Files
phpki-ng/ca/manage_certs.php

426 lines
15 KiB
PHP
Raw Normal View History

2012-02-28 08:23:39 +00:00
<?php
include('../config.php');
include(STORE_DIR.'/config/config.php');
include('../include/my_functions.php');
include('../include/common.php');
include('../include/openssl_functions.php');
2021-03-07 18:56:21 +01:00
$stage = gpvar('stage');
$serial = gpvar('serial');
$sortfield = gpvar('sortfield');
$ascdec = gpvar('ascdec');
$passwd = gpvar('passwd');
$expiry = gpvar('expiry');
$submit = gpvar('submit');
$dl_type = gpvar('dl_type');
2012-02-28 08:23:39 +00:00
$search = gpvar('search');
$show_valid = gpvar('show_valid');
$show_revoked = gpvar('show_revoked');
$show_expired = gpvar('show_expired');
# Prevent handling certs that don't belong to user
if ($serial && CAdb_issuer($serial) != $PHPki_user && ! in_array($PHPki_user, $PHPki_admins)) {
$stage = 'goaway';
2012-02-28 08:23:39 +00:00
}
if (!($show_valid.$show_revoked.$show_expired)) {
$show_valid = 'V';
$show_revoked = 'R';
$show_expired = 'E';
2012-02-28 08:23:39 +00:00
}
$qstr_filter = 'search='.htvar($search) . '&' . "show_valid=$show_valid&" . "show_revoked=$show_revoked&" . "show_expired=$show_expired&";
2012-02-28 08:23:39 +00:00
$qstr_sort = "sortfield=$sortfield&ascdec=$ascdec";
switch ($stage) {
case 'goaway':
printHeader(false);
?>
<p><center><h1><font color="red">YOU ARE A VERY BAD BOY!</font></h2></center>
<?php
break;
case 'display':
printHeader(false);
?>
2021-03-07 18:56:21 +01:00
<center><h2>Certificate Details</h2></center>
<center><font color="#0000AA"><h3>(#<?php echo $serial?>)<br><?php echo htvar(CA_cert_cname($serial).' <'.CA_cert_email($serial).'>')?> </h3></font></center>
2021-03-07 18:56:21 +01:00
<?php
if ($revoke_date = CAdb_is_revoked($serial)) {
print '<center><font color=red><h2>REVOKED '.$revoke_date.'</h2></font></center>';
}
print '<pre>'.CA_cert_text($serial).'</pre>';
break;
case 'dl-confirm':
printHeader('ca');
$rec = CAdb_get_entry($serial);
?>
2021-03-07 18:56:21 +01:00
<h3>You are about to download the <font color=red>PRIVATE</font> certificate key for <?php echo $rec['common_name'].' &lt;'.$rec['email'].'&gt; '?></h3>
<h3><font color="red">DO NOT DISTRIBUTE THIS FILE TO THE PUBLIC!</font></h3>
<form action="<?php echo $PHP_SELF.'?stage=download&serial='.$serial.'&'.$qstr_sort.'&'.$qstr_filter?>" method="post">
<strong>File type: </strong>
<select name="dl_type">
<option value="PKCS#12">PKCS#12 Bundle</option>
<option value="PEMCERT">PEM Certificate</option>
<option value="PEMKEY">PEM Key</option>
<option value="PEMBUNDLE">PEM Bundle</option>
<option value="PEMCABUNDLE">PEM Bundle w/Root</option>
</select>
<input type="submit" name="submit" value="Download">
&nbsp; or &nbsp;
<input type="submit" name="submit" value="Go Back">
</form>
2020-02-21 13:21:56 +01:00
<?php
2012-02-28 08:23:39 +00:00
break;
case 'download':
if (strstr($submit, "Back")) {
$dl_type = '';
}
$rec = CAdb_get_entry($serial);
switch ($dl_type) {
case 'PKCS#12':
upload($config['pfx_dir'] . "/$serial.pfx", "$rec[common_name].p12", 'application/x-pkcs12');
break;
case 'PEMCERT':
upload($config['new_certs_dir'] . "/$serial.pem", "$rec[common_name]-cert.pem", 'application/pkix-cert');
break;
case 'PEMKEY':
upload($config['private_dir'] . "/$serial-key.pem", "$rec[common_name]-key.pem", 'application/octet-stream');
break;
case 'PEMBUNDLE':
upload(array($config['private_dir'] . "/$serial-key.pem",$config['new_certs_dir'] . "/$serial.pem"), $rec['common_name'] . "-Bundle.pem", 'application/octet-stream');
break;
case 'PEMCABUNDLE':
upload(array($config['private_dir'] . "/$serial-key.pem",$config['new_certs_dir'] . "/$serial.pem", $config['cacert_pem']), $rec['common_name'] . "-CABundle.pem", 'application/octet-stream');
break;
default:
header("Location: ${PHP_SELF}?$qstr_sort&$qstr_filter");
}
break;
case 'revoke-form':
$rec = CAdb_get_entry($serial);
printHeader('ca');
?>
<h4>You are about to <font color=red>REVOKE</font> the following certificate:
<hr>
<table width="500px"><tr>
<td width="25%" style="white-space: nowrap">
<p align="right">
2020-03-06 12:55:50 +01:00
Serial Number<br>
User's Name<br>
Email Address<br>
Organization<br>
Department/Unit<br>
Locality<br>
State/Province<br>
Country<br>
</p>
</td>
<?php
print '
<td>
2021-03-07 18:56:21 +01:00
'.htvar($rec['serial']).'<br>
'.htvar($rec['common_name']).'<br>
'.htvar($rec['email']).'<br>
'.htvar($rec['organization']).'<br>
'.htvar($rec['unit']).'<br>
'.htvar($rec['locality']).'<br>
'.htvar($rec['province']).'<br>
'.htvar($rec['country']).'<br>
</td>
</tr></table>
<h4>Are you sure?</h4>
<form action="'.$PHP_SELF.'?'.$qstr_sort.'&'.$qstr_filter.'" method=post>
<input type=hidden name=stage value=revoke >
<input type=hidden name=serial value='.$serial.' >
<input type=submit name=submit value=Yes >&nbsp
<input type=submit name=submit value=Cancel>
</form>';
2021-03-07 18:56:21 +01:00
break;
case 'revoke':
$ret = true;
if ($submit == 'Yes') {
list($ret, $errtxt) = CA_revoke_cert($serial);
}
if (! $ret) {
printHeader('ca');
print "<form action=\"$PHP_SELF?stage=revoke-form&serial=$serial&$qstr_sort&$qstr_filter\" method=post>";
?>
<font color=#ff0000>
<h2>There was an error revoking your certificate.</h2></font><br>
<blockquote>
<h3>Debug Info:</h3>
<pre><?php echo $errtxt?></pre>
2021-03-07 18:56:21 +01:00
</blockquote>
<p>
<input type=submit name=submit value=Back>
<p>
</form>
<?php
} else {
header("Location: ${PHP_SELF}?$qstr_sort&$qstr_filter");
}
break;
case 'renew-form':
#
# Get last known values submitted by this user. We only really
# need the expiry value, but the old cert values will override
# the rest.
#
if (! $submit and file_exists("config/user-${PHPki_user}.php")) {
include("config/user-${PHPki_user}.php");
}
#
# Get values from the old certificate.
#
$rec = CAdb_get_entry($serial);
$country = $rec['country'];
$province = $rec['province'];
$locality = $rec['locality'];
$organization = $rec['organization'];
$unit = $rec['unit'];
$common_name = $rec['common_name'];
$email = $rec['email'];
printHeader('ca');
?>
<body onLoad="self.focus();document.form.passwd.focus();">
<form action="<?php echo $PHP_SELF.'?'.$qstr_sort.'&'.$qstr_filter?>" method=post name=form>
2021-03-07 18:56:21 +01:00
<table width=99%>
<th colspan="2"><h3>Certificate Renewal Form</h3></th>
<tr>
2021-03-09 01:03:45 +01:00
<td colspan="2" style="text-align:center">This will Revoke the old Certificate and Create a new one<br>
<font color=red>If a password was used to create the original certificate you must use it below</font></td>
2021-03-07 18:56:21 +01:00
</tr>
<tr>
<td width="25%">Common Name </td>
<td><input type="text"" name="common_name" value="<?php echo htvar($common_name)?>" size="50" maxlength="60" disabled></td>
</tr>
<tr>
<td>E-mail Address </td>
<td><input type="text" name="email" value="<?php echo htvar($email)?>" size="50" maxlength="60" disabled></td>
</tr>
<tr>
<td>Organization </td>
<td><input type="text" name="organization" value="<?php echo htvar($organization)?>" size="60" maxlength="60" disabled></td>
</tr>
<tr>
<td>Department/Unit </td><td><input type="text" name="unit" value="<?php echo htvar($unit) ?>" size="40" maxlength="60" disabled></td>
</tr>
<tr>
<td>Locality</td><td><input type="text" name="locality" value="<?php echo htvar($locality) ?>" size="30" maxlength="30" disabled></td>
</tr>
<tr>
<td>State/Province</td><td><input type="text" name="province" value="<?php echo htvar($province) ?>" size="30" maxlength="30" disabled></td>
</tr>
<tr>
<td>Country</td>
<td><input type="text" name="country" value="<?php echo htvar($country) ?>" size="2" maxlength="2" disabled></td>
</tr>
<tr>
2021-03-09 01:03:45 +01:00
<td>Certificate Password <font color=red>- might be required</font></td>
2021-03-07 18:56:21 +01:00
<td><input type="password" name="passwd" value="<?php echo htvar($passwd) ?>" size="30"></td>
</tr>
<tr>
<td>Certificate Life </td>
<td><select name=expiry>
2021-03-07 18:56:21 +01:00
<?php
print "<option value=0.083 " . ($expiry == 1 ? "selected='selected'" : "") . " >1 Month</option>\n" ;
print "<option value=0.25 " . ($expiry == 1 ? "selected='selected'" : "") . " >3 Months</option>\n" ;
print "<option value=0.5 " . ($expiry == 1 ? "selected='selected'" : "") . " >6 Months</option>\n" ;
print "<option value=1 " . ($expiry == 1 ? "selected='selected'" : "") . " >1 Year</option>\n" ;
for ($i = 2; $i <= 5; $i++) {
print "<option value=$i " . ($expiry == $i ? "selected='selected'" : "") . " >$i Years</option>\n" ;
}
?>
2021-03-07 18:56:21 +01:00
</select></td>
</tr>
<tr>
<td>&nbsp</td>
<td>
<input type="submit" name="submit" value="Submit Request">&nbsp
<input type="submit" name="submit" value="Back">
<input type="hidden" name="stage" value="renew">
<input type="hidden" name="serial" value="<?php echo $serial ?>" >
</td>
</tr>
</table>
</form>
<?php
printFooter();
break;
case 'renew':
$ret = true;
if ($submit == "Submit Request") {
list($ret, $errtxt) = CA_renew_cert($serial, $expiry, $passwd);
}
2021-03-07 18:56:21 +01:00
if (! $ret) {
printHeader('ca');
print "<form action=\"$PHP_SELF?stage=renew-form&serial=$serial&$qstr_sort&$qstr_filter\" method=post>";
?>
<font color=#ff0000>
<h2>There was an error creating your certificate.</h2>
</font><br>
<blockquote>
<h3>Debug Info:</h3>
<pre><?php echo $errtxt?></pre>
2021-03-07 18:56:21 +01:00
</blockquote>
<p>
<input type="submit" name="submit" value="Back">
<p>
</form>
<?php
} else {
header("Location: $PHP_SELF?$qstr_sort&$qstr_filter");
}
break;
default:
printHeader('ca');
?>
2021-03-07 18:56:21 +01:00
<body onLoad="self.focus();document.filter.search.focus();">
<table style="margin:0 auto">
<tr><th colspan=9><big>CERTIFICATE MANAGEMENT CONTROL PANEL</big></th></tr>
<tr><td colspan=9><center>
<form action="<?php echo "$PHP_SELF?$qstr_sort"?>" method="get" name="filter">
2020-03-06 12:55:50 +01:00
Search: <input type="text" name=search" value="<?php echo htvar($search)?>" style="font-size: 11px;" maxlength="60" size="30">
&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp
<input type="checkbox" name="show_valid" value="V" <?php echo ($show_valid?'checked':'')?>>Valid
2020-03-06 12:55:50 +01:00
&nbsp&nbsp
<input type="checkbox" name="show_revoked" value="R" <?php echo ($show_revoked?'checked':'')?>>Revoked
2020-03-06 12:55:50 +01:00
&nbsp&nbsp
<input type="checkbox" name="show_expired" value="E" <?php echo ($show_expired?'checked':'')?>>Expired
2020-03-06 12:55:50 +01:00
&nbsp&nbsp&nbsp&nbsp&nbsp
<input type="submit" name="submit" value="Apply Filter" style="font-size: 11px;">
2012-02-28 08:23:39 +00:00
</form>
</center></td>
</tr>
2021-03-07 18:56:21 +01:00
<?php
if (! $sortfield) {
$sortfield = 'email' ;
$ascdec = 'A';
}
if ($ascdec == 'A') {
$arrow_gif = '../images/uparrow-blue.gif';
$ht_ascdec = 'D';
} else {
$arrow_gif = '../images/downarrow-blue.gif';
$ht_ascdec = 'A';
}
print '<tr>';
2021-03-07 18:56:21 +01:00
$headings = array(
'status'=>"Status", 'issued'=>"Issued", 'expires'=>"Expires",
'common_name'=>"User's Name", 'email'=>"E-mail",
'organization'=>"Organization", 'unit'=>"Department",
'locality'=>"Locality"
);
foreach ($headings as $field => $head) {
print '<th><a href="'.$PHP_SELF.'?sortfield='.$field.'&ascdec=A&'.$qstr_filter.'" title="Click to sort on this column."><u>'.$head.'</u></a>';
if ($sortfield == $field) {
print '&nbsp<a href="'.$PHP_SELF.'?sortfield='.$field.'&ascdec='.$ht_ascdec.'&'.$qstr_filter.'" >'.
'<img src='.$arrow_gif.' height=12 alt=\'Change sort order.\' title=\'Click to reverse sort order.\'></a>';
}
print '</th>';
}
print '<th><font color=green>Actions</font></th>';
print '</tr>';
$x = "^[$show_valid$show_revoked$show_expired]";
if (in_array($PHPki_user, $PHPki_admins)) {
$x = "$x.*$search";
} else {
$x = "$x.*$search.*$PHPki_user|$x.*$PHPki_user.*$search";
}
$db = csort(CAdb_to_array($x), $sortfield, ($ascdec=='A'?SORT_ASC:SORT_DESC));
$stcolor = array('Valid'=>'green','Revoked'=>'red','Expired'=>'orange');
foreach ($db as $rec) {
2021-03-07 18:56:21 +01:00
print '<tr style="font-size: 11px;">
2021-03-07 19:17:44 +01:00
<td><font color='. $stcolor[$rec['status']] . '><b>' . $rec['status'] . '</b></font></td>
<td style="white-space: nowrap">'.$rec['issued'].'</td>
<td style="white-space: nowrap">'.$rec['expires'].'</td>
2021-03-07 19:17:44 +01:00
<td>' . $rec['common_name'] . '</td>
<td style="white-space: nowrap"><a href="mailto:' . htvar($rec['common_name']) . ' <' . htvar($rec['email']) . '>" >' . htvar($rec['email']) . '</a></td>
2021-03-07 19:17:44 +01:00
<td>' . htvar($rec['organization']) . '</td>
<td>' . htvar($rec['unit']) . '</td>
<td>' . htvar($rec['locality']) . '</td>
<td><a href="' . $PHP_SELF . '?stage=display&serial=' . $rec['serial'] . '" target=_certdisp>'.
'<img src=../images/display.png alt="Display" title="Display complete certificate details."></a>';
if ($rec['status'] == 'Valid') {
print '
2021-03-07 19:17:44 +01:00
<a href="' . $PHP_SELF . '?stage=dl-confirm&serial=' . $rec['serial'] . '&' . $qstr_sort . '&' . $qstr_filter . '">' .
'<img src=../images/download.png alt="Download" title="Download the PRIVATE certificate. DO NOT DISTRIBUTE THIS TO THE PUBLIC!"></a>
2021-03-07 19:17:44 +01:00
<a href="' . $PHP_SELF . '?stage=revoke-form&serial=' . $rec['serial'] . '&' . $qstr_sort . '&' . $qstr_filter . '">' .
'<img src=../images/revoke.png alt="Revoke" title="Revoke the certificate when the e-mail address is no longer valid or the certificate password or private key has been compromised."></a>';
}
print '
2021-03-07 19:17:44 +01:00
<a href="' . $PHP_SELF . '?stage=renew-form&serial=' . $rec['serial'] . '&' . $qstr_sort . '&' . $qstr_filter . '">' .
'<img src=../images/renew.png alt="Renew" title="Renew the certificate by revoking it, if necessary, and creating a replacement with a new expiration date."></a>
</td></tr>';
}
print '</table>';
printFooter();
2012-02-28 08:23:39 +00:00
}
?>