From 460ea14a24f5de5d0d3bcaf6ad82a3fcaa7ca903 Mon Sep 17 00:00:00 2001 From: Josh Fisher Date: Thu, 22 Jun 2017 12:11:54 -0400 Subject: [PATCH] Updated view/manage to work with openssl > 0.9.8 --- certmgr/certmgr-lib.pl | 189 +++++++++++++++++++++++++++++++++++------ certmgr/lang/de | 15 ++++ certmgr/lang/en | 15 ++++ certmgr/lang/es | 37 +++++--- certmgr/view.cgi | 36 ++++++-- 5 files changed, 251 insertions(+), 41 deletions(-) mode change 100755 => 100644 certmgr/view.cgi diff --git a/certmgr/certmgr-lib.pl b/certmgr/certmgr-lib.pl index 511701af6..9d87c55dc 100644 --- a/certmgr/certmgr-lib.pl +++ b/certmgr/certmgr-lib.pl @@ -78,9 +78,12 @@ sub show_cert_info { my $certdata=$_[1]; my %issuer; my %subject; + my %v3ext; + my $isreq=0; + my @gr; my @fields=('CN','O','OU','L','ST','C'); my $field; - my $rv = ""; + if ($certdata=~/^\s*Certificate\s+Request:.*$/mi) {$isreq=1;} foreach $field (@fields){ if ($certdata=~/^\s*Issuer:.*?\s+$field=(.*?)(, [A-Z]{1,2}|\/\w+=|$)/m) { $issuer{$field}=$1; } if ($certdata=~/^\s*Subject:.*?\s+$field=(.*?)(, [A-Z]{1,2}|\/\w+=|$)/m) { $subject{$field}=$1; } @@ -90,10 +93,19 @@ sub show_cert_info { if ($certdata=~/^\s*Subject:.*?\/Email=(\S*?)(,\s*|$)/m) { $subject{'emailAddress'}=$1;} if ($certdata=~/^\s*Not\s*After\s*:\s*(.*?)\s*$/m) { $subject{'expires'}=$1;} if ($certdata=~/^\s*Not\s*Before\s*:\s*(.*?)\s*$/m) { $subject{'issued'}=$1;} - if ($certdata=~/^\s*MD5\s*Fingerprint=(.*?)\s*$/m) { $subject{'md5fingerprint'}=$1;} - if ($certdata=~/^\s*(\S*)\s*Public\s*Key:\s*\((.*?)\s*bit\)\s*$/m) { $subject{'keytype'}=$1; $subject{'keysize'}=$2;} - if ($certdata=~/^\s*Modulus\s*\(\d*\s*bit\):\s*((([0-9a-fA-F]{2}:)*\s*)*[0-9a-fA-F]{2})/ms) { $subject{'modulus'}=$1; } + if ($certdata=~/^\s*MD5\s+Fingerprint=(.*?)\s*$/m) { $subject{'md5fingerprint'}=$1;} + if ($certdata=~/^\s*SHA1\s+Fingerprint=(.*?)\s*$/m) { $subject{'sha1fingerprint'}=$1;} + if ($certdata=~/^\s*SHA256\s+Fingerprint=(.*?)\s*$/m) { $subject{'sha256fingerprint'}=$1;} + if ($certdata=~/^\s*Public\s+Key\s+Algorithm:\s*(.*?)\s*$/mi) { $subject{'keytype'}=$1;} + if ($certdata=~/^\s*Public-Key:\s*\(\s*(\S*?)\s*bit\s*\)\s*$/m) { $subject{'keysize'}=$1;} + if ($certdata=~/^\s*Modulus:\s*((([0-9a-fA-F]{2}:)*\s*)*[0-9a-fA-F]{2})/ms) { $subject{'modulus'}=$1; } if ($certdata=~/^\s*Exponent:\s*(.*?)\s*?$/m) { $subject{'exponent'}=$1; } + if ($certdata=~/^\s*X509v3 Subject Alternative Name:\s*(.*?)\s*?$/m) { $v3ext{'san'}=$1; } + if ($certdata=~/^\s*Serial\s+Number:\s*((([0-9a-fA-F]{2}:)*\s*)*[0-9a-fA-F]{2})\s+/ms) { $subject{'serial'}=$1;} + if (!$subject{'serial'}) { + if ($certdata=~/^\s*Serial\s+Number:\s*([0-9]+)\s*\(/ms) { $subject{'serial'}=$1;} + } + if ($certdata=~/^\s*Signature\s+Algorithm:\s*(.*)$/mi) { $subject{'sigalgorithm'}=$1;} if ($subject{'L'} && ($subject{'ST'} || $subject{'C'})) {$subject{'L'}.=',';} #Append commas if ($subject{'ST'} && $subject{'C'}) {$subject{'ST'}.=',';} #Append commas if ($issuer{'L'} && ($issuer{'ST'} || $issuer{'C'})) {$issuer{'L'}.=',';} #Append commas @@ -101,30 +113,86 @@ sub show_cert_info { $subject{'modulus'}=~s/$/<\/code>
/msg; $subject{'modulus'}=~s/^//msg; $subject{'modulus'}=~s/\s+//msg; - $rv .= "\n"; - $rv .= "\n"; - $rv .= "\n"; - $rv .= "\n"; - $rv .= "\n"; - $rv .= "\n"; - $rv .= "\n"; + + push(@gr, ''.$text{'certmgrlib_subject'}.''); + push(@gr, ''); + push(@gr, $text{'view_cn'}); + push(@gr, $subject{'CN'}); + if ($subject{'O'}) { + push(@gr, $text{'view_o'}); + push(@gr, $subject{'O'}); + } + if ($subject{'OU'}){ + push(@gr, $text{'view_ou'}); + push(@gr, $subject{'OU'}); + } + if ($subject{'L'} || $subject{'ST'} || $subject{'C'}) { + push(@gr, $text{'view_location'}); + push(@gr, $subject{'L'}.$subject{'ST'}.$subject{'C'}); + } + if ($subject{'emailAddress'}){ + push(@gr, $text{'view_email'}); + push(@gr, $subject{'emailAddress'}); + } + if ($v3ext{'san'}){ + push(@gr, "subjectAltName"); + push(@gr, $v3ext{'san'}); + } if ($subject{'issued'}){ - $rv .= "\n"; - $rv .= "\n"; - } - if ($full){ - $rv .= "\n"; - $rv .= "\n"; - } - if ($full){ - $rv .= "\n"; - $rv .= "\n"; + push(@gr, $text{'issued_on'}); + push(@gr, $subject{'issued'}); + push(@gr, $text{'expires_on'}); + push(@gr, $subject{'expires'}); } if ($subject{'md5fingerprint'}){ - $rv .= "\n"; + push(@gr, $text{'md5fingerprint'}); + push(@gr, $subject{'md5fingerprint'}); } - $rv .= "
$text{'certmgrlib_subject'}$text{'certmgrlib_issuer'}
$subject{'CN'}$issuer{'CN'}
$subject{'O'}$issuer{'O'}
$subject{'OU'}$issuer{'OU'}
$subject{'L'} $subject{'ST'} $subject{'C'}$issuer{'L'} $issuer{'ST'} $issuer{'C'}
$subject{'emailAddress'}$issuer{'emailAddress'}
$text{'issued_on'} $subject{'issued'}
$text{'expires_on'} $subject{'expires'}
$text{'keysize'}$subject{'keysize'}
$text{'keytype'}$subject{'keytype'}
$text{'publicExponent'}$subject{'exponent'}
$text{'modulus'}:
$subject{'modulus'}
$text{'md5fingerprint'}:
$subject{'md5fingerprint'}
\n"; - return $rv; + if ($subject{'sha1fingerprint'}){ + push(@gr, $text{'sha1fingerprint'}); + push(@gr, $subject{'sha1fingerprint'}); + } + if ($subject{'sha256fingerprint'}){ + push(@gr, $text{'sha256fingerprint'}); + push(@gr, $subject{'sha256fingerprint'}); + } + if ($full) { + if ($subject{'serial'}) { + push(@gr, $text{'view_serial'}); + push(@gr, $subject{'serial'}); + } + if ($subject{'sigalgorithm'}) { + push(@gr, $text{'view_sig_algorithm'}); + push(@gr, $subject{'sigalgorithm'}); + } + push(@gr, $text{'keysize'}); + push(@gr, $subject{'keysize'}); + push(@gr, $text{'keytype'}); + push(@gr, $subject{'keytype'}); + push(@gr, $text{'publicExponent'}); + push(@gr, $subject{'exponent'}); + push(@gr, $text{'modulus'}); + push(@gr, $subject{'modulus'}); + } + if (!$isreq) { + push(@gr, '
'.$text{'certmgrlib_issuer'}.''); + push(@gr, ''); + push(@gr, $text{'view_cn'}); + push(@gr, $issuer{'CN'}); + if ($issuer{'O'}) { + push(@gr, $text{'view_o'}); + push(@gr, $issuer{'O'}); + } + if ($issuer{'OU'}){ + push(@gr, $text{'view_ou'}); + push(@gr, $issuer{'OU'}); + } + if ($issuer{'L'} || $issuer{'ST'} || $issuer{'C'}) { + push(@gr, $text{'view_location'}); + push(@gr, $issuer{'L'}.$issuer{'ST'}.$issuer{'C'}); + } + } + return &ui_grid_table(\@gr, 2, undef, ['style="padding:0;"', 'style="padding:0 0 0.5% 3%;width:75%;"']); } sub show_key_info { @@ -156,6 +224,79 @@ sub show_key_info { return $rv; } +sub show_crl_info { + my $full=$_[0]; + my $crldata=$_[1]; + my %issuer; + my %v3ext; + my ($ndx, $pos); + my $isreq=0; + my @gr; + my @fields=('CN','O','OU','L','ST','C'); + my $field; + foreach $field (@fields){ + if ($crldata=~/^\s*Issuer:.*?\/$field=(.*?)(, [A-Z]{1,2}|\/\w+=|$)/m) { $issuer{$field}=$1; } + } + if ($crldata=~/^\s*Signature\s+Algorithm:\s*(.*)$/mi) { $issuer{'sigalgorithm'}=$1;} + if ($crldata=~/^\s*Last\s+Update:\s*(.*?)\s*?$/m) { $v3ext{'lastupdate'}=$1; } + if ($crldata=~/^\s*Next\s+Update:\s*(.*?)\s*?$/m) { $v3ext{'nextupdate'}=$1; } + if ($crldata=~/^\s*X509v3 CRL Number:\s*(.*?)\s*?$/m) { $v3ext{'crlnum'}=$1; } + if ($issuer{'L'} && ($issuer{'ST'} || $issuer{'C'})) {$issuer{'L'}.=',';} #Append commas + if ($issuer{'ST'} && $issuer{'C'}) {$issuer{'ST'}.=',';} #Append commas + push(@gr, ''.$text{'crl'}.''); + push(@gr, ''); + push(@gr, $text{'view_cn'}); + push(@gr, $issuer{'CN'}); + if ($issuer{'O'}) { + push(@gr, $text{'view_o'}); + push(@gr, $issuer{'O'}); + } + if ($issuer{'OU'}){ + push(@gr, $text{'view_ou'}); + push(@gr, $issuer{'OU'}); + } + if ($issuer{'L'} || $issuer{'ST'} || $issuer{'C'}) { + push(@gr, $text{'view_location'}); + push(@gr, $issuer{'L'}.$issuer{'ST'}.$issuer{'C'}); + } + if ($issuer{'sigalgorithm'}) { + push(@gr, $text{'view_sig_algorithm'}); + push(@gr, $issuer{'sigalgorithm'}); + } + if ($v3ext{'lastupdate'}) { + push(@gr, $text{'view_last_update'}); + push(@gr, $v3ext{'lastupdate'}); + } + if ($v3ext{'nextupdate'}) { + push(@gr, $text{'view_next_update'}); + push(@gr, $v3ext{'nextupdate'}); + } + if ($v3ext{'crlnum'}) { + push(@gr, $text{'view_crl_number'}); + push(@gr, $v3ext{'crlnum'}); + } + if ($full) { + push(@gr, "$text{'view_revoked_certs'}:"); + push(@gr, ""); + $ndx = index($crldata, "Serial Number:"); + while ($ndx gt 0) { + $crldata = substr($crldata, $ndx); + $crldata=~/^\s*Serial Number:\s*(.*)$/mi; + push(@gr, "$text{'view_serial'}"); + push(@gr, $1); + $crldata=~/^\s*Revocation Date:\s*(.*)$/mi; + push(@gr, "$text{'view_revoke_date'}"); + push(@gr, $1); + $crldata=~/^\s*X509v3 CRL Reason Code:\s*(.*)$/mi; + push(@gr, "$text{'view_revoke_reason'}"); + push(@gr, $1); + $ndx = index($crldata, "Serial Number:", $ndx + 1); + } + } + + return &ui_grid_table(\@gr, 2, undef, ['style="padding:0;"', 'style="padding:0 0 0.5% 3%;width:65%;"']); +} + sub pem_or_der{ my $filename=$_[0]; my $filetype=$_[1]; diff --git a/certmgr/lang/de b/certmgr/lang/de index c1398d6ea..470c90baf 100644 --- a/certmgr/lang/de +++ b/certmgr/lang/de @@ -103,6 +103,8 @@ prime1=Primzahl 1 prime2=Primzahl 2 privateExponent=Privater Exponent publicExponent=Öffentlicher Exponent +sha1fingerprint=SHA-1 Fingerprint +sha256fingerprint=SHA-256 Fingerprint signcsr_ca_passphrase=CA Passphrase signcsr_csrfile=CSR Dateiname signcsr_days=Anzahl der Tage der Zertifizierung für @@ -122,13 +124,26 @@ signcsr_title=Signiere Certificate Signing Request signcsr_worked=Signiere Zertifikat generiert st=Staat oder Provinz (vollständiger Name) view_choose=Wähle +view_cn=Common Name +view_crl_number=CRL Nummer view_delete=Lösche view_deleted=Datei erfolgreich gelöscht view_download=Download view_e_nofile=Datei nicht gefunden oder ist keine normale Datei view_e_not_deleted=Fehler: Problem beim Löschen der Datei +view_email=E-Mail-Adresse +view_last_update=Letztes Update +view_location=Lokalität +view_next_update=Weiter Update +view_o=Organisationsname +view_ou=Organisationseinheit Name view_pkcs12=Als PKCS12, mit Passwort: +view_revoke_date=Widerrufsdatum +view_revoke_reason=Widerrufsgrund +view_revoked_certs=Widerrufsbescheinigungen view_select=Bitte wähle eine Datei zum Anzeigen +view_serial=Ordnungsnummer +view_sig_algorithm=Signaturalgorithmus view_title=Zeige Zertifikat/CSR/Schlüssel view_update=Aktualisieren view_view=Zeige diff --git a/certmgr/lang/en b/certmgr/lang/en index ebf94c3ce..74ffd80c6 100644 --- a/certmgr/lang/en +++ b/certmgr/lang/en @@ -20,6 +20,8 @@ keytype=Key Type issued_on=Issued on expires_on=Expires on md5fingerprint=MD5 Fingerprint +sha1fingerprint=SHA-1 Fingerprint +sha256fingerprint=SHA-256 Fingerprint modulus=Modulus (from public key) publicExponent=Public Exponent @@ -102,6 +104,19 @@ view_deleted=File deleted sucessfully view_e_not_deleted=Error: Problem deleting file view_e_nofile=File not found or not a regular file view_wildcard=File Wildcard +view_cn=Common Name +view_o=Organization +view_ou=Organization Unit +view_email=Email Address +view_location=Location +view_serial=Serial Number +view_sig_algorithm=Signature Algorithm +view_last_update=Last Update +view_next_update=Next Update +view_revoked_certs=Revoked Certificates +view_revoke_date=Revocation Date +view_revoke_reason=Revocation Reason +view_crl_number=CRL Number import_title=Import Key or Signed Certificate import_e_nodir=No directory selected diff --git a/certmgr/lang/es b/certmgr/lang/es index afe2d34ae..ffabaf1dc 100644 --- a/certmgr/lang/es +++ b/certmgr/lang/es @@ -20,6 +20,8 @@ keytype=Tipo de llave issued_on=Fecha de certificación expires_on=Fecha de vencimiento md5fingerprint=Huella dactilar MD5 +sha1fingerprint=Huella dactilar SHA-1 +sha256fingerprint=Huella dactilar SHA-256 modulus=Modulus (del llave publico) publicExponent=Exponente Publico @@ -86,17 +88,30 @@ manage_decrypt=Decrypt Private Key manage_changepw=Change Password of Private Key manage_delete=Delete Certificate -view_title=View Certificate/CSR/Key -view_view=View -view_update=Update -view_download=Download -view_delete=Delete -view_select=Please select a file to view -view_choose=Choose -view_deleted=File deleted sucessfully -view_e_not_deleted=Error: Problem deleting file -view_e_nofile=File not found or not a regular file -view_wildcard=File Wildcard +view_title=Ver el Certificado/CSR/Key +view_view=Ver +view_update=Actualizar +view_download=Descargar +view_delete=Borrar +view_select=Por favor seleccione un archivo para ver +view_choose=Escoger +view_deleted=Archivo eliminado correctamente +view_e_not_deleted=Error: Problema al eliminar el archivo +view_e_nofile=Archivo no encontrado o no es un archivo regular +view_wildcard=Archivo comodín +view_cn=Nombre Común +view_o=Organización +view_ou=Unidad de Organización +view_email=Dirección de email +view_location=Locación +view_serial=número de serie +view_sig_algorithm=Algoritmo de firma +view_last_update=última actualización +view_next_update=Siguiente actualización +view_revoked_certs=Certificados revocados +view_revoke_date=Fecha de revocación +view_revoke_reason=Razón de revocación +view_crl_number=Número CRL import_title=Import Key or Signed Certificate import_e_nodir=No directory selected diff --git a/certmgr/view.cgi b/certmgr/view.cgi old mode 100755 new mode 100644 index 15c726a52..46711d460 --- a/certmgr/view.cgi +++ b/certmgr/view.cgi @@ -38,12 +38,15 @@ if (($in{'filename'}) && ($in{'view'} eq $text{'view_view'})) { } while(){ $buffer.=$_;} if ($buffer=~/^\s*-+BEGIN\s*RSA\s*PRIVATE\s*KEY-*\s*$/mi) { $key=1; } + if ($buffer=~/^\s*-+BEGIN\s*PRIVATE\s*KEY-*\s*$/mi) { $key=1; } if ($buffer=~/^\s*-+BEGIN\s*CERTIFICATE-*\s*$/mi) { $cert=1; } if ($buffer=~/^\s*-+BEGIN\s*CERTIFICATE\s*REQUEST-*\s*$/mi) { $csr=1; } + if ($buffer=~/^\s*-+BEGIN\s*X509\s*CRL-*\s*$/mi) { $crl=1; } if (($key)&&($cert)) {$in{'keycertfile'}=$in{'filename'};} elsif ($key) {$in{'keyfile'}=$in{'filename'};} elsif ($cert) {$in{'certfile'}=$in{'filename'};} elsif ($csr) {$in{'csrfile'}=$in{'filename'};} + elsif ($crl) {$in{'crlfile'}=$in{'filename'};} else { print "$text{'e_file'}
\n$text{'e_notcert'}\n

\n"; &footer("", $text{'index_return'}); @@ -135,6 +138,25 @@ if ($in{'keycertfile'}) { exit; } +if ($in{'crlfile'}) { + if ($in{'dl'} eq 'yes') { + # Just output in PEM format + &output_cert($in{'crlfile'}); + } + + open(OPENSSL,"$config{'openssl_cmd'} crl -in $in{'crlfile'} -text -noout|"); + while(){ $buffer.=$_; } + close(OPENSSL); + + print &ui_table_start($in{'crlfile'}, "width=60%", 2); + print &ui_table_row(undef, (!$buffer ? $text{'e_file'} : show_crl_info(1,$buffer) ) ); + print &ui_table_end()."
"; + &download_form("crlfile", $in{'crlfile'}, "CRL"); + print &ui_hr(); + &footer("", $text{'index_return'}); + exit; +} + print &ui_form_start("view.cgi", "post"); print &ui_table_start($text{'view_select'}, undef, 2); print &ui_table_row($text{'view_wildcard'}.": ".&ui_textbox("wildcard", $in{'wildcard'}), &ui_submit($text{'view_update'},"update"), undef, $valign_middle); @@ -194,12 +216,14 @@ $rv1 .= &ui_hidden($mode, $keyfile); $rv1 .= &ui_submit("$text{'view_download'} $suffix"); $rv1 .= ""; -$rv2 = "

"; -$rv2 .= &ui_hidden("pkcs12", "yes"); -$rv2 .= &ui_hidden($mode, $keyfile); -$rv2 .= &ui_submit("$text{'view_download'} $suffix $text{'view_pkcs12'}"); -$rv2 .= &ui_password("pass","",20); -$rv2 .= "
"; +if ($mode ne "crlfile") { + $rv2 = "
"; + $rv2 .= &ui_hidden("pkcs12", "yes"); + $rv2 .= &ui_hidden($mode, $keyfile); + $rv2 .= &ui_submit("$text{'view_download'} $suffix $text{'view_pkcs12'}"); + $rv2 .= &ui_password("pass","",20); + $rv2 .= "
"; +} $rv3 = "
"; $rv3 .= &ui_hidden("delete", "yes");