"Import an existing Certificate",
"internal" => "Create an internal Certificate",
"external" => "Create a Certificate Signing Request");
$cert_keylens = array( "512", "1024", "2048", "4096");
$pgtitle = array("System", "Certificate Manager");
$id = $_GET['id'];
if (isset($_POST['id']))
$id = $_POST['id'];
if (!is_array($config['system']['ca']))
$config['system']['ca'] = array();
$a_ca =& $config['system']['ca'];
if (!is_array($config['system']['cert']))
$config['system']['cert'] = array();
$a_cert =& $config['system']['cert'];
$internal_ca_count = 0;
foreach ($a_ca as $ca)
if ($ca['prv'])
$internal_ca_count++;
$act = $_GET['act'];
if ($_POST['act'])
$act = $_POST['act'];
if ($act == "del") {
if (!$a_cert[$id]) {
pfSenseHeader("system_certmanager.php");
exit;
}
$name = $a_cert[$id]['name'];
unset($a_cert[$id]);
write_config();
$savemsg = gettext("Certificate")." {$name} ".
gettext("successfully deleted")."
";
}
if ($act == "new") {
$pconfig['method'] = $_GET['method'];
$pconfig['keylen'] = "2048";
$pconfig['lifetime'] = "365";
}
if ($act == "exp") {
if (!$a_cert[$id]) {
pfSenseHeader("system_certmanager.php");
exit;
}
$exp_name = urlencode("{$a_cert[$id]['name']}.crt");
$exp_data = base64_decode($a_cert[$id]['crt']);
$exp_size = strlen($exp_data);
header("Content-Type: application/octet-stream");
header("Content-Disposition: attachment; filename={$exp_name}");
header("Content-Length: $exp_size");
echo $exp_data;
exit;
}
if ($act == "csr") {
if (!$a_cert[$id]) {
pfSenseHeader("system_certmanager.php");
exit;
}
$pconfig['name'] = $a_cert[$id]['name'];
$pconfig['csr'] = base64_decode($a_cert[$id]['csr']);
}
if ($_POST) {
if ($_POST['save'] == "Save") {
unset($input_errors);
$pconfig = $_POST;
/* input validation */
if ($pconfig['method'] == "existing") {
$reqdfields = explode(" ",
"name cert key");
$reqdfieldsn = explode(",",
"Desriptive name,Certificate data,Key data");
}
if ($pconfig['method'] == "internal") {
$reqdfields = explode(" ",
"name caref keylen lifetime dn_country dn_state dn_city ".
"dn_organization dn_email dn_commonname");
$reqdfieldsn = explode(",",
"Desriptive name,Certificate authority,Key length,Lifetime,".
"Distinguished name Country Code,".
"Distinguished name State or Province,".
"Distinguished name City,".
"Distinguished name Organization,".
"Distinguished name Email Address,".
"Distinguished name Common Name");
}
if ($pconfig['method'] == "external") {
$reqdfields = explode(" ",
"name csr_keylen csr_dn_country csr_dn_state csr_dn_city ".
"csr_dn_organization csr_dn_email csr_dn_commonname");
$reqdfieldsn = explode(",",
"Desriptive name,Key length,".
"Distinguished name Country Code,".
"Distinguished name State or Province,".
"Distinguished name City,".
"Distinguished name Organization,".
"Distinguished name Email Address,".
"Distinguished name Common Name");
}
do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
/* if this is an AJAX caller then handle via JSON */
if (isAjax() && is_array($input_errors)) {
input_errors2Ajax($input_errors);
exit;
}
/* save modifications */
if (!$input_errors) {
$cert = array();
$cert['refid'] = uniqid();
if (isset($id) && $a_cert[$id])
$cert = $a_cert[$id];
$cert['name'] = $pconfig['name'];
if ($pconfig['method'] == "existing")
cert_import($cert, $pconfig['cert'], $pconfig['key']);
if ($pconfig['method'] == "internal") {
$dn = array(
'countryName' => $pconfig['dn_country'],
'stateOrProvinceName' => $pconfig['dn_state'],
'localityName' => $pconfig['dn_city'],
'organizationName' => $pconfig['dn_organization'],
'emailAddress' => $pconfig['dn_email'],
'commonName' => $pconfig['dn_commonname']);
cert_create($cert, $pconfig['caref'], $pconfig['keylen'],
$pconfig['lifetime'], $dn);
}
if ($pconfig['method'] == "external") {
$dn = array(
'countryName' => $pconfig['csr_dn_country'],
'stateOrProvinceName' => $pconfig['csr_dn_state'],
'localityName' => $pconfig['csr_dn_city'],
'organizationName' => $pconfig['csr_dn_organization'],
'emailAddress' => $pconfig['csr_dn_email'],
'commonName' => $pconfig['csr_dn_commonname']);
csr_generate($cert, $pconfig['csr_keylen'], $dn);
}
if (isset($id) && $a_cert[$id])
$a_cert[$id] = $cert;
else
$a_cert[] = $cert;
write_config();
// pfSenseHeader("system_certmanager.php");
}
}
if ($_POST['save'] == "Update") {
unset($input_errors);
$pconfig = $_POST;
/* input validation */
$reqdfields = explode(" ", "name cert");
$reqdfieldsn = explode(",", "Desriptive name,Final Certificate data");
do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
/* make sure this csr and certificate subjects match */
$subj_csr = csr_get_subject($pconfig['csr'], false);
$subj_cert = cert_get_subject($pconfig['cert'], false);
if (strcmp($subj_csr,$subj_cert))
$input_errors[] = gettext("The certificate subject '{$subj_cert}' does not match the signing request subject.");
/* if this is an AJAX caller then handle via JSON */
if (isAjax() && is_array($input_errors)) {
input_errors2Ajax($input_errors);
exit;
}
/* save modifications */
if (!$input_errors) {
$cert = $a_cert[$id];
$cert['name'] = $pconfig['name'];
csr_complete($cert, $pconfig['cert']);
$a_cert[$id] = $cert;
write_config();
pfSenseHeader("system_certmanager.php");
}
}
}
include("head.inc");
?>
">