2012-02-28 08:23:39 +00:00
< ? php
include ( '../config.php' );
include ( STORE_DIR . '/config/config.php' );
include ( '../include/my_functions.php' );
include ( '../include/common.php' );
include ( '../include/openssl_functions.php' );
$stage = gpvar ( 'stage' );
$serial = gpvar ( 'serial' );
$sortfield = gpvar ( 'sortfield' );
$ascdec = gpvar ( 'ascdec' );
$passwd = gpvar ( 'passwd' );
$expiry = gpvar ( 'expiry' );
$submit = gpvar ( 'submit' );
$dl_type = gpvar ( 'dl_type' );
$search = gpvar ( 'search' );
$show_valid = gpvar ( 'show_valid' );
$show_revoked = gpvar ( 'show_revoked' );
$show_expired = gpvar ( 'show_expired' );
# Prevent handling certs that don't belong to user
if ( $serial && CAdb_issuer ( $serial ) != $PHPki_user && ! in_array ( $PHPki_user , $PHPki_admins )) {
$stage = 'goaway' ;
}
if ( ! ( $show_valid . $show_revoked . $show_expired ) ) {
$show_valid = 'V' ;
$show_revoked = 'R' ;
$show_expired = 'E' ;
}
$qstr_filter = 'search=' . htvar ( $search ) . '&' .
" show_valid= $show_valid & " .
" show_revoked= $show_revoked & " .
" show_expired= $show_expired & " ;
$qstr_sort = " sortfield= $sortfield &ascdec= $ascdec " ;
switch ( $stage ) {
case 'goaway' :
printHeader ( false );
2013-07-18 14:32:41 +00:00
?> <p><center><h1><font color=red>YOU ARE A VERY BAD BOY!</font></h2></center> <?php
2012-02-28 08:23:39 +00:00
break ;
case 'display' :
printHeader ( false );
?>
2020-02-21 13:21:56 +01:00
< center >< h2 > Certificate Details </ h2 ></ center >
2013-07-18 14:32:41 +00:00
< center >< font color = #0000AA><h3>(#<?php echo $serial?>)<br><?php echo htvar(CA_cert_cname($serial).' <'.CA_cert_email($serial).'>')?> </h3></font></center>
< ? php
2012-02-28 08:23:39 +00:00
if ( $revoke_date = CAdb_is_revoked ( $serial ))
print '<center><font color=red><h2>REVOKED ' . $revoke_date . '</h2></font></center>' ;
print '<pre>' . CA_cert_text ( $serial ) . '</pre>' ;
break ;
case 'dl-confirm' :
printHeader ( 'ca' );
$rec = CAdb_get_entry ( $serial );
?>
2013-07-18 14:32:41 +00:00
< h3 > You are about to download the < font color = red > PRIVATE </ font > certificate key for < ? php echo $rec [ 'common_name' ] . ' <' . $rec [ 'email' ] . '> ' ?> </h3>
2012-02-28 08:23:39 +00:00
< h3 >< font color = red > DO NOT DISTRIBUTE THIS FILE TO THE PUBLIC !</ font ></ h3 >
2013-07-18 14:32:41 +00:00
< form action = " <?php echo $PHP_SELF .'?stage=download&serial='. $serial .'&'. $qstr_sort .'&'. $qstr_filter ?> " method = post >
2012-02-28 08:23:39 +00:00
< strong > File type : </ strong >
2020-02-21 13:21:56 +01:00
< select name = dl_type >
2012-02-28 08:23:39 +00:00
< option value = " PKCS#12 " > PKCS #12 Bundle</option>
< option value = " PEMCERT " > PEM Certificate </ option >
< option value = " PEMKEY " > PEM Key </ option >
< option value = " PEMBUNDLE " > PEM Bundle </ option >
< option value = " PEMCABUNDLE " > PEM Bundle w / Root </ option >
</ select >
< input type = submit name = submit value = " Download " >
& nbsp ; or & nbsp ;
< input type = submit name = submit value = " Go Back " >
</ form >
2020-02-21 13:21:56 +01:00
< ? php
2012-02-28 08:23:39 +00:00
break ;
case 'download' :
if ( strstr ( $submit , " Back " )) $dl_type = '' ;
$rec = CAdb_get_entry ( $serial );
switch ( $dl_type ) {
case 'PKCS#12' :
2020-02-21 15:06:46 +01:00
upload ( " $config[pfx_dir] / $serial .pfx " , " $rec[common_name] .p12 " , 'application/x-pkcs12' );
2012-02-28 08:23:39 +00:00
break ;
case 'PEMCERT' :
2020-02-21 15:06:46 +01:00
upload ( " $config[new_certs_dir] / $serial .pem " , " $rec[common_name] -cert.pem " , 'application/pkix-cert' );
2012-02-28 08:23:39 +00:00
break ;
case 'PEMKEY' :
2020-02-21 15:06:46 +01:00
upload ( " $config[private_dir] / $serial -key.pem " , " $rec[common_name] -key.pem " , 'application/octet-stream' );
2012-02-28 08:23:39 +00:00
break ;
case 'PEMBUNDLE' :
2020-02-21 15:06:46 +01:00
upload ( array ( " $config[private_dir] / $serial -key.pem " , " $config[new_certs_dir] / $serial .pem " ), " $rec[common_name] -Bundle.pem " , 'application/octet-stream' );
2012-02-28 08:23:39 +00:00
break ;
case 'PEMCABUNDLE' :
2020-02-21 15:06:46 +01:00
upload ( array ( " $config[private_dir] / $serial -key.pem " , " $config[new_certs_dir] / $serial .pem " , $config [ 'cacert_pem' ]), " $rec[common_name] -CABundle.pem " , 'application/octet-stream' );
2012-02-28 08:23:39 +00:00
break ;
default :
header ( " Location: ${ PHP_SELF } ? $qstr_sort & $qstr_filter " );
}
break ;
case 'revoke-form' :
$rec = CAdb_get_entry ( $serial );
printHeader ( 'ca' );
?>
2020-02-21 13:21:56 +01:00
< h4 > You are about to < font color = red > REVOKE </ font > the following certificate :< hr >
2012-02-28 08:23:39 +00:00
< table width = 500 >< tr >
< td width = 25 % style = 'white-space: nowrap' >
< p align = right >
2020-02-21 13:21:56 +01:00
Serial Number < br >
2012-02-28 08:23:39 +00:00
User ' s Name < br >
Email Address < br >
Organization < br >
Department / Unit < br >
Locality < br >
State / Province < br >
Country < br >
2020-02-21 14:06:15 +01:00
</ p >
2012-02-28 08:23:39 +00:00
</ td >
2013-07-18 14:32:41 +00:00
< ? php
2012-02-28 08:23:39 +00:00
print '
< td >
2020-02-21 13:21:56 +01:00
'.htvar($rec[serial]).' < br >
2012-02-28 08:23:39 +00:00
'.htvar($rec[common_name]).' < br >
'.htvar($rec[email]).' < br >
'.htvar($rec[organization]).' < br >
'.htvar($rec[unit]).' < br >
'.htvar($rec[locality]).' < br >
'.htvar($rec[province]).' < br >
'.htvar($rec[country]).' < br >
</ td >
</ tr ></ table >
2020-02-21 13:21:56 +01:00
< h4 > Are you sure ? </ h4 >
2020-02-21 14:06:15 +01:00
< form action = " '. $PHP_SELF .'?'. $qstr_sort .'&'. $qstr_filter .' " method = post >
2020-02-21 13:21:56 +01:00
< input type = hidden name = stage value = revoke >
< input type = hidden name = serial value = '.$serial.' >
2012-02-28 08:23:39 +00:00
< input type = submit name = submit value = Yes >& nbsp
< input type = submit name = submit value = Cancel >
</ form > ' ;
break ;
case 'revoke' :
$ret = true ;
if ( $submit == 'Yes' )
list ( $ret , $errtxt ) = CA_revoke_cert ( $serial );
if ( ! $ret ) {
printHeader ( 'ca' );
print " <form action= \" $PHP_SELF ?stage=revoke-form&serial= $serial & $qstr_sort & $qstr_filter\ " method = post > " ;
?>
< font color = #ff0000>
2020-02-21 13:21:56 +01:00
< h2 > There was an error revoking your certificate .</ h2 ></ font >< br >
2012-02-28 08:23:39 +00:00
< blockquote >
< h3 > Debug Info :</ h3 >
2013-07-18 14:32:41 +00:00
< pre >< ? php echo $errtxt ?> </pre>
2012-02-28 08:23:39 +00:00
</ blockquote >
< p >
< input type = submit name = submit value = Back >
< p >
</ form >
2013-07-18 14:32:41 +00:00
< ? php
2012-02-28 08:23:39 +00:00
}
else
header ( " Location: ${ PHP_SELF } ? $qstr_sort & $qstr_filter " );
break ;
case 'renew-form' :
#
# Get last known values submitted by this user. We only really
# need the expiry value, but the old cert values will override
# the rest.
#
if ( ! $submit and file_exists ( " config/user- ${ PHPki_user } .php " ))
include ( " config/user- ${ PHPki_user } .php " );
#
# Get values from the old certificate.
#
$rec = CAdb_get_entry ( $serial );
$country = $rec [ 'country' ];
$province = $rec [ 'province' ];
$locality = $rec [ 'locality' ];
$organization = $rec [ 'organization' ];
$unit = $rec [ 'unit' ];
$common_name = $rec [ 'common_name' ];
$email = $rec [ 'email' ];
printHeader ( 'ca' );
?>
2020-02-21 13:21:56 +01:00
< body onLoad = " self.focus();document.form.passwd.focus(); " >
2012-02-28 08:23:39 +00:00
2013-07-18 14:32:41 +00:00
< form action = " <?php echo $PHP_SELF .'?'. $qstr_sort .'&'. $qstr_filter ?> " method = post name = form >
2012-02-28 08:23:39 +00:00
< table width = 99 %>
< th colspan = 2 >< h3 > Certificate Renewal Form </ h3 ></ th >
< tr >
< td width = 25 %> Common Name </ td >
2013-07-18 14:32:41 +00:00
< td >< input type = text name = common_name value = " <?php echo htvar( $common_name )?> " size = 50 maxlength = 60 disabled ></ td >
2012-02-28 08:23:39 +00:00
</ tr >
< tr >
< td > E - mail Address </ td >
2013-07-18 14:32:41 +00:00
< td >< input type = text name = email value = " <?php echo htvar( $email )?> " size = 50 maxlength = 60 disabled ></ td >
2012-02-28 08:23:39 +00:00
</ tr >
< tr >
< td > Organization </ td >
2013-07-18 14:32:41 +00:00
< td >< input type = text name = organization value = " <?php echo htvar( $organization )?> " size = 60 maxlength = 60 disabled ></ td >
2012-02-28 08:23:39 +00:00
</ tr >
< tr >
2013-07-18 14:32:41 +00:00
< td > Department / Unit </ td >< td >< input type = text name = unit value = " <?php echo htvar( $unit ) ?> " size = 40 maxlength = 60 disabled ></ td >
2012-02-28 08:23:39 +00:00
</ tr >
< tr >
2013-07-18 14:32:41 +00:00
< td > Locality </ td >< td >< input type = text name = locality value = " <?php echo htvar( $locality ) ?> " size = 30 maxlength = 30 disabled ></ td >
2012-02-28 08:23:39 +00:00
</ tr >
< tr >
2013-07-18 14:32:41 +00:00
< td > State / Province </ td >< td >< input type = text name = province value = " <?php echo htvar( $province ) ?> " size = 30 maxlength = 30 disabled ></ td >
2012-02-28 08:23:39 +00:00
</ tr >
< tr >
< td > Country </ td >
2013-07-18 14:32:41 +00:00
< td >< input type = text name = country value = " <?php echo htvar( $country ) ?> " size = 2 maxlength = 2 disabled ></ td >
2012-02-28 08:23:39 +00:00
</ tr >
< tr >
< td > Certificate Password </ td >
2013-07-18 14:32:41 +00:00
< td >< input type = password name = passwd value = " <?php echo htvar( $passwd ) ?> " size = 30 ></ td >
2012-02-28 08:23:39 +00:00
</ tr >
< tr >
< td > Certificate Life </ td >
< td >< select name = expiry >
2013-07-18 14:32:41 +00:00
< ? php
2012-02-28 08:23:39 +00:00
print " <option value=0.083 " . ( $expiry == 1 ? " selected='selected' " : " " ) . " >1 Month</option> \n " ;
print " <option value=0.25 " . ( $expiry == 1 ? " selected='selected' " : " " ) . " >3 Months</option> \n " ;
print " <option value=0.5 " . ( $expiry == 1 ? " selected='selected' " : " " ) . " >6 Months</option> \n " ;
print " <option value=1 " . ( $expiry == 1 ? " selected='selected' " : " " ) . " >1 Year</option> \n " ;
2020-02-22 15:09:41 +01:00
for ( $i = 2 ; $i <= 5 ; $i ++ ) {
2012-02-28 08:23:39 +00:00
print " <option value= $i " . ( $expiry == $i ? " selected='selected' " : " " ) . " > $i Years</option> \n " ;
}
?>
</ select ></ td >
</ tr >
< tr >
2020-02-21 13:21:56 +01:00
< td >& nbsp </ td >
2012-02-28 08:23:39 +00:00
< td >
2020-02-21 13:21:56 +01:00
< input type = submit name = submit value = " Submit Request " >& nbsp
< input type = submit name = submit value = " Back " >
< input type = hidden name = stage value = renew >
< input type = hidden name = serial value =< ? php echo $serial ?> >
2012-02-28 08:23:39 +00:00
</ td >
</ tr >
</ table >
</ form >
2013-07-18 14:32:41 +00:00
< ? php
2012-02-28 08:23:39 +00:00
printFooter ();
break ;
case 'renew' :
$ret = true ;
if ( $submit == " Submit Request " )
list ( $ret , $errtxt ) = CA_renew_cert ( $serial , $expiry , $passwd );
if ( ! $ret ) {
printHeader ( 'ca' );
print " <form action= \" $PHP_SELF ?stage=renew-form&serial= $serial & $qstr_sort & $qstr_filter\ " method = post > " ;
?>
< font color = #ff0000>
2020-02-21 13:21:56 +01:00
< h2 > There was an error creating your certificate .</ h2 >
</ font >< br >
2012-02-28 08:23:39 +00:00
< blockquote >
< h3 > Debug Info :</ h3 >
2013-07-18 14:32:41 +00:00
< pre >< ? php echo $errtxt ?> </pre>
2012-02-28 08:23:39 +00:00
</ blockquote >
< p >
< input type = submit name = submit value = Back >
< p >
</ form >
2013-07-18 14:32:41 +00:00
< ? php
2012-02-28 08:23:39 +00:00
}
else {
header ( " Location: $PHP_SELF ? $qstr_sort & $qstr_filter " );
}
break ;
default :
printHeader ( 'ca' );
?>
2020-02-21 13:21:56 +01:00
< body onLoad = " self.focus();document.filter.search.focus(); " >
2012-02-28 08:23:39 +00:00
< table >
< tr >< th colspan = 8 >< big > CERTIFICATE MANAGEMENT CONTROL PANEL </ big ></ th ></ tr >
< tr >< td colspan = 8 >< center >
2013-07-18 14:32:41 +00:00
< form action = " <?php echo " $PHP_SELF ? $qstr_sort " ?> " method = get name = filter >
Search : < input type = text name = search value = " <?php echo htvar( $search )?> " style = " font-size: 11px; " maxlength = 60 size = 30 >
2020-02-21 13:21:56 +01:00
& nbsp & nbsp & nbsp & nbsp & nbsp & nbsp < input type = checkbox name = show_valid value = " V " < ? php echo ( $show_valid ? 'checked' : '' ) ?> >Valid
2013-07-18 14:32:41 +00:00
& nbsp & nbsp < input type = checkbox name = show_revoked value = " R " < ? php echo ( $show_revoked ? 'checked' : '' ) ?> >Revoked
& nbsp & nbsp < input type = checkbox name = show_expired value = " E " < ? php echo ( $show_expired ? 'checked' : '' ) ?> >Expired
2012-02-28 08:23:39 +00:00
& nbsp & nbsp & nbsp & nbsp & nbsp < input type = submit name = submit value = " Apply Filter " style = " font-size: 11px; " >
</ form >
</ center ></ td >
</ tr >
2013-07-18 14:32:41 +00:00
< ? php
2012-02-28 08:23:39 +00:00
if ( ! $sortfield ) {
$sortfield = 'email' ;
$ascdec = 'A' ;
}
if ( $ascdec == 'A' ) {
$arrow_gif = '../images/uparrow-blue.gif' ;
$ht_ascdec = 'D' ;
}
else {
$arrow_gif = '../images/downarrow-blue.gif' ;
$ht_ascdec = 'A' ;
}
print '<tr>' ;
$headings = array (
status => " Status " , issued => " Issued " , expires => " Expires " ,
common_name => " User's Name " , email => " E-mail " ,
organization => " Organization " , unit => " Department " ,
locality => " Locality "
);
foreach ( $headings as $field => $head ) {
print '<th><a href="' . $PHP_SELF . '?sortfield=' . $field . '&ascdec=A&' . $qstr_filter . '" title="Click to sort on this column."><u>' . $head . '</u></a>' ;
if ( $sortfield == $field ) {
print ' <a href="' . $PHP_SELF . '?sortfield=' . $field . '&ascdec=' . $ht_ascdec . '&' . $qstr_filter . '" >' .
'<img src=' . $arrow_gif . ' height=12 alt=\'Change sort order.\' title=\'Click to reverse sort order.\'></a>' ;
}
print '</th>' ;
}
print '</tr>' ;
$x = " ^[ $show_valid $show_revoked $show_expired ] " ;
if ( in_array ( $PHPki_user , $PHPki_admins )) {
$x = " $x .* $search " ;
}
else {
$x = " $x .* $search .* $PHPki_user | $x .* $PHPki_user .* $search " ;
}
$db = csort ( CAdb_to_array ( $x ), $sortfield , ( $ascdec == 'A' ? SORT_ASC : SORT_DESC ));
$stcolor = array ( Valid => 'green' , Revoked => 'red' , Expired => 'orange' );
foreach ( $db as $rec ) {
print ' < tr style = " font-size: 11px; " >
< td >< font color = '.$stcolor[$rec[' status ']].' >< b > ' .$rec[status].' </ b ></ font ></ td >
< td style = " white-space: nowrap " > '.$rec[issued].' </ td >
< td style = " white-space: nowrap " > '.$rec[expires].' </ td >
< td > '.$rec[common_name].' </ td >
< td style = " white-space: nowrap " >< a href = " mailto:' . htvar( $rec['common_name'] ) . ' <' . htvar( $rec['email'] ) . '> " > ' . htvar($rec[' email ']) . ' </ a ></ td >
< td > '.htvar($rec[organization]).' </ td >
< td > '.htvar($rec[unit]).' </ td >
< td > '.htvar($rec[locality]).' </ td >
< td >< a href = " '. $PHP_SELF .'?stage=display&serial='. $rec[serial] .' " target = _certdisp > ' .
'<img src=../images/display.png alt="Display" title="Display complete certificate details."></a>' ;
if ( $rec [ 'status' ] == 'Valid' ) {
print '
< a href = " '. $PHP_SELF .'?stage=dl-confirm&serial='. $rec[serial] .'&'. $qstr_sort .'&'. $qstr_filter .' " > ' .
' < img src =../ images / download . png alt = " Download " title = " Download the PRIVATE certificate. DO NOT DISTRIBUTE THIS TO THE PUBLIC! " ></ a >
< a href = " '. $PHP_SELF .'?stage=revoke-form&serial='. $rec[serial] .'&'. $qstr_sort .'&'. $qstr_filter .' " > ' .
'<img src=../images/revoke.png alt="Revoke" title="Revoke the certificate when the e-mail address is no longer valid or the certificate password or private key has been compromised."></a>' ;
}
print '
< a href = " '. $PHP_SELF .'?stage=renew-form&serial='. $rec[serial] .'&'. $qstr_sort .'&'. $qstr_filter .' " > ' .
'<img src=../images/renew.png alt="Renew" title="Renew the certificate by revoking it, if necessary, and creating a replacement with a new expiration date."></a></td></tr>' ;
}
print '</table>' ;
printFooter ();
}
?>