#!/usr/local/bin/perl
# gencert.cgi
# Generates self-signed certificates
require './certmgr-lib.pl';
&ReadParse();
$access{'gencert'} || &error($text{'ecannot'});
&header($text{'gencert_title'}, "");
if ($in{'keysize'}==512){$checked[0]=" checked";}
elsif ($in{'keysize'}==2048){$checked[2]=" checked";}
else {$checked[1]=" checked";} # Default keysize 1024
$in{'c'}=~tr/[a-z]/[A-Z]/;
if ($in{'submitted'} eq "generate") {
if (!$in{'cn'}) { $error.=$text{'gencert_e_nocn'}."
\n"; }
if (!$in{'days'}) { $error.=$text{'gencert_e_nodays'}."
\n"; }
if ($in{'password'} ne $in{'confirm_password'}) {
$error.=$text{'gencert_e_badpw'}."
\n";
$in{'password'}="";
$in{'confirm_password'}="";
}
if (!($in{'certfile'} && $in{'keyfile'})){
$error.=$text{'gencert_e_nofilename'}."
\n";
}
if (!$error) {
&process();
exit;
}
} else {
if (!$in{'certfile'}) { $in{'certfile'}=$config{'ssl_cert_dir'}."/".
$config{'cert_filename'}; }
if (!$in{'keyfile'}) { $in{'keyfile'}=$config{'ssl_key_dir'}."/".
$config{'key_filename'}; }
if (!$in{'keycertfile'}) { $in{'keycertfile'}=
$config{'ssl_key_dir'}."/".$config{'key_cert_filename'};}
}
if (!$in{'cn'}) { $in{'cn'}=&get_system_hostname(); }
if (!$in{'days'}) { $in{'days'}=$config{'default_days'}; }
if ($error) {
print "
$text{'gencert_error'}\n\n$text{'gencert_pleasefix'}\n";
}
print &ui_hr();
&print_cert_form("gencert");
print &ui_hr();
&footer("", $text{'index_return'});
sub process{
$conffilename=&tempname();
$outfile=&tempname();
if (((-e $in{'certfile'})||(-e $in{'keyfile'})||(-e $in{'keycertfile'}))&&($in{'overwrite'} ne "yes")) {
&overwriteprompt();
print &ui_hr();
&footer("", $text{'index_return'});
exit;
}
open(CONF,">$conffilename");
print CONF <$outfile 2>&1"))) {
$error="$text{'e_genfailed'}: $!";
} else {
close(OPENSSL);
open(ERROR,"<$outfile");
while(){$out.=$_;}
close(ERROR);
if (!((-e $in{'certfile'})&&(-e $in{'keyfile'}))) {
$error=$out;
} else{
$error=0;
chmod(0400,$in{'keyfile'});
if ($in{'keycertfile'}) {
open(OUTFILE,">$in{'keycertfile'}");
open(INFILE,"$in{'keyfile'}");
while() { print OUTFILE; }
close(INFILE);
open(INFILE,"$in{'certfile'}");
while() { print OUTFILE; }
close(INFILE);
close(OUTFILE);
chmod(0400,$in{'keycertfile'});
}
}
}
unlink($outfile);
unlink($conffilename);
print &ui_hr();
if ($error){ print "$text{'gencert_e_genfailed'}\n$error
\n
\n";}
else {
print "$text{'gencert_genworked'}\n$out
\n";
$url="\"view.cgi?certfile=".&my_urlize($in{'certfile'}).'"';
print "$text{'gencert_saved_cert'} $in{'certfile'}
\n";
$url="\"view.cgi?keyfile=".&my_urlize($in{'keyfile'}).'"';
print "$text{'gencert_saved_key'} $in{'keyfile'}
\n";
$url="\"view.cgi?keycertfile=".&my_urlize($in{'keycertfile'}).'"';
if (-e $in{'keycertfile'}) {
print "$text{'gencert_saved_keycert'} $in{'keyfile'}
\n";
}
print &ui_hr();
}
print &ui_hr();
&footer("", $text{'index_return'});
}
sub overwriteprompt{
my($buffer1,$buffer2,$buffer,$key,$temp_pem,$url);
print "\n";
if (-e $in{'certfile'}) {
open(OPENSSL,"$config{'openssl_cmd'} x509 -in $in{'certfile'} -text -fingerprint -noout|");
while(){ $buffer1.=$_; }
close(OPENSSL);
$url="\"view.cgi?certfile=".&my_urlize($in{'certfile'}).'"';
print "$in{'certfile'} | \n \n";
if (!$buffer1) { print $text{'e_file'};}
else { &print_cert_info(0,$buffer1); }
print " |
| \n";
}
if (-e $in{'keyfile'}) {
open(OPENSSL,"$config{'openssl_cmd'} rsa -in $in{'keyfile'} -text -noout|");
while(){ $buffer.=$_; }
close(OPENSSL);
$url="\"view.cgi?keyfile=".&my_urlize($in{'keyfile'}).'"';
print " $in{'keyfile'} | \n \n";
if (!$buffer) { print $text{'e_file'};}
else { &print_key_info(0,$buffer); }
print " |
| \n";
}
if (-e $in{'keycertfile'}) {
undef($buffer);
open(OPENSSL,"$config{'openssl_cmd'} x509 -in $in{'keycertfile'} -text -fingerprint -noout|");
while(){ $buffer2.=$_; }
close(OPENSSL);
open(OPENSSL,"$config{'openssl_cmd'} rsa -in $in{'keycertfile'} -text -noout|");
while(){ $buffer.=$_; }
close(OPENSSL);
if ($buffer1 ne $buffer2) {
$url="\"view.cgi?keycertfile=".&my_urlize($in{'keycertfile'}).'"';
print " $in{'keycertfile'} | \n";
print "$text{'certificate'} | $text{'key'} | \n \n";
if (!$buffer2) { print $text{'e_file'};}
else {&print_cert_info(0,$buffer2); }
print " | \n";
if (!$buffer) { print $text{'e_file'};}
else {&print_key_info(0,$buffer); }
print " |
| \n";
}
}
print "
\n";
print "$text{'gencert_moreinfo'}";
print "
\n$text{'gencert_overwrite'}\n\n";
print "
\n";
}