public function pre_process($person) { parent::pre_process($person); $this->tpl->assign('extraScripts', array('js/jquery-1.6.1.min.js')); $this->tpl->assign('rawScript', file_get_contents('../include/rawToggleExpand.js')); /* need to confirm AUP only once per session */ if (isset($_POST['aup_box']) && $_POST['aup_box'] == "user_agreed") { CS::setSessionKey('hasAcceptedAUP', true); header("Location: select_email.php"); } }
public function pre_process($person) { parent::pre_process($person); $this->tpl->assign('extraScripts', array('js/jquery-1.6.1.min.js')); $this->tpl->assign('rawScript', file_get_contents('../include/rawToggleExpand.js')); if (isset($_GET['status_poll'])) { $order_number = Input::sanitizeCertKey($_GET['status_poll']); /* assign the order_number again */ $this->tpl->assign('order_number', $order_number); $this->tpl->assign('status_poll', true); $anticsrf = "anticsrf=" . Input::sanitizeAntiCSRFToken($_GET['anticsrf']); $this->tpl->assign('ganticsrf', $anticsrf); if ($this->ca->pollCertStatus($order_number)) { /* redirect to certificate download area */ CS::setSessionKey("browserCert", $order_number); header("Location: download_certificate.php"); } } /* when the key has been generated in the browser and the * resulting CSR has been uploaded to the server, we end up * here. */ if (isset($_POST['browserRequest'])) { $ua = Output::getUserAgent(); switch ($ua) { case "opera": case "safari": case "mozilla": case "chrome": $csr = new CSR_SPKAC(trim(Input::sanitizeBase64($_POST['browserRequest']))); break; case "msie_pre_vista": case "msie_post_vista": $csrContent = CSR::$PEM_PREFIX . "\n" . trim(Input::sanitizeBase64($_POST['browserRequest'])) . "\n" . CSR::$PEM_SUFFIX; $csr = new CSR_PKCS10($csrContent); break; } if (!empty($csr) && $csr->isValid()) { try { $order_number = $this->signCSR($csr); $this->tpl->assign('order_number', $order_number); } catch (KeySignException $kse) { Framework::error_output($this->translateTag('l10n_sign_error', 'processcsr') . "<br /><br />" . $kse->getMessage()); Logger::logEvent(LOG_WARNING, "CP_Browser_CSR", "pre_process()", "Could not sign CSR because of " . $kse->getMessage() . " User: "******"CP_Browser_CSR", "pre_process()", "Received browser-CSR that could not be parsed!" . " User: " . $this->person->getEPPN(), __LINE__); } } }
/** * Return an array with all the certificates obtained by the person managed by this * CA. * * Don't include expired, revoked and rejected certificates in the list * @param $showAll boolean retrieve all certificates (time limit does not apply) * @throws CGE_ComodoAPIException */ public function getCertList($getAll = false) { if ($getAll === true) { if (Config::get_config('capi_test') == true) { $days = ConfusaConstants::$CAPI_TEST_VALID_DAYS; } else { if (Config::get_config('cert_product') == PRD_PERSONAL) { $days = max(ConfusaConstants::$CAPI_VALID_PERSONAL); } else { $days = ConfusaConstants::$CAPI_VALID_ESCIENCE; } } } else { $days = Config::get_config('capi_default_cert_poll_days'); } /* * TODO: Refactor the whole mess - for instance by making a separate * "Certificate" class */ if ($this->cacheHasCertHistory($days)) { $res = CS::getSessionKey('rawCertList'); if (isset($res)) { /* apply local date filtering (much faster than querying again) */ if (!$getAll) { $filtered_res = array(); foreach ($res as $row) { if ($row['valid_from'] >= time() - $days * 24 * 3600) { $filtered_res[] = $row; } } return $filtered_res; } else { return $res; } } } $uid = $this->person->getEPPN(); $organization = 'O=' . $this->person->getSubscriber()->getOrgName(); $params = $this->capiGetEPPNCertList($uid, $days); $res = array(); $dates = array(); /* initiallize the array with a high value, so that the cache stays * valid very long if there are no certificates at all (ordering a * cert will invalidate it anyways) */ $dates[] = time(); $timezone = new DateTimeZone($this->person->getTimezone()); /* transfer the orders from the string representation in the response * to the array representation we use internally */ for ($i = 1; $i <= $params['noOfResults']; $i = $i + 1) { $status = $params[$i . "_1_status"]; $orderStatus = $params[$i . "_orderStatus"]; /* don't include expired certificates */ if ($status == "Expired" || $orderStatus == "Rejected") { continue; } $subject = $params[$i . '_1_subjectDN']; $dn_components = explode(',', $subject); /* don't return order number and the owner subject * if the organization is not present in the DN */ if (array_search($organization, $dn_components) === false) { continue; } if (isset($params[$i . '_1_notAfter'])) { /* for simplicity, format the time just as an SQL server would return it */ $valid_untill = $params[$i . '_1_notAfter']; $dt = new DateTime("@{$valid_untill}"); $dt->setTimezone($timezone); $valid_untill = $dt->format('Y-m-d H:i:s T'); $res[$i - 1]['valid_untill'] = $valid_untill; } $res[$i - 1]['order_number'] = $params[$i . '_orderNumber']; $res[$i - 1]['cert_owner'] = stripslashes($this->person->getX509ValidCN()); $res[$i - 1]['status'] = $status; if (isset($params[$i . '_1_notBefore'])) { $res[$i - 1]['valid_from'] = $params[$i . '_1_notBefore']; } else { $res[$i - 1]['valid_from'] = 0; } $dates[] = time() - $params[$i . '_dateTime']; } $this->cacheSetExpiryDate(min($dates)); CS::setSessionKey('rawCertList', $res); CS::setSessionKey('confusaCachedDays', $days); return $res; }
public function storeRegCertEmails() { if (!isset($this->certEmails)) { return null; } $emails = ""; foreach ($this->getRegCertEmails() as $email) { $emails .= $email . ", "; } $emails = substr($emails, 0, -2); CS::setSessionKey('CertEmails', $emails); }
/** * Display a list of distinguished names whose certificates will be revoked * based on an uploaded CSV with a list of UIDs (e.g. eppns). Offer the * possibility to revoke these certificates. * * @param $eppn_file string The name of the $_FILES parameter containining the * CSV of unique identifiers * @param $subscriber string The name of the subscriber by which the search is * scoped * */ private function search_list_display($eppn_file, $subscriber) { /* These can become a *lot* of auth_keys/order_numbers. Thus, save the list * of auth_keys preferrably in the session, otherwise it will take forever * to download the site and I am not sure if it is such a good idea to send * an endless list of auth_keys as hidden parameters * to the user and then from there back again with a POST to the server */ CS::deleteSessionKey('auth_keys'); $csvl = new CSV_Lib($eppn_file); $eppn_list = $csvl->get_csv_entries(); $certs = array(); $auth_keys = array(); foreach ($eppn_list as $eppn) { $eppn = Input::sanitizeEPPN($eppn); $eppn_certs = $this->ca->getCertListForEPPN($eppn, $subscriber); $certs = array_merge($certs, $eppn_certs); } if (count($certs) > 0) { /* get the certificate owner/order number pairs into a ordering that * permits us to send the order-numbers for each certificate owner * to the revocation method */ foreach ($certs as $row) { $owners[] = str_replace(",", ", ", $row['cert_owner']); $auth_keys[] = $row['auth_key']; } $owners = array_unique($owners); CS::setSessionKey('auth_keys', $auth_keys); $this->tpl->assign('owners', $owners); $this->tpl->assign('revoke_list', true); $this->tpl->assign('nren_reasons', ConfusaConstants::$REVOCATION_REASONS); $this->tpl->assign('selected', 'unspecified'); } }