Private GIT

Skip to content
Snippets Groups Projects
Commit efb7b3c4 authored by phpipam's avatar phpipam
Browse files

Updated certificate export

parent 5355a58d
No related branches found
No related tags found
No related merge requests found
......@@ -52,60 +52,83 @@ else {
$certificate = base64_decode($vault_item_values->certificate);
}
// no key
if(strlen(@$_GET['key'])==0) { $_GET['key'] = ""; }
// all ok, proceed
try {
if($content == "") {
// PEM encoded public ASCII
if ($_GET['certtype']=="crt") {
// strip private cert
$private_key = openssl_pkey_get_private($certificate);
$content = openssl_pkey_get_details($private_key)['key'];
// save
// $content = openssl_pkey_get_details($certificate);
}
// crt
elseif ($_GET['certtype']=="crt") {
// base64 decode cert form DB
$certificate = base64_decode($vault_item_values->certificate);
// $certificate = str_replace("-----BEGIN CERTIFICATE-----".PHP_EOL, "", $certificate);
// $certificate = str_replace("-----END CERTIFICATE-----".PHP_EOL, "", $certificate);
// public and private keys
// $cert_res_pub = openssl_pkey_get_public ($certificate);
$cert_res_pri = openssl_pkey_get_private ($certificate, "");
$cert_res_pub = openssl_x509_read ($certificate);
$content = wordwrap($certificate, 64, "\r\n", true);
}
// p12
elseif ($_GET['certtype']=="p12") {
if(openssl_get_privatekey(base64_decode($vault_item_values->certificate))===false) {
//
// PEM encoded ASCII formats
//
// PEM encoded (ASCII encoding), x509 certificates. ---- BEGIN CERTIFICATE -----
// The .pem file can include the server certificate, the intermediate certificate and the private key in a single file.
// The server certificate and intermediate certificate can also be in a separate .crt or .cer file. The private key can be in a .key file.
//
if ($_GET['certtype']=="crt" || $_GET['certtype']=="pem") {
// CRT - strip pkey
if ($_GET['certtype']=="crt") {
openssl_x509_export ($cert_res_pub, $content);
}
else {
// encrypt private ky
if ($_GET['key']!="" && $_GET['key']!=="null") {
openssl_pkey_export ($cert_res_pri, $exported_pri, $_GET['key']);
openssl_x509_export ($cert_res_pub, $exported_pub);
$content = $exported_pub.$exported_pri;
}
else {
$content = $certificate;
}
}
// pem
elseif ($_GET['certtype']=="pem") {
}
//
// DER format
//
// The DER certificates are in binary form, contained in .der or .cer files. These certificates are mainly used in Java-based web servers.
//
elseif ($_GET['certtype']=="cer" || $_GET['certtype']=="der") {
// get PEM pubkey
openssl_x509_export ($cert_res_pub, $exported_pub);
// remove BEGIN / END Certificate
$exported_pub = str_replace("-----BEGIN CERTIFICATE-----".PHP_EOL, "", $exported_pub);
$exported_pub = str_replace("-----END CERTIFICATE-----".PHP_EOL, "", $exported_pub);
// $content = wordwrap($exported_pub, 64, "\r\n", true);
$content = wordwrap(base64_decode($exported_pub), 64, "\r\n", true);
}
//
// p12 / PFX format
//
// The PKCS#12 certificates are in binary form, contained in .pfx or .p12 files.
// The PKCS#12 can store the server certificate, the intermediate certificate and the private key in a single .pfx file with password protection.
//
elseif ($_GET['certtype']=="p12") {
// parse
openssl_pkey_export ($cert_res_pri, $exported_pri, $_GET['key']);
openssl_x509_export ($cert_res_pub, $exported_pub);
// export to p12
openssl_pkcs12_export($cert_res_pub, $content, $cert_res_pri, $_GET['key']);
}
// error
else {
$content = "Incorrect format";
}
}
// PEM format
// PEM encoded (ASCII encoding), x509 certificates. ---- BEGIN CERTIFICATE -----
// The .pem file can include the server certificate, the intermediate certificate and the private key in a single file.
// The server certificate and intermediate certificate can also be in a separate .crt or .cer file. The private key can be in a .key file.
// PKCS#7 Format
// The PKCS#7 certificate uses Base64 ASCII encoding with file extension .p7b or .p7c. Only certificates can be stored in this format, not private keys. The P7B certificates are contained between the "-----BEGIN PKCS7-----" and "-----END PKCS7-----" statements.
// DER Format
// The DER certificates are in binary form, contained in .der or .cer files. These certificates are mainly used in Java-based web servers.
// PKCS#12 Format
// The PKCS#12 certificates are in binary form, contained in .pfx or .p12 files.
// The PKCS#12 can store the server certificate, the intermediate certificate and the private key in a single .pfx file with password protection.
}
catch (Exception $e) {
$content = $e->getMessage();
}
# headers
header("Cache-Control: private");
......@@ -114,36 +137,3 @@ header('Content-type: application/octet-stream');
header('Content-Disposition: attachment; filename="'.$vault_item_values->name.'.'.$_GET['certtype'].'"');
print($content);
\ No newline at end of file
// // process cer
// if($filename=="cer" || $filename=="pem" || $filename=="crt") {
// // detect BEGIN CERTIFICATE
// if(strpos(file_get_contents($_FILES["file"]["tmp_name"]), "BEGIN CERTIFICATE")!==false) {
// $certificate = trim(file_get_contents($_FILES["file"]["tmp_name"]));
// }
// // binary
// else {
// $certificate = "-----BEGIN CERTIFICATE-----".PHP_EOL;
// $certificate .= chunk_split(base64_encode(file_get_contents($_FILES["file"]["tmp_name"])), 64, PHP_EOL);
// $certificate .= "-----END CERTIFICATE-----".PHP_EOL;
// }
// }
// // process p12
// elseif ($filename=="p12" || $filename=="pfx") {
// $password = $_POST['pkey_pass'];
// $convert = openssl_pkcs12_read (file_get_contents($_FILES["file"]["tmp_name"]), $results, $password);
// if (!$convert) {
// echo '{"status":"error","error":"'.openssl_error_string().'"}';
// exit;
// }
// else {
// $certificate = implode("\n", $results);
// }
// }
// // error
// else {
// echo '{"status":"error","error":"Invalid format"}';
// exit;
// }
\ No newline at end of file
......@@ -48,12 +48,12 @@ $vault_item_values = json_decode($User->Crypto->decrypt($vault_item->values, $_S
// set options
$options = [];
$options['crt'] = "Download PEM encoded public certificate (ASCII) - crt";
$options['cer'] = "Download DER encoded public certificate (binary) - cer";
// $options['cer'] = "Download DER encoded public certificate (binary) - cer";
// private key
if(openssl_get_privatekey(base64_decode($vault_item_values->certificate))!==false) {
$options['pem'] = "Download PEM encoded certificate (ASCII) with private key - pem";
$options['der'] = "Download DER encoded certificate (Binary) with private key - der";
// $options['der'] = "Download DER encoded certificate (Binary) with private key - der";
$options['p12'] = "Download PKCS#12 encoded certificate (Binary) with private key - p12";
}
// print options
......@@ -101,6 +101,8 @@ $(document).on("click", ".certdownload", function() {
var pkey_pass = "";
}
// $('.pFooter').load("app/admin/vaults/download-certificate-execute.php?certtype="+$(this).attr('data-certtype')+"&vaultid="+$(this).attr('data-vaultid')+"&id="+$(this).attr('data-id')+"&key="+pkey_pass+"");
// execute
$('div.exportDIV').append("<div style='display:none' class='dl'><iframe src='app/admin/vaults/download-certificate-execute.php?certtype="+$(this).attr('data-certtype')+"&vaultid="+$(this).attr('data-vaultid')+"&id="+$(this).attr('data-id')+"&key="+pkey_pass+"'></iframe></div>");
return false;
......
......@@ -8,7 +8,7 @@
+ Add scanPingType=="none" option to disable scanning;
+ Custom fields on IP request forms (#2956);
+ Added subnet free space map for each possible subnet mask;
+ Added Vaults;
+ Added Vaults (Certificate andf password storing);
Enhancements, changes:
----------------------------
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment