deprecated/phpki-ng
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Format with CodeSniffer --standard=PSR2

Browse Source
This commit is contained in:
John Crisp
2021-03-03 17:15:01 +01:00
parent fbf3170398
commit 6703d98ec9
23 changed files with 2309 additions and 2219 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
ca/index.php
View File

@@ -1,3 +1,2 @@
<?php
header("Location: ./../index.php");
?>

268
ca/main.php
View File

@@ -8,161 +8,159 @@ include("../include/openssl_functions.php");
$stage = gpvar('stage');
switch($stage) {
switch ($stage) {
case 'dl_takey':
upload($config['private_dir'] . '/takey.pem', $config['ca_prefix'] . 'takey.pem', 'application/octet-stream');
break;
case 'dl_takey':
upload($config['private_dir'] . '/takey.pem', $config['ca_prefix'] . 'takey.pem', 'application/octet-stream');
break;
case 'dl_dhparam':
upload($config['private_dir'] . '/dhparam2048.pem', $config['ca_prefix'] . 'dhparam2048.pem', 'application/octet-stream');
break;
case 'dl_dhparam':
upload($config['private_dir'] . '/dhparam2048.pem', $config['ca_prefix'] . 'dhparam2048.pem', 'application/octet-stream');
break;
case 'dl_root':
upload($config['cacert_pem'], $config['ca_prefix'] . 'cacert.crt', 'application/x-x509-ca-cert');
break;
case 'dl_root':
upload($config['cacert_pem'], $config['ca_prefix'] . 'cacert.crt', 'application/x-x509-ca-cert');
break;
case 'dl_crl':
upload($config['cacrl_der'], $config['ca_prefix'] . 'cacrl.crl', 'application/pkix-crl');
break;
case 'dl_crl':
upload($config['cacrl_der'], $config['ca_prefix'] . 'cacrl.crl', 'application/pkix-crl');
break;
case 'dl_crl_pem':
upload($config['cacrl_pem'], $config['ca_prefix'] . 'cacrl.crl', 'application/octet-stream');
break;
case 'dl_crl_pem':
upload($config['cacrl_pem'], $config['ca_prefix'] . 'cacrl.crl', 'application/octet-stream');
break;
case 'gen_crl':
list($ret,$errtxt) = CA_generate_crl();
case 'gen_crl':
list($ret,$errtxt) = CA_generate_crl();
printHeader(false);
printHeader(false);
if ($ret) {
?>
<center><h2>Certificate Revocation List Updated</h2></center>
<br>
<form action="<?php echo $PHP_SELF?>" method="post">
<input type="submit" name="submit" value="Back to Menu">
</form>
<?php
print '<pre>'.CA_crl_text().'</pre>';
} else {
?>
<font color="#ff0000">
<h2>There was an error updating the Certificate Revocation List.</h2></font><br>
<blockquote>
<h3>Debug Info:</h3>
<pre><?php echo $errtxt?></pre>
</blockquote>
<form action="<?php echo $PHP_SELF?>" method="post">
<br>
<input type="submit" name="submit" value="Back to Menu">
<br>
</form>
<?php
}
break;
if ($ret) {
?>
<center><h2>Certificate Revocation List Updated</h2></center>
<br>
<form action="<?php echo $PHP_SELF?>" method="post">
<input type="submit" name="submit" value="Back to Menu">
</form>
<?php
print '<pre>'.CA_crl_text().'</pre>';
}
else {
?>
<font color="#ff0000">
<h2>There was an error updating the Certificate Revocation List.</h2></font><br>
<blockquote>
<h3>Debug Info:</h3>
<pre><?php echo $errtxt?></pre>
</blockquote>
<form action="<?php echo $PHP_SELF?>" method="post">
<br>
<input type="submit" name="submit" value="Back to Menu">
<br>
</form>
<?php
}
break;
case 'display_takey':
printHeader(false);
case 'display_takey':
printHeader(false);
?>
<center><h2>OpenVPN pre-shared Key</h2></center>
<br>
<form action="<?php echo $PHP_SELF?>" method="post">
<input type="submit" name="submit" value="Back to Menu">
</form>
<?php
print '<pre>'.ta_key_text().'</pre>';
break;
?>
<center><h2>OpenVPN pre-shared Key</h2></center>
<br>
<form action="<?php echo $PHP_SELF?>" method="post">
<input type="submit" name="submit" value="Back to Menu">
</form>
<?php
print '<pre>'.ta_key_text().'</pre>';
break;
case 'display_dhparam':
printHeader(false);
case 'display_dhparam':
printHeader(false);
?>
<center><h2>OpenVPN Diffie-Helman parameters</h2></center>
<br>
<form action="<?php echo $PHP_SELF?>" method="post">
<input type=submit name=submit value="Back to Menu">
</form>
<?php
print '<pre>'.dhparam_text().'</pre>';
break;
?>
<center><h2>OpenVPN Diffie-Helman parameters</h2></center>
<br>
<form action="<?php echo $PHP_SELF?>" method="post">
<input type=submit name=submit value="Back to Menu">
</form>
<?php
print '<pre>'.dhparam_text().'</pre>';
break;
case 'display_root_pem':
printHeader(false);
case 'display_root_pem':
printHeader(false);
?>
<center><h2>Root certificate file (PEM Encoded)</h2></center>
<br>
<form action="<?php echo $PHP_SELF?>" method="post">
<input type="submit" name="submit" value="Back to Menu">
</form>
<?php
print '<pre>'.root_pem_text().'</pre>';
break;
?>
<center><h2>Root certificate file (PEM Encoded)</h2></center>
<br>
<form action="<?php echo $PHP_SELF?>" method="post">
<input type="submit" name="submit" value="Back to Menu">
</form>
<?php
print '<pre>'.root_pem_text().'</pre>';
break;
default:
printHeader('ca');
?>
<br>
<br>
<center>
<table class="menu" width="600px"><th class="menu" colspan="2"><big>CERTIFICATE MANAGEMENT MENU</big></th>
<tr><td style="text-align: center; vertical-align: middle; font-weight: bold;" width="33%">
<a href="request_cert.php">Create a New Certificate</a></td>
<td>Use the <strong><cite>Certificate Request Form</cite></strong> to create and download new digital certificates.
You may create certificates in succession without re-entering the entire form
by clicking the "<strong>Go Back</strong>" button after each certificate is created.</td></tr>
default:
printHeader('ca');
?>
<br>
<br>
<center>
<table class="menu" width="600px"><th class="menu" colspan="2"><big>CERTIFICATE MANAGEMENT MENU</big></th>
<tr><td style="text-align: center; vertical-align: middle; font-weight: bold;" width="33%">
<a href="request_cert.php">Create a New Certificate</a></td>
<td>Use the <strong><cite>Certificate Request Form</cite></strong> to create and download new digital certificates.
You may create certificates in succession without re-entering the entire form
by clicking the "<strong>Go Back</strong>" button after each certificate is created.</td></tr>
<tr><td style="text-align: center; vertical-align: middle; font-weight: bold;">
<a href="manage_certs.php">Manage Certificates</a></td>
<td>Conveniently view, download, revoke, and renew your existing certificates using the
<strong><cite>Certificate Management Control Panel</cite></strong>.</td></tr>
<tr><td style="text-align: center; vertical-align: middle; font-weight: bold;">
<a href="manage_certs.php">Manage Certificates</a></td>
<td>Conveniently view, download, revoke, and renew your existing certificates using the
<strong><cite>Certificate Management Control Panel</cite></strong>.</td></tr>
<tr><td style="text-align: center; vertical-align: middle; font-weight: bold;">
<a href="<?php echo $PHP_SELF?>?stage=gen_crl">Update & View the Certificate Revocation List</a></td>
<td>Some applications automagically reference the Certificate Revocation List to determine
certificate validity. It is not necessary to perform this update function, as the CRL is
updated when certificates are revoked. However, doing so is harmless.
<a href="../help.php" target="_help">Read the online help</a> to learn more about this.</td></tr>
<tr><td style="text-align: center; vertical-align: middle; font-weight: bold;">
<a href="<?php echo $PHP_SELF?>?stage=gen_crl">Update & View the Certificate Revocation List</a></td>
<td>Some applications automagically reference the Certificate Revocation List to determine
certificate validity. It is not necessary to perform this update function, as the CRL is
updated when certificates are revoked. However, doing so is harmless.
<a href="../help.php" target="_help">Read the online help</a> to learn more about this.</td></tr>
<tr><td style="text-align: center; vertical-align: middle; font-weight: bold;">
<a href="<?php echo $PHP_SELF?>?stage=dl_root">Download the Root Certificate</a><br><br>
<a href="<?php echo $PHP_SELF?>?stage=display_root_pem">Display the Root Certificate (PEM Encoded)</a></td>
<td>The "Root" certificate must be installed before using any of the
certificates issued here. <a href="../help.php" target="_help">Read the online help</a>
to learn more about this.</td></tr>
<tr><td style="text-align: center; vertical-align: middle; font-weight: bold;">
<a href="<?php echo $PHP_SELF?>?stage=dl_root">Download the Root Certificate</a><br><br>
<a href="<?php echo $PHP_SELF?>?stage=display_root_pem">Display the Root Certificate (PEM Encoded)</a></td>
<td>The "Root" certificate must be installed before using any of the
certificates issued here. <a href="../help.php" target="_help">Read the online help</a>
to learn more about this.</td></tr>
<tr><td style="text-align: center; vertical-align: middle; font-weight: bold;">
<a href="<?php echo $PHP_SELF?>?stage=dl_crl">Download the Certificate Revocation List</a><br><br>
<a href="<?php echo $PHP_SELF?>?stage=dl_crl_pem">Download in PEM format.</a></td>
<td>This is the official list of revoked certificates. Using this list with your e-mail or
browser application is optional. Some applications will automagically reference this list.</td></tr>
<?php
if (file_exists($config['private_dir'] . '/takey.pem')) {
?>
<tr><td style="text-align: center; vertical-align: middle; font-weight: bold;">
<a href="<?php echo $PHP_SELF?>?stage=dl_takey">Download the static pre-shared key</a><br><br>
<a href="<?php echo $PHP_SELF?>?stage=display_takey">Display the static pre-shared key</a></td>
<td>This key can be used with OpenVPN as a standalone auth mechanism, or as an additional TLS authentication.</td></tr>
<?php }
?>
<?php if (file_exists ($config['private_dir'] . '/dhparam2048.pem')) {
?>
<tr><td style="text-align: center; vertical-align: middle; font-weight: bold;">
<a href="<?php echo $PHP_SELF?>?stage=dl_dhparam">Download the Diffie-Hellman parameters</a><br><br>
<a href="<?php echo $PHP_SELF?>?stage=display_dhparam">Display the Diffie-Hellman parameters</a></td>
<td>This file is used by OpenVPN for the hand-shake. The Diffie-Hellman key agreement
protocol enables two communication partners to exchange a secret key safely.</td></tr>
<?php }
?>
<tr><td style="text-align: center; vertical-align: middle; font-weight: bold;">
<a href="<?php echo $PHP_SELF?>?stage=dl_crl">Download the Certificate Revocation List</a><br><br>
<a href="<?php echo $PHP_SELF?>?stage=dl_crl_pem">Download in PEM format.</a></td>
<td>This is the official list of revoked certificates. Using this list with your e-mail or
browser application is optional. Some applications will automagically reference this list.</td></tr>
<?php
if (file_exists($config['private_dir'] . '/takey.pem')) {
?>
<tr><td style="text-align: center; vertical-align: middle; font-weight: bold;">
<a href="<?php echo $PHP_SELF?>?stage=dl_takey">Download the static pre-shared key</a><br><br>
<a href="<?php echo $PHP_SELF?>?stage=display_takey">Display the static pre-shared key</a></td>
<td>This key can be used with OpenVPN as a standalone auth mechanism, or as an additional TLS authentication.</td></tr>
<?php }
?>
<?php if (file_exists($config['private_dir'] . '/dhparam2048.pem')) {
?>
<tr><td style="text-align: center; vertical-align: middle; font-weight: bold;">
<a href="<?php echo $PHP_SELF?>?stage=dl_dhparam">Download the Diffie-Hellman parameters</a><br><br>
<a href="<?php echo $PHP_SELF?>?stage=display_dhparam">Display the Diffie-Hellman parameters</a></td>
<td>This file is used by OpenVPN for the hand-shake. The Diffie-Hellman key agreement
protocol enables two communication partners to exchange a secret key safely.</td></tr>
<?php }
?>
</table>
</center>
<br><br>
<?php
printFooter();
</table>
</center>
<br><br>
<?php
printFooter();
}
?>

675
ca/manage_certs.php
View File

@@ -22,404 +22,403 @@ $show_expired = gpvar('show_expired');
# Prevent handling certs that don't belong to user
if ($serial && CAdb_issuer($serial) != $PHPki_user && ! in_array($PHPki_user, $PHPki_admins)) {
$stage = 'goaway';
if ($serial && CAdb_issuer($serial) != $PHPki_user && ! in_array($PHPki_user, $PHPki_admins)) {
$stage = 'goaway';
}
if ( !($show_valid.$show_revoked.$show_expired) ) {
$show_valid = 'V';
$show_revoked = 'R';
$show_expired = 'E';
if (!($show_valid.$show_revoked.$show_expired)) {
$show_valid = 'V';
$show_revoked = 'R';
$show_expired = 'E';
}
$qstr_filter = 'search='.htvar($search) . '&' . "show_valid=$show_valid&" . "show_revoked=$show_revoked&" . "show_expired=$show_expired&";
$qstr_filter = 'search='.htvar($search) . '&' . "show_valid=$show_valid&" . "show_revoked=$show_revoked&" . "show_expired=$show_expired&";
$qstr_sort = "sortfield=$sortfield&ascdec=$ascdec";
switch ($stage) {
case 'goaway':
printHeader(false);
?>
case 'goaway':
printHeader(false);
?>
<p><center><h1><font color="red">YOU ARE A VERY BAD BOY!</font></h2></center>
<p><center><h1><font color="red">YOU ARE A VERY BAD BOY!</font></h2></center>
<?php
break;
<?php
break;
case 'display':
printHeader(false);
?>
<center><h2>Certificate Details</h2></center>
<center><font color="#0000AA"><h3>(#<?php echo $serial?>)<br><?php echo htvar(CA_cert_cname($serial).' <'.CA_cert_email($serial).'>')?> </h3></font></center>
<?php
case 'display':
printHeader(false);
?>
<center><h2>Certificate Details</h2></center>
<center><font color="#0000AA"><h3>(#<?php echo $serial?>)<br><?php echo htvar(CA_cert_cname($serial).' <'.CA_cert_email($serial).'>')?> </h3></font></center>
<?php
if ($revoke_date = CAdb_is_revoked($serial)) {
print '<center><font color=red><h2>REVOKED '.$revoke_date.'</h2></font></center>';
}
if ($revoke_date = CAdb_is_revoked($serial)) {
print '<center><font color=red><h2>REVOKED '.$revoke_date.'</h2></font></center>';
}
print '<pre>'.CA_cert_text($serial).'</pre>';
break;
print '<pre>'.CA_cert_text($serial).'</pre>';
break;
case 'dl-confirm':
printHeader('ca');
case 'dl-confirm':
printHeader('ca');
$rec = CAdb_get_entry($serial);
$rec = CAdb_get_entry($serial);
?>
<h3>You are about to download the <font color=red>PRIVATE</font> certificate key for <?php echo $rec['common_name'].' &lt;'.$rec['email'].'&gt; '?></h3>
<h3><font color="red">DO NOT DISTRIBUTE THIS FILE TO THE PUBLIC!</font></h3>
<form action="<?php echo $PHP_SELF.'?stage=download&serial='.$serial.'&'.$qstr_sort.'&'.$qstr_filter?>" method="post">
<strong>File type: </strong>
<select name="dl_type">
<option value="PKCS#12">PKCS#12 Bundle</option>
<option value="PEMCERT">PEM Certificate</option>
<option value="PEMKEY">PEM Key</option>
<option value="PEMBUNDLE">PEM Bundle</option>
<option value="PEMCABUNDLE">PEM Bundle w/Root</option>
</select>
<input type="submit" name="submit" value="Download">
&nbsp; or &nbsp;
<input type="submit" name="submit" value="Go Back">
</form>
?>
<h3>You are about to download the <font color=red>PRIVATE</font> certificate key for <?php echo $rec['common_name'].' &lt;'.$rec['email'].'&gt; '?></h3>
<h3><font color="red">DO NOT DISTRIBUTE THIS FILE TO THE PUBLIC!</font></h3>
<form action="<?php echo $PHP_SELF.'?stage=download&serial='.$serial.'&'.$qstr_sort.'&'.$qstr_filter?>" method="post">
<strong>File type: </strong>
<select name="dl_type">
<option value="PKCS#12">PKCS#12 Bundle</option>
<option value="PEMCERT">PEM Certificate</option>
<option value="PEMKEY">PEM Key</option>
<option value="PEMBUNDLE">PEM Bundle</option>
<option value="PEMCABUNDLE">PEM Bundle w/Root</option>
</select>
<input type="submit" name="submit" value="Download">
&nbsp; or &nbsp;
<input type="submit" name="submit" value="Go Back">
</form>
<?php
break;
break;
case 'download':
if (strstr($submit, "Back")) $dl_type = '';
case 'download':
if (strstr($submit, "Back")) {
$dl_type = '';
}
$rec = CAdb_get_entry($serial);
$rec = CAdb_get_entry($serial);
switch ($dl_type) {
case 'PKCS#12':
upload($config['pfx_dir'] . "/$serial.pfx", "$rec[common_name].p12", 'application/x-pkcs12');
break;
case 'PEMCERT':
upload($config['new_certs_dir'] . "/$serial.pem", "$rec[common_name]-cert.pem",'application/pkix-cert');
break;
case 'PEMKEY':
upload($config['private_dir'] . "/$serial-key.pem", "$rec[common_name]-key.pem",'application/octet-stream');
break;
case 'PEMBUNDLE':
upload(array($config['private_dir'] . "/$serial-key.pem",$config['new_certs_dir'] . "/$serial.pem"), $rec['common_name'] . "-Bundle.pem",'application/octet-stream');
break;
case 'PEMCABUNDLE':
upload(array($config['private_dir'] . "/$serial-key.pem",$config['new_certs_dir'] . "/$serial.pem", $config['cacert_pem']), $rec['common_name'] . "-CABundle.pem",'application/octet-stream');
break;
default:
header("Location: ${PHP_SELF}?$qstr_sort&$qstr_filter");
}
break;
switch ($dl_type) {
case 'PKCS#12':
upload($config['pfx_dir'] . "/$serial.pfx", "$rec[common_name].p12", 'application/x-pkcs12');
break;
case 'PEMCERT':
upload($config['new_certs_dir'] . "/$serial.pem", "$rec[common_name]-cert.pem", 'application/pkix-cert');
break;
case 'PEMKEY':
upload($config['private_dir'] . "/$serial-key.pem", "$rec[common_name]-key.pem", 'application/octet-stream');
break;
case 'PEMBUNDLE':
upload(array($config['private_dir'] . "/$serial-key.pem",$config['new_certs_dir'] . "/$serial.pem"), $rec['common_name'] . "-Bundle.pem", 'application/octet-stream');
break;
case 'PEMCABUNDLE':
upload(array($config['private_dir'] . "/$serial-key.pem",$config['new_certs_dir'] . "/$serial.pem", $config['cacert_pem']), $rec['common_name'] . "-CABundle.pem", 'application/octet-stream');
break;
default:
header("Location: ${PHP_SELF}?$qstr_sort&$qstr_filter");
}
break;
case 'revoke-form':
$rec = CAdb_get_entry($serial);
case 'revoke-form':
$rec = CAdb_get_entry($serial);
printHeader('ca');
printHeader('ca');
?>
<h4>You are about to <font color=red>REVOKE</font> the following certificate:
<hr>
<table width="500px"><tr>
<td width="25%" style="white-space: nowrap">
<p align="right">
?>
<h4>You are about to <font color=red>REVOKE</font> the following certificate:
<hr>
<table width="500px"><tr>
<td width="25%" style="white-space: nowrap">
<p align="right">
Serial Number<br>
User's Name<br>
Email Address<br>
Organization<br>
Department/Unit<br>
Locality<br>
State/Province<br>
Country<br>
</p>
</td>
<?php
User's Name<br>
Email Address<br>
Organization<br>
Department/Unit<br>
Locality<br>
State/Province<br>
Country<br>
</p>
</td>
<?php
print '
<td>
'.htvar($rec['serial']).'<br>
'.htvar($rec['common_name']).'<br>
'.htvar($rec['email']).'<br>
'.htvar($rec['organization']).'<br>
'.htvar($rec['unit']).'<br>
'.htvar($rec['locality']).'<br>
'.htvar($rec['province']).'<br>
'.htvar($rec['country']).'<br>
</td>
</tr></table>
<h4>Are you sure?</h4>
<form action="'.$PHP_SELF.'?'.$qstr_sort.'&'.$qstr_filter.'" method=post>
<input type=hidden name=stage value=revoke >
<input type=hidden name=serial value='.$serial.' >
<input type=submit name=submit value=Yes >&nbsp
<input type=submit name=submit value=Cancel>
</form>';
break;
print '
<td>
'.htvar($rec['serial']).'<br>
'.htvar($rec['common_name']).'<br>
'.htvar($rec['email']).'<br>
'.htvar($rec['organization']).'<br>
'.htvar($rec['unit']).'<br>
'.htvar($rec['locality']).'<br>
'.htvar($rec['province']).'<br>
'.htvar($rec['country']).'<br>
</td>
</tr></table>
<h4>Are you sure?</h4>
<form action="'.$PHP_SELF.'?'.$qstr_sort.'&'.$qstr_filter.'" method=post>
<input type=hidden name=stage value=revoke >
<input type=hidden name=serial value='.$serial.' >
<input type=submit name=submit value=Yes >&nbsp
<input type=submit name=submit value=Cancel>
</form>';
break;
case 'revoke':
$ret = true;
if ($submit == 'Yes')
list($ret, $errtxt) = CA_revoke_cert($serial);
case 'revoke':
$ret = true;
if ($submit == 'Yes') {
list($ret, $errtxt) = CA_revoke_cert($serial);
}
if (! $ret) {
printHeader('ca');
if (! $ret) {
printHeader('ca');
print "<form action=\"$PHP_SELF?stage=revoke-form&serial=$serial&$qstr_sort&$qstr_filter\" method=post>";
?>
<font color=#ff0000>
<h2>There was an error revoking your certificate.</h2></font><br>
<blockquote>
<h3>Debug Info:</h3>
<pre><?php echo $errtxt?></pre>
</blockquote>
<p>
<input type=submit name=submit value=Back>
<p>
</form>
<?php
}
else
header("Location: ${PHP_SELF}?$qstr_sort&$qstr_filter");
break;
print "<form action=\"$PHP_SELF?stage=revoke-form&serial=$serial&$qstr_sort&$qstr_filter\" method=post>";
?>
<font color=#ff0000>
<h2>There was an error revoking your certificate.</h2></font><br>
<blockquote>
<h3>Debug Info:</h3>
<pre><?php echo $errtxt?></pre>
</blockquote>
<p>
<input type=submit name=submit value=Back>
<p>
</form>
<?php
} else {
header("Location: ${PHP_SELF}?$qstr_sort&$qstr_filter");
}
break;
case 'renew-form':
#
# Get last known values submitted by this user. We only really
# need the expiry value, but the old cert values will override
# the rest.
#
if (! $submit and file_exists("config/user-${PHPki_user}.php")) {
include("config/user-${PHPki_user}.php");
case 'renew-form':
#
# Get last known values submitted by this user. We only really
# need the expiry value, but the old cert values will override
# the rest.
#
if (! $submit and file_exists("config/user-${PHPki_user}.php")) {
include("config/user-${PHPki_user}.php");
}
#
# Get values from the old certificate.
#
$rec = CAdb_get_entry($serial);
$country = $rec['country'];
$province = $rec['province'];
$locality = $rec['locality'];
$organization = $rec['organization'];
$unit = $rec['unit'];
$common_name = $rec['common_name'];
$email = $rec['email'];
printHeader('ca');
?>
<body onLoad="self.focus();document.form.passwd.focus();">
<form action="<?php echo $PHP_SELF.'?'.$qstr_sort.'&'.$qstr_filter?>" method=post name=form>
<table width=99%>
<th colspan="2"><h3>Certificate Renewal Form</h3></th>
<tr>
<td colspan="2" style="text-align:center">This will Revoke the old Certificate and Create a new one<br>You can add a password if required</td>
</tr>
<tr>
<td width="25%">Common Name </td>
<td><input type="text"" name="common_name" value="<?php echo htvar($common_name)?>" size="50" maxlength="60" disabled></td>
</tr>
<tr>
<td>E-mail Address </td>
<td><input type="text" name="email" value="<?php echo htvar($email)?>" size="50" maxlength="60" disabled></td>
</tr>
<tr>
<td>Organization </td>
<td><input type="text" name="organization" value="<?php echo htvar($organization)?>" size="60" maxlength="60" disabled></td>
</tr>
<tr>
<td>Department/Unit </td><td><input type="text" name="unit" value="<?php echo htvar($unit) ?>" size="40" maxlength="60" disabled></td>
</tr>
<tr>
<td>Locality</td><td><input type="text" name="locality" value="<?php echo htvar($locality) ?>" size="30" maxlength="30" disabled></td>
</tr>
<tr>
<td>State/Province</td><td><input type="text" name="province" value="<?php echo htvar($province) ?>" size="30" maxlength="30" disabled></td>
</tr>
<tr>
<td>Country</td>
<td><input type="text" name="country" value="<?php echo htvar($country) ?>" size="2" maxlength="2" disabled></td>
</tr>
<tr>
<td>Certificate Password </td>
<td><input type="password" name="passwd" value="<?php echo htvar($passwd) ?>" size="30"></td>
</tr>
<tr>
<td>Certificate Life </td>
<td><select name=expiry>
<?php
print "<option value=0.083 " . ($expiry == 1 ? "selected='selected'" : "") . " >1 Month</option>\n" ;
print "<option value=0.25 " . ($expiry == 1 ? "selected='selected'" : "") . " >3 Months</option>\n" ;
print "<option value=0.5 " . ($expiry == 1 ? "selected='selected'" : "") . " >6 Months</option>\n" ;
print "<option value=1 " . ($expiry == 1 ? "selected='selected'" : "") . " >1 Year</option>\n" ;
for ($i = 2; $i <= 5; $i++) {
print "<option value=$i " . ($expiry == $i ? "selected='selected'" : "") . " >$i Years</option>\n" ;
}
#
# Get values from the old certificate.
#
$rec = CAdb_get_entry($serial);
$country = $rec['country'];
$province = $rec['province'];
$locality = $rec['locality'];
$organization = $rec['organization'];
$unit = $rec['unit'];
$common_name = $rec['common_name'];
$email = $rec['email'];
printHeader('ca');
?>
<body onLoad="self.focus();document.form.passwd.focus();">
?>
<form action="<?php echo $PHP_SELF.'?'.$qstr_sort.'&'.$qstr_filter?>" method=post name=form>
<table width=99%>
<th colspan="2"><h3>Certificate Renewal Form</h3></th>
</select></td>
</tr>
<tr>
<td>&nbsp</td>
<td>
<input type="submit" name="submit" value="Submit Request">&nbsp
<input type="submit" name="submit" value="Back">
<input type="hidden" name="stage" value="renew">
<input type="hidden" name="serial" value="<?php echo $serial ?>" >
</td>
</tr>
</table>
</form>
<?php
<tr>
<td colspan="2" style="text-align:center">This will Revoke the old Certificate and Create a new one<br>You can add a password if required</td>
</tr>
<tr>
<td width="25%">Common Name </td>
<td><input type="text"" name="common_name" value="<?php echo htvar($common_name)?>" size="50" maxlength="60" disabled></td>
</tr>
printFooter();
break;
<tr>
<td>E-mail Address </td>
<td><input type="text" name="email" value="<?php echo htvar($email)?>" size="50" maxlength="60" disabled></td>
</tr>
<tr>
<td>Organization </td>
<td><input type="text" name="organization" value="<?php echo htvar($organization)?>" size="60" maxlength="60" disabled></td>
</tr>
<tr>
<td>Department/Unit </td><td><input type="text" name="unit" value="<?php echo htvar($unit) ?>" size="40" maxlength="60" disabled></td>
</tr>
<tr>
<td>Locality</td><td><input type="text" name="locality" value="<?php echo htvar($locality) ?>" size="30" maxlength="30" disabled></td>
</tr>
<tr>
<td>State/Province</td><td><input type="text" name="province" value="<?php echo htvar($province) ?>" size="30" maxlength="30" disabled></td>
</tr>
<tr>
<td>Country</td>
<td><input type="text" name="country" value="<?php echo htvar($country) ?>" size="2" maxlength="2" disabled></td>
</tr>
<tr>
<td>Certificate Password </td>
<td><input type="password" name="passwd" value="<?php echo htvar($passwd) ?>" size="30"></td>
</tr>
<tr>
<td>Certificate Life </td>
<td><select name=expiry>
<?php
print "<option value=0.083 " . ($expiry == 1 ? "selected='selected'" : "") . " >1 Month</option>\n" ;
print "<option value=0.25 " . ($expiry == 1 ? "selected='selected'" : "") . " >3 Months</option>\n" ;
print "<option value=0.5 " . ($expiry == 1 ? "selected='selected'" : "") . " >6 Months</option>\n" ;
print "<option value=1 " . ($expiry == 1 ? "selected='selected'" : "") . " >1 Year</option>\n" ;
for ( $i = 2 ; $i <= 5 ; $i++ ) {
print "<option value=$i " . ($expiry == $i ? "selected='selected'" : "") . " >$i Years</option>\n" ;
}
?>
</select></td>
</tr>
<tr>
<td>&nbsp</td>
<td>
<input type="submit" name="submit" value="Submit Request">&nbsp
<input type="submit" name="submit" value="Back">
<input type="hidden" name="stage" value="renew">
<input type="hidden" name="serial" value="<?php echo $serial ?>" >
</td>
</tr>
</table>
</form>
<?php
printFooter();
break;
case 'renew':
$ret = true;
if ($submit == "Submit Request") {
list($ret, $errtxt) = CA_renew_cert($serial, $expiry, $passwd);
}
case 'renew':
$ret = true;
if ($submit == "Submit Request") {
list($ret, $errtxt) = CA_renew_cert($serial, $expiry, $passwd);
}
if (! $ret) {
printHeader('ca');
if (! $ret) {
printHeader('ca');
print "<form action=\"$PHP_SELF?stage=renew-form&serial=$serial&$qstr_sort&$qstr_filter\" method=post>";
?>
<font color=#ff0000>
<h2>There was an error creating your certificate.</h2>
</font><br>
<blockquote>
<h3>Debug Info:</h3>
<pre><?php echo $errtxt?></pre>
</blockquote>
<p>
<input type="submit" name="submit" value="Back">
<p>
</form>
<?php
}
else {
header("Location: $PHP_SELF?$qstr_sort&$qstr_filter");
}
print "<form action=\"$PHP_SELF?stage=renew-form&serial=$serial&$qstr_sort&$qstr_filter\" method=post>";
?>
<font color=#ff0000>
<h2>There was an error creating your certificate.</h2>
</font><br>
<blockquote>
<h3>Debug Info:</h3>
<pre><?php echo $errtxt?></pre>
</blockquote>
<p>
<input type="submit" name="submit" value="Back">
<p>
</form>
<?php
} else {
header("Location: $PHP_SELF?$qstr_sort&$qstr_filter");
}
break;
break;
default:
default:
printHeader('ca');
printHeader('ca');
?>
<body onLoad="self.focus();document.filter.search.focus();">
<table style="margin:0 auto">
<tr><th colspan=9><big>CERTIFICATE MANAGEMENT CONTROL PANEL</big></th></tr>
<tr><td colspan=9><center>
<form action="<?php echo "$PHP_SELF?$qstr_sort"?>" method="get" name="filter">
?>
<body onLoad="self.focus();document.filter.search.focus();">
<table style="margin:0 auto">
<tr><th colspan=9><big>CERTIFICATE MANAGEMENT CONTROL PANEL</big></th></tr>
<tr><td colspan=9><center>
<form action="<?php echo "$PHP_SELF?$qstr_sort"?>" method="get" name="filter">
Search: <input type="text" name=search" value="<?php echo htvar($search)?>" style="font-size: 11px;" maxlength="60" size="30">
&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp
<input type="checkbox" name="show_valid" value="V" <?php echo ($show_valid?'checked':'')?>>Valid
<input type="checkbox" name="show_valid" value="V" <?php echo ($show_valid?'checked':'')?>>Valid
&nbsp&nbsp
<input type="checkbox" name="show_revoked" value="R" <?php echo ($show_revoked?'checked':'')?>>Revoked
<input type="checkbox" name="show_revoked" value="R" <?php echo ($show_revoked?'checked':'')?>>Revoked
&nbsp&nbsp
<input type="checkbox" name="show_expired" value="E" <?php echo ($show_expired?'checked':'')?>>Expired
<input type="checkbox" name="show_expired" value="E" <?php echo ($show_expired?'checked':'')?>>Expired
&nbsp&nbsp&nbsp&nbsp&nbsp
<input type="submit" name="submit" value="Apply Filter" style="font-size: 11px;">
<input type="submit" name="submit" value="Apply Filter" style="font-size: 11px;">
</form>
</center></td>
</tr>
<?php
</center></td>
</tr>
<?php
if (! $sortfield) {
$sortfield = 'email' ;
$ascdec = 'A';
}
if (! $sortfield) {
$sortfield = 'email' ;
$ascdec = 'A';
}
if ($ascdec == 'A') {
$arrow_gif = '../images/uparrow-blue.gif';
$ht_ascdec = 'D';
}
else {
$arrow_gif = '../images/downarrow-blue.gif';
$ht_ascdec = 'A';
}
if ($ascdec == 'A') {
$arrow_gif = '../images/uparrow-blue.gif';
$ht_ascdec = 'D';
} else {
$arrow_gif = '../images/downarrow-blue.gif';
$ht_ascdec = 'A';
}
print '<tr>';
$headings = array(
'status'=>"Status", 'issued'=>"Issued", 'expires'=>"Expires",
'common_name'=>"User's Name", 'email'=>"E-mail",
'organization'=>"Organization", 'unit'=>"Department",
'locality'=>"Locality"
);
print '<tr>';
$headings = array(
'status'=>"Status", 'issued'=>"Issued", 'expires'=>"Expires",
'common_name'=>"User's Name", 'email'=>"E-mail",
'organization'=>"Organization", 'unit'=>"Department",
'locality'=>"Locality"
);
foreach($headings as $field=>$head) {
print '<th><a href="'.$PHP_SELF.'?sortfield='.$field.'&ascdec=A&'.$qstr_filter.'" title="Click to sort on this column."><u>'.$head.'</u></a>';
foreach ($headings as $field => $head) {
print '<th><a href="'.$PHP_SELF.'?sortfield='.$field.'&ascdec=A&'.$qstr_filter.'" title="Click to sort on this column."><u>'.$head.'</u></a>';
if ($sortfield == $field) {
print '&nbsp<a href="'.$PHP_SELF.'?sortfield='.$field.'&ascdec='.$ht_ascdec.'&'.$qstr_filter.'" >'.
'<img src='.$arrow_gif.' height=12 alt=\'Change sort order.\' title=\'Click to reverse sort order.\'></a>';
}
if ($sortfield == $field) {
print '&nbsp<a href="'.$PHP_SELF.'?sortfield='.$field.'&ascdec='.$ht_ascdec.'&'.$qstr_filter.'" >'.
'<img src='.$arrow_gif.' height=12 alt=\'Change sort order.\' title=\'Click to reverse sort order.\'></a>';
}
print '</th>';
}
print '<th><font color=green>Actions</font></th>';
print '</tr>';
print '</th>';
}
print '<th><font color=green>Actions</font></th>';
print '</tr>';
$x = "^[$show_valid$show_revoked$show_expired]";
$x = "^[$show_valid$show_revoked$show_expired]";
if (in_array($PHPki_user, $PHPki_admins)) {
$x = "$x.*$search";
}
else {
$x = "$x.*$search.*$PHPki_user|$x.*$PHPki_user.*$search";
}
if (in_array($PHPki_user, $PHPki_admins)) {
$x = "$x.*$search";
} else {
$x = "$x.*$search.*$PHPki_user|$x.*$PHPki_user.*$search";
}
$db = csort(CAdb_to_array($x), $sortfield, ($ascdec=='A'?SORT_ASC:SORT_DESC));
$db = csort(CAdb_to_array($x), $sortfield, ($ascdec=='A'?SORT_ASC:SORT_DESC));
$stcolor = array('Valid'=>'green','Revoked'=>'red','Expired'=>'orange');
$stcolor = array('Valid'=>'green','Revoked'=>'red','Expired'=>'orange');
foreach($db as $rec) {
print '<tr style="font-size: 11px;">
<td><font color='.$stcolor[$rec['status']].'><b>' .$rec[status].'</b></font></td>
<td style="white-space: nowrap">'.$rec['issued'].'</td>
<td style="white-space: nowrap">'.$rec['expires'].'</td>
<td>'.$rec['common_name'].'</td>
<td style="white-space: nowrap"><a href="mailto:' . htvar($rec['common_name']) . ' <' . htvar($rec['email']) . '>" >' . htvar($rec['email']) . '</a></td>
<td>'.htvar($rec['organization']).'</td>
<td>'.htvar($rec['unit']).'</td>
<td>'.htvar($rec['locality']).'</td>
<td><a href="'.$PHP_SELF.'?stage=display&serial='.$rec['serial'].'" target=_certdisp>'.
'<img src=../images/display.png alt="Display" title="Display complete certificate details."></a>';
foreach ($db as $rec) {
print '<tr style="font-size: 11px;">
<td><font color='.$stcolor[$rec['status']].'><b>' .$rec[status].'</b></font></td>
<td style="white-space: nowrap">'.$rec['issued'].'</td>
<td style="white-space: nowrap">'.$rec['expires'].'</td>
<td>'.$rec['common_name'].'</td>
<td style="white-space: nowrap"><a href="mailto:' . htvar($rec['common_name']) . ' <' . htvar($rec['email']) . '>" >' . htvar($rec['email']) . '</a></td>
<td>'.htvar($rec['organization']).'</td>
<td>'.htvar($rec['unit']).'</td>
<td>'.htvar($rec['locality']).'</td>
<td><a href="'.$PHP_SELF.'?stage=display&serial='.$rec['serial'].'" target=_certdisp>'.
'<img src=../images/display.png alt="Display" title="Display complete certificate details."></a>';
if ($rec['status'] == 'Valid') {
print '
<a href="'.$PHP_SELF.'?stage=dl-confirm&serial='.$rec['serial'].'&'.$qstr_sort.'&'.$qstr_filter.'">'.
'<img src=../images/download.png alt="Download" title="Download the PRIVATE certificate. DO NOT DISTRIBUTE THIS TO THE PUBLIC!"></a>
<a href="'.$PHP_SELF.'?stage=revoke-form&serial='.$rec['serial'].'&'.$qstr_sort.'&'.$qstr_filter.'">'.
'<img src=../images/revoke.png alt="Revoke" title="Revoke the certificate when the e-mail address is no longer valid or the certificate password or private key has been compromised."></a>';
}
print '
<a href="'.$PHP_SELF.'?stage=renew-form&serial='.$rec['serial'].'&'.$qstr_sort.'&'.$qstr_filter.'">'.
'<img src=../images/renew.png alt="Renew" title="Renew the certificate by revoking it, if necessary, and creating a replacement with a new expiration date."></a>
</td></tr>';
}
if ($rec['status'] == 'Valid') {
print '
<a href="'.$PHP_SELF.'?stage=dl-confirm&serial='.$rec['serial'].'&'.$qstr_sort.'&'.$qstr_filter.'">'.
'<img src=../images/download.png alt="Download" title="Download the PRIVATE certificate. DO NOT DISTRIBUTE THIS TO THE PUBLIC!"></a>
<a href="'.$PHP_SELF.'?stage=revoke-form&serial='.$rec['serial'].'&'.$qstr_sort.'&'.$qstr_filter.'">'.
'<img src=../images/revoke.png alt="Revoke" title="Revoke the certificate when the e-mail address is no longer valid or the certificate password or private key has been compromised."></a>';
}
print '
<a href="'.$PHP_SELF.'?stage=renew-form&serial='.$rec['serial'].'&'.$qstr_sort.'&'.$qstr_filter.'">'.
'<img src=../images/renew.png alt="Renew" title="Renew the certificate by revoking it, if necessary, and creating a replacement with a new expiration date."></a>
</td></tr>';
}
print '</table>';
print '</table>';
printFooter();
printFooter();
}
?>

78
ca/policy.html
View File

@@ -1,78 +1,34 @@
<html>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 3.2//EN">
<html>
<head>
<title>Certificate Authority Agreement</title>
<title>Certificate Authority Agreement</title>
</head>
<body>
<h2 align="center">Certificate Authority Agreement</h2>
<h2 align=center>Certificate Authority Agreement</h2>
<h3 align=center>Policy and Practices</h3>
<h3 align="center">Policy and Practices</h3><br>
<br>
<br><br>
<p>This is a statement of practices by this Digital Certificate Authority.
Your use of this Certificate Authority constitutes your and/or your agency's
understanding and full acceptance of these practices and all associated risks.
<strong>Please have an authorized person at your agency sign this document and fax it to 000-000-0000</strong>
<p>This is a statement of practices by this Digital Certificate Authority. Your use of this Certificate Authority constitutes your and/or your agency's understanding and full acceptance of these practices and all associated risks. <strong>Please have an authorized person at your agency sign this document and fax it to 000-000-0000</strong></p>
<p>This document may not be all encompassing, and we reserve the right to modify it at any time.
<p>This document may not be all encompassing, and we reserve the right to modify it at any time.</p>
<ul>
<li> The sole role of this Certificate Authority is
to provide and maintain a password protected software application for the easy
and instant creation and management of standard x.509 personal digital
certificates for e-mail encryption. We assume no responsibility for
verifying the identity of any persons other than that of the limited number of
authorized users of the software.
We accept no liability for damages resulting from the use, misuse,
or compromise of the software application or its host server.
<ul>
<li>The sole role of this Certificate Authority is to provide and maintain a password protected software application for the easy and instant creation and management of standard x.509 personal digital certificates for e-mail encryption. We assume no responsibility for verifying the identity of any persons other than that of the limited number of authorized users of the software. We accept no liability for damages resulting from the use, misuse, or compromise of the software application or its host server.</li>
<p><li>As an authorized user of the software, you are in effect <strong>THE</strong> Certificate Authority for your
agency. As such, you are solely
responsible for authenticating the identity of the persons for whom you obtain
certificates. We accept no
responsibility or liability for non-repudiation in any digital certificate
created by this software. You agree that
password protection to the application by authorized certificate managers,
and personal identity management by
those managers is sufficient to create a chain of trust for non-repudiation
in all digital certificates created using the software.
<li>As an authorized user of the software, you are in effect <strong>THE</strong> Certificate Authority for your agency. As such, you are solely responsible for authenticating the identity of the persons for whom you obtain certificates. We accept no responsibility or liability for non-repudiation in any digital certificate created by this software. You agree that password protection to the application by authorized certificate managers, and personal identity management by those managers is sufficient to create a chain of trust for non-repudiation in all digital certificates created using the software.</li>
<p><li>No more than two(2)
users at your agency should have access to your agency's Certificate Authority
password. We should be notified
immediately, via e-mail, when the employment of any
authorized user at your agency is terminated so that a new password can be
issued.
<li>No more than two(2) users at your agency should have access to your agency's Certificate Authority password. We should be notified immediately, via e-mail, when the employment of any authorized user at your agency is terminated so that a new password can be issued.</li>
<p><li>This Certificate
Authority software application is accessed via the Internet using standard SSL
or Secure Server encryption mechanisms.
Although steps have been taken to protect the security and availability
of the host server and application, its exposure to the Internet as well as any
presently unknown security flaws could lead to potential compromise of the
software and your certificates.
<li>This Certificate Authority software application is accessed via the Internet using standard SSL or Secure Server encryption mechanisms. Although steps have been taken to protect the security and availability of the host server and application, its exposure to the Internet as well as any presently unknown security flaws could lead to potential compromise of the software and your certificates.</li>
<p><li>No promise is made as
to the availability of the software in the event of hardware, software, or
telecommunications failure or maintenance.<2E>
No advanced notice will be given when the software must be temporarily
taken off line for service.
<li>No promise is made as to the availability of the software in the event of hardware, software, or telecommunications failure or maintenance.&nbsp; No advanced notice will be given when the software must be temporarily taken off line for service.</li>
<p><li>In order to provide
software which can easily create &quot;instant&quot; certificates it is
necessary to store all private keys on the host server. As such, all private keys are potentially exposed
to the Internet and suffer some risk of unauthorized access. However, since all private keys <strong>ARE
ENCRYPTED</strong> using a password provided by you, they are unlikely to be usable by
any intruder.
<li>In order to provide software which can easily create "instant" certificates it is necessary to store all private keys on the host server. As such, all private keys are potentially exposed to the Internet and suffer some risk of unauthorized access. However, since all private keys <strong>ARE ENCRYPTED</strong> using a password provided by you, they are unlikely to be usable by any intruder.</li>
<p><li>A publicly accessible
web page is provided for interested Internet users to download the Certificate
Authority root certificate, certificate revocation list, and search for the
e-mail addresses and public certificates of users. So as to avoid e-mail address scraping by spammers, no static
content with users' e-mail addresses is available.
</ul>
<li>A publicly accessible web page is provided for interested Internet users to download the Certificate Authority root certificate, certificate revocation list, and search for the e-mail addresses and public certificates of users. So as to avoid e-mail address scraping by spammers, no static content with users' e-mail addresses is available.</li>
</ul>
</body>
</html>

680
ca/request_cert.php
View File

@@ -7,7 +7,7 @@ include('../include/common.php') ;
include('../include/openssl_functions.php') ;
# User's preferences file
$user_cnf = $config['home_dir'] . "/config/user-".strtr($PHPki_user,'/\\','|#').'.php';
$user_cnf = $config['home_dir'] . "/config/user-".strtr($PHPki_user, '/\\', '|#').'.php';
# Retrieve GET/POST values
$form_stage = gpvar('form_stage');
@@ -48,355 +48,399 @@ $hidden_fields = '
switch ($form_stage) {
case 'validate':
$er = '';
case 'validate':
$er = '';
if (! $country) {
$er .= 'Missing Country<br>';
}
if (! $province) {
$er .= 'Missing State/Province<br>';
}
if (! $locality) {
$er .= 'Missing Locality (City/County)<br>';
}
if (! $organization) {
$er .= 'Missing Organization (Company/Agency)<br>';
}
if (! $unit) {
$er .= 'Missing Unit/Department<br>';
}
if (! $common_name) {
$er .= 'Missing E-mail User\'s Full Name<br>';
}
if (! $email) {
$er .= 'Missing E-mail Address<br>';
}
if (! $country) $er .= 'Missing Country<br>';
if (! $province) $er .= 'Missing State/Province<br>';
if (! $locality) $er .= 'Missing Locality (City/County)<br>';
if (! $organization) $er .= 'Missing Organization (Company/Agency)<br>';
if (! $unit) $er .= 'Missing Unit/Department<br>';
if (! $common_name) $er .= 'Missing E-mail User\'s Full Name<br>';
if (! $email) $er .= 'Missing E-mail Address<br>';
if (($cert_type == 'email' || $cert_type == 'email_signing') && ! $passwd) {
$er .= 'Missing Certificate Password<br>';
}
if (($cert_type == 'email' || $cert_type == 'email_signing') && ! $passwdv) {
$er .= 'Missing Certificate Password Verification "Again"<br>';
}
if (($cert_type == 'email' || $cert_type == 'email_signing') && ! $passwd) $er .= 'Missing Certificate Password<br>';
if (($cert_type == 'email' || $cert_type == 'email_signing') && ! $passwdv) $er .= 'Missing Certificate Password Verification "Again"<br>';
if ($passwd && strlen($passwd) < 8) {
$er .= 'Certificate password is too short.<br>';
}
if ( $passwd && strlen($passwd) < 8 )
$er .= 'Certificate password is too short.<br>';
if ($passwd and $passwd != $passwdv) {
$er .= 'Password and password verification do not match.<br>';
}
if ( $passwd and $passwd != $passwdv )
$er .= 'Password and password verification do not match.<br>';
//if ( ! is_alnum($passwd) or ! is_alnum($passwdv) )
// $er .= 'Password contains invalid characters.<br>';
//if ( ! is_alnum($passwd) or ! is_alnum($passwdv) )
// $er .= 'Password contains invalid characters.<br>';
if ($email && ! is_email($email)) {
$er .= 'E-mail address ('. htvar($email) . ') may be invalid.<br>';
}
if ( $email && ! is_email($email) )
$er .= 'E-mail address ('. htvar($email) . ') may be invalid.<br>';
$ip_ar=explode("\n", $ip_addr);
foreach ($ip_ar as $value) {
if ($value && ! is_ip($value)) {
$er .= 'IP address ('. htvar($value) . ') may be invalid.<br>';
}
}
$ip_ar=explode("\n", $ip_addr);
foreach ($ip_ar as $value){
if ( $value && ! is_ip($value) )
$er .= 'IP address ('. htvar($value) . ') may be invalid.<br>';
}
$dns_n=explode("\n", $dns_names);
foreach ($dns_n as $value) {
if ($value && ! is_fqdn(trim($value))) {
$er .= 'DNS Name ('. htvar($value) . ') may be invalid.<br>';
}
}
$dns_n=explode("\n", $dns_names);
foreach ($dns_n as $value){
if ( $value && ! is_fqdn(trim($value)) )
$er .= 'DNS Name ('. htvar($value) . ') may be invalid.<br>';
}
if ($er) {
$er = '<h2>ERROR(S) IN FORM:</h2><h4><blockquote>' . $er . '</blockquote></h4>';
}
if ( $er )
$er = '<h2>ERROR(S) IN FORM:</h2><h4><blockquote>' . $er . '</blockquote></h4>';
if ($email && ($serial = CAdb_in($email, $common_name))) {
$er = '';
$certtext = CA_cert_text($serial);
$er .= '<h2>A valid certificate already exists for ' . htvar("$common_name <$email>") . '</h2>';
$er .= '</font><blockquote><pre> ' . htvar($certtext) . ' </pre></blockquote>';
}
if ($email && ($serial = CAdb_in($email,$common_name))) {
$er = '';
$certtext = CA_cert_text($serial);
$er .= '<h2>A valid certificate already exists for ' . htvar("$common_name <$email>") . '</h2>';
$er .= '</font><blockquote><pre> ' . htvar($certtext) . ' </pre></blockquote>';
if ($er) {
printHeader();
?>
}
<form action='<?php echo $PHP_SELF?>' method=post>
<input type=submit name=submit value='Go Back'>
<font color=#ff0000><?php echo $er?></font>
<br><input type=submit name=submit value='Go Back'>
if ($er) {
printHeader();
?>
<?php
print $hidden_fields;
print "</form>";
<form action='<?php echo $PHP_SELF?>' method=post>
<input type=submit name=submit value='Go Back'>
<font color=#ff0000><?php echo $er?></font>
<br><input type=submit name=submit value='Go Back'>
printFooter();
break;
}
<?php
print $hidden_fields;
print "</form>";
case 'confirm':
printHeader();
printFooter();
break;
}
?>
<h4>You are about to create a certificate using the following information:</h4>
<table width=500><tr>
<td width=25% style='white-space: nowrap'>
<p align=right>
User's Name<br>
E-mail Address<br>
Organization<br>
Department/Unit<br>
Locality<br>
State/Province<br>
Country<br>
Certificate Life<br>
Key Size<br>
Certificate Use<br>
<?php
if ($cert_type == 'server') {
print 'DNS Alt Names<br>';
print 'IP Addresses<br>';
}
?>
</p>
</td>
case 'confirm':
printHeader();
<td>
<?php
print htvar($common_name) . '<br>';
print htvar($email) . '<br>';
print htvar($organization) . '<br>';
print htvar($unit) . '<br>';
print htvar($locality) . '<br>';
print htvar($province) . '<br>';
print htvar($country) . '<br>';
print htvar($expiry). ' Year'.($expiry == 1 ? '' : 's').'<br>';
print htvar($keysize). ' bits<br>';
?>
<h4>You are about to create a certificate using the following information:</h4>
<table width=500><tr>
<td width=25% style='white-space: nowrap'>
<p align=right>
User's Name<br>
E-mail Address<br>
Organization<br>
Department/Unit<br>
Locality<br>
State/Province<br>
Country<br>
Certificate Life<br>
Key Size<br>
Certificate Use<br>
<?php
if ($cert_type == 'server' ) {
print 'DNS Alt Names<br>';
print 'IP Addresses<br>';
}
?>
</p>
</td>
switch ($cert_type) {
case 'email':
print 'E-mail, SSL Client' . '<br>';
break;
case 'email_signing':
print 'E-mail, SSL Client, Code Signing' . '<br>';
break;
case 'server':
print 'SSL Server' . '<br>';
print htvar($dns_names). '<br>';
print htvar($ip_addr). '<br>';
break;
case 'vpn_client':
print 'VPN Client Only' . '<br>';
break;
case 'vpn_server':
print 'VPN Server Only' . '<br>';
break;
case 'vpn_client_server':
print 'VPN Client, VPN Server' . '<br>';
break;
case 'time_stamping':
print 'Time Stamping' . '<br>';
}
?>
</td>
<td>
<?php
print htvar($common_name) . '<br>';
print htvar($email) . '<br>';
print htvar($organization) . '<br>';
print htvar($unit) . '<br>';
print htvar($locality) . '<br>';
print htvar($province) . '<br>';
print htvar($country) . '<br>';
print htvar($expiry). ' Year'.($expiry == 1 ? '' : 's').'<br>';
print htvar($keysize). ' bits<br>';
</tr></table>
switch ($cert_type) {
case 'email':
print 'E-mail, SSL Client' . '<br>';
break;
case 'email_signing':
print 'E-mail, SSL Client, Code Signing' . '<br>';
break;
case 'server':
print 'SSL Server' . '<br>';
print htvar($dns_names). '<br>';
print htvar($ip_addr). '<br>';
break;
case 'vpn_client':
print 'VPN Client Only' . '<br>';
break;
case 'vpn_server':
print 'VPN Server Only' . '<br>';
break;
case 'vpn_client_server':
print 'VPN Client, VPN Server' . '<br>';
break;
case 'time_stamping':
print 'Time Stamping' . '<br>';
<h4>Are you sure?</h4>
<p><form action='<?php echo $PHP_SELF?>' method=post>
<?php echo $hidden_fields ?>
<input type=hidden name=form_stage value=final>
<input type=submit name=submit value='Yes. Create and Download' >&nbsp;
<input type=submit name=submit value='Yes. Just Create' >&nbsp;
<input type=submit name=submit value='Go Back'>
</form>
}
?>
</td>
<?php
printFooter();
</tr></table>
# Save user's defaults
$fp = fopen($user_cnf, 'w');
$x = '<?php
$country = \''.addslashes($country).'\';
$locality = \''.addslashes($locality).'\';
$province = \''.addslashes($province).'\';
$organization = \''.addslashes($organization).'\';
$unit = \''.addslashes($unit).'\';
$expiry = \''.addslashes($expiry).'\';
$keysize = \''.addslashes($keysize).'\';
?>';
fwrite($fp, $x);
fclose($fp);
<h4>Are you sure?</h4>
<p><form action='<?php echo $PHP_SELF?>' method=post>
<?php echo $hidden_fields ?>
<input type=hidden name=form_stage value=final>
<input type=submit name=submit value='Yes. Create and Download' >&nbsp;
<input type=submit name=submit value='Yes. Just Create' >&nbsp;
<input type=submit name=submit value='Go Back'>
</form>
break;
<?php
printFooter();
case 'final':
if ($submit == "Yes Create and Download" || $submit == "Yes. Just Create") {
if (! $serial = CAdb_in($email, $common_name)) {
list($ret,$errtxt) = CA_create_cert($cert_type, $country, $province, $locality, $organization, $unit, $common_name, $email, $expiry, $passwd, $keysize, $dns_names, $ip_addr);
# Save user's defaults
$fp = fopen($user_cnf,'w');
$x = '<?php
$country = \''.addslashes($country).'\';
$locality = \''.addslashes($locality).'\';
$province = \''.addslashes($province).'\';
$organization = \''.addslashes($organization).'\';
$unit = \''.addslashes($unit).'\';
$expiry = \''.addslashes($expiry).'\';
$keysize = \''.addslashes($keysize).'\';
?>';
fwrite($fp,$x);
fclose($fp);
if (! $ret) {
printHeader();
?>
<form action="<?php echo $PHP_SELF?>" method="post">
<font color=#ff0000>
<h2>There was an error creating your certificate.</h2></font><br>
<blockquote>
<h3>Debug Info:</h3>
<pre><?php echo $errtxt?></pre>
</blockquote>
<p>
<?php echo $hidden_fields?>
<input type=submit name=submit value=Back>
<p>
</form>
<?php
printFooter();
break;
} else {
$serial = $errtxt;
}
}
}
if ($submit == "Yes Create and Download") {
switch ($cert_type) {
case 'server':
# upload(array("$config[private_dir]/$serial-key.pem","$config[new_certs_dir]/$serial.pem",$config['cacert_pem']), "$common_name ($email).pem",'application/pkix-cert');
upload(array($config['private_dir'] . "/$serial-key.pem",$config['new_certs_dir'] . "/$serial.pem",$config['cacert_pem']), $rec['common_name'] . "-Bundle.pem", 'application/pkix-cert');
break;
case 'email':
case 'email_signing':
case 'time_stamping':
case 'vpn_client_server':
case 'vpn_client':
case 'vpn_server':
# upload("$config[pfx_dir]/$serial.pfx", "$common_name ($email).p12", 'application/x-pkcs12');
upload($config['pfx_dir'] . "/$serial.pfx", $rec['common_name'] . ".p12", 'application/x-pkcs12');
break;
}
# Clear common_name fields
$common_name = '';
break;
}
# Clear common_name fields
$common_name = '';
break;
// We could add 'return to index or create another certificate'
case 'final':
if ($submit == "Yes Create and Download" || $submit == "Yes. Just Create") {
if (! $serial = CAdb_in($email,$common_name)) {
list($ret,$errtxt) = CA_create_cert($cert_type, $country, $province, $locality, $organization, $unit, $common_name, $email, $expiry, $passwd, $keysize, $dns_names, $ip_addr);
default:
#
# Default fields to reasonable values if necessary.
#
if (! $submit and file_exists($user_cnf)) {
include($user_cnf);
}
if (! $ret) {
printHeader();
?>
<form action="<?php echo $PHP_SELF?>" method="post">
<font color=#ff0000>
<h2>There was an error creating your certificate.</h2></font><br>
<blockquote>
<h3>Debug Info:</h3>
<pre><?php echo $errtxt?></pre>
</blockquote>
<p>
<?php echo $hidden_fields?>
<input type=submit name=submit value=Back>
<p>
</form>
<?php
printFooter();
break;
}
else {
$serial = $errtxt;
}
}
}
if ($submit == "Yes Create and Download") {
switch($cert_type) {
case 'server':
# upload(array("$config[private_dir]/$serial-key.pem","$config[new_certs_dir]/$serial.pem",$config['cacert_pem']), "$common_name ($email).pem",'application/pkix-cert');
upload(array($config['private_dir'] . "/$serial-key.pem",$config['new_certs_dir'] . "/$serial.pem",$config['cacert_pem']), $rec['common_name'] . "-Bundle.pem",'application/pkix-cert');
break;
case 'email':
case 'email_signing':
case 'time_stamping':
case 'vpn_client_server':
case 'vpn_client':
case 'vpn_server':
# upload("$config[pfx_dir]/$serial.pfx", "$common_name ($email).p12", 'application/x-pkcs12');
upload($config['pfx_dir'] . "/$serial.pfx", $rec['common_name'] . ".p12", 'application/x-pkcs12');
break;
}
# Clear common_name fields
$common_name = '';
break;
}
# Clear common_name fields
$common_name = '';
if (! $country) {
$country = $config['country'];
}
if (! $province) {
$province = $config['province'];
}
if (! $locality) {
$locality = "";
}
if (! $organization) {
$organization = "";
}
if (! $unit) {
$unit = "";
}
if (! $email) {
$email = "";
}
if (! $expiry) {
$expiry = 1;
}
if (! $keysize) {
$keysize = 2048;
}
if (! $cert_type) {
$cert_type = 'email';
}
if (! $dns_names) {
$dns_names = "";
}
if (! $ip_addr) {
$ip_addr = "";
}
// We could add 'return to index or create another certificate'
printHeader();
?>
<body onLoad="self.focus();document.request.common_name.focus();document.request.cert_type.onchange();">
<form action="<?php echo $PHP_SELF?>" method=post name=request>
<table width=99%>
<th colspan=2><h3>Certificate Request Form</h3></th>
default:
#
# Default fields to reasonable values if necessary.
#
if (! $submit and file_exists($user_cnf)) include($user_cnf);
if (! $country) $country = $config['country'];
if (! $province) $province = $config['province'];
if (! $locality) $locality = "";
if (! $organization) $organization = "";
if (! $unit) $unit = "";
if (! $email) $email = "";
if (! $expiry) $expiry = 1;
if (! $keysize) $keysize = 2048;
if (! $cert_type) $cert_type = 'email';
if (! $dns_names) $dns_names = "";
if (! $ip_addr) $ip_addr = "";
printHeader();
?>
<body onLoad="self.focus();document.request.common_name.focus();document.request.cert_type.onchange();">
<form action="<?php echo $PHP_SELF?>" method=post name=request>
<table width=99%>
<th colspan=2><h3>Certificate Request Form</h3></th>
<tr>
<td width=30%>Common Name<font color=red size=3>*</font><br>(i.e. User real name or computer hostname - used as SubjectAltName)</td>
<td><input type=text name=common_name value="<?php echo htvar($common_name)?>" size=50 maxlength=60></td>
</tr>
<tr>
<td>E-mail Address <font color=red size=3>*</font></td>
<td><input type=text name=email value="<?php echo htvar($email)?>" size=50 maxlength=60></td>
</tr>
<tr>
<td>Organization (Company/Agency)<font color=red size=3>*</font></td>
<td><input type=text name=organization value="<?php echo htvar($organization)?>" size=60 maxlength=60></td>
</tr>
<tr>
<td>Department/Unit<font color=red size=3>*</font> </td><td><input type=text name=unit value="<?php echo htvar($unit) ?>" size=40 maxlength=60></td>
</tr>
<tr>
<td>Locality (City/County)<font color=red size=3>*</font></td><td><input type=text name=locality value="<?php echo htvar($locality) ?>" size=30 maxlength=30></td>
</tr>
<tr>
<td>State/Province<font color=red size=3>*</font></td><td><input type=text name=province value="<?php echo htvar($province) ?>" size=30 maxlength=30></td>
</tr>
<tr>
<td>Country<font color=red size=3>*</font></td>
<td><input type=text name=country value="<?php echo htvar($country) ?>" size=2 maxlength=2></td>
</tr>
<tr>
<td>Certificate Password<font color=red size=3>*</font><br>(Mandatory for Email,SSL Client,Code signing)</td>
<td><input type=password name=passwd value="<?php echo htvar($passwd) ?>" size=30>&nbsp;&nbsp; Again <input type=password name=passwdv value="<?php echo htvar($passwdv) ?>" size=30></td>
</tr>
<tr>
<td>Certificate Life<font color=red size=3>*</font> </td>
<td><select name=expiry>
<?php
print "<option value=0.083 " . ($expiry == 1 ? "selected='selected'" : "") . " >1 Month</option>\n" ;
print "<option value=0.25 " . ($expiry == 1 ? "selected='selected'" : "") . " >3 Months</option>\n" ;
print "<option value=0.5 " . ($expiry == 1 ? "selected='selected'" : "") . " >6 Months</option>\n" ;
print "<option value=1 " . ($expiry == 1 ? "selected='selected'" : "") . " >1 Year</option>\n" ;
for ( $i = 2 ; $i <= 5 ; $i++ ) {
print "<option value=$i " . ($expiry == $i ? "selected='selected'" : "") . " >$i Years</option>\n" ;
}
?>
</select></td>
</tr>
<tr>
<td>Key Size<font color=red size=3>*</font> </td>
<td><select name=keysize>
<?php
for ( $i = 512 ; $i <= 4096 ; $i+= 512 ) {
print "<option value=$i " . ($keysize == $i ? "selected='selected'" : "") . ">$i bits</option>\n" ;
}
?>
</select></td>
</tr>
<tr>
<td>Certificate Use:<font color=red size=3>*</font> </td>
<td><select name=cert_type onchange="if (this.value=='server')
{setVisibility('testrow1',true);setVisibility('testrow2',true);} else {setVisibility('testrow1',false);setVisibility('testrow2',false);}">
<?php
print '<option value="email" '.($cert_type=='email'?'selected':'').'>E-mail, SSL Client</option>';
print '<option value="email_signing" '.($cert_type=='email_signing'?'selected':'').'>E-mail, SSL Client, Code Signing</option>';
print '<option value="server" '.($cert_type=='server'?'selected':'').'>SSL Server</option>';
print '<option value="vpn_client" '.($cert_type=='vpn_client'?'selected':'').'>VPN Client Only</option>';
print '<option value="vpn_server" '.($cert_type=='vpn_server'?'selected':'').'>VPN Server Only</option>';
print '<option value="vpn_client_server" '.($cert_type=='vpn_client_server'?'selected':'').'>VPN Client, VPN Server</option>';
print '<option value="time_stamping" '.($cert_type=='time_stamping'?'selected':'').'>Time Stamping</option>';
?>
</select></td>
</tr>
<tr id="testrow2" name="testrow2" style="visibility:hidden;display:none;">
<td>Alternative DNS Names<br>(only one per Line)</td><td><textarea name=dns_names cols=30 rows=5><?php echo htvar($dns_names) ?></textarea></td>
</tr>
<tr id="testrow1" name="testrow1" style="visibility:hidden;display:none;">
<td>IP's<br>(only one per Line)</td><td><textarea name=ip_addr cols=30 rows=5><?php echo htvar($ip_addr) ?></textarea></td>
</tr>
<tr>
<td>&nbsp</td>
<td>&nbsp</td>
</tr>
<tr>
<td><font color=red size=3>* Fields are required</td><td><input type=submit name=submit value='Submit Request'><input type=hidden name=form_stage value='validate'></td>
</tr>
</table>
</form>
<?php
<td width=30%>Common Name<font color=red size=3>*</font><br>(i.e. User real name or computer hostname - used as SubjectAltName)</td>
<td><input type=text name=common_name value="<?php echo htvar($common_name)?>" size=50 maxlength=60></td>
</tr>
printFooter();
<tr>
<td>E-mail Address <font color=red size=3>*</font></td>
<td><input type=text name=email value="<?php echo htvar($email)?>" size=50 maxlength=60></td>
</tr>
<tr>
<td>Organization (Company/Agency)<font color=red size=3>*</font></td>
<td><input type=text name=organization value="<?php echo htvar($organization)?>" size=60 maxlength=60></td>
</tr>
<tr>
<td>Department/Unit<font color=red size=3>*</font> </td><td><input type=text name=unit value="<?php echo htvar($unit) ?>" size=40 maxlength=60></td>
</tr>
<tr>
<td>Locality (City/County)<font color=red size=3>*</font></td><td><input type=text name=locality value="<?php echo htvar($locality) ?>" size=30 maxlength=30></td>
</tr>
<tr>
<td>State/Province<font color=red size=3>*</font></td><td><input type=text name=province value="<?php echo htvar($province) ?>" size=30 maxlength=30></td>
</tr>
<tr>
<td>Country<font color=red size=3>*</font></td>
<td><input type=text name=country value="<?php echo htvar($country) ?>" size=2 maxlength=2></td>
</tr>
<tr>
<td>Certificate Password<font color=red size=3>*</font><br>(Mandatory for Email,SSL Client,Code signing)</td>
<td><input type=password name=passwd value="<?php echo htvar($passwd) ?>" size=30>&nbsp;&nbsp; Again <input type=password name=passwdv value="<?php echo htvar($passwdv) ?>" size=30></td>
</tr>
<tr>
<td>Certificate Life<font color=red size=3>*</font> </td>
<td><select name=expiry>
<?php
print "<option value=0.083 " . ($expiry == 1 ? "selected='selected'" : "") . " >1 Month</option>\n" ;
print "<option value=0.25 " . ($expiry == 1 ? "selected='selected'" : "") . " >3 Months</option>\n" ;
print "<option value=0.5 " . ($expiry == 1 ? "selected='selected'" : "") . " >6 Months</option>\n" ;
print "<option value=1 " . ($expiry == 1 ? "selected='selected'" : "") . " >1 Year</option>\n" ;
for ($i = 2; $i <= 5; $i++) {
print "<option value=$i " . ($expiry == $i ? "selected='selected'" : "") . " >$i Years</option>\n" ;
}
?>
</select></td>
</tr>
<tr>
<td>Key Size<font color=red size=3>*</font> </td>
<td><select name=keysize>
<?php
for ($i = 512; $i <= 4096; $i+= 512) {
print "<option value=$i " . ($keysize == $i ? "selected='selected'" : "") . ">$i bits</option>\n" ;
}
?>
</select></td>
</tr>
<tr>
<td>Certificate Use:<font color=red size=3>*</font> </td>
<td><select name=cert_type onchange="if (this.value=='server')
{setVisibility('testrow1',true);setVisibility('testrow2',true);} else {setVisibility('testrow1',false);setVisibility('testrow2',false);}">
<?php
print '<option value="email" '.($cert_type=='email'?'selected':'').'>E-mail, SSL Client</option>';
print '<option value="email_signing" '.($cert_type=='email_signing'?'selected':'').'>E-mail, SSL Client, Code Signing</option>';
print '<option value="server" '.($cert_type=='server'?'selected':'').'>SSL Server</option>';
print '<option value="vpn_client" '.($cert_type=='vpn_client'?'selected':'').'>VPN Client Only</option>';
print '<option value="vpn_server" '.($cert_type=='vpn_server'?'selected':'').'>VPN Server Only</option>';
print '<option value="vpn_client_server" '.($cert_type=='vpn_client_server'?'selected':'').'>VPN Client, VPN Server</option>';
print '<option value="time_stamping" '.($cert_type=='time_stamping'?'selected':'').'>Time Stamping</option>';
?>
</select></td>
</tr>
<tr id="testrow2" name="testrow2" style="visibility:hidden;display:none;">
<td>Alternative DNS Names<br>(only one per Line)</td><td><textarea name=dns_names cols=30 rows=5><?php echo htvar($dns_names) ?></textarea></td>
</tr>
<tr id="testrow1" name="testrow1" style="visibility:hidden;display:none;">
<td>IP's<br>(only one per Line)</td><td><textarea name=ip_addr cols=30 rows=5><?php echo htvar($ip_addr) ?></textarea></td>
</tr>
<tr>
<td>&nbsp</td>
<td>&nbsp</td>
</tr>
<tr>
<td><font color=red size=3>* Fields are required</td><td><input type=submit name=submit value='Submit Request'><input type=hidden name=form_stage value='validate'></td>
</tr>
</table>
</form>
<?php
printFooter();
}
?>