/usr/local/www/system_certmanager.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/usr/local/www/system_certmanager.php @ e078c882

1	64cc39d3	Matthew Grooms	<?php
2			/*
3			system_certmanager.php
4
5			Copyright (C) 2008 Shrew Soft Inc.
6			All rights reserved.
7
8			Redistribution and use in source and binary forms, with or without
9			modification, are permitted provided that the following conditions are met:
10
11			1. Redistributions of source code must retain the above copyright notice,
12			this list of conditions and the following disclaimer.
13
14			2. Redistributions in binary form must reproduce the above copyright
15			notice, this list of conditions and the following disclaimer in the
16			documentation and/or other materials provided with the distribution.
17
18			THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
19			INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
20			AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
21			AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
22			OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
23			SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
24			INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
25			CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
26			ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
27			POSSIBILITY OF SUCH DAMAGE.
28			*/
29	1d333258	Scott Ullrich	/*
30			pfSense_MODULE: certificate_managaer
31			*/
32	64cc39d3	Matthew Grooms
33			##\|+PRIV
34			##\|*IDENT=page-system-certmanager
35			##\|*NAME=System: Certificate Manager
36			##\|*DESCR=Allow access to the 'System: Certificate Manager' page.
37			##\|MATCH=system_certmanager.php
38			##\|-PRIV
39
40			require("guiconfig.inc");
41	14f5ae08	Ermal Lu?i	require_once("certs.inc");
42	64cc39d3	Matthew Grooms
43			$cert_methods = array(
44	ad9b5c67	jim-p	"import" => gettext("Import an existing Certificate"),
45	a37753d7	Vinicius Coque	"internal" => gettext("Create an internal Certificate"),
46	ad9b5c67	jim-p	"external" => gettext("Create a Certificate Signing Request"),
47			);
48	64cc39d3	Matthew Grooms
49			$cert_keylens = array( "512", "1024", "2048", "4096");
50	7aaabd69	jim-p	$cert_types = array( "ca" => "Certificate Authority",
51			"server" => "Server Certificate",
52			"user" => "User Certificate");
53	64cc39d3	Matthew Grooms
54	2f65de89	jim-p	$altname_types = array("DNS", "IP", "email", "URI");
55
56	51e4f7a3	Vinicius Coque	$pgtitle = array(gettext("System"), gettext("Certificate Manager"));
57	64cc39d3	Matthew Grooms
58	ad9b5c67	jim-p	$userid = $_GET['userid'];
59			if (isset($_POST['userid']))
60			$userid = $_POST['userid'];
61	baa29749	jim-p	if (is_numeric($userid)) {
62	ad9b5c67	jim-p	$cert_methods["existing"] = gettext("Choose an existing certificate");
63			if (!is_array($config['system']['user']))
64			$config['system']['user'] = array();
65			$a_user =& $config['system']['user'];
66			}
67
68	64cc39d3	Matthew Grooms	$id = $_GET['id'];
69			if (isset($_POST['id']))
70			$id = $_POST['id'];
71
72	b4e6524c	jim-p	if (!is_array($config['ca']))
73			$config['ca'] = array();
74	64cc39d3	Matthew Grooms
75	b4e6524c	jim-p	$a_ca =& $config['ca'];
76	64cc39d3	Matthew Grooms
77	b4e6524c	jim-p	if (!is_array($config['cert']))
78			$config['cert'] = array();
79	64cc39d3	Matthew Grooms
80	b4e6524c	jim-p	$a_cert =& $config['cert'];
81	64cc39d3	Matthew Grooms
82			$internal_ca_count = 0;
83			foreach ($a_ca as $ca)
84			if ($ca['prv'])
85			$internal_ca_count++;
86
87			$act = $_GET['act'];
88			if ($_POST['act'])
89			$act = $_POST['act'];
90
91			if ($act == "del") {
92
93			if (!$a_cert[$id]) {
94			pfSenseHeader("system_certmanager.php");
95			exit;
96			}
97
98	f2a86ca9	jim-p	$name = $a_cert[$id]['descr'];
99	64cc39d3	Matthew Grooms	unset($a_cert[$id]);
100			write_config();
101	ea53e38f	Renato Botelho	$savemsg = sprintf(gettext("Certificate %s successfully deleted"), $name) . "<br/>";
102	2f51259b	jim-p	pfSenseHeader("system_certmanager.php");
103			exit;
104	64cc39d3	Matthew Grooms	}
105
106			if ($act == "new") {
107			$pconfig['method'] = $_GET['method'];
108			$pconfig['keylen'] = "2048";
109	7aaabd69	jim-p	$pconfig['type'] = "user";
110	cf360495	Chris Buechler	$pconfig['lifetime'] = "3650";
111	64cc39d3	Matthew Grooms	}
112
113	93823b10	Matthew Grooms	if ($act == "exp") {
114
115			if (!$a_cert[$id]) {
116			pfSenseHeader("system_certmanager.php");
117			exit;
118			}
119
120	f2a86ca9	jim-p	$exp_name = urlencode("{$a_cert[$id]['descr']}.crt");
121	93823b10	Matthew Grooms	$exp_data = base64_decode($a_cert[$id]['crt']);
122			$exp_size = strlen($exp_data);
123
124			header("Content-Type: application/octet-stream");
125			header("Content-Disposition: attachment; filename={$exp_name}");
126			header("Content-Length: $exp_size");
127			echo $exp_data;
128			exit;
129			}
130
131	73fbece8	mgrooms	if ($act == "key") {
132
133			if (!$a_cert[$id]) {
134			pfSenseHeader("system_certmanager.php");
135			exit;
136			}
137
138	f2a86ca9	jim-p	$exp_name = urlencode("{$a_cert[$id]['descr']}.key");
139	73fbece8	mgrooms	$exp_data = base64_decode($a_cert[$id]['prv']);
140			$exp_size = strlen($exp_data);
141
142			header("Content-Type: application/octet-stream");
143			header("Content-Disposition: attachment; filename={$exp_name}");
144			header("Content-Length: $exp_size");
145			echo $exp_data;
146			exit;
147			}
148
149	eaf23c17	jim-p	if ($act == "p12") {
150			if (!$a_cert[$id]) {
151			pfSenseHeader("system_certmanager.php");
152			exit;
153			}
154
155			$exp_name = urlencode("{$a_cert[$id]['descr']}.p12");
156
157			$res_crt = openssl_x509_read(base64_decode($a_cert[$id]['crt']));
158			$res_key = openssl_pkey_get_private(array(0 => base64_decode($a_cert[$id]['prv']) , 1 => ""));
159
160			$exp_data = "";
161			openssl_pkcs12_export($res_crt, $exp_data, $res_key, null);
162			$exp_size = strlen($exp_data);
163
164			header("Content-Type: application/octet-stream");
165			header("Content-Disposition: attachment; filename={$exp_name}");
166			header("Content-Length: $exp_size");
167			echo $exp_data;
168			exit;
169			}
170
171	64cc39d3	Matthew Grooms	if ($act == "csr") {
172
173			if (!$a_cert[$id]) {
174			pfSenseHeader("system_certmanager.php");
175			exit;
176			}
177
178	f2a86ca9	jim-p	$pconfig['descr'] = $a_cert[$id]['descr'];
179	64cc39d3	Matthew Grooms	$pconfig['csr'] = base64_decode($a_cert[$id]['csr']);
180			}
181
182			if ($_POST) {
183	e64aa6f8	Carlos Eduardo Ramos	if ($_POST['save'] == gettext("Save")) {
184	21cc2faa	Evgeny Yurchenko	$input_errors = array();
185	64cc39d3	Matthew Grooms	$pconfig = $_POST;
186
187			/* input validation */
188	ad9b5c67	jim-p	if ($pconfig['method'] == "import") {
189	64cc39d3	Matthew Grooms	$reqdfields = explode(" ",
190	5293bfec	jim-p	"descr cert key");
191	38fb1109	Vinicius Coque	$reqdfieldsn = array(
192			gettext("Descriptive name"),
193			gettext("Certificate data"),
194			gettext("Key data"));
195	396cfe2e	jim-p	if ($_POST['cert'] && (!strstr($_POST['cert'], "BEGIN CERTIFICATE") \|\| !strstr($_POST['cert'], "END CERTIFICATE")))
196			$input_errors[] = gettext("This certificate does not appear to be valid.");
197	64cc39d3	Matthew Grooms	}
198
199			if ($pconfig['method'] == "internal") {
200			$reqdfields = explode(" ",
201	7aaabd69	jim-p	"descr caref keylen type lifetime dn_country dn_state dn_city ".
202	64cc39d3	Matthew Grooms	"dn_organization dn_email dn_commonname");
203	38fb1109	Vinicius Coque	$reqdfieldsn = array(
204			gettext("Descriptive name"),
205			gettext("Certificate authority"),
206			gettext("Key length"),
207	7aaabd69	jim-p	gettext("Certificate Type"),
208	38fb1109	Vinicius Coque	gettext("Lifetime"),
209			gettext("Distinguished name Country Code"),
210			gettext("Distinguished name State or Province"),
211			gettext("Distinguished name City"),
212			gettext("Distinguished name Organization"),
213			gettext("Distinguished name Email Address"),
214	a37753d7	Vinicius Coque	gettext("Distinguished name Common Name"));
215	64cc39d3	Matthew Grooms	}
216
217			if ($pconfig['method'] == "external") {
218			$reqdfields = explode(" ",
219	5293bfec	jim-p	"descr csr_keylen csr_dn_country csr_dn_state csr_dn_city ".
220	64cc39d3	Matthew Grooms	"csr_dn_organization csr_dn_email csr_dn_commonname");
221	38fb1109	Vinicius Coque	$reqdfieldsn = array(
222			gettext("Descriptive name"),
223			gettext("Key length"),
224			gettext("Distinguished name Country Code"),
225			gettext("Distinguished name State or Province"),
226			gettext("Distinguished name City"),
227			gettext("Distinguished name Organization"),
228			gettext("Distinguished name Email Address"),
229	a37753d7	Vinicius Coque	gettext("Distinguished name Common Name"));
230	64cc39d3	Matthew Grooms	}
231
232	ad9b5c67	jim-p	if ($pconfig['method'] == "existing") {
233			$reqdfields = array("certref");
234			$reqdfieldsn = array(gettext("Existing Certificate Choice"));
235			}
236
237	547c56c4	jim-p	$altnames = array();
238	64cc39d3	Matthew Grooms	do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
239	547c56c4	jim-p	if ($pconfig['method'] != "import") {
240	2f65de89	jim-p	/* subjectAltNames */
241			foreach ($_POST as $key => $value) {
242			$entry = '';
243			if (!substr_compare('altname_type', $key, 0, 12)) {
244			$entry = substr($key, 12);
245			$field = 'type';
246			}
247			elseif (!substr_compare('altname_value', $key, 0, 13)) {
248			$entry = substr($key, 13);
249			$field = 'value';
250			}
251			if (ctype_digit($entry)) {
252			$altnames[$entry][$field] = $value;
253			}
254			}
255			$pconfig['aliases']['item'] = $aliases;
256
257			/* Input validation for subjectAltNames */
258			foreach ($altnames as $idx => $altname) {
259			switch ($altname['type']) {
260			case "DNS":
261			if (!is_hostname($altname['value']))
262			array_push($input_errors, "DNS subjectAltName values must be valid hostnames or FQDNs");
263			break;
264			case "IP":
265			if (!is_ipaddr($altname['value']))
266			array_push($input_errors, "IP subjectAltName values must be valid IP Addresses");
267			break;
268			case "email":
269			if (empty($altname['value']))
270			array_push($input_errors, "You must provide an e-mail address for this type of subjectAltName");
271			if (preg_match("/[\!\#\$\%\^\~\?\>\<\&\/\\\,\"\']/", $altname['value']))
272			array_push($input_errors, "The e-mail provided in a subjectAltName contains invalid characters.");
273			break;
274			case "URI":
275			/* Close enough? */
276			if (!is_URL($altname['value']))
277			$input_errors[] = "URI subjectAltName types must be a valid URI";
278			break;
279			default:
280			$input_errors[] = "Unrecognized subjectAltName type.";
281			}
282			}
283
284	21cc2faa	Evgeny Yurchenko	/* Make sure we do not have invalid characters in the fields for the certificate */
285			for ($i = 0; $i < count($reqdfields); $i++) {
286			if (preg_match('/email/', $reqdfields[$i])){ /* dn_email or csr_dn_name */
287			if (preg_match("/[\!\#\$\%\^\~\?\>\<\&\/\\\,\"\']/", $_POST["$reqdfields[$i]"]))
288			array_push($input_errors, "The field 'Distinguished name Email Address' contains invalid characters.");
289			}else if (preg_match('/commonname/', $reqdfields[$i])){ /* dn_commonname or csr_dn_commonname */
290			if (preg_match("/[\!\@\#\$\%\^\~\?\>\<\&\/\\\,\"\']/", $_POST["$reqdfields[$i]"]))
291			array_push($input_errors, "The field 'Distinguished name Common Name' contains invalid characters.");
292			}else if (preg_match("/[\!\@\#\$\%\^\~\?\>\<\&\/\\\,\.\"\']/", $_POST["$reqdfields[$i]"]))
293			array_push($input_errors, "The field '" . $reqdfieldsn[$i] . "' contains invalid characters.");
294			}
295	547c56c4	jim-p	}
296	64cc39d3	Matthew Grooms
297			/* if this is an AJAX caller then handle via JSON */
298			if (isAjax() && is_array($input_errors)) {
299			input_errors2Ajax($input_errors);
300			exit;
301			}
302
303			/* save modifications */
304			if (!$input_errors) {
305
306	ad9b5c67	jim-p	if ($pconfig['method'] == "existing") {
307			$cert = lookup_cert($pconfig['certref']);
308			if ($cert && $a_user)
309			$a_user[$userid]['cert'][] = $cert['refid'];
310			} else {
311			$cert = array();
312			$cert['refid'] = uniqid();
313			if (isset($id) && $a_cert[$id])
314			$cert = $a_cert[$id];
315
316	f2a86ca9	jim-p	$cert['descr'] = $pconfig['descr'];
317	ad9b5c67	jim-p
318	22b380aa	Evgeny Yurchenko	$old_err_level = error_reporting(0); /* otherwise openssl_ functions throw warings directly to a page screwing menu tab */
319
320	ad9b5c67	jim-p	if ($pconfig['method'] == "import")
321			cert_import($cert, $pconfig['cert'], $pconfig['key']);
322
323			if ($pconfig['method'] == "internal") {
324			$dn = array(
325			'countryName' => $pconfig['dn_country'],
326			'stateOrProvinceName' => $pconfig['dn_state'],
327			'localityName' => $pconfig['dn_city'],
328			'organizationName' => $pconfig['dn_organization'],
329			'emailAddress' => $pconfig['dn_email'],
330			'commonName' => $pconfig['dn_commonname']);
331	2f65de89	jim-p	if (count($altnames)) {
332			$altnames_tmp = "";
333			foreach ($altnames as $altname) {
334			$altnames_tmp[] = "{$altname['type']}:{$altname['value']}";
335			}
336			$dn['subjectAltName'] = implode(",", $altnames_tmp);
337			}
338	22b380aa	Evgeny Yurchenko	if (!cert_create($cert, $pconfig['caref'], $pconfig['keylen'],
339	7aaabd69	jim-p	$pconfig['lifetime'], $dn, $pconfig['type'])){
340	22b380aa	Evgeny Yurchenko	while($ssl_err = openssl_error_string()){
341			$input_errors = array();
342			array_push($input_errors, "openssl library returns: " . $ssl_err);
343			}
344			}
345	ad9b5c67	jim-p	}
346
347			if ($pconfig['method'] == "external") {
348			$dn = array(
349			'countryName' => $pconfig['csr_dn_country'],
350			'stateOrProvinceName' => $pconfig['csr_dn_state'],
351			'localityName' => $pconfig['csr_dn_city'],
352			'organizationName' => $pconfig['csr_dn_organization'],
353			'emailAddress' => $pconfig['csr_dn_email'],
354			'commonName' => $pconfig['csr_dn_commonname']);
355	2f65de89	jim-p	if (count($altnames)) {
356			$altnames_tmp = "";
357			foreach ($altnames as $altname) {
358			$altnames_tmp[] = "{$altname['type']}:{$altname['value']}";
359			}
360			$dn['subjectAltName'] = implode(",", $altnames_tmp);
361			}
362	22b380aa	Evgeny Yurchenko	if(!csr_generate($cert, $pconfig['csr_keylen'], $dn)){
363			while($ssl_err = openssl_error_string()){
364			$input_errors = array();
365			array_push($input_errors, "openssl library returns: " . $ssl_err);
366			}
367			}
368	ad9b5c67	jim-p	}
369	22b380aa	Evgeny Yurchenko	error_reporting($old_err_level);
370
371	ad9b5c67	jim-p	if (isset($id) && $a_cert[$id])
372			$a_cert[$id] = $cert;
373			else
374			$a_cert[] = $cert;
375			if (isset($a_user) && isset($userid))
376			$a_user[$userid]['cert'][] = $cert['refid'];
377	64cc39d3	Matthew Grooms	}
378
379	22b380aa	Evgeny Yurchenko	if (!$input_errors)
380			write_config();
381	64cc39d3	Matthew Grooms
382	ad9b5c67	jim-p	if ($userid)
383			pfSenseHeader("system_usermanager.php?act=edit&id={$userid}");
384	64cc39d3	Matthew Grooms	}
385			}
386
387	a37753d7	Vinicius Coque	if ($_POST['save'] == gettext("Update")) {
388	64cc39d3	Matthew Grooms	unset($input_errors);
389			$pconfig = $_POST;
390
391			/* input validation */
392	5293bfec	jim-p	$reqdfields = explode(" ", "descr cert");
393	76d49f20	Renato Botelho	$reqdfieldsn = array(
394			gettext("Descriptive name"),
395			gettext("Final Certificate data"));
396	64cc39d3	Matthew Grooms
397			do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
398
399	a828210b	yakatz	// old way
400	64cc39d3	Matthew Grooms	/* make sure this csr and certificate subjects match */
401	a828210b	yakatz	// $subj_csr = csr_get_subject($pconfig['csr'], false);
402			// $subj_cert = cert_get_subject($pconfig['cert'], false);
403			//
404			// if ( !isset($_POST['ignoresubjectmismatch']) && !($_POST['ignoresubjectmismatch'] == "yes") ) {
405			// if (strcmp($subj_csr,$subj_cert)) {
406			// $input_errors[] = sprintf(gettext("The certificate subject '%s' does not match the signing request subject."),$subj_cert);
407			// $subject_mismatch = true;
408			// }
409			// }
410	2594f401	yakatz	$mod_csr = csr_get_modulus($pconfig['csr'], false);
411			$mod_cert = cert_get_modulus($pconfig['cert'], false);
412	a828210b	yakatz
413			if (strcmp($mod_csr,$mod_cert)) {
414			// simply: if the moduli don't match, then the private key and public key won't match
415			$input_errors[] = sprintf(gettext("The certificate modulus does not match the signing request modulus."),$subj_cert);
416			$subject_mismatch = true;
417			}
418	64cc39d3	Matthew Grooms
419			/* if this is an AJAX caller then handle via JSON */
420			if (isAjax() && is_array($input_errors)) {
421			input_errors2Ajax($input_errors);
422			exit;
423			}
424
425			/* save modifications */
426			if (!$input_errors) {
427
428			$cert = $a_cert[$id];
429
430	f2a86ca9	jim-p	$cert['descr'] = $pconfig['descr'];
431	64cc39d3	Matthew Grooms
432			csr_complete($cert, $pconfig['cert']);
433
434			$a_cert[$id] = $cert;
435
436			write_config();
437
438			pfSenseHeader("system_certmanager.php");
439			}
440			}
441			}
442
443			include("head.inc");
444			?>
445
446	a828210b	yakatz	<body link="#000000" vlink="#000000" alink="#000000" onLoad="<?= $jsevents["body"]["onload"] ?>">
447	64cc39d3	Matthew Grooms	<?php include("fbegin.inc"); ?>
448			<script type="text/javascript">
449			<!--
450
451			function method_change() {
452
453			<?php
454			if ($internal_ca_count)
455			$submit_style = "";
456			else
457			$submit_style = "none";
458			?>
459
460			method = document.iform.method.selectedIndex;
461
462			switch (method) {
463			case 0:
464	ad9b5c67	jim-p	document.getElementById("import").style.display="";
465	64cc39d3	Matthew Grooms	document.getElementById("internal").style.display="none";
466			document.getElementById("external").style.display="none";
467	ad9b5c67	jim-p	document.getElementById("existing").style.display="none";
468			document.getElementById("descriptivename").style.display="";
469	96c7a492	Matthew Grooms	document.getElementById("submit").style.display="";
470	64cc39d3	Matthew Grooms	break;
471			case 1:
472	ad9b5c67	jim-p	document.getElementById("import").style.display="none";
473	64cc39d3	Matthew Grooms	document.getElementById("internal").style.display="";
474			document.getElementById("external").style.display="none";
475	ad9b5c67	jim-p	document.getElementById("existing").style.display="none";
476			document.getElementById("descriptivename").style.display="";
477	64cc39d3	Matthew Grooms	document.getElementById("submit").style.display="<?=$submit_style;?>";
478			break;
479			case 2:
480	ad9b5c67	jim-p	document.getElementById("import").style.display="none";
481	64cc39d3	Matthew Grooms	document.getElementById("internal").style.display="none";
482			document.getElementById("external").style.display="";
483	ad9b5c67	jim-p	document.getElementById("existing").style.display="none";
484			document.getElementById("descriptivename").style.display="";
485			document.getElementById("submit").style.display="";
486			break;
487			case 3:
488			document.getElementById("import").style.display="none";
489			document.getElementById("internal").style.display="none";
490			document.getElementById("external").style.display="none";
491			document.getElementById("existing").style.display="";
492			document.getElementById("descriptivename").style.display="none";
493	96c7a492	Matthew Grooms	document.getElementById("submit").style.display="";
494	64cc39d3	Matthew Grooms	break;
495			}
496			}
497
498			<?php if ($internal_ca_count): ?>
499			function internalca_change() {
500
501			index = document.iform.caref.selectedIndex;
502			caref = document.iform.caref[index].value;
503
504			switch (caref) {
505			<?php
506			foreach ($a_ca as $ca):
507			if (!$ca['prv'])
508			continue;
509			$subject = cert_get_subject_array($ca['crt']);
510			?>
511			case "<?=$ca['refid'];?>":
512			document.iform.dn_country.value = "<?=$subject[0]['v'];?>";
513			document.iform.dn_state.value = "<?=$subject[1]['v'];?>";
514			document.iform.dn_city.value = "<?=$subject[2]['v'];?>";
515			document.iform.dn_organization.value = "<?=$subject[3]['v'];?>";
516	ad9b5c67	jim-p	document.iform.dn_email.value = "<?=$subject[4]['v'];?>";
517	64cc39d3	Matthew Grooms	break;
518			<?php endforeach; ?>
519			}
520			}
521			<?php endif; ?>
522
523			//-->
524			</script>
525	2f65de89	jim-p	<script type="text/javascript" src="/javascript/row_helper_dynamic.js">
526			</script>
527			<input type='hidden' name='altname_value_type' value='select' />
528			<input type='hidden' name='altname_type_type' value='textbox' />
529			<script type="text/javascript">
530			rowname[0] = "altname_type";
531			rowtype[0] = "textbox";
532			rowsize[0] = "10";
533			rowname[1] = "altname_value";
534			rowtype[1] = "textbox";
535			rowsize[1] = "30";
536			</script>
537	64cc39d3	Matthew Grooms	<?php
538			if ($input_errors)
539			print_input_errors($input_errors);
540			if ($savemsg)
541			print_info_box($savemsg);
542	24cbe7a8	Evgeny Yurchenko
543			// Load valid country codes
544			$dn_cc = array();
545			if (file_exists("/etc/ca_countries")){
546			$dn_cc_file=file("/etc/ca_countries");
547			foreach($dn_cc_file as $line)
548			if (preg_match('/^(\S)\s(.)$/', $line, $matches))
549			array_push($dn_cc, $matches[1]);
550			}
551	64cc39d3	Matthew Grooms	?>
552			<table width="100%" border="0" cellpadding="0" cellspacing="0">
553			<tr>
554			<td class="tabnavtbl">
555			<?php
556			$tab_array = array();
557			$tab_array[] = array(gettext("CAs"), false, "system_camanager.php");
558			$tab_array[] = array(gettext("Certificates"), true, "system_certmanager.php");
559	3d57d2d5	jim-p	$tab_array[] = array(gettext("Certificate Revocation"), false, "system_crlmanager.php");
560	64cc39d3	Matthew Grooms	display_top_tabs($tab_array);
561			?>
562			</td>
563			</tr>
564			<tr>
565	96c7a492	Matthew Grooms	<td id="mainarea">
566			<div class="tabcont">
567
568	e64aa6f8	Carlos Eduardo Ramos	<?php if ($act == "new" \|\| (($_POST['save'] == gettext("Save")) && $input_errors)): ?>
569	96c7a492	Matthew Grooms
570			<form action="system_certmanager.php" method="post" name="iform" id="iform">
571			<table width="100%" border="0" cellpadding="6" cellspacing="0">
572			<?php if (!isset($id)): ?>
573			<tr>
574			<td width="22%" valign="top" class="vncellreq"><?=gettext("Method");?></td>
575			<td width="78%" class="vtable">
576			<select name='method' id='method' class="formselect" onchange='method_change()'>
577			<?php
578			foreach($cert_methods as $method => $desc):
579			$selected = "";
580			if ($pconfig['method'] == $method)
581			$selected = "selected";
582			?>
583			<option value="<?=$method;?>"<?=$selected;?>><?=$desc;?></option>
584			<?php endforeach; ?>
585			</select>
586			</td>
587			</tr>
588			<?php endif; ?>
589	ad9b5c67	jim-p	<tr id="descriptivename">
590			<?php
591	f2a86ca9	jim-p	if ($a_user && empty($pconfig['descr']))
592			$pconfig['descr'] = $a_user[$userid]['name'];
593	ad9b5c67	jim-p	?>
594			<td width="22%" valign="top" class="vncellreq"><?=gettext("Descriptive name");?></td>
595			<td width="78%" class="vtable">
596	f2a86ca9	jim-p	<input name="descr" type="text" class="formfld unknown" id="descr" size="20" value="<?=htmlspecialchars($pconfig['descr']);?>"/>
597	ad9b5c67	jim-p	</td>
598			</tr>
599	96c7a492	Matthew Grooms	</table>
600
601	ad9b5c67	jim-p	<table width="100%" border="0" cellpadding="6" cellspacing="0" id="import">
602	96c7a492	Matthew Grooms	<tr>
603			<td colspan="2" class="list" height="12"></td>
604			</tr>
605			<tr>
606	ad9b5c67	jim-p	<td colspan="2" valign="top" class="listtopic"><?=gettext("Import Certificate");?></td>
607	96c7a492	Matthew Grooms	</tr>
608
609			<tr>
610	a37753d7	Vinicius Coque	<td width="22%" valign="top" class="vncellreq"><?=gettext("Certificate data");?></td>
611	96c7a492	Matthew Grooms	<td width="78%" class="vtable">
612	dd5bf424	Scott Ullrich	<textarea name="cert" id="cert" cols="65" rows="7" class="formfld_cert"><?=htmlspecialchars($pconfig['cert']);?></textarea>
613	96c7a492	Matthew Grooms	<br>
614	a37753d7	Vinicius Coque	<?=gettext("Paste a certificate in X.509 PEM format here.");?></td>
615	96c7a492	Matthew Grooms	</td>
616			</tr>
617			<tr>
618	a37753d7	Vinicius Coque	<td width="22%" valign="top" class="vncellreq"><?=gettext("Private key data");?></td>
619	96c7a492	Matthew Grooms	<td width="78%" class="vtable">
620	dd5bf424	Scott Ullrich	<textarea name="key" id="key" cols="65" rows="7" class="formfld_cert"><?=htmlspecialchars($pconfig['key']);?></textarea>
621	96c7a492	Matthew Grooms	<br>
622	a37753d7	Vinicius Coque	<?=gettext("Paste a private key in X.509 PEM format here.");?></td>
623	96c7a492	Matthew Grooms	</td>
624			</tr>
625			</table>
626
627			<table width="100%" border="0" cellpadding="6" cellspacing="0" id="internal">
628			<tr>
629			<td colspan="2" class="list" height="12"></td>
630			</tr>
631			<tr>
632	a37753d7	Vinicius Coque	<td colspan="2" valign="top" class="listtopic"><?=gettext("Internal Certificate");?></td>
633	96c7a492	Matthew Grooms	</tr>
634
635			<?php if (!$internal_ca_count): ?>
636
637			<tr>
638			<td colspan="2" align="center" class="vtable">
639	a37753d7	Vinicius Coque	<?=gettext("No internal Certificate Authorities have been defined. You must");?>
640			<a href="system_camanager.php?act=new&method=internal"><?=gettext("create");?></a>
641			<?=gettext("an internal CA before creating an internal certificate.");?>
642	96c7a492	Matthew Grooms	</td>
643			</tr>
644
645			<?php else: ?>
646
647			<tr>
648			<td width="22%" valign="top" class="vncellreq"><?=gettext("Certificate authority");?></td>
649			<td width="78%" class="vtable">
650			<select name='caref' id='caref' class="formselect" onChange='internalca_change()'>
651			<?php
652			foreach( $a_ca as $ca):
653			if (!$ca['prv'])
654			continue;
655			$selected = "";
656			if ($pconfig['caref'] == $ca['refid'])
657			$selected = "selected";
658			?>
659	f2a86ca9	jim-p	<option value="<?=$ca['refid'];?>"<?=$selected;?>><?=$ca['descr'];?></option>
660	96c7a492	Matthew Grooms	<?php endforeach; ?>
661			</select>
662			</td>
663			</tr>
664			<tr>
665			<td width="22%" valign="top" class="vncellreq"><?=gettext("Key length");?></td>
666			<td width="78%" class="vtable">
667			<select name='keylen' class="formselect">
668			<?php
669			foreach( $cert_keylens as $len):
670			$selected = "";
671			if ($pconfig['keylen'] == $len)
672			$selected = "selected";
673			?>
674			<option value="<?=$len;?>"<?=$selected;?>><?=$len;?></option>
675			<?php endforeach; ?>
676			</select>
677	a37753d7	Vinicius Coque	<?=gettext("bits");?>
678	96c7a492	Matthew Grooms	</td>
679			</tr>
680	7aaabd69	jim-p	<tr>
681			<td width="22%" valign="top" class="vncellreq"><?=gettext("Certificate Type");?></td>
682			<td width="78%" class="vtable">
683			<select name='type' class="formselect">
684			<?php
685			foreach( $cert_types as $ct => $ctdesc ):
686			$selected = "";
687			if ($pconfig['type'] == $ct)
688			$selected = "selected";
689			?>
690			<option value="<?=$ct;?>"<?=$selected;?>><?=$ctdesc;?></option>
691			<?php endforeach; ?>
692			</select>
693			<br/>
694			<?=gettext("Type of certificate to generate. Used for placing restrictions on the usage of the generated certificate.");?>
695			</td>
696			</tr>
697	96c7a492	Matthew Grooms	<tr>
698			<td width="22%" valign="top" class="vncellreq"><?=gettext("Lifetime");?></td>
699			<td width="78%" class="vtable">
700			<input name="lifetime" type="text" class="formfld unknown" id="lifetime" size="5" value="<?=htmlspecialchars($pconfig['lifetime']);?>"/>
701	a37753d7	Vinicius Coque	<?=gettext("days");?>
702	96c7a492	Matthew Grooms	</td>
703			</tr>
704			<tr>
705			<td width="22%" valign="top" class="vncellreq"><?=gettext("Distinguished name");?></td>
706			<td width="78%" class="vtable">
707			<table border="0" cellspacing="0" cellpadding="2">
708			<tr>
709	a37753d7	Vinicius Coque	<td align="right"><?=gettext("Country Code");?> :  </td>
710	96c7a492	Matthew Grooms	<td align="left">
711	0fcaf4f2	jim-p	<input name="dn_country" type="text" class="formfld unknown" maxlength="2" size="2" value="<?=htmlspecialchars($pconfig['dn_country']);?>"/>
712	96c7a492	Matthew Grooms	</td>
713			</tr>
714			<tr>
715	a37753d7	Vinicius Coque	<td align="right"><?=gettext("State or Province");?> :  </td>
716	96c7a492	Matthew Grooms	<td align="left">
717	0fcaf4f2	jim-p	<input name="dn_state" type="text" class="formfld unknown" size="40" value="<?=htmlspecialchars($pconfig['dn_state']);?>"/>
718	96c7a492	Matthew Grooms	</td>
719			</tr>
720			<tr>
721	a37753d7	Vinicius Coque	<td align="right"><?=gettext("City");?> :  </td>
722	96c7a492	Matthew Grooms	<td align="left">
723	0fcaf4f2	jim-p	<input name="dn_city" type="text" class="formfld unknown" size="40" value="<?=htmlspecialchars($pconfig['dn_city']);?>"/>
724	96c7a492	Matthew Grooms	</td>
725			</tr>
726			<tr>
727	a37753d7	Vinicius Coque	<td align="right"><?=gettext("Organization");?> :  </td>
728	96c7a492	Matthew Grooms	<td align="left">
729	0fcaf4f2	jim-p	<input name="dn_organization" type="text" class="formfld unknown" size="40" value="<?=htmlspecialchars($pconfig['dn_organization']);?>"/>
730	96c7a492	Matthew Grooms	</td>
731			</tr>
732			<tr>
733	a37753d7	Vinicius Coque	<td align="right"><?=gettext("Email Address");?> :  </td>
734	96c7a492	Matthew Grooms	<td align="left">
735			<input name="dn_email" type="text" class="formfld unknown" size="25" value="<?=htmlspecialchars($pconfig['dn_email']);?>"/>
736
737			<em>ex:</em>
738
739	a37753d7	Vinicius Coque	<?=gettext("webadmin@mycompany.com");?>
740	96c7a492	Matthew Grooms	</td>
741			</tr>
742			<tr>
743	a37753d7	Vinicius Coque	<td align="right"><?=gettext("Common Name");?> :  </td>
744	96c7a492	Matthew Grooms	<td align="left">
745	ad9b5c67	jim-p	<?php
746			if ($a_user && empty($pconfig['dn_commonname']))
747			$pconfig['dn_commonname'] = $a_user[$userid]['name'];
748			?>
749	96c7a492	Matthew Grooms	<input name="dn_commonname" type="text" class="formfld unknown" size="25" value="<?=htmlspecialchars($pconfig['dn_commonname']);?>"/>
750
751			<em>ex:</em>
752
753	a37753d7	Vinicius Coque	<?=gettext("www.example.com");?>
754	96c7a492	Matthew Grooms	</td>
755			</tr>
756	2f65de89	jim-p	<tr>
757			<td align="right"><?=gettext("Alternative Names");?> :  </td>
758			<td align="left">
759			<table id="altNametable">
760			<thead>
761			<tr>
762			<th><div id="onecolumn"><?=gettext("Type");?></div></th>
763			<th><div id="twocolumn"><?=gettext("Value");?></div></th>
764			</tr>
765			</thead>
766			<tbody>
767			<?php
768			$counter = 0;
769			if($pconfig['altnames']['item']):
770			foreach($pconfig['altnames']['item'] as $item):
771			$type = $item['type'];
772			$value = $item['value'];
773			?>
774			<tr>
775			<td>
776			<input autocomplete="off" name="altname_type<?php echo $counter; ?>" type="text" class="formfld unknown" id="altname_type<?php echo $counter; ?>" size="20" value="<?=htmlspecialchars($value);?>" />
777			</td>
778			<td>
779			<input autocomplete="off" name="altname_value<?php echo $counter; ?>" type="text" class="formfld unknown" id="altname_value<?php echo $counter; ?>" size="20" value="<?=htmlspecialchars($value);?>" />
780			</td>
781			<td>
782			<a onclick="removeRow(this); return false;" href="#"><img border="0" src="/themes/<?echo $g['theme'];?>/images/icons/icon_x.gif" alt="" title="<?=gettext("remove this entry"); ?>" /></a>
783			</td>
784			</tr>
785			<?php
786			$counter++;
787			endforeach;
788			endif;
789			?>
790			</tbody>
791			</table>
792			<a onclick="javascript:addRowTo('altNametable', 'formfldalias'); return false;" href="#">
793			<img border="0" src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" alt="" title="<?=gettext("add another entry");?>" />
794			</a>
795			<script type="text/javascript">
796			field_counter_js = 3;
797			rows = 1;
798			totalrows = <?php echo $counter; ?>;
799			loaded = <?php echo $counter; ?>;
800			</script>
801			<br/>NOTE: Type must be one of DNS (FQDN or Hostname), IP (IP address), URI, or email.
802			</td>
803			</tr>
804	96c7a492	Matthew Grooms	</table>
805			</td>
806			</tr>
807	64cc39d3	Matthew Grooms
808			<?php endif; ?>
809
810	96c7a492	Matthew Grooms	</table>
811
812			<table width="100%" border="0" cellpadding="6" cellspacing="0" id="external">
813			<tr>
814			<td colspan="2" class="list" height="12"></td>
815			</tr>
816			<tr>
817	a37753d7	Vinicius Coque	<td colspan="2" valign="top" class="listtopic"><?=gettext("External Signing Request");?></td>
818	96c7a492	Matthew Grooms	</tr>
819			<tr>
820			<td width="22%" valign="top" class="vncellreq"><?=gettext("Key length");?></td>
821			<td width="78%" class="vtable">
822			<select name='csr_keylen' class="formselect">
823			<?php
824	b805ef90	Erik Fonnesbeck	if (!isset($pconfig['keylen']) && isset($pconfig['csr_keylen']))
825			$pconfig['keylen'] = $pconfig['csr_keylen'];
826	96c7a492	Matthew Grooms	foreach( $cert_keylens as $len):
827			$selected = "";
828			if ($pconfig['keylen'] == $len)
829			$selected = "selected";
830			?>
831			<option value="<?=$len;?>"<?=$selected;?>><?=$len;?></option>
832			<?php endforeach; ?>
833			</select>
834			bits
835			</td>
836			</tr>
837			<tr>
838			<td width="22%" valign="top" class="vncellreq"><?=gettext("Distinguished name");?></td>
839			<td width="78%" class="vtable">
840			<table border="0" cellspacing="0" cellpadding="2">
841			<tr>
842	a37753d7	Vinicius Coque	<td align="right"><?=gettext("Country Code");?> :  </td>
843	96c7a492	Matthew Grooms	<td align="left">
844	24cbe7a8	Evgeny Yurchenko	<select name='csr_dn_country' class="formselect">
845			<?php
846			foreach( $dn_cc as $cc){
847			$selected = "";
848			if ($pconfig['csr_dn_country'] == $cc) $selected = "selected";
849			print "<option value=\"$cc\" $selected>$cc</option>";
850			}
851			?>
852			</select>
853	96c7a492	Matthew Grooms	</td>
854			</tr>
855			<tr>
856	a37753d7	Vinicius Coque	<td align="right"><?=gettext("State or Province");?> :  </td>
857	96c7a492	Matthew Grooms	<td align="left">
858			<input name="csr_dn_state" type="text" class="formfld unknown" size="40" value="<?=htmlspecialchars($pconfig['csr_dn_state']);?>" />
859
860			<em>ex:</em>
861
862	a37753d7	Vinicius Coque	<?=gettext("Texas");?>
863	96c7a492	Matthew Grooms	</td>
864			</tr>
865			<tr>
866	a37753d7	Vinicius Coque	<td align="right"><?=gettext("City");?> :  </td>
867	96c7a492	Matthew Grooms	<td align="left">
868			<input name="csr_dn_city" type="text" class="formfld unknown" size="40" value="<?=htmlspecialchars($pconfig['csr_dn_city']);?>" />
869
870			<em>ex:</em>
871
872	a37753d7	Vinicius Coque	<?=gettext("Austin");?>
873	96c7a492	Matthew Grooms	</td>
874			</tr>
875			<tr>
876	a37753d7	Vinicius Coque	<td align="right"><?=gettext("Organization");?> :  </td>
877	96c7a492	Matthew Grooms	<td align="left">
878			<input name="csr_dn_organization" type="text" class="formfld unknown" size="40" value="<?=htmlspecialchars($pconfig['csr_dn_organization']);?>" />
879
880			<em>ex:</em>
881
882	a37753d7	Vinicius Coque	<?=gettext("My Company Inc.");?>
883	96c7a492	Matthew Grooms	</td>
884			</tr>
885			<tr>
886	a37753d7	Vinicius Coque	<td align="right"><?=gettext("Email Address");?> :  </td>
887	96c7a492	Matthew Grooms	<td align="left">
888			<input name="csr_dn_email" type="text" class="formfld unknown" size="25" value="<?=htmlspecialchars($pconfig['csr_dn_email']);?>"/>
889
890			<em>ex:</em>
891
892	a37753d7	Vinicius Coque	<?=gettext("webadmin@mycompany.com");?>
893	96c7a492	Matthew Grooms	</td>
894			</tr>
895			<tr>
896	a37753d7	Vinicius Coque	<td align="right"><?=gettext("Common Name");?> :  </td>
897	96c7a492	Matthew Grooms	<td align="left">
898			<input name="csr_dn_commonname" type="text" class="formfld unknown" size="25" value="<?=htmlspecialchars($pconfig['csr_dn_commonname']);?>"/>
899
900			<em>ex:</em>
901
902	a37753d7	Vinicius Coque	<?=gettext("www.example.com");?>
903	96c7a492	Matthew Grooms	</td>
904			</tr>
905			</table>
906			</td>
907			</tr>
908			</table>
909
910	ad9b5c67	jim-p	<table width="100%" border="0" cellpadding="6" cellspacing="0" id="existing">
911			<tr>
912			<td colspan="2" class="list" height="12"></td>
913			</tr>
914			<tr>
915			<td colspan="2" valign="top" class="listtopic"><?=gettext("Choose an Existing Certificate");?></td>
916			</tr>
917			<tr>
918			<td width="22%" valign="top" class="vncellreq"><?=gettext("Existing Certificates");?></td>
919			<td width="78%" class="vtable">
920			<?php if (isset($userid) && $a_user): ?>
921			<input name="userid" type="hidden" value="<?=$userid;?>" />
922			<?php endif;?>
923			<select name='certref' class="formselect">
924			<?php
925			foreach ($config['cert'] as $cert):
926			$selected = "";
927			$caname = "";
928			$inuse = "";
929	6a0b3ea4	jim-p	$revoked = "";
930	ad9b5c67	jim-p	if (in_array($cert['refid'], $config['system']['user'][$userid]['cert']))
931			continue;
932			$ca = lookup_ca($cert['caref']);
933			if ($ca)
934	f2a86ca9	jim-p	$caname = " (CA: {$ca['descr']})";
935	ad9b5c67	jim-p	if ($pconfig['certref'] == $cert['refid'])
936			$selected = "selected";
937			if (cert_in_use($cert['refid']))
938			$inuse = " *In Use";
939	6a0b3ea4	jim-p	if (is_cert_revoked($cert))
940			$revoked = " *Revoked";
941	ad9b5c67	jim-p	?>
942	6a0b3ea4	jim-p	<option value="<?=$cert['refid'];?>" <?=$selected;?>><?=$cert['descr'] . $caname . $inuse . $revoked;?></option>
943	ad9b5c67	jim-p	<?php endforeach; ?>
944			</select>
945			</td>
946			</tr>
947			</table>
948
949	96c7a492	Matthew Grooms	<table width="100%" border="0" cellpadding="6" cellspacing="0">
950			<tr>
951			<td width="22%" valign="top"> </td>
952			<td width="78%">
953	e64aa6f8	Carlos Eduardo Ramos	<input id="submit" name="save" type="submit" class="formbtn" value="<?=gettext("Save");?>" />
954	96c7a492	Matthew Grooms	<?php if (isset($id) && $a_cert[$id]): ?>
955			<input name="id" type="hidden" value="<?=$id;?>" />
956			<?php endif;?>
957			</td>
958			</tr>
959			</table>
960			</form>
961
962	e64aa6f8	Carlos Eduardo Ramos	<?php elseif ($act == "csr" \|\| (($_POST['save'] == gettext("Update")) && $input_errors)):?>
963	96c7a492	Matthew Grooms
964			<form action="system_certmanager.php" method="post" name="iform" id="iform">
965			<table width="100%" border="0" cellpadding="6" cellspacing="0">
966			<tr>
967			<td width="22%" valign="top" class="vncellreq"><?=gettext("Descriptive name");?></td>
968			<td width="78%" class="vtable">
969	f2a86ca9	jim-p	<input name="descr" type="text" class="formfld unknown" id="descr" size="20" value="<?=htmlspecialchars($pconfig['descr']);?>"/>
970	96c7a492	Matthew Grooms	</td>
971			</tr>
972			<tr>
973			<td colspan="2" class="list" height="12"></td>
974			</tr>
975			<tr>
976	a37753d7	Vinicius Coque	<td colspan="2" valign="top" class="listtopic"><?=gettext("Complete Signing Request");?></td>
977	96c7a492	Matthew Grooms	</tr>
978
979			<tr>
980	a37753d7	Vinicius Coque	<td width="22%" valign="top" class="vncellreq"><?=gettext("Signing Request data");?></td>
981	96c7a492	Matthew Grooms	<td width="78%" class="vtable">
982	dd5bf424	Scott Ullrich	<textarea name="csr" id="csr" cols="65" rows="7" class="formfld_cert" readonly><?=htmlspecialchars($pconfig['csr']);?></textarea>
983	96c7a492	Matthew Grooms	<br>
984	a37753d7	Vinicius Coque	<?=gettext("Copy the certificate signing data from here and forward it to your certificate authority for signing.");?></td>
985	96c7a492	Matthew Grooms	</td>
986			</tr>
987			<tr>
988	a37753d7	Vinicius Coque	<td width="22%" valign="top" class="vncellreq"><?=gettext("Final Certificate data");?></td>
989	96c7a492	Matthew Grooms	<td width="78%" class="vtable">
990	dd5bf424	Scott Ullrich	<textarea name="cert" id="cert" cols="65" rows="7" class="formfld_cert"><?=htmlspecialchars($pconfig['cert']);?></textarea>
991	96c7a492	Matthew Grooms	<br>
992	1dfb7795	Chris Buechler	<?=gettext("Paste the certificate received from your certificate authority here.");?></td>
993	96c7a492	Matthew Grooms	</td>
994			</tr>
995			<tr>
996			<td width="22%" valign="top"> </td>
997			<td width="78%">
998	a828210b	yakatz	<?php /* if ( isset($subject_mismatch) && $subject_mismatch === true): ?>
999	e2e934e0	yakatz	<input id="ignoresubjectmismatch" name="ignoresubjectmismatch" type="checkbox" class="formbtn" value="yes" />
1000			<label for="ignoresubjectmismatch"><strong><?=gettext("Ignore certificate subject mismatch"); ?></strong></label><br />
1001			<?php echo gettext("Warning: Using this option may create an " .
1002			"invalid certificate. Check this box to disable the request -> " .
1003			"response subject verification. ");
1004			?><br/>
1005	a828210b	yakatz	<?php endif; */ ?>
1006	e64aa6f8	Carlos Eduardo Ramos	<input id="submit" name="save" type="submit" class="formbtn" value="<?=gettext("Update");?>" />
1007	96c7a492	Matthew Grooms	<?php if (isset($id) && $a_cert[$id]): ?>
1008			<input name="id" type="hidden" value="<?=$id;?>" />
1009			<input name="act" type="hidden" value="csr" />
1010			<?php endif;?>
1011			</td>
1012			</tr>
1013			</table>
1014			</form>
1015
1016			<?php else:?>
1017
1018			<table width="100%" border="0" cellpadding="0" cellspacing="0">
1019	64cc39d3	Matthew Grooms	<tr>
1020	d590fa20	jim-p	<td width="15%" class="listhdrr"><?=gettext("Name");?></td>
1021			<td width="15%" class="listhdrr"><?=gettext("Issuer");?></td>
1022	a37753d7	Vinicius Coque	<td width="40%" class="listhdrr"><?=gettext("Distinguished Name");?></td>
1023	d590fa20	jim-p	<td width="10%" class="listhdrr"><?=gettext("In Use");?></td>
1024	96c7a492	Matthew Grooms	<td width="10%" class="list"></td>
1025	64cc39d3	Matthew Grooms	</tr>
1026	96c7a492	Matthew Grooms	<?php
1027			$i = 0;
1028			foreach($a_cert as $cert):
1029	f2a86ca9	jim-p	$name = htmlspecialchars($cert['descr']);
1030	a828210b	yakatz
1031	96c7a492	Matthew Grooms	if ($cert['crt']) {
1032	2cf6ddcb	Nigel Graham	$subj = cert_get_subject($cert['crt']);
1033			$issuer = cert_get_issuer($cert['crt']);
1034	1379d66f	jim-p	$purpose = cert_get_purpose($cert['crt']);
1035	2cf6ddcb	Nigel Graham	if($subj==$issuer)
1036	a37753d7	Vinicius Coque	$caname = "<em>" . gettext("self-signed") . "</em>";
1037	2cf6ddcb	Nigel Graham	else
1038	a37753d7	Vinicius Coque	$caname = "<em>" . gettext("external"). "</em>";
1039	2cf6ddcb	Nigel Graham	$subj = htmlspecialchars($subj);
1040	96c7a492	Matthew Grooms	}
1041
1042			if ($cert['csr']) {
1043			$subj = htmlspecialchars(csr_get_subject($cert['csr']));
1044	a37753d7	Vinicius Coque	$caname = "<em>" . gettext("external - signature pending") . "</em>";
1045	96c7a492	Matthew Grooms	}
1046
1047			$ca = lookup_ca($cert['caref']);
1048			if ($ca)
1049	f2a86ca9	jim-p	$caname = $ca['descr'];
1050	96c7a492	Matthew Grooms
1051			if($cert['prv'])
1052			$certimg = "/themes/{$g['theme']}/images/icons/icon_frmfld_cert.png";
1053			else
1054			$certimg = "/themes/{$g['theme']}/images/icons/icon_frmfld_cert.png";
1055			?>
1056	64cc39d3	Matthew Grooms	<tr>
1057	96c7a492	Matthew Grooms	<td class="listlr">
1058			<table border="0" cellpadding="0" cellspacing="0">
1059	64cc39d3	Matthew Grooms	<tr>
1060	96c7a492	Matthew Grooms	<td align="left" valign="center">
1061			<img src="<?=$certimg;?>" alt="CA" title="CA" border="0" height="16" width="16" />
1062	64cc39d3	Matthew Grooms	</td>
1063	96c7a492	Matthew Grooms	<td align="left" valign="middle">
1064			<?=$name;?>
1065	64cc39d3	Matthew Grooms	</td>
1066			</tr>
1067	1379d66f	jim-p	<tr><td> </td></tr>
1068	7aaabd69	jim-p	<?php if ($cert['type']): ?>
1069			<tr><td colspan="2"><em><?php echo $cert_types[$cert['type']]; ?></em></td></tr>
1070			<?php endif; ?>
1071	1379d66f	jim-p	<?php if (is_array($purpose)): ?>
1072			<tr><td colspan="2">
1073			CA: <?php echo $purpose['ca']; ?>,
1074			Server: <?php echo $purpose['server']; ?>
1075			</td></tr>
1076			<?php endif; ?>
1077	64cc39d3	Matthew Grooms	</table>
1078			</td>
1079	96c7a492	Matthew Grooms	<td class="listr"><?=$caname;?> </td>
1080			<td class="listr"><?=$subj;?> </td>
1081	d590fa20	jim-p	<td class="listr">
1082	150bbe09	jim-p	<?php if (is_cert_revoked($cert)): ?>
1083			<b>Revoked</b><br/>
1084			<?php endif; ?>
1085	d590fa20	jim-p	<?php if (is_webgui_cert($cert['refid'])): ?>
1086			webConfigurator<br/>
1087			<?php endif; ?>
1088			<?php if (is_user_cert($cert['refid'])): ?>
1089			User Cert<br/>
1090			<?php endif; ?>
1091			<?php if (is_openvpn_server_cert($cert['refid'])): ?>
1092			OpenVPN Server<br/>
1093			<?php endif; ?>
1094			<?php if (is_openvpn_client_cert($cert['refid'])): ?>
1095			OpenVPN Client<br/>
1096			<?php endif; ?>
1097			<?php if (is_ipsec_cert($cert['refid'])): ?>
1098			IPsec Tunnel<br/>
1099			<?php endif; ?>
1100			</td>
1101	96c7a492	Matthew Grooms	<td valign="middle" nowrap class="list">
1102	ea53e38f	Renato Botelho	<a href="system_certmanager.php?act=exp&id=<?=$i;?>">
1103	a37753d7	Vinicius Coque	<img src="/themes/<?= $g['theme'];?>/images/icons/icon_down.gif" title="<?=gettext("export cert");?>" alt="<?=gettext("export ca");?>" width="17" height="17" border="0" />
1104	96c7a492	Matthew Grooms	</a>
1105	ea53e38f	Renato Botelho	<a href="system_certmanager.php?act=key&id=<?=$i;?>">
1106	a37753d7	Vinicius Coque	<img src="/themes/<?= $g['theme'];?>/images/icons/icon_down.gif" title="<?=gettext("export key");?>" alt="<?=gettext("export ca");?>" width="17" height="17" border="0" />
1107	73fbece8	mgrooms	</a>
1108	eaf23c17	jim-p	<a href="system_certmanager.php?act=p12&id=<?=$i;?>">
1109			<img src="/themes/<?= $g['theme'];?>/images/icons/icon_down.gif" title="<?=gettext("export cert+key in .p12");?>" alt="<?=gettext("export cert+key in .p12");?>" width="17" height="17" border="0" />
1110			</a>
1111	0879599c	jim-p	<?php if (!cert_in_use($cert['refid'])): ?>
1112	a828210b	yakatz	<a href="system_certmanager.php?act=del&id=<?=$i;?>" onClick="return confirm('<?=gettext("Do you really want to delete this Certificate?");?>')">
1113	a37753d7	Vinicius Coque	<img src="/themes/<?= $g['theme'];?>/images/icons/icon_x.gif" title="<?=gettext("delete cert");?>" alt="<?=gettext("delete cert");?>" width="17" height="17" border="0" />
1114	96c7a492	Matthew Grooms	</a>
1115	0879599c	jim-p	<?php endif; ?>
1116	96c7a492	Matthew Grooms	<?php if ($cert['csr']): ?>
1117
1118			<a href="system_certmanager.php?act=csr&id=<?=$i;?>">
1119	a37753d7	Vinicius Coque	<img src="/themes/<?= $g['theme'];?>/images/icons/icon_e.gif" title="<?=gettext("update csr");?>" alt="<?=gettext("update csr");?>" width="17" height="17" border="0" />
1120	96c7a492	Matthew Grooms	</a>
1121			<?php endif; ?>
1122	64cc39d3	Matthew Grooms	</td>
1123			</tr>
1124	96c7a492	Matthew Grooms	<?php
1125			$i++;
1126			endforeach;
1127			?>
1128	64cc39d3	Matthew Grooms	<tr>
1129	0879599c	jim-p	<td class="list" colspan="4"></td>
1130	96c7a492	Matthew Grooms	<td class="list">
1131			<a href="system_certmanager.php?act=new">
1132	a37753d7	Vinicius Coque	<img src="/themes/<?= $g['theme'];?>/images/icons/icon_plus.gif" title="<?=gettext("add or import ca");?>" alt="<?=gettext("add ca");?>" width="17" height="17" border="0" />
1133	96c7a492	Matthew Grooms	</a>
1134	64cc39d3	Matthew Grooms	</td>
1135			</tr>
1136	0879599c	jim-p	<tr>
1137			<td> </td>
1138	9338cf35	Warren Baker	<td colspan="3"><?=gettext("Note: You can only delete a certificate if it is not currently in use.");?></td>
1139	0879599c	jim-p	</tr>
1140	64cc39d3	Matthew Grooms	</table>
1141
1142	96c7a492	Matthew Grooms	<?php endif; ?>
1143	64cc39d3	Matthew Grooms
1144	96c7a492	Matthew Grooms	</div>
1145	64cc39d3	Matthew Grooms	</td>
1146			</tr>
1147			</table>
1148			<?php include("fend.inc");?>
1149			<script type="text/javascript">
1150			<!--
1151
1152			method_change();
1153			internalca_change();
1154
1155			//-->
1156			</script>
1157
1158			</body>

Project

General

Profile

pfSense