Project

General

Profile

Download (15.5 KB) Statistics
| Branch: | Tag: | Revision:
1
<?php
2
/*
3
    system_camanager.php
4

    
5
    Copyright (C) 2008 Shrew Soft Inc.
6
    All rights reserved.
7

    
8
    Redistribution and use in source and binary forms, with or without
9
    modification, are permitted provided that the following conditions are met:
10

    
11
    1. Redistributions of source code must retain the above copyright notice,
12
       this list of conditions and the following disclaimer.
13

    
14
    2. Redistributions in binary form must reproduce the above copyright
15
       notice, this list of conditions and the following disclaimer in the
16
       documentation and/or other materials provided with the distribution.
17

    
18
    THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
19
    INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
20
    AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
21
    AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
22
    OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
23
    SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
24
    INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
25
    CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
26
    ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
27
    POSSIBILITY OF SUCH DAMAGE.
28
*/
29
/*
30
	pfSense_MODULE:	certificate_managaer
31
*/
32

    
33
##|+PRIV
34
##|*IDENT=page-system-camanager
35
##|*NAME=System: CA Manager
36
##|*DESCR=Allow access to the 'System: CA Manager' page.
37
##|*MATCH=system_camanager.php*
38
##|-PRIV
39

    
40
require("guiconfig.inc");
41
require_once("certs.inc");
42

    
43
$ca_methods = array(
44
	"existing" => gettext("Import an existing Certificate Authority"),
45
	"internal" => gettext("Create an internal Certificate Authority"));
46

    
47
$ca_keylens = array( "512", "1024", "2048", "4096");
48

    
49
$pgtitle = array(gettext("System"), gettext("Certificate Authority Manager"));
50

    
51
$id = $_GET['id'];
52
if (isset($_POST['id']))
53
	$id = $_POST['id'];
54

    
55
if (!is_array($config['system']['ca']))
56
	$config['system']['ca'] = array();
57

    
58
$a_ca =& $config['system']['ca'];
59

    
60
if (!is_array($config['system']['cert']))
61
	$config['system']['cert'] = array();
62

    
63
$a_cert =& $config['system']['cert'];
64

    
65
$act = $_GET['act'];
66
if ($_POST['act'])
67
	$act = $_POST['act'];
68

    
69
if ($act == "del") {
70

    
71
	if (!$a_ca[$id]) {
72
		pfSenseHeader("system_camanager.php");
73
		exit;
74
	}
75

    
76
	$index = count($a_cert) - 1;
77
	for (;$index >=0; $index--)
78
		if ($a_cert[$index]['caref'] == $a_ca[$id]['refid'])
79
			unset($a_cert[$index]);
80

    
81
	$name = $a_ca[$id]['name'];
82
	unset($a_ca[$id]);
83
	write_config();
84
	$savemsg = gettext("Certificate Authority")." {$name} ".
85
				gettext("successfully deleted")."<br/>";
86
}
87

    
88
if ($act == "new") {
89
	$pconfig['method'] = $_GET['method'];
90
	$pconfig['keylen'] = "2048";
91
	$pconfig['lifetime'] = "3650";
92
	$pconfig['dn_commonname'] = "internal-ca";
93
}
94

    
95
if ($act == "exp") {
96

    
97
	if (!$a_ca[$id]) {
98
		pfSenseHeader("system_camanager.php");
99
		exit;
100
	}
101

    
102
	$exp_name = urlencode("{$a_ca[$id]['name']}.crt");
103
	$exp_data = base64_decode($a_ca[$id]['crt']);
104
	$exp_size = strlen($exp_data);
105

    
106
	header("Content-Type: application/octet-stream");
107
	header("Content-Disposition: attachment; filename={$exp_name}");
108
	header("Content-Length: $exp_size");
109
	echo $exp_data;
110
	exit;
111
}
112

    
113
if ($_POST) {
114

    
115
	unset($input_errors);
116
	$pconfig = $_POST;
117

    
118
	/* input validation */
119
	if ($pconfig['method'] == "existing") {
120
		$reqdfields = explode(" ", "name cert");
121
		$reqdfieldsn = array(
122
				gettext("Descriptive name"),
123
				gettext("Certificate data"));
124
	}
125
	if ($pconfig['method'] == "internal") {
126
		$reqdfields = explode(" ",
127
				"name keylen lifetime dn_country dn_state dn_city ".
128
				"dn_organization dn_email dn_commonname");
129
		$reqdfieldsn = array(
130
				gettext("Descriptive name"),
131
				gettext("Key length"),
132
				gettext("Lifetime"),
133
				gettext("Distinguished name Country Code"),
134
				gettext("Distinguished name State or Province"),
135
				gettext("Distinguished name City"),
136
				gettext("Distinguished name Organization"),
137
				gettext("Distinguished name Email Address"),
138
				gettext("Distinguished name Common Name"));
139
	}
140

    
141
	do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
142

    
143
	/* if this is an AJAX caller then handle via JSON */
144
	if (isAjax() && is_array($input_errors)) {
145
		input_errors2Ajax($input_errors);
146
		exit;
147
	}
148

    
149
	/* save modifications */
150
	if (!$input_errors) {
151

    
152
		$ca = array();
153
		$ca['refid'] = uniqid();
154
		if (isset($id) && $a_ca[$id])
155
			$ca = $a_ca[$id];
156

    
157
	    $ca['name'] = $pconfig['name'];
158

    
159
		if ($pconfig['method'] == "existing")
160
			ca_import($ca, $pconfig['cert']);
161

    
162
		if ($pconfig['method'] == "internal")
163
		{
164
			$dn = array(
165
				'countryName' => $pconfig['dn_country'],
166
				'stateOrProvinceName' => $pconfig['dn_state'],
167
				'localityName' => $pconfig['dn_city'],
168
				'organizationName' => $pconfig['dn_organization'],
169
				'emailAddress' => $pconfig['dn_email'],
170
				'commonName' => $pconfig['dn_commonname']);
171

    
172
			ca_create($ca, $pconfig['keylen'], $pconfig['lifetime'], $dn);
173
		}
174

    
175
		if (isset($id) && $a_ca[$id])
176
			$a_ca[$id] = $ca;
177
		else
178
			$a_ca[] = $ca;
179

    
180
		write_config();
181

    
182
//		pfSenseHeader("system_camanager.php");
183
	}
184
}
185

    
186
include("head.inc");
187
?>
188

    
189
<body link="#000000" vlink="#000000" alink="#000000" onload="<?= $jsevents["body"]["onload"] ?>">
190
<?php include("fbegin.inc"); ?>
191
<script type="text/javascript">
192
<!--
193

    
194
function method_change() {
195

    
196
	method = document.iform.method.selectedIndex;
197

    
198
	switch (method) {
199
		case 0:
200
			document.getElementById("existing").style.display="";
201
			document.getElementById("internal").style.display="none";
202
			break;
203
		case 1:
204
			document.getElementById("existing").style.display="none";
205
			document.getElementById("internal").style.display="";
206
			break;
207
	}
208
}
209

    
210
//-->
211
</script>
212
<?php
213
	if ($input_errors)
214
		print_input_errors($input_errors);
215
	if ($savemsg)
216
		print_info_box($savemsg);
217
?>
218
<table width="100%" border="0" cellpadding="0" cellspacing="0">
219
	<tr>
220
		<td>
221
		<?php
222
			$tab_array = array();
223
			$tab_array[] = array(gettext("CAs"), true, "system_camanager.php");
224
			$tab_array[] = array(gettext("Certificates"), false, "system_certmanager.php");
225
			display_top_tabs($tab_array);
226
		?>
227
		</td>
228
	</tr>
229
	<tr>
230
		<td id="mainarea">
231
			<div class="tabcont">
232

    
233
				<?php if ($act == "new" || $act == gettext("save") || $input_errors): ?>
234

    
235
				<form action="system_camanager.php" method="post" name="iform" id="iform">
236
					<table width="100%" border="0" cellpadding="6" cellspacing="0">
237
						<tr>
238
							<td width="22%" valign="top" class="vncellreq"><?=gettext("Descriptive name");?></td>
239
							<td width="78%" class="vtable">
240
								<input name="name" type="text" class="formfld unknown" id="name" size="20" value="<?=htmlspecialchars($pconfig['name']);?>"/>
241
							</td>
242
						</tr>
243
						<?php if (!isset($id)): ?>
244
						<tr>
245
							<td width="22%" valign="top" class="vncellreq"><?=gettext("Method");?></td>
246
							<td width="78%" class="vtable">
247
								<select name='method' id='method' class="formselect" onchange='method_change()'>
248
								<?php
249
									foreach($ca_methods as $method => $desc):
250
									$selected = "";
251
									if ($pconfig['method'] == $method)
252
										$selected = "selected";
253
								?>
254
									<option value="<?=$method;?>"<?=$selected;?>><?=$desc;?></option>
255
								<?php endforeach; ?>
256
								</select>
257
							</td>
258
						</tr>
259
						<?php endif; ?>
260
					</table>
261

    
262
					<table width="100%" border="0" cellpadding="6" cellspacing="0" id="existing">
263
						<tr>
264
							<td colspan="2" class="list" height="12"></td>
265
						</tr>
266
						<tr>
267
							<td colspan="2" valign="top" class="listtopic"><?=gettext("Existing Certificate Authority");?></td>
268
						</tr>
269

    
270
						<tr>
271
							<td width="22%" valign="top" class="vncellreq"><?=gettext("Certificate data");?></td>
272
							<td width="78%" class="vtable">
273
								<textarea name="cert" id="cert" cols="65" rows="7" class="formfld_cert"><?=$pconfig['cert'];?></textarea>
274
								<br>
275
								<?=gettext("Paste a certificate in X.509 PEM format here.");?></td>
276
							</td>
277
						</tr>
278
					</table>
279

    
280
					<table width="100%" border="0" cellpadding="6" cellspacing="0" id="internal">
281
						<tr>
282
							<td colspan="2" class="list" height="12"></td>
283
						</tr>
284
						<tr>
285
							<td colspan="2" valign="top" class="listtopic"><?=gettext("Internal Certificate Authority");?></td>
286
						</tr>
287
						<tr>
288
							<td width="22%" valign="top" class="vncellreq"><?=gettext("Key length");?></td>
289
							<td width="78%" class="vtable">
290
								<select name='keylen' id='keylen' class="formselect">
291
								<?php
292
									foreach( $ca_keylens as $len):
293
									$selected = "";
294
									if ($pconfig['keylen'] == $len)
295
										$selected = "selected";
296
								?>
297
									<option value="<?=$len;?>"<?=$selected;?>><?=$len;?></option>
298
								<?php endforeach; ?>
299
								</select>
300
								<?=gettext(bits);?>
301
							</td>
302
						</tr>
303
						<tr>
304
							<td width="22%" valign="top" class="vncellreq"><?=gettext("Lifetime");?></td>
305
							<td width="78%" class="vtable">
306
								<input name="lifetime" type="text" class="formfld unknown" id="lifetime" size="5" value="<?=htmlspecialchars($pconfig['lifetime']);?>"/>
307
								<?=gettext(days);?>
308
							</td>
309
						</tr>
310
						<tr>
311
							<td width="22%" valign="top" class="vncellreq"><?=gettext("Distinguished name");?></td>
312
							<td width="78%" class="vtable">
313
								<table border="0" cellspacing="0" cellpadding="2">
314
									<tr>
315
										<td align="right"><?=gettext("Country Code");?> : &nbsp;</td>
316
										<td align="left">
317
											<input name="dn_country" type="text" class="formfld unknown" maxlength="2" size="2" value="<?=htmlspecialchars($pconfig['dn_country']);?>"/>
318
											&nbsp;
319
											<em>ex:</em>
320
											&nbsp;
321
											<?=gettext("US");?>
322
											<em><?=gettext("( two letters )");?></em>
323
										</td>
324
									</tr>
325
									<tr>
326
										<td align="right"><?=gettext("State or Province");?> : &nbsp;</td>
327
										<td align="left">
328
											<input name="dn_state" type="text" class="formfld unknown" size="40" value="<?=htmlspecialchars($pconfig['dn_state']);?>"/>
329
											&nbsp;
330
											<em>ex:</em>
331
											&nbsp;
332
											<?=gettext("Texas");?>
333
										</td>
334
									</tr>
335
									<tr>
336
										<td align="right"><?=gettext("City");?> : &nbsp;</td>
337
										<td align="left">
338
											<input name="dn_city" type="text" class="formfld unknown" size="40" value="<?=htmlspecialchars($pconfig['dn_city']);?>"/>
339
											&nbsp;
340
											<em>ex:</em>
341
											&nbsp;
342
											<?=gettext("Austin");?>
343
										</td>
344
									</tr>
345
									<tr>
346
										<td align="right"><?=gettext("Organization");?> : &nbsp;</td>
347
										<td align="left">
348
											<input name="dn_organization" type="text" class="formfld unknown" size="40" value="<?=htmlspecialchars($pconfig['dn_organization']);?>"/>
349
											&nbsp;
350
											<em>ex:</em>
351
											&nbsp;
352
											<?=gettext("My Company Inc.");?>
353
										</td>
354
									</tr>
355
									<tr>
356
										<td align="right"><?=gettext("Email Address");?> : &nbsp;</td>
357
										<td align="left">
358
											<input name="dn_email" type="text" class="formfld unknown" size="25" value="<?=htmlspecialchars($pconfig['dn_email']);?>"/>
359
											&nbsp;
360
											<em>ex:</em>
361
											&nbsp;
362
											<?=gettext("admin@mycompany.com");?>
363
										</td>
364
									</tr>
365
									<tr>
366
										<td align="right"><?=gettext("Common Name");?> : &nbsp;</td>
367
										<td align="left">
368
											<input name="dn_commonname" type="text" class="formfld unknown" size="25" value="<?=htmlspecialchars($pconfig['dn_commonname']);?>"/>
369
											&nbsp;
370
											<em>ex:</em>
371
											&nbsp;
372
											<?=gettext("internal-ca");?>
373
										</td>
374
									</tr>
375
								</table>
376
							</td>
377
						</tr>
378
					</table>
379

    
380
					<table width="100%" border="0" cellpadding="6" cellspacing="0">
381
						<tr>
382
							<td width="22%" valign="top">&nbsp;</td>
383
							<td width="78%">
384
								<input id="submit" name="save" type="submit" class="formbtn" value="<?=gettext("Save"); ?>" />
385
								<?php if (isset($id) && $a_ca[$id]): ?>
386
								<input name="id" type="hidden" value="<?=$id;?>" />
387
								<?php endif;?>
388
							</td>
389
						</tr>
390
					</table>
391
				</form>
392

    
393
				<?php else: ?>
394

    
395
				<table width="100%" border="0" cellpadding="0" cellspacing="0">
396
					<tr>
397
						<td width="20%" class="listhdrr"><?=gettext("Name");?></td>
398
						<td width="10%" class="listhdrr"><?=gettext("Internal");?></td>
399
						<td width="10%" class="listhdrr"><?=gettext("Issuer");?></td>
400
						<td width="10%" class="listhdrr"><?=gettext("Certificates");?></td>
401
						<td width="40%" class="listhdrr"><?=gettext("Distinguished Name");?></td>
402
						<td width="10%" class="list"></td>
403
					</tr>
404
					<?php
405
						$i = 0;
406
						foreach($a_ca as $ca):
407
							$name = htmlspecialchars($ca['name']);
408
							$subj = cert_get_subject($ca['crt']);
409
							$issuer = cert_get_issuer($ca['crt']);
410
							if($subj == $issuer)
411
							  $issuer_name = "<em>" . gettext("self-signed") . "</em>";
412
							else
413
							  $issuer_name = "<em>" . gettext("external") . "</em>";
414
							$subj = htmlspecialchars($subj);
415
							$issuer = htmlspecialchars($issuer);
416
							$certcount = 0;
417

    
418
							$issuer_ca = lookup_ca($ca['caref']);
419
							if ($issuer_ca)
420
								$issuer_name = $issuer_ca['name'];
421

    
422
							// TODO : Need gray certificate icon
423

    
424
							if($ca['prv']) {
425
								$caimg = "/themes/{$g['theme']}/images/icons/icon_frmfld_cert.png";
426
								$internal = "YES";
427

    
428
							} else {
429
								$caimg = "/themes/{$g['theme']}/images/icons/icon_frmfld_cert.png";
430
								$internal = "NO";
431
							}
432
							foreach ($a_cert as $cert)
433
								if ($cert['caref'] == $ca['refid'])
434
									$certcount++;
435
  						foreach ($a_ca as $cert)
436
  							if ($cert['caref'] == $ca['refid'])
437
  								$certcount++;
438
					?>
439
					<tr>
440
						<td class="listlr">
441
							<table border="0" cellpadding="0" cellspacing="0">
442
								<tr>
443
									<td align="left" valign="center">
444
										<img src="<?=$caimg;?>" alt="CA" title="CA" border="0" height="16" width="16" />
445
									</td>
446
									<td align="left" valign="middle">
447
										<?=$name;?>
448
									</td>
449
								</tr>
450
							</table>
451
						</td>
452
						<td class="listr"><?=$internal;?>&nbsp;</td>
453
						<td class="listr"><?=$issuer_name;?>&nbsp;</td>
454
						<td class="listr"><?=$certcount;?>&nbsp;</td>
455
						<td class="listr"><?=$subj;?>&nbsp;</td>
456
						<td valign="middle" nowrap class="list">
457
							<a href="system_camanager.php?act=exp&id=<?=$i;?>")">
458
								<img src="/themes/<?= $g['theme'];?>/images/icons/icon_down.gif" title="<?=gettext("export ca");?>" alt="<?=gettext("export ca");?>" width="17" height="17" border="0" />
459
							</a>
460
							<a href="system_camanager.php?act=del&id=<?=$i;?>" onclick="return confirm('<?=gettext("Do you really want to delete this Certificate Authority and all associated certificates?");?>')">
461
								<img src="/themes/<?= $g['theme'];?>/images/icons/icon_x.gif" title="<?=gettext("delete ca");?>" alt="<?=gettext("delete ca"); ?>" width="17" height="17" border="0" />
462
							</a>
463
						</td>
464
					</tr>
465
					<?php
466
							$i++;
467
						endforeach;
468
					?>
469
					<tr>
470
						<td class="list" colspan="5"></td>
471
						<td class="list">
472
							<a href="system_camanager.php?act=new">
473
								<img src="/themes/<?= $g['theme'];?>/images/icons/icon_plus.gif" title="<?=gettext("add or import ca");?>" alt="<?=gettext("add ca");?>" width="17" height="17" border="0" />
474
							</a>
475
						</td>
476
					</tr>
477
					<tr>
478
						<td colspan="5">
479
							<p>
480
								<?=gettext("Additional trusted Certificate Authorities can be added here.");?>
481
							</p>
482
						</td>
483
					</tr>
484
				</table>
485

    
486
				<?php endif; ?>
487

    
488
			</div>
489
		</td>
490
	</tr>
491
</table>
492
<?php include("fend.inc");?>
493
<script type="text/javascript">
494
<!--
495

    
496
method_change();
497

    
498
//-->
499
</script>
500

    
501
</body>
(179-179/221)