| 48 |
48 |
|
| 49 |
49 |
global $cert_altname_types;
|
| 50 |
50 |
global $openssl_digest_algs;
|
| 51 |
|
global $openssl_eckeys;
|
|
51 |
$openssl_ecnames = openssl_get_curve_names();
|
| 52 |
52 |
|
| 53 |
53 |
if (isset($_REQUEST['userid']) && is_numericint($_REQUEST['userid'])) {
|
| 54 |
54 |
$userid = $_REQUEST['userid'];
|
| ... | ... | |
| 97 |
97 |
$pconfig['method'] = $_POST['method'];
|
| 98 |
98 |
$pconfig['keytype'] = "RSA";
|
| 99 |
99 |
$pconfig['keylen'] = "2048";
|
| 100 |
|
$pconfig['eckey'] = "brainpoolP160r1";
|
|
100 |
$pconfig['ecname'] = "brainpoolP256r1";
|
| 101 |
101 |
$pconfig['digest_alg'] = "sha256";
|
| 102 |
102 |
$pconfig['csr_keytype'] = "RSA";
|
| 103 |
103 |
$pconfig['csr_keylen'] = "2048";
|
| 104 |
|
$pconfig['csr_eckey'] = "brainpoolP160r1";
|
|
104 |
$pconfig['csr_ecname'] = "brainpoolP256r1";
|
| 105 |
105 |
$pconfig['csr_digest_alg'] = "sha256";
|
| 106 |
106 |
$pconfig['csrsign_digest_alg'] = "sha256";
|
| 107 |
107 |
$pconfig['type'] = "user";
|
| ... | ... | |
| 247 |
247 |
|
| 248 |
248 |
if ($pconfig['method'] == "internal") {
|
| 249 |
249 |
$reqdfields = explode(" ",
|
| 250 |
|
"descr caref keylen eckey type keytype lifetime dn_commonname");
|
|
250 |
"descr caref keylen ecname type keytype lifetime dn_commonname");
|
| 251 |
251 |
$reqdfieldsn = array(
|
| 252 |
252 |
gettext("Descriptive name"),
|
| 253 |
253 |
gettext("Certificate authority"),
|
| 254 |
254 |
gettext("Key length"),
|
| 255 |
|
gettext("EC key"),
|
|
255 |
gettext("Elliptic Curve Name"),
|
| 256 |
256 |
gettext("Key type"),
|
| 257 |
257 |
gettext("Certificate Type"),
|
| 258 |
258 |
gettext("Lifetime"),
|
| ... | ... | |
| 261 |
261 |
|
| 262 |
262 |
if ($pconfig['method'] == "external") {
|
| 263 |
263 |
$reqdfields = explode(" ",
|
| 264 |
|
"descr csr_keylen csr_eckey csr_keytype csr_dn_commonname");
|
|
264 |
"descr csr_keylen csr_ecname csr_keytype csr_dn_commonname");
|
| 265 |
265 |
$reqdfieldsn = array(
|
| 266 |
266 |
gettext("Descriptive name"),
|
| 267 |
267 |
gettext("Key length"),
|
| 268 |
|
gettext("EC key"),
|
|
268 |
gettext("Elliptic Curve Name"),
|
| 269 |
269 |
gettext("Key type"),
|
| 270 |
270 |
gettext("Common Name"));
|
| 271 |
271 |
}
|
| ... | ... | |
| 351 |
351 |
if (isset($_POST["keylen"]) && !in_array($_POST["keylen"], $cert_keylens)) {
|
| 352 |
352 |
array_push($input_errors, gettext("Please select a valid Key Length."));
|
| 353 |
353 |
}
|
| 354 |
|
if (isset($_POST["eckey"]) && !in_array($_POST["eckey"], $openssl_eckeys)) {
|
| 355 |
|
array_push($input_errors, gettext("Please select a valid EC Key."));
|
|
354 |
if (isset($_POST["ecname"]) && !in_array($_POST["ecname"], $openssl_ecnames)) {
|
|
355 |
array_push($input_errors, gettext("Please select a valid Elliptic Curve Name."));
|
| 356 |
356 |
}
|
| 357 |
357 |
if (!in_array($_POST["digest_alg"], $openssl_digest_algs)) {
|
| 358 |
358 |
array_push($input_errors, gettext("Please select a valid Digest Algorithm."));
|
| ... | ... | |
| 365 |
365 |
if (isset($_POST["csr_keylen"]) && !in_array($_POST["csr_keylen"], $cert_keylens)) {
|
| 366 |
366 |
array_push($input_errors, gettext("Please select a valid Key Length."));
|
| 367 |
367 |
}
|
| 368 |
|
if (isset($_POST["csr_eckey"]) && !in_array($_POST["csr_eckey"], $openssl_eckeys)) {
|
| 369 |
|
array_push($input_errors, gettext("Please select a valid EC Key."));
|
|
368 |
if (isset($_POST["csr_ecname"]) && !in_array($_POST["csr_ecname"], $openssl_ecnames)) {
|
|
369 |
array_push($input_errors, gettext("Please select a valid Elliptic Curve Name."));
|
| 370 |
370 |
}
|
| 371 |
371 |
if (!in_array($_POST["csr_digest_alg"], $openssl_digest_algs)) {
|
| 372 |
372 |
array_push($input_errors, gettext("Please select a valid Digest Algorithm."));
|
| ... | ... | |
| 478 |
478 |
$dn['subjectAltName'] = implode(",", $altnames_tmp);
|
| 479 |
479 |
}
|
| 480 |
480 |
|
| 481 |
|
if (!cert_create($cert, $pconfig['caref'], $pconfig['keylen'], $pconfig['lifetime'], $dn, $pconfig['type'], $pconfig['digest_alg'], $pconfig['eckey'], $pconfig['keytype'])) {
|
|
481 |
if (!cert_create($cert, $pconfig['caref'], $pconfig['keylen'], $pconfig['lifetime'], $dn, $pconfig['type'], $pconfig['digest_alg'], $pconfig['keytype'], $pconfig['ecname'])) {
|
| 482 |
482 |
$input_errors = array();
|
| 483 |
483 |
while ($ssl_err = openssl_error_string()) {
|
| 484 |
484 |
if (strpos($ssl_err, 'NCONF_get_string:no value') === false) {
|
| ... | ... | |
| 523 |
523 |
$dn['subjectAltName'] = implode(",", $altnames_tmp);
|
| 524 |
524 |
}
|
| 525 |
525 |
|
| 526 |
|
if (!csr_generate($cert, $pconfig['csr_keylen'], $dn, $pconfig['type'], $pconfig['csr_digest_alg'], $pconfig['csr_eckey'], $pconfig['csr_keytype'])) {
|
|
526 |
if (!csr_generate($cert, $pconfig['csr_keylen'], $dn, $pconfig['type'], $pconfig['csr_digest_alg'], $pconfig['csr_keytype'], $pconfig['csr_ecname'])) {
|
| 527 |
527 |
$input_errors = array();
|
| 528 |
528 |
while ($ssl_err = openssl_error_string()) {
|
| 529 |
529 |
if (strpos($ssl_err, 'NCONF_get_string:no value') === false) {
|
| ... | ... | |
| 801 |
801 |
));
|
| 802 |
802 |
|
| 803 |
803 |
$group = new Form_Group($i == 0 ? '*Key length':'');
|
| 804 |
|
$group->addClass('rsakeys');
|
|
804 |
$group->addClass('rsakeys');
|
| 805 |
805 |
$group->add(new Form_Select(
|
| 806 |
806 |
'keylen',
|
| 807 |
807 |
null,
|
| ... | ... | |
| 810 |
810 |
));
|
| 811 |
811 |
$section->add($group);
|
| 812 |
812 |
|
| 813 |
|
$group = new Form_Group($i == 0 ? '*EC key':'');
|
| 814 |
|
$group->addClass('eckeys');
|
|
813 |
$group = new Form_Group($i == 0 ? '*Elliptic Curve Name':'');
|
|
814 |
$group->addClass('ecnames');
|
| 815 |
815 |
$group->add(new Form_Select(
|
| 816 |
|
'eckey',
|
|
816 |
'ecname',
|
| 817 |
817 |
null,
|
| 818 |
|
$pconfig['eckey'],
|
| 819 |
|
array_combine($openssl_eckeys, $openssl_eckeys)
|
|
818 |
$pconfig['ecname'],
|
|
819 |
array_combine($openssl_ecnames, $openssl_ecnames)
|
| 820 |
820 |
));
|
| 821 |
821 |
$section->add($group);
|
| 822 |
822 |
|
| ... | ... | |
| 899 |
899 |
));
|
| 900 |
900 |
|
| 901 |
901 |
$group = new Form_Group($i == 0 ? '*Key length':'');
|
| 902 |
|
$group->addClass('csr_rsakeys');
|
|
902 |
$group->addClass('csr_rsakeys');
|
| 903 |
903 |
$group->add(new Form_Select(
|
| 904 |
904 |
'csr_keylen',
|
| 905 |
905 |
null,
|
| ... | ... | |
| 908 |
908 |
));
|
| 909 |
909 |
$section->add($group);
|
| 910 |
910 |
|
| 911 |
|
$group = new Form_Group($i == 0 ? '*EC key':'');
|
| 912 |
|
$group->addClass('csr_eckeys');
|
|
911 |
$group = new Form_Group($i == 0 ? '*Elliptic Curve Name':'');
|
|
912 |
$group->addClass('csr_ecnames');
|
| 913 |
913 |
$group->add(new Form_Select(
|
| 914 |
|
'csr_eckey',
|
|
914 |
'csr_ecname',
|
| 915 |
915 |
null,
|
| 916 |
|
$pconfig['csr_eckey'],
|
| 917 |
|
array_combine($openssl_eckeys, $openssl_eckeys)
|
|
916 |
$pconfig['csr_ecname'],
|
|
917 |
array_combine($openssl_ecnames, $openssl_ecnames)
|
| 918 |
918 |
));
|
| 919 |
919 |
$section->add($group);
|
| 920 |
920 |
|
| ... | ... | |
| 1485 |
1485 |
|
| 1486 |
1486 |
function change_keytype() {
|
| 1487 |
1487 |
hideClass('rsakeys', ($('#keytype').val() != 'RSA'));
|
| 1488 |
|
hideClass('eckeys', ($('#keytype').val() != 'ECDSA'));
|
|
1488 |
hideClass('ecnames', ($('#keytype').val() != 'ECDSA'));
|
| 1489 |
1489 |
}
|
| 1490 |
1490 |
|
| 1491 |
1491 |
$('#keytype').change(function () {
|
| ... | ... | |
| 1494 |
1494 |
|
| 1495 |
1495 |
function change_csrkeytype() {
|
| 1496 |
1496 |
hideClass('csr_rsakeys', ($('#csr_keytype').val() != 'RSA'));
|
| 1497 |
|
hideClass('csr_eckeys', ($('#csr_keytype').val() != 'ECDSA'));
|
|
1497 |
hideClass('csr_ecnames', ($('#csr_keytype').val() != 'ECDSA'));
|
| 1498 |
1498 |
}
|
| 1499 |
1499 |
|
| 1500 |
1500 |
$('#csr_keytype').change(function () {
|
Added by Viktor Gurov over 5 years ago
fixes