diff options
| author | jim-p <jimp@pfsense.org> | 2011-03-30 16:35:28 -0400 |
|---|---|---|
| committer | jim-p <jimp@pfsense.org> | 2011-03-30 16:37:45 -0400 |
| commit | bfa992bc4eb8f8674f44b94e8617a032854356e9 (patch) | |
| tree | 992e331feed98277d36c2b826c3ade87188bfaf9 | |
| parent | b7d5a7bab8531b6a038100e74edc5d27a26b1d6a (diff) | |
| download | pfsense-bfa992bc4eb8f8674f44b94e8617a032854356e9.zip pfsense-bfa992bc4eb8f8674f44b94e8617a032854356e9.tar.gz | |
Allow editing of CAs, so that imported CAs can have their private keys added later (mainly affected users upgrading from 1.2.3 and wanting to use the cert manager). Also, allow editing the CA's serial, since this shouldn't really be 0 for imported CAs, but the serial of the last cert that was made from this CA.
| -rw-r--r-- | etc/inc/certs.inc | 6 | ||||
| -rw-r--r-- | usr/local/www/system_camanager.php | 79 |
2 files changed, 64 insertions, 21 deletions
diff --git a/etc/inc/certs.inc b/etc/inc/certs.inc index 8d5604f..2b192c1 100644 --- a/etc/inc/certs.inc +++ b/etc/inc/certs.inc @@ -121,13 +121,14 @@ function ca_chain(& $cert) { return ""; } -function ca_import(& $ca, $str, $key="") { +function ca_import(& $ca, $str, $key="", $serial=0) { global $config; $ca['crt'] = base64_encode($str); if (!empty($key)) $ca['prv'] = base64_encode($key); - + if (!empty($serial)) + $ca['serial'] = $serial; $subject = cert_get_subject($str, false); $issuer = cert_get_issuer($str, false); @@ -355,6 +356,7 @@ function cert_get_issuer($str_crt, $decode = true) { $inf_crt = openssl_x509_parse($str_crt); $components = $inf_crt['issuer']; + ksort($components); if (!is_array($components)) return "unknown"; foreach ($components as $a => $v) { diff --git a/usr/local/www/system_camanager.php b/usr/local/www/system_camanager.php index 6eddd39..3bf1165 100644 --- a/usr/local/www/system_camanager.php +++ b/usr/local/www/system_camanager.php @@ -84,6 +84,19 @@ if ($act == "del") { $savemsg = sprintf(gettext("Certificate Authority %s successfully deleted"), $name) . "<br/>"; } +if ($act == "edit") { + if (!$a_ca[$id]) { + pfSenseHeader("system_camanager.php"); + exit; + } + $pconfig['descr'] = $a_ca[$id]['descr']; + $pconfig['refid'] = $a_ca[$id]['refid']; + $pconfig['cert'] = base64_decode($a_ca[$id]['crt']); + $pconfig['serial'] = $a_ca[$id]['serial']; + if (!empty($a_ca[$id]['prv'])) + $pconfig['key'] = base64_decode($a_ca[$id]['prv']); +} + if ($act == "new") { $pconfig['method'] = $_GET['method']; $pconfig['keylen'] = "2048"; @@ -169,26 +182,37 @@ if ($_POST) { if (!$input_errors) { $ca = array(); - $ca['refid'] = uniqid(); + if (!isset($pconfig['refid']) || empty($pconfig['refid'])) + $ca['refid'] = uniqid(); + else + $ca['refid'] = $pconfig['refid']; + if (isset($id) && $a_ca[$id]) $ca = $a_ca[$id]; - $ca['descr'] = $pconfig['descr']; - - if ($pconfig['method'] == "existing") - ca_import($ca, $pconfig['cert'], $pconfig['key']); - - if ($pconfig['method'] == "internal") - { - $dn = array( - 'countryName' => $pconfig['dn_country'], - 'stateOrProvinceName' => $pconfig['dn_state'], - 'localityName' => $pconfig['dn_city'], - 'organizationName' => $pconfig['dn_organization'], - 'emailAddress' => $pconfig['dn_email'], - 'commonName' => $pconfig['dn_commonname']); - - ca_create($ca, $pconfig['keylen'], $pconfig['lifetime'], $dn); + $ca['descr'] = $pconfig['descr']; + + if ($_POST['edit'] == "edit") { + $ca['descr'] = $pconfig['descr']; + $ca['refid'] = $pconfig['refid']; + $ca['serial'] = $pconfig['serial']; + $ca['crt'] = base64_encode($pconfig['cert']); + if (!empty($pconfig['key'])) + $ca['prv'] = base64_encode($pconfig['key']); + } else { + if ($pconfig['method'] == "existing") + ca_import($ca, $pconfig['cert'], $pconfig['key'], $pconfig['serial']); + + if ($pconfig['method'] == "internal") { + $dn = array( + 'countryName' => $pconfig['dn_country'], + 'stateOrProvinceName' => $pconfig['dn_state'], + 'localityName' => $pconfig['dn_city'], + 'organizationName' => $pconfig['dn_organization'], + 'emailAddress' => $pconfig['dn_email'], + 'commonName' => $pconfig['dn_commonname']); + ca_create($ca, $pconfig['keylen'], $pconfig['lifetime'], $dn); + } } if (isset($id) && $a_ca[$id]) @@ -250,9 +274,14 @@ function method_change() { <td id="mainarea"> <div class="tabcont"> - <?php if ($act == "new" || $act == gettext("Save") || $input_errors): ?> + <?php if ($act == "new" || $act == "edit" || $act == gettext("Save") || $input_errors): ?> <form action="system_camanager.php" method="post" name="iform" id="iform"> + <?php if ($act == "edit"): ?> + <input type="hidden" name="edit" value="edit" id="edit"> + <input type="hidden" name="id" value="<?php echo $id; ?>" id="id"> + <input type="hidden" name="refid" value="<?php echo $pconfig['refid']; ?>" id="refid"> + <?php endif; ?> <table width="100%" border="0" cellpadding="6" cellspacing="0"> <tr> <td width="22%" valign="top" class="vncellreq"><?=gettext("Descriptive name");?></td> @@ -260,7 +289,7 @@ function method_change() { <input name="descr" type="text" class="formfld unknown" id="descr" size="20" value="<?=htmlspecialchars($pconfig['descr']);?>"/> </td> </tr> - <?php if (!isset($id)): ?> + <?php if (!isset($id) || $act == "edit"): ?> <tr> <td width="22%" valign="top" class="vncellreq"><?=gettext("Method");?></td> <td width="78%" class="vtable"> @@ -303,6 +332,15 @@ function method_change() { <?=gettext("Paste the private key for the above certificate here. This is optional in most cases, but required if you need to generate a Certificate Revocation List (CRL).");?></td> </td> </tr> + + <?php if (!isset($id) || $act == "edit"): ?> + <tr> + <td width="22%" valign="top" class="vncellreq"><?=gettext("Serial");?></td> + <td width="78%" class="vtable"> + <input name="serial" type="text" class="formfld unknown" id="serial" size="20" value="<?=htmlspecialchars($pconfig['serial']);?>"/> + </td> + </tr> + <?php endif; ?> </table> <table width="100%" border="0" cellpadding="6" cellspacing="0" id="internal"> @@ -482,6 +520,9 @@ function method_change() { <td class="listr"><?=$certcount;?> </td> <td class="listr"><?=$subj;?> </td> <td valign="middle" nowrap class="list"> + <a href="system_camanager.php?act=edit&id=<?=$i;?>")"> + <img src="/themes/<?= $g['theme'];?>/images/icons/icon_e.gif" title="<?=gettext("export ca");?>" alt="<?=gettext("edit ca");?>" width="17" height="17" border="0" /> + </a> <a href="system_camanager.php?act=exp&id=<?=$i;?>")"> <img src="/themes/<?= $g['theme'];?>/images/icons/icon_down.gif" title="<?=gettext("export ca");?>" alt="<?=gettext("export ca");?>" width="17" height="17" border="0" /> </a> |
