diff options
| author | Stephen Beaver <sbeaver@netgate.com> | 2015-12-02 12:58:04 -0500 |
|---|---|---|
| committer | Stephen Beaver <sbeaver@netgate.com> | 2015-12-02 12:58:04 -0500 |
| commit | b29c322cb7b7eae937353889eba7f03d81036e90 (patch) | |
| tree | b3d5bde59a7ee22e7334e19bfadb41b6cce166e0 /src/usr | |
| parent | 13d0013d6c5df75cb2c540c49072b3570b8e8237 (diff) | |
| download | pfsense-b29c322cb7b7eae937353889eba7f03d81036e90.zip pfsense-b29c322cb7b7eae937353889eba7f03d81036e90.tar.gz | |
Fixed #5561 (mostly)
Diffstat (limited to 'src/usr')
| -rw-r--r-- | src/usr/local/www/system_certmanager.php | 267 |
1 files changed, 153 insertions, 114 deletions
diff --git a/src/usr/local/www/system_certmanager.php b/src/usr/local/www/system_certmanager.php index 70b2c50..cf4cf2e 100644 --- a/src/usr/local/www/system_certmanager.php +++ b/src/usr/local/www/system_certmanager.php @@ -222,7 +222,6 @@ if ($act == "p12") { } if ($act == "csr") { - if (!$a_cert[$id]) { pfSenseHeader("system_certmanager.php"); exit; @@ -233,9 +232,8 @@ if ($act == "csr") { } if ($_POST) { - // This is just the blank altername name that is added for display purposes. We don't want to validate/save it - if($_POST['altname_value0'] == "") { + if($_POST['altname_value0'] == "") { unset($_POST['altname_type0']); unset($_POST['altname_value0']); } @@ -455,6 +453,7 @@ if ($_POST) { } $dn['subjectAltName'] = implode(",", $altnames_tmp); } + if (!csr_generate($cert, $pconfig['csr_keylen'], $dn, $pconfig['csr_digest_alg'])) { while ($ssl_err = openssl_error_string()) { $input_errors = array(); @@ -571,117 +570,7 @@ if (file_exists("/etc/ca_countries")){ } } -if (!($act == "new" || (($_POST['save'] == gettext("Save")) && $input_errors))) -{ -?> -<div class="table-responsive"> -<table class="table table-striped table-hover"> - <thead> - <tr> - <th><?=gettext("Name")?></th> - <th><?=gettext("Issuer")?></th> - <th><?=gettext("Distinguished Name")?></th> - <th><?=gettext("In Use")?></th> - <th class="col-sm-2"><?=gettext("Actions")?></th> - </tr> - </thead> - <tbody> -<?php -foreach($a_cert as $i => $cert): - $name = htmlspecialchars($cert['descr']); - - if ($cert['crt']) { - $subj = cert_get_subject($cert['crt']); - $issuer = cert_get_issuer($cert['crt']); - $purpose = cert_get_purpose($cert['crt']); - list($startdate, $enddate) = cert_get_dates($cert['crt']); - - if ($subj==$issuer) - $caname = '<i>'. gettext("self-signed") .'</i>'; - else - $caname = '<i>'. gettext("external").'</i>'; - - $subj = htmlspecialchars($subj); - } - - if ($cert['csr']) { - $subj = htmlspecialchars(csr_get_subject($cert['csr'])); - $caname = "<em>" . gettext("external - signature pending") . "</em>"; - } - - $ca = lookup_ca($cert['caref']); - if ($ca) - $caname = $ca['descr']; -?> - <tr> - <td> - <?=$name?><br /> - <?php if ($cert['type']): ?> - <i><?=$cert_types[$cert['type']]?></i><br /> - <?php endif?> - <?php if (is_array($purpose)): ?> - CA: <b><?=$purpose['ca']?></b>, Server: <b><?=$purpose['server']?></b> - <?php endif?> - </td> - <td><?=$caname?></td> - <td> - <?=$subj?> - <br /> - <small> - <?=gettext("Valid From")?>: <b><?=$startdate ?></b><br /><?=gettext("Valid Until")?>: <b><?=$enddate ?></b> - </small> - </td> - <td> - <?php if (is_cert_revoked($cert)): ?> - <i>Revoked </i> - <?php endif?> - <?php if (is_webgui_cert($cert['refid'])): ?> - webConfigurator - <?php endif?> - <?php if (is_user_cert($cert['refid'])): ?> - User Cert - <?php endif?> - <?php if (is_openvpn_server_cert($cert['refid'])): ?> - OpenVPN Server - <?php endif?> - <?php if (is_openvpn_client_cert($cert['refid'])): ?> - OpenVPN Client - <?php endif?> - <?php if (is_ipsec_cert($cert['refid'])): ?> - IPsec Tunnel - <?php endif?> - <?php if (is_captiveportal_cert($cert['refid'])): ?> - Captive Portal - <?php endif?> - </td> - <td> - <a href="system_certmanager.php?act=exp&id=<?=$i?>" class="fa fa-sign-in" title="<?=gettext("Export")?>"></a> - <a href="system_certmanager.php?act=key&id=<?=$i?>" class="fa fa-key" title="<?=gettext("Export key")?>"></a> - <a href="system_certmanager.php?act=p12&id=<?=$i?>" class="fa fa-key" title="<?=gettext("Export P12")?>"> P12</a> - <?php if (!cert_in_use($cert['refid'])): ?> - <a href="system_certmanager.php?act=del&id=<?=$i?>" class="fa fa-trash" title="<?=gettext("Delete")?>"></a> - <?php endif?> - <?php if ($cert['csr']): ?> - <a href="system_certmanager.php?act=csr&id=<?=$i?>" class="fa fa-refresh" title="<?=gettext("Update csr")?>"></a> - <?php endif?> - </td> - </tr> -<?php endforeach; ?> - </tbody> -</table> -</div> - -<nav class="action-buttons"> - <a href="?act=new" class="btn btn-success btn-sm"> - <i class="fa fa-plus icon-embed-btn"></i> - <?=gettext("Add")?> - </a> -</nav> -<? - include("foot.inc"); - exit; -} - +if ($act == "new" || (($_POST['save'] == gettext("Save")) && $input_errors)) { $form = new Form; if ($act == "csr" || (($_POST['save'] == gettext("Update")) && $input_errors)) @@ -1044,6 +933,156 @@ $section->addInput(new Form_Select( $form->add($section); print $form; +} else if ($act == "csr" || (($_POST['save'] == gettext("Update")) && $input_errors)) { + $form = new Form(new Form_Button( + 'submit', + 'Update' + )); + + $section = new Form_Section("Complete signing request for " . $pconfig['descr']); + + $section->addInput(new Form_Textarea( + 'csr', + 'Signing request data', + $pconfig['csr'] + ))->setReadonly() + ->setHelp('Copy the certificate signing data from here and forward it to your certificate authority for signing.'); + + $section->addInput(new Form_Textarea( + 'cert', + 'Final certificate data', + $pconfig['cert'] + ))->setHelp('Paste the certificate received from your certificate authority here.'); + + if (isset($id) && $a_cert[$id]) { + $section->addInput(new Form_Input( + 'id', + null, + 'hidden', + $id + )); + + $section->addInput(new Form_Input( + 'act', + null, + 'hidden', + 'csr' + )); + } + + $form->add($section); + print($form); +} else { +?> +<div class="table-responsive"> +<table class="table table-striped table-hover"> + <thead> + <tr> + <th><?=gettext("Name")?></th> + <th><?=gettext("Issuer")?></th> + <th><?=gettext("Distinguished Name")?></th> + <th><?=gettext("In Use")?></th> + <th class="col-sm-2"><?=gettext("Actions")?></th> + </tr> + </thead> + <tbody> +<?php +foreach($a_cert as $i => $cert): + $name = htmlspecialchars($cert['descr']); + + if ($cert['crt']) { + $subj = cert_get_subject($cert['crt']); + $issuer = cert_get_issuer($cert['crt']); + $purpose = cert_get_purpose($cert['crt']); + list($startdate, $enddate) = cert_get_dates($cert['crt']); + + if ($subj==$issuer) + $caname = '<i>'. gettext("self-signed") .'</i>'; + else + $caname = '<i>'. gettext("external").'</i>'; + + $subj = htmlspecialchars($subj); + } + + if ($cert['csr']) { + $subj = htmlspecialchars(csr_get_subject($cert['csr'])); + $caname = "<em>" . gettext("external - signature pending") . "</em>"; + } + + $ca = lookup_ca($cert['caref']); + if ($ca) + $caname = $ca['descr']; +?> + <tr> + <td> + <?=$name?><br /> + <?php if ($cert['type']): ?> + <i><?=$cert_types[$cert['type']]?></i><br /> + <?php endif?> + <?php if (is_array($purpose)): ?> + CA: <b><?=$purpose['ca']?></b>, Server: <b><?=$purpose['server']?></b> + <?php endif?> + </td> + <td><?=$caname?></td> + <td> + <?=$subj?> + <br /> + <small> + <?=gettext("Valid From")?>: <b><?=$startdate ?></b><br /><?=gettext("Valid Until")?>: <b><?=$enddate ?></b> + </small> + </td> + <td> + <?php if (is_cert_revoked($cert)): ?> + <i>Revoked </i> + <?php endif?> + <?php if (is_webgui_cert($cert['refid'])): ?> + webConfigurator + <?php endif?> + <?php if (is_user_cert($cert['refid'])): ?> + User Cert + <?php endif?> + <?php if (is_openvpn_server_cert($cert['refid'])): ?> + OpenVPN Server + <?php endif?> + <?php if (is_openvpn_client_cert($cert['refid'])): ?> + OpenVPN Client + <?php endif?> + <?php if (is_ipsec_cert($cert['refid'])): ?> + IPsec Tunnel + <?php endif?> + <?php if (is_captiveportal_cert($cert['refid'])): ?> + Captive Portal + <?php endif?> + </td> + <td> + <a href="system_certmanager.php?act=exp&id=<?=$i?>" class="fa fa-sign-in" title="<?=gettext("Export")?>"></a> + <a href="system_certmanager.php?act=key&id=<?=$i?>" class="fa fa-key" title="<?=gettext("Export key")?>"></a> + <a href="system_certmanager.php?act=p12&id=<?=$i?>" class="fa fa-key" title="<?=gettext("Export P12")?>"> P12</a> + <?php if (!cert_in_use($cert['refid'])): ?> + <a href="system_certmanager.php?act=del&id=<?=$i?>" class="fa fa-trash" title="<?=gettext("Delete")?>"></a> + <?php endif?> + <?php if ($cert['csr']): ?> + <a href="system_certmanager.php?act=csr&id=<?=$i?>" class="fa fa-refresh" title="<?=gettext("Update csr")?>"></a> + <?php endif?> + </td> + </tr> +<?php endforeach; ?> + </tbody> +</table> +</div> + +<nav class="action-buttons"> + <a href="?act=new" class="btn btn-success btn-sm"> + <i class="fa fa-plus icon-embed-btn"></i> + <?=gettext("Add")?> + </a> +</nav> +<? + include("foot.inc"); + exit; +} + + ?> <script type="text/javascript"> //<