diff options
Diffstat (limited to 'usr/local/www')
-rw-r--r-- | usr/local/www/system_certmanager.php | 191 | ||||
-rw-r--r-- | usr/local/www/system_usermanager.php | 4 |
2 files changed, 138 insertions, 57 deletions
diff --git a/usr/local/www/system_certmanager.php b/usr/local/www/system_certmanager.php index aaed15c..2f953f6 100644 --- a/usr/local/www/system_certmanager.php +++ b/usr/local/www/system_certmanager.php @@ -41,14 +41,25 @@ require("guiconfig.inc"); require_once("certs.inc"); $cert_methods = array( - "existing" => gettext("Import an existing Certificate"), + "import" => gettext("Import an existing Certificate"), "internal" => gettext("Create an internal Certificate"), - "external" => gettext("Create a Certificate Signing Request")); + "external" => gettext("Create a Certificate Signing Request"), +); $cert_keylens = array( "512", "1024", "2048", "4096"); $pgtitle = array(gettext("System"), gettext("Certificate Manager")); +$userid = $_GET['userid']; +if (isset($_POST['userid'])) + $userid = $_POST['userid']; +if ($userid) { + $cert_methods["existing"] = gettext("Choose an existing certificate"); + if (!is_array($config['system']['user'])) + $config['system']['user'] = array(); + $a_user =& $config['system']['user']; +} + $id = $_GET['id']; if (isset($_POST['id'])) $id = $_POST['id']; @@ -139,14 +150,12 @@ if ($act == "csr") { } if ($_POST) { - if ($_POST['save'] == gettext("Save")) { - unset($input_errors); $pconfig = $_POST; /* input validation */ - if ($pconfig['method'] == "existing") { + if ($pconfig['method'] == "import") { $reqdfields = explode(" ", "name cert key"); $reqdfieldsn = array( @@ -187,6 +196,11 @@ if ($_POST) { gettext("Distinguished name Common Name")); } + if ($pconfig['method'] == "existing") { + $reqdfields = array("certref"); + $reqdfieldsn = array(gettext("Existing Certificate Choice")); + } + do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); /* if this is an AJAX caller then handle via JSON */ @@ -198,49 +212,57 @@ if ($_POST) { /* save modifications */ if (!$input_errors) { - $cert = array(); - $cert['refid'] = uniqid(); - if (isset($id) && $a_cert[$id]) - $cert = $a_cert[$id]; - - $cert['name'] = $pconfig['name']; - - if ($pconfig['method'] == "existing") - cert_import($cert, $pconfig['cert'], $pconfig['key']); - - if ($pconfig['method'] == "internal") { - $dn = array( - 'countryName' => $pconfig['dn_country'], - 'stateOrProvinceName' => $pconfig['dn_state'], - 'localityName' => $pconfig['dn_city'], - 'organizationName' => $pconfig['dn_organization'], - 'emailAddress' => $pconfig['dn_email'], - 'commonName' => $pconfig['dn_commonname']); - - cert_create($cert, $pconfig['caref'], $pconfig['keylen'], - $pconfig['lifetime'], $dn); - } - - if ($pconfig['method'] == "external") { - $dn = array( - 'countryName' => $pconfig['csr_dn_country'], - 'stateOrProvinceName' => $pconfig['csr_dn_state'], - 'localityName' => $pconfig['csr_dn_city'], - 'organizationName' => $pconfig['csr_dn_organization'], - 'emailAddress' => $pconfig['csr_dn_email'], - 'commonName' => $pconfig['csr_dn_commonname']); - - csr_generate($cert, $pconfig['csr_keylen'], $dn); + if ($pconfig['method'] == "existing") { + $cert = lookup_cert($pconfig['certref']); + if ($cert && $a_user) + $a_user[$userid]['cert'][] = $cert['refid']; + } else { + $cert = array(); + $cert['refid'] = uniqid(); + if (isset($id) && $a_cert[$id]) + $cert = $a_cert[$id]; + + $cert['name'] = $pconfig['name']; + + if ($pconfig['method'] == "import") + cert_import($cert, $pconfig['cert'], $pconfig['key']); + + if ($pconfig['method'] == "internal") { + $dn = array( + 'countryName' => $pconfig['dn_country'], + 'stateOrProvinceName' => $pconfig['dn_state'], + 'localityName' => $pconfig['dn_city'], + 'organizationName' => $pconfig['dn_organization'], + 'emailAddress' => $pconfig['dn_email'], + 'commonName' => $pconfig['dn_commonname']); + + cert_create($cert, $pconfig['caref'], $pconfig['keylen'], + $pconfig['lifetime'], $dn); + } + + if ($pconfig['method'] == "external") { + $dn = array( + 'countryName' => $pconfig['csr_dn_country'], + 'stateOrProvinceName' => $pconfig['csr_dn_state'], + 'localityName' => $pconfig['csr_dn_city'], + 'organizationName' => $pconfig['csr_dn_organization'], + 'emailAddress' => $pconfig['csr_dn_email'], + 'commonName' => $pconfig['csr_dn_commonname']); + + csr_generate($cert, $pconfig['csr_keylen'], $dn); + } + if (isset($id) && $a_cert[$id]) + $a_cert[$id] = $cert; + else + $a_cert[] = $cert; + if (isset($a_user) && isset($userid)) + $a_user[$userid]['cert'][] = $cert['refid']; } - if (isset($id) && $a_cert[$id]) - $a_cert[$id] = $cert; - else - $a_cert[] = $cert; - write_config(); -// pfSenseHeader("system_certmanager.php"); + if ($userid) + pfSenseHeader("system_usermanager.php?act=edit&id={$userid}"); } } @@ -308,21 +330,35 @@ function method_change() { switch (method) { case 0: - document.getElementById("existing").style.display=""; + document.getElementById("import").style.display=""; document.getElementById("internal").style.display="none"; document.getElementById("external").style.display="none"; + document.getElementById("existing").style.display="none"; + document.getElementById("descriptivename").style.display=""; document.getElementById("submit").style.display=""; break; case 1: - document.getElementById("existing").style.display="none"; + document.getElementById("import").style.display="none"; document.getElementById("internal").style.display=""; document.getElementById("external").style.display="none"; + document.getElementById("existing").style.display="none"; + document.getElementById("descriptivename").style.display=""; document.getElementById("submit").style.display="<?=$submit_style;?>"; break; case 2: - document.getElementById("existing").style.display="none"; + document.getElementById("import").style.display="none"; document.getElementById("internal").style.display="none"; document.getElementById("external").style.display=""; + document.getElementById("existing").style.display="none"; + document.getElementById("descriptivename").style.display=""; + document.getElementById("submit").style.display=""; + break; + case 3: + document.getElementById("import").style.display="none"; + document.getElementById("internal").style.display="none"; + document.getElementById("external").style.display="none"; + document.getElementById("existing").style.display=""; + document.getElementById("descriptivename").style.display="none"; document.getElementById("submit").style.display=""; break; } @@ -346,6 +382,7 @@ function internalca_change() { document.iform.dn_state.value = "<?=$subject[1]['v'];?>"; document.iform.dn_city.value = "<?=$subject[2]['v'];?>"; document.iform.dn_organization.value = "<?=$subject[3]['v'];?>"; + document.iform.dn_email.value = "<?=$subject[4]['v'];?>"; break; <?php endforeach; ?> } @@ -379,12 +416,6 @@ function internalca_change() { <form action="system_certmanager.php" method="post" name="iform" id="iform"> <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td width="22%" valign="top" class="vncellreq"><?=gettext("Descriptive name");?></td> - <td width="78%" class="vtable"> - <input name="name" type="text" class="formfld unknown" id="name" size="20" value="<?=htmlspecialchars($pconfig['name']);?>"/> - </td> - </tr> <?php if (!isset($id)): ?> <tr> <td width="22%" valign="top" class="vncellreq"><?=gettext("Method");?></td> @@ -402,14 +433,24 @@ function internalca_change() { </td> </tr> <?php endif; ?> + <tr id="descriptivename"> + <?php + if ($a_user && empty($pconfig['name'])) + $pconfig['name'] = $a_user[$userid]['name']; + ?> + <td width="22%" valign="top" class="vncellreq"><?=gettext("Descriptive name");?></td> + <td width="78%" class="vtable"> + <input name="name" type="text" class="formfld unknown" id="name" size="20" value="<?=htmlspecialchars($pconfig['name']);?>"/> + </td> + </tr> </table> - <table width="100%" border="0" cellpadding="6" cellspacing="0" id="existing"> + <table width="100%" border="0" cellpadding="6" cellspacing="0" id="import"> <tr> <td colspan="2" class="list" height="12"></td> </tr> <tr> - <td colspan="2" valign="top" class="listtopic"><?=gettext("Existing Certificate");?></td> + <td colspan="2" valign="top" class="listtopic"><?=gettext("Import Certificate");?></td> </tr> <tr> @@ -531,6 +572,10 @@ function internalca_change() { <tr> <td align="right"><?=gettext("Common Name");?> : </td> <td align="left"> + <?php + if ($a_user && empty($pconfig['dn_commonname'])) + $pconfig['dn_commonname'] = $a_user[$userid]['name']; + ?> <input name="dn_commonname" type="text" class="formfld unknown" size="25" value="<?=htmlspecialchars($pconfig['dn_commonname']);?>"/> <em>ex:</em> @@ -640,6 +685,42 @@ function internalca_change() { </tr> </table> + <table width="100%" border="0" cellpadding="6" cellspacing="0" id="existing"> + <tr> + <td colspan="2" class="list" height="12"></td> + </tr> + <tr> + <td colspan="2" valign="top" class="listtopic"><?=gettext("Choose an Existing Certificate");?></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncellreq"><?=gettext("Existing Certificates");?></td> + <td width="78%" class="vtable"> + <?php if (isset($userid) && $a_user): ?> + <input name="userid" type="hidden" value="<?=$userid;?>" /> + <?php endif;?> + <select name='certref' class="formselect"> + <?php + foreach ($config['cert'] as $cert): + $selected = ""; + $caname = ""; + $inuse = ""; + if (in_array($cert['refid'], $config['system']['user'][$userid]['cert'])) + continue; + $ca = lookup_ca($cert['caref']); + if ($ca) + $caname = " (CA: {$ca['name']})"; + if ($pconfig['certref'] == $cert['refid']) + $selected = "selected"; + if (cert_in_use($cert['refid'])) + $inuse = " *In Use"; + ?> + <option value="<?=$cert['refid'];?>" <?=$selected;?>><?=$cert['name'] . $caname . $inuse;?></option> + <?php endforeach; ?> + </select> + </td> + </tr> + </table> + <table width="100%" border="0" cellpadding="6" cellspacing="0"> <tr> <td width="22%" valign="top"> </td> diff --git a/usr/local/www/system_usermanager.php b/usr/local/www/system_usermanager.php index 7d05b8a..0527594 100644 --- a/usr/local/www/system_usermanager.php +++ b/usr/local/www/system_usermanager.php @@ -656,7 +656,7 @@ function sshkeyClicked(obj) { <a href="system_usermanager.php?act=expcert&id=<?=$id;?>&certid=<?=$i;?>"> <img src="/themes/<?= $g['theme'];?>/images/icons/icon_down.gif" title="<?=gettext("export cert"); ?>" alt="<?=gettext("export cert"); ?>" width="17" height="17" border="0" /> </a> - <a href="system_usermanager.php?act=delcert&id=<?=$id?>&certid=<?=$i;?>" onclick="return confirm('<?=gettext("Do you really want to delete this certificate?");?>')"> + <a href="system_usermanager.php?act=delcert&id=<?=$id?>&certid=<?=$i;?>" onclick="return confirm('<?=gettext("Do you really want to remove this certificate association?") .'\n'. gettext("(Certificate will not be deleted)");?>')"> <img src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0" alt="<?=gettext("delete cert");?>" /> </a> </td> @@ -669,7 +669,7 @@ function sshkeyClicked(obj) { <tr> <td class="list" colspan="2"></td> <td class="list"> - <a href="system_certmanager?act=new&userid=<?=$id?>"> + <a href="system_certmanager.php?act=new&userid=<?=$id?>"> <img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0" alt="" /> </a> </td> |