Verarbeite und Speichere SAN-Hostnames für Zertifikate und CSRs
Bernd Wurst commited on 2017-01-26 17:04:00
Zeige 1 geänderte Dateien mit 20 Einfügungen und 6 Löschungen.
- modules/vhosts/include/certs.php df7a8c3..8ec96d4
| ... | ... |
@@ -196,12 +196,24 @@ validTo_time_t => 1267190790 |
| 196 | 196 |
|
| 197 | 197 |
*/ |
| 198 | 198 |
DEBUG($certdata); |
| 199 |
+ DEBUG("SAN: ".$certdata['extensions']['subjectAltName']);
|
|
| 199 | 200 |
//return array('subject' => $certdata['name'], 'cn' => $certdata['subject']['CN'], 'valid_from' => date('Y-m-d', $certdata['validFrom_time_t']), 'valid_until' => date('Y-m-d', $certdata['validTo_time_t']));
|
| 200 | 201 |
$issuer = $certdata['issuer']['CN']; |
| 201 | 202 |
if (isset($certdata['issuer']['O'])) {
|
| 202 | 203 |
$issuer = $certdata['issuer']['O']; |
| 203 | 204 |
} |
| 204 |
- return array('subject' => $certdata['subject']['CN'].' / '.$issuer, 'cn' => $certdata['subject']['CN'], 'valid_from' => date('Y-m-d', $certdata['validFrom_time_t']), 'valid_until' => date('Y-m-d', $certdata['validTo_time_t']), 'issuer' => $certdata['issuer']['CN']);
|
|
| 205 |
+ $san = array(); |
|
| 206 |
+ $raw_san = explode(', ', $certdata['extensions']['subjectAltName']);
|
|
| 207 |
+ foreach ($raw_san as $name) {
|
|
| 208 |
+ if (! substr($name, 0, 4) == 'DNS:') {
|
|
| 209 |
+ warning('Unparsable SAN: '.$name);
|
|
| 210 |
+ continue; |
|
| 211 |
+ } |
|
| 212 |
+ $san[] = str_replace('DNS:', '', $name);
|
|
| 213 |
+ } |
|
| 214 |
+ $san = implode("\n", $san);
|
|
| 215 |
+ DEBUG("SAN: <pre>".$san."</pre>");
|
|
| 216 |
+ return array('subject' => $certdata['subject']['CN'].' / '.$issuer, 'cn' => $certdata['subject']['CN'], 'valid_from' => date('Y-m-d', $certdata['validFrom_time_t']), 'valid_until' => date('Y-m-d', $certdata['validTo_time_t']), 'issuer' => $certdata['issuer']['CN'], 'san' => $san);
|
|
| 205 | 217 |
} |
| 206 | 218 |
|
| 207 | 219 |
|
| ... | ... |
@@ -211,8 +223,8 @@ function save_cert($info, $cert, $key) |
| 211 | 223 |
openssl_x509_export($cert, $cert); |
| 212 | 224 |
$uid = (int) $_SESSION['userinfo']['uid']; |
| 213 | 225 |
|
| 214 |
- db_query("INSERT INTO vhosts.certs (uid, subject, cn, valid_from, valid_until, chain, cert, `key`) VALUES (:uid, :subject, :cn, :valid_from, :valid_until, :chain, :cert, :key)",
|
|
| 215 |
- array(":uid" => $uid, ":subject" => filter_input_general($info['subject']), ":cn" => filter_input_general($info['cn']), ":valid_from" => $info['valid_from'],
|
|
| 226 |
+ db_query("INSERT INTO vhosts.certs (uid, subject, cn, san, valid_from, valid_until, chain, cert, `key`) VALUES (:uid, :subject, :cn, :san, :valid_from, :valid_until, :chain, :cert, :key)",
|
|
| 227 |
+ array(":uid" => $uid, ":subject" => filter_input_general($info['subject']), ":cn" => filter_input_general($info['cn']), ":san" => $info['san'], ":valid_from" => $info['valid_from'],
|
|
| 216 | 228 |
":valid_until" => $info['valid_until'], ":chain" => get_chain($cert), ":cert" => $cert, ":key" => $key)); |
| 217 | 229 |
} |
| 218 | 230 |
|
| ... | ... |
@@ -226,6 +238,7 @@ function refresh_cert($id, $info, $cert, $key = NULL) |
| 226 | 238 |
$oldcert = cert_details($id); |
| 227 | 239 |
$args = array(":subject" => filter_input_general($info['subject']),
|
| 228 | 240 |
":cn" => filter_input_general($info['cn']), |
| 241 |
+ ":san" => $san, |
|
| 229 | 242 |
":cert" => $cert, |
| 230 | 243 |
":valid_from" => $info['valid_from'], |
| 231 | 244 |
":valid_until" => $info['valid_until'], |
| ... | ... |
@@ -238,7 +251,7 @@ function refresh_cert($id, $info, $cert, $key = NULL) |
| 238 | 251 |
$keyop = ", `key`=:key"; |
| 239 | 252 |
$args[":key"] = $key; |
| 240 | 253 |
} |
| 241 |
- db_query("UPDATE vhosts.certs SET subject=:subject, cn=:cn, cert=:cert{$keyop}, valid_from=:valid_from, valid_until=:valid_until, chain=:chain WHERE id=:id", $args);
|
|
| 254 |
+ db_query("UPDATE vhosts.certs SET subject=:subject, cn=:cn, san=:san, cert=:cert{$keyop}, valid_from=:valid_from, valid_until=:valid_until, chain=:chain WHERE id=:id", $args);
|
|
| 242 | 255 |
} |
| 243 | 256 |
|
| 244 | 257 |
|
| ... | ... |
@@ -349,13 +362,14 @@ function save_csr($cn, $bits, $replace=NULL) |
| 349 | 362 |
} |
| 350 | 363 |
$domains = split_cn($cn); |
| 351 | 364 |
$cn = $domains[0]; |
| 365 |
+ $san = implode("\n", $domains);
|
|
| 352 | 366 |
$csr = NULL; |
| 353 | 367 |
$key = NULL; |
| 354 | 368 |
list($csr, $key) = create_csr(implode(',',$domains), $bits);
|
| 355 | 369 |
|
| 356 | 370 |
$uid = (int) $_SESSION['userinfo']['uid']; |
| 357 |
- db_query("INSERT INTO vhosts.csr (uid, hostname, bits, `replace`, csr, `key`) VALUES (:uid, :cn, :bits, :replace, :csr, :key)",
|
|
| 358 |
- array(":uid" => $uid, ":cn" => $cn, ":bits" => $bits,
|
|
| 371 |
+ db_query("INSERT INTO vhosts.csr (uid, hostname, san, bits, `replace`, csr, `key`) VALUES (:uid, :cn, :san, :bits, :replace, :csr, :key)",
|
|
| 372 |
+ array(":uid" => $uid, ":cn" => $cn, ":san" => $san, ":bits" => $bits,
|
|
| 359 | 373 |
":replace" => $replace, ":csr" => $csr, ":key" => $key)); |
| 360 | 374 |
$id = db_insert_id(); |
| 361 | 375 |
return $id; |
| 362 | 376 |