deprecated/phpki-ng
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Format with CodeSniffer --standard=PSR2

Browse Source
This commit is contained in:
John Crisp
2021-03-03 17:15:01 +01:00
parent fbf3170398
commit 6703d98ec9
23 changed files with 2309 additions and 2219 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
about.php
View File

@@ -1,31 +1,32 @@
<?php <?php
include('./config.php'); include('./config.php');
include('./include/my_functions.php'); include('./include/my_functions.php');
include('./include/common.php'); include('./include/common.php');
printHeader('about'); printHeader('about');
?> ?>
<p> <p>
PHPki is an <a href=http://www.opensource.org target=_blank>Open Source</a> PHPki is an <a href=http://www.opensource.org target=_blank>Open Source</a>
Web application for managing a <a href=<?php echo BASE_URL?>help/glossary.html#PKI target=help/glossary> Web application for managing a <a href=<?php echo BASE_URL?>help/glossary.html#PKI target=help/glossary>
Public Key Infrastructure</a> within a small organizations. PHPki acts as a Public Key Infrastructure</a> within a small organizations. PHPki acts as a
mechanism for the centralized creation and management of digital certificates. mechanism for the centralized creation and management of digital certificates.
PHPki is capable of managing certificates for multiple organizations or user PHPki is capable of managing certificates for multiple organizations or user
accounts. accounts.</p>
<p> <p>
PHPki requires the Apache Web Server, the <href=http://www.php.net target=_blank>PHP</a> Scripting Language, and <href=http://www.openssl.org target=_blank> PHPki requires the Apache Web Server, the <href=http://www.php.net target=_blank>PHP</a> Scripting Language, and <href=http://www.openssl.org target=_blank>
OpenSSL</a>, all of which are included with any major OpenSSL</a>, all of which are included with any major
<a href=http://www.linux.org target=_blank> Linux Operating System</a> <a href=http://www.linux.org target=_blank> Linux Operating System</a>
<a href=http://www.redhat.com target=_blank>distribution</a>. <a href=http://www.redhat.com target=_blank>distribution</a>.
</p>
<p> <p>
This software may be freely redistributed under the terms of the This software may be freely redistributed under the terms of the
<a href=http://www.gnu.org target=_blank>GNU</a> Public <a href=http://www.gnu.org target=_blank>GNU</a> Public
License provided this page and all copyright notices remain completely intact. License provided this page and all copyright notices remain completely intact.
</p>
<p> <p>
<center><h4>Copyright: 2003, William E. Roadcap</h4> <center><h4>Copyright: 2003, William E. Roadcap</h4>
<form> <form>
@@ -36,7 +37,7 @@ readfile("./LICENSE.TXT");
</textarea> </textarea>
</form> </form>
</center> </center>
<p> </p>
<?php <?php
printFooter(); printFooter();

201
admin/index.php
View File

@@ -10,118 +10,117 @@ $login = gpvar('login');
$passwd = gpvar('passwd'); $passwd = gpvar('passwd');
$passwdv = gpvar('passwdv'); $passwdv = gpvar('passwdv');
switch($stage) { switch ($stage) {
case 'list_users': case 'list_users':
printHeader('admin'); printHeader('admin');
print '<p><h3>Contents of '.htvar($config['passwd_file']).' file:</h3><pre>'; print '<p><h3>Contents of '.htvar($config['passwd_file']).' file:</h3><pre>';
readfile($config['passwd_file']) readfile($config['passwd_file'])
?> ?>
</pre> </pre>
<form action="<?php echo $PHP_SELF?>" method="post"> <form action="<?php echo $PHP_SELF?>" method="post">
<input type=submit name=submit value="Back to Menu"> <input type=submit name=submit value="Back to Menu">
</form> </form>
<?php <?php
printFooter(false); printFooter(false);
break; break;
case 'add_user_form'; case 'add_user_form';
printHeader('admin'); printHeader('admin');
?> ?>
<body onLoad="self.focus();document.form.login.focus()"> <body onLoad="self.focus();document.form.login.focus()">
<form action="<?php echo $PHP_SELF?>" method="post" name="form"> <form action="<?php echo $PHP_SELF?>" method="post" name="form">
<table> <table>
<th colspan=2><h3>Add User or Change Password</h3></th> <th colspan=2><h3>Add User or Change Password</h3></th>
<tr><td>User ID</td><td><input type=text name=login value="<?php echo htvar($login)?>" maxlength=15 size=15></td></tr> <tr><td>User ID</td><td><input type=text name=login value="<?php echo htvar($login)?>" maxlength=15 size=15></td></tr>
<tr><td>Password </td><td><input type=password name=passwd value='' size=20></td></tr> <tr><td>Password </td><td><input type=password name=passwd value='' size=20></td></tr>
<tr><td>Verify Password </td><td><input type=password name=passwdv value='' size=20></td></tr> <tr><td>Verify Password </td><td><input type=password name=passwdv value='' size=20></td></tr>
</table> </table>
<input type=hidden name=stage value=add_user> <input type=hidden name=stage value=add_user>
<input type=submit name=submit value='Submit'> <input type=submit name=submit value='Submit'>
</form> </form>
<?php <?php
break; break;
case 'add_user': case 'add_user':
printHeader('admin'); printHeader('admin');
if (! $passwd || ! $passwdv || $passwd != $passwdv || strlen($passwd) < 8) { if (! $passwd || ! $passwdv || $passwd != $passwdv || strlen($passwd) < 8) {
print "<center><h2><font color=red>Missing or invalid password or password and password verification do not match.</font></h2></center>" print "<center><h2><font color=red>Missing or invalid password or password and password verification do not match.</font></h2></center>"
?> ?>
<p><center> <p><center>
<form action="<?php echo $PHP_SELF?>" method="post"> <form action="<?php echo $PHP_SELF?>" method="post">
<input type=hidden name=stage value=add_user_form> <input type=hidden name=stage value=add_user_form>
<input type=hidden name=login value="<?php echo htvar($login)?>"> <input type=hidden name=login value="<?php echo htvar($login)?>">
<input type=submit name=submit value=Back> <input type=submit name=submit value=Back>
</form></center> </form></center>
<?php <?php
} } else {
else { $pwdfile = escapeshellarg($config['passwd_file']);
$pwdfile = escapeshellarg($config['passwd_file']); $login = escapeshellarg($login);
$login = escapeshellarg($login); $passwd = escapeshellarg($passwd);
$passwd = escapeshellarg($passwd);
print 'Results of htpasswd command:<br>'; print 'Results of htpasswd command:<br>';
system("htpasswd -bm $pwdfile $login $passwd 2>&1") system("htpasswd -bm $pwdfile $login $passwd 2>&1")
?> ?>
<p> <p>
<form action="<?php echo $PHP_SELF?>" method="post"> <form action="<?php echo $PHP_SELF?>" method="post">
<input type=submit name=submit value="Back to Menu"> <input type=submit name=submit value="Back to Menu">
</form> </form>
<?php <?php
} }
printFooter(); printFooter();
break; break;
case 'del_user_form'; case 'del_user_form';
printHeader('admin'); printHeader('admin');
?> ?>
<body onLoad="self.focus();document.form.login.focus();"> <body onLoad="self.focus();document.form.login.focus();">
<form action="<?php echo $PHP_SELF?>" method="post" name="form"> <form action="<?php echo $PHP_SELF?>" method="post" name="form">
<table> <table>
<th colspan=2><h3>Remove User</h3></th> <th colspan=2><h3>Remove User</h3></th>
<tr><td>User ID</td><td><input type=text name=login value="<?php echo htvar($login)?>" maxlength=15 size=15></td></tr> <tr><td>User ID</td><td><input type=text name=login value="<?php echo htvar($login)?>" maxlength=15 size=15></td></tr>
</table> </table>
<input type=hidden name=stage value=del_user> <input type=hidden name=stage value=del_user>
<input type=submit name=submit value='Submit'> <input type=submit name=submit value='Submit'>
</form> </form>
<?php <?php
printFooter(); printFooter();
break; break;
case 'del_user': case 'del_user':
printHeader('admin'); printHeader('admin');
$pwdfile = escapeshellarg($config['passwd_file']); $pwdfile = escapeshellarg($config['passwd_file']);
$login = escapeshellarg($login); $login = escapeshellarg($login);
print 'Results of htpasswd command:<br>'; print 'Results of htpasswd command:<br>';
system("htpasswd -D $pwdfile $login 2>&1") system("htpasswd -D $pwdfile $login 2>&1")
?> ?>
<p> <p>
<form action="<?php echo $PHP_SELF?>" method="post"> <form action="<?php echo $PHP_SELF?>" method="post">
<input type=submit name=submit value="Back to Menu"> <input type=submit name=submit value="Back to Menu">
</form> </form>
<?php <?php
printFooter(); printFooter();
break; break;
default: default:
printHeader('admin'); printHeader('admin');
?> ?>
<br> <br>
<br> <br>
<center> <center>
<table class=menu><th class=menu>SYSADMIN MENU</th> <table class=menu><th class=menu>SYSADMIN MENU</th>
<tr><td class=menu style="padding-left: 1em;"><table> <tr><td class=menu style="padding-left: 1em;"><table>
<tr><td class=menu-pad><a href=<?php echo $PHP_SELF?>?stage=add_user_form>Add User or Change Password</a></td></tr> <tr><td class=menu-pad><a href=<?php echo $PHP_SELF?>?stage=add_user_form>Add User or Change Password</a></td></tr>
<tr><td class=menu-pad><a href=<?php echo $PHP_SELF?>?stage=del_user_form>Remove User</a></td></tr> <tr><td class=menu-pad><a href=<?php echo $PHP_SELF?>?stage=del_user_form>Remove User</a></td></tr>
<tr><td class=menu-pad><a href=<?php echo $PHP_SELF?>?stage=list_users>List Password File Contents</a></td></tr> <tr><td class=menu-pad><a href=<?php echo $PHP_SELF?>?stage=list_users>List Password File Contents</a></td></tr>
</table></td></tr> </table></td></tr>
</table> </table>
</center> </center>
<br><br> <br><br>
<?php <?php
printFooter(); printFooter();
} }
?> ?>

1
ca/index.php
View File

@@ -1,3 +1,2 @@
<?php <?php
header("Location: ./../index.php"); header("Location: ./../index.php");
?>

268
ca/main.php
View File

@@ -8,161 +8,159 @@ include("../include/openssl_functions.php");
$stage = gpvar('stage'); $stage = gpvar('stage');
switch($stage) { switch ($stage) {
case 'dl_takey':
upload($config['private_dir'] . '/takey.pem', $config['ca_prefix'] . 'takey.pem', 'application/octet-stream');
break;
case 'dl_takey': case 'dl_dhparam':
upload($config['private_dir'] . '/takey.pem', $config['ca_prefix'] . 'takey.pem', 'application/octet-stream'); upload($config['private_dir'] . '/dhparam2048.pem', $config['ca_prefix'] . 'dhparam2048.pem', 'application/octet-stream');
break; break;
case 'dl_dhparam': case 'dl_root':
upload($config['private_dir'] . '/dhparam2048.pem', $config['ca_prefix'] . 'dhparam2048.pem', 'application/octet-stream'); upload($config['cacert_pem'], $config['ca_prefix'] . 'cacert.crt', 'application/x-x509-ca-cert');
break; break;
case 'dl_root': case 'dl_crl':
upload($config['cacert_pem'], $config['ca_prefix'] . 'cacert.crt', 'application/x-x509-ca-cert'); upload($config['cacrl_der'], $config['ca_prefix'] . 'cacrl.crl', 'application/pkix-crl');
break; break;
case 'dl_crl': case 'dl_crl_pem':
upload($config['cacrl_der'], $config['ca_prefix'] . 'cacrl.crl', 'application/pkix-crl'); upload($config['cacrl_pem'], $config['ca_prefix'] . 'cacrl.crl', 'application/octet-stream');
break; break;
case 'dl_crl_pem': case 'gen_crl':
upload($config['cacrl_pem'], $config['ca_prefix'] . 'cacrl.crl', 'application/octet-stream'); list($ret,$errtxt) = CA_generate_crl();
break;
case 'gen_crl': printHeader(false);
list($ret,$errtxt) = CA_generate_crl();
printHeader(false); if ($ret) {
?>
<center><h2>Certificate Revocation List Updated</h2></center>
<br>
<form action="<?php echo $PHP_SELF?>" method="post">
<input type="submit" name="submit" value="Back to Menu">
</form>
<?php
print '<pre>'.CA_crl_text().'</pre>';
} else {
?>
<font color="#ff0000">
<h2>There was an error updating the Certificate Revocation List.</h2></font><br>
<blockquote>
<h3>Debug Info:</h3>
<pre><?php echo $errtxt?></pre>
</blockquote>
<form action="<?php echo $PHP_SELF?>" method="post">
<br>
<input type="submit" name="submit" value="Back to Menu">
<br>
</form>
<?php
}
break;
if ($ret) { case 'display_takey':
?> printHeader(false);
<center><h2>Certificate Revocation List Updated</h2></center>
<br>
<form action="<?php echo $PHP_SELF?>" method="post">
<input type="submit" name="submit" value="Back to Menu">
</form>
<?php
print '<pre>'.CA_crl_text().'</pre>';
}
else {
?>
<font color="#ff0000">
<h2>There was an error updating the Certificate Revocation List.</h2></font><br>
<blockquote>
<h3>Debug Info:</h3>
<pre><?php echo $errtxt?></pre>
</blockquote>
<form action="<?php echo $PHP_SELF?>" method="post">
<br>
<input type="submit" name="submit" value="Back to Menu">
<br>
</form>
<?php
}
break;
case 'display_takey': ?>
printHeader(false); <center><h2>OpenVPN pre-shared Key</h2></center>
<br>
<form action="<?php echo $PHP_SELF?>" method="post">
<input type="submit" name="submit" value="Back to Menu">
</form>
<?php
print '<pre>'.ta_key_text().'</pre>';
break;
?> case 'display_dhparam':
<center><h2>OpenVPN pre-shared Key</h2></center> printHeader(false);
<br>
<form action="<?php echo $PHP_SELF?>" method="post">
<input type="submit" name="submit" value="Back to Menu">
</form>
<?php
print '<pre>'.ta_key_text().'</pre>';
break;
case 'display_dhparam': ?>
printHeader(false); <center><h2>OpenVPN Diffie-Helman parameters</h2></center>
<br>
<form action="<?php echo $PHP_SELF?>" method="post">
<input type=submit name=submit value="Back to Menu">
</form>
<?php
print '<pre>'.dhparam_text().'</pre>';
break;
?> case 'display_root_pem':
<center><h2>OpenVPN Diffie-Helman parameters</h2></center> printHeader(false);
<br>
<form action="<?php echo $PHP_SELF?>" method="post">
<input type=submit name=submit value="Back to Menu">
</form>
<?php
print '<pre>'.dhparam_text().'</pre>';
break;
case 'display_root_pem': ?>
printHeader(false); <center><h2>Root certificate file (PEM Encoded)</h2></center>
<br>
?> <form action="<?php echo $PHP_SELF?>" method="post">
<center><h2>Root certificate file (PEM Encoded)</h2></center> <input type="submit" name="submit" value="Back to Menu">
<br> </form>
<form action="<?php echo $PHP_SELF?>" method="post"> <?php
<input type="submit" name="submit" value="Back to Menu"> print '<pre>'.root_pem_text().'</pre>';
</form> break;
<?php
print '<pre>'.root_pem_text().'</pre>';
break;
default: default:
printHeader('ca'); printHeader('ca');
?> ?>
<br> <br>
<br> <br>
<center> <center>
<table class="menu" width="600px"><th class="menu" colspan="2"><big>CERTIFICATE MANAGEMENT MENU</big></th> <table class="menu" width="600px"><th class="menu" colspan="2"><big>CERTIFICATE MANAGEMENT MENU</big></th>
<tr><td style="text-align: center; vertical-align: middle; font-weight: bold;" width="33%"> <tr><td style="text-align: center; vertical-align: middle; font-weight: bold;" width="33%">
<a href="request_cert.php">Create a New Certificate</a></td> <a href="request_cert.php">Create a New Certificate</a></td>
<td>Use the <strong><cite>Certificate Request Form</cite></strong> to create and download new digital certificates. <td>Use the <strong><cite>Certificate Request Form</cite></strong> to create and download new digital certificates.
You may create certificates in succession without re-entering the entire form You may create certificates in succession without re-entering the entire form
by clicking the "<strong>Go Back</strong>" button after each certificate is created.</td></tr> by clicking the "<strong>Go Back</strong>" button after each certificate is created.</td></tr>
<tr><td style="text-align: center; vertical-align: middle; font-weight: bold;"> <tr><td style="text-align: center; vertical-align: middle; font-weight: bold;">
<a href="manage_certs.php">Manage Certificates</a></td> <a href="manage_certs.php">Manage Certificates</a></td>
<td>Conveniently view, download, revoke, and renew your existing certificates using the <td>Conveniently view, download, revoke, and renew your existing certificates using the
<strong><cite>Certificate Management Control Panel</cite></strong>.</td></tr> <strong><cite>Certificate Management Control Panel</cite></strong>.</td></tr>
<tr><td style="text-align: center; vertical-align: middle; font-weight: bold;"> <tr><td style="text-align: center; vertical-align: middle; font-weight: bold;">
<a href="<?php echo $PHP_SELF?>?stage=gen_crl">Update & View the Certificate Revocation List</a></td> <a href="<?php echo $PHP_SELF?>?stage=gen_crl">Update & View the Certificate Revocation List</a></td>
<td>Some applications automagically reference the Certificate Revocation List to determine <td>Some applications automagically reference the Certificate Revocation List to determine
certificate validity. It is not necessary to perform this update function, as the CRL is certificate validity. It is not necessary to perform this update function, as the CRL is
updated when certificates are revoked. However, doing so is harmless. updated when certificates are revoked. However, doing so is harmless.
<a href="../help.php" target="_help">Read the online help</a> to learn more about this.</td></tr> <a href="../help.php" target="_help">Read the online help</a> to learn more about this.</td></tr>
<tr><td style="text-align: center; vertical-align: middle; font-weight: bold;"> <tr><td style="text-align: center; vertical-align: middle; font-weight: bold;">
<a href="<?php echo $PHP_SELF?>?stage=dl_root">Download the Root Certificate</a><br><br> <a href="<?php echo $PHP_SELF?>?stage=dl_root">Download the Root Certificate</a><br><br>
<a href="<?php echo $PHP_SELF?>?stage=display_root_pem">Display the Root Certificate (PEM Encoded)</a></td> <a href="<?php echo $PHP_SELF?>?stage=display_root_pem">Display the Root Certificate (PEM Encoded)</a></td>
<td>The "Root" certificate must be installed before using any of the <td>The "Root" certificate must be installed before using any of the
certificates issued here. <a href="../help.php" target="_help">Read the online help</a> certificates issued here. <a href="../help.php" target="_help">Read the online help</a>
to learn more about this.</td></tr> to learn more about this.</td></tr>
<tr><td style="text-align: center; vertical-align: middle; font-weight: bold;"> <tr><td style="text-align: center; vertical-align: middle; font-weight: bold;">
<a href="<?php echo $PHP_SELF?>?stage=dl_crl">Download the Certificate Revocation List</a><br><br> <a href="<?php echo $PHP_SELF?>?stage=dl_crl">Download the Certificate Revocation List</a><br><br>
<a href="<?php echo $PHP_SELF?>?stage=dl_crl_pem">Download in PEM format.</a></td> <a href="<?php echo $PHP_SELF?>?stage=dl_crl_pem">Download in PEM format.</a></td>
<td>This is the official list of revoked certificates. Using this list with your e-mail or <td>This is the official list of revoked certificates. Using this list with your e-mail or
browser application is optional. Some applications will automagically reference this list.</td></tr> browser application is optional. Some applications will automagically reference this list.</td></tr>
<?php <?php
if (file_exists($config['private_dir'] . '/takey.pem')) { if (file_exists($config['private_dir'] . '/takey.pem')) {
?> ?>
<tr><td style="text-align: center; vertical-align: middle; font-weight: bold;"> <tr><td style="text-align: center; vertical-align: middle; font-weight: bold;">
<a href="<?php echo $PHP_SELF?>?stage=dl_takey">Download the static pre-shared key</a><br><br> <a href="<?php echo $PHP_SELF?>?stage=dl_takey">Download the static pre-shared key</a><br><br>
<a href="<?php echo $PHP_SELF?>?stage=display_takey">Display the static pre-shared key</a></td> <a href="<?php echo $PHP_SELF?>?stage=display_takey">Display the static pre-shared key</a></td>
<td>This key can be used with OpenVPN as a standalone auth mechanism, or as an additional TLS authentication.</td></tr> <td>This key can be used with OpenVPN as a standalone auth mechanism, or as an additional TLS authentication.</td></tr>
<?php } <?php }
?> ?>
<?php if (file_exists ($config['private_dir'] . '/dhparam2048.pem')) { <?php if (file_exists($config['private_dir'] . '/dhparam2048.pem')) {
?> ?>
<tr><td style="text-align: center; vertical-align: middle; font-weight: bold;"> <tr><td style="text-align: center; vertical-align: middle; font-weight: bold;">
<a href="<?php echo $PHP_SELF?>?stage=dl_dhparam">Download the Diffie-Hellman parameters</a><br><br> <a href="<?php echo $PHP_SELF?>?stage=dl_dhparam">Download the Diffie-Hellman parameters</a><br><br>
<a href="<?php echo $PHP_SELF?>?stage=display_dhparam">Display the Diffie-Hellman parameters</a></td> <a href="<?php echo $PHP_SELF?>?stage=display_dhparam">Display the Diffie-Hellman parameters</a></td>
<td>This file is used by OpenVPN for the hand-shake. The Diffie-Hellman key agreement <td>This file is used by OpenVPN for the hand-shake. The Diffie-Hellman key agreement
protocol enables two communication partners to exchange a secret key safely.</td></tr> protocol enables two communication partners to exchange a secret key safely.</td></tr>
<?php } <?php }
?> ?>
</table> </table>
</center> </center>
<br><br> <br><br>
<?php <?php
printFooter(); printFooter();
} }
?> ?>

675
ca/manage_certs.php
View File

@@ -22,404 +22,403 @@ $show_expired = gpvar('show_expired');
# Prevent handling certs that don't belong to user # Prevent handling certs that don't belong to user
if ($serial && CAdb_issuer($serial) != $PHPki_user && ! in_array($PHPki_user, $PHPki_admins)) { if ($serial && CAdb_issuer($serial) != $PHPki_user && ! in_array($PHPki_user, $PHPki_admins)) {
$stage = 'goaway'; $stage = 'goaway';
} }
if ( !($show_valid.$show_revoked.$show_expired) ) { if (!($show_valid.$show_revoked.$show_expired)) {
$show_valid = 'V'; $show_valid = 'V';
$show_revoked = 'R'; $show_revoked = 'R';
$show_expired = 'E'; $show_expired = 'E';
} }
$qstr_filter = 'search='.htvar($search) . '&' . "show_valid=$show_valid&" . "show_revoked=$show_revoked&" . "show_expired=$show_expired&"; $qstr_filter = 'search='.htvar($search) . '&' . "show_valid=$show_valid&" . "show_revoked=$show_revoked&" . "show_expired=$show_expired&";
$qstr_sort = "sortfield=$sortfield&ascdec=$ascdec"; $qstr_sort = "sortfield=$sortfield&ascdec=$ascdec";
switch ($stage) { switch ($stage) {
case 'goaway': case 'goaway':
printHeader(false); printHeader(false);
?> ?>
<p><center><h1><font color="red">YOU ARE A VERY BAD BOY!</font></h2></center> <p><center><h1><font color="red">YOU ARE A VERY BAD BOY!</font></h2></center>
<?php <?php
break; break;
case 'display': case 'display':
printHeader(false); printHeader(false);
?> ?>
<center><h2>Certificate Details</h2></center> <center><h2>Certificate Details</h2></center>
<center><font color="#0000AA"><h3>(#<?php echo $serial?>)<br><?php echo htvar(CA_cert_cname($serial).' <'.CA_cert_email($serial).'>')?> </h3></font></center> <center><font color="#0000AA"><h3>(#<?php echo $serial?>)<br><?php echo htvar(CA_cert_cname($serial).' <'.CA_cert_email($serial).'>')?> </h3></font></center>
<?php <?php
if ($revoke_date = CAdb_is_revoked($serial)) { if ($revoke_date = CAdb_is_revoked($serial)) {
print '<center><font color=red><h2>REVOKED '.$revoke_date.'</h2></font></center>'; print '<center><font color=red><h2>REVOKED '.$revoke_date.'</h2></font></center>';
} }
print '<pre>'.CA_cert_text($serial).'</pre>'; print '<pre>'.CA_cert_text($serial).'</pre>';
break; break;
case 'dl-confirm': case 'dl-confirm':
printHeader('ca'); printHeader('ca');
$rec = CAdb_get_entry($serial); $rec = CAdb_get_entry($serial);
?> ?>
<h3>You are about to download the <font color=red>PRIVATE</font> certificate key for <?php echo $rec['common_name'].' &lt;'.$rec['email'].'&gt; '?></h3> <h3>You are about to download the <font color=red>PRIVATE</font> certificate key for <?php echo $rec['common_name'].' &lt;'.$rec['email'].'&gt; '?></h3>
<h3><font color="red">DO NOT DISTRIBUTE THIS FILE TO THE PUBLIC!</font></h3> <h3><font color="red">DO NOT DISTRIBUTE THIS FILE TO THE PUBLIC!</font></h3>
<form action="<?php echo $PHP_SELF.'?stage=download&serial='.$serial.'&'.$qstr_sort.'&'.$qstr_filter?>" method="post"> <form action="<?php echo $PHP_SELF.'?stage=download&serial='.$serial.'&'.$qstr_sort.'&'.$qstr_filter?>" method="post">
<strong>File type: </strong> <strong>File type: </strong>
<select name="dl_type"> <select name="dl_type">
<option value="PKCS#12">PKCS#12 Bundle</option> <option value="PKCS#12">PKCS#12 Bundle</option>
<option value="PEMCERT">PEM Certificate</option> <option value="PEMCERT">PEM Certificate</option>
<option value="PEMKEY">PEM Key</option> <option value="PEMKEY">PEM Key</option>
<option value="PEMBUNDLE">PEM Bundle</option> <option value="PEMBUNDLE">PEM Bundle</option>
<option value="PEMCABUNDLE">PEM Bundle w/Root</option> <option value="PEMCABUNDLE">PEM Bundle w/Root</option>
</select> </select>
<input type="submit" name="submit" value="Download"> <input type="submit" name="submit" value="Download">
&nbsp; or &nbsp; &nbsp; or &nbsp;
<input type="submit" name="submit" value="Go Back"> <input type="submit" name="submit" value="Go Back">
</form> </form>
<?php <?php
break; break;
case 'download': case 'download':
if (strstr($submit, "Back")) $dl_type = ''; if (strstr($submit, "Back")) {
$dl_type = '';
}
$rec = CAdb_get_entry($serial); $rec = CAdb_get_entry($serial);
switch ($dl_type) { switch ($dl_type) {
case 'PKCS#12': case 'PKCS#12':
upload($config['pfx_dir'] . "/$serial.pfx", "$rec[common_name].p12", 'application/x-pkcs12'); upload($config['pfx_dir'] . "/$serial.pfx", "$rec[common_name].p12", 'application/x-pkcs12');
break; break;
case 'PEMCERT': case 'PEMCERT':
upload($config['new_certs_dir'] . "/$serial.pem", "$rec[common_name]-cert.pem",'application/pkix-cert'); upload($config['new_certs_dir'] . "/$serial.pem", "$rec[common_name]-cert.pem", 'application/pkix-cert');
break; break;
case 'PEMKEY': case 'PEMKEY':
upload($config['private_dir'] . "/$serial-key.pem", "$rec[common_name]-key.pem",'application/octet-stream'); upload($config['private_dir'] . "/$serial-key.pem", "$rec[common_name]-key.pem", 'application/octet-stream');
break; break;
case 'PEMBUNDLE': case 'PEMBUNDLE':
upload(array($config['private_dir'] . "/$serial-key.pem",$config['new_certs_dir'] . "/$serial.pem"), $rec['common_name'] . "-Bundle.pem",'application/octet-stream'); upload(array($config['private_dir'] . "/$serial-key.pem",$config['new_certs_dir'] . "/$serial.pem"), $rec['common_name'] . "-Bundle.pem", 'application/octet-stream');
break; break;
case 'PEMCABUNDLE': case 'PEMCABUNDLE':
upload(array($config['private_dir'] . "/$serial-key.pem",$config['new_certs_dir'] . "/$serial.pem", $config['cacert_pem']), $rec['common_name'] . "-CABundle.pem",'application/octet-stream'); upload(array($config['private_dir'] . "/$serial-key.pem",$config['new_certs_dir'] . "/$serial.pem", $config['cacert_pem']), $rec['common_name'] . "-CABundle.pem", 'application/octet-stream');
break; break;
default: default:
header("Location: ${PHP_SELF}?$qstr_sort&$qstr_filter"); header("Location: ${PHP_SELF}?$qstr_sort&$qstr_filter");
} }
break; break;
case 'revoke-form': case 'revoke-form':
$rec = CAdb_get_entry($serial); $rec = CAdb_get_entry($serial);
printHeader('ca'); printHeader('ca');
?> ?>
<h4>You are about to <font color=red>REVOKE</font> the following certificate: <h4>You are about to <font color=red>REVOKE</font> the following certificate:
<hr> <hr>
<table width="500px"><tr> <table width="500px"><tr>
<td width="25%" style="white-space: nowrap"> <td width="25%" style="white-space: nowrap">
<p align="right"> <p align="right">
Serial Number<br> Serial Number<br>
User's Name<br> User's Name<br>
Email Address<br> Email Address<br>
Organization<br> Organization<br>
Department/Unit<br> Department/Unit<br>
Locality<br> Locality<br>
State/Province<br> State/Province<br>
Country<br> Country<br>
</p> </p>
</td> </td>
<?php <?php
print ' print '
<td> <td>
'.htvar($rec['serial']).'<br> '.htvar($rec['serial']).'<br>
'.htvar($rec['common_name']).'<br> '.htvar($rec['common_name']).'<br>
'.htvar($rec['email']).'<br> '.htvar($rec['email']).'<br>
'.htvar($rec['organization']).'<br> '.htvar($rec['organization']).'<br>
'.htvar($rec['unit']).'<br> '.htvar($rec['unit']).'<br>
'.htvar($rec['locality']).'<br> '.htvar($rec['locality']).'<br>
'.htvar($rec['province']).'<br> '.htvar($rec['province']).'<br>
'.htvar($rec['country']).'<br> '.htvar($rec['country']).'<br>
</td> </td>
</tr></table> </tr></table>
<h4>Are you sure?</h4> <h4>Are you sure?</h4>
<form action="'.$PHP_SELF.'?'.$qstr_sort.'&'.$qstr_filter.'" method=post> <form action="'.$PHP_SELF.'?'.$qstr_sort.'&'.$qstr_filter.'" method=post>
<input type=hidden name=stage value=revoke > <input type=hidden name=stage value=revoke >
<input type=hidden name=serial value='.$serial.' > <input type=hidden name=serial value='.$serial.' >
<input type=submit name=submit value=Yes >&nbsp <input type=submit name=submit value=Yes >&nbsp
<input type=submit name=submit value=Cancel> <input type=submit name=submit value=Cancel>
</form>'; </form>';
break; break;
case 'revoke': case 'revoke':
$ret = true; $ret = true;
if ($submit == 'Yes') if ($submit == 'Yes') {
list($ret, $errtxt) = CA_revoke_cert($serial); list($ret, $errtxt) = CA_revoke_cert($serial);
}
if (! $ret) { if (! $ret) {
printHeader('ca'); printHeader('ca');
print "<form action=\"$PHP_SELF?stage=revoke-form&serial=$serial&$qstr_sort&$qstr_filter\" method=post>"; print "<form action=\"$PHP_SELF?stage=revoke-form&serial=$serial&$qstr_sort&$qstr_filter\" method=post>";
?> ?>
<font color=#ff0000> <font color=#ff0000>
<h2>There was an error revoking your certificate.</h2></font><br> <h2>There was an error revoking your certificate.</h2></font><br>
<blockquote> <blockquote>
<h3>Debug Info:</h3> <h3>Debug Info:</h3>
<pre><?php echo $errtxt?></pre> <pre><?php echo $errtxt?></pre>
</blockquote> </blockquote>
<p> <p>
<input type=submit name=submit value=Back> <input type=submit name=submit value=Back>
<p> <p>
</form> </form>
<?php <?php
} } else {
else header("Location: ${PHP_SELF}?$qstr_sort&$qstr_filter");
header("Location: ${PHP_SELF}?$qstr_sort&$qstr_filter"); }
break; break;
case 'renew-form': case 'renew-form':
# #
# Get last known values submitted by this user. We only really # Get last known values submitted by this user. We only really
# need the expiry value, but the old cert values will override # need the expiry value, but the old cert values will override
# the rest. # the rest.
# #
if (! $submit and file_exists("config/user-${PHPki_user}.php")) { if (! $submit and file_exists("config/user-${PHPki_user}.php")) {
include("config/user-${PHPki_user}.php"); include("config/user-${PHPki_user}.php");
}
#
# Get values from the old certificate.
#
$rec = CAdb_get_entry($serial);
$country = $rec['country'];
$province = $rec['province'];
$locality = $rec['locality'];
$organization = $rec['organization'];
$unit = $rec['unit'];
$common_name = $rec['common_name'];
$email = $rec['email'];
printHeader('ca');
?>
<body onLoad="self.focus();document.form.passwd.focus();">
<form action="<?php echo $PHP_SELF.'?'.$qstr_sort.'&'.$qstr_filter?>" method=post name=form>
<table width=99%>
<th colspan="2"><h3>Certificate Renewal Form</h3></th>
<tr>
<td colspan="2" style="text-align:center">This will Revoke the old Certificate and Create a new one<br>You can add a password if required</td>
</tr>
<tr>
<td width="25%">Common Name </td>
<td><input type="text"" name="common_name" value="<?php echo htvar($common_name)?>" size="50" maxlength="60" disabled></td>
</tr>
<tr>
<td>E-mail Address </td>
<td><input type="text" name="email" value="<?php echo htvar($email)?>" size="50" maxlength="60" disabled></td>
</tr>
<tr>
<td>Organization </td>
<td><input type="text" name="organization" value="<?php echo htvar($organization)?>" size="60" maxlength="60" disabled></td>
</tr>
<tr>
<td>Department/Unit </td><td><input type="text" name="unit" value="<?php echo htvar($unit) ?>" size="40" maxlength="60" disabled></td>
</tr>
<tr>
<td>Locality</td><td><input type="text" name="locality" value="<?php echo htvar($locality) ?>" size="30" maxlength="30" disabled></td>
</tr>
<tr>
<td>State/Province</td><td><input type="text" name="province" value="<?php echo htvar($province) ?>" size="30" maxlength="30" disabled></td>
</tr>
<tr>
<td>Country</td>
<td><input type="text" name="country" value="<?php echo htvar($country) ?>" size="2" maxlength="2" disabled></td>
</tr>
<tr>
<td>Certificate Password </td>
<td><input type="password" name="passwd" value="<?php echo htvar($passwd) ?>" size="30"></td>
</tr>
<tr>
<td>Certificate Life </td>
<td><select name=expiry>
<?php
print "<option value=0.083 " . ($expiry == 1 ? "selected='selected'" : "") . " >1 Month</option>\n" ;
print "<option value=0.25 " . ($expiry == 1 ? "selected='selected'" : "") . " >3 Months</option>\n" ;
print "<option value=0.5 " . ($expiry == 1 ? "selected='selected'" : "") . " >6 Months</option>\n" ;
print "<option value=1 " . ($expiry == 1 ? "selected='selected'" : "") . " >1 Year</option>\n" ;
for ($i = 2; $i <= 5; $i++) {
print "<option value=$i " . ($expiry == $i ? "selected='selected'" : "") . " >$i Years</option>\n" ;
} }
#
# Get values from the old certificate.
#
$rec = CAdb_get_entry($serial);
$country = $rec['country'];
$province = $rec['province'];
$locality = $rec['locality'];
$organization = $rec['organization'];
$unit = $rec['unit'];
$common_name = $rec['common_name'];
$email = $rec['email'];
printHeader('ca'); ?>
?>
<body onLoad="self.focus();document.form.passwd.focus();">
<form action="<?php echo $PHP_SELF.'?'.$qstr_sort.'&'.$qstr_filter?>" method=post name=form> </select></td>
<table width=99%> </tr>
<th colspan="2"><h3>Certificate Renewal Form</h3></th> <tr>
<td>&nbsp</td>
<td>
<input type="submit" name="submit" value="Submit Request">&nbsp
<input type="submit" name="submit" value="Back">
<input type="hidden" name="stage" value="renew">
<input type="hidden" name="serial" value="<?php echo $serial ?>" >
</td>
</tr>
</table>
</form>
<?php
<tr> printFooter();
<td colspan="2" style="text-align:center">This will Revoke the old Certificate and Create a new one<br>You can add a password if required</td> break;
</tr>
<tr>
<td width="25%">Common Name </td>
<td><input type="text"" name="common_name" value="<?php echo htvar($common_name)?>" size="50" maxlength="60" disabled></td>
</tr>
<tr> case 'renew':
<td>E-mail Address </td> $ret = true;
<td><input type="text" name="email" value="<?php echo htvar($email)?>" size="50" maxlength="60" disabled></td> if ($submit == "Submit Request") {
</tr> list($ret, $errtxt) = CA_renew_cert($serial, $expiry, $passwd);
}
<tr>
<td>Organization </td>
<td><input type="text" name="organization" value="<?php echo htvar($organization)?>" size="60" maxlength="60" disabled></td>
</tr>
<tr>
<td>Department/Unit </td><td><input type="text" name="unit" value="<?php echo htvar($unit) ?>" size="40" maxlength="60" disabled></td>
</tr>
<tr>
<td>Locality</td><td><input type="text" name="locality" value="<?php echo htvar($locality) ?>" size="30" maxlength="30" disabled></td>
</tr>
<tr>
<td>State/Province</td><td><input type="text" name="province" value="<?php echo htvar($province) ?>" size="30" maxlength="30" disabled></td>
</tr>
<tr>
<td>Country</td>
<td><input type="text" name="country" value="<?php echo htvar($country) ?>" size="2" maxlength="2" disabled></td>
</tr>
<tr>
<td>Certificate Password </td>
<td><input type="password" name="passwd" value="<?php echo htvar($passwd) ?>" size="30"></td>
</tr>
<tr>
<td>Certificate Life </td>
<td><select name=expiry>
<?php
print "<option value=0.083 " . ($expiry == 1 ? "selected='selected'" : "") . " >1 Month</option>\n" ;
print "<option value=0.25 " . ($expiry == 1 ? "selected='selected'" : "") . " >3 Months</option>\n" ;
print "<option value=0.5 " . ($expiry == 1 ? "selected='selected'" : "") . " >6 Months</option>\n" ;
print "<option value=1 " . ($expiry == 1 ? "selected='selected'" : "") . " >1 Year</option>\n" ;
for ( $i = 2 ; $i <= 5 ; $i++ ) {
print "<option value=$i " . ($expiry == $i ? "selected='selected'" : "") . " >$i Years</option>\n" ;
}
?>
</select></td>
</tr>
<tr>
<td>&nbsp</td>
<td>
<input type="submit" name="submit" value="Submit Request">&nbsp
<input type="submit" name="submit" value="Back">
<input type="hidden" name="stage" value="renew">
<input type="hidden" name="serial" value="<?php echo $serial ?>" >
</td>
</tr>
</table>
</form>
<?php
printFooter();
break;
case 'renew':
$ret = true;
if ($submit == "Submit Request") {
list($ret, $errtxt) = CA_renew_cert($serial, $expiry, $passwd);
}
if (! $ret) { if (! $ret) {
printHeader('ca'); printHeader('ca');
print "<form action=\"$PHP_SELF?stage=renew-form&serial=$serial&$qstr_sort&$qstr_filter\" method=post>"; print "<form action=\"$PHP_SELF?stage=renew-form&serial=$serial&$qstr_sort&$qstr_filter\" method=post>";
?> ?>
<font color=#ff0000> <font color=#ff0000>
<h2>There was an error creating your certificate.</h2> <h2>There was an error creating your certificate.</h2>
</font><br> </font><br>
<blockquote> <blockquote>
<h3>Debug Info:</h3> <h3>Debug Info:</h3>
<pre><?php echo $errtxt?></pre> <pre><?php echo $errtxt?></pre>
</blockquote> </blockquote>
<p> <p>
<input type="submit" name="submit" value="Back"> <input type="submit" name="submit" value="Back">
<p> <p>
</form> </form>
<?php <?php
} } else {
else { header("Location: $PHP_SELF?$qstr_sort&$qstr_filter");
header("Location: $PHP_SELF?$qstr_sort&$qstr_filter"); }
}
break; break;
default: default:
printHeader('ca');
printHeader('ca'); ?>
<body onLoad="self.focus();document.filter.search.focus();">
?> <table style="margin:0 auto">
<body onLoad="self.focus();document.filter.search.focus();"> <tr><th colspan=9><big>CERTIFICATE MANAGEMENT CONTROL PANEL</big></th></tr>
<table style="margin:0 auto"> <tr><td colspan=9><center>
<tr><th colspan=9><big>CERTIFICATE MANAGEMENT CONTROL PANEL</big></th></tr> <form action="<?php echo "$PHP_SELF?$qstr_sort"?>" method="get" name="filter">
<tr><td colspan=9><center>
<form action="<?php echo "$PHP_SELF?$qstr_sort"?>" method="get" name="filter">
Search: <input type="text" name=search" value="<?php echo htvar($search)?>" style="font-size: 11px;" maxlength="60" size="30"> Search: <input type="text" name=search" value="<?php echo htvar($search)?>" style="font-size: 11px;" maxlength="60" size="30">
&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp &nbsp&nbsp&nbsp&nbsp&nbsp&nbsp
<input type="checkbox" name="show_valid" value="V" <?php echo ($show_valid?'checked':'')?>>Valid <input type="checkbox" name="show_valid" value="V" <?php echo ($show_valid?'checked':'')?>>Valid
&nbsp&nbsp &nbsp&nbsp
<input type="checkbox" name="show_revoked" value="R" <?php echo ($show_revoked?'checked':'')?>>Revoked <input type="checkbox" name="show_revoked" value="R" <?php echo ($show_revoked?'checked':'')?>>Revoked
&nbsp&nbsp &nbsp&nbsp
<input type="checkbox" name="show_expired" value="E" <?php echo ($show_expired?'checked':'')?>>Expired <input type="checkbox" name="show_expired" value="E" <?php echo ($show_expired?'checked':'')?>>Expired
&nbsp&nbsp&nbsp&nbsp&nbsp &nbsp&nbsp&nbsp&nbsp&nbsp
<input type="submit" name="submit" value="Apply Filter" style="font-size: 11px;"> <input type="submit" name="submit" value="Apply Filter" style="font-size: 11px;">
</form> </form>
</center></td> </center></td>
</tr> </tr>
<?php <?php
if (! $sortfield) { if (! $sortfield) {
$sortfield = 'email' ; $sortfield = 'email' ;
$ascdec = 'A'; $ascdec = 'A';
} }
if ($ascdec == 'A') { if ($ascdec == 'A') {
$arrow_gif = '../images/uparrow-blue.gif'; $arrow_gif = '../images/uparrow-blue.gif';
$ht_ascdec = 'D'; $ht_ascdec = 'D';
} } else {
else { $arrow_gif = '../images/downarrow-blue.gif';
$arrow_gif = '../images/downarrow-blue.gif'; $ht_ascdec = 'A';
$ht_ascdec = 'A'; }
}
print '<tr>'; print '<tr>';
$headings = array( $headings = array(
'status'=>"Status", 'issued'=>"Issued", 'expires'=>"Expires", 'status'=>"Status", 'issued'=>"Issued", 'expires'=>"Expires",
'common_name'=>"User's Name", 'email'=>"E-mail", 'common_name'=>"User's Name", 'email'=>"E-mail",
'organization'=>"Organization", 'unit'=>"Department", 'organization'=>"Organization", 'unit'=>"Department",
'locality'=>"Locality" 'locality'=>"Locality"
); );
foreach($headings as $field=>$head) { foreach ($headings as $field => $head) {
print '<th><a href="'.$PHP_SELF.'?sortfield='.$field.'&ascdec=A&'.$qstr_filter.'" title="Click to sort on this column."><u>'.$head.'</u></a>'; print '<th><a href="'.$PHP_SELF.'?sortfield='.$field.'&ascdec=A&'.$qstr_filter.'" title="Click to sort on this column."><u>'.$head.'</u></a>';
if ($sortfield == $field) { if ($sortfield == $field) {
print '&nbsp<a href="'.$PHP_SELF.'?sortfield='.$field.'&ascdec='.$ht_ascdec.'&'.$qstr_filter.'" >'. print '&nbsp<a href="'.$PHP_SELF.'?sortfield='.$field.'&ascdec='.$ht_ascdec.'&'.$qstr_filter.'" >'.
'<img src='.$arrow_gif.' height=12 alt=\'Change sort order.\' title=\'Click to reverse sort order.\'></a>'; '<img src='.$arrow_gif.' height=12 alt=\'Change sort order.\' title=\'Click to reverse sort order.\'></a>';
} }
print '</th>'; print '</th>';
} }
print '<th><font color=green>Actions</font></th>'; print '<th><font color=green>Actions</font></th>';
print '</tr>'; print '</tr>';
$x = "^[$show_valid$show_revoked$show_expired]"; $x = "^[$show_valid$show_revoked$show_expired]";
if (in_array($PHPki_user, $PHPki_admins)) { if (in_array($PHPki_user, $PHPki_admins)) {
$x = "$x.*$search"; $x = "$x.*$search";
} } else {
else { $x = "$x.*$search.*$PHPki_user|$x.*$PHPki_user.*$search";
$x = "$x.*$search.*$PHPki_user|$x.*$PHPki_user.*$search"; }
}
$db = csort(CAdb_to_array($x), $sortfield, ($ascdec=='A'?SORT_ASC:SORT_DESC)); $db = csort(CAdb_to_array($x), $sortfield, ($ascdec=='A'?SORT_ASC:SORT_DESC));
$stcolor = array('Valid'=>'green','Revoked'=>'red','Expired'=>'orange'); $stcolor = array('Valid'=>'green','Revoked'=>'red','Expired'=>'orange');
foreach($db as $rec) { foreach ($db as $rec) {
print '<tr style="font-size: 11px;"> print '<tr style="font-size: 11px;">
<td><font color='.$stcolor[$rec['status']].'><b>' .$rec[status].'</b></font></td> <td><font color='.$stcolor[$rec['status']].'><b>' .$rec[status].'</b></font></td>
<td style="white-space: nowrap">'.$rec['issued'].'</td> <td style="white-space: nowrap">'.$rec['issued'].'</td>
<td style="white-space: nowrap">'.$rec['expires'].'</td> <td style="white-space: nowrap">'.$rec['expires'].'</td>
<td>'.$rec['common_name'].'</td> <td>'.$rec['common_name'].'</td>
<td style="white-space: nowrap"><a href="mailto:' . htvar($rec['common_name']) . ' <' . htvar($rec['email']) . '>" >' . htvar($rec['email']) . '</a></td> <td style="white-space: nowrap"><a href="mailto:' . htvar($rec['common_name']) . ' <' . htvar($rec['email']) . '>" >' . htvar($rec['email']) . '</a></td>
<td>'.htvar($rec['organization']).'</td> <td>'.htvar($rec['organization']).'</td>
<td>'.htvar($rec['unit']).'</td> <td>'.htvar($rec['unit']).'</td>
<td>'.htvar($rec['locality']).'</td> <td>'.htvar($rec['locality']).'</td>
<td><a href="'.$PHP_SELF.'?stage=display&serial='.$rec['serial'].'" target=_certdisp>'. <td><a href="'.$PHP_SELF.'?stage=display&serial='.$rec['serial'].'" target=_certdisp>'.
'<img src=../images/display.png alt="Display" title="Display complete certificate details."></a>'; '<img src=../images/display.png alt="Display" title="Display complete certificate details."></a>';
if ($rec['status'] == 'Valid') { if ($rec['status'] == 'Valid') {
print ' print '
<a href="'.$PHP_SELF.'?stage=dl-confirm&serial='.$rec['serial'].'&'.$qstr_sort.'&'.$qstr_filter.'">'. <a href="'.$PHP_SELF.'?stage=dl-confirm&serial='.$rec['serial'].'&'.$qstr_sort.'&'.$qstr_filter.'">'.
'<img src=../images/download.png alt="Download" title="Download the PRIVATE certificate. DO NOT DISTRIBUTE THIS TO THE PUBLIC!"></a> '<img src=../images/download.png alt="Download" title="Download the PRIVATE certificate. DO NOT DISTRIBUTE THIS TO THE PUBLIC!"></a>
<a href="'.$PHP_SELF.'?stage=revoke-form&serial='.$rec['serial'].'&'.$qstr_sort.'&'.$qstr_filter.'">'. <a href="'.$PHP_SELF.'?stage=revoke-form&serial='.$rec['serial'].'&'.$qstr_sort.'&'.$qstr_filter.'">'.
'<img src=../images/revoke.png alt="Revoke" title="Revoke the certificate when the e-mail address is no longer valid or the certificate password or private key has been compromised."></a>'; '<img src=../images/revoke.png alt="Revoke" title="Revoke the certificate when the e-mail address is no longer valid or the certificate password or private key has been compromised."></a>';
} }
print ' print '
<a href="'.$PHP_SELF.'?stage=renew-form&serial='.$rec['serial'].'&'.$qstr_sort.'&'.$qstr_filter.'">'. <a href="'.$PHP_SELF.'?stage=renew-form&serial='.$rec['serial'].'&'.$qstr_sort.'&'.$qstr_filter.'">'.
'<img src=../images/renew.png alt="Renew" title="Renew the certificate by revoking it, if necessary, and creating a replacement with a new expiration date."></a> '<img src=../images/renew.png alt="Renew" title="Renew the certificate by revoking it, if necessary, and creating a replacement with a new expiration date."></a>
</td></tr>'; </td></tr>';
} }
print '</table>'; print '</table>';
printFooter(); printFooter();
} }
?> ?>

78
ca/policy.html
View File

@@ -1,78 +1,34 @@
<html> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 3.2//EN">
<html>
<head> <head>
<title>Certificate Authority Agreement</title> <title>Certificate Authority Agreement</title>
</head> </head>
<body> <body>
<h2 align="center">Certificate Authority Agreement</h2>
<h2 align=center>Certificate Authority Agreement</h2> <h3 align="center">Policy and Practices</h3><br>
<h3 align=center>Policy and Practices</h3> <br>
<br><br> <p>This is a statement of practices by this Digital Certificate Authority. Your use of this Certificate Authority constitutes your and/or your agency's understanding and full acceptance of these practices and all associated risks. <strong>Please have an authorized person at your agency sign this document and fax it to 000-000-0000</strong></p>
<p>This is a statement of practices by this Digital Certificate Authority.
Your use of this Certificate Authority constitutes your and/or your agency's
understanding and full acceptance of these practices and all associated risks.
<strong>Please have an authorized person at your agency sign this document and fax it to 000-000-0000</strong>
<p>This document may not be all encompassing, and we reserve the right to modify it at any time. <p>This document may not be all encompassing, and we reserve the right to modify it at any time.</p>
<ul> <ul>
<li> The sole role of this Certificate Authority is <li>The sole role of this Certificate Authority is to provide and maintain a password protected software application for the easy and instant creation and management of standard x.509 personal digital certificates for e-mail encryption. We assume no responsibility for verifying the identity of any persons other than that of the limited number of authorized users of the software. We accept no liability for damages resulting from the use, misuse, or compromise of the software application or its host server.</li>
to provide and maintain a password protected software application for the easy
and instant creation and management of standard x.509 personal digital
certificates for e-mail encryption. We assume no responsibility for
verifying the identity of any persons other than that of the limited number of
authorized users of the software.
We accept no liability for damages resulting from the use, misuse,
or compromise of the software application or its host server.
<p><li>As an authorized user of the software, you are in effect <strong>THE</strong> Certificate Authority for your <li>As an authorized user of the software, you are in effect <strong>THE</strong> Certificate Authority for your agency. As such, you are solely responsible for authenticating the identity of the persons for whom you obtain certificates. We accept no responsibility or liability for non-repudiation in any digital certificate created by this software. You agree that password protection to the application by authorized certificate managers, and personal identity management by those managers is sufficient to create a chain of trust for non-repudiation in all digital certificates created using the software.</li>
agency. As such, you are solely
responsible for authenticating the identity of the persons for whom you obtain
certificates. We accept no
responsibility or liability for non-repudiation in any digital certificate
created by this software. You agree that
password protection to the application by authorized certificate managers,
and personal identity management by
those managers is sufficient to create a chain of trust for non-repudiation
in all digital certificates created using the software.
<p><li>No more than two(2) <li>No more than two(2) users at your agency should have access to your agency's Certificate Authority password. We should be notified immediately, via e-mail, when the employment of any authorized user at your agency is terminated so that a new password can be issued.</li>
users at your agency should have access to your agency's Certificate Authority
password. We should be notified
immediately, via e-mail, when the employment of any
authorized user at your agency is terminated so that a new password can be
issued.
<p><li>This Certificate <li>This Certificate Authority software application is accessed via the Internet using standard SSL or Secure Server encryption mechanisms. Although steps have been taken to protect the security and availability of the host server and application, its exposure to the Internet as well as any presently unknown security flaws could lead to potential compromise of the software and your certificates.</li>
Authority software application is accessed via the Internet using standard SSL
or Secure Server encryption mechanisms.
Although steps have been taken to protect the security and availability
of the host server and application, its exposure to the Internet as well as any
presently unknown security flaws could lead to potential compromise of the
software and your certificates.
<p><li>No promise is made as <li>No promise is made as to the availability of the software in the event of hardware, software, or telecommunications failure or maintenance.&nbsp; No advanced notice will be given when the software must be temporarily taken off line for service.</li>
to the availability of the software in the event of hardware, software, or
telecommunications failure or maintenance.<2E>
No advanced notice will be given when the software must be temporarily
taken off line for service.
<p><li>In order to provide <li>In order to provide software which can easily create "instant" certificates it is necessary to store all private keys on the host server. As such, all private keys are potentially exposed to the Internet and suffer some risk of unauthorized access. However, since all private keys <strong>ARE ENCRYPTED</strong> using a password provided by you, they are unlikely to be usable by any intruder.</li>
software which can easily create &quot;instant&quot; certificates it is
necessary to store all private keys on the host server. As such, all private keys are potentially exposed
to the Internet and suffer some risk of unauthorized access. However, since all private keys <strong>ARE
ENCRYPTED</strong> using a password provided by you, they are unlikely to be usable by
any intruder.
<p><li>A publicly accessible <li>A publicly accessible web page is provided for interested Internet users to download the Certificate Authority root certificate, certificate revocation list, and search for the e-mail addresses and public certificates of users. So as to avoid e-mail address scraping by spammers, no static content with users' e-mail addresses is available.</li>
web page is provided for interested Internet users to download the Certificate </ul>
Authority root certificate, certificate revocation list, and search for the
e-mail addresses and public certificates of users. So as to avoid e-mail address scraping by spammers, no static
content with users' e-mail addresses is available.
</ul>
</body> </body>
</html> </html>

680
ca/request_cert.php
View File

@@ -7,7 +7,7 @@ include('../include/common.php') ;
include('../include/openssl_functions.php') ; include('../include/openssl_functions.php') ;
# User's preferences file # User's preferences file
$user_cnf = $config['home_dir'] . "/config/user-".strtr($PHPki_user,'/\\','|#').'.php'; $user_cnf = $config['home_dir'] . "/config/user-".strtr($PHPki_user, '/\\', '|#').'.php';
# Retrieve GET/POST values # Retrieve GET/POST values
$form_stage = gpvar('form_stage'); $form_stage = gpvar('form_stage');
@@ -48,355 +48,399 @@ $hidden_fields = '
switch ($form_stage) { switch ($form_stage) {
case 'validate':
$er = '';
case 'validate': if (! $country) {
$er = ''; $er .= 'Missing Country<br>';
}
if (! $province) {
$er .= 'Missing State/Province<br>';
}
if (! $locality) {
$er .= 'Missing Locality (City/County)<br>';
}
if (! $organization) {
$er .= 'Missing Organization (Company/Agency)<br>';
}
if (! $unit) {
$er .= 'Missing Unit/Department<br>';
}
if (! $common_name) {
$er .= 'Missing E-mail User\'s Full Name<br>';
}
if (! $email) {
$er .= 'Missing E-mail Address<br>';
}
if (! $country) $er .= 'Missing Country<br>'; if (($cert_type == 'email' || $cert_type == 'email_signing') && ! $passwd) {
if (! $province) $er .= 'Missing State/Province<br>'; $er .= 'Missing Certificate Password<br>';
if (! $locality) $er .= 'Missing Locality (City/County)<br>'; }
if (! $organization) $er .= 'Missing Organization (Company/Agency)<br>'; if (($cert_type == 'email' || $cert_type == 'email_signing') && ! $passwdv) {
if (! $unit) $er .= 'Missing Unit/Department<br>'; $er .= 'Missing Certificate Password Verification "Again"<br>';
if (! $common_name) $er .= 'Missing E-mail User\'s Full Name<br>'; }
if (! $email) $er .= 'Missing E-mail Address<br>';
if (($cert_type == 'email' || $cert_type == 'email_signing') && ! $passwd) $er .= 'Missing Certificate Password<br>'; if ($passwd && strlen($passwd) < 8) {
if (($cert_type == 'email' || $cert_type == 'email_signing') && ! $passwdv) $er .= 'Missing Certificate Password Verification "Again"<br>'; $er .= 'Certificate password is too short.<br>';
}
if ( $passwd && strlen($passwd) < 8 ) if ($passwd and $passwd != $passwdv) {
$er .= 'Certificate password is too short.<br>'; $er .= 'Password and password verification do not match.<br>';
}
if ( $passwd and $passwd != $passwdv ) //if ( ! is_alnum($passwd) or ! is_alnum($passwdv) )
$er .= 'Password and password verification do not match.<br>'; // $er .= 'Password contains invalid characters.<br>';
//if ( ! is_alnum($passwd) or ! is_alnum($passwdv) ) if ($email && ! is_email($email)) {
// $er .= 'Password contains invalid characters.<br>'; $er .= 'E-mail address ('. htvar($email) . ') may be invalid.<br>';
}
if ( $email && ! is_email($email) ) $ip_ar=explode("\n", $ip_addr);
$er .= 'E-mail address ('. htvar($email) . ') may be invalid.<br>'; foreach ($ip_ar as $value) {
if ($value && ! is_ip($value)) {
$er .= 'IP address ('. htvar($value) . ') may be invalid.<br>';
}
}
$ip_ar=explode("\n", $ip_addr); $dns_n=explode("\n", $dns_names);
foreach ($ip_ar as $value){ foreach ($dns_n as $value) {
if ( $value && ! is_ip($value) ) if ($value && ! is_fqdn(trim($value))) {
$er .= 'IP address ('. htvar($value) . ') may be invalid.<br>'; $er .= 'DNS Name ('. htvar($value) . ') may be invalid.<br>';
} }
}
$dns_n=explode("\n", $dns_names); if ($er) {
foreach ($dns_n as $value){ $er = '<h2>ERROR(S) IN FORM:</h2><h4><blockquote>' . $er . '</blockquote></h4>';
if ( $value && ! is_fqdn(trim($value)) ) }
$er .= 'DNS Name ('. htvar($value) . ') may be invalid.<br>';
}
if ( $er ) if ($email && ($serial = CAdb_in($email, $common_name))) {
$er = '<h2>ERROR(S) IN FORM:</h2><h4><blockquote>' . $er . '</blockquote></h4>'; $er = '';
$certtext = CA_cert_text($serial);
$er .= '<h2>A valid certificate already exists for ' . htvar("$common_name <$email>") . '</h2>';
$er .= '</font><blockquote><pre> ' . htvar($certtext) . ' </pre></blockquote>';
}
if ($email && ($serial = CAdb_in($email,$common_name))) { if ($er) {
$er = ''; printHeader();
$certtext = CA_cert_text($serial); ?>
$er .= '<h2>A valid certificate already exists for ' . htvar("$common_name <$email>") . '</h2>';
$er .= '</font><blockquote><pre> ' . htvar($certtext) . ' </pre></blockquote>';
} <form action='<?php echo $PHP_SELF?>' method=post>
<input type=submit name=submit value='Go Back'>
<font color=#ff0000><?php echo $er?></font>
<br><input type=submit name=submit value='Go Back'>
if ($er) { <?php
printHeader(); print $hidden_fields;
?> print "</form>";
<form action='<?php echo $PHP_SELF?>' method=post> printFooter();
<input type=submit name=submit value='Go Back'> break;
<font color=#ff0000><?php echo $er?></font> }
<br><input type=submit name=submit value='Go Back'>
<?php case 'confirm':
print $hidden_fields; printHeader();
print "</form>";
printFooter(); ?>
break; <h4>You are about to create a certificate using the following information:</h4>
} <table width=500><tr>
<td width=25% style='white-space: nowrap'>
<p align=right>
User's Name<br>
E-mail Address<br>
Organization<br>
Department/Unit<br>
Locality<br>
State/Province<br>
Country<br>
Certificate Life<br>
Key Size<br>
Certificate Use<br>
<?php
if ($cert_type == 'server') {
print 'DNS Alt Names<br>';
print 'IP Addresses<br>';
}
?>
</p>
</td>
case 'confirm': <td>
printHeader(); <?php
print htvar($common_name) . '<br>';
print htvar($email) . '<br>';
print htvar($organization) . '<br>';
print htvar($unit) . '<br>';
print htvar($locality) . '<br>';
print htvar($province) . '<br>';
print htvar($country) . '<br>';
print htvar($expiry). ' Year'.($expiry == 1 ? '' : 's').'<br>';
print htvar($keysize). ' bits<br>';
?> switch ($cert_type) {
<h4>You are about to create a certificate using the following information:</h4> case 'email':
<table width=500><tr> print 'E-mail, SSL Client' . '<br>';
<td width=25% style='white-space: nowrap'> break;
<p align=right> case 'email_signing':
User's Name<br> print 'E-mail, SSL Client, Code Signing' . '<br>';
E-mail Address<br> break;
Organization<br> case 'server':
Department/Unit<br> print 'SSL Server' . '<br>';
Locality<br> print htvar($dns_names). '<br>';
State/Province<br> print htvar($ip_addr). '<br>';
Country<br> break;
Certificate Life<br> case 'vpn_client':
Key Size<br> print 'VPN Client Only' . '<br>';
Certificate Use<br> break;
<?php case 'vpn_server':
if ($cert_type == 'server' ) { print 'VPN Server Only' . '<br>';
print 'DNS Alt Names<br>'; break;
print 'IP Addresses<br>'; case 'vpn_client_server':
} print 'VPN Client, VPN Server' . '<br>';
?> break;
</p> case 'time_stamping':
</td> print 'Time Stamping' . '<br>';
}
?>
</td>
<td> </tr></table>
<?php
print htvar($common_name) . '<br>';
print htvar($email) . '<br>';
print htvar($organization) . '<br>';
print htvar($unit) . '<br>';
print htvar($locality) . '<br>';
print htvar($province) . '<br>';
print htvar($country) . '<br>';
print htvar($expiry). ' Year'.($expiry == 1 ? '' : 's').'<br>';
print htvar($keysize). ' bits<br>';
switch ($cert_type) { <h4>Are you sure?</h4>
case 'email': <p><form action='<?php echo $PHP_SELF?>' method=post>
print 'E-mail, SSL Client' . '<br>'; <?php echo $hidden_fields ?>
break; <input type=hidden name=form_stage value=final>
case 'email_signing': <input type=submit name=submit value='Yes. Create and Download' >&nbsp;
print 'E-mail, SSL Client, Code Signing' . '<br>'; <input type=submit name=submit value='Yes. Just Create' >&nbsp;
break; <input type=submit name=submit value='Go Back'>
case 'server': </form>
print 'SSL Server' . '<br>';
print htvar($dns_names). '<br>';
print htvar($ip_addr). '<br>';
break;
case 'vpn_client':
print 'VPN Client Only' . '<br>';
break;
case 'vpn_server':
print 'VPN Server Only' . '<br>';
break;
case 'vpn_client_server':
print 'VPN Client, VPN Server' . '<br>';
break;
case 'time_stamping':
print 'Time Stamping' . '<br>';
} <?php
?> printFooter();
</td>
</tr></table> # Save user's defaults
$fp = fopen($user_cnf, 'w');
$x = '<?php
$country = \''.addslashes($country).'\';
$locality = \''.addslashes($locality).'\';
$province = \''.addslashes($province).'\';
$organization = \''.addslashes($organization).'\';
$unit = \''.addslashes($unit).'\';
$expiry = \''.addslashes($expiry).'\';
$keysize = \''.addslashes($keysize).'\';
?>';
fwrite($fp, $x);
fclose($fp);
<h4>Are you sure?</h4> break;
<p><form action='<?php echo $PHP_SELF?>' method=post>
<?php echo $hidden_fields ?>
<input type=hidden name=form_stage value=final>
<input type=submit name=submit value='Yes. Create and Download' >&nbsp;
<input type=submit name=submit value='Yes. Just Create' >&nbsp;
<input type=submit name=submit value='Go Back'>
</form>
<?php case 'final':
printFooter(); if ($submit == "Yes Create and Download" || $submit == "Yes. Just Create") {
if (! $serial = CAdb_in($email, $common_name)) {
list($ret,$errtxt) = CA_create_cert($cert_type, $country, $province, $locality, $organization, $unit, $common_name, $email, $expiry, $passwd, $keysize, $dns_names, $ip_addr);
# Save user's defaults if (! $ret) {
$fp = fopen($user_cnf,'w'); printHeader();
$x = '<?php ?>
$country = \''.addslashes($country).'\'; <form action="<?php echo $PHP_SELF?>" method="post">
$locality = \''.addslashes($locality).'\'; <font color=#ff0000>
$province = \''.addslashes($province).'\'; <h2>There was an error creating your certificate.</h2></font><br>
$organization = \''.addslashes($organization).'\'; <blockquote>
$unit = \''.addslashes($unit).'\'; <h3>Debug Info:</h3>
$expiry = \''.addslashes($expiry).'\'; <pre><?php echo $errtxt?></pre>
$keysize = \''.addslashes($keysize).'\'; </blockquote>
?>'; <p>
fwrite($fp,$x); <?php echo $hidden_fields?>
fclose($fp); <input type=submit name=submit value=Back>
<p>
</form>
<?php
printFooter();
break;
} else {
$serial = $errtxt;
}
}
}
if ($submit == "Yes Create and Download") {
switch ($cert_type) {
case 'server':
# upload(array("$config[private_dir]/$serial-key.pem","$config[new_certs_dir]/$serial.pem",$config['cacert_pem']), "$common_name ($email).pem",'application/pkix-cert');
upload(array($config['private_dir'] . "/$serial-key.pem",$config['new_certs_dir'] . "/$serial.pem",$config['cacert_pem']), $rec['common_name'] . "-Bundle.pem", 'application/pkix-cert');
break;
case 'email':
case 'email_signing':
case 'time_stamping':
case 'vpn_client_server':
case 'vpn_client':
case 'vpn_server':
# upload("$config[pfx_dir]/$serial.pfx", "$common_name ($email).p12", 'application/x-pkcs12');
upload($config['pfx_dir'] . "/$serial.pfx", $rec['common_name'] . ".p12", 'application/x-pkcs12');
break;
}
# Clear common_name fields
$common_name = '';
break;
}
# Clear common_name fields
$common_name = '';
break; // We could add 'return to index or create another certificate'
case 'final': default:
if ($submit == "Yes Create and Download" || $submit == "Yes. Just Create") { #
if (! $serial = CAdb_in($email,$common_name)) { # Default fields to reasonable values if necessary.
list($ret,$errtxt) = CA_create_cert($cert_type, $country, $province, $locality, $organization, $unit, $common_name, $email, $expiry, $passwd, $keysize, $dns_names, $ip_addr); #
if (! $submit and file_exists($user_cnf)) {
include($user_cnf);
}
if (! $ret) { if (! $country) {
printHeader(); $country = $config['country'];
?> }
<form action="<?php echo $PHP_SELF?>" method="post"> if (! $province) {
<font color=#ff0000> $province = $config['province'];
<h2>There was an error creating your certificate.</h2></font><br> }
<blockquote> if (! $locality) {
<h3>Debug Info:</h3> $locality = "";
<pre><?php echo $errtxt?></pre> }
</blockquote> if (! $organization) {
<p> $organization = "";
<?php echo $hidden_fields?> }
<input type=submit name=submit value=Back> if (! $unit) {
<p> $unit = "";
</form> }
<?php if (! $email) {
printFooter(); $email = "";
break; }
} if (! $expiry) {
else { $expiry = 1;
$serial = $errtxt; }
} if (! $keysize) {
} $keysize = 2048;
} }
if (! $cert_type) {
if ($submit == "Yes Create and Download") { $cert_type = 'email';
switch($cert_type) { }
case 'server': if (! $dns_names) {
# upload(array("$config[private_dir]/$serial-key.pem","$config[new_certs_dir]/$serial.pem",$config['cacert_pem']), "$common_name ($email).pem",'application/pkix-cert'); $dns_names = "";
upload(array($config['private_dir'] . "/$serial-key.pem",$config['new_certs_dir'] . "/$serial.pem",$config['cacert_pem']), $rec['common_name'] . "-Bundle.pem",'application/pkix-cert'); }
break; if (! $ip_addr) {
case 'email': $ip_addr = "";
case 'email_signing': }
case 'time_stamping':
case 'vpn_client_server':
case 'vpn_client':
case 'vpn_server':
# upload("$config[pfx_dir]/$serial.pfx", "$common_name ($email).p12", 'application/x-pkcs12');
upload($config['pfx_dir'] . "/$serial.pfx", $rec['common_name'] . ".p12", 'application/x-pkcs12');
break;
}
# Clear common_name fields
$common_name = '';
break;
}
# Clear common_name fields
$common_name = '';
// We could add 'return to index or create another certificate' printHeader();
?>
<body onLoad="self.focus();document.request.common_name.focus();document.request.cert_type.onchange();">
<form action="<?php echo $PHP_SELF?>" method=post name=request>
<table width=99%>
<th colspan=2><h3>Certificate Request Form</h3></th>
default:
#
# Default fields to reasonable values if necessary.
#
if (! $submit and file_exists($user_cnf)) include($user_cnf);
if (! $country) $country = $config['country'];
if (! $province) $province = $config['province'];
if (! $locality) $locality = "";
if (! $organization) $organization = "";
if (! $unit) $unit = "";
if (! $email) $email = "";
if (! $expiry) $expiry = 1;
if (! $keysize) $keysize = 2048;
if (! $cert_type) $cert_type = 'email';
if (! $dns_names) $dns_names = "";
if (! $ip_addr) $ip_addr = "";
printHeader();
?>
<body onLoad="self.focus();document.request.common_name.focus();document.request.cert_type.onchange();">
<form action="<?php echo $PHP_SELF?>" method=post name=request>
<table width=99%>
<th colspan=2><h3>Certificate Request Form</h3></th>
<tr>
<td width=30%>Common Name<font color=red size=3>*</font><br>(i.e. User real name or computer hostname - used as SubjectAltName)</td>
<td><input type=text name=common_name value="<?php echo htvar($common_name)?>" size=50 maxlength=60></td>
</tr>
<tr>
<td>E-mail Address <font color=red size=3>*</font></td>
<td><input type=text name=email value="<?php echo htvar($email)?>" size=50 maxlength=60></td>
</tr>
<tr>
<td>Organization (Company/Agency)<font color=red size=3>*</font></td>
<td><input type=text name=organization value="<?php echo htvar($organization)?>" size=60 maxlength=60></td>
</tr>
<tr>
<td>Department/Unit<font color=red size=3>*</font> </td><td><input type=text name=unit value="<?php echo htvar($unit) ?>" size=40 maxlength=60></td>
</tr>
<tr>
<td>Locality (City/County)<font color=red size=3>*</font></td><td><input type=text name=locality value="<?php echo htvar($locality) ?>" size=30 maxlength=30></td>
</tr>
<tr>
<td>State/Province<font color=red size=3>*</font></td><td><input type=text name=province value="<?php echo htvar($province) ?>" size=30 maxlength=30></td>
</tr>
<tr>
<td>Country<font color=red size=3>*</font></td>
<td><input type=text name=country value="<?php echo htvar($country) ?>" size=2 maxlength=2></td>
</tr>
<tr>
<td>Certificate Password<font color=red size=3>*</font><br>(Mandatory for Email,SSL Client,Code signing)</td>
<td><input type=password name=passwd value="<?php echo htvar($passwd) ?>" size=30>&nbsp;&nbsp; Again <input type=password name=passwdv value="<?php echo htvar($passwdv) ?>" size=30></td>
</tr>
<tr>
<td>Certificate Life<font color=red size=3>*</font> </td>
<td><select name=expiry>
<?php
print "<option value=0.083 " . ($expiry == 1 ? "selected='selected'" : "") . " >1 Month</option>\n" ;
print "<option value=0.25 " . ($expiry == 1 ? "selected='selected'" : "") . " >3 Months</option>\n" ;
print "<option value=0.5 " . ($expiry == 1 ? "selected='selected'" : "") . " >6 Months</option>\n" ;
print "<option value=1 " . ($expiry == 1 ? "selected='selected'" : "") . " >1 Year</option>\n" ;
for ( $i = 2 ; $i <= 5 ; $i++ ) {
print "<option value=$i " . ($expiry == $i ? "selected='selected'" : "") . " >$i Years</option>\n" ;
}
?>
</select></td>
</tr>
<tr>
<td>Key Size<font color=red size=3>*</font> </td>
<td><select name=keysize>
<?php
for ( $i = 512 ; $i <= 4096 ; $i+= 512 ) {
print "<option value=$i " . ($keysize == $i ? "selected='selected'" : "") . ">$i bits</option>\n" ;
}
?>
</select></td>
</tr>
<tr>
<td>Certificate Use:<font color=red size=3>*</font> </td>
<td><select name=cert_type onchange="if (this.value=='server')
{setVisibility('testrow1',true);setVisibility('testrow2',true);} else {setVisibility('testrow1',false);setVisibility('testrow2',false);}">
<?php
print '<option value="email" '.($cert_type=='email'?'selected':'').'>E-mail, SSL Client</option>';
print '<option value="email_signing" '.($cert_type=='email_signing'?'selected':'').'>E-mail, SSL Client, Code Signing</option>';
print '<option value="server" '.($cert_type=='server'?'selected':'').'>SSL Server</option>';
print '<option value="vpn_client" '.($cert_type=='vpn_client'?'selected':'').'>VPN Client Only</option>';
print '<option value="vpn_server" '.($cert_type=='vpn_server'?'selected':'').'>VPN Server Only</option>';
print '<option value="vpn_client_server" '.($cert_type=='vpn_client_server'?'selected':'').'>VPN Client, VPN Server</option>';
print '<option value="time_stamping" '.($cert_type=='time_stamping'?'selected':'').'>Time Stamping</option>';
?>
</select></td>
</tr>
<tr id="testrow2" name="testrow2" style="visibility:hidden;display:none;">
<td>Alternative DNS Names<br>(only one per Line)</td><td><textarea name=dns_names cols=30 rows=5><?php echo htvar($dns_names) ?></textarea></td>
</tr>
<tr id="testrow1" name="testrow1" style="visibility:hidden;display:none;">
<td>IP's<br>(only one per Line)</td><td><textarea name=ip_addr cols=30 rows=5><?php echo htvar($ip_addr) ?></textarea></td>
</tr>
<tr> <tr>
<td>&nbsp</td> <td width=30%>Common Name<font color=red size=3>*</font><br>(i.e. User real name or computer hostname - used as SubjectAltName)</td>
<td>&nbsp</td> <td><input type=text name=common_name value="<?php echo htvar($common_name)?>" size=50 maxlength=60></td>
</tr> </tr>
<tr>
<td><font color=red size=3>* Fields are required</td><td><input type=submit name=submit value='Submit Request'><input type=hidden name=form_stage value='validate'></td>
</tr>
</table>
</form>
<?php
printFooter(); <tr>
<td>E-mail Address <font color=red size=3>*</font></td>
<td><input type=text name=email value="<?php echo htvar($email)?>" size=50 maxlength=60></td>
</tr>
<tr>
<td>Organization (Company/Agency)<font color=red size=3>*</font></td>
<td><input type=text name=organization value="<?php echo htvar($organization)?>" size=60 maxlength=60></td>
</tr>
<tr>
<td>Department/Unit<font color=red size=3>*</font> </td><td><input type=text name=unit value="<?php echo htvar($unit) ?>" size=40 maxlength=60></td>
</tr>
<tr>
<td>Locality (City/County)<font color=red size=3>*</font></td><td><input type=text name=locality value="<?php echo htvar($locality) ?>" size=30 maxlength=30></td>
</tr>
<tr>
<td>State/Province<font color=red size=3>*</font></td><td><input type=text name=province value="<?php echo htvar($province) ?>" size=30 maxlength=30></td>
</tr>
<tr>
<td>Country<font color=red size=3>*</font></td>
<td><input type=text name=country value="<?php echo htvar($country) ?>" size=2 maxlength=2></td>
</tr>
<tr>
<td>Certificate Password<font color=red size=3>*</font><br>(Mandatory for Email,SSL Client,Code signing)</td>
<td><input type=password name=passwd value="<?php echo htvar($passwd) ?>" size=30>&nbsp;&nbsp; Again <input type=password name=passwdv value="<?php echo htvar($passwdv) ?>" size=30></td>
</tr>
<tr>
<td>Certificate Life<font color=red size=3>*</font> </td>
<td><select name=expiry>
<?php
print "<option value=0.083 " . ($expiry == 1 ? "selected='selected'" : "") . " >1 Month</option>\n" ;
print "<option value=0.25 " . ($expiry == 1 ? "selected='selected'" : "") . " >3 Months</option>\n" ;
print "<option value=0.5 " . ($expiry == 1 ? "selected='selected'" : "") . " >6 Months</option>\n" ;
print "<option value=1 " . ($expiry == 1 ? "selected='selected'" : "") . " >1 Year</option>\n" ;
for ($i = 2; $i <= 5; $i++) {
print "<option value=$i " . ($expiry == $i ? "selected='selected'" : "") . " >$i Years</option>\n" ;
}
?>
</select></td>
</tr>
<tr>
<td>Key Size<font color=red size=3>*</font> </td>
<td><select name=keysize>
<?php
for ($i = 512; $i <= 4096; $i+= 512) {
print "<option value=$i " . ($keysize == $i ? "selected='selected'" : "") . ">$i bits</option>\n" ;
}
?>
</select></td>
</tr>
<tr>
<td>Certificate Use:<font color=red size=3>*</font> </td>
<td><select name=cert_type onchange="if (this.value=='server')
{setVisibility('testrow1',true);setVisibility('testrow2',true);} else {setVisibility('testrow1',false);setVisibility('testrow2',false);}">
<?php
print '<option value="email" '.($cert_type=='email'?'selected':'').'>E-mail, SSL Client</option>';
print '<option value="email_signing" '.($cert_type=='email_signing'?'selected':'').'>E-mail, SSL Client, Code Signing</option>';
print '<option value="server" '.($cert_type=='server'?'selected':'').'>SSL Server</option>';
print '<option value="vpn_client" '.($cert_type=='vpn_client'?'selected':'').'>VPN Client Only</option>';
print '<option value="vpn_server" '.($cert_type=='vpn_server'?'selected':'').'>VPN Server Only</option>';
print '<option value="vpn_client_server" '.($cert_type=='vpn_client_server'?'selected':'').'>VPN Client, VPN Server</option>';
print '<option value="time_stamping" '.($cert_type=='time_stamping'?'selected':'').'>Time Stamping</option>';
?>
</select></td>
</tr>
<tr id="testrow2" name="testrow2" style="visibility:hidden;display:none;">
<td>Alternative DNS Names<br>(only one per Line)</td><td><textarea name=dns_names cols=30 rows=5><?php echo htvar($dns_names) ?></textarea></td>
</tr>
<tr id="testrow1" name="testrow1" style="visibility:hidden;display:none;">
<td>IP's<br>(only one per Line)</td><td><textarea name=ip_addr cols=30 rows=5><?php echo htvar($ip_addr) ?></textarea></td>
</tr>
<tr>
<td>&nbsp</td>
<td>&nbsp</td>
</tr>
<tr>
<td><font color=red size=3>* Fields are required</td><td><input type=submit name=submit value='Submit Request'><input type=hidden name=form_stage value='validate'></td>
</tr>
</table>
</form>
<?php
printFooter();
} }
?> ?>

1
config.php
View File

@@ -1,3 +1,2 @@
<?php <?php
define("PHPKI_VERSION", "0.84"); define("PHPKI_VERSION", "0.84");
?>

206
css/style.css
View File

@@ -1,171 +1,171 @@
h1 { h1 {
font-size: 32px; font-size: 32px;
} }
h2 { h2 {
font-size: 24px; font-size: 24px;
} }
h3 { h3 {
font-size: 18px; font-size: 18px;
} }
body { body {
margin: 10px; margin: 10px;
padding: 0; padding: 0;
background: #fafaff; background: #fafaff;
font-family: Arial, Veranda, Helvetica, sans-serif; font-family: Arial, Veranda, Helvetica, sans-serif;
font-size: 14px; font-size: 14px;
} }
img { img {
border: 0; border: 0;
} }
a { a {
color: #00F; color: #00F;
background-color: transparent; background-color: transparent;
} }
a:link, a:active, a:visited { a:link, a:active, a:visited {
color: #00F; color: #00F;
background-color: transparent; background-color: transparent;
} }
a.headermenu:link, a.headermenu:active, a.headermenu:visited { a.headermenu:link, a.headermenu:active, a.headermenu:visited {
text-decoration: underline; text-decoration: underline;
color: #00F; color: #00F;
background-color: transparent; background-color: transparent;
padding-left: 8px; padding-left: 8px;
} }
form { form {
padding: 0; padding: 0;
margin: 0; margin: 0;
} }
fieldset { fieldset {
border: 2px solid black; border: 2px solid black;
margin-left: 10px; margin-left: 10px;
padding: 10px; padding: 10px;
width: 700px; width: 700px;
font-size: 10px; font-size: 10px;
} }
legend { legend {
background-color: rgb(200, 220, 240); background-color: rgb(200, 220, 240);
border: 2px solid black; border: 2px solid black;
padding: 0.25em; padding: 0.25em;
padding-top: 0.1em; padding-top: 0.1em;
font-size: 12px; font-size: 12px;
} }
table { table {
font-size: 12px; font-size: 12px;
margin-right: .1in; margin-right: .1in;
} }
th { th {
font-weight: bold; font-weight: bold;
background-color: #AFC3E4; background-color: #AFC3E4;
padding: 3px; padding: 3px;
color: #323C4D; color: #323C4D;
text-align: center; text-align: center;
vertical-align: middle; vertical-align: middle;
border: 1px solid #606060; border: 1px solid #606060;
white-space: nowrap; white-space: nowrap;
} }
td { td {
background-color: #DEE3EC; background-color: #DEE3EC;
padding: 3px; padding: 3px;
text-align: left; text-align: left;
vertical-align: middle; vertical-align: middle;
border: 1px solid #a0a0a0; border: 1px solid #a0a0a0;
} }
.menu { .menu {
height: 22px; height: 22px;
font-size: 13px; font-size: 13px;
text-align: center; text-align: center;
vertical-align: bottom; vertical-align: bottom;
border: 1px solid #808080; border: 1px solid #808080;
border-left: 2px solid #808080; border-left: 2px solid #808080;
border-bottom: 2px solid #808080; border-bottom: 2px solid #808080;
color: #000000; color: #000000;
} }
.menu-pad { .menu-pad {
height: 22px; height: 22px;
font-size: 13px; font-size: 13px;
text-align: center; text-align: center;
padding-left: 1em; padding-left: 1em;
padding-right: 1em; padding-right: 1em;
vertical-align: bottom; vertical-align: bottom;
border: 1px solid #808080; border: 1px solid #808080;
border-left: 2px solid #808080; border-left: 2px solid #808080;
border-bottom: 2px solid #808080; border-bottom: 2px solid #808080;
color: #000000; color: #000000;
} }
.menu a { .menu a {
vertical-align: bottom; vertical-align: bottom;
text-decoration: none; text-decoration: none;
font-size: 13px; font-size: 13px;
} }
.headermenu-ie { .headermenu-ie {
text-align: center; text-align: center;
margin-right: 0.1in; margin-right: 0.1in;
margin-top: 0.20in; margin-top: 0.20in;
} }
.headermenu-konq { .headermenu-konq {
text-align: center; text-align: center;
margin-right: 0.1in; margin-right: 0.1in;
margin-top: 0.25in; margin-top: 0.25in;
} }
.logo-ie { .logo-ie {
font-family: 'impact', sans-serif; font-family: 'impact', sans-serif;
font-size: 60pt; font-size: 60pt;
font-weight: bold; font-weight: bold;
color: #99caff; color: #99caff;
margin-top: -0.20in; margin-top: -0.20in;
margin-bottom: 0; margin-bottom: 0;
margin-right: 0.2in; margin-right: 0.2in;
text-align: left; text-align: left;
} }
.title-ie { .title-ie {
font-family: 'impact', sans-serif; font-family: 'impact', sans-serif;
font-size: 22pt; font-size: 22pt;
font-weight: bold; font-weight: bold;
font-style: italic; font-style: italic;
margin-right: 0.4in; margin-right: 0.4in;
margin-top: -0.52in; margin-top: -0.52in;
margin-bottom: 0; margin-bottom: 0;
text-align: left; text-align: left;
} }
.logo-konq { .logo-konq {
font-family: 'impact', sans-serif; font-family: 'impact', sans-serif;
font-size: 62pt; font-size: 62pt;
font-weight: bold; font-weight: bold;
color: #99caff; color: #99caff;
margin-top: -0.20in; margin-top: -0.20in;
margin-bottom: 0; margin-bottom: 0;
margin-right: 0.2in; margin-right: 0.2in;
text-align: left; text-align: left;
} }
.title-konq { .title-konq {
font-family: 'impact', 'sans-serif'; font-family: 'impact', 'sans-serif';
font-size: 24pt; font-size: 24pt;
font-weight: bold; font-weight: bold;
font-style: italic; font-style: italic;
margin-right: 0.4in; margin-right: 0.4in;
margin-top: -0.55in; margin-top: -0.55in;
margin-bottom: 0; margin-bottom: 0;
text-align: left; text-align: left;
} }

2
gen_crl.php
View File

@@ -10,5 +10,3 @@ include('../html/include/common.php') ;
include('../html/include/openssl_functions.php') ; include('../html/include/openssl_functions.php') ;
CA_generate_crl(); CA_generate_crl();
?>

11
help.php
View File

@@ -5,11 +5,12 @@ include('./include/common.php');
printHeader(about); printHeader(about);
?> ?>
<center><h1>PHPki HELP FILES</h1> <center>
<a href=<?php echo BASE_URL?>help/PKI_basics.html><h3>PKI and E-mail Encryption - A Brief Explanation</h3></a> <h1>PHPki HELP FILES</h1>
<a href=<?php echo BASE_URL?>help/cacert_install_ie.html><h3>Installing Our Root Certificate For Use With Outlook and Outlook Express</h3></a> <p><a href="<?php echo BASE_URL?>"help/PKI_basics.html><h3>PKI and E-mail Encryption - A Brief Explanation</h3></a></p>
<p><a href=<?php echo BASE_URL?>help/usercert_install_ie.html><h3>Installing Your Personal E-mail Certificate For Use With Outlook and Outlook Express</h3></a> <p><a href="<?php echo BASE_URL?>"help/cacert_install_ie.html><h3>Installing Our Root Certificate For Use With Outlook and Outlook Express</h3></a></p>
<p><a href=<?php echo BASE_URL?>help/glossary.html><h3>Glossary</h3></a> <p><a href="<?php echo BASE_URL?>"help/usercert_install_ie.html><h3>Installing Your Personal E-mail Certificate For Use With Outlook and Outlook Express</h3></a></p>
<p><a href="<?php echo BASE_URL?>"help/glossary.html><h3>Glossary</h3></a></p>
</center> </center>
<?php <?php
printFooter(); printFooter();

68
help/PKI_basics.html
View File

@@ -1,64 +1,28 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html> <html>
<head> <head>
<link rel='stylesheet' type='text/css' href='../css/style.css'> <link rel='stylesheet' type='text/css' href='../css/style.css'>
<title>PKI and E-mail Encryption - A Brief Explanation</title>
<title>PKI and E-mail Encryption - A Brief Explanation</title>
</head> </head>
<body> <body>
<center><h1>PKI and E-mail Encryption - A Brief Explanation</h2></center> <center>
<h1>PKI and E-mail Encryption - A Brief Explanation</h1>
</center>
PKI stands for <cite>Public Key Infrastructure</cite>. PKI is Information <p>PKI stands for <cite>Public Key Infrastructure</cite>. PKI is Information Technology infrastructure that enables users of a basically unsecure public network (such as the Internet) to securely and privately exchange data through the use of a <a href="glossary.html#KEYS" target="glossary">public and a private cryptographic key pair</a> that is obtained and shared through a <a href="glossary.html#CA" target="glossary">trusted Authority</a>.</p>
Technology infrastructure that enables users of a basically unsecure public
network (such as the Internet) to securely and privately exchange data through
the use of a <a href=glossary.html#KEYS target=glossary>public and a private
cryptographic key pair</a> that is obtained and shared through a
<a href=glossary.html#CA target=glossary>trusted Authority</a>.
<p> <p>Public and private keys are like two halves of a single key. PKI encryption algorithms are designed such that a public key is used to encrypt or "lock" a message, and only the complementary private key can "unlock" that message. Think of a bank vault or safe that can only be unlocked by two individuals using two different but complementary keys. Neither of those keys can be used by itself to unlock the vault.</p>
Public and private keys are like two halves of a single key. PKI encryption
algorithms are designed such that a public key is used to encrypt or
"lock" a message, and only the complementary private key can "unlock" that
message.
Think of a bank vault or safe that can only be unlocked by two individuals
using two different but complementary keys. Neither of those keys can be used
by itself to unlock the vault.
<p> <p>In practice, individuals wishing to exchange encrypted e-mail will agree to mutually trust one or more <a href="glossary.html#CA" target="glossary">Certificate Authorities(CA)</a> by downloading and installing each trusted Authority's <a href="glossary.html#ROOT-CERT" target="glossary">root certificate</a> on their computers. They will each obtain their own personal <a href="glossary.html#CERTIFICATE" target="glossary">digital certificate</a> from a trusted Certificate Authority, and install them on their respective computers. Because they mutually trust the Certificate Authorities, they trust each other's digital certificates. More specifically, they trust the <a href="glossary.html#KEYS" target="glossary">public keys</a> contained within their personal digital certificates which have been <a href="glossary.html#SIGNATURE" target="glossary">digitally signed</a> by a trusted Certificate Authority. They will then exchange their trusted public keys by sending each other digitally
In practice, individuals wishing to exchange encrypted e-mail signed e-mail messages. Once each party has the other's public key, they may exchange trusted and encrypted messsages.</p>
will agree to mutually trust one or more <a href=glossary.html#CA target=glossary>
Certificate Authorities(CA)</a> by downloading and installing each trusted Authority's
<a href=glossary.html#ROOT-CERT target=glossary>root certificate</a> on their computers.
They will each obtain their own personal
<a href=glossary.html#CERTIFICATE target=glossary>digital certificate</a>
from a trusted Certificate Authority, and install them on their
respective computers.
Because they mutually trust the Certificate Authorities, they trust each other's
digital certificates. More specifically, they trust the
<a href=glossary.html#KEYS target=glossary>public keys</a> contained within
their personal digital certificates which have been
<a href=glossary.html#SIGNATURE target=glossary>digitally signed</a> by a
trusted Certificate Authority.
They will then exchange their trusted public keys by sending each other
digitally signed e-mail messages. Once each party has the other's public key,
they may exchange trusted and encrypted messsages.
<p> <p>Public key exchange and encryption is like exchanging notarized documents. One trusts a notarized document because a trusted third party, the Notary Public, has signed it. The Certificate Authority is the Notary Public, and the public keys are the documents.</p>
Public key exchange and encryption is like exchanging notarized documents.
One trusts a notarized document because a trusted third party, the Notary
Public, has signed it. The Certificate Authority is the Notary Public, and
the public keys are the documents.
<p> <p>Remember, having a personal digital certificate alone does <strong>not</strong> give one the ability to send encrypted e-mail to others, but only allows the <strong>receipt</strong> of encrypted e-mail. PKI is a cooperative encryption standard. Both parties who are exchanging encrypted messages must have personal digital certificates, they must trust the Certificate Authority which issued the other persons certificate, and they must exchange public keys with each other, as described above.</p>
Remember, having a personal digital certificate alone does <strong>not</strong>
give one the ability to send encrypted e-mail to others, but only allows the
<strong>receipt</strong> of encrypted e-mail. PKI is a cooperative encryption
standard. Both parties who are exchanging encrypted messages must have
personal digital certificates, they must trust the Certificate Authority
which issued the other persons certificate, and they must exchange
public keys with each other, as described above.
<p>
The process of installing certificates and exchanging public keys is dependent
upon the e-mail application one uses, and is beyond the scope of this document.
<p>The process of installing certificates and exchanging public keys is dependent upon the e-mail application one uses, and is beyond the scope of this document.</p>
</body> </body>
</html> </html>

64
help/cacert_install_ie.html
View File

@@ -1,29 +1,47 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html> <html>
<head> <head>
<title>Root Certificate Installation for Outlook & Outlook Express</title> <title>Root Certificate Installation for Outlook &amp; Outlook Express</title>
<link rel='stylesheet' type='text/css' href='../css/style.css'> <link rel='stylesheet' type='text/css' href='../css/style.css'>
</head> </head>
<body>
<center><h1>Root Certificate Installation for Outlook & Outlook Express</h1>
<h2>A Step-by-Step Guide</h2></center><br>
<h4>
<p><img src=../images/right-click-install-cacert.jpg>
<p>Open the folder which holds the certificates you have downloaded.<br>
Right-click on the certificate you wish to install, and select
<cite>Install Certificate</cite> from the context menu.
<p><br><img src=../images/cert-wizard1-welcome.jpg >
<p>Click the <cite>Next</cite> button in the <cite>Certificate Wizard</cite>
welcome window.
<p><br><img src=../images/cert-wizard4-select-store.jpg>
<p>Click the <cite>Next</cite> button in the <cite>Select a Certificate Store</cite> window.
<p><br><img src=../images/cert-wizard5-root-final.jpg>
<p>Click the <cite>Finish</cite> button in the <cite>Complete the Certificate..</cite> window.
<p><br><img src=../images/confirm-install-cacert.jpg>
<p>You may be asked to confirm the root certificate installation. Click the <cite>Yes</cite> button if a window like this appears.
<p><br><img src=../images/import-successful.jpg>
<p>Windows confirms the root certificate was successfully imported.<br>
You may now <a href=usercert_install_ie.html>install your personal e-mail certificate</a>.
</h4> <body>
<center>
<h1>Root Certificate Installation for Outlook &amp; Outlook Express</h1>
<h2>A Step-by-Step Guide</h2>
</center><br>
<p><img src="../images/right-click-install-cacert.jpg"></p>
<p>Open the folder which holds the certificates you have downloaded.<br>
Right-click on the certificate you wish to install, and select <cite>Install Certificate</cite> from the context menu.</p>
<p><br>
<img src="../images/cert-wizard1-welcome.jpg"></p>
<p>Click the <cite>Next</cite> button in the <cite>Certificate Wizard</cite> welcome window.</p>
<p><br>
<img src="../images/cert-wizard4-select-store.jpg"></p>
<p>Click the <cite>Next</cite> button in the <cite>Select a Certificate Store</cite> window.</p>
<p><br>
<img src="../images/cert-wizard5-root-final.jpg"></p>
<p>Click the <cite>Finish</cite> button in the <cite>Complete the Certificate..</cite> window.</p>
<p><br>
<img src="../images/confirm-install-cacert.jpg"></p>
<p>You may be asked to confirm the root certificate installation. Click the <cite>Yes</cite> button if a window like this appears.</p>
<p><br>
<img src="../images/import-successful.jpg"></p>
<p>Windows confirms the root certificate was successfully imported.<br>
You may now <a href="usercert_install_ie.html">install your personal e-mail certificate</a>.</p>
</body> </body>
</html> </html>

269
help/glossary.html
View File

@@ -1,144 +1,169 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html> <html>
<head> <head>
<title>PHPki Glossary</title> <title>PHPki Glossary</title>
<link rel='stylesheet' type='text/css' href='../css/style.css'> <link rel='stylesheet' type='text/css' href='../css/style.css'>
</head> </head>
<body> <body>
<a name="TOP" id="TOP"></a> <a name="PKI" id="PKI"></a>
<a name=TOP></a> <table>
<a name=PKI></a><p> <tr>
<table> <th>
<th><h2>PUBLIC KEY INFRASTRUCTURE</h2></th> <h2>PUBLIC KEY INFRASTRUCTURE</h2>
<tr><td> </th>
PKI stands for <cite>Public Key Infrastructure</cite>. PKI is IT infrastructure that enables users of a basically unsecure public network (such as the Internet) to securely and privately exchange data through the use of a public and a private <a href=#KEYS>cryptographic key pair</a> that is obtained and shared through a trusted authority. </tr>
PKI is not only software or hardware. It is an infrastructure. So, PKI is a combination of products, services, facilities, policies, procedures, agreements, and people. All of these elements work together to provide for secure interactions on the Internet and other open networks. PKI is not a single monolithic entity, but a distributed system. The component elements may include multiple organization-specific public key infrastructures that are interoperable and interconnected. <tr>
</td></tr> <td>PKI stands for <cite>Public Key Infrastructure</cite>. PKI is IT infrastructure that enables users of a basically unsecure public network (such as the Internet) to securely and privately exchange data through the use of a public and a private <a href="#KEYS">cryptographic key pair</a> that is obtained and shared through a trusted authority. PKI is not only software or hardware. It is an infrastructure. So, PKI is a combination of products, services, facilities, policies, procedures, agreements, and people. All of these elements work together to provide for secure interactions on the Internet and other open networks. PKI is not a single monolithic entity, but a distributed system. The component elements may include multiple organization-specific public key infrastructures that are interoperable and interconnected.</td>
</table> </tr>
</table><a name="CERTIFICATE" id="CERTIFICATE"></a>
<a name=CERTIFICATE></a><p> <table>
<table> <tr>
<th><h2>DIGITAL CERTIFICATE</h2></th> <th>
<tr><td> <h2>DIGITAL CERTIFICATE</h2>
<p> </th>
An attachment to an electronic message used for security purposes. The most common use of a digital certificate is to verify that a user sending a message is who he or she claims to be, and to provide the receiver with the means to encode a reply. </tr>
<p>An individual wishing to send an encrypted message applies for a digital certificate from a <a href=#CA>Certificate Authority (CA)</a>. The CA issues an encrypted digital certificate containing the applicant's <a href=#KEYS>public key</a> and a variety of other identification information. The CA makes its own public key readily available through print publicity or perhaps on the Internet. <tr>
<td>
<p>An attachment to an electronic message used for security purposes. The most common use of a digital certificate is to verify that a user sending a message is who he or she claims to be, and to provide the receiver with the means to encode a reply.</p>
<p>The recipient of an encrypted message uses the CA's public key to decode the digital certificate attached to the message, verifies it as issued by the CA and then obtains the sender's public key and identification information held within the certificate. With this information, the recipient can send an encrypted reply. <p>An individual wishing to send an encrypted message applies for a digital certificate from a <a href="#CA">Certificate Authority (CA)</a>. The CA issues an encrypted digital certificate containing the applicant's <a href="#KEYS">public key</a> and a variety of other identification information. The CA makes its own public key readily available through print publicity or perhaps on the Internet.</p>
<p>The most widely used standard for digital certificates is X.509. <p>The recipient of an encrypted message uses the CA's public key to decode the digital certificate attached to the message, verifies it as issued by the CA and then obtains the sender's public key and identification information held within the certificate. With this information, the recipient can send an encrypted reply.</p>
</td></tr>
</table>
<a name=CA></a><p> <p>The most widely used standard for digital certificates is X.509.</p>
<table> </td>
<th><h2>CERTIFICATE AUTHORITY</h2></th> </tr>
<tr><td> </table><a name="CA" id="CA"></a>
A trusted third-party organization or company that issues digital certificates used to create digital signatures and <a href=#KEYS>public-private key pairs</a>. The role of the CA in this process is to guarantee that the individual granted the unique certificate is, in fact, who he or she claims to be. Usually, this means that the CA has an arrangement with a financial institution, such as a credit card company, which provides it with information to confirm an individual's claimed identity. CAs are a critical component in data security and electronic commerce because they guarantee that the two parties exchanging information are really who they claim to be.
</td></tr>
</table>
<a name=KEYS></a><p> <table>
<table> <tr>
<th><h2>PUBLIC KEY ENCRYPTION</h2></th> <th>
<tr><td> <h2>CERTIFICATE AUTHORITY</h2>
A cryptographic system that uses two keys -- a public key known to everyone and a private or secret key known only to the recipient of the message. When John wants to send a secure message to Jane, he uses Jane's public key to encrypt the message. Jane then uses her private key to decrypt it. </th>
</tr>
<p>An important element to the public key system is that the public and private keys are related in such a way that only the public key can be used to encrypt messages and only the corresponding private key can be used to decrypt them. Moreover, it is virtually impossible to deduce the private key if you know the public key. <tr>
</td></tr> <td>A trusted third-party organization or company that issues digital certificates used to create digital signatures and <a href="#KEYS">public-private key pairs</a>. The role of the CA in this process is to guarantee that the individual granted the unique certificate is, in fact, who he or she claims to be. Usually, this means that the CA has an arrangement with a financial institution, such as a credit card company, which provides it with information to confirm an individual's claimed identity. CAs are a critical component in data security and electronic commerce because they guarantee that the two parties exchanging information are really who they claim to be.</td>
</table> </tr>
</table><a name="KEYS" id="KEYS"></a>
<a name=SMIME></a><p> <table>
<table> <tr>
<th><h2>S/MIME</h2></th> <th>
<tr><td> <h2>PUBLIC KEY ENCRYPTION</h2>
S/MIME (Secure Multi-Purpose Internet Mail Extensions) is a secure method of sending e-mail that uses the <a href=#RSA>RSA</a> encryption system. S/MIME is included in the latest versions of the Web browsers from Microsoft and Netscape and has also been endorsed by other vendors that make messaging products. RSA has proposed S/MIME as a standard to the Internet Engineering Task Force (IETF). </th>
</td></tr> </tr>
</table>
<a name=RSA></a><p> <tr>
<table> <td>
<th><h2>RSA</h2></th> <p>A cryptographic system that uses two keys -- a public key known to everyone and a private or secret key known only to the recipient of the message. When John wants to send a secure message to Jane, he uses Jane's public key to encrypt the message. Jane then uses her private key to decrypt it.</p>
<tr><td>
RSA is an Internet encryption and authentication system that uses an algorithm developed in 1977 by Ron Rivest, Adi Shamir, and Leonard Adleman. The RSA algorithm is the most commonly used encryption and authentication algorithm and is included as part of the Web browsers from Microsoft and Netscape. It's also part of Lotus Notes, Intuit's Quicken, and many other products. The encryption system was owned by RSA Security, but a recent patent expiration placed it into the public domain. The technologies are part of existing or proposed Web, Internet, and computing standards.
</td></tr>
</table>
<a name=ROOT-CERT></a><p> <p>An important element to the public key system is that the public and private keys are related in such a way that only the public key can be used to encrypt messages and only the corresponding private key can be used to decrypt them. Moreover, it is virtually impossible to deduce the private key if you know the public key.</p>
<table> </td>
<th><h2>ROOT CERTIFICATE</h2></th> </tr>
<tr><td> </table><a name="SMIME" id="SMIME"></a>
A root certificate is like a MASTER
<a href=#CERTIFICATE>digital certificate</a>.
You must install a <a href=#CA>certificate authority's</a> root certificate
before you can trust other certificates issued by that same certificate
authority. Root certificates are used to "sign" other certificates.
A signature by a root certificate is somewhat analogous to "notarizing" a
document in the physical world. When you install a root certificate on your
computer, you are saying you "trust" that certification authority and all
certificates it signs.
</td></tr>
</table>
<a name=SIGNATURE></a><p> <table>
<table> <tr>
<th><h2>DIGITAL SIGNATURE</h2></th> <th>
<tr><td> <h2>S/MIME</h2>
A digital code that can be attached to an electronically transmitted message </th>
that uniquely identifies the sender. Like a written signature, the purpose of </tr>
a digital signature is to guarantee that the individual sending the message
really is who he or she claims to be. Digital certificates inherently provide
digital signature capability to most S/MIME enable e-mail clients. Digitally
signing an e-mail usually provides the recipient the with the sender's public
key, so the recipient may then send encrypted e-mail back to the sender.
</td></tr>
</table>
<a name=X509></a><p> <tr>
<table> <td>S/MIME (Secure Multi-Purpose Internet Mail Extensions) is a secure method of sending e-mail that uses the <a href="#RSA">RSA</a> encryption system. S/MIME is included in the latest versions of the Web browsers from Microsoft and Netscape and has also been endorsed by other vendors that make messaging products. RSA has proposed S/MIME as a standard to the Internet Engineering Task Force (IETF).</td>
<th><h2>X.509</h2></th> </tr>
<tr><td> </table><a name="RSA" id="RSA"></a>
The most widely used standard for defining digital certificates. X.509 is
actually an ITU Recommendation, which means that has not yet been officially
defined or approved. As a result, companies have implemented the standard in
different ways. For example, both Netscape and Microsoft use X.509 certificates
to implement SSL in their web servers and browsers. But an X.509 certificate
generated by Netscape may not be readable by Microsoft products, and vice
versa.
</td></tr>
</table>
<a name=PEM></a><p> <table>
<table> <tr>
<th><h2>PEM</h2></th> <th>
<tr><td> <h2>RSA</h2>
PEM is a widely used standard for storing digital certificates. </th>
A PEM encoded file can contain all of private keys, public keys, and </tr>
<a href=#X509>(x.509)</a> certificates. It is the default format for OpenSSL.
It stores data in Base64 encoded format, surrounded by ascii headers, so it is
suitable for text mode transfers between systems. PEM files usually end with
a <cite>.PEM</cite> extension.
</td></tr>
</table>
<a name=DER></a><p> <tr>
<table> <td>RSA is an Internet encryption and authentication system that uses an algorithm developed in 1977 by Ron Rivest, Adi Shamir, and Leonard Adleman. The RSA algorithm is the most commonly used encryption and authentication algorithm and is included as part of the Web browsers from Microsoft and Netscape. It's also part of Lotus Notes, Intuit's Quicken, and many other products. The encryption system was owned by RSA Security, but a recent patent expiration placed it into the public domain. The technologies are part of existing or proposed Web, Internet, and computing standards.</td>
<th><h2>DER</h2></th> </tr>
<tr><td> </table><a name="ROOT-CERT" id="ROOT-CERT"></a>
DER is a widely used standard for storing digital certificates. A DER encoded
file can contain all of private keys, public keys, and <a href=#X509>(x.509)</a>
certificates. DER is a binary encoded headerless format. DER files usually
end with a <cite>.CRT</cite> or <cite>.CER</cite> extension.
</td></tr>
</table>
<a name=PKCS12></a><p> <table>
<table> <tr>
<th><h2>PKCS #12</h2></th> <th>
<tr><td> <h2>ROOT CERTIFICATE</h2>
PKCS #12 (a.k.a. Personal Information Exchange Standard) is a standard for storing private keys and certificates securely (well sort of). It is used in (among other things) Netscape and Microsoft Internet Explorer with their import and export options. PKCS12 files usually end with a <cite>.PFX</cite> extension. </th>
</td></tr> </tr>
</table>
<br><br></body></html> <tr>
<td>A root certificate is like a MASTER <a href="#CERTIFICATE">digital certificate</a>. You must install a <a href="#CA">certificate authority's</a> root certificate before you can trust other certificates issued by that same certificate authority. Root certificates are used to "sign" other certificates. A signature by a root certificate is somewhat analogous to "notarizing" a document in the physical world. When you install a root certificate on your computer, you are saying you "trust" that certification authority and all certificates it signs.</td>
</tr>
</table><a name="SIGNATURE" id="SIGNATURE"></a>
<table>
<tr>
<th>
<h2>DIGITAL SIGNATURE</h2>
</th>
</tr>
<tr>
<td>A digital code that can be attached to an electronically transmitted message that uniquely identifies the sender. Like a written signature, the purpose of a digital signature is to guarantee that the individual sending the message really is who he or she claims to be. Digital certificates inherently provide digital signature capability to most S/MIME enable e-mail clients. Digitally signing an e-mail usually provides the recipient the with the sender's public key, so the recipient may then send encrypted e-mail back to the sender.</td>
</tr>
</table><a name="X509" id="X509"></a>
<table>
<tr>
<th>
<h2>X.509</h2>
</th>
</tr>
<tr>
<td>The most widely used standard for defining digital certificates. X.509 is actually an ITU Recommendation, which means that has not yet been officially defined or approved. As a result, companies have implemented the standard in different ways. For example, both Netscape and Microsoft use X.509 certificates to implement SSL in their web servers and browsers. But an X.509 certificate generated by Netscape may not be readable by Microsoft products, and vice versa.</td>
</tr>
</table><a name="PEM" id="PEM"></a>
<table>
<tr>
<th>
<h2>PEM</h2>
</th>
</tr>
<tr>
<td>PEM is a widely used standard for storing digital certificates. A PEM encoded file can contain all of private keys, public keys, and <a href="#X509">(x.509)</a> certificates. It is the default format for OpenSSL. It stores data in Base64 encoded format, surrounded by ascii headers, so it is suitable for text mode transfers between systems. PEM files usually end with a <cite>.PEM</cite> extension.</td>
</tr>
</table><a name="DER" id="DER"></a>
<table>
<tr>
<th>
<h2>DER</h2>
</th>
</tr>
<tr>
<td>DER is a widely used standard for storing digital certificates. A DER encoded file can contain all of private keys, public keys, and <a href="#X509">(x.509)</a> certificates. DER is a binary encoded headerless format. DER files usually end with a <cite>.CRT</cite> or <cite>.CER</cite> extension.</td>
</tr>
</table><a name="PKCS12" id="PKCS12"></a>
<table>
<tr>
<th>
<h2>PKCS #12</h2>
</th>
</tr>
<tr>
<td>PKCS #12 (a.k.a. Personal Information Exchange Standard) is a standard for storing private keys and certificates securely (well sort of). It is used in (among other things) Netscape and Microsoft Internet Explorer with their import and export options. PKCS12 files usually end with a <cite>.PFX</cite> extension.</td>
</tr>
</table><br>
<br>
</body>
</html>

79
help/usercert_install_ie.html
View File

@@ -1,40 +1,51 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html> <html>
<head> <head>
<title>Personal E-mail Certificate Installation for Outlook & Outlook Express</title> <title>Personal E-mail Certificate Installation for Outlook &amp; Outlook Express</title>
<link rel='stylesheet' type='text/css' href='../css/style.css'> <link rel='stylesheet' type='text/css' href='../css/style.css'>
</head> </head>
<body>
<center><h1>Personal E-mail Certificate Installation for Outlook & Outlook Express</h1>
<h2>A Step-by-Step Guide</h2></center><br>
<h4>
<p><img src=../images/right-click-install-usercert.jpg>
<p>Open the folder which holds the certificates you have downloaded.<br>
Right-click on the certificate you wish to install, and select
<cite>Install PFX</cite> from the context menu.
<p><br><img src=../images/cert-wizard1-welcome.jpg >
<p>Click the <cite>Next</cite> button in the <cite>Certificate Wizard</cite>
welcome window.
<p><br><img src=../images/cert-wizard2-select-file.jpg>
<p>Click the <cite>Next</cite> button in the <cite>Select File to Import</cite> window.
<p><br><img src=../images/cert-wizard3-password.jpg>
<p>The personal e-mail certificate files created by PHPki contain an encrypted
copy of your private key. When your certficate was created, a password was
given to PHPki to encrypt the private key. The same password is used to
decrypt your private key and install the certificate. Do not forget or lose
this password as it cannot be recovered under any circumstance.
Select the <cite>Enable strong private key protection</cite> option if you
would like Windows to add an additional layer of password protection to use
your certificate. This is not necessary, and will not be covered further here.
There is no need to select the <cite>Mark the private key as exportable</cite>
option. Enter your certificate password and click the <cite>Next</cite> button
in the <cite>Password Protection for Private Keys</cite> window.
<p><br><img src=../images/cert-wizard4-select-store.jpg>
<p>Click the <cite>Next</cite> button in the <cite>Select a Certificate Store</cite> window.
<p><br><img src=../images/cert-wizard5-user-final.jpg>
<p>Click the <cite>Finish</cite> button in the <cite>Complete the Certificate..</cite> window.
<p><br><img src=../images/import-successful.jpg>
<p>Windows confirms the root certificate was successfully imported.<br>
</h4> <body>
<center>
<h1>Personal E-mail Certificate Installation for Outlook &amp; Outlook Express</h1>
<h2>A Step-by-Step Guide</h2>
</center><br>
<p><img src="../images/right-click-install-usercert.jpg"></p>
<p>Open the folder which holds the certificates you have downloaded.<br>
Right-click on the certificate you wish to install, and select <cite>Install PFX</cite> from the context menu.</p>
<p><br>
<img src="../images/cert-wizard1-welcome.jpg"></p>
<p>Click the <cite>Next</cite> button in the <cite>Certificate Wizard</cite> welcome window.</p>
<p><br>
<img src="../images/cert-wizard2-select-file.jpg"></p>
<p>Click the <cite>Next</cite> button in the <cite>Select File to Import</cite> window.</p>
<p><br>
<img src="../images/cert-wizard3-password.jpg"></p>
<p>The personal e-mail certificate files created by PHPki contain an encrypted copy of your private key. When your certficate was created, a password was given to PHPki to encrypt the private key. The same password is used to decrypt your private key and install the certificate. Do not forget or lose this password as it cannot be recovered under any circumstance. Select the <cite>Enable strong private key protection</cite> option if you would like Windows to add an additional layer of password protection to use your certificate. This is not necessary, and will not be covered further here. There is no need to select the <cite>Mark the private key as exportable</cite> option. Enter your certificate password and click the <cite>Next</cite> button in the <cite>Password Protection for Private Keys</cite> window.</p>
<p><br>
<img src="../images/cert-wizard4-select-store.jpg"></p>
<p>Click the <cite>Next</cite> button in the <cite>Select a Certificate Store</cite> window.</p>
<p><br>
<img src="../images/cert-wizard5-user-final.jpg"></p>
<p>Click the <cite>Finish</cite> button in the <cite>Complete the Certificate..</cite> window.</p>
<p><br>
<img src="../images/import-successful.jpg"></p>
<p>Windows confirms the root certificate was successfully imported.<br></p>
</body> </body>
</html> </html>

214
include/common.php
View File

@@ -2,46 +2,48 @@
umask(0007); umask(0007);
if (isset($_SERVER['PHP_AUTH_USER'])) if (isset($_SERVER['PHP_AUTH_USER'])) {
$PHPki_user = md5($_SERVER['PHP_AUTH_USER']); $PHPki_user = md5($_SERVER['PHP_AUTH_USER']);
else } else {
$PHPki_user = md5('default'); $PHPki_user = md5('default');
}
$PHP_SELF = htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, "utf-8"); $PHP_SELF = htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, "utf-8");
function printHeader($withmenu="default") { function printHeader($withmenu = "default")
global $config; {
$title = ($config['header_title']?$config['header_title']:'PHPki Certificate Authority'); global $config;
$title = ($config['header_title']?$config['header_title']:'PHPki Certificate Authority');
switch ($withmenu) { switch ($withmenu) {
case 'public': case 'public':
case 'about': case 'about':
case 'setup': case 'setup':
$style_css = './css/style.css'; $style_css = './css/style.css';
break; break;
case 'ca': case 'ca':
case 'admin': case 'admin':
default: default:
$style_css = '../css/style.css'; $style_css = '../css/style.css';
break; break;
} }
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
header("Expires: -1"); header("Expires: -1");
header("Cache-Control: no-store, no-cache, must-revalidate"); header("Cache-Control: no-store, no-cache, must-revalidate");
header("Cache-Control: post-check=0, pre-check=0", false); header("Cache-Control: post-check=0, pre-check=0", false);
header("Pragma: no-cache"); header("Pragma: no-cache");
?> ?>
<!DOCTYPE html> <!DOCTYPE html>
<head> <head>
<meta charset="utf-8"> <meta charset="utf-8">
<title>PHPki: <?php echo $title?> </title> <title>PHPki: <?php echo $title?> </title>
<link rel="stylesheet" type="text/css" href="<?php echo $style_css?>"> <link rel="stylesheet" type="text/css" href="<?php echo $style_css?>">
<script type="text/javascript" language="javascript"> <script type="text/javascript" language="javascript">
function setVisibility(rowName, show) { function setVisibility(rowName, show) {
// Tabellenzelle ermitteln // Tabellenzelle ermitteln
var actualVisibility=document.getElementById(rowName).style.visibility; var actualVisibility=document.getElementById(rowName).style.visibility;
@@ -53,96 +55,94 @@ function printHeader($withmenu="default") {
document.getElementById(rowName).style.visibility = "visible"; document.getElementById(rowName).style.visibility = "visible";
document.getElementById(rowName).style.display = ""; document.getElementById(rowName).style.display = "";
} }
} }
</script> </script>
</head> </head>
<body> <body>
<?php <?php
if (isKonq()) { if (isKonq()) {
$logoclass = 'logo-konq'; $logoclass = 'logo-konq';
$titleclass = 'title-konq'; $titleclass = 'title-konq';
$menuclass = 'headermenu-konq'; $menuclass = 'headermenu-konq';
} } else {
else { $logoclass = 'logo-ie';
$logoclass = 'logo-ie'; $titleclass = 'title-ie';
$titleclass = 'title-ie'; $menuclass = 'headermenu-ie';
$menuclass = 'headermenu-ie'; }
}
?> ?>
<div class="<?php echo $logoclass?>">PHPki</div> <div class="<?php echo $logoclass?>">PHPki</div>
<div class="<?php echo $titleclass?>"><?php echo $title?></div> <div class="<?php echo $titleclass?>"><?php echo $title?></div>
<?php <?php
switch ($withmenu) { switch ($withmenu) {
case false: case false:
case 'about': case 'about':
break; break;
case 'setup': case 'setup':
?> ?>
<div class="<?php echo $menuclass?>"> <div class="<?php echo $menuclass?>">
<a class="<?php echo $menuclass?>" href="readme.php">ReadMe</a> <a class="<?php echo $menuclass?>" href="readme.php">ReadMe</a>
<a class="<?php echo $menuclass?>" href="setup.php">Setup</a> <a class="<?php echo $menuclass?>" href="setup.php">Setup</a>
<a class="<?php echo $menuclass?>" href="about.php" target="_about">About</a> <a class="<?php echo $menuclass?>" href="about.php" target="_about">About</a>
</div> </div>
<?php <?php
break; break;
case 'public': case 'public':
print "<div class=$menuclass>"; print "<div class=$menuclass>";
if (DEMO) { if (DEMO) {
print "<a class=$menuclass href=\"index.php\">Public</a>"; print "<a class=$menuclass href=\"index.php\">Public</a>";
print "<a class=$menuclass href=\"ca/\">Manage</a>"; print "<a class=$menuclass href=\"ca/\">Manage</a>";
} } else {
else { print "<a class=$menuclass href=\"index.php\">Menu</a>";
print "<a class=$menuclass href=\"index.php\">Menu</a>"; }
}
if (file_exists('policy.html')) { if (file_exists('policy.html')) {
print '<a class='.$menuclass.' style="color: red;" href="policy.html" target="help">Policy</a>'; print '<a class='.$menuclass.' style="color: red;" href="policy.html" target="help">Policy</a>';
} }
?> ?>
<a class="<?php echo $menuclass?>" href="help.php" target="_help">Help</a> <a class="<?php echo $menuclass?>" href="help.php" target="_help">Help</a>
<a class="<?php echo $menuclass?>" href="about.php" target="_about">About</a> <a class="<?php echo $menuclass?>" href="about.php" target="_about">About</a>
</div> </div>
<?php <?php
break; break;
case 'ca': case 'ca':
default: default:
print "<div class=$menuclass>"; print "<div class=$menuclass>";
if (DEMO) { if (DEMO) {
print "<a class=$menuclass href=\"../index.php\">Public</a>"; print "<a class=$menuclass href=\"../index.php\">Public</a>";
print "<a class=$menuclass href=\"../ca/index.php\">Manage</a>"; print "<a class=$menuclass href=\"../ca/index.php\">Manage</a>";
} } else {
else { print "<a class=$menuclass href=\"index.php\">Menu</a>";
print "<a class=$menuclass href=\"index.php\">Menu</a>"; }
}
if (file_exists('../policy.html')) { if (file_exists('../policy.html')) {
print '<a class='.$menuclass.' style="color: red;" href="../policy.html" target="help">Policy</a>'; print '<a class='.$menuclass.' style="color: red;" href="../policy.html" target="help">Policy</a>';
} }
?> ?>
<a class="<?php echo $menuclass?>" href="../help.php" target="_help">Help</a> <a class="<?php echo $menuclass?>" href="../help.php" target="_help">Help</a>
<a class="<?php echo $menuclass?>" href="../about.php" target="_about">About</a> <a class="<?php echo $menuclass?>" href="../about.php" target="_about">About</a>
</div> </div>
<?php <?php
} }
?><hr style="width:99%; align:left; color:#99caff;" /><?php ?><hr style="width:99%; align:left; color:#99caff;" /><?php
} }
function printFooter() { function printFooter()
?> {
<br /> ?>
<hr style="width:99%; color:#99caff;" /> <br />
<p style="margin-top: -5px; font-size: 8pt; text-align:center;">PHPki v<?php echo PHPKI_VERSION?> - Copyright 2003 - William E. Roadcap</p> <hr style="width:99%; color:#99caff;" />
</body> <p style="margin-top: -5px; font-size: 8pt; text-align:center;">PHPki v<?php echo PHPKI_VERSION?> - Copyright 2003 - William E. Roadcap</p>
</html> </body>
<?php </html>
<?php
} }
?> ?>

271
include/my_functions.php
View File

@@ -5,49 +5,57 @@ $PHP_SELF = htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, "utf-8");
# #
# Returns TRUE if browser is Internet Explorer. # Returns TRUE if browser is Internet Explorer.
# #
function isIE() { function isIE()
global $_SERVER; {
return strstr($_SERVER['HTTP_USER_AGENT'], 'MSIE'); global $_SERVER;
return strstr($_SERVER['HTTP_USER_AGENT'], 'MSIE');
} }
function isKonq() { function isKonq()
global $_SERVER; {
return strstr($_SERVER['HTTP_USER_AGENT'], 'Konqueror'); global $_SERVER;
return strstr($_SERVER['HTTP_USER_AGENT'], 'Konqueror');
} }
function isMoz() { function isMoz()
global $_SERVER; {
return strstr($_SERVER['HTTP_USER_AGENT'], 'Gecko'); global $_SERVER;
return strstr($_SERVER['HTTP_USER_AGENT'], 'Gecko');
} }
# #
# Force upload of specified file to browser. # Force upload of specified file to browser.
# #
function upload($source, $destination, $content_type="application/octet-stream") { function upload($source, $destination, $content_type = "application/octet-stream")
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); {
header("Expires: -1"); header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
# header("Cache-Control: no-store, no-cache, must-revalidate"); header("Expires: -1");
# header("Cache-Control: post-check=0, pre-check=0", false); # header("Cache-Control: no-store, no-cache, must-revalidate");
# header("Pragma: no-cache"); # header("Cache-Control: post-check=0, pre-check=0", false);
# header("Pragma: no-cache");
header("Content-Type: $content_type"); header("Content-Type: $content_type");
if (is_array($source)) { if (is_array($source)) {
$fsize = 0; $fsize = 0;
foreach($source as $f) $fsize += filesize($f); foreach ($source as $f) {
} $fsize += filesize($f);
else { }
$fsize = filesize($source); } else {
} $fsize = filesize($source);
}
header("Content-length: " . $fsize); header("Content-length: " . $fsize);
# header("Content-Disposition: attachment; filename=\"" . $destination ."\""); # header("Content-Disposition: attachment; filename=\"" . $destination ."\"");
header("Content-Disposition: filename=\"" . $destination ."\""); header("Content-Disposition: filename=\"" . $destination ."\"");
if (is_array($source)) if (is_array($source)) {
foreach($source as $f) $ret = readfile($f); foreach ($source as $f) {
else $ret = readfile($f);
$ret=readfile($source); }
} else {
$ret=readfile($source);
}
# $fd=fopen($source,'r'); # $fd=fopen($source,'r');
# fpassthru($fd); # fpassthru($fd);
@@ -60,35 +68,51 @@ function upload($source, $destination, $content_type="application/octet-stream")
# by field name. POST fields have precedence over GET fields. # by field name. POST fields have precedence over GET fields.
# Quoting/Slashes are stripped if magic quotes gpc is on. # Quoting/Slashes are stripped if magic quotes gpc is on.
# #
function gpvar($v) { function gpvar($v)
global $_GET, $_POST; {
global $_GET, $_POST;
$x = ""; $x = "";
if (isset($_GET[$v])) $x = $_GET[$v]; if (isset($_GET[$v])) {
if (isset($_POST[$v])) $x = $_POST[$v]; $x = $_GET[$v];
if (get_magic_quotes_gpc()) $x = stripslashes($x); }
return $x; if (isset($_POST[$v])) {
$x = $_POST[$v];
}
if (get_magic_quotes_gpc()) {
$x = stripslashes($x);
}
return $x;
} }
# #
# Sort a two multidimensional array by one of it's columns # Sort a two multidimensional array by one of it's columns
# #
function csort($array, $column, $ascdec=SORT_ASC){ function csort($array, $column, $ascdec = SORT_ASC)
{
if (sizeof($array) == 0) return $array; if (sizeof($array) == 0) {
return $array;
}
// Sort by digital date rather than text date // Sort by digital date rather than text date
if ($column == 'issued') $column = "issuedSort"; if ($column == 'issued') {
if ($column == 'expires') $column = 'expiresSort'; $column = "issuedSort";
}
if ($column == 'expires') {
$column = 'expiresSort';
}
if ($column == 'status') { if ($column == 'status') {
foreach($array as $x) { foreach ($array as $x) {
$sortarr[]=$x[$column]; $sortarr[]=$x[$column];
$sortdate[] = $x['expiresSort']; $sortdate[] = $x['expiresSort'];
} }
array_multisort($sortarr, $ascdec, $sortdate, SORT_ASC, $array); array_multisort($sortarr, $ascdec, $sortdate, SORT_ASC, $array);
} else { } else {
foreach($array as $x) $sortarr[]=$x[$column]; foreach ($array as $x) {
$sortarr[]=$x[$column];
}
array_multisort($sortarr, $ascdec, $array); array_multisort($sortarr, $ascdec, $array);
} }
return $array; return $array;
@@ -99,11 +123,13 @@ function csort($array, $column, $ascdec=SORT_ASC){
# Returns a value suitable for display in the browser. # Returns a value suitable for display in the browser.
# Strips slashes if second argument is true. # Strips slashes if second argument is true.
# #
function htvar($v, $strip=false) { function htvar($v, $strip = false)
if ($strip) {
return htmlentities(stripslashes($v), 0, "UTF-8"); if ($strip) {
else return htmlentities(stripslashes($v), 0, "UTF-8");
return htmlentities($v, 0, "UTF-8"); } else {
return htmlentities($v, 0, "UTF-8");
}
} }
@@ -113,11 +139,13 @@ function htvar($v, $strip=false) {
# provided strings with single-quotes and quotes any # provided strings with single-quotes and quotes any
# other dangerous characters. # other dangerous characters.
# #
function escshellarg($v, $strip=false) { function escshellarg($v, $strip = false)
if ($strip) {
return escapeshellarg(stripslashes($v)); if ($strip) {
else return escapeshellarg(stripslashes($v));
return escapeshellarg($v); } else {
return escapeshellarg($v);
}
} }
@@ -125,93 +153,103 @@ function escshellarg($v, $strip=false) {
# Similar to escshellarg(), but doesn't surround provided # Similar to escshellarg(), but doesn't surround provided
# string with single-quotes. # string with single-quotes.
# #
function escshellcmd($v, $strip=false) { function escshellcmd($v, $strip = false)
if ($strip) {
return escapeshellcmd(stripslashes($v)); if ($strip) {
else return escapeshellcmd(stripslashes($v));
return escapeshellarg($v); } else {
return escapeshellarg($v);
}
} }
# #
# Recursively strips slashes from a string or array. # Recursively strips slashes from a string or array.
# #
function stripslashes_array(&$a) { function stripslashes_array(&$a)
if (is_array($a)) { {
foreach($a as $k => $v) { if (is_array($a)) {
my_stripslashes($a[$k]); foreach ($a as $k => $v) {
} my_stripslashes($a[$k]);
} }
else { } else {
$a = stripslashes($a); $a = stripslashes($a);
} }
} }
# #
# Don't use this. # Don't use this.
# #
function undo_magic_quotes(&$a) { function undo_magic_quotes(&$a)
if(get_magic_quotes_gpc()) { {
global $HTTP_POST_VARS, $HTTP_GET_VARS; if (get_magic_quotes_gpc()) {
global $HTTP_POST_VARS, $HTTP_GET_VARS;
foreach($HTTP_POST_VARS as $k => $v) { foreach ($HTTP_POST_VARS as $k => $v) {
stripslashes_array($HTTP_POST_VARS[$k]); stripslashes_array($HTTP_POST_VARS[$k]);
global $$k; global $$k;
stripslashes_array($$k); stripslashes_array($$k);
} }
foreach($HTTP_GET_VARS as $k => $v) { foreach ($HTTP_GET_VARS as $k => $v) {
stripslashes_array($HTTP_GET_VARS[$k]); stripslashes_array($HTTP_GET_VARS[$k]);
global $$k; global $$k;
stripslashes_array($$k); stripslashes_array($$k);
} }
} }
} }
# #
# Returns TRUE if argument contains only alphabetic characters. # Returns TRUE if argument contains only alphabetic characters.
# #
function is_alpha($v) { function is_alpha($v)
#return (eregi('[^A-Z]',$v) ? false : true) ; {
#return (preg_match('/[^A-Z]'.'/i',$v,PCRE_CASELESS) ? false : true) ; # Replaced eregi() with preg_match() #return (eregi('[^A-Z]',$v) ? false : true) ;
return (preg_match('/[^A-Z]/i',$v) ? false : true) ; #return (preg_match('/[^A-Z]'.'/i',$v,PCRE_CASELESS) ? false : true) ; # Replaced eregi() with preg_match()
return (preg_match('/[^A-Z]/i', $v) ? false : true) ;
} }
# #
# Returns TRUE if argument contains only numeric characters. # Returns TRUE if argument contains only numeric characters.
# #
function is_num($v) { function is_num($v)
#return (eregi('[^0-9]',$v) ? false : true) ; {
return (preg_match('/[^0-9]/',$v) ? false : true) ; # Replaced eregi() with preg_match() #return (eregi('[^0-9]',$v) ? false : true) ;
return (preg_match('/[^0-9]/', $v) ? false : true) ; # Replaced eregi() with preg_match()
} }
# #
# Returns TRUE if argument contains only alphanumeric characters. # Returns TRUE if argument contains only alphanumeric characters.
# #
function is_alnum($v) { function is_alnum($v)
#return (eregi('[^A-Z0-9]',$v) ? false : true) ; {
return (preg_match('/[^A-Z0-9]/i',$v) ? false : true) ; # Replaced eregi() with preg_match() #return (eregi('[^A-Z0-9]',$v) ? false : true) ;
return (preg_match('/[^A-Z0-9]/i', $v) ? false : true) ; # Replaced eregi() with preg_match()
} }
# #
# Returns TRUE if argument is in proper e-mail address format. # Returns TRUE if argument is in proper e-mail address format.
# #
function is_email($v) { function is_email($v)
#return (eregi('^[^@ ]+\@[^@ ]+\.[A-Z]{2,4}$',$v) ? true : false); {
return (preg_match('/^[^@ ]+\@[^@ ]+\.[A-Z]{2,4}$'.'/i',$v) ? true : false); # Replaced eregi() with preg_match() #return (eregi('^[^@ ]+\@[^@ ]+\.[A-Z]{2,4}$',$v) ? true : false);
return (preg_match('/^[^@ ]+\@[^@ ]+\.[A-Z]{2,4}$'.'/i', $v) ? true : false); # Replaced eregi() with preg_match()
} }
# #
# Returns True if the given string is a IP address # Returns True if the given string is a IP address
# #
function is_ip( $ip = null ) { function is_ip($ip = null)
if( !$ip or strlen(trim($ip)) == 0){ {
if (!$ip or strlen(trim($ip)) == 0) {
return false; return false;
} }
$ip=trim($ip); $ip=trim($ip);
if(preg_match("/^[0-9]{1,3}(.[0-9]{1,3}){3}$/",$ip)) { if (preg_match("/^[0-9]{1,3}(.[0-9]{1,3}){3}$/", $ip)) {
foreach(explode(".", $ip) as $block) foreach (explode(".", $ip) as $block) {
if($block<0 || $block>255 ) if ($block<0 || $block>255) {
return false; return false;
}
}
return true; return true;
} }
return false; return false;
@@ -220,9 +258,10 @@ function is_ip( $ip = null ) {
# #
# Returns True if the given string is a valid FQDN # Returns True if the given string is a valid FQDN
# #
function is_fqdn($FQDN) { function is_fqdn($FQDN)
{
// remove leading wildcard characters if exist // remove leading wildcard characters if exist
$FQDN = preg_replace('/^\*\./','', $FQDN, 1); $FQDN = preg_replace('/^\*\./', '', $FQDN, 1);
return (!empty($FQDN) && preg_match('/^(?=.{1,254}$)((?=[a-z0-9-]{1,63}\.)(xn--+)?[a-z0-9]+(-[a-z0-9]+)*\.)+(xn--+)?[a-z0-9]{2,63}$/i', $FQDN) > 0); return (!empty($FQDN) && preg_match('/^(?=.{1,254}$)((?=[a-z0-9-]{1,63}\.)(xn--+)?[a-z0-9]+(-[a-z0-9]+)*\.)+(xn--+)?[a-z0-9]{2,63}$/i', $FQDN) > 0);
} }
@@ -231,26 +270,31 @@ function is_fqdn($FQDN) {
# as a match is found. # as a match is found.
# #
function eregi_array($regexp, $arr) { function eregi_array($regexp, $arr)
{
foreach ($arr as $elem) { foreach ($arr as $elem) {
#if (eregi($regexp,$elem)) #if (eregi($regexp,$elem))
if (! preg_match('/^\/.*\/$/', $regexp)) # if it doesn't begin and end with '/' if (! preg_match('/^\/.*\/$/', $regexp)) { # if it doesn't begin and end with '/'
$regexp = '/'.$regexp.'/'; # pad the $regexp with '/' to prepare for preg_match() $regexp = '/'.$regexp.'/'; # pad the $regexp with '/' to prepare for preg_match()
if (preg_match($regexp.'i',$elem)) # Replaced eregi() with preg_match() }
return true; if (preg_match($regexp.'i', $elem)) { # Replaced eregi() with preg_match()
} return true;
return false; }
}
return false;
} }
# #
# Reads entire file into a string # Reads entire file into a string
# Same as file_get_contents in php >= 4.3.0 # Same as file_get_contents in php >= 4.3.0
# #
function my_file_get_contents($f) { function my_file_get_contents($f)
return implode('', file($f)); {
return implode('', file($f));
} }
function getOSInformation() { function getOSInformation()
{
if (false == function_exists("shell_exec")) { if (false == function_exists("shell_exec")) {
return null; return null;
} }
@@ -261,4 +305,3 @@ function getOSInformation() {
return null; return null;
} }
} }
?>

1088
include/openssl_functions.php
View File

File diff suppressed because it is too large Load Diff

110
main.php
View File

@@ -8,72 +8,66 @@ include('./include/openssl_functions.php');
$stage = gpvar('stage'); $stage = gpvar('stage');
switch($stage) { switch ($stage) {
case 'dl_root':
upload($config['cacert_pem'], $config['ca_prefix'] . "cacert.crt", 'application/x-x509-ca-cert');
break;
case 'dl_root': case 'display_root':
upload($config['cacert_pem'], $config['ca_prefix'] . "cacert.crt", 'application/x-x509-ca-cert'); printHeader('public');
break;
case 'display_root': ?>
printHeader('public'); <center><h2>Root Certificate (PEM Encoded)</h2></center>
<p><pre><?php echo CA_get_root_pem() ?></pre></p>
<p>
<form action="<?php echo $PHP_SELF?>" method="post">
<input type=submit name=submit value="Back to Menu">
</form>
<?php
break;
?> case 'dl_crl':
<center><h2>Root Certificate (PEM Encoded)</h2></center> upload($config['cacrl_der'], $config['ca_prefix'] . "cacrl.crl", 'application/pkix-crl');
<p> break;
<pre><?php echo CA_get_root_pem() ?></pre>
<p>
<form action="<?php echo $PHP_SELF?>" method="post">
<input type=submit name=submit value="Back to Menu">
</form>
<?php
break;
case 'dl_crl': case 'dl_crl_pem':
upload($config['cacrl_der'], $config['ca_prefix'] . "cacrl.crl", 'application/pkix-crl'); upload($config['cacrl_pem'], $config['ca_prefix'] . "cacrl.crl", 'application/octet-stream');
break; break;
case 'dl_crl_pem': default:
upload($config['cacrl_pem'], $config['ca_prefix'] . "cacrl.crl", 'application/octet-stream'); printHeader('public');
break;
default: ?>
printHeader('public'); <br>
<br>
<center>
<table class=menu width=500><th class=menu colspan=2><big>PUBLIC CONTENT MENU<big></th>
<tr>
<td style="text-align: center; vertical-align: middle; font-weight: bold;" width=35%> <a href=search.php>Search for a Certificate</a></td>
<td>Find a digital certificate to download and install in your e-mail or browser application.</td>
</tr>
<tr>
<td style="text-align: center; vertical-align: middle; font-weight: bold;"> <a href=<?php echo $PHP_SELF?>?stage=dl_root>Download Our Root Certificate</a> </td>
<td>You must install our "Root" certificate before you can use any of the certificates issued here. <a href=help.php target=_help>Read the online help</a> to learn more about this.</td>
</tr>
<tr>
<td style="text-align: center; vertical-align: middle; font-weight: bold;"> <a href=<?php echo $PHP_SELF?>?stage=display_root>Display Our Root Certificate (PEM Encoded)</a></td>
<td>This option provides the "Root" certificate PEM encoded text for advanced users to manually install via copy and paste. <a href=help.php target=_help>Read the online help</a> to learn more about this.</td>
<tr>
<td style="text-align: center; vertical-align: middle; font-weight: bold;"> <a href=<?php echo $PHP_SELF?>?stage=dl_crl>Download Our Certificate Revocation List</a></td>
<td>The official list of certificates revoked by this site. Installation and use of this list is optional. Some e-mail programs will reference this list automagically. (<a href="<?php echo $PHP_SELF?>?stage=dl_crl_pem">Some will need it in PEM format.</a>)</td>
</tr>
</table>
</center>
<br>
<br>
?> <?php
<br>
<br>
<center>
<table class=menu width=500><th class=menu colspan=2><big>PUBLIC CONTENT MENU<big></th>
<tr><td style="text-align: center; vertical-align: middle; font-weight: bold;" width=35%>
<a href=search.php>Search for a Certificate</a></td>
<td>Find a digital certificate to download and install in your e-mail or browser application.</td></tr>
<tr><td style="text-align: center; vertical-align: middle; font-weight: bold;">
<a href=<?php echo $PHP_SELF?>?stage=dl_root>Download Our Root Certificate</a></td>
<td>You must install our "Root" certificate before you can use any of the
certificates issued here. <a href=help.php target=_help>Read the online help</a>
to learn more about this.</td></tr>
<tr><td style="text-align: center; vertical-align: middle; font-weight: bold;">
<a href=<?php echo $PHP_SELF?>?stage=display_root>Display Our Root Certificate (PEM Encoded)</a></td>
<td>This option provides the "Root" certificate PEM encoded text for advanced users
to manually install via copy and paste. <a href=help.php target=_help>Read the online help</a>
to learn more about this.</td>
<tr><td style="text-align: center; vertical-align: middle; font-weight: bold;"> printFooter();
<a href=<?php echo $PHP_SELF?>?stage=dl_crl>Download Our Certificate Revocation List</a></td>
<td>The official list of certificates revoked by this site. Installation and use of
this list is optional. Some e-mail programs will reference this list automagically.
(<a href="<?php echo $PHP_SELF?>?stage=dl_crl_pem">Some will need it in PEM format.</a>)</td></tr>
</table>
</center>
<br><br>
<?php
printFooter();
} }
?> ?>

14
ns_revoke_query.php
View File

@@ -7,10 +7,10 @@
# #
# PROTOCOL: # PROTOCOL:
# The client should issue an HTTP GET request using a URL that is # The client should issue an HTTP GET request using a URL that is
# the concatenation of the revocation url and certificate serial # the concatenation of the revocation url and certificate serial
# number. (i.e. http://www.host.dom/phpki/ns_revoke_query.php?10A5F2) # number. (i.e. http://www.host.dom/phpki/ns_revoke_query.php?10A5F2)
# #
# The server should return a document of type # The server should return a document of type
# application/x-netscape-revocation containing a single character # application/x-netscape-revocation containing a single character
# '1' if the certificate is revoked, '0' if it is valid. # '1' if the certificate is revoked, '0' if it is valid.
# #
@@ -25,8 +25,8 @@ $serial = escapeshellcmd(trim($_SERVER['QUERY_STRING']));
$regexp = "^R.*$serial.*$"; $regexp = "^R.*$serial.*$";
$configIndex = $config['index']; $configIndex = $config['index'];
if (exec("egrep '$regexp' '$configIndex'")) if (exec("egrep '$regexp' '$configIndex'")) {
print '1'; print '1';
else } else {
print '0'; print '0';
?> }

17
policy.html
View File

@@ -1,14 +1,15 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 3.2//EN">
<html> <html>
<head> <head>
<title>Certificate Authority Issuer's Statement</title> <title>Certificate Authority Issuer's Statement</title>
</head> </head>
<body> <body>
<h1 align=center>Certificate Authority Issuer's Statement</h2> <h1 align="center">Certificate Authority Issuer's Statement</h1>
<p>
This is a private Limited Liability certificate authority for use by member <p>This is a private Limited Liability certificate authority for use by member non-profit agencies.</p>
non-profit agencies.
<p> <p>Certificate non-repudiation is achieved via identity verification by password authorized certificate managers from each member agency.</p>
Certificate non-repudiation is achieved via identity verification by password
authorized certificate managers from each member agency.
</body> </body>
</html> </html>

1
readme.php
View File

@@ -10,4 +10,3 @@ print '<pre>';
readfile('./README.md'); readfile('./README.md');
print '</pre>'; print '</pre>';
printFooter(); printFooter();
?>

199
search.php
View File

@@ -15,132 +15,137 @@ $show_revoked = gpvar('show_revoked');
$show_expired = gpvar('show_expired'); $show_expired = gpvar('show_expired');
# Force stage back to search form if search string is empty. # Force stage back to search form if search string is empty.
if ($stage == "search" && ! $search) $stage = ""; if ($stage == "search" && ! $search) {
$stage = "";
}
# Force filter to (V)alid certs if no search status is selected. # Force filter to (V)alid certs if no search status is selected.
if ( !($show_valid.$show_revoked.$show_expired) ) $show_valid = 'V'; if (!($show_valid.$show_revoked.$show_expired)) {
$show_valid = 'V';
}
switch ($stage) { switch ($stage) {
case 'display': case 'display':
printHeader('about'); printHeader('about');
print ' print '
<center><h2>Certificate Details</h2></center> <center><h2>Certificate Details</h2></center>
<center><font color=#0000AA><h3>(#'.htvar($serial).')<br>'.htvar(CA_cert_cname($serial).' <'.CA_cert_email($serial).'>').'</h3></font></center>'; <center><font color=#0000AA><h3>(#'.htvar($serial).')<br>'.htvar(CA_cert_cname($serial).' <'.CA_cert_email($serial).'>').'</h3></font></center>';
if ($revoke_date = CAdb_is_revoked($serial)) if ($revoke_date = CAdb_is_revoked($serial)) {
print '<center><font color=red><h2>REVOKED '.htvar($revoke_date).'</h2></font></center>'; print '<center><font color=red><h2>REVOKED '.htvar($revoke_date).'</h2></font></center>';
}
print '<pre>'.htvar(CA_cert_text($serial)).'</pre>'; print '<pre>'.htvar(CA_cert_text($serial)).'</pre>';
break;
case 'download':
$rec = CAdb_get_entry($serial);
upload($config['cert_dir'] . "/$serial.der", $rec['common_name'] . ".cer", 'application/pkix-cert');
break; break;
case 'download_pem': case 'download':
$rec = CAdb_get_entry($serial); $rec = CAdb_get_entry($serial);
upload($config['new_certs_dir'] . "/$serial.pem", $rec['common_name'] . ".pem", 'application/pkix-cert'); upload($config['cert_dir'] . "/$serial.der", $rec['common_name'] . ".cer", 'application/pkix-cert');
break; break;
case 'search': case 'download_pem':
printHeader('public'); $rec = CAdb_get_entry($serial);
upload($config['new_certs_dir'] . "/$serial.pem", $rec['common_name'] . ".pem", 'application/pkix-cert');
break;
$db = CAdb_to_array("^[${show_valid}${show_revoked}${show_expired}].*$search"); case 'search':
printHeader('public');
print '<body onLoad="self.focus();document.form.submit.focus()">'; $db = CAdb_to_array("^[${show_valid}${show_revoked}${show_expired}].*$search");
if (sizeof($db) == 0) {
?>
<center>
<h2>Nothing Found</h2>
<form action="<?php echo htmlentities($_SERVER['SCRIPT_NAME'])?>" method="post" name="form">
<input type=hidden name=search value="<?php echo htvar($search)?>">
<input type=hidden name=show_valid value="<?php echo htvar($show_valid)?>">
<input type=hidden name=show_revoked value="<?php echo htvar($show_revoked)?>">
<input type=hidden name=show_expired value="<?php echo htvar($show_expired)?>">
<input type=submit name=submit value="Go Back">
</form>
</center>
<?php
printFooter();
break;
}
print '<table>'; print '<body onLoad="self.focus();document.form.submit.focus()">';
print '<th colspan=9><big>CERTIFICATE SEARCH RESULTS</big></th>'; if (sizeof($db) == 0) {
?>
<center>
<h2>Nothing Found</h2>
<form action="<?php echo htmlentities($_SERVER['SCRIPT_NAME'])?>" method="post" name="form">
<input type=hidden name=search value="<?php echo htvar($search)?>">
<input type=hidden name=show_valid value="<?php echo htvar($show_valid)?>">
<input type=hidden name=show_revoked value="<?php echo htvar($show_revoked)?>">
<input type=hidden name=show_expired value="<?php echo htvar($show_expired)?>">
<input type=submit name=submit value="Go Back">
</form>
</center>
<?php
printFooter();
break;
}
print '<table>';
print '<th colspan=9><big>CERTIFICATE SEARCH RESULTS</big></th>';
$headings = array( $headings = array(
status=>"Status", issued=>"Issued", expires=>"Expires", status=>"Status", issued=>"Issued", expires=>"Expires",
common_name=>"User's Name", email=>"E-mail", common_name=>"User's Name", email=>"E-mail",
organization=>"Organization", unit=>"Department", organization=>"Organization", unit=>"Department",
locality=>"Locality", province=>"State" locality=>"Locality", province=>"State"
); );
print '<tr>'; print '<tr>';
foreach($headings as $field=>$head) { foreach ($headings as $field => $head) {
print '<th>'.htvar($head). '</th>'; print '<th>'.htvar($head). '</th>';
} }
print '</tr>'; print '</tr>';
foreach($db as $rec) { foreach ($db as $rec) {
$stcolor = array(Valid=>'green',Revoked=>'red',Expired=>'orange'); $stcolor = array(Valid=>'green',Revoked=>'red',Expired=>'orange');
?> ?>
<tr style="font-size: 11px;"> <tr style="font-size: 11px;">
<td style="color: <?php echo $stcolor[$rec['status']]?>; font-weight: bold"><?php echo htvar($rec['status'])?></td> <td style="color: <?php echo $stcolor[$rec['status']]?>; font-weight: bold"><?php echo htvar($rec['status'])?></td>
<td style="white-space: nowrap"><?php echo htvar($rec['issued'])?></td> <td style="white-space: nowrap"><?php echo htvar($rec['issued'])?></td>
<td style="white-space: nowrap"><?php echo htvar($rec['expires'])?></td> <td style="white-space: nowrap"><?php echo htvar($rec['expires'])?></td>
<td><?php echo htvar($rec['common_name'])?></td> <td><?php echo htvar($rec['common_name'])?></td>
<td style="white-space: nowrap"><a href="mailto: <?php echo htvar($rec['common_name']).'<'.htvar($rec['email']).'>' ?> "> <?php echo htvar($rec['email'])?></a></td> <td style="white-space: nowrap"><a href="mailto: <?php echo htvar($rec['common_name']).'<'.htvar($rec['email']).'>' ?> "> <?php echo htvar($rec['email'])?></a></td>
<td><?php echo htvar($rec['organization'])?></td> <td><?php echo htvar($rec['organization'])?></td>
<td><?php echo htvar($rec['unit'])?></td> <td><?php echo htvar($rec['unit'])?></td>
<td><?php echo htvar($rec['locality'])?></td> <td><?php echo htvar($rec['locality'])?></td>
<td><?php echo htvar($rec['province'])?></td> <td><?php echo htvar($rec['province'])?></td>
<td><a href="<?php echo htmlentities($_SERVER['SCRIPT_NAME'])?> ?stage=display&serial=<?php echo htvar($rec['serial'])?>" target=_certdisp><img src=images/display.png alt="Display" title="Display the certificate in excruciating detail"></a> <td><a href="<?php echo htmlentities($_SERVER['SCRIPT_NAME'])?> ?stage=display&serial=<?php echo htvar($rec['serial'])?>" target=_certdisp><img src=images/display.png alt="Display" title="Display the certificate in excruciating detail"></a>
<?php <?php
if ($rec['status'] != 'Revoked') { if ($rec['status'] != 'Revoked') {
?> ?>
<a href="<?php echo htmlentities($_SERVER['SCRIPT_NAME'])?>?stage=download&serial=<?php echo htvar($rec['serial'])?>"><img src=images/download.png alt="Download" title="Download the certificate so that you may send encrypted e-mail"></a> <a href="<?php echo htmlentities($_SERVER['SCRIPT_NAME'])?>?stage=download&serial=<?php echo htvar($rec['serial'])?>"><img src=images/download.png alt="Download" title="Download the certificate so that you may send encrypted e-mail"></a>
<a href="<?php echo htmlentities($_SERVER['SCRIPT_NAME'])?>?stage=download_pem&serial=<?=htvar($rec['serial'])?>"><img src=images/download.png alt="Download (in PEM format)" title="Download in PEM format"></a> <a href="<?php echo htmlentities($_SERVER['SCRIPT_NAME'])?>?stage=download_pem&serial=<?=htvar($rec['serial'])?>"><img src=images/download.png alt="Download (in PEM format)" title="Download in PEM format"></a>
<?php <?php
} }
print '</td></tr>'; print '</td></tr>';
} }
?> ?>
</table> </table>
<form action="<?php echo htmlentities($_SERVER['SCRIPT_NAME'])?>" method="post" name="form"> <form action="<?php echo htmlentities($_SERVER['SCRIPT_NAME'])?>" method="post" name="form">
<input type=submit name=submit value="Another Search"> <input type=submit name=submit value="Another Search">
<input type=hidden name=search value="<?php echo htvar($search)?>"> <input type=hidden name=search value="<?php echo htvar($search)?>">
<input type=hidden name=show_valid value="<?php echo htvar($show_valid)?>"> <input type=hidden name=show_valid value="<?php echo htvar($show_valid)?>">
<input type=hidden name=show_revoked value="<?php echo htvar($show_revoked)?>"> <input type=hidden name=show_revoked value="<?php echo htvar($show_revoked)?>">
<input type=hidden name=show_expired value="<?php echo htvar($show_expired)?>"> <input type=hidden name=show_expired value="<?php echo htvar($show_expired)?>">
</form> </form>
<?php <?php
printFooter(); printFooter();
break; break;
default: default:
printHeader('public'); printHeader('public');
?> ?>
<body onLoad="self.focus();document.search.search.focus();"> <body onLoad="self.focus();document.search.search.focus();">
<center><h2>Certificate Search</h2> <center><h2>Certificate Search</h2>
<form action="<?php echo $PHP_SELF?>" method="post" name="search"> <form action="<?php echo $PHP_SELF?>" method="post" name="search">
<input type=text name=search value="<?php echo htvar($search)?>" maxlength=60 size=40> <input type=text name=search value="<?php echo htvar($search)?>" maxlength=60 size=40>
<input type=submit name=submit value="Find It!"><br> <input type=submit name=submit value="Find It!"><br>
<input type=checkbox name=show_valid value="V" <?php echo ($show_valid?'checked':'')?>>Valid <input type=checkbox name=show_valid value="V" <?php echo ($show_valid?'checked':'')?>>Valid
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<input type=checkbox name=show_revoked value="R" <?php echo ($show_revoked?'checked':'')?>>Revoked &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<input type=checkbox name=show_revoked value="R" <?php echo ($show_revoked?'checked':'')?>>Revoked
&nbsp;&nbsp;&nbsp;&nbsp;<input type=checkbox name=show_expired value="E" <?php echo ($show_expired?'checked':'')?>>Expired &nbsp;&nbsp;&nbsp;&nbsp;<input type=checkbox name=show_expired value="E" <?php echo ($show_expired?'checked':'')?>>Expired
<input type=hidden name=stage value=search> <input type=hidden name=stage value=search>
</form></center> </form></center>
<br><br> <br><br>
<?php <?php
printFooter(); printFooter();
} }
?> ?>