fe8d7c2025e33349ab1e51c0e906ec3ee69dcff2
bernd Neue Zertifikatsverwaltung

bernd authored 15 years ago

1) <?php
Bernd Wurst Added license tags for CC0,...

Bernd Wurst authored 12 years ago

2) /*
3) This file belongs to the Webinterface of schokokeks.org Hosting
4) 
Hanno Böck Change license from CC0 to...

Hanno Böck authored 2 years ago

5) Written by schokokeks.org Hosting, namely
Bernd Wurst Added license tags for CC0,...

Bernd Wurst authored 12 years ago

6)   Bernd Wurst <bernd@schokokeks.org>
7)   Hanno Böck <hanno@schokokeks.org>
8) 
Hanno Böck Change license from CC0 to...

Hanno Böck authored 2 years ago

9) This code is published under a 0BSD license.
Bernd Wurst Added license tags for CC0,...

Bernd Wurst authored 12 years ago

10) 
11) Nevertheless, in case you use a significant part of this code, we ask (but not require, see the license) that you keep the authors' names in place and return your changes to the public. We would be especially happy if you tell us what you're going to do with this code.
12) */
bernd Neue Zertifikatsverwaltung

bernd authored 15 years ago

13) 
14) require_once('inc/base.php');
bernd CSR-Erstellung

bernd authored 15 years ago

15) require_once('inc/security.php');
bernd Neue Zertifikatsverwaltung

bernd authored 15 years ago

16) 
17) define("CERT_OK", 0);
18) define("CERT_INVALID", 1);
19) define("CERT_NOCHAIN", 2);
20) 
21) function user_certs()
22) {
Hanno Fix coding style with php-c...

Hanno authored 6 years ago

23)     $uid = (int) $_SESSION['userinfo']['uid'];
Hanno Böck Codingstyle PSR12 + array s...

Hanno Böck authored 3 years ago

24)     $result = db_query("SELECT id, valid_from, valid_until, subject, cn FROM vhosts.certs WHERE uid=? ORDER BY cn", [$uid]);
25)     $ret = [];
Hanno Fix coding style with php-c...

Hanno authored 6 years ago

26)     while ($i = $result->fetch()) {
27)         $ret[] = $i;
28)     }
29)     #DEBUG($ret);
30)     return $ret;
bernd Neue Zertifikatsverwaltung

bernd authored 15 years ago

31) }
32) 
bernd CSR-Erstellung

bernd authored 15 years ago

33) function user_csr()
34) {
Hanno Fix coding style with php-c...

Hanno authored 6 years ago

35)     $uid = (int) $_SESSION['userinfo']['uid'];
Hanno Böck Codingstyle PSR12 + array s...

Hanno Böck authored 3 years ago

36)     $result = db_query("SELECT id, created, hostname, bits FROM vhosts.csr WHERE uid=? ORDER BY hostname", [$uid]);
37)     $ret = [];
Hanno Fix coding style with php-c...

Hanno authored 6 years ago

38)     while ($i = $result->fetch()) {
39)         $ret[] = $i;
40)     }
41)     #DEBUG($ret);
42)     return $ret;
bernd CSR-Erstellung

bernd authored 15 years ago

43) }
bernd Neue Zertifikatsverwaltung

bernd authored 15 years ago

44) 
Bernd Wurst Interface für Zertifikate i...

Bernd Wurst authored 8 years ago

45) function user_has_manual_certs()
46) {
Hanno Fix coding style with php-c...

Hanno authored 6 years ago

47)     foreach (user_certs() as $c) {
48)         if (!cert_is_letsencrypt($c['id'])) {
49)             return true;
50)         }
51)     }
52)     foreach (user_csr() as $c) {
53)         return true;
Bernd Wurst Interface für Zertifikate i...

Bernd Wurst authored 8 years ago

54)     }
55) }
56) 
57) 
bernd Neue Zertifikatsverwaltung

bernd authored 15 years ago

58) function cert_details($id)
59) {
Hanno Fix coding style with php-c...

Hanno authored 6 years ago

60)     $id = (int) $id;
61)     $uid = (int) $_SESSION['userinfo']['uid'];
Hanno remove whitespace in empty...

Hanno authored 6 years ago

62) 
Hanno Böck Codingstyle PSR12 + array s...

Hanno Böck authored 3 years ago

63)     $result = db_query("SELECT id, lastchange, valid_from, valid_until, subject, cn, chain, cert, `key` FROM vhosts.certs WHERE uid=:uid AND id=:id", [":uid" => $uid, ":id" => $id]);
Hanno Fix coding style with php-c...

Hanno authored 6 years ago

64)     if ($result->rowCount() != 1) {
65)         system_failure("Ungültiges Zertifikat #{$id}");
66)     }
67)     return $result->fetch();
bernd Neue Zertifikatsverwaltung

bernd authored 15 years ago

68) }
69) 
Bernd Wurst Status der letsencrypt-Opti...

Bernd Wurst authored 9 years ago

70) function cert_is_letsencrypt($id)
71) {
Hanno Fix coding style with php-c...

Hanno authored 6 years ago

72)     $details = cert_details($id);
73)     #DEBUG($details);
74)     if (strpos($details['subject'], "Let's Encrypt autogenerated") > 0) {
75)         return true;
76)     }
77)     return false;
Bernd Wurst Status der letsencrypt-Opti...

Bernd Wurst authored 9 years ago

78) }
79) 
bernd Neue Zertifikatsverwaltung

bernd authored 15 years ago

80) 
bernd CSR-Erstellung

bernd authored 15 years ago

81) function csr_details($id)
82) {
Hanno Fix coding style with php-c...

Hanno authored 6 years ago

83)     $id = (int) $id;
84)     $uid = (int) $_SESSION['userinfo']['uid'];
Hanno remove whitespace in empty...

Hanno authored 6 years ago

85) 
Hanno Böck Codingstyle PSR12 + array s...

Hanno Böck authored 3 years ago

86)     $result = db_query("SELECT id, created, hostname, bits, `replace`, csr, `key` FROM vhosts.csr WHERE uid=:uid AND id=:id", [":uid" => $uid, ":id" => $id]);
Hanno Fix coding style with php-c...

Hanno authored 6 years ago

87)     if ($result->rowCount() != 1) {
88)         system_failure("Ungültiger CSR");
89)     }
90)     return $result->fetch();
bernd CSR-Erstellung

bernd authored 15 years ago

91) }
92) 
93) 
bernd Neue Zertifikatsverwaltung

bernd authored 15 years ago

94) function get_available_CAs()
95) {
Hanno Fix coding style with php-c...

Hanno authored 6 years ago

96)     $path = '/etc/apache2/certs/cabundle/';
Hanno Böck Spaces between string conca...

Hanno Böck authored 1 year ago

97)     $ret = glob($path . '*.pem');
Hanno Böck Fix not operator (!) spaces

Hanno Böck authored 1 year ago

98)     if (!$ret) {
Hanno Fix coding style with php-c...

Hanno authored 6 years ago

99)         system_failure("Konnte die CA-Zertifikate nicht laden");
100)     }
101)     DEBUG($ret);
102)     return $ret;
bernd Neue Zertifikatsverwaltung

bernd authored 15 years ago

103) }
104) 
105) 
bernd Cert-Chain erkennen und ben...

bernd authored 14 years ago

106) function get_chain($cert)
107) {
Hanno Fix coding style with php-c...

Hanno authored 6 years ago

108)     $certdata = openssl_x509_parse($cert, true);
109)     if ($certdata === false) {
110)         system_failure("Das Zertifikat konnte nicht gelesen werden");
111)     }
Hanno Böck Fix not operator (!) spaces

Hanno Böck authored 1 year ago

112)     if (!isset($certdata['issuer']['CN'])) {
Hanno Fix coding style with php-c...

Hanno authored 6 years ago

113)         return null;
114)     }
Hanno Böck Codingstyle PSR12 + array s...

Hanno Böck authored 3 years ago

115)     $result = db_query("SELECT id FROM vhosts.certchain WHERE cn=?", [$certdata['issuer']['CN']]);
Hanno Fix coding style with php-c...

Hanno authored 6 years ago

116)     if ($result->rowCount() > 0) {
117)         $c = $result->fetch();
118)         //$chainfile = '/etc/apache2/certs/chains/'.$c['id'].'.pem';
Hanno Böck Spaces between string conca...

Hanno Böck authored 1 year ago

119)         DEBUG("identified fitting certificate chain #" . $c['id']);
Hanno Fix coding style with php-c...

Hanno authored 6 years ago

120)         return $c['id'];
121)     }
bernd Cert-Chain erkennen und ben...

bernd authored 14 years ago

122) }
123) 
124) 
bernd Neue Zertifikatsverwaltung

bernd authored 15 years ago

125) function validate_certificate($cert, $key)
Hanno Fix coding style with php-c...

Hanno authored 6 years ago

126) {
127)     // Lade private key
128)     $seckey = openssl_get_privatekey($key);
129)     if ($seckey === false) {
130)         system_failure("Der private Schlüssel konnte (ohne Passwort) nicht gelesen werden.");
131)     }
132)     // Lade public key
133)     $pubkey = openssl_get_publickey($cert);
134)     if ($pubkey === false) {
135)         system_failure("In dem eingetragenen Zertifikat wurde kein öffentlicher Schlüssel gefunden.");
136)     }
137)     // Parse Details über den pubkey
Hanno Böck deutlich striktere Checks b...

Hanno Böck authored 3 years ago

138)     $pubkeyinfo = openssl_pkey_get_details($pubkey);
139)     DEBUG($pubkeyinfo);
140)     if ($pubkeyinfo === false) {
Hanno Fix coding style with php-c...

Hanno authored 6 years ago

141)         system_failure("Der öffentliche Schlüssel des Zertifikats konnte nicht gelesen werden");
142)     }
143) 
144)     // Apache unterstützt nur Schlüssel vom Typ RSA oder DSA
Hanno Böck deutlich striktere Checks b...

Hanno Böck authored 3 years ago

145)     if ($pubkeyinfo['type'] !== OPENSSL_KEYTYPE_RSA) {
Hanno Fix coding style with php-c...

Hanno authored 6 years ago

146)         system_failure("Dieser Schlüssel nutzt einen nicht unterstützten Algorithmus.");
147)     }
Hanno remove whitespace in empty...

Hanno authored 6 years ago

148) 
Hanno Fix coding style with php-c...

Hanno authored 6 years ago

149)     // Bei ECC-Keys treten kürzere Schlüssellängen auf, die können wir aktuell aber sowieso nicht unterstützen
Hanno Böck deutlich striktere Checks b...

Hanno Böck authored 3 years ago

150)     // Wir blockieren zu kurze und zu lange Schlüssel hart, da Apache sonst nicht startet
151)     if ($pubkeyinfo['bits'] < 2048) {
152)         system_failure("Schlüssellänge ist zu kurz");
153)     }
154)     if ($pubkeyinfo['bits'] > 4096) {
155)         system_failure("Schlüssellänge ist zu lang");
156)     }
157) 
158)     $x509info = openssl_x509_parse($cert);
159)     if ($x509info === false) {
160)         system_failure("Zertifikat konnte nicht verarbeitet werden");
161)     }
Hanno Böck Codingstyle PSR12 + array s...

Hanno Böck authored 3 years ago

162)     if (!in_array($x509info['signatureTypeSN'], ["RSA-SHA256", "RSA-SHA385", "RSA-SHA512"])) {
Hanno Böck deutlich striktere Checks b...

Hanno Böck authored 3 years ago

163)         system_failure("Nicht unterstützer Signatur-Hashalgorithmus!");
Hanno Fix coding style with php-c...

Hanno authored 6 years ago

164)     }
165) 
166)     // Prüfe ob Key und Zertifikat zusammen passen
167)     if (openssl_x509_check_private_key($cert, $key) !== true) {
Hanno Böck Spaces between string conca...

Hanno Böck authored 1 year ago

168)         DEBUG("Zertifikat und Key passen nicht zusammen: " . openssl_x509_check_private_key($cert, $key));
Hanno Fix coding style with php-c...

Hanno authored 6 years ago

169)         return CERT_INVALID;
170)     }
171) 
Hanno Böck deutlich striktere Checks b...

Hanno Böck authored 3 years ago

172)     // Check von openssl_x509_check_private_key() ist leider nicht ausreichend
173)     $testdata = base64_encode(random_bytes(32));
174)     if (openssl_sign($testdata, $signature, $seckey) !== true) {
175)         system_failure("Kann keine Testsignatur erstellen, Key ungültig!");
176)     }
177)     if (openssl_verify($testdata, $signature, $pubkey) !== 1) {
178)         system_failure("Testsignatur ungültig, Key vermutlich fehlerhaft!");
179)     }
180) 
Hanno Böck Codingstyle PSR12 + array s...

Hanno Böck authored 3 years ago

181)     $cacerts = ['/etc/ssl/certs'];
Hanno Fix coding style with php-c...

Hanno authored 6 years ago

182)     $chain = (int) get_chain($cert);
183)     if ($chain) {
Hanno Böck Codingstyle PSR12 + array s...

Hanno Böck authored 3 years ago

184)         $result = db_query("SELECT content FROM vhosts.certchain WHERE id=?", [$chain]);
Hanno Fix coding style with php-c...

Hanno authored 6 years ago

185)         $tmp = $result->fetch();
186)         $chaincert = $tmp['content'];
187)         $chainfile = tempnam(sys_get_temp_dir(), 'webinterface');
188)         $f = fopen($chainfile, "w");
189)         fwrite($f, $chaincert);
190)         fclose($f);
191)         $cacerts[] = $chainfile;
192)     }
193) 
194)     $valid = openssl_x509_checkpurpose($cert, X509_PURPOSE_SSL_SERVER, $cacerts);
195)     if ($chain) {
196)         unlink($chainfile);
197)     }
198)     if ($valid !== true) {
199)         DEBUG('certificate was not validated as a server certificate with the available chain');
200)         return CERT_NOCHAIN;
201)     }
202) 
203)     return CERT_OK;
bernd Neue Zertifikatsverwaltung

bernd authored 15 years ago

204) }
205) 
206) 
207) function parse_cert_details($cert)
208) {
Hanno Fix coding style with php-c...

Hanno authored 6 years ago

209)     $certdata = openssl_x509_parse($cert, true);
210)     DEBUG($certdata);
Hanno Böck handle empty SAN properly

Hanno Böck authored 2 years ago

211) 
Hanno Fix coding style with php-c...

Hanno authored 6 years ago

212)     $issuer = $certdata['issuer']['CN'];
213)     if (isset($certdata['issuer']['O'])) {
214)         $issuer = $certdata['issuer']['O'];
215)     }
Hanno Böck handle empty SAN properly

Hanno Böck authored 2 years ago

216)     if (isset($certdata['extensions']['subjectAltName'])) {
Hanno Böck Spaces between string conca...

Hanno Böck authored 1 year ago

217)         DEBUG("SAN: " . $certdata['extensions']['subjectAltName']);
Hanno Böck handle empty SAN properly

Hanno Böck authored 2 years ago

218)         $san = [];
219)         $raw_san = explode(', ', $certdata['extensions']['subjectAltName']);
220)         foreach ($raw_san as $name) {
Hanno Böck Fix not operator (!) spaces

Hanno Böck authored 1 year ago

221)             if (!substr($name, 0, 4) == 'DNS:') {
Hanno Böck Spaces between string conca...

Hanno Böck authored 1 year ago

222)                 warning('Unparsable SAN: ' . $name);
Hanno Böck handle empty SAN properly

Hanno Böck authored 2 years ago

223)                 continue;
224)             }
225)             $san[] = str_replace('DNS:', '', $name);
Hanno Fix coding style with php-c...

Hanno authored 6 years ago

226)         }
Hanno Böck handle empty SAN properly

Hanno Böck authored 2 years ago

227)         $san = implode("\n", $san);
228)     } else {
229)         $san = "\n";
Bernd Wurst Verarbeite und Speichere SA...

Bernd Wurst authored 7 years ago

230)     }
Hanno Böck Spaces between string conca...

Hanno Böck authored 1 year ago

231)     DEBUG("SAN: <pre>" . $san . "</pre>");
232)     return ['subject' => $certdata['subject']['CN'] . ' / ' . $issuer, 'cn' => $certdata['subject']['CN'], 'valid_from' => date('Y-m-d', $certdata['validFrom_time_t']), 'valid_until' => date('Y-m-d', $certdata['validTo_time_t']), 'issuer' => $certdata['issuer']['CN'], 'san' => $san];
bernd Neue Zertifikatsverwaltung

bernd authored 15 years ago

233) }
234) 
235) 
236) function save_cert($info, $cert, $key)
237) {
Hanno Fix coding style with php-c...

Hanno authored 6 years ago

238)     openssl_pkey_export($key, $key);
239)     openssl_x509_export($cert, $cert);
240)     $uid = (int) $_SESSION['userinfo']['uid'];
241) 
242)     db_query(
Hanno Update codingstyle accordin...

Hanno authored 5 years ago

243)         "INSERT INTO vhosts.certs (uid, subject, cn, san, valid_from, valid_until, chain, cert, `key`) VALUES (:uid, :subject, :cn, :san, :valid_from, :valid_until, :chain, :cert, :key)",
Hanno Böck Codingstyle PSR12 + array s...

Hanno Böck authored 3 years ago

244)         [":uid" => $uid, ":subject" => filter_input_oneline($info['subject']), ":cn" => filter_input_oneline($info['cn']), ":san" => $info['san'], ":valid_from" => $info['valid_from'],
Hanno Böck Neue codingstyle-rule array...

Hanno Böck authored 8 months ago

245)             ":valid_until" => $info['valid_until'], ":chain" => get_chain($cert), ":cert" => $cert, ":key" => $key, ]
Hanno Fix codingstyle

Hanno authored 5 years ago

246)     );
bernd Neue Zertifikatsverwaltung

bernd authored 15 years ago

247) }
248) 
bernd Cert-Refresh

bernd authored 15 years ago

249) 
Hanno Fix coding style with php-c...

Hanno authored 6 years ago

250) function refresh_cert($id, $info, $cert, $key = null)
bernd Cert-Refresh

bernd authored 15 years ago

251) {
Hanno Fix coding style with php-c...

Hanno authored 6 years ago

252)     openssl_x509_export($cert, $cert);
253)     $chain = get_chain($cert);
bernd Bugfix: Beim Eintragen eine...

bernd authored 13 years ago

254) 
Hanno Fix coding style with php-c...

Hanno authored 6 years ago

255)     $id = (int) $id;
256)     $oldcert = cert_details($id);
Hanno Böck Codingstyle PSR12 + array s...

Hanno Böck authored 3 years ago

257)     $args = [":subject" => filter_input_oneline($info['subject']),
Hanno Böck Neue codingstyle-rule array...

Hanno Böck authored 8 months ago

258)         ":cn" => filter_input_oneline($info['cn']),
259)         ":san" => $info['san'],
260)         ":cert" => $cert,
261)         ":valid_from" => $info['valid_from'],
262)         ":valid_until" => $info['valid_until'],
263)         ":chain" => get_chain($cert),
264)         ":id" => $id, ];
Bernd Wurst Einige Statements auf Prepa...

Bernd Wurst authored 10 years ago

265) 
Hanno Fix coding style with php-c...

Hanno authored 6 years ago

266)     $keyop = '';
267)     if ($key) {
268)         openssl_pkey_export($key, $key);
269)         $keyop = ", `key`=:key";
270)         $args[":key"] = $key;
271)     }
272)     db_query("UPDATE vhosts.certs SET subject=:subject, cn=:cn, san=:san, cert=:cert{$keyop}, valid_from=:valid_from, valid_until=:valid_until, chain=:chain WHERE id=:id", $args);
bernd Cert-Refresh

bernd authored 15 years ago

273) }
274) 
275) 
bernd Neue Zertifikatsverwaltung

bernd authored 15 years ago

276) function delete_cert($id)
277) {
Hanno Fix coding style with php-c...

Hanno authored 6 years ago

278)     $uid = (int) $_SESSION['userinfo']['uid'];
279)     $id = (int) $id;
Hanno remove whitespace in empty...

Hanno authored 6 years ago

280) 
Hanno Böck Codingstyle PSR12 + array s...

Hanno Böck authored 3 years ago

281)     db_query("DELETE FROM vhosts.certs WHERE uid=? AND id=?", [$uid, $id]);
bernd Neue Zertifikatsverwaltung

bernd authored 15 years ago

282) }
283) 
bernd CSR-Erstellung

bernd authored 15 years ago

284) function delete_csr($id)
285) {
Hanno Fix coding style with php-c...

Hanno authored 6 years ago

286)     $uid = (int) $_SESSION['userinfo']['uid'];
287)     $id = (int) $id;
Hanno remove whitespace in empty...

Hanno authored 6 years ago

288) 
Hanno Böck Codingstyle PSR12 + array s...

Hanno Böck authored 3 years ago

289)     db_query("DELETE FROM vhosts.csr WHERE uid=? AND id=?", [$uid, $id]);
bernd CSR-Erstellung

bernd authored 15 years ago

290) }
291) 
292) 
Bernd Wurst * Ermögliche SAN bei CSRs *...

Bernd Wurst authored 9 years ago

293) function split_cn($cn)
294) {
Hanno Böck Codingstyle PSR12 + array s...

Hanno Böck authored 3 years ago

295)     $domains = [];
Hanno Fix coding style with php-c...

Hanno authored 6 years ago

296)     if (strstr($cn, ',') or strstr($cn, "\n")) {
297)         $domains = preg_split("/[, \n]+/", $cn);
298)         DEBUG("Domains:");
299)         DEBUG($domains);
300)     } else {
301)         $domains[] = $cn;
302)     }
Hanno Böck codingstyle, spaces between...

Hanno Böck authored 1 year ago

303)     for ($i = 0;$i != count($domains);$i++) {
Hanno Fix coding style with php-c...

Hanno authored 6 years ago

304)         $domains[$i] = filter_input_hostname($domains[$i], true);
305)     }
306)     return $domains;
Bernd Wurst * Ermögliche SAN bei CSRs *...

Bernd Wurst authored 9 years ago

307) }
308) 
bernd CSR-Erstellung

bernd authored 15 years ago

309) function create_csr($cn, $bits)
310) {
Hanno Fix coding style with php-c...

Hanno authored 6 years ago

311)     $domains = split_cn($cn);
Hanno Böck Codingstyle PSR12 + array s...

Hanno Böck authored 3 years ago

312)     $tmp = [];
Hanno Fix coding style with php-c...

Hanno authored 6 years ago

313)     foreach ($domains as $dom) {
Hanno Böck Spaces between string conca...

Hanno Böck authored 1 year ago

314)         $tmp[] = 'DNS:' . $dom;
Hanno Fix coding style with php-c...

Hanno authored 6 years ago

315)     }
Hanno Böck Spaces between string conca...

Hanno Böck authored 1 year ago

316)     $SAN = "[ v3_req ]\nsubjectAltName = " . implode(', ', $tmp);
Hanno Fix coding style with php-c...

Hanno authored 6 years ago

317)     DEBUG($SAN);
318)     $cn = $domains[0];
319)     $bits = (int) $bits;
320)     if ($bits == 0) {
321)         $bits = 4096;
322)     }
323) 
324)     $keyfile = tempnam(ini_get('upload_tmp_dir'), 'key');
325)     $csrfile = tempnam(ini_get('upload_tmp_dir'), 'csr');
326)     $config = tempnam(ini_get('upload_tmp_dir'), 'config');
327) 
Hanno Böck Spaces between string conca...

Hanno Böck authored 1 year ago

328)     DEBUG("key: " . $keyfile . " / csr: " . $csrfile . " / config: " . $config);
Hanno Fix coding style with php-c...

Hanno authored 6 years ago

329) 
330)     $c = fopen($config, "w");
331)     fwrite($c, "[req]
bernd CSR-Erstellung

bernd authored 15 years ago

332) default_bits = {$bits}
333) default_keyfile = {$keyfile}
334) encrypt_key = no
335) distinguished_name      = req_distinguished_name
Bernd Wurst * Ermögliche SAN bei CSRs *...

Bernd Wurst authored 9 years ago

336) req_extensions = v3_req
bernd CSR-Erstellung

bernd authored 15 years ago

337) 
338) [ req_distinguished_name ]
339) countryName                     = Country Name (2 letter code)
Bernd Wurst Leere Vorgaben für CSR-Details

Bernd Wurst authored 10 years ago

340) countryName_default             = 
bernd CSR-Erstellung

bernd authored 15 years ago

341) stateOrProvinceName             = State or Province Name (full name)
Bernd Wurst Leere Vorgaben für CSR-Details

Bernd Wurst authored 10 years ago

342) stateOrProvinceName_default     = 
bernd CSR-Erstellung

bernd authored 15 years ago

343) localityName                    = Locality Name (eg, city)
Bernd Wurst Leere Vorgaben für CSR-Details

Bernd Wurst authored 10 years ago

344) localityName_default            = 
bernd CSR-Erstellung

bernd authored 15 years ago

345) 0.organizationName              = Organization Name (eg, company)
Bernd Wurst Leere Vorgaben für CSR-Details

Bernd Wurst authored 10 years ago

346) 0.organizationName_default      = 
bernd CSR-Erstellung

bernd authored 15 years ago

347) 
348) commonName = Common Name
349) commonName_default = {$cn}
Bernd Wurst * Ermögliche SAN bei CSRs *...

Bernd Wurst authored 9 years ago

350) {$SAN}
bernd CSR-Erstellung

bernd authored 15 years ago

351) ");
Hanno Fix coding style with php-c...

Hanno authored 6 years ago

352)     fclose($c);
353) 
354)     $output = '';
355)     $cmdline = "openssl req -sha256 -new -batch -config {$config} -out {$csrfile}";
356)     $retval = 0;
357)     exec($cmdline, $output, $retval);
358)     DEBUG($output);
359)     DEBUG($retval);
360)     if ($retval != 0) {
Hanno Böck Spaces between string conca...

Hanno Böck authored 1 year ago

361)         system_failure("Die Erzeugung des CSR ist fehlgeschlagen. Ausgabe des OpenSSL-Befehls: " . print_r($output, true));
Hanno Fix coding style with php-c...

Hanno authored 6 years ago

362)     }
Hanno remove whitespace in empty...

Hanno authored 6 years ago

363) 
Hanno Fix coding style with php-c...

Hanno authored 6 years ago

364)     $csr = file_get_contents($csrfile);
365)     $key = file_get_contents($keyfile);
bernd CSR-Erstellung

bernd authored 15 years ago

366) 
Hanno Fix coding style with php-c...

Hanno authored 6 years ago

367)     unlink($csrfile);
368)     unlink($keyfile);
369)     unlink($config);
bernd CSR-Erstellung

bernd authored 15 years ago

370) 
Hanno Böck Codingstyle PSR12 + array s...

Hanno Böck authored 3 years ago

371)     return [$csr, $key];
bernd CSR-Erstellung

bernd authored 15 years ago

372) }
373) 
374) 
375) 
Hanno Böck codingstyle, spaces between...

Hanno Böck authored 1 year ago

376) function save_csr($cn, $bits, $replace = null)
bernd CSR-Erstellung

bernd authored 15 years ago

377) {
Hanno Böck Fix not operator (!) spaces

Hanno Böck authored 1 year ago

378)     if (!$cn) {
Hanno Fix coding style with php-c...

Hanno authored 6 years ago

379)         system_failure("Sie müssen einen Domainname eingeben!");
380)     }
381)     $domains = split_cn($cn);
382)     $cn = $domains[0];
383)     $san = implode("\n", $domains);
384)     $csr = null;
385)     $key = null;
Hanno Böck Codingstyle PSR12 + array s...

Hanno Böck authored 3 years ago

386)     [$csr, $key] = create_csr(implode(',', $domains), $bits);
Hanno remove whitespace in empty...

Hanno authored 6 years ago

387) 
Hanno Fix coding style with php-c...

Hanno authored 6 years ago

388)     $uid = (int) $_SESSION['userinfo']['uid'];
389)     db_query(
Hanno Update codingstyle accordin...

Hanno authored 5 years ago

390)         "INSERT INTO vhosts.csr (uid, hostname, san, bits, `replace`, csr, `key`) VALUES (:uid, :cn, :san, :bits, :replace, :csr, :key)",
Hanno Böck Codingstyle PSR12 + array s...

Hanno Böck authored 3 years ago

391)         [":uid" => $uid, ":cn" => $cn, ":san" => $san, ":bits" => $bits,
Hanno Böck Neue codingstyle-rule array...

Hanno Böck authored 8 months ago

392)             ":replace" => $replace, ":csr" => $csr, ":key" => $key, ]
Hanno Fix codingstyle

Hanno authored 5 years ago

393)     );
Hanno Fix coding style with php-c...

Hanno authored 6 years ago

394)     $id = db_insert_id();
395)     return $id;