diff options
Diffstat (limited to 'src/usr/local/www/system_camanager.php')
-rw-r--r-- | src/usr/local/www/system_camanager.php | 697 |
1 files changed, 266 insertions, 431 deletions
diff --git a/src/usr/local/www/system_camanager.php b/src/usr/local/www/system_camanager.php index 368b30c..f2bb3e5 100644 --- a/src/usr/local/www/system_camanager.php +++ b/src/usr/local/www/system_camanager.php @@ -269,7 +269,7 @@ if ($_POST) { $ca['descr'] = $pconfig['descr']; - if ($_POST['edit'] == "edit") { + if ($act == "edit") { $ca['descr'] = $pconfig['descr']; $ca['refid'] = $pconfig['refid']; $ca['serial'] = $pconfig['serial']; @@ -329,442 +329,277 @@ if ($_POST) { } include("head.inc"); -?> -<body link="#0000CC" vlink="#0000CC" alink="#0000CC" onload="<?= $jsevents["body"]["onload"] ?>"> -<?php include("fbegin.inc"); ?> -<script type="text/javascript"> -//<![CDATA[ - -function method_change() { - - method = document.iform.method.selectedIndex; - - switch (method) { - case 0: - document.getElementById("existing").style.display=""; - document.getElementById("internal").style.display="none"; - document.getElementById("intermediate").style.display="none"; - break; - case 1: - document.getElementById("existing").style.display="none"; - document.getElementById("internal").style.display=""; - document.getElementById("intermediate").style.display="none"; - break; - case 2: - document.getElementById("existing").style.display="none"; - document.getElementById("internal").style.display=""; - document.getElementById("intermediate").style.display=""; - break; - } +if ($input_errors) + print_input_errors($input_errors); +if ($savemsg) + print_info_box($savemsg); + +// Load valid country codes +$dn_cc = array(); +if (file_exists("/etc/ca_countries")){ + $dn_cc_file=file("/etc/ca_countries"); + foreach($dn_cc_file as $line) + if (preg_match('/^(\S*)\s(.*)$/', $line, $matches)) + array_push($dn_cc, $matches[1]); } -//]]> -</script> -<?php - if ($input_errors) { - print_input_errors($input_errors); - } - if ($savemsg) { - print_info_box($savemsg); - } +$tab_array = array(); +$tab_array[] = array(gettext("CAs"), true, "system_camanager.php"); +$tab_array[] = array(gettext("Certificates"), false, "system_certmanager.php"); +$tab_array[] = array(gettext("Certificate Revocation"), false, "system_crlmanager.php"); +display_top_tabs($tab_array); - // Load valid country codes - $dn_cc = array(); - if (file_exists("/etc/ca_countries")) { - $dn_cc_file=file("/etc/ca_countries"); - foreach ($dn_cc_file as $line) { - if (preg_match('/^(\S*)\s(.*)$/', $line, $matches)) { - array_push($dn_cc, $matches[1]); - } - } - } +if (!($act == "new" || $act == "edit" || $act == gettext("Save") || $input_errors)) +{ +?> +<div class="table-responsive"> +<table class="table table-striped table-hover"> + <thead> + <tr> + <th><?=gettext("Name")?></th> + <th><?=gettext("Internal")?></th> + <th><?=gettext("Issuer")?></th> + <th><?=gettext("Certificates")?></th> + <th><?=gettext("Distinguished Name")?></th> + <th></th> + </tr> + </thead> + <tbody> +<?php +foreach ($a_ca as $i => $ca): + $name = htmlspecialchars($ca['descr']); + $subj = cert_get_subject($ca['crt']); + $issuer = cert_get_issuer($ca['crt']); + list($startdate, $enddate) = cert_get_dates($ca['crt']); + if ($subj == $issuer) + $issuer_name = gettext("self-signed"); + else + $issuer_name = gettext("external"); + $subj = htmlspecialchars($subj); + $issuer = htmlspecialchars($issuer); + $certcount = 0; + + $issuer_ca = lookup_ca($ca['caref']); + if ($issuer_ca) + $issuer_name = $issuer_ca['descr']; + + // TODO : Need gray certificate icon + $internal = (!!$ca['prv']); + + foreach ($a_cert as $cert) + if ($cert['caref'] == $ca['refid']) + $certcount++; + + foreach ($a_ca as $cert) + if ($cert['caref'] == $ca['refid']) + $certcount++; ?> -<table width="100%" border="0" cellpadding="0" cellspacing="0" summary="CA manager"> - <tr> - <td> - <?php - $tab_array = array(); - $tab_array[] = array(gettext("CAs"), true, "system_camanager.php"); - $tab_array[] = array(gettext("Certificates"), false, "system_certmanager.php"); - $tab_array[] = array(gettext("Certificate Revocation"), false, "system_crlmanager.php"); - display_top_tabs($tab_array); - ?> - </td> - </tr> - <tr> - <td id="mainarea"> - <div class="tabcont"> - - <?php if ($act == "new" || $act == "edit" || $act == gettext("Save") || $input_errors): ?> - - <form action="system_camanager.php" method="post" name="iform" id="iform"> - <?php if ($act == "edit"): ?> - <input type="hidden" name="edit" value="edit" id="edit" /> - <input type="hidden" name="id" value="<?php echo htmlspecialchars($id); ?>" id="id" /> - <input type="hidden" name="refid" value="<?php echo $pconfig['refid']; ?>" id="refid" /> - <?php endif; ?> - <table width="100%" border="0" cellpadding="6" cellspacing="0" summary="main area"> - <tr> - <td width="22%" valign="top" class="vncellreq"><?=gettext("Descriptive name");?></td> - <td width="78%" class="vtable"> - <input name="descr" type="text" class="formfld unknown" id="descr" size="20" value="<?=htmlspecialchars($pconfig['descr']);?>"/> - </td> - </tr> - <?php if (!isset($id) || $act == "edit"): ?> - <tr> - <td width="22%" valign="top" class="vncellreq"><?=gettext("Method");?></td> - <td width="78%" class="vtable"> - <select name='method' id='method' class="formselect" onchange='method_change()'> - <?php - foreach ($ca_methods as $method => $desc): - $selected = ""; - if ($pconfig['method'] == $method) { - $selected = " selected=\"selected\""; - } - ?> - <option value="<?=$method;?>"<?=$selected;?>><?=$desc;?></option> - <?php - endforeach; - ?> - </select> - </td> - </tr> - <?php endif; ?> - </table> - - <table width="100%" border="0" cellpadding="6" cellspacing="0" id="existing" summary="existing"> - <tr> - <td colspan="2" class="list" height="12"></td> - </tr> - <tr> - <td colspan="2" valign="top" class="listtopic"><?=gettext("Existing Certificate Authority");?></td> - </tr> - - <tr> - <td width="22%" valign="top" class="vncellreq"><?=gettext("Certificate data");?></td> - <td width="78%" class="vtable"> - <textarea name="cert" id="cert" cols="65" rows="7" class="formfld_cert"><?=htmlspecialchars($pconfig['cert']);?></textarea> - <br /> - <?=gettext("Paste a certificate in X.509 PEM format here.");?> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq"><?=gettext("Certificate Private Key");?><br /><?=gettext("(optional)");?></td> - <td width="78%" class="vtable"> - <textarea name="key" id="key" cols="65" rows="7" class="formfld_cert"><?=htmlspecialchars($pconfig['key']);?></textarea> - <br /> - <?=gettext("Paste the private key for the above certificate here. This is optional in most cases, but required if you need to generate a Certificate Revocation List (CRL).");?> - </td> - </tr> - - <?php if (!isset($id) || $act == "edit"): ?> - <tr> - <td width="22%" valign="top" class="vncellreq"><?=gettext("Serial for next certificate");?></td> - <td width="78%" class="vtable"> - <input name="serial" type="text" class="formfld unknown" id="serial" size="20" value="<?=htmlspecialchars($pconfig['serial']);?>"/> - <br /><?=gettext("Enter a decimal number to be used as the serial number for the next certificate to be created using this CA.");?> - </td> - </tr> - <?php endif; ?> - </table> - - <table width="100%" border="0" cellpadding="6" cellspacing="0" id="internal" summary="internal"> - <tr> - <td colspan="2" class="list" height="12"></td> - </tr> - <tr> - <td colspan="2" valign="top" class="listtopic"><?=gettext("Internal Certificate Authority");?></td> - </tr> - <tr id='intermediate'> - <td width="22%" valign="top" class="vncellreq"><?=gettext("Signing Certificate Authority");?></td> - <td width="78%" class="vtable"> - <select name='caref' id='caref' class="formselect" onchange='internalca_change()'> - <?php - foreach ($a_ca as $ca): - if (!$ca['prv']) { - continue; - } - $selected = ""; - if ($pconfig['caref'] == $ca['refid']) { - $selected = " selected=\"selected\""; - } - ?> - <option value="<?=$ca['refid'];?>"<?=$selected;?>><?=htmlspecialchars($ca['descr']);?></option> - <?php - endforeach; - ?> - </select> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq"><?=gettext("Key length");?></td> - <td width="78%" class="vtable"> - <select name='keylen' id='keylen' class="formselect"> - <?php - foreach ($ca_keylens as $len): - $selected = ""; - if ($pconfig['keylen'] == $len) { - $selected = " selected=\"selected\""; - } - ?> - <option value="<?=$len;?>"<?=$selected;?>><?=$len;?></option> - <?php - endforeach; - ?> - </select> - <?=gettext("bits");?> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq"><?=gettext("Digest Algorithm");?></td> - <td width="78%" class="vtable"> - <select name='digest_alg' id='digest_alg' class="formselect"> - <?php - foreach ($openssl_digest_algs as $digest_alg): - $selected = ""; - if ($pconfig['digest_alg'] == $digest_alg) { - $selected = " selected=\"selected\""; - } - ?> - <option value="<?=$digest_alg;?>"<?=$selected;?>><?=strtoupper($digest_alg);?></option> - <?php - endforeach; - ?> - </select> - <br /><?= gettext("NOTE: It is recommended to use an algorithm stronger than SHA1 when possible.") ?> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq"><?=gettext("Lifetime");?></td> - <td width="78%" class="vtable"> - <input name="lifetime" type="text" class="formfld unknown" id="lifetime" size="5" value="<?=htmlspecialchars($pconfig['lifetime']);?>"/> - <?=gettext("days");?> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq"><?=gettext("Distinguished name");?></td> - <td width="78%" class="vtable"> - <table border="0" cellspacing="0" cellpadding="2" summary="name"> - <tr> - <td align="right"><?=gettext("Country Code");?> : </td> - <td align="left"> - <select name='dn_country' class="formselect"> - <?php - foreach ($dn_cc as $cc) { - $selected = ""; - if ($pconfig['dn_country'] == $cc) { - $selected = " selected=\"selected\""; - } - print "<option value=\"$cc\"$selected>$cc</option>"; - } - ?> - </select> - </td> - </tr> - <tr> - <td align="right"><?=gettext("State or Province");?> : </td> - <td align="left"> - <input name="dn_state" type="text" class="formfld unknown" size="40" value="<?=htmlspecialchars($pconfig['dn_state']);?>"/> - - <em><?=gettext("ex:");?></em> - - <?=gettext("Texas");?> - </td> - </tr> - <tr> - <td align="right"><?=gettext("City");?> : </td> - <td align="left"> - <input name="dn_city" type="text" class="formfld unknown" size="40" value="<?=htmlspecialchars($pconfig['dn_city']);?>"/> - - <em><?=gettext("ex:");?></em> - - <?=gettext("Austin");?> - </td> - </tr> - <tr> - <td align="right"><?=gettext("Organization");?> : </td> - <td align="left"> - <input name="dn_organization" type="text" class="formfld unknown" size="40" value="<?=htmlspecialchars($pconfig['dn_organization']);?>"/> - - <em><?=gettext("ex:");?></em> - - <?=gettext("My Company Inc.");?> - </td> - </tr> - <tr> - <td align="right"><?=gettext("Email Address");?> : </td> - <td align="left"> - <input name="dn_email" type="text" class="formfld unknown" size="25" value="<?=htmlspecialchars($pconfig['dn_email']);?>"/> - - <em><?=gettext("ex:");?></em> - - <?=gettext("admin@mycompany.com");?> - </td> - </tr> - <tr> - <td align="right"><?=gettext("Common Name");?> : </td> - <td align="left"> - <input name="dn_commonname" type="text" class="formfld unknown" size="25" value="<?=htmlspecialchars($pconfig['dn_commonname']);?>"/> - - <em><?=gettext("ex:");?></em> - - <?=gettext("internal-ca");?> - </td> - </tr> - </table> - </td> - </tr> - </table> - - <table width="100%" border="0" cellpadding="6" cellspacing="0" summary="save"> - <tr> - <td width="22%" valign="top"> </td> - <td width="78%"> - <input id="submit" name="save" type="submit" class="formbtn" value="<?=gettext("Save"); ?>" /> - <?php if (isset($id) && $a_ca[$id]): ?> - <input name="id" type="hidden" value="<?=htmlspecialchars($id);?>" /> - <?php endif;?> - </td> - </tr> - </table> - </form> - - <?php else: ?> - - <table width="100%" border="0" cellpadding="0" cellspacing="0" summary=""> - <tr> - <td width="20%" class="listhdrr"><?=gettext("Name");?></td> - <td width="10%" class="listhdrr"><?=gettext("Internal");?></td> - <td width="10%" class="listhdrr"><?=gettext("Issuer");?></td> - <td width="10%" class="listhdrr"><?=gettext("Certificates");?></td> - <td width="40%" class="listhdrr"><?=gettext("Distinguished Name");?></td> - <td width="10%" class="list"></td> - </tr> - <?php - $i = 0; - foreach ($a_ca as $ca): - $name = htmlspecialchars($ca['descr']); - $subj = cert_get_subject($ca['crt']); - $issuer = cert_get_issuer($ca['crt']); - list($startdate, $enddate) = cert_get_dates($ca['crt']); - if ($subj == $issuer) { - $issuer_name = "<em>" . gettext("self-signed") . "</em>"; - } else { - $issuer_name = "<em>" . gettext("external") . "</em>"; - } - $subj = htmlspecialchars($subj); - $issuer = htmlspecialchars($issuer); - $certcount = 0; - - $issuer_ca = lookup_ca($ca['caref']); - if ($issuer_ca) { - $issuer_name = htmlspecialchars($issuer_ca['descr']); - } - - // TODO : Need gray certificate icon - - if ($ca['prv']) { - $caimg = "/themes/{$g['theme']}/images/icons/icon_frmfld_cert.png"; - $internal = "YES"; - - } else { - $caimg = "/themes/{$g['theme']}/images/icons/icon_frmfld_cert.png"; - $internal = "NO"; - } - foreach ($a_cert as $cert) { - if ($cert['caref'] == $ca['refid']) { - $certcount++; - } - } - foreach ($a_ca as $cert) { - if ($cert['caref'] == $ca['refid']) { - $certcount++; - } - } - ?> - <tr> - <td class="listlr"> - <table border="0" cellpadding="0" cellspacing="0" summary="icon"> - <tr> - <td align="left" valign="middle"> - <img src="<?=$caimg;?>" alt="CA" title="CA" border="0" height="16" width="16" /> - </td> - <td align="left" valign="middle"> - <?=$name;?> - </td> - </tr> - </table> - </td> - <td class="listr"><?=$internal;?> </td> - <td class="listr"><?=$issuer_name;?> </td> - <td class="listr"><?=$certcount;?> </td> - <td class="listr"><?=$subj;?><br /> - <table width="100%" style="font-size: 9px" summary="valid"> - <tr> - <td width="10%"> </td> - <td width="20%"><?=gettext("Valid From")?>:</td> - <td width="70%"><?= $startdate ?></td> - </tr> - <tr> - <td> </td> - <td><?=gettext("Valid Until")?>:</td> - <td><?= $enddate ?></td> - </tr> - </table> - </td> - <td valign="middle" class="list nowrap"> - <a href="system_camanager.php?act=edit&id=<?=$i;?>"> - <img src="/themes/<?= $g['theme'];?>/images/icons/icon_e.gif" title="<?=gettext("edit CA");?>" alt="<?=gettext("edit CA");?>" width="17" height="17" border="0" /> - </a> - <a href="system_camanager.php?act=exp&id=<?=$i;?>"> - <img src="/themes/<?= $g['theme'];?>/images/icons/icon_down.gif" title="<?=gettext("export CA cert");?>" alt="<?=gettext("export CA cert");?>" width="17" height="17" border="0" /> - </a> - <?php if ($ca['prv']): ?> - <a href="system_camanager.php?act=expkey&id=<?=$i;?>"> - <img src="/themes/<?= $g['theme'];?>/images/icons/icon_down.gif" title="<?=gettext("export CA private key");?>" alt="<?=gettext("export CA private key");?>" width="17" height="17" border="0" /> - </a> - <?php endif; ?> - <a href="system_camanager.php?act=del&id=<?=$i;?>" onclick="return confirm('<?=gettext("Do you really want to delete this Certificate Authority and its CRLs, and unreference any associated certificates?");?>')"> - <img src="/themes/<?= $g['theme'];?>/images/icons/icon_x.gif" title="<?=gettext("delete ca");?>" alt="<?=gettext("delete ca"); ?>" width="17" height="17" border="0" /> - </a> - </td> - </tr> - <?php - $i++; - endforeach; - ?> - <tr> - <td class="list" colspan="5"></td> - <td class="list"> - <a href="system_camanager.php?act=new"> - <img src="/themes/<?= $g['theme'];?>/images/icons/icon_plus.gif" title="<?=gettext("add or import ca");?>" alt="<?=gettext("add ca");?>" width="17" height="17" border="0" /> - </a> - </td> - </tr> - <tr> - <td colspan="5"> - <p> - <?=gettext("Additional trusted Certificate Authorities can be added here.");?> - </p> - </td> - </tr> - </table> - - <?php endif; ?> - - </div> - </td> - </tr> + <tr> + <td><?=$name?></td> + <td><?=$internal?></td> + <td><i><?=$issuer_name?></i></td> + <td><?=$certcount?></td> + <td> + <?=$subj?> + <br /> + <small> + <?=gettext("Valid From")?>: <b><?=$startdate ?></b>, <?=gettext("Valid Until")?>: <b><?=$enddate ?></b> + </small> + </td> + <td> + <a href="system_camanager.php?act=edit&id=<?=$i?>" class="btn btn-xs btn-primary"> + <?=gettext("edit")?> + </a> + <a href="system_camanager.php?act=exp&id=<?=$i?>" class="btn btn-xs btn-default"> + <?=gettext("export cert")?> + </a> + <?php if ($ca['prv']): ?> + <a href="system_camanager.php?act=expkey&id=<?=$i?>" class="btn btn-xs btn-default"> + <?=gettext("export private key")?> + </a> + <?php endif?> + <a href="system_camanager.php?act=del&id=<?=$i?>" class="btn btn-xs btn-danger"> + <?=gettext("delete")?> + </a> + </td> + </tr> +<?php endforeach; ?> + </tbody> </table> -<?php include("fend.inc");?> -<script type="text/javascript"> -//<![CDATA[ -method_change(); +<nav class="action-buttons"> + <a href="?act=new" class="btn btn-success">add new</a> +</nav> +<? + include("foot.inc"); + exit; +} -//]]> -</script> +require('classes/Form.class.php'); +$form = new Form; +$form->setAction('system_camanager.php?act=edit'); +if (isset($id) && $a_ca[$id]) +{ + $form->addGlobal(new Form_Input( + 'id', + null, + 'hidden', + $id + )); +} + +if ($act == "edit") +{ + $form->addGlobal(new Form_Input( + 'refid', + null, + 'hidden', + $pconfig['refid'] + )); +} + +$section = new Form_Section('Create / edit CA'); + +$section->addInput(new Form_Input( + 'descr', + 'Descriptive name', + 'text', + $pconfig['descr'] +)); + +if (!isset($id) || $act == "edit") +{ + $section->addInput(new Form_Select( + 'method', + 'Method', + $pconfig['method'], + $ca_methods + ))->toggles(); +} + +$form->add($section); + +$section = new Form_Section('Existing Certificate Authority'); +$section->addClass('toggle-existing collapse'); + +$section->addInput(new Form_Textarea( + 'cert', + 'Certificate data', + $pconfig['cert'] +))->setHelp('Paste a certificate in X.509 PEM format here.'); + +$section->addInput(new Form_Textarea( + 'key', + 'Certificate Private Key (optional)', + $pconfig['key'] +))->setHelp('Paste the private key for the above certificate here. This is '. + 'optional in most cases, but required if you need to generate a '. + 'Certificate Revocation List (CRL).'); + +$section->addInput(new Form_Input( + 'serial', + 'Serial for next certificate', + 'number', + $pconfig['serial'] +))->setHelp('Enter a decimal number to be used as the serial number for the next '. + 'certificate to be created using this CA.'); + +$form->add($section); + +$section = new Form_Section('Internal Certificate Authority'); +$section->addClass('toggle-internal', 'toggle-intermediate', 'collapse'); + +$allCas = array(); +foreach ($a_ca as $ca) +{ + if (!$ca['prv']) + continue; + + $allCas[ $ca['refid'] ] = $ca['descr']; +} -</body> -</html> +$group = new Form_Group('Signing Certificate Authority'); +$group->addClass('toggle-intermediate'); +$group->add(new Form_Select( + 'caref', + null, + $pconfig['caref'], + $allCas +)); +$section->add($group); + +$section->addInput(new Form_Select( + 'keylen', + 'Key length (bits)', + $pconfig['keylen'], + array_combine($ca_keylens, $ca_keylens) +)); + +$section->addInput(new Form_Select( + 'digest_alg', + 'Digest Algorithm', + $pconfig['digest_alg'], + array_combine($openssl_digest_algs, $openssl_digest_algs) +))->setHelp('NOTE: It is recommended to use an algorithm stronger than SHA1 '. + 'when possible.'); + +$section->addInput(new Form_Input( + 'lifetime', + 'Lifetime (days)', + 'number', + $pconfig['lifetime'] +)); + +$section->addInput(new Form_Select( + 'dn_country', + 'Country Code', + $pconfig['dn_country'], + $dn_cc +)); + +$section->addInput(new Form_Input( + 'dn_state', + 'State or Province', + 'text', + $pconfig['dn_state'], + ['placeholder' => 'e.g. Texas'] +)); + +$section->addInput(new Form_Input( + 'dn_city', + 'City', + 'text', + $pconfig['dn_city'], + ['placeholder' => 'e.g. Austin'] +)); + +$section->addInput(new Form_Input( + 'dn_organization', + 'Organization', + 'text', + $pconfig['dn_organization'], + ['placeholder' => 'e.g. My Company Inc.'] +)); + +$section->addInput(new Form_Input( + 'dn_email', + 'Email Address', + 'email', + $pconfig['dn_email'], + ['placeholder' => 'e.g. admin@mycompany.com'] +)); + +$section->addInput(new Form_Input( + 'dn_commonname', + 'Common Name', + 'text', + $pconfig['dn_commonname'], + ['placeholder' => 'e.g. internal-ca'] +)); + +$form->add($section); + +print $form; + +include('foot.inc');
\ No newline at end of file |