diff options
| author | Renato Botelho <renato@netgate.com> | 2017-04-20 15:49:40 -0300 |
|---|---|---|
| committer | Renato Botelho <renato@netgate.com> | 2017-04-20 15:49:40 -0300 |
| commit | 89cce183cedda765ab3ede33ad455ad171db9fc9 (patch) | |
| tree | 8abb3fb5105199659b2a6448a89b16907a027bf2 /src/etc/inc | |
| parent | 338a2121136a38c8649bc5e71edb880530f6e187 (diff) | |
| parent | 6d6ba6601997908dcea91b26feb07b760ad7105d (diff) | |
| download | pfsense-89cce183cedda765ab3ede33ad455ad171db9fc9.zip pfsense-89cce183cedda765ab3ede33ad455ad171db9fc9.tar.gz | |
Merge pull request #3693 from PiBa-NL/20170416-certmanager-import-ecc-certs
Diffstat (limited to 'src/etc/inc')
| -rw-r--r-- | src/etc/inc/certs.inc | 41 |
1 files changed, 17 insertions, 24 deletions
diff --git a/src/etc/inc/certs.inc b/src/etc/inc/certs.inc index bb114c8..0eb70cf 100644 --- a/src/etc/inc/certs.inc +++ b/src/etc/inc/certs.inc @@ -541,29 +541,26 @@ function cert_get_issuer($str_crt, $decode = true) { return $issuer; } -/* this function works on x509 (crt), rsa key (prv), and req(csr) */ -function cert_get_modulus($str_crt, $decode = true, $type = "crt") { +/* Works for both RSA and ECC (crt) and key (prv) */ +function cert_get_publickey($str_crt, $decode = true, $type = "crt") { if ($decode) { $str_crt = base64_decode($str_crt); } - - $modulus = ""; - if (in_array($type, array("crt", "prv", "csr"))) { - $type = str_replace(array("crt", "prv", "csr"), array("x509", "rsa", "req"), $type); - $modulus = exec("echo \"{$str_crt}\" | openssl {$type} -noout -modulus"); + switch ($type) { + case 'prv': + exec("echo \"{$str_crt}\" | openssl pkey -pubout", $out); + break; + case 'crt': + exec("echo \"{$str_crt}\" | openssl x509 -inform pem -noout -pubkey", $out); + break; + case 'csr': + exec("echo \"{$str_crt}\" | openssl req -inform pem -noout -pubkey", $out); + break; + default: + $out = array(); + break; } - return $modulus; -} - -/* Same but returns modulus keysize not modulus itself */ -function cert_get_modulus_keysize($str_crt, $decode = true, $type = "crt") { - // modulus usually returned as "modulus=.....". Remove anything before an "=" and return 4 x (hex string length) - $raw_modulus = explode('=', cert_get_modulus($str_crt, $decode, $type)); - return strlen(array_pop($raw_modulus))*4; -} - -function csr_get_modulus($str_crt, $decode = true) { - return cert_get_modulus($str_crt, $decode, "csr"); + return implode("\n", $out); } function cert_get_purpose($str_crt, $decode = true) { @@ -603,10 +600,6 @@ function cert_get_serial($str_crt, $decode = true) { } } -function prv_get_modulus($str_crt, $decode = true) { - return cert_get_modulus($str_crt, $decode, "prv"); -} - function is_openvpn_server_ca($caref) { global $config; if (!is_array($config['openvpn']['openvpn-server'])) { @@ -861,7 +854,7 @@ function cert_compare($cert1, $cert2) { if ((cert_get_issuer($c1, false) == cert_get_issuer($c2, false)) && (cert_get_subject($c1, false) == cert_get_subject($c2, false)) && (cert_get_serial($c1, false) == cert_get_serial($c2, false)) && - (cert_get_modulus($c1, false) == cert_get_modulus($c2, false))) { + (cert_get_publickey($c1, false) == cert_get_publickey($c2, false))) { return true; } return false; |
