;?>" />
968			<?php endif;?>
969			<select name='certref' class="formselect">
970			<?php
971			foreach ($config['cert'] as $cert):
972			$selected = "";
973			$caname = "";
974			$inuse = "";
975	6a0b3ea4	jim-p	$revoked = "";
976	f0664ac7	bcyrill	if (isset($userid) && in_array($cert['refid'], $config['system']['user'][$userid]['cert']))
977	ad9b5c67	jim-p	continue;
978			$ca = lookup_ca($cert['caref']);
979			if ($ca)
980	f2a86ca9	jim-p	$caname = " (CA: {$ca['descr']})";
981	ad9b5c67	jim-p	if ($pconfig['certref'] == $cert['refid'])
982	b8e1877f	Colin Fleming	$selected = " selected=\"selected\"";
983	ad9b5c67	jim-p	if (cert_in_use($cert['refid']))
984			$inuse = " *In Use";
985	6a0b3ea4	jim-p	if (is_cert_revoked($cert))
986			$revoked = " *Revoked";
987	ad9b5c67	jim-p	?>
988	3065c8cd	bcyrill	<option value="<?=$cert['refid'];?>"<?=$selected;?>><?=$cert['descr'] . $caname . $inuse . $revoked;?></option>
989	ad9b5c67	jim-p	<?php endforeach; ?>
990			</select>
991			</td>
992			</tr>
993			</table>
994
995	b8e1877f	Colin Fleming	<table width="100%" border="0" cellpadding="6" cellspacing="0" summary="save">
996	96c7a492	Matthew Grooms	<tr>
997			<td width="22%" valign="top"> </td>
998			<td width="78%">
999	e64aa6f8	Carlos Eduardo Ramos	<input id="submit" name="save" type="submit" class="formbtn" value="<?=gettext("Save");?>" />
1000	96c7a492	Matthew Grooms	<?php if (isset($id) && $a_cert[$id]): ?>
1001			<input name="id" type="hidden" value="<?=$id;?>" />
1002			<?php endif;?>
1003			</td>
1004			</tr>
1005			</table>
1006			</form>
1007
1008	e64aa6f8	Carlos Eduardo Ramos	<?php elseif ($act == "csr" \|\| (($_POST['save'] == gettext("Update")) && $input_errors)):?>
1009	96c7a492	Matthew Grooms
1010			<form action="system_certmanager.php" method="post" name="iform" id="iform">
1011	b8e1877f	Colin Fleming	<table width="100%" border="0" cellpadding="6" cellspacing="0" summary="name">
1012	96c7a492	Matthew Grooms	<tr>
1013			<td width="22%" valign="top" class="vncellreq"><?=gettext("Descriptive name");?></td>
1014			<td width="78%" class="vtable">
1015	f2a86ca9	jim-p	<input name="descr" type="text" class="formfld unknown" id="descr" size="20" value="<?=htmlspecialchars($pconfig['descr']);?>"/>
1016	96c7a492	Matthew Grooms	</td>
1017			</tr>
1018			<tr>
1019			<td colspan="2" class="list" height="12"></td>
1020			</tr>
1021			<tr>
1022	a37753d7	Vinicius Coque	<td colspan="2" valign="top" class="listtopic"><?=gettext("Complete Signing Request");?></td>
1023	96c7a492	Matthew Grooms	</tr>
1024
1025			<tr>
1026	5077b1e4	Chris Buechler	<td width="22%" valign="top" class="vncellreq"><?=gettext("Signing request data");?></td>
1027	96c7a492	Matthew Grooms	<td width="78%" class="vtable">
1028	b8e1877f	Colin Fleming	<textarea name="csr" id="csr" cols="65" rows="7" class="formfld_cert" readonly="readonly"><?=htmlspecialchars($pconfig['csr']);?></textarea>
1029			<br/>
1030	a37753d7	Vinicius Coque	<?=gettext("Copy the certificate signing data from here and forward it to your certificate authority for signing.");?></td>
1031	96c7a492	Matthew Grooms	</td>
1032			</tr>
1033			<tr>
1034	5077b1e4	Chris Buechler	<td width="22%" valign="top" class="vncellreq"><?=gettext("Final certificate data");?></td>
1035	96c7a492	Matthew Grooms	<td width="78%" class="vtable">
1036	dd5bf424	Scott Ullrich	<textarea name="cert" id="cert" cols="65" rows="7" class="formfld_cert"><?=htmlspecialchars($pconfig['cert']);?></textarea>
1037	b8e1877f	Colin Fleming	<br/>
1038	1dfb7795	Chris Buechler	<?=gettext("Paste the certificate received from your certificate authority here.");?></td>
1039	96c7a492	Matthew Grooms	</td>
1040			</tr>
1041			<tr>
1042			<td width="22%" valign="top"> </td>
1043			<td width="78%">
1044	a828210b	yakatz	<?php /* if ( isset($subject_mismatch) && $subject_mismatch === true): ?>
1045	e2e934e0	yakatz	<input id="ignoresubjectmismatch" name="ignoresubjectmismatch" type="checkbox" class="formbtn" value="yes" />
1046			<label for="ignoresubjectmismatch"><strong><?=gettext("Ignore certificate subject mismatch"); ?></strong></label><br />
1047			<?php echo gettext("Warning: Using this option may create an " .
1048			"invalid certificate. Check this box to disable the request -> " .
1049			"response subject verification. ");
1050			?><br/>
1051	a828210b	yakatz	<?php endif; */ ?>
1052	e64aa6f8	Carlos Eduardo Ramos	<input id="submit" name="save" type="submit" class="formbtn" value="<?=gettext("Update");?>" />
1053	96c7a492	Matthew Grooms	<?php if (isset($id) && $a_cert[$id]): ?>
1054			<input name="id" type="hidden" value="<?=$id;?>" />
1055			<input name="act" type="hidden" value="csr" />
1056			<?php endif;?>
1057			</td>
1058			</tr>
1059			</table>
1060			</form>
1061
1062			<?php else:?>
1063
1064	b8e1877f	Colin Fleming	<table width="100%" border="0" cellpadding="0" cellspacing="0" summary="details">
1065	64cc39d3	Matthew Grooms	<tr>
1066	d590fa20	jim-p	<td width="15%" class="listhdrr"><?=gettext("Name");?></td>
1067			<td width="15%" class="listhdrr"><?=gettext("Issuer");?></td>
1068	a37753d7	Vinicius Coque	<td width="40%" class="listhdrr"><?=gettext("Distinguished Name");?></td>
1069	d590fa20	jim-p	<td width="10%" class="listhdrr"><?=gettext("In Use");?></td>
1070	96c7a492	Matthew Grooms	<td width="10%" class="list"></td>
1071	64cc39d3	Matthew Grooms	</tr>
1072	96c7a492	Matthew Grooms	<?php
1073			$i = 0;
1074			foreach($a_cert as $cert):
1075	f2a86ca9	jim-p	$name = htmlspecialchars($cert['descr']);
1076	a828210b	yakatz
1077	96c7a492	Matthew Grooms	if ($cert['crt']) {
1078	2cf6ddcb	Nigel Graham	$subj = cert_get_subject($cert['crt']);
1079			$issuer = cert_get_issuer($cert['crt']);
1080	1379d66f	jim-p	$purpose = cert_get_purpose($cert['crt']);
1081	2b333210	jim-p	list($startdate, $enddate) = cert_get_dates($cert['crt']);
1082	2cf6ddcb	Nigel Graham	if($subj==$issuer)
1083	a37753d7	Vinicius Coque	$caname = "<em>" . gettext("self-signed") . "</em>";
1084	2cf6ddcb	Nigel Graham	else
1085	a37753d7	Vinicius Coque	$caname = "<em>" . gettext("external"). "</em>";
1086	2cf6ddcb	Nigel Graham	$subj = htmlspecialchars($subj);
1087	96c7a492	Matthew Grooms	}
1088
1089			if ($cert['csr']) {
1090			$subj = htmlspecialchars(csr_get_subject($cert['csr']));
1091	a37753d7	Vinicius Coque	$caname = "<em>" . gettext("external - signature pending") . "</em>";
1092	96c7a492	Matthew Grooms	}
1093
1094			$ca = lookup_ca($cert['caref']);
1095			if ($ca)
1096	f2a86ca9	jim-p	$caname = $ca['descr'];
1097	96c7a492	Matthew Grooms
1098			if($cert['prv'])
1099			$certimg = "/themes/{$g['theme']}/images/icons/icon_frmfld_cert.png";
1100			else
1101			$certimg = "/themes/{$g['theme']}/images/icons/icon_frmfld_cert.png";
1102			?>
1103	64cc39d3	Matthew Grooms	<tr>
1104	96c7a492	Matthew Grooms	<td class="listlr">
1105	b8e1877f	Colin Fleming	<table border="0" cellpadding="0" cellspacing="0" summary="icon">
1106	64cc39d3	Matthew Grooms	<tr>
1107	b8e1877f	Colin Fleming	<td align="left" valign="middle">
1108	96c7a492	Matthew Grooms	<img src="<?=$certimg;?>" alt="CA" title="CA" border="0" height="16" width="16" />
1109	64cc39d3	Matthew Grooms	</td>
1110	96c7a492	Matthew Grooms	<td align="left" valign="middle">
1111			<?=$name;?>
1112	64cc39d3	Matthew Grooms	</td>
1113			</tr>
1114	1379d66f	jim-p	<tr><td> </td></tr>
1115	7aaabd69	jim-p	<?php if ($cert['type']): ?>
1116			<tr><td colspan="2"><em><?php echo $cert_types[$cert['type']]; ?></em></td></tr>
1117			<?php endif; ?>
1118	1379d66f	jim-p	<?php if (is_array($purpose)): ?>
1119			<tr><td colspan="2">
1120			CA: <?php echo $purpose['ca']; ?>,
1121			Server: <?php echo $purpose['server']; ?>
1122			</td></tr>
1123			<?php endif; ?>
1124	64cc39d3	Matthew Grooms	</table>
1125			</td>
1126	96c7a492	Matthew Grooms	<td class="listr"><?=$caname;?> </td>
1127	2b333210	jim-p	<td class="listr"><?=$subj;?> <br />
1128	b8e1877f	Colin Fleming	<table width="100%" style="font-size: 9px" summary="valid">
1129	2b333210	jim-p	<tr>
1130			<td width="10%"> </td>
1131			<td width="20%"><?=gettext("Valid From")?>:</td>
1132			<td width="70%"><?= $startdate ?></td>
1133			</tr>
1134			<tr>
1135			<td> </td>
1136			<td><?=gettext("Valid Until")?>:</td>
1137			<td><?= $enddate ?></td>
1138			</tr>
1139			</table>
1140			</td>
1141	d590fa20	jim-p	<td class="listr">
1142	150bbe09	jim-p	<?php if (is_cert_revoked($cert)): ?>
1143			<b>Revoked</b><br/>
1144			<?php endif; ?>
1145	d590fa20	jim-p	<?php if (is_webgui_cert($cert['refid'])): ?>
1146			webConfigurator<br/>
1147			<?php endif; ?>
1148			<?php if (is_user_cert($cert['refid'])): ?>
1149			User Cert<br/>
1150			<?php endif; ?>
1151			<?php if (is_openvpn_server_cert($cert['refid'])): ?>
1152			OpenVPN Server<br/>
1153			<?php endif; ?>
1154			<?php if (is_openvpn_client_cert($cert['refid'])): ?>
1155			OpenVPN Client<br/>
1156			<?php endif; ?>
1157			<?php if (is_ipsec_cert($cert['refid'])): ?>
1158			IPsec Tunnel<br/>
1159			<?php endif; ?>
1160	36f6ed35	bcyrill	<?php if (is_captiveportal_cert($cert['refid'])): ?>
1161			Captive Portal<br/>
1162			<?php endif; ?>
1163	d590fa20	jim-p	</td>
1164	b8e1877f	Colin Fleming	<td valign="middle" class="list nowrap">
1165	c1d1844a	bcyrill	<a href="system_certmanager.php?act=exp&id=<?=$i;?>">
1166	a37753d7	Vinicius Coque	<img src="/themes/<?= $g['theme'];?>/images/icons/icon_down.gif" title="<?=gettext("export cert");?>" alt="<?=gettext("export ca");?>" width="17" height="17" border="0" />
1167	96c7a492	Matthew Grooms	</a>
1168	c1d1844a	bcyrill	<a href="system_certmanager.php?act=key&id=<?=$i;?>">
1169	a37753d7	Vinicius Coque	<img src="/themes/<?= $g['theme'];?>/images/icons/icon_down.gif" title="<?=gettext("export key");?>" alt="<?=gettext("export ca");?>" width="17" height="17" border="0" />
1170	73fbece8	mgrooms	</a>
1171	c1d1844a	bcyrill	<a href="system_certmanager.php?act=p12&id=<?=$i;?>">
1172	eaf23c17	jim-p	<img src="/themes/<?= $g['theme'];?>/images/icons/icon_down.gif" title="<?=gettext("export cert+key in .p12");?>" alt="<?=gettext("export cert+key in .p12");?>" width="17" height="17" border="0" />
1173			</a>
1174	0879599c	jim-p	<?php if (!cert_in_use($cert['refid'])): ?>
1175	b8e1877f	Colin Fleming	<a href="system_certmanager.php?act=del&id=<?=$i;?>" onclick="return confirm('<?=gettext("Do you really want to delete this Certificate?");?>')">
1176	a37753d7	Vinicius Coque	<img src="/themes/<?= $g['theme'];?>/images/icons/icon_x.gif" title="<?=gettext("delete cert");?>" alt="<?=gettext("delete cert");?>" width="17" height="17" border="0" />
1177	96c7a492	Matthew Grooms	</a>
1178	0879599c	jim-p	<?php endif; ?>
1179	96c7a492	Matthew Grooms	<?php if ($cert['csr']): ?>
1180
1181	c1d1844a	bcyrill	<a href="system_certmanager.php?act=csr&id=<?=$i;?>">
1182	a37753d7	Vinicius Coque	<img src="/themes/<?= $g['theme'];?>/images/icons/icon_e.gif" title="<?=gettext("update csr");?>" alt="<?=gettext("update csr");?>" width="17" height="17" border="0" />
1183	96c7a492	Matthew Grooms	</a>
1184			<?php endif; ?>
1185	64cc39d3	Matthew Grooms	</td>
1186			</tr>
1187	96c7a492	Matthew Grooms	<?php
1188			$i++;
1189			endforeach;
1190			?>
1191	64cc39d3	Matthew Grooms	<tr>
1192	0879599c	jim-p	<td class="list" colspan="4"></td>
1193	96c7a492	Matthew Grooms	<td class="list">
1194			<a href="system_certmanager.php?act=new">
1195	a37753d7	Vinicius Coque	<img src="/themes/<?= $g['theme'];?>/images/icons/icon_plus.gif" title="<?=gettext("add or import ca");?>" alt="<?=gettext("add ca");?>" width="17" height="17" border="0" />
1196	96c7a492	Matthew Grooms	</a>
1197	64cc39d3	Matthew Grooms	</td>
1198			</tr>
1199	0879599c	jim-p	<tr>
1200			<td> </td>
1201	9338cf35	Warren Baker	<td colspan="3"><?=gettext("Note: You can only delete a certificate if it is not currently in use.");?></td>
1202	0879599c	jim-p	</tr>
1203	64cc39d3	Matthew Grooms	</table>
1204
1205	96c7a492	Matthew Grooms	<?php endif; ?>
1206	64cc39d3	Matthew Grooms
1207	96c7a492	Matthew Grooms	</div>
1208	64cc39d3	Matthew Grooms	</td>
1209			</tr>
1210			</table>
1211			<?php include("fend.inc");?>
1212			<script type="text/javascript">
1213	b8e1877f	Colin Fleming	//<![CDATA[
1214	64cc39d3	Matthew Grooms
1215			method_change();
1216			internalca_change();
1217
1218	b8e1877f	Colin Fleming	//]]>
1219	64cc39d3	Matthew Grooms	</script>
1220
1221			</body>
1222	b8e1877f	Colin Fleming	</html>

Project

General

Profile

pfSense