* All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: * * 1. Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. */ require_once('guiconfig.inc'); require_once("system.inc"); //require_once('phpseclib/vendor/autoload.php'); function csr_generate(&$cert, $keylen, $dn, $digest_alg = 'sha256') { $configFilename = create_temp_openssl_config($dn); $args = array( 'config' => $configFilename, 'private_key_type' => OPENSSL_KEYTYPE_RSA, 'private_key_bits' => (int)$keylen, 'req_extensions' => 'v3_req', 'digest_alg' => $digest_alg, 'encrypt_key' => false ); // generate a new key pair $res_key = openssl_pkey_new($args); if (!$res_key) { return false; } // generate a certificate signing request $res_csr = openssl_csr_new($dn, $res_key, $args); if (!$res_csr) { return false; } // export our request data if (!openssl_pkey_export($res_key, $str_key) || !openssl_csr_export($res_csr, $str_csr)) { return false; } // return our request information $cert['csr'] = base64_encode($str_csr); $cert['prv'] = base64_encode($str_key); unlink($configFilename); return true; } function csr_complete(& $cert, $str_crt) { // return our request information $cert['crt'] = base64_encode($str_crt); unset($cert['csr']); return true; } function csr_get_modulus($str_crt, $decode = true) { return cert_get_modulus($str_crt, $decode, 'csr'); } function parse_csr($csr_str) { $ret = array(); $ret['parse_success'] = true; $ret['subject'] = openssl_csr_get_subject($csr_str); if ($ret['subject'] === false) { return array('parse_success' => false); } $x509_lib = new \phpseclib\File\X509(); $csr = $x509_lib->loadCSR($csr_str); if ($csr === false) { return array('parse_success' => false); } foreach ($csr['certificationRequestInfo']['attributes'] as $attr) { switch ($attr['type'] ) { case 'pkcs-9-at-extensionRequest': foreach ($attr['value'] as $value) { foreach ($value as $column) { switch ($column['extnId']) { case 'id-ce-basicConstraints': $ret['basicConstraints'] = array(); $ret['basicConstraints']['CA'] = $column['extnValue']['cA']; if (isset($column['extnValue']['pathLenConstraint'])) { $ret['basicConstraints']['pathlen'] = (int)($column['extnValue']['pathLenConstraint']->toString()); } break; case 'id-ce-keyUsage': $ret['keyUsage'] = $column['extnValue']; break; case 'id-ce-extKeyUsage': $ret['extendedKeyUsage'] = array(); foreach ($column['extnValue'] as $usage) { array_push($ret['extendedKeyUsage'], strpos($usage, 'id-kp-') === 0 ? $x509_lib->getOID($usage) : $usage); } break; case 'id-ce-subjectAltName': $ret['subjectAltName'] = array(); foreach ($column['extnValue'] as $item) { if (isset($item['dNSName'])) { array_push($ret['subjectAltName'], array('type'=> 'DNS', 'value'=> $item['dNSName'])); } if (isset($item['iPAddress'])) { array_push($ret['subjectAltName'], array('type'=> 'IP', 'value'=> $item['iPAddress'])); } if (isset($item['rfc822Name'])) { array_push($ret['subjectAltName'], array('type'=> 'email', 'value'=> $item['rfc822Name'])); } if (isset($item['uniformResourceIdentifier'])) { array_push($ret['subjectAltName'], array('type'=> 'URI', 'value'=> $item['uniformResourceIdentifier'])); } } break; } } } break; // case 'pkcs-9-at-extensionRequest' } } return $ret; } // altname expects a type like the following: // array ( // 'type' => (string), // 'value': => (string) // ) // // errors are added to $input_errors // returns true: on success // false: on error, with adding something to $input_errors. function is_valid_alt_value($altname, &$input_errors) { switch ($altname['type']) { case "DNS": $dns_regex = '/^(?:(?:[a-z0-9_\*]|[a-z0-9_][a-z0-9_\-]*[a-z0-9_])\.)*(?:[a-z0-9_]|[a-z0-9_][a-z0-9_\-]*[a-z0-9_])$/i'; if (!preg_match($dns_regex, $altname['value'])) { $input_errors[] = gettext("DNS subjectAltName values must be valid hostnames or FQDNs"); return false; } return true; case "IP": if (!is_ipaddr($altname['value'])) { $input_errors[] = gettext("IP subjectAltName values must be valid IP Addresses"); return false; } return true; case "email": if (empty($altname['value'])) { $input_errors[] = gettext("You must provide an email address for this type of subjectAltName"); return false; } if (preg_match("/[\!\#\$\%\^\(\)\~\?\>\<\&\/\\\,\"\']/", $altname['value'])) { $input_errors[] = gettext("The email provided in a subjectAltName contains invalid characters."); return false; } return true; case "URI": if (!is_URL($altname['value'])) { $input_errors[] = gettext("URI subjectAltName types must be a valid URI"); return false; } return true; default: $input_errors[] = gettext("Unrecognized subjectAltName type."); return false; } } // types $cert_methods = array( "import" => gettext("Import an existing Certificate"), "internal" => gettext("Create an internal Certificate"), "external" => gettext("Create a Certificate Signing Request"), // "sign_cert_csr" => gettext("Sign a Certificate Signing Request"), ); $cert_keylens = array( "512", "1024", "2048", "3072", "4096", "8192"); $openssl_digest_algs = array("sha1", "sha224", "sha256", "sha384", "sha512"); $cert_types = array('usr_cert', 'server_cert', 'combined_server_client', 'v3_ca'); $key_usages = array( // defined in RFC 5280 section 4.2.1.3 'digitalSignature' => gettext('digitalSignature'), 'nonRepudiation' => gettext('nonRepudiation'), 'keyEncipherment' => gettext('keyEncipherment'), 'dataEncipherment' => gettext('dataEncipherment'), 'keyAgreement' => gettext('keyAgreement'), 'keyCertSign' => gettext('keyCertSign'), 'cRLSign' => gettext('cRLSign'), 'encipherOnly' => gettext('encipherOnly'), 'decipherOnly' => gettext('decipherOnly'), ); $extended_key_usages = array( // defined in RFC 5280 section 4.2.1.12 '1.3.6.1.5.5.7.3.1' => gettext('serverAuth'), '1.3.6.1.5.5.7.3.2' => gettext('clientAuth'), '1.3.6.1.5.5.7.3.3' => gettext('codeSigning'), '1.3.6.1.5.5.7.3.4' => gettext('emailProtection'), '1.3.6.1.5.5.7.3.8' => gettext('timeStamping'), '1.3.6.1.5.5.7.3.9' => gettext('OCSPSigning'), // added to support default options '1.3.6.1.5.5.8.2.2' => gettext('iKEIntermediate'), ); // config reference pointers $a_user = &config_read_array('system', 'user'); $a_ca = &config_read_array('ca'); $a_cert = &config_read_array('cert'); // handle user GET/POST data if ($_SERVER['REQUEST_METHOD'] === 'GET') { if (isset($a_user[$_GET['userid']])) { $userid = $_GET['userid']; $cert_methods["existing"] = gettext("Choose an existing certificate"); } if (isset($a_cert[$_GET['id']])) { $id = $_GET['id']; } if (isset($_GET['act'])) { $act = $_GET['act']; } else { $act = null; } $pconfig = array(); if ($act == "new") { if (isset($_GET['method'])) { $pconfig['certmethod'] = $_GET['method']; } else { $pconfig['certmethod'] = null; } $pconfig['keylen'] = "2048"; $pconfig['digest_alg'] = "sha256"; $pconfig['digest_alg_sign_csr'] = "sha256"; $pconfig['csr_keylen'] = "2048"; $pconfig['csr_digest_alg'] = "sha256"; $pconfig['lifetime'] = "365"; $pconfig['lifetime_sign_csr'] = "365"; $pconfig['cert_type'] = "usr_cert"; $pconfig['cert'] = null; $pconfig['key'] = null; $pconfig['dn_country'] = null; $pconfig['dn_state'] = null; $pconfig['dn_city'] = null; $pconfig['dn_organization'] = null; $pconfig['dn_email'] = null; if (isset($userid)) { $pconfig['descr'] = $a_user[$userid]['name']; $pconfig['dn_commonname'] = $a_user[$userid]['name']; } else { $pconfig['descr'] = null; $pconfig['dn_commonname'] = null; } } elseif ($act == "exp") { // export cert if (isset($id)) { $exp_name = urlencode("{$a_cert[$id]['descr']}.crt"); $exp_data = base64_decode($a_cert[$id]['crt']); $exp_size = strlen($exp_data); header("Content-Type: application/octet-stream"); header("Content-Disposition: attachment; filename={$exp_name}"); header("Content-Length: $exp_size"); echo $exp_data; } exit; } elseif ($act == "key") { // export key if (isset($id)) { $exp_name = urlencode("{$a_cert[$id]['descr']}.key"); $exp_data = base64_decode($a_cert[$id]['prv']); $exp_size = strlen($exp_data); header("Content-Type: application/octet-stream"); header("Content-Disposition: attachment; filename={$exp_name}"); header("Content-Length: $exp_size"); echo $exp_data; } exit; } elseif ($act == "csr") { if (!isset($id)) { header(url_safe('Location: /system_certmanager.php')); exit; } $pconfig['descr'] = $a_cert[$id]['descr']; $pconfig['csr'] = base64_decode($a_cert[$id]['csr']); $pconfig['cert'] = null; } elseif ($act == "info") { if (isset($id)) { header("Content-Type: text/plain;charset=UTF-8"); // use openssl to dump cert in readable format $process = proc_open('/usr/local/bin/openssl x509 -fingerprint -sha256 -text', array(array("pipe", "r"), array("pipe", "w")), $pipes); if (is_resource($process)) { fwrite($pipes[0], base64_decode($a_cert[$id]['crt'])); fclose($pipes[0]); $result = stream_get_contents($pipes[1]); fclose($pipes[1]); proc_close($process); echo $result; } } exit; } elseif ($act == 'csr_info') { if (!isset($_GET['csr'])) { http_response_code(400); header("Content-Type: text/plain;charset=UTF-8"); echo gettext('Invalid request'); exit; } header("Content-Type: text/plain;charset=UTF-8"); // use openssl to dump csr in readable format $process = proc_open('/usr/local/bin/openssl req -text -noout', array(array("pipe", "r"), array("pipe", "w"), array("pipe", "w")), $pipes); if (is_resource($process)) { fwrite($pipes[0], $_GET['csr']); fclose($pipes[0]); $result_stdout = stream_get_contents($pipes[1]); fclose($pipes[1]); $result_stderr = stream_get_contents($pipes[2]); fclose($pipes[2]); proc_close($process); echo $result_stdout; echo $result_stderr; } exit; } elseif ($act == 'csr_info_json') { header("Content-Type: application/json;charset=UTF-8"); if (!isset($_GET['csr'])) { http_response_code(400); echo json_encode(array( 'error' => gettext('Invalid Request'), 'error_detail' => gettext('No csr parameter in query') )); exit; } $parsed_result = parse_csr($_GET['csr']); if ($parsed_result['parse_success'] !== true) { http_response_code(400); echo json_encode(array( 'error' => gettext('CSR file is invalid'), 'error_detail' => gettext('Could not parse CSR file.') )); exit; } echo json_encode($parsed_result); exit; } } elseif ($_SERVER['REQUEST_METHOD'] === 'POST') { $pconfig = $_POST; if (isset($a_cert[$_POST['id']])) { $id = $_POST['id']; } if (isset($a_user[$_POST['userid']])) { $userid = $_POST['userid']; } if (isset($_POST['act'])) { $act = $_POST['act']; } else { $act = null; } if ($act == "del") { if (isset($id)) { unset($a_cert[$id]); write_config(); } header(url_safe('Location: /system_certmanager.php')); exit; } elseif ($act == "p12") { // export cert+key in p12 format if (isset($id)) { $exp_name = urlencode("{$a_cert[$id]['descr']}.p12"); $args = array(); $args['friendly_name'] = $a_cert[$id]['descr']; $ca = lookup_ca($a_cert[$id]['caref']); if ($ca) { $args['extracerts'] = openssl_x509_read(base64_decode($ca['crt'])); } set_error_handler ( function () { return; } ); $exp_data = ''; $res_crt = openssl_x509_read(base64_decode($a_cert[$id]['crt'])); $res_key = openssl_pkey_get_private(array(0 => base64_decode($a_cert[$id]['prv']) , 1 => '')); $res_pw = !empty($pconfig['password']) ? $pconfig['password'] : null; openssl_pkcs12_export($res_crt, $exp_data, $res_key, $res_pw, $args); restore_error_handler(); $output = json_encode(array( 'filename' => $exp_name, 'content' => base64_encode($exp_data) )); header("Content-Type: application/json;charset=UTF-8"); // header("Content-Length: ". strlen($output)); echo $output; } exit; } elseif ($act == "csr") { $input_errors = array(); $pconfig = $_POST; if (!isset($id)) { header(url_safe('Location: /system_certmanager.php')); exit; } /* input validation */ $reqdfields = explode(" ", "descr cert"); $reqdfieldsn = array( gettext("Descriptive name"), gettext("Final Certificate data")); do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors); $mod_csr = csr_get_modulus($pconfig['csr'], false); $mod_cert = cert_get_modulus($pconfig['cert'], false); if (strcmp($mod_csr, $mod_cert)) { // simply: if the moduli don't match, then the private key and public key won't match $input_errors[] = gettext("The certificate modulus does not match the signing request modulus."); $subject_mismatch = true; } /* save modifications */ if (count($input_errors) == 0) { $cert = $a_cert[$id]; csr_complete($cert, $pconfig['cert']); $a_cert[$id] = $cert; write_config(); header(url_safe('Location: /system_certmanager.php')); exit; } } elseif (!empty($_POST['save'])) { $input_errors = array(); /* input validation */ if ($pconfig['certmethod'] == "import") { $reqdfields = explode(" ", "descr cert key"); $reqdfieldsn = array( gettext("Descriptive name"), gettext("Certificate data"), gettext("Key data")); if (!empty($pconfig['cert']) && (!strstr($pconfig['cert'], "BEGIN CERTIFICATE") || !strstr($pconfig['cert'], "END CERTIFICATE"))) { $input_errors[] = gettext("This certificate does not appear to be valid."); } } elseif ($pconfig['certmethod'] == "internal") { $reqdfields = explode(" ", "descr caref keylen lifetime dn_country dn_state dn_city ". "dn_organization dn_email dn_commonname" ); $reqdfieldsn = array( gettext("Descriptive name"), gettext("Certificate authority"), gettext("Key length"), gettext("Lifetime"), gettext("Distinguished name Country Code"), gettext("Distinguished name State or Province"), gettext("Distinguished name City"), gettext("Distinguished name Organization"), gettext("Distinguished name Email Address"), gettext("Distinguished name Common Name")); } elseif ($pconfig['certmethod'] == "external") { $reqdfields = explode(" ", "descr csr_keylen csr_dn_country csr_dn_state csr_dn_city ". "csr_dn_organization csr_dn_email csr_dn_commonname" ); $reqdfieldsn = array( gettext("Descriptive name"), gettext("Key length"), gettext("Distinguished name Country Code"), gettext("Distinguished name State or Province"), gettext("Distinguished name City"), gettext("Distinguished name Organization"), gettext("Distinguished name Email Address"), gettext("Distinguished name Common Name")); } elseif ($pconfig['certmethod'] == "existing") { $reqdfields = array("certref"); $reqdfieldsn = array(gettext("Existing Certificate Choice")); } elseif ($pconfig['certmethod'] == 'sign_cert_csr') { $reqdfields = array('caref_sign_csr', 'csr', 'lifetime_sign_csr', 'digest_alg_sign_csr'); $reqdfieldsn = array(gettext("Certificate authority"), gettext("CSR file"), gettext("Lifetime"), gettext("Digest Algorithm")); } $altnames = array(); do_input_validation($pconfig, $reqdfields, $reqdfieldsn, $input_errors); if (isset($pconfig['altname_value']) && $pconfig['certmethod'] != "import" && $pconfig['certmethod'] != "existing" && $pconfig['certmethod'] != 'sign_cert_csr') { /* subjectAltNames */ foreach ($pconfig['altname_type'] as $altname_seq => $altname_type) { if (!empty($pconfig['altname_value'][$altname_seq])) { $altnames[] = array("type" => $altname_type, "value" => $pconfig['altname_value'][$altname_seq]); } } /* Input validation for subjectAltNames */ foreach ($altnames as $altname) { if (! is_valid_alt_value($altname, $input_errors)) { break; } } /* Make sure we do not have invalid characters in the fields for the certificate */ for ($i = 0; $i < count($reqdfields); $i++) { if (preg_match('/email/', $reqdfields[$i])) { /* dn_email or csr_dn_name */ if (preg_match("/[\!\#\$\%\^\(\)\~\?\>\<\&\/\\\,\"\']/", $pconfig[$reqdfields[$i]])) { $input_errors[] = gettext("The field 'Distinguished name Email Address' contains invalid characters."); } } elseif (preg_match('/commonname/', $reqdfields[$i])) { /* dn_commonname or csr_dn_commonname */ if (preg_match("/[\!\@\#\$\%\^\(\)\~\?\>\<\&\/\\\,\"\']/", $pconfig[$reqdfields[$i]])) { $input_errors[] = gettext("The field 'Distinguished name Common Name' contains invalid characters."); } } elseif (($reqdfields[$i] != "descr" && $reqdfields[$i] != "csr") && preg_match("/[\!\@\#\$\%\^\(\)\~\?\>\<\&\/\\\,\"\']/", $pconfig[$reqdfields[$i]])) { $input_errors[] = sprintf(gettext("The field '%s' contains invalid characters."), $reqdfieldsn[$i]); } } if ($pconfig['certmethod'] == "internal" && !in_array($pconfig["cert_type"], $cert_types)) { $input_errors[] = gettext("Please select a valid Type."); } if ($pconfig['certmethod'] != "external" && isset($pconfig["keylen"]) && !in_array($pconfig["keylen"], $cert_keylens)) { $input_errors[] = gettext("Please select a valid Key Length."); } if ($pconfig['certmethod'] != "external" && !in_array($pconfig["digest_alg"], $openssl_digest_algs)) { $input_errors[] = gettext("Please select a valid Digest Algorithm."); } if ($pconfig['certmethod'] == "external" && isset($pconfig["csr_keylen"]) && !in_array($pconfig["csr_keylen"], $cert_keylens)) { $input_errors[] = gettext("Please select a valid Key Length."); } if ($pconfig['certmethod'] == "external" && !in_array($pconfig["csr_digest_alg"], $openssl_digest_algs)) { $input_errors[] = gettext("Please select a valid Digest Algorithm."); } if ($pconfig['certmethod'] == "sign_cert_csr" && !in_array($pconfig["digest_alg_sign_csr"], $openssl_digest_algs)) { $input_errors[] = gettext("Please select a valid Digest Algorithm."); } } // validation and at the same time create $dn for sign_cert_csr if ($pconfig['certmethod'] === 'sign_cert_csr') { // XXX: we should separate validation and data gathering $dn = array(); if (isset($pconfig['key_usage_sign_csr'])) { $san_str = ''; for ($i = 0; $i < count($pconfig['altname_type_sign_csr']); ++$i) { if ($pconfig['altname_value_sign_csr'][$i] === '') { continue; } if (! is_valid_alt_value(array( 'type' => $pconfig['altname_type_sign_csr'][$i], 'value' => $pconfig['altname_value_sign_csr'][$i]), $input_errors )) { break; } if ($san_str !== '') { $san_str .= ', '; } $san_str .= $pconfig['altname_type_sign_csr'][$i] . ':' . $pconfig['altname_value_sign_csr'][$i]; } if ($san_str !== '') { $dn['subjectAltName'] = $san_str; } if (is_array($pconfig['key_usage_sign_csr']) && count($pconfig['key_usage_sign_csr']) > 0) { $resstr = ''; foreach ($pconfig['key_usage_sign_csr'] as $item) { if (array_key_exists($item, $key_usages)) { if ($resstr !== '') { $resstr .= ', '; } $resstr .= $item; } else { $input_errors[] = gettext("Please select a valid keyUsage."); break; } } $dn['keyUsage'] = $resstr; } if (is_array($pconfig['extended_key_usage_sign_csr']) && count($pconfig['extended_key_usage_sign_csr']) > 0) { $resstr = ''; foreach ($pconfig['extended_key_usage_sign_csr'] as $item) { if (array_key_exists($item, $extended_key_usages)) { if ($resstr !== '') { $resstr .= ', '; } $resstr .= $item; } else { $input_errors[] = gettext("Please select a valid extendedKeyUsage."); break; } } $dn['extendedKeyUsage'] = $resstr; } if ($pconfig['basic_constraints_is_ca_sign_csr'] === 'true') { $dn['basicConstraints'] = 'CA:' . ((isset($pconfig['basic_constraints_is_ca_sign_csr']) && $pconfig['basic_constraints_is_ca_sign_csr'] === 'true') ? 'TRUE' : 'false'); if (isset($pconfig['basic_constraints_path_len_sign_csr']) && $pconfig['basic_constraints_path_len_sign_csr'] != '') { $dn['basicConstraints'] .= ', pathlen:' . ((int) $pconfig['basic_constraints_path_len_sign_csr']); } } } } /* save modifications */ if (count($input_errors) == 0) { if ($pconfig['certmethod'] == "existing") { $cert = lookup_cert($pconfig['certref']); if ($cert && !empty($userid)) { $a_user[$userid]['cert'][] = $cert['refid']; } } else { $cert = array(); $cert['refid'] = uniqid(); if (isset($id) && $a_cert[$id]) { $cert = $a_cert[$id]; } $cert['descr'] = $pconfig['descr']; $old_err_level = error_reporting(0); /* otherwise openssl_ functions throw warings directly to a page screwing menu tab */ if ($pconfig['certmethod'] == "import") { cert_import($cert, $pconfig['cert'], $pconfig['key']); } elseif ($pconfig['certmethod'] == "internal") { $dn = array( 'countryName' => $pconfig['dn_country'], 'stateOrProvinceName' => $pconfig['dn_state'], 'localityName' => $pconfig['dn_city'], 'organizationName' => $pconfig['dn_organization'], 'emailAddress' => $pconfig['dn_email'], 'commonName' => $pconfig['dn_commonname']); if (count($altnames)) { $altnames_tmp = array(); foreach ($altnames as $altname) { $altnames_tmp[] = "{$altname['type']}:{$altname['value']}"; } $dn['subjectAltName'] = implode(",", $altnames_tmp); } if (!cert_create( $cert, $pconfig['caref'], $pconfig['keylen'], $pconfig['lifetime'], $dn, $pconfig['digest_alg'], $pconfig['cert_type'] )) { $input_errors = array(); while ($ssl_err = openssl_error_string()) { $input_errors[] = gettext("openssl library returns:") . " " . $ssl_err; } } } elseif ($pconfig['certmethod'] === 'sign_cert_csr') { if (!sign_cert_csr($cert, $pconfig['caref_sign_csr'], $pconfig['csr'], (int) $pconfig['lifetime_sign_csr'], $pconfig['digest_alg_sign_csr'], $dn)) { $input_errors = array(); while ($ssl_err = openssl_error_string()) { $input_errors[] = gettext("openssl library returns:") . " " . $ssl_err; } } } elseif ($pconfig['certmethod'] == "external") { $dn = array( 'countryName' => $pconfig['csr_dn_country'], 'stateOrProvinceName' => $pconfig['csr_dn_state'], 'localityName' => $pconfig['csr_dn_city'], 'organizationName' => $pconfig['csr_dn_organization'], 'emailAddress' => $pconfig['csr_dn_email'], 'commonName' => $pconfig['csr_dn_commonname']); if (!empty($pconfig['csr_dn_organizationalunit'])) { $dn['organizationalUnitName'] = $pconfig['csr_dn_organizationalunit']; } if (count($altnames)) { $altnames_tmp = array(); foreach ($altnames as $altname) { $altnames_tmp[] = "{$altname['type']}:{$altname['value']}"; } $dn['subjectAltName'] = implode(",", $altnames_tmp); } if (!csr_generate($cert, $pconfig['csr_keylen'], $dn, $pconfig['csr_digest_alg'])) { $input_errors = array(); while ($ssl_err = openssl_error_string()) { $input_errors[] = gettext("openssl library returns:") . " " . $ssl_err; } } } error_reporting($old_err_level); if (isset($id)) { $a_cert[$id] = $cert; } else { $a_cert[] = $cert; } if (isset($a_user) && isset($userid)) { $a_user[$userid]['cert'][] = $cert['refid']; } } if (count($input_errors) == 0) { write_config(); if (isset($userid)) { header(url_safe('Location: /system_usermanager.php?act=edit&userid=%d', array($userid))); } else { header(url_safe('Location: /system_certmanager.php')); } exit; } } } } legacy_html_escape_form_data($pconfig); legacy_html_escape_form_data($a_ca); legacy_html_escape_form_data($a_cert); include("head.inc"); if (empty($act)) { $main_buttons = array( array('label' => gettext('Add'), 'href' => 'system_certmanager.php?act=new'), ); } ?>
0) { print_input_errors($input_errors); } if (isset($savemsg)) { print_info_box($savemsg); } ?>
()


 
()
()
:  
:  
:  
:  
:  
:  
$item) : $altname_type = isset($pconfig['altname_type'][$itemid]) ? $pconfig['altname_type'][$itemid] : null; ?>
()
:  
:  
:  
:  
:  
:  
:  
 


 
"/>
" . gettext("self-signed") . ""; } else { $caname = "" . gettext("external"). ""; } $subj = htmlspecialchars($subj); } if (isset($cert['csr'])) { $subj = htmlspecialchars(csr_get_subject($cert['csr'])); $caname = "" . gettext("external - signature pending") . ""; } if (isset($cert['caref'])) { $ca = lookup_ca($cert['caref']); if ($ca) { $caname = $ca['descr']; } }?>


, 		   
  :
  :







"> "> "> "> " data-toggle="tooltip" class="act_delete btn btn-default btn-xs"> ">