Updated view/manage to work with openssl > 0.9.8

certmgr/certmgr-lib.pl

@@ -78,9 +78,12 @@ sub show_cert_info {
 	my $certdata=$_[1];
 	my %issuer;
 	my %subject;
+    my %v3ext;
+    my $isreq=0;
+    my @gr;
 	my @fields=('CN','O','OU','L','ST','C');
 	my $field;
-    my $rv = "";
+    if ($certdata=~/^\s*Certificate\s+Request:.*$/mi) {$isreq=1;}
 	foreach $field (@fields){
 		if ($certdata=~/^\s*Issuer:.*?\s+$field=(.*?)(, [A-Z]{1,2}|\/\w+=|$)/m) { $issuer{$field}=$1; }
 		if ($certdata=~/^\s*Subject:.*?\s+$field=(.*?)(, [A-Z]{1,2}|\/\w+=|$)/m) { $subject{$field}=$1; }
@@ -90,10 +93,19 @@ sub show_cert_info {
 	if ($certdata=~/^\s*Subject:.*?\/Email=(\S*?)(,\s*|$)/m) { $subject{'emailAddress'}=$1;}
 	if ($certdata=~/^\s*Not\s*After\s*:\s*(.*?)\s*$/m) { $subject{'expires'}=$1;}
 	if ($certdata=~/^\s*Not\s*Before\s*:\s*(.*?)\s*$/m) { $subject{'issued'}=$1;}
-	if ($certdata=~/^\s*MD5\s*Fingerprint=(.*?)\s*$/m) { $subject{'md5fingerprint'}=$1;}
-	if ($certdata=~/^\s*(\S*)\s*Public\s*Key:\s*\((.*?)\s*bit\)\s*$/m) { $subject{'keytype'}=$1; $subject{'keysize'}=$2;}
-	if ($certdata=~/^\s*Modulus\s*\(\d*\s*bit\):\s*((([0-9a-fA-F]{2}:)*\s*)*[0-9a-fA-F]{2})/ms) { $subject{'modulus'}=$1; }
+	if ($certdata=~/^\s*MD5\s+Fingerprint=(.*?)\s*$/m) { $subject{'md5fingerprint'}=$1;}
+	if ($certdata=~/^\s*SHA1\s+Fingerprint=(.*?)\s*$/m) { $subject{'sha1fingerprint'}=$1;}
+	if ($certdata=~/^\s*SHA256\s+Fingerprint=(.*?)\s*$/m) { $subject{'sha256fingerprint'}=$1;}
+	if ($certdata=~/^\s*Public\s+Key\s+Algorithm:\s*(.*?)\s*$/mi) { $subject{'keytype'}=$1;}
+	if ($certdata=~/^\s*Public-Key:\s*\(\s*(\S*?)\s*bit\s*\)\s*$/m) { $subject{'keysize'}=$1;}
+	if ($certdata=~/^\s*Modulus:\s*((([0-9a-fA-F]{2}:)*\s*)*[0-9a-fA-F]{2})/ms) { $subject{'modulus'}=$1; }
 	if ($certdata=~/^\s*Exponent:\s*(.*?)\s*?$/m) { $subject{'exponent'}=$1; }
+	if ($certdata=~/^\s*X509v3 Subject Alternative Name:\s*(.*?)\s*?$/m) { $v3ext{'san'}=$1; }
+	if ($certdata=~/^\s*Serial\s+Number:\s*((([0-9a-fA-F]{2}:)*\s*)*[0-9a-fA-F]{2})\s+/ms) { $subject{'serial'}=$1;}
+    if (!$subject{'serial'}) {
+        if ($certdata=~/^\s*Serial\s+Number:\s*([0-9]+)\s*\(/ms) { $subject{'serial'}=$1;}
+    }
+	if ($certdata=~/^\s*Signature\s+Algorithm:\s*(.*)$/mi) { $subject{'sigalgorithm'}=$1;}
 	if ($subject{'L'} && ($subject{'ST'} || $subject{'C'})) {$subject{'L'}.=',';} #Append commas
 	if ($subject{'ST'} && $subject{'C'}) {$subject{'ST'}.=',';}                   #Append commas
 	if ($issuer{'L'} && ($issuer{'ST'} || $issuer{'C'})) {$issuer{'L'}.=',';}     #Append commas
@@ -101,30 +113,86 @@ sub show_cert_info {
 	$subject{'modulus'}=~s/$/<\/code><br>/msg;
 	$subject{'modulus'}=~s/^/<code>/msg;
 	$subject{'modulus'}=~s/\s+//msg;
-	$rv .= "<table width=100%>\n";
-	$rv .= "<tr><td width=50%><b>$text{'certmgrlib_subject'}</b></td><td width=50%><b>$text{'certmgrlib_issuer'}</b></td></tr>\n";
-	$rv .= "<tr><td>$subject{'CN'}</td><td>$issuer{'CN'}</td></tr>\n";
-	$rv .= "<tr><td>$subject{'O'}</td><td>$issuer{'O'}</td></tr>\n";
-	$rv .= "<tr><td>$subject{'OU'}</td><td>$issuer{'OU'}</td></tr>\n";
-	$rv .= "<tr><td>$subject{'L'} $subject{'ST'} $subject{'C'}</td><td>$issuer{'L'} $issuer{'ST'} $issuer{'C'}</td></tr>\n";
-	$rv .= "<tr><td>$subject{'emailAddress'}</td><td>$issuer{'emailAddress'}</td></tr>\n";
+    
+    push(@gr, '<span style="font-weight:bold;">'.$text{'certmgrlib_subject'}.'</span>');
+    push(@gr, '');
+    push(@gr, $text{'view_cn'});
+    push(@gr, $subject{'CN'});
+    if ($subject{'O'}) {
+        push(@gr, $text{'view_o'});
+        push(@gr, $subject{'O'});
+    }
+    if ($subject{'OU'}){
+        push(@gr, $text{'view_ou'});
+        push(@gr, $subject{'OU'});
+    }
+    if ($subject{'L'} || $subject{'ST'} || $subject{'C'}) {
+        push(@gr, $text{'view_location'});
+        push(@gr, $subject{'L'}.$subject{'ST'}.$subject{'C'});
+    }
+	if ($subject{'emailAddress'}){
+        push(@gr, $text{'view_email'});
+        push(@gr, $subject{'emailAddress'});
+    }
+    if ($v3ext{'san'}){
+        push(@gr, "subjectAltName");
+        push(@gr, $v3ext{'san'});
+    }
 	if ($subject{'issued'}){
-		$rv .= "<tr><td colspan=2>$text{'issued_on'} $subject{'issued'}</td></tr>\n";
-		$rv .= "<tr><td colspan=2>$text{'expires_on'} $subject{'expires'}</td></tr>\n";
-	}
-	if ($full){
-		$rv .= "<tr><td>$text{'keysize'}</td><td>$subject{'keysize'}</td></tr>\n";
-		$rv .= "<tr><td>$text{'keytype'}</td><td>$subject{'keytype'}</td></tr>\n";
-	}
-	if ($full){
-		$rv .= "<tr><td>$text{'publicExponent'}</td><td>$subject{'exponent'}</td></tr>\n";
-		$rv .= "<tr><td colspan=2>$text{'modulus'}:<br>$subject{'modulus'}</td></tr>\n";
+        push(@gr, $text{'issued_on'});
+        push(@gr, $subject{'issued'});
+        push(@gr, $text{'expires_on'});
+        push(@gr, $subject{'expires'});
 	}
 	if ($subject{'md5fingerprint'}){
-		$rv .= "<tr><td colspan=2>$text{'md5fingerprint'}:<br>$subject{'md5fingerprint'}</td></tr>\n";
+        push(@gr, $text{'md5fingerprint'});
+        push(@gr, $subject{'md5fingerprint'});
 	}
-	$rv .= "</table>\n";
-    return $rv;
+	if ($subject{'sha1fingerprint'}){
+        push(@gr, $text{'sha1fingerprint'});
+        push(@gr, $subject{'sha1fingerprint'});
+	}
+	if ($subject{'sha256fingerprint'}){
+        push(@gr, $text{'sha256fingerprint'});
+        push(@gr, $subject{'sha256fingerprint'});
+	}
+    if ($full) {
+        if ($subject{'serial'}) {
+            push(@gr, $text{'view_serial'});
+            push(@gr, $subject{'serial'});
+        }
+        if ($subject{'sigalgorithm'}) {
+            push(@gr, $text{'view_sig_algorithm'});
+            push(@gr, $subject{'sigalgorithm'});
+        }
+        push(@gr, $text{'keysize'});
+        push(@gr, $subject{'keysize'});
+        push(@gr, $text{'keytype'});
+        push(@gr, $subject{'keytype'});
+        push(@gr, $text{'publicExponent'});
+        push(@gr, $subject{'exponent'});
+        push(@gr, $text{'modulus'});
+        push(@gr, $subject{'modulus'});
+    }
+    if (!$isreq) {
+        push(@gr, '<br /><span style="font-weight:bold;">'.$text{'certmgrlib_issuer'}.'</span>');
+        push(@gr, '');
+        push(@gr, $text{'view_cn'});
+        push(@gr, $issuer{'CN'});
+        if ($issuer{'O'}) {
+            push(@gr, $text{'view_o'});
+            push(@gr, $issuer{'O'});
+        }
+        if ($issuer{'OU'}){
+            push(@gr, $text{'view_ou'});
+            push(@gr, $issuer{'OU'});
+        }
+        if ($issuer{'L'} || $issuer{'ST'} || $issuer{'C'}) {
+            push(@gr, $text{'view_location'});
+            push(@gr, $issuer{'L'}.$issuer{'ST'}.$issuer{'C'});
+        }
+    }
+   return &ui_grid_table(\@gr, 2, undef, ['style="padding:0;"', 'style="padding:0 0 0.5% 3%;width:75%;"']);
 }
 
 sub show_key_info {
@@ -156,6 +224,79 @@ sub show_key_info {
     return $rv;
 }
 
+sub show_crl_info {
+	my $full=$_[0];
+	my $crldata=$_[1];
+	my %issuer;
+    my %v3ext;
+    my ($ndx, $pos);
+    my $isreq=0;
+    my @gr;
+	my @fields=('CN','O','OU','L','ST','C');
+	my $field;
+	foreach $field (@fields){
+		if ($crldata=~/^\s*Issuer:.*?\/$field=(.*?)(, [A-Z]{1,2}|\/\w+=|$)/m) { $issuer{$field}=$1; }
+	}
+	if ($crldata=~/^\s*Signature\s+Algorithm:\s*(.*)$/mi) { $issuer{'sigalgorithm'}=$1;}
+ 	if ($crldata=~/^\s*Last\s+Update:\s*(.*?)\s*?$/m) { $v3ext{'lastupdate'}=$1; }
+ 	if ($crldata=~/^\s*Next\s+Update:\s*(.*?)\s*?$/m) { $v3ext{'nextupdate'}=$1; }
+ 	if ($crldata=~/^\s*X509v3 CRL Number:\s*(.*?)\s*?$/m) { $v3ext{'crlnum'}=$1; }
+	if ($issuer{'L'} && ($issuer{'ST'} || $issuer{'C'})) {$issuer{'L'}.=',';}     #Append commas
+	if ($issuer{'ST'} && $issuer{'C'}) {$issuer{'ST'}.=',';}                      #Append commas
+    push(@gr, '<span style="font-weight:bold;">'.$text{'crl'}.'</span>');
+    push(@gr, '');
+    push(@gr, $text{'view_cn'});
+    push(@gr, $issuer{'CN'});
+    if ($issuer{'O'}) {
+        push(@gr, $text{'view_o'});
+        push(@gr, $issuer{'O'});
+    }
+    if ($issuer{'OU'}){
+        push(@gr, $text{'view_ou'});
+        push(@gr, $issuer{'OU'});
+    }
+    if ($issuer{'L'} || $issuer{'ST'} || $issuer{'C'}) {
+        push(@gr, $text{'view_location'});
+        push(@gr, $issuer{'L'}.$issuer{'ST'}.$issuer{'C'});
+    }
+    if ($issuer{'sigalgorithm'}) {
+        push(@gr, $text{'view_sig_algorithm'});
+        push(@gr, $issuer{'sigalgorithm'});
+    }
+    if ($v3ext{'lastupdate'}) {
+        push(@gr, $text{'view_last_update'});
+        push(@gr, $v3ext{'lastupdate'});
+    }
+    if ($v3ext{'nextupdate'}) {
+        push(@gr, $text{'view_next_update'});
+        push(@gr, $v3ext{'nextupdate'});
+    }
+    if ($v3ext{'crlnum'}) {
+        push(@gr, $text{'view_crl_number'});
+        push(@gr, $v3ext{'crlnum'});
+    }
+    if ($full) {
+        push(@gr, "$text{'view_revoked_certs'}:");
+        push(@gr, "");
+        $ndx = index($crldata, "Serial Number:");
+        while ($ndx gt 0) {
+            $crldata = substr($crldata, $ndx);
+            $crldata=~/^\s*Serial Number:\s*(.*)$/mi;
+            push(@gr, "<span style=\"padding-left:10%;\">$text{'view_serial'}</span>");
+            push(@gr, $1);
+            $crldata=~/^\s*Revocation Date:\s*(.*)$/mi;
+            push(@gr, "<span style=\"padding-left:10%;\">$text{'view_revoke_date'}</span>");
+            push(@gr, $1);
+            $crldata=~/^\s*X509v3 CRL Reason Code:\s*(.*)$/mi;
+            push(@gr, "<span style=\"padding-left:10%;\">$text{'view_revoke_reason'}</span>");
+            push(@gr, $1);
+            $ndx = index($crldata, "Serial Number:", $ndx + 1);
+        }
+    }
+   
+   return &ui_grid_table(\@gr, 2, undef, ['style="padding:0;"', 'style="padding:0 0 0.5% 3%;width:65%;"']);
+}
+
 sub pem_or_der{
 	my $filename=$_[0];
 	my $filetype=$_[1];

certmgr/lang/de

@@ -103,6 +103,8 @@ prime1=Primzahl 1
 prime2=Primzahl 2
 privateExponent=Privater Exponent
 publicExponent=Öffentlicher Exponent
+sha1fingerprint=SHA-1 Fingerprint
+sha256fingerprint=SHA-256 Fingerprint
 signcsr_ca_passphrase=CA Passphrase
 signcsr_csrfile=CSR Dateiname
 signcsr_days=Anzahl der Tage der Zertifizierung für
@@ -122,13 +124,26 @@ signcsr_title=Signiere Certificate Signing Request
 signcsr_worked=Signiere Zertifikat generiert
 st=Staat oder Provinz (vollständiger Name)
 view_choose=Wähle
+view_cn=Common Name
+view_crl_number=CRL Nummer
 view_delete=Lösche
 view_deleted=Datei erfolgreich gelöscht
 view_download=Download
 view_e_nofile=Datei nicht gefunden oder ist keine normale Datei
 view_e_not_deleted=Fehler: Problem beim Löschen der Datei
+view_email=E-Mail-Adresse
+view_last_update=Letztes Update
+view_location=Lokalität
+view_next_update=Weiter Update
+view_o=Organisationsname
+view_ou=Organisationseinheit Name
 view_pkcs12=Als PKCS12, mit Passwort:
+view_revoke_date=Widerrufsdatum
+view_revoke_reason=Widerrufsgrund
+view_revoked_certs=Widerrufsbescheinigungen
 view_select=Bitte wähle eine Datei zum Anzeigen
+view_serial=Ordnungsnummer
+view_sig_algorithm=Signaturalgorithmus
 view_title=Zeige Zertifikat/CSR/Schlüssel
 view_update=Aktualisieren
 view_view=Zeige

certmgr/lang/en

@@ -20,6 +20,8 @@ keytype=Key Type
 issued_on=Issued on
 expires_on=Expires on
 md5fingerprint=MD5 Fingerprint
+sha1fingerprint=SHA-1 Fingerprint
+sha256fingerprint=SHA-256 Fingerprint
 
 modulus=Modulus (from public key)
 publicExponent=Public Exponent
@@ -102,6 +104,19 @@ view_deleted=File deleted sucessfully
 view_e_not_deleted=Error: Problem deleting file
 view_e_nofile=File not found or not a regular file
 view_wildcard=File Wildcard
+view_cn=Common Name
+view_o=Organization
+view_ou=Organization Unit
+view_email=Email Address
+view_location=Location
+view_serial=Serial Number
+view_sig_algorithm=Signature Algorithm
+view_last_update=Last Update
+view_next_update=Next Update
+view_revoked_certs=Revoked Certificates
+view_revoke_date=Revocation Date
+view_revoke_reason=Revocation Reason
+view_crl_number=CRL Number
 
 import_title=Import Key or Signed Certificate
 import_e_nodir=No directory selected

certmgr/lang/es

@@ -20,6 +20,8 @@ keytype=Tipo de llave
 issued_on=Fecha de certificación
 expires_on=Fecha de vencimiento
 md5fingerprint=Huella dactilar MD5
+sha1fingerprint=Huella dactilar SHA-1
+sha256fingerprint=Huella dactilar SHA-256
 
 modulus=Modulus (del llave publico)
 publicExponent=Exponente Publico
@@ -86,17 +88,30 @@ manage_decrypt=Decrypt Private Key
 manage_changepw=Change Password of Private Key
 manage_delete=Delete Certificate
 
-view_title=View Certificate/CSR/Key
-view_view=View
-view_update=Update
-view_download=Download
-view_delete=Delete
-view_select=Please select a file to view
-view_choose=Choose
-view_deleted=File deleted sucessfully
-view_e_not_deleted=Error: Problem deleting file
-view_e_nofile=File not found or not a regular file
-view_wildcard=File Wildcard
+view_title=Ver el Certificado/CSR/Key
+view_view=Ver
+view_update=Actualizar
+view_download=Descargar
+view_delete=Borrar
+view_select=Por favor seleccione un archivo para ver
+view_choose=Escoger
+view_deleted=Archivo eliminado correctamente
+view_e_not_deleted=Error: Problema al eliminar el archivo
+view_e_nofile=Archivo no encontrado o no es un archivo regular
+view_wildcard=Archivo comodín
+view_cn=Nombre Común
+view_o=Organización
+view_ou=Unidad de Organización
+view_email=Dirección de email
+view_location=Locación
+view_serial=número de serie
+view_sig_algorithm=Algoritmo de firma
+view_last_update=última actualización
+view_next_update=Siguiente actualización
+view_revoked_certs=Certificados revocados
+view_revoke_date=Fecha de revocación
+view_revoke_reason=Razón de revocación
+view_crl_number=Número CRL
 
 import_title=Import Key or Signed Certificate
 import_e_nodir=No directory selected

certmgr/view.cgi

@@ -38,12 +38,15 @@ if (($in{'filename'}) && ($in{'view'} eq $text{'view_view'})) {
 	}
 	while(<FILE>){ $buffer.=$_;}
 	if ($buffer=~/^\s*-+BEGIN\s*RSA\s*PRIVATE\s*KEY-*\s*$/mi) { $key=1; }
+	if ($buffer=~/^\s*-+BEGIN\s*PRIVATE\s*KEY-*\s*$/mi) { $key=1; }
 	if ($buffer=~/^\s*-+BEGIN\s*CERTIFICATE-*\s*$/mi) { $cert=1; }
 	if ($buffer=~/^\s*-+BEGIN\s*CERTIFICATE\s*REQUEST-*\s*$/mi) { $csr=1; }
+	if ($buffer=~/^\s*-+BEGIN\s*X509\s*CRL-*\s*$/mi) { $crl=1; }
 	if (($key)&&($cert)) {$in{'keycertfile'}=$in{'filename'};}
 	elsif ($key) {$in{'keyfile'}=$in{'filename'};}
 	elsif ($cert) {$in{'certfile'}=$in{'filename'};}
 	elsif ($csr) {$in{'csrfile'}=$in{'filename'};}
+	elsif ($crl) {$in{'crlfile'}=$in{'filename'};}
 	else {
 		print "$text{'e_file'}<br>\n$text{'e_notcert'}\n<p>\n";
 		&footer("", $text{'index_return'});
@@ -135,6 +138,25 @@ if ($in{'keycertfile'}) {
 	exit;
 }
 
+if ($in{'crlfile'}) {
+	if ($in{'dl'} eq 'yes') {
+		# Just output in PEM format
+		&output_cert($in{'crlfile'});
+	}
+
+	open(OPENSSL,"$config{'openssl_cmd'} crl -in $in{'crlfile'} -text -noout|");
+	while(<OPENSSL>){ $buffer.=$_; }
+	close(OPENSSL);
+
+    print &ui_table_start($in{'crlfile'}, "width=60%", 2);
+    print &ui_table_row(undef, (!$buffer ? $text{'e_file'} : show_crl_info(1,$buffer) ) );
+    print &ui_table_end()."<br>";
+	&download_form("crlfile", $in{'crlfile'}, "CRL");
+	print &ui_hr();
+	&footer("", $text{'index_return'});
+	exit;
+}
+
 print &ui_form_start("view.cgi", "post");
 print &ui_table_start($text{'view_select'}, undef, 2);
 print &ui_table_row($text{'view_wildcard'}.": ".&ui_textbox("wildcard", $in{'wildcard'}), &ui_submit($text{'view_update'},"update"), undef, $valign_middle);
@@ -194,12 +216,14 @@ $rv1 .= &ui_hidden($mode, $keyfile);
 $rv1 .= &ui_submit("$text{'view_download'} $suffix");
 $rv1 .= "</form>";
 
-$rv2 = "<form id='view_p12filename' action='view.cgi/$p12filename' method=post>";
-$rv2 .= &ui_hidden("pkcs12", "yes");
-$rv2 .= &ui_hidden($mode, $keyfile);
-$rv2 .= &ui_submit("$text{'view_download'} $suffix $text{'view_pkcs12'}");
-$rv2 .= &ui_password("pass","",20);
-$rv2 .= "</form>";
+if ($mode ne "crlfile") {
+    $rv2 = "<form id='view_p12filename' action='view.cgi/$p12filename' method=post>";
+    $rv2 .= &ui_hidden("pkcs12", "yes");
+    $rv2 .= &ui_hidden($mode, $keyfile);
+    $rv2 .= &ui_submit("$text{'view_download'} $suffix $text{'view_pkcs12'}");
+    $rv2 .= &ui_password("pass","",20);
+    $rv2 .= "</form>";
+}
 
 $rv3 = "<form id='view' action='view.cgi' method=post>";
 $rv3 .= &ui_hidden("delete", "yes");