public function process() { if (CS::getSessionKey('hasAcceptedAUP') !== true) { Framework::error_output($this->translateTag("l10n_err_aupagreement", "processcsr")); return; } if (isset($this->authKey)) { /* redirect the user to the certificate download page */ header("Location: download_certificate.php"); exit(0); } else { if (isset($this->csr)) { $this->tpl->assign('csrInspect', true); $this->tpl->assign('subject', $this->csr->getSubject()); $this->tpl->assign('uploadedDate', $this->csr->getUploadedDate()); $this->tpl->assign('uploadedFromIP', $this->csr->getUploadedFromIP()); $this->tpl->assign('authToken', $this->csr->getAuthToken()); $this->tpl->assign('length', $this->csr->getLength()); $this->tpl->assign('legendTitle', $this->translateTag('l10n_legend_pastedcsr', 'processcsr')); $this->tpl->assign('finalDN', $this->ca->getFullDN()); $this->tpl->assign('content', $this->tpl->fetch('upload_csr.tpl')); } else { Framework::error_output($this->translateTag('l10n_err_procuploaded', 'processcsr')); } } }
function process() { if (CS::getSessionKey('hasAcceptedAUP') !== true) { Framework::error_output($this->translateTag("l10n_err_aupagreement", "processcsr")); return; } $user_cert_enabled = $this->person->testEntitlementAttribute(Config::get_config('entitlement_user')); $this->tpl->assign('email_status', $this->person->getNREN()->getEnableEmail()); $this->tpl->assign('user_cert_enabled', $user_cert_enabled); $this->tpl->assign('content', $this->tpl->fetch('select_email.tpl')); }
public function process() { if (Config::get_config('cert_product') == PRD_PERSONAL) { $this->tpl->assign('cps', ConfusaConstants::$LINK_PERSONAL_CPS); } else { $this->tpl->assign('cps', ConfusaConstants::$LINK_ESCIENCE_CPS); } Logger::log_event(LOG_INFO, "User acknowledged session: " . CS::getSessionKey('hasAcceptedAUP')); $this->tpl->assign('aup_session_state', CS::getSessionKey('hasAcceptedAUP')); $this->tpl->assign('privacy_notice_text', $this->person->getNREN()->getPrivacyNotice($this->person)); $this->tpl->assign('content', $this->tpl->fetch('confirm_aup.tpl')); }
/** * Display CSR generation choices. Fail if user has not accepted AUP * or number of registered e-mail addresses does not match the number * mandated by the NREN. * @see Content_Page::process() */ function process() { if (CS::getSessionKey('hasAcceptedAUP') !== true) { Framework::error_output($this->translateTag("l10n_err_aupagreement", "processcsr")); return; } $numberRequiredEmails = $this->person->getNREN()->getEnableEmail(); switch ($numberRequiredEmails) { case 'n': case '0': break; case '1': case 'm': $numberEmails = count($this->person->getRegCertEmails()); if ($numberEmails < 1) { Framework::error_output($this->translateTag('l10n_err_emailmissing', 'processcsr')); $this->tpl->assign('disable_next_button', true); } break; default: break; } if (isset($_GET['show'])) { switch ($_GET['show']) { case 'upload_csr': /* FIXME: constants */ $this->tpl->assign('nextScript', 'upload_csr.php'); $this->tpl->assign('upload_csr', true); break; case 'paste_csr': $this->tpl->assign('nextScript', 'upload_csr.php'); $this->tpl->assign('paste_csr', true); break; default: $this->tpl->assign('nextScript', 'browser_csr.php'); $this->tpl->assign('browser_csr', true); break; } } else { $this->tpl->assign('nextScript', 'browser_csr.php'); $this->tpl->assign('browser_csr', true); } $user_cert_enabled = $this->person->testEntitlementAttribute(Config::get_config('entitlement_user')); $this->tpl->assign('user_cert_enabled', $user_cert_enabled); $this->tpl->assign('content', $this->tpl->fetch('receive_csr.tpl')); }
public function process() { if (CS::getSessionKey('hasAcceptedAUP') !== true) { Framework::error_output($this->translateTag('l10n_err_aupagreement', 'processcsr')); return; } $user_cert_enabled = $this->person->testEntitlementAttribute(Config::get_config('entitlement_user')); $this->tpl->assign('user_cert_enabled', $user_cert_enabled); $this->tpl->assign('finalDN', $this->ca->getFullDN()); $this->tpl->assign('dn', $this->ca->getBrowserFriendlyDN()); if ((int) Config::get_config('ca_mode') == CA_COMODO) { $this->tpl->assign('dn', $this->ca->getBrowserFriendlyDN(true)); } $this->tpl->assign('default_keysize', Config::get_config('default_key_length')); $this->tpl->assign('min_keysize', Config::get_config('min_key_length')); $ua = Output::getUserAgent(); switch ($ua) { case "msie_post_vista": $this->tpl->assign('content', $this->tpl->fetch('browser_csr/vista7.tpl')); break; case "msie_pre_vista": $this->tpl->assign('content', $this->tpl->fetch('browser_csr/xp2003.tpl')); break; case "chrome": case "safari": case "opera": case "mozilla": $this->tpl->assign('content', $this->tpl->fetch('browser_csr/keygen.tpl')); break; case "other": $this->tpl->assign('content', $this->tpl->fetch('browser_csr/unsupported.tpl')); break; default: $this->tpl->assign('content', $this->tpl->fetch('browser_csr/unsupported.tpl')); break; } }
public function process() { if (!$this->person->isAuth()) { error_msg("This is an impossible condition. How did you get in here?"); return; } $subscriber = $this->person->getSubscriber(); if (empty($subscriber) || !$subscriber->isSubscribed()) { $this->tpl->assign('not_subscribed_header', $this->translateTag('l10n_not_sub_header', 'messages')); $this->tpl->assign('not_subscribed_1', $this->translateTag('l10n_not_sub_1', 'messages')); $this->tpl->assign('not_subscribed_2', $this->translateTag('l10n_not_sub_2', 'messages')); $this->tpl->assign('content', $this->tpl->fetch('errors/unsubscribed.tpl')); return; } /* test and handle flags */ $this->processDBCert(); try { $certList = $this->ca->getCertList($this->showAll); /* sort the revoked certificates after the active certificates */ $revoked = array_filter($certList, array($this, 'revokedFilter')); $non_revoked = array_diff_assoc($certList, $revoked); $certList = $non_revoked + $revoked; $this->tpl->assign('certList', $certList); $this->tpl->assign('showAll', $this->showAll); $this->tpl->assign('defaultDays', Config::get_config('capi_default_cert_poll_days')); } catch (ConfusaGenException $e) { Framework::error_output($this->translateMessageTag('downl_err_db') . " " . $e->getMessage()); } /* animate the user to install the root certificate in personal mode, * so Thunderbird will fully trust the certs when using them in S/MIME */ if (Config::get_config('cert_product') == PRD_PERSONAL) { $this->tpl->assign('ca_certificate', ConfusaConstants::$CAPI_PERSONAL_ROOT_CERT); } /* coming from browser signing - hint the user to install the cert */ $browserCertOrderNumber = CS::getSessionKey("browserCert"); if (isset($browserCertOrderNumber)) { CS::deleteSessionKey('browserCert'); $this->tpl->assign('newBrowserCert', $browserCertOrderNumber); } $this->tpl->assign('permission', $this->person->mayRequestCertificate()); $this->tpl->assign('standalone', Config::get_config('ca_mode') === CA_STANDALONE); $this->tpl->assign('content', $this->tpl->fetch('download_certificate.tpl')); }
/** * Return an array with all the certificates obtained by the person managed by this * CA. * * Don't include expired, revoked and rejected certificates in the list * @param $showAll boolean retrieve all certificates (time limit does not apply) * @throws CGE_ComodoAPIException */ public function getCertList($getAll = false) { if ($getAll === true) { if (Config::get_config('capi_test') == true) { $days = ConfusaConstants::$CAPI_TEST_VALID_DAYS; } else { if (Config::get_config('cert_product') == PRD_PERSONAL) { $days = max(ConfusaConstants::$CAPI_VALID_PERSONAL); } else { $days = ConfusaConstants::$CAPI_VALID_ESCIENCE; } } } else { $days = Config::get_config('capi_default_cert_poll_days'); } /* * TODO: Refactor the whole mess - for instance by making a separate * "Certificate" class */ if ($this->cacheHasCertHistory($days)) { $res = CS::getSessionKey('rawCertList'); if (isset($res)) { /* apply local date filtering (much faster than querying again) */ if (!$getAll) { $filtered_res = array(); foreach ($res as $row) { if ($row['valid_from'] >= time() - $days * 24 * 3600) { $filtered_res[] = $row; } } return $filtered_res; } else { return $res; } } } $uid = $this->person->getEPPN(); $organization = 'O=' . $this->person->getSubscriber()->getOrgName(); $params = $this->capiGetEPPNCertList($uid, $days); $res = array(); $dates = array(); /* initiallize the array with a high value, so that the cache stays * valid very long if there are no certificates at all (ordering a * cert will invalidate it anyways) */ $dates[] = time(); $timezone = new DateTimeZone($this->person->getTimezone()); /* transfer the orders from the string representation in the response * to the array representation we use internally */ for ($i = 1; $i <= $params['noOfResults']; $i = $i + 1) { $status = $params[$i . "_1_status"]; $orderStatus = $params[$i . "_orderStatus"]; /* don't include expired certificates */ if ($status == "Expired" || $orderStatus == "Rejected") { continue; } $subject = $params[$i . '_1_subjectDN']; $dn_components = explode(',', $subject); /* don't return order number and the owner subject * if the organization is not present in the DN */ if (array_search($organization, $dn_components) === false) { continue; } if (isset($params[$i . '_1_notAfter'])) { /* for simplicity, format the time just as an SQL server would return it */ $valid_untill = $params[$i . '_1_notAfter']; $dt = new DateTime("@{$valid_untill}"); $dt->setTimezone($timezone); $valid_untill = $dt->format('Y-m-d H:i:s T'); $res[$i - 1]['valid_untill'] = $valid_untill; } $res[$i - 1]['order_number'] = $params[$i . '_orderNumber']; $res[$i - 1]['cert_owner'] = stripslashes($this->person->getX509ValidCN()); $res[$i - 1]['status'] = $status; if (isset($params[$i . '_1_notBefore'])) { $res[$i - 1]['valid_from'] = $params[$i . '_1_notBefore']; } else { $res[$i - 1]['valid_from'] = 0; } $dates[] = time() - $params[$i . '_dateTime']; } $this->cacheSetExpiryDate(min($dates)); CS::setSessionKey('rawCertList', $res); CS::setSessionKey('confusaCachedDays', $days); return $res; }
private function retrieveRegCertEmails() { $em = CS::getSessionKey('CertEmails'); if (!is_null($em)) { $emails = explode(", ", $em); foreach ($emails as $email) { $this->regCertEmail($email); } } }
/** * Revoke a list of certificates possibly belonging to more than one end-entity * based on an array of auth_keys stored in the session. Based on the number of * certificates that are going to be revoked, this may take some time. * * @param string $reason The reason for revocation (as in RFC 3280) * */ private function revoke_list($reason) { if (Config::get_config('ca_mode') === CA_COMODO && Config::get_config('capi_test') === true) { Framework::message_output($this->translateTag('l10n_msg_revsim1', 'revocation')); } $auth_keys = CS::getSessionKey('auth_keys'); CS::deleteSessionKey('auth_keys'); if (is_null($auth_keys)) { Framework::error_output("Lost session! Please log-out of Confusa, " . "log-in again and try again!\n"); return; } $num_certs = count($auth_keys); $num_certs_revoked = 0; Logger::log_event(LOG_INFO, "Trying to revoke {$num_certs} certificates." . "Administrator contacted us from " . $_SERVER['REMOTE_ADDR'] . " in a bulk (list) revocation request."); foreach ($auth_keys as $auth_key) { try { if (!$this->ca->revokeCert($auth_key, $reason)) { Framework::error_output("Could not revoke certificate " . htmlentities($auth_key) . "."); } else { $num_certs_revoked = $num_certs_revoked + 1; } } catch (ConfusaGenException $cge) { Framework::error_output($cge->getMessage()); } } Logger::log_event(LOG_INFO, "Successfully revoked {$num_certs_revoked} certificates out of {$num_certs}. " . "Administrator contacted us from " . $_SERVER['REMOTE_ADDR'] . " in a bulk (list) revocation request."); Framework::message_output($this->translateTag('l10n_suc_revoke1', 'revocation') . " " . $num_certs_revoked . " " . $this->translateTag('l10n_suc_revoke2', 'revocation') . " " . $num_certs); }