public function pre_process($person)
{
parent::pre_process($person);
$this->tpl->assign('extraScripts', array('js/jquery-1.6.1.min.js'));
$this->tpl->assign('rawScript', file_get_contents('../include/rawToggleExpand.js'));
/* need to confirm AUP only once per session */
if (isset($_POST['aup_box']) && $_POST['aup_box'] == "user_agreed") {
CS::setSessionKey('hasAcceptedAUP', true);
header("Location: select_email.php");
}
}
public function pre_process($person)
{
parent::pre_process($person);
$this->tpl->assign('extraScripts', array('js/jquery-1.6.1.min.js'));
$this->tpl->assign('rawScript', file_get_contents('../include/rawToggleExpand.js'));
if (isset($_GET['status_poll'])) {
$order_number = Input::sanitizeCertKey($_GET['status_poll']);
/* assign the order_number again */
$this->tpl->assign('order_number', $order_number);
$this->tpl->assign('status_poll', true);
$anticsrf = "anticsrf=" . Input::sanitizeAntiCSRFToken($_GET['anticsrf']);
$this->tpl->assign('ganticsrf', $anticsrf);
if ($this->ca->pollCertStatus($order_number)) {
/* redirect to certificate download area */
CS::setSessionKey("browserCert", $order_number);
header("Location: download_certificate.php");
}
}
/* when the key has been generated in the browser and the
* resulting CSR has been uploaded to the server, we end up
* here.
*/
if (isset($_POST['browserRequest'])) {
$ua = Output::getUserAgent();
switch ($ua) {
case "opera":
case "safari":
case "mozilla":
case "chrome":
$csr = new CSR_SPKAC(trim(Input::sanitizeBase64($_POST['browserRequest'])));
break;
case "msie_pre_vista":
case "msie_post_vista":
$csrContent = CSR::$PEM_PREFIX . "\n" . trim(Input::sanitizeBase64($_POST['browserRequest'])) . "\n" . CSR::$PEM_SUFFIX;
$csr = new CSR_PKCS10($csrContent);
break;
}
if (!empty($csr) && $csr->isValid()) {
try {
$order_number = $this->signCSR($csr);
$this->tpl->assign('order_number', $order_number);
} catch (KeySignException $kse) {
Framework::error_output($this->translateTag('l10n_sign_error', 'processcsr') . "<br /><br />" . $kse->getMessage());
Logger::logEvent(LOG_WARNING, "CP_Browser_CSR", "pre_process()", "Could not sign CSR because of " . $kse->getMessage() . " User: "******"CP_Browser_CSR", "pre_process()", "Received browser-CSR that could not be parsed!" . " User: " . $this->person->getEPPN(), __LINE__);
}
}
}
/**
* Return an array with all the certificates obtained by the person managed by this
* CA.
*
* Don't include expired, revoked and rejected certificates in the list
* @param $showAll boolean retrieve all certificates (time limit does not apply)
* @throws CGE_ComodoAPIException
*/
public function getCertList($getAll = false)
{
if ($getAll === true) {
if (Config::get_config('capi_test') == true) {
$days = ConfusaConstants::$CAPI_TEST_VALID_DAYS;
} else {
if (Config::get_config('cert_product') == PRD_PERSONAL) {
$days = max(ConfusaConstants::$CAPI_VALID_PERSONAL);
} else {
$days = ConfusaConstants::$CAPI_VALID_ESCIENCE;
}
}
} else {
$days = Config::get_config('capi_default_cert_poll_days');
}
/*
* TODO: Refactor the whole mess - for instance by making a separate
* "Certificate" class
*/
if ($this->cacheHasCertHistory($days)) {
$res = CS::getSessionKey('rawCertList');
if (isset($res)) {
/* apply local date filtering (much faster than querying again) */
if (!$getAll) {
$filtered_res = array();
foreach ($res as $row) {
if ($row['valid_from'] >= time() - $days * 24 * 3600) {
$filtered_res[] = $row;
}
}
return $filtered_res;
} else {
return $res;
}
}
}
$uid = $this->person->getEPPN();
$organization = 'O=' . $this->person->getSubscriber()->getOrgName();
$params = $this->capiGetEPPNCertList($uid, $days);
$res = array();
$dates = array();
/* initiallize the array with a high value, so that the cache stays
* valid very long if there are no certificates at all (ordering a
* cert will invalidate it anyways) */
$dates[] = time();
$timezone = new DateTimeZone($this->person->getTimezone());
/* transfer the orders from the string representation in the response
* to the array representation we use internally */
for ($i = 1; $i <= $params['noOfResults']; $i = $i + 1) {
$status = $params[$i . "_1_status"];
$orderStatus = $params[$i . "_orderStatus"];
/* don't include expired certificates */
if ($status == "Expired" || $orderStatus == "Rejected") {
continue;
}
$subject = $params[$i . '_1_subjectDN'];
$dn_components = explode(',', $subject);
/* don't return order number and the owner subject
* if the organization is not present in the DN
*/
if (array_search($organization, $dn_components) === false) {
continue;
}
if (isset($params[$i . '_1_notAfter'])) {
/* for simplicity, format the time just as an SQL server would return it */
$valid_untill = $params[$i . '_1_notAfter'];
$dt = new DateTime("@{$valid_untill}");
$dt->setTimezone($timezone);
$valid_untill = $dt->format('Y-m-d H:i:s T');
$res[$i - 1]['valid_untill'] = $valid_untill;
}
$res[$i - 1]['order_number'] = $params[$i . '_orderNumber'];
$res[$i - 1]['cert_owner'] = stripslashes($this->person->getX509ValidCN());
$res[$i - 1]['status'] = $status;
if (isset($params[$i . '_1_notBefore'])) {
$res[$i - 1]['valid_from'] = $params[$i . '_1_notBefore'];
} else {
$res[$i - 1]['valid_from'] = 0;
}
$dates[] = time() - $params[$i . '_dateTime'];
}
$this->cacheSetExpiryDate(min($dates));
CS::setSessionKey('rawCertList', $res);
CS::setSessionKey('confusaCachedDays', $days);
return $res;
}
public function storeRegCertEmails()
{
if (!isset($this->certEmails)) {
return null;
}
$emails = "";
foreach ($this->getRegCertEmails() as $email) {
$emails .= $email . ", ";
}
$emails = substr($emails, 0, -2);
CS::setSessionKey('CertEmails', $emails);
}
/**
* Display a list of distinguished names whose certificates will be revoked
* based on an uploaded CSV with a list of UIDs (e.g. eppns). Offer the
* possibility to revoke these certificates.
*
* @param $eppn_file string The name of the $_FILES parameter containining the
* CSV of unique identifiers
* @param $subscriber string The name of the subscriber by which the search is
* scoped
*
*/
private function search_list_display($eppn_file, $subscriber)
{
/* These can become a *lot* of auth_keys/order_numbers. Thus, save the list
* of auth_keys preferrably in the session, otherwise it will take forever
* to download the site and I am not sure if it is such a good idea to send
* an endless list of auth_keys as hidden parameters
* to the user and then from there back again with a POST to the server
*/
CS::deleteSessionKey('auth_keys');
$csvl = new CSV_Lib($eppn_file);
$eppn_list = $csvl->get_csv_entries();
$certs = array();
$auth_keys = array();
foreach ($eppn_list as $eppn) {
$eppn = Input::sanitizeEPPN($eppn);
$eppn_certs = $this->ca->getCertListForEPPN($eppn, $subscriber);
$certs = array_merge($certs, $eppn_certs);
}
if (count($certs) > 0) {
/* get the certificate owner/order number pairs into a ordering that
* permits us to send the order-numbers for each certificate owner
* to the revocation method */
foreach ($certs as $row) {
$owners[] = str_replace(",", ", ", $row['cert_owner']);
$auth_keys[] = $row['auth_key'];
}
$owners = array_unique($owners);
CS::setSessionKey('auth_keys', $auth_keys);
$this->tpl->assign('owners', $owners);
$this->tpl->assign('revoke_list', true);
$this->tpl->assign('nren_reasons', ConfusaConstants::$REVOCATION_REASONS);
$this->tpl->assign('selected', 'unspecified');
}
}
