diff options
author | Ermal Luci <eri@pfsense.org> | 2009-06-18 12:40:11 +0000 |
---|---|---|
committer | Ermal Luci <eri@pfsense.org> | 2009-06-18 12:40:11 +0000 |
commit | 6dc88d5352ea963d85708379405e238e0518e990 (patch) | |
tree | e51eb1a505ff148a495c642c9b6ed225476a58ce /etc/inc/certs.inc | |
parent | 4b9980ecfff36202b6ea8dbf7d41e44f78ba52f3 (diff) | |
download | pfsense-6dc88d5352ea963d85708379405e238e0518e990.zip pfsense-6dc88d5352ea963d85708379405e238e0518e990.tar.gz |
* Move functions that output html to guiconfig.inc
* Remove some recursive dependency on some includes
* Remove ^M or \r from files
* Remove some entries from functions.inc to avoid including them twice
* Remove some unneccessary includes from some files
NOTE: There is some more work to be done for pkg-utils.inc to be removed from backend as a dependency.
Diffstat (limited to 'etc/inc/certs.inc')
-rw-r--r-- | etc/inc/certs.inc | 450 |
1 files changed, 224 insertions, 226 deletions
diff --git a/etc/inc/certs.inc b/etc/inc/certs.inc index b7c0e60..4177545 100644 --- a/etc/inc/certs.inc +++ b/etc/inc/certs.inc @@ -1,226 +1,224 @@ -<?php
-/* $Id$ */
-/*
- Copyright (C) 2008 Shrew Soft Inc
- All rights reserved.
-
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions are met:
-
- 1. Redistributions of source code must retain the above copyright notice,
- this list of conditions and the following disclaimer.
-
- 2. Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
-
- THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
- OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGE.
-
- DISABLE_PHP_LINT_CHECKING
-*/
-
-require_once("functions.inc");
-
-function & lookup_ca($refid) {
- global $config;
-
- if (is_array($config['system']['ca']))
- foreach ($config['system']['ca'] as & $ca)
- if ($ca['refid'] == $refid)
- return $ca;
-
- return false;
-}
-
-function & lookup_cert($refid) {
- global $config;
-
- if (is_array($config['system']['cert']))
- foreach ($config['system']['cert'] as & $cert)
- if ($cert['refid'] == $refid)
- return $cert;
-
- return false;
-}
-
-function ca_import(& $ca, $str) {
-
- $ca['crt'] = base64_encode($str);
-
- return true;
-}
-
-function ca_create(& $ca, $keylen, $lifetime, $dn) {
-
- $args = array(
- "digest_alg" => "sha1",
- "private_key_bits" => $keylen,
- "private_key_type" => OPENSSL_KEYTYPE_RSA,
- "encrypt_key" => false);
-
- // generate a new key pair
- $res_key = openssl_pkey_new();
-
- // generate a certificate signing request
- $res_csr = openssl_csr_new($dn, $res_key, $args);
-
- // self sign the certificate
- $res_crt = openssl_csr_sign($res_csr, null, $res_key, $lifetime, $args);
-
- // export our certificate data
- openssl_pkey_export($res_key, $str_key);
- openssl_x509_export($res_crt, $str_crt);
-
- // return our ca information
- $ca['crt'] = base64_encode($str_crt);
- $ca['prv'] = base64_encode($str_key);
- $ca['serial'] = 0;
-
- return true;
-}
-
-function cert_import(& $cert, $crt_str, $key_str) {
-
- $cert['crt'] = base64_encode($crt_str);
- $cert['prv'] = base64_encode($key_str);
-
- return true;
-}
-
-function cert_create(& $cert, $caref, $keylen, $lifetime, $dn) {
-
- $ca =& lookup_ca($caref);
- if (!$ca)
- return false;
-
- $ca_str_crt = base64_decode($ca['crt']);
- $ca_str_key = base64_decode($ca['prv']);
- $ca_res_crt = openssl_x509_read($ca_str_crt);
- $ca_res_key = openssl_pkey_get_private($ca_str_key);
- $ca_serial = $ca['serial']++;
-
- $args = array(
- "digest_alg" => "sha1",
- "private_key_bits" => $keylen,
- "private_key_type" => OPENSSL_KEYTYPE_RSA,
- "encrypt_key" => false);
-
- // generate a new key pair
- $res_key = openssl_pkey_new();
-
- // generate a certificate signing request
- $res_csr = openssl_csr_new($dn, $res_key, $args);
-
- // self sign the certificate
- $res_crt = openssl_csr_sign($res_csr, $ca_res_crt, $ca_res_key, $lifetime,
- $args, $ca_serial);
-
- // export our certificate data
- openssl_pkey_export($res_key, $str_key);
- openssl_x509_export($res_crt, $str_crt);
-
- // return our certificate information
- $cert['caref'] = $caref;
- $cert['crt'] = base64_encode($str_crt);
- $cert['prv'] = base64_encode($str_key);
-
- return true;
-}
-
-function csr_generate(& $cert, $keylen, $dn) {
-
- $args = array(
- "digest_alg" => "sha1",
- "private_key_bits" => $keylen,
- "private_key_type" => OPENSSL_KEYTYPE_RSA,
- "encrypt_key" => false);
-
- // generate a new key pair
- $res_key = openssl_pkey_new();
-
- // generate a certificate signing request
- $res_csr = openssl_csr_new($dn, $res_key, $args);
-
- // export our request data
- openssl_pkey_export($res_key, $str_key);
- openssl_csr_export($res_csr, $str_csr);
-
- // return our request information
- $cert['csr'] = base64_encode($str_csr);
- $cert['prv'] = base64_encode($str_key);
-
- return true;
-}
-
-function csr_complete(& $cert, $str_crt) {
-
- // return our request information
- $cert['crt'] = base64_encode($str_crt);
- unset($cert['csr']);
-
- return true;
-}
-
-function csr_get_subject($str_crt, $decode = true) {
-
- if ($decode)
- $str_crt = base64_decode($str_crt);
-
- $components = openssl_csr_get_subject($str_crt);
-
- if (!is_array($components))
- return "unknown";
-
- foreach ($components as $a => $v) {
- if (!strlen($subject))
- $subject = "{$a}={$v}";
- else
- $subject = "{$a}={$v}, {$subject}";
- }
-
- return $subject;
-}
-
-function cert_get_subject($str_crt, $decode = true) {
-
- if ($decode)
- $str_crt = base64_decode($str_crt);
-
- $inf_crt = openssl_x509_parse($str_crt);
- $components = $inf_crt['subject'];
-
- if (!is_array($components))
- return "unknown";
-
- foreach ($components as $a => $v) {
- if (!strlen($subject))
- $subject = "{$a}={$v}";
- else
- $subject = "{$a}={$v}, {$subject}";
- }
-
- return $subject;
-}
-
-function cert_get_subject_array($crt) {
- $str_crt = base64_decode($crt);
- $inf_crt = openssl_x509_parse($str_crt);
- $components = $inf_crt['subject'];
- $subject_array = array();
-
- foreach($components as $a => $v)
- $subject_array[] = array('a' => $a, 'v' => $v);
-
- return $subject_array;
-}
-
-?>
+<?php +/* $Id$ */ +/* + Copyright (C) 2008 Shrew Soft Inc + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + + DISABLE_PHP_LINT_CHECKING +*/ + +function & lookup_ca($refid) { + global $config; + + if (is_array($config['system']['ca'])) + foreach ($config['system']['ca'] as & $ca) + if ($ca['refid'] == $refid) + return $ca; + + return false; +} + +function & lookup_cert($refid) { + global $config; + + if (is_array($config['system']['cert'])) + foreach ($config['system']['cert'] as & $cert) + if ($cert['refid'] == $refid) + return $cert; + + return false; +} + +function ca_import(& $ca, $str) { + + $ca['crt'] = base64_encode($str); + + return true; +} + +function ca_create(& $ca, $keylen, $lifetime, $dn) { + + $args = array( + "digest_alg" => "sha1", + "private_key_bits" => $keylen, + "private_key_type" => OPENSSL_KEYTYPE_RSA, + "encrypt_key" => false); + + // generate a new key pair + $res_key = openssl_pkey_new(); + + // generate a certificate signing request + $res_csr = openssl_csr_new($dn, $res_key, $args); + + // self sign the certificate + $res_crt = openssl_csr_sign($res_csr, null, $res_key, $lifetime, $args); + + // export our certificate data + openssl_pkey_export($res_key, $str_key); + openssl_x509_export($res_crt, $str_crt); + + // return our ca information + $ca['crt'] = base64_encode($str_crt); + $ca['prv'] = base64_encode($str_key); + $ca['serial'] = 0; + + return true; +} + +function cert_import(& $cert, $crt_str, $key_str) { + + $cert['crt'] = base64_encode($crt_str); + $cert['prv'] = base64_encode($key_str); + + return true; +} + +function cert_create(& $cert, $caref, $keylen, $lifetime, $dn) { + + $ca =& lookup_ca($caref); + if (!$ca) + return false; + + $ca_str_crt = base64_decode($ca['crt']); + $ca_str_key = base64_decode($ca['prv']); + $ca_res_crt = openssl_x509_read($ca_str_crt); + $ca_res_key = openssl_pkey_get_private($ca_str_key); + $ca_serial = $ca['serial']++; + + $args = array( + "digest_alg" => "sha1", + "private_key_bits" => $keylen, + "private_key_type" => OPENSSL_KEYTYPE_RSA, + "encrypt_key" => false); + + // generate a new key pair + $res_key = openssl_pkey_new(); + + // generate a certificate signing request + $res_csr = openssl_csr_new($dn, $res_key, $args); + + // self sign the certificate + $res_crt = openssl_csr_sign($res_csr, $ca_res_crt, $ca_res_key, $lifetime, + $args, $ca_serial); + + // export our certificate data + openssl_pkey_export($res_key, $str_key); + openssl_x509_export($res_crt, $str_crt); + + // return our certificate information + $cert['caref'] = $caref; + $cert['crt'] = base64_encode($str_crt); + $cert['prv'] = base64_encode($str_key); + + return true; +} + +function csr_generate(& $cert, $keylen, $dn) { + + $args = array( + "digest_alg" => "sha1", + "private_key_bits" => $keylen, + "private_key_type" => OPENSSL_KEYTYPE_RSA, + "encrypt_key" => false); + + // generate a new key pair + $res_key = openssl_pkey_new(); + + // generate a certificate signing request + $res_csr = openssl_csr_new($dn, $res_key, $args); + + // export our request data + openssl_pkey_export($res_key, $str_key); + openssl_csr_export($res_csr, $str_csr); + + // return our request information + $cert['csr'] = base64_encode($str_csr); + $cert['prv'] = base64_encode($str_key); + + return true; +} + +function csr_complete(& $cert, $str_crt) { + + // return our request information + $cert['crt'] = base64_encode($str_crt); + unset($cert['csr']); + + return true; +} + +function csr_get_subject($str_crt, $decode = true) { + + if ($decode) + $str_crt = base64_decode($str_crt); + + $components = openssl_csr_get_subject($str_crt); + + if (!is_array($components)) + return "unknown"; + + foreach ($components as $a => $v) { + if (!strlen($subject)) + $subject = "{$a}={$v}"; + else + $subject = "{$a}={$v}, {$subject}"; + } + + return $subject; +} + +function cert_get_subject($str_crt, $decode = true) { + + if ($decode) + $str_crt = base64_decode($str_crt); + + $inf_crt = openssl_x509_parse($str_crt); + $components = $inf_crt['subject']; + + if (!is_array($components)) + return "unknown"; + + foreach ($components as $a => $v) { + if (!strlen($subject)) + $subject = "{$a}={$v}"; + else + $subject = "{$a}={$v}, {$subject}"; + } + + return $subject; +} + +function cert_get_subject_array($crt) { + $str_crt = base64_decode($crt); + $inf_crt = openssl_x509_parse($str_crt); + $components = $inf_crt['subject']; + $subject_array = array(); + + foreach($components as $a => $v) + $subject_array[] = array('a' => $a, 'v' => $v); + + return $subject_array; +} + +?> |