2004-10-16 00:28:17 +00:00
#!/usr/bin/php -q
< ? /*
Copyright ( C ) 2004 by Duane Groth < duane_at_CAcert_dot_org >
This file is part of CAcert .
CAcert has been released under a CAcert Source License
which can be found included with these source files or can
be downloaded from the internet from the following address :
http :// www . cacert . org / src - lic . php
CAcert is distributed WITHOUT ANY WARRANTY ; without even
the implied warranty of MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE . See the License for more details .
*/
$monarr = array ( " Jan " => 1 , " Feb " => 2 , " Mar " => 3 , " Apr " => 4 , " May " => 5 , " Jun " => 6 ,
" Jul " => 7 , " Aug " => 8 , " Sep " => 9 , " Oct " => 10 , " Nov " => 11 , " Dec " => 12 );
include_once ( " ../includes/mysql.php " );
$query = " select * from `emailcerts` where `crt_name`='' and `keytype`='NS' " ;
$res = mysql_query ( $query );
while ( $row = mysql_fetch_assoc ( $res ))
{
2004-10-29 01:02:13 +00:00
$row [ 'crt_name' ] = " ../crt/client- " . $row [ 'id' ] . " .crt " ;
2004-12-09 01:48:16 +00:00
if ( $row [ 'codesign' ] == 0 )
$opensslcnf = " /etc/ssl/openssl-client.cnf " ;
else
$opensslcnf = " /etc/ssl/openssl-client-codesign.cnf " ;
2004-10-16 00:28:17 +00:00
$days = 365 ;
2004-12-09 01:48:16 +00:00
$do = `echo "/usr/bin/openssl ca -config $opensslcnf -spkac $row[csr_name] -out $row[crt_name].der -days $days -key test -batch" > /tmp/test` ;
$do = `/usr/bin/openssl ca -config $opensslcnf -spkac $row[csr_name] -out $row[crt_name].der -days $days -key test -batch > /dev/null 2>&1` ;
2004-10-16 00:28:17 +00:00
$do = `/usr/bin/openssl x509 -inform DER -in $row[crt_name].der -outform PEM -out $row[crt_name] -text > /dev/null 2>&1` ;
$user = mysql_fetch_assoc ( mysql_query ( " select * from `users` where `id`=' $row[memid] ' " ));
2004-10-16 15:32:35 +00:00
if ( $user [ 'language' ] != " " )
{
$userlang = $user [ 'language' ];
putenv ( " LANG= " . $_SESSION [ '_config' ][ 'translations' ][ $userlang ]);
setlocale ( LC_ALL , $_SESSION [ '_config' ][ 'translations' ][ $userlang ]);
} else {
putenv ( " LANG=en_AU " );
setlocale ( LC_ALL , " en_AU " );
}
2004-10-16 00:28:17 +00:00
if ( filesize ( $row [ crt_name ]) > 0 )
{
$end = trim ( `/usr/bin/openssl x509 -in $row[crt_name] -noout -enddate` );
$bits = explode ( " = " , $end , 2 );
$end = trim ( $bits [ 1 ]);
while ( strstr ( $end , " " ))
$end = str_replace ( " " , " " , $end );
$bits = explode ( " " , $end );
$month = $bits [ 0 ];
$month = $monarr [ $month ];
$day = $bits [ 1 ];
$time = $bits [ 2 ];
$year = $bits [ 3 ];
$bits = explode ( " : " , $time );
$hour = $bits [ 0 ];
$min = $bits [ 1 ];
$sec = $bits [ 2 ];
$date = gmmktime ( $hour , $min , $sec , $month , $day , $year );
$bits = explode ( " = " , trim ( `/usr/bin/openssl x509 -serial -noout -in $row[crt_name]` ), 2 );
$serial = $bits [ 1 ];
$query = " update `emailcerts` set `crt_name`=' $row[crt_name] ', `modified`=FROM_UNIXTIME(UNIX_TIMESTAMP()),
2004-10-24 00:10:26 +00:00
`serial` = '$serial' , `expire` = FROM_UNIXTIME ( $date ) where `id` = '".$row[' id ']."' " ;
2004-10-16 00:28:17 +00:00
mysql_query ( $query );
$body = _ ( " Hi " ) . " $user[fname] , \n \n " ;
$body .= sprintf ( _ ( " You can collect your certificate for %s by going to the following location: " ) . " \n \n " , $row [ CN ]);
$body .= " https://www.cacert.org/account.php?id=6&cert= $row[id] \n \n " ;
$body .= _ ( " Best regards " ) . " \n " . _ ( " CAcert.org Support! " );
2004-12-09 01:48:16 +00:00
sendmail ( $user [ email ], " [CAcert.org] " . _ ( " Client Certificate " ), $body , " support@cacert.org " , " returns@cacert.org " , " " , " CAcert Support " );
2004-10-24 00:10:26 +00:00
} else {
$query = " delete from `emailcerts` where `id`=' " . $row [ 'id' ] . " ' " ;
2004-12-09 01:48:16 +00:00
mysql_query ( $query );
2004-10-16 00:28:17 +00:00
}
}
$query = " select * from `emailcerts` where `crt_name`='' and `keytype`='MS' " ;
$res = mysql_query ( $query );
while ( $row = mysql_fetch_assoc ( $res ))
{
2004-10-29 01:02:13 +00:00
$row [ 'crt_name' ] = " ../crt/client- " . $row [ 'id' ] . " .crt " ;
2004-12-09 01:48:16 +00:00
if ( $row [ 'codesign' ] == 0 )
$opensslcnf = " /etc/ssl/openssl-client.cnf " ;
else
$opensslcnf = " /etc/ssl/openssl-client-codesign.cnf " ;
2004-10-16 00:28:17 +00:00
$days = 365 ;
2004-12-09 01:48:16 +00:00
$do = `/usr/bin/openssl ca -config $opensslcnf -in $row[csr_name] -out $row[crt_name] -days $days -key test -batch -subj '$row[subject]' > /dev/null 2>&1` ;
2004-10-16 00:28:17 +00:00
$user = mysql_fetch_assoc ( mysql_query ( " select * from `users` where `id`=' $row[memid] ' " ));
2004-10-16 15:32:35 +00:00
if ( $user [ 'language' ] != " " )
{
$userlang = $user [ 'language' ];
putenv ( " LANG= " . $_SESSION [ '_config' ][ 'translations' ][ $userlang ]);
setlocale ( LC_ALL , $_SESSION [ '_config' ][ 'translations' ][ $userlang ]);
} else {
putenv ( " LANG=en_AU " );
setlocale ( LC_ALL , " en_AU " );
}
2004-10-16 00:28:17 +00:00
if ( filesize ( $row [ crt_name ]) > 0 )
{
$end = trim ( `/usr/bin/openssl x509 -in $row[crt_name] -noout -enddate` );
$bits = explode ( " = " , $end , 2 );
$end = trim ( $bits [ 1 ]);
while ( strstr ( $end , " " ))
$end = str_replace ( " " , " " , $end );
$bits = explode ( " " , $end );
$month = $bits [ 0 ];
$month = $monarr [ $month ];
$day = $bits [ 1 ];
$time = $bits [ 2 ];
$year = $bits [ 3 ];
$bits = explode ( " : " , $time );
$hour = $bits [ 0 ];
$min = $bits [ 1 ];
$sec = $bits [ 2 ];
$date = gmmktime ( $hour , $min , $sec , $month , $day , $year );
$bits = explode ( " = " , trim ( `/usr/bin/openssl x509 -serial -noout -in $row[crt_name]` ), 2 );
$serial = $bits [ 1 ];
$query = " update `emailcerts` set `crt_name`=' $row[crt_name] ', `modified`=FROM_UNIXTIME(UNIX_TIMESTAMP()),
2004-10-24 00:10:26 +00:00
`serial` = '$serial' , `expire` = FROM_UNIXTIME ( $date ) where `id` = '".$row[' id ']."' " ;
2004-10-16 00:28:17 +00:00
mysql_query ( $query );
$body = _ ( " Hi " ) . " $user[fname] , \n \n " ;
$body .= sprintf ( _ ( " You can collect your certificate for %s by going to the following location: " ) . " \n \n " , $row [ CN ]);
$body .= " https://www.cacert.org/account.php?id=6&cert= $row[id] \n \n " ;
$body .= _ ( " Best regards " ) . " \n " . _ ( " CAcert.org Support! " );
2004-12-09 01:48:16 +00:00
sendmail ( $user [ email ], " [CAcert.org] " . _ ( " Client Certificate " ), $body , " support@cacert.org " , " returns@cacert.org " , " " , " CAcert Support " );
2004-10-24 00:10:26 +00:00
} else {
$query = " delete from `emailcerts` where `id`=' " . $row [ 'id' ] . " ' " ;
mysql_query ( $query );
2004-10-16 00:28:17 +00:00
}
}
$query = " select * from `emailcerts` where `revoked`='1970-01-01 10:00:01' " ;
$res = mysql_query ( $query );
while ( $row = mysql_fetch_assoc ( $res ))
{
$do = `/usr/bin/openssl ca -config /etc/ssl/openssl-client.cnf -key test -batch -revoke $row[crt_name] > /dev/null 2>&1` ;
$do = `/usr/bin/openssl ca -config /etc/ssl/openssl-client.cnf -key test -batch -gencrl -crldays 7 -crlexts crl_ext -out /tmp/cacert-revoke.crl > /dev/null 2>&1` ;
$do = `/usr/bin/openssl crl -in /tmp/cacert-revoke.crl -outform DER -out ../www/revoke.crl > /dev/null 2>&1` ;
$user = mysql_fetch_assoc ( mysql_query ( " select * from `users` where `id`=' $row[memid] ' " ));
2004-10-16 15:32:35 +00:00
if ( $user [ 'language' ] != " " )
{
$userlang = $user [ 'language' ];
putenv ( " LANG= " . $_SESSION [ '_config' ][ 'translations' ][ $userlang ]);
setlocale ( LC_ALL , $_SESSION [ '_config' ][ 'translations' ][ $userlang ]);
} else {
putenv ( " LANG=en_AU " );
setlocale ( LC_ALL , " en_AU " );
}
2004-10-16 00:28:17 +00:00
mysql_query ( " update `emailcerts` set `revoked`=FROM_UNIXTIME(UNIX_TIMESTAMP()) where `id`=' $row[id] ' " );
$body = _ ( " Hi " ) . " $user[fname] , \n \n " ;
$body .= sprintf ( _ ( " Your certificate for %s has been revoked, as per request. " ) . " \n \n " , $row [ CN ]);
$body .= _ ( " Best regards " ) . " \n " . _ ( " CAcert.org Support! " );
2004-12-09 01:48:16 +00:00
sendmail ( $user [ email ], " [CAcert.org] " . sprintf ( _ ( " Certificate for %s has been revoked " ), $row [ 'CN' ]), $body , " support@cacert.org " , " returns@cacert.org " , " " , " CAcert Support " );
2004-10-16 00:28:17 +00:00
}
$query = " select * from `orgemailcerts` where `crt_name`='' and `keytype`='NS' " ;
$res = mysql_query ( $query );
while ( $row = mysql_fetch_assoc ( $res ))
{
2004-12-09 01:48:16 +00:00
$row [ 'crt_name' ] = " ../crt/orgclient- " . $row [ 'id' ] . " .crt " ;
2005-05-16 07:25:35 +00:00
// if($row['orgid'] == 1)
// $opensslcnf = "/etc/ssl/openssl-ocsp.cnf"; else
2004-12-09 01:48:16 +00:00
if ( $row [ 'codesign' ] == 0 )
$opensslcnf = " /etc/ssl/openssl-client.cnf " ;
else
$opensslcnf = " /etc/ssl/openssl-client-codesign.cnf " ;
2004-10-16 00:28:17 +00:00
$days = 365 ;
2005-05-16 07:25:35 +00:00
// echo "/usr/bin/openssl ca -config $opensslcnf -spkac $row[csr_name] -out $row[crt_name].der -days $days -key test -batch\n";
// echo "/usr/bin/openssl x509 -inform DER -in $row[crt_name].der -outform PEM -out $row[crt_name] -text\n";die;
2004-12-09 01:48:16 +00:00
$do = `/usr/bin/openssl ca -config $opensslcnf -spkac $row[csr_name] -out $row[crt_name].der -days $days -key test -batch > /dev/null 2>&1` ;
2004-10-16 00:28:17 +00:00
$do = `/usr/bin/openssl x509 -inform DER -in $row[crt_name].der -outform PEM -out $row[crt_name] -text > /dev/null 2>&1` ;
if ( filesize ( $row [ crt_name ]) > 0 )
{
$end = trim ( `/usr/bin/openssl x509 -in $row[crt_name] -noout -enddate` );
$bits = explode ( " = " , $end , 2 );
$end = trim ( $bits [ 1 ]);
while ( strstr ( $end , " " ))
$end = str_replace ( " " , " " , $end );
$bits = explode ( " " , $end );
$month = $bits [ 0 ];
$month = $monarr [ $month ];
$day = $bits [ 1 ];
$time = $bits [ 2 ];
$year = $bits [ 3 ];
$bits = explode ( " : " , $time );
$hour = $bits [ 0 ];
$min = $bits [ 1 ];
$sec = $bits [ 2 ];
$date = gmmktime ( $hour , $min , $sec , $month , $day , $year );
$bits = explode ( " = " , trim ( `/usr/bin/openssl x509 -serial -noout -in $row[crt_name]` ), 2 );
$serial = $bits [ 1 ];
$query = " update `orgemailcerts` set `crt_name`=' $row[crt_name] ', `modified`=FROM_UNIXTIME(UNIX_TIMESTAMP()),
`serial` = '$serial' , `expire` = FROM_UNIXTIME ( $date ) where `id` = '$row[id]' " ;
mysql_query ( $query );
2004-10-24 00:10:26 +00:00
} else {
$query = " delete from `orgemailcerts` where `id`=' " . $row [ 'id' ] . " ' " ;
mysql_query ( $query );
2004-10-16 00:28:17 +00:00
}
}
$query = " select * from `orgemailcerts` where `crt_name`='' and `keytype`='MS' " ;
$res = mysql_query ( $query );
while ( $row = mysql_fetch_assoc ( $res ))
{
2004-12-09 01:48:16 +00:00
$row [ 'crt_name' ] = " ../crt/orgclient- " . $row [ 'id' ] . " .crt " ;
if ( $row [ 'codesign' ] == 0 )
$opensslcnf = " /etc/ssl/openssl-client.cnf " ;
else
$opensslcnf = " /etc/ssl/openssl-client-codesign.cnf " ;
2004-10-16 00:28:17 +00:00
$days = 365 ;
2004-12-09 01:48:16 +00:00
$do = `/usr/bin/openssl ca -config $opensslcnf -in $row[csr_name] -out $row[crt_name] -days $days -key test -batch -subj '$row[subject]' > /dev/null 2>&1` ;
2004-10-16 00:28:17 +00:00
if ( filesize ( $row [ crt_name ]) > 0 )
{
$end = trim ( `/usr/bin/openssl x509 -in $row[crt_name] -noout -enddate` );
$bits = explode ( " = " , $end , 2 );
$end = trim ( $bits [ 1 ]);
while ( strstr ( $end , " " ))
$end = str_replace ( " " , " " , $end );
$bits = explode ( " " , $end );
$month = $bits [ 0 ];
$month = $monarr [ $month ];
$day = $bits [ 1 ];
$time = $bits [ 2 ];
$year = $bits [ 3 ];
$bits = explode ( " : " , $time );
$hour = $bits [ 0 ];
$min = $bits [ 1 ];
$sec = $bits [ 2 ];
$date = gmmktime ( $hour , $min , $sec , $month , $day , $year );
$bits = explode ( " = " , trim ( `/usr/bin/openssl x509 -serial -noout -in $row[crt_name]` ), 2 );
$serial = $bits [ 1 ];
$query = " update `orgemailcerts` set `crt_name`=' $row[crt_name] ', `modified`=FROM_UNIXTIME(UNIX_TIMESTAMP()),
`serial` = '$serial' , `expire` = FROM_UNIXTIME ( $date ) where `id` = '$row[id]' " ;
mysql_query ( $query );
2004-10-24 00:10:26 +00:00
} else {
$query = " delete from `orgemailcerts` where `id`=' " . $row [ 'id' ] . " ' " ;
mysql_query ( $query );
2004-10-16 00:28:17 +00:00
}
}
$query = " select * from `orgemailcerts` where `revoked`='1970-01-01 10:00:01' " ;
$res = mysql_query ( $query );
while ( $row = mysql_fetch_assoc ( $res ))
{
$do = `/usr/bin/openssl ca -config /etc/ssl/openssl-client.cnf -key test -batch -revoke $row[crt_name] > /dev/null 2>&1` ;
$do = `/usr/bin/openssl ca -config /etc/ssl/openssl-client.cnf -key test -batch -gencrl -crldays 7 -crlexts crl_ext -out /tmp/cacert-revoke.crl > /dev/null 2>&1` ;
$do = `/usr/bin/openssl crl -in /tmp/cacert-revoke.crl -outform DER -out ../www/revoke.crl > /dev/null 2>&1` ;
$user = mysql_fetch_assoc ( mysql_query ( " select * from `users` where `id`=' $row[memid] ' " ));
2004-10-16 15:32:35 +00:00
if ( $user [ 'language' ] != " " )
{
$userlang = $user [ 'language' ];
putenv ( " LANG= " . $_SESSION [ '_config' ][ 'translations' ][ $userlang ]);
setlocale ( LC_ALL , $_SESSION [ '_config' ][ 'translations' ][ $userlang ]);
} else {
putenv ( " LANG=en_AU " );
setlocale ( LC_ALL , " en_AU " );
}
2004-10-16 00:28:17 +00:00
mysql_query ( " update `orgemailcerts` set `revoked`=FROM_UNIXTIME(UNIX_TIMESTAMP()) where `id`=' $row[id] ' " );
$body = _ ( " Hi " ) . " $user[fname] , \n \n " ;
$body .= sprintf ( _ ( " Your certificate for %s has been revoked, as per request. " ) . " \n \n " , $row [ CN ]);
$body .= _ ( " Best regards " ) . " \n " . _ ( " CAcert.org Support! " );
2004-12-09 01:48:16 +00:00
sendmail ( $user [ email ], " [CAcert.org] " . sprintf ( _ ( " Certificate for %s has been revoked " ), $row [ 'CN' ]), $body , " support@cacert.org " , " returns@cacert.org " , " " , " CAcert Support " );
2004-10-16 00:28:17 +00:00
}
?>