Project

General

Profile

Download (25.8 KB) Statistics
| Branch: | Tag: | Revision:

univnautes / usr / local / www / system_camanager.php @ a1b66bec

1
<?php
2
/*
3
    system_camanager.php
4

    
5
    Copyright (C) 2008 Shrew Soft Inc.
6
    All rights reserved.
7

    
8
    Redistribution and use in source and binary forms, with or without
9
    modification, are permitted provided that the following conditions are met:
10

    
11
    1. Redistributions of source code must retain the above copyright notice,
12
       this list of conditions and the following disclaimer.
13

    
14
    2. Redistributions in binary form must reproduce the above copyright
15
       notice, this list of conditions and the following disclaimer in the
16
       documentation and/or other materials provided with the distribution.
17

    
18
    THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
19
    INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
20
    AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
21
    AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
22
    OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
23
    SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
24
    INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
25
    CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
26
    ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
27
    POSSIBILITY OF SUCH DAMAGE.
28
*/
29
/*
30
	pfSense_MODULE:	certificate_managaer
31
*/
32

    
33
##|+PRIV
34
##|*IDENT=page-system-camanager
35
##|*NAME=System: CA Manager
36
##|*DESCR=Allow access to the 'System: CA Manager' page.
37
##|*MATCH=system_camanager.php*
38
##|-PRIV
39

    
40
require("guiconfig.inc");
41
require_once("certs.inc");
42

    
43
$ca_methods = array(
44
	"existing" => gettext("Import an existing Certificate Authority"),
45
	"internal" => gettext("Create an internal Certificate Authority"),
46
	"intermediate" => gettext("Create an intermediate Certificate Authority"));
47

    
48
$ca_keylens = array( "512", "1024", "2048", "4096");
49
$openssl_digest_algs = array("sha1", "sha224", "sha256", "sha384", "sha512");
50

    
51
$pgtitle = array(gettext("System"), gettext("Certificate Authority Manager"));
52

    
53
if (is_numericint($_GET['id']))
54
	$id = $_GET['id'];
55
if (isset($_POST['id']) && is_numericint($_POST['id']))
56
	$id = $_POST['id'];
57

    
58
if (!is_array($config['ca']))
59
	$config['ca'] = array();
60

    
61
$a_ca =& $config['ca'];
62

    
63
if (!is_array($config['cert']))
64
	$config['cert'] = array();
65

    
66
$a_cert =& $config['cert'];
67

    
68
if (!is_array($config['crl']))
69
	$config['crl'] = array();
70

    
71
$a_crl =& $config['crl'];
72

    
73
$act = $_GET['act'];
74
if ($_POST['act'])
75
	$act = $_POST['act'];
76

    
77
if ($act == "del") {
78

    
79
	if (!isset($a_ca[$id])) {
80
		pfSenseHeader("system_camanager.php");
81
		exit;
82
	}
83

    
84
	$index = count($a_cert) - 1;
85
	for (;$index >=0; $index--)
86
		if ($a_cert[$index]['caref'] == $a_ca[$id]['refid'])
87
			unset($a_cert[$index]);
88

    
89
	$index = count($a_crl) - 1;
90
	for (;$index >=0; $index--)
91
		if ($a_crl[$index]['caref'] == $a_ca[$id]['refid'])
92
			unset($a_crl[$index]);
93

    
94
	$name = $a_ca[$id]['descr'];
95
	unset($a_ca[$id]);
96
	write_config();
97
	$savemsg = sprintf(gettext("Certificate Authority %s and its CRLs (if any) successfully deleted"), $name) . "<br />";
98
	pfSenseHeader("system_camanager.php");
99
	exit;
100
}
101

    
102
if ($act == "edit") {
103
	if (!$a_ca[$id]) {
104
		pfSenseHeader("system_camanager.php");
105
		exit;
106
	}
107
	$pconfig['descr']  = $a_ca[$id]['descr'];
108
	$pconfig['refid']  = $a_ca[$id]['refid'];
109
	$pconfig['cert']   = base64_decode($a_ca[$id]['crt']);
110
	$pconfig['serial'] = $a_ca[$id]['serial'];
111
	if (!empty($a_ca[$id]['prv']))
112
		$pconfig['key'] = base64_decode($a_ca[$id]['prv']);
113
}
114

    
115
if ($act == "new") {
116
	$pconfig['method'] = $_GET['method'];
117
	$pconfig['keylen'] = "2048";
118
	$pconfig['digest_alg'] = "sha256";
119
	$pconfig['lifetime'] = "3650";
120
	$pconfig['dn_commonname'] = "internal-ca";
121
}
122

    
123
if ($act == "exp") {
124

    
125
	if (!$a_ca[$id]) {
126
		pfSenseHeader("system_camanager.php");
127
		exit;
128
	}
129

    
130
	$exp_name = urlencode("{$a_ca[$id]['descr']}.crt");
131
	$exp_data = base64_decode($a_ca[$id]['crt']);
132
	$exp_size = strlen($exp_data);
133

    
134
	header("Content-Type: application/octet-stream");
135
	header("Content-Disposition: attachment; filename={$exp_name}");
136
	header("Content-Length: $exp_size");
137
	echo $exp_data;
138
	exit;
139
}
140

    
141
if ($act == "expkey") {
142

    
143
	if (!$a_ca[$id]) {
144
		pfSenseHeader("system_camanager.php");
145
		exit;
146
	}
147

    
148
	$exp_name = urlencode("{$a_ca[$id]['descr']}.key");
149
	$exp_data = base64_decode($a_ca[$id]['prv']);
150
	$exp_size = strlen($exp_data);
151

    
152
	header("Content-Type: application/octet-stream");
153
	header("Content-Disposition: attachment; filename={$exp_name}");
154
	header("Content-Length: $exp_size");
155
	echo $exp_data;
156
	exit;
157
}
158

    
159
if ($_POST) {
160

    
161
	unset($input_errors);
162
	$input_errors = array();
163
	$pconfig = $_POST;
164

    
165
	/* input validation */
166
	if ($pconfig['method'] == "existing") {
167
		$reqdfields = explode(" ", "descr cert");
168
		$reqdfieldsn = array(
169
				gettext("Descriptive name"),
170
				gettext("Certificate data"));
171
		if ($_POST['cert'] && (!strstr($_POST['cert'], "BEGIN CERTIFICATE") || !strstr($_POST['cert'], "END CERTIFICATE")))
172
			$input_errors[] = gettext("This certificate does not appear to be valid.");
173
		if ($_POST['key'] && strstr($_POST['key'], "ENCRYPTED"))
174
			$input_errors[] = gettext("Encrypted private keys are not yet supported.");
175
	}
176
	if ($pconfig['method'] == "internal") {
177
		$reqdfields = explode(" ",
178
				"descr keylen lifetime dn_country dn_state dn_city ".
179
				"dn_organization dn_email dn_commonname");
180
		$reqdfieldsn = array(
181
				gettext("Descriptive name"),
182
				gettext("Key length"),
183
				gettext("Lifetime"),
184
				gettext("Distinguished name Country Code"),
185
				gettext("Distinguished name State or Province"),
186
				gettext("Distinguished name City"),
187
				gettext("Distinguished name Organization"),
188
				gettext("Distinguished name Email Address"),
189
				gettext("Distinguished name Common Name"));
190
	}
191
	if ($pconfig['method'] == "intermediate") {
192
		$reqdfields = explode(" ",
193
				"descr caref keylen lifetime dn_country dn_state dn_city ".
194
				"dn_organization dn_email dn_commonname");
195
		$reqdfieldsn = array(
196
				gettext("Descriptive name"),
197
				gettext("Signing Certificate Authority"),
198
				gettext("Key length"),
199
				gettext("Lifetime"),
200
				gettext("Distinguished name Country Code"),
201
				gettext("Distinguished name State or Province"),
202
				gettext("Distinguished name City"),
203
				gettext("Distinguished name Organization"),
204
				gettext("Distinguished name Email Address"),
205
				gettext("Distinguished name Common Name"));
206
	}
207

    
208
	do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors);
209
	if ($pconfig['method'] != "existing") {
210
		/* Make sure we do not have invalid characters in the fields for the certificate */
211
		for ($i = 0; $i < count($reqdfields); $i++) {
212
			if ($reqdfields[$i] == 'dn_email'){
213
				if (preg_match("/[\!\#\$\%\^\(\)\~\?\>\<\&\/\\\,\"\']/", $_POST["dn_email"]))
214
					array_push($input_errors, "The field 'Distinguished name Email Address' contains invalid characters.");
215
			}else if ($reqdfields[$i] == 'dn_commonname'){
216
				if (preg_match("/[\!\@\#\$\%\^\(\)\~\?\>\<\&\/\\\,\"\']/", $_POST["dn_commonname"]))
217
					array_push($input_errors, "The field 'Distinguished name Common Name' contains invalid characters.");
218
			}else if (($reqdfields[$i] != "descr") && preg_match("/[\!\@\#\$\%\^\(\)\~\?\>\<\&\/\\\,\.\"\']/", $_POST["$reqdfields[$i]"]))
219
				array_push($input_errors, "The field '" . $reqdfieldsn[$i] . "' contains invalid characters.");
220
		}
221
		if (!in_array($_POST["keylen"], $ca_keylens))
222
			array_push($input_errors, gettext("Please select a valid Key Length."));
223
		if (!in_array($_POST["digest_alg"], $openssl_digest_algs))
224
			array_push($input_errors, gettext("Please select a valid Digest Algorithm."));
225
	}
226

    
227
	/* if this is an AJAX caller then handle via JSON */
228
	if (isAjax() && is_array($input_errors)) {
229
		input_errors2Ajax($input_errors);
230
		exit;
231
	}
232

    
233
	/* save modifications */
234
	if (!$input_errors) {
235

    
236
		$ca = array();
237
		if (!isset($pconfig['refid']) || empty($pconfig['refid']))
238
			$ca['refid'] = uniqid();
239
		else
240
			$ca['refid'] = $pconfig['refid'];
241

    
242
		if (isset($id) && $a_ca[$id])
243
			$ca = $a_ca[$id];
244

    
245
		$ca['descr'] = $pconfig['descr'];
246

    
247
		if ($_POST['edit'] == "edit") {
248
			$ca['descr']  = $pconfig['descr'];
249
			$ca['refid']  = $pconfig['refid'];
250
			$ca['serial'] = $pconfig['serial'];
251
			$ca['crt']    = base64_encode($pconfig['cert']);
252
			if (!empty($pconfig['key']))
253
				$ca['prv']    = base64_encode($pconfig['key']);
254
		} else {
255
			$old_err_level = error_reporting(0); /* otherwise openssl_ functions throw warings directly to a page screwing menu tab */
256
			if ($pconfig['method'] == "existing")
257
				ca_import($ca, $pconfig['cert'], $pconfig['key'], $pconfig['serial']);
258

    
259
			else if ($pconfig['method'] == "internal") {
260
				$dn = array(
261
					'countryName' => $pconfig['dn_country'],
262
					'stateOrProvinceName' => $pconfig['dn_state'],
263
					'localityName' => $pconfig['dn_city'],
264
					'organizationName' => $pconfig['dn_organization'],
265
					'emailAddress' => $pconfig['dn_email'],
266
					'commonName' => $pconfig['dn_commonname']);
267
				if (!ca_create($ca, $pconfig['keylen'], $pconfig['lifetime'], $dn, $pconfig['digest_alg'])){
268
					while($ssl_err = openssl_error_string()){
269
						$input_errors = array();
270
						array_push($input_errors, "openssl library returns: " . $ssl_err);
271
					}
272
				}
273
			}
274
			else if ($pconfig['method'] == "intermediate") {
275
				$dn = array(
276
					'countryName' => $pconfig['dn_country'],
277
					'stateOrProvinceName' => $pconfig['dn_state'],
278
					'localityName' => $pconfig['dn_city'],
279
					'organizationName' => $pconfig['dn_organization'],
280
					'emailAddress' => $pconfig['dn_email'],
281
					'commonName' => $pconfig['dn_commonname']);
282
				if (!ca_inter_create($ca, $pconfig['keylen'], $pconfig['lifetime'], $dn, $pconfig['caref'], $pconfig['digest_alg'])){
283
					while($ssl_err = openssl_error_string()){
284
						$input_errors = array();
285
						array_push($input_errors, "openssl library returns: " . $ssl_err);
286
					}
287
				}
288
			}
289
			error_reporting($old_err_level);
290
		}
291

    
292
		if (isset($id) && $a_ca[$id])
293
			$a_ca[$id] = $ca;
294
		else
295
			$a_ca[] = $ca;
296

    
297
		if (!$input_errors)
298
			write_config();
299

    
300
//		pfSenseHeader("system_camanager.php");
301
	}
302
}
303

    
304
include("head.inc");
305
?>
306

    
307
<body link="#000000" vlink="#000000" alink="#000000" onload="<?= $jsevents["body"]["onload"] ?>">
308
<?php include("fbegin.inc"); ?>
309
<script type="text/javascript">
310
//<![CDATA[
311

    
312
function method_change() {
313

    
314
	method = document.iform.method.selectedIndex;
315

    
316
	switch (method) {
317
		case 0:
318
			document.getElementById("existing").style.display="";
319
			document.getElementById("internal").style.display="none";
320
			document.getElementById("intermediate").style.display="none";
321
			break;
322
		case 1:
323
			document.getElementById("existing").style.display="none";
324
			document.getElementById("internal").style.display="";
325
			document.getElementById("intermediate").style.display="none";
326
			break;
327
		case 2:
328
			document.getElementById("existing").style.display="none";
329
			document.getElementById("internal").style.display="";
330
			document.getElementById("intermediate").style.display="";
331
			break;
332
	}
333
}
334

    
335
//]]>
336
</script>
337
<?php
338
	if ($input_errors)
339
		print_input_errors($input_errors);
340
	if ($savemsg)
341
		print_info_box($savemsg);
342

    
343
	// Load valid country codes
344
	$dn_cc = array();
345
	if (file_exists("/etc/ca_countries")){
346
		$dn_cc_file=file("/etc/ca_countries");
347
		foreach($dn_cc_file as $line)
348
			if (preg_match('/^(\S*)\s(.*)$/', $line, $matches))
349
				array_push($dn_cc, $matches[1]);
350
	}
351
?>
352
<table width="100%" border="0" cellpadding="0" cellspacing="0" summary="CA manager">
353
	<tr>
354
		<td>
355
		<?php
356
			$tab_array = array();
357
			$tab_array[] = array(gettext("CAs"), true, "system_camanager.php");
358
			$tab_array[] = array(gettext("Certificates"), false, "system_certmanager.php");
359
			$tab_array[] = array(gettext("Certificate Revocation"), false, "system_crlmanager.php");
360
			display_top_tabs($tab_array);
361
		?>
362
		</td>
363
	</tr>
364
	<tr>
365
		<td id="mainarea">
366
			<div class="tabcont">
367

    
368
				<?php if ($act == "new" || $act == "edit" || $act == gettext("Save") || $input_errors): ?>
369

    
370
				<form action="system_camanager.php" method="post" name="iform" id="iform">
371
					<?php if ($act == "edit"): ?>
372
					<input type="hidden" name="edit" value="edit" id="edit" />
373
					<input type="hidden" name="id" value="<?php echo htmlspecialchars($id); ?>" id="id" />
374
					<input type="hidden" name="refid" value="<?php echo $pconfig['refid']; ?>" id="refid" />
375
					<?php endif; ?>
376
					<table width="100%" border="0" cellpadding="6" cellspacing="0" summary="main area">
377
						<tr>
378
							<td width="22%" valign="top" class="vncellreq"><?=gettext("Descriptive name");?></td>
379
							<td width="78%" class="vtable">
380
								<input name="descr" type="text" class="formfld unknown" id="descr" size="20" value="<?=htmlspecialchars($pconfig['descr']);?>"/>
381
							</td>
382
						</tr>
383
						<?php if (!isset($id) || $act == "edit"): ?>
384
						<tr>
385
							<td width="22%" valign="top" class="vncellreq"><?=gettext("Method");?></td>
386
							<td width="78%" class="vtable">
387
								<select name='method' id='method' class="formselect" onchange='method_change()'>
388
								<?php
389
									foreach($ca_methods as $method => $desc):
390
									$selected = "";
391
									if ($pconfig['method'] == $method)
392
										$selected = " selected=\"selected\"";
393
								?>
394
									<option value="<?=$method;?>"<?=$selected;?>><?=$desc;?></option>
395
								<?php endforeach; ?>
396
								</select>
397
							</td>
398
						</tr>
399
						<?php endif; ?>
400
					</table>
401

    
402
					<table width="100%" border="0" cellpadding="6" cellspacing="0" id="existing" summary="existing">
403
						<tr>
404
							<td colspan="2" class="list" height="12"></td>
405
						</tr>
406
						<tr>
407
							<td colspan="2" valign="top" class="listtopic"><?=gettext("Existing Certificate Authority");?></td>
408
						</tr>
409

    
410
						<tr>
411
							<td width="22%" valign="top" class="vncellreq"><?=gettext("Certificate data");?></td>
412
							<td width="78%" class="vtable">
413
								<textarea name="cert" id="cert" cols="65" rows="7" class="formfld_cert"><?=htmlspecialchars($pconfig['cert']);?></textarea>
414
								<br />
415
								<?=gettext("Paste a certificate in X.509 PEM format here.");?>
416
							</td>
417
						</tr>
418
						<tr>
419
							<td width="22%" valign="top" class="vncellreq"><?=gettext("Certificate Private Key");?><br /><?=gettext("(optional)");?></td>
420
							<td width="78%" class="vtable">
421
								<textarea name="key" id="key" cols="65" rows="7" class="formfld_cert"><?=htmlspecialchars($pconfig['key']);?></textarea>
422
								<br />
423
								<?=gettext("Paste the private key for the above certificate here. This is optional in most cases, but required if you need to generate a Certificate Revocation List (CRL).");?>
424
							</td>
425
						</tr>
426

    
427
					<?php if (!isset($id) || $act == "edit"): ?>
428
						<tr>
429
							<td width="22%" valign="top" class="vncellreq"><?=gettext("Serial for next certificate");?></td>
430
							<td width="78%" class="vtable">
431
								<input name="serial" type="text" class="formfld unknown" id="serial" size="20" value="<?=htmlspecialchars($pconfig['serial']);?>"/>
432
								<br /><?=gettext("Enter a decimal number to be used as the serial number for the next certificate to be created using this CA.");?>
433
							</td>
434
						</tr>
435
					<?php endif; ?>
436
					</table>
437

    
438
					<table width="100%" border="0" cellpadding="6" cellspacing="0" id="internal" summary="internal">
439
						<tr>
440
							<td colspan="2" class="list" height="12"></td>
441
						</tr>
442
						<tr>
443
							<td colspan="2" valign="top" class="listtopic"><?=gettext("Internal Certificate Authority");?></td>
444
						</tr>
445
						<tr id='intermediate'>
446
							<td width="22%" valign="top" class="vncellreq"><?=gettext("Signing Certificate Authority");?></td>
447
							<td width="78%" class="vtable">
448
                                                                <select name='caref' id='caref' class="formselect" onchange='internalca_change()'>
449
                                                                <?php
450
                                                                        foreach( $a_ca as $ca):
451
                                                                        if (!$ca['prv'])
452
                                                                                continue;
453
                                                                        $selected = "";
454
                                                                        if ($pconfig['caref'] == $ca['refid'])
455
                                                                                $selected = " selected=\"selected\"";
456
                                                                ?>
457
                                                                        <option value="<?=$ca['refid'];?>"<?=$selected;?>><?=$ca['descr'];?></option>
458
                                                                <?php endforeach; ?>
459
                                                                </select>
460
							</td>
461
						</tr>
462
						<tr>
463
							<td width="22%" valign="top" class="vncellreq"><?=gettext("Key length");?></td>
464
							<td width="78%" class="vtable">
465
								<select name='keylen' id='keylen' class="formselect">
466
								<?php
467
									foreach( $ca_keylens as $len):
468
									$selected = "";
469
									if ($pconfig['keylen'] == $len)
470
										$selected = " selected=\"selected\"";
471
								?>
472
									<option value="<?=$len;?>"<?=$selected;?>><?=$len;?></option>
473
								<?php endforeach; ?>
474
								</select>
475
								<?=gettext("bits");?>
476
							</td>
477
						</tr>
478
						<tr>
479
							<td width="22%" valign="top" class="vncellreq"><?=gettext("Digest Algorithm");?></td>
480
							<td width="78%" class="vtable">
481
								<select name='digest_alg' id='digest_alg' class="formselect">
482
								<?php
483
									foreach( $openssl_digest_algs as $digest_alg):
484
									$selected = "";
485
									if ($pconfig['digest_alg'] == $digest_alg)
486
										$selected = " selected=\"selected\"";
487
								?>
488
									<option value="<?=$digest_alg;?>"<?=$selected;?>><?=strtoupper($digest_alg);?></option>
489
								<?php endforeach; ?>
490
								</select>
491
								<br /><?= gettext("NOTE: It is recommended to use an algorithm stronger than SHA1 when possible.") ?>
492
							</td>
493
						</tr>
494
						<tr>
495
							<td width="22%" valign="top" class="vncellreq"><?=gettext("Lifetime");?></td>
496
							<td width="78%" class="vtable">
497
								<input name="lifetime" type="text" class="formfld unknown" id="lifetime" size="5" value="<?=htmlspecialchars($pconfig['lifetime']);?>"/>
498
								<?=gettext("days");?>
499
							</td>
500
						</tr>
501
						<tr>
502
							<td width="22%" valign="top" class="vncellreq"><?=gettext("Distinguished name");?></td>
503
							<td width="78%" class="vtable">
504
								<table border="0" cellspacing="0" cellpadding="2" summary="name">
505
									<tr>
506
										<td align="right"><?=gettext("Country Code");?> : &nbsp;</td>
507
										<td align="left">
508
											<select name='dn_country' class="formselect">
509
											<?php
510
											foreach( $dn_cc as $cc){
511
												$selected = "";
512
												if ($pconfig['dn_country'] == $cc)
513
													$selected = " selected=\"selected\"";
514
												print "<option value=\"$cc\"$selected>$cc</option>";
515
												}
516
											?>
517
											</select>
518
										</td>
519
									</tr>
520
									<tr>
521
										<td align="right"><?=gettext("State or Province");?> : &nbsp;</td>
522
										<td align="left">
523
											<input name="dn_state" type="text" class="formfld unknown" size="40" value="<?=htmlspecialchars($pconfig['dn_state']);?>"/>
524
											&nbsp;
525
											<em><?=gettext("ex:");?></em>
526
											&nbsp;
527
											<?=gettext("Texas");?>
528
										</td>
529
									</tr>
530
									<tr>
531
										<td align="right"><?=gettext("City");?> : &nbsp;</td>
532
										<td align="left">
533
											<input name="dn_city" type="text" class="formfld unknown" size="40" value="<?=htmlspecialchars($pconfig['dn_city']);?>"/>
534
											&nbsp;
535
											<em><?=gettext("ex:");?></em>
536
											&nbsp;
537
											<?=gettext("Austin");?>
538
										</td>
539
									</tr>
540
									<tr>
541
										<td align="right"><?=gettext("Organization");?> : &nbsp;</td>
542
										<td align="left">
543
											<input name="dn_organization" type="text" class="formfld unknown" size="40" value="<?=htmlspecialchars($pconfig['dn_organization']);?>"/>
544
											&nbsp;
545
											<em><?=gettext("ex:");?></em>
546
											&nbsp;
547
											<?=gettext("My Company Inc.");?>
548
										</td>
549
									</tr>
550
									<tr>
551
										<td align="right"><?=gettext("Email Address");?> : &nbsp;</td>
552
										<td align="left">
553
											<input name="dn_email" type="text" class="formfld unknown" size="25" value="<?=htmlspecialchars($pconfig['dn_email']);?>"/>
554
											&nbsp;
555
											<em><?=gettext("ex:");?></em>
556
											&nbsp;
557
											<?=gettext("admin@mycompany.com");?>
558
										</td>
559
									</tr>
560
									<tr>
561
										<td align="right"><?=gettext("Common Name");?> : &nbsp;</td>
562
										<td align="left">
563
											<input name="dn_commonname" type="text" class="formfld unknown" size="25" value="<?=htmlspecialchars($pconfig['dn_commonname']);?>"/>
564
											&nbsp;
565
											<em><?=gettext("ex:");?></em>
566
											&nbsp;
567
											<?=gettext("internal-ca");?>
568
										</td>
569
									</tr>
570
								</table>
571
							</td>
572
						</tr>
573
					</table>
574

    
575
					<table width="100%" border="0" cellpadding="6" cellspacing="0" summary="save">
576
						<tr>
577
							<td width="22%" valign="top">&nbsp;</td>
578
							<td width="78%">
579
								<input id="submit" name="save" type="submit" class="formbtn" value="<?=gettext("Save"); ?>" />
580
								<?php if (isset($id) && $a_ca[$id]): ?>
581
								<input name="id" type="hidden" value="<?=htmlspecialchars($id);?>" />
582
								<?php endif;?>
583
							</td>
584
						</tr>
585
					</table>
586
				</form>
587

    
588
				<?php else: ?>
589

    
590
				<table width="100%" border="0" cellpadding="0" cellspacing="0" summary="">
591
					<tr>
592
						<td width="20%" class="listhdrr"><?=gettext("Name");?></td>
593
						<td width="10%" class="listhdrr"><?=gettext("Internal");?></td>
594
						<td width="10%" class="listhdrr"><?=gettext("Issuer");?></td>
595
						<td width="10%" class="listhdrr"><?=gettext("Certificates");?></td>
596
						<td width="40%" class="listhdrr"><?=gettext("Distinguished Name");?></td>
597
						<td width="10%" class="list"></td>
598
					</tr>
599
					<?php
600
						$i = 0;
601
						foreach($a_ca as $ca):
602
							$name = htmlspecialchars($ca['descr']);
603
							$subj = cert_get_subject($ca['crt']);
604
							$issuer = cert_get_issuer($ca['crt']);
605
							list($startdate, $enddate) = cert_get_dates($ca['crt']);
606
							if($subj == $issuer)
607
							  $issuer_name = "<em>" . gettext("self-signed") . "</em>";
608
							else
609
							  $issuer_name = "<em>" . gettext("external") . "</em>";
610
							$subj = htmlspecialchars($subj);
611
							$issuer = htmlspecialchars($issuer);
612
							$certcount = 0;
613

    
614
							$issuer_ca = lookup_ca($ca['caref']);
615
							if ($issuer_ca)
616
								$issuer_name = $issuer_ca['descr'];
617

    
618
							// TODO : Need gray certificate icon
619

    
620
							if($ca['prv']) {
621
								$caimg = "/themes/{$g['theme']}/images/icons/icon_frmfld_cert.png";
622
								$internal = "YES";
623

    
624
							} else {
625
								$caimg = "/themes/{$g['theme']}/images/icons/icon_frmfld_cert.png";
626
								$internal = "NO";
627
							}
628
							foreach ($a_cert as $cert)
629
								if ($cert['caref'] == $ca['refid'])
630
									$certcount++;
631
  						foreach ($a_ca as $cert)
632
  							if ($cert['caref'] == $ca['refid'])
633
  								$certcount++;
634
					?>
635
					<tr>
636
						<td class="listlr">
637
							<table border="0" cellpadding="0" cellspacing="0" summary="icon">
638
								<tr>
639
									<td align="left" valign="middle">
640
										<img src="<?=$caimg;?>" alt="CA" title="CA" border="0" height="16" width="16" />
641
									</td>
642
									<td align="left" valign="middle">
643
										<?=$name;?>
644
									</td>
645
								</tr>
646
							</table>
647
						</td>
648
						<td class="listr"><?=$internal;?>&nbsp;</td>
649
						<td class="listr"><?=$issuer_name;?>&nbsp;</td>
650
						<td class="listr"><?=$certcount;?>&nbsp;</td>
651
						<td class="listr"><?=$subj;?><br />
652
							<table width="100%" style="font-size: 9px" summary="valid">
653
								<tr>
654
									<td width="10%">&nbsp;</td>
655
									<td width="20%"><?=gettext("Valid From")?>:</td>
656
									<td width="70%"><?= $startdate ?></td>
657
								</tr>
658
								<tr>
659
									<td>&nbsp;</td>
660
									<td><?=gettext("Valid Until")?>:</td>
661
									<td><?= $enddate ?></td>
662
								</tr>
663
							</table>
664
						</td>
665
						<td valign="middle" class="list nowrap">
666
							<a href="system_camanager.php?act=edit&amp;id=<?=$i;?>">
667
								<img src="/themes/<?= $g['theme'];?>/images/icons/icon_e.gif" title="<?=gettext("edit CA");?>" alt="<?=gettext("edit CA");?>" width="17" height="17" border="0" />
668
							</a>
669
							<a href="system_camanager.php?act=exp&amp;id=<?=$i;?>">
670
								<img src="/themes/<?= $g['theme'];?>/images/icons/icon_down.gif" title="<?=gettext("export CA cert");?>" alt="<?=gettext("export CA cert");?>" width="17" height="17" border="0" />
671
							</a>
672
							<?php if ($ca['prv']): ?>
673
							<a href="system_camanager.php?act=expkey&amp;id=<?=$i;?>">
674
								<img src="/themes/<?= $g['theme'];?>/images/icons/icon_down.gif" title="<?=gettext("export CA private key");?>" alt="<?=gettext("export CA private key");?>" width="17" height="17" border="0" />
675
							</a>
676
							<?php endif; ?>
677
							<a href="system_camanager.php?act=del&amp;id=<?=$i;?>" onclick="return confirm('<?=gettext("Do you really want to delete this Certificate Authority and its CRLs, and unreference any associated certificates?");?>')">
678
								<img src="/themes/<?= $g['theme'];?>/images/icons/icon_x.gif" title="<?=gettext("delete ca");?>" alt="<?=gettext("delete ca"); ?>" width="17" height="17" border="0" />
679
							</a>
680
						</td>
681
					</tr>
682
					<?php
683
							$i++;
684
						endforeach;
685
					?>
686
					<tr>
687
						<td class="list" colspan="5"></td>
688
						<td class="list">
689
							<a href="system_camanager.php?act=new">
690
								<img src="/themes/<?= $g['theme'];?>/images/icons/icon_plus.gif" title="<?=gettext("add or import ca");?>" alt="<?=gettext("add ca");?>" width="17" height="17" border="0" />
691
							</a>
692
						</td>
693
					</tr>
694
					<tr>
695
						<td colspan="5">
696
							<p>
697
								<?=gettext("Additional trusted Certificate Authorities can be added here.");?>
698
							</p>
699
						</td>
700
					</tr>
701
				</table>
702

    
703
				<?php endif; ?>
704

    
705
			</div>
706
		</td>
707
	</tr>
708
</table>
709
<?php include("fend.inc");?>
710
<script type="text/javascript">
711
//<![CDATA[
712

    
713
method_change();
714

    
715
//]]>
716
</script>
717

    
718
</body>
719
</html>
(212-212/256)