2004-10-16 00:28:17 +00:00
#!/usr/bin/php -q
< ? /*
Copyright ( C ) 2004 by Duane Groth < duane_at_CAcert_dot_org >
This file is part of CAcert .
CAcert has been released under a CAcert Source License
which can be found included with these source files or can
be downloaded from the internet from the following address :
http :// www . cacert . org / src - lic . php
CAcert is distributed WITHOUT ANY WARRANTY ; without even
the implied warranty of MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE . See the License for more details .
*/
2006-08-03 13:20:55 +00:00
$lck = fopen ( '/tmp/SslLock' , 'w' );
while ( flock ( $lck , LOCK_EX ) < 0 )
sleep ( rand ( 100000 , 200000 ));
2005-11-08 10:06:04 +00:00
2004-10-16 00:28:17 +00:00
$monarr = array ( " Jan " => 1 , " Feb " => 2 , " Mar " => 3 , " Apr " => 4 , " May " => 5 , " Jun " => 6 ,
" Jul " => 7 , " Aug " => 8 , " Sep " => 9 , " Oct " => 10 , " Nov " => 11 , " Dec " => 12 );
include_once ( " ../includes/mysql.php " );
$query = " select * from `domaincerts` where `crt_name`='' " ;
$res = mysql_query ( $query );
while ( $row = mysql_fetch_assoc ( $res ))
{
$query = " select * from `domains`,`users` where `domains`.`id`=' " . $row [ 'domid' ] . " ' and
`users` . `id` = `domains` . `memid` " ;
$user = mysql_fetch_assoc ( mysql_query ( $query ));
2004-10-16 15:32:35 +00:00
if ( $user [ 'language' ] != " " )
{
$userlang = $user [ 'language' ];
putenv ( " LANG= " . $_SESSION [ '_config' ][ 'translations' ][ $userlang ]);
setlocale ( LC_ALL , $_SESSION [ '_config' ][ 'translations' ][ $userlang ]);
} else {
putenv ( " LANG=en_AU " );
setlocale ( LC_ALL , " en_AU " );
}
2004-10-16 00:28:17 +00:00
$days = 180 ;
if ( intval ( $user [ 'memid' ]) > 0 )
{
$drow = mysql_fetch_assoc ( mysql_query ( " select sum(`points`) as `total` from `notary`
where `to` = '".$user[' memid ']."' group by `to` " ));
if ( $drow [ 'total' ] >= 50 )
$days = 730 ;
}
2004-10-29 01:02:13 +00:00
$row [ 'crt_name' ] = " ../crt/server- " . $row [ 'id' ] . " .crt " ;
2005-03-12 19:40:24 +00:00
$row [ 'csr_name' ] = " ../.. " . $row [ 'csr_name' ];
2005-05-13 15:34:39 +00:00
$tmpname = tempnam ( " /tmp " , " servercert " );
2006-08-14 16:52:24 +00:00
// MAKE SURE ALL VARIABLES ARE RESET HERE!!!
$SAN = $newsubject = " " ;
2005-05-13 15:34:39 +00:00
$fp = fopen ( $tmpname , " w " );
fputs ( $fp , " basicConstraints = critical, CA:FALSE \n " );
fputs ( $fp , " extendedKeyUsage = clientAuth, serverAuth, nsSGC, msSGC \n " );
fputs ( $fp , " keyUsage = digitalSignature, keyEncipherment \n " );
2005-05-23 01:53:59 +00:00
fputs ( $fp , " authorityInfoAccess = OCSP;URI:http://ocsp.cacert.org \n " );
2005-05-13 15:34:39 +00:00
$bits = explode ( " / " , $row [ 'subject' ]);
foreach ( $bits as $val )
{
$bit = explode ( " = " , $val );
if ( $bit [ '0' ] == " subjectAltName " )
{
if ( $SAN != " " )
2006-02-03 18:45:23 +00:00
$SAN .= " , " ;
2005-05-13 15:34:39 +00:00
$SAN .= trim ( $bit [ '1' ]);
} else {
$newsubject .= " / " . $val ;
}
}
if ( $SAN != " " )
fputs ( $fp , " subjectAltName = $SAN\n " );
fclose ( $fp );
$newsubject = str_replace ( " // " , " / " , $newsubject );
2005-11-08 10:06:04 +00:00
if ( $row [ 'rootcert' ] == 2 )
$opensslcnf = " /etc/ssl/class3-server.cnf " ;
else
$opensslcnf = " /etc/ssl/openssl-server.cnf " ;
2005-11-20 08:16:55 +00:00
$do = `echo "/usr/bin/openssl ca -md $row[md] -config $opensslcnf -in $row[csr_name] -out $row[crt_name] -days $days -key test -batch -subj '$newsubject' -extfile '$tmpname'" >> /tmp/openssl.tmp` ;
$do = `/usr/bin/openssl ca -md $row[md] -config $opensslcnf -in $row[csr_name] -out $row[crt_name] -days $days -key test -batch -subj '$newsubject' -extfile '$tmpname' 2>&1` ;
2006-02-03 18:45:23 +00:00
// unlink($tmpname);
2004-10-16 00:28:17 +00:00
$dom = mysql_fetch_assoc ( mysql_query ( " select * from `domains` where `id`=' $row[domid] ' " ));
$user = mysql_fetch_assoc ( mysql_query ( " select * from `users` where `id`=' $dom[memid] ' " ));
2005-05-13 15:34:39 +00:00
if ( filesize ( $row [ 'crt_name' ]) > 0 && intval ( $user [ 'id' ]) > 0 )
2004-10-16 00:28:17 +00:00
{
2005-05-13 15:34:39 +00:00
$end = trim ( `/usr/bin/openssl x509 -in '$row[crt_name]' -noout -enddate` );
2004-10-16 00:28:17 +00:00
$bits = explode ( " = " , $end , 2 );
$end = trim ( $bits [ 1 ]);
while ( strstr ( $end , " " ))
$end = str_replace ( " " , " " , $end );
$bits = explode ( " " , $end );
$month = $bits [ '0' ];
$month = $monarr [ $month ];
$day = $bits [ '1' ];
$time = $bits [ '2' ];
$year = $bits [ '3' ];
$bits = explode ( " : " , $time );
$hour = $bits [ '0' ];
$min = $bits [ '1' ];
$sec = $bits [ '2' ];
$date = gmmktime ( $hour , $min , $sec , $month , $day , $year );
$cert = trim ( `/usr/bin/openssl x509 -in $row[crt_name]` );
2005-05-13 15:34:39 +00:00
$bits = explode ( " = " , trim ( `/usr/bin/openssl x509 -serial -noout -in '$row[crt_name]'` ), 2 );
2004-10-16 00:28:17 +00:00
$serial = $bits [ '1' ];
$query = " update `domaincerts` set `crt_name`=' " . $row [ 'crt_name' ] . " ',
`modified` = FROM_UNIXTIME ( UNIX_TIMESTAMP ()),
`serial` = '$serial' , `expire` = FROM_UNIXTIME ( $date ) where `id` = '".$row[' id ']."' " ;
mysql_query ( $query );
$body = _ ( " Hi " ) . " " . $user [ 'fname' ] . " , \n \n " ;
$body .= sprintf ( _ ( " Below you will find your certificate for %s. " ) . " \n \n " , $row [ 'CN' ]);
$body .= _ ( " Best regards " ) . " \n " . _ ( " CAcert.org Support! " ) . " \n \n " . $cert ;
2005-05-23 01:53:59 +00:00
sendmail ( $user [ 'email' ], " [CAcert.org] " . _ ( " Server Certificate " ), $body , " support@cacert.org " , " " , " " , " CAcert Support " );
2004-10-24 00:10:26 +00:00
} else {
$query = " delete from `domaincerts` where `id`=' " . $row [ 'id' ] . " ' " ;
mysql_query ( $query );
2004-10-16 00:28:17 +00:00
}
}
$query = " select * from `domaincerts` where `revoked`='1970-01-01 10:00:01' " ;
$res = mysql_query ( $query );
while ( $row = mysql_fetch_assoc ( $res ))
{
2005-11-08 10:06:04 +00:00
if ( $row [ 'rootcert' ] == 2 )
$opensslcnf = " /etc/ssl/class3-server.cnf " ;
else
$opensslcnf = " /etc/ssl/openssl-server.cnf " ;
2005-11-20 08:16:55 +00:00
$do = `/usr/bin/openssl ca -md $row[md] -config $opensslcnf -key test -batch -revoke $row[crt_name] > /dev/null 2>&1` ;
$do = `/usr/bin/openssl ca -md $row[md] -config $opensslcnf -key test -batch -gencrl -crldays 7 -crlexts crl_ext -out /tmp/cacert-revoke.crl > /dev/null 2>&1` ;
2004-10-16 00:28:17 +00:00
$do = `/usr/bin/openssl crl -in /tmp/cacert-revoke.crl -outform DER -out ../www/revoke.crl > /dev/null 2>&1` ;
$dom = mysql_fetch_assoc ( mysql_query ( " select * from `domains` where `id`=' " . $row [ 'domid' ] . " ' " ));
$user = mysql_fetch_assoc ( mysql_query ( " select * from `users` where `id`=' " . $dom [ 'memid' ] . " ' " ));
2004-10-16 15:32:35 +00:00
if ( $user [ 'language' ] != " " )
{
$userlang = $user [ 'language' ];
putenv ( " LANG= " . $_SESSION [ '_config' ][ 'translations' ][ $userlang ]);
setlocale ( LC_ALL , $_SESSION [ '_config' ][ 'translations' ][ $userlang ]);
} else {
putenv ( " LANG=en_AU " );
setlocale ( LC_ALL , " en_AU " );
}
2004-10-16 00:28:17 +00:00
mysql_query ( " update `domaincerts` set `revoked`=FROM_UNIXTIME(UNIX_TIMESTAMP()) where `id`=' " . $row [ 'id' ] . " ' " );
$body = _ ( " Hi " ) . " " . $user [ 'fname' ] . " , \n \n " ;
$body .= sprintf ( _ ( " Your certificate for %s has been revoked, as per request. " ) . " \n \n " , $row [ 'CN' ]);
$body .= _ ( " Best regards " ) . " \n " . _ ( " CAcert.org Support! " );
2005-05-23 01:53:59 +00:00
sendmail ( $user [ 'email' ], " [CAcert.org] " . sprintf ( _ ( " Certificate for %s has been revoked " ), $row [ 'CN' ]), $body , " support@cacert.org " , " " , " " , " CAcert Support " );
2004-10-16 00:28:17 +00:00
}
$query = " select * from `orgdomaincerts` where `crt_name`='' " ;
$res = mysql_query ( $query );
while ( $row = mysql_fetch_assoc ( $res ))
{
2004-10-29 01:02:13 +00:00
$row [ 'crt_name' ] = " ../crt/orgserver- " . $row [ 'id' ] . " .crt " ;
2004-10-16 00:28:17 +00:00
$days = 730 ;
2005-05-13 15:34:39 +00:00
$row [ 'csr_name' ] = " ../../ " . $row [ 'csr_name' ];
$tmpname = tempnam ( " /tmp " , " serverorgcert " );
$newsubject = " " ;
$fp = fopen ( $tmpname , " w " );
fputs ( $fp , " basicConstraints = critical, CA:FALSE \n " );
fputs ( $fp , " extendedKeyUsage = clientAuth, serverAuth, nsSGC, msSGC \n " );
fputs ( $fp , " keyUsage = digitalSignature, keyEncipherment \n " );
2005-05-23 01:53:59 +00:00
fputs ( $fp , " authorityInfoAccess = OCSP;URI:http://ocsp.cacert.org \n " );
2005-05-13 15:34:39 +00:00
$bits = explode ( " / " , $row [ 'subject' ]);
foreach ( $bits as $val )
{
$bit = explode ( " = " , $val );
if ( $bit [ '0' ] == " subjectAltName " )
{
if ( $SAN != " " )
$SAN .= " , " ;
$SAN .= trim ( $bit [ '1' ]);
2006-02-03 18:45:23 +00:00
} else if ( $bit [ '0' ] != " " ) {
$newsubject .= " / $val " ;
2005-05-13 15:34:39 +00:00
}
}
if ( $SAN != " " )
fputs ( $fp , " subjectAltName = $SAN\n " );
fclose ( $fp );
$newsubject = str_replace ( " // " , " / " , $newsubject );
2005-11-08 10:06:04 +00:00
if ( $row [ 'rootcert' ] == 2 )
2006-02-03 18:45:23 +00:00
$opensslcnf = " /etc/ssl/class3-server-org.cnf " ;
2005-11-08 10:06:04 +00:00
else
2006-02-03 18:45:23 +00:00
$opensslcnf = " /etc/ssl/openssl-server-org.cnf " ;
2005-11-08 10:06:04 +00:00
2005-11-20 08:16:55 +00:00
$do = `echo "/usr/bin/openssl ca -md $row[md] -config $opensslcnf -in $row[csr_name] -out $row[crt_name] -days $days -key test -batch -subj '$newsubject' -extfile '$tmpname'" >> /tmp/openssl.tmp` ;
$do = `/usr/bin/openssl ca -md $row[md] -config $opensslcnf -in $row[csr_name] -out $row[crt_name] -days $days -key test -batch -subj '$newsubject' -extfile '$tmpname' > /dev/null 2>&1` ;
2006-02-03 18:45:23 +00:00
// unlink($tmpname);
2005-05-13 15:34:39 +00:00
if ( filesize ( $row [ 'crt_name' ]) > 0 )
2004-10-16 00:28:17 +00:00
{
$end = trim ( `/usr/bin/openssl x509 -in $row[crt_name] -noout -enddate` );
$bits = explode ( " = " , $end , 2 );
$end = trim ( $bits [ 1 ]);
while ( strstr ( $end , " " ))
$end = str_replace ( " " , " " , $end );
$bits = explode ( " " , $end );
$month = $bits [ 0 ];
$month = $monarr [ $month ];
$day = $bits [ 1 ];
$time = $bits [ 2 ];
$year = $bits [ 3 ];
$bits = explode ( " : " , $time );
$hour = $bits [ 0 ];
$min = $bits [ 1 ];
$sec = $bits [ 2 ];
$date = gmmktime ( $hour , $min , $sec , $month , $day , $year );
$cert = trim ( `/usr/bin/openssl x509 -in $row[crt_name]` );
$bits = explode ( " = " , trim ( `/usr/bin/openssl x509 -serial -noout -in $row[crt_name]` ), 2 );
$serial = $bits [ 1 ];
$query = " update `orgdomaincerts` set `crt_name`=' $row[crt_name] ', `modified`=FROM_UNIXTIME(UNIX_TIMESTAMP()),
2004-10-24 00:10:26 +00:00
`serial` = '$serial' , `expire` = FROM_UNIXTIME ( $date ) where `id` = '".$row[' id ']."' " ;
mysql_query ( $query );
} else {
$query = " delete from `orgdomaincerts` where `id`=' " . $row [ 'id' ] . " ' " ;
2004-10-16 00:28:17 +00:00
mysql_query ( $query );
}
}
$query = " select * from `orgdomaincerts` where `revoked`='1970-01-01 10:00:01' " ;
$res = mysql_query ( $query );
while ( $row = mysql_fetch_assoc ( $res ))
{
2005-11-08 10:06:04 +00:00
if ( $row [ 'rootcert' ] == 2 )
2006-02-03 18:45:23 +00:00
$opensslcnf = " /etc/ssl/class3-server-org.cnf " ;
2005-11-08 10:06:04 +00:00
else
2006-02-03 18:45:23 +00:00
$opensslcnf = " /etc/ssl/openssl-server-org.cnf " ;
2005-11-08 10:06:04 +00:00
2005-11-20 08:16:55 +00:00
$do = `/usr/bin/openssl ca -md $row[md] -config $opensslcnf -key test -batch -revoke $row[crt_name] > /dev/null 2>&1` ;
$do = `/usr/bin/openssl ca -md $row[md] -config $opensslcnf -key test -batch -gencrl -crldays 7 -crlexts crl_ext -out /tmp/cacert-revoke.crl > /dev/null 2>&1` ;
2004-10-16 00:28:17 +00:00
$do = `/usr/bin/openssl crl -in /tmp/cacert-revoke.crl -outform DER -out ../www/revoke.crl > /dev/null 2>&1` ;
mysql_query ( " update `orgdomaincerts` set `revoked`=FROM_UNIXTIME(UNIX_TIMESTAMP()) where `id`=' $row[id] ' " );
}
2006-08-03 13:20:55 +00:00
flock ( $lck , LOCK_UN );
fclose ( $lck );
2004-10-16 00:28:17 +00:00
?>
