Browse code

Change license from CC0 to 0BSD, all contributors agreed

Hanno Böck authored on 20/08/2022 09:22:23
Showing 1 changed files
... ...
@@ -2,14 +2,11 @@
2 2
 /*
3 3
 This file belongs to the Webinterface of schokokeks.org Hosting
4 4
 
5
-Written 2008-2018 by schokokeks.org Hosting, namely
5
+Written by schokokeks.org Hosting, namely
6 6
   Bernd Wurst <bernd@schokokeks.org>
7 7
   Hanno Böck <hanno@schokokeks.org>
8 8
 
9
-To the extent possible under law, the author(s) have dedicated all copyright and related and neighboring rights to this software to the public domain worldwide. This software is distributed without any warranty.
10
-
11
-You should have received a copy of the CC0 Public Domain Dedication along with this software. If not, see
12
-http://creativecommons.org/publicdomain/zero/1.0/
9
+This code is published under a 0BSD license.
13 10
 
14 11
 Nevertheless, in case you use a significant part of this code, we ask (but not require, see the license) that you keep the authors' names in place and return your changes to the public. We would be especially happy if you tell us what you're going to do with this code.
15 12
 */
Browse code

handle empty SAN properly

Hanno Böck authored on 03/07/2022 09:47:02
Showing 1 changed files
... ...
@@ -210,30 +210,27 @@ function validate_certificate($cert, $key)
210 210
 function parse_cert_details($cert)
211 211
 {
212 212
     $certdata = openssl_x509_parse($cert, true);
213
-    /*
214
-name => /CN=*.bwurst.org
215
-validFrom_time_t => 1204118790
216
-validTo_time_t => 1267190790
217
-
218
-
219
-    */
220 213
     DEBUG($certdata);
221
-    DEBUG("SAN: ".$certdata['extensions']['subjectAltName']);
222
-    //return array('subject' => $certdata['name'], 'cn' => $certdata['subject']['CN'], 'valid_from' => date('Y-m-d', $certdata['validFrom_time_t']), 'valid_until' => date('Y-m-d', $certdata['validTo_time_t']));
214
+
223 215
     $issuer = $certdata['issuer']['CN'];
224 216
     if (isset($certdata['issuer']['O'])) {
225 217
         $issuer = $certdata['issuer']['O'];
226 218
     }
227
-    $san = [];
228
-    $raw_san = explode(', ', $certdata['extensions']['subjectAltName']);
229
-    foreach ($raw_san as $name) {
230
-        if (! substr($name, 0, 4) == 'DNS:') {
231
-            warning('Unparsable SAN: '.$name);
232
-            continue;
219
+    if (isset($certdata['extensions']['subjectAltName'])) {
220
+        DEBUG("SAN: ".$certdata['extensions']['subjectAltName']);
221
+        $san = [];
222
+        $raw_san = explode(', ', $certdata['extensions']['subjectAltName']);
223
+        foreach ($raw_san as $name) {
224
+            if (! substr($name, 0, 4) == 'DNS:') {
225
+                warning('Unparsable SAN: '.$name);
226
+                continue;
227
+            }
228
+            $san[] = str_replace('DNS:', '', $name);
233 229
         }
234
-        $san[] = str_replace('DNS:', '', $name);
230
+        $san = implode("\n", $san);
231
+    } else {
232
+        $san = "\n";
235 233
     }
236
-    $san = implode("\n", $san);
237 234
     DEBUG("SAN: <pre>".$san."</pre>");
238 235
     return ['subject' => $certdata['subject']['CN'].' / '.$issuer, 'cn' => $certdata['subject']['CN'], 'valid_from' => date('Y-m-d', $certdata['validFrom_time_t']), 'valid_until' => date('Y-m-d', $certdata['validTo_time_t']), 'issuer' => $certdata['issuer']['CN'], 'san' => $san];
239 236
 }
Browse code

Codingstyle PSR12 + array syntax

Hanno Böck authored on 30/10/2021 21:18:17
Showing 1 changed files
... ...
@@ -24,8 +24,8 @@ define("CERT_NOCHAIN", 2);
24 24
 function user_certs()
25 25
 {
26 26
     $uid = (int) $_SESSION['userinfo']['uid'];
27
-    $result = db_query("SELECT id, valid_from, valid_until, subject, cn FROM vhosts.certs WHERE uid=? ORDER BY cn", array($uid));
28
-    $ret = array();
27
+    $result = db_query("SELECT id, valid_from, valid_until, subject, cn FROM vhosts.certs WHERE uid=? ORDER BY cn", [$uid]);
28
+    $ret = [];
29 29
     while ($i = $result->fetch()) {
30 30
         $ret[] = $i;
31 31
     }
... ...
@@ -36,8 +36,8 @@ function user_certs()
36 36
 function user_csr()
37 37
 {
38 38
     $uid = (int) $_SESSION['userinfo']['uid'];
39
-    $result = db_query("SELECT id, created, hostname, bits FROM vhosts.csr WHERE uid=? ORDER BY hostname", array($uid));
40
-    $ret = array();
39
+    $result = db_query("SELECT id, created, hostname, bits FROM vhosts.csr WHERE uid=? ORDER BY hostname", [$uid]);
40
+    $ret = [];
41 41
     while ($i = $result->fetch()) {
42 42
         $ret[] = $i;
43 43
     }
... ...
@@ -63,7 +63,7 @@ function cert_details($id)
63 63
     $id = (int) $id;
64 64
     $uid = (int) $_SESSION['userinfo']['uid'];
65 65
 
66
-    $result = db_query("SELECT id, lastchange, valid_from, valid_until, subject, cn, chain, cert, `key` FROM vhosts.certs WHERE uid=:uid AND id=:id", array(":uid" => $uid, ":id" => $id));
66
+    $result = db_query("SELECT id, lastchange, valid_from, valid_until, subject, cn, chain, cert, `key` FROM vhosts.certs WHERE uid=:uid AND id=:id", [":uid" => $uid, ":id" => $id]);
67 67
     if ($result->rowCount() != 1) {
68 68
         system_failure("Ungültiges Zertifikat #{$id}");
69 69
     }
... ...
@@ -86,7 +86,7 @@ function csr_details($id)
86 86
     $id = (int) $id;
87 87
     $uid = (int) $_SESSION['userinfo']['uid'];
88 88
 
89
-    $result = db_query("SELECT id, created, hostname, bits, `replace`, csr, `key` FROM vhosts.csr WHERE uid=:uid AND id=:id", array(":uid" => $uid, ":id" => $id));
89
+    $result = db_query("SELECT id, created, hostname, bits, `replace`, csr, `key` FROM vhosts.csr WHERE uid=:uid AND id=:id", [":uid" => $uid, ":id" => $id]);
90 90
     if ($result->rowCount() != 1) {
91 91
         system_failure("Ungültiger CSR");
92 92
     }
... ...
@@ -115,7 +115,7 @@ function get_chain($cert)
115 115
     if (! isset($certdata['issuer']['CN'])) {
116 116
         return null;
117 117
     }
118
-    $result = db_query("SELECT id FROM vhosts.certchain WHERE cn=?", array($certdata['issuer']['CN']));
118
+    $result = db_query("SELECT id FROM vhosts.certchain WHERE cn=?", [$certdata['issuer']['CN']]);
119 119
     if ($result->rowCount() > 0) {
120 120
         $c = $result->fetch();
121 121
         //$chainfile = '/etc/apache2/certs/chains/'.$c['id'].'.pem';
... ...
@@ -162,7 +162,7 @@ function validate_certificate($cert, $key)
162 162
     if ($x509info === false) {
163 163
         system_failure("Zertifikat konnte nicht verarbeitet werden");
164 164
     }
165
-    if (!in_array($x509info['signatureTypeSN'], array("RSA-SHA256", "RSA-SHA385", "RSA-SHA512"))) {
165
+    if (!in_array($x509info['signatureTypeSN'], ["RSA-SHA256", "RSA-SHA385", "RSA-SHA512"])) {
166 166
         system_failure("Nicht unterstützer Signatur-Hashalgorithmus!");
167 167
     }
168 168
 
... ...
@@ -181,10 +181,10 @@ function validate_certificate($cert, $key)
181 181
         system_failure("Testsignatur ungültig, Key vermutlich fehlerhaft!");
182 182
     }
183 183
 
184
-    $cacerts = array('/etc/ssl/certs');
184
+    $cacerts = ['/etc/ssl/certs'];
185 185
     $chain = (int) get_chain($cert);
186 186
     if ($chain) {
187
-        $result = db_query("SELECT content FROM vhosts.certchain WHERE id=?", array($chain));
187
+        $result = db_query("SELECT content FROM vhosts.certchain WHERE id=?", [$chain]);
188 188
         $tmp = $result->fetch();
189 189
         $chaincert = $tmp['content'];
190 190
         $chainfile = tempnam(sys_get_temp_dir(), 'webinterface');
... ...
@@ -224,7 +224,7 @@ validTo_time_t => 1267190790
224 224
     if (isset($certdata['issuer']['O'])) {
225 225
         $issuer = $certdata['issuer']['O'];
226 226
     }
227
-    $san = array();
227
+    $san = [];
228 228
     $raw_san = explode(', ', $certdata['extensions']['subjectAltName']);
229 229
     foreach ($raw_san as $name) {
230 230
         if (! substr($name, 0, 4) == 'DNS:') {
... ...
@@ -235,7 +235,7 @@ validTo_time_t => 1267190790
235 235
     }
236 236
     $san = implode("\n", $san);
237 237
     DEBUG("SAN: <pre>".$san."</pre>");
238
-    return array('subject' => $certdata['subject']['CN'].' / '.$issuer, 'cn' => $certdata['subject']['CN'], 'valid_from' => date('Y-m-d', $certdata['validFrom_time_t']), 'valid_until' => date('Y-m-d', $certdata['validTo_time_t']), 'issuer' => $certdata['issuer']['CN'], 'san' => $san);
238
+    return ['subject' => $certdata['subject']['CN'].' / '.$issuer, 'cn' => $certdata['subject']['CN'], 'valid_from' => date('Y-m-d', $certdata['validFrom_time_t']), 'valid_until' => date('Y-m-d', $certdata['validTo_time_t']), 'issuer' => $certdata['issuer']['CN'], 'san' => $san];
239 239
 }
240 240
 
241 241
 
... ...
@@ -247,8 +247,8 @@ function save_cert($info, $cert, $key)
247 247
 
248 248
     db_query(
249 249
         "INSERT INTO vhosts.certs (uid, subject, cn, san, valid_from, valid_until, chain, cert, `key`) VALUES (:uid, :subject, :cn, :san, :valid_from, :valid_until, :chain, :cert, :key)",
250
-        array(":uid" => $uid, ":subject" => filter_input_oneline($info['subject']), ":cn" => filter_input_oneline($info['cn']), ":san" => $info['san'], ":valid_from" => $info['valid_from'],
251
-              ":valid_until" => $info['valid_until'], ":chain" => get_chain($cert), ":cert" => $cert, ":key" => $key)
250
+        [":uid" => $uid, ":subject" => filter_input_oneline($info['subject']), ":cn" => filter_input_oneline($info['cn']), ":san" => $info['san'], ":valid_from" => $info['valid_from'],
251
+              ":valid_until" => $info['valid_until'], ":chain" => get_chain($cert), ":cert" => $cert, ":key" => $key, ]
252 252
     );
253 253
 }
254 254
 
... ...
@@ -260,14 +260,14 @@ function refresh_cert($id, $info, $cert, $key = null)
260 260
 
261 261
     $id = (int) $id;
262 262
     $oldcert = cert_details($id);
263
-    $args = array(":subject" => filter_input_oneline($info['subject']),
263
+    $args = [":subject" => filter_input_oneline($info['subject']),
264 264
                 ":cn" => filter_input_oneline($info['cn']),
265 265
                 ":san" => $info['san'],
266 266
                 ":cert" => $cert,
267 267
                 ":valid_from" => $info['valid_from'],
268 268
                 ":valid_until" => $info['valid_until'],
269 269
                 ":chain" => get_chain($cert),
270
-                ":id" => $id);
270
+                ":id" => $id, ];
271 271
 
272 272
     $keyop = '';
273 273
     if ($key) {
... ...
@@ -284,7 +284,7 @@ function delete_cert($id)
284 284
     $uid = (int) $_SESSION['userinfo']['uid'];
285 285
     $id = (int) $id;
286 286
 
287
-    db_query("DELETE FROM vhosts.certs WHERE uid=? AND id=?", array($uid, $id));
287
+    db_query("DELETE FROM vhosts.certs WHERE uid=? AND id=?", [$uid, $id]);
288 288
 }
289 289
 
290 290
 function delete_csr($id)
... ...
@@ -292,13 +292,13 @@ function delete_csr($id)
292 292
     $uid = (int) $_SESSION['userinfo']['uid'];
293 293
     $id = (int) $id;
294 294
 
295
-    db_query("DELETE FROM vhosts.csr WHERE uid=? AND id=?", array($uid, $id));
295
+    db_query("DELETE FROM vhosts.csr WHERE uid=? AND id=?", [$uid, $id]);
296 296
 }
297 297
 
298 298
 
299 299
 function split_cn($cn)
300 300
 {
301
-    $domains = array();
301
+    $domains = [];
302 302
     if (strstr($cn, ',') or strstr($cn, "\n")) {
303 303
         $domains = preg_split("/[, \n]+/", $cn);
304 304
         DEBUG("Domains:");
... ...
@@ -315,7 +315,7 @@ function split_cn($cn)
315 315
 function create_csr($cn, $bits)
316 316
 {
317 317
     $domains = split_cn($cn);
318
-    $tmp = array();
318
+    $tmp = [];
319 319
     foreach ($domains as $dom) {
320 320
         $tmp[] = 'DNS:'.$dom;
321 321
     }
... ...
@@ -374,7 +374,7 @@ commonName_default = {$cn}
374 374
     unlink($keyfile);
375 375
     unlink($config);
376 376
 
377
-    return array($csr, $key);
377
+    return [$csr, $key];
378 378
 }
379 379
 
380 380
 
... ...
@@ -389,13 +389,13 @@ function save_csr($cn, $bits, $replace=null)
389 389
     $san = implode("\n", $domains);
390 390
     $csr = null;
391 391
     $key = null;
392
-    list($csr, $key) = create_csr(implode(',', $domains), $bits);
392
+    [$csr, $key] = create_csr(implode(',', $domains), $bits);
393 393
 
394 394
     $uid = (int) $_SESSION['userinfo']['uid'];
395 395
     db_query(
396 396
         "INSERT INTO vhosts.csr (uid, hostname, san, bits, `replace`, csr, `key`) VALUES (:uid, :cn, :san, :bits, :replace, :csr, :key)",
397
-        array(":uid" => $uid, ":cn" => $cn, ":san" => $san, ":bits" => $bits,
398
-                 ":replace" => $replace, ":csr" => $csr, ":key" => $key)
397
+        [":uid" => $uid, ":cn" => $cn, ":san" => $san, ":bits" => $bits,
398
+                 ":replace" => $replace, ":csr" => $csr, ":key" => $key, ]
399 399
     );
400 400
     $id = db_insert_id();
401 401
     return $id;
Browse code

deutlich striktere Checks bei hochgeladenen Zertifikaten, User können sonst mit unsinnigen oder veralteten Zertifikaten den Apache lahmlegen

Hanno Böck authored on 02/05/2021 17:35:45
Showing 1 changed files
... ...
@@ -138,20 +138,32 @@ function validate_certificate($cert, $key)
138 138
         system_failure("In dem eingetragenen Zertifikat wurde kein öffentlicher Schlüssel gefunden.");
139 139
     }
140 140
     // Parse Details über den pubkey
141
-    $certinfo = openssl_pkey_get_details($pubkey);
142
-    DEBUG($certinfo);
143
-    if ($certinfo === false) {
141
+    $pubkeyinfo = openssl_pkey_get_details($pubkey);
142
+    DEBUG($pubkeyinfo);
143
+    if ($pubkeyinfo === false) {
144 144
         system_failure("Der öffentliche Schlüssel des Zertifikats konnte nicht gelesen werden");
145 145
     }
146 146
 
147 147
     // Apache unterstützt nur Schlüssel vom Typ RSA oder DSA
148
-    if (! in_array($certinfo['type'], array(OPENSSL_KEYTYPE_RSA, OPENSSL_KEYTYPE_DSA))) {
148
+    if ($pubkeyinfo['type'] !== OPENSSL_KEYTYPE_RSA) {
149 149
         system_failure("Dieser Schlüssel nutzt einen nicht unterstützten Algorithmus.");
150 150
     }
151 151
 
152 152
     // Bei ECC-Keys treten kürzere Schlüssellängen auf, die können wir aktuell aber sowieso nicht unterstützen
153
-    if ($certinfo['bits'] < 2048) {
154
-        warning("Dieser Schlüssel hat eine sehr geringe Bitlänge und ist daher als nicht besonders sicher einzustufen!");
153
+    // Wir blockieren zu kurze und zu lange Schlüssel hart, da Apache sonst nicht startet
154
+    if ($pubkeyinfo['bits'] < 2048) {
155
+        system_failure("Schlüssellänge ist zu kurz");
156
+    }
157
+    if ($pubkeyinfo['bits'] > 4096) {
158
+        system_failure("Schlüssellänge ist zu lang");
159
+    }
160
+
161
+    $x509info = openssl_x509_parse($cert);
162
+    if ($x509info === false) {
163
+        system_failure("Zertifikat konnte nicht verarbeitet werden");
164
+    }
165
+    if (!in_array($x509info['signatureTypeSN'], array("RSA-SHA256", "RSA-SHA385", "RSA-SHA512"))) {
166
+        system_failure("Nicht unterstützer Signatur-Hashalgorithmus!");
155 167
     }
156 168
 
157 169
     // Prüfe ob Key und Zertifikat zusammen passen
... ...
@@ -160,6 +172,15 @@ function validate_certificate($cert, $key)
160 172
         return CERT_INVALID;
161 173
     }
162 174
 
175
+    // Check von openssl_x509_check_private_key() ist leider nicht ausreichend
176
+    $testdata = base64_encode(random_bytes(32));
177
+    if (openssl_sign($testdata, $signature, $seckey) !== true) {
178
+        system_failure("Kann keine Testsignatur erstellen, Key ungültig!");
179
+    }
180
+    if (openssl_verify($testdata, $signature, $pubkey) !== 1) {
181
+        system_failure("Testsignatur ungültig, Key vermutlich fehlerhaft!");
182
+    }
183
+
163 184
     $cacerts = array('/etc/ssl/certs');
164 185
     $chain = (int) get_chain($cert);
165 186
     if ($chain) {
Browse code

Fix codingstyle

Hanno authored on 27/10/2019 08:54:14
Showing 1 changed files
... ...
@@ -228,7 +228,7 @@ function save_cert($info, $cert, $key)
228 228
         "INSERT INTO vhosts.certs (uid, subject, cn, san, valid_from, valid_until, chain, cert, `key`) VALUES (:uid, :subject, :cn, :san, :valid_from, :valid_until, :chain, :cert, :key)",
229 229
         array(":uid" => $uid, ":subject" => filter_input_oneline($info['subject']), ":cn" => filter_input_oneline($info['cn']), ":san" => $info['san'], ":valid_from" => $info['valid_from'],
230 230
               ":valid_until" => $info['valid_until'], ":chain" => get_chain($cert), ":cert" => $cert, ":key" => $key)
231
-  );
231
+    );
232 232
 }
233 233
 
234 234
 
... ...
@@ -375,7 +375,7 @@ function save_csr($cn, $bits, $replace=null)
375 375
         "INSERT INTO vhosts.csr (uid, hostname, san, bits, `replace`, csr, `key`) VALUES (:uid, :cn, :san, :bits, :replace, :csr, :key)",
376 376
         array(":uid" => $uid, ":cn" => $cn, ":san" => $san, ":bits" => $bits,
377 377
                  ":replace" => $replace, ":csr" => $csr, ":key" => $key)
378
-  );
378
+    );
379 379
     $id = db_insert_id();
380 380
     return $id;
381 381
 }
Browse code

Umstellung von filter_input_general() auf filter_output_html()

Bernd Wurst authored on 21/09/2019 17:07:48
Showing 1 changed files
... ...
@@ -226,7 +226,7 @@ function save_cert($info, $cert, $key)
226 226
 
227 227
     db_query(
228 228
         "INSERT INTO vhosts.certs (uid, subject, cn, san, valid_from, valid_until, chain, cert, `key`) VALUES (:uid, :subject, :cn, :san, :valid_from, :valid_until, :chain, :cert, :key)",
229
-        array(":uid" => $uid, ":subject" => filter_input_general($info['subject']), ":cn" => filter_input_general($info['cn']), ":san" => $info['san'], ":valid_from" => $info['valid_from'],
229
+        array(":uid" => $uid, ":subject" => filter_input_oneline($info['subject']), ":cn" => filter_input_oneline($info['cn']), ":san" => $info['san'], ":valid_from" => $info['valid_from'],
230 230
               ":valid_until" => $info['valid_until'], ":chain" => get_chain($cert), ":cert" => $cert, ":key" => $key)
231 231
   );
232 232
 }
... ...
@@ -239,8 +239,8 @@ function refresh_cert($id, $info, $cert, $key = null)
239 239
 
240 240
     $id = (int) $id;
241 241
     $oldcert = cert_details($id);
242
-    $args = array(":subject" => filter_input_general($info['subject']),
243
-                ":cn" => filter_input_general($info['cn']),
242
+    $args = array(":subject" => filter_input_oneline($info['subject']),
243
+                ":cn" => filter_input_oneline($info['cn']),
244 244
                 ":san" => $info['san'],
245 245
                 ":cert" => $cert,
246 246
                 ":valid_from" => $info['valid_from'],
Browse code

Update codingstyle according to latest PHP CS Fixer 2.14.2

Hanno authored on 28/03/2019 18:56:56
Showing 1 changed files
... ...
@@ -225,7 +225,7 @@ function save_cert($info, $cert, $key)
225 225
     $uid = (int) $_SESSION['userinfo']['uid'];
226 226
 
227 227
     db_query(
228
-      "INSERT INTO vhosts.certs (uid, subject, cn, san, valid_from, valid_until, chain, cert, `key`) VALUES (:uid, :subject, :cn, :san, :valid_from, :valid_until, :chain, :cert, :key)",
228
+        "INSERT INTO vhosts.certs (uid, subject, cn, san, valid_from, valid_until, chain, cert, `key`) VALUES (:uid, :subject, :cn, :san, :valid_from, :valid_until, :chain, :cert, :key)",
229 229
         array(":uid" => $uid, ":subject" => filter_input_general($info['subject']), ":cn" => filter_input_general($info['cn']), ":san" => $info['san'], ":valid_from" => $info['valid_from'],
230 230
               ":valid_until" => $info['valid_until'], ":chain" => get_chain($cert), ":cert" => $cert, ":key" => $key)
231 231
   );
... ...
@@ -372,8 +372,8 @@ function save_csr($cn, $bits, $replace=null)
372 372
 
373 373
     $uid = (int) $_SESSION['userinfo']['uid'];
374 374
     db_query(
375
-      "INSERT INTO vhosts.csr (uid, hostname, san, bits, `replace`, csr, `key`) VALUES (:uid, :cn, :san, :bits, :replace, :csr, :key)",
376
-           array(":uid" => $uid, ":cn" => $cn, ":san" => $san, ":bits" => $bits,
375
+        "INSERT INTO vhosts.csr (uid, hostname, san, bits, `replace`, csr, `key`) VALUES (:uid, :cn, :san, :bits, :replace, :csr, :key)",
376
+        array(":uid" => $uid, ":cn" => $cn, ":san" => $san, ":bits" => $bits,
377 377
                  ":replace" => $replace, ":csr" => $csr, ":key" => $key)
378 378
   );
379 379
     $id = db_insert_id();
Browse code

Fix SAN for refreshed certs

Bernd Wurst authored on 16/01/2019 15:15:18
Showing 1 changed files
... ...
@@ -241,7 +241,7 @@ function refresh_cert($id, $info, $cert, $key = null)
241 241
     $oldcert = cert_details($id);
242 242
     $args = array(":subject" => filter_input_general($info['subject']),
243 243
                 ":cn" => filter_input_general($info['cn']),
244
-                ":san" => $san,
244
+                ":san" => $info['san'],
245 245
                 ":cert" => $cert,
246 246
                 ":valid_from" => $info['valid_from'],
247 247
                 ":valid_until" => $info['valid_until'],
Browse code

remove whitespace in empty lines

Hanno authored on 26/06/2018 23:36:40
Showing 1 changed files
... ...
@@ -62,7 +62,7 @@ function cert_details($id)
62 62
 {
63 63
     $id = (int) $id;
64 64
     $uid = (int) $_SESSION['userinfo']['uid'];
65
-  
65
+
66 66
     $result = db_query("SELECT id, lastchange, valid_from, valid_until, subject, cn, chain, cert, `key` FROM vhosts.certs WHERE uid=:uid AND id=:id", array(":uid" => $uid, ":id" => $id));
67 67
     if ($result->rowCount() != 1) {
68 68
         system_failure("Ungültiges Zertifikat #{$id}");
... ...
@@ -85,7 +85,7 @@ function csr_details($id)
85 85
 {
86 86
     $id = (int) $id;
87 87
     $uid = (int) $_SESSION['userinfo']['uid'];
88
-  
88
+
89 89
     $result = db_query("SELECT id, created, hostname, bits, `replace`, csr, `key` FROM vhosts.csr WHERE uid=:uid AND id=:id", array(":uid" => $uid, ":id" => $id));
90 90
     if ($result->rowCount() != 1) {
91 91
         system_failure("Ungültiger CSR");
... ...
@@ -148,7 +148,7 @@ function validate_certificate($cert, $key)
148 148
     if (! in_array($certinfo['type'], array(OPENSSL_KEYTYPE_RSA, OPENSSL_KEYTYPE_DSA))) {
149 149
         system_failure("Dieser Schlüssel nutzt einen nicht unterstützten Algorithmus.");
150 150
     }
151
-    
151
+
152 152
     // Bei ECC-Keys treten kürzere Schlüssellängen auf, die können wir aktuell aber sowieso nicht unterstützen
153 153
     if ($certinfo['bits'] < 2048) {
154 154
         warning("Dieser Schlüssel hat eine sehr geringe Bitlänge und ist daher als nicht besonders sicher einzustufen!");
... ...
@@ -262,7 +262,7 @@ function delete_cert($id)
262 262
 {
263 263
     $uid = (int) $_SESSION['userinfo']['uid'];
264 264
     $id = (int) $id;
265
-  
265
+
266 266
     db_query("DELETE FROM vhosts.certs WHERE uid=? AND id=?", array($uid, $id));
267 267
 }
268 268
 
... ...
@@ -270,7 +270,7 @@ function delete_csr($id)
270 270
 {
271 271
     $uid = (int) $_SESSION['userinfo']['uid'];
272 272
     $id = (int) $id;
273
-  
273
+
274 274
     db_query("DELETE FROM vhosts.csr WHERE uid=? AND id=?", array($uid, $id));
275 275
 }
276 276
 
... ...
@@ -345,7 +345,7 @@ commonName_default = {$cn}
345 345
     if ($retval != 0) {
346 346
         system_failure("Die Erzeugung des CSR ist fehlgeschlagen. Ausgabe des OpenSSL-Befehls: ".print_r($output, true));
347 347
     }
348
-  
348
+
349 349
     $csr = file_get_contents($csrfile);
350 350
     $key = file_get_contents($keyfile);
351 351
 
... ...
@@ -369,7 +369,7 @@ function save_csr($cn, $bits, $replace=null)
369 369
     $csr = null;
370 370
     $key = null;
371 371
     list($csr, $key) = create_csr(implode(',', $domains), $bits);
372
-  
372
+
373 373
     $uid = (int) $_SESSION['userinfo']['uid'];
374 374
     db_query(
375 375
       "INSERT INTO vhosts.csr (uid, hostname, san, bits, `replace`, csr, `key`) VALUES (:uid, :cn, :san, :bits, :replace, :csr, :key)",
Browse code

Fix coding style with php-cs-checker, see https://cs.sensiolabs.org/

Hanno authored on 26/06/2018 13:58:19
Showing 1 changed files
... ...
@@ -8,7 +8,7 @@ Written 2008-2018 by schokokeks.org Hosting, namely
8 8
 
9 9
 To the extent possible under law, the author(s) have dedicated all copyright and related and neighboring rights to this software to the public domain worldwide. This software is distributed without any warranty.
10 10
 
11
-You should have received a copy of the CC0 Public Domain Dedication along with this software. If not, see 
11
+You should have received a copy of the CC0 Public Domain Dedication along with this software. If not, see
12 12
 http://creativecommons.org/publicdomain/zero/1.0/
13 13
 
14 14
 Nevertheless, in case you use a significant part of this code, we ask (but not require, see the license) that you keep the authors' names in place and return your changes to the public. We would be especially happy if you tell us what you're going to do with this code.
... ...
@@ -23,220 +23,223 @@ define("CERT_NOCHAIN", 2);
23 23
 
24 24
 function user_certs()
25 25
 {
26
-  $uid = (int) $_SESSION['userinfo']['uid'];
27
-  $result = db_query("SELECT id, valid_from, valid_until, subject, cn FROM vhosts.certs WHERE uid=? ORDER BY cn", array($uid));
28
-  $ret = array();
29
-  while ($i = $result->fetch())
30
-    $ret[] = $i;
31
-  #DEBUG($ret);
32
-  return $ret;
26
+    $uid = (int) $_SESSION['userinfo']['uid'];
27
+    $result = db_query("SELECT id, valid_from, valid_until, subject, cn FROM vhosts.certs WHERE uid=? ORDER BY cn", array($uid));
28
+    $ret = array();
29
+    while ($i = $result->fetch()) {
30
+        $ret[] = $i;
31
+    }
32
+    #DEBUG($ret);
33
+    return $ret;
33 34
 }
34 35
 
35 36
 function user_csr()
36 37
 {
37
-  $uid = (int) $_SESSION['userinfo']['uid'];
38
-  $result = db_query("SELECT id, created, hostname, bits FROM vhosts.csr WHERE uid=? ORDER BY hostname", array($uid));
39
-  $ret = array();
40
-  while ($i = $result->fetch())
41
-    $ret[] = $i;
42
-  #DEBUG($ret);
43
-  return $ret;
38
+    $uid = (int) $_SESSION['userinfo']['uid'];
39
+    $result = db_query("SELECT id, created, hostname, bits FROM vhosts.csr WHERE uid=? ORDER BY hostname", array($uid));
40
+    $ret = array();
41
+    while ($i = $result->fetch()) {
42
+        $ret[] = $i;
43
+    }
44
+    #DEBUG($ret);
45
+    return $ret;
44 46
 }
45 47
 
46 48
 function user_has_manual_certs()
47 49
 {
48
-  foreach (user_certs() as $c) {
49
-    if (!cert_is_letsencrypt($c['id'])) {
50
-      return true;
50
+    foreach (user_certs() as $c) {
51
+        if (!cert_is_letsencrypt($c['id'])) {
52
+            return true;
53
+        }
54
+    }
55
+    foreach (user_csr() as $c) {
56
+        return true;
51 57
     }
52
-  }
53
-  foreach (user_csr() as $c) {
54
-    return true;
55
-  }
56 58
 }
57 59
 
58 60
 
59 61
 function cert_details($id)
60 62
 {
61
-  $id = (int) $id;
62
-  $uid = (int) $_SESSION['userinfo']['uid'];
63
+    $id = (int) $id;
64
+    $uid = (int) $_SESSION['userinfo']['uid'];
63 65
   
64
-  $result = db_query("SELECT id, lastchange, valid_from, valid_until, subject, cn, chain, cert, `key` FROM vhosts.certs WHERE uid=:uid AND id=:id", array(":uid" => $uid, ":id" => $id));
65
-  if ($result->rowCount() != 1)
66
-    system_failure("Ungültiges Zertifikat #{$id}");
67
-  return $result->fetch();
66
+    $result = db_query("SELECT id, lastchange, valid_from, valid_until, subject, cn, chain, cert, `key` FROM vhosts.certs WHERE uid=:uid AND id=:id", array(":uid" => $uid, ":id" => $id));
67
+    if ($result->rowCount() != 1) {
68
+        system_failure("Ungültiges Zertifikat #{$id}");
69
+    }
70
+    return $result->fetch();
68 71
 }
69 72
 
70 73
 function cert_is_letsencrypt($id)
71 74
 {
72
-  $details = cert_details($id);
73
-  #DEBUG($details);
74
-  if (strpos($details['subject'], "Let's Encrypt autogenerated") > 0) {
75
-    return true;
76
-  }
77
-  return false;
75
+    $details = cert_details($id);
76
+    #DEBUG($details);
77
+    if (strpos($details['subject'], "Let's Encrypt autogenerated") > 0) {
78
+        return true;
79
+    }
80
+    return false;
78 81
 }
79 82
 
80 83
 
81 84
 function csr_details($id)
82 85
 {
83
-  $id = (int) $id;
84
-  $uid = (int) $_SESSION['userinfo']['uid'];
86
+    $id = (int) $id;
87
+    $uid = (int) $_SESSION['userinfo']['uid'];
85 88
   
86
-  $result = db_query("SELECT id, created, hostname, bits, `replace`, csr, `key` FROM vhosts.csr WHERE uid=:uid AND id=:id", array(":uid" => $uid, ":id" => $id));
87
-  if ($result->rowCount() != 1)
88
-    system_failure("Ungültiger CSR");
89
-  return $result->fetch();
89
+    $result = db_query("SELECT id, created, hostname, bits, `replace`, csr, `key` FROM vhosts.csr WHERE uid=:uid AND id=:id", array(":uid" => $uid, ":id" => $id));
90
+    if ($result->rowCount() != 1) {
91
+        system_failure("Ungültiger CSR");
92
+    }
93
+    return $result->fetch();
90 94
 }
91 95
 
92 96
 
93 97
 function get_available_CAs()
94 98
 {
95
-  $path = '/etc/apache2/certs/cabundle/';
96
-  $ret = glob($path.'*.pem');
97
-  if (! $ret)
98
-    system_failure("Konnte die CA-Zertifikate nicht laden");
99
-  DEBUG($ret);
100
-  return $ret;
99
+    $path = '/etc/apache2/certs/cabundle/';
100
+    $ret = glob($path.'*.pem');
101
+    if (! $ret) {
102
+        system_failure("Konnte die CA-Zertifikate nicht laden");
103
+    }
104
+    DEBUG($ret);
105
+    return $ret;
101 106
 }
102 107
 
103 108
 
104 109
 function get_chain($cert)
105 110
 {
106
-  $certdata = openssl_x509_parse($cert, true);
107
-  if ($certdata === FALSE) {
108
-    system_failure("Das Zertifikat konnte nicht gelesen werden");
109
-  }
110
-  if (! isset($certdata['issuer']['CN'])) {
111
-    return NULL;
112
-  }
113
-  $result = db_query("SELECT id FROM vhosts.certchain WHERE cn=?", array($certdata['issuer']['CN']));
114
-  if ($result->rowCount() > 0)
115
-  {
116
-    $c = $result->fetch();
117
-    //$chainfile = '/etc/apache2/certs/chains/'.$c['id'].'.pem';
118
-    DEBUG("identified fitting certificate chain #".$c['id']);
119
-    return $c['id'];
120
-  }
111
+    $certdata = openssl_x509_parse($cert, true);
112
+    if ($certdata === false) {
113
+        system_failure("Das Zertifikat konnte nicht gelesen werden");
114
+    }
115
+    if (! isset($certdata['issuer']['CN'])) {
116
+        return null;
117
+    }
118
+    $result = db_query("SELECT id FROM vhosts.certchain WHERE cn=?", array($certdata['issuer']['CN']));
119
+    if ($result->rowCount() > 0) {
120
+        $c = $result->fetch();
121
+        //$chainfile = '/etc/apache2/certs/chains/'.$c['id'].'.pem';
122
+        DEBUG("identified fitting certificate chain #".$c['id']);
123
+        return $c['id'];
124
+    }
121 125
 }
122 126
 
123 127
 
124 128
 function validate_certificate($cert, $key)
125
-{ 
126
-  // Lade private key 
127
-  $seckey = openssl_get_privatekey($key);
128
-  if ($seckey === FALSE) {
129
-    system_failure("Der private Schlüssel konnte (ohne Passwort) nicht gelesen werden.");
130
-  }
131
-  // Lade public key
132
-  $pubkey = openssl_get_publickey($cert);
133
-  if ($pubkey === FALSE) {
134
-    system_failure("In dem eingetragenen Zertifikat wurde kein öffentlicher Schlüssel gefunden.");
135
-  }
136
-  // Parse Details über den pubkey
137
-  $certinfo = openssl_pkey_get_details($pubkey);
138
-  DEBUG($certinfo);
139
-  if ($certinfo === FALSE) {
140
-    system_failure("Der öffentliche Schlüssel des Zertifikats konnte nicht gelesen werden");
141
-  }
142
-
143
-  // Apache unterstützt nur Schlüssel vom Typ RSA oder DSA
144
-  if (! in_array($certinfo['type'], array(OPENSSL_KEYTYPE_RSA, OPENSSL_KEYTYPE_DSA))) {
145
-    system_failure("Dieser Schlüssel nutzt einen nicht unterstützten Algorithmus.");
146
-  }
129
+{
130
+    // Lade private key
131
+    $seckey = openssl_get_privatekey($key);
132
+    if ($seckey === false) {
133
+        system_failure("Der private Schlüssel konnte (ohne Passwort) nicht gelesen werden.");
134
+    }
135
+    // Lade public key
136
+    $pubkey = openssl_get_publickey($cert);
137
+    if ($pubkey === false) {
138
+        system_failure("In dem eingetragenen Zertifikat wurde kein öffentlicher Schlüssel gefunden.");
139
+    }
140
+    // Parse Details über den pubkey
141
+    $certinfo = openssl_pkey_get_details($pubkey);
142
+    DEBUG($certinfo);
143
+    if ($certinfo === false) {
144
+        system_failure("Der öffentliche Schlüssel des Zertifikats konnte nicht gelesen werden");
145
+    }
146
+
147
+    // Apache unterstützt nur Schlüssel vom Typ RSA oder DSA
148
+    if (! in_array($certinfo['type'], array(OPENSSL_KEYTYPE_RSA, OPENSSL_KEYTYPE_DSA))) {
149
+        system_failure("Dieser Schlüssel nutzt einen nicht unterstützten Algorithmus.");
150
+    }
147 151
     
148
-  // Bei ECC-Keys treten kürzere Schlüssellängen auf, die können wir aktuell aber sowieso nicht unterstützen
149
-  if ($certinfo['bits'] < 2048) {
150
-    warning("Dieser Schlüssel hat eine sehr geringe Bitlänge und ist daher als nicht besonders sicher einzustufen!");
151
-  }
152
-
153
-  // Prüfe ob Key und Zertifikat zusammen passen
154
-  if (openssl_x509_check_private_key($cert, $key) !== true)
155
-  {
156
-    DEBUG("Zertifikat und Key passen nicht zusammen: ".openssl_x509_check_private_key($cert, $key));
157
-    return CERT_INVALID;
158
-  }
159
-
160
-  $cacerts = array('/etc/ssl/certs');
161
-  $chain = (int) get_chain($cert);
162
-  if ($chain)
163
-  {
164
-    $result = db_query("SELECT content FROM vhosts.certchain WHERE id=?", array($chain));
165
-    $tmp = $result->fetch();
166
-    $chaincert = $tmp['content'];
167
-    $chainfile = tempnam(sys_get_temp_dir(), 'webinterface');
168
-    $f = fopen($chainfile, "w");
169
-    fwrite($f, $chaincert);
170
-    fclose($f);
171
-    $cacerts[] = $chainfile;
172
-  }
173
-
174
-  $valid = openssl_x509_checkpurpose($cert, X509_PURPOSE_SSL_SERVER, $cacerts);
175
-  if ($chain) {
176
-    unlink($chainfile);
177
-  }
178
-  if ($valid !== true)
179
-  { 
180
-    DEBUG('certificate was not validated as a server certificate with the available chain');
181
-    return CERT_NOCHAIN;
182
-  }
183
-
184
-  return CERT_OK;
152
+    // Bei ECC-Keys treten kürzere Schlüssellängen auf, die können wir aktuell aber sowieso nicht unterstützen
153
+    if ($certinfo['bits'] < 2048) {
154
+        warning("Dieser Schlüssel hat eine sehr geringe Bitlänge und ist daher als nicht besonders sicher einzustufen!");
155
+    }
156
+
157
+    // Prüfe ob Key und Zertifikat zusammen passen
158
+    if (openssl_x509_check_private_key($cert, $key) !== true) {
159
+        DEBUG("Zertifikat und Key passen nicht zusammen: ".openssl_x509_check_private_key($cert, $key));
160
+        return CERT_INVALID;
161
+    }
162
+
163
+    $cacerts = array('/etc/ssl/certs');
164
+    $chain = (int) get_chain($cert);
165
+    if ($chain) {
166
+        $result = db_query("SELECT content FROM vhosts.certchain WHERE id=?", array($chain));
167
+        $tmp = $result->fetch();
168
+        $chaincert = $tmp['content'];
169
+        $chainfile = tempnam(sys_get_temp_dir(), 'webinterface');
170
+        $f = fopen($chainfile, "w");
171
+        fwrite($f, $chaincert);
172
+        fclose($f);
173
+        $cacerts[] = $chainfile;
174
+    }
175
+
176
+    $valid = openssl_x509_checkpurpose($cert, X509_PURPOSE_SSL_SERVER, $cacerts);
177
+    if ($chain) {
178
+        unlink($chainfile);
179
+    }
180
+    if ($valid !== true) {
181
+        DEBUG('certificate was not validated as a server certificate with the available chain');
182
+        return CERT_NOCHAIN;
183
+    }
184
+
185
+    return CERT_OK;
185 186
 }
186 187
 
187 188
 
188 189
 function parse_cert_details($cert)
189 190
 {
190
-  $certdata = openssl_x509_parse($cert, true);
191
-  /* 
191
+    $certdata = openssl_x509_parse($cert, true);
192
+    /*
192 193
 name => /CN=*.bwurst.org
193 194
 validFrom_time_t => 1204118790
194 195
 validTo_time_t => 1267190790
195 196
 
196 197
 
197
-  */
198
-  DEBUG($certdata);
199
-  DEBUG("SAN: ".$certdata['extensions']['subjectAltName']);
200
-  //return array('subject' => $certdata['name'], 'cn' => $certdata['subject']['CN'], 'valid_from' => date('Y-m-d', $certdata['validFrom_time_t']), 'valid_until' => date('Y-m-d', $certdata['validTo_time_t']));
201
-  $issuer = $certdata['issuer']['CN'];
202
-  if (isset($certdata['issuer']['O'])) {
203
-    $issuer = $certdata['issuer']['O'];
204
-  }
205
-  $san = array();
206
-  $raw_san = explode(', ', $certdata['extensions']['subjectAltName']);
207
-  foreach ($raw_san as $name) {
208
-    if (! substr($name, 0, 4) == 'DNS:') {
209
-      warning('Unparsable SAN: '.$name);
210
-      continue;
198
+    */
199
+    DEBUG($certdata);
200
+    DEBUG("SAN: ".$certdata['extensions']['subjectAltName']);
201
+    //return array('subject' => $certdata['name'], 'cn' => $certdata['subject']['CN'], 'valid_from' => date('Y-m-d', $certdata['validFrom_time_t']), 'valid_until' => date('Y-m-d', $certdata['validTo_time_t']));
202
+    $issuer = $certdata['issuer']['CN'];
203
+    if (isset($certdata['issuer']['O'])) {
204
+        $issuer = $certdata['issuer']['O'];
205
+    }
206
+    $san = array();
207
+    $raw_san = explode(', ', $certdata['extensions']['subjectAltName']);
208
+    foreach ($raw_san as $name) {
209
+        if (! substr($name, 0, 4) == 'DNS:') {
210
+            warning('Unparsable SAN: '.$name);
211
+            continue;
212
+        }
213
+        $san[] = str_replace('DNS:', '', $name);
211 214
     }
212
-    $san[] = str_replace('DNS:', '', $name);
213
-  }
214
-  $san = implode("\n", $san);
215
-  DEBUG("SAN: <pre>".$san."</pre>");
216
-  return array('subject' => $certdata['subject']['CN'].' / '.$issuer, 'cn' => $certdata['subject']['CN'], 'valid_from' => date('Y-m-d', $certdata['validFrom_time_t']), 'valid_until' => date('Y-m-d', $certdata['validTo_time_t']), 'issuer' => $certdata['issuer']['CN'], 'san' => $san);
215
+    $san = implode("\n", $san);
216
+    DEBUG("SAN: <pre>".$san."</pre>");
217
+    return array('subject' => $certdata['subject']['CN'].' / '.$issuer, 'cn' => $certdata['subject']['CN'], 'valid_from' => date('Y-m-d', $certdata['validFrom_time_t']), 'valid_until' => date('Y-m-d', $certdata['validTo_time_t']), 'issuer' => $certdata['issuer']['CN'], 'san' => $san);
217 218
 }
218 219
 
219 220
 
220 221
 function save_cert($info, $cert, $key)
221 222
 {
222
-  openssl_pkey_export($key, $key);
223
-  openssl_x509_export($cert, $cert);
224
-  $uid = (int) $_SESSION['userinfo']['uid'];
225
-
226
-  db_query("INSERT INTO vhosts.certs (uid, subject, cn, san, valid_from, valid_until, chain, cert, `key`) VALUES (:uid, :subject, :cn, :san, :valid_from, :valid_until, :chain, :cert, :key)", 
227
-        array(":uid" => $uid, ":subject" => filter_input_general($info['subject']), ":cn" => filter_input_general($info['cn']), ":san" => $info['san'], ":valid_from" => $info['valid_from'], 
228
-              ":valid_until" => $info['valid_until'], ":chain" => get_chain($cert), ":cert" => $cert, ":key" => $key));
223
+    openssl_pkey_export($key, $key);
224
+    openssl_x509_export($cert, $cert);
225
+    $uid = (int) $_SESSION['userinfo']['uid'];
226
+
227
+    db_query(
228
+      "INSERT INTO vhosts.certs (uid, subject, cn, san, valid_from, valid_until, chain, cert, `key`) VALUES (:uid, :subject, :cn, :san, :valid_from, :valid_until, :chain, :cert, :key)",
229
+        array(":uid" => $uid, ":subject" => filter_input_general($info['subject']), ":cn" => filter_input_general($info['cn']), ":san" => $info['san'], ":valid_from" => $info['valid_from'],
230
+              ":valid_until" => $info['valid_until'], ":chain" => get_chain($cert), ":cert" => $cert, ":key" => $key)
231
+  );
229 232
 }
230 233
 
231 234
 
232
-function refresh_cert($id, $info, $cert, $key = NULL)
235
+function refresh_cert($id, $info, $cert, $key = null)
233 236
 {
234
-  openssl_x509_export($cert, $cert);
235
-  $chain = get_chain($cert);
237
+    openssl_x509_export($cert, $cert);
238
+    $chain = get_chain($cert);
236 239
 
237
-  $id = (int) $id;
238
-  $oldcert = cert_details($id);
239
-  $args = array(":subject" => filter_input_general($info['subject']),
240
+    $id = (int) $id;
241
+    $oldcert = cert_details($id);
242
+    $args = array(":subject" => filter_input_general($info['subject']),
240 243
                 ":cn" => filter_input_general($info['cn']),
241 244
                 ":san" => $san,
242 245
                 ":cert" => $cert,
... ...
@@ -245,71 +248,72 @@ function refresh_cert($id, $info, $cert, $key = NULL)
245 248
                 ":chain" => get_chain($cert),
246 249
                 ":id" => $id);
247 250
 
248
-  $keyop = '';
249
-  if ($key) {
250
-    openssl_pkey_export($key, $key);
251
-    $keyop = ", `key`=:key";
252
-    $args[":key"] = $key;
253
-  }
254
-  db_query("UPDATE vhosts.certs SET subject=:subject, cn=:cn, san=:san, cert=:cert{$keyop}, valid_from=:valid_from, valid_until=:valid_until, chain=:chain WHERE id=:id", $args);
251
+    $keyop = '';
252
+    if ($key) {
253
+        openssl_pkey_export($key, $key);
254
+        $keyop = ", `key`=:key";
255
+        $args[":key"] = $key;
256
+    }
257
+    db_query("UPDATE vhosts.certs SET subject=:subject, cn=:cn, san=:san, cert=:cert{$keyop}, valid_from=:valid_from, valid_until=:valid_until, chain=:chain WHERE id=:id", $args);
255 258
 }
256 259
 
257 260
 
258 261
 function delete_cert($id)
259 262
 {
260
-  $uid = (int) $_SESSION['userinfo']['uid'];
261
-  $id = (int) $id;
263
+    $uid = (int) $_SESSION['userinfo']['uid'];
264
+    $id = (int) $id;
262 265
   
263
-  db_query("DELETE FROM vhosts.certs WHERE uid=? AND id=?", array($uid, $id));
266
+    db_query("DELETE FROM vhosts.certs WHERE uid=? AND id=?", array($uid, $id));
264 267
 }
265 268
 
266 269
 function delete_csr($id)
267 270
 {
268
-  $uid = (int) $_SESSION['userinfo']['uid'];
269
-  $id = (int) $id;
271
+    $uid = (int) $_SESSION['userinfo']['uid'];
272
+    $id = (int) $id;
270 273
   
271
-  db_query("DELETE FROM vhosts.csr WHERE uid=? AND id=?", array($uid, $id));
274
+    db_query("DELETE FROM vhosts.csr WHERE uid=? AND id=?", array($uid, $id));
272 275
 }
273 276
 
274 277
 
275 278
 function split_cn($cn)
276 279
 {
277
-  $domains = array();
278
-  if (strstr($cn, ',') or strstr($cn, "\n")) {
279
-    $domains = preg_split("/[, \n]+/", $cn);
280
-    DEBUG("Domains:");
281
-    DEBUG($domains);
282
-  } else {
283
-    $domains[] = $cn;
284
-  }
285
-  for ($i=0;$i!=count($domains);$i++) {
286
-    $domains[$i] = filter_input_hostname($domains[$i], true);
287
-  }
288
-  return $domains;
280
+    $domains = array();
281
+    if (strstr($cn, ',') or strstr($cn, "\n")) {
282
+        $domains = preg_split("/[, \n]+/", $cn);
283
+        DEBUG("Domains:");
284
+        DEBUG($domains);
285
+    } else {
286
+        $domains[] = $cn;
287
+    }
288
+    for ($i=0;$i!=count($domains);$i++) {
289
+        $domains[$i] = filter_input_hostname($domains[$i], true);
290
+    }
291
+    return $domains;
289 292
 }
290 293
 
291 294
 function create_csr($cn, $bits)
292 295
 {
293
-  $domains = split_cn($cn);
294
-  $tmp = array();
295
-  foreach ($domains as $dom) {
296
-    $tmp[] = 'DNS:'.$dom;
297
-  }
298
-  $SAN = "[ v3_req ]\nsubjectAltName = ".implode(', ', $tmp);
299
-  DEBUG($SAN);
300
-  $cn = $domains[0];
301
-  $bits = (int) $bits;
302