Speichere und zeige Start- und Enddatum von Client-Zertifikaten (7ffb214)

Speichere und zeige Start- und Enddatum von Client-Zertifikaten

Bernd Wurst commited on 2016-04-07 06:07:38
Zeige 4 geänderte Dateien mit 22 Einfügungen und 10 Löschungen.

certlogin/index.php 54f73cb..c65de3e
modules/index/cert.php b9e9c01..f820239
modules/index/certsave.php 9304c28..9260551
modules/index/include/x509.php 740da28..c465865

certlogin/index.php

@@ -57,12 +57,18 @@ if ($_SESSION['role'] != ROLE_ANONYMOUS && isset($_REQUEST['record']) && isset($
 {
   DEBUG('recording client-cert');
   if (isset($_SERVER[$redirect.'SSL_CLIENT_CERT']) && isset($_SERVER[$redirect.'SSL_CLIENT_S_DN']) && 
-      isset($_SERVER[$redirect.'SSL_CLIENT_I_DN']) && isset($_SERVER[$redirect.'SSL_CLIENT_M_SERIAL']))
+      isset($_SERVER[$redirect.'SSL_CLIENT_I_DN']) && isset($_SERVER[$redirect.'SSL_CLIENT_M_SERIAL']) &&
+      isset($_SERVER[$redirect.'SSL_CLIENT_V_START']) && isset($_SERVER[$redirect.'SSL_CLIENT_V_END'])
+      )
   {
     $_SESSION['clientcert_cert'] = $_SERVER[$redirect.'SSL_CLIENT_CERT'];
     $_SESSION['clientcert_dn'] = $_SERVER[$redirect.'SSL_CLIENT_S_DN'];
     $_SESSION['clientcert_issuer'] = $_SERVER[$redirect.'SSL_CLIENT_I_DN'];
     $_SESSION['clientcert_serial'] = $_SERVER[$redirect.'SSL_CLIENT_M_SERIAL'];
+    $vstart = new DateTime($_SERVER[$redirect.'SSL_CLIENT_V_START']);
+    $_SESSION['clientcert_valid_from'] = date_format($vstart, 'Y-m-d');
+    $vend = new DateTime($_SERVER[$redirect.'SSL_CLIENT_V_END']);
+    $_SESSION['clientcert_valid_until'] = date_format($vend, 'Y-m-d');
     header('Location: '.$prefix.$_REQUEST['backto'].encode_querystring(''));
     die();
   }

modules/index/cert.php

Zeige Datei @ 7ffb214

@@ -52,7 +52,8 @@ if (isset($_SESSION['clientcert_cert']))
   output('<p>Es wurde folgendes Client-Zertifikat von Ihrem Browser gesendet:</p>
 <div style="margin-left: 2em;"><strong>DN:</strong> '.filter_input_general($_SESSION['clientcert_dn']).'<br />
 <strong>Aussteller-DN:</strong> '.filter_input_general($_SESSION['clientcert_issuer']).'<br />
-<strong>Seriennummer:</strong> '.filter_input_general($_SESSION['clientcert_serial']).'</div>
+<strong>Seriennummer:</strong> '.filter_input_general($_SESSION['clientcert_serial']).'<br />
+<strong>Gültigkeit:</strong> '.filter_input_general($_SESSION['clientcert_valid_from']).' bis '.filter_input_general($_SESSION['clientcert_valid_until']).'</div>
 <p>Soll dieses Zertifikat für den Zugang für <strong>'.$username.'</strong> verwendet werden?</p>');
   output(html_form('clientcert_add', 'certsave.php', 'action=new', '<p><input type="submit" name="submit" value="Ja, dieses Zertifikat einrichten" /> &#160; '.internal_link('cert', 'Nein', 'clear').'</p>'));
   output('</div>');
@@ -65,7 +66,7 @@ if ($certs != NULL) {
   output('<p>Sie haben bereits Zertifikate für den Zugang eingerichtet.</p>
   <ul>');
   foreach ($certs AS $cert) {
-   	output('<li>'.$cert['dn'].' / Seriennummer '.$cert['serial'].'<br /><em>ausgestellt von </em>'.$cert['issuer']);
+   	output('<li>'.$cert['dn'].' / Seriennummer '.$cert['serial'].' / '.'Gültig von '.$cert['valid_from'].' bis '.$cert['valid_until'].'<br /><em>ausgestellt von </em>'.$cert['issuer']);
     output('<br />'.internal_link('certsave', 'Dieses Zertifikat löschen', 'action=delete&id='.$cert['id']));
     output('</li>');
   }

modules/index/certsave.php

Zeige Datei @ 7ffb214

@@ -26,13 +26,16 @@ if ($_GET['action'] == 'new')
   if (! isset($_SESSION['clientcert_cert']))
     system_failure('Kein Zertifikat');
   
-  add_clientcert($_SESSION['clientcert_cert'], $_SESSION['clientcert_dn'], $_SESSION['clientcert_issuer'], $_SESSION['clientcert_serial']);
+  add_clientcert($_SESSION['clientcert_cert'], $_SESSION['clientcert_dn'], $_SESSION['clientcert_issuer'], 
+                 $_SESSION['clientcert_serial'], $_SESSION['clientcert_valid_from'], $_SESSION['clientcert_valid_until']);
 
   // Räume session auf
   unset($_SESSION['clientcert_cert']);
   unset($_SESSION['clientcert_dn']);
   unset($_SESSION['clientcert_issuer']);
   unset($_SESSION['clientcert_serial']);
+  unset($_SESSION['clientcert_valid_from']);
+  unset($_SESSION['clientcert_valid_until']);
   header('Location: cert');
 }
 elseif ($_GET['action'] == 'delete')
@@ -54,7 +57,7 @@ elseif ($_GET['action'] == 'delete')
   $sure = user_is_sure();
   if ($sure === NULL)
   {
-    are_you_sure("action=delete&id={$cert['id']}", "Möchten Sie das Zertifikat »{$cert['dn']}« (Seriennummer {$cert['serial']}) wirklich löschen?");
+    are_you_sure("action=delete&id={$cert['id']}", "Möchten Sie das Zertifikat »{$cert['dn']}« (Seriennummer {$cert['serial']}, Gültig von {$cert['valid_from']} bis {$cert['valid_until']}) wirklich löschen?");
   }
   elseif ($sure === true)
   {

modules/index/include/x509.php

Zeige Datei @ 7ffb214

@@ -41,7 +41,7 @@ function get_cert_by_id($id)
   $id = (int) $id;
 	if ($id == 0)
 	  system_failure('no ID');
-	$result = db_query("SELECT id,dn,issuer,serial,cert,username,startpage FROM system.clientcert WHERE `id`=?", array($id));
+	$result = db_query("SELECT id,dn,issuer,serial,valid_from,valid_until,cert,username,startpage FROM system.clientcert WHERE `id`=?", array($id));
 	if ($result->rowCount() < 1)
 		return NULL;
 	$ret = $result->fetch();
@@ -54,7 +54,7 @@ function get_certs_by_username($username)
 {
 	if ($username == '')
 	  system_failure('empty username');
-	$result = db_query("SELECT id,dn,issuer,serial,cert,startpage FROM system.clientcert WHERE `username`=?", array($username));
+	$result = db_query("SELECT id,dn,issuer,serial,valid_from,valid_until,cert,startpage FROM system.clientcert WHERE `username`=?", array($username));
 	if ($result->rowCount() < 1)
 		return NULL;
 	while ($row = $result->fetch()) {
@@ -64,7 +64,7 @@ function get_certs_by_username($username)
 }
 
 
-function add_clientcert($certdata, $dn, $issuer, $serial, $startpage=NULL)
+function add_clientcert($certdata, $dn, $issuer, $serial, $vstart, $vend, $startpage=NULL)
 {
   $type = NULL;
   $username = NULL;
@@ -91,14 +91,16 @@ function add_clientcert($certdata, $dn, $issuer, $serial, $startpage=NULL)
   $args = array(":dn" => $dn,
                 ":issuer" => $issuer,
                 ":serial" => $serial,
+                ":vstart" => $vstart,
+                ":vend" => $vend,
                 ":certdata" => $certdata,
                 ":type" => $type,
                 ":username" => $username,
                 ":startpage" => $startpage);
   DEBUG($args);
 
-  db_query("INSERT INTO system.clientcert (`dn`, `issuer`, `serial`, `cert`, `type`, `username`, `startpage`) 
-VALUES (:dn, :issuer, :serial, :certdata, :type, :username, :startpage)", $args);
+  db_query("INSERT INTO system.clientcert (`dn`, `issuer`, `serial`, `valid_from`, `valid_until`, `cert`, `type`, `username`, `startpage`) 
+VALUES (:dn, :issuer, :serial, :vstart, :vend, :certdata, :type, :username, :startpage)", $args);
 
 }
 


...	...	@@ -57,12 +57,18 @@ if ($_SESSION['role'] != ROLE_ANONYMOUS && isset($_REQUEST['record']) && isset($
57	57	{
58	58	DEBUG('recording client-cert');
59	59	if (isset($_SERVER[$redirect.'SSL_CLIENT_CERT']) && isset($_SERVER[$redirect.'SSL_CLIENT_S_DN']) &&
60		- isset($_SERVER[$redirect.'SSL_CLIENT_I_DN']) && isset($_SERVER[$redirect.'SSL_CLIENT_M_SERIAL']))
	60	+ isset($_SERVER[$redirect.'SSL_CLIENT_I_DN']) && isset($_SERVER[$redirect.'SSL_CLIENT_M_SERIAL']) &&
	61	+ isset($_SERVER[$redirect.'SSL_CLIENT_V_START']) && isset($_SERVER[$redirect.'SSL_CLIENT_V_END'])
	62	+ )
61	63	{
62	64	$_SESSION['clientcert_cert'] = $_SERVER[$redirect.'SSL_CLIENT_CERT'];
63	65	$_SESSION['clientcert_dn'] = $_SERVER[$redirect.'SSL_CLIENT_S_DN'];
64	66	$_SESSION['clientcert_issuer'] = $_SERVER[$redirect.'SSL_CLIENT_I_DN'];
65	67	$_SESSION['clientcert_serial'] = $_SERVER[$redirect.'SSL_CLIENT_M_SERIAL'];
	68	+ $vstart = new DateTime($_SERVER[$redirect.'SSL_CLIENT_V_START']);
	69	+ $_SESSION['clientcert_valid_from'] = date_format($vstart, 'Y-m-d');
	70	+ $vend = new DateTime($_SERVER[$redirect.'SSL_CLIENT_V_END']);
	71	+ $_SESSION['clientcert_valid_until'] = date_format($vend, 'Y-m-d');
66	72	header('Location: '.$prefix.$_REQUEST['backto'].encode_querystring(''));
67	73	die();
68	74	}

...	...	@@ -52,7 +52,8 @@ if (isset($_SESSION['clientcert_cert']))
52	52	output('<p>Es wurde folgendes Client-Zertifikat von Ihrem Browser gesendet:</p>
53	53	<div style="margin-left: 2em;"><strong>DN:</strong> '.filter_input_general($_SESSION['clientcert_dn']).'<br />
54	54	<strong>Aussteller-DN:</strong> '.filter_input_general($_SESSION['clientcert_issuer']).'<br />
55		-<strong>Seriennummer:</strong> '.filter_input_general($_SESSION['clientcert_serial']).'</div>
	55	+<strong>Seriennummer:</strong> '.filter_input_general($_SESSION['clientcert_serial']).'<br />
	56	+<strong>Gültigkeit:</strong> '.filter_input_general($_SESSION['clientcert_valid_from']).' bis '.filter_input_general($_SESSION['clientcert_valid_until']).'</div>
56	57	<p>Soll dieses Zertifikat für den Zugang für <strong>'.$username.'</strong> verwendet werden?</p>');
57	58	output(html_form('clientcert_add', 'certsave.php', 'action=new', '<p><input type="submit" name="submit" value="Ja, dieses Zertifikat einrichten" />   '.internal_link('cert', 'Nein', 'clear').'</p>'));
58	59	output('</div>');
...	...	@@ -65,7 +66,7 @@ if ($certs != NULL) {
65	66	output('<p>Sie haben bereits Zertifikate für den Zugang eingerichtet.</p>
66	67	<ul>');
67	68	foreach ($certs AS $cert) {
68		- output('<li>'.$cert['dn'].' / Seriennummer '.$cert['serial'].'<br /><em>ausgestellt von </em>'.$cert['issuer']);
	69	+ output('<li>'.$cert['dn'].' / Seriennummer '.$cert['serial'].' / '.'Gültig von '.$cert['valid_from'].' bis '.$cert['valid_until'].'<br /><em>ausgestellt von </em>'.$cert['issuer']);
69	70	output('<br />'.internal_link('certsave', 'Dieses Zertifikat löschen', 'action=delete&id='.$cert['id']));
70	71	output('</li>');
71	72	}

...	...	@@ -26,13 +26,16 @@ if ($_GET['action'] == 'new')
26	26	if (! isset($_SESSION['clientcert_cert']))
27	27	system_failure('Kein Zertifikat');
28	28
29		- add_clientcert($_SESSION['clientcert_cert'], $_SESSION['clientcert_dn'], $_SESSION['clientcert_issuer'], $_SESSION['clientcert_serial']);
	29	+ add_clientcert($_SESSION['clientcert_cert'], $_SESSION['clientcert_dn'], $_SESSION['clientcert_issuer'],
	30	+ $_SESSION['clientcert_serial'], $_SESSION['clientcert_valid_from'], $_SESSION['clientcert_valid_until']);
30	31
31	32	// Räume session auf
32	33	unset($_SESSION['clientcert_cert']);
33	34	unset($_SESSION['clientcert_dn']);
34	35	unset($_SESSION['clientcert_issuer']);
35	36	unset($_SESSION['clientcert_serial']);
	37	+ unset($_SESSION['clientcert_valid_from']);
	38	+ unset($_SESSION['clientcert_valid_until']);
36	39	header('Location: cert');
37	40	}
38	41	elseif ($_GET['action'] == 'delete')
...	...	@@ -54,7 +57,7 @@ elseif ($_GET['action'] == 'delete')
54	57	$sure = user_is_sure();
55	58	if ($sure === NULL)
56	59	{
57		- are_you_sure("action=delete&id={$cert['id']}", "Möchten Sie das Zertifikat »{$cert['dn']}« (Seriennummer {$cert['serial']}) wirklich löschen?");
	60	+ are_you_sure("action=delete&id={$cert['id']}", "Möchten Sie das Zertifikat »{$cert['dn']}« (Seriennummer {$cert['serial']}, Gültig von {$cert['valid_from']} bis {$cert['valid_until']}) wirklich löschen?");
58	61	}
59	62	elseif ($sure === true)
60	63	{

...	...	@@ -41,7 +41,7 @@ function get_cert_by_id($id)
41	41	$id = (int) $id;
42	42	if ($id == 0)
43	43	system_failure('no ID');
44		- $result = db_query("SELECT id,dn,issuer,serial,cert,username,startpage FROM system.clientcert WHERE `id`=?", array($id));
	44	+ $result = db_query("SELECT id,dn,issuer,serial,valid_from,valid_until,cert,username,startpage FROM system.clientcert WHERE `id`=?", array($id));
45	45	if ($result->rowCount() < 1)
46	46	return NULL;
47	47	$ret = $result->fetch();
...	...	@@ -54,7 +54,7 @@ function get_certs_by_username($username)
54	54	{
55	55	if ($username == '')
56	56	system_failure('empty username');
57		- $result = db_query("SELECT id,dn,issuer,serial,cert,startpage FROM system.clientcert WHERE `username`=?", array($username));
	57	+ $result = db_query("SELECT id,dn,issuer,serial,valid_from,valid_until,cert,startpage FROM system.clientcert WHERE `username`=?", array($username));
58	58	if ($result->rowCount() < 1)
59	59	return NULL;
60	60	while ($row = $result->fetch()) {
...	...	@@ -64,7 +64,7 @@ function get_certs_by_username($username)
64	64	}
65	65
66	66
67		-function add_clientcert($certdata, $dn, $issuer, $serial, $startpage=NULL)
	67	+function add_clientcert($certdata, $dn, $issuer, $serial, $vstart, $vend, $startpage=NULL)
68	68	{
69	69	$type = NULL;
70	70	$username = NULL;
...	...	@@ -91,14 +91,16 @@ function add_clientcert($certdata, $dn, $issuer, $serial, $startpage=NULL)
91	91	$args = array(":dn" => $dn,
92	92	":issuer" => $issuer,
93	93	":serial" => $serial,
	94	+ ":vstart" => $vstart,
	95	+ ":vend" => $vend,
94	96	":certdata" => $certdata,
95	97	":type" => $type,
96	98	":username" => $username,
97	99	":startpage" => $startpage);
98	100	DEBUG($args);
99	101
100		- db_query("INSERT INTO system.clientcert (`dn`, `issuer`, `serial`, `cert`, `type`, `username`, `startpage`)
101		-VALUES (:dn, :issuer, :serial, :certdata, :type, :username, :startpage)", $args);
	102	+ db_query("INSERT INTO system.clientcert (`dn`, `issuer`, `serial`, `valid_from`, `valid_until`, `cert`, `type`, `username`, `startpage`)
	103	+VALUES (:dn, :issuer, :serial, :vstart, :vend, :certdata, :type, :username, :startpage)", $args);
102	104
103	105	}
104	106
105	107

webinterface.git