diff options
author | Renato Botelho <garga@FreeBSD.org> | 2015-05-30 09:55:39 -0300 |
---|---|---|
committer | Renato Botelho <garga@FreeBSD.org> | 2015-05-30 09:55:39 -0300 |
commit | e4a1022d47ce3f2c6d0fda7d5dd6c024590cd454 (patch) | |
tree | 4d14598157dbf2cee0ce328d624f4329d213c806 /usr | |
parent | b3405d87dd54ecffee185e46360fb9b2f25f2d66 (diff) | |
parent | 56b1ed39a684087bee6217c9f2106ec22018d2de (diff) | |
download | pfsense-e4a1022d47ce3f2c6d0fda7d5dd6c024590cd454.zip pfsense-e4a1022d47ce3f2c6d0fda7d5dd6c024590cd454.tar.gz |
Merge pull request #1696 from phil-davis/system-c
Diffstat (limited to 'usr')
-rw-r--r-- | usr/local/www/system_camanager.php | 256 | ||||
-rw-r--r-- | usr/local/www/system_certmanager.php | 457 | ||||
-rw-r--r-- | usr/local/www/system_crlmanager.php | 251 |
3 files changed, 571 insertions, 393 deletions
diff --git a/usr/local/www/system_camanager.php b/usr/local/www/system_camanager.php index cc73b51..58407ca 100644 --- a/usr/local/www/system_camanager.php +++ b/usr/local/www/system_camanager.php @@ -46,34 +46,40 @@ $ca_methods = array( "internal" => gettext("Create an internal Certificate Authority"), "intermediate" => gettext("Create an intermediate Certificate Authority")); -$ca_keylens = array( "512", "1024", "2048", "4096"); +$ca_keylens = array("512", "1024", "2048", "4096"); $openssl_digest_algs = array("sha1", "sha224", "sha256", "sha384", "sha512"); $pgtitle = array(gettext("System"), gettext("Certificate Authority Manager")); -if (is_numericint($_GET['id'])) +if (is_numericint($_GET['id'])) { $id = $_GET['id']; -if (isset($_POST['id']) && is_numericint($_POST['id'])) +} +if (isset($_POST['id']) && is_numericint($_POST['id'])) { $id = $_POST['id']; +} -if (!is_array($config['ca'])) +if (!is_array($config['ca'])) { $config['ca'] = array(); +} $a_ca =& $config['ca']; -if (!is_array($config['cert'])) +if (!is_array($config['cert'])) { $config['cert'] = array(); +} $a_cert =& $config['cert']; -if (!is_array($config['crl'])) +if (!is_array($config['crl'])) { $config['crl'] = array(); +} $a_crl =& $config['crl']; $act = $_GET['act']; -if ($_POST['act']) +if ($_POST['act']) { $act = $_POST['act']; +} if ($act == "del") { @@ -83,14 +89,18 @@ if ($act == "del") { } $index = count($a_cert) - 1; - for (;$index >=0; $index--) - if ($a_cert[$index]['caref'] == $a_ca[$id]['refid']) + for (;$index >= 0; $index--) { + if ($a_cert[$index]['caref'] == $a_ca[$id]['refid']) { unset($a_cert[$index]); + } + } $index = count($a_crl) - 1; - for (;$index >=0; $index--) - if ($a_crl[$index]['caref'] == $a_ca[$id]['refid']) + for (;$index >= 0; $index--) { + if ($a_crl[$index]['caref'] == $a_ca[$id]['refid']) { unset($a_crl[$index]); + } + } $name = $a_ca[$id]['descr']; unset($a_ca[$id]); @@ -109,8 +119,9 @@ if ($act == "edit") { $pconfig['refid'] = $a_ca[$id]['refid']; $pconfig['cert'] = base64_decode($a_ca[$id]['crt']); $pconfig['serial'] = $a_ca[$id]['serial']; - if (!empty($a_ca[$id]['prv'])) + if (!empty($a_ca[$id]['prv'])) { $pconfig['key'] = base64_decode($a_ca[$id]['prv']); + } } if ($act == "new") { @@ -167,62 +178,69 @@ if ($_POST) { if ($pconfig['method'] == "existing") { $reqdfields = explode(" ", "descr cert"); $reqdfieldsn = array( - gettext("Descriptive name"), - gettext("Certificate data")); - if ($_POST['cert'] && (!strstr($_POST['cert'], "BEGIN CERTIFICATE") || !strstr($_POST['cert'], "END CERTIFICATE"))) + gettext("Descriptive name"), + gettext("Certificate data")); + if ($_POST['cert'] && (!strstr($_POST['cert'], "BEGIN CERTIFICATE") || !strstr($_POST['cert'], "END CERTIFICATE"))) { $input_errors[] = gettext("This certificate does not appear to be valid."); - if ($_POST['key'] && strstr($_POST['key'], "ENCRYPTED")) + } + if ($_POST['key'] && strstr($_POST['key'], "ENCRYPTED")) { $input_errors[] = gettext("Encrypted private keys are not yet supported."); + } } if ($pconfig['method'] == "internal") { $reqdfields = explode(" ", - "descr keylen lifetime dn_country dn_state dn_city ". - "dn_organization dn_email dn_commonname"); + "descr keylen lifetime dn_country dn_state dn_city ". + "dn_organization dn_email dn_commonname"); $reqdfieldsn = array( - gettext("Descriptive name"), - gettext("Key length"), - gettext("Lifetime"), - gettext("Distinguished name Country Code"), - gettext("Distinguished name State or Province"), - gettext("Distinguished name City"), - gettext("Distinguished name Organization"), - gettext("Distinguished name Email Address"), - gettext("Distinguished name Common Name")); + gettext("Descriptive name"), + gettext("Key length"), + gettext("Lifetime"), + gettext("Distinguished name Country Code"), + gettext("Distinguished name State or Province"), + gettext("Distinguished name City"), + gettext("Distinguished name Organization"), + gettext("Distinguished name Email Address"), + gettext("Distinguished name Common Name")); } if ($pconfig['method'] == "intermediate") { $reqdfields = explode(" ", - "descr caref keylen lifetime dn_country dn_state dn_city ". - "dn_organization dn_email dn_commonname"); + "descr caref keylen lifetime dn_country dn_state dn_city ". + "dn_organization dn_email dn_commonname"); $reqdfieldsn = array( - gettext("Descriptive name"), - gettext("Signing Certificate Authority"), - gettext("Key length"), - gettext("Lifetime"), - gettext("Distinguished name Country Code"), - gettext("Distinguished name State or Province"), - gettext("Distinguished name City"), - gettext("Distinguished name Organization"), - gettext("Distinguished name Email Address"), - gettext("Distinguished name Common Name")); + gettext("Descriptive name"), + gettext("Signing Certificate Authority"), + gettext("Key length"), + gettext("Lifetime"), + gettext("Distinguished name Country Code"), + gettext("Distinguished name State or Province"), + gettext("Distinguished name City"), + gettext("Distinguished name Organization"), + gettext("Distinguished name Email Address"), + gettext("Distinguished name Common Name")); } do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors); if ($pconfig['method'] != "existing") { /* Make sure we do not have invalid characters in the fields for the certificate */ for ($i = 0; $i < count($reqdfields); $i++) { - if ($reqdfields[$i] == 'dn_email'){ - if (preg_match("/[\!\#\$\%\^\(\)\~\?\>\<\&\/\\\,\"\']/", $_POST["dn_email"])) + if ($reqdfields[$i] == 'dn_email') { + if (preg_match("/[\!\#\$\%\^\(\)\~\?\>\<\&\/\\\,\"\']/", $_POST["dn_email"])) { array_push($input_errors, "The field 'Distinguished name Email Address' contains invalid characters."); - }else if ($reqdfields[$i] == 'dn_commonname'){ - if (preg_match("/[\!\@\#\$\%\^\(\)\~\?\>\<\&\/\\\,\"\']/", $_POST["dn_commonname"])) + } + } else if ($reqdfields[$i] == 'dn_commonname') { + if (preg_match("/[\!\@\#\$\%\^\(\)\~\?\>\<\&\/\\\,\"\']/", $_POST["dn_commonname"])) { array_push($input_errors, "The field 'Distinguished name Common Name' contains invalid characters."); - }else if (($reqdfields[$i] != "descr") && preg_match("/[\!\@\#\$\%\^\(\)\~\?\>\<\&\/\\\,\.\"\']/", $_POST["$reqdfields[$i]"])) + } + } else if (($reqdfields[$i] != "descr") && preg_match("/[\!\@\#\$\%\^\(\)\~\?\>\<\&\/\\\,\.\"\']/", $_POST["$reqdfields[$i]"])) { array_push($input_errors, "The field '" . $reqdfieldsn[$i] . "' contains invalid characters."); + } } - if (!in_array($_POST["keylen"], $ca_keylens)) + if (!in_array($_POST["keylen"], $ca_keylens)) { array_push($input_errors, gettext("Please select a valid Key Length.")); - if (!in_array($_POST["digest_alg"], $openssl_digest_algs)) + } + if (!in_array($_POST["digest_alg"], $openssl_digest_algs)) { array_push($input_errors, gettext("Please select a valid Digest Algorithm.")); + } } /* if this is an AJAX caller then handle via JSON */ @@ -235,13 +253,15 @@ if ($_POST) { if (!$input_errors) { $ca = array(); - if (!isset($pconfig['refid']) || empty($pconfig['refid'])) + if (!isset($pconfig['refid']) || empty($pconfig['refid'])) { $ca['refid'] = uniqid(); - else + } else { $ca['refid'] = $pconfig['refid']; + } - if (isset($id) && $a_ca[$id]) + if (isset($id) && $a_ca[$id]) { $ca = $a_ca[$id]; + } $ca['descr'] = $pconfig['descr']; @@ -250,14 +270,14 @@ if ($_POST) { $ca['refid'] = $pconfig['refid']; $ca['serial'] = $pconfig['serial']; $ca['crt'] = base64_encode($pconfig['cert']); - if (!empty($pconfig['key'])) + if (!empty($pconfig['key'])) { $ca['prv'] = base64_encode($pconfig['key']); + } } else { $old_err_level = error_reporting(0); /* otherwise openssl_ functions throw warnings directly to a page screwing menu tab */ - if ($pconfig['method'] == "existing") + if ($pconfig['method'] == "existing") { ca_import($ca, $pconfig['cert'], $pconfig['key'], $pconfig['serial']); - - else if ($pconfig['method'] == "internal") { + } else if ($pconfig['method'] == "internal") { $dn = array( 'countryName' => $pconfig['dn_country'], 'stateOrProvinceName' => $pconfig['dn_state'], @@ -265,8 +285,8 @@ if ($_POST) { 'organizationName' => $pconfig['dn_organization'], 'emailAddress' => $pconfig['dn_email'], 'commonName' => $pconfig['dn_commonname']); - if (!ca_create($ca, $pconfig['keylen'], $pconfig['lifetime'], $dn, $pconfig['digest_alg'])){ - while($ssl_err = openssl_error_string()){ + if (!ca_create($ca, $pconfig['keylen'], $pconfig['lifetime'], $dn, $pconfig['digest_alg'])) { + while ($ssl_err = openssl_error_string()) { $input_errors = array(); array_push($input_errors, "openssl library returns: " . $ssl_err); } @@ -280,8 +300,8 @@ if ($_POST) { 'organizationName' => $pconfig['dn_organization'], 'emailAddress' => $pconfig['dn_email'], 'commonName' => $pconfig['dn_commonname']); - if (!ca_inter_create($ca, $pconfig['keylen'], $pconfig['lifetime'], $dn, $pconfig['caref'], $pconfig['digest_alg'])){ - while($ssl_err = openssl_error_string()){ + if (!ca_inter_create($ca, $pconfig['keylen'], $pconfig['lifetime'], $dn, $pconfig['caref'], $pconfig['digest_alg'])) { + while ($ssl_err = openssl_error_string()) { $input_errors = array(); array_push($input_errors, "openssl library returns: " . $ssl_err); } @@ -290,13 +310,15 @@ if ($_POST) { error_reporting($old_err_level); } - if (isset($id) && $a_ca[$id]) + if (isset($id) && $a_ca[$id]) { $a_ca[$id] = $ca; - else + } else { $a_ca[] = $ca; + } - if (!$input_errors) + if (!$input_errors) { write_config(); + } // pfSenseHeader("system_camanager.php"); } @@ -336,18 +358,22 @@ function method_change() { //]]> </script> <?php - if ($input_errors) + if ($input_errors) { print_input_errors($input_errors); - if ($savemsg) + } + if ($savemsg) { print_info_box($savemsg); + } // Load valid country codes $dn_cc = array(); - if (file_exists("/etc/ca_countries")){ + if (file_exists("/etc/ca_countries")) { $dn_cc_file=file("/etc/ca_countries"); - foreach($dn_cc_file as $line) - if (preg_match('/^(\S*)\s(.*)$/', $line, $matches)) + foreach ($dn_cc_file as $line) { + if (preg_match('/^(\S*)\s(.*)$/', $line, $matches)) { array_push($dn_cc, $matches[1]); + } + } } ?> <table width="100%" border="0" cellpadding="0" cellspacing="0" summary="CA manager"> @@ -387,13 +413,16 @@ function method_change() { <td width="78%" class="vtable"> <select name='method' id='method' class="formselect" onchange='method_change()'> <?php - foreach($ca_methods as $method => $desc): - $selected = ""; - if ($pconfig['method'] == $method) - $selected = " selected=\"selected\""; + foreach ($ca_methods as $method => $desc): + $selected = ""; + if ($pconfig['method'] == $method) { + $selected = " selected=\"selected\""; + } ?> <option value="<?=$method;?>"<?=$selected;?>><?=$desc;?></option> - <?php endforeach; ?> + <?php + endforeach; + ?> </select> </td> </tr> @@ -446,18 +475,22 @@ function method_change() { <tr id='intermediate'> <td width="22%" valign="top" class="vncellreq"><?=gettext("Signing Certificate Authority");?></td> <td width="78%" class="vtable"> - <select name='caref' id='caref' class="formselect" onchange='internalca_change()'> - <?php - foreach( $a_ca as $ca): - if (!$ca['prv']) - continue; - $selected = ""; - if ($pconfig['caref'] == $ca['refid']) - $selected = " selected=\"selected\""; - ?> - <option value="<?=$ca['refid'];?>"<?=$selected;?>><?=$ca['descr'];?></option> - <?php endforeach; ?> - </select> + <select name='caref' id='caref' class="formselect" onchange='internalca_change()'> + <?php + foreach ($a_ca as $ca): + if (!$ca['prv']) { + continue; + } + $selected = ""; + if ($pconfig['caref'] == $ca['refid']) { + $selected = " selected=\"selected\""; + } + ?> + <option value="<?=$ca['refid'];?>"<?=$selected;?>><?=$ca['descr'];?></option> + <?php + endforeach; + ?> + </select> </td> </tr> <tr> @@ -465,13 +498,16 @@ function method_change() { <td width="78%" class="vtable"> <select name='keylen' id='keylen' class="formselect"> <?php - foreach( $ca_keylens as $len): - $selected = ""; - if ($pconfig['keylen'] == $len) - $selected = " selected=\"selected\""; + foreach ($ca_keylens as $len): + $selected = ""; + if ($pconfig['keylen'] == $len) { + $selected = " selected=\"selected\""; + } ?> <option value="<?=$len;?>"<?=$selected;?>><?=$len;?></option> - <?php endforeach; ?> + <?php + endforeach; + ?> </select> <?=gettext("bits");?> </td> @@ -481,13 +517,16 @@ function method_change() { <td width="78%" class="vtable"> <select name='digest_alg' id='digest_alg' class="formselect"> <?php - foreach( $openssl_digest_algs as $digest_alg): - $selected = ""; - if ($pconfig['digest_alg'] == $digest_alg) - $selected = " selected=\"selected\""; + foreach ($openssl_digest_algs as $digest_alg): + $selected = ""; + if ($pconfig['digest_alg'] == $digest_alg) { + $selected = " selected=\"selected\""; + } ?> <option value="<?=$digest_alg;?>"<?=$selected;?>><?=strtoupper($digest_alg);?></option> - <?php endforeach; ?> + <?php + endforeach; + ?> </select> <br /><?= gettext("NOTE: It is recommended to use an algorithm stronger than SHA1 when possible.") ?> </td> @@ -508,12 +547,13 @@ function method_change() { <td align="left"> <select name='dn_country' class="formselect"> <?php - foreach( $dn_cc as $cc){ + foreach ($dn_cc as $cc) { $selected = ""; - if ($pconfig['dn_country'] == $cc) + if ($pconfig['dn_country'] == $cc) { $selected = " selected=\"selected\""; - print "<option value=\"$cc\"$selected>$cc</option>"; } + print "<option value=\"$cc\"$selected>$cc</option>"; + } ?> </select> </td> @@ -599,26 +639,28 @@ function method_change() { </tr> <?php $i = 0; - foreach($a_ca as $ca): + foreach ($a_ca as $ca): $name = htmlspecialchars($ca['descr']); $subj = cert_get_subject($ca['crt']); $issuer = cert_get_issuer($ca['crt']); list($startdate, $enddate) = cert_get_dates($ca['crt']); - if($subj == $issuer) + if ($subj == $issuer) { $issuer_name = "<em>" . gettext("self-signed") . "</em>"; - else + } else { $issuer_name = "<em>" . gettext("external") . "</em>"; + } $subj = htmlspecialchars($subj); $issuer = htmlspecialchars($issuer); $certcount = 0; $issuer_ca = lookup_ca($ca['caref']); - if ($issuer_ca) + if ($issuer_ca) { $issuer_name = $issuer_ca['descr']; + } // TODO : Need gray certificate icon - if($ca['prv']) { + if ($ca['prv']) { $caimg = "/themes/{$g['theme']}/images/icons/icon_frmfld_cert.png"; $internal = "YES"; @@ -626,12 +668,16 @@ function method_change() { $caimg = "/themes/{$g['theme']}/images/icons/icon_frmfld_cert.png"; $internal = "NO"; } - foreach ($a_cert as $cert) - if ($cert['caref'] == $ca['refid']) + foreach ($a_cert as $cert) { + if ($cert['caref'] == $ca['refid']) { $certcount++; - foreach ($a_ca as $cert) - if ($cert['caref'] == $ca['refid']) - $certcount++; + } + } + foreach ($a_ca as $cert) { + if ($cert['caref'] == $ca['refid']) { + $certcount++; + } + } ?> <tr> <td class="listlr"> diff --git a/usr/local/www/system_certmanager.php b/usr/local/www/system_certmanager.php index 965f02f..1f21090 100644 --- a/usr/local/www/system_certmanager.php +++ b/usr/local/www/system_certmanager.php @@ -47,51 +47,62 @@ $cert_methods = array( "external" => gettext("Create a Certificate Signing Request"), ); -$cert_keylens = array( "512", "1024", "2048", "4096"); -$cert_types = array( "ca" => "Certificate Authority", - "server" => "Server Certificate", - "user" => "User Certificate"); +$cert_keylens = array("512", "1024", "2048", "4096"); +$cert_types = array( + "ca" => "Certificate Authority", + "server" => "Server Certificate", + "user" => "User Certificate"); $altname_types = array("DNS", "IP", "email", "URI"); $openssl_digest_algs = array("sha1", "sha224", "sha256", "sha384", "sha512"); $pgtitle = array(gettext("System"), gettext("Certificate Manager")); -if (is_numericint($_GET['userid'])) +if (is_numericint($_GET['userid'])) { $userid = $_GET['userid']; -if (isset($_POST['userid']) && is_numericint($_POST['userid'])) +} +if (isset($_POST['userid']) && is_numericint($_POST['userid'])) { $userid = $_POST['userid']; +} if (isset($userid)) { $cert_methods["existing"] = gettext("Choose an existing certificate"); - if (!is_array($config['system']['user'])) + if (!is_array($config['system']['user'])) { $config['system']['user'] = array(); + } $a_user =& $config['system']['user']; } -if (is_numericint($_GET['id'])) +if (is_numericint($_GET['id'])) { $id = $_GET['id']; -if (isset($_POST['id']) && is_numericint($_POST['id'])) +} +if (isset($_POST['id']) && is_numericint($_POST['id'])) { $id = $_POST['id']; +} -if (!is_array($config['ca'])) +if (!is_array($config['ca'])) { $config['ca'] = array(); +} $a_ca =& $config['ca']; -if (!is_array($config['cert'])) +if (!is_array($config['cert'])) { $config['cert'] = array(); +} $a_cert =& $config['cert']; $internal_ca_count = 0; -foreach ($a_ca as $ca) - if ($ca['prv']) +foreach ($a_ca as $ca) { + if ($ca['prv']) { $internal_ca_count++; + } +} $act = $_GET['act']; -if ($_POST['act']) +if ($_POST['act']) { $act = $_POST['act']; +} if ($act == "del") { @@ -165,8 +176,9 @@ if ($act == "p12") { $args['friendly_name'] = $a_cert[$id]['descr']; $ca = lookup_ca($a_cert[$id]['caref']); - if ($ca) + if ($ca) { $args['extracerts'] = openssl_x509_read(base64_decode($ca['crt'])); + } $res_crt = openssl_x509_read(base64_decode($a_cert[$id]['crt'])); $res_key = openssl_pkey_get_private(array(0 => base64_decode($a_cert[$id]['prv']) , 1 => "")); @@ -201,46 +213,47 @@ if ($_POST) { /* input validation */ if ($pconfig['method'] == "import") { $reqdfields = explode(" ", - "descr cert key"); + "descr cert key"); $reqdfieldsn = array( - gettext("Descriptive name"), - gettext("Certificate data"), - gettext("Key data")); - if ($_POST['cert'] && (!strstr($_POST['cert'], "BEGIN CERTIFICATE") || !strstr($_POST['cert'], "END CERTIFICATE"))) + gettext("Descriptive name"), + gettext("Certificate data"), + gettext("Key data")); + if ($_POST['cert'] && (!strstr($_POST['cert'], "BEGIN CERTIFICATE") || !strstr($_POST['cert'], "END CERTIFICATE"))) { $input_errors[] = gettext("This certificate does not appear to be valid."); + } } if ($pconfig['method'] == "internal") { $reqdfields = explode(" ", - "descr caref keylen type lifetime dn_country dn_state dn_city ". - "dn_organization dn_email dn_commonname"); + "descr caref keylen type lifetime dn_country dn_state dn_city ". + "dn_organization dn_email dn_commonname"); $reqdfieldsn = array( - gettext("Descriptive name"), - gettext("Certificate authority"), - gettext("Key length"), - gettext("Certificate Type"), - gettext("Lifetime"), - gettext("Distinguished name Country Code"), - gettext("Distinguished name State or Province"), - gettext("Distinguished name City"), - gettext("Distinguished name Organization"), - gettext("Distinguished name Email Address"), - gettext("Distinguished name Common Name")); + gettext("Descriptive name"), + gettext("Certificate authority"), + gettext("Key length"), + gettext("Certificate Type"), + gettext("Lifetime"), + gettext("Distinguished name Country Code"), + gettext("Distinguished name State or Province"), + gettext("Distinguished name City"), + gettext("Distinguished name Organization"), + gettext("Distinguished name Email Address"), + gettext("Distinguished name Common Name")); } if ($pconfig['method'] == "external") { $reqdfields = explode(" ", - "descr csr_keylen csr_dn_country csr_dn_state csr_dn_city ". - "csr_dn_organization csr_dn_email csr_dn_commonname"); + "descr csr_keylen csr_dn_country csr_dn_state csr_dn_city ". + "csr_dn_organization csr_dn_email csr_dn_commonname"); $reqdfieldsn = array( - gettext("Descriptive name"), - gettext("Key length"), - gettext("Distinguished name Country Code"), - gettext("Distinguished name State or Province"), - gettext("Distinguished name City"), - gettext("Distinguished name Organization"), - gettext("Distinguished name Email Address"), - gettext("Distinguished name Common Name")); + gettext("Descriptive name"), + gettext("Key length"), + gettext("Distinguished name Country Code"), + gettext("Distinguished name State or Province"), + gettext("Distinguished name City"), + gettext("Distinguished name Organization"), + gettext("Distinguished name Email Address"), + gettext("Distinguished name Common Name")); } if ($pconfig['method'] == "existing") { @@ -272,23 +285,28 @@ if ($_POST) { foreach ($altnames as $idx => $altname) { switch ($altname['type']) { case "DNS": - if (!is_hostname($altname['value'])) + if (!is_hostname($altname['value'])) { array_push($input_errors, "DNS subjectAltName values must be valid hostnames or FQDNs"); + } break; case "IP": - if (!is_ipaddr($altname['value'])) + if (!is_ipaddr($altname['value'])) { array_push($input_errors, "IP subjectAltName values must be valid IP Addresses"); + } break; case "email": - if (empty($altname['value'])) + if (empty($altname['value'])) { array_push($input_errors, "You must provide an e-mail address for this type of subjectAltName"); - if (preg_match("/[\!\#\$\%\^\(\)\~\?\>\<\&\/\\\,\"\']/", $altname['value'])) + } + if (preg_match("/[\!\#\$\%\^\(\)\~\?\>\<\&\/\\\,\"\']/", $altname['value'])) { array_push($input_errors, "The e-mail provided in a subjectAltName contains invalid characters."); + } break; case "URI": /* Close enough? */ - if (!is_URL($altname['value'])) + if (!is_URL($altname['value'])) { $input_errors[] = "URI subjectAltName types must be a valid URI"; + } break; default: $input_errors[] = "Unrecognized subjectAltName type."; @@ -297,25 +315,32 @@ if ($_POST) { /* Make sure we do not have invalid characters in the fields for the certificate */ for ($i = 0; $i < count($reqdfields); $i++) { - if (preg_match('/email/', $reqdfields[$i])){ /* dn_email or csr_dn_name */ - if (preg_match("/[\!\#\$\%\^\(\)\~\?\>\<\&\/\\\,\"\']/", $_POST[$reqdfields[$i]])) + if (preg_match('/email/', $reqdfields[$i])) { /* dn_email or csr_dn_name */ + if (preg_match("/[\!\#\$\%\^\(\)\~\?\>\<\&\/\\\,\"\']/", $_POST[$reqdfields[$i]])) { array_push($input_errors, "The field 'Distinguished name Email Address' contains invalid characters."); - }else if (preg_match('/commonname/', $reqdfields[$i])){ /* dn_commonname or csr_dn_commonname */ - if (preg_match("/[\!\@\#\$\%\^\(\)\~\?\>\<\&\/\\\,\"\']/", $_POST[$reqdfields[$i]])) + } + } else if (preg_match('/commonname/', $reqdfields[$i])) { /* dn_commonname or csr_dn_commonname */ + if (preg_match("/[\!\@\#\$\%\^\(\)\~\?\>\<\&\/\\\,\"\']/", $_POST[$reqdfields[$i]])) { array_push($input_errors, "The field 'Distinguished name Common Name' contains invalid characters."); - }else if (($reqdfields[$i] != "descr") && preg_match("/[\!\@\#\$\%\^\(\)\~\?\>\<\&\/\\\,\.\"\']/", $_POST[$reqdfields[$i]])) + } + } else if (($reqdfields[$i] != "descr") && preg_match("/[\!\@\#\$\%\^\(\)\~\?\>\<\&\/\\\,\.\"\']/", $_POST[$reqdfields[$i]])) { array_push($input_errors, "The field '" . $reqdfieldsn[$i] . "' contains invalid characters."); + } } - if (($pconfig['method'] != "external") && isset($_POST["keylen"]) && !in_array($_POST["keylen"], $cert_keylens)) + if (($pconfig['method'] != "external") && isset($_POST["keylen"]) && !in_array($_POST["keylen"], $cert_keylens)) { array_push($input_errors, gettext("Please select a valid Key Length.")); - if (($pconfig['method'] != "external") && !in_array($_POST["digest_alg"], $openssl_digest_algs)) + } + if (($pconfig['method'] != "external") && !in_array($_POST["digest_alg"], $openssl_digest_algs)) { array_push($input_errors, gettext("Please select a valid Digest Algorithm.")); - - if (($pconfig['method'] == "external") && isset($_POST["csr_keylen"]) && !in_array($_POST["csr_keylen"], $cert_keylens)) + } + + if (($pconfig['method'] == "external") && isset($_POST["csr_keylen"]) && !in_array($_POST["csr_keylen"], $cert_keylens)) { array_push($input_errors, gettext("Please select a valid Key Length.")); - if (($pconfig['method'] == "external") && !in_array($_POST["csr_digest_alg"], $openssl_digest_algs)) + } + if (($pconfig['method'] == "external") && !in_array($_POST["csr_digest_alg"], $openssl_digest_algs)) { array_push($input_errors, gettext("Please select a valid Digest Algorithm.")); + } } /* if this is an AJAX caller then handle via JSON */ @@ -329,20 +354,23 @@ if ($_POST) { if ($pconfig['method'] == "existing") { $cert = lookup_cert($pconfig['certref']); - if ($cert && $a_user) + if ($cert && $a_user) { $a_user[$userid]['cert'][] = $cert['refid']; + } } else { $cert = array(); $cert['refid'] = uniqid(); - if (isset($id) && $a_cert[$id]) + if (isset($id) && $a_cert[$id]) { $cert = $a_cert[$id]; + } $cert['descr'] = $pconfig['descr']; $old_err_level = error_reporting(0); /* otherwise openssl_ functions throw warnings directly to a page screwing menu tab */ - if ($pconfig['method'] == "import") + if ($pconfig['method'] == "import") { cert_import($cert, $pconfig['cert'], $pconfig['key']); + } if ($pconfig['method'] == "internal") { $dn = array( @@ -360,8 +388,8 @@ if ($_POST) { $dn['subjectAltName'] = implode(",", $altnames_tmp); } if (!cert_create($cert, $pconfig['caref'], $pconfig['keylen'], - $pconfig['lifetime'], $dn, $pconfig['type'], $pconfig['digest_alg'])){ - while($ssl_err = openssl_error_string()){ + $pconfig['lifetime'], $dn, $pconfig['type'], $pconfig['digest_alg'])) { + while ($ssl_err = openssl_error_string()) { $input_errors = array(); array_push($input_errors, "openssl library returns: " . $ssl_err); } @@ -383,8 +411,8 @@ if ($_POST) { } $dn['subjectAltName'] = implode(",", $altnames_tmp); } - if(!csr_generate($cert, $pconfig['csr_keylen'], $dn, $pconfig['csr_digest_alg'])){ - while($ssl_err = openssl_error_string()){ + if (!csr_generate($cert, $pconfig['csr_keylen'], $dn, $pconfig['csr_digest_alg'])) { + while ($ssl_err = openssl_error_string()) { $input_errors = array(); array_push($input_errors, "openssl library returns: " . $ssl_err); } @@ -392,16 +420,19 @@ if ($_POST) { } error_reporting($old_err_level); - if (isset($id) && $a_cert[$id]) + if (isset($id) && $a_cert[$id]) { $a_cert[$id] = $cert; - else + } else { $a_cert[] = $cert; - if (isset($a_user) && isset($userid)) + } + if (isset($a_user) && isset($userid)) { $a_user[$userid]['cert'][] = $cert['refid']; + } } - if (!$input_errors) + if (!$input_errors) { write_config(); + } if ($userid) { post_redirect("system_usermanager.php", array('act' => 'edit', 'userid' => $userid)); @@ -417,8 +448,8 @@ if ($_POST) { /* input validation */ $reqdfields = explode(" ", "descr cert"); $reqdfieldsn = array( - gettext("Descriptive name"), - gettext("Final Certificate data")); + gettext("Descriptive name"), + gettext("Final Certificate data")); do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors); @@ -427,18 +458,18 @@ if ($_POST) { // $subj_csr = csr_get_subject($pconfig['csr'], false); // $subj_cert = cert_get_subject($pconfig['cert'], false); // -// if ( !isset($_POST['ignoresubjectmismatch']) && !($_POST['ignoresubjectmismatch'] == "yes") ) { -// if (strcmp($subj_csr,$subj_cert)) { -// $input_errors[] = sprintf(gettext("The certificate subject '%s' does not match the signing request subject."),$subj_cert); +// if (!isset($_POST['ignoresubjectmismatch']) && !($_POST['ignoresubjectmismatch'] == "yes")) { +// if (strcmp($subj_csr, $subj_cert)) { +// $input_errors[] = sprintf(gettext("The certificate subject '%s' does not match the signing request subject."), $subj_cert); // $subject_mismatch = true; // } // } $mod_csr = csr_get_modulus($pconfig['csr'], false); $mod_cert = cert_get_modulus($pconfig['cert'], false); - - if (strcmp($mod_csr,$mod_cert)) { + + if (strcmp($mod_csr, $mod_cert)) { // simply: if the moduli don't match, then the private key and public key won't match - $input_errors[] = sprintf(gettext("The certificate modulus does not match the signing request modulus."),$subj_cert); + $input_errors[] = sprintf(gettext("The certificate modulus does not match the signing request modulus."), $subj_cert); $subject_mismatch = true; } @@ -477,10 +508,11 @@ include("head.inc"); function method_change() { <?php - if ($internal_ca_count) + if ($internal_ca_count) { $submit_style = ""; - else + } else { $submit_style = "none"; + } ?> method = document.iform.method.selectedIndex; @@ -530,8 +562,9 @@ function internalca_change() { switch (caref) { <?php foreach ($a_ca as $ca): - if (!$ca['prv']) + if (!$ca['prv']) { continue; + } $subject = cert_get_subject_array($ca['crt']); ?> case "<?=$ca['refid'];?>": @@ -541,7 +574,9 @@ function internalca_change() { document.iform.dn_organization.value = "<?=$subject[3]['v'];?>"; document.iform.dn_email.value = "<?=$subject[4]['v'];?>"; break; -<?php endforeach; ?> +<?php + endforeach; +?> } } <?php endif; ?> @@ -562,19 +597,23 @@ function internalca_change() { //]]> </script> <?php - if ($input_errors) + if ($input_errors) { print_input_errors($input_errors); - if ($savemsg) + } + if ($savemsg) { print_info_box($savemsg); + } - // Load valid country codes - $dn_cc = array(); - if (file_exists("/etc/ca_countries")){ - $dn_cc_file=file("/etc/ca_countries"); - foreach($dn_cc_file as $line) - if (preg_match('/^(\S*)\s(.*)$/', $line, $matches)) - array_push($dn_cc, $matches[1]); - } + // Load valid country codes + $dn_cc = array(); + if (file_exists("/etc/ca_countries")) { + $dn_cc_file=file("/etc/ca_countries"); + foreach ($dn_cc_file as $line) { + if (preg_match('/^(\S*)\s(.*)$/', $line, $matches)) { + array_push($dn_cc, $matches[1]); + } + } + } ?> <table width="100%" border="0" cellpadding="0" cellspacing="0" summary="cert manager"> <tr> @@ -602,21 +641,25 @@ function internalca_change() { <td width="78%" class="vtable"> <select name='method' id='method' class="formselect" onchange='method_change()'> <?php - foreach($cert_methods as $method => $desc): - $selected = ""; - if ($pconfig['method'] == $method) - $selected = " selected=\"selected\""; + foreach ($cert_methods as $method => $desc): + $selected = ""; + if ($pconfig['method'] == $method) { + $selected = " selected=\"selected\""; + } ?> <option value="<?=$method;?>"<?=$selected;?>><?=$desc;?></option> - <?php endforeach; ?> + <?php + endforeach; + ?> </select> </td> </tr> <?php endif; ?> <tr id="descriptivename"> <?php - if ($a_user && empty($pconfig['descr'])) + if ($a_user && empty($pconfig['descr'])) { $pconfig['descr'] = $a_user[$userid]['name']; + } ?> <td width="22%" valign="top" class="vncellreq"><?=gettext("Descriptive name");?></td> <td width="78%" class="vtable"> @@ -676,15 +719,19 @@ function internalca_change() { <td width="78%" class="vtable"> <select name='caref' id='caref' class="formselect" onchange='internalca_change()'> <?php - foreach( $a_ca as $ca): - if (!$ca['prv']) - continue; - $selected = ""; - if ($pconfig['caref'] == $ca['refid']) - $selected = " selected=\"selected\""; + foreach ($a_ca as $ca): + if (!$ca['prv']) { + continue; + } + $selected = ""; + if ($pconfig['caref'] == $ca['refid']) { + $selected = " selected=\"selected\""; + } ?> <option value="<?=$ca['refid'];?>"<?=$selected;?>><?=$ca['descr'];?></option> - <?php endforeach; ?> + <?php + endforeach; + ?> </select> </td> </tr> @@ -693,13 +740,16 @@ function internalca_change() { <td width="78%" class="vtable"> <select name='keylen' class="formselect"> <?php - foreach( $cert_keylens as $len): - $selected = ""; - if ($pconfig['keylen'] == $len) - $selected = " selected=\"selected\""; + foreach ($cert_keylens as $len): + $selected = ""; + if ($pconfig['keylen'] == $len) { + $selected = " selected=\"selected\""; + } ?> <option value="<?=$len;?>"<?=$selected;?>><?=$len;?></option> - <?php endforeach; ?> + <?php + endforeach; + ?> </select> <?=gettext("bits");?> </td> @@ -709,13 +759,16 @@ function internalca_change() { <td width="78%" class="vtable"> <select name='digest_alg' id='digest_alg' class="formselect"> <?php - foreach( $openssl_digest_algs as $digest_alg): - $selected = ""; - if ($pconfig['digest_alg'] == $digest_alg) - $selected = " selected=\"selected\""; + foreach ($openssl_digest_algs as $digest_alg): + $selected = ""; + if ($pconfig['digest_alg'] == $digest_alg) { + $selected = " selected=\"selected\""; + } ?> <option value="<?=$digest_alg;?>"<?=$selected;?>><?=strtoupper($digest_alg);?></option> - <?php endforeach; ?> + <?php + endforeach; + ?> </select> <br /><?= gettext("NOTE: It is recommended to use an algorithm stronger than SHA1 when possible.") ?> </td> @@ -725,13 +778,16 @@ function internalca_change() { <td width="78%" class="vtable"> <select name='type' class="formselect"> <?php - foreach( $cert_types as $ct => $ctdesc ): - $selected = ""; - if ($pconfig['type'] == $ct) - $selected = " selected=\"selected\""; + foreach ($cert_types as $ct => $ctdesc): + $selected = ""; + if ($pconfig['type'] == $ct) { + $selected = " selected=\"selected\""; + } ?> <option value="<?=$ct;?>"<?=$selected;?>><?=$ctdesc;?></option> - <?php endforeach; ?> + <?php + endforeach; + ?> </select> <br /> <?=gettext("Type of certificate to generate. Used for placing restrictions on the usage of the generated certificate.");?> @@ -786,8 +842,9 @@ function internalca_change() { <td align="right"><?=gettext("Common Name");?> : </td> <td align="left"> <?php - if ($a_user && empty($pconfig['dn_commonname'])) + if ($a_user && empty($pconfig['dn_commonname'])) { $pconfig['dn_commonname'] = $a_user[$userid]['name']; + } ?> <input name="dn_commonname" type="text" class="formfld unknown" size="25" value="<?=htmlspecialchars($pconfig['dn_commonname']);?>"/> @@ -801,36 +858,36 @@ function internalca_change() { <td align="left"> <table id="altNametable"> <thead> - <tr> - <th><div id="onecolumn"><?=gettext("Type");?></div></th> - <th><div id="twocolumn"><?=gettext("Value");?></div></th> - </tr> + <tr> + <th><div id="onecolumn"><?=gettext("Type");?></div></th> + <th><div id="twocolumn"><?=gettext("Value");?></div></th> + </tr> </thead> <tbody> <?php $counter = 0; - if($pconfig['altnames']['item']): - foreach($pconfig['altnames']['item'] as $item): - $type = $item['type']; - $value = $item['value']; + if ($pconfig['altnames']['item']): + foreach ($pconfig['altnames']['item'] as $item): + $type = $item['type']; + $value = $item['value']; ?> - <tr> - <td> - <input autocomplete="off" name="altname_type<?php echo $counter; ?>" type="text" class="formfld unknown" id="altname_type<?php echo $counter; ?>" size="20" value="<?=htmlspecialchars($type);?>" /> - </td> - <td> - <input autocomplete="off" name="altname_value<?php echo $counter; ?>" type="text" class="formfld unknown" id="altname_value<?php echo $counter; ?>" size="20" value="<?=htmlspecialchars($value);?>" /> - </td> - <td> - <a onclick="removeRow(this); return false;" href="#"><img border="0" src="/themes/<?echo $g['theme'];?>/images/icons/icon_x.gif" alt="" title="<?=gettext("remove this entry"); ?>" /></a> - </td> - </tr> + <tr> + <td> + <input autocomplete="off" name="altname_type<?php echo $counter; ?>" type="text" class="formfld unknown" id="altname_type<?php echo $counter; ?>" size="20" value="<?=htmlspecialchars($type);?>" /> + </td> + <td> + <input autocomplete="off" name="altname_value<?php echo $counter; ?>" type="text" class="formfld unknown" id="altname_value<?php echo $counter; ?>" size="20" value="<?=htmlspecialchars($value);?>" /> + </td> + <td> + <a onclick="removeRow(this); return false;" href="#"><img border="0" src="/themes/<?echo $g['theme'];?>/images/icons/icon_x.gif" alt="" title="<?=gettext("remove this entry"); ?>" /></a> + </td> + </tr> <?php - $counter++; - endforeach; + $counter++; + endforeach; endif; ?> - <tr><td> </td></tr> + <tr><td> </td></tr> </tbody> </table> <a onclick="javascript:addRowTo('altNametable', 'formfldalias'); return false;" href="#"> @@ -867,15 +924,19 @@ function internalca_change() { <td width="78%" class="vtable"> <select name='csr_keylen' class="formselect"> <?php - if (!isset($pconfig['csr_keylen']) && isset($pconfig['csr_keylen'])) + if (!isset($pconfig['csr_keylen']) && isset($pconfig['csr_keylen'])) { $pconfig['csr_keylen'] = $pconfig['csr_keylen']; - foreach( $cert_keylens as $len): - $selected = ""; - if ($pconfig['csr_keylen'] == $len) - $selected = " selected=\"selected\""; + } + foreach ($cert_keylens as $len): + $selected = ""; + if ($pconfig['csr_keylen'] == $len) { + $selected = " selected=\"selected\""; + } ?> <option value="<?=$len;?>"<?=$selected;?>><?=$len;?></option> - <?php endforeach; ?> + <?php + endforeach; + ?> </select> bits </td> @@ -885,13 +946,16 @@ function internalca_change() { <td width="78%" class="vtable"> <select name='csr_digest_alg' id='csr_digest_alg' class="formselect"> <?php - foreach( $openssl_digest_algs as $csr_digest_alg): - $selected = ""; - if ($pconfig['csr_digest_alg'] == $csr_digest_alg) - $selected = " selected=\"selected\""; + foreach ($openssl_digest_algs as $csr_digest_alg): + $selected = ""; + if ($pconfig['csr_digest_alg'] == $csr_digest_alg) { + $selected = " selected=\"selected\""; + } ?> <option value="<?=$csr_digest_alg;?>"<?=$selected;?>><?=strtoupper($csr_digest_alg);?></option> - <?php endforeach; ?> + <?php + endforeach; + ?> </select> <br /><?= gettext("NOTE: It is recommended to use an algorithm stronger than SHA1 when possible.") ?> </td> @@ -905,12 +969,13 @@ function internalca_change() { <td align="left"> <select name='csr_dn_country' class="formselect"> <?php - foreach( $dn_cc as $cc){ + foreach ($dn_cc as $cc) { $selected = ""; - if ($pconfig['csr_dn_country'] == $cc) + if ($pconfig['csr_dn_country'] == $cc) { $selected = " selected=\"selected\""; - print "<option value=\"$cc\"$selected>$cc</option>"; } + print "<option value=\"$cc\"$selected>$cc</option>"; + } ?> </select> </td> @@ -990,20 +1055,27 @@ function internalca_change() { $caname = ""; $inuse = ""; $revoked = ""; - if (isset($userid) && in_array($cert['refid'], $config['system']['user'][$userid]['cert'])) + if (isset($userid) && in_array($cert['refid'], $config['system']['user'][$userid]['cert'])) { continue; + } $ca = lookup_ca($cert['caref']); - if ($ca) + if ($ca) { $caname = " (CA: {$ca['descr']})"; - if ($pconfig['certref'] == $cert['refid']) + } + if ($pconfig['certref'] == $cert['refid']) { $selected = " selected=\"selected\""; - if (cert_in_use($cert['refid'])) + } + if (cert_in_use($cert['refid'])) { $inuse = " *In Use"; - if (is_cert_revoked($cert)) + } + if (is_cert_revoked($cert)) { $revoked = " *Revoked"; + } ?> <option value="<?=$cert['refid'];?>"<?=$selected;?>><?=$cert['descr'] . $caname . $inuse . $revoked;?></option> - <?php endforeach; ?> + <?php + endforeach; + ?> </select> </td> </tr> @@ -1058,7 +1130,7 @@ function internalca_change() { <tr> <td width="22%" valign="top"> </td> <td width="78%"> - <?php /* if ( isset($subject_mismatch) && $subject_mismatch === true): ?> + <?php /* if (isset($subject_mismatch) && $subject_mismatch === true): ?> <input id="ignoresubjectmismatch" name="ignoresubjectmismatch" type="checkbox" class="formbtn" value="yes" /> <label for="ignoresubjectmismatch"><strong><?=gettext("Ignore certificate subject mismatch"); ?></strong></label><br /> <?php echo gettext("Warning: Using this option may create an " . @@ -1092,19 +1164,20 @@ function internalca_change() { $pluginparams['event'] = 'used_certificates'; $certificates_used_by_packages = pkg_call_plugins('plugin_certificates', $pluginparams); $i = 0; - foreach($a_cert as $cert): + foreach ($a_cert as $cert): $name = htmlspecialchars($cert['descr']); - + if ($cert['crt']) { $subj = cert_get_subject($cert['crt']); $issuer = cert_get_issuer($cert['crt']); $purpose = cert_get_purpose($cert['crt']); list($startdate, $enddate) = cert_get_dates($cert['crt']); - if($subj==$issuer) + if ($subj == $issuer) { $caname = "<em>" . gettext("self-signed") . "</em>"; - else - $caname = "<em>" . gettext("external"). "</em>"; - $subj = htmlspecialchars($subj); + } else { + $caname = "<em>" . gettext("external"). "</em>"; + } + $subj = htmlspecialchars($subj); } if ($cert['csr']) { @@ -1113,13 +1186,15 @@ function internalca_change() { } $ca = lookup_ca($cert['caref']); - if ($ca) + if ($ca) { $caname = $ca['descr']; + } - if($cert['prv']) + if ($cert['prv']) { $certimg = "/themes/{$g['theme']}/images/icons/icon_frmfld_cert.png"; - else + } else { $certimg = "/themes/{$g['theme']}/images/icons/icon_frmfld_cert.png"; + } ?> <tr> <td class="listlr"> @@ -1134,13 +1209,17 @@ function internalca_change() { </tr> <tr><td> </td></tr> <?php if ($cert['type']): ?> - <tr><td colspan="2"><em><?php echo $cert_types[$cert['type']]; ?></em></td></tr> + <tr> + <td colspan="2"><em><?php echo $cert_types[$cert['type']]; ?></em></td> + </tr> <?php endif; ?> <?php if (is_array($purpose)): ?> - <tr><td colspan="2"> - CA: <?php echo $purpose['ca']; ?>, - Server: <?php echo $purpose['server']; ?> - </td></tr> + <tr> + <td colspan="2"> + CA: <?php echo $purpose['ca']; ?>, + Server: <?php echo $purpose['server']; ?> + </td> + </tr> <?php endif; ?> </table> </td> @@ -1183,18 +1262,20 @@ function internalca_change() { <?php endif; ?> <? $refid = $cert['refid']; - if (is_array($certificates_used_by_packages)) - foreach($certificates_used_by_packages as $name => $package){ - if(isset($package['certificatelist'][$refid])){ - $hint = "" ; - if (is_array($package['certificatelist'][$refid])) - foreach($package['certificatelist'][$refid] as $cert_used){ - $hint = $hint . $cert_used['usedby']."\n"; + if (is_array($certificates_used_by_packages)) { + foreach ($certificates_used_by_packages as $name => $package) { + if (isset($package['certificatelist'][$refid])) { + $hint = "" ; + if (is_array($package['certificatelist'][$refid])) { + foreach ($package['certificatelist'][$refid] as $cert_used) { + $hint = $hint . $cert_used['usedby']."\n"; + } + } + $count = count($package['certificatelist'][$refid]); + echo "<div title='".htmlspecialchars($hint)."'>"; + echo htmlspecialchars($package['pkgname'])." ($count)<br />"; + echo "</div>"; } - $count = count($package['certificatelist'][$refid]); - echo "<div title='".htmlspecialchars($hint)."'>"; - echo htmlspecialchars($package['pkgname'])." ($count)<br />"; - echo "</div>"; } } ?> diff --git a/usr/local/www/system_crlmanager.php b/usr/local/www/system_crlmanager.php index 8438ede..1eb9394 100644 --- a/usr/local/www/system_crlmanager.php +++ b/usr/local/www/system_crlmanager.php @@ -1,21 +1,21 @@ <?php /* system_crlmanager.php - + Copyright (C) 2010 Jim Pingle Copyright (C) 2013-2015 Electric Sheep Fencing, LP All rights reserved. - + Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: - + 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. - + 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. - + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE @@ -50,36 +50,45 @@ $crl_methods = array( "internal" => gettext("Create an internal Certificate Revocation List"), "existing" => gettext("Import an existing Certificate Revocation List")); -if (ctype_alnum($_GET['id'])) +if (ctype_alnum($_GET['id'])) { $id = $_GET['id']; -if (isset($_POST['id']) && ctype_alnum($_POST['id'])) +} +if (isset($_POST['id']) && ctype_alnum($_POST['id'])) { $id = $_POST['id']; +} -if (!is_array($config['ca'])) +if (!is_array($config['ca'])) { $config['ca'] = array(); +} $a_ca =& $config['ca']; -if (!is_array($config['cert'])) +if (!is_array($config['cert'])) { $config['cert'] = array(); +} $a_cert =& $config['cert']; -if (!is_array($config['crl'])) +if (!is_array($config['crl'])) { $config['crl'] = array(); +} $a_crl =& $config['crl']; -foreach ($a_crl as $cid => $acrl) - if (!isset($acrl['refid'])) +foreach ($a_crl as $cid => $acrl) { + if (!isset($acrl['refid'])) { unset ($a_crl[$cid]); + } +} $act = $_GET['act']; -if ($_POST['act']) +if ($_POST['act']) { $act = $_POST['act']; +} -if (!empty($id)) +if (!empty($id)) { $thiscrl =& lookup_crl($id); +} // If we were given an invalid crlref in the id, no sense in continuing as it would only cause errors. if (!$thiscrl && (($act != "") && ($act != "new"))) { @@ -93,9 +102,11 @@ if ($act == "del") { if (crl_in_use($id)) { $savemsg = sprintf(gettext("Certificate Revocation List %s is in use and cannot be deleted"), $name) . "<br />"; } else { - foreach ($a_crl as $cid => $acrl) - if ($acrl['refid'] == $thiscrl['refid']) + foreach ($a_crl as $cid => $acrl) { + if ($acrl['refid'] == $thiscrl['refid']) { unset($a_crl[$cid]); + } + } write_config("Deleted CRL {$name}."); $savemsg = sprintf(gettext("Certificate Revocation List %s successfully deleted"), $name) . "<br />"; } @@ -192,15 +203,15 @@ if ($_POST) { if (($pconfig['method'] == "existing") || ($act == "editimported")) { $reqdfields = explode(" ", "descr crltext"); $reqdfieldsn = array( - gettext("Descriptive name"), - gettext("Certificate Revocation List data")); + gettext("Descriptive name"), + gettext("Certificate Revocation List data")); } if ($pconfig['method'] == "internal") { $reqdfields = explode(" ", - "descr caref"); + "descr caref"); $reqdfieldsn = array( - gettext("Descriptive name"), - gettext("Certificate Authority")); + gettext("Descriptive name"), + gettext("Certificate Authority")); } do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors); @@ -238,8 +249,9 @@ if ($_POST) { $crl['cert'] = array(); } - if (!$thiscrl) + if (!$thiscrl) { $a_crl[] = $crl; + } write_config("Saved CRL {$crl['descr']}"); openvpn_refresh_crls(); @@ -274,10 +286,12 @@ function method_change() { //]]> </script> <?php - if ($input_errors) + if ($input_errors) { print_input_errors($input_errors); - if ($savemsg) + } + if ($savemsg) { print_info_box($savemsg); + } ?> <table width="100%" border="0" cellpadding="0" cellspacing="0" summary="CRL manager"> <tr> @@ -295,7 +309,9 @@ function method_change() { <td id="mainarea"> <div class="tabcont"> - <?php if ($act == "new" || $act == gettext("Save") || $input_errors): ?> +<?php + if ($act == "new" || $act == gettext("Save") || $input_errors): +?> <form action="system_crlmanager.php" method="post" name="iform" id="iform"> <table width="100%" border="0" cellpadding="6" cellspacing="0" summary="main area"> @@ -306,18 +322,22 @@ function method_change() { <select name='method' id='method' class="formselect" onchange='method_change()'> <?php $rowIndex = 0; - foreach($crl_methods as $method => $desc): - if (($_GET['importonly'] == "yes") && ($method != "existing")) - continue; - $selected = ""; - if ($pconfig['method'] == $method) - $selected = "selected=\"selected\""; - $rowIndex++; + foreach ($crl_methods as $method => $desc): + if (($_GET['importonly'] == "yes") && ($method != "existing")) { + continue; + } + $selected = ""; + if ($pconfig['method'] == $method) { + $selected = "selected=\"selected\""; + } + $rowIndex++; ?> <option value="<?=$method;?>" <?=$selected;?>><?=$desc;?></option> - <?php endforeach; - if ($rowIndex == 0) - echo "<option></option>"; + <?php + endforeach; + if ($rowIndex == 0) { + echo "<option></option>"; + } ?> </select> </td> @@ -335,16 +355,19 @@ function method_change() { <select name='caref' id='caref' class="formselect"> <?php $rowIndex = 0; - foreach($a_ca as $ca): - $selected = ""; - if ($pconfig['caref'] == $ca['refid']) - $selected = "selected=\"selected\""; - $rowIndex++; + foreach ($a_ca as $ca): + $selected = ""; + if ($pconfig['caref'] == $ca['refid']) { + $selected = "selected=\"selected\""; + } + $rowIndex++; ?> <option value="<?=$ca['refid'];?>" <?=$selected;?>><?=$ca['descr'];?></option> - <?php endforeach; - if ($rowIndex == 0) - echo "<option></option>"; + <?php + endforeach; + if ($rowIndex == 0) { + echo "<option></option>"; + } ?> </select> </td> @@ -406,8 +429,10 @@ function method_change() { </tr> </table> </form> - <?php elseif ($act == "editimported"): ?> - <?php $crl = $thiscrl; ?> +<?php + elseif ($act == "editimported"): + $crl = $thiscrl; +?> <form action="system_crlmanager.php" method="post" name="iform" id="iform"> <table width="100%" border="0" cellpadding="6" cellspacing="0" id="editimported" summary="import"> <tr> @@ -438,8 +463,10 @@ function method_change() { </table> </form> - <?php elseif ($act == "edit"): ?> - <?php $crl = $thiscrl; ?> +<?php + elseif ($act == "edit"): + $crl = $thiscrl; +?> <form action="system_crlmanager.php" method="post" name="iform" id="iform"> <table width="100%" border="0" cellpadding="0" cellspacing="0" summary="revoke"> <thead> @@ -456,16 +483,18 @@ function method_change() { </thead> <tbody> <?php /* List Certs on CRL */ - if (!is_array($crl['cert']) || (count($crl['cert']) == 0)): ?> + if (!is_array($crl['cert']) || (count($crl['cert']) == 0)): + ?> <tr> <td class="listlr" colspan="3"> <?php echo gettext("No Certificates Found for this CRL."); ?> </td> <td class="list"> </td> </tr> - <?php else: - foreach($crl['cert'] as $i => $cert): - $name = htmlspecialchars($cert['descr']); + <?php + else: + foreach ($crl['cert'] as $i => $cert): + $name = htmlspecialchars($cert['descr']); ?> <tr> <td class="listlr"> @@ -483,16 +512,18 @@ function method_change() { </a> </td> </tr> - <?php - endforeach; + <?php + endforeach; endif; - ?> + ?> <?php /* Drop-down with other certs from this CA. */ // Map Certs to CAs in one pass $ca_certs = array(); - foreach($a_cert as $cert) - if ($cert['caref'] == $crl['caref']) + foreach ($a_cert as $cert) { + if ($cert['caref'] == $crl['caref']) { $ca_certs[] = $cert; + } + } if (count($ca_certs) == 0): ?> <tr> <td class="listlr" colspan="3"> @@ -500,27 +531,38 @@ function method_change() { </td> <td class="list"> </td> </tr> - <?php else: ?> + <?php + else: + ?> <tr> <td class="listlr" colspan="3" align="center"> - <b><?php echo gettext("Choose a Certificate to Revoke"); ?></b>: <select name='certref' id='certref' class="formselect"> + <b><?php echo gettext("Choose a Certificate to Revoke"); ?></b>: + <select name='certref' id='certref' class="formselect"> <?php $rowIndex = 0; - foreach($ca_certs as $cert): - $rowIndex++; ?> - <option value="<?=$cert['refid'];?>"><?=htmlspecialchars($cert['descr'])?></option> - <?php endforeach; - if ($rowIndex == 0) - echo "<option></option>"; ?> + foreach ($ca_certs as $cert): + $rowIndex++; + ?> + <option value="<?=$cert['refid'];?>"><?=htmlspecialchars($cert['descr'])?></option> + <?php + endforeach; + if ($rowIndex == 0) { + echo "<option></option>"; + } + ?> </select> <b><?php echo gettext("Reason");?></b>: <select name='crlreason' id='crlreason' class="formselect"> <?php $rowIndex = 0; - foreach($openssl_crl_status as $code => $reason): - $rowIndex++; ?> - <option value="<?= $code ?>"><?= htmlspecialchars($reason) ?></option> - <?php endforeach; - if ($rowIndex == 0) - echo "<option></option>"; ?> + foreach ($openssl_crl_status as $code => $reason): + $rowIndex++; + ?> + <option value="<?= $code ?>"><?= htmlspecialchars($reason) ?></option> + <?php + endforeach; + if ($rowIndex == 0) { + echo "<option></option>"; + } + ?> </select> <input name="act" type="hidden" value="addcert" /> <input name="crlref" type="hidden" value="<?=$crl['refid'];?>" /> @@ -529,12 +571,15 @@ function method_change() { </td> <td class="list"> </td> </tr> - <?php endif; ?> + <?php + endif; + ?> </tbody> </table> </form> - <?php else: ?> - +<?php + else: +?> <table width="100%" border="0" cellpadding="0" cellspacing="0" summary="ocpms"> <thead> <tr> @@ -553,23 +598,26 @@ function method_change() { </p> </td> </tr> - </tfoot> <tbody> - <?php - $caimg = "/themes/{$g['theme']}/images/icons/icon_frmfld_cert.png"; - // Map CRLs to CAs in one pass - $ca_crl_map = array(); - foreach($a_crl as $crl) - $ca_crl_map[$crl['caref']][] = $crl['refid']; - - $i = 0; - foreach($a_ca as $ca): - $name = htmlspecialchars($ca['descr']); - - if($ca['prv']) { - $cainternal = "YES"; - } else - $cainternal = "NO"; - ?> + </tfoot> + <tbody> + <?php + $caimg = "/themes/{$g['theme']}/images/icons/icon_frmfld_cert.png"; + // Map CRLs to CAs in one pass + $ca_crl_map = array(); + foreach ($a_crl as $crl) { + $ca_crl_map[$crl['caref']][] = $crl['refid']; + } + + $i = 0; + foreach ($a_ca as $ca): + $name = htmlspecialchars($ca['descr']); + + if ($ca['prv']) { + $cainternal = "YES"; + } else { + $cainternal = "NO"; + } + ?> <tr> <td class="listlr" colspan="4"> <table border="0" cellpadding="0" cellspacing="0" summary="icon"> @@ -586,19 +634,18 @@ function method_change() { <td class="list"> <?php if ($cainternal == "YES"): ?> <a href="system_crlmanager.php?act=new&caref=<?php echo $ca['refid']; ?>"> - <img src="/themes/<?= $g['theme'];?>/images/icons/icon_plus.gif" title="<?php printf(gettext("Add or Import CRL for %s"),$ca['descr']);?>" alt="<?=gettext("add crl");?>" width="17" height="17" border="0" /> + <img src="/themes/<?= $g['theme'];?>/images/icons/icon_plus.gif" title="<?php printf(gettext("Add or Import CRL for %s"), $ca['descr']);?>" alt="<?=gettext("add crl");?>" width="17" height="17" border="0" /> </a> <?php else: ?> <a href="system_crlmanager.php?act=new&caref=<?php echo $ca['refid']; ?>&importonly=yes"> - <img src="/themes/<?= $g['theme'];?>/images/icons/icon_plus.gif" title="<?php printf(gettext("Import CRL for %s"),$ca['descr']);?>" alt="<?=gettext("add crl");?>" width="17" height="17" border="0" /> + <img src="/themes/<?= $g['theme'];?>/images/icons/icon_plus.gif" title="<?php printf(gettext("Import CRL for %s"), $ca['descr']);?>" alt="<?=gettext("add crl");?>" width="17" height="17" border="0" /> </a> <?php endif; ?> </td> </tr> - <?php if (is_array($ca_crl_map[$ca['refid']])): - foreach($ca_crl_map[$ca['refid']] as $crl): + foreach ($ca_crl_map[$ca['refid']] as $crl): $tmpcrl = lookup_crl($crl); $internal = is_crl_internal($tmpcrl); $inuse = crl_in_use($tmpcrl['refid']); @@ -633,15 +680,19 @@ function method_change() { endforeach; endif; ?> - <tr><td colspan="5"> </td></tr> - <?php - $i++; - endforeach; - ?> + <tr> + <td colspan="5"> </td> + </tr> + <?php + $i++; + endforeach; + ?> </tbody> </table> - <?php endif; ?> +<?php + endif; +?> </div> </td> |