From 085d979ff5140ddd9edbea9789bb04f565c52a48 Mon Sep 17 00:00:00 2001 From: root Date: Wed, 28 Feb 2007 17:22:21 +0000 Subject: [PATCH] Moved to new CommModule --- scripts/clientcerts.php | 321 +--------------------------------------- 1 file changed, 1 insertion(+), 320 deletions(-) diff --git a/scripts/clientcerts.php b/scripts/clientcerts.php index f64181f..44f7bac 100755 --- a/scripts/clientcerts.php +++ b/scripts/clientcerts.php @@ -1,320 +1 @@ -#!/usr/bin/php -q - - - This file is part of CAcert. - - CAcert has been released under a CAcert Source License - which can be found included with these source files or can - be downloaded from the internet from the following address: - http://www.cacert.org/src-lic.php - - CAcert is distributed WITHOUT ANY WARRANTY; without even - the implied warranty of MERCHANTABILITY or FITNESS FOR A - PARTICULAR PURPOSE. See the License for more details. -*/ - - $lck = fopen('/tmp/SslLock', 'w'); - while(flock($lck, LOCK_EX) < 0) - sleep(rand(100000,200000)); - - $monarr = array('Jan' => 1, 'Feb' => 2, 'Mar' => 3, 'Apr' => 4, 'May' => 5, 'Jun' => 6, - 'Jul' => 7, 'Aug' => 8, 'Sep' => 9, 'Oct' => 10, 'Nov' => 11, 'Dec' => 12); - - include_once('/www/includes/mysql.php'); - - $query = "select * from `emailcerts` where `crt_name`='' and `keytype`='NS'"; - $res = mysql_query($query); - while($row = mysql_fetch_assoc($res)) - { - $row['crt_name'] = "/www/crt/client-".$row['id'].".crt"; - if($row['codesign'] == 0) - $opensslcnf = "/etc/ssl/openssl-client.cnf"; - else - $opensslcnf = "/etc/ssl/openssl-client-codesign.cnf"; - - if($row['codesign'] == 0 && $row['rootcert'] == 2) - $opensslcnf = "/etc/ssl/class3-client.cnf"; - else if($row['codesign'] != 0 && $row['rootcert'] == 2) - $opensslcnf = "/etc/ssl/class3-client-codesign.cnf"; - - $days = 365; -//echo "echo \"/usr/bin/openssl ca -md $row[md] -config $opensslcnf -spkac $row[csr_name] -out $row[crt_name].der -days $days -key test -batch\"\n"; - $do = `echo "/usr/bin/openssl ca -md $row[md] -config $opensslcnf -spkac $row[csr_name] -out $row[crt_name].der -days $days -key test -batch" > /tmp/test`; - $do = `/usr/bin/openssl ca -md $row[md] -config $opensslcnf -spkac $row[csr_name] -out $row[crt_name].der -days $days -key test -batch > /dev/null 2>&1`; - $do = `/usr/bin/openssl x509 -inform DER -in $row[crt_name].der -outform PEM -out $row[crt_name] -text > /dev/null 2>&1`; - $user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='$row[memid]'")); - if($user['language'] != "") - { - $userlang = $user['language']; - putenv("LANG=".$_SESSION['_config']['translations'][$userlang]); - setlocale(LC_ALL, $_SESSION['_config']['translations'][$userlang]); - } else { - putenv("LANG=en_AU"); - setlocale(LC_ALL, "en_AU"); - } - if(filesize($row[crt_name]) > 0) - { - $end = trim(`/usr/bin/openssl x509 -in $row[crt_name] -noout -enddate`); - $bits = explode("=", $end, 2); - $end = trim($bits[1]); - - while(strstr($end, " ")) - $end = str_replace(" ", " ", $end); - $bits = explode(" ", $end); - $month = $bits[0]; - $month = $monarr[$month]; - $day = $bits[1]; - $time = $bits[2]; - $year = $bits[3]; - $bits = explode(":", $time); - $hour = $bits[0]; - $min = $bits[1]; - $sec = $bits[2]; - $date = gmmktime($hour, $min, $sec, $month, $day, $year); - $bits = explode("=", trim(`/usr/bin/openssl x509 -serial -noout -in $row[crt_name]`), 2); - $serial = $bits[1]; - $query = "update `emailcerts` set `crt_name`='$row[crt_name]', `modified`=FROM_UNIXTIME(UNIX_TIMESTAMP()), - `serial`='$serial', `expire`=FROM_UNIXTIME($date) where `id`='".$row['id']."'"; - mysql_query($query); - $body = _("Hi")." $user[fname],\n\n"; - $body .= sprintf(_("You can collect your certificate for %s by going to the following location:")."\n\n", $row[CN]); - $body .= "https://www.cacert.org/account.php?id=6&cert=$row[id]\n\n"; - $body .= _("Best regards")."\n"._("CAcert.org Support!"); - sendmail($user[email], "[CAcert.org] "._("Client Certificate"), $body, "support@cacert.org", "", "", "CAcert Support"); - } else { - $query = "delete from `emailcerts` where `id`='".$row['id']."'"; - mysql_query($query); - } - } - - $query = "select * from `emailcerts` where `crt_name`='' and `keytype`='MS'"; - $res = mysql_query($query); - while($row = mysql_fetch_assoc($res)) - { - $row['crt_name'] = "/www/crt/client-".$row['id'].".crt"; - if($row['codesign'] == 0) - $opensslcnf = "/etc/ssl/openssl-client.cnf"; - else - $opensslcnf = "/etc/ssl/openssl-client-codesign.cnf"; - - if($row['codesign'] == 0 && $row['rootcert'] == 2) - $opensslcnf = "/etc/ssl/class3-client.cnf"; - else if($row['codesign'] != 0 && $row['rootcert'] == 2) - $opensslcnf = "/etc/ssl/class3-client-codesign.cnf"; - - $days = 365; -// echo "/usr/bin/openssl ca -md $row[md] -config $opensslcnf -in $row[csr_name] -out $row[crt_name] -days $days -key test -batch -subj '$row[subject]'\n"; - $do = `/usr/bin/openssl ca -md $row[md] -config $opensslcnf -in $row[csr_name] -out $row[crt_name] -days $days -key test -batch -subj '$row[subject]' > /dev/null 2>&1`; - $user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='$row[memid]'")); - if($user['language'] != "") - { - $userlang = $user['language']; - putenv("LANG=".$_SESSION['_config']['translations'][$userlang]); - setlocale(LC_ALL, $_SESSION['_config']['translations'][$userlang]); - } else { - putenv("LANG=en_AU"); - setlocale(LC_ALL, "en_AU"); - } - if(filesize($row[crt_name]) > 0) - { - $end = trim(`/usr/bin/openssl x509 -in $row[crt_name] -noout -enddate`); - $bits = explode("=", $end, 2); - $end = trim($bits[1]); - - while(strstr($end, " ")) - $end = str_replace(" ", " ", $end); - $bits = explode(" ", $end); - $month = $bits[0]; - $month = $monarr[$month]; - $day = $bits[1]; - $time = $bits[2]; - $year = $bits[3]; - $bits = explode(":", $time); - $hour = $bits[0]; - $min = $bits[1]; - $sec = $bits[2]; - $date = gmmktime($hour, $min, $sec, $month, $day, $year); - $bits = explode("=", trim(`/usr/bin/openssl x509 -serial -noout -in $row[crt_name]`), 2); - $serial = $bits[1]; - $query = "update `emailcerts` set `crt_name`='$row[crt_name]', `modified`=FROM_UNIXTIME(UNIX_TIMESTAMP()), - `serial`='$serial', `expire`=FROM_UNIXTIME($date) where `id`='".$row['id']."'"; - mysql_query($query); - $body = _("Hi")." $user[fname],\n\n"; - $body .= sprintf(_("You can collect your certificate for %s by going to the following location:")."\n\n", $row[CN]); - $body .= "https://www.cacert.org/account.php?id=6&cert=$row[id]\n\n"; - $body .= _("Best regards")."\n"._("CAcert.org Support!"); - sendmail($user[email], "[CAcert.org] "._("Client Certificate"), $body, "support@cacert.org", "", "", "CAcert Support"); - } else { - $query = "delete from `emailcerts` where `id`='".$row['id']."'"; - mysql_query($query); - } - } - - $query = "select * from `emailcerts` where `revoked`='1970-01-01 10:00:01'"; - $res = mysql_query($query); - while($row = mysql_fetch_assoc($res)) - { - if($row['rootcert'] == 2) - { - $opensslcnf = "/etc/ssl/class3-client.cnf"; - $revokecrl = "/www/www/class3-revoke.crl"; - } else { - $opensslcnf = "/etc/ssl/openssl-client.cnf"; - $revokecrl = "/www/www/revoke.crl"; - } - - $do = `/usr/bin/openssl ca -md $row[md] -config $opensslcnf -key test -batch -revoke $row[crt_name] > /dev/null 2>&1`; - $do = `/usr/bin/openssl ca -md $row[md] -config $opensslcnf -key test -batch -gencrl -crldays 7 -crlexts crl_ext -out /tmp/cacert-revoke.crl > /dev/null 2>&1`; - $do = `/usr/bin/openssl crl -in /tmp/cacert-revoke.crl -outform DER -out $revokecrl > /dev/null 2>&1`; - $user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='$row[memid]'")); - if($user['language'] != "") - { - $userlang = $user['language']; - putenv("LANG=".$_SESSION['_config']['translations'][$userlang]); - setlocale(LC_ALL, $_SESSION['_config']['translations'][$userlang]); - } else { - putenv("LANG=en_AU"); - setlocale(LC_ALL, "en_AU"); - } - mysql_query("update `emailcerts` set `revoked`=FROM_UNIXTIME(UNIX_TIMESTAMP()) where `id`='$row[id]'"); - $body = _("Hi")." $user[fname],\n\n"; - $body .= sprintf(_("Your certificate for %s has been revoked, as per request.")."\n\n", $row[CN]); - $body .= _("Best regards")."\n"._("CAcert.org Support!"); - sendmail($user[email], "[CAcert.org] ".sprintf(_("Certificate for %s has been revoked"), $row['CN']), $body, "support@cacert.org", "", "", "CAcert Support"); - } - - $query = "select * from `orgemailcerts` where `crt_name`='' and `keytype`='NS'"; - $res = mysql_query($query); - while($row = mysql_fetch_assoc($res)) - { - $row['crt_name'] = "/www/crt/orgclient-".$row['id'].".crt"; -// if($row['orgid'] == 1) -// $opensslcnf = "/etc/ssl/openssl-ocsp.cnf"; else - if($row['codesign'] == 0) - $opensslcnf = "/etc/ssl/openssl-client.cnf"; - else - $opensslcnf = "/etc/ssl/openssl-client-codesign.cnf"; - - if($row['codesign'] == 0 && $row['rootcert'] == 2) - $opensslcnf = "/etc/ssl/class3-client.cnf"; - else if($row['codesign'] != 0 && $row['rootcert'] == 2) - $opensslcnf = "/etc/ssl/class3-client-codesign.cnf"; - $days = 365; -// echo "/usr/bin/openssl ca -md $row[md] -config $opensslcnf -spkac $row[csr_name] -out $row[crt_name].der -days $days -key test -batch\n"; -// echo "/usr/bin/openssl x509 -inform DER -in $row[crt_name].der -outform PEM -out $row[crt_name] -text\n";die; - $do = `/usr/bin/openssl ca -md $row[md] -config $opensslcnf -spkac $row[csr_name] -out $row[crt_name].der -days $days -key test -batch > /dev/null 2>&1`; - $do = `/usr/bin/openssl x509 -inform DER -in $row[crt_name].der -outform PEM -out $row[crt_name] -text > /dev/null 2>&1`; - if(filesize($row[crt_name]) > 0) - { - $end = trim(`/usr/bin/openssl x509 -in $row[crt_name] -noout -enddate`); - $bits = explode("=", $end, 2); - $end = trim($bits[1]); - - while(strstr($end, " ")) - $end = str_replace(" ", " ", $end); - $bits = explode(" ", $end); - $month = $bits[0]; - $month = $monarr[$month]; - $day = $bits[1]; - $time = $bits[2]; - $year = $bits[3]; - $bits = explode(":", $time); - $hour = $bits[0]; - $min = $bits[1]; - $sec = $bits[2]; - $date = gmmktime($hour, $min, $sec, $month, $day, $year); - $bits = explode("=", trim(`/usr/bin/openssl x509 -serial -noout -in $row[crt_name]`), 2); - $serial = $bits[1]; - $query = "update `orgemailcerts` set `crt_name`='$row[crt_name]', `modified`=FROM_UNIXTIME(UNIX_TIMESTAMP()), - `serial`='$serial', `expire`=FROM_UNIXTIME($date) where `id`='$row[id]'"; - mysql_query($query); - } else { - $query = "delete from `orgemailcerts` where `id`='".$row['id']."'"; - mysql_query($query); - } - } - - $query = "select * from `orgemailcerts` where `crt_name`='' and `keytype`='MS'"; - $res = mysql_query($query); - while($row = mysql_fetch_assoc($res)) - { - $row['crt_name'] = "/www/crt/orgclient-".$row['id'].".crt"; - if($row['codesign'] == 0) - $opensslcnf = "/etc/ssl/openssl-client.cnf"; - else - $opensslcnf = "/etc/ssl/openssl-client-codesign.cnf"; - - if($row['codesign'] == 0 && $row['rootcert'] == 2) - $opensslcnf = "/etc/ssl/class3-client.cnf"; - else if($row['codesign'] != 0 && $row['rootcert'] == 2) - $opensslcnf = "/etc/ssl/class3-client-codesign.cnf"; - - $days = 365; - $do = `/usr/bin/openssl ca -md $row[md] -config $opensslcnf -in $row[csr_name] -out $row[crt_name] -days $days -key test -batch -subj '$row[subject]' > /dev/null 2>&1`; - if(filesize($row[crt_name]) > 0) - { - $end = trim(`/usr/bin/openssl x509 -in $row[crt_name] -noout -enddate`); - $bits = explode("=", $end, 2); - $end = trim($bits[1]); - - while(strstr($end, " ")) - $end = str_replace(" ", " ", $end); - $bits = explode(" ", $end); - $month = $bits[0]; - $month = $monarr[$month]; - $day = $bits[1]; - $time = $bits[2]; - $year = $bits[3]; - $bits = explode(":", $time); - $hour = $bits[0]; - $min = $bits[1]; - $sec = $bits[2]; - $date = gmmktime($hour, $min, $sec, $month, $day, $year); - $bits = explode("=", trim(`/usr/bin/openssl x509 -serial -noout -in $row[crt_name]`), 2); - $serial = $bits[1]; - $query = "update `orgemailcerts` set `crt_name`='$row[crt_name]', `modified`=FROM_UNIXTIME(UNIX_TIMESTAMP()), - `serial`='$serial', `expire`=FROM_UNIXTIME($date) where `id`='$row[id]'"; - mysql_query($query); - } else { - $query = "delete from `orgemailcerts` where `id`='".$row['id']."'"; - mysql_query($query); - } - } - - $query = "select * from `orgemailcerts` where `revoked`='1970-01-01 10:00:01'"; - $res = mysql_query($query); - while($row = mysql_fetch_assoc($res)) - { - if($row['rootcert'] == 2) - { - $opensslcnf = "/etc/ssl/class3-client.cnf"; - $revokecrl = "/www/www/class3-revoke.crl"; - } else { - $opensslcnf = "/etc/ssl/openssl-client.cnf"; - $revokecrl = "/www/www/revoke.crl"; - } - - $do = `/usr/bin/openssl ca -md $row[md] -config $opensslcnf -key test -batch -revoke $row[crt_name] > /dev/null 2>&1`; - $do = `/usr/bin/openssl ca -md $row[md] -config $opensslcnf -key test -batch -gencrl -crldays 7 -crlexts crl_ext -out /tmp/cacert-revoke.crl > /dev/null 2>&1`; - $do = `/usr/bin/openssl crl -in /tmp/cacert-revoke.crl -outform DER -out $revokecrl > /dev/null 2>&1`; - $user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='$row[memid]'")); - if($user['language'] != "") - { - $userlang = $user['language']; - putenv("LANG=".$_SESSION['_config']['translations'][$userlang]); - setlocale(LC_ALL, $_SESSION['_config']['translations'][$userlang]); - } else { - putenv("LANG=en_AU"); - setlocale(LC_ALL, "en_AU"); - } - mysql_query("update `orgemailcerts` set `revoked`=FROM_UNIXTIME(UNIX_TIMESTAMP()) where `id`='$row[id]'"); - $body = _("Hi")." $user[fname],\n\n"; - $body .= sprintf(_("Your certificate for %s has been revoked, as per request.")."\n\n", $row[CN]); - $body .= _("Best regards")."\n"._("CAcert.org Support!"); - sendmail($user[email], "[CAcert.org] ".sprintf(_("Certificate for %s has been revoked"), $row['CN']), $body, "support@cacert.org", "", "", "CAcert Support"); - } - - flock($lck, LOCK_UN); - fclose($lck); -?> +