function ca_inter_create(&$ca, $keylen, $lifetime, $dn, $caref, $digest_alg = 'sha256')
{
// Create Intermediate Certificate Authority
$signing_ca =& lookup_ca($caref);
if (!$signing_ca) {
return false;
}
$signing_ca_res_crt = openssl_x509_read(base64_decode($signing_ca['crt']));
$signing_ca_res_key = openssl_pkey_get_private(array(0 => base64_decode($signing_ca['prv']), 1 => ""));
if (!$signing_ca_res_crt || !$signing_ca_res_key) {
return false;
}
$signing_ca_serial = ++$signing_ca['serial'];
$args = array('config' => '/usr/local/etc/ssl/opnsense.cnf', 'private_key_type' => OPENSSL_KEYTYPE_RSA, 'private_key_bits' => (int) $keylen, 'x509_extensions' => 'v3_ca', 'digest_alg' => $digest_alg, 'encrypt_key' => false);
// generate a new key pair
$res_key = openssl_pkey_new($args);
if (!$res_key) {
return false;
}
// generate a certificate signing request
$res_csr = openssl_csr_new($dn, $res_key, $args);
if (!$res_csr) {
return false;
}
// Sign the certificate
$res_crt = openssl_csr_sign($res_csr, $signing_ca_res_crt, $signing_ca_res_key, $lifetime, $args, $signing_ca_serial);
if (!$res_crt) {
return false;
}
// export our certificate data
if (!openssl_pkey_export($res_key, $str_key) || !openssl_x509_export($res_crt, $str_crt)) {
return false;
}
// return our ca information
$ca['crt'] = base64_encode($str_crt);
$ca['caref'] = $caref;
$ca['prv'] = base64_encode($str_key);
$ca['serial'] = 0;
return true;
}
echo gettext("Server Certificate");
?>
</td>
<td>
<?php
if (isset($config['cert'])) {
?>
<select name='certref' class="form-control">
<?php
foreach ($config['cert'] as $cert) {
$selected = "";
$caname = "";
$inuse = "";
$revoked = "";
if (isset($cert['caref'])) {
$ca = lookup_ca($cert['caref']);
if (!empty($ca)) {
$caname = " (CA: {$ca['descr']})";
}
}
if ($pconfig['certref'] == $cert['refid']) {
$selected = "selected=\"selected\"";
}
if (cert_in_use($cert['refid'])) {
$inuse = " *In Use";
}
if (is_cert_revoked($cert)) {
$revoked = " *Revoked";
}
?>
<option value="<?php
<tbody>
<?php
foreach ($a_ca as $i => $ca) {
$name = htmlspecialchars($ca['descr']);
$subj = cert_get_subject($ca['crt']);
$issuer = cert_get_issuer($ca['crt']);
list($startdate, $enddate) = cert_get_dates($ca['crt']);
if ($subj == $issuer) {
$issuer_name = gettext("self-signed");
} else {
$issuer_name = gettext("external");
}
$subj = htmlspecialchars($subj);
$issuer = htmlspecialchars($issuer);
$certcount = 0;
$issuer_ca = lookup_ca($ca['caref']);
if ($issuer_ca) {
$issuer_name = $issuer_ca['descr'];
}
foreach ($a_cert as $cert) {
if ($cert['caref'] == $ca['refid']) {
$certcount++;
}
}
foreach ($a_ca as $cert) {
if ($cert['caref'] == $ca['refid']) {
$certcount++;
}
}
?>
<tr>
function build_cert_table()
{
global $a_user, $id;
$certhtml = '<div class="table-responsive">';
$certhtml .= '<table class="table table-striped table-hover table-condensed">';
$certhtml .= '<thead>';
$certhtml .= '<tr>';
$certhtml .= '<th>' . gettext('Name') . '</th>';
$certhtml .= '<th>' . gettext('CA') . '</th>';
$certhtml .= '<th></th>';
$certhtml .= '</tr>';
$certhtml .= '</thead>';
$certhtml .= '<tbody>';
$a_cert = $a_user[$id]['cert'];
if (is_array($a_cert)) {
$i = 0;
foreach ($a_cert as $certref) {
$cert = lookup_cert($certref);
$ca = lookup_ca($cert['caref']);
$revokedstr = is_cert_revoked($cert) ? '<b> Revoked</b>' : '';
$certhtml .= '<tr>';
$certhtml .= '<td>' . htmlspecialchars($cert['descr']) . $revokedstr . '</td>';
$certhtml .= '<td>' . htmlspecialchars($ca['descr']) . '</td>';
$certhtml .= '<td>';
$certhtml .= '<a id="delcert' . $i . '" class="fa fa-trash no-confirm icon-pointer" title="';
$certhtml .= gettext('Remove this certificate association? (Certificate will not be deleted)') . '"></a>';
$certhtml .= '</td>';
$certhtml .= '</tr>';
$i++;
}
}
$certhtml .= '</tbody>';
$certhtml .= '</table>';
$certhtml .= '</div>';
$certhtml .= '<nav class="action-buttons">';
$certhtml .= '<a href="system_certmanager.php?act=new&userid=' . $id . '" class="btn btn-success">' . gettext("Add") . '</a>';
$certhtml .= '</nav>';
return $certhtml;
}
function build_cert_list()
{
global $a_cert;
$list = array('' => 'None (Username and/or Password required)');
foreach ($a_cert as $cert) {
$caname = "";
$inuse = "";
$revoked = "";
$ca = lookup_ca($cert['caref']);
if ($ca) {
$caname = " (CA: {$ca['descr']})";
}
if ($pconfig['certref'] == $cert['refid']) {
$selected = "selected=\"selected\"";
}
if (cert_in_use($cert['refid'])) {
$inuse = " *In Use";
}
if (is_cert_revoked($cert)) {
$revoked = " *Revoked";
}
$list[$cert['refid']] = $cert['descr'] . $caname . $inuse . $revoked;
}
return $list;
}
