case 'display':
printHeader(false);
?>
<div style="text-align:center"><h2>Certificate Details</h2></div>
<div style="text-align:center"><h3 style="color:#0000AA">(#<?php
echo $serial;
?>
)<br><?php
echo htvar(CA_cert_cname($serial) . ' <' . CA_cert_email($serial) . '>');
?>
</h3></div>
<?php
if ($revoke_date = CAdb_is_revoked($serial)) {
print '<div style="text-align:center"><h2 style="color:red">REVOKED ' . $revoke_date . '</h2></div>';
}
print '<pre>' . CA_cert_text($serial) . '</pre>';
# Added htvar() to sanitize against htmlentities
break;
case 'dl-confirm':
printHeader('ca');
$rec = CAdb_get_entry($serial);
?>
<h3>You are about to download the <font color="red">PRIVATE</font> certificate key for <?php
echo htvar($rec['common_name']) . ' <' . htvar($rec['email']) . '> ';
?>
</h3>
<h3 style="color:red">DO NOT DISTRIBUTE THIS FILE TO THE PUBLIC!</h3>
<form action="<?php
echo $PHP_SELF . '?stage=download&serial=' . $serial . '&' . $qstr_sort . '&' . $qstr_filter;
?>
" method="post">
$stage = "";
}
# Force filter to (V)alid certs if no search status is selected.
if (!($show_valid . $show_revoked . $show_expired)) {
$show_valid = 'V';
}
switch ($stage) {
case display:
printHeader('about');
print '
<center><h2>Certificate Details</h2></center>
<center><font color=#0000AA><h3>(#' . htvar($serial) . ')<br>' . htvar(CA_cert_cname($serial) . ' <' . CA_cert_email($serial) . '>') . '</h3></font></center>';
if ($revoke_date = CAdb_is_revoked($serial)) {
print '<center><font color=red><h2>REVOKED ' . htvar($revoke_date) . '</h2></font></center>';
}
print '<pre>' . htvar(CA_cert_text($serial)) . '</pre>';
break;
case 'download':
$rec = CAdb_get_entry($serial);
upload("{$config['cert_dir']}/{$serial}.der", "{$rec['common_name']} ({$rec['email']}).cer", 'application/pkix-cert');
break;
case search:
printHeader('public');
$db = CAdb_to_array("^[{$show_valid}{$show_revoked}{$show_expired}].*{$search}");
print '<body onLoad="self.focus();document.form.submit.focus()">';
if (sizeof($db) == 0) {
?>
<center>
<h2>Nothing Found</h2>
<form action=<?php
echo $PHP_SELF;
}
//if ( ! is_alnum($passwd) or ! is_alnum($passwdv) )
// $er .= 'Password contains invalid characters.<br>';
if ($email && !is_email($email)) {
$er .= 'E-mail address (' . htvar($email) . ') may be invalid.<br>';
}
if ($country && !is_alpha($country)) {
# Check if country code only contains alphabetic characters
$er .= 'Country code is invalid.';
}
if ($er) {
$er = '<h2>ERROR(S) IN FORM:</h2><h4><blockquote>' . $er . '</blockquote></h4>';
}
if ($email && ($serial = CAdb_in($email, $common_name))) {
$er = '';
$certtext = CA_cert_text($serial);
$er .= '<h2>A valid certificate already exists for ' . htvar("{$common_name} <{$email}>") . '</h2>';
$er .= '</font><blockquote><pre> ' . htvar($certtext) . ' </pre></blockquote>';
}
if ($er) {
printHeader();
?>
<form action="<?php
print $PHP_SELF;
?>
" method="post">
<input class="btn" type="submit" name="submit" value='Go Back'>
<font color=#ff0000><?php
print $er;
?>
function CA_cert_type($serial)
{
$certtext = CA_cert_text($serial);
#if (ereg('OpenSSL.* (E.?mail|Personal) .*Certificate', $certtext) && ereg('Code Signing', $certtest)) {
# $cert_type = 'email_signing';
#}
if (preg_match('OpenSSL.* (E.?mail|Personal) .*Certificate', $certtext) && preg_match('Code Signing', $certtest)) {
$cert_type = 'email_signing';
}
#if (ereg('OpenSSL.* (E.?mail|Personal) .*Certificate', $certtext)) {
# $cert_type = 'email';
#}
if (preg_match('OpenSSL.* (E.?mail|Personal) .*Certificate', $certtext)) {
$cert_type = 'email';
} elseif (preg_match('OpenSSL.* Server .*Certificate', $certtext)) {
$cert_type = 'server';
} elseif (preg_match('timeStamping|Time Stamping', $certtext)) {
$cert_type = 'time_stamping';
} elseif (preg_match('TLS Web Client Authentication', $certtext) && preg_match('TLS Web Server Authentication', $certtext)) {
$cert_type = 'vpn_client_server';
} elseif (preg_match('TLS Web Client Authentication', $certtext)) {
$cert_type = 'vpn_client';
} elseif (preg_match('TLS Web Server Authentication', $certtext)) {
$cert_type = 'vpn_server';
} else {
$cert_type = 'vpn_client_server';
}
return $cert_type;
}
