Bernd Wurst commited on 2016-04-07 06:07:38
Zeige 4 geänderte Dateien mit 22 Einfügungen und 10 Löschungen.
... | ... |
@@ -57,12 +57,18 @@ if ($_SESSION['role'] != ROLE_ANONYMOUS && isset($_REQUEST['record']) && isset($ |
57 | 57 |
{ |
58 | 58 |
DEBUG('recording client-cert'); |
59 | 59 |
if (isset($_SERVER[$redirect.'SSL_CLIENT_CERT']) && isset($_SERVER[$redirect.'SSL_CLIENT_S_DN']) && |
60 |
- isset($_SERVER[$redirect.'SSL_CLIENT_I_DN']) && isset($_SERVER[$redirect.'SSL_CLIENT_M_SERIAL'])) |
|
60 |
+ isset($_SERVER[$redirect.'SSL_CLIENT_I_DN']) && isset($_SERVER[$redirect.'SSL_CLIENT_M_SERIAL']) && |
|
61 |
+ isset($_SERVER[$redirect.'SSL_CLIENT_V_START']) && isset($_SERVER[$redirect.'SSL_CLIENT_V_END']) |
|
62 |
+ ) |
|
61 | 63 |
{ |
62 | 64 |
$_SESSION['clientcert_cert'] = $_SERVER[$redirect.'SSL_CLIENT_CERT']; |
63 | 65 |
$_SESSION['clientcert_dn'] = $_SERVER[$redirect.'SSL_CLIENT_S_DN']; |
64 | 66 |
$_SESSION['clientcert_issuer'] = $_SERVER[$redirect.'SSL_CLIENT_I_DN']; |
65 | 67 |
$_SESSION['clientcert_serial'] = $_SERVER[$redirect.'SSL_CLIENT_M_SERIAL']; |
68 |
+ $vstart = new DateTime($_SERVER[$redirect.'SSL_CLIENT_V_START']); |
|
69 |
+ $_SESSION['clientcert_valid_from'] = date_format($vstart, 'Y-m-d'); |
|
70 |
+ $vend = new DateTime($_SERVER[$redirect.'SSL_CLIENT_V_END']); |
|
71 |
+ $_SESSION['clientcert_valid_until'] = date_format($vend, 'Y-m-d'); |
|
66 | 72 |
header('Location: '.$prefix.$_REQUEST['backto'].encode_querystring('')); |
67 | 73 |
die(); |
68 | 74 |
} |
... | ... |
@@ -52,7 +52,8 @@ if (isset($_SESSION['clientcert_cert'])) |
52 | 52 |
output('<p>Es wurde folgendes Client-Zertifikat von Ihrem Browser gesendet:</p> |
53 | 53 |
<div style="margin-left: 2em;"><strong>DN:</strong> '.filter_input_general($_SESSION['clientcert_dn']).'<br /> |
54 | 54 |
<strong>Aussteller-DN:</strong> '.filter_input_general($_SESSION['clientcert_issuer']).'<br /> |
55 |
-<strong>Seriennummer:</strong> '.filter_input_general($_SESSION['clientcert_serial']).'</div> |
|
55 |
+<strong>Seriennummer:</strong> '.filter_input_general($_SESSION['clientcert_serial']).'<br /> |
|
56 |
+<strong>Gültigkeit:</strong> '.filter_input_general($_SESSION['clientcert_valid_from']).' bis '.filter_input_general($_SESSION['clientcert_valid_until']).'</div> |
|
56 | 57 |
<p>Soll dieses Zertifikat für den Zugang für <strong>'.$username.'</strong> verwendet werden?</p>'); |
57 | 58 |
output(html_form('clientcert_add', 'certsave.php', 'action=new', '<p><input type="submit" name="submit" value="Ja, dieses Zertifikat einrichten" />   '.internal_link('cert', 'Nein', 'clear').'</p>')); |
58 | 59 |
output('</div>'); |
... | ... |
@@ -65,7 +66,7 @@ if ($certs != NULL) { |
65 | 66 |
output('<p>Sie haben bereits Zertifikate für den Zugang eingerichtet.</p> |
66 | 67 |
<ul>'); |
67 | 68 |
foreach ($certs AS $cert) { |
68 |
- output('<li>'.$cert['dn'].' / Seriennummer '.$cert['serial'].'<br /><em>ausgestellt von </em>'.$cert['issuer']); |
|
69 |
+ output('<li>'.$cert['dn'].' / Seriennummer '.$cert['serial'].' / '.'Gültig von '.$cert['valid_from'].' bis '.$cert['valid_until'].'<br /><em>ausgestellt von </em>'.$cert['issuer']); |
|
69 | 70 |
output('<br />'.internal_link('certsave', 'Dieses Zertifikat löschen', 'action=delete&id='.$cert['id'])); |
70 | 71 |
output('</li>'); |
71 | 72 |
} |
... | ... |
@@ -26,13 +26,16 @@ if ($_GET['action'] == 'new') |
26 | 26 |
if (! isset($_SESSION['clientcert_cert'])) |
27 | 27 |
system_failure('Kein Zertifikat'); |
28 | 28 |
|
29 |
- add_clientcert($_SESSION['clientcert_cert'], $_SESSION['clientcert_dn'], $_SESSION['clientcert_issuer'], $_SESSION['clientcert_serial']); |
|
29 |
+ add_clientcert($_SESSION['clientcert_cert'], $_SESSION['clientcert_dn'], $_SESSION['clientcert_issuer'], |
|
30 |
+ $_SESSION['clientcert_serial'], $_SESSION['clientcert_valid_from'], $_SESSION['clientcert_valid_until']); |
|
30 | 31 |
|
31 | 32 |
// Räume session auf |
32 | 33 |
unset($_SESSION['clientcert_cert']); |
33 | 34 |
unset($_SESSION['clientcert_dn']); |
34 | 35 |
unset($_SESSION['clientcert_issuer']); |
35 | 36 |
unset($_SESSION['clientcert_serial']); |
37 |
+ unset($_SESSION['clientcert_valid_from']); |
|
38 |
+ unset($_SESSION['clientcert_valid_until']); |
|
36 | 39 |
header('Location: cert'); |
37 | 40 |
} |
38 | 41 |
elseif ($_GET['action'] == 'delete') |
... | ... |
@@ -54,7 +57,7 @@ elseif ($_GET['action'] == 'delete') |
54 | 57 |
$sure = user_is_sure(); |
55 | 58 |
if ($sure === NULL) |
56 | 59 |
{ |
57 |
- are_you_sure("action=delete&id={$cert['id']}", "Möchten Sie das Zertifikat »{$cert['dn']}« (Seriennummer {$cert['serial']}) wirklich löschen?"); |
|
60 |
+ are_you_sure("action=delete&id={$cert['id']}", "Möchten Sie das Zertifikat »{$cert['dn']}« (Seriennummer {$cert['serial']}, Gültig von {$cert['valid_from']} bis {$cert['valid_until']}) wirklich löschen?"); |
|
58 | 61 |
} |
59 | 62 |
elseif ($sure === true) |
60 | 63 |
{ |
... | ... |
@@ -41,7 +41,7 @@ function get_cert_by_id($id) |
41 | 41 |
$id = (int) $id; |
42 | 42 |
if ($id == 0) |
43 | 43 |
system_failure('no ID'); |
44 |
- $result = db_query("SELECT id,dn,issuer,serial,cert,username,startpage FROM system.clientcert WHERE `id`=?", array($id)); |
|
44 |
+ $result = db_query("SELECT id,dn,issuer,serial,valid_from,valid_until,cert,username,startpage FROM system.clientcert WHERE `id`=?", array($id)); |
|
45 | 45 |
if ($result->rowCount() < 1) |
46 | 46 |
return NULL; |
47 | 47 |
$ret = $result->fetch(); |
... | ... |
@@ -54,7 +54,7 @@ function get_certs_by_username($username) |
54 | 54 |
{ |
55 | 55 |
if ($username == '') |
56 | 56 |
system_failure('empty username'); |
57 |
- $result = db_query("SELECT id,dn,issuer,serial,cert,startpage FROM system.clientcert WHERE `username`=?", array($username)); |
|
57 |
+ $result = db_query("SELECT id,dn,issuer,serial,valid_from,valid_until,cert,startpage FROM system.clientcert WHERE `username`=?", array($username)); |
|
58 | 58 |
if ($result->rowCount() < 1) |
59 | 59 |
return NULL; |
60 | 60 |
while ($row = $result->fetch()) { |
... | ... |
@@ -64,7 +64,7 @@ function get_certs_by_username($username) |
64 | 64 |
} |
65 | 65 |
|
66 | 66 |
|
67 |
-function add_clientcert($certdata, $dn, $issuer, $serial, $startpage=NULL) |
|
67 |
+function add_clientcert($certdata, $dn, $issuer, $serial, $vstart, $vend, $startpage=NULL) |
|
68 | 68 |
{ |
69 | 69 |
$type = NULL; |
70 | 70 |
$username = NULL; |
... | ... |
@@ -91,14 +91,16 @@ function add_clientcert($certdata, $dn, $issuer, $serial, $startpage=NULL) |
91 | 91 |
$args = array(":dn" => $dn, |
92 | 92 |
":issuer" => $issuer, |
93 | 93 |
":serial" => $serial, |
94 |
+ ":vstart" => $vstart, |
|
95 |
+ ":vend" => $vend, |
|
94 | 96 |
":certdata" => $certdata, |
95 | 97 |
":type" => $type, |
96 | 98 |
":username" => $username, |
97 | 99 |
":startpage" => $startpage); |
98 | 100 |
DEBUG($args); |
99 | 101 |
|
100 |
- db_query("INSERT INTO system.clientcert (`dn`, `issuer`, `serial`, `cert`, `type`, `username`, `startpage`) |
|
101 |
-VALUES (:dn, :issuer, :serial, :certdata, :type, :username, :startpage)", $args); |
|
102 |
+ db_query("INSERT INTO system.clientcert (`dn`, `issuer`, `serial`, `valid_from`, `valid_until`, `cert`, `type`, `username`, `startpage`) |
|
103 |
+VALUES (:dn, :issuer, :serial, :vstart, :vend, :certdata, :type, :username, :startpage)", $args); |
|
102 | 104 |
|
103 | 105 |
} |
104 | 106 |
|
105 | 107 |