public function process()
{
if (CS::getSessionKey('hasAcceptedAUP') !== true) {
Framework::error_output($this->translateTag("l10n_err_aupagreement", "processcsr"));
return;
}
if (isset($this->authKey)) {
/* redirect the user to the certificate download page */
header("Location: download_certificate.php");
exit(0);
} else {
if (isset($this->csr)) {
$this->tpl->assign('csrInspect', true);
$this->tpl->assign('subject', $this->csr->getSubject());
$this->tpl->assign('uploadedDate', $this->csr->getUploadedDate());
$this->tpl->assign('uploadedFromIP', $this->csr->getUploadedFromIP());
$this->tpl->assign('authToken', $this->csr->getAuthToken());
$this->tpl->assign('length', $this->csr->getLength());
$this->tpl->assign('legendTitle', $this->translateTag('l10n_legend_pastedcsr', 'processcsr'));
$this->tpl->assign('finalDN', $this->ca->getFullDN());
$this->tpl->assign('content', $this->tpl->fetch('upload_csr.tpl'));
} else {
Framework::error_output($this->translateTag('l10n_err_procuploaded', 'processcsr'));
}
}
}
function process()
{
if (CS::getSessionKey('hasAcceptedAUP') !== true) {
Framework::error_output($this->translateTag("l10n_err_aupagreement", "processcsr"));
return;
}
$user_cert_enabled = $this->person->testEntitlementAttribute(Config::get_config('entitlement_user'));
$this->tpl->assign('email_status', $this->person->getNREN()->getEnableEmail());
$this->tpl->assign('user_cert_enabled', $user_cert_enabled);
$this->tpl->assign('content', $this->tpl->fetch('select_email.tpl'));
}
public function process()
{
if (Config::get_config('cert_product') == PRD_PERSONAL) {
$this->tpl->assign('cps', ConfusaConstants::$LINK_PERSONAL_CPS);
} else {
$this->tpl->assign('cps', ConfusaConstants::$LINK_ESCIENCE_CPS);
}
Logger::log_event(LOG_INFO, "User acknowledged session: " . CS::getSessionKey('hasAcceptedAUP'));
$this->tpl->assign('aup_session_state', CS::getSessionKey('hasAcceptedAUP'));
$this->tpl->assign('privacy_notice_text', $this->person->getNREN()->getPrivacyNotice($this->person));
$this->tpl->assign('content', $this->tpl->fetch('confirm_aup.tpl'));
}
/**
* Display CSR generation choices. Fail if user has not accepted AUP
* or number of registered e-mail addresses does not match the number
* mandated by the NREN.
* @see Content_Page::process()
*/
function process()
{
if (CS::getSessionKey('hasAcceptedAUP') !== true) {
Framework::error_output($this->translateTag("l10n_err_aupagreement", "processcsr"));
return;
}
$numberRequiredEmails = $this->person->getNREN()->getEnableEmail();
switch ($numberRequiredEmails) {
case 'n':
case '0':
break;
case '1':
case 'm':
$numberEmails = count($this->person->getRegCertEmails());
if ($numberEmails < 1) {
Framework::error_output($this->translateTag('l10n_err_emailmissing', 'processcsr'));
$this->tpl->assign('disable_next_button', true);
}
break;
default:
break;
}
if (isset($_GET['show'])) {
switch ($_GET['show']) {
case 'upload_csr':
/* FIXME: constants */
$this->tpl->assign('nextScript', 'upload_csr.php');
$this->tpl->assign('upload_csr', true);
break;
case 'paste_csr':
$this->tpl->assign('nextScript', 'upload_csr.php');
$this->tpl->assign('paste_csr', true);
break;
default:
$this->tpl->assign('nextScript', 'browser_csr.php');
$this->tpl->assign('browser_csr', true);
break;
}
} else {
$this->tpl->assign('nextScript', 'browser_csr.php');
$this->tpl->assign('browser_csr', true);
}
$user_cert_enabled = $this->person->testEntitlementAttribute(Config::get_config('entitlement_user'));
$this->tpl->assign('user_cert_enabled', $user_cert_enabled);
$this->tpl->assign('content', $this->tpl->fetch('receive_csr.tpl'));
}
public function process()
{
if (CS::getSessionKey('hasAcceptedAUP') !== true) {
Framework::error_output($this->translateTag('l10n_err_aupagreement', 'processcsr'));
return;
}
$user_cert_enabled = $this->person->testEntitlementAttribute(Config::get_config('entitlement_user'));
$this->tpl->assign('user_cert_enabled', $user_cert_enabled);
$this->tpl->assign('finalDN', $this->ca->getFullDN());
$this->tpl->assign('dn', $this->ca->getBrowserFriendlyDN());
if ((int) Config::get_config('ca_mode') == CA_COMODO) {
$this->tpl->assign('dn', $this->ca->getBrowserFriendlyDN(true));
}
$this->tpl->assign('default_keysize', Config::get_config('default_key_length'));
$this->tpl->assign('min_keysize', Config::get_config('min_key_length'));
$ua = Output::getUserAgent();
switch ($ua) {
case "msie_post_vista":
$this->tpl->assign('content', $this->tpl->fetch('browser_csr/vista7.tpl'));
break;
case "msie_pre_vista":
$this->tpl->assign('content', $this->tpl->fetch('browser_csr/xp2003.tpl'));
break;
case "chrome":
case "safari":
case "opera":
case "mozilla":
$this->tpl->assign('content', $this->tpl->fetch('browser_csr/keygen.tpl'));
break;
case "other":
$this->tpl->assign('content', $this->tpl->fetch('browser_csr/unsupported.tpl'));
break;
default:
$this->tpl->assign('content', $this->tpl->fetch('browser_csr/unsupported.tpl'));
break;
}
}
public function process()
{
if (!$this->person->isAuth()) {
error_msg("This is an impossible condition. How did you get in here?");
return;
}
$subscriber = $this->person->getSubscriber();
if (empty($subscriber) || !$subscriber->isSubscribed()) {
$this->tpl->assign('not_subscribed_header', $this->translateTag('l10n_not_sub_header', 'messages'));
$this->tpl->assign('not_subscribed_1', $this->translateTag('l10n_not_sub_1', 'messages'));
$this->tpl->assign('not_subscribed_2', $this->translateTag('l10n_not_sub_2', 'messages'));
$this->tpl->assign('content', $this->tpl->fetch('errors/unsubscribed.tpl'));
return;
}
/* test and handle flags */
$this->processDBCert();
try {
$certList = $this->ca->getCertList($this->showAll);
/* sort the revoked certificates after the active certificates */
$revoked = array_filter($certList, array($this, 'revokedFilter'));
$non_revoked = array_diff_assoc($certList, $revoked);
$certList = $non_revoked + $revoked;
$this->tpl->assign('certList', $certList);
$this->tpl->assign('showAll', $this->showAll);
$this->tpl->assign('defaultDays', Config::get_config('capi_default_cert_poll_days'));
} catch (ConfusaGenException $e) {
Framework::error_output($this->translateMessageTag('downl_err_db') . " " . $e->getMessage());
}
/* animate the user to install the root certificate in personal mode,
* so Thunderbird will fully trust the certs when using them in S/MIME
*/
if (Config::get_config('cert_product') == PRD_PERSONAL) {
$this->tpl->assign('ca_certificate', ConfusaConstants::$CAPI_PERSONAL_ROOT_CERT);
}
/* coming from browser signing - hint the user to install the cert */
$browserCertOrderNumber = CS::getSessionKey("browserCert");
if (isset($browserCertOrderNumber)) {
CS::deleteSessionKey('browserCert');
$this->tpl->assign('newBrowserCert', $browserCertOrderNumber);
}
$this->tpl->assign('permission', $this->person->mayRequestCertificate());
$this->tpl->assign('standalone', Config::get_config('ca_mode') === CA_STANDALONE);
$this->tpl->assign('content', $this->tpl->fetch('download_certificate.tpl'));
}
/**
* Return an array with all the certificates obtained by the person managed by this
* CA.
*
* Don't include expired, revoked and rejected certificates in the list
* @param $showAll boolean retrieve all certificates (time limit does not apply)
* @throws CGE_ComodoAPIException
*/
public function getCertList($getAll = false)
{
if ($getAll === true) {
if (Config::get_config('capi_test') == true) {
$days = ConfusaConstants::$CAPI_TEST_VALID_DAYS;
} else {
if (Config::get_config('cert_product') == PRD_PERSONAL) {
$days = max(ConfusaConstants::$CAPI_VALID_PERSONAL);
} else {
$days = ConfusaConstants::$CAPI_VALID_ESCIENCE;
}
}
} else {
$days = Config::get_config('capi_default_cert_poll_days');
}
/*
* TODO: Refactor the whole mess - for instance by making a separate
* "Certificate" class
*/
if ($this->cacheHasCertHistory($days)) {
$res = CS::getSessionKey('rawCertList');
if (isset($res)) {
/* apply local date filtering (much faster than querying again) */
if (!$getAll) {
$filtered_res = array();
foreach ($res as $row) {
if ($row['valid_from'] >= time() - $days * 24 * 3600) {
$filtered_res[] = $row;
}
}
return $filtered_res;
} else {
return $res;
}
}
}
$uid = $this->person->getEPPN();
$organization = 'O=' . $this->person->getSubscriber()->getOrgName();
$params = $this->capiGetEPPNCertList($uid, $days);
$res = array();
$dates = array();
/* initiallize the array with a high value, so that the cache stays
* valid very long if there are no certificates at all (ordering a
* cert will invalidate it anyways) */
$dates[] = time();
$timezone = new DateTimeZone($this->person->getTimezone());
/* transfer the orders from the string representation in the response
* to the array representation we use internally */
for ($i = 1; $i <= $params['noOfResults']; $i = $i + 1) {
$status = $params[$i . "_1_status"];
$orderStatus = $params[$i . "_orderStatus"];
/* don't include expired certificates */
if ($status == "Expired" || $orderStatus == "Rejected") {
continue;
}
$subject = $params[$i . '_1_subjectDN'];
$dn_components = explode(',', $subject);
/* don't return order number and the owner subject
* if the organization is not present in the DN
*/
if (array_search($organization, $dn_components) === false) {
continue;
}
if (isset($params[$i . '_1_notAfter'])) {
/* for simplicity, format the time just as an SQL server would return it */
$valid_untill = $params[$i . '_1_notAfter'];
$dt = new DateTime("@{$valid_untill}");
$dt->setTimezone($timezone);
$valid_untill = $dt->format('Y-m-d H:i:s T');
$res[$i - 1]['valid_untill'] = $valid_untill;
}
$res[$i - 1]['order_number'] = $params[$i . '_orderNumber'];
$res[$i - 1]['cert_owner'] = stripslashes($this->person->getX509ValidCN());
$res[$i - 1]['status'] = $status;
if (isset($params[$i . '_1_notBefore'])) {
$res[$i - 1]['valid_from'] = $params[$i . '_1_notBefore'];
} else {
$res[$i - 1]['valid_from'] = 0;
}
$dates[] = time() - $params[$i . '_dateTime'];
}
$this->cacheSetExpiryDate(min($dates));
CS::setSessionKey('rawCertList', $res);
CS::setSessionKey('confusaCachedDays', $days);
return $res;
}
private function retrieveRegCertEmails()
{
$em = CS::getSessionKey('CertEmails');
if (!is_null($em)) {
$emails = explode(", ", $em);
foreach ($emails as $email) {
$this->regCertEmail($email);
}
}
}
/**
* Revoke a list of certificates possibly belonging to more than one end-entity
* based on an array of auth_keys stored in the session. Based on the number of
* certificates that are going to be revoked, this may take some time.
*
* @param string $reason The reason for revocation (as in RFC 3280)
*
*/
private function revoke_list($reason)
{
if (Config::get_config('ca_mode') === CA_COMODO && Config::get_config('capi_test') === true) {
Framework::message_output($this->translateTag('l10n_msg_revsim1', 'revocation'));
}
$auth_keys = CS::getSessionKey('auth_keys');
CS::deleteSessionKey('auth_keys');
if (is_null($auth_keys)) {
Framework::error_output("Lost session! Please log-out of Confusa, " . "log-in again and try again!\n");
return;
}
$num_certs = count($auth_keys);
$num_certs_revoked = 0;
Logger::log_event(LOG_INFO, "Trying to revoke {$num_certs} certificates." . "Administrator contacted us from " . $_SERVER['REMOTE_ADDR'] . " in a bulk (list) revocation request.");
foreach ($auth_keys as $auth_key) {
try {
if (!$this->ca->revokeCert($auth_key, $reason)) {
Framework::error_output("Could not revoke certificate " . htmlentities($auth_key) . ".");
} else {
$num_certs_revoked = $num_certs_revoked + 1;
}
} catch (ConfusaGenException $cge) {
Framework::error_output($cge->getMessage());
}
}
Logger::log_event(LOG_INFO, "Successfully revoked {$num_certs_revoked} certificates out of {$num_certs}. " . "Administrator contacted us from " . $_SERVER['REMOTE_ADDR'] . " in a bulk (list) revocation request.");
Framework::message_output($this->translateTag('l10n_suc_revoke1', 'revocation') . " " . $num_certs_revoked . " " . $this->translateTag('l10n_suc_revoke2', 'revocation') . " " . $num_certs);
}
