deprecated/phpki-ng
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Refactor temporary confs

Browse Source
This commit is contained in:
John Crisp
2021-03-03 17:07:53 +01:00
parent e04b3dd35b
commit fbf3170398
1 changed files with 810 additions and 629 deletions
Download Patch File Download Diff File Expand all files Collapse all files

457
setup.php-presetup
View File

@@ -3,7 +3,8 @@ include('./config.php');
include('./include/my_functions.php'); include('./include/my_functions.php');
include('./include/common.php'); include('./include/common.php');
function flush_exec($command, $line_length=200) { function flush_exec($command, $line_length = 200)
{
$handle = popen("$command 2>&1", 'r'); $handle = popen("$command 2>&1", 'r');
$line = ''; $line = '';
@@ -14,8 +15,7 @@ function flush_exec($command, $line_length=200) {
print str_replace("\n", "<br>\n", $line); print str_replace("\n", "<br>\n", $line);
$line = ''; $line = '';
flush(); flush();
} } elseif (strlen($line) > $line_length) {
elseif (strlen($line) > $line_length) {
print $line."<br>\n"; print $line."<br>\n";
$line = ''; $line = '';
flush(); flush();
@@ -69,7 +69,9 @@ $ca_prefix = gpvar('ca_prefix');
$header_title = gpvar('header_title'); $header_title = gpvar('header_title');
$store_dir = gpvar('store_dir'); $store_dir = gpvar('store_dir');
if ($base_url && substr($base_url,-1) != '/') $base_url .= '/'; if ($base_url && substr($base_url, -1) != '/') {
$base_url .= '/';
}
$hidden_fields = ' $hidden_fields = '
<input type=hidden name=country value="' . htvar($country) . '"> <input type=hidden name=country value="' . htvar($country) . '">
@@ -104,18 +106,42 @@ switch ($stage) {
case 'validate': case 'validate':
$er = ''; $er = '';
if (! $country) $er .= 'Missing Country<br>'; if (! $country) {
if (! $province) $er .= 'Missing State/Province<br>'; $er .= 'Missing Country<br>';
if (! $locality) $er .= 'Missing Locality<br>'; }
if (! $organization) $er .= 'Missing Organization<br>'; if (! $province) {
if (! $unit) $er .= 'Missing Unit/Department<br>'; $er .= 'Missing State/Province<br>';
if (! $contact) $er .= 'Missing Contact E-mail Address<br>'; }
if (! $common_name) $er .= 'Missing Common Name<br>'; if (! $locality) {
if (! $passwd) $er .= 'Missing Certificate Password<br>'; $er .= 'Missing Locality<br>';
if (! $passwdv) $er .= 'Missing Certificate Password Verification "Again"<br>'; }
if (! $header_title) $er .= 'Missing Header Title<br>'; if (! $organization) {
if (! $passwd_file) $er .= 'Missing User Password File Location'; $er .= 'Missing Organization<br>';
if (! $store_dir) $er .= 'Missing Storage Directory<br>'; }
if (! $unit) {
$er .= 'Missing Unit/Department<br>';
}
if (! $contact) {
$er .= 'Missing Contact E-mail Address<br>';
}
if (! $common_name) {
$er .= 'Missing Common Name<br>';
}
if (! $passwd) {
$er .= 'Missing Certificate Password<br>';
}
if (! $passwdv) {
$er .= 'Missing Certificate Password Verification "Again"<br>';
}
if (! $header_title) {
$er .= 'Missing Header Title<br>';
}
if (! $passwd_file) {
$er .= 'Missing User Password File Location';
}
if (! $store_dir) {
$er .= 'Missing Storage Directory<br>';
}
$countrycode = strtoupper($country); $countrycode = strtoupper($country);
@@ -123,38 +149,51 @@ case 'validate':
$er .= 'Country Code must be ISO 3166 two letters <br>'; $er .= 'Country Code must be ISO 3166 two letters <br>';
} }
if ( $passwd && strlen($passwd) < 8 ) if ($passwd && strlen($passwd) < 8) {
$er .= 'Certificate password is too short.<br>'; $er .= 'Certificate password is too short.<br>';
}
if ( $passwd and $passwd != $passwdv ) if ($passwd and $passwd != $passwdv) {
$er .= 'Password and password verification do not match.<br>'; $er .= 'Password and password verification do not match.<br>';
}
if ( $contact && ! is_email($contact) ) if ($contact && ! is_email($contact)) {
$er .= 'E-mail address ('. htvar($contact) . ') may be invalid.<br>'; $er .= 'E-mail address ('. htvar($contact) . ') may be invalid.<br>';
}
if (strpos($store_dir,$_SERVER['DOCUMENT_ROOT']) === 0) if (strpos($store_dir, $_SERVER['DOCUMENT_ROOT']) === 0) {
$er .= 'Store directory must exist somewhere outside of DOCUMENT_ROOT ('.$_SERVER['DOCUMENT_ROOT'].').<br>'; $er .= 'Store directory must exist somewhere outside of DOCUMENT_ROOT ('.$_SERVER['DOCUMENT_ROOT'].').<br>';
}
if (strpos($store_dir,dirname($_SERVER['SCRIPT_FILENAME'])) === 0) if (strpos($store_dir, dirname($_SERVER['SCRIPT_FILENAME'])) === 0) {
$er .= 'Store directory cannot exist within the PHPki installation directory ('.dirname($_SERVER['SCRIPT_FILENAME']).').<br>'; $er .= 'Store directory cannot exist within the PHPki installation directory ('.dirname($_SERVER['SCRIPT_FILENAME']).').<br>';
}
if (! $er) { if (! $er) {
if (! file_exists($store_dir)) { if (! file_exists($store_dir)) {
if ( ! mkdir("$store_dir",$store_perms)) $er .= "Could not create the store directory \"$store_dir\"<br>"; if (! mkdir("$store_dir", $store_perms)) {
$er .= "Could not create the store directory \"$store_dir\"<br>";
}
} }
if (file_exists($store_dir)) { if (file_exists($store_dir)) {
if (! chmod($store_dir, $store_perms)) $er .= "Could not change permissions on the store directory \"$store_dir\"<br>"; if (! chmod($store_dir, $store_perms)) {
if (! is_readable($store_dir)) $er .= "The store directory \"$store_dir\" is not readable by the web server user \"$uname\"<br>"; $er .= "Could not change permissions on the store directory \"$store_dir\"<br>";
if (! is_writeable($store_dir)) $er .= "The store directory \"$store_dir\: is not writeable by the web server user \"$uname\"<br>";
} }
else { if (! is_readable($store_dir)) {
$er .= "The store directory \"$store_dir\" is not readable by the web server user \"$uname\"<br>";
}
if (! is_writeable($store_dir)) {
$er .= "The store directory \"$store_dir\: is not writeable by the web server user \"$uname\"<br>";
}
} else {
$er .= "Store directory \"$store_dir\" does not exist. You will have to manually create it as desribed in the setup form.<br>"; $er .= "Store directory \"$store_dir\" does not exist. You will have to manually create it as desribed in the setup form.<br>";
} }
} }
if ( $er ) if ($er) {
$er = '<h2>ERROR(S) IN FORM:</h2><h4><blockquote>' . $er . '</blockquote></h4>'; $er = '<h2>ERROR(S) IN FORM:</h2><h4><blockquote>' . $er . '</blockquote></h4>';
}
if ($er) { if ($er) {
printHeader('setup'); printHeader('setup');
@@ -174,7 +213,6 @@ case 'validate':
} }
case 'write': case 'write':
printHeader('about'); printHeader('about');
# #
@@ -184,15 +222,33 @@ case 'write':
print '<strong>Creating PHPki file store...</strong><br>'; print '<strong>Creating PHPki file store...</strong><br>';
flush(); flush();
if (! file_exists("$store_dir/config")) mkdir("$store_dir/config",$store_perms); if (! file_exists("$store_dir/config")) {
if (! file_exists("$store_dir/tmp")) mkdir("$store_dir/tmp",$store_perms); mkdir("$store_dir/config", $store_perms);
if (! file_exists("$store_dir/CA")) mkdir("$store_dir/CA",$store_perms); }
if (! file_exists("$store_dir/CA/certs")) mkdir("$store_dir/CA/certs",$store_perms); if (! file_exists("$store_dir/tmp")) {
if (! file_exists("$store_dir/CA/private")) mkdir("$store_dir/CA/private",$store_perms); mkdir("$store_dir/tmp", $store_perms);
if (! file_exists("$store_dir/CA/newcerts")) mkdir("$store_dir/CA/newcerts",$store_perms); }
if (! file_exists("$store_dir/CA/requests")) mkdir("$store_dir/CA/requests",$store_perms); if (! file_exists("$store_dir/CA")) {
if (! file_exists("$store_dir/CA/crl")) mkdir("$store_dir/CA/crl",$store_perms); mkdir("$store_dir/CA", $store_perms);
if (! file_exists("$store_dir/CA/pfx")) mkdir("$store_dir/CA/pfx",$store_perms); }
if (! file_exists("$store_dir/CA/certs")) {
mkdir("$store_dir/CA/certs", $store_perms);
}
if (! file_exists("$store_dir/CA/private")) {
mkdir("$store_dir/CA/private", $store_perms);
}
if (! file_exists("$store_dir/CA/newcerts")) {
mkdir("$store_dir/CA/newcerts", $store_perms);
}
if (! file_exists("$store_dir/CA/requests")) {
mkdir("$store_dir/CA/requests", $store_perms);
}
if (! file_exists("$store_dir/CA/crl")) {
mkdir("$store_dir/CA/crl", $store_perms);
}
if (! file_exists("$store_dir/CA/pfx")) {
mkdir("$store_dir/CA/pfx", $store_perms);
}
# #
@@ -337,24 +393,49 @@ EOS;
# CA root certificate, and create a generic openssl.cnf file # CA root certificate, and create a generic openssl.cnf file
# in the CA home # in the CA home
# #
$config_txt1 = <<< EOS
HOME = $config[home_dir] $configHOME = $config['home_dir'];
RANDFILE = $config[random] $configRANDFILE = $config['random'];
dir = $config[ca_dir] $configCa_dir = $config['ca_dir'];
certs = $config[cert_dir] $configCert_dir = $config['cert_dir'];
crl_dir = $config[crl_dir] $configCrl_dir = $config['crl_dir'];
database = $config[index] $configDatabase = $config['index'];
new_certs_dir = $config[new_certs_dir] $configNew_certs_dir = $config['new_certs_dir'];
private_dir = $config[private_dir] $configPrivate_dir = $config['private_dir'];
serial = $config[serial] $configSerial = $config['serial'];
certificate = $config[cacert_pem] $configCacert_pem = $config['cacert_pem'];
crl = $config[cacrl_pem] $configCacrl_pem = $config['cacrl_pem'];
private_key = $config[cakey] $configCakey = $config['cakey'];
crl_extensions = crl_ext $configDefault_md = $config['default_md'];
$configBase_url = $config['base_url'];
$configCrl_dist = $config['crl_distrib'];
$configComment_root = $config['comment_root'];
$configPolicy_url = $config['policy_url'];
$configRevoke_url = $config['revoke_url'];
$configComment_email = $config['comment_email'];
$configComment_sign = $config['comment_sign'];
$configComment_srv = $config['comment_srv'];
$config_txt1 = "
HOME = $configHOME
RANDFILE = $configRANDFILE
dir = $configCa_dir
certs = $configCert_dir
crl_dir = $configCrl_dir
database = $configDatabase
new_certs_dir = $configNew_certs_dir
private_dir = $configPrivate_dir
serial = $configSerial
certificate = $configCacert_pem
crl = $configCacrl_pem
private_key = $configCakey
crl_extentions = crl_ext
default_days = 365 default_days = 365
default_crl_days = 30 default_crl_days = 30
preserve = no preserve = no
default_md = $config[default_md] default_md = $configDefault_md
[ ca ] [ ca ]
default_ca = email_cert default_ca = email_cert
@@ -404,10 +485,10 @@ keyUsage = cRLSign, keyCertSign
nsCertType = sslCA, emailCA, objCA nsCertType = sslCA, emailCA, objCA
subjectKeyIdentifier = hash subjectKeyIdentifier = hash
subjectAltName = email:copy subjectAltName = email:copy
crlDistributionPoints = URI:$config[base_url]$config[crl_distrib] crlDistributionPoints = URI:$configBase_url$configCrl_dist
nsComment = $config[comment_root] nsComment = $configComment_root
#nsCaRevocationUrl = #nsCaRevocationUrl =
nsCaPolicyUrl = $config[base_url]$config[policy_url] nsCaPolicyUrl = $configBase_url$configPolicy_url
[ email_ext ] [ email_ext ]
basicConstraints = critical, CA:false basicConstraints = critical, CA:false
@@ -418,12 +499,12 @@ subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always, issuer:always authorityKeyIdentifier = keyid:always, issuer:always
subjectAltName = email:copy subjectAltName = email:copy
issuerAltName = issuer:copy issuerAltName = issuer:copy
crlDistributionPoints = URI:$config[base_url]$config[crl_distrib] crlDistributionPoints = URI:$configBase_url$configCrl_dist
nsComment = $config[comment_email] nsComment = $configComment_email
nsBaseUrl = $config[base_url] nsBaseUrl = $configBase_url
nsRevocationUrl = $config[revoke_url] nsRevocationUrl = $configRevoke_url
#nsRenewalUrl = #nsRenewalUrl =
nsCaPolicyUrl = $config[base_url]$config[policy_url] nsCaPolicyUrl = $configBase_url$configPolicy_url
#nsSslServerName = #nsSslServerName =
[ email_signing_ext ] [ email_signing_ext ]
@@ -435,28 +516,28 @@ subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always, issuer:always authorityKeyIdentifier = keyid:always, issuer:always
subjectAltName = email:copy subjectAltName = email:copy
issuerAltName = issuer:copy issuerAltName = issuer:copy
crlDistributionPoints = URI:$config[base_url]$config[crl_distrib] crlDistributionPoints = URI:$configBase_url$configCrl_dist
nsComment = $config[comment_sign] nsComment = $configComment_sign
nsBaseUrl = $config[base_url] nsBaseUrl = $configBase_url
nsRevocationUrl = $config[revoke_url] nsRevocationUrl = $configRevoke_url
#nsRenewalUrl = #nsRenewalUrl =
nsCaPolicyUrl = $config[base_url]$config[policy_url] nsCaPolicyUrl = $configBase_url$configPolicy_url
#nsSslServerName = #nsSslServerName =
[ server_ext ] [ server_ext ]
basicConstraints = CA:false basicConstraints = critical, CA:false
keyUsage = critical, digitalSignature, keyEncipherment keyUsage = critical, digitalSignature, keyEncipherment
nsCertType = critical, server nsCertType = server
extendedKeyUsage = critical, serverAuth, 1.3.6.1.5.5.7.3.1 extendedKeyUsage = critical, serverAuth
subjectKeyIdentifier = hash subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always, issuer:always authorityKeyIdentifier = keyid:always, issuer:always
subjectAltName = DNS:$common_name,email:copy subjectAltName = $server_altnames
issuerAltName = issuer:copy issuerAltName = issuer:copy
crlDistributionPoints = URI:$config[base_url]$config[crl_distrib] crlDistributionPoints = URI:$configBase_url$configCrl_dist
nsComment = $config[comment_srv] nsComment = $configComment_srv
nsBaseUrl = $config[base_url] nsBaseUrl = $configBase_url
nsRevocationUrl = $config[revoke_url] nsRevocationUrl = $configRevoke_url
nsCaPolicyUrl = $config[base_url]$config[policy_url] nsCaPolicyUrl = $configBase_url$configPolicy_url
[ time_stamping_ext ] [ time_stamping_ext ]
basicConstraints = CA:false basicConstraints = CA:false
@@ -466,11 +547,11 @@ subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always, issuer:always authorityKeyIdentifier = keyid:always, issuer:always
subjectAltName = DNS:$common_name,email:copy subjectAltName = DNS:$common_name,email:copy
issuerAltName = issuer:copy issuerAltName = issuer:copy
crlDistributionPoints = URI:$config[base_url]$config[crl_distrib] crlDistributionPoints = URI:$configBase_url$configCrl_dist
nsComment = $config[comment_stamp] nsComment = $config[comment_stamp]
nsBaseUrl = $config[base_url] nsBaseUrl = $configBase_url
nsRevocationUrl = $config[revoke_url] nsRevocationUrl = $configRevoke_url
nsCaPolicyUrl = $config[base_url]$config[policy_url] nsCaPolicyUrl = $configBase_url$configPolicy_url
[ vpn_client_ext ] [ vpn_client_ext ]
basicConstraints = critical, CA:false basicConstraints = critical, CA:false
@@ -499,12 +580,12 @@ subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always, issuer:always authorityKeyIdentifier = keyid:always, issuer:always
subjectAltName = DNS:$common_name,email:copy subjectAltName = DNS:$common_name,email:copy
[ crl_ext ] [ crl_ext ]
issuerAltName=issuer:copy issuerAltName=issuer:copy
authorityKeyIdentifier=keyid:always,issuer:always authorityKeyIdentifier=keyid:always,issuer:always
";
EOS;
$config_txt2 = <<< EOS $config_txt2 = <<< EOS
[ req ] [ req ]
@@ -545,6 +626,14 @@ basicConstraints = critical, CA:false
EOS; EOS;
$configCountry = $config['country'];
$configProvince = $config['province'];
$configLocality = $config['locality'];
$configOrganization = $config['organization'];
$configUnit = $config['unit'];
$configCommon_name = $config['common_name'];
$configEmailaddress = $config['contact'];
$config_txt3 = <<< EOS $config_txt3 = <<< EOS
[ req ] [ req ]
default_bits = 2048 default_bits = 2048
@@ -555,13 +644,13 @@ req_extensions = req_ext
prompt = no prompt = no
[ req_name ] [ req_name ]
C = $config[country] C = $configCountry
ST = $config[province] ST = $configProvince
L = $config[locality] L = $configLocality
O = $config[organization] O = $configOrganization
OU = $config[unit] OU = $configUnit
CN = $config[common_name] CN = $configCommon_name
emailAddress = $config[contact] emailAddress = $configEmailaddress
[ req_ext ] [ req_ext ]
basicConstraints = critical, CA:true basicConstraints = critical, CA:true
@@ -579,7 +668,8 @@ EOS;
# #
# Write the temporary OpenSSL config # Write the temporary OpenSSL config
# #
$tmp_cnf = "$config[home_dir]/tmp/openssl.cnf"; $configHome_dir = $config['home_dir'];
$tmp_cnf = "$configHome_dir/tmp/openssl.cnf";
$fd = fopen($tmp_cnf, 'w'); $fd = fopen($tmp_cnf, 'w');
fwrite($fd, $config_txt1 . $config_txt3); fwrite($fd, $config_txt1 . $config_txt3);
fclose($fd); fclose($fd);
@@ -600,14 +690,23 @@ EOS;
# #
$days = $config['expiry'] * 365.25; $days = $config['expiry'] * 365.25;
# #
# Create a new self-signed CA certificate in PEM format. # Create a new self-signed CA certificate in PEM format.
# #
print '<strong>Creating root certificate...</strong><br>'; print '<strong>Creating root certificate...</strong><br>';
flush(); flush();
$configOpenssl_cnf = $config['openssl_cnf'];
$configPrivate_dir = $config['private_dir'];
$configCacert_pem = $config['cacert_pem'];
$configCa_pwd = $config['ca_pwd'];
$configCakey = $config['cakey'];
$configRandom = $config['random'];
$configCacrl_der = $config['cacrl_der'];
$configCacrl_pem = $config['cacrl_pem'];
// .rnd created here // .rnd created here
exec(REQ . " -x509 -config $tmp_cnf -extensions root_ext -newkey rsa:$keysize -keyout $config[cakey] -out $config[cacert_pem] -passout pass:'$config[ca_pwd]' -days $days 2>&1"); exec(REQ . " -x509 -config $tmp_cnf -extensions root_ext -newkey rsa:$keysize -keyout $configCakey -out $configCacert_pem -passout pass:'$configCa_pwd' -days $days 2>&1");
# **** DISABLED ***** # **** DISABLED *****
# It appears that both IE and Netscape accept PEM formatted root certificates # It appears that both IE and Netscape accept PEM formatted root certificates
@@ -621,16 +720,18 @@ EOS;
# #
print '<strong>Generating certificate revocation list...</strong><br>'; print '<strong>Generating certificate revocation list...</strong><br>';
flush(); flush();
exec(CA . " -gencrl -config $config[openssl_cnf] -out $config[cacrl_pem] -passin pass:'$config[ca_pwd]'"); exec(CA . " -gencrl -config $configOpenssl_cnf -out $configCacrl_pem -passin pass:'$configCa_pwd'");
# Make a copy of the CRL in DER format. # Make a copy of the CRL in DER format.
# #
exec(CRL . " -in $config[cacrl_pem] -out $config[cacrl_der] -inform PEM -outform DER"); exec(CRL . " -in $configCacrl_pem -out $configCarcrl_der -inform PEM -outform DER");
# #
# Clean up. # Clean up.
# #
if (! unlink("$store_dir/tmp/openssl.cnf")) print "Can't unlink $store_dir/tmp/openssl.cnf"; if (! unlink("$store_dir/tmp/openssl.cnf")) {
print "Can't unlink $store_dir/tmp/openssl.cnf";
}
# #
# Create dhparam files for OpenVPN and others. # Create dhparam files for OpenVPN and others.
@@ -650,7 +751,7 @@ EOS;
print '<p><strong>Creating 2048 bit Diffie-Hellman parameters used by OpenVPN.<br>'; print '<p><strong>Creating 2048 bit Diffie-Hellman parameters used by OpenVPN.<br>';
print "Saving to $store_dir/dhparam2048.pem.</strong><br>"; print "Saving to $store_dir/dhparam2048.pem.</strong><br>";
$cmd = "openssl dhparam -rand '$config[random]' -out '$config[private_dir]/dhparam2048.pem' 2048"; $cmd = "openssl dhparam -rand '$configRandom' -out '$configPrivate_dir/dhparam2048.pem' 2048";
print $cmd.'<br>'; print $cmd.'<br>';
flush(); flush();
flush_exec($cmd, 200); flush_exec($cmd, 200);
@@ -664,17 +765,16 @@ EOS;
$command = escapeshellcmd($command); $command = escapeshellcmd($command);
if (system($command) == '/usr/sbin/openvpn') { if (system($command) == '/usr/sbin/openvpn') {
print '<p><strong>Creating a TLS authentication key used by OpenVPN.<br>'; print '<p><strong>Creating a TLS authentication key used by OpenVPN.<br>';
print "Saving to $store_dir/takey.pem.</strong><br>"; print "Saving to $store_dir/takey.pem.</strong><br>";
$cmd = "openvpn --genkey --secret '$config[private_dir]/takey.pem'"; $cmd = "openvpn --genkey --secret '$configPrivate_dir/takey.pem'";
print $cmd.'<br>'; print $cmd.'<br>';
flush(); flush();
flush_exec($cmd); flush_exec($cmd);
} else { } else {
echo "openvpn is required to generate a takey.pem<br>"; echo "openvpn is required to generate a takey.pem<br>";
echo "You can create one later like this:<br>"; echo "You can create one later like this:<br>";
echo "openvpn --genkey --secret". $config['private_dir'] . "/takey.pem<br>"; echo "openvpn --genkey --secret". $configPrivate_dir . "/takey.pem<br>";
} }
@@ -682,11 +782,21 @@ EOS;
# #
# Step aside and let the users in (create index.php files). # Step aside and let the users in (create index.php files).
# #
if (! unlink('index.php')) print "Can't unlink index.php"; if (! unlink('index.php')) {
if (! unlink('setup.php')) print "Can't unlink setup.php";; print "Can't unlink index.php";
if (! unlink('ca/index.php')) print "Can't unlink ca/index.php"; }
if (! symlink('main.php','index.php')) print "Can't symlink main.php"; if (! unlink('setup.php')) {
if (! symlink('main.php','ca/index.php')) print "Can't symlink ca/main.php"; print "Can't unlink setup.php";
};
if (! unlink('ca/index.php')) {
print "Can't unlink ca/index.php";
}
if (! symlink('main.php', 'index.php')) {
print "Can't symlink main.php";
}
if (! symlink('main.php', 'ca/index.php')) {
print "Can't symlink ca/main.php";
}
?> ?>
<center> <center>
@@ -706,26 +816,59 @@ EOS;
break; break;
default: default:
if (! $country) $country = $config['country']; if (! $country) {
if (! $province) $province = $config['province']; $country = $config['country'];
if (! $locality) $locality = $config['locality']; }
if (! $organization) $organization = $config['organization']; if (! $province) {
if (! $contact) $contact = $config['contact']; $province = $config['province'];
if (! $expiry) $expiry = $config['expiry']; }
if (! $expiry) $expiry = 10; if (! $locality) {
if (! $keysize) $keysize = $config['keysize']; $locality = $config['locality'];
if (! $keysize) $keysize = 2048; }
if (! $passwd) $passwd = $config['ca_pwd']; if (! $organization) {
if (! $passwdv) $passwdv = $passwd; $organization = $config['organization'];
}
if (! $contact) {
$contact = $config['contact'];
}
if (! $expiry) {
$expiry = $config['expiry'];
}
if (! $expiry) {
$expiry = 10;
}
if (! $keysize) {
$keysize = $config['keysize'];
}
if (! $keysize) {
$keysize = 2048;
}
if (! $passwd) {
$passwd = $config['ca_pwd'];
}
if (! $passwdv) {
$passwdv = $passwd;
}
if (! $unit) $unit = $config['unit']; if (! $unit) {
if (! $unit) $unit = "Certificate Authority"; $unit = $config['unit'];
}
if (! $unit) {
$unit = "Certificate Authority";
}
if (! $common_name) $common_name = $config['common_name']; if (! $common_name) {
if (! $common_name) $common_name = "PHPki Certificate Authority"; $common_name = $config['common_name'];
}
if (! $common_name) {
$common_name = "PHPki Certificate Authority";
}
if (! $getting_help) $getting_help = $config['getting_help']; if (! $getting_help) {
if (! $getting_help) $getting_help = ' $getting_help = $config['getting_help'];
}
if (! $getting_help) {
$getting_help = '
<b>Contact:</b><br> <b>Contact:</b><br>
First-Name Last-Name<br> First-Name Last-Name<br>
Company/Organization Name<br> Company/Organization Name<br>
@@ -735,32 +878,69 @@ City, State, ZipCode<br>
<br> <br>
Phone: (000) 000-0000<br> Phone: (000) 000-0000<br>
E-mail: <a href=mailto:someone@somewhere.com>someone@somewhere.com</a>&nbsp;&nbsp;&nbsp;<i><b>E-mail is preferred.</b></i><br>'; E-mail: <a href=mailto:someone@somewhere.com>someone@somewhere.com</a>&nbsp;&nbsp;&nbsp;<i><b>E-mail is preferred.</b></i><br>';
}
if (! $store_dir) $store_dir = dirname($_SERVER['DOCUMENT_ROOT']).'/phpki-store'; if (! $store_dir) {
$store_dir = dirname($_SERVER['DOCUMENT_ROOT']).'/phpki-store';
}
if (! $base_url) $base_url = $config['base_url']; if (! $base_url) {
if (! $base_url) $base_url = 'http://www.somewhere.com/phpki/'; $base_url = $config['base_url'];
}
if (! $base_url) {
$base_url = 'http://www.somewhere.com/phpki/';
}
if (! $crl_distrib) $crl_distrib = 'index.php?stage=dl_crl'; if (! $crl_distrib) {
if (! $revoke_url) $revoke_url = 'ns_revoke_query.php?'; $crl_distrib = 'index.php?stage=dl_crl';
if (! $policy_url) $policy_url = 'policy.html'; }
if (! $revoke_url) {
$revoke_url = 'ns_revoke_query.php?';
}
if (! $policy_url) {
$policy_url = 'policy.html';
}
if (! $comment_root) $comment_root = 'PHPki/OpenSSL Generated Root Certificate Authority'; if (! $comment_root) {
if (! $comment_email) $comment_email = 'PHPki/OpenSSL Generated Personal Certificate'; $comment_root = 'PHPki/OpenSSL Generated Root Certificate Authority';
if (! $comment_sign) $comment_sign = 'PHPki/OpenSSL Generated Personal Certificate'; }
if (! $comment_srv) $comment_srv = 'PHPki/OpenSSL Generated Secure Server Certificate'; if (! $comment_email) {
if (! $comment_stamp) $comment_stamp = 'PHPki/OpenSSL Generated Time Stamping Certificate'; $comment_email = 'PHPki/OpenSSL Generated Personal Certificate';
}
if (! $comment_sign) {
$comment_sign = 'PHPki/OpenSSL Generated Personal Certificate';
}
if (! $comment_srv) {
$comment_srv = 'PHPki/OpenSSL Generated Secure Server Certificate';
}
if (! $comment_stamp) {
$comment_stamp = 'PHPki/OpenSSL Generated Time Stamping Certificate';
}
if (! $ca_prefix) $ca_prefix = $config['ca_prefix']; if (! $ca_prefix) {
$ca_prefix = $config['ca_prefix'];
}
if (! $openssl_bin) $openssl_bin = $config['openssl_bin']; if (! $openssl_bin) {
if (! $openssl_bin) $openssl_bin = '/usr/bin/openssl'; $openssl_bin = $config['openssl_bin'];
}
if (! $openssl_bin) {
$openssl_bin = '/usr/bin/openssl';
}
if (! $passwd_file) $passwd_file = $config['passwd_file']; if (! $passwd_file) {
if (! $passwd_file) $passwd_file = dirname($_SERVER['DOCUMENT_ROOT']).'/phpkipasswd'; $passwd_file = $config['passwd_file'];
}
if (! $passwd_file) {
$passwd_file = dirname($_SERVER['DOCUMENT_ROOT']).'/phpkipasswd';
}
if (! $header_title) $header_title = $config['header_title']; if (! $header_title) {
if (! $header_title) $header_title = 'Certificate Authority'; $header_title = $config['header_title'];
}
if (! $header_title) {
$header_title = 'Certificate Authority';
}
printHeader('setup'); printHeader('setup');
?> ?>
@@ -1051,6 +1231,7 @@ E-mail: <a href=mailto:someone@somewhere.com>someone@somewhere.com</a>&nbsp;&nbs
break; break;
} }
function create_ca_cnf($email, $expiry) { function create_ca_cnf($email, $expiry)
{
} }
?> ?>