diff options
| author | jim-p <jimp@pfsense.org> | 2016-11-29 13:32:17 -0500 |
|---|---|---|
| committer | jim-p <jimp@pfsense.org> | 2016-11-29 13:32:17 -0500 |
| commit | e2c718c80ad06c6977fa61475f24cede06e56c69 (patch) | |
| tree | 92a0a43e180b50df4962c15afb17a3063a6401a2 | |
| parent | cce6c834c0b4568573c0be3f5b74d9c0d29e6e37 (diff) | |
| download | pfsense-e2c718c80ad06c6977fa61475f24cede06e56c69.zip pfsense-e2c718c80ad06c6977fa61475f24cede06e56c69.tar.gz | |
Add some CA in-use test utility functions. Ticket #6947
| -rw-r--r-- | src/etc/inc/certs.inc | 59 |
1 files changed, 59 insertions, 0 deletions
diff --git a/src/etc/inc/certs.inc b/src/etc/inc/certs.inc index 75a32d4..f834bd4 100644 --- a/src/etc/inc/certs.inc +++ b/src/etc/inc/certs.inc @@ -604,6 +604,65 @@ function prv_get_modulus($str_crt, $decode = true) { return cert_get_modulus($str_crt, $decode, "prv"); } +function is_openvpn_server_ca($caref) { + global $config; + if (!is_array($config['openvpn']['openvpn-server'])) { + return; + } + foreach ($config['openvpn']['openvpn-server'] as $ovpns) { + if ($ovpns['caref'] == $caref) { + return true; + } + } + return false; +} + +function is_openvpn_client_ca($caref) { + global $config; + if (!is_array($config['openvpn']['openvpn-client'])) { + return; + } + foreach ($config['openvpn']['openvpn-client'] as $ovpnc) { + if ($ovpnc['caref'] == $caref) { + return true; + } + } + return false; +} + +function is_ipsec_peer_ca($caref) { + global $config; + if (!is_array($config['ipsec']['phase1'])) { + return; + } + foreach ($config['ipsec']['phase1'] as $ipsec) { + if ($ipsec['caref'] == $caref) { + return true; + } + } + return false; +} + +function is_ldap_peer_ca($caref) { + global $config; + if (!is_array($config['system']['authserver'])) { + return; + } + foreach ($config['system']['authserver'] as $authserver) { + if ($authserver['ldap_caref'] == $caref) { + return true; + } + } + return false; +} + +function ca_in_use($caref) { + return (is_openvpn_server_ca($caref) || + is_openvpn_client_ca($caref) || + is_ipsec_peer_ca($caref) || + is_ldap_peer_ca($caref)); +} + function is_user_cert($certref) { global $config; if (!is_array($config['system']['user'])) { |
