fic/server
Archived
1
0
Fork 0
Code Issues Pull requests 10 Releases Wiki Activity

Can revoke/generate server certiticate in admin interface

Browse source
This commit is contained in:
nemunaire 2014-11-20 18:04:39 +01:00
commit 4d1424b29b
6 changed files with 122 additions and 55 deletions
Download patch file Download diff file Expand all files Collapse all files

50
onyx/include/admin/certificate.php
View file

@ -27,22 +27,19 @@ function new_client($name, $misc_dir)
//TODO handle if already exist
putenv("OPENSSL_CONF=$misc_dir/openssl.cnf");
putenv("TOP_DIR=$misc_dir/pki");
$output = shell_exec("$misc_dir/CA.sh -newclient $name");
return $output;
return shell_exec("$misc_dir/CA.sh -newclient $name");
}
function revoke_client($name, $misc_dir)
{
putenv("OPENSSL_CONF=$misc_dir/openssl.cnf");
putenv("TOP_DIR=$misc_dir/pki");
$output = shell_exec("$misc_dir/CA.sh -revoke $name");
return shell_exec("$misc_dir/CA.sh -revoke $name");
}
if (!empty($p[2]))
{
if (isset($VAR['misc_dir']))
$misc_dir = $VAR['misc_dir'];
else
if (empty($VAR['misc_dir']))
{
erreur("Merci d'ajouter la variable misc_dir dans root.xml");
return "admin/home";
@ -54,7 +51,9 @@ if (!empty($p[2]))
{
putenv("OPENSSL_CONF=$misc_dir/openssl.cnf");
putenv("TOP_DIR=$misc_dir/pki");
$output = shell_exec("$misc_dir/CA.sh -newca");
$template->assign("output",
shell_exec("$misc_dir/CA.sh -newca"));
return "admin/shell";
}
elseif ($p[2] == "deleteca")
@ -62,16 +61,38 @@ if (!empty($p[2]))
$dir = "$misc_dir/pki";
remove_directory($dir);
}
elseif ($p[2] == "newsrv")
{
putenv("OPENSSL_CONF=$misc_dir/openssl.cnf");
putenv("TOP_DIR=$misc_dir/pki");
$template->assign("output",
shell_exec("$misc_dir/CA.sh -newserver"));
return "admin/shell";
}
elseif ($p[2] == "revokesrv")
{
putenv("OPENSSL_CONF=$misc_dir/openssl.cnf");
putenv("TOP_DIR=$misc_dir/pki");
$template->assign("output",
shell_exec("$misc_dir/CA.sh -revokeserver"));
return "admin/shell";
}
elseif ($p[2] == "revoke")
{
$name = $_GET['name'];
if (isset($name))
{
$output = revoke_client($name, $misc_dir);
$template->assign("output",
revoke_client($name, $misc_dir));
//TODO Check revocation failed
Team::set_revoked(TRUE, $name);
}
return "admin/shell";
}
// Is new team
elseif ($p[2] == "newclient")
{
@ -80,12 +101,13 @@ if (!empty($p[2]))
//TODO check revoked attribute
if (isset($name))
{
$output = new_client($name, $misc_dir);
$template->assign("output",
new_client($name, $misc_dir));
Team::set_revoked(FALSE, $name);
erreur($output, "sucess");
return "admin/import_users";
return "admin/shell";
}
}
elseif ($p[2] == "get")
{
$name = $_GET['name'];
@ -95,14 +117,15 @@ if (!empty($p[2]))
if (file_exists($path) && is_readable($path))
{
header("Content-Type: application/force-download");
header("Content-Length: ".strval(filesize($path)));
header("Content-Length: ".filesize($path));
header("Content-Disposition: attachment; filename=\"$name.p12\"");
readfile($path);
exit;
}
}
exit;
}
if ($p[2] == "deleteca" || $p[2] == "newca")
{
header("Location: /".SALT_ADMIN."/");
@ -114,4 +137,3 @@ if (!empty($p[2]))
exit;
}
}

20
onyx/include/admin/home.php
View file

@ -20,20 +20,26 @@ else
if (is_writable($misc_dir) && !is_dir("$misc_dir/pki/"))
mkdir("$misc_dir/pki/");
$wright = is_writable("$misc_dir/pki/");
$template->assign("cert_writable", $wright);
$template->assign("cert_writable", is_writable("$misc_dir/pki/"));
$ca_file = "$misc_dir/pki/cacert.crt";
if (file_exists($ca_file))
{
if (!is_readable($ca_file))
erreur("Impossible de lire le fichier");
else
{
$data = openssl_x509_parse(file_get_contents(ONYX . '../misc/pki/cacert.crt'));
$template->assign("cert", $data);
}
$template->assign("cert_CA",
openssl_x509_parse(file_get_contents($ca_file)));
}
$srv_file = "$misc_dir/server.crt";
if (file_exists($srv_file))
{
if (!is_readable($srv_file))
erreur("Impossible de lire le fichier");
else
$template->assign("cert_srv",
openssl_x509_parse(file_get_contents($srv_file)));
}
return "admin/home";

70
onyx/tpl/bootstrap/admin/home.tpl
View file

@ -1,29 +1,55 @@
{extends file="admin/layout.tpl"}
{block name=content}
<div class="panel panel-info">
<div class="panel-heading">
<h3 class="panel-title">Certificat racine</h3>
<div class="row">
<div class="col-md-6">
<div class="panel panel-primary">
<div class="panel-heading">
<h3 class="panel-title">Certificat racine</h3>
</div>
<div class="panel-body">
{if isset($cert_CA)}
<ul>
{foreach from=$cert_CA.subject key=k item=crt}
<li><strong>[{$k}] :</strong> {$crt}</li>
{/foreach}
</ul>
<a href="/{$SALT_ADMIN}/certificate/deleteca" class="btn btn-danger"
onclick="return confirm('Êtes-vous sûr de vouloir supprimer ce certificat ?')">Supprimer</a>
{elseif ! $cert_writable}
<div class="alert alert-danger"><span class="glyphicon glyphicon-warning-sign"></span> Répertoire non accessible en écriture.</div>
<a href="/{$SALT_ADMIN}/certificate/newca" class="btn btn-primary" disabled="disabled">Nouveau</a>
{else}
Pas de certificat
<a href="/{$SALT_ADMIN}/certificate/newca" class="btn btn-primary">Nouveau</a>
{/if}
</div>
</div>
</div>
<div class="panel-body">
{if isset($cert)}
<ul>
<li><strong>[C] :</strong> {$cert['subject']['C']}</li>
<li><strong>[ST] :</strong> {$cert['subject']['ST']}</li>
<li><strong>[O] :</strong> {$cert['subject']['O']}</li>
<li><strong>[OU] :</strong> {$cert['subject']['OU']}</li>
<li><strong>[CN] :</strong> {$cert['subject']['CN']}</li>
<li><strong>[emailAddress] :</strong> {$cert['subject']['emailAddress']}</li>
</ul>
<!--<a href="/{$SALT_ADMIN}/certificate/deleteca" class="btn btn-danger"
onclick="return confirm('Êtes-vous sûr de vouloir supprimer ce certificat ?')">Supprimer</a>-->
{elseif isset($cert_writable) && ! $cert_writable}
<div class="alert alert-danger"><span class="glyphicon glyphicon-warning-sign"></span> Répertoire non accessible en écriture.</div>
<!--<a href="/{$SALT_ADMIN}/certificate/newca" class="btn btn-primary" disabled="disabled">Nouveau</a>-->
{else}
Pas de certificat
<!--<a href="/{$SALT_ADMIN}/certificate/newca" class="btn btn-primary">Nouveau</a>-->
{/if}
<div class="col-md-6">
<div class="panel panel-info">
<div class="panel-heading">
<h3 class="panel-title">Certificat serveur</h3>
</div>
<div class="panel-body">
{if isset($cert_srv)}
<ul>
{foreach from=$cert_srv.subject key=k item=crt}
<li><strong>[{$k}] :</strong> {$crt}</li>
{/foreach}
</ul>
<a href="/{$SALT_ADMIN}/certificate/revokesrv" class="btn btn-danger"
onclick="return confirm('Êtes-vous sûr de vouloir supprimer ce certificat ?')">Supprimer</a>
{elseif ! $cert_writable}
<div class="alert alert-danger"><span class="glyphicon glyphicon-warning-sign"></span> Répertoire non accessible en écriture.</div>
<a href="/{$SALT_ADMIN}/certificate/newsrv" class="btn btn-primary" disabled="disabled">Nouveau</a>
{else}
Pas de certificat
<a href="/{$SALT_ADMIN}/certificate/newsrv" class="btn btn-primary">Nouveau</a>
{/if}
</div>
</div>
</div>
</div>

7
onyx/tpl/bootstrap/admin/shell.tpl Normal file
View file

@ -0,0 +1,7 @@
{extends file="admin/layout.tpl"}
{block name=content}
<pre>
{$output}
</pre>
{/block}