function ca_inter_create(&$ca, $keylen, $lifetime, $dn, $caref, $digest_alg = 'sha256') { // Create Intermediate Certificate Authority $signing_ca =& lookup_ca($caref); if (!$signing_ca) { return false; } $signing_ca_res_crt = openssl_x509_read(base64_decode($signing_ca['crt'])); $signing_ca_res_key = openssl_pkey_get_private(array(0 => base64_decode($signing_ca['prv']), 1 => "")); if (!$signing_ca_res_crt || !$signing_ca_res_key) { return false; } $signing_ca_serial = ++$signing_ca['serial']; $args = array('config' => '/usr/local/etc/ssl/opnsense.cnf', 'private_key_type' => OPENSSL_KEYTYPE_RSA, 'private_key_bits' => (int) $keylen, 'x509_extensions' => 'v3_ca', 'digest_alg' => $digest_alg, 'encrypt_key' => false); // generate a new key pair $res_key = openssl_pkey_new($args); if (!$res_key) { return false; } // generate a certificate signing request $res_csr = openssl_csr_new($dn, $res_key, $args); if (!$res_csr) { return false; } // Sign the certificate $res_crt = openssl_csr_sign($res_csr, $signing_ca_res_crt, $signing_ca_res_key, $lifetime, $args, $signing_ca_serial); if (!$res_crt) { return false; } // export our certificate data if (!openssl_pkey_export($res_key, $str_key) || !openssl_x509_export($res_crt, $str_crt)) { return false; } // return our ca information $ca['crt'] = base64_encode($str_crt); $ca['caref'] = $caref; $ca['prv'] = base64_encode($str_key); $ca['serial'] = 0; return true; }
echo gettext("Server Certificate"); ?> </td> <td> <?php if (isset($config['cert'])) { ?> <select name='certref' class="form-control"> <?php foreach ($config['cert'] as $cert) { $selected = ""; $caname = ""; $inuse = ""; $revoked = ""; if (isset($cert['caref'])) { $ca = lookup_ca($cert['caref']); if (!empty($ca)) { $caname = " (CA: {$ca['descr']})"; } } if ($pconfig['certref'] == $cert['refid']) { $selected = "selected=\"selected\""; } if (cert_in_use($cert['refid'])) { $inuse = " *In Use"; } if (is_cert_revoked($cert)) { $revoked = " *Revoked"; } ?> <option value="<?php
<tbody> <?php foreach ($a_ca as $i => $ca) { $name = htmlspecialchars($ca['descr']); $subj = cert_get_subject($ca['crt']); $issuer = cert_get_issuer($ca['crt']); list($startdate, $enddate) = cert_get_dates($ca['crt']); if ($subj == $issuer) { $issuer_name = gettext("self-signed"); } else { $issuer_name = gettext("external"); } $subj = htmlspecialchars($subj); $issuer = htmlspecialchars($issuer); $certcount = 0; $issuer_ca = lookup_ca($ca['caref']); if ($issuer_ca) { $issuer_name = $issuer_ca['descr']; } foreach ($a_cert as $cert) { if ($cert['caref'] == $ca['refid']) { $certcount++; } } foreach ($a_ca as $cert) { if ($cert['caref'] == $ca['refid']) { $certcount++; } } ?> <tr>
function build_cert_table() { global $a_user, $id; $certhtml = '<div class="table-responsive">'; $certhtml .= '<table class="table table-striped table-hover table-condensed">'; $certhtml .= '<thead>'; $certhtml .= '<tr>'; $certhtml .= '<th>' . gettext('Name') . '</th>'; $certhtml .= '<th>' . gettext('CA') . '</th>'; $certhtml .= '<th></th>'; $certhtml .= '</tr>'; $certhtml .= '</thead>'; $certhtml .= '<tbody>'; $a_cert = $a_user[$id]['cert']; if (is_array($a_cert)) { $i = 0; foreach ($a_cert as $certref) { $cert = lookup_cert($certref); $ca = lookup_ca($cert['caref']); $revokedstr = is_cert_revoked($cert) ? '<b> Revoked</b>' : ''; $certhtml .= '<tr>'; $certhtml .= '<td>' . htmlspecialchars($cert['descr']) . $revokedstr . '</td>'; $certhtml .= '<td>' . htmlspecialchars($ca['descr']) . '</td>'; $certhtml .= '<td>'; $certhtml .= '<a id="delcert' . $i . '" class="fa fa-trash no-confirm icon-pointer" title="'; $certhtml .= gettext('Remove this certificate association? (Certificate will not be deleted)') . '"></a>'; $certhtml .= '</td>'; $certhtml .= '</tr>'; $i++; } } $certhtml .= '</tbody>'; $certhtml .= '</table>'; $certhtml .= '</div>'; $certhtml .= '<nav class="action-buttons">'; $certhtml .= '<a href="system_certmanager.php?act=new&userid=' . $id . '" class="btn btn-success">' . gettext("Add") . '</a>'; $certhtml .= '</nav>'; return $certhtml; }
function build_cert_list() { global $a_cert; $list = array('' => 'None (Username and/or Password required)'); foreach ($a_cert as $cert) { $caname = ""; $inuse = ""; $revoked = ""; $ca = lookup_ca($cert['caref']); if ($ca) { $caname = " (CA: {$ca['descr']})"; } if ($pconfig['certref'] == $cert['refid']) { $selected = "selected=\"selected\""; } if (cert_in_use($cert['refid'])) { $inuse = " *In Use"; } if (is_cert_revoked($cert)) { $revoked = " *Revoked"; } $list[$cert['refid']] = $cert['descr'] . $caname . $inuse . $revoked; } return $list; }