Moved to new CommModule
This commit is contained in:
parent
4639be680d
commit
085d979ff5
1 changed files with 1 additions and 320 deletions
|
@ -1,320 +1 @@
|
||||||
#!/usr/bin/php -q
|
<? sleep(30); ?>
|
||||||
<? /*
|
|
||||||
Copyright (C) 2004 by Duane Groth <duane_at_CAcert_dot_org>
|
|
||||||
|
|
||||||
This file is part of CAcert.
|
|
||||||
|
|
||||||
CAcert has been released under a CAcert Source License
|
|
||||||
which can be found included with these source files or can
|
|
||||||
be downloaded from the internet from the following address:
|
|
||||||
http://www.cacert.org/src-lic.php
|
|
||||||
|
|
||||||
CAcert is distributed WITHOUT ANY WARRANTY; without even
|
|
||||||
the implied warranty of MERCHANTABILITY or FITNESS FOR A
|
|
||||||
PARTICULAR PURPOSE. See the License for more details.
|
|
||||||
*/
|
|
||||||
|
|
||||||
$lck = fopen('/tmp/SslLock', 'w');
|
|
||||||
while(flock($lck, LOCK_EX) < 0)
|
|
||||||
sleep(rand(100000,200000));
|
|
||||||
|
|
||||||
$monarr = array('Jan' => 1, 'Feb' => 2, 'Mar' => 3, 'Apr' => 4, 'May' => 5, 'Jun' => 6,
|
|
||||||
'Jul' => 7, 'Aug' => 8, 'Sep' => 9, 'Oct' => 10, 'Nov' => 11, 'Dec' => 12);
|
|
||||||
|
|
||||||
include_once('/www/includes/mysql.php');
|
|
||||||
|
|
||||||
$query = "select * from `emailcerts` where `crt_name`='' and `keytype`='NS'";
|
|
||||||
$res = mysql_query($query);
|
|
||||||
while($row = mysql_fetch_assoc($res))
|
|
||||||
{
|
|
||||||
$row['crt_name'] = "/www/crt/client-".$row['id'].".crt";
|
|
||||||
if($row['codesign'] == 0)
|
|
||||||
$opensslcnf = "/etc/ssl/openssl-client.cnf";
|
|
||||||
else
|
|
||||||
$opensslcnf = "/etc/ssl/openssl-client-codesign.cnf";
|
|
||||||
|
|
||||||
if($row['codesign'] == 0 && $row['rootcert'] == 2)
|
|
||||||
$opensslcnf = "/etc/ssl/class3-client.cnf";
|
|
||||||
else if($row['codesign'] != 0 && $row['rootcert'] == 2)
|
|
||||||
$opensslcnf = "/etc/ssl/class3-client-codesign.cnf";
|
|
||||||
|
|
||||||
$days = 365;
|
|
||||||
//echo "echo \"/usr/bin/openssl ca -md $row[md] -config $opensslcnf -spkac $row[csr_name] -out $row[crt_name].der -days $days -key test -batch\"\n";
|
|
||||||
$do = `echo "/usr/bin/openssl ca -md $row[md] -config $opensslcnf -spkac $row[csr_name] -out $row[crt_name].der -days $days -key test -batch" > /tmp/test`;
|
|
||||||
$do = `/usr/bin/openssl ca -md $row[md] -config $opensslcnf -spkac $row[csr_name] -out $row[crt_name].der -days $days -key test -batch > /dev/null 2>&1`;
|
|
||||||
$do = `/usr/bin/openssl x509 -inform DER -in $row[crt_name].der -outform PEM -out $row[crt_name] -text > /dev/null 2>&1`;
|
|
||||||
$user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='$row[memid]'"));
|
|
||||||
if($user['language'] != "")
|
|
||||||
{
|
|
||||||
$userlang = $user['language'];
|
|
||||||
putenv("LANG=".$_SESSION['_config']['translations'][$userlang]);
|
|
||||||
setlocale(LC_ALL, $_SESSION['_config']['translations'][$userlang]);
|
|
||||||
} else {
|
|
||||||
putenv("LANG=en_AU");
|
|
||||||
setlocale(LC_ALL, "en_AU");
|
|
||||||
}
|
|
||||||
if(filesize($row[crt_name]) > 0)
|
|
||||||
{
|
|
||||||
$end = trim(`/usr/bin/openssl x509 -in $row[crt_name] -noout -enddate`);
|
|
||||||
$bits = explode("=", $end, 2);
|
|
||||||
$end = trim($bits[1]);
|
|
||||||
|
|
||||||
while(strstr($end, " "))
|
|
||||||
$end = str_replace(" ", " ", $end);
|
|
||||||
$bits = explode(" ", $end);
|
|
||||||
$month = $bits[0];
|
|
||||||
$month = $monarr[$month];
|
|
||||||
$day = $bits[1];
|
|
||||||
$time = $bits[2];
|
|
||||||
$year = $bits[3];
|
|
||||||
$bits = explode(":", $time);
|
|
||||||
$hour = $bits[0];
|
|
||||||
$min = $bits[1];
|
|
||||||
$sec = $bits[2];
|
|
||||||
$date = gmmktime($hour, $min, $sec, $month, $day, $year);
|
|
||||||
$bits = explode("=", trim(`/usr/bin/openssl x509 -serial -noout -in $row[crt_name]`), 2);
|
|
||||||
$serial = $bits[1];
|
|
||||||
$query = "update `emailcerts` set `crt_name`='$row[crt_name]', `modified`=FROM_UNIXTIME(UNIX_TIMESTAMP()),
|
|
||||||
`serial`='$serial', `expire`=FROM_UNIXTIME($date) where `id`='".$row['id']."'";
|
|
||||||
mysql_query($query);
|
|
||||||
$body = _("Hi")." $user[fname],\n\n";
|
|
||||||
$body .= sprintf(_("You can collect your certificate for %s by going to the following location:")."\n\n", $row[CN]);
|
|
||||||
$body .= "https://www.cacert.org/account.php?id=6&cert=$row[id]\n\n";
|
|
||||||
$body .= _("Best regards")."\n"._("CAcert.org Support!");
|
|
||||||
sendmail($user[email], "[CAcert.org] "._("Client Certificate"), $body, "support@cacert.org", "", "", "CAcert Support");
|
|
||||||
} else {
|
|
||||||
$query = "delete from `emailcerts` where `id`='".$row['id']."'";
|
|
||||||
mysql_query($query);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
$query = "select * from `emailcerts` where `crt_name`='' and `keytype`='MS'";
|
|
||||||
$res = mysql_query($query);
|
|
||||||
while($row = mysql_fetch_assoc($res))
|
|
||||||
{
|
|
||||||
$row['crt_name'] = "/www/crt/client-".$row['id'].".crt";
|
|
||||||
if($row['codesign'] == 0)
|
|
||||||
$opensslcnf = "/etc/ssl/openssl-client.cnf";
|
|
||||||
else
|
|
||||||
$opensslcnf = "/etc/ssl/openssl-client-codesign.cnf";
|
|
||||||
|
|
||||||
if($row['codesign'] == 0 && $row['rootcert'] == 2)
|
|
||||||
$opensslcnf = "/etc/ssl/class3-client.cnf";
|
|
||||||
else if($row['codesign'] != 0 && $row['rootcert'] == 2)
|
|
||||||
$opensslcnf = "/etc/ssl/class3-client-codesign.cnf";
|
|
||||||
|
|
||||||
$days = 365;
|
|
||||||
// echo "/usr/bin/openssl ca -md $row[md] -config $opensslcnf -in $row[csr_name] -out $row[crt_name] -days $days -key test -batch -subj '$row[subject]'\n";
|
|
||||||
$do = `/usr/bin/openssl ca -md $row[md] -config $opensslcnf -in $row[csr_name] -out $row[crt_name] -days $days -key test -batch -subj '$row[subject]' > /dev/null 2>&1`;
|
|
||||||
$user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='$row[memid]'"));
|
|
||||||
if($user['language'] != "")
|
|
||||||
{
|
|
||||||
$userlang = $user['language'];
|
|
||||||
putenv("LANG=".$_SESSION['_config']['translations'][$userlang]);
|
|
||||||
setlocale(LC_ALL, $_SESSION['_config']['translations'][$userlang]);
|
|
||||||
} else {
|
|
||||||
putenv("LANG=en_AU");
|
|
||||||
setlocale(LC_ALL, "en_AU");
|
|
||||||
}
|
|
||||||
if(filesize($row[crt_name]) > 0)
|
|
||||||
{
|
|
||||||
$end = trim(`/usr/bin/openssl x509 -in $row[crt_name] -noout -enddate`);
|
|
||||||
$bits = explode("=", $end, 2);
|
|
||||||
$end = trim($bits[1]);
|
|
||||||
|
|
||||||
while(strstr($end, " "))
|
|
||||||
$end = str_replace(" ", " ", $end);
|
|
||||||
$bits = explode(" ", $end);
|
|
||||||
$month = $bits[0];
|
|
||||||
$month = $monarr[$month];
|
|
||||||
$day = $bits[1];
|
|
||||||
$time = $bits[2];
|
|
||||||
$year = $bits[3];
|
|
||||||
$bits = explode(":", $time);
|
|
||||||
$hour = $bits[0];
|
|
||||||
$min = $bits[1];
|
|
||||||
$sec = $bits[2];
|
|
||||||
$date = gmmktime($hour, $min, $sec, $month, $day, $year);
|
|
||||||
$bits = explode("=", trim(`/usr/bin/openssl x509 -serial -noout -in $row[crt_name]`), 2);
|
|
||||||
$serial = $bits[1];
|
|
||||||
$query = "update `emailcerts` set `crt_name`='$row[crt_name]', `modified`=FROM_UNIXTIME(UNIX_TIMESTAMP()),
|
|
||||||
`serial`='$serial', `expire`=FROM_UNIXTIME($date) where `id`='".$row['id']."'";
|
|
||||||
mysql_query($query);
|
|
||||||
$body = _("Hi")." $user[fname],\n\n";
|
|
||||||
$body .= sprintf(_("You can collect your certificate for %s by going to the following location:")."\n\n", $row[CN]);
|
|
||||||
$body .= "https://www.cacert.org/account.php?id=6&cert=$row[id]\n\n";
|
|
||||||
$body .= _("Best regards")."\n"._("CAcert.org Support!");
|
|
||||||
sendmail($user[email], "[CAcert.org] "._("Client Certificate"), $body, "support@cacert.org", "", "", "CAcert Support");
|
|
||||||
} else {
|
|
||||||
$query = "delete from `emailcerts` where `id`='".$row['id']."'";
|
|
||||||
mysql_query($query);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
$query = "select * from `emailcerts` where `revoked`='1970-01-01 10:00:01'";
|
|
||||||
$res = mysql_query($query);
|
|
||||||
while($row = mysql_fetch_assoc($res))
|
|
||||||
{
|
|
||||||
if($row['rootcert'] == 2)
|
|
||||||
{
|
|
||||||
$opensslcnf = "/etc/ssl/class3-client.cnf";
|
|
||||||
$revokecrl = "/www/www/class3-revoke.crl";
|
|
||||||
} else {
|
|
||||||
$opensslcnf = "/etc/ssl/openssl-client.cnf";
|
|
||||||
$revokecrl = "/www/www/revoke.crl";
|
|
||||||
}
|
|
||||||
|
|
||||||
$do = `/usr/bin/openssl ca -md $row[md] -config $opensslcnf -key test -batch -revoke $row[crt_name] > /dev/null 2>&1`;
|
|
||||||
$do = `/usr/bin/openssl ca -md $row[md] -config $opensslcnf -key test -batch -gencrl -crldays 7 -crlexts crl_ext -out /tmp/cacert-revoke.crl > /dev/null 2>&1`;
|
|
||||||
$do = `/usr/bin/openssl crl -in /tmp/cacert-revoke.crl -outform DER -out $revokecrl > /dev/null 2>&1`;
|
|
||||||
$user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='$row[memid]'"));
|
|
||||||
if($user['language'] != "")
|
|
||||||
{
|
|
||||||
$userlang = $user['language'];
|
|
||||||
putenv("LANG=".$_SESSION['_config']['translations'][$userlang]);
|
|
||||||
setlocale(LC_ALL, $_SESSION['_config']['translations'][$userlang]);
|
|
||||||
} else {
|
|
||||||
putenv("LANG=en_AU");
|
|
||||||
setlocale(LC_ALL, "en_AU");
|
|
||||||
}
|
|
||||||
mysql_query("update `emailcerts` set `revoked`=FROM_UNIXTIME(UNIX_TIMESTAMP()) where `id`='$row[id]'");
|
|
||||||
$body = _("Hi")." $user[fname],\n\n";
|
|
||||||
$body .= sprintf(_("Your certificate for %s has been revoked, as per request.")."\n\n", $row[CN]);
|
|
||||||
$body .= _("Best regards")."\n"._("CAcert.org Support!");
|
|
||||||
sendmail($user[email], "[CAcert.org] ".sprintf(_("Certificate for %s has been revoked"), $row['CN']), $body, "support@cacert.org", "", "", "CAcert Support");
|
|
||||||
}
|
|
||||||
|
|
||||||
$query = "select * from `orgemailcerts` where `crt_name`='' and `keytype`='NS'";
|
|
||||||
$res = mysql_query($query);
|
|
||||||
while($row = mysql_fetch_assoc($res))
|
|
||||||
{
|
|
||||||
$row['crt_name'] = "/www/crt/orgclient-".$row['id'].".crt";
|
|
||||||
// if($row['orgid'] == 1)
|
|
||||||
// $opensslcnf = "/etc/ssl/openssl-ocsp.cnf"; else
|
|
||||||
if($row['codesign'] == 0)
|
|
||||||
$opensslcnf = "/etc/ssl/openssl-client.cnf";
|
|
||||||
else
|
|
||||||
$opensslcnf = "/etc/ssl/openssl-client-codesign.cnf";
|
|
||||||
|
|
||||||
if($row['codesign'] == 0 && $row['rootcert'] == 2)
|
|
||||||
$opensslcnf = "/etc/ssl/class3-client.cnf";
|
|
||||||
else if($row['codesign'] != 0 && $row['rootcert'] == 2)
|
|
||||||
$opensslcnf = "/etc/ssl/class3-client-codesign.cnf";
|
|
||||||
$days = 365;
|
|
||||||
// echo "/usr/bin/openssl ca -md $row[md] -config $opensslcnf -spkac $row[csr_name] -out $row[crt_name].der -days $days -key test -batch\n";
|
|
||||||
// echo "/usr/bin/openssl x509 -inform DER -in $row[crt_name].der -outform PEM -out $row[crt_name] -text\n";die;
|
|
||||||
$do = `/usr/bin/openssl ca -md $row[md] -config $opensslcnf -spkac $row[csr_name] -out $row[crt_name].der -days $days -key test -batch > /dev/null 2>&1`;
|
|
||||||
$do = `/usr/bin/openssl x509 -inform DER -in $row[crt_name].der -outform PEM -out $row[crt_name] -text > /dev/null 2>&1`;
|
|
||||||
if(filesize($row[crt_name]) > 0)
|
|
||||||
{
|
|
||||||
$end = trim(`/usr/bin/openssl x509 -in $row[crt_name] -noout -enddate`);
|
|
||||||
$bits = explode("=", $end, 2);
|
|
||||||
$end = trim($bits[1]);
|
|
||||||
|
|
||||||
while(strstr($end, " "))
|
|
||||||
$end = str_replace(" ", " ", $end);
|
|
||||||
$bits = explode(" ", $end);
|
|
||||||
$month = $bits[0];
|
|
||||||
$month = $monarr[$month];
|
|
||||||
$day = $bits[1];
|
|
||||||
$time = $bits[2];
|
|
||||||
$year = $bits[3];
|
|
||||||
$bits = explode(":", $time);
|
|
||||||
$hour = $bits[0];
|
|
||||||
$min = $bits[1];
|
|
||||||
$sec = $bits[2];
|
|
||||||
$date = gmmktime($hour, $min, $sec, $month, $day, $year);
|
|
||||||
$bits = explode("=", trim(`/usr/bin/openssl x509 -serial -noout -in $row[crt_name]`), 2);
|
|
||||||
$serial = $bits[1];
|
|
||||||
$query = "update `orgemailcerts` set `crt_name`='$row[crt_name]', `modified`=FROM_UNIXTIME(UNIX_TIMESTAMP()),
|
|
||||||
`serial`='$serial', `expire`=FROM_UNIXTIME($date) where `id`='$row[id]'";
|
|
||||||
mysql_query($query);
|
|
||||||
} else {
|
|
||||||
$query = "delete from `orgemailcerts` where `id`='".$row['id']."'";
|
|
||||||
mysql_query($query);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
$query = "select * from `orgemailcerts` where `crt_name`='' and `keytype`='MS'";
|
|
||||||
$res = mysql_query($query);
|
|
||||||
while($row = mysql_fetch_assoc($res))
|
|
||||||
{
|
|
||||||
$row['crt_name'] = "/www/crt/orgclient-".$row['id'].".crt";
|
|
||||||
if($row['codesign'] == 0)
|
|
||||||
$opensslcnf = "/etc/ssl/openssl-client.cnf";
|
|
||||||
else
|
|
||||||
$opensslcnf = "/etc/ssl/openssl-client-codesign.cnf";
|
|
||||||
|
|
||||||
if($row['codesign'] == 0 && $row['rootcert'] == 2)
|
|
||||||
$opensslcnf = "/etc/ssl/class3-client.cnf";
|
|
||||||
else if($row['codesign'] != 0 && $row['rootcert'] == 2)
|
|
||||||
$opensslcnf = "/etc/ssl/class3-client-codesign.cnf";
|
|
||||||
|
|
||||||
$days = 365;
|
|
||||||
$do = `/usr/bin/openssl ca -md $row[md] -config $opensslcnf -in $row[csr_name] -out $row[crt_name] -days $days -key test -batch -subj '$row[subject]' > /dev/null 2>&1`;
|
|
||||||
if(filesize($row[crt_name]) > 0)
|
|
||||||
{
|
|
||||||
$end = trim(`/usr/bin/openssl x509 -in $row[crt_name] -noout -enddate`);
|
|
||||||
$bits = explode("=", $end, 2);
|
|
||||||
$end = trim($bits[1]);
|
|
||||||
|
|
||||||
while(strstr($end, " "))
|
|
||||||
$end = str_replace(" ", " ", $end);
|
|
||||||
$bits = explode(" ", $end);
|
|
||||||
$month = $bits[0];
|
|
||||||
$month = $monarr[$month];
|
|
||||||
$day = $bits[1];
|
|
||||||
$time = $bits[2];
|
|
||||||
$year = $bits[3];
|
|
||||||
$bits = explode(":", $time);
|
|
||||||
$hour = $bits[0];
|
|
||||||
$min = $bits[1];
|
|
||||||
$sec = $bits[2];
|
|
||||||
$date = gmmktime($hour, $min, $sec, $month, $day, $year);
|
|
||||||
$bits = explode("=", trim(`/usr/bin/openssl x509 -serial -noout -in $row[crt_name]`), 2);
|
|
||||||
$serial = $bits[1];
|
|
||||||
$query = "update `orgemailcerts` set `crt_name`='$row[crt_name]', `modified`=FROM_UNIXTIME(UNIX_TIMESTAMP()),
|
|
||||||
`serial`='$serial', `expire`=FROM_UNIXTIME($date) where `id`='$row[id]'";
|
|
||||||
mysql_query($query);
|
|
||||||
} else {
|
|
||||||
$query = "delete from `orgemailcerts` where `id`='".$row['id']."'";
|
|
||||||
mysql_query($query);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
$query = "select * from `orgemailcerts` where `revoked`='1970-01-01 10:00:01'";
|
|
||||||
$res = mysql_query($query);
|
|
||||||
while($row = mysql_fetch_assoc($res))
|
|
||||||
{
|
|
||||||
if($row['rootcert'] == 2)
|
|
||||||
{
|
|
||||||
$opensslcnf = "/etc/ssl/class3-client.cnf";
|
|
||||||
$revokecrl = "/www/www/class3-revoke.crl";
|
|
||||||
} else {
|
|
||||||
$opensslcnf = "/etc/ssl/openssl-client.cnf";
|
|
||||||
$revokecrl = "/www/www/revoke.crl";
|
|
||||||
}
|
|
||||||
|
|
||||||
$do = `/usr/bin/openssl ca -md $row[md] -config $opensslcnf -key test -batch -revoke $row[crt_name] > /dev/null 2>&1`;
|
|
||||||
$do = `/usr/bin/openssl ca -md $row[md] -config $opensslcnf -key test -batch -gencrl -crldays 7 -crlexts crl_ext -out /tmp/cacert-revoke.crl > /dev/null 2>&1`;
|
|
||||||
$do = `/usr/bin/openssl crl -in /tmp/cacert-revoke.crl -outform DER -out $revokecrl > /dev/null 2>&1`;
|
|
||||||
$user = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='$row[memid]'"));
|
|
||||||
if($user['language'] != "")
|
|
||||||
{
|
|
||||||
$userlang = $user['language'];
|
|
||||||
putenv("LANG=".$_SESSION['_config']['translations'][$userlang]);
|
|
||||||
setlocale(LC_ALL, $_SESSION['_config']['translations'][$userlang]);
|
|
||||||
} else {
|
|
||||||
putenv("LANG=en_AU");
|
|
||||||
setlocale(LC_ALL, "en_AU");
|
|
||||||
}
|
|
||||||
mysql_query("update `orgemailcerts` set `revoked`=FROM_UNIXTIME(UNIX_TIMESTAMP()) where `id`='$row[id]'");
|
|
||||||
$body = _("Hi")." $user[fname],\n\n";
|
|
||||||
$body .= sprintf(_("Your certificate for %s has been revoked, as per request.")."\n\n", $row[CN]);
|
|
||||||
$body .= _("Best regards")."\n"._("CAcert.org Support!");
|
|
||||||
sendmail($user[email], "[CAcert.org] ".sprintf(_("Certificate for %s has been revoked"), $row['CN']), $body, "support@cacert.org", "", "", "CAcert Support");
|
|
||||||
}
|
|
||||||
|
|
||||||
flock($lck, LOCK_UN);
|
|
||||||
fclose($lck);
|
|
||||||
?>
|
|
||||||
|
|
Loading…
Reference in a new issue