public function process()
{
if (CS::getSessionKey('hasAcceptedAUP') !== true) {
Framework::error_output($this->translateTag("l10n_err_aupagreement", "processcsr"));
return;
}
if (isset($this->authKey)) {
/* redirect the user to the certificate download page */
header("Location: download_certificate.php");
exit(0);
} else {
if (isset($this->csr)) {
$this->tpl->assign('csrInspect', true);
$this->tpl->assign('subject', $this->csr->getSubject());
$this->tpl->assign('uploadedDate', $this->csr->getUploadedDate());
$this->tpl->assign('uploadedFromIP', $this->csr->getUploadedFromIP());
$this->tpl->assign('authToken', $this->csr->getAuthToken());
$this->tpl->assign('length', $this->csr->getLength());
$this->tpl->assign('legendTitle', $this->translateTag('l10n_legend_pastedcsr', 'processcsr'));
$this->tpl->assign('finalDN', $this->ca->getFullDN());
$this->tpl->assign('content', $this->tpl->fetch('upload_csr.tpl'));
} else {
Framework::error_output($this->translateTag('l10n_err_procuploaded', 'processcsr'));
}
}
}
function process()
{
if (CS::getSessionKey('hasAcceptedAUP') !== true) {
Framework::error_output($this->translateTag("l10n_err_aupagreement", "processcsr"));
return;
}
$user_cert_enabled = $this->person->testEntitlementAttribute(Config::get_config('entitlement_user'));
$this->tpl->assign('email_status', $this->person->getNREN()->getEnableEmail());
$this->tpl->assign('user_cert_enabled', $user_cert_enabled);
$this->tpl->assign('content', $this->tpl->fetch('select_email.tpl'));
}
public function process()
{
if (Config::get_config('cert_product') == PRD_PERSONAL) {
$this->tpl->assign('cps', ConfusaConstants::$LINK_PERSONAL_CPS);
} else {
$this->tpl->assign('cps', ConfusaConstants::$LINK_ESCIENCE_CPS);
}
Logger::log_event(LOG_INFO, "User acknowledged session: " . CS::getSessionKey('hasAcceptedAUP'));
$this->tpl->assign('aup_session_state', CS::getSessionKey('hasAcceptedAUP'));
$this->tpl->assign('privacy_notice_text', $this->person->getNREN()->getPrivacyNotice($this->person));
$this->tpl->assign('content', $this->tpl->fetch('confirm_aup.tpl'));
}
/**
* Display CSR generation choices. Fail if user has not accepted AUP
* or number of registered e-mail addresses does not match the number
* mandated by the NREN.
* @see Content_Page::process()
*/
function process()
{
if (CS::getSessionKey('hasAcceptedAUP') !== true) {
Framework::error_output($this->translateTag("l10n_err_aupagreement", "processcsr"));
return;
}
$numberRequiredEmails = $this->person->getNREN()->getEnableEmail();
switch ($numberRequiredEmails) {
case 'n':
case '0':
break;
case '1':
case 'm':
$numberEmails = count($this->person->getRegCertEmails());
if ($numberEmails < 1) {
Framework::error_output($this->translateTag('l10n_err_emailmissing', 'processcsr'));
$this->tpl->assign('disable_next_button', true);
}
break;
default:
break;
}
if (isset($_GET['show'])) {
switch ($_GET['show']) {
case 'upload_csr':
/* FIXME: constants */
$this->tpl->assign('nextScript', 'upload_csr.php');
$this->tpl->assign('upload_csr', true);
break;
case 'paste_csr':
$this->tpl->assign('nextScript', 'upload_csr.php');
$this->tpl->assign('paste_csr', true);
break;
default:
$this->tpl->assign('nextScript', 'browser_csr.php');
$this->tpl->assign('browser_csr', true);
break;
}
} else {
$this->tpl->assign('nextScript', 'browser_csr.php');
$this->tpl->assign('browser_csr', true);
}
$user_cert_enabled = $this->person->testEntitlementAttribute(Config::get_config('entitlement_user'));
$this->tpl->assign('user_cert_enabled', $user_cert_enabled);
$this->tpl->assign('content', $this->tpl->fetch('receive_csr.tpl'));
}
public function process()
{
if (CS::getSessionKey('hasAcceptedAUP') !== true) {
Framework::error_output($this->translateTag('l10n_err_aupagreement', 'processcsr'));
return;
}
$user_cert_enabled = $this->person->testEntitlementAttribute(Config::get_config('entitlement_user'));
$this->tpl->assign('user_cert_enabled', $user_cert_enabled);
$this->tpl->assign('finalDN', $this->ca->getFullDN());
$this->tpl->assign('dn', $this->ca->getBrowserFriendlyDN());
if ((int) Config::get_config('ca_mode') == CA_COMODO) {
$this->tpl->assign('dn', $this->ca->getBrowserFriendlyDN(true));
}
$this->tpl->assign('default_keysize', Config::get_config('default_key_length'));
$this->tpl->assign('min_keysize', Config::get_config('min_key_length'));
$ua = Output::getUserAgent();
switch ($ua) {
case "msie_post_vista":
$this->tpl->assign('content', $this->tpl->fetch('browser_csr/vista7.tpl'));
break;
case "msie_pre_vista":
$this->tpl->assign('content', $this->tpl->fetch('browser_csr/xp2003.tpl'));
break;
case "chrome":
case "safari":
case "opera":
case "mozilla":
$this->tpl->assign('content', $this->tpl->fetch('browser_csr/keygen.tpl'));
break;
case "other":
$this->tpl->assign('content', $this->tpl->fetch('browser_csr/unsupported.tpl'));
break;
default:
$this->tpl->assign('content', $this->tpl->fetch('browser_csr/unsupported.tpl'));
break;
}
}
function _cnzzTrackPageView($siteId)
{
$cs = new CS($siteId);
return $cs->trackPageView();
}
public function process()
{
if (!$this->person->isAuth()) {
error_msg("This is an impossible condition. How did you get in here?");
return;
}
$subscriber = $this->person->getSubscriber();
if (empty($subscriber) || !$subscriber->isSubscribed()) {
$this->tpl->assign('not_subscribed_header', $this->translateTag('l10n_not_sub_header', 'messages'));
$this->tpl->assign('not_subscribed_1', $this->translateTag('l10n_not_sub_1', 'messages'));
$this->tpl->assign('not_subscribed_2', $this->translateTag('l10n_not_sub_2', 'messages'));
$this->tpl->assign('content', $this->tpl->fetch('errors/unsubscribed.tpl'));
return;
}
/* test and handle flags */
$this->processDBCert();
try {
$certList = $this->ca->getCertList($this->showAll);
/* sort the revoked certificates after the active certificates */
$revoked = array_filter($certList, array($this, 'revokedFilter'));
$non_revoked = array_diff_assoc($certList, $revoked);
$certList = $non_revoked + $revoked;
$this->tpl->assign('certList', $certList);
$this->tpl->assign('showAll', $this->showAll);
$this->tpl->assign('defaultDays', Config::get_config('capi_default_cert_poll_days'));
} catch (ConfusaGenException $e) {
Framework::error_output($this->translateMessageTag('downl_err_db') . " " . $e->getMessage());
}
/* animate the user to install the root certificate in personal mode,
* so Thunderbird will fully trust the certs when using them in S/MIME
*/
if (Config::get_config('cert_product') == PRD_PERSONAL) {
$this->tpl->assign('ca_certificate', ConfusaConstants::$CAPI_PERSONAL_ROOT_CERT);
}
/* coming from browser signing - hint the user to install the cert */
$browserCertOrderNumber = CS::getSessionKey("browserCert");
if (isset($browserCertOrderNumber)) {
CS::deleteSessionKey('browserCert');
$this->tpl->assign('newBrowserCert', $browserCertOrderNumber);
}
$this->tpl->assign('permission', $this->person->mayRequestCertificate());
$this->tpl->assign('standalone', Config::get_config('ca_mode') === CA_STANDALONE);
$this->tpl->assign('content', $this->tpl->fetch('download_certificate.tpl'));
}
public function revokeCert($key, $reason)
{
$key = $this->transformToOrderNumber($key);
$return_res = NULL;
Logger::log_event(LOG_NOTICE, "Revoking certificate with order number " . $key . " using Comodo's auto-revoke-API. " . $this->owner_string);
$revoke_endpoint = ConfusaConstants::$CAPI_REVOKE_ENDPOINT;
$postfields_revoke = $this->bs_pf();
$postfields_revoke["revocationReason"] = $reason;
$postfields_revoke["orderNumber"] = $key;
$postfields_revoke["includeInCRL"] = 'Y';
/* will not revoke test certificates? */
if (Config::get_config('capi_test')) {
Logger::log_event(LOG_DEBUG, "CA_C: in test-mode");
$postfields_revoke["test"] = 'Y';
}
$data = CurlWrapper::curlContact($revoke_endpoint, "post", $postfields_revoke);
/* try to catch all kinds of errors that can happen when connecting */
if ($data === FALSE) {
Logger::log_event(LOG_NOTICE, "[CA_C]: Could not connect to revoke-API. Check configuration.");
throw new CGE_ComodoAPIException("Could not connect to revoke-API! " . "Check Confusa configuration!\n");
} else {
$error_parts = explode("\n", $data, 2);
$STATUS_OK = "0";
if (!is_numeric($error_parts[0])) {
throw new CGE_ComodoAPIException("Received an unexpected response from " . "the remote API. Probably Confusa is " . "misconfigured! Please contact an " . "administrator!");
}
switch ($error_parts[0]) {
case $STATUS_OK:
CS::deleteSessionKey('rawCertList');
Logger::log_event(LOG_NOTICE, "Revoked certificate with " . "order number {$key} using Comodo's AutoRevoke " . "API. " . $this->owner_string);
return true;
break;
default:
$msg = $this->capiErrorMessage($error_parts[0], $error_parts[1]);
Logger::log_event(LOG_ERR, "Revocation of certificate with " . "order_number {$key} failed! " . $this->owner_string);
throw new CGE_ComodoAPIException("Received error message {$data}. {$msg}");
break;
}
}
}
private function retrieveRegCertEmails()
{
$em = CS::getSessionKey('CertEmails');
if (!is_null($em)) {
$emails = explode(", ", $em);
foreach ($emails as $email) {
$this->regCertEmail($email);
}
}
}
protected function remoteAccessiblePath($path, $type)
{
return str_replace(CS::getRoot() . '/' . $this->data['device'], 'http://' . $_SERVER['HTTP_HOST'] . '/' . $this->data['version'] . '/device:' . $this->data['device'] . '/pull/' . $type, $path);
}
header("Content-Type: text/plain");
echo "CodeSync server is currently working. This server supports the following versions:\n";
foreach (scandir(__DIR__) as $k => $v) {
$m = array();
if (preg_match("/v(.+).php/", $v, $m)) {
echo " - Version {$m[1]} \n";
}
}
exit;
}
foreach ($_REQUEST as $ind => $req) {
$inp[$ind] = $req;
}
if (isset($_FILES)) {
$inp['files'] = $_FILES;
}
$ver = CS::getCompatibilityVersion($inp['ver']);
if ($ver === false) {
echo "E\tCodesync version '{$inp['ver']}' does not exist.\n";
exit;
}
$cspath = __DIR__ . '/' . $ver . '.php';
if (file_exists($cspath)) {
require_once $cspath;
} else {
echo "E\tCodesync version '{$inp['ver']}' handler has not been found on the server although it should be present\n";
exit;
}
$query = array('version' => $ver, 'device' => $inp['dev'], 'operation' => $inp['op'], 'subject' => $inp['sub'], 'object' => $inp['obj']);
$cs = new CodeSync($query);
echo $cs->execute();
/**
* Display a list of distinguished names whose certificates will be revoked
* based on an uploaded CSV with a list of UIDs (e.g. eppns). Offer the
* possibility to revoke these certificates.
*
* @param $eppn_file string The name of the $_FILES parameter containining the
* CSV of unique identifiers
* @param $subscriber string The name of the subscriber by which the search is
* scoped
*
*/
private function search_list_display($eppn_file, $subscriber)
{
/* These can become a *lot* of auth_keys/order_numbers. Thus, save the list
* of auth_keys preferrably in the session, otherwise it will take forever
* to download the site and I am not sure if it is such a good idea to send
* an endless list of auth_keys as hidden parameters
* to the user and then from there back again with a POST to the server
*/
CS::deleteSessionKey('auth_keys');
$csvl = new CSV_Lib($eppn_file);
$eppn_list = $csvl->get_csv_entries();
$certs = array();
$auth_keys = array();
foreach ($eppn_list as $eppn) {
$eppn = Input::sanitizeEPPN($eppn);
$eppn_certs = $this->ca->getCertListForEPPN($eppn, $subscriber);
$certs = array_merge($certs, $eppn_certs);
}
if (count($certs) > 0) {
/* get the certificate owner/order number pairs into a ordering that
* permits us to send the order-numbers for each certificate owner
* to the revocation method */
foreach ($certs as $row) {
$owners[] = str_replace(",", ", ", $row['cert_owner']);
$auth_keys[] = $row['auth_key'];
}
$owners = array_unique($owners);
CS::setSessionKey('auth_keys', $auth_keys);
$this->tpl->assign('owners', $owners);
$this->tpl->assign('revoke_list', true);
$this->tpl->assign('nren_reasons', ConfusaConstants::$REVOCATION_REASONS);
$this->tpl->assign('selected', 'unspecified');
}
}
