From 3cb09b78612b28490bf1db0d92e5041103ff754f Mon Sep 17 00:00:00 2001 From: Ad Schellevis Date: Thu, 10 Dec 2015 17:24:43 +0100 Subject: [PATCH] (legacy) refactor system_camanager.php --- src/www/system_camanager.php | 1410 ++++++++++++++++------------------ 1 file changed, 674 insertions(+), 736 deletions(-) diff --git a/src/www/system_camanager.php b/src/www/system_camanager.php index 69d1d8b08..ea6a95ab5 100644 --- a/src/www/system_camanager.php +++ b/src/www/system_camanager.php @@ -31,110 +31,111 @@ require_once('guiconfig.inc'); require_once("system.inc"); function ca_import(& $ca, $str, $key="", $serial=0) { - global $config; + global $config; - $ca['crt'] = base64_encode($str); - if (!empty($key)) - $ca['prv'] = base64_encode($key); - if (!empty($serial)) - $ca['serial'] = $serial; - $subject = cert_get_subject($str, false); - $issuer = cert_get_issuer($str, false); + $ca['crt'] = base64_encode($str); + if (!empty($key)) { + $ca['prv'] = base64_encode($key); + } + if (!empty($serial)) { + $ca['serial'] = $serial; + } + $subject = cert_get_subject($str, false); + $issuer = cert_get_issuer($str, false); - // Find my issuer unless self-signed - if($issuer <> $subject) { - $issuer_crt =& lookup_ca_by_subject($issuer); - if($issuer_crt) - $ca['caref'] = $issuer_crt['refid']; - } + // Find my issuer unless self-signed + if($issuer <> $subject) { + $issuer_crt =& lookup_ca_by_subject($issuer); + if($issuer_crt) { + $ca['caref'] = $issuer_crt['refid']; + } + } - /* Correct if child certificate was loaded first */ - if (is_array($config['ca'])) - foreach ($config['ca'] as & $oca) - { - $issuer = cert_get_issuer($oca['crt']); - if($ca['refid']<>$oca['refid'] && $issuer==$subject) - $oca['caref'] = $ca['refid']; - } - if (is_array($config['cert'])) - foreach ($config['cert'] as & $cert) - { - $issuer = cert_get_issuer($cert['crt']); - if($issuer==$subject) - $cert['caref'] = $ca['refid']; - } - return true; + /* Correct if child certificate was loaded first */ + if (is_array($config['ca'])) { + foreach ($config['ca'] as & $oca) { + $issuer = cert_get_issuer($oca['crt']); + if($ca['refid']<>$oca['refid'] && $issuer==$subject) { + $oca['caref'] = $ca['refid']; + } + } + } + if (is_array($config['cert'])) { + foreach ($config['cert'] as & $cert) { + $issuer = cert_get_issuer($cert['crt']); + if($issuer==$subject) { + $cert['caref'] = $ca['refid']; + } + } + } + return true; } function ca_inter_create(&$ca, $keylen, $lifetime, $dn, $caref, $digest_alg = 'sha256') { - // Create Intermediate Certificate Authority - $signing_ca = &lookup_ca($caref); - if (!$signing_ca) { - return false; - } + // Create Intermediate Certificate Authority + $signing_ca = &lookup_ca($caref); + if (!$signing_ca) { + return false; + } - $signing_ca_res_crt = openssl_x509_read(base64_decode($signing_ca['crt'])); - $signing_ca_res_key = openssl_pkey_get_private(array(0 => base64_decode($signing_ca['prv']) , 1 => "")); - if (!$signing_ca_res_crt || !$signing_ca_res_key) { - return false; - } - $signing_ca_serial = ++$signing_ca['serial']; + $signing_ca_res_crt = openssl_x509_read(base64_decode($signing_ca['crt'])); + $signing_ca_res_key = openssl_pkey_get_private(array(0 => base64_decode($signing_ca['prv']) , 1 => "")); + if (!$signing_ca_res_crt || !$signing_ca_res_key) { + return false; + } + $signing_ca_serial = ++$signing_ca['serial']; - $args = array( - 'config' => '/usr/local/etc/ssl/opnsense.cnf', - 'private_key_type' => OPENSSL_KEYTYPE_RSA, - 'private_key_bits' => (int)$keylen, - 'x509_extensions' => 'v3_ca', - 'digest_alg' => $digest_alg, - 'encrypt_key' => false - ); + $args = array( + 'config' => '/usr/local/etc/ssl/opnsense.cnf', + 'private_key_type' => OPENSSL_KEYTYPE_RSA, + 'private_key_bits' => (int)$keylen, + 'x509_extensions' => 'v3_ca', + 'digest_alg' => $digest_alg, + 'encrypt_key' => false + ); - // generate a new key pair - $res_key = openssl_pkey_new($args); - if (!$res_key) { - return false; - } + // generate a new key pair + $res_key = openssl_pkey_new($args); + if (!$res_key) { + return false; + } - // generate a certificate signing request - $res_csr = openssl_csr_new($dn, $res_key, $args); - if (!$res_csr) { - return false; - } + // generate a certificate signing request + $res_csr = openssl_csr_new($dn, $res_key, $args); + if (!$res_csr) { + return false; + } - // Sign the certificate - $res_crt = openssl_csr_sign($res_csr, $signing_ca_res_crt, $signing_ca_res_key, $lifetime, $args, $signing_ca_serial); - if (!$res_crt) { - return false; - } + // Sign the certificate + $res_crt = openssl_csr_sign($res_csr, $signing_ca_res_crt, $signing_ca_res_key, $lifetime, $args, $signing_ca_serial); + if (!$res_crt) { + return false; + } - // export our certificate data - if (!openssl_pkey_export($res_key, $str_key) || - !openssl_x509_export($res_crt, $str_crt)) { - return false; - } + // export our certificate data + if (!openssl_pkey_export($res_key, $str_key) || + !openssl_x509_export($res_crt, $str_crt)) { + return false; + } - // return our ca information - $ca['crt'] = base64_encode($str_crt); - $ca['prv'] = base64_encode($str_key); - $ca['serial'] = 0; + // return our ca information + $ca['crt'] = base64_encode($str_crt); + $ca['prv'] = base64_encode($str_key); + $ca['serial'] = 0; - return true; + return true; } -$ca_methods = array( - "existing" => gettext("Import an existing Certificate Authority"), - "internal" => gettext("Create an internal Certificate Authority"), - "intermediate" => gettext("Create an intermediate Certificate Authority")); $ca_keylens = array( "512", "1024", "2048", "4096"); $openssl_digest_algs = array("sha1", "sha224", "sha256", "sha384", "sha512"); -if (isset($_GET['id']) && is_numericint($_GET['id'])) { - $id = $_GET['id']; +if (!is_array($config['cert'])) { + $config['cert'] = array(); } -if (isset($_POST['id']) && is_numericint($_POST['id'])) { - $id = $_POST['id']; +if (!isset($config['crl']) || !is_array($config['crl'])) { + $config['crl'] = array(); } if (!isset($config['ca']) || !is_array($config['ca'])) { @@ -143,268 +144,271 @@ if (!isset($config['ca']) || !is_array($config['ca'])) { $a_ca =& $config['ca']; -if (!is_array($config['cert'])) { - $config['cert'] = array(); -} - -$a_cert =& $config['cert']; - -if (!isset($config['crl']) || !is_array($config['crl'])) { - $config['crl'] = array(); -} - -$a_crl =& $config['crl']; - -$act=null; -if (isset($_GET['act'])) { - $act = $_GET['act']; -} elseif (isset($_POST['act'])) { - $act = $_POST['act']; -} - -if ($act == "del") { - if (!isset($a_ca[$id])) { - header("Location: system_camanager.php"); - exit; +if ($_SERVER['REQUEST_METHOD'] === 'GET') { + if (isset($a_ca[$_GET['id']])) { + $id = $_GET['id']; } - $index = count($a_cert) - 1; - for (; $index >=0; $index--) { - if (isset($a_cert[$index]['caref']) && isset($a_ca[$id]['refid']) && $a_cert[$index]['caref'] == $a_ca[$id]['refid']) { - unset($a_cert[$index]); - } - } - - $index = count($a_crl) - 1; - for (; $index >=0; $index--) { - if ($a_crl[$index]['caref'] == $a_ca[$id]['refid']) { - unset($a_crl[$index]); - } - } - - $name = $a_ca[$id]['descr']; - unset($a_ca[$id]); - write_config(); - $savemsg = sprintf(gettext("Certificate Authority %s and its CRLs (if any) successfully deleted"), $name) . "
"; - header("Location: system_camanager.php"); - exit; -} - -if ($act == "edit") { - if (!isset($a_ca[$id])) { - header("Location: system_camanager.php"); - exit; - } - $pconfig['descr'] = $a_ca[$id]['descr']; - $pconfig['refid'] = $a_ca[$id]['refid']; - $pconfig['cert'] = base64_decode($a_ca[$id]['crt']); - $pconfig['serial'] = $a_ca[$id]['serial']; - if (!empty($a_ca[$id]['prv'])) { - $pconfig['key'] = base64_decode($a_ca[$id]['prv']); - } -} - -if ($act == "new") { - if (isset($_GET['method'])) { - $pconfig['method'] = $_GET['method']; + if (isset($_GET['act'])) { + $act = $_GET['act']; } else { - $pconfig['method'] = null ; + $act = null; } - $pconfig['keylen'] = "2048"; - $pconfig['digest_alg'] = "sha256"; - $pconfig['lifetime'] = "365"; - $pconfig['dn_commonname'] = "internal-ca"; -} -if ($act == "exp") { - if (!$a_ca[$id]) { - header("Location: system_camanager.php"); + // set defaults + $pconfig = array(); + $pconfig['camethod'] = null ; + $pconfig['descr'] = null; + $pconfig['serial'] = null; + $pconfig['lifetime'] = null; + $pconfig['dn_country'] = null; + $pconfig['dn_state'] = null; + $pconfig['dn_city'] = null; + $pconfig['dn_organization'] = null; + $pconfig['dn_email'] = null; + $pconfig['dn_commonname'] = null; + + + if ($act == "edit") { + if (!isset($id)) { + header("Location: system_camanager.php"); + exit; + } + $pconfig['descr'] = $a_ca[$id]['descr']; + $pconfig['refid'] = $a_ca[$id]['refid']; + $pconfig['cert'] = base64_decode($a_ca[$id]['crt']); + $pconfig['serial'] = $a_ca[$id]['serial']; + if (!empty($a_ca[$id]['prv'])) { + $pconfig['key'] = base64_decode($a_ca[$id]['prv']); + } + } elseif ($act == "new") { + if (isset($_GET['method'])) { + $pconfig['camethod'] = $_GET['method']; + } + $pconfig['refid'] = null; + $pconfig['keylen'] = "2048"; + $pconfig['digest_alg'] = "sha256"; + $pconfig['lifetime'] = "365"; + $pconfig['dn_commonname'] = "internal-ca"; + } elseif ($act == "exp") { + if (!isset($id)) { + header("Location: system_camanager.php"); + exit; + } + + $exp_name = urlencode("{$a_ca[$id]['descr']}.crt"); + $exp_data = base64_decode($a_ca[$id]['crt']); + $exp_size = strlen($exp_data); + + header("Content-Type: application/octet-stream"); + header("Content-Disposition: attachment; filename={$exp_name}"); + header("Content-Length: $exp_size"); + echo $exp_data; + exit; + } elseif ($act == "expkey") { + if (!isset($id)) { + header("Location: system_camanager.php"); + exit; + } + + $exp_name = urlencode("{$a_ca[$id]['descr']}.key"); + $exp_data = base64_decode($a_ca[$id]['prv']); + $exp_size = strlen($exp_data); + + header("Content-Type: application/octet-stream"); + header("Content-Disposition: attachment; filename={$exp_name}"); + header("Content-Length: $exp_size"); + echo $exp_data; exit; } +} elseif ($_SERVER['REQUEST_METHOD'] === 'POST') { + if (isset($a_ca[$_POST['id']])) { + $id = $_POST['id']; + } + if (isset($_POST['act'])) { + $act = $_POST['act']; + } else { + $act = null; + } - $exp_name = urlencode("{$a_ca[$id]['descr']}.crt"); - $exp_data = base64_decode($a_ca[$id]['crt']); - $exp_size = strlen($exp_data); + if ($act == "del") { + if (!isset($id)) { + header("Location: system_camanager.php"); + exit; + } + $a_cert =& $config['cert']; + $index = count($a_cert) - 1; + for (; $index >=0; $index--) { + if (isset($a_cert[$index]['caref']) && isset($a_ca[$id]['refid']) && $a_cert[$index]['caref'] == $a_ca[$id]['refid']) { + unset($a_cert[$index]); + } + } - header("Content-Type: application/octet-stream"); - header("Content-Disposition: attachment; filename={$exp_name}"); - header("Content-Length: $exp_size"); - echo $exp_data; - exit; -} + $a_crl =& $config['crl']; + $index = count($a_crl) - 1; + for (; $index >=0; $index--) { + if ($a_crl[$index]['caref'] == $a_ca[$id]['refid']) { + unset($a_crl[$index]); + } + } -if ($act == "expkey") { - if (!$a_ca[$id]) { + unset($a_ca[$id]); + write_config(); header("Location: system_camanager.php"); exit; - } + } else { + $input_errors = array(); + $pconfig = $_POST; - $exp_name = urlencode("{$a_ca[$id]['descr']}.key"); - $exp_data = base64_decode($a_ca[$id]['prv']); - $exp_size = strlen($exp_data); - - header("Content-Type: application/octet-stream"); - header("Content-Disposition: attachment; filename={$exp_name}"); - header("Content-Length: $exp_size"); - echo $exp_data; - exit; -} - -if ($_POST) { - unset($input_errors); - $input_errors = array(); - $pconfig = $_POST; - - /* input validation */ - if ($pconfig['method'] == "existing") { - $reqdfields = explode(" ", "descr cert"); - $reqdfieldsn = array( - gettext("Descriptive name"), - gettext("Certificate data")); - if ($_POST['cert'] && (!strstr($_POST['cert'], "BEGIN CERTIFICATE") || !strstr($_POST['cert'], "END CERTIFICATE"))) { - $input_errors[] = gettext("This certificate does not appear to be valid."); + /* input validation */ + if ($pconfig['camethod'] == "existing") { + $reqdfields = explode(" ", "descr cert"); + $reqdfieldsn = array( + gettext("Descriptive name"), + gettext("Certificate data")); + if (!empty($pconfig['cert']) && (!strstr($pconfig['cert'], "BEGIN CERTIFICATE") || !strstr($pconfig['cert'], "END CERTIFICATE"))) { + $input_errors[] = gettext("This certificate does not appear to be valid."); + } + if (!empty($pconfig['key']) && strstr($pconfig['key'], "ENCRYPTED")) { + $input_errors[] = gettext("Encrypted private keys are not yet supported."); + } + } elseif ($pconfig['camethod'] == "internal") { + $reqdfields = explode( + " ", + "descr keylen lifetime dn_country dn_state dn_city ". + "dn_organization dn_email dn_commonname" + ); + $reqdfieldsn = array( + gettext("Descriptive name"), + gettext("Key length"), + gettext("Lifetime"), + gettext("Distinguished name Country Code"), + gettext("Distinguished name State or Province"), + gettext("Distinguished name City"), + gettext("Distinguished name Organization"), + gettext("Distinguished name Email Address"), + gettext("Distinguished name Common Name")); + } elseif ($pconfig['camethod'] == "intermediate") { + $reqdfields = explode( + " ", + "descr caref keylen lifetime dn_country dn_state dn_city ". + "dn_organization dn_email dn_commonname" + ); + $reqdfieldsn = array( + gettext("Descriptive name"), + gettext("Signing Certificate Authority"), + gettext("Key length"), + gettext("Lifetime"), + gettext("Distinguished name Country Code"), + gettext("Distinguished name State or Province"), + gettext("Distinguished name City"), + gettext("Distinguished name Organization"), + gettext("Distinguished name Email Address"), + gettext("Distinguished name Common Name")); } - if ($_POST['key'] && strstr($_POST['key'], "ENCRYPTED")) { - $input_errors[] = gettext("Encrypted private keys are not yet supported."); - } - } - if ($pconfig['method'] == "internal") { - $reqdfields = explode( - " ", - "descr keylen lifetime dn_country dn_state dn_city ". - "dn_organization dn_email dn_commonname" - ); - $reqdfieldsn = array( - gettext("Descriptive name"), - gettext("Key length"), - gettext("Lifetime"), - gettext("Distinguished name Country Code"), - gettext("Distinguished name State or Province"), - gettext("Distinguished name City"), - gettext("Distinguished name Organization"), - gettext("Distinguished name Email Address"), - gettext("Distinguished name Common Name")); - } - if ($pconfig['method'] == "intermediate") { - $reqdfields = explode( - " ", - "descr caref keylen lifetime dn_country dn_state dn_city ". - "dn_organization dn_email dn_commonname" - ); - $reqdfieldsn = array( - gettext("Descriptive name"), - gettext("Signing Certificate Authority"), - gettext("Key length"), - gettext("Lifetime"), - gettext("Distinguished name Country Code"), - gettext("Distinguished name State or Province"), - gettext("Distinguished name City"), - gettext("Distinguished name Organization"), - gettext("Distinguished name Email Address"), - gettext("Distinguished name Common Name")); - } - do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors); - if ($pconfig['method'] != "existing") { - /* Make sure we do not have invalid characters in the fields for the certificate */ - for ($i = 0; $i < count($reqdfields); $i++) { - if ($reqdfields[$i] == 'dn_email') { - if (preg_match("/[\!\#\$\%\^\(\)\~\?\>\<\&\/\\\,\"\']/", $_POST["dn_email"])) { - $input_errors[] = gettext("The field 'Distinguished name Email Address' contains invalid characters."); + do_input_validation($pconfig, $reqdfields, $reqdfieldsn, $input_errors); + if ($pconfig['camethod'] != "existing") { + /* Make sure we do not have invalid characters in the fields for the certificate */ + for ($i = 0; $i < count($reqdfields); $i++) { + if ($reqdfields[$i] == 'dn_email') { + if (preg_match("/[\!\#\$\%\^\(\)\~\?\>\<\&\/\\\,\"\']/", $pconfig["dn_email"])) { + $input_errors[] = gettext("The field 'Distinguished name Email Address' contains invalid characters."); + } + } elseif ($reqdfields[$i] == 'dn_commonname') { + if (preg_match("/[\!\@\#\$\%\^\(\)\~\?\>\<\&\/\\\,\"\']/", $pconfig["dn_commonname"])) { + $input_errors[] = gettext("The field 'Distinguished name Common Name' contains invalid characters."); + } + } elseif (($reqdfields[$i] != "descr") && preg_match("/[\!\@\#\$\%\^\(\)\~\?\>\<\&\/\\\,\.\"\']/", $pconfig["$reqdfields[$i]"])) { + $input_errors[] = sprintf(gettext("The field '%s' contains invalid characters."), $reqdfieldsn[$i]); } - } elseif ($reqdfields[$i] == 'dn_commonname') { - if (preg_match("/[\!\@\#\$\%\^\(\)\~\?\>\<\&\/\\\,\"\']/", $_POST["dn_commonname"])) { - $input_errors[] = gettext("The field 'Distinguished name Common Name' contains invalid characters."); - } - } elseif (($reqdfields[$i] != "descr") && preg_match("/[\!\@\#\$\%\^\(\)\~\?\>\<\&\/\\\,\.\"\']/", $_POST["$reqdfields[$i]"])) { - $input_errors[] = sprintf(gettext("The field '%s' contains invalid characters."), $reqdfieldsn[$i]); + } + if (!in_array($pconfig["keylen"], $ca_keylens)) { + $input_errors[] = gettext("Please select a valid Key Length."); + } + if (!in_array($pconfig["digest_alg"], $openssl_digest_algs)) { + $input_errors[] = gettext("Please select a valid Digest Algorithm."); } } - if (!in_array($_POST["keylen"], $ca_keylens)) { - $input_errors[] = gettext("Please select a valid Key Length."); - } - if (!in_array($_POST["digest_alg"], $openssl_digest_algs)) { - $input_errors[] = gettext("Please select a valid Digest Algorithm."); - } - } - /* save modifications */ - if (!$input_errors) { - $ca = array(); - if (!isset($pconfig['refid']) || empty($pconfig['refid'])) { - $ca['refid'] = uniqid(); - } else { - $ca['refid'] = $pconfig['refid']; - } + /* save modifications */ + if (count($input_errors) == 0) { + $ca = array(); - if (isset($id) && $a_ca[$id]) { - $ca = $a_ca[$id]; - } - - if (isset($pconfig['descr'])) { - $ca['descr'] = $pconfig['descr']; - } else { - $ca['descr'] = null; - } - - if (isset($_POST['edit']) && $_POST['edit'] == "edit") { - $ca['descr'] = $pconfig['descr']; - $ca['refid'] = $pconfig['refid']; - $ca['serial'] = $pconfig['serial']; - $ca['crt'] = base64_encode($pconfig['cert']); - if (!empty($pconfig['key'])) { - $ca['prv'] = base64_encode($pconfig['key']); + if (isset($id)) { + $ca = $a_ca[$id]; + } else { + $ca['refid'] = uniqid(); } - } else { - $old_err_level = error_reporting(0); /* otherwise openssl_ functions throw warings directly to a page screwing menu tab */ - if ($pconfig['method'] == "existing") { - ca_import($ca, $pconfig['cert'], $pconfig['key'], $pconfig['serial']); - } elseif ($pconfig['method'] == "internal") { - $dn = array( - 'countryName' => $pconfig['dn_country'], - 'stateOrProvinceName' => $pconfig['dn_state'], - 'localityName' => $pconfig['dn_city'], - 'organizationName' => $pconfig['dn_organization'], - 'emailAddress' => $pconfig['dn_email'], - 'commonName' => $pconfig['dn_commonname']); - if (!ca_create($ca, $pconfig['keylen'], $pconfig['lifetime'], $dn, $pconfig['digest_alg'])) { - $input_errors = array(); - while ($ssl_err = openssl_error_string()) { - $input_errors[] = gettext("openssl library returns:") . " " . $ssl_err; - } - } - } elseif ($pconfig['method'] == "intermediate") { - $dn = array( - 'countryName' => $pconfig['dn_country'], - 'stateOrProvinceName' => $pconfig['dn_state'], - 'localityName' => $pconfig['dn_city'], - 'organizationName' => $pconfig['dn_organization'], - 'emailAddress' => $pconfig['dn_email'], - 'commonName' => $pconfig['dn_commonname']); - if (!ca_inter_create($ca, $pconfig['keylen'], $pconfig['lifetime'], $dn, $pconfig['caref'], $pconfig['digest_alg'])) { - $input_errors = array(); - while ($ssl_err = openssl_error_string()) { - $input_errors[] = gettext("openssl library returns:") . " " . $ssl_err; + + if (isset($pconfig['descr'])) { + $ca['descr'] = $pconfig['descr']; + } else { + $ca['descr'] = null; + } + + if (!empty($pconfig['serial'])) { + $ca['serial'] = $pconfig['serial']; + } + + if (isset($id)) { + // edit existing + $ca['crt'] = base64_encode($pconfig['cert']); + if (!empty($pconfig['key'])) { + $ca['prv'] = base64_encode($pconfig['key']); + } + } else { + $old_err_level = error_reporting(0); /* otherwise openssl_ functions throw warnings directly to a page screwing menu tab */ + if ($pconfig['camethod'] == "existing") { + ca_import($ca, $pconfig['cert'], $pconfig['key'], $pconfig['serial']); + } elseif ($pconfig['camethod'] == "internal") { + $dn = array( + 'countryName' => $pconfig['dn_country'], + 'stateOrProvinceName' => $pconfig['dn_state'], + 'localityName' => $pconfig['dn_city'], + 'organizationName' => $pconfig['dn_organization'], + 'emailAddress' => $pconfig['dn_email'], + 'commonName' => $pconfig['dn_commonname']); + if (!ca_create($ca, $pconfig['keylen'], $pconfig['lifetime'], $dn, $pconfig['digest_alg'])) { + $input_errors = array(); + while ($ssl_err = openssl_error_string()) { + $input_errors[] = gettext("openssl library returns:") . " " . $ssl_err; + } + } + } elseif ($pconfig['camethod'] == "intermediate") { + $dn = array( + 'countryName' => $pconfig['dn_country'], + 'stateOrProvinceName' => $pconfig['dn_state'], + 'localityName' => $pconfig['dn_city'], + 'organizationName' => $pconfig['dn_organization'], + 'emailAddress' => $pconfig['dn_email'], + 'commonName' => $pconfig['dn_commonname']); + if (!ca_inter_create($ca, $pconfig['keylen'], $pconfig['lifetime'], $dn, $pconfig['caref'], $pconfig['digest_alg'])) { + $input_errors = array(); + while ($ssl_err = openssl_error_string()) { + $input_errors[] = gettext("openssl library returns:") . " " . $ssl_err; + } } } + error_reporting($old_err_level); + } + + if (isset($id) && $a_ca[$id]) { + $a_ca[$id] = $ca; + } else { + $a_ca[] = $ca; + } + + if (count($input_errors) == 0) { + write_config(); + header("Location: system_camanager.php"); } - error_reporting($old_err_level); } - if (isset($id) && $a_ca[$id]) { - $a_ca[$id] = $ca; - } else { - $a_ca[] = $ca; - } - - if (!$input_errors) { - write_config(); - unset($input_errors); - } - -// header("Location: system_camanager.php"); } } + +legacy_html_escape_form_data($pconfig); include("head.inc"); $main_buttons = array( @@ -415,438 +419,372 @@ $main_buttons = array( ?> + - - - -
-
+
+
+ 0) { + print_input_errors($input_errors); + } + if (isset($savemsg)) { + print_info_box($savemsg); + } +?> +
+
-
- - 0) { - print_input_errors($input_errors); - } - if (isset($savemsg)) { - print_info_box($savemsg); - } - ?> - -
-
- - -
- - - - - - - - - - - - - - - - - - - - -
- -
- -
- - - - - - - - - - - - - - - - - - - - - - - - - - - -
- -
- -

- -
- -
- -
-
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- -
- - -
- -
-
- - -
- - - - - - - - - - - - - - - - - - - - - - - - - -
:   - -
:   - -   - -   - -
:   - -   - -   - -
:   - -   - -   - -
:   - -   - -   - -
:   - -   - -   - -
-
- - - - - - -
  - " /> - - - -
-
- - - - - - - - - - - - - - - - - + "/> + +
+ + + + + "> + + + +
+ +
+ +
+ + + + + + + + + + + + + + + + + + + + + +
+ + +
+
+ + 		+ + +
+ + +
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ +
() + +
+ + +
() + +
:   + +
:   + + +
:   + + +
:   + + +
:   + + +
:   + + +
- if (isset($ca['caref'])) { - $issuer_ca = lookup_ca($ca['caref']); - if ($issuer_ca) { - $issuer_name = $issuer_ca['descr']; - } - foreach ($a_cert as $cert) { - if ($cert['caref'] == $ca['refid']) { - $certcount++; - } - } - foreach ($a_ca as $cert) { - if ($cert['caref'] == $ca['refid']) { - $certcount++; - } - } - } + + + + + +
  + " /> +
+ - // TODO : Need gray certificate icon + +
+ "/> + +
+ + + + + + + + + + + + +" . gettext("self-signed") . ""; + } else { + $issuer_name = "" . gettext("external") . ""; + } + $certcount = 0; - if ($ca['prv']) { - $internal = "YES"; - - } else { - $internal = "NO"; - } - ?> - - - - - - - - - - - - -
- -    
- - - - - - - - - - - -
 :
 :
- 		- " alt="" class="btn btn-default btn-xs"> - " alt="" class="btn btn-default btn-xs"> - - " class="btn btn-default btn-xs"> - - ')" title="" class="btn btn-default btn-xs"> -
- - - - - -
-
+ + +   +   +   +
+ + + + + + + + + + + +
 :
 :
+ + + " alt="" class="btn btn-default btn-xs"> + + + " alt="" class="btn btn-default btn-xs"> + + + + " class="btn btn-default btn-xs"> + + + + " data-toggle="tooltip" class="act_delete btn btn-default btn-xs"> + + + + + + + +
-
+
+
+
- - -