Example #1
0
 function pre_process($person)
 {
     parent::pre_process($person);
     /* can be received when pressing "Back" on the CSR-signing overview */
     if (isset($_POST['deleteCSR'])) {
         $authToken = Input::sanitizeCertKey($_POST['deleteCSR']);
         CSR::deleteFromDB($person, $authToken);
         return;
     }
     $this->tpl->assign('extraScripts', array('js/jquery-1.6.1.min.js'));
     $this->tpl->assign('rawScript', file_get_contents('../include/rawToggleExpand.js'));
     $emailsDesiredByNREN = $this->person->getNREN()->getEnableEmail();
     $registeredPersonMails = $this->person->getNumEmails();
     /** e-mail selection was skipped */
     if (isset($_GET['skipped_email']) && $_GET['skipped_email'] == 'yes') {
         $this->tpl->assign('skippedEmail', true);
         if (($emailsDesiredByNREN == '1' || $emailsDesiredByNREN == 'm') && $registeredPersonMails == 1) {
             $this->person->regCertEmail($this->person->getEmail());
             $this->person->storeRegCertEmails();
         }
     } else {
         if (isset($_POST['subjAltName_email']) && is_array($_POST['subjAltName_email'])) {
             foreach ($_POST['subjAltName_email'] as $key => $value) {
                 Logger::logEvent(LOG_INFO, "CP_Select_Email", "pre_process()", "User " . $this->person->getEPPN() . ", registering " . "the following e-mail: " . $value);
                 $this->person->regCertEmail(Input::sanitizeText($value));
             }
             $this->person->storeRegCertEmails();
         }
     }
 }
 public function pre_process($person)
 {
     parent::pre_process($person);
     $res = false;
     if ($this->person->isAuth()) {
         if (isset($_GET['file_cert'])) {
             $authKey = Input::sanitizeCertKey($_GET['file_cert']);
             try {
                 $cert = $this->ca->getCert($authKey);
                 if (isset($cert) && $cert->isValid()) {
                     include 'file_download.php';
                     download_file($cert->getPEMContent(), 'usercert.pem');
                     exit(0);
                 }
             } catch (ConfusaGenException $cge) {
                 Framework::error_output($this->translateMessageTag('downl_err_nodownload') . " " . htmlentities($cge->getMessage()));
             }
         } else {
             if (isset($_GET['cert_status'])) {
                 $this->pollCertStatusAJAX(Input::sanitizeCertKey($_GET['cert_status']));
             } else {
                 if (isset($_GET['certlist_all'])) {
                     $this->showAll = $_GET['certlist_all'] == "true";
                 } else {
                     if (isset($_GET['revoke']) && $_GET['revoke'] == 'revoke_single') {
                         $order_number = Input::sanitizeCertKey($_GET['order_number']);
                         /* sanitized by checking inclusion in the REVOCATION_REASONS
                          * array
                          */
                         if (!array_key_exists('reason', $_GET)) {
                             Framework::error_output($this->translateMessageTag('rev_err_singlenoreason'));
                             return;
                         }
                         $reason = Input::sanitizeText(trim($_GET['reason']));
                         try {
                             if (!isset($order_number) || !isset($reason)) {
                                 Framework::error_output("Revoke Certificate: Errors with parameters, not set properly");
                             } elseif (!$this->checkRevocationPermissions($order_number)) {
                                 Framework::error_output($this->translateMessageTag('rev_err_singlenoperm'));
                             } elseif (!$this->ca->revokeCert($order_number, $reason)) {
                                 Framework::error_output($this->translateMessageTag('rev_err_notyet1') . htmlentities($order_number) . $this->translateMessageTag('rev_err_notyet2') . htmlentities($reason));
                             } else {
                                 Framework::message_output($this->translateMessageTag('rev_suc_single1') . htmlentities($order_number) . $this->translateMessageTag('rev_suc_single2'));
                                 if (Config::get_config('ca_mode') === CA_COMODO && Config::get_config('capi_test') === true) {
                                     Framework::message_output($this->translateTag('l10n_msg_revsim1', 'revocation'));
                                 }
                             }
                         } catch (ConfusaGenException $cge) {
                             Framework::error_output($this->translateMessageTag('rev_err_singleunspec') . " " . htmlentities($cge->getMessage()));
                         }
                     }
                 }
             }
         }
     }
     return false;
 }
Example #3
0
 public function pre_process($person)
 {
     parent::pre_process($person);
     $this->tpl->assign('extraScripts', array('js/jquery-1.6.1.min.js'));
     $this->tpl->assign('rawScript', file_get_contents('../include/rawToggleExpand.js'));
     if (isset($_GET['status_poll'])) {
         $order_number = Input::sanitizeCertKey($_GET['status_poll']);
         /* assign the order_number again */
         $this->tpl->assign('order_number', $order_number);
         $this->tpl->assign('status_poll', true);
         $anticsrf = "anticsrf=" . Input::sanitizeAntiCSRFToken($_GET['anticsrf']);
         $this->tpl->assign('ganticsrf', $anticsrf);
         if ($this->ca->pollCertStatus($order_number)) {
             /* redirect to certificate download area */
             CS::setSessionKey("browserCert", $order_number);
             header("Location: download_certificate.php");
         }
     }
     /* when the key has been generated in the browser and the
      * resulting CSR has been uploaded to the server, we end up
      * here.
      */
     if (isset($_POST['browserRequest'])) {
         $ua = Output::getUserAgent();
         switch ($ua) {
             case "opera":
             case "safari":
             case "mozilla":
             case "chrome":
                 $csr = new CSR_SPKAC(trim(Input::sanitizeBase64($_POST['browserRequest'])));
                 break;
             case "msie_pre_vista":
             case "msie_post_vista":
                 $csrContent = CSR::$PEM_PREFIX . "\n" . trim(Input::sanitizeBase64($_POST['browserRequest'])) . "\n" . CSR::$PEM_SUFFIX;
                 $csr = new CSR_PKCS10($csrContent);
                 break;
         }
         if (!empty($csr) && $csr->isValid()) {
             try {
                 $order_number = $this->signCSR($csr);
                 $this->tpl->assign('order_number', $order_number);
             } catch (KeySignException $kse) {
                 Framework::error_output($this->translateTag('l10n_sign_error', 'processcsr') . "<br /><br />" . $kse->getMessage());
                 Logger::logEvent(LOG_WARNING, "CP_Browser_CSR", "pre_process()", "Could not sign CSR because of " . $kse->getMessage() . " User: "******"CP_Browser_CSR", "pre_process()", "Received browser-CSR that could not be parsed!" . " User: " . $this->person->getEPPN(), __LINE__);
         }
     }
 }
Example #4
0
 public function pre_process($person)
 {
     parent::pre_process($person);
     $authvar = "";
     $csr = null;
     if (isset($_POST['signCSR'])) {
         $this->signCSR(Input::sanitizeCertKey($_POST['signCSR']));
         return;
     }
     /* Testing for uploaded files */
     if (isset($_FILES['user_csr']['name'])) {
         try {
             $csr = CSRUpload::receiveUploadedCSR('user_csr', true);
         } catch (FileException $fileEx) {
             $msg = $this->translateTag('l10n_err_csrproc', 'processcsr');
             Framework::error_output($msg . $fileEx->getMessage());
             $this->csr = null;
             return;
         }
     } else {
         if (isset($_POST['user_csr'])) {
             try {
                 $csr = CSRUPload::receivePastedCSR('user_csr');
             } catch (ConfusaGenException $cge) {
                 $msg = $this->translateTag('l10n_err_no_csr', 'processcsr');
                 Framework::error_output($msg . $cg - e > getMessage());
                 $this->csr = null;
                 return;
             }
         } else {
             /* No CSR present, neither paste nor file, kindly bump user */
             Framework::error_output($this->translateTag('l10n_err_no_csr', 'processcsr'));
             return;
         }
     }
     if (!$csr->isValid()) {
         $msg = $this->translateTag('l10n_err_csrinvalid1', 'processcsr');
         $msg .= Config::get_config('min_key_length');
         $msg .= $this->translateTag('l10n_err_csrinvalid2', 'processcsr');
         Framework::error_output($msg);
         $this->csr = null;
         return;
     }
     if (Config::get_config('ca_mode') == CA_COMODO || match_dn($csr->getSubject(), $this->ca->getFullDN())) {
         $csr->setUploadedDate(date("Y-m-d H:i:s"));
         $csr->setUploadedFromIP($_SERVER['REMOTE_ADDR']);
         $csr->storeDB($this->person);
         $this->csr = $csr;
     }
 }
Example #5
0
 /**
  * Download a single certificate, identified by some sort of auth-key
  * (order-number, hash-like auth-key)
  * FIXME format currently ignored
  */
 public function processDownloadSingle()
 {
     /* FIXME return a separate status code if the certificate does not
      * exist (404), wait for better CA interface :)
      */
     /* FIXME return 202 if the cert is still being processed, wait for
      * a better CA interface for that */
     $auth_key = Input::sanitizeCertKey($this->parameters[0]);
     if (isset($this->parameters[1])) {
         $format = $this->parameters[1];
         if (array_search(strtoupper($format), $this->CERT_FORMATS) === FALSE) {
             $msg = "If you want to query for certificates, do HTTP GET on an URL like:\n";
             $msg .= "/api/certifificates.php/<auth-key>/<cert-format> where:\n";
             $msg .= "\t\t<auth-key>:\tUnique identifier of the certificate.\n";
             $msg .= "\t\t<cert-format>:\tThe format of the certificate, one of " . implode(",", $this->CERT_FORMATS) . "\n";
             $this->errorBadRequest($msg);
         }
     }
     $cert = $this->ca->getCert($auth_key);
     $certHash = hash("sha256", $cert);
     header("ETag: \"{$certHash}\"");
     echo "cert={$cert}";
     exit(0);
 }