/src/usr/local/www/system_certmanager.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/src/usr/local/www/system_certmanager.php @ f14ff867

1	64cc39d3	Matthew Grooms	<?php
2			/*
3	ce77a9c4	Phil Davis	system_certmanager.php
4	64cc39d3	Matthew Grooms	*/
5	98402844	Stephen Beaver	/* ====================================================================
6			* Copyright (c) 2004-2015 Electric Sheep Fencing, LLC. All rights reserved.
7			* Copyright (c) 2008 Shrew Soft Inc.
8			*
9			* Redistribution and use in source and binary forms, with or without modification,
10			* are permitted provided that the following conditions are met:
11			*
12			* 1. Redistributions of source code must retain the above copyright notice,
13			* this list of conditions and the following disclaimer.
14			*
15			* 2. Redistributions in binary form must reproduce the above copyright
16			* notice, this list of conditions and the following disclaimer in
17			* the documentation and/or other materials provided with the
18			* distribution.
19			*
20			* 3. All advertising materials mentioning features or use of this software
21			* must display the following acknowledgment:
22			* "This product includes software developed by the pfSense Project
23			* for use in the pfSense software distribution. (http://www.pfsense.org/).
24			*
25			* 4. The names "pfSense" and "pfSense Project" must not be used to
26			* endorse or promote products derived from this software without
27			* prior written permission. For written permission, please contact
28			* coreteam@pfsense.org.
29			*
30			* 5. Products derived from this software may not be called "pfSense"
31			* nor may "pfSense" appear in their names without prior written
32			* permission of the Electric Sheep Fencing, LLC.
33			*
34			* 6. Redistributions of any form whatsoever must retain the following
35			* acknowledgment:
36			*
37			* "This product includes software developed by the pfSense Project
38			* for use in the pfSense software distribution (http://www.pfsense.org/).
39			*
40			* THIS SOFTWARE IS PROVIDED BY THE pfSense PROJECT ``AS IS'' AND ANY
41			* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42			* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
43			* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE pfSense PROJECT OR
44			* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
45			* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
46			* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
47			* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48			* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
49			* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
50			* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
51			* OF THE POSSIBILITY OF SUCH DAMAGE.
52			*
53			* ====================================================================
54			*
55			*/
56	64cc39d3	Matthew Grooms
57			##\|+PRIV
58			##\|*IDENT=page-system-certmanager
59			##\|*NAME=System: Certificate Manager
60			##\|*DESCR=Allow access to the 'System: Certificate Manager' page.
61			##\|MATCH=system_certmanager.php
62			##\|-PRIV
63
64			require("guiconfig.inc");
65	14f5ae08	Ermal Lu?i	require_once("certs.inc");
66	64cc39d3	Matthew Grooms
67			$cert_methods = array(
68	ad9b5c67	jim-p	"import" => gettext("Import an existing Certificate"),
69	a37753d7	Vinicius Coque	"internal" => gettext("Create an internal Certificate"),
70	ad9b5c67	jim-p	"external" => gettext("Create a Certificate Signing Request"),
71			);
72	64cc39d3	Matthew Grooms
73	56b1ed39	Phil Davis	$cert_keylens = array("512", "1024", "2048", "4096");
74			$cert_types = array(
75			"ca" => "Certificate Authority",
76			"server" => "Server Certificate",
77			"user" => "User Certificate");
78	64cc39d3	Matthew Grooms
79	2f65de89	jim-p	$altname_types = array("DNS", "IP", "email", "URI");
80	84197cec	jim-p	$openssl_digest_algs = array("sha1", "sha224", "sha256", "sha384", "sha512");
81	2f65de89	jim-p
82	2d0d804b	Phil Davis	$pgtitle = array(gettext("System"), gettext("Certificate Manager"), gettext("Certificates"));
83	64cc39d3	Matthew Grooms
84	56b1ed39	Phil Davis	if (is_numericint($_GET['userid'])) {
85	e41ec584	Renato Botelho	$userid = $_GET['userid'];
86	56b1ed39	Phil Davis	}
87			if (isset($_POST['userid']) && is_numericint($_POST['userid'])) {
88	ad9b5c67	jim-p	$userid = $_POST['userid'];
89	56b1ed39	Phil Davis	}
90	e41ec584	Renato Botelho
91			if (isset($userid)) {
92	ad9b5c67	jim-p	$cert_methods["existing"] = gettext("Choose an existing certificate");
93	56b1ed39	Phil Davis	if (!is_array($config['system']['user'])) {
94	ad9b5c67	jim-p	$config['system']['user'] = array();
95	56b1ed39	Phil Davis	}
96	ad9b5c67	jim-p	$a_user =& $config['system']['user'];
97			}
98
99	56b1ed39	Phil Davis	if (is_numericint($_GET['id'])) {
100	e41ec584	Renato Botelho	$id = $_GET['id'];
101	56b1ed39	Phil Davis	}
102			if (isset($_POST['id']) && is_numericint($_POST['id'])) {
103	64cc39d3	Matthew Grooms	$id = $_POST['id'];
104	56b1ed39	Phil Davis	}
105	64cc39d3	Matthew Grooms
106	56b1ed39	Phil Davis	if (!is_array($config['ca'])) {
107	b4e6524c	jim-p	$config['ca'] = array();
108	56b1ed39	Phil Davis	}
109	64cc39d3	Matthew Grooms
110	b4e6524c	jim-p	$a_ca =& $config['ca'];
111	64cc39d3	Matthew Grooms
112	56b1ed39	Phil Davis	if (!is_array($config['cert'])) {
113	b4e6524c	jim-p	$config['cert'] = array();
114	56b1ed39	Phil Davis	}
115	64cc39d3	Matthew Grooms
116	b4e6524c	jim-p	$a_cert =& $config['cert'];
117	64cc39d3	Matthew Grooms
118			$internal_ca_count = 0;
119	56b1ed39	Phil Davis	foreach ($a_ca as $ca) {
120			if ($ca['prv']) {
121	64cc39d3	Matthew Grooms	$internal_ca_count++;
122	56b1ed39	Phil Davis	}
123			}
124	64cc39d3	Matthew Grooms
125			$act = $_GET['act'];
126	8b35eae5	Stephen Beaver
127	56b1ed39	Phil Davis	if ($_POST['act']) {
128	64cc39d3	Matthew Grooms	$act = $_POST['act'];
129	56b1ed39	Phil Davis	}
130	64cc39d3	Matthew Grooms
131			if ($act == "del") {
132
133	40e6086a	jim-p	if (!isset($a_cert[$id])) {
134	64cc39d3	Matthew Grooms	pfSenseHeader("system_certmanager.php");
135			exit;
136			}
137
138			unset($a_cert[$id]);
139			write_config();
140	b741d2ef	jim-p	$savemsg = sprintf(gettext("Certificate %s successfully deleted"), htmlspecialchars($a_cert[$id]['descr'])) . "<br />";
141	2f51259b	jim-p	pfSenseHeader("system_certmanager.php");
142			exit;
143	64cc39d3	Matthew Grooms	}
144
145	8b35eae5	Stephen Beaver
146	64cc39d3	Matthew Grooms	if ($act == "new") {
147			$pconfig['method'] = $_GET['method'];
148			$pconfig['keylen'] = "2048";
149	28a20fdb	jim-p	$pconfig['digest_alg'] = "sha256";
150	8f07b51c	PiBa-NL	$pconfig['csr_keylen'] = "2048";
151			$pconfig['csr_digest_alg'] = "sha256";
152	7aaabd69	jim-p	$pconfig['type'] = "user";
153	cf360495	Chris Buechler	$pconfig['lifetime'] = "3650";
154	64cc39d3	Matthew Grooms	}
155
156	93823b10	Matthew Grooms	if ($act == "exp") {
157
158			if (!$a_cert[$id]) {
159			pfSenseHeader("system_certmanager.php");
160			exit;
161			}
162
163	f2a86ca9	jim-p	$exp_name = urlencode("{$a_cert[$id]['descr']}.crt");
164	93823b10	Matthew Grooms	$exp_data = base64_decode($a_cert[$id]['crt']);
165			$exp_size = strlen($exp_data);
166
167			header("Content-Type: application/octet-stream");
168			header("Content-Disposition: attachment; filename={$exp_name}");
169			header("Content-Length: $exp_size");
170			echo $exp_data;
171			exit;
172			}
173
174	53f5b15f	jim-p	if ($act == "req") {
175
176			if (!$a_cert[$id]) {
177			pfSenseHeader("system_certmanager.php");
178			exit;
179			}
180
181			$exp_name = urlencode("{$a_cert[$id]['descr']}.req");
182			$exp_data = base64_decode($a_cert[$id]['csr']);
183			$exp_size = strlen($exp_data);
184
185			header("Content-Type: application/octet-stream");
186			header("Content-Disposition: attachment; filename={$exp_name}");
187			header("Content-Length: $exp_size");
188			echo $exp_data;
189			exit;
190			}
191
192	73fbece8	mgrooms	if ($act == "key") {
193
194			if (!$a_cert[$id]) {
195			pfSenseHeader("system_certmanager.php");
196			exit;
197			}
198
199	f2a86ca9	jim-p	$exp_name = urlencode("{$a_cert[$id]['descr']}.key");
200	73fbece8	mgrooms	$exp_data = base64_decode($a_cert[$id]['prv']);
201			$exp_size = strlen($exp_data);
202
203			header("Content-Type: application/octet-stream");
204			header("Content-Disposition: attachment; filename={$exp_name}");
205			header("Content-Length: $exp_size");
206			echo $exp_data;
207			exit;
208			}
209
210	eaf23c17	jim-p	if ($act == "p12") {
211			if (!$a_cert[$id]) {
212			pfSenseHeader("system_certmanager.php");
213			exit;
214			}
215
216			$exp_name = urlencode("{$a_cert[$id]['descr']}.p12");
217	eed5b507	jim-p	$args = array();
218			$args['friendly_name'] = $a_cert[$id]['descr'];
219
220			$ca = lookup_ca($a_cert[$id]['caref']);
221	56b1ed39	Phil Davis	if ($ca) {
222	eed5b507	jim-p	$args['extracerts'] = openssl_x509_read(base64_decode($ca['crt']));
223	56b1ed39	Phil Davis	}
224	eaf23c17	jim-p
225			$res_crt = openssl_x509_read(base64_decode($a_cert[$id]['crt']));
226			$res_key = openssl_pkey_get_private(array(0 => base64_decode($a_cert[$id]['prv']) , 1 => ""));
227
228			$exp_data = "";
229	eed5b507	jim-p	openssl_pkcs12_export($res_crt, $exp_data, $res_key, null, $args);
230	eaf23c17	jim-p	$exp_size = strlen($exp_data);
231
232			header("Content-Type: application/octet-stream");
233			header("Content-Disposition: attachment; filename={$exp_name}");
234			header("Content-Length: $exp_size");
235			echo $exp_data;
236			exit;
237			}
238
239	64cc39d3	Matthew Grooms	if ($act == "csr") {
240			if (!$a_cert[$id]) {
241			pfSenseHeader("system_certmanager.php");
242			exit;
243			}
244
245	f2a86ca9	jim-p	$pconfig['descr'] = $a_cert[$id]['descr'];
246	64cc39d3	Matthew Grooms	$pconfig['csr'] = base64_decode($a_cert[$id]['csr']);
247			}
248
249			if ($_POST) {
250	3f0efd58	Stephen Beaver	// This is just the blank altername name that is added for display purposes. We don't want to validate/save it
251	78863416	Phil Davis	if ($_POST['altname_value0'] == "") {
252	3f0efd58	Stephen Beaver	unset($_POST['altname_type0']);
253			unset($_POST['altname_value0']);
254			}
255	0edcccc3	Daniel Seebald
256	e64aa6f8	Carlos Eduardo Ramos	if ($_POST['save'] == gettext("Save")) {
257	21cc2faa	Evgeny Yurchenko	$input_errors = array();
258	64cc39d3	Matthew Grooms	$pconfig = $_POST;
259
260			/* input validation */
261	ad9b5c67	jim-p	if ($pconfig['method'] == "import") {
262	64cc39d3	Matthew Grooms	$reqdfields = explode(" ",
263	56b1ed39	Phil Davis	"descr cert key");
264	38fb1109	Vinicius Coque	$reqdfieldsn = array(
265	56b1ed39	Phil Davis	gettext("Descriptive name"),
266			gettext("Certificate data"),
267			gettext("Key data"));
268			if ($_POST['cert'] && (!strstr($_POST['cert'], "BEGIN CERTIFICATE") \|\| !strstr($_POST['cert'], "END CERTIFICATE"))) {
269	396cfe2e	jim-p	$input_errors[] = gettext("This certificate does not appear to be valid.");
270	56b1ed39	Phil Davis	}
271	64cc39d3	Matthew Grooms	}
272
273			if ($pconfig['method'] == "internal") {
274			$reqdfields = explode(" ",
275	56b1ed39	Phil Davis	"descr caref keylen type lifetime dn_country dn_state dn_city ".
276			"dn_organization dn_email dn_commonname");
277	38fb1109	Vinicius Coque	$reqdfieldsn = array(
278	56b1ed39	Phil Davis	gettext("Descriptive name"),
279			gettext("Certificate authority"),
280			gettext("Key length"),
281			gettext("Certificate Type"),
282			gettext("Lifetime"),
283			gettext("Distinguished name Country Code"),
284			gettext("Distinguished name State or Province"),
285			gettext("Distinguished name City"),
286			gettext("Distinguished name Organization"),
287			gettext("Distinguished name Email Address"),
288			gettext("Distinguished name Common Name"));
289	64cc39d3	Matthew Grooms	}
290
291			if ($pconfig['method'] == "external") {
292			$reqdfields = explode(" ",
293	56b1ed39	Phil Davis	"descr csr_keylen csr_dn_country csr_dn_state csr_dn_city ".
294			"csr_dn_organization csr_dn_email csr_dn_commonname");
295	38fb1109	Vinicius Coque	$reqdfieldsn = array(
296	56b1ed39	Phil Davis	gettext("Descriptive name"),
297			gettext("Key length"),
298			gettext("Distinguished name Country Code"),
299			gettext("Distinguished name State or Province"),
300			gettext("Distinguished name City"),
301			gettext("Distinguished name Organization"),
302			gettext("Distinguished name Email Address"),
303			gettext("Distinguished name Common Name"));
304	64cc39d3	Matthew Grooms	}
305
306	ad9b5c67	jim-p	if ($pconfig['method'] == "existing") {
307			$reqdfields = array("certref");
308			$reqdfieldsn = array(gettext("Existing Certificate Choice"));
309			}
310
311	547c56c4	jim-p	$altnames = array();
312	1e9b4611	Renato Botelho	do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors);
313	eecbeec4	Renato Botelho	if ($pconfig['method'] != "import" && $pconfig['method'] != "existing") {
314	2f65de89	jim-p	/* subjectAltNames */
315	bf9d50e8	Stephen Beaver	foreach ($_POST as $key => $value) {
316			$entry = '';
317			if (!substr_compare('altname_type', $key, 0, 12)) {
318			$entry = substr($key, 12);
319			$field = 'type';
320	78863416	Phil Davis	} elseif (!substr_compare('altname_value', $key, 0, 13)) {
321	bf9d50e8	Stephen Beaver	$entry = substr($key, 13);
322			$field = 'value';
323			}
324
325			if (ctype_digit($entry)) {
326	3f0efd58	Stephen Beaver	$entry++; // Pre-bootstrap code is one-indexed, but the bootstrap code is 0-indexed
327	bf9d50e8	Stephen Beaver	$altnames[$entry][$field] = $value;
328			}
329	2f65de89	jim-p	}
330	bf9d50e8	Stephen Beaver
331	edf37d56	Renato Botelho	$pconfig['altnames']['item'] = $altnames;
332	2f65de89	jim-p
333			/* Input validation for subjectAltNames */
334			foreach ($altnames as $idx => $altname) {
335			switch ($altname['type']) {
336			case "DNS":
337	0edcccc3	Daniel Seebald	if (!is_hostname($altname['value'], true)) {
338			array_push($input_errors, "DNS subjectAltName values must be valid hostnames, FQDNs or wildcard domains.");
339	56b1ed39	Phil Davis	}
340	2f65de89	jim-p	break;
341			case "IP":
342	56b1ed39	Phil Davis	if (!is_ipaddr($altname['value'])) {
343	2f65de89	jim-p	array_push($input_errors, "IP subjectAltName values must be valid IP Addresses");
344	56b1ed39	Phil Davis	}
345	2f65de89	jim-p	break;
346			case "email":
347	56b1ed39	Phil Davis	if (empty($altname['value'])) {
348	2f65de89	jim-p	array_push($input_errors, "You must provide an e-mail address for this type of subjectAltName");
349	56b1ed39	Phil Davis	}
350			if (preg_match("/[\!\#\$\%\^\~\?\>\<\&\/\\\,\"\']/", $altname['value'])) {
351	2f65de89	jim-p	array_push($input_errors, "The e-mail provided in a subjectAltName contains invalid characters.");
352	56b1ed39	Phil Davis	}
353	2f65de89	jim-p	break;
354			case "URI":
355			/* Close enough? */
356	56b1ed39	Phil Davis	if (!is_URL($altname['value'])) {
357	2f65de89	jim-p	$input_errors[] = "URI subjectAltName types must be a valid URI";
358	56b1ed39	Phil Davis	}
359	2f65de89	jim-p	break;
360			default:
361			$input_errors[] = "Unrecognized subjectAltName type.";
362			}
363			}
364
365	21cc2faa	Evgeny Yurchenko	/* Make sure we do not have invalid characters in the fields for the certificate */
366	b741d2ef	jim-p
367			if (preg_match("/[\?\>\<\&\/\\\"\']/", $_POST['descr'])) {
368			array_push($input_errors, "The field 'Descriptive Name' contains invalid characters.");
369			}
370
371	21cc2faa	Evgeny Yurchenko	for ($i = 0; $i < count($reqdfields); $i++) {
372	56b1ed39	Phil Davis	if (preg_match('/email/', $reqdfields[$i])) { /* dn_email or csr_dn_name */
373			if (preg_match("/[\!\#\$\%\^\~\?\>\<\&\/\\\,\"\']/", $_POST[$reqdfields[$i]])) {
374	21cc2faa	Evgeny Yurchenko	array_push($input_errors, "The field 'Distinguished name Email Address' contains invalid characters.");
375	56b1ed39	Phil Davis	}
376			} else if (preg_match('/commonname/', $reqdfields[$i])) { /* dn_commonname or csr_dn_commonname */
377			if (preg_match("/[\!\@\#\$\%\^\~\?\>\<\&\/\\\,\"\']/", $_POST[$reqdfields[$i]])) {
378	21cc2faa	Evgeny Yurchenko	array_push($input_errors, "The field 'Distinguished name Common Name' contains invalid characters.");
379	56b1ed39	Phil Davis	}
380			} else if (($reqdfields[$i] != "descr") && preg_match("/[\!\@\#\$\%\^\~\?\>\<\&\/\\\,\.\"\']/", $_POST[$reqdfields[$i]])) {
381	21cc2faa	Evgeny Yurchenko	array_push($input_errors, "The field '" . $reqdfieldsn[$i] . "' contains invalid characters.");
382	56b1ed39	Phil Davis	}
383	21cc2faa	Evgeny Yurchenko	}
384	738fab3d	jim-p
385	56b1ed39	Phil Davis	if (($pconfig['method'] != "external") && isset($_POST["keylen"]) && !in_array($_POST["keylen"], $cert_keylens)) {
386	741d748d	jim-p	array_push($input_errors, gettext("Please select a valid Key Length."));
387	56b1ed39	Phil Davis	}
388			if (($pconfig['method'] != "external") && !in_array($_POST["digest_alg"], $openssl_digest_algs)) {
389	8f07b51c	PiBa-NL	array_push($input_errors, gettext("Please select a valid Digest Algorithm."));
390	56b1ed39	Phil Davis	}
391	b49f31d0	Sjon Hortensius
392	56b1ed39	Phil Davis	if (($pconfig['method'] == "external") && isset($_POST["csr_keylen"]) && !in_array($_POST["csr_keylen"], $cert_keylens)) {
393	ca621902	jim-p	array_push($input_errors, gettext("Please select a valid Key Length."));
394	56b1ed39	Phil Davis	}
395			if (($pconfig['method'] == "external") && !in_array($_POST["csr_digest_alg"], $openssl_digest_algs)) {
396	ca621902	jim-p	array_push($input_errors, gettext("Please select a valid Digest Algorithm."));
397	56b1ed39	Phil Davis	}
398	547c56c4	jim-p	}
399	64cc39d3	Matthew Grooms
400			/* if this is an AJAX caller then handle via JSON */
401			if (isAjax() && is_array($input_errors)) {
402			input_errors2Ajax($input_errors);
403			exit;
404			}
405
406			/* save modifications */
407			if (!$input_errors) {
408
409	ad9b5c67	jim-p	if ($pconfig['method'] == "existing") {
410			$cert = lookup_cert($pconfig['certref']);
411	56b1ed39	Phil Davis	if ($cert && $a_user) {
412	ad9b5c67	jim-p	$a_user[$userid]['cert'][] = $cert['refid'];
413	56b1ed39	Phil Davis	}
414	ad9b5c67	jim-p	} else {
415			$cert = array();
416			$cert['refid'] = uniqid();
417	56b1ed39	Phil Davis	if (isset($id) && $a_cert[$id]) {
418	ad9b5c67	jim-p	$cert = $a_cert[$id];
419	56b1ed39	Phil Davis	}
420	ad9b5c67	jim-p
421	f2a86ca9	jim-p	$cert['descr'] = $pconfig['descr'];
422	ad9b5c67	jim-p
423	f416763b	Phil Davis	$old_err_level = error_reporting(0); /* otherwise openssl_ functions throw warnings directly to a page screwing menu tab */
424	22b380aa	Evgeny Yurchenko
425	56b1ed39	Phil Davis	if ($pconfig['method'] == "import") {
426	ad9b5c67	jim-p	cert_import($cert, $pconfig['cert'], $pconfig['key']);
427	56b1ed39	Phil Davis	}
428	ad9b5c67	jim-p
429			if ($pconfig['method'] == "internal") {
430			$dn = array(
431			'countryName' => $pconfig['dn_country'],
432			'stateOrProvinceName' => $pconfig['dn_state'],
433			'localityName' => $pconfig['dn_city'],
434			'organizationName' => $pconfig['dn_organization'],
435			'emailAddress' => $pconfig['dn_email'],
436			'commonName' => $pconfig['dn_commonname']);
437	bf9d50e8	Stephen Beaver
438	2f65de89	jim-p	if (count($altnames)) {
439			$altnames_tmp = "";
440			foreach ($altnames as $altname) {
441			$altnames_tmp[] = "{$altname['type']}:{$altname['value']}";
442			}
443	bf9d50e8	Stephen Beaver
444	2f65de89	jim-p	$dn['subjectAltName'] = implode(",", $altnames_tmp);
445			}
446	bf9d50e8	Stephen Beaver
447			if (!cert_create($cert, $pconfig['caref'], $pconfig['keylen'], $pconfig['lifetime'], $dn, $pconfig['type'], $pconfig['digest_alg'])) {
448	56b1ed39	Phil Davis	while ($ssl_err = openssl_error_string()) {
449	22b380aa	Evgeny Yurchenko	$input_errors = array();
450			array_push($input_errors, "openssl library returns: " . $ssl_err);
451			}
452			}
453	ad9b5c67	jim-p	}
454
455			if ($pconfig['method'] == "external") {
456			$dn = array(
457			'countryName' => $pconfig['csr_dn_country'],
458			'stateOrProvinceName' => $pconfig['csr_dn_state'],
459			'localityName' => $pconfig['csr_dn_city'],
460			'organizationName' => $pconfig['csr_dn_organization'],
461			'emailAddress' => $pconfig['csr_dn_email'],
462			'commonName' => $pconfig['csr_dn_commonname']);
463	2f65de89	jim-p	if (count($altnames)) {
464			$altnames_tmp = "";
465			foreach ($altnames as $altname) {
466			$altnames_tmp[] = "{$altname['type']}:{$altname['value']}";
467			}
468			$dn['subjectAltName'] = implode(",", $altnames_tmp);
469			}
470	b29c322c	Stephen Beaver
471	56b1ed39	Phil Davis	if (!csr_generate($cert, $pconfig['csr_keylen'], $dn, $pconfig['csr_digest_alg'])) {
472			while ($ssl_err = openssl_error_string()) {
473	22b380aa	Evgeny Yurchenko	$input_errors = array();
474			array_push($input_errors, "openssl library returns: " . $ssl_err);
475			}
476			}
477	ad9b5c67	jim-p	}
478	22b380aa	Evgeny Yurchenko	error_reporting($old_err_level);
479
480	56b1ed39	Phil Davis	if (isset($id) && $a_cert[$id]) {
481	ad9b5c67	jim-p	$a_cert[$id] = $cert;
482	56b1ed39	Phil Davis	} else {
483	ad9b5c67	jim-p	$a_cert[] = $cert;
484	56b1ed39	Phil Davis	}
485	bf9d50e8	Stephen Beaver
486	56b1ed39	Phil Davis	if (isset($a_user) && isset($userid)) {
487	ad9b5c67	jim-p	$a_user[$userid]['cert'][] = $cert['refid'];
488	56b1ed39	Phil Davis	}
489	64cc39d3	Matthew Grooms	}
490
491	56b1ed39	Phil Davis	if (!$input_errors) {
492	22b380aa	Evgeny Yurchenko	write_config();
493	56b1ed39	Phil Davis	}
494	64cc39d3	Matthew Grooms
495	1a6769a6	Renato Botelho	if ($userid) {
496			post_redirect("system_usermanager.php", array('act' => 'edit', 'userid' => $userid));
497			exit;
498			}
499	64cc39d3	Matthew Grooms	}
500			}
501
502	a37753d7	Vinicius Coque	if ($_POST['save'] == gettext("Update")) {
503	64cc39d3	Matthew Grooms	unset($input_errors);
504			$pconfig = $_POST;
505
506			/* input validation */
507	5293bfec	jim-p	$reqdfields = explode(" ", "descr cert");
508	76d49f20	Renato Botelho	$reqdfieldsn = array(
509	78863416	Phil Davis	gettext("Descriptive name"),
510			gettext("Final Certificate data"));
511	64cc39d3	Matthew Grooms
512	1e9b4611	Renato Botelho	do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors);
513	64cc39d3	Matthew Grooms
514	b741d2ef	jim-p	if (preg_match("/[\?\>\<\&\/\\\"\']/", $_POST['descr'])) {
515			array_push($input_errors, "The field 'Descriptive Name' contains invalid characters.");
516			}
517
518	a828210b	yakatz	// old way
519	64cc39d3	Matthew Grooms	/* make sure this csr and certificate subjects match */
520	a828210b	yakatz	// $subj_csr = csr_get_subject($pconfig['csr'], false);
521			// $subj_cert = cert_get_subject($pconfig['cert'], false);
522			//
523	56b1ed39	Phil Davis	// if (!isset($_POST['ignoresubjectmismatch']) && !($_POST['ignoresubjectmismatch'] == "yes")) {
524			// if (strcmp($subj_csr, $subj_cert)) {
525			// $input_errors[] = sprintf(gettext("The certificate subject '%s' does not match the signing request subject."), $subj_cert);
526	a828210b	yakatz	// $subject_mismatch = true;
527			// }
528			// }
529	6c07db48	Phil Davis	$mod_csr = csr_get_modulus($pconfig['csr'], false);
530	2594f401	yakatz	$mod_cert = cert_get_modulus($pconfig['cert'], false);
531	b49f31d0	Sjon Hortensius
532	56b1ed39	Phil Davis	if (strcmp($mod_csr, $mod_cert)) {
533	a828210b	yakatz	// simply: if the moduli don't match, then the private key and public key won't match
534	56b1ed39	Phil Davis	$input_errors[] = sprintf(gettext("The certificate modulus does not match the signing request modulus."), $subj_cert);
535	a828210b	yakatz	$subject_mismatch = true;
536			}
537	64cc39d3	Matthew Grooms
538			/* if this is an AJAX caller then handle via JSON */
539			if (isAjax() && is_array($input_errors)) {
540			input_errors2Ajax($input_errors);
541			exit;
542			}
543
544			/* save modifications */
545			if (!$input_errors) {
546
547			$cert = $a_cert[$id];
548
549	f2a86ca9	jim-p	$cert['descr'] = $pconfig['descr'];
550	64cc39d3	Matthew Grooms
551			csr_complete($cert, $pconfig['cert']);
552
553			$a_cert[$id] = $cert;
554
555			write_config();
556
557			pfSenseHeader("system_certmanager.php");
558			}
559			}
560			}
561
562			include("head.inc");
563	b49f31d0	Sjon Hortensius
564	78863416	Phil Davis	if ($input_errors) {
565	b49f31d0	Sjon Hortensius	print_input_errors($input_errors);
566	78863416	Phil Davis	}
567	0edcccc3	Daniel Seebald
568	78863416	Phil Davis	if ($savemsg) {
569	3f0efd58	Stephen Beaver	print_info_box($savemsg, 'success');
570	78863416	Phil Davis	}
571	b49f31d0	Sjon Hortensius
572			$tab_array = array();
573			$tab_array[] = array(gettext("CAs"), false, "system_camanager.php");
574			$tab_array[] = array(gettext("Certificates"), true, "system_certmanager.php");
575			$tab_array[] = array(gettext("Certificate Revocation"), false, "system_crlmanager.php");
576			display_top_tabs($tab_array);
577
578			// Load valid country codes
579			$dn_cc = array();
580	78863416	Phil Davis	if (file_exists("/etc/ca_countries")) {
581	b49f31d0	Sjon Hortensius	$dn_cc_file=file("/etc/ca_countries");
582	78863416	Phil Davis	foreach ($dn_cc_file as $line) {
583	b8f22f61	Stephen Beaver	if (preg_match('/^(\S)\s(.)$/', $line, $matches)) {
584			$dn_cc[$matches[1]] = $matches[1];
585			}
586			}
587	b49f31d0	Sjon Hortensius	}
588
589	b29c322c	Stephen Beaver	if ($act == "new" \|\| (($_POST['save'] == gettext("Save")) && $input_errors)) {
590	b49f31d0	Sjon Hortensius	$form = new Form;
591
592	78863416	Phil Davis	if ($act == "csr" \|\| (($_POST['save'] == gettext("Update")) && $input_errors)) {
593	b49f31d0	Sjon Hortensius	$form->setAction('system_certmanager.php?act=csr');
594
595			$section = new Form_Section('Complete Signing Request');
596
597	78863416	Phil Davis	if (isset($id) && $a_cert[$id]) {
598	b49f31d0	Sjon Hortensius	$form->addGlobal(new Form_Input(
599			'id',
600			null,
601			'hidden',
602			$id
603			));
604	64cc39d3	Matthew Grooms	}
605	b49f31d0	Sjon Hortensius
606			$section->addInput(new Form_Input(
607			'descr',
608			'Descriptive name',
609			'text',
610			$pconfig['descr']
611			));
612
613			$section->addInput(new Form_Textarea(
614			'csr',
615			'Signing request data',
616			$pconfig['csr']
617			))->setReadonly()->setHelp('Copy the certificate signing data from here and '.
618			'forward it to your certificate authority for signing.');
619
620			$section->addInput(new Form_Textarea(
621			'cert',
622			'Final certificate data',
623	78863416	Phil Davis	$pconfig['cert']
624	b49f31d0	Sjon Hortensius	))->setHelp('Paste the certificate received from your certificate authority here.');
625
626			$form->add($section);
627			print $form;
628
629			include("foot.inc");
630			exit;
631	64cc39d3	Matthew Grooms	}
632
633	b49f31d0	Sjon Hortensius	$form->setAction('system_certmanager.php?act=edit');
634	64cc39d3	Matthew Grooms
635	78863416	Phil Davis	if (isset($userid) && $a_user) {
636	b49f31d0	Sjon Hortensius	$form->addGlobal(new Form_Input(
637			'userid',
638			null,
639			'hidden',
640			$userid
641			));
642			}
643	64cc39d3	Matthew Grooms
644	78863416	Phil Davis	if (isset($id) && $a_cert[$id]) {
645	b49f31d0	Sjon Hortensius	$form->addGlobal(new Form_Input(
646			'id',
647			null,
648			'hidden',
649			$id
650			));
651			}
652
653			$section = new Form_Section('Add a new certificate');
654
655	78863416	Phil Davis	if (!isset($id)) {
656	b49f31d0	Sjon Hortensius	$section->addInput(new Form_Select(
657			'method',
658			'Method',
659			$pconfig['method'],
660			$cert_methods
661	44d906ca	Sjon Hortensius	))->toggles();
662	b49f31d0	Sjon Hortensius	}
663
664			$section->addInput(new Form_Input(
665			'descr',
666			'Descriptive name',
667			'text',
668			($a_user && empty($pconfig['descr'])) ? $a_user[$userid]['name'] : $pconfig['descr']
669			))->addClass('toggle-existing');
670
671			$form->add($section);
672			$section = new Form_Section('Import Certificate');
673			$section->addClass('toggle-import collapse');
674
675			$section->addInput(new Form_Textarea(
676			'cert',
677			'Certificate data',
678			$pconfig['cert']
679			))->setHelp('Paste a certificate in X.509 PEM format here.');
680
681			$section->addInput(new Form_Textarea(
682			'key',
683			'Private key data',
684			$pconfig['key']
685			))->setHelp('Paste a private key in X.509 PEM format here.');
686
687			$form->add($section);
688			$section = new Form_Section('Internal Certificate');
689			$section->addClass('toggle-internal collapse');
690
691	78863416	Phil Davis	if (!$internal_ca_count) {
692	b49f31d0	Sjon Hortensius	$section->addInput(new Form_StaticText(
693			'Certificate authority',
694	8b35eae5	Stephen Beaver	gettext('No internal Certificate Authorities have been defined. You must ').
695	1391193e	Stephen Beaver	'<a href="system_camanager.php?act=new&method=internal"> '. gettext(" create") .'</a>'.
696			gettext(' an internal CA before creating an internal certificate.')
697	b49f31d0	Sjon Hortensius	));
698	78863416	Phil Davis	} else {
699	b49f31d0	Sjon Hortensius	$allCas = array();
700	78863416	Phil Davis	foreach ($a_ca as $ca) {
701			if (!$ca['prv']) {
702			continue;
703			}
704	b49f31d0	Sjon Hortensius
705			$allCas[ $ca['refid'] ] = $ca['descr'];
706	64cc39d3	Matthew Grooms	}
707	b49f31d0	Sjon Hortensius
708			$section->addInput(new Form_Select(
709			'caref',
710			'Certificate authority',
711			$pconfig['caref'],
712			$allCas
713			));
714	64cc39d3	Matthew Grooms	}
715
716	b49f31d0	Sjon Hortensius	$section->addInput(new Form_Select(
717			'keylen',
718			'Key length',
719			$pconfig['keylen'],
720	8b35eae5	Stephen Beaver	array_combine($cert_keylens, $cert_keylens)
721	b49f31d0	Sjon Hortensius	));
722
723			$section->addInput(new Form_Select(
724			'digest_alg',
725			'Digest Algorithm',
726			$pconfig['digest_alg'],
727	8b35eae5	Stephen Beaver	array_combine($openssl_digest_algs, $openssl_digest_algs)
728	b49f31d0	Sjon Hortensius	))->setHelp('NOTE: It is recommended to use an algorithm stronger than '.
729	1391193e	Stephen Beaver	'SHA1 when possible.');
730	b49f31d0	Sjon Hortensius
731			$section->addInput(new Form_Select(
732			'type',
733			'Certificate Type',
734			$pconfig['type'],
735			$cert_types
736			))->setHelp('Type of certificate to generate. Used for placing '.
737			'restrictions on the usage of the generated certificate.');
738
739			$section->addInput(new Form_Input(
740			'lifetime',
741			'Lifetime (days)',
742			'number',
743			$pconfig['lifetime']
744			));
745
746			$section->addInput(new Form_Select(
747			'dn_country',
748			'Country Code',
749			$pconfig['dn_country'],
750			$dn_cc
751			));
752
753			$section->addInput(new Form_Input(
754			'dn_state',
755			'State or Province',
756			'text',
757			$pconfig['dn_state'],
758			['placeholder' => 'e.g. Texas']
759			));
760
761			$section->addInput(new Form_Input(
762			'dn_city',
763			'City',
764			'text',
765			$pconfig['dn_city'],
766			['placeholder' => 'e.g. Austin']
767			));
768
769			$section->addInput(new Form_Input(
770			'dn_organization',
771			'Organization',
772			'text',
773			$pconfig['dn_organization'],
774			['placeholder' => 'e.g. My Company Inc.']
775			));
776
777			$section->addInput(new Form_Input(
778			'dn_email',
779			'Email Address',
780			'email',
781			$pconfig['dn_email'],
782			['placeholder' => 'e.g. admin@mycompany.com']
783			));
784
785			$section->addInput(new Form_Input(
786			'dn_commonname',
787			'Common Name',
788			'text',
789			$pconfig['dn_commonname'],
790	27e2bf9f	Chris Buechler	['placeholder' => 'e.g. www.example.com']
791	b49f31d0	Sjon Hortensius	));
792
793	78863416	Phil Davis	if (empty($pconfig['altnames']['item'])) {
794	b49f31d0	Sjon Hortensius	$pconfig['altnames']['item'] = array(
795			array('type' => null, 'value' => null)
796			);
797			}
798
799	bf9d50e8	Stephen Beaver	$counter = 0;
800			$numrows = count($pconfig['altnames']['item']) - 1;
801
802			foreach ($pconfig['altnames']['item'] as $item) {
803
804			$group = new Form_Group($counter == 0 ? 'Alternative Names':'');
805
806	b49f31d0	Sjon Hortensius	$group->add(new Form_Select(
807	bf9d50e8	Stephen Beaver	'altname_type' . $counter,
808	b49f31d0	Sjon Hortensius	'Type',
809			$item['type'],
810			array(
811			'DNS' => 'FQDN or Hostname',
812			'IP' => 'IP address',
813			'URI' => 'URI',
814			'email' => 'email address',
815			)
816	bf9d50e8	Stephen Beaver	))->setHelp(($counter == $numrows) ? 'Type':null);
817	b49f31d0	Sjon Hortensius
818			$group->add(new Form_Input(
819	bf9d50e8	Stephen Beaver	'altname_value' . $counter,
820			null,
821	b49f31d0	Sjon Hortensius	'text',
822			$item['value']
823	bf9d50e8	Stephen Beaver	))->setHelp(($counter == $numrows) ? 'Value':null);
824
825			$group->add(new Form_Button(
826			'deleterow' . $counter,
827			'Delete'
828			))->removeClass('btn-primary')->addClass('btn-warning');
829
830			$group->addClass('repeatable');
831	b49f31d0	Sjon Hortensius
832	bf9d50e8	Stephen Beaver	$section->add($group);
833
834			$counter++;
835	b49f31d0	Sjon Hortensius	}
836
837	bf9d50e8	Stephen Beaver	$section->addInput(new Form_Button(
838			'addrow',
839			'Add'
840			))->removeClass('btn-primary')->addClass('btn-success');
841	b49f31d0	Sjon Hortensius
842			$form->add($section);
843			$section = new Form_Section('External Signing Request');
844			$section->addClass('toggle-external collapse');
845
846			$section->addInput(new Form_Select(
847			'csr_keylen',
848			'Key length',
849			$pconfig['csr_keylen'],
850	07ab3f0c	Stephen Beaver	array_combine($cert_keylens, $cert_keylens)
851	b49f31d0	Sjon Hortensius	));
852
853			$section->addInput(new Form_Select(
854			'csr_digest_alg',
855			'Digest Algorithm',
856			$pconfig['csr_digest_alg'],
857	07ab3f0c	Stephen Beaver	array_combine($openssl_digest_algs, $openssl_digest_algs)
858	b49f31d0	Sjon Hortensius	))->setHelp('NOTE: It is recommended to use an algorithm stronger than '.
859			'SHA1 when possible');
860
861			$section->addInput(new Form_Select(
862	07ab3f0c	Stephen Beaver	'csr_dn_country',
863	b49f31d0	Sjon Hortensius	'Country Code',
864	a5772d43	Phil Davis	$pconfig['csr_dn_country'],
865	b49f31d0	Sjon Hortensius	$dn_cc
866			));
867
868			$section->addInput(new Form_Input(
869			'csr_dn_state',
870			'State or Province',
871			'text',
872			$pconfig['csr_dn_state'],
873			['placeholder' => 'e.g. Texas']
874			));
875
876			$section->addInput(new Form_Input(
877			'csr_dn_city',
878			'City',
879			'text',
880			$pconfig['csr_dn_city'],
881			['placeholder' => 'e.g. Austin']
882			));
883
884			$section->addInput(new Form_Input(
885			'csr_dn_organization',
886			'Organization',
887			'text',
888			$pconfig['csr_dn_organization'],
889			['placeholder' => 'e.g. My Company Inc.']
890			));
891
892			$section->addInput(new Form_Input(
893			'csr_dn_email',
894			'Email Address',
895			'email',
896			$pconfig['csr_dn_email'],
897			['placeholder' => 'e.g. admin@mycompany.com']
898			));
899
900			$section->addInput(new Form_Input(
901			'csr_dn_commonname',
902			'Common Name',
903			'text',
904			$pconfig['csr_dn_commonname'],
905			['placeholder' => 'e.g. internal-ca']
906			));
907
908			$form->add($section);
909			$section = new Form_Section('Choose an Existing Certificate');
910			$section->addClass('toggle-existing collapse');
911
912			$existCerts = array();
913	98402844	Stephen Beaver
914			foreach ($config['cert'] as $cert) {
915	78863416	Phil Davis	if (is_array($config['system']['user'][$userid]['cert'])) { // Could be MIA!
916			if (isset($userid) && in_array($cert['refid'], $config['system']['user'][$userid]['cert'])) {
917	98402844	Stephen Beaver	continue;
918	78863416	Phil Davis	}
919	98402844	Stephen Beaver	}
920	b49f31d0	Sjon Hortensius
921			$ca = lookup_ca($cert['caref']);
922	78863416	Phil Davis	if ($ca) {
923	b49f31d0	Sjon Hortensius	$cert['descr'] .= " (CA: {$ca['descr']})";
924	78863416	Phil Davis	}
925	b49f31d0	Sjon Hortensius
926	78863416	Phil Davis	if (cert_in_use($cert['refid'])) {
927	b49f31d0	Sjon Hortensius	$cert['descr'] .= " <i>In Use</i>";
928	78863416	Phil Davis	}
929			if (is_cert_revoked($cert)) {
930	b49f31d0	Sjon Hortensius	$cert['descr'] .= " <b>Revoked</b>";
931	78863416	Phil Davis	}
932	b49f31d0	Sjon Hortensius
933			$existCerts[ $cert['refid'] ] = $cert['descr'];
934			}
935
936	98402844	Stephen Beaver
937	b49f31d0	Sjon Hortensius	$section->addInput(new Form_Select(
938			'certref',
939			'Existing Certificates',
940			$pconfig['certref'],
941			$existCerts
942			));
943
944			$form->add($section);
945			print $form;
946	64cc39d3	Matthew Grooms
947	b29c322c	Stephen Beaver	} else if ($act == "csr" \|\| (($_POST['save'] == gettext("Update")) && $input_errors)) {
948			$form = new Form(new Form_Button(
949	af28e231	Stephen Beaver	'save',
950	b29c322c	Stephen Beaver	'Update'
951			));
952
953			$section = new Form_Section("Complete signing request for " . $pconfig['descr']);
954
955	ba5c55e9	Stephen Beaver	$section->addInput(new Form_Input(
956			'descr',
957			'Descriptive name',
958			'text',
959			$pconfig['descr']
960			));
961
962	b29c322c	Stephen Beaver	$section->addInput(new Form_Textarea(
963			'csr',
964			'Signing request data',
965			$pconfig['csr']
966			))->setReadonly()
967	af28e231	Stephen Beaver	->setWidth(7)
968	b29c322c	Stephen Beaver	->setHelp('Copy the certificate signing data from here and forward it to your certificate authority for signing.');
969
970			$section->addInput(new Form_Textarea(
971			'cert',
972			'Final certificate data',
973			$pconfig['cert']
974	af28e231	Stephen Beaver	))->setWidth(7)
975			->setHelp('Paste the certificate received from your certificate authority here.');
976	b29c322c	Stephen Beaver
977			if (isset($id) && $a_cert[$id]) {
978			$section->addInput(new Form_Input(
979			'id',
980			null,
981			'hidden',
982			$id
983			));
984
985			$section->addInput(new Form_Input(
986			'act',
987			null,
988			'hidden',
989			'csr'
990			));
991			}
992
993			$form->add($section);
994			print($form);
995			} else {
996			?>
997			<div class="table-responsive">
998			<table class="table table-striped table-hover">
999			<thead>
1000			<tr>
1001			<th><?=gettext("Name")?></th>
1002			<th><?=gettext("Issuer")?></th>
1003			<th><?=gettext("Distinguished Name")?></th>
1004			<th><?=gettext("In Use")?></th>
1005			<th class="col-sm-2"><?=gettext("Actions")?></th>
1006			</tr>
1007			</thead>
1008			<tbody>
1009			<?php
1010	78863416	Phil Davis	foreach ($a_cert as $i => $cert):
1011	b29c322c	Stephen Beaver	$name = htmlspecialchars($cert['descr']);
1012
1013			if ($cert['crt']) {
1014			$subj = cert_get_subject($cert['crt']);
1015			$issuer = cert_get_issuer($cert['crt']);
1016			$purpose = cert_get_purpose($cert['crt']);
1017			list($startdate, $enddate) = cert_get_dates($cert['crt']);
1018
1019	78863416	Phil Davis	if ($subj == $issuer) {
1020	b29c322c	Stephen Beaver	$caname = '<i>'. gettext("self-signed") .'</i>';
1021	78863416	Phil Davis	} else {
1022	b29c322c	Stephen Beaver	$caname = '<i>'. gettext("external").'</i>';
1023	78863416	Phil Davis	}
1024	b29c322c	Stephen Beaver
1025			$subj = htmlspecialchars($subj);
1026			}
1027
1028			if ($cert['csr']) {
1029			$subj = htmlspecialchars(csr_get_subject($cert['csr']));
1030			$caname = "<em>" . gettext("external - signature pending") . "</em>";
1031			}
1032
1033			$ca = lookup_ca($cert['caref']);
1034	78863416	Phil Davis	if ($ca) {
1035	b29c322c	Stephen Beaver	$caname = $ca['descr'];
1036	78863416	Phil Davis	}
1037	b29c322c	Stephen Beaver	?>
1038			<tr>
1039			<td>
1040			<?=$name?><br />
1041			<?php if ($cert['type']): ?>
1042			<i><?=$cert_types[$cert['type']]?></i><br />
1043			<?php endif?>
1044			<?php if (is_array($purpose)): ?>
1045			CA: <b><?=$purpose['ca']?></b>, Server: <b><?=$purpose['server']?></b>
1046			<?php endif?>
1047			</td>
1048			<td><?=$caname?></td>
1049			<td>
1050			<?=$subj?>
1051	78863416	Phil Davis	<?php if (!$cert['csr']): ?>
1052	b29c322c	Stephen Beaver	<br />
1053			<small>
1054			<?=gettext("Valid From")?>: <b><?=$startdate ?></b><br /><?=gettext("Valid Until")?>: <b><?=$enddate ?></b>
1055			</small>
1056	991af0a8	Stephen Beaver	<?php endif?>
1057	b29c322c	Stephen Beaver	</td>
1058			<td>
1059			<?php if (is_cert_revoked($cert)): ?>
1060			<i>Revoked </i>
1061			<?php endif?>
1062			<?php if (is_webgui_cert($cert['refid'])): ?>
1063			webConfigurator
1064			<?php endif?>
1065			<?php if (is_user_cert($cert['refid'])): ?>
1066			User Cert
1067			<?php endif?>
1068			<?php if (is_openvpn_server_cert($cert['refid'])): ?>
1069			OpenVPN Server
1070			<?php endif?>
1071			<?php if (is_openvpn_client_cert($cert['refid'])): ?>
1072			OpenVPN Client
1073			<?php endif?>
1074			<?php if (is_ipsec_cert($cert['refid'])): ?>
1075			IPsec Tunnel
1076			<?php endif?>
1077			<?php if (is_captiveportal_cert($cert['refid'])): ?>
1078			Captive Portal
1079			<?php endif?>
1080			</td>
1081			<td>
1082	53f5b15f	jim-p	<?php if (!$cert['csr']): ?>
1083			<a href="system_certmanager.php?act=exp&id=<?=$i?>" class="fa fa-sign-in" title="<?=gettext("Export Certificate")?>"></a>
1084			<a href="system_certmanager.php?act=key&id=<?=$i?>" class="fa fa-key" title="<?=gettext("Export Key")?>"></a>
1085			<a href="system_certmanager.php?act=p12&id=<?=$i?>" class="fa fa-key" title="<?=gettext("Export P12")?>"> P12</a>
1086			<?php else: ?>
1087			<a href="system_certmanager.php?act=csr&id=<?=$i?>" class="fa fa-pencil" title="<?=gettext("Update CSR")?>"></a>
1088			<a href="system_certmanager.php?act=req&id=<?=$i?>" class="fa fa-sign-in" title="<?=gettext("Export Request")?>"></a>
1089			<a href="system_certmanager.php?act=key&id=<?=$i?>" class="fa fa-key" title="<?=gettext("Export Key")?>"></a>
1090	991af0a8	Stephen Beaver	<?php endif?>
1091	b29c322c	Stephen Beaver	<?php if (!cert_in_use($cert['refid'])): ?>
1092			<a href="system_certmanager.php?act=del&id=<?=$i?>" class="fa fa-trash" title="<?=gettext("Delete")?>"></a>
1093			<?php endif?>
1094			</td>
1095			</tr>
1096			<?php endforeach; ?>
1097			</tbody>
1098			</table>
1099			</div>
1100
1101			<nav class="action-buttons">
1102			<a href="?act=new" class="btn btn-success btn-sm">
1103			<i class="fa fa-plus icon-embed-btn"></i>
1104			<?=gettext("Add")?>
1105			</a>
1106			</nav>
1107			<?
1108			include("foot.inc");
1109			exit;
1110			}
1111
1112
1113	51583438	Stephen Beaver	?>
1114	8fd9052f	Colin Fleming	<script type="text/javascript">
1115	51583438	Stephen Beaver	//<![CDATA[
1116	78863416	Phil Davis	events.push(function() {
1117	bf9d50e8	Stephen Beaver
1118	51583438	Stephen Beaver	<?php if ($internal_ca_count): ?>
1119			function internalca_change() {
1120
1121			caref = $('#caref').val();
1122
1123			switch (caref) {
1124			<?php
1125			foreach ($a_ca as $ca):
1126			if (!$ca['prv']) {
1127			continue;
1128			}
1129
1130			$subject = cert_get_subject_array($ca['crt']);
1131
1132			?>
1133			case "<?=$ca['refid'];?>":
1134			$('#dn_country').val("<?=$subject[0]['v'];?>");
1135			$('#dn_state').val("<?=$subject[1]['v'];?>");
1136			$('#dn_city').val("<?=$subject[2]['v'];?>");
1137			$('#dn_organization').val("<?=$subject[3]['v'];?>");
1138			$('#dn_email').val("<?=$subject[4]['v'];?>");
1139			break;
1140			<?php
1141			endforeach;
1142			?>
1143			}
1144			}
1145
1146	eef93144	Jared Dillard	// ---------- Click checkbox handlers ---------------------------------------------------------
1147	f74457df	Stephen Beaver
1148	51583438	Stephen Beaver	$('#caref').on('change', function() {
1149			internalca_change();
1150			});
1151
1152	eef93144	Jared Dillard	// ---------- On initial page load ------------------------------------------------------------
1153
1154	51583438	Stephen Beaver	internalca_change();
1155
1156	0bc61baa	Stephen Beaver	// Suppress "Delete row" button if there are fewer than two rows
1157			checkLastRow();
1158
1159	51583438	Stephen Beaver	<?php endif; ?>
1160
1161
1162			});
1163			//]]>
1164			</script>
1165			<?php
1166	0edcccc3	Daniel Seebald	include('foot.inc');

Project

General

Profile

pfSense