2012-02-28 08:23:39 +00:00
< ? php
include ( '../config.php' );
include ( STORE_DIR . '/config/config.php' );
include ( '../include/my_functions.php' );
include ( '../include/common.php' );
include ( '../include/openssl_functions.php' );
2021-03-07 18:56:21 +01:00
$stage = gpvar ( 'stage' );
$serial = gpvar ( 'serial' );
$sortfield = gpvar ( 'sortfield' );
$ascdec = gpvar ( 'ascdec' );
$passwd = gpvar ( 'passwd' );
$expiry = gpvar ( 'expiry' );
$submit = gpvar ( 'submit' );
$dl_type = gpvar ( 'dl_type' );
2012-02-28 08:23:39 +00:00
$search = gpvar ( 'search' );
$show_valid = gpvar ( 'show_valid' );
$show_revoked = gpvar ( 'show_revoked' );
$show_expired = gpvar ( 'show_expired' );
# Prevent handling certs that don't belong to user
2021-03-03 17:15:01 +01:00
if ( $serial && CAdb_issuer ( $serial ) != $PHPki_user && ! in_array ( $PHPki_user , $PHPki_admins )) {
$stage = 'goaway' ;
2012-02-28 08:23:39 +00:00
}
2021-03-03 17:15:01 +01:00
if ( ! ( $show_valid . $show_revoked . $show_expired )) {
$show_valid = 'V' ;
$show_revoked = 'R' ;
$show_expired = 'E' ;
2012-02-28 08:23:39 +00:00
}
2021-03-03 17:15:01 +01:00
$qstr_filter = 'search=' . htvar ( $search ) . '&' . " show_valid= $show_valid & " . " show_revoked= $show_revoked & " . " show_expired= $show_expired & " ;
2012-02-28 08:23:39 +00:00
$qstr_sort = " sortfield= $sortfield &ascdec= $ascdec " ;
switch ( $stage ) {
2021-03-03 17:15:01 +01:00
case 'goaway' :
printHeader ( false );
?>
< p >< center >< h1 >< font color = " red " > YOU ARE A VERY BAD BOY !</ font ></ h2 ></ center >
< ? php
break ;
case 'display' :
printHeader ( false );
?>
2021-03-07 18:56:21 +01:00
2021-03-03 17:15:01 +01:00
< center >< h2 > Certificate Details </ h2 ></ center >
< center >< font color = " #0000AA " >< h3 > ( #<?php echo $serial?>)<br><?php echo htvar(CA_cert_cname($serial).' <'.CA_cert_email($serial).'>')?> </h3></font></center>
2021-03-07 18:56:21 +01:00
2021-03-03 17:15:01 +01:00
< ? php
if ( $revoke_date = CAdb_is_revoked ( $serial )) {
print '<center><font color=red><h2>REVOKED ' . $revoke_date . '</h2></font></center>' ;
}
print '<pre>' . CA_cert_text ( $serial ) . '</pre>' ;
break ;
case 'dl-confirm' :
printHeader ( 'ca' );
$rec = CAdb_get_entry ( $serial );
?>
2021-03-07 18:56:21 +01:00
< h3 > You are about to download the < font color = red > PRIVATE </ font > certificate key for < ? php echo $rec [ 'common_name' ] . ' <' . $rec [ 'email' ] . '> ' ?> </h3>
2021-03-03 17:15:01 +01:00
< h3 >< font color = " red " > DO NOT DISTRIBUTE THIS FILE TO THE PUBLIC !</ font ></ h3 >
< form action = " <?php echo $PHP_SELF .'?stage=download&serial='. $serial .'&'. $qstr_sort .'&'. $qstr_filter ?> " method = " post " >
< strong > File type : </ strong >
< select name = " dl_type " >
< option value = " PKCS#12 " > PKCS #12 Bundle</option>
< option value = " PEMCERT " > PEM Certificate </ option >
< option value = " PEMKEY " > PEM Key </ option >
< option value = " PEMBUNDLE " > PEM Bundle </ option >
< option value = " PEMCABUNDLE " > PEM Bundle w / Root </ option >
</ select >
< input type = " submit " name = " submit " value = " Download " >
& nbsp ; or & nbsp ;
< input type = " submit " name = " submit " value = " Go Back " >
</ form >
2020-02-21 13:21:56 +01:00
< ? php
2012-02-28 08:23:39 +00:00
2021-03-03 17:15:01 +01:00
break ;
case 'download' :
if ( strstr ( $submit , " Back " )) {
$dl_type = '' ;
}
$rec = CAdb_get_entry ( $serial );
switch ( $dl_type ) {
case 'PKCS#12' :
upload ( $config [ 'pfx_dir' ] . " / $serial .pfx " , " $rec[common_name] .p12 " , 'application/x-pkcs12' );
break ;
case 'PEMCERT' :
upload ( $config [ 'new_certs_dir' ] . " / $serial .pem " , " $rec[common_name] -cert.pem " , 'application/pkix-cert' );
break ;
case 'PEMKEY' :
upload ( $config [ 'private_dir' ] . " / $serial -key.pem " , " $rec[common_name] -key.pem " , 'application/octet-stream' );
break ;
case 'PEMBUNDLE' :
upload ( array ( $config [ 'private_dir' ] . " / $serial -key.pem " , $config [ 'new_certs_dir' ] . " / $serial .pem " ), $rec [ 'common_name' ] . " -Bundle.pem " , 'application/octet-stream' );
break ;
case 'PEMCABUNDLE' :
upload ( array ( $config [ 'private_dir' ] . " / $serial -key.pem " , $config [ 'new_certs_dir' ] . " / $serial .pem " , $config [ 'cacert_pem' ]), $rec [ 'common_name' ] . " -CABundle.pem " , 'application/octet-stream' );
break ;
default :
header ( " Location: ${ PHP_SELF } ? $qstr_sort & $qstr_filter " );
}
break ;
case 'revoke-form' :
$rec = CAdb_get_entry ( $serial );
printHeader ( 'ca' );
?>
< h4 > You are about to < font color = red > REVOKE </ font > the following certificate :
< hr >
< table width = " 500px " >< tr >
< td width = " 25% " style = " white-space: nowrap " >
< p align = " right " >
2020-03-06 12:55:50 +01:00
Serial Number < br >
2021-03-03 17:15:01 +01:00
User ' s Name < br >
Email Address < br >
Organization < br >
Department / Unit < br >
Locality < br >
State / Province < br >
Country < br >
</ p >
</ td >
< ? php
print '
< td >
2021-03-07 18:56:21 +01:00
'.htvar($rec[' serial ']).' < br >
'.htvar($rec[' common_name ']).' < br >
'.htvar($rec[' email ']).' < br >
'.htvar($rec[' organization ']).' < br >
'.htvar($rec[' unit ']).' < br >
'.htvar($rec[' locality ']).' < br >
'.htvar($rec[' province ']).' < br >
'.htvar($rec[' country ']).' < br >
2021-03-03 17:15:01 +01:00
</ td >
</ tr ></ table >
< h4 > Are you sure ? </ h4 >
< form action = " '. $PHP_SELF .'?'. $qstr_sort .'&'. $qstr_filter .' " method = post >
< input type = hidden name = stage value = revoke >
< input type = hidden name = serial value = '.$serial.' >
< input type = submit name = submit value = Yes >& nbsp
< input type = submit name = submit value = Cancel >
</ form > ' ;
2021-03-07 18:56:21 +01:00
2021-03-03 17:15:01 +01:00
break ;
case 'revoke' :
$ret = true ;
if ( $submit == 'Yes' ) {
list ( $ret , $errtxt ) = CA_revoke_cert ( $serial );
}
if ( ! $ret ) {
printHeader ( 'ca' );
print " <form action= \" $PHP_SELF ?stage=revoke-form&serial= $serial & $qstr_sort & $qstr_filter\ " method = post > " ;
?>
< font color = #ff0000>
< h2 > There was an error revoking your certificate .</ h2 ></ font >< br >
< blockquote >
< h3 > Debug Info :</ h3 >
< pre >< ? php echo $errtxt ?> </pre>
2021-03-07 18:56:21 +01:00
</ blockquote >
< p >
< input type = submit name = submit value = Back >
< p >
</ form >
2021-03-03 17:15:01 +01:00
< ? php
} else {
header ( " Location: ${ PHP_SELF } ? $qstr_sort & $qstr_filter " );
}
break ;
case 'renew-form' :
#
# Get last known values submitted by this user. We only really
# need the expiry value, but the old cert values will override
# the rest.
#
if ( ! $submit and file_exists ( " config/user- ${ PHPki_user } .php " )) {
include ( " config/user- ${ PHPki_user } .php " );
}
#
# Get values from the old certificate.
#
$rec = CAdb_get_entry ( $serial );
$country = $rec [ 'country' ];
$province = $rec [ 'province' ];
$locality = $rec [ 'locality' ];
$organization = $rec [ 'organization' ];
$unit = $rec [ 'unit' ];
$common_name = $rec [ 'common_name' ];
$email = $rec [ 'email' ];
printHeader ( 'ca' );
?>
< body onLoad = " self.focus();document.form.passwd.focus(); " >
< form action = " <?php echo $PHP_SELF .'?'. $qstr_sort .'&'. $qstr_filter ?> " method = post name = form >
2021-03-07 18:56:21 +01:00
< table width = 99 %>
< th colspan = " 2 " >< h3 > Certificate Renewal Form </ h3 ></ th >
< tr >
2021-03-09 01:03:45 +01:00
< td colspan = " 2 " style = " text-align:center " > This will Revoke the old Certificate and Create a new one < br >
< font color = red > If a password was used to create the original certificate you must use it below </ font ></ td >
2021-03-07 18:56:21 +01:00
</ tr >
< tr >
< td width = " 25% " > Common Name </ td >
< td >< input type = " text " " name= " common_name " value= " < ? php echo htvar ( $common_name ) ?> " size="50" maxlength="60" disabled></td>
</ tr >
< tr >
< td > E - mail Address </ td >
< td >< input type = " text " name = " email " value = " <?php echo htvar( $email )?> " size = " 50 " maxlength = " 60 " disabled ></ td >
</ tr >
< tr >
< td > Organization </ td >
< td >< input type = " text " name = " organization " value = " <?php echo htvar( $organization )?> " size = " 60 " maxlength = " 60 " disabled ></ td >
</ tr >
< tr >
< td > Department / Unit </ td >< td >< input type = " text " name = " unit " value = " <?php echo htvar( $unit ) ?> " size = " 40 " maxlength = " 60 " disabled ></ td >
</ tr >
< tr >
< td > Locality </ td >< td >< input type = " text " name = " locality " value = " <?php echo htvar( $locality ) ?> " size = " 30 " maxlength = " 30 " disabled ></ td >
</ tr >
< tr >
< td > State / Province </ td >< td >< input type = " text " name = " province " value = " <?php echo htvar( $province ) ?> " size = " 30 " maxlength = " 30 " disabled ></ td >
</ tr >
< tr >
< td > Country </ td >
< td >< input type = " text " name = " country " value = " <?php echo htvar( $country ) ?> " size = " 2 " maxlength = " 2 " disabled ></ td >
</ tr >
< tr >
2021-03-09 01:03:45 +01:00
< td > Certificate Password < font color = red >- might be required </ font ></ td >
2021-03-07 18:56:21 +01:00
< td >< input type = " password " name = " passwd " value = " <?php echo htvar( $passwd ) ?> " size = " 30 " ></ td >
</ tr >
< tr >
< td > Certificate Life </ td >
< td >< select name = expiry >
2021-03-03 17:15:01 +01:00
2021-03-07 18:56:21 +01:00
< ? php
print " <option value=0.083 " . ( $expiry == 1 ? " selected='selected' " : " " ) . " >1 Month</option> \n " ;
print " <option value=0.25 " . ( $expiry == 1 ? " selected='selected' " : " " ) . " >3 Months</option> \n " ;
print " <option value=0.5 " . ( $expiry == 1 ? " selected='selected' " : " " ) . " >6 Months</option> \n " ;
print " <option value=1 " . ( $expiry == 1 ? " selected='selected' " : " " ) . " >1 Year</option> \n " ;
for ( $i = 2 ; $i <= 5 ; $i ++ ) {
print " <option value= $i " . ( $expiry == $i ? " selected='selected' " : " " ) . " > $i Years</option> \n " ;
}
?>
2021-03-03 17:15:01 +01:00
2021-03-07 18:56:21 +01:00
</ select ></ td >
</ tr >
< tr >
< td >& nbsp </ td >
< td >
< input type = " submit " name = " submit " value = " Submit Request " >& nbsp
< input type = " submit " name = " submit " value = " Back " >
< input type = " hidden " name = " stage " value = " renew " >
< input type = " hidden " name = " serial " value = " <?php echo $serial ?> " >
</ td >
</ tr >
</ table >
</ form >
2021-03-03 17:15:01 +01:00
< ? php
printFooter ();
break ;
case 'renew' :
$ret = true ;
if ( $submit == " Submit Request " ) {
list ( $ret , $errtxt ) = CA_renew_cert ( $serial , $expiry , $passwd );
}
2021-03-07 18:56:21 +01:00
2021-03-03 17:15:01 +01:00
if ( ! $ret ) {
printHeader ( 'ca' );
print " <form action= \" $PHP_SELF ?stage=renew-form&serial= $serial & $qstr_sort & $qstr_filter\ " method = post > " ;
?>
< font color = #ff0000>
< h2 > There was an error creating your certificate .</ h2 >
</ font >< br >
< blockquote >
< h3 > Debug Info :</ h3 >
< pre >< ? php echo $errtxt ?> </pre>
2021-03-07 18:56:21 +01:00
</ blockquote >
< p >
< input type = " submit " name = " submit " value = " Back " >
< p >
</ form >
< ? php
2021-03-03 17:15:01 +01:00
} else {
header ( " Location: $PHP_SELF ? $qstr_sort & $qstr_filter " );
}
break ;
default :
printHeader ( 'ca' );
?>
2021-03-07 18:56:21 +01:00
2021-03-03 17:15:01 +01:00
< body onLoad = " self.focus();document.filter.search.focus(); " >
< table style = " margin:0 auto " >
< tr >< th colspan = 9 >< big > CERTIFICATE MANAGEMENT CONTROL PANEL </ big ></ th ></ tr >
< tr >< td colspan = 9 >< center >
< form action = " <?php echo " $PHP_SELF ? $qstr_sort " ?> " method = " get " name = " filter " >
2020-03-06 12:55:50 +01:00
Search : < input type = " text " name = search " value= " < ? php echo htvar ( $search ) ?> " style="font-size: 11px;" maxlength="60" size="30">
& nbsp & nbsp & nbsp & nbsp & nbsp & nbsp
2021-03-03 17:15:01 +01:00
< input type = " checkbox " name = " show_valid " value = " V " < ? php echo ( $show_valid ? 'checked' : '' ) ?> >Valid
2020-03-06 12:55:50 +01:00
& nbsp & nbsp
2021-03-03 17:15:01 +01:00
< input type = " checkbox " name = " show_revoked " value = " R " < ? php echo ( $show_revoked ? 'checked' : '' ) ?> >Revoked
2020-03-06 12:55:50 +01:00
& nbsp & nbsp
2021-03-03 17:15:01 +01:00
< input type = " checkbox " name = " show_expired " value = " E " < ? php echo ( $show_expired ? 'checked' : '' ) ?> >Expired
2020-03-06 12:55:50 +01:00
& nbsp & nbsp & nbsp & nbsp & nbsp
2021-03-03 17:15:01 +01:00
< input type = " submit " name = " submit " value = " Apply Filter " style = " font-size: 11px; " >
2012-02-28 08:23:39 +00:00
</ form >
2021-03-03 17:15:01 +01:00
</ center ></ td >
</ tr >
2021-03-07 18:56:21 +01:00
2021-03-03 17:15:01 +01:00
< ? php
if ( ! $sortfield ) {
$sortfield = 'email' ;
$ascdec = 'A' ;
}
if ( $ascdec == 'A' ) {
$arrow_gif = '../images/uparrow-blue.gif' ;
$ht_ascdec = 'D' ;
} else {
$arrow_gif = '../images/downarrow-blue.gif' ;
$ht_ascdec = 'A' ;
}
print '<tr>' ;
2021-03-07 18:56:21 +01:00
2021-03-03 17:15:01 +01:00
$headings = array (
'status' => " Status " , 'issued' => " Issued " , 'expires' => " Expires " ,
'common_name' => " User's Name " , 'email' => " E-mail " ,
'organization' => " Organization " , 'unit' => " Department " ,
'locality' => " Locality "
);
foreach ( $headings as $field => $head ) {
print '<th><a href="' . $PHP_SELF . '?sortfield=' . $field . '&ascdec=A&' . $qstr_filter . '" title="Click to sort on this column."><u>' . $head . '</u></a>' ;
if ( $sortfield == $field ) {
print ' <a href="' . $PHP_SELF . '?sortfield=' . $field . '&ascdec=' . $ht_ascdec . '&' . $qstr_filter . '" >' .
'<img src=' . $arrow_gif . ' height=12 alt=\'Change sort order.\' title=\'Click to reverse sort order.\'></a>' ;
}
print '</th>' ;
}
print '<th><font color=green>Actions</font></th>' ;
print '</tr>' ;
$x = " ^[ $show_valid $show_revoked $show_expired ] " ;
if ( in_array ( $PHPki_user , $PHPki_admins )) {
$x = " $x .* $search " ;
} else {
$x = " $x .* $search .* $PHPki_user | $x .* $PHPki_user .* $search " ;
}
$db = csort ( CAdb_to_array ( $x ), $sortfield , ( $ascdec == 'A' ? SORT_ASC : SORT_DESC ));
$stcolor = array ( 'Valid' => 'green' , 'Revoked' => 'red' , 'Expired' => 'orange' );
foreach ( $db as $rec ) {
2021-03-07 18:56:21 +01:00
print ' < tr style = " font-size: 11px; " >
2021-03-07 19:17:44 +01:00
< td >< font color = '. $stcolor[$rec[' status ']] . ' >< b > ' . $rec[' status '] . ' </ b ></ font ></ td >
2021-03-03 17:15:01 +01:00
< td style = " white-space: nowrap " > '.$rec[' issued '].' </ td >
< td style = " white-space: nowrap " > '.$rec[' expires '].' </ td >
2021-03-07 19:17:44 +01:00
< td > ' . $rec[' common_name '] . ' </ td >
2021-03-03 17:15:01 +01:00
< td style = " white-space: nowrap " >< a href = " mailto:' . htvar( $rec['common_name'] ) . ' <' . htvar( $rec['email'] ) . '> " > ' . htvar($rec[' email ']) . ' </ a ></ td >
2021-03-07 19:17:44 +01:00
< td > ' . htvar($rec[' organization ']) . ' </ td >
< td > ' . htvar($rec[' unit ']) . ' </ td >
< td > ' . htvar($rec[' locality ']) . ' </ td >
< td >< a href = " ' . $PHP_SELF . '?stage=display&serial=' . $rec['serial'] . ' " target = _certdisp > ' .
2021-03-03 17:15:01 +01:00
'<img src=../images/display.png alt="Display" title="Display complete certificate details."></a>' ;
if ( $rec [ 'status' ] == 'Valid' ) {
print '
2021-03-07 19:17:44 +01:00
< a href = " ' . $PHP_SELF . '?stage=dl-confirm&serial=' . $rec['serial'] . '&' . $qstr_sort . '&' . $qstr_filter . ' " > ' .
2021-03-03 17:15:01 +01:00
' < img src =../ images / download . png alt = " Download " title = " Download the PRIVATE certificate. DO NOT DISTRIBUTE THIS TO THE PUBLIC! " ></ a >
2021-03-07 19:17:44 +01:00
< a href = " ' . $PHP_SELF . '?stage=revoke-form&serial=' . $rec['serial'] . '&' . $qstr_sort . '&' . $qstr_filter . ' " > ' .
2021-03-03 17:15:01 +01:00
'<img src=../images/revoke.png alt="Revoke" title="Revoke the certificate when the e-mail address is no longer valid or the certificate password or private key has been compromised."></a>' ;
}
print '
2021-03-07 19:17:44 +01:00
< a href = " ' . $PHP_SELF . '?stage=renew-form&serial=' . $rec['serial'] . '&' . $qstr_sort . '&' . $qstr_filter . ' " > ' .
2021-03-03 17:15:01 +01:00
' < img src =../ images / renew . png alt = " Renew " title = " Renew the certificate by revoking it, if necessary, and creating a replacement with a new expiration date. " ></ a >
</ td ></ tr > ' ;
}
print '</table>' ;
printFooter ();
2012-02-28 08:23:39 +00:00
}
?>
