Browse code

Verarbeite und Speichere SAN-Hostnames für Zertifikate und CSRs

Bernd Wurst authored on26/01/2017 17:04:00
Showing1 changed files
... ...
@@ -196,12 +196,24 @@ validTo_time_t => 1267190790
196 196
 
197 197
   */
198 198
   DEBUG($certdata);
199
+  DEBUG("SAN: ".$certdata['extensions']['subjectAltName']);
199 200
   //return array('subject' => $certdata['name'], 'cn' => $certdata['subject']['CN'], 'valid_from' => date('Y-m-d', $certdata['validFrom_time_t']), 'valid_until' => date('Y-m-d', $certdata['validTo_time_t']));
200 201
   $issuer = $certdata['issuer']['CN'];
201 202
   if (isset($certdata['issuer']['O'])) {
202 203
     $issuer = $certdata['issuer']['O'];
203 204
   }
204
-  return array('subject' => $certdata['subject']['CN'].' / '.$issuer, 'cn' => $certdata['subject']['CN'], 'valid_from' => date('Y-m-d', $certdata['validFrom_time_t']), 'valid_until' => date('Y-m-d', $certdata['validTo_time_t']), 'issuer' => $certdata['issuer']['CN']);
205
+  $san = array();
206
+  $raw_san = explode(', ', $certdata['extensions']['subjectAltName']);
207
+  foreach ($raw_san as $name) {
208
+    if (! substr($name, 0, 4) == 'DNS:') {
209
+      warning('Unparsable SAN: '.$name);
210
+      continue;
211
+    }
212
+    $san[] = str_replace('DNS:', '', $name);
213
+  }
214
+  $san = implode("\n", $san);
215
+  DEBUG("SAN: <pre>".$san."</pre>");
216
+  return array('subject' => $certdata['subject']['CN'].' / '.$issuer, 'cn' => $certdata['subject']['CN'], 'valid_from' => date('Y-m-d', $certdata['validFrom_time_t']), 'valid_until' => date('Y-m-d', $certdata['validTo_time_t']), 'issuer' => $certdata['issuer']['CN'], 'san' => $san);
205 217
 }
206 218
 
207 219
 
... ...
@@ -211,8 +223,8 @@ function save_cert($info, $cert, $key)
211 223
   openssl_x509_export($cert, $cert);
212 224
   $uid = (int) $_SESSION['userinfo']['uid'];
213 225
 
214
-  db_query("INSERT INTO vhosts.certs (uid, subject, cn, valid_from, valid_until, chain, cert, `key`) VALUES (:uid, :subject, :cn, :valid_from, :valid_until, :chain, :cert, :key)", 
215
-        array(":uid" => $uid, ":subject" => filter_input_general($info['subject']), ":cn" => filter_input_general($info['cn']), ":valid_from" => $info['valid_from'], 
226
+  db_query("INSERT INTO vhosts.certs (uid, subject, cn, san, valid_from, valid_until, chain, cert, `key`) VALUES (:uid, :subject, :cn, :san, :valid_from, :valid_until, :chain, :cert, :key)", 
227
+        array(":uid" => $uid, ":subject" => filter_input_general($info['subject']), ":cn" => filter_input_general($info['cn']), ":san" => $info['san'], ":valid_from" => $info['valid_from'], 
216 228
               ":valid_until" => $info['valid_until'], ":chain" => get_chain($cert), ":cert" => $cert, ":key" => $key));
217 229
 }
218 230
 
... ...
@@ -226,6 +238,7 @@ function refresh_cert($id, $info, $cert, $key = NULL)
226 238
   $oldcert = cert_details($id);
227 239
   $args = array(":subject" => filter_input_general($info['subject']),
228 240
                 ":cn" => filter_input_general($info['cn']),
241
+                ":san" => $san,
229 242
                 ":cert" => $cert,
230 243
                 ":valid_from" => $info['valid_from'],
231 244
                 ":valid_until" => $info['valid_until'],
... ...
@@ -238,7 +251,7 @@ function refresh_cert($id, $info, $cert, $key = NULL)
238 251
     $keyop = ", `key`=:key";
239 252
     $args[":key"] = $key;
240 253
   }
241
-  db_query("UPDATE vhosts.certs SET subject=:subject, cn=:cn, cert=:cert{$keyop}, valid_from=:valid_from, valid_until=:valid_until, chain=:chain WHERE id=:id", $args);
254
+  db_query("UPDATE vhosts.certs SET subject=:subject, cn=:cn, san=:san, cert=:cert{$keyop}, valid_from=:valid_from, valid_until=:valid_until, chain=:chain WHERE id=:id", $args);
242 255
 }
243 256
 
244 257
 
... ...
@@ -349,13 +362,14 @@ function save_csr($cn, $bits, $replace=NULL)
349 362
   }
350 363
   $domains = split_cn($cn);
351 364
   $cn = $domains[0];
365
+  $san = implode("\n", $domains);
352 366
   $csr = NULL;
353 367
   $key = NULL;
354 368
   list($csr, $key) = create_csr(implode(',',$domains), $bits);
355 369
   
356 370
   $uid = (int) $_SESSION['userinfo']['uid'];
357
-  db_query("INSERT INTO vhosts.csr (uid, hostname, bits, `replace`, csr, `key`) VALUES (:uid, :cn, :bits, :replace, :csr, :key)",
358
-           array(":uid" => $uid, ":cn" => $cn, ":bits" => $bits, 
371
+  db_query("INSERT INTO vhosts.csr (uid, hostname, san, bits, `replace`, csr, `key`) VALUES (:uid, :cn, :san, :bits, :replace, :csr, :key)",
372
+           array(":uid" => $uid, ":cn" => $cn, ":san" => $san, ":bits" => $bits, 
359 373
                  ":replace" => $replace, ":csr" => $csr, ":key" => $key));
360 374
   $id = db_insert_id();
361 375
   return $id;