Project

General

Profile

Download (17.1 KB) Statistics
| Branch: | Tag: | Revision:
1
<?php
2
/*
3
    system_camanager.php
4

    
5
    Copyright (C) 2008 Shrew Soft Inc.
6
    All rights reserved.
7

    
8
    Redistribution and use in source and binary forms, with or without
9
    modification, are permitted provided that the following conditions are met:
10

    
11
    1. Redistributions of source code must retain the above copyright notice,
12
       this list of conditions and the following disclaimer.
13

    
14
    2. Redistributions in binary form must reproduce the above copyright
15
       notice, this list of conditions and the following disclaimer in the
16
       documentation and/or other materials provided with the distribution.
17

    
18
    THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
19
    INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
20
    AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
21
    AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
22
    OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
23
    SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
24
    INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
25
    CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
26
    ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
27
    POSSIBILITY OF SUCH DAMAGE.
28
*/
29
/*
30
	pfSense_MODULE:	certificate_managaer
31
*/
32

    
33
##|+PRIV
34
##|*IDENT=page-system-camanager
35
##|*NAME=System: CA Manager
36
##|*DESCR=Allow access to the 'System: CA Manager' page.
37
##|*MATCH=system_camanager.php*
38
##|-PRIV
39

    
40
require("guiconfig.inc");
41
require_once("certs.inc");
42

    
43
$ca_methods = array(
44
	"existing" => gettext("Import an existing Certificate Authority"),
45
	"internal" => gettext("Create an internal Certificate Authority"));
46

    
47
$ca_keylens = array( "512", "1024", "2048", "4096");
48

    
49
$pgtitle = array(gettext("System"), gettext("Certificate Authority Manager"));
50

    
51
$id = $_GET['id'];
52
if (isset($_POST['id']))
53
	$id = $_POST['id'];
54

    
55
if (!is_array($config['ca']))
56
	$config['ca'] = array();
57

    
58
$a_ca =& $config['ca'];
59

    
60
if (!is_array($config['cert']))
61
	$config['cert'] = array();
62

    
63
$a_cert =& $config['cert'];
64

    
65
$act = $_GET['act'];
66
if ($_POST['act'])
67
	$act = $_POST['act'];
68

    
69
if ($act == "del") {
70

    
71
	if (!$a_ca[$id]) {
72
		pfSenseHeader("system_camanager.php");
73
		exit;
74
	}
75

    
76
	$index = count($a_cert) - 1;
77
	for (;$index >=0; $index--)
78
		if ($a_cert[$index]['caref'] == $a_ca[$id]['refid'])
79
			unset($a_cert[$index]);
80

    
81
	$name = $a_ca[$id]['descr'];
82
	unset($a_ca[$id]);
83
	write_config();
84
	$savemsg = sprintf(gettext("Certificate Authority %s successfully deleted"), $name) . "<br/>";
85
}
86

    
87
if ($act == "new") {
88
	$pconfig['method'] = $_GET['method'];
89
	$pconfig['keylen'] = "2048";
90
	$pconfig['lifetime'] = "3650";
91
	$pconfig['dn_commonname'] = "internal-ca";
92
}
93

    
94
if ($act == "exp") {
95

    
96
	if (!$a_ca[$id]) {
97
		pfSenseHeader("system_camanager.php");
98
		exit;
99
	}
100

    
101
	$exp_name = urlencode("{$a_ca[$id]['descr']}.crt");
102
	$exp_data = base64_decode($a_ca[$id]['crt']);
103
	$exp_size = strlen($exp_data);
104

    
105
	header("Content-Type: application/octet-stream");
106
	header("Content-Disposition: attachment; filename={$exp_name}");
107
	header("Content-Length: $exp_size");
108
	echo $exp_data;
109
	exit;
110
}
111

    
112
if ($act == "expkey") {
113

    
114
	if (!$a_ca[$id]) {
115
		pfSenseHeader("system_camanager.php");
116
		exit;
117
	}
118

    
119
	$exp_name = urlencode("{$a_ca[$id]['descr']}.key");
120
	$exp_data = base64_decode($a_ca[$id]['prv']);
121
	$exp_size = strlen($exp_data);
122

    
123
	header("Content-Type: application/octet-stream");
124
	header("Content-Disposition: attachment; filename={$exp_name}");
125
	header("Content-Length: $exp_size");
126
	echo $exp_data;
127
	exit;
128
}
129

    
130
if ($_POST) {
131

    
132
	unset($input_errors);
133
	$pconfig = $_POST;
134

    
135
	/* input validation */
136
	if ($pconfig['method'] == "existing") {
137
		$reqdfields = explode(" ", "descr cert");
138
		$reqdfieldsn = array(
139
				gettext("Descriptive name"),
140
				gettext("Certificate data"));
141
		if ($_POST['cert'] && (!strstr($_POST['cert'], "BEGIN CERTIFICATE") || !strstr($_POST['cert'], "END CERTIFICATE")))
142
			$input_errors[] = gettext("This certificate does not appear to be valid.");
143
	}
144
	if ($pconfig['method'] == "internal") {
145
		$reqdfields = explode(" ",
146
				"descr keylen lifetime dn_country dn_state dn_city ".
147
				"dn_organization dn_email dn_commonname");
148
		$reqdfieldsn = array(
149
				gettext("Descriptive name"),
150
				gettext("Key length"),
151
				gettext("Lifetime"),
152
				gettext("Distinguished name Country Code"),
153
				gettext("Distinguished name State or Province"),
154
				gettext("Distinguished name City"),
155
				gettext("Distinguished name Organization"),
156
				gettext("Distinguished name Email Address"),
157
				gettext("Distinguished name Common Name"));
158
	}
159

    
160
	do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
161

    
162
	/* if this is an AJAX caller then handle via JSON */
163
	if (isAjax() && is_array($input_errors)) {
164
		input_errors2Ajax($input_errors);
165
		exit;
166
	}
167

    
168
	/* save modifications */
169
	if (!$input_errors) {
170

    
171
		$ca = array();
172
		$ca['refid'] = uniqid();
173
		if (isset($id) && $a_ca[$id])
174
			$ca = $a_ca[$id];
175

    
176
	    $ca['descr'] = $pconfig['descr'];
177

    
178
		if ($pconfig['method'] == "existing")
179
			ca_import($ca, $pconfig['cert'], $pconfig['key']);
180

    
181
		if ($pconfig['method'] == "internal")
182
		{
183
			$dn = array(
184
				'countryName' => $pconfig['dn_country'],
185
				'stateOrProvinceName' => $pconfig['dn_state'],
186
				'localityName' => $pconfig['dn_city'],
187
				'organizationName' => $pconfig['dn_organization'],
188
				'emailAddress' => $pconfig['dn_email'],
189
				'commonName' => $pconfig['dn_commonname']);
190

    
191
			ca_create($ca, $pconfig['keylen'], $pconfig['lifetime'], $dn);
192
		}
193

    
194
		if (isset($id) && $a_ca[$id])
195
			$a_ca[$id] = $ca;
196
		else
197
			$a_ca[] = $ca;
198

    
199
		write_config();
200

    
201
//		pfSenseHeader("system_camanager.php");
202
	}
203
}
204

    
205
include("head.inc");
206
?>
207

    
208
<body link="#000000" vlink="#000000" alink="#000000" onload="<?= $jsevents["body"]["onload"] ?>">
209
<?php include("fbegin.inc"); ?>
210
<script type="text/javascript">
211
<!--
212

    
213
function method_change() {
214

    
215
	method = document.iform.method.selectedIndex;
216

    
217
	switch (method) {
218
		case 0:
219
			document.getElementById("existing").style.display="";
220
			document.getElementById("internal").style.display="none";
221
			break;
222
		case 1:
223
			document.getElementById("existing").style.display="none";
224
			document.getElementById("internal").style.display="";
225
			break;
226
	}
227
}
228

    
229
//-->
230
</script>
231
<?php
232
	if ($input_errors)
233
		print_input_errors($input_errors);
234
	if ($savemsg)
235
		print_info_box($savemsg);
236
?>
237
<table width="100%" border="0" cellpadding="0" cellspacing="0">
238
	<tr>
239
		<td>
240
		<?php
241
			$tab_array = array();
242
			$tab_array[] = array(gettext("CAs"), true, "system_camanager.php");
243
			$tab_array[] = array(gettext("Certificates"), false, "system_certmanager.php");
244
			$tab_array[] = array(gettext("Certificate Revocation"), false, "system_crlmanager.php");
245
			display_top_tabs($tab_array);
246
		?>
247
		</td>
248
	</tr>
249
	<tr>
250
		<td id="mainarea">
251
			<div class="tabcont">
252

    
253
				<?php if ($act == "new" || $act == gettext("Save") || $input_errors): ?>
254

    
255
				<form action="system_camanager.php" method="post" name="iform" id="iform">
256
					<table width="100%" border="0" cellpadding="6" cellspacing="0">
257
						<tr>
258
							<td width="22%" valign="top" class="vncellreq"><?=gettext("Descriptive name");?></td>
259
							<td width="78%" class="vtable">
260
								<input name="descr" type="text" class="formfld unknown" id="descr" size="20" value="<?=htmlspecialchars($pconfig['descr']);?>"/>
261
							</td>
262
						</tr>
263
						<?php if (!isset($id)): ?>
264
						<tr>
265
							<td width="22%" valign="top" class="vncellreq"><?=gettext("Method");?></td>
266
							<td width="78%" class="vtable">
267
								<select name='method' id='method' class="formselect" onchange='method_change()'>
268
								<?php
269
									foreach($ca_methods as $method => $desc):
270
									$selected = "";
271
									if ($pconfig['method'] == $method)
272
										$selected = "selected";
273
								?>
274
									<option value="<?=$method;?>"<?=$selected;?>><?=$desc;?></option>
275
								<?php endforeach; ?>
276
								</select>
277
							</td>
278
						</tr>
279
						<?php endif; ?>
280
					</table>
281

    
282
					<table width="100%" border="0" cellpadding="6" cellspacing="0" id="existing">
283
						<tr>
284
							<td colspan="2" class="list" height="12"></td>
285
						</tr>
286
						<tr>
287
							<td colspan="2" valign="top" class="listtopic"><?=gettext("Existing Certificate Authority");?></td>
288
						</tr>
289

    
290
						<tr>
291
							<td width="22%" valign="top" class="vncellreq"><?=gettext("Certificate data");?></td>
292
							<td width="78%" class="vtable">
293
								<textarea name="cert" id="cert" cols="65" rows="7" class="formfld_cert"><?=htmlspecialchars($pconfig['cert']);?></textarea>
294
								<br>
295
								<?=gettext("Paste a certificate in X.509 PEM format here.");?></td>
296
							</td>
297
						</tr>
298
						<tr>
299
							<td width="22%" valign="top" class="vncellreq"><?=gettext("Certificate Private Key");?><br/><?=gettext("(optional)");?></td>
300
							<td width="78%" class="vtable">
301
								<textarea name="key" id="key" cols="65" rows="7" class="formfld_cert"><?=htmlspecialchars($pconfig['key']);?></textarea>
302
								<br>
303
								<?=gettext("Paste the private key for the above certificate here. This is optional in most cases, but required if you need to generate a Certificate Revocation List (CRL).");?></td>
304
							</td>
305
						</tr>
306
					</table>
307

    
308
					<table width="100%" border="0" cellpadding="6" cellspacing="0" id="internal">
309
						<tr>
310
							<td colspan="2" class="list" height="12"></td>
311
						</tr>
312
						<tr>
313
							<td colspan="2" valign="top" class="listtopic"><?=gettext("Internal Certificate Authority");?></td>
314
						</tr>
315
						<tr>
316
							<td width="22%" valign="top" class="vncellreq"><?=gettext("Key length");?></td>
317
							<td width="78%" class="vtable">
318
								<select name='keylen' id='keylen' class="formselect">
319
								<?php
320
									foreach( $ca_keylens as $len):
321
									$selected = "";
322
									if ($pconfig['keylen'] == $len)
323
										$selected = "selected";
324
								?>
325
									<option value="<?=$len;?>"<?=$selected;?>><?=$len;?></option>
326
								<?php endforeach; ?>
327
								</select>
328
								<?=gettext("bits");?>
329
							</td>
330
						</tr>
331
						<tr>
332
							<td width="22%" valign="top" class="vncellreq"><?=gettext("Lifetime");?></td>
333
							<td width="78%" class="vtable">
334
								<input name="lifetime" type="text" class="formfld unknown" id="lifetime" size="5" value="<?=htmlspecialchars($pconfig['lifetime']);?>"/>
335
								<?=gettext("days");?>
336
							</td>
337
						</tr>
338
						<tr>
339
							<td width="22%" valign="top" class="vncellreq"><?=gettext("Distinguished name");?></td>
340
							<td width="78%" class="vtable">
341
								<table border="0" cellspacing="0" cellpadding="2">
342
									<tr>
343
										<td align="right"><?=gettext("Country Code");?> : &nbsp;</td>
344
										<td align="left">
345
											<input name="dn_country" type="text" class="formfld unknown" maxlength="2" size="2" value="<?=htmlspecialchars($pconfig['dn_country']);?>"/>
346
											&nbsp;
347
											<em><?=gettext("ex:");?></em>
348
											&nbsp;
349
											<?=gettext("US");?>
350
											<em><?=gettext("( two letters )");?></em>
351
										</td>
352
									</tr>
353
									<tr>
354
										<td align="right"><?=gettext("State or Province");?> : &nbsp;</td>
355
										<td align="left">
356
											<input name="dn_state" type="text" class="formfld unknown" size="40" value="<?=htmlspecialchars($pconfig['dn_state']);?>"/>
357
											&nbsp;
358
											<em><?=gettext("ex:");?></em>
359
											&nbsp;
360
											<?=gettext("Texas");?>
361
										</td>
362
									</tr>
363
									<tr>
364
										<td align="right"><?=gettext("City");?> : &nbsp;</td>
365
										<td align="left">
366
											<input name="dn_city" type="text" class="formfld unknown" size="40" value="<?=htmlspecialchars($pconfig['dn_city']);?>"/>
367
											&nbsp;
368
											<em><?=gettext("ex:");?></em>
369
											&nbsp;
370
											<?=gettext("Austin");?>
371
										</td>
372
									</tr>
373
									<tr>
374
										<td align="right"><?=gettext("Organization");?> : &nbsp;</td>
375
										<td align="left">
376
											<input name="dn_organization" type="text" class="formfld unknown" size="40" value="<?=htmlspecialchars($pconfig['dn_organization']);?>"/>
377
											&nbsp;
378
											<em><?=gettext("ex:");?></em>
379
											&nbsp;
380
											<?=gettext("My Company Inc.");?>
381
										</td>
382
									</tr>
383
									<tr>
384
										<td align="right"><?=gettext("Email Address");?> : &nbsp;</td>
385
										<td align="left">
386
											<input name="dn_email" type="text" class="formfld unknown" size="25" value="<?=htmlspecialchars($pconfig['dn_email']);?>"/>
387
											&nbsp;
388
											<em><?=gettext("ex:");?></em>
389
											&nbsp;
390
											<?=gettext("admin@mycompany.com");?>
391
										</td>
392
									</tr>
393
									<tr>
394
										<td align="right"><?=gettext("Common Name");?> : &nbsp;</td>
395
										<td align="left">
396
											<input name="dn_commonname" type="text" class="formfld unknown" size="25" value="<?=htmlspecialchars($pconfig['dn_commonname']);?>"/>
397
											&nbsp;
398
											<em><?=gettext("ex:");?></em>
399
											&nbsp;
400
											<?=gettext("internal-ca");?>
401
										</td>
402
									</tr>
403
								</table>
404
							</td>
405
						</tr>
406
					</table>
407

    
408
					<table width="100%" border="0" cellpadding="6" cellspacing="0">
409
						<tr>
410
							<td width="22%" valign="top">&nbsp;</td>
411
							<td width="78%">
412
								<input id="submit" name="save" type="submit" class="formbtn" value="<?=gettext("Save"); ?>" />
413
								<?php if (isset($id) && $a_ca[$id]): ?>
414
								<input name="id" type="hidden" value="<?=$id;?>" />
415
								<?php endif;?>
416
							</td>
417
						</tr>
418
					</table>
419
				</form>
420

    
421
				<?php else: ?>
422

    
423
				<table width="100%" border="0" cellpadding="0" cellspacing="0">
424
					<tr>
425
						<td width="20%" class="listhdrr"><?=gettext("Name");?></td>
426
						<td width="10%" class="listhdrr"><?=gettext("Internal");?></td>
427
						<td width="10%" class="listhdrr"><?=gettext("Issuer");?></td>
428
						<td width="10%" class="listhdrr"><?=gettext("Certificates");?></td>
429
						<td width="40%" class="listhdrr"><?=gettext("Distinguished Name");?></td>
430
						<td width="10%" class="list"></td>
431
					</tr>
432
					<?php
433
						$i = 0;
434
						foreach($a_ca as $ca):
435
							$name = htmlspecialchars($ca['descr']);
436
							$subj = cert_get_subject($ca['crt']);
437
							$issuer = cert_get_issuer($ca['crt']);
438
							if($subj == $issuer)
439
							  $issuer_name = "<em>" . gettext("self-signed") . "</em>";
440
							else
441
							  $issuer_name = "<em>" . gettext("external") . "</em>";
442
							$subj = htmlspecialchars($subj);
443
							$issuer = htmlspecialchars($issuer);
444
							$certcount = 0;
445

    
446
							$issuer_ca = lookup_ca($ca['caref']);
447
							if ($issuer_ca)
448
								$issuer_name = $issuer_ca['descr'];
449

    
450
							// TODO : Need gray certificate icon
451

    
452
							if($ca['prv']) {
453
								$caimg = "/themes/{$g['theme']}/images/icons/icon_frmfld_cert.png";
454
								$internal = "YES";
455

    
456
							} else {
457
								$caimg = "/themes/{$g['theme']}/images/icons/icon_frmfld_cert.png";
458
								$internal = "NO";
459
							}
460
							foreach ($a_cert as $cert)
461
								if ($cert['caref'] == $ca['refid'])
462
									$certcount++;
463
  						foreach ($a_ca as $cert)
464
  							if ($cert['caref'] == $ca['refid'])
465
  								$certcount++;
466
					?>
467
					<tr>
468
						<td class="listlr">
469
							<table border="0" cellpadding="0" cellspacing="0">
470
								<tr>
471
									<td align="left" valign="center">
472
										<img src="<?=$caimg;?>" alt="CA" title="CA" border="0" height="16" width="16" />
473
									</td>
474
									<td align="left" valign="middle">
475
										<?=$name;?>
476
									</td>
477
								</tr>
478
							</table>
479
						</td>
480
						<td class="listr"><?=$internal;?>&nbsp;</td>
481
						<td class="listr"><?=$issuer_name;?>&nbsp;</td>
482
						<td class="listr"><?=$certcount;?>&nbsp;</td>
483
						<td class="listr"><?=$subj;?>&nbsp;</td>
484
						<td valign="middle" nowrap class="list">
485
							<a href="system_camanager.php?act=exp&id=<?=$i;?>")">
486
								<img src="/themes/<?= $g['theme'];?>/images/icons/icon_down.gif" title="<?=gettext("export ca");?>" alt="<?=gettext("export ca");?>" width="17" height="17" border="0" />
487
							</a>
488
							<?php if ($ca['prv']): ?>
489
							<a href="system_camanager.php?act=expkey&id=<?=$i;?>")">
490
								<img src="/themes/<?= $g['theme'];?>/images/icons/icon_down.gif" title="<?=gettext("export ca private key");?>" alt="<?=gettext("export ca private key");?>" width="17" height="17" border="0" />
491
							</a>
492
							<?php endif; ?>
493
							<a href="system_camanager.php?act=del&id=<?=$i;?>" onclick="return confirm('<?=gettext("Do you really want to delete this Certificate Authority and all associated certificates?");?>')">
494
								<img src="/themes/<?= $g['theme'];?>/images/icons/icon_x.gif" title="<?=gettext("delete ca");?>" alt="<?=gettext("delete ca"); ?>" width="17" height="17" border="0" />
495
							</a>
496
						</td>
497
					</tr>
498
					<?php
499
							$i++;
500
						endforeach;
501
					?>
502
					<tr>
503
						<td class="list" colspan="5"></td>
504
						<td class="list">
505
							<a href="system_camanager.php?act=new">
506
								<img src="/themes/<?= $g['theme'];?>/images/icons/icon_plus.gif" title="<?=gettext("add or import ca");?>" alt="<?=gettext("add ca");?>" width="17" height="17" border="0" />
507
							</a>
508
						</td>
509
					</tr>
510
					<tr>
511
						<td colspan="5">
512
							<p>
513
								<?=gettext("Additional trusted Certificate Authorities can be added here.");?>
514
							</p>
515
						</td>
516
					</tr>
517
				</table>
518

    
519
				<?php endif; ?>
520

    
521
			</div>
522
		</td>
523
	</tr>
524
</table>
525
<?php include("fend.inc");?>
526
<script type="text/javascript">
527
<!--
528

    
529
method_change();
530

    
531
//-->
532
</script>
533

    
534
</body>
(183-183/224)