Project

General

Profile

Download (44.1 KB) Statistics
| Branch: | Tag: | Revision:

univnautes / usr / local / www / system_certmanager.php @ a1b66bec

1
<?php
2
/*
3
    system_certmanager.php
4

    
5
    Copyright (C) 2008 Shrew Soft Inc.
6
    All rights reserved.
7

    
8
    Redistribution and use in source and binary forms, with or without
9
    modification, are permitted provided that the following conditions are met:
10

    
11
    1. Redistributions of source code must retain the above copyright notice,
12
       this list of conditions and the following disclaimer.
13

    
14
    2. Redistributions in binary form must reproduce the above copyright
15
       notice, this list of conditions and the following disclaimer in the
16
       documentation and/or other materials provided with the distribution.
17

    
18
    THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
19
    INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
20
    AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
21
    AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
22
    OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
23
    SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
24
    INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
25
    CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
26
    ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
27
    POSSIBILITY OF SUCH DAMAGE.
28
*/
29
/*
30
	pfSense_MODULE:	certificate_managaer
31
*/
32

    
33
##|+PRIV
34
##|*IDENT=page-system-certmanager
35
##|*NAME=System: Certificate Manager
36
##|*DESCR=Allow access to the 'System: Certificate Manager' page.
37
##|*MATCH=system_certmanager.php*
38
##|-PRIV
39

    
40
require("guiconfig.inc");
41
require_once("certs.inc");
42

    
43
$cert_methods = array(
44
	"import" => gettext("Import an existing Certificate"),
45
	"internal" => gettext("Create an internal Certificate"),
46
	"external" => gettext("Create a Certificate Signing Request"),
47
);
48

    
49
$cert_keylens = array( "512", "1024", "2048", "4096");
50
$cert_types = array(	"ca" => "Certificate Authority",
51
			"server" => "Server Certificate",
52
			"user" => "User Certificate");
53

    
54
$altname_types = array("DNS", "IP", "email", "URI");
55
$openssl_digest_algs = array("sha1", "sha224", "sha256", "sha384", "sha512");
56

    
57
$pgtitle = array(gettext("System"), gettext("Certificate Manager"));
58

    
59
if (is_numericint($_GET['userid']))
60
	$userid = $_GET['userid'];
61
if (isset($_POST['userid']) && is_numericint($_POST['userid']))
62
	$userid = $_POST['userid'];
63

    
64
if (isset($userid)) {
65
	$cert_methods["existing"] = gettext("Choose an existing certificate");
66
	if (!is_array($config['system']['user']))
67
		$config['system']['user'] = array();
68
	$a_user =& $config['system']['user'];
69
}
70

    
71
if (is_numericint($_GET['id']))
72
	$id = $_GET['id'];
73
if (isset($_POST['id']) && is_numericint($_POST['id']))
74
	$id = $_POST['id'];
75

    
76
if (!is_array($config['ca']))
77
	$config['ca'] = array();
78

    
79
$a_ca =& $config['ca'];
80

    
81
if (!is_array($config['cert']))
82
	$config['cert'] = array();
83

    
84
$a_cert =& $config['cert'];
85

    
86
$internal_ca_count = 0;
87
foreach ($a_ca as $ca)
88
	if ($ca['prv'])	
89
		$internal_ca_count++;
90

    
91
$act = $_GET['act'];
92
if ($_POST['act'])
93
	$act = $_POST['act'];
94

    
95
if ($act == "del") {
96

    
97
	if (!isset($a_cert[$id])) {
98
		pfSenseHeader("system_certmanager.php");
99
		exit;
100
	}
101

    
102
	$name = $a_cert[$id]['descr'];
103
	unset($a_cert[$id]);
104
	write_config();
105
	$savemsg = sprintf(gettext("Certificate %s successfully deleted"), $name) . "<br />";
106
	pfSenseHeader("system_certmanager.php");
107
	exit;
108
}
109

    
110
if ($act == "new") {
111
	$pconfig['method'] = $_GET['method'];
112
	$pconfig['keylen'] = "2048";
113
	$pconfig['digest_alg'] = "sha256";
114
	$pconfig['csr_keylen'] = "2048";
115
	$pconfig['csr_digest_alg'] = "sha256";
116
	$pconfig['type'] = "user";
117
	$pconfig['lifetime'] = "3650";
118
}
119

    
120
if ($act == "exp") {
121

    
122
	if (!$a_cert[$id]) {
123
		pfSenseHeader("system_certmanager.php");
124
		exit;
125
	}
126

    
127
	$exp_name = urlencode("{$a_cert[$id]['descr']}.crt");
128
	$exp_data = base64_decode($a_cert[$id]['crt']);
129
	$exp_size = strlen($exp_data);
130

    
131
	header("Content-Type: application/octet-stream");
132
	header("Content-Disposition: attachment; filename={$exp_name}");
133
	header("Content-Length: $exp_size");
134
	echo $exp_data;
135
	exit;
136
}
137

    
138
if ($act == "key") {
139

    
140
	if (!$a_cert[$id]) {
141
		pfSenseHeader("system_certmanager.php");
142
		exit;
143
	}
144

    
145
	$exp_name = urlencode("{$a_cert[$id]['descr']}.key");
146
	$exp_data = base64_decode($a_cert[$id]['prv']);
147
	$exp_size = strlen($exp_data);
148

    
149
	header("Content-Type: application/octet-stream");
150
	header("Content-Disposition: attachment; filename={$exp_name}");
151
	header("Content-Length: $exp_size");
152
	echo $exp_data;
153
	exit;
154
}
155

    
156
if ($act == "p12") {
157
	if (!$a_cert[$id]) {
158
		pfSenseHeader("system_certmanager.php");
159
		exit;
160
	}
161

    
162
	$exp_name = urlencode("{$a_cert[$id]['descr']}.p12");
163
	$args = array();
164
	$args['friendly_name'] = $a_cert[$id]['descr'];
165

    
166
	$ca = lookup_ca($a_cert[$id]['caref']);
167
	if ($ca)
168
		$args['extracerts'] = openssl_x509_read(base64_decode($ca['crt']));
169

    
170
	$res_crt = openssl_x509_read(base64_decode($a_cert[$id]['crt']));
171
	$res_key = openssl_pkey_get_private(array(0 => base64_decode($a_cert[$id]['prv']) , 1 => ""));
172

    
173
	$exp_data = "";
174
	openssl_pkcs12_export($res_crt, $exp_data, $res_key, null, $args);
175
	$exp_size = strlen($exp_data);
176

    
177
	header("Content-Type: application/octet-stream");
178
	header("Content-Disposition: attachment; filename={$exp_name}");
179
	header("Content-Length: $exp_size");
180
	echo $exp_data;
181
	exit;
182
}
183

    
184
if ($act == "csr") {
185

    
186
	if (!$a_cert[$id]) {
187
		pfSenseHeader("system_certmanager.php");
188
		exit;
189
	}
190

    
191
	$pconfig['descr'] = $a_cert[$id]['descr'];
192
	$pconfig['csr'] = base64_decode($a_cert[$id]['csr']);
193
}
194

    
195
if ($_POST) {
196
	if ($_POST['save'] == gettext("Save")) {
197
		$input_errors = array();
198
		$pconfig = $_POST;
199

    
200
		/* input validation */
201
		if ($pconfig['method'] == "import") {
202
			$reqdfields = explode(" ",
203
					"descr cert key");
204
			$reqdfieldsn = array(
205
					gettext("Descriptive name"),
206
					gettext("Certificate data"),
207
					gettext("Key data"));
208
			if ($_POST['cert'] && (!strstr($_POST['cert'], "BEGIN CERTIFICATE") || !strstr($_POST['cert'], "END CERTIFICATE")))
209
				$input_errors[] = gettext("This certificate does not appear to be valid.");
210
		}
211

    
212
		if ($pconfig['method'] == "internal") {
213
			$reqdfields = explode(" ",
214
					"descr caref keylen type lifetime dn_country dn_state dn_city ".
215
					"dn_organization dn_email dn_commonname");
216
			$reqdfieldsn = array(
217
					gettext("Descriptive name"),
218
					gettext("Certificate authority"),
219
					gettext("Key length"),
220
					gettext("Certificate Type"),
221
					gettext("Lifetime"),
222
					gettext("Distinguished name Country Code"),
223
					gettext("Distinguished name State or Province"),
224
					gettext("Distinguished name City"),
225
					gettext("Distinguished name Organization"),
226
					gettext("Distinguished name Email Address"),
227
					gettext("Distinguished name Common Name"));
228
		}
229

    
230
		if ($pconfig['method'] == "external") {
231
			$reqdfields = explode(" ",
232
					"descr csr_keylen csr_dn_country csr_dn_state csr_dn_city ".
233
					"csr_dn_organization csr_dn_email csr_dn_commonname");
234
			$reqdfieldsn = array(
235
					gettext("Descriptive name"),
236
					gettext("Key length"),
237
					gettext("Distinguished name Country Code"),
238
					gettext("Distinguished name State or Province"),
239
					gettext("Distinguished name City"),
240
					gettext("Distinguished name Organization"),
241
					gettext("Distinguished name Email Address"),
242
					gettext("Distinguished name Common Name"));
243
		}
244

    
245
		if ($pconfig['method'] == "existing") {
246
			$reqdfields = array("certref");
247
			$reqdfieldsn = array(gettext("Existing Certificate Choice"));
248
		}
249

    
250
		$altnames = array();
251
		do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors);
252
		if ($pconfig['method'] != "import" && $pconfig['method'] != "existing") {
253
			/* subjectAltNames */
254
			foreach ($_POST as $key => $value) {
255
				$entry = '';
256
				if (!substr_compare('altname_type', $key, 0, 12)) {
257
					$entry = substr($key, 12);
258
					$field = 'type';
259
				}
260
				elseif (!substr_compare('altname_value', $key, 0, 13)) {
261
					$entry = substr($key, 13);
262
					$field = 'value';
263
				}
264
				if (ctype_digit($entry)) {
265
					$altnames[$entry][$field] = $value;
266
				}
267
			}
268
			$pconfig['altnames']['item'] = $altnames;
269

    
270
			/* Input validation for subjectAltNames */
271
			foreach ($altnames as $idx => $altname) {
272
				switch ($altname['type']) {
273
					case "DNS":
274
						if (!is_hostname($altname['value']))
275
							array_push($input_errors, "DNS subjectAltName values must be valid hostnames or FQDNs");
276
						break;
277
					case "IP":
278
						if (!is_ipaddr($altname['value']))
279
							array_push($input_errors, "IP subjectAltName values must be valid IP Addresses");
280
						break;
281
					case "email":
282
						if (empty($altname['value']))
283
							array_push($input_errors, "You must provide an e-mail address for this type of subjectAltName");
284
						if (preg_match("/[\!\#\$\%\^\(\)\~\?\>\<\&\/\\\,\"\']/", $altname['value']))
285
							array_push($input_errors, "The e-mail provided in a subjectAltName contains invalid characters.");
286
						break;
287
					case "URI":
288
						/* Close enough? */
289
						if (!is_URL($altname['value']))
290
							$input_errors[] = "URI subjectAltName types must be a valid URI";
291
						break;
292
					default:
293
						$input_errors[] = "Unrecognized subjectAltName type.";
294
				}
295
			}
296

    
297
			/* Make sure we do not have invalid characters in the fields for the certificate */
298
			for ($i = 0; $i < count($reqdfields); $i++) {
299
				if (preg_match('/email/', $reqdfields[$i])){ /* dn_email or csr_dn_name */
300
					if (preg_match("/[\!\#\$\%\^\(\)\~\?\>\<\&\/\\\,\"\']/", $_POST[$reqdfields[$i]]))
301
						array_push($input_errors, "The field 'Distinguished name Email Address' contains invalid characters.");
302
				}else if (preg_match('/commonname/', $reqdfields[$i])){ /* dn_commonname or csr_dn_commonname */
303
					if (preg_match("/[\!\@\#\$\%\^\(\)\~\?\>\<\&\/\\\,\"\']/", $_POST[$reqdfields[$i]]))
304
						array_push($input_errors, "The field 'Distinguished name Common Name' contains invalid characters.");
305
				}else if (($reqdfields[$i] != "descr") && preg_match("/[\!\@\#\$\%\^\(\)\~\?\>\<\&\/\\\,\.\"\']/", $_POST[$reqdfields[$i]]))
306
					array_push($input_errors, "The field '" . $reqdfieldsn[$i] . "' contains invalid characters.");
307
			}
308

    
309
			if (($pconfig['method'] != "external") && isset($_POST["keylen"]) && !in_array($_POST["keylen"], $cert_keylens))
310
				array_push($input_errors, gettext("Please select a valid Key Length."));
311
			if (($pconfig['method'] != "external") && !in_array($_POST["digest_alg"], $openssl_digest_algs))
312
				array_push($input_errors, gettext("Please select a valid Digest Algorithm."));
313
				
314
			if (($pconfig['method'] == "external") && isset($_POST["csr_keylen"]) && !in_array($_POST["csr_keylen"], $cert_keylens))
315
				array_push($input_errors, gettext("Please select a valid Key Length."));
316
			if (($pconfig['method'] == "external") && !in_array($_POST["csr_digest_alg"], $openssl_digest_algs))
317
				array_push($input_errors, gettext("Please select a valid Digest Algorithm."));
318
		}
319

    
320
		/* if this is an AJAX caller then handle via JSON */
321
		if (isAjax() && is_array($input_errors)) {
322
			input_errors2Ajax($input_errors);
323
			exit;
324
		}
325

    
326
		/* save modifications */
327
		if (!$input_errors) {
328

    
329
			if ($pconfig['method'] == "existing") {
330
				$cert = lookup_cert($pconfig['certref']);
331
				if ($cert && $a_user)
332
					$a_user[$userid]['cert'][] = $cert['refid'];
333
			} else {
334
				$cert = array();
335
				$cert['refid'] = uniqid();
336
				if (isset($id) && $a_cert[$id])
337
					$cert = $a_cert[$id];
338

    
339
				$cert['descr'] = $pconfig['descr'];
340

    
341
				$old_err_level = error_reporting(0); /* otherwise openssl_ functions throw warings directly to a page screwing menu tab */
342

    
343
				if ($pconfig['method'] == "import")
344
					cert_import($cert, $pconfig['cert'], $pconfig['key']);
345

    
346
				if ($pconfig['method'] == "internal") {
347
					$dn = array(
348
						'countryName' => $pconfig['dn_country'],
349
						'stateOrProvinceName' => $pconfig['dn_state'],
350
						'localityName' => $pconfig['dn_city'],
351
						'organizationName' => $pconfig['dn_organization'],
352
						'emailAddress' => $pconfig['dn_email'],
353
						'commonName' => $pconfig['dn_commonname']);
354
					if (count($altnames)) {
355
						$altnames_tmp = "";
356
						foreach ($altnames as $altname) {
357
							$altnames_tmp[] = "{$altname['type']}:{$altname['value']}";
358
						}
359
						$dn['subjectAltName'] = implode(",", $altnames_tmp);
360
					}
361
					if (!cert_create($cert, $pconfig['caref'], $pconfig['keylen'],
362
						$pconfig['lifetime'], $dn, $pconfig['type'], $pconfig['digest_alg'])){
363
						while($ssl_err = openssl_error_string()){
364
							$input_errors = array();
365
							array_push($input_errors, "openssl library returns: " . $ssl_err);
366
						}
367
					}
368
				}
369

    
370
				if ($pconfig['method'] == "external") {
371
					$dn = array(
372
						'countryName' => $pconfig['csr_dn_country'],
373
						'stateOrProvinceName' => $pconfig['csr_dn_state'],
374
						'localityName' => $pconfig['csr_dn_city'],
375
						'organizationName' => $pconfig['csr_dn_organization'],
376
						'emailAddress' => $pconfig['csr_dn_email'],
377
						'commonName' => $pconfig['csr_dn_commonname']);
378
					if (count($altnames)) {
379
						$altnames_tmp = "";
380
						foreach ($altnames as $altname) {
381
							$altnames_tmp[] = "{$altname['type']}:{$altname['value']}";
382
						}
383
						$dn['subjectAltName'] = implode(",", $altnames_tmp);
384
					}
385
					if(!csr_generate($cert, $pconfig['csr_keylen'], $dn, $pconfig['csr_digest_alg'])){
386
						while($ssl_err = openssl_error_string()){
387
							$input_errors = array();
388
							array_push($input_errors, "openssl library returns: " . $ssl_err);
389
						}
390
					}
391
				}
392
				error_reporting($old_err_level);
393

    
394
				if (isset($id) && $a_cert[$id])
395
					$a_cert[$id] = $cert;
396
				else
397
					$a_cert[] = $cert;
398
				if (isset($a_user) && isset($userid))
399
					$a_user[$userid]['cert'][] = $cert['refid'];
400
			}
401

    
402
			if (!$input_errors)
403
				write_config();
404

    
405
			if ($userid) {
406
				post_redirect("system_usermanager.php", array('act' => 'edit', 'userid' => $userid));
407
				exit;
408
			}
409
		}
410
	}
411

    
412
	if ($_POST['save'] == gettext("Update")) {
413
		unset($input_errors);
414
		$pconfig = $_POST;
415

    
416
		/* input validation */
417
		$reqdfields = explode(" ", "descr cert");
418
		$reqdfieldsn = array(
419
			gettext("Descriptive name"),
420
			gettext("Final Certificate data"));
421

    
422
		do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors);
423

    
424
//		old way
425
		/* make sure this csr and certificate subjects match */
426
//		$subj_csr = csr_get_subject($pconfig['csr'], false);
427
//		$subj_cert = cert_get_subject($pconfig['cert'], false);
428
//
429
//		if ( !isset($_POST['ignoresubjectmismatch']) && !($_POST['ignoresubjectmismatch'] == "yes") ) {
430
//			if (strcmp($subj_csr,$subj_cert)) {
431
//				$input_errors[] = sprintf(gettext("The certificate subject '%s' does not match the signing request subject."),$subj_cert);
432
//				$subject_mismatch = true;
433
//			}
434
//		}
435
		$mod_csr  =  csr_get_modulus($pconfig['csr'], false);
436
		$mod_cert = cert_get_modulus($pconfig['cert'], false);
437
		
438
		if (strcmp($mod_csr,$mod_cert)) {
439
			// simply: if the moduli don't match, then the private key and public key won't match
440
			$input_errors[] = sprintf(gettext("The certificate modulus does not match the signing request modulus."),$subj_cert);
441
			$subject_mismatch = true;
442
		}
443

    
444
		/* if this is an AJAX caller then handle via JSON */
445
		if (isAjax() && is_array($input_errors)) {
446
			input_errors2Ajax($input_errors);
447
			exit;
448
		}
449

    
450
		/* save modifications */
451
		if (!$input_errors) {
452

    
453
			$cert = $a_cert[$id];
454

    
455
			$cert['descr'] = $pconfig['descr'];
456

    
457
			csr_complete($cert, $pconfig['cert']);
458

    
459
			$a_cert[$id] = $cert;
460

    
461
			write_config();
462

    
463
			pfSenseHeader("system_certmanager.php");
464
		}
465
	}
466
}
467

    
468
include("head.inc");
469
?>
470

    
471
<body link="#000000" vlink="#000000" alink="#000000" onload="<?= $jsevents["body"]["onload"] ?>">
472
<?php include("fbegin.inc"); ?>
473
<script type="text/javascript">
474
//<![CDATA[
475

    
476
function method_change() {
477

    
478
<?php
479
	if ($internal_ca_count)
480
		$submit_style = "";
481
	else
482
		$submit_style = "none";
483
?>
484

    
485
	method = document.iform.method.selectedIndex;
486

    
487
	switch (method) {
488
		case 0:
489
			document.getElementById("import").style.display="";
490
			document.getElementById("internal").style.display="none";
491
			document.getElementById("external").style.display="none";
492
			document.getElementById("existing").style.display="none";
493
			document.getElementById("descriptivename").style.display="";
494
			document.getElementById("submit").style.display="";
495
			break;
496
		case 1:
497
			document.getElementById("import").style.display="none";
498
			document.getElementById("internal").style.display="";
499
			document.getElementById("external").style.display="none";
500
			document.getElementById("existing").style.display="none";
501
			document.getElementById("descriptivename").style.display="";
502
			document.getElementById("submit").style.display="<?=$submit_style;?>";
503
			break;
504
		case 2:
505
			document.getElementById("import").style.display="none";
506
			document.getElementById("internal").style.display="none";
507
			document.getElementById("external").style.display="";
508
			document.getElementById("existing").style.display="none";
509
			document.getElementById("descriptivename").style.display="";
510
			document.getElementById("submit").style.display="";
511
			break;
512
		case 3:
513
			document.getElementById("import").style.display="none";
514
			document.getElementById("internal").style.display="none";
515
			document.getElementById("external").style.display="none";
516
			document.getElementById("existing").style.display="";
517
			document.getElementById("descriptivename").style.display="none";
518
			document.getElementById("submit").style.display="";
519
			break;
520
	}
521
}
522

    
523
<?php if ($internal_ca_count): ?>
524
function internalca_change() {
525

    
526
	index = document.iform.caref.selectedIndex;
527
	caref = document.iform.caref[index].value;
528

    
529
	switch (caref) {
530
<?php
531
		foreach ($a_ca as $ca):
532
			if (!$ca['prv'])
533
				continue;
534
			$subject = cert_get_subject_array($ca['crt']);
535
?>
536
		case "<?=$ca['refid'];?>":
537
			document.iform.dn_country.value = "<?=$subject[0]['v'];?>";
538
			document.iform.dn_state.value = "<?=$subject[1]['v'];?>";
539
			document.iform.dn_city.value = "<?=$subject[2]['v'];?>";
540
			document.iform.dn_organization.value = "<?=$subject[3]['v'];?>";
541
			document.iform.dn_email.value = "<?=$subject[4]['v'];?>";
542
			break;
543
<?php	endforeach; ?>
544
	}
545
}
546
<?php endif; ?>
547

    
548
//]]>
549
</script>
550
<script type="text/javascript" src="/javascript/row_helper_dynamic.js"></script>
551
<input type='hidden' name='altname_value_type' value='select' />
552
<input type='hidden' name='altname_type_type' value='textbox' />
553
<script type="text/javascript">
554
//<![CDATA[
555
	rowname[0] = "altname_type";
556
	rowtype[0] = "textbox";
557
	rowsize[0] = "10";
558
	rowname[1] = "altname_value";
559
	rowtype[1] = "textbox";
560
	rowsize[1] = "30";
561
//]]>
562
</script>
563
<?php
564
	if ($input_errors)
565
		print_input_errors($input_errors);
566
	if ($savemsg)
567
		print_info_box($savemsg);
568

    
569
        // Load valid country codes
570
        $dn_cc = array();
571
        if (file_exists("/etc/ca_countries")){
572
                $dn_cc_file=file("/etc/ca_countries");
573
                foreach($dn_cc_file as $line)
574
                        if (preg_match('/^(\S*)\s(.*)$/', $line, $matches))
575
                                array_push($dn_cc, $matches[1]);
576
        }
577
?>
578
<table width="100%" border="0" cellpadding="0" cellspacing="0" summary="cert manager">
579
	<tr>
580
		<td class="tabnavtbl">
581
		<?php
582
			$tab_array = array();
583
			$tab_array[] = array(gettext("CAs"), false, "system_camanager.php");
584
			$tab_array[] = array(gettext("Certificates"), true, "system_certmanager.php");
585
			$tab_array[] = array(gettext("Certificate Revocation"), false, "system_crlmanager.php");
586
			display_top_tabs($tab_array);
587
		?>
588
		</td>
589
	</tr>
590
	<tr>
591
		<td id="mainarea">
592
			<div class="tabcont">
593

    
594
				<?php if ($act == "new" || (($_POST['save'] == gettext("Save")) && $input_errors)): ?>
595

    
596
				<form action="system_certmanager.php" method="post" name="iform" id="iform">
597
					<table width="100%" border="0" cellpadding="6" cellspacing="0" summary="main area">
598
						<?php if (!isset($id)): ?>
599
						<tr>
600
							<td width="22%" valign="top" class="vncellreq"><?=gettext("Method");?></td>
601
							<td width="78%" class="vtable">
602
								<select name='method' id='method' class="formselect" onchange='method_change()'>
603
								<?php
604
									foreach($cert_methods as $method => $desc):
605
									$selected = "";
606
									if ($pconfig['method'] == $method)
607
										$selected = " selected=\"selected\"";
608
								?>
609
									<option value="<?=$method;?>"<?=$selected;?>><?=$desc;?></option>
610
								<?php endforeach; ?>
611
								</select>
612
							</td>
613
						</tr>
614
						<?php endif; ?>
615
						<tr id="descriptivename">
616
							<?php
617
							if ($a_user && empty($pconfig['descr']))
618
								$pconfig['descr'] = $a_user[$userid]['name'];
619
							?>
620
							<td width="22%" valign="top" class="vncellreq"><?=gettext("Descriptive name");?></td>
621
							<td width="78%" class="vtable">
622
								<input name="descr" type="text" class="formfld unknown" id="descr" size="20" value="<?=htmlspecialchars($pconfig['descr']);?>"/>
623
							</td>
624
						</tr>
625
					</table>
626

    
627
					<table width="100%" border="0" cellpadding="6" cellspacing="0" id="import" summary="import">
628
						<tr>
629
							<td colspan="2" class="list" height="12"></td>
630
						</tr>
631
						<tr>
632
							<td colspan="2" valign="top" class="listtopic"><?=gettext("Import Certificate");?></td>
633
						</tr>
634

    
635
						<tr>
636
							<td width="22%" valign="top" class="vncellreq"><?=gettext("Certificate data");?></td>
637
							<td width="78%" class="vtable">
638
								<textarea name="cert" id="cert" cols="65" rows="7" class="formfld_cert"><?=htmlspecialchars($pconfig['cert']);?></textarea>
639
								<br />
640
								<?=gettext("Paste a certificate in X.509 PEM format here.");?>
641
							</td>
642
						</tr>
643
						<tr>
644
							<td width="22%" valign="top" class="vncellreq"><?=gettext("Private key data");?></td>
645
							<td width="78%" class="vtable">
646
								<textarea name="key" id="key" cols="65" rows="7" class="formfld_cert"><?=htmlspecialchars($pconfig['key']);?></textarea>
647
								<br />
648
								<?=gettext("Paste a private key in X.509 PEM format here.");?>
649
							</td>
650
						</tr>
651
					</table>
652

    
653
					<table width="100%" border="0" cellpadding="6" cellspacing="0" id="internal" summary="internal">
654
						<tr>
655
							<td colspan="2" class="list" height="12"></td>
656
						</tr>
657
						<tr>
658
							<td colspan="2" valign="top" class="listtopic"><?=gettext("Internal Certificate");?></td>
659
						</tr>
660

    
661
						<?php if (!$internal_ca_count): ?>
662

    
663
						<tr>
664
							<td colspan="2" align="center" class="vtable">
665
								<?=gettext("No internal Certificate Authorities have been defined. You must");?>
666
								<a href="system_camanager.php?act=new&amp;method=internal"><?=gettext("create");?></a>
667
								<?=gettext("an internal CA before creating an internal certificate.");?>
668
							</td>
669
						</tr>
670

    
671
						<?php else: ?>
672

    
673
						<tr>
674
							<td width="22%" valign="top" class="vncellreq"><?=gettext("Certificate authority");?></td>
675
							<td width="78%" class="vtable">
676
								<select name='caref' id='caref' class="formselect" onchange='internalca_change()'>
677
								<?php
678
									foreach( $a_ca as $ca):
679
									if (!$ca['prv'])
680
										continue;
681
									$selected = "";
682
									if ($pconfig['caref'] == $ca['refid'])
683
										$selected = " selected=\"selected\"";
684
								?>
685
									<option value="<?=$ca['refid'];?>"<?=$selected;?>><?=$ca['descr'];?></option>
686
								<?php endforeach; ?>
687
								</select>
688
							</td>
689
						</tr>
690
						<tr>
691
							<td width="22%" valign="top" class="vncellreq"><?=gettext("Key length");?></td>
692
							<td width="78%" class="vtable">
693
								<select name='keylen' class="formselect">
694
								<?php
695
									foreach( $cert_keylens as $len):
696
									$selected = "";
697
									if ($pconfig['keylen'] == $len)
698
										$selected = " selected=\"selected\"";
699
								?>
700
									<option value="<?=$len;?>"<?=$selected;?>><?=$len;?></option>
701
								<?php endforeach; ?>
702
								</select>
703
								<?=gettext("bits");?>
704
							</td>
705
						</tr>
706
						<tr>
707
							<td width="22%" valign="top" class="vncellreq"><?=gettext("Digest Algorithm");?></td>
708
							<td width="78%" class="vtable">
709
								<select name='digest_alg' id='digest_alg' class="formselect">
710
								<?php
711
									foreach( $openssl_digest_algs as $digest_alg):
712
									$selected = "";
713
									if ($pconfig['digest_alg'] == $digest_alg)
714
										$selected = " selected=\"selected\"";
715
								?>
716
									<option value="<?=$digest_alg;?>"<?=$selected;?>><?=strtoupper($digest_alg);?></option>
717
								<?php endforeach; ?>
718
								</select>
719
								<br /><?= gettext("NOTE: It is recommended to use an algorithm stronger than SHA1 when possible.") ?>
720
							</td>
721
						</tr>
722
						<tr>
723
							<td width="22%" valign="top" class="vncellreq"><?=gettext("Certificate Type");?></td>
724
							<td width="78%" class="vtable">
725
								<select name='type' class="formselect">
726
								<?php
727
									foreach( $cert_types as $ct => $ctdesc ):
728
									$selected = "";
729
									if ($pconfig['type'] == $ct)
730
										$selected = " selected=\"selected\"";
731
								?>
732
									<option value="<?=$ct;?>"<?=$selected;?>><?=$ctdesc;?></option>
733
								<?php endforeach; ?>
734
								</select>
735
								<br />
736
								<?=gettext("Type of certificate to generate. Used for placing restrictions on the usage of the generated certificate.");?>
737
							</td>
738
						</tr>
739
						<tr>
740
							<td width="22%" valign="top" class="vncellreq"><?=gettext("Lifetime");?></td>
741
							<td width="78%" class="vtable">
742
								<input name="lifetime" type="text" class="formfld unknown" id="lifetime" size="5" value="<?=htmlspecialchars($pconfig['lifetime']);?>"/>
743
								<?=gettext("days");?>
744
							</td>
745
						</tr>
746
						<tr>
747
							<td width="22%" valign="top" class="vncellreq"><?=gettext("Distinguished name");?></td>
748
							<td width="78%" class="vtable">
749
								<table border="0" cellspacing="0" cellpadding="2" summary="name">
750
									<tr>
751
										<td align="right"><?=gettext("Country Code");?> : &nbsp;</td>
752
										<td align="left">
753
											<input name="dn_country" type="text" class="formfld unknown" maxlength="2" size="2" value="<?=htmlspecialchars($pconfig['dn_country']);?>"/>
754
										</td>
755
									</tr>
756
									<tr>
757
										<td align="right"><?=gettext("State or Province");?> : &nbsp;</td>
758
										<td align="left">
759
											<input name="dn_state" type="text" class="formfld unknown" size="40" value="<?=htmlspecialchars($pconfig['dn_state']);?>"/>
760
										</td>
761
									</tr>
762
									<tr>
763
										<td align="right"><?=gettext("City");?> : &nbsp;</td>
764
										<td align="left">
765
											<input name="dn_city" type="text" class="formfld unknown" size="40" value="<?=htmlspecialchars($pconfig['dn_city']);?>"/>
766
										</td>
767
									</tr>
768
									<tr>
769
										<td align="right"><?=gettext("Organization");?> : &nbsp;</td>
770
										<td align="left">
771
											<input name="dn_organization" type="text" class="formfld unknown" size="40" value="<?=htmlspecialchars($pconfig['dn_organization']);?>"/>
772
										</td>
773
									</tr>
774
									<tr>
775
										<td align="right"><?=gettext("Email Address");?> : &nbsp;</td>
776
										<td align="left">
777
											<input name="dn_email" type="text" class="formfld unknown" size="25" value="<?=htmlspecialchars($pconfig['dn_email']);?>"/>
778
											&nbsp;
779
											<em>ex:</em>
780
											&nbsp;
781
											<?=gettext("webadmin@mycompany.com");?>
782
										</td>
783
									</tr>
784
									<tr>
785
										<td align="right"><?=gettext("Common Name");?> : &nbsp;</td>
786
										<td align="left">
787
											<?php
788
											if ($a_user && empty($pconfig['dn_commonname']))
789
												$pconfig['dn_commonname'] = $a_user[$userid]['name'];
790
											?>
791
											<input name="dn_commonname" type="text" class="formfld unknown" size="25" value="<?=htmlspecialchars($pconfig['dn_commonname']);?>"/>
792
											&nbsp;
793
											<em>ex:</em>
794
											&nbsp;
795
											<?=gettext("www.example.com");?>
796
										</td>
797
									</tr>
798
									<tr>
799
										<td align="right"><?=gettext("Alternative Names");?> : &nbsp;</td>
800
										<td align="left">
801
											<table id="altNametable">
802
											<thead>
803
											<tr>
804
												<th><div id="onecolumn"><?=gettext("Type");?></div></th>
805
												<th><div id="twocolumn"><?=gettext("Value");?></div></th>
806
											</tr>
807
											</thead>
808
											<tbody>
809
											<?php
810
												$counter = 0;
811
												if($pconfig['altnames']['item']):
812
												foreach($pconfig['altnames']['item'] as $item):
813
													$type = $item['type'];
814
													$value = $item['value'];
815
											?>
816
											<tr>
817
												<td>
818
												<input autocomplete="off" name="altname_type<?php echo $counter; ?>" type="text" class="formfld unknown" id="altname_type<?php echo $counter; ?>" size="20" value="<?=htmlspecialchars($type);?>" />
819
												</td>
820
												<td>
821
												<input autocomplete="off" name="altname_value<?php echo $counter; ?>" type="text" class="formfld unknown" id="altname_value<?php echo $counter; ?>" size="20" value="<?=htmlspecialchars($value);?>" />
822
												</td>
823
												<td>
824
												<a onclick="removeRow(this); return false;" href="#"><img border="0" src="/themes/<?echo $g['theme'];?>/images/icons/icon_x.gif" alt="" title="<?=gettext("remove this entry"); ?>" /></a>
825
												</td>
826
											</tr>
827
											<?php
828
													$counter++;
829
												endforeach;
830
												endif;
831
											?>
832
											<tr><td>&nbsp;</td></tr>
833
											</tbody>
834
											</table>
835
											<a onclick="javascript:addRowTo('altNametable', 'formfldalias'); return false;" href="#">
836
												<img border="0" src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" alt="" title="<?=gettext("add another entry");?>" />
837
											</a>
838
											<script type="text/javascript">
839
											//<![CDATA[
840
												field_counter_js = 3;
841
												rows = 1;
842
												totalrows = <?php echo $counter; ?>;
843
												loaded = <?php echo $counter; ?>;
844
											//]]>
845
											</script>
846
											<br />NOTE: Type must be one of DNS (FQDN or Hostname), IP (IP address), URI, or email.
847
										</td>
848
									</tr>
849
								</table>
850
							</td>
851
						</tr>
852

    
853
					<?php endif; ?>
854

    
855
					</table>
856

    
857
					<table width="100%" border="0" cellpadding="6" cellspacing="0" id="external" summary="external">
858
						<tr>
859
							<td colspan="2" class="list" height="12"></td>
860
						</tr>
861
						<tr>
862
							<td colspan="2" valign="top" class="listtopic"><?=gettext("External Signing Request");?></td>
863
						</tr>
864
						<tr>
865
							<td width="22%" valign="top" class="vncellreq"><?=gettext("Key length");?></td>
866
							<td width="78%" class="vtable">
867
								<select name='csr_keylen' class="formselect">
868
								<?php
869
									if (!isset($pconfig['csr_keylen']) && isset($pconfig['csr_keylen']))
870
										$pconfig['csr_keylen'] = $pconfig['csr_keylen'];
871
									foreach( $cert_keylens as $len):
872
									$selected = "";
873
									if ($pconfig['csr_keylen'] == $len)
874
										$selected = " selected=\"selected\"";
875
								?>
876
									<option value="<?=$len;?>"<?=$selected;?>><?=$len;?></option>
877
								<?php endforeach; ?>
878
								</select>
879
								bits
880
							</td>
881
						</tr>
882
						<tr>
883
							<td width="22%" valign="top" class="vncellreq"><?=gettext("Digest Algorithm");?></td>
884
							<td width="78%" class="vtable">
885
								<select name='csr_digest_alg' id='csr_digest_alg' class="formselect">
886
								<?php
887
									foreach( $openssl_digest_algs as $csr_digest_alg):
888
									$selected = "";
889
									if ($pconfig['csr_digest_alg'] == $csr_digest_alg)
890
										$selected = " selected=\"selected\"";
891
								?>
892
									<option value="<?=$csr_digest_alg;?>"<?=$selected;?>><?=strtoupper($csr_digest_alg);?></option>
893
								<?php endforeach; ?>
894
								</select>
895
								<br /><?= gettext("NOTE: It is recommended to use an algorithm stronger than SHA1 when possible.") ?>
896
							</td>
897
						</tr>
898
						<tr>
899
							<td width="22%" valign="top" class="vncellreq"><?=gettext("Distinguished name");?></td>
900
							<td width="78%" class="vtable">
901
								<table border="0" cellspacing="0" cellpadding="2" summary="name">
902
									<tr>
903
										<td align="right"><?=gettext("Country Code");?> : &nbsp;</td>
904
										<td align="left">
905
											<select name='csr_dn_country' class="formselect">
906
											<?php
907
											foreach( $dn_cc as $cc){
908
												$selected = "";
909
												if ($pconfig['csr_dn_country'] == $cc)
910
													$selected = " selected=\"selected\"";
911
												print "<option value=\"$cc\"$selected>$cc</option>";
912
												}
913
											?>
914
											</select>
915
										</td>
916
									</tr>
917
									<tr>
918
										<td align="right"><?=gettext("State or Province");?> : &nbsp;</td>
919
										<td align="left">
920
											<input name="csr_dn_state" type="text" class="formfld unknown" size="40" value="<?=htmlspecialchars($pconfig['csr_dn_state']);?>" />
921
											&nbsp;
922
											<em>ex:</em>
923
											&nbsp;
924
											<?=gettext("Texas");?>
925
										</td>
926
									</tr>
927
									<tr>
928
										<td align="right"><?=gettext("City");?> : &nbsp;</td>
929
										<td align="left">
930
											<input name="csr_dn_city" type="text" class="formfld unknown" size="40" value="<?=htmlspecialchars($pconfig['csr_dn_city']);?>" />
931
											&nbsp;
932
											<em>ex:</em>
933
											&nbsp;
934
											<?=gettext("Austin");?>
935
										</td>
936
									</tr>
937
									<tr>
938
										<td align="right"><?=gettext("Organization");?> : &nbsp;</td>
939
										<td align="left">
940
											<input name="csr_dn_organization" type="text" class="formfld unknown" size="40" value="<?=htmlspecialchars($pconfig['csr_dn_organization']);?>" />
941
											&nbsp;
942
											<em>ex:</em>
943
											&nbsp;
944
											<?=gettext("My Company Inc.");?>
945
										</td>
946
									</tr>
947
									<tr>
948
										<td align="right"><?=gettext("Email Address");?> : &nbsp;</td>
949
										<td align="left">
950
											<input name="csr_dn_email" type="text" class="formfld unknown" size="25" value="<?=htmlspecialchars($pconfig['csr_dn_email']);?>"/>
951
											&nbsp;
952
											<em>ex:</em>
953
											&nbsp;
954
											<?=gettext("webadmin@mycompany.com");?>
955
										</td>
956
									</tr>
957
									<tr>
958
										<td align="right"><?=gettext("Common Name");?> : &nbsp;</td>
959
										<td align="left">
960
											<input name="csr_dn_commonname" type="text" class="formfld unknown" size="25" value="<?=htmlspecialchars($pconfig['csr_dn_commonname']);?>"/>
961
											&nbsp;
962
											<em>ex:</em>
963
											&nbsp;
964
											<?=gettext("www.example.com");?>
965
										</td>
966
									</tr>
967
								</table>
968
							</td>
969
						</tr>
970
					</table>
971

    
972
					<table width="100%" border="0" cellpadding="6" cellspacing="0" id="existing" summary="existing">
973
						<tr>
974
							<td colspan="2" class="list" height="12"></td>
975
						</tr>
976
						<tr>
977
							<td colspan="2" valign="top" class="listtopic"><?=gettext("Choose an Existing Certificate");?></td>
978
						</tr>
979
						<tr>
980
							<td width="22%" valign="top" class="vncellreq"><?=gettext("Existing Certificates");?></td>
981
							<td width="78%" class="vtable">
982
								<?php if (isset($userid) && $a_user): ?>
983
								<input name="userid" type="hidden" value="<?=htmlspecialchars($userid);?>" />
984
								<?php endif;?>
985
								<select name='certref' class="formselect">
986
								<?php
987
									foreach ($config['cert'] as $cert):
988
										$selected = "";
989
										$caname = "";
990
										$inuse = "";
991
										$revoked = "";
992
										if (isset($userid) && in_array($cert['refid'], $config['system']['user'][$userid]['cert']))
993
											continue;
994
										$ca = lookup_ca($cert['caref']);
995
										if ($ca)
996
											$caname = " (CA: {$ca['descr']})";
997
										if ($pconfig['certref'] == $cert['refid'])
998
											$selected = " selected=\"selected\"";
999
										if (cert_in_use($cert['refid']))
1000
											$inuse = " *In Use";
1001
											if (is_cert_revoked($cert))
1002
											$revoked = " *Revoked";
1003
								?>
1004
									<option value="<?=$cert['refid'];?>"<?=$selected;?>><?=$cert['descr'] . $caname . $inuse . $revoked;?></option>
1005
								<?php endforeach; ?>
1006
								</select>
1007
							</td>
1008
						</tr>
1009
					</table>
1010

    
1011
					<table width="100%" border="0" cellpadding="6" cellspacing="0" summary="save">
1012
						<tr>
1013
							<td width="22%" valign="top">&nbsp;</td>
1014
							<td width="78%">
1015
								<input id="submit" name="save" type="submit" class="formbtn" value="<?=gettext("Save");?>" />
1016
								<?php if (isset($id) && $a_cert[$id]): ?>
1017
								<input name="id" type="hidden" value="<?=htmlspecialchars($id);?>" />
1018
								<?php endif;?>
1019
							</td>
1020
						</tr>
1021
					</table>
1022
				</form>
1023

    
1024
				<?php elseif ($act == "csr" || (($_POST['save'] == gettext("Update")) && $input_errors)):?>
1025

    
1026
				<form action="system_certmanager.php" method="post" name="iform" id="iform">
1027
					<table width="100%" border="0" cellpadding="6" cellspacing="0" summary="name">
1028
						<tr>
1029
							<td width="22%" valign="top" class="vncellreq"><?=gettext("Descriptive name");?></td>
1030
							<td width="78%" class="vtable">
1031
								<input name="descr" type="text" class="formfld unknown" id="descr" size="20" value="<?=htmlspecialchars($pconfig['descr']);?>"/>
1032
							</td>
1033
						</tr>
1034
						<tr>
1035
							<td colspan="2" class="list" height="12"></td>
1036
						</tr>
1037
						<tr>
1038
							<td colspan="2" valign="top" class="listtopic"><?=gettext("Complete Signing Request");?></td>
1039
						</tr>
1040

    
1041
						<tr>
1042
							<td width="22%" valign="top" class="vncellreq"><?=gettext("Signing request data");?></td>
1043
							<td width="78%" class="vtable">
1044
								<textarea name="csr" id="csr" cols="65" rows="7" class="formfld_cert" readonly="readonly"><?=htmlspecialchars($pconfig['csr']);?></textarea>
1045
								<br />
1046
								<?=gettext("Copy the certificate signing data from here and forward it to your certificate authority for signing.");?></td>
1047
							</td>
1048
						</tr>
1049
						<tr>
1050
							<td width="22%" valign="top" class="vncellreq"><?=gettext("Final certificate data");?></td>
1051
							<td width="78%" class="vtable">
1052
								<textarea name="cert" id="cert" cols="65" rows="7" class="formfld_cert"><?=htmlspecialchars($pconfig['cert']);?></textarea>
1053
								<br />
1054
								<?=gettext("Paste the certificate received from your certificate authority here.");?></td>
1055
							</td>
1056
						</tr>
1057
						<tr>
1058
							<td width="22%" valign="top">&nbsp;</td>
1059
							<td width="78%">
1060
								<?php /* if ( isset($subject_mismatch) && $subject_mismatch === true): ?>
1061
								<input id="ignoresubjectmismatch" name="ignoresubjectmismatch" type="checkbox" class="formbtn" value="yes" />
1062
								<label for="ignoresubjectmismatch"><strong><?=gettext("Ignore certificate subject mismatch"); ?></strong></label><br />
1063
								<?php echo gettext("Warning: Using this option may create an " .
1064
								"invalid certificate.  Check this box to disable the request -> " .
1065
								"response subject verification. ");
1066
								?><br />
1067
								<?php endif; */ ?>
1068
								<input id="submit" name="save" type="submit" class="formbtn" value="<?=gettext("Update");?>" />
1069
								<?php if (isset($id) && $a_cert[$id]): ?>
1070
								<input name="id" type="hidden" value="<?=htmlspecialchars($id);?>" />
1071
								<input name="act" type="hidden" value="csr" />
1072
								<?php endif;?>
1073
							</td>
1074
						</tr>
1075
					</table>
1076
				</form>
1077

    
1078
				<?php else:?>
1079

    
1080
				<table width="100%" border="0" cellpadding="0" cellspacing="0" summary="details">
1081
					<tr>
1082
						<td width="15%" class="listhdrr"><?=gettext("Name");?></td>
1083
						<td width="15%" class="listhdrr"><?=gettext("Issuer");?></td>
1084
						<td width="40%" class="listhdrr"><?=gettext("Distinguished Name");?></td>
1085
						<td width="10%" class="listhdrr"><?=gettext("In Use");?></td>
1086
						<td width="10%" class="list"></td>
1087
					</tr>
1088
					<?php
1089
						$i = 0;
1090
						foreach($a_cert as $cert):
1091
							$name = htmlspecialchars($cert['descr']);
1092
							
1093
							if ($cert['crt']) {
1094
								$subj = cert_get_subject($cert['crt']);
1095
								$issuer = cert_get_issuer($cert['crt']);
1096
								$purpose = cert_get_purpose($cert['crt']);
1097
								list($startdate, $enddate) = cert_get_dates($cert['crt']);
1098
								if($subj==$issuer)
1099
								  $caname = "<em>" . gettext("self-signed") . "</em>";
1100
								else
1101
							    $caname = "<em>" . gettext("external"). "</em>";
1102
							  $subj = htmlspecialchars($subj);
1103
							}
1104

    
1105
							if ($cert['csr']) {
1106
								$subj = htmlspecialchars(csr_get_subject($cert['csr']));
1107
								$caname = "<em>" . gettext("external - signature pending") . "</em>";
1108
							}
1109

    
1110
							$ca = lookup_ca($cert['caref']);
1111
							if ($ca)
1112
								$caname = $ca['descr'];
1113

    
1114
							if($cert['prv'])
1115
								$certimg = "/themes/{$g['theme']}/images/icons/icon_frmfld_cert.png";
1116
							else
1117
								$certimg = "/themes/{$g['theme']}/images/icons/icon_frmfld_cert.png";
1118
					?>
1119
					<tr>
1120
						<td class="listlr">
1121
							<table border="0" cellpadding="0" cellspacing="0" summary="icon">
1122
								<tr>
1123
									<td align="left" valign="middle">
1124
										<img src="<?=$certimg;?>" alt="CA" title="CA" border="0" height="16" width="16" />
1125
									</td>
1126
									<td align="left" valign="middle">
1127
										<?=$name;?>
1128
									</td>
1129
								</tr>
1130
								<tr><td>&nbsp;</td></tr>
1131
								<?php if ($cert['type']): ?>
1132
								<tr><td colspan="2"><em><?php echo $cert_types[$cert['type']]; ?></em></td></tr>
1133
								<?php endif; ?>
1134
								<?php if (is_array($purpose)): ?>
1135
								<tr><td colspan="2">
1136
									CA: <?php echo $purpose['ca']; ?>,
1137
									Server: <?php echo $purpose['server']; ?>
1138
								</td></tr>
1139
								<?php endif; ?>
1140
							</table>
1141
						</td>
1142
						<td class="listr"><?=$caname;?>&nbsp;</td>
1143
						<td class="listr"><?=$subj;?>&nbsp;<br />
1144
							<table width="100%" style="font-size: 9px" summary="valid">
1145
								<tr>
1146
									<td width="10%">&nbsp;</td>
1147
									<td width="20%"><?=gettext("Valid From")?>:</td>
1148
									<td width="70%"><?= $startdate ?></td>
1149
								</tr>
1150
								<tr>
1151
									<td>&nbsp;</td>
1152
									<td><?=gettext("Valid Until")?>:</td>
1153
									<td><?= $enddate ?></td>
1154
								</tr>
1155
							</table>
1156
						</td>
1157
						<td class="listr">
1158
							<?php if (is_cert_revoked($cert)): ?>
1159
							<b>Revoked</b><br />
1160
							<?php endif; ?>
1161
							<?php if (is_webgui_cert($cert['refid'])): ?>
1162
							webConfigurator<br />
1163
							<?php endif; ?>
1164
							<?php if (is_user_cert($cert['refid'])): ?>
1165
							User Cert<br />
1166
							<?php endif; ?>
1167
							<?php if (is_openvpn_server_cert($cert['refid'])): ?>
1168
							OpenVPN Server<br />
1169
							<?php endif; ?>
1170
							<?php if (is_openvpn_client_cert($cert['refid'])): ?>
1171
							OpenVPN Client<br />
1172
							<?php endif; ?>
1173
							<?php if (is_ipsec_cert($cert['refid'])): ?>
1174
							IPsec Tunnel<br />
1175
							<?php endif; ?>
1176
							<?php if (is_captiveportal_cert($cert['refid'])): ?>
1177
							Captive Portal<br />
1178
							<?php endif; ?>
1179
						</td>
1180
						<td valign="middle" class="list nowrap">
1181
							<a href="system_certmanager.php?act=exp&amp;id=<?=$i;?>">
1182
								<img src="/themes/<?= $g['theme'];?>/images/icons/icon_down.gif" title="<?=gettext("export cert");?>" alt="<?=gettext("export ca");?>" width="17" height="17" border="0" />
1183
							</a>
1184
							<a href="system_certmanager.php?act=key&amp;id=<?=$i;?>">
1185
								<img src="/themes/<?= $g['theme'];?>/images/icons/icon_down.gif" title="<?=gettext("export key");?>" alt="<?=gettext("export ca");?>" width="17" height="17" border="0" />
1186
							</a>
1187
							<a href="system_certmanager.php?act=p12&amp;id=<?=$i;?>">
1188
								<img src="/themes/<?= $g['theme'];?>/images/icons/icon_down.gif" title="<?=gettext("export ca cert+user cert+user cert key in .p12 format");?>" alt="<?=gettext("export ca cert+user cert+user cert key in .p12 format");?>" width="17" height="17" border="0" />
1189
							</a>
1190
							<?php	if (!cert_in_use($cert['refid'])): ?>
1191
							<a href="system_certmanager.php?act=del&amp;id=<?=$i;?>" onclick="return confirm('<?=gettext("Do you really want to delete this Certificate?");?>')">
1192
								<img src="/themes/<?= $g['theme'];?>/images/icons/icon_x.gif" title="<?=gettext("delete cert");?>" alt="<?=gettext("delete cert");?>" width="17" height="17" border="0" />
1193
							</a>
1194
							<?php	endif; ?>
1195
							<?php	if ($cert['csr']): ?>
1196
							&nbsp;
1197
								<a href="system_certmanager.php?act=csr&amp;id=<?=$i;?>">
1198
								<img src="/themes/<?= $g['theme'];?>/images/icons/icon_e.gif" title="<?=gettext("update csr");?>" alt="<?=gettext("update csr");?>" width="17" height="17" border="0" />
1199
							</a>
1200
							<?php	endif; ?>
1201
						</td>
1202
					</tr>
1203
					<?php
1204
							$i++;
1205
						endforeach;
1206
					?>
1207
					<tr>
1208
						<td class="list" colspan="4"></td>
1209
						<td class="list">
1210
							<a href="system_certmanager.php?act=new">
1211
								<img src="/themes/<?= $g['theme'];?>/images/icons/icon_plus.gif" title="<?=gettext("add or import certificate");?>" alt="<?=gettext("add certificate");?>" width="17" height="17" border="0" />
1212
							</a>
1213
						</td>
1214
					</tr>
1215
					<tr>
1216
						<td>&nbsp;</td>
1217
						<td colspan="3"><?=gettext("Note: You can only delete a certificate if it is not currently in use.");?></td>
1218
					</tr>
1219
				</table>
1220

    
1221
				<?php endif; ?>
1222

    
1223
			</div>
1224
		</td>
1225
	</tr>
1226
</table>
1227
<?php include("fend.inc");?>
1228
<script type="text/javascript">
1229
//<![CDATA[
1230

    
1231
method_change();
1232
internalca_change();
1233

    
1234
//]]>
1235
</script>
1236

    
1237
</body>
1238
</html>
(213-213/256)