kienan
/
AlternC
mirror of https://github.com/kienanstewart/AlternC.git
1
0
Fork 0
Code Issues Releases Wiki Activity

*space changes only*

This commit is contained in:
Benjamin Sonntag 2015-02-10 16:10:54 +01:00
parent 9025bcd78c
commit 06313e510a
9 changed files with 1035 additions and 1042 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
ssl/api/Ssl.php
View File

@ -3,18 +3,13 @@
/** /**
* SSL Api of AlternC, used by alternc-api package * SSL Api of AlternC, used by alternc-api package
*/ */
class Alternc_Api_Object_Ssl { class Alternc_Api_Object_Ssl extends Alternc_Api_Legacyobject {
const ERR_INVALID_ARGUMENT = 11151901; protected $ssl;
const ERR_ALTERNC_FUNCTION = 11151902;
function __construct($service) { function __construct($service) {
global $ssl,$cuid; global $ssl;
if (!($service instanceof Alternc_Api_Service)) { parent::__construct($service);
throw new \Exception("Bad argument: service is not an Alternc_Api_Service", self::ERR_INVALID_ARGUMENT);
}
// We store the global $cuid to AlternC legacy classes
$cuid=$service->token->uid;
// We use the global $ssl from AlternC legacy classes // We use the global $ssl from AlternC legacy classes
$this->ssl=$ssl; $this->ssl=$ssl;
} }
@ -189,14 +184,4 @@ class Alternc_Api_Object_Ssl {
/** return a proper Alternc_Api_Response from an error class and error string
* from AlternC legacy class
*/
private function alterncLegacyErrorManager() {
global $err;
return new Alternc_Api_Response( array("code" => self::ERR_ALTERNC_FUNCTION, "message" => "[".$err->clsid."] ".$err->error) );
}
} // class Alternc_Api_Object_Ssl } // class Alternc_Api_Object_Ssl

21
ssl/panel/admin/ssl_doimport.php
View File

@ -1,4 +1,5 @@
<?php <?php
/* /*
---------------------------------------------------------------------- ----------------------------------------------------------------------
AlternC - Web Hosting System AlternC - Web Hosting System
@ -22,31 +23,31 @@
Original Author of file: Benjamin Sonntag Original Author of file: Benjamin Sonntag
Purpose of file: Create / Import an SSL Certificate Purpose of file: Create / Import an SSL Certificate
---------------------------------------------------------------------- ----------------------------------------------------------------------
*/ */
require_once("../class/config.php"); require_once("../class/config.php");
if ( !isset($is_include) ) { if (!isset($is_include)) {
$fields = array ( $fields = array(
"key" => array ("post", "string", ""), "key" => array("post", "string", ""),
"crt" => array ("post", "string", ""), "crt" => array("post", "string", ""),
"chain" => array ("post", "string", ""), "chain" => array("post", "string", ""),
); );
getFields($fields); getFields($fields);
} }
if (!$key && !$crt) { if (!$key && !$crt) {
$error=_("Please enter an ssl key and a certificate"); $error = _("Please enter an ssl key and a certificate");
require_once("ssl_new.php"); require_once("ssl_new.php");
exit(); exit();
} }
$id=$ssl->import_cert($key,$crt,$chain); $id = $ssl->import_cert($key, $crt, $chain);
$error=$err->errstr(); $error = $err->errstr();
if ($error) { if ($error) {
require_once("ssl_new.php"); require_once("ssl_new.php");
exit(); exit();
} }
header("Location: /ssl_view.php?id=".$id); header("Location: /ssl_view.php?id=" . $id);

25
ssl/panel/admin/ssl_donew.php
View File

@ -1,4 +1,5 @@
<?php <?php
/* /*
---------------------------------------------------------------------- ----------------------------------------------------------------------
AlternC - Web Hosting System AlternC - Web Hosting System
@ -22,33 +23,35 @@
Original Author of file: Benjamin Sonntag Original Author of file: Benjamin Sonntag
Purpose of file: Create / Import an SSL Certificate Purpose of file: Create / Import an SSL Certificate
---------------------------------------------------------------------- ----------------------------------------------------------------------
*/ */
require_once("../class/config.php"); require_once("../class/config.php");
if ( !isset($is_include) ) { if (!isset($is_include)) {
$fields = array ( $fields = array(
"fqdn" => array ("request", "string", ""), "fqdn" => array("request", "string", ""),
"fqdnt" => array ("request", "string", ""), "fqdnt" => array("request", "string", ""),
); );
getFields($fields); getFields($fields);
} }
if (!$fqdn && !$fqdnt) { if (!$fqdn && !$fqdnt) {
$error=_("Please enter a proper domain name"); $error = _("Please enter a proper domain name");
require_once("ssl_new.php"); require_once("ssl_new.php");
exit(); exit();
} }
if ($fqdnt) $d=$fqdnt; if ($fqdnt)
if ($fqdn) $d=$fqdn; $d = $fqdnt;
if ($fqdn)
$d = $fqdn;
$id=$ssl->new_csr($d); $id = $ssl->new_csr($d);
$error=$err->errstr(); $error = $err->errstr();
if ($error) { if ($error) {
require_once("ssl_new.php"); require_once("ssl_new.php");
exit(); exit();
} }
$is_include=true; $is_include = true;
require_once("ssl_view.php"); require_once("ssl_view.php");

19
ssl/panel/admin/ssl_finalize.php
View File

@ -1,4 +1,5 @@
<?php <?php
/* /*
---------------------------------------------------------------------- ----------------------------------------------------------------------
AlternC - Web Hosting System AlternC - Web Hosting System
@ -22,23 +23,23 @@
Original Author of file: Benjamin Sonntag Original Author of file: Benjamin Sonntag
Purpose of file: Create / Import an SSL Certificate Purpose of file: Create / Import an SSL Certificate
---------------------------------------------------------------------- ----------------------------------------------------------------------
*/ */
require_once("../class/config.php"); require_once("../class/config.php");
$fields = array ( $fields = array(
"id" => array ("post", "integer", ""), "id" => array("post", "integer", ""),
"crt" => array ("post", "string", ""), "crt" => array("post", "string", ""),
"chain" => array ("post", "string", ""), "chain" => array("post", "string", ""),
); );
getFields($fields); getFields($fields);
$cert=$ssl->finalize($id,$crt,$chain); $cert = $ssl->finalize($id, $crt, $chain);
echo $ssl->error; echo $ssl->error;
$error=$err->errstr(); $error = $err->errstr();
if ($error) { if ($error) {
require_once("ssl_list.php"); require_once("ssl_list.php");
exit(); exit();
} }
$info=_("Your ssl certificate has been imported successfully"); $info = _("Your ssl certificate has been imported successfully");
require_once("ssl_view.php"); require_once("ssl_view.php");

66
ssl/panel/admin/ssl_list.php
View File

@ -22,34 +22,36 @@
Original Author of file: Benjamin Sonntag Original Author of file: Benjamin Sonntag
Purpose of file: Create / Import an SSL Certificate Purpose of file: Create / Import an SSL Certificate
---------------------------------------------------------------------- ----------------------------------------------------------------------
*/ */
require_once("../class/config.php"); require_once("../class/config.php");
if ( !isset($is_include) ) { if (!isset($is_include)) {
$fields = array ( $fields = array(
"filter" => array ("request", "integer", null), "filter" => array("request", "integer", null),
"filter1" => array ("request", "integer", 0), "filter1" => array("request", "integer", 0),
"filter2" => array ("request", "integer", 0), "filter2" => array("request", "integer", 0),
"filter4" => array ("request", "integer", 0), "filter4" => array("request", "integer", 0),
"filter8" => array ("request", "integer", 0), "filter8" => array("request", "integer", 0),
); );
getFields($fields); getFields($fields);
} }
if (isset($filter1) && isset($filter2) && isset($filter4) && isset($filter8)) { if (isset($filter1) && isset($filter2) && isset($filter4) && isset($filter8)) {
$filter=$filter1+$filter2+$filter4+$filter8; $filter = $filter1 + $filter2 + $filter4 + $filter8;
if ($filter==0) $filter=null; if ($filter == 0)
$filter = null;
} }
$r=$ssl->get_list($filter); $r = $ssl->get_list($filter);
if (!$error) $error.=$err->errstr(); if (!$error)
$error.=$err->errstr();
$astatus=array( $astatus = array(
$ssl::STATUS_PENDING => _("Pending Certificate"), $ssl::STATUS_PENDING => _("Pending Certificate"),
$ssl::STATUS_OK => _("Valid"), $ssl::STATUS_OK => _("Valid"),
$ssl::STATUS_EXPIRED => ("Expired"), $ssl::STATUS_EXPIRED => ("Expired"),
); );
include_once("head.php"); include_once("head.php");
@ -59,44 +61,46 @@ if ($error) {
if ($info) { if ($info) {
echo "<p class=\"alert alert-info\">$info</p>"; echo "<p class=\"alert alert-info\">$info</p>";
} }
?> ?>
<h3><?php __("Your Certificates"); ?></h3> <h3><?php __("Your Certificates"); ?></h3>
<p><?php __("Please find below your SSL Certificates. Some may be provided by the administrator of the server, some may be Expired or Pending (waiting for a CRT from your Certificate Provider)"); ?></p> <p><?php __("Please find below your SSL Certificates. Some may be provided by the administrator of the server, some may be Expired or Pending (waiting for a CRT from your Certificate Provider)"); ?></p>
<form method="get" action="ssl_list.php" name="filter"> <form method="get" action="ssl_list.php" name="filter">
<p><?php __("Only show the following certificates:"); ?> <br /> <p><?php __("Only show the following certificates:"); ?> <br />
<label for="filter1"><input type="checkbox" onclick="document.forms['filter'].submit()" name="filter1" id="filter1" value="1" <?php cbox($filter & $ssl::FILTER_PENDING); ?>><?php __("Pending Certificates"); ?></label> <label for="filter1"><input type="checkbox" onclick="document.forms['filter'].submit()" name="filter1" id="filter1" value="1" <?php cbox($filter & $ssl::FILTER_PENDING); ?>><?php __("Pending Certificates"); ?></label>
<label for="filter2"><input type="checkbox" onclick="document.forms['filter'].submit()" name="filter2" id="filter2" value="2" <?php cbox($filter & $ssl::FILTER_OK); ?>><?php __("Valid Certificates"); ?></label> <label for="filter2"><input type="checkbox" onclick="document.forms['filter'].submit()" name="filter2" id="filter2" value="2" <?php cbox($filter & $ssl::FILTER_OK); ?>><?php __("Valid Certificates"); ?></label>
<label for="filter4"><input type="checkbox" onclick="document.forms['filter'].submit()" name="filter4" id="filter4" value="4" <?php cbox($filter & $ssl::FILTER_EXPIRED); ?>><?php __("Expired Certificates"); ?></label> <label for="filter4"><input type="checkbox" onclick="document.forms['filter'].submit()" name="filter4" id="filter4" value="4" <?php cbox($filter & $ssl::FILTER_EXPIRED); ?>><?php __("Expired Certificates"); ?></label>
<br /> <br />
<label for="filter8"><input type="checkbox" onclick="document.forms['filter'].submit()" name="filter8" id="filter8" value="8" <?php cbox($filter & $ssl::FILTER_SHARED); ?>><?php __("Certificates Shared by the Administrator"); ?></label> <label for="filter8"><input type="checkbox" onclick="document.forms['filter'].submit()" name="filter8" id="filter8" value="8" <?php cbox($filter & $ssl::FILTER_SHARED); ?>><?php __("Certificates Shared by the Administrator"); ?></label>
&nbsp; &nbsp; &nbsp; &nbsp;
<input type="submit" name="go" value="<?php __("Filter"); ?>"/> <input type="submit" name="go" value="<?php __("Filter"); ?>"/>
</form> </form>
<table class="tlist"> <table class="tlist">
<tr><th></th><th><?php __("FQDN"); ?></th><th><?php __("Status"); ?></th><th><?php __("Valid From"); ?></th><th><?php __("Valid Until"); ?></th></tr> <tr><th></th><th><?php __("FQDN"); ?></th><th><?php __("Status"); ?></th><th><?php __("Valid From"); ?></th><th><?php __("Valid Until"); ?></th></tr>
<?php <?php
reset($r); reset($r);
while (list($key,$val)=each($r)) { ?> while (list($key, $val) = each($r)) {
?>
<tr class="lst"> <tr class="lst">
<td><div class="ina edit"><a href="ssl_view.php?id=<?php echo $val["id"] ?>"><?php __("Details"); ?></a></div></td> <td><div class="ina edit"><a href="ssl_view.php?id=<?php echo $val["id"] ?>"><?php __("Details"); ?></a></div></td>
<td><?php echo $val["fqdn"]; ?></td> <td><?php echo $val["fqdn"]; ?></td>
<td><?php echo $astatus[$val["status"]]; <td><?php echo $astatus[$val["status"]];
if ($val["shared"]) echo " <i>"._("(shared)")."</i>"; ?></td> if ($val["shared"])
<?php echo " <i>" . _("(shared)") . "</i>";
if ($val["status"]!=$ssl::STATUS_PENDING) { ?></td>
?> <?php
<td><?php echo format_date(_('%3$d-%2$d-%1$d %4$d:%5$d'),date("Y-m-d H:i:s",$val["validstartts"])); ?></td> if ($val["status"] != $ssl::STATUS_PENDING) {
<td><?php echo format_date(_('%3$d-%2$d-%1$d %4$d:%5$d'),date("Y-m-d H:i:s",$val["validendts"])); ?></td> ?>
<td><?php echo format_date(_('%3$d-%2$d-%1$d %4$d:%5$d'), date("Y-m-d H:i:s", $val["validstartts"])); ?></td>
<td><?php echo format_date(_('%3$d-%2$d-%1$d %4$d:%5$d'), date("Y-m-d H:i:s", $val["validendts"])); ?></td>
<?php } else { ?> <?php } else { ?>
<td><?php __("Requested on: "); ?></td> <td><?php __("Requested on: "); ?></td>
<td><?php echo format_date(_('%3$d-%2$d-%1$d %4$d:%5$d'),date("Y-m-d H:i:s",$val["validstartts"])); ?></td> <td><?php echo format_date(_('%3$d-%2$d-%1$d %4$d:%5$d'), date("Y-m-d H:i:s", $val["validstartts"])); ?></td>
<?php } ?> <?php } ?>
</tr> </tr>
<?php <?php
} }
?> ?>
</table> </table>
<p> <p>

73
ssl/panel/admin/ssl_new.php
View File

@ -22,21 +22,21 @@
Original Author of file: Benjamin Sonntag Original Author of file: Benjamin Sonntag
Purpose of file: Create / Import an SSL Certificate Purpose of file: Create / Import an SSL Certificate
---------------------------------------------------------------------- ----------------------------------------------------------------------
*/ */
require_once("../class/config.php"); require_once("../class/config.php");
include_once("head.php"); include_once("head.php");
if ( !isset($is_include) ) { if (!isset($is_include)) {
$fields = array ( $fields = array(
"fqdnt" => array ("request", "string", ""), "fqdnt" => array("request", "string", ""),
"key" => array ("request", "string", ""), "key" => array("request", "string", ""),
"crt" => array ("request", "string", ""), "crt" => array("request", "string", ""),
"chain" => array ("request", "string", ""), "chain" => array("request", "string", ""),
); );
getFields($fields); getFields($fields);
} }
$advice=$ssl->get_new_advice(); $advice = $ssl->get_new_advice();
?> ?>
<h3><?php __("New SSL Certificate"); ?></h3> <h3><?php __("New SSL Certificate"); ?></h3>
@ -58,28 +58,28 @@ if (isset($error) && $error) {
<div id="content"> <div id="content">
<div id="tabsssl"> <div id="tabsssl">
<ul> <ul>
<li class="add"><a href="#tabsssl-create"><?php __("Create a CSR/KEY"); ?></a></li> <li class="add"><a href="#tabsssl-create"><?php __("Create a CSR/KEY"); ?></a></li>
<li class="settings"><a href="#tabsssl-import"><?php __("Import existing files"); ?></a></li> <li class="settings"><a href="#tabsssl-import"><?php __("Import existing files"); ?></a></li>
</ul> </ul>
<div id="tabsssl-create"> <div id="tabsssl-create">
<h3><?php __("Create a CSR/KEY for a given domain name"); ?></h3> <h3><?php __("Create a CSR/KEY for a given domain name"); ?></h3>
<p><?php __("Use this form to generate a <i>Certificate Request file</i> (CSR) and a <i>RSA Key file</i> (KEY) for a given domain name"); ?></p> <p><?php __("Use this form to generate a <i>Certificate Request file</i> (CSR) and a <i>RSA Key file</i> (KEY) for a given domain name"); ?></p>
<script type="text/javascript"> <script type="text/javascript">
function switchmanual() { function switchmanual() {
if ($("#fqdn").val()==-1) { if ($("#fqdn").val() == -1) {
$("#fqdn").hide(); $("#fqdn").hide();
$("#fqdnt").show(); $("#fqdnt").show();
$("#relist").show(); $("#relist").show();
$("#fqdn").val(""); $("#fqdn").val("");
$("#fqdnt").focus(); $("#fqdnt").focus();
} }
} }
function switchlist() { function switchlist() {
$("#fqdn").show(); $("#fqdn").show();
@ -90,9 +90,9 @@ if (isset($error) && $error) {
$("#fqdn").focus(); $("#fqdn").focus();
} }
</script> </script>
<form method="post" action="ssl_donew.php" name="main" id="main"> <form method="post" action="ssl_donew.php" name="main" id="main">
<table border="1" cellspacing="0" cellpadding="4" class="tedit"> <table border="1" cellspacing="0" cellpadding="4" class="tedit">
<tr><td colspan="2"> <tr><td colspan="2">
<?php __("Please choose the domain name for which you want a SSL Certificate, or enter it manually"); ?> <?php __("Please choose the domain name for which you want a SSL Certificate, or enter it manually"); ?>
@ -100,38 +100,39 @@ if (isset($error) && $error) {
<tr> <tr>
<th><label for="fqdn"><?php __("Fully Qualified Domain Name"); ?></label></th> <th><label for="fqdn"><?php __("Fully Qualified Domain Name"); ?></label></th>
<td> <td>
<select name="fqdn" id="fqdn" onchange="switchmanual()"<?php if ($fqdnt!="") echo " style=\"display: none\""; ?>> <select name="fqdn" id="fqdn" onchange="switchmanual()"<?php if ($fqdnt != "") echo " style=\"display: none\""; ?>>
<option value=""><?php __("--- Choose here ---"); ?></option> <option value=""><?php __("--- Choose here ---"); ?></option>
<?php foreach($advice as $a) { <?php
echo "<option>".$a."</option>"; foreach ($advice as $a) {
echo "<option>" . $a . "</option>";
} }
?> ?>
<option value="-1" style="font-style: italic; padding-left: 80px"> <?php __("... or click here to enter it manually"); ?></option> <option value="-1" style="font-style: italic; padding-left: 80px"> <?php __("... or click here to enter it manually"); ?></option>
</select> </select>
<input<?php if ($fqdnt=="") echo " style=\"display: none\""; ?> type="text" class="int" name="fqdnt" id="fqdnt" value="" size="40" maxlength="64" /><input <?php if ($fqdnt=="") echo " style=\"display: none\""; ?> type="button" id="relist" name="relist" value=" list v " onclick="switchlist()" /> <input<?php if ($fqdnt == "") echo " style=\"display: none\""; ?> type="text" class="int" name="fqdnt" id="fqdnt" value="" size="40" maxlength="64" /><input <?php if ($fqdnt == "") echo " style=\"display: none\""; ?> type="button" id="relist" name="relist" value=" list v " onclick="switchlist()" />
</td> </td>
</tr> </tr>
</table> </table>
<p> <p>
<input type="submit" class="inb ok" name="submit" value="<?php __("Save"); ?>"/> &nbsp; <input type="submit" class="inb ok" name="submit" value="<?php __("Save"); ?>"/> &nbsp;
<input type="button" class="inb cancel" name="cancel" value="<?php __("Cancel"); ?>" onclick="document.location='ssl_list.php'"/> <input type="button" class="inb cancel" name="cancel" value="<?php __("Cancel"); ?>" onclick="document.location = 'ssl_list.php'"/>
</p> </p>
</form> </form>
<div style="padding-left: 40px; margin-top: 20px; background: url(/images/warning.png) 5px 5px no-repeat"> <div style="padding-left: 40px; margin-top: 20px; background: url(/images/warning.png) 5px 5px no-repeat">
<p><?php __("Please note that a SSL Certificate is only valid for one fully qualified domain name. As a result, a certificate for <code>www.example.com</code> is NOT valid for <code>intranet.example.com</code> or <code>intranet.www.example.com</code> !"); ?> <br /><?php __("<i>(If you want to get a valid certificate for all the subdomains of a domain, use a wildcard notation (eg: *.example.com). Please note that a wildcard certificate is usually more expensive than normal one.)</i>"); ?></p> <p><?php __("Please note that a SSL Certificate is only valid for one fully qualified domain name. As a result, a certificate for <code>www.example.com</code> is NOT valid for <code>intranet.example.com</code> or <code>intranet.www.example.com</code> !"); ?> <br /><?php __("<i>(If you want to get a valid certificate for all the subdomains of a domain, use a wildcard notation (eg: *.example.com). Please note that a wildcard certificate is usually more expensive than normal one.)</i>"); ?></p>
</div> </div>
</div> <!-- create --> </div> <!-- create -->
<div id="tabsssl-import"> <div id="tabsssl-import">
<h3><?php __("Import existing Key Certificate and Chain files"); ?></h3> <h3><?php __("Import existing Key Certificate and Chain files"); ?></h3>
<p><?php __("If you already have a RSA Key file, a Certificate for this key and (maybe) a Chained certificate, please paste their content here."); ?></p> <p><?php __("If you already have a RSA Key file, a Certificate for this key and (maybe) a Chained certificate, please paste their content here."); ?></p>
<p><?php __("We will verify the content of those files and add them in your certificate repository"); ?></p> <p><?php __("We will verify the content of those files and add them in your certificate repository"); ?></p>
<form method="post" action="ssl_doimport.php" name="main" id="main"> <form method="post" action="ssl_doimport.php" name="main" id="main">
<table border="1" cellspacing="0" cellpadding="4" class="tedit"> <table border="1" cellspacing="0" cellpadding="4" class="tedit">
<tr> <tr>
<th><label for="key"><?php __("RSA Key"); ?></label></th> <th><label for="key"><?php __("RSA Key"); ?></label></th>
@ -148,15 +149,15 @@ if (isset($error) && $error) {
</table> </table>
<p> <p>
<input type="submit" class="inb ok" name="submit" value="<?php __("Save"); ?>"/> &nbsp; <input type="submit" class="inb ok" name="submit" value="<?php __("Save"); ?>"/> &nbsp;
<input type="button" class="inb cancel" name="cancel" value="<?php __("Cancel"); ?>" onclick="document.location='ssl_list.php'"/> <input type="button" class="inb cancel" name="cancel" value="<?php __("Cancel"); ?>" onclick="document.location = 'ssl_list.php'"/>
</p> </p>
</form> </form>
</div> <!-- create --> </div> <!-- create -->
</div> </div>
</div> </div>
<script type="text/javascript"> <script type="text/javascript">
$("#tabsssl").tabs(<?php if ($crt!="" and $key!="") echo "{ active: 'tabsssl-import' }"; ?>); $("#tabsssl").tabs(<?php if ($crt != "" and $key != "") echo "{ active: 'tabsssl-import' }"; ?>);
</script> </script>
<?php <?php
include_once("foot.php"); include_once("foot.php");

13
ssl/panel/admin/ssl_share.php
View File

@ -1,4 +1,5 @@
<?php <?php
/* /*
---------------------------------------------------------------------- ----------------------------------------------------------------------
AlternC - Web Hosting System AlternC - Web Hosting System
@ -22,7 +23,7 @@
Original Author of file: Benjamin Sonntag Original Author of file: Benjamin Sonntag
Purpose of file: Create / Import an SSL Certificate Purpose of file: Create / Import an SSL Certificate
---------------------------------------------------------------------- ----------------------------------------------------------------------
*/ */
require_once("../class/config.php"); require_once("../class/config.php");
if (!$admin->enabled) { if (!$admin->enabled) {
@ -30,13 +31,13 @@ if (!$admin->enabled) {
exit(); exit();
} }
$fields = array ( $fields = array(
"id" => array ("request", "integer", 0), "id" => array("request", "integer", 0),
"action" => array ("request", "integer", 0), "action" => array("request", "integer", 0),
); );
getFields($fields); getFields($fields);
if ($ssl->share($id,$action)) { if ($ssl->share($id, $action)) {
require_once("ssl_view.php"); require_once("ssl_view.php");
} else { } else {
require_once("ssl_list.php"); require_once("ssl_list.php");

171
ssl/panel/admin/ssl_view.php
View File

@ -22,18 +22,18 @@
Original Author of file: Benjamin Sonntag Original Author of file: Benjamin Sonntag
Purpose of file: Create / Import an SSL Certificate Purpose of file: Create / Import an SSL Certificate
---------------------------------------------------------------------- ----------------------------------------------------------------------
*/ */
require_once("../class/config.php"); require_once("../class/config.php");
if ( !isset($is_include) ) { if (!isset($is_include)) {
$fields = array ( $fields = array(
"id" => array ("request", "integer", ""), "id" => array("request", "integer", ""),
); );
getFields($fields); getFields($fields);
} }
$cert=$ssl->get_certificate($id); $cert = $ssl->get_certificate($id);
$error=$err->errstr(); $error = $err->errstr();
if ($error) { if ($error) {
require_once("ssl_list.php"); require_once("ssl_list.php");
exit(); exit();
@ -45,16 +45,16 @@ if ($info) {
echo "<p class=\"alert alert-info\">$info</p>"; echo "<p class=\"alert alert-info\">$info</p>";
} }
if ($cert["status"]==$ssl::STATUS_PENDING) { if ($cert["status"] == $ssl::STATUS_PENDING) {
?> ?>
<h3><?php __("Pending Certificate"); ?></h3> <h3><?php __("Pending Certificate"); ?></h3>
<p><?php __("Your <i>Certificate Request File</i> (CSR) has been created, along with its <i>private RSA Key</i> (KEY). Please find below the CSR you must send to your SSL Certificate provider."); ?></p> <p><?php __("Your <i>Certificate Request File</i> (CSR) has been created, along with its <i>private RSA Key</i> (KEY). Please find below the CSR you must send to your SSL Certificate provider."); ?></p>
<p><?php __("Once you'll have your <i>Certificate File</i> (CRT) and a <i>Chained Certificate File</i> (CHAIN), please paste them here to finish the enrollment."); ?></p> <p><?php __("Once you'll have your <i>Certificate File</i> (CRT) and a <i>Chained Certificate File</i> (CHAIN), please paste them here to finish the enrollment."); ?></p>
<form method="post" action="ssl_finalize.php" name="main" id="main"> <form method="post" action="ssl_finalize.php" name="main" id="main">
<input type="hidden" name="id" id="id" value="<?php echo $cert["id"]; ?>"/> <input type="hidden" name="id" id="id" value="<?php echo $cert["id"]; ?>"/>
<table border="1" cellspacing="0" cellpadding="4" class="tedit"> <table border="1" cellspacing="0" cellpadding="4" class="tedit">
<tr> <tr>
<th><label for="fqdn"><?php __("Fully Qualified Domain Name"); ?></label></th> <th><label for="fqdn"><?php __("Fully Qualified Domain Name"); ?></label></th>
@ -62,11 +62,12 @@ if ($cert["status"]==$ssl::STATUS_PENDING) {
</tr> </tr>
<tr> <tr>
<th><label for="validstart"><?php __("Date of the request"); ?></label></th> <th><label for="validstart"><?php __("Date of the request"); ?></label></th>
<td><?php echo format_date(_('%3$d-%2$d-%1$d %4$d:%5$d'),date("Y-m-d H:i:s",$cert["validstartts"])); ?></td> <td><?php echo format_date(_('%3$d-%2$d-%1$d %4$d:%5$d'), date("Y-m-d H:i:s", $cert["validstartts"])); ?></td>
</tr> </tr>
<tr> <tr>
<th><label for="csr"><?php __("Certificate Request File"); ?></label></th> <th><label for="csr"><?php __("Certificate Request File"); ?></label></th>
<td><textarea readonly="readonly" onclick="this.focus();this.select()" class="int cert" name="csr" id="csr" style="width: 500px; height: 120px;"><?php echo $cert["sslcsr"]; ?></textarea></td> <td><textarea readonly="readonly" onclick="this.focus();
this.select()" class="int cert" name="csr" id="csr" style="width: 500px; height: 120px;"><?php echo $cert["sslcsr"]; ?></textarea></td>
</tr> </tr>
<tr> <tr>
<th><label for="crt"><?php __("SSL Certificate"); ?></label></th> <th><label for="crt"><?php __("SSL Certificate"); ?></label></th>
@ -79,60 +80,60 @@ if ($cert["status"]==$ssl::STATUS_PENDING) {
</table> </table>
<p> <p>
<input type="submit" class="inb ok" name="submit" value="<?php __("Save"); ?>"/> &nbsp; <input type="submit" class="inb ok" name="submit" value="<?php __("Save"); ?>"/> &nbsp;
<input type="button" class="inb cancel" name="cancel" value="<?php __("Cancel"); ?>" onclick="document.location='ssl_list.php'"/> <input type="button" class="inb cancel" name="cancel" value="<?php __("Cancel"); ?>" onclick="document.location = 'ssl_list.php'"/>
</p> </p>
</form> </form>
<?php <?php
} else {
if ($cert["status"] == $ssl::STATUS_OK) {
?>
<h3><?php __("Valid Certificate"); ?></h3>
<p><?php __("Please find below your valid certificate data."); ?></p>
<?php
} }
if ($cert["status"] == $ssl::STATUS_EXPIRED) {
?>
<h3><?php __("EXPIRED Certificate"); ?></h3>
<p><?php __("Your certificate is EXPIRED. You should not use it for any purpose. Please find below its data."); ?></p>
else { <?php
if ($cert["status"]==$ssl::STATUS_OK) {
?>
<h3><?php __("Valid Certificate"); ?></h3>
<p><?php __("Please find below your valid certificate data."); ?></p>
<?php
} }
if ($cert["status"]==$ssl::STATUS_EXPIRED) { ?>
?> <p>
<h3><?php __("EXPIRED Certificate"); ?></h3>
<p><?php __("Your certificate is EXPIRED. You should not use it for any purpose. Please find below its data."); ?></p>
<?php
}
?>
<p>
<span class="inb ok"><a href="ssl_list.php"><?php __("Back to my SSL Certificates"); ?></a></span> <span class="inb ok"><a href="ssl_list.php"><?php __("Back to my SSL Certificates"); ?></a></span>
</p> </p>
<table border="1" cellspacing="0" cellpadding="4" class="tedit"> <table border="1" cellspacing="0" cellpadding="4" class="tedit">
<tr> <tr>
<th><?php __("Valid From:"); ?></th> <th><?php __("Valid From:"); ?></th>
<td><?php echo format_date(_('%3$d-%2$d-%1$d %4$d:%5$d'),date("Y-m-d H:i:s",$cert["validstartts"])); <td><?php
echo " "; echo format_date(_('%3$d-%2$d-%1$d %4$d:%5$d'), date("Y-m-d H:i:s", $cert["validstartts"]));
$days=intval((time()-$cert["validstartts"])/86400); echo " ";
if ($days<60) { $days = intval((time() - $cert["validstartts"]) / 86400);
printf(_("(%d days ago)"),$days); if ($days < 60) {
} else { printf(_("(%d days ago)"), $days);
$month=intval($days/30); } else {
printf(_("(%d month ago)"),$month); $month = intval($days / 30);
} printf(_("(%d month ago)"), $month);
?></td> }
?></td>
</tr> </tr>
<tr> <tr>
<th><?php __("Valid Until:"); ?></th> <th><?php __("Valid Until:"); ?></th>
<td><?php echo format_date(_('%3$d-%2$d-%1$d %4$d:%5$d'),date("Y-m-d H:i:s",$cert["validendts"])); <td><?php
echo " "; echo format_date(_('%3$d-%2$d-%1$d %4$d:%5$d'), date("Y-m-d H:i:s", $cert["validendts"]));
$days=intval(($cert["validendts"]-time())/86400); echo " ";
if ($days<60) { $days = intval(($cert["validendts"] - time()) / 86400);
printf(_("(%d days from now)"),$days); if ($days < 60) {
} else { printf(_("(%d days from now)"), $days);
$month=intval($days/30); } else {
printf(_("(%d month from now)"),$month); $month = intval($days / 30);
} printf(_("(%d month from now)"), $month);
?></td> }
?></td>
</tr> </tr>
<tr> <tr>
<th><?php __("FQDN:"); ?></th> <th><?php __("FQDN:"); ?></th>
@ -145,53 +146,55 @@ if ($days<60) {
<tr> <tr>
<th><label for="csr"><?php __("Certificate Request File"); ?></label></th> <th><label for="csr"><?php __("Certificate Request File"); ?></label></th>
<td><textarea readonly="readonly" onclick="this.focus();this.select()" class="int cert" name="csr" id="csr" style="width: 500px; height: 120px;"><?php echo $cert["sslcsr"]; ?></textarea></td> <td><textarea readonly="readonly" onclick="this.focus();
this.select()" class="int cert" name="csr" id="csr" style="width: 500px; height: 120px;"><?php echo $cert["sslcsr"]; ?></textarea></td>
</tr> </tr>
<tr> <tr>
<th><label for="crt"><?php __("SSL Certificate"); ?></label></th> <th><label for="crt"><?php __("SSL Certificate"); ?></label></th>
<td><textarea readonly="readonly" onclick="this.focus();this.select()" class="int cert" name="crt" id="crt" style="width: 500px; height: 120px;"><?php echo $cert["sslcrt"]; ?></textarea></td> <td><textarea readonly="readonly" onclick="this.focus();
this.select()" class="int cert" name="crt" id="crt" style="width: 500px; height: 120px;"><?php echo $cert["sslcrt"]; ?></textarea></td>
</tr> </tr>
<tr> <tr>
<th><label for="chain"><?php __("Chained Certificate<br />(not mandatory)"); ?></label></th> <th><label for="chain"><?php __("Chained Certificate<br />(not mandatory)"); ?></label></th>
<td><textarea readonly="readonly" onclick="this.focus();this.select()" class="int cert" name="chain" id="chain" style="width: 500px; height: 120px;"><?php echo $cert["sslchain"]; ?></textarea></td> <td><textarea readonly="readonly" onclick="this.focus();
this.select()" class="int cert" name="chain" id="chain" style="width: 500px; height: 120px;"><?php echo $cert["sslchain"]; ?></textarea></td>
</tr> </tr>
</table> </table>
<?php <?php
// The admin is allowed to share (or not share) his valid certificates // The admin is allowed to share (or not share) his valid certificates
if ($admin->enabled) { if ($admin->enabled) {
?> ?>
<p><?php __("As an administrator you can allow any account on this server to use this certificate to host his services. <br />(This is only useful for wildcard or multi-domain certificates)."); ?></p> <p><?php __("As an administrator you can allow any account on this server to use this certificate to host his services. <br />(This is only useful for wildcard or multi-domain certificates)."); ?></p>
<p> <p>
<?php <?php
if ($cert["shared"]) { if ($cert["shared"]) {
echo _("This certificate is currently <b>shared</b>"); echo _("This certificate is currently <b>shared</b>");
if ($cert["uid"]==$cuid) { if ($cert["uid"] == $cuid) {
?> ?>
</p> </p>
<form method="post" action="ssl_share.php"> <form method="post" action="ssl_share.php">
<input type="hidden" name="id" id="id" value="<?php echo $cert["id"]; ?>"/> <input type="hidden" name="id" id="id" value="<?php echo $cert["id"]; ?>"/>
<input type="hidden" name="action" id="action" value="0" /> <input type="hidden" name="action" id="action" value="0" />
<input class="inb cancel" type="submit" name="unshare" value="<?php __("Click here to stop sharing this certificate"); ?>" /> <input class="inb cancel" type="submit" name="unshare" value="<?php __("Click here to stop sharing this certificate"); ?>" />
</form> </form>
<?php <?php
} }
} else { } else {
echo _("This certificate is currently <b>NOT shared</b>"); echo _("This certificate is currently <b>NOT shared</b>");
if ($cert["uid"]==$cuid) { if ($cert["uid"] == $cuid) {
?> ?>
</p> </p>
<form method="post" action="ssl_share.php"> <form method="post" action="ssl_share.php">
<input type="hidden" name="id" id="id" value="<?php echo $cert["id"]; ?>"/> <input type="hidden" name="id" id="id" value="<?php echo $cert["id"]; ?>"/>
<input type="hidden" name="action" id="action" value="1" /> <input type="hidden" name="action" id="action" value="1" />
<input class="inb ok" type="submit" name="unshare" value="<?php __("Click here to share this certificate"); ?>" /> <input class="inb ok" type="submit" name="unshare" value="<?php __("Click here to share this certificate"); ?>" />
</form> </form>
<?php <?php
} }
} }
}
?>
<?php
} }
?> ?>
<?php
}
?>
<?php include_once("foot.php"); ?> <?php include_once("foot.php"); ?>

438
ssl/panel/class/m_ssl.php
View File

@ -1,4 +1,5 @@
<?php <?php
/* /*
---------------------------------------------------------------------- ----------------------------------------------------------------------
AlternC - Web Hosting System AlternC - Web Hosting System
@ -21,10 +22,9 @@
---------------------------------------------------------------------- ----------------------------------------------------------------------
Purpose of file: Manage SSL Certificates and HTTPS Hosting Purpose of file: Manage SSL Certificates and HTTPS Hosting
---------------------------------------------------------------------- ----------------------------------------------------------------------
*/ */
// -----------------------------------------------------------------
/* ----------------------------------------------------------------- */
/** /**
* SSL Certificates management class * SSL Certificates management class
*/ */
@ -33,7 +33,8 @@ class m_ssl {
const STATUS_PENDING = 0; // we have a key / csr, but no CRT const STATUS_PENDING = 0; // we have a key / csr, but no CRT
const STATUS_OK = 1; // we have the key, csr, crt, chain const STATUS_OK = 1; // we have the key, csr, crt, chain
const STATUS_EXPIRED = 99; // The certificate is now expired. const STATUS_EXPIRED = 99; // The certificate is now expired.
public $error="";
public $error = "";
// Includes one or more of those flags to see only those certificates // Includes one or more of those flags to see only those certificates
// when listing them: // when listing them:
@ -41,37 +42,35 @@ class m_ssl {
const FILTER_OK = 2; const FILTER_OK = 2;
const FILTER_EXPIRED = 4; const FILTER_EXPIRED = 4;
const FILTER_SHARED = 8; const FILTER_SHARED = 8;
const SSL_INCRON_FILE = "/var/run/alternc/ssl/generate_certif_alias"; const SSL_INCRON_FILE = "/var/run/alternc/ssl/generate_certif_alias";
/* ----------------------------------------------------------------- */ // -----------------------------------------------------------------
/** /**
* Constructor * Constructor
*/ */
function m_ssl() { function m_ssl() {
} }
// -----------------------------------------------------------------
/* ----------------------------------------------------------------- */
/** /**
* Hook to add the "ssl certificate" menu in the Panel * Hook to add the "ssl certificate" menu in the Panel
*/ */
function hook_menu() { function hook_menu() {
global $quota,$db,$cuid; global $quota, $db, $cuid;
$q = $quota->getquota("ssl"); $q = $quota->getquota("ssl");
$obj=null; $obj = null;
if ($q['t']>0) { if ($q['t'] > 0) {
$obj = array( $obj = array(
'title' => _("SSL Certificates"), 'title' => _("SSL Certificates"),
'ico' => 'images/ssl.png', 'ico' => 'images/ssl.png',
'link' => 'toggle', 'link' => 'toggle',
'pos' => 130, 'pos' => 130,
'links' => array(), 'links' => array(),
) ; );
if ( $quota->cancreate("ssl") ) { if ($quota->cancreate("ssl")) {
$obj['links'][] = $obj['links'][] = array(
array (
'ico' => 'images/new.png', 'ico' => 'images/new.png',
'txt' => _("New SSL certificate"), 'txt' => _("New SSL certificate"),
'url' => "ssl_new.php", 'url' => "ssl_new.php",
@ -81,13 +80,12 @@ class m_ssl {
// or admin shared >0 ! // or admin shared >0 !
$db->query("SELECT COUNT(*) AS cnt FROM certificates WHERE uid='$cuid' OR shared=1"); $db->query("SELECT COUNT(*) AS cnt FROM certificates WHERE uid='$cuid' OR shared=1");
$used=$q['u']; $used = $q['u'];
if ($db->next_record()) { if ($db->next_record()) {
$used=$db->f("cnt"); $used = $db->f("cnt");
} }
if ( $used > 0 ) { // if there are some SSL certificates if ($used > 0) { // if there are some SSL certificates
$obj['links'][] = $obj['links'][] = array(
array (
'txt' => _("List SSL Certificates"), 'txt' => _("List SSL Certificates"),
'url' => "ssl_list.php" 'url' => "ssl_list.php"
); );
@ -96,9 +94,7 @@ class m_ssl {
return $obj; return $obj;
} }
// -----------------------------------------------------------------
/* ----------------------------------------------------------------- */
/** Return all the SSL certificates for an account (or the searched one) /** Return all the SSL certificates for an account (or the searched one)
* @param $filter an integer telling which certificate we want to see (see FILTER_* constants above) * @param $filter an integer telling which certificate we want to see (see FILTER_* constants above)
* the default is showing all certificate, but only Pending and OK certificates, not expired or shared one * the default is showing all certificate, but only Pending and OK certificates, not expired or shared one
@ -106,48 +102,50 @@ class m_ssl {
* @return array all the ssl certificate this user can use * @return array all the ssl certificate this user can use
* (each array is the content of the certificates table) * (each array is the content of the certificates table)
*/ */
function get_list(&$filter=null) { function get_list(&$filter = null) {
global $db,$err,$cuid; global $db, $err, $cuid;
$err->log("ssl","get_list"); $err->log("ssl", "get_list");
$r=array(); $r = array();
// If we have no filter, we filter by default on pending and ok certificates if there is more than 10 of them for the same user. // If we have no filter, we filter by default on pending and ok certificates if there is more than 10 of them for the same user.
if (is_null($filter)) { if (is_null($filter)) {
$db->query("SELECT count(*) AS cnt FROM certificates WHERE uid='$cuid' OR shared=1;"); $db->query("SELECT count(*) AS cnt FROM certificates WHERE uid='$cuid' OR shared=1;");
$db->next_record(); $db->next_record();
if ($db->f("cnt")>10) { if ($db->f("cnt") > 10) {
$filter=(self::FILTER_PENDING | self::FILTER_OK); $filter = (self::FILTER_PENDING | self::FILTER_OK);
} else { } else {
$filter=(self::FILTER_PENDING | self::FILTER_OK | self::FILTER_EXPIRED | self::FILTER_SHARED); $filter = (self::FILTER_PENDING | self::FILTER_OK | self::FILTER_EXPIRED | self::FILTER_SHARED);
} }
} }
// filter the filter values :) // filter the filter values :)
$filter=($filter & (self::FILTER_PENDING | self::FILTER_OK | self::FILTER_EXPIRED | self::FILTER_SHARED)); $filter = ($filter & (self::FILTER_PENDING | self::FILTER_OK | self::FILTER_EXPIRED | self::FILTER_SHARED));
// Here filter can't be null (and will be returned to the caller !) // Here filter can't be null (and will be returned to the caller !)
$sql=""; $sql = "";
if ($filter & self::FILTER_SHARED) { if ($filter & self::FILTER_SHARED) {
$sql=" (uid='$cuid' OR shared=1) "; $sql = " (uid='$cuid' OR shared=1) ";
} else { } else {
$sql=" uid='$cuid' "; $sql = " uid='$cuid' ";
} }
$sql.=" AND status IN (-1"; $sql.=" AND status IN (-1";
if ($filter & self::FILTER_PENDING) $sql.=",".self::STATUS_PENDING; if ($filter & self::FILTER_PENDING)
if ($filter & self::FILTER_OK) $sql.=",".self::STATUS_OK; $sql.="," . self::STATUS_PENDING;
if ($filter & self::FILTER_EXPIRED) $sql.=",".self::STATUS_EXPIRED; if ($filter & self::FILTER_OK)
$sql.="," . self::STATUS_OK;
if ($filter & self::FILTER_EXPIRED)
$sql.="," . self::STATUS_EXPIRED;
$sql.=") "; $sql.=") ";
$db->query("SELECT *, UNIX_TIMESTAMP(validstart) AS validstartts, UNIX_TIMESTAMP(validend) AS validendts FROM certificates WHERE $sql ORDER BY shared, fqdn;"); $db->query("SELECT *, UNIX_TIMESTAMP(validstart) AS validstartts, UNIX_TIMESTAMP(validend) AS validendts FROM certificates WHERE $sql ORDER BY shared, fqdn;");
if ($db->num_rows()) { if ($db->num_rows()) {
while ($db->next_record()) { while ($db->next_record()) {
$r[]=$db->Record; $r[] = $db->Record;
} }
return $r; return $r;
} else { } else {
$err->raise("ssl",_("No SSL certificates available")); $err->raise("ssl", _("No SSL certificates available"));
return array(); return array();
} }
} }
// -----------------------------------------------------------------
/* ----------------------------------------------------------------- */
/** Generate a new CSR, a new Private RSA Key, for FQDN. /** Generate a new CSR, a new Private RSA Key, for FQDN.
* @param $fqdn string the FQDN of the domain name for which we want a CSR. * @param $fqdn string the FQDN of the domain name for which we want a CSR.
* a wildcard certificate must start by *. * a wildcard certificate must start by *.
@ -155,117 +153,117 @@ class m_ssl {
* or false if an error occurred * or false if an error occurred
*/ */
function new_csr($fqdn) { function new_csr($fqdn) {
global $db,$err,$cuid; global $db, $err, $cuid;
$err->log("ssl","new_csr"); $err->log("ssl", "new_csr");
if (substr($fqdn,0,2)=="*.") { if (substr($fqdn, 0, 2) == "*.") {
$f=substr($fqdn,2); $f = substr($fqdn, 2);
} else { } else {
$f=$fqdn; $f = $fqdn;
} }
if (checkfqdn($f)) { if (checkfqdn($f)) {
$err->raise("ssl",_("Bad FQDN domain name")); $err->raise("ssl", _("Bad FQDN domain name"));
return false; return false;
} }
putenv("OPENSSL_CONF=/etc/alternc/openssl.cnf"); putenv("OPENSSL_CONF=/etc/alternc/openssl.cnf");
$pkey=openssl_pkey_new(); $pkey = openssl_pkey_new();
if (!$pkey) { if (!$pkey) {
$err->raise("ssl",_("Can't generate a private key (1)")); $err->raise("ssl", _("Can't generate a private key (1)"));
return false; return false;
} }
if (!openssl_pkey_export($pkey, $privKey)) { if (!openssl_pkey_export($pkey, $privKey)) {
$err->raise("ssl",_("Can't generate a private key (2)")); $err->raise("ssl", _("Can't generate a private key (2)"));
return false; return false;
} }
$dn=array("commonName" => $fqdn); $dn = array("commonName" => $fqdn);
// override the (not taken from openssl.cnf) digest to use SHA-2 / SHA256 and not SHA-1 or MD5 : // override the (not taken from openssl.cnf) digest to use SHA-2 / SHA256 and not SHA-1 or MD5 :
$config=array("digest_alg"=>"sha256"); $config = array("digest_alg" => "sha256");
$csr=openssl_csr_new($dn, $pkey,$config); $csr = openssl_csr_new($dn, $pkey, $config);
openssl_csr_export($csr, $csrout); openssl_csr_export($csr, $csrout);
$db->query("INSERT INTO certificates SET uid='$cuid', status=".self::STATUS_PENDING.", shared=0, fqdn='".addslashes($fqdn)."', altnames='', validstart=NOW(), sslcsr='".addslashes($csrout)."', sslkey='".addslashes($privKey)."';"); $db->query("INSERT INTO certificates SET uid='$cuid', status=" . self::STATUS_PENDING . ", shared=0, fqdn='" . addslashes($fqdn) . "', altnames='', validstart=NOW(), sslcsr='" . addslashes($csrout) . "', sslkey='" . addslashes($privKey) . "';");
if (!($id=$db->lastid())) { if (!($id = $db->lastid())) {
$err->raise("ssl",_("Can't generate a CSR")); $err->raise("ssl", _("Can't generate a CSR"));
return false; return false;
} }
return $id; return $id;
} }
// -----------------------------------------------------------------
/* ----------------------------------------------------------------- */
/** Return all informations of a given certificate for the current user. /** Return all informations of a given certificate for the current user.
* @return array all the informations of the current certificate as a hash. * @return array all the informations of the current certificate as a hash.
*/ */
function get_certificate($id) { function get_certificate($id) {
global $db,$err,$cuid; global $db, $err, $cuid;
$err->log("ssl","get_certificate"); $err->log("ssl", "get_certificate");
$id=intval($id); $id = intval($id);
$db->query("SELECT *, UNIX_TIMESTAMP(validstart) AS validstartts, UNIX_TIMESTAMP(validend) AS validendts FROM certificates WHERE (uid='$cuid' OR (shared=1 AND status=".self::STATUS_OK.") ) AND id='$id';"); $db->query("SELECT *, UNIX_TIMESTAMP(validstart) AS validstartts, UNIX_TIMESTAMP(validend) AS validendts FROM certificates WHERE (uid='$cuid' OR (shared=1 AND status=" . self::STATUS_OK . ") ) AND id='$id';");
if (!$db->next_record()) { if (!$db->next_record()) {
$err->raise("ssl",_("Can't find this Certifcate")); $err->raise("ssl", _("Can't find this Certifcate"));
return false; return false;
} }
return $db->Record; return $db->Record;
} }
// -----------------------------------------------------------------
/* ----------------------------------------------------------------- */
/** Share (or unshare) an ssl certificate /** Share (or unshare) an ssl certificate
* @param $id integer the id of the certificate in the table. * @param $id integer the id of the certificate in the table.
* @param $action integer share (1) or unshare (0) this certificate * @param $action integer share (1) or unshare (0) this certificate
* @return boolean * @return boolean
*/ */
function share($id,$action=1) { function share($id, $action = 1) {
global $db,$err,$cuid; global $db, $err, $cuid;
$err->log("ssl","share"); $err->log("ssl", "share");
$id=intval($id); $id = intval($id);
$db->query("SELECT id FROM certificates WHERE uid='$cuid' AND status=".self::STATUS_OK." AND id='$id';"); $db->query("SELECT id FROM certificates WHERE uid='$cuid' AND status=" . self::STATUS_OK . " AND id='$id';");
if (!$db->next_record()) { if (!$db->next_record()) {
$err->raise("ssl",_("Can't find this Certifcate")); $err->raise("ssl", _("Can't find this Certifcate"));
return false; return false;
} }
if ($action) $action=1; else $action=0; if ($action)
$action = 1;
else
$action = 0;
$db->query("UPDATE certificates SET shared=$action WHERE id='$id';"); $db->query("UPDATE certificates SET shared=$action WHERE id='$id';");
return true; return true;
} }
// -----------------------------------------------------------------
/* ----------------------------------------------------------------- */
/** Return all the subdomains that can be ssl-enabled for the current account. /** Return all the subdomains that can be ssl-enabled for the current account.
* @return array of strings : all the subdomains. * @return array of strings : all the subdomains.
* Excludes the one for which a cert is already available * Excludes the one for which a cert is already available
*/ */
function get_new_advice() { function get_new_advice() {
global $db,$err,$cuid; global $db, $err, $cuid;
$err->log("ssl","get_new_advice"); $err->log("ssl", "get_new_advice");
$r=array(); $r = array();
// my certificates, either OK or PENDING (not expired) or the SHARED one (only OK then) // my certificates, either OK or PENDING (not expired) or the SHARED one (only OK then)
$db->query("SELECT fqdn FROM certificates WHERE $db->query("SELECT fqdn FROM certificates WHERE
(uid='$cuid' AND status IN (".self::STATUS_PENDING.",".self::STATUS_OK.") ) (uid='$cuid' AND status IN (" . self::STATUS_PENDING . "," . self::STATUS_OK . ") )
OR (shared=1 AND status=".self::STATUS_OK.") OR (shared=1 AND status=" . self::STATUS_OK . ")
ORDER BY shared, fqdn;"); ORDER BY shared, fqdn;");
$r=array(); $r = array();
while ($db->next_record()) { while ($db->next_record()) {
$r[]=$db->f("fqdn"); $r[] = $db->f("fqdn");
} }
// Now we get all our subdomains for certain domaines_types // Now we get all our subdomains for certain domaines_types
$db->query("SELECT sub,domaine FROM sub_domaines WHERE compte='$cuid' AND type IN ('vhost', 'url', 'roundcube', 'squirrelmail', 'panel', 'php52');"); $db->query("SELECT sub,domaine FROM sub_domaines WHERE compte='$cuid' AND type IN ('vhost', 'url', 'roundcube', 'squirrelmail', 'panel', 'php52');");
$advice=array(); $advice = array();
while ($db->next_record()) { while ($db->next_record()) {
$me=$db->f("sub"); $me = $db->f("sub");
if ($me) $me.="."; if ($me)
$me.=".";
$me.=$db->f("domaine"); $me.=$db->f("domaine");
if (!in_array($me,$r) && !in_array($me,$advice)) { if (!in_array($me, $r) && !in_array($me, $advice)) {
$advice[]=$me; $advice[] = $me;
} }
if (!in_array("*.".$db->f("domaine"),$r) && !in_array("*.".$db->f("domaine"),$advice)) { if (!in_array("*." . $db->f("domaine"), $r) && !in_array("*." . $db->f("domaine"), $advice)) {
$advice[]="*.".$db->f("domaine"); $advice[] = "*." . $db->f("domaine");
} }
} }
sort($advice); sort($advice);
return($advice); return($advice);
} }
// -----------------------------------------------------------------
/* ----------------------------------------------------------------- */
/** Import an existing ssl Key, Certificate and (maybe) a Chained Cert /** Import an existing ssl Key, Certificate and (maybe) a Chained Cert
* @param $key string the X.509 PEM-encoded RSA key * @param $key string the X.509 PEM-encoded RSA key
* @param $crt string the X.509 PEM-encoded certificate, which *must* * @param $crt string the X.509 PEM-encoded certificate, which *must*
@ -274,34 +272,33 @@ class m_ssl {
* @return integer the ID of the newly created certificate in the table * @return integer the ID of the newly created certificate in the table
* or false if an error occurred * or false if an error occurred
*/ */
function import_cert($key,$crt,$chain="") { function import_cert($key, $crt, $chain = "") {
global $cuid, $err, $db; global $cuid, $err, $db;
$err->log("ssl","import_cert"); $err->log("ssl", "import_cert");
$result=$this->check_cert($crt,$chain,$key); $result = $this->check_cert($crt, $chain, $key);
if ($result===false) { if ($result === false) {
$err->raise("ssl",$this->error); $err->raise("ssl", $this->error);
return false; return false;
} }
list($crt,$chain,$key,$crtdata)=$result; list($crt, $chain, $key, $crtdata) = $result;
$validstart=$crtdata['validFrom_time_t']; $validstart = $crtdata['validFrom_time_t'];
$validend=$crtdata['validTo_time_t']; $validend = $crtdata['validTo_time_t'];
$fqdn=$crtdata["subject"]["CN"]; $fqdn = $crtdata["subject"]["CN"];
$altnames=$this->parseAltNames($crtdata["extensions"]["subjectAltName"]); $altnames = $this->parseAltNames($crtdata["extensions"]["subjectAltName"]);
// Everything is PERFECT and has been thoroughly checked, let's insert those in the DB ! // Everything is PERFECT and has been thoroughly checked, let's insert those in the DB !
$sql="INSERT INTO certificates SET uid='$cuid', status=".self::STATUS_OK.", shared=0, fqdn='".addslashes($fqdn)."', altnames='".addslashes($altnames)."', validstart=FROM_UNIXTIME(".intval($validstart)."), validend=FROM_UNIXTIME(".intval($validend)."), sslkey='".addslashes($key)."', sslcrt='".addslashes($crt)."', sslchain='".addslashes($chain)."';"; $sql = "INSERT INTO certificates SET uid='$cuid', status=" . self::STATUS_OK . ", shared=0, fqdn='" . addslashes($fqdn) . "', altnames='" . addslashes($altnames) . "', validstart=FROM_UNIXTIME(" . intval($validstart) . "), validend=FROM_UNIXTIME(" . intval($validend) . "), sslkey='" . addslashes($key) . "', sslcrt='" . addslashes($crt) . "', sslchain='" . addslashes($chain) . "';";
$db->query($sql); $db->query($sql);
if (!($id=$db->lastid())) { if (!($id = $db->lastid())) {
$err->raise("ssl",_("Can't save the Key/Crt/Chain now. Please try later.")); $err->raise("ssl", _("Can't save the Key/Crt/Chain now. Please try later."));
return false; return false;
} }
return $id; return $id;
} }
// -----------------------------------------------------------------
/* ----------------------------------------------------------------- */
/** Import an ssl certificate into an existing certificate entry in the DB. /** Import an ssl certificate into an existing certificate entry in the DB.
* (finalize an enrollment process) * (finalize an enrollment process)
* @param $certid integer the ID in the database of the SSL Certificate * @param $certid integer the ID in the database of the SSL Certificate
@ -311,103 +308,98 @@ class m_ssl {
* @return integer the ID of the updated certificate in the table * @return integer the ID of the updated certificate in the table
* or false if an error occurred * or false if an error occurred
*/ */
function finalize($certid,$crt,$chain) { function finalize($certid, $crt, $chain) {
global $cuid, $err, $db; global $cuid, $err, $db;
$err->log("ssl","finalize"); $err->log("ssl", "finalize");
$certid=intval($certid); $certid = intval($certid);
$result=$this->check_cert($crt,$chain,"",$certid); $result = $this->check_cert($crt, $chain, "", $certid);
if ($result===false) { if ($result === false) {
$err->raise("ssl",$this->error); $err->raise("ssl", $this->error);
return false; return false;
} }
list($crt,$chain,$key,$crtdata)=$result; list($crt, $chain, $key, $crtdata) = $result;
$validstart=$crtdata['validFrom_time_t']; $validstart = $crtdata['validFrom_time_t'];
$validend=$crtdata['validTo_time_t']; $validend = $crtdata['validTo_time_t'];
$fqdn=$crtdata["subject"]["CN"]; $fqdn = $crtdata["subject"]["CN"];
$altnames=$this->parseAltNames($crtdata["extensions"]["subjectAltName"]); $altnames = $this->parseAltNames($crtdata["extensions"]["subjectAltName"]);
// Everything is PERFECT and has been thoroughly checked, let's insert those in the DB ! // Everything is PERFECT and has been thoroughly checked, let's insert those in the DB !
$sql="UPDATE certificates SET status=".self::STATUS_OK.", shared=0, fqdn='".addslashes($fqdn)."', altnames='".addslashes($altnames)."', validstart=FROM_UNIXTIME(".intval($validstart)."), validend=FROM_UNIXTIME(".intval($validend)."), sslcrt='".addslashes($crt)."', sslchain='".addslashes($chain)."' WHERE id='$certid' ;"; $sql = "UPDATE certificates SET status=" . self::STATUS_OK . ", shared=0, fqdn='" . addslashes($fqdn) . "', altnames='" . addslashes($altnames) . "', validstart=FROM_UNIXTIME(" . intval($validstart) . "), validend=FROM_UNIXTIME(" . intval($validend) . "), sslcrt='" . addslashes($crt) . "', sslchain='" . addslashes($chain) . "' WHERE id='$certid' ;";
if (!$db->query($sql)) { if (!$db->query($sql)) {
$err->raise("ssl",_("Can't save the Crt/Chain now. Please try later.")); $err->raise("ssl", _("Can't save the Crt/Chain now. Please try later."));
return false; return false;
} }
return $certid; return $certid;
} }
// -----------------------------------------------------------------
/* ----------------------------------------------------------------- */
/** Function called by a hook when an AlternC member is deleted. /** Function called by a hook when an AlternC member is deleted.
* @access private * @access private
* TODO: delete unused ssl certificates ?? > do this in the crontab. * TODO: delete unused ssl certificates ?? > do this in the crontab.
*/ */
function alternc_del_member() { function alternc_del_member() {
global $db,$err,$cuid; global $db, $err, $cuid;
$err->log("ssl","alternc_del_member"); $err->log("ssl", "alternc_del_member");
$db->query("UPDATE certificates SET ssl_action='DELETE' WHERE uid='$cuid'"); $db->query("UPDATE certificates SET ssl_action='DELETE' WHERE uid='$cuid'");
return true; return true;
} }
// -----------------------------------------------------------------
/* ----------------------------------------------------------------- */
/** Hook which returns the used quota for the $name service for the current user. /** Hook which returns the used quota for the $name service for the current user.
* @param $name string name of the quota * @param $name string name of the quota
* @return integer the number of service used or false if an error occured * @return integer the number of service used or false if an error occured
* @access private * @access private
*/ */
function hook_quota_get() { function hook_quota_get() {
global $db,$err,$cuid; global $db, $err, $cuid;
$err->log("ssl","getquota"); $err->log("ssl", "getquota");
$q=Array("name"=>"ssl", "description"=>_("SSL Certificates"), "used"=>0); $q = Array("name" => "ssl", "description" => _("SSL Certificates"), "used" => 0);
$db->query("SELECT COUNT(*) AS cnt FROM certificates WHERE uid='$cuid' AND status!=".self::STATUS_EXPIRED); $db->query("SELECT COUNT(*) AS cnt FROM certificates WHERE uid='$cuid' AND status!=" . self::STATUS_EXPIRED);
if ($db->next_record()) { if ($db->next_record()) {
$q['used']=$db->f("cnt"); $q['used'] = $db->f("cnt");
} }
return $q; return $q;
} }
// -----------------------------------------------------------------
/* ----------------------------------------------------------------- */
/** Export every information for an AlternC's account /** Export every information for an AlternC's account
* @access private * @access private
* EXPERIMENTAL 'sid' function ;) * EXPERIMENTAL 'sid' function ;)
*/ */
function alternc_export_conf() { function alternc_export_conf() {
global $db,$err; global $db, $err;
$err->log("ssl","export"); $err->log("ssl", "export");
$f=$this->get_list(); $f = $this->get_list();
$str=" <ssl>"; $str = " <ssl>";
$db->query("SELECT COUNT(*) AS cnt FROM certificates WHERE uid='$cuid' AND status!=".self::STATUS_EXPIRED); $db->query("SELECT COUNT(*) AS cnt FROM certificates WHERE uid='$cuid' AND status!=" . self::STATUS_EXPIRED);
while ($db->next_record()) { while ($db->next_record()) {
$str.=" <id>".($db->Record["id"])."</id>\n"; $str.=" <id>" . ($db->Record["id"]) . "</id>\n";
$str.=" <csr>".($db->Record["sslcsr"])."</key>\n"; $str.=" <csr>" . ($db->Record["sslcsr"]) . "</key>\n";
$str.=" <key>".($db->Record["sslkey"])."<key>\n"; $str.=" <key>" . ($db->Record["sslkey"]) . "<key>\n";
$str.=" <crt>".($db->Record["sslcrt"])."</crt>\n"; $str.=" <crt>" . ($db->Record["sslcrt"]) . "</crt>\n";
$str.=" <chain>".($db->Record["sslchain"])."<chain>\n"; $str.=" <chain>" . ($db->Record["sslchain"]) . "<chain>\n";
} }
$str.=" </ssl>\n"; $str.=" </ssl>\n";
return $str; return $str;
} }
// -----------------------------------------------------------------
/* ----------------------------------------------------------------- */
/** Returns the list of alternate names of an X.509 SSL Certificate /** Returns the list of alternate names of an X.509 SSL Certificate
* from the attribute list. * from the attribute list.
* @param $str string the $crtdata["extensions"]["subjectAltName"] from openssl * @param $str string the $crtdata["extensions"]["subjectAltName"] from openssl
* @return array an array of FQDNs * @return array an array of FQDNs
*/ */
function parseAltNames($str) { function parseAltNames($str) {
if (preg_match_all("#DNS:([^,]*),#",$str,$mat, PREG_PATTERN_ORDER)) { if (preg_match_all("#DNS:([^,]*),#", $str, $mat, PREG_PATTERN_ORDER)) {
return implode("\n",$mat[1]); return implode("\n", $mat[1]);
} else { } else {
return ""; return "";
} }
} }
// -----------------------------------------------------------------
/* ----------------------------------------------------------------- */
/** Add (immediately) a global alias to the HTTP /** Add (immediately) a global alias to the HTTP
* certif_alias table and add it to apache configuration * certif_alias table and add it to apache configuration
* by launching a incron action. * by launching a incron action.
@ -417,20 +409,19 @@ class m_ssl {
* if the alias has been properly defined, return true. * if the alias has been properly defined, return true.
* @return boolean * @return boolean
*/ */
function alias_add($name,$content) { function alias_add($name, $content) {
global $err,$cuid,$db; global $err, $cuid, $db;
$db->query("SELECT name FROM certif_alias WHERE name='".addslashes($name)."';"); $db->query("SELECT name FROM certif_alias WHERE name='" . addslashes($name) . "';");
if ($db->next_record()) { if ($db->next_record()) {
$err->raise("ssl",_("Alias already exists")); $err->raise("ssl", _("Alias already exists"));
return false; return false;
} }
$db->query("INSERT INTO certif_alias SET name='".addslashes($name)."', content='".addslashes($content)."', uid=".intval($cuid).";"); $db->query("INSERT INTO certif_alias SET name='" . addslashes($name) . "', content='" . addslashes($content) . "', uid=" . intval($cuid) . ";");
touch(self::SSL_INCRON_FILE); touch(self::SSL_INCRON_FILE);
return true; return true;
} }
// -----------------------------------------------------------------
/* ----------------------------------------------------------------- */
/** Removes (immediately) a global alias to the HTTP /** Removes (immediately) a global alias to the HTTP
* certif_alias table and add it to apache configuration * certif_alias table and add it to apache configuration
* by launching a incron action. * by launching a incron action.
@ -438,19 +429,18 @@ class m_ssl {
* @return boolean * @return boolean
*/ */
function alias_del($name) { function alias_del($name) {
global $err,$cuid,$db; global $err, $cuid, $db;
$db->query("SELECT name FROM certif_alias WHERE name='".addslashes($name)."' AND uid=".intval($cuid).";"); $db->query("SELECT name FROM certif_alias WHERE name='" . addslashes($name) . "' AND uid=" . intval($cuid) . ";");
if (!$db->next_record()) { if (!$db->next_record()) {
$err->raise("ssl",_("Alias not found")); $err->raise("ssl", _("Alias not found"));
return false; return false;
} }
$db->query("DELETE FROM certif_alias WHERE name='".addslashes($name)."' AND uid=".intval($cuid).";"); $db->query("DELETE FROM certif_alias WHERE name='" . addslashes($name) . "' AND uid=" . intval($cuid) . ";");
touch(self::SSL_INCRON_FILE); touch(self::SSL_INCRON_FILE);
return true; return true;
} }
// -----------------------------------------------------------------
/* ----------------------------------------------------------------- */
/** Check that a crt is a proper certificate /** Check that a crt is a proper certificate
* @param $crt string an SSL Certificate * @param $crt string an SSL Certificate
* @param $chain string is a list of certificates * @param $chain string is a list of certificates
@ -459,115 +449,119 @@ class m_ssl {
* @return array the crt, chain, key, crtdata(array) after a proper reformatting * @return array the crt, chain, key, crtdata(array) after a proper reformatting
* or false if an error occurred (in that case $this->error is filled) * or false if an error occurred (in that case $this->error is filled)
*/ */
function check_cert($crt,$chain,$key="",$certid=null) { function check_cert($crt, $chain, $key = "", $certid = null) {
global $err,$cuid,$db; global $err, $cuid, $db;
// Check that the key crt and chain are really SSL certificates and keys // Check that the key crt and chain are really SSL certificates and keys
$crt=trim(str_replace("\r\n","\n",$crt))."\n"; $crt = trim(str_replace("\r\n", "\n", $crt)) . "\n";
$key=trim(str_replace("\r\n","\n",$key))."\n"; $key = trim(str_replace("\r\n", "\n", $key)) . "\n";
$chain=trim(str_replace("\r\n","\n",$chain))."\n"; $chain = trim(str_replace("\r\n", "\n", $chain)) . "\n";
$this->error=""; $this->error = "";
if (trim($key)=="" && !is_null($certid)) { if (trim($key) == "" && !is_null($certid)) {
// find it in the DB : // find it in the DB :
$db->query("SELECT sslkey FROM certificates WHERE id=".intval($certid).";"); $db->query("SELECT sslkey FROM certificates WHERE id=" . intval($certid) . ";");
if (!$db->next_record()) { if (!$db->next_record()) {
$this->error.=_("Can't find the private key in the certificate table, please check your form."); $this->error.=_("Can't find the private key in the certificate table, please check your form.");
return false; return false;
} }
$key=$db->f("sslkey"); $key = $db->f("sslkey");
$key=trim(str_replace("\r\n","\n",$key))."\n"; $key = trim(str_replace("\r\n", "\n", $key)) . "\n";
} }
if (substr($crt,0,28)!="-----BEGIN CERTIFICATE-----\n" || if (substr($crt, 0, 28) != "-----BEGIN CERTIFICATE-----\n" ||
substr($crt,-26,26)!="-----END CERTIFICATE-----\n") { substr($crt, -26, 26) != "-----END CERTIFICATE-----\n") {
$this->error.=_("The certificate must begin by BEGIN CERTIFICATE and end by END CERTIFICATE lines. Please check you pasted it in PEM form.")."\n"; $this->error.=_("The certificate must begin by BEGIN CERTIFICATE and end by END CERTIFICATE lines. Please check you pasted it in PEM form.") . "\n";
} }
if ($chain && if ($chain &&
(substr($chain,0,28)!="-----BEGIN CERTIFICATE-----\n" || (substr($chain, 0, 28) != "-----BEGIN CERTIFICATE-----\n" ||
substr($chain,-26,26)!="-----END CERTIFICATE-----\n")) { substr($chain, -26, 26) != "-----END CERTIFICATE-----\n")) {
$this->error.=_("The chained certificate must begin by BEGIN CERTIFICATE and end by END CERTIFICATE lines. Please check you pasted it in PEM form.")."\n"; $this->error.=_("The chained certificate must begin by BEGIN CERTIFICATE and end by END CERTIFICATE lines. Please check you pasted it in PEM form.") . "\n";
} }
if ( (substr($key,0,32)!="-----BEGIN RSA PRIVATE KEY-----\n" || if ((substr($key, 0, 32) != "-----BEGIN RSA PRIVATE KEY-----\n" ||
substr($key,-30,30)!="-----END RSA PRIVATE KEY-----\n") && substr($key, -30, 30) != "-----END RSA PRIVATE KEY-----\n") &&
(substr($key,0,28)!="-----BEGIN PRIVATE KEY-----\n" || (substr($key, 0, 28) != "-----BEGIN PRIVATE KEY-----\n" ||
substr($key,-26,26)!="-----END PRIVATE KEY-----\n") ) substr($key, -26, 26) != "-----END PRIVATE KEY-----\n")) {
{ $this->error.=_("The private key must begin by BEGIN (RSA )PRIVATE KEY and end by END (RSA )PRIVATE KEY lines. Please check you pasted it in PEM form.") . "\n";
$this->error.=_("The private key must begin by BEGIN (RSA )PRIVATE KEY and end by END (RSA )PRIVATE KEY lines. Please check you pasted it in PEM form.")."\n";
} }
if ($this->error) { if ($this->error) {
return false; return false;
} }
// We split the chained certificates in individuals certificates : // We split the chained certificates in individuals certificates :
$chains=array(); $chains = array();
$status=0; $new=""; $status = 0;
$lines=explode("\n",$chain); $new = "";
foreach($lines as $line) { $lines = explode("\n", $chain);
if ($line=="-----BEGIN CERTIFICATE-----" && $status==0) { foreach ($lines as $line) {
$status=1; if ($line == "-----BEGIN CERTIFICATE-----" && $status == 0) {
$new=$line."\n"; $status = 1;
$new = $line . "\n";
continue; continue;
} }
if ($line=="-----END CERTIFICATE-----" && $status==1) { if ($line == "-----END CERTIFICATE-----" && $status == 1) {
$status=0; $status = 0;
$new.=$line."\n"; $new.=$line . "\n";
$chains[]=$new; $chains[] = $new;
$new=""; $new = "";
continue; continue;
} }
if ($status==1) { if ($status == 1) {
$new.=$line."\n"; $new.=$line . "\n";
} }
} }
// here chains contains all the ssl certificates in the chained certs. // here chains contains all the ssl certificates in the chained certs.
// Now we check those using Openssl functions (real check :) ) // Now we check those using Openssl functions (real check :) )
$rchains=array(); $i=0; $rchains = array();
foreach($chains as $tmpcert) { $i = 0;
foreach ($chains as $tmpcert) {
$i++; $i++;
$tmpr=openssl_x509_read($tmpcert); $tmpr = openssl_x509_read($tmpcert);
if ($tmpr===false) { if ($tmpr === false) {
$this->error.=sprintf(_("The %d-th certificate in the chain is invalid"),$i)."\n"; $this->error.=sprintf(_("The %d-th certificate in the chain is invalid"), $i) . "\n";
} else { } else {
$rchains[]=$tmpr; $rchains[] = $tmpr;
} }
} }
$validstart=0; $validend=0; $validstart = 0;
$rcrt=openssl_x509_read($crt); $validend = 0;
$rcrt = openssl_x509_read($crt);
$crtdata = openssl_x509_parse($crt); $crtdata = openssl_x509_parse($crt);
if ($rcrt===false || $crtdata===false) { if ($rcrt === false || $crtdata === false) {
$this->error.=_("The certificate is invalid.")."\n"; $this->error.=_("The certificate is invalid.") . "\n";
} }
$rkey=openssl_pkey_get_private($key); $rkey = openssl_pkey_get_private($key);
if ($rkey===false) { if ($rkey === false) {
$this->error.=_("The private key is invalid.")."\n"; $this->error.=_("The private key is invalid.") . "\n";
} }
if (!$this->error) { if (!$this->error) {
// check that the private key and the certificates are matching : // check that the private key and the certificates are matching :
if (!openssl_x509_check_private_key($rcrt,$rkey)) { if (!openssl_x509_check_private_key($rcrt, $rkey)) {
$this->error.=_("The private key is not the one signed inside the certificate.")."\n"; $this->error.=_("The private key is not the one signed inside the certificate.") . "\n";
} }
} }
if (!$this->error) { if (!$this->error) {
// Everything is fine, let's recreate crt, chain, key from our internal OpenSSL structures: // Everything is fine, let's recreate crt, chain, key from our internal OpenSSL structures:
if (!openssl_x509_export($rcrt,$crt)) { if (!openssl_x509_export($rcrt, $crt)) {
$this->error.=_("Can't export your certificate as a string, please check its syntax.")."\n"; $this->error.=_("Can't export your certificate as a string, please check its syntax.") . "\n";
} }
$chain=""; $chain = "";
foreach($rchains as $r) { foreach ($rchains as $r) {
if (!openssl_x509_export($r,$tmp)) { if (!openssl_x509_export($r, $tmp)) {
$this->error.=_("Can't export one of your chained certificates as a string, please check its syntax.")."\n"; $this->error.=_("Can't export one of your chained certificates as a string, please check its syntax.") . "\n";
} else { } else {
$chain.=$tmp; $chain.=$tmp;
} }
} }
if (!openssl_pkey_export($rkey,$key)) { if (!openssl_pkey_export($rkey, $key)) {
$this->error.=_("Can't export your private key as a string, please check its syntax.")."\n"; $this->error.=_("Can't export your private key as a string, please check its syntax.") . "\n";
} }
} }
return array($crt,$chain,$key,$crtdata); return array($crt, $chain, $key, $crtdata);
} // check_cert }
// check_cert
}
} /* Class m_ssl */ /* Class m_ssl */