Revision f0b38e39
Added by Jim Pingle over 5 years ago
| src/usr/local/www/system_camanager.php | ||
|---|---|---|
| 45 | 45 |
$max_lifetime = cert_get_max_lifetime(); |
| 46 | 46 |
$default_lifetime = min(3650, $max_lifetime); |
| 47 | 47 |
$openssl_ecnames = openssl_get_curve_names(); |
| 48 |
|
|
| 49 |
if (isset($_REQUEST['id']) && is_numericint($_REQUEST['id'])) {
|
|
| 50 |
$id = $_REQUEST['id']; |
|
| 51 |
} |
|
| 48 |
$class = "success"; |
|
| 52 | 49 |
|
| 53 | 50 |
init_config_arr(array('ca'));
|
| 54 | 51 |
$a_ca = &$config['ca']; |
| ... | ... | |
| 59 | 56 |
init_config_arr(array('crl'));
|
| 60 | 57 |
$a_crl = &$config['crl']; |
| 61 | 58 |
|
| 62 |
if ($_REQUEST['act']) {
|
|
| 63 |
$act = $_REQUEST['act']; |
|
| 59 |
$act = $_REQUEST['act']; |
|
| 60 |
|
|
| 61 |
if (isset($_REQUEST['id']) && ctype_alnum($_REQUEST['id'])) {
|
|
| 62 |
$id = $_REQUEST['id']; |
|
| 63 |
} |
|
| 64 |
if (!empty($id)) {
|
|
| 65 |
$thisca =& lookup_ca($id); |
|
| 64 | 66 |
} |
| 65 | 67 |
|
| 66 | 68 |
/* Actions other than 'new' require an ID. |
| 67 | 69 |
* 'del' action must be submitted via POST. */ |
| 68 | 70 |
if ((!empty($act) && |
| 69 | 71 |
($act != 'new') && |
| 70 |
!$a_ca[$id]) ||
|
|
| 72 |
!$thisca) ||
|
|
| 71 | 73 |
(($act == 'del') && empty($_POST))) {
|
| 72 | 74 |
pfSenseHeader("system_camanager.php");
|
| 73 | 75 |
exit; |
| ... | ... | |
| 75 | 77 |
|
| 76 | 78 |
switch ($act) {
|
| 77 | 79 |
case 'del': |
| 78 |
/* Only remove CA reference when deleting. It can be reconnected if a new matching CA is imported */ |
|
| 79 |
$index = count($a_cert) - 1; |
|
| 80 |
for (;$index >= 0; $index--) {
|
|
| 81 |
if ($a_cert[$index]['caref'] == $a_ca[$id]['refid']) {
|
|
| 82 |
unset($a_cert[$index]['caref']); |
|
| 80 |
$name = htmlspecialchars($thisca['descr']); |
|
| 81 |
if (cert_in_use($id)) {
|
|
| 82 |
$savemsg = sprintf(gettext("Certificate %s is in use and cannot be deleted"), $name);
|
|
| 83 |
$class = "danger"; |
|
| 84 |
} else {
|
|
| 85 |
/* Only remove CA reference when deleting. It can be reconnected if a new matching CA is imported */ |
|
| 86 |
foreach ($a_cert as $cid => $acrt) {
|
|
| 87 |
if ($acrt['caref'] == $thisca['refid']) {
|
|
| 88 |
unset($a_cert[$cid]['caref']); |
|
| 89 |
} |
|
| 83 | 90 |
} |
| 84 |
} |
|
| 85 |
/* Remove any CRLs for this CA, there is no way to recover the connection once the CA has been removed. */ |
|
| 86 |
$index = count($a_crl) - 1; |
|
| 87 |
for (;$index >= 0; $index--) {
|
|
| 88 |
if ($a_crl[$index]['caref'] == $a_ca[$id]['refid']) {
|
|
| 89 |
unset($a_crl[$index]); |
|
| 91 |
/* Remove any CRLs for this CA, there is no way to recover the connection once the CA has been removed. */ |
|
| 92 |
foreach ($a_crl as $cid => $acrl) {
|
|
| 93 |
if ($acrl['caref'] == $thisca['refid']) {
|
|
| 94 |
unset($a_crl[$cid]); |
|
| 95 |
} |
|
| 90 | 96 |
} |
| 97 |
/* Delete the CA */ |
|
| 98 |
foreach ($a_ca as $cid => $aca) {
|
|
| 99 |
if ($aca['refid'] == $thisca['refid']) {
|
|
| 100 |
unset($a_ca[$cid]); |
|
| 101 |
} |
|
| 102 |
} |
|
| 103 |
$savemsg = sprintf(gettext("Deleted Certificate Authority %s and associated CRLs"), htmlspecialchars($name));
|
|
| 104 |
write_config($savemsg); |
|
| 105 |
ca_setup_trust_store(); |
|
| 91 | 106 |
} |
| 92 |
$name = $a_ca[$id]['descr']; |
|
| 93 |
unset($a_ca[$id]); |
|
| 94 |
write_config(); |
|
| 95 |
ca_setup_trust_store(); |
|
| 96 |
$savemsg = sprintf(gettext("Certificate Authority %s and its CRLs (if any) successfully deleted."), htmlspecialchars($name));
|
|
| 97 |
pfSenseHeader("system_camanager.php");
|
|
| 98 |
exit; |
|
| 107 |
unset($act); |
|
| 99 | 108 |
break; |
| 100 | 109 |
case 'edit': |
| 101 | 110 |
/* Editing an existing CA, so populate values. */ |
| 102 | 111 |
$pconfig['method'] = 'existing'; |
| 103 |
$pconfig['descr'] = $a_ca[$id]['descr'];
|
|
| 104 |
$pconfig['refid'] = $a_ca[$id]['refid'];
|
|
| 105 |
$pconfig['cert'] = base64_decode($a_ca[$id]['crt']);
|
|
| 106 |
$pconfig['serial'] = $a_ca[$id]['serial'];
|
|
| 107 |
$pconfig['trust'] = ($a_ca[$id]['trust'] == 'enabled');
|
|
| 108 |
$pconfig['randomserial'] = ($a_ca[$id]['randomserial'] == 'enabled');
|
|
| 109 |
if (!empty($a_ca[$id]['prv'])) {
|
|
| 110 |
$pconfig['key'] = base64_decode($a_ca[$id]['prv']);
|
|
| 112 |
$pconfig['descr'] = $thisca['descr'];
|
|
| 113 |
$pconfig['refid'] = $thisca['refid'];
|
|
| 114 |
$pconfig['cert'] = base64_decode($thisca['crt']);
|
|
| 115 |
$pconfig['serial'] = $thisca['serial'];
|
|
| 116 |
$pconfig['trust'] = ($thisca['trust'] == 'enabled');
|
|
| 117 |
$pconfig['randomserial'] = ($thisca['randomserial'] == 'enabled');
|
|
| 118 |
if (!empty($thisca['prv'])) {
|
|
| 119 |
$pconfig['key'] = base64_decode($thisca['prv']);
|
|
| 111 | 120 |
} |
| 112 | 121 |
break; |
| 113 | 122 |
case 'new': |
| ... | ... | |
| 122 | 131 |
break; |
| 123 | 132 |
case 'exp': |
| 124 | 133 |
/* Exporting a ca */ |
| 125 |
send_user_download('data', base64_decode($a_ca[$id]['crt']), "{$a_ca[$id]['descr']}.crt");
|
|
| 134 |
send_user_download('data', base64_decode($thisca['crt']), "{$thisca['descr']}.crt");
|
|
| 126 | 135 |
break; |
| 127 | 136 |
case 'expkey': |
| 128 | 137 |
/* Exporting a private key */ |
| 129 |
send_user_download('data', base64_decode($a_ca[$id]['prv']), "{$a_ca[$id]['descr']}.key");
|
|
| 138 |
send_user_download('data', base64_decode($thisca['prv']), "{$thisca['descr']}.key");
|
|
| 130 | 139 |
break; |
| 131 | 140 |
default: |
| 132 | 141 |
break; |
| ... | ... | |
| 226 | 235 |
$ca['refid'] = $pconfig['refid']; |
| 227 | 236 |
} |
| 228 | 237 |
|
| 229 |
if (isset($id) && $a_ca[$id]) {
|
|
| 230 |
$ca = $a_ca[$id];
|
|
| 238 |
if (isset($id) && $thisca) {
|
|
| 239 |
$ca = $thisca;
|
|
| 231 | 240 |
} |
| 232 | 241 |
|
| 233 | 242 |
$ca['descr'] = $pconfig['descr']; |
| ... | ... | |
| 242 | 251 |
if (!empty($pconfig['key'])) {
|
| 243 | 252 |
$ca['prv'] = base64_encode($pconfig['key']); |
| 244 | 253 |
} |
| 254 |
$savemsg = sprintf(gettext("Updated Certificate Authority %s"), $ca['descr']);
|
|
| 245 | 255 |
} else {
|
| 246 | 256 |
$old_err_level = error_reporting(0); /* otherwise openssl_ functions throw warnings directly to a page screwing menu tab */ |
| 247 | 257 |
if ($pconfig['method'] == "existing") {
|
| 248 | 258 |
ca_import($ca, $pconfig['cert'], $pconfig['key'], $pconfig['serial']); |
| 259 |
$savemsg = sprintf(gettext("Imported Certificate Authority %s"), $ca['descr']);
|
|
| 249 | 260 |
} else if ($pconfig['method'] == "internal") {
|
| 250 | 261 |
$dn = array('commonName' => cert_escape_x509_chars($pconfig['dn_commonname']));
|
| 251 | 262 |
if (!empty($pconfig['dn_country'])) {
|
| ... | ... | |
| 271 | 282 |
} |
| 272 | 283 |
} |
| 273 | 284 |
} |
| 285 |
$savemsg = sprintf(gettext("Created internal Certificate Authority %s"), $ca['descr']);
|
|
| 274 | 286 |
} else if ($pconfig['method'] == "intermediate") {
|
| 275 | 287 |
$dn = array('commonName' => cert_escape_x509_chars($pconfig['dn_commonname']));
|
| 276 | 288 |
if (!empty($pconfig['dn_country'])) {
|
| ... | ... | |
| 296 | 308 |
} |
| 297 | 309 |
} |
| 298 | 310 |
} |
| 311 |
$savemsg = sprintf(gettext("Created internal intermediate Certificate Authority %s"), $ca['descr']);
|
|
| 299 | 312 |
} |
| 300 | 313 |
error_reporting($old_err_level); |
| 301 | 314 |
} |
| 302 | 315 |
|
| 303 |
if (isset($id) && $a_ca[$id]) {
|
|
| 304 |
$a_ca[$id] = $ca;
|
|
| 316 |
if (isset($id) && $thisca) {
|
|
| 317 |
$thisca = $ca;
|
|
| 305 | 318 |
} else {
|
| 306 | 319 |
$a_ca[] = $ca; |
| 307 | 320 |
} |
| 308 | 321 |
|
| 309 | 322 |
if (!$input_errors) {
|
| 310 |
write_config(); |
|
| 323 |
write_config($savemsg);
|
|
| 311 | 324 |
ca_setup_trust_store(); |
| 312 | 325 |
pfSenseHeader("system_camanager.php");
|
| 313 | 326 |
} |
| ... | ... | |
| 328 | 341 |
} |
| 329 | 342 |
|
| 330 | 343 |
if ($savemsg) {
|
| 331 |
print_info_box($savemsg, 'success');
|
|
| 344 |
print_info_box($savemsg, $class);
|
|
| 332 | 345 |
} |
| 333 | 346 |
|
| 334 | 347 |
$tab_array = array(); |
| ... | ... | |
| 397 | 410 |
$pluginparams['event'] = 'used_ca'; |
| 398 | 411 |
$certificates_used_by_packages = pkg_call_plugins('plugin_certificates', $pluginparams);
|
| 399 | 412 |
|
| 400 |
foreach ($a_ca as $i => $ca):
|
|
| 413 |
foreach ($a_ca as $ca): |
|
| 401 | 414 |
$name = htmlspecialchars($ca['descr']); |
| 402 | 415 |
$subj = cert_get_subject($ca['crt']); |
| 403 | 416 |
$issuer = cert_get_issuer($ca['crt']); |
| ... | ... | |
| 453 | 466 |
<?php echo cert_usedby_description($ca['refid'], $certificates_used_by_packages); ?> |
| 454 | 467 |
</td> |
| 455 | 468 |
<td class="text-nowrap"> |
| 456 |
<a class="fa fa-pencil" title="<?=gettext("Edit CA")?>" href="system_camanager.php?act=edit&id=<?=$i?>"></a>
|
|
| 457 |
<a class="fa fa-certificate" title="<?=gettext("Export CA")?>" href="system_camanager.php?act=exp&id=<?=$i?>"></a>
|
|
| 469 |
<a class="fa fa-pencil" title="<?=gettext("Edit CA")?>" href="system_camanager.php?act=edit&id=<?=$ca['refid']?>"></a>
|
|
| 470 |
<a class="fa fa-certificate" title="<?=gettext("Export CA")?>" href="system_camanager.php?act=exp&id=<?=$ca['refid']?>"></a>
|
|
| 458 | 471 |
<?php if ($ca['prv']): ?> |
| 459 |
<a class="fa fa-key" title="<?=gettext("Export key")?>" href="system_camanager.php?act=expkey&id=<?=$i?>"></a>
|
|
| 472 |
<a class="fa fa-key" title="<?=gettext("Export key")?>" href="system_camanager.php?act=expkey&id=<?=$ca['refid']?>"></a>
|
|
| 460 | 473 |
<?php endif?> |
| 461 | 474 |
<?php if (is_cert_locally_renewable($ca)): ?> |
| 462 | 475 |
<a href="system_certmanager_renew.php?type=ca&refid=<?=$ca['refid']?>" class="fa fa-repeat" title="<?=gettext("Reissue/Renew")?>"></a>
|
| 463 | 476 |
<?php endif ?> |
| 464 | 477 |
<?php if (!ca_in_use($ca['refid'])): ?> |
| 465 |
<a class="fa fa-trash" title="<?=gettext("Delete CA and its CRLs")?>" href="system_camanager.php?act=del&id=<?=$i?>" usepost ></a>
|
|
| 478 |
<a class="fa fa-trash" title="<?=gettext("Delete CA and its CRLs")?>" href="system_camanager.php?act=del&id=<?=$ca['refid']?>" usepost ></a>
|
|
| 466 | 479 |
<?php endif?> |
| 467 | 480 |
</td> |
| 468 | 481 |
</tr> |
| ... | ... | |
| 540 | 553 |
|
| 541 | 554 |
$form = new Form; |
| 542 | 555 |
//$form->setAction('system_camanager.php?act=edit');
|
| 543 |
if (isset($id) && $a_ca[$id]) {
|
|
| 556 |
if (isset($id) && $thisca) {
|
|
| 544 | 557 |
$form->addGlobal(new Form_Input( |
| 545 | 558 |
'id', |
| 546 | 559 |
null, |
| src/usr/local/www/system_certmanager.php | ||
|---|---|---|
| 52 | 52 |
$max_lifetime = cert_get_max_lifetime(); |
| 53 | 53 |
$default_lifetime = min(3650, $max_lifetime); |
| 54 | 54 |
$openssl_ecnames = openssl_get_curve_names(); |
| 55 |
$class = "success"; |
|
| 55 | 56 |
|
| 56 | 57 |
if (isset($_REQUEST['userid']) && is_numericint($_REQUEST['userid'])) {
|
| 57 | 58 |
$userid = $_REQUEST['userid']; |
| ... | ... | |
| 63 | 64 |
$a_user =& $config['system']['user']; |
| 64 | 65 |
} |
| 65 | 66 |
|
| 66 |
if (isset($_REQUEST['id']) && is_numericint($_REQUEST['id'])) {
|
|
| 67 |
$id = $_REQUEST['id']; |
|
| 68 |
} |
|
| 69 |
|
|
| 70 | 67 |
init_config_arr(array('ca'));
|
| 71 | 68 |
$a_ca = &$config['ca']; |
| 72 | 69 |
|
| ... | ... | |
| 82 | 79 |
|
| 83 | 80 |
$act = $_REQUEST['act']; |
| 84 | 81 |
|
| 82 |
if (isset($_REQUEST['id']) && ctype_alnum($_REQUEST['id'])) {
|
|
| 83 |
$id = $_REQUEST['id']; |
|
| 84 |
} |
|
| 85 |
if (!empty($id)) {
|
|
| 86 |
$thiscert =& lookup_cert($id); |
|
| 87 |
} |
|
| 88 |
|
|
| 85 | 89 |
/* Actions other than 'new' require an ID. |
| 86 | 90 |
* 'del' action must be submitted via POST. */ |
| 87 | 91 |
if ((!empty($act) && |
| 88 | 92 |
($act != 'new') && |
| 89 |
!$a_cert[$id]) ||
|
|
| 93 |
!$thiscert) ||
|
|
| 90 | 94 |
(($act == 'del') && empty($_POST))) {
|
| 91 | 95 |
pfSenseHeader("system_certmanager.php");
|
| 92 | 96 |
exit; |
| ... | ... | |
| 94 | 98 |
|
| 95 | 99 |
switch ($act) {
|
| 96 | 100 |
case 'del': |
| 97 |
unset($a_cert[$id]); |
|
| 98 |
write_config(); |
|
| 99 |
$savemsg = sprintf(gettext("Certificate %s successfully deleted."), htmlspecialchars($a_cert[$id]['descr']));
|
|
| 100 |
pfSenseHeader("system_certmanager.php");
|
|
| 101 |
exit; |
|
| 101 |
$name = htmlspecialchars($thiscert['descr']); |
|
| 102 |
if (cert_in_use($id)) {
|
|
| 103 |
$savemsg = sprintf(gettext("Certificate %s is in use and cannot be deleted"), $name);
|
|
| 104 |
$class = "danger"; |
|
| 105 |
} else {
|
|
| 106 |
foreach ($a_cert as $cid => $acrt) {
|
|
| 107 |
if ($acrt['refid'] == $thiscert['refid']) {
|
|
| 108 |
unset($a_cert[$cid]); |
|
| 109 |
} |
|
| 110 |
} |
|
| 111 |
$savemsg = sprintf(gettext("Deleted certificate %s"), $name);
|
|
| 112 |
write_config($savemsg); |
|
| 113 |
} |
|
| 114 |
unset($act); |
|
| 115 |
break; |
|
| 102 | 116 |
case 'new': |
| 103 | 117 |
/* New certificate, so set default values */ |
| 104 | 118 |
$pconfig['method'] = $_POST['method']; |
| ... | ... | |
| 116 | 130 |
break; |
| 117 | 131 |
case 'csr': |
| 118 | 132 |
/* Editing a CSR, so populate values */ |
| 119 |
$pconfig['descr'] = $a_cert[$id]['descr'];
|
|
| 120 |
$pconfig['csr'] = base64_decode($a_cert[$id]['csr']);
|
|
| 133 |
$pconfig['descr'] = $thiscert['descr'];
|
|
| 134 |
$pconfig['csr'] = base64_decode($thiscert['csr']);
|
|
| 121 | 135 |
break; |
| 122 | 136 |
case 'exp': |
| 123 | 137 |
/* Exporting a certificate */ |
| 124 |
send_user_download('data', base64_decode($a_cert[$id]['crt']), "{$a_cert[$id]['descr']}.crt");
|
|
| 138 |
send_user_download('data', base64_decode($thiscert['crt']), "{$thiscert['descr']}.crt");
|
|
| 125 | 139 |
break; |
| 126 | 140 |
case 'req': |
| 127 | 141 |
/* Exporting a certificate signing request */ |
| 128 |
send_user_download('data', base64_decode($a_cert[$id]['csr']), "{$a_cert[$id]['descr']}.req");
|
|
| 142 |
send_user_download('data', base64_decode($thiscert['csr']), "{$thiscert['descr']}.req");
|
|
| 129 | 143 |
break; |
| 130 | 144 |
case 'key': |
| 131 | 145 |
/* Exporting a private key */ |
| 132 |
send_user_download('data', base64_decode($a_cert[$id]['prv']), "{$a_cert[$id]['descr']}.key");
|
|
| 146 |
send_user_download('data', base64_decode($thiscert['prv']), "{$thiscert['descr']}.key");
|
|
| 133 | 147 |
break; |
| 134 | 148 |
case 'p12': |
| 135 | 149 |
/* Exporting a PKCS#12 file containing the certificate, key, and (if present) CA */ |
| 136 | 150 |
$args = array(); |
| 137 |
$args['friendly_name'] = $a_cert[$id]['descr'];
|
|
| 138 |
$ca = lookup_ca($a_cert[$id]['caref']);
|
|
| 151 |
$args['friendly_name'] = $thiscert['descr'];
|
|
| 152 |
$ca = lookup_ca($thiscert['caref']);
|
|
| 139 | 153 |
if ($ca) {
|
| 140 | 154 |
/* If the CA can be found, then add the CA to the container */ |
| 141 | 155 |
$args['extracerts'] = openssl_x509_read(base64_decode($ca['crt'])); |
| 142 | 156 |
} |
| 143 |
$res_crt = openssl_x509_read(base64_decode($a_cert[$id]['crt']));
|
|
| 144 |
$res_key = openssl_pkey_get_private(base64_decode($a_cert[$id]['prv']));
|
|
| 157 |
$res_crt = openssl_x509_read(base64_decode($thiscert['crt']));
|
|
| 158 |
$res_key = openssl_pkey_get_private(base64_decode($thiscert['prv']));
|
|
| 145 | 159 |
$exp_data = ""; |
| 146 | 160 |
openssl_pkcs12_export($res_crt, $exp_data, $res_key, null, $args); |
| 147 |
send_user_download('data', $exp_data, "{$a_cert[$id]['descr']}.p12");
|
|
| 161 |
send_user_download('data', $exp_data, "{$thiscert['descr']}.p12");
|
|
| 148 | 162 |
break; |
| 149 | 163 |
default: |
| 150 | 164 |
break; |
| ... | ... | |
| 342 | 356 |
$cert = lookup_cert($pconfig['certref']); |
| 343 | 357 |
if ($cert && $a_user) {
|
| 344 | 358 |
$a_user[$userid]['cert'][] = $cert['refid']; |
| 359 |
$savemsg = sprintf(gettext("Added certificate %s to user %s"), $cert['descr'], $a_user[$userid]['name']);
|
|
| 345 | 360 |
} |
| 346 | 361 |
} elseif ($pconfig['method'] == "sign") { // Sign a CSR
|
| 347 | 362 |
$csrid = lookup_cert($pconfig['csrtosign']); |
| ... | ... | |
| 379 | 394 |
|
| 380 | 395 |
// Add it to the config file |
| 381 | 396 |
$config['cert'][] = $newcert; |
| 397 |
$savemsg = sprintf(gettext("Signed certificate %s"), $newcert['descr']);
|
|
| 382 | 398 |
} |
| 383 | 399 |
|
| 384 | 400 |
} else {
|
| 385 | 401 |
$cert = array(); |
| 386 | 402 |
$cert['refid'] = uniqid(); |
| 387 |
if (isset($id) && $a_cert[$id]) {
|
|
| 388 |
$cert = $a_cert[$id];
|
|
| 403 |
if (isset($id) && $thiscert) {
|
|
| 404 |
$cert = $thiscert;
|
|
| 389 | 405 |
} |
| 390 | 406 |
|
| 391 | 407 |
$cert['descr'] = $pconfig['descr']; |
| ... | ... | |
| 394 | 410 |
|
| 395 | 411 |
if ($pconfig['method'] == "import") {
|
| 396 | 412 |
cert_import($cert, $pconfig['cert'], $pconfig['key']); |
| 413 |
$savemsg = sprintf(gettext("Imported certificate %s"), $cert['descr']);
|
|
| 397 | 414 |
} |
| 398 | 415 |
|
| 399 | 416 |
if ($pconfig['method'] == "internal") {
|
| ... | ... | |
| 439 | 456 |
} |
| 440 | 457 |
} |
| 441 | 458 |
} |
| 459 |
$savemsg = sprintf(gettext("Created internal certificate %s"), $cert['descr']);
|
|
| 442 | 460 |
} |
| 443 | 461 |
|
| 444 | 462 |
if ($pconfig['method'] == "external") {
|
| ... | ... | |
| 484 | 502 |
} |
| 485 | 503 |
} |
| 486 | 504 |
} |
| 505 |
$savemsg = sprintf(gettext("Created certificate signing request %s"), $cert['descr']);
|
|
| 487 | 506 |
} |
| 488 | 507 |
|
| 489 | 508 |
error_reporting($old_err_level); |
| 490 | 509 |
|
| 491 |
if (isset($id) && $a_cert[$id]) {
|
|
| 492 |
$a_cert[$id] = $cert;
|
|
| 510 |
if (isset($id) && $thiscert) {
|
|
| 511 |
$thiscert = $cert;
|
|
| 493 | 512 |
} else {
|
| 494 | 513 |
$a_cert[] = $cert; |
| 495 | 514 |
} |
| ... | ... | |
| 500 | 519 |
} |
| 501 | 520 |
|
| 502 | 521 |
if (!$input_errors) {
|
| 503 |
write_config(); |
|
| 522 |
write_config($savemsg);
|
|
| 504 | 523 |
} |
| 505 | 524 |
|
| 506 | 525 |
if ((isset($userid) && is_numeric($userid)) && !$input_errors) {
|
| ... | ... | |
| 536 | 555 |
|
| 537 | 556 |
/* save modifications */ |
| 538 | 557 |
if (!$input_errors) {
|
| 539 |
$cert = $a_cert[$id];
|
|
| 558 |
$cert = $thiscert;
|
|
| 540 | 559 |
$cert['descr'] = $pconfig['descr']; |
| 541 | 560 |
csr_complete($cert, $pconfig['cert']); |
| 542 |
$a_cert[$id] = $cert; |
|
| 543 |
write_config(); |
|
| 561 |
$thiscert = $cert; |
|
| 562 |
$savemsg = sprintf(gettext("Updated certificate signing request %s"), $pconfig['descr']);
|
|
| 563 |
write_config($savemsg); |
|
| 544 | 564 |
pfSenseHeader("system_certmanager.php");
|
| 545 | 565 |
} |
| 546 | 566 |
} |
| ... | ... | |
| 560 | 580 |
} |
| 561 | 581 |
|
| 562 | 582 |
if ($savemsg) {
|
| 563 |
print_info_box($savemsg, 'success');
|
|
| 583 |
print_info_box($savemsg, $class);
|
|
| 564 | 584 |
} |
| 565 | 585 |
|
| 566 | 586 |
$tab_array = array(); |
| ... | ... | |
| 571 | 591 |
|
| 572 | 592 |
if ($act == "new" || (($_POST['save'] == gettext("Save")) && $input_errors)) {
|
| 573 | 593 |
$form = new Form(); |
| 574 |
$form->setAction('system_certmanager.php?act=edit');
|
|
| 594 |
$form->setAction('system_certmanager.php');
|
|
| 575 | 595 |
|
| 576 | 596 |
if (isset($userid) && $a_user) {
|
| 577 | 597 |
$form->addGlobal(new Form_Input( |
| ... | ... | |
| 582 | 602 |
)); |
| 583 | 603 |
} |
| 584 | 604 |
|
| 585 |
if (isset($id) && $a_cert[$id]) {
|
|
| 605 |
if (isset($id) && $thiscert) {
|
|
| 586 | 606 |
$form->addGlobal(new Form_Input( |
| 587 | 607 |
'id', |
| 588 | 608 |
null, |
| ... | ... | |
| 607 | 627 |
'*Descriptive name', |
| 608 | 628 |
'text', |
| 609 | 629 |
($a_user && empty($pconfig['descr'])) ? $a_user[$userid]['name'] : $pconfig['descr'] |
| 610 |
))->addClass('toggle-internal toggle-import toggle-external toggle-sign collapse');
|
|
| 630 |
))->addClass('toggle-internal toggle-import toggle-external toggle-sign toggle-existing collapse');
|
|
| 611 | 631 |
|
| 612 | 632 |
$form->add($section); |
| 613 | 633 |
|
| ... | ... | |
| 1080 | 1100 |
))->setWidth(7) |
| 1081 | 1101 |
->setHelp('Paste the certificate received from the certificate authority here.');
|
| 1082 | 1102 |
|
| 1083 |
if (isset($id) && $a_cert[$id]) {
|
|
| 1103 |
if (isset($id) && $thiscert) {
|
|
| 1084 | 1104 |
$form->addGlobal(new Form_Input( |
| 1085 | 1105 |
'id', |
| 1086 | 1106 |
null, |
| ... | ... | |
| 1164 | 1184 |
$pluginparams['type'] = 'certificates'; |
| 1165 | 1185 |
$pluginparams['event'] = 'used_certificates'; |
| 1166 | 1186 |
$certificates_used_by_packages = pkg_call_plugins('plugin_certificates', $pluginparams);
|
| 1167 |
$i = 0; |
|
| 1168 |
foreach ($a_cert as $i => $cert): |
|
| 1187 |
foreach ($a_cert as $cert): |
|
| 1169 | 1188 |
if (!is_array($cert) || empty($cert)) {
|
| 1170 | 1189 |
continue; |
| 1171 | 1190 |
} |
| ... | ... | |
| 1244 | 1263 |
</td> |
| 1245 | 1264 |
<td> |
| 1246 | 1265 |
<?php if (!$cert['csr']): ?> |
| 1247 |
<a href="system_certmanager.php?act=exp&id=<?=$i?>" class="fa fa-certificate" title="<?=gettext("Export Certificate")?>"></a>
|
|
| 1266 |
<a href="system_certmanager.php?act=exp&id=<?=$cert['refid']?>" class="fa fa-certificate" title="<?=gettext("Export Certificate")?>"></a>
|
|
| 1248 | 1267 |
<?php if ($cert['prv']): ?> |
| 1249 |
<a href="system_certmanager.php?act=key&id=<?=$i?>" class="fa fa-key" title="<?=gettext("Export Key")?>"></a>
|
|
| 1268 |
<a href="system_certmanager.php?act=key&id=<?=$cert['refid']?>" class="fa fa-key" title="<?=gettext("Export Key")?>"></a>
|
|
| 1250 | 1269 |
<?php endif?> |
| 1251 | 1270 |
<?php if (is_cert_locally_renewable($cert)): ?> |
| 1252 | 1271 |
<a href="system_certmanager_renew.php?type=cert&refid=<?=$cert['refid']?>" class="fa fa-repeat" title="<?=gettext("Reissue/Renew")?>"></a>
|
| 1253 | 1272 |
<?php endif ?> |
| 1254 |
<a href="system_certmanager.php?act=p12&id=<?=$i?>" class="fa fa-archive" title="<?=gettext("Export P12")?>"></a>
|
|
| 1273 |
<a href="system_certmanager.php?act=p12&id=<?=$cert['refid']?>" class="fa fa-archive" title="<?=gettext("Export P12")?>"></a>
|
|
| 1255 | 1274 |
<?php else: ?> |
| 1256 |
<a href="system_certmanager.php?act=csr&id=<?=$i?>" class="fa fa-pencil" title="<?=gettext("Update CSR")?>"></a>
|
|
| 1257 |
<a href="system_certmanager.php?act=req&id=<?=$i?>" class="fa fa-sign-in" title="<?=gettext("Export Request")?>"></a>
|
|
| 1258 |
<a href="system_certmanager.php?act=key&id=<?=$i?>" class="fa fa-key" title="<?=gettext("Export Key")?>"></a>
|
|
| 1275 |
<a href="system_certmanager.php?act=csr&id=<?=$cert['refid']?>" class="fa fa-pencil" title="<?=gettext("Update CSR")?>"></a>
|
|
| 1276 |
<a href="system_certmanager.php?act=req&id=<?=$cert['refid']?>" class="fa fa-sign-in" title="<?=gettext("Export Request")?>"></a>
|
|
| 1277 |
<a href="system_certmanager.php?act=key&id=<?=$cert['refid']?>" class="fa fa-key" title="<?=gettext("Export Key")?>"></a>
|
|
| 1259 | 1278 |
<?php endif?> |
| 1260 | 1279 |
<?php if (!cert_in_use($cert['refid'])): ?> |
| 1261 |
<a href="system_certmanager.php?act=del&id=<?=$i?>" class="fa fa-trash" title="<?=gettext("Delete Certificate")?>" usepost></a>
|
|
| 1280 |
<a href="system_certmanager.php?act=del&id=<?=$cert['refid']?>" class="fa fa-trash" title="<?=gettext("Delete Certificate")?>" usepost></a>
|
|
| 1262 | 1281 |
<?php endif?> |
| 1263 | 1282 |
</td> |
| 1264 | 1283 |
</tr> |
| 1265 | 1284 |
<?php |
| 1266 |
$i++; |
|
| 1267 | 1285 |
endforeach; ?> |
| 1268 | 1286 |
</tbody> |
| 1269 | 1287 |
</table> |
| src/usr/local/www/system_crlmanager.php | ||
|---|---|---|
| 56 | 56 |
init_config_arr(array('crl'));
|
| 57 | 57 |
$a_crl = &$config['crl']; |
| 58 | 58 |
|
| 59 |
/* Clean up blank entries missing a reference ID */ |
|
| 59 | 60 |
foreach ($a_crl as $cid => $acrl) {
|
| 60 | 61 |
if (!isset($acrl['refid'])) {
|
| 61 | 62 |
unset ($a_crl[$cid]); |
Also available in: Unified diff
CA/Cert optimizations
accurate and not as prone to being affected by parallel changes.