cacert-webdb/scripts/clientcerts.php

202 lines
9.3 KiB
PHP
Raw Normal View History

2004-10-16 00:28:17 +00:00
#!/usr/bin/php -q
<? /*
Copyright (C) 2004 by Duane Groth <duane_at_CAcert_dot_org>
This file is part of CAcert.
CAcert has been released under a CAcert Source License
which can be found included with these source files or can
be downloaded from the internet from the following address:
http://www.cacert.org/src-lic.php
CAcert is distributed WITHOUT ANY WARRANTY; without even
the implied warranty of MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE. See the License for more details.
*/
$monarr = array("Jan" => 1, "Feb" => 2, "Mar" => 3, "Apr" => 4, "May" => 5, "Jun" => 6,
"Jul" => 7, "Aug" => 8, "Sep" => 9, "Oct" => 10, "Nov" => 11, "Dec" => 12);
include_once("../includes/mysql.php");
$query = "select * from `emailcerts` where `crt_name`='' and `keytype`='NS'";
$res = mysql_query($query);
while($row = mysql_fetch_assoc($res))
{
$row[crt_name] = "../crt/email-$row[id].crt";
$days = 365;
$do = `/usr/bin/openssl ca -config /etc/ssl/openssl-client.cnf -spkac $row[csr_name] -out $row[crt_name].der -days $days -key test -batch > /dev/null 2>&1`;
$do = `/usr/bin/openssl x509 -inform DER -in $row[crt_name].der -outform PEM -out $row[crt_name] -text > /dev/null 2>&1`;
$user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='$row[memid]'"));
if(filesize($row[crt_name]) > 0)
{
$end = trim(`/usr/bin/openssl x509 -in $row[crt_name] -noout -enddate`);
$bits = explode("=", $end, 2);
$end = trim($bits[1]);
while(strstr($end, " "))
$end = str_replace(" ", " ", $end);
$bits = explode(" ", $end);
$month = $bits[0];
$month = $monarr[$month];
$day = $bits[1];
$time = $bits[2];
$year = $bits[3];
$bits = explode(":", $time);
$hour = $bits[0];
$min = $bits[1];
$sec = $bits[2];
$date = gmmktime($hour, $min, $sec, $month, $day, $year);
$bits = explode("=", trim(`/usr/bin/openssl x509 -serial -noout -in $row[crt_name]`), 2);
$serial = $bits[1];
$query = "update `emailcerts` set `crt_name`='$row[crt_name]', `modified`=FROM_UNIXTIME(UNIX_TIMESTAMP()),
`serial`='$serial', `expire`=FROM_UNIXTIME($date) where `id`='$row[id]'";
mysql_query($query);
$body = _("Hi")." $user[fname],\n\n";
$body .= sprintf(_("You can collect your certificate for %s by going to the following location:")."\n\n", $row[CN]);
$body .= "https://www.cacert.org/account.php?id=6&cert=$row[id]\n\n";
$body .= _("Best regards")."\n"._("CAcert.org Support!");
mail($user[email], "[CAcert.org] Client Certificate", $body, "From: Support <duane@cacert.org>\nErrors-To: returns@cacert.org");
}
}
$query = "select * from `emailcerts` where `crt_name`='' and `keytype`='MS'";
$res = mysql_query($query);
while($row = mysql_fetch_assoc($res))
{
$row[crt_name] = "../crt/email-$row[id].crt";
$days = 365;
$do = `/usr/bin/openssl ca -config /etc/ssl/openssl-client.cnf -in $row[csr_name] -out $row[crt_name] -days $days -key test -batch -subj '$row[subject]' > /dev/null 2>&1`;
$user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='$row[memid]'"));
if(filesize($row[crt_name]) > 0)
{
$end = trim(`/usr/bin/openssl x509 -in $row[crt_name] -noout -enddate`);
$bits = explode("=", $end, 2);
$end = trim($bits[1]);
while(strstr($end, " "))
$end = str_replace(" ", " ", $end);
$bits = explode(" ", $end);
$month = $bits[0];
$month = $monarr[$month];
$day = $bits[1];
$time = $bits[2];
$year = $bits[3];
$bits = explode(":", $time);
$hour = $bits[0];
$min = $bits[1];
$sec = $bits[2];
$date = gmmktime($hour, $min, $sec, $month, $day, $year);
$bits = explode("=", trim(`/usr/bin/openssl x509 -serial -noout -in $row[crt_name]`), 2);
$serial = $bits[1];
$query = "update `emailcerts` set `crt_name`='$row[crt_name]', `modified`=FROM_UNIXTIME(UNIX_TIMESTAMP()),
`serial`='$serial', `expire`=FROM_UNIXTIME($date) where `id`='$row[id]'";
mysql_query($query);
$body = _("Hi")." $user[fname],\n\n";
$body .= sprintf(_("You can collect your certificate for %s by going to the following location:")."\n\n", $row[CN]);
$body .= "https://www.cacert.org/account.php?id=6&cert=$row[id]\n\n";
$body .= _("Best regards")."\n"._("CAcert.org Support!");
mail($user[email], "[CAcert.org] Client Certificate", $body, "From: Support <duane@cacert.org>\nErrors-To: returns@cacert.org");
}
}
$query = "select * from `emailcerts` where `revoked`='1970-01-01 10:00:01'";
$res = mysql_query($query);
while($row = mysql_fetch_assoc($res))
{
$do = `/usr/bin/openssl ca -config /etc/ssl/openssl-client.cnf -key test -batch -revoke $row[crt_name] > /dev/null 2>&1`;
$do = `/usr/bin/openssl ca -config /etc/ssl/openssl-client.cnf -key test -batch -gencrl -crldays 7 -crlexts crl_ext -out /tmp/cacert-revoke.crl > /dev/null 2>&1`;
$do = `/usr/bin/openssl crl -in /tmp/cacert-revoke.crl -outform DER -out ../www/revoke.crl > /dev/null 2>&1`;
$user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='$row[memid]'"));
mysql_query("update `emailcerts` set `revoked`=FROM_UNIXTIME(UNIX_TIMESTAMP()) where `id`='$row[id]'");
$body = _("Hi")." $user[fname],\n\n";
$body .= sprintf(_("Your certificate for %s has been revoked, as per request.")."\n\n", $row[CN]);
$body .= _("Best regards")."\n"._("CAcert.org Support!");
mail($user[email], "[CAcert.org] Certificate for $row[CN] has been revoked", $body, "From: Support <duane@cacert.org>\nErrors-To: returns@cacert.org");
}
$query = "select * from `orgemailcerts` where `crt_name`='' and `keytype`='NS'";
$res = mysql_query($query);
while($row = mysql_fetch_assoc($res))
{
$row[crt_name] = "../crt/orgemail-$row[id].crt";
$days = 365;
$do = `/usr/bin/openssl ca -config /etc/ssl/openssl-client.cnf -spkac $row[csr_name] -out $row[crt_name].der -days $days -key test -batch > /dev/null 2>&1`;
$do = `/usr/bin/openssl x509 -inform DER -in $row[crt_name].der -outform PEM -out $row[crt_name] -text > /dev/null 2>&1`;
if(filesize($row[crt_name]) > 0)
{
$end = trim(`/usr/bin/openssl x509 -in $row[crt_name] -noout -enddate`);
$bits = explode("=", $end, 2);
$end = trim($bits[1]);
while(strstr($end, " "))
$end = str_replace(" ", " ", $end);
$bits = explode(" ", $end);
$month = $bits[0];
$month = $monarr[$month];
$day = $bits[1];
$time = $bits[2];
$year = $bits[3];
$bits = explode(":", $time);
$hour = $bits[0];
$min = $bits[1];
$sec = $bits[2];
$date = gmmktime($hour, $min, $sec, $month, $day, $year);
$bits = explode("=", trim(`/usr/bin/openssl x509 -serial -noout -in $row[crt_name]`), 2);
$serial = $bits[1];
$query = "update `orgemailcerts` set `crt_name`='$row[crt_name]', `modified`=FROM_UNIXTIME(UNIX_TIMESTAMP()),
`serial`='$serial', `expire`=FROM_UNIXTIME($date) where `id`='$row[id]'";
mysql_query($query);
}
}
$query = "select * from `orgemailcerts` where `crt_name`='' and `keytype`='MS'";
$res = mysql_query($query);
while($row = mysql_fetch_assoc($res))
{
$row[crt_name] = "../crt/orgemail-$row[id].crt";
$days = 365;
$do = `/usr/bin/openssl ca -config /etc/ssl/openssl-client.cnf -in $row[csr_name] -out $row[crt_name] -days $days -key test -batch -subj '$row[subject]' > /dev/null 2>&1`;
if(filesize($row[crt_name]) > 0)
{
$end = trim(`/usr/bin/openssl x509 -in $row[crt_name] -noout -enddate`);
$bits = explode("=", $end, 2);
$end = trim($bits[1]);
while(strstr($end, " "))
$end = str_replace(" ", " ", $end);
$bits = explode(" ", $end);
$month = $bits[0];
$month = $monarr[$month];
$day = $bits[1];
$time = $bits[2];
$year = $bits[3];
$bits = explode(":", $time);
$hour = $bits[0];
$min = $bits[1];
$sec = $bits[2];
$date = gmmktime($hour, $min, $sec, $month, $day, $year);
$bits = explode("=", trim(`/usr/bin/openssl x509 -serial -noout -in $row[crt_name]`), 2);
$serial = $bits[1];
$query = "update `orgemailcerts` set `crt_name`='$row[crt_name]', `modified`=FROM_UNIXTIME(UNIX_TIMESTAMP()),
`serial`='$serial', `expire`=FROM_UNIXTIME($date) where `id`='$row[id]'";
mysql_query($query);
}
}
$query = "select * from `orgemailcerts` where `revoked`='1970-01-01 10:00:01'";
$res = mysql_query($query);
while($row = mysql_fetch_assoc($res))
{
$do = `/usr/bin/openssl ca -config /etc/ssl/openssl-client.cnf -key test -batch -revoke $row[crt_name] > /dev/null 2>&1`;
$do = `/usr/bin/openssl ca -config /etc/ssl/openssl-client.cnf -key test -batch -gencrl -crldays 7 -crlexts crl_ext -out /tmp/cacert-revoke.crl > /dev/null 2>&1`;
$do = `/usr/bin/openssl crl -in /tmp/cacert-revoke.crl -outform DER -out ../www/revoke.crl > /dev/null 2>&1`;
$user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='$row[memid]'"));
mysql_query("update `orgemailcerts` set `revoked`=FROM_UNIXTIME(UNIX_TIMESTAMP()) where `id`='$row[id]'");
$body = _("Hi")." $user[fname],\n\n";
$body .= sprintf(_("Your certificate for %s has been revoked, as per request.")."\n\n", $row[CN]);
$body .= _("Best regards")."\n"._("CAcert.org Support!");
mail($user[email], "[CAcert.org] Certificate for $row[CN] has been revoked", $body, "From: Support <duane@cacert.org>\nErrors-To: returns@cacert.org");
}
?>