From 375d4a2cc03ca58cc48445de26169aa56079dd9b Mon Sep 17 00:00:00 2001 From: Ad Schellevis Date: Fri, 11 Dec 2015 18:59:39 +0100 Subject: [PATCH] (legacy) refactor system_certmanager.php --- src/www/system_certmanager.php | 2033 +++++++++++++++----------------- 1 file changed, 967 insertions(+), 1066 deletions(-) diff --git a/src/www/system_certmanager.php b/src/www/system_certmanager.php index 0eeb94bc7..94e46ba2f 100644 --- a/src/www/system_certmanager.php +++ b/src/www/system_certmanager.php @@ -32,237 +32,262 @@ require_once("system.inc"); function csr_generate(&$cert, $keylen, $dn, $digest_alg = 'sha256') { - $args = array( - 'config' => '/usr/local/etc/ssl/opnsense.cnf', - 'private_key_type' => OPENSSL_KEYTYPE_RSA, - 'private_key_bits' => (int)$keylen, - 'x509_extensions' => 'v3_req', - 'digest_alg' => $digest_alg, - 'encrypt_key' => false - ); + $args = array( + 'config' => '/usr/local/etc/ssl/opnsense.cnf', + 'private_key_type' => OPENSSL_KEYTYPE_RSA, + 'private_key_bits' => (int)$keylen, + 'x509_extensions' => 'v3_req', + 'digest_alg' => $digest_alg, + 'encrypt_key' => false + ); - // generate a new key pair - $res_key = openssl_pkey_new($args); - if (!$res_key) { - return false; - } + // generate a new key pair + $res_key = openssl_pkey_new($args); + if (!$res_key) { + return false; + } - // generate a certificate signing request - $res_csr = openssl_csr_new($dn, $res_key, $args); - if (!$res_csr) { - return false; - } + // generate a certificate signing request + $res_csr = openssl_csr_new($dn, $res_key, $args); + if (!$res_csr) { + return false; + } - // export our request data - if (!openssl_pkey_export($res_key, $str_key) || - !openssl_csr_export($res_csr, $str_csr)) { - return false; - } + // export our request data + if (!openssl_pkey_export($res_key, $str_key) || + !openssl_csr_export($res_csr, $str_csr)) { + return false; + } - // return our request information - $cert['csr'] = base64_encode($str_csr); - $cert['prv'] = base64_encode($str_key); + // return our request information + $cert['csr'] = base64_encode($str_csr); + $cert['prv'] = base64_encode($str_key); - return true; + return true; } function csr_complete(& $cert, $str_crt) { - // return our request information - $cert['crt'] = base64_encode($str_crt); - unset($cert['csr']); + // return our request information + $cert['crt'] = base64_encode($str_crt); + unset($cert['csr']); - return true; + return true; } function csr_get_modulus($str_crt, $decode = true) { - return cert_get_modulus($str_crt, $decode, 'csr'); + return cert_get_modulus($str_crt, $decode, 'csr'); } +// types $cert_methods = array( "import" => gettext("Import an existing Certificate"), "internal" => gettext("Create an internal Certificate"), "external" => gettext("Create a Certificate Signing Request"), ); - $cert_keylens = array( "512", "1024", "2048", "4096"); - -$altname_types = array("DNS", "IP", "email", "URI"); $openssl_digest_algs = array("sha1", "sha224", "sha256", "sha384", "sha512"); -if (isset($_GET['userid']) && is_numericint($_GET['userid'])) { - $userid = $_GET['userid']; -} -if (isset($_POST['userid']) && is_numericint($_POST['userid'])) { - $userid = $_POST['userid']; -} -if (isset($userid)) { - $cert_methods["existing"] = gettext("Choose an existing certificate"); - if (!is_array($config['system']['user'])) { - $config['system']['user'] = array(); - } - $a_user =& $config['system']['user']; +// config reference pointers +if (!isset($config['system']['user']) || !is_array($config['system']['user'])) { + $config['system']['user'] = array(); } - -if (isset($_GET['id']) && is_numericint($_GET['id'])) { - $id = $_GET['id']; -} -if (isset($_POST['id']) && is_numericint($_POST['id'])) { - $id = $_POST['id']; -} - +$a_user =& $config['system']['user']; if (!isset($config['ca']) || !is_array($config['ca'])) { $config['ca'] = array(); } - $a_ca =& $config['ca']; - if (!is_array($config['cert'])) { $config['cert'] = array(); } - $a_cert =& $config['cert']; -$internal_ca_count = 0; -foreach ($a_ca as $ca) { - if ($ca['prv']) { - $internal_ca_count++; + +// handle user GET/POST data +if ($_SERVER['REQUEST_METHOD'] === 'GET') { + if (isset($a_user[$_GET['userid']])) { + $userid = $_GET['userid']; + $cert_methods["existing"] = gettext("Choose an existing certificate"); } -} - -$act = null; -if (isset($_GET['act'])) { - $act = $_GET['act']; -} elseif (isset($_POST['act'])) { - $act = $_POST['act']; -} - -if ($act == "del") { - if (!isset($a_cert[$id])) { - header("Location: system_certmanager.php"); - exit; + if (isset($a_cert[$_GET['id']])) { + $id = $_GET['id']; } - $name = $a_cert[$id]['descr']; - unset($a_cert[$id]); - write_config(); - $savemsg = sprintf(gettext("Certificate %s successfully deleted"), $name) . "
"; - header("Location: system_certmanager.php"); - exit; -} - -if ($act == "new") { - if (isset($_GET['method'])) { - $pconfig['method'] = $_GET['method']; + if (isset($_GET['act'])) { + $act = $_GET['act']; } else { - $pconfig['method'] = null; + $act = null; } - $pconfig['keylen'] = "2048"; - $pconfig['digest_alg'] = "sha256"; - $pconfig['csr_keylen'] = "2048"; - $pconfig['csr_digest_alg'] = "sha256"; - $pconfig['lifetime'] = "365"; -} -if ($act == "exp") { - if (!$a_cert[$id]) { + $pconfig = array(); + if ($act == "new") { + if (isset($_GET['method'])) { + $pconfig['certmethod'] = $_GET['method']; + } else { + $pconfig['certmethod'] = null; + } + $pconfig['keylen'] = "2048"; + $pconfig['digest_alg'] = "sha256"; + $pconfig['csr_keylen'] = "2048"; + $pconfig['csr_digest_alg'] = "sha256"; + $pconfig['lifetime'] = "365"; + $pconfig['cert'] = null; + $pconfig['key'] = null; + $pconfig['dn_country'] = null; + $pconfig['dn_state'] = null; + $pconfig['dn_city'] = null; + $pconfig['dn_organization'] = null; + $pconfig['dn_email'] = null; + + if (isset($userid)) { + $pconfig['descr'] = $a_user[$userid]['name']; + $pconfig['dn_commonname'] = $a_user[$userid]['name']; + } else { + $pconfig['descr'] = null; + $pconfig['dn_commonname'] = null; + } + + } elseif ($act == "exp") { + if (!isset($id)) { + header("Location: system_certmanager.php"); + exit; + } + + $exp_name = urlencode("{$a_cert[$id]['descr']}.crt"); + $exp_data = base64_decode($a_cert[$id]['crt']); + $exp_size = strlen($exp_data); + + header("Content-Type: application/octet-stream"); + header("Content-Disposition: attachment; filename={$exp_name}"); + header("Content-Length: $exp_size"); + echo $exp_data; + exit; + } elseif ($act == "key") { + if (!isset($id)) { + header("Location: system_certmanager.php"); + exit; + } + + $exp_name = urlencode("{$a_cert[$id]['descr']}.key"); + $exp_data = base64_decode($a_cert[$id]['prv']); + $exp_size = strlen($exp_data); + + header("Content-Type: application/octet-stream"); + header("Content-Disposition: attachment; filename={$exp_name}"); + header("Content-Length: $exp_size"); + echo $exp_data; + exit; + } elseif ($act == "p12") { + if (!isset($id)) { + header("Location: system_certmanager.php"); + exit; + } + + $exp_name = urlencode("{$a_cert[$id]['descr']}.p12"); + $args = array(); + $args['friendly_name'] = $a_cert[$id]['descr']; + + $ca = lookup_ca($a_cert[$id]['caref']); + if ($ca) { + $args['extracerts'] = openssl_x509_read(base64_decode($ca['crt'])); + } + + $res_crt = openssl_x509_read(base64_decode($a_cert[$id]['crt'])); + $res_key = openssl_pkey_get_private(array(0 => base64_decode($a_cert[$id]['prv']) , 1 => "")); + + $exp_data = ""; + openssl_pkcs12_export($res_crt, $exp_data, $res_key, null, $args); + $exp_size = strlen($exp_data); + + header("Content-Type: application/octet-stream"); + header("Content-Disposition: attachment; filename={$exp_name}"); + header("Content-Length: $exp_size"); + echo $exp_data; + exit; + } elseif ($act == "csr") { + if (!isset($id)) { + header("Location: system_certmanager.php"); + exit; + } + $pconfig['descr'] = $a_cert[$id]['descr']; + $pconfig['csr'] = base64_decode($a_cert[$id]['csr']); + $pconfig['cert'] = null; + } + +} elseif ($_SERVER['REQUEST_METHOD'] === 'POST') { + if (isset($a_cert[$_POST['id']])) { + $id = $_POST['id']; + } + if (isset($a_user[$_POST['userid']])) { + $userid = $_POST['userid']; + } + if (isset($_POST['act'])) { + $act = $_POST['act']; + } else { + $act = null; + } + + if ($act == "del") { + if (isset($id)) { + unset($a_cert[$id]); + write_config(); + } header("Location: system_certmanager.php"); exit; - } + } elseif ($act == "csr") { + $input_errors = array(); + $pconfig = $_POST; + if (!isset($id)) { + header("Location: system_certmanager.php"); + exit; + } - $exp_name = urlencode("{$a_cert[$id]['descr']}.crt"); - $exp_data = base64_decode($a_cert[$id]['crt']); - $exp_size = strlen($exp_data); + /* input validation */ + $reqdfields = explode(" ", "descr cert"); + $reqdfieldsn = array( + gettext("Descriptive name"), + gettext("Final Certificate data")); - header("Content-Type: application/octet-stream"); - header("Content-Disposition: attachment; filename={$exp_name}"); - header("Content-Length: $exp_size"); - echo $exp_data; - exit; -} + do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors); + $mod_csr = csr_get_modulus($pconfig['csr'], false); + $mod_cert = cert_get_modulus($pconfig['cert'], false); -if ($act == "key") { - if (!$a_cert[$id]) { - header("Location: system_certmanager.php"); - exit; - } + if (strcmp($mod_csr, $mod_cert)) { + // simply: if the moduli don't match, then the private key and public key won't match + $input_errors[] = gettext("The certificate modulus does not match the signing request modulus."); + $subject_mismatch = true; + } - $exp_name = urlencode("{$a_cert[$id]['descr']}.key"); - $exp_data = base64_decode($a_cert[$id]['prv']); - $exp_size = strlen($exp_data); + /* save modifications */ + if (count($input_errors) == 0) { + $cert = $a_cert[$id]; + csr_complete($cert, $pconfig['cert']); - header("Content-Type: application/octet-stream"); - header("Content-Disposition: attachment; filename={$exp_name}"); - header("Content-Length: $exp_size"); - echo $exp_data; - exit; -} + $a_cert[$id] = $cert; -if ($act == "p12") { - if (!$a_cert[$id]) { - header("Location: system_certmanager.php"); - exit; - } + write_config(); - $exp_name = urlencode("{$a_cert[$id]['descr']}.p12"); - $args = array(); - $args['friendly_name'] = $a_cert[$id]['descr']; - - $ca = lookup_ca($a_cert[$id]['caref']); - if ($ca) { - $args['extracerts'] = openssl_x509_read(base64_decode($ca['crt'])); - } - - $res_crt = openssl_x509_read(base64_decode($a_cert[$id]['crt'])); - $res_key = openssl_pkey_get_private(array(0 => base64_decode($a_cert[$id]['prv']) , 1 => "")); - - $exp_data = ""; - openssl_pkcs12_export($res_crt, $exp_data, $res_key, null, $args); - $exp_size = strlen($exp_data); - - header("Content-Type: application/octet-stream"); - header("Content-Disposition: attachment; filename={$exp_name}"); - header("Content-Length: $exp_size"); - echo $exp_data; - exit; -} - -if ($act == "csr") { - if (!$a_cert[$id]) { - header("Location: system_certmanager.php"); - exit; - } - - $pconfig['descr'] = $a_cert[$id]['descr']; - $pconfig['csr'] = base64_decode($a_cert[$id]['csr']); -} - -if ($_POST) { - if ($_POST['save'] == gettext("Save")) { + header("Location: system_certmanager.php"); + exit; + } + } elseif (!empty($_POST['save'])) { $input_errors = array(); $pconfig = $_POST; /* input validation */ - if ($pconfig['method'] == "import") { - $reqdfields = explode( - " ", - "descr cert key" - ); + if ($pconfig['certmethod'] == "import") { + $reqdfields = explode(" ", "descr cert key"); $reqdfieldsn = array( gettext("Descriptive name"), gettext("Certificate data"), gettext("Key data")); - if ($_POST['cert'] && (!strstr($_POST['cert'], "BEGIN CERTIFICATE") || !strstr($_POST['cert'], "END CERTIFICATE"))) { + if (!empty($pconfig['cert']) && (!strstr($pconfig['cert'], "BEGIN CERTIFICATE") || !strstr($pconfig['cert'], "END CERTIFICATE"))) { $input_errors[] = gettext("This certificate does not appear to be valid."); } - } - - if ($pconfig['method'] == "internal") { - $reqdfields = explode( - " ", - "descr caref keylen lifetime dn_country dn_state dn_city ". + } elseif ($pconfig['certmethod'] == "internal") { + $reqdfields = explode(" ", "descr caref keylen lifetime dn_country dn_state dn_city ". "dn_organization dn_email dn_commonname" ); $reqdfieldsn = array( @@ -276,12 +301,8 @@ if ($_POST) { gettext("Distinguished name Organization"), gettext("Distinguished name Email Address"), gettext("Distinguished name Common Name")); - } - - if ($pconfig['method'] == "external") { - $reqdfields = explode( - " ", - "descr csr_keylen csr_dn_country csr_dn_state csr_dn_city ". + } elseif ($pconfig['certmethod'] == "external") { + $reqdfields = explode(" ", "descr csr_keylen csr_dn_country csr_dn_state csr_dn_city ". "csr_dn_organization csr_dn_email csr_dn_commonname" ); $reqdfieldsn = array( @@ -293,34 +314,23 @@ if ($_POST) { gettext("Distinguished name Organization"), gettext("Distinguished name Email Address"), gettext("Distinguished name Common Name")); - } - - if ($pconfig['method'] == "existing") { + } elseif ($pconfig['certmethod'] == "existing") { $reqdfields = array("certref"); $reqdfieldsn = array(gettext("Existing Certificate Choice")); } $altnames = array(); - do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors); - if ($pconfig['method'] != "import" && $pconfig['method'] != "existing") { + do_input_validation($pconfig, $reqdfields, $reqdfieldsn, $input_errors); + if (isset($pconfig['altname_value']) && $pconfig['certmethod'] != "import" && $pconfig['certmethod'] != "existing") { /* subjectAltNames */ - foreach ($_POST as $key => $value) { - $entry = ''; - if (!substr_compare('altname_type', $key, 0, 12)) { - $entry = substr($key, 12); - $field = 'type'; - } elseif (!substr_compare('altname_value', $key, 0, 13)) { - $entry = substr($key, 13); - $field = 'value'; - } - if (ctype_digit($entry)) { - $altnames[$entry][$field] = $value; + foreach ($pconfig['altname_type'] as $altname_seq => $altname_type) { + if (!empty($pconfig['altname_value'][$altname_seq])) { + $altnames[] = array("type" => $altname_type, "value" => $pconfig['altname_value'][$altname_seq]); } } - $pconfig['altnames']['item'] = $altnames; /* Input validation for subjectAltNames */ - foreach ($altnames as $idx => $altname) { + foreach ($altnames as $altname) { switch ($altname['type']) { case "DNS": if (!is_hostname($altname['value'])) { @@ -341,7 +351,6 @@ if ($_POST) { } break; case "URI": - /* Close enough? */ if (!is_URL($altname['value'])) { $input_errors[] = gettext("URI subjectAltName types must be a valid URI"); } @@ -354,40 +363,40 @@ if ($_POST) { /* Make sure we do not have invalid characters in the fields for the certificate */ for ($i = 0; $i < count($reqdfields); $i++) { if (preg_match('/email/', $reqdfields[$i])) { -/* dn_email or csr_dn_name */ - if (preg_match("/[\!\#\$\%\^\(\)\~\?\>\<\&\/\\\,\"\']/", $_POST[$reqdfields[$i]])) { + /* dn_email or csr_dn_name */ + if (preg_match("/[\!\#\$\%\^\(\)\~\?\>\<\&\/\\\,\"\']/", $pconfig[$reqdfields[$i]])) { $input_errors[] = gettext("The field 'Distinguished name Email Address' contains invalid characters."); } } elseif (preg_match('/commonname/', $reqdfields[$i])) { -/* dn_commonname or csr_dn_commonname */ - if (preg_match("/[\!\@\#\$\%\^\(\)\~\?\>\<\&\/\\\,\"\']/", $_POST[$reqdfields[$i]])) { + /* dn_commonname or csr_dn_commonname */ + if (preg_match("/[\!\@\#\$\%\^\(\)\~\?\>\<\&\/\\\,\"\']/", $pconfig[$reqdfields[$i]])) { $input_errors[] = gettext("The field 'Distinguished name Common Name' contains invalid characters."); } - } elseif (($reqdfields[$i] != "descr") && preg_match("/[\!\@\#\$\%\^\(\)\~\?\>\<\&\/\\\,\.\"\']/", $_POST[$reqdfields[$i]])) { + } elseif (($reqdfields[$i] != "descr") && preg_match("/[\!\@\#\$\%\^\(\)\~\?\>\<\&\/\\\,\.\"\']/", $pconfig[$reqdfields[$i]])) { $input_errors[] = sprintf(gettext("The field '%s' contains invalid characters."), $reqdfieldsn[$i]); } } - if (($pconfig['method'] != "external") && isset($_POST["keylen"]) && !in_array($_POST["keylen"], $cert_keylens)) { + if ($pconfig['certmethod'] != "external" && isset($pconfig["keylen"]) && !in_array($pconfig["keylen"], $cert_keylens)) { $input_errors[] = gettext("Please select a valid Key Length."); } - if (($pconfig['method'] != "external") && !in_array($_POST["digest_alg"], $openssl_digest_algs)) { + if ($pconfig['certmethod'] != "external" && !in_array($pconfig["digest_alg"], $openssl_digest_algs)) { $input_errors[] = gettext("Please select a valid Digest Algorithm."); } - if (($pconfig['method'] == "external") && isset($_POST["csr_keylen"]) && !in_array($_POST["csr_keylen"], $cert_keylens)) { + if ($pconfig['certmethod'] == "external" && isset($pconfig["csr_keylen"]) && !in_array($pconfig["csr_keylen"], $cert_keylens)) { $input_errors[] = gettext("Please select a valid Key Length."); } - if (($pconfig['method'] == "external") && !in_array($_POST["csr_digest_alg"], $openssl_digest_algs)) { + if ($pconfig['certmethod'] == "external" && !in_array($pconfig["csr_digest_alg"], $openssl_digest_algs)) { $input_errors[] = gettext("Please select a valid Digest Algorithm."); } } /* save modifications */ - if (!$input_errors) { - if ($pconfig['method'] == "existing") { + if (count($input_errors) == 0) { + if ($pconfig['certmethod'] == "existing") { $cert = lookup_cert($pconfig['certref']); - if ($cert && $a_user) { + if ($cert && !empty($userid)) { $a_user[$userid]['cert'][] = $cert['refid']; } } else { @@ -401,11 +410,11 @@ if ($_POST) { $old_err_level = error_reporting(0); /* otherwise openssl_ functions throw warings directly to a page screwing menu tab */ - if ($pconfig['method'] == "import") { + if ($pconfig['certmethod'] == "import") { cert_import($cert, $pconfig['cert'], $pconfig['key']); } - if ($pconfig['method'] == "internal") { + if ($pconfig['certmethod'] == "internal") { $dn = array( 'countryName' => $pconfig['dn_country'], 'stateOrProvinceName' => $pconfig['dn_state'], @@ -420,6 +429,7 @@ if ($_POST) { } $dn['subjectAltName'] = implode(",", $altnames_tmp); } + if (!cert_create( $cert, $pconfig['caref'], @@ -435,7 +445,7 @@ if ($_POST) { } } - if ($pconfig['method'] == "external") { + if ($pconfig['certmethod'] == "external") { $dn = array( 'countryName' => $pconfig['csr_dn_country'], 'stateOrProvinceName' => $pconfig['csr_dn_state'], @@ -459,7 +469,7 @@ if ($_POST) { } error_reporting($old_err_level); - if (isset($id) && $a_cert[$id]) { + if (isset($id)) { $a_cert[$id] = $cert; } else { $a_cert[] = $cert; @@ -468,896 +478,787 @@ if ($_POST) { $a_user[$userid]['cert'][] = $cert['refid']; } } - - if (!$input_errors) { + if (count($input_errors) == 0) { write_config(); - } - - if (isset($userid)) { - header("Location: system_usermanager.php?act=edit&userid=".$userid); + if (isset($userid)) { + header("Location: system_usermanager.php?act=edit&userid=".$userid); + } else { + header("Location: system_certmanager.php"); + } exit; } - } - } - if ($_POST['save'] == gettext("Update")) { - unset($input_errors); - $pconfig = $_POST; - - /* input validation */ - $reqdfields = explode(" ", "descr cert"); - $reqdfieldsn = array( - gettext("Descriptive name"), - gettext("Final Certificate data")); - - do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors); - -// old way - /* make sure this csr and certificate subjects match */ -// $subj_csr = csr_get_subject($pconfig['csr'], false); -// $subj_cert = cert_get_subject($pconfig['cert'], false); -// -// if ( !isset($_POST['ignoresubjectmismatch']) && !($_POST['ignoresubjectmismatch'] == "yes") ) { -// if (strcmp($subj_csr,$subj_cert)) { -// $input_errors[] = sprintf(gettext("The certificate subject '%s' does not match the signing request subject."),$subj_cert); -// $subject_mismatch = true; -// } -// } - $mod_csr = csr_get_modulus($pconfig['csr'], false); - $mod_cert = cert_get_modulus($pconfig['cert'], false); - - if (strcmp($mod_csr, $mod_cert)) { - // simply: if the moduli don't match, then the private key and public key won't match - $input_errors[] = gettext("The certificate modulus does not match the signing request modulus."); - $subject_mismatch = true; - } - - /* save modifications */ - if (!$input_errors) { - $cert = $a_cert[$id]; - - $cert['descr'] = $pconfig['descr']; - - csr_complete($cert, $pconfig['cert']); - - $a_cert[$id] = $cert; - - write_config(); - - header("Location: system_certmanager.php"); } } } include("head.inc"); -$main_buttons = array( - array('label'=>gettext("add or import certificate"), 'href'=>'system_certmanager.php?act=new'), -); - - +if (empty($act)) { + $main_buttons = array( + array('label'=>gettext("add or import certificate"), 'href'=>'system_certmanager.php?act=new'), + ); +} ?> + + - - - -
-
+
+
+ 0) { + print_input_errors($input_errors); + } + if (isset($savemsg)) { + print_info_box($savemsg); + } +?> +
+
-
- 0) { - print_input_errors($input_errors); - } - if (isset($savemsg)) { - print_info_box($savemsg); - } - ?> -
-
+ +
+ + + + + + + + + + + + + + + + + + + + +
+ + +
+ +
+ +
+ + + + + + + + + + + + + + + + + +
+ + +
+ + +
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ + +
() + +
+ + +
() + +
:   + +
:   + + +
:   + + +
:   + + +
:   + + +
:   + + +
+ + + + + + + + + + + + + + + + $item) : + $altname_type = isset($pconfig['altname_type'][$itemid]) ? $pconfig['altname_type'][$itemid] : null; ?> + + + + + - + + + + + + + +
+ + + + +
+
+ + + + +
+
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
() + + +
+ + +
:   + +
:   + + +
:   + + +
:   + + +
:   + + +
:   + + +
+ + + + + + + + + + + + + +
+ +
+ + + + + + +
  + " /> +
+
+ -
- - - - - - - - - - - - -
- -
- -
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ +
+ +
+
+ +
+
  + " /> +
+
+ +
+ "/> + +
+ + + + + + + + + + + - - - - - - - - - - - - - - - - -
- -
- -
- -
- -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - -
- -
- - -
- -
-
- - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
:   - -
:   - -
:   - -
:   - -
:   - -   - ex: -   - -
:   - - -   - ex: -   - -
:   - - - - - - - - - - - - - - - - - -
- - - - - " class="btn btn-default btn-xs"> -
 
- " class="btn btn-default btn-xs"> - -
-
-
- - - - - - - - - - - - - - - - - - - - - -
- - bits -
- -
-
- - - - - - - - - - - - - - - - - - - - - - - - - -
:   - -
:   - -   - ex: -   - -
:   - -   - ex: -   - -
:   - -   - ex: -   - -
:   - -   - ex: -   - -
:   - -   - ex: -   - -
-
- - - - - - - - - - - - - -
- - - - -
- - - - - - -
  - " /> - - - -
- - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - -
- -
- -
-
- -
-
  - - -
- " . - "response subject verification. "); - ?>
- - " /> - - - - -
-
- - - - - - - - - - - - - - " . gettext("self-signed") . ""; - } else { - $caname = "" . gettext("external"). ""; - } - $subj = htmlspecialchars($subj); - } - - if (isset($cert['csr'])) { - $subj = htmlspecialchars(csr_get_subject($cert['csr'])); - $caname = "" . gettext("external - signature pending") . ""; - } - if (isset($cert['caref'])) { - $ca = lookup_ca($cert['caref']); - if ($ca) { - $caname = $ca['descr']; - } - } - - $certimg = ''; - ?> - - - - - + + + + + + - - - - "> - - - - - - - - - - - - -
- - - - - - - - - -
- - - -
 
- , - -
- 		  
- - - - - - - - - - - -
 :
 :
- 		- -
- - -
- - -
- - -
- - -
- - -
- + if (!empty($cert['crt'])) { + $subj = cert_get_subject($cert['crt']); + $issuer = cert_get_issuer($cert['crt']); + $purpose = cert_get_purpose($cert['crt']); + list($startdate, $enddate) = cert_get_dates($cert['crt']); + if ($subj==$issuer) { + $caname = "" . gettext("self-signed") . ""; + } else { + $caname = "" . gettext("external"). ""; + } + $subj = htmlspecialchars($subj); + } + if (isset($cert['csr'])) { + $subj = htmlspecialchars(csr_get_subject($cert['csr'])); + $caname = "" . gettext("external - signature pending") . ""; + } + if (isset($cert['caref'])) { + $ca = lookup_ca($cert['caref']); + if ($ca) { + $caname = $ca['descr']; + } + }?> +
+ + + +

+ , + + + 		  
+ + + + + + + + + + + +
 :
 :
+ 		+ +
+ +
+ +
+ +
+ +
+ +
+ - "> - - + "> + + - "> - - + "> + + - "> - - - + "> + + + - ')" data-toggle="tooltip" data-placement="left" title=""> - - + " data-toggle="tooltip" class="act_delete btn btn-default btn-xs"> + + + + "> + + + +
 
- -
-
-
-
+ +   + + + + + +
+
+ + - - -