gettext("Import an existing Certificate Authority"),
"internal" => gettext("Create an internal Certificate Authority"));
$ca_keylens = array( "512", "1024", "2048", "4096");
$pgtitle = array(gettext("System"), gettext("Certificate Authority Manager"));
$id = $_GET['id'];
if (isset($_POST['id']))
$id = $_POST['id'];
if (!is_array($config['ca']))
$config['ca'] = array();
$a_ca =& $config['ca'];
if (!is_array($config['cert']))
$config['cert'] = array();
$a_cert =& $config['cert'];
if (!is_array($config['crl']))
$config['crl'] = array();
$a_crl =& $config['crl'];
$act = $_GET['act'];
if ($_POST['act'])
$act = $_POST['act'];
if ($act == "del") {
if (!$a_ca[$id]) {
pfSenseHeader("system_camanager.php");
exit;
}
$index = count($a_cert) - 1;
for (;$index >=0; $index--)
if ($a_cert[$index]['caref'] == $a_ca[$id]['refid'])
unset($a_cert[$index]);
$index = count($a_crl) - 1;
for (;$index >=0; $index--)
if ($a_crl[$index]['caref'] == $a_ca[$id]['refid'])
unset($a_crl[$index]);
$name = $a_ca[$id]['descr'];
unset($a_ca[$id]);
write_config();
$savemsg = sprintf(gettext("Certificate Authority %s and its CRLs (if any) successfully deleted"), $name) . "
";
}
if ($act == "edit") {
if (!$a_ca[$id]) {
pfSenseHeader("system_camanager.php");
exit;
}
$pconfig['descr'] = $a_ca[$id]['descr'];
$pconfig['refid'] = $a_ca[$id]['refid'];
$pconfig['cert'] = base64_decode($a_ca[$id]['crt']);
$pconfig['serial'] = $a_ca[$id]['serial'];
if (!empty($a_ca[$id]['prv']))
$pconfig['key'] = base64_decode($a_ca[$id]['prv']);
}
if ($act == "new") {
$pconfig['method'] = $_GET['method'];
$pconfig['keylen'] = "2048";
$pconfig['lifetime'] = "3650";
$pconfig['dn_commonname'] = "internal-ca";
}
if ($act == "exp") {
if (!$a_ca[$id]) {
pfSenseHeader("system_camanager.php");
exit;
}
$exp_name = urlencode("{$a_ca[$id]['descr']}.crt");
$exp_data = base64_decode($a_ca[$id]['crt']);
$exp_size = strlen($exp_data);
header("Content-Type: application/octet-stream");
header("Content-Disposition: attachment; filename={$exp_name}");
header("Content-Length: $exp_size");
echo $exp_data;
exit;
}
if ($act == "expkey") {
if (!$a_ca[$id]) {
pfSenseHeader("system_camanager.php");
exit;
}
$exp_name = urlencode("{$a_ca[$id]['descr']}.key");
$exp_data = base64_decode($a_ca[$id]['prv']);
$exp_size = strlen($exp_data);
header("Content-Type: application/octet-stream");
header("Content-Disposition: attachment; filename={$exp_name}");
header("Content-Length: $exp_size");
echo $exp_data;
exit;
}
if ($_POST) {
unset($input_errors);
$pconfig = $_POST;
/* input validation */
if ($pconfig['method'] == "existing") {
$reqdfields = explode(" ", "descr cert");
$reqdfieldsn = array(
gettext("Descriptive name"),
gettext("Certificate data"));
if ($_POST['cert'] && (!strstr($_POST['cert'], "BEGIN CERTIFICATE") || !strstr($_POST['cert'], "END CERTIFICATE")))
$input_errors[] = gettext("This certificate does not appear to be valid.");
if ($_POST['key'] && strstr($_POST['key'], "ENCRYPTED"))
$input_errors[] = gettext("Encrypted private keys are not yet supported.");
}
if ($pconfig['method'] == "internal") {
$reqdfields = explode(" ",
"descr keylen lifetime dn_country dn_state dn_city ".
"dn_organization dn_email dn_commonname");
$reqdfieldsn = array(
gettext("Descriptive name"),
gettext("Key length"),
gettext("Lifetime"),
gettext("Distinguished name Country Code"),
gettext("Distinguished name State or Province"),
gettext("Distinguished name City"),
gettext("Distinguished name Organization"),
gettext("Distinguished name Email Address"),
gettext("Distinguished name Common Name"));
}
do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
/* if this is an AJAX caller then handle via JSON */
if (isAjax() && is_array($input_errors)) {
input_errors2Ajax($input_errors);
exit;
}
/* save modifications */
if (!$input_errors) {
$ca = array();
if (!isset($pconfig['refid']) || empty($pconfig['refid']))
$ca['refid'] = uniqid();
else
$ca['refid'] = $pconfig['refid'];
if (isset($id) && $a_ca[$id])
$ca = $a_ca[$id];
$ca['descr'] = $pconfig['descr'];
if ($_POST['edit'] == "edit") {
$ca['descr'] = $pconfig['descr'];
$ca['refid'] = $pconfig['refid'];
$ca['serial'] = $pconfig['serial'];
$ca['crt'] = base64_encode($pconfig['cert']);
if (!empty($pconfig['key']))
$ca['prv'] = base64_encode($pconfig['key']);
} else {
if ($pconfig['method'] == "existing")
ca_import($ca, $pconfig['cert'], $pconfig['key'], $pconfig['serial']);
if ($pconfig['method'] == "internal") {
$dn = array(
'countryName' => $pconfig['dn_country'],
'stateOrProvinceName' => $pconfig['dn_state'],
'localityName' => $pconfig['dn_city'],
'organizationName' => $pconfig['dn_organization'],
'emailAddress' => $pconfig['dn_email'],
'commonName' => $pconfig['dn_commonname']);
ca_create($ca, $pconfig['keylen'], $pconfig['lifetime'], $dn);
}
}
if (isset($id) && $a_ca[$id])
$a_ca[$id] = $ca;
else
$a_ca[] = $ca;
write_config();
// pfSenseHeader("system_camanager.php");
}
}
include("head.inc");
?>
">