getsslcert.php3 3.78 KB
Newer Older
1 2
<?php
#
3
# Copyright (c) 2000-2012, 2016 University of Utah and the Flux Group.
4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22
# 
# {{{EMULAB-LICENSE
# 
# This file is part of the Emulab network testbed software.
# 
# This file is free software: you can redistribute it and/or modify it
# under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or (at
# your option) any later version.
# 
# This file is distributed in the hope that it will be useful, but WITHOUT
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Affero General Public
# License for more details.
# 
# You should have received a copy of the GNU Affero General Public License
# along with this file.  If not, see <http://www.gnu.org/licenses/>.
# 
# }}}
23 24 25 26 27 28
#
include("defs.php3");

#
# Only known and logged in users can do this.
#
29 30 31
$this_user = CheckLoginOrDie();
$uid       = $this_user->uid();
$isadmin   = ISADMIN();
32 33

#
34
# Verify page arguments
35
#
36
$optargs = OptionalPageArguments("target_user", PAGEARG_USER,
37
				 "p12",  PAGEARG_BOOLEAN,
38 39
				 "ssh",  PAGEARG_BOOLEAN,
				 "pub",  PAGEARG_BOOLEAN);
Leigh Stoller's avatar
Leigh Stoller committed
40 41 42
if (!isset($p12)) {
    $p12 = 0;
}
43 44 45
if (!isset($ssh)) {
    $ssh = 0;
}
46 47 48
if (!isset($pub)) {
    $pub = 0;
}
49 50 51 52 53
# We use this in the aptui directory, so watch for this already
# being set.
if (!isset($FILENAME)) {
    $FILENAME = "emulab";
}
54

55 56 57
# Default to current user if not provided.
if (!isset($target_user)) {
     $target_user = $this_user;
58 59
}

60 61 62
# Need these below
$target_uid = $target_user->uid();
$target_idx = $target_user->uid_idx();
63 64 65 66

#
# Only admin people can create SSL certs for another user.
#
67 68 69
if (!$isadmin && !$target_user->SameUser($this_user)) {
    USERERROR("You do not have permission to download SSL cert ".
	      "for $user!", 1);
70 71
}

72 73 74
if ($p12) {
    if ($fp = popen("$TBSUEXEC_PATH $target_uid nobody webspewcert", "r")) {
	header("Content-Type: application/octet-stream;".
75 76
	       "filename=\"${FILENAME}.p12\";");
        header("Content-Disposition: attachment; filename='${FILENAME}.p12'");
77 78 79 80 81 82 83 84 85 86 87 88 89
	header("Cache-Control: no-cache, must-revalidate");
	header("Pragma: no-cache");
#       header("Content-Type: application/x-x509-user-cert");
	while (!feof($fp) && connection_status() == 0) {
	    print(fread($fp, 1024));
	    flush();
	}
	$retval = pclose($fp);
	$fp = 0;
    }
    return;
}

90
$query_result =& $target_user->TableLookUp("user_sslcerts",
91
					   "cert,privkey,idx",
92
					   "encrypted=1 and revoked is null");
93 94 95 96 97 98 99 100 101

if (!mysql_num_rows($query_result)) {
    PAGEHEADER("Download SSL Certificate for $target_uid");
    USERERROR("There is no SSL Certificate for $target_uid!", 1);
}
$row  = mysql_fetch_array($query_result);
$cert = $row["cert"];
$key  = $row["privkey"];

102 103 104 105 106 107 108 109 110 111 112 113 114 115
if ($ssh) {
    $serial  = $row['idx'];
    $comment = "sslcert:${serial}";
    $pubkey_result =& $target_user->TableLookUp("user_pubkeys",
						"pubkey",
						"comment='$comment'");
    if (!mysql_num_rows($query_result)) {
	PAGEHEADER("Download SSL Certificate for $target_uid");
	USERERROR("There is no SSH pubkey for certificate!", 1);
    }
    $row  = mysql_fetch_array($pubkey_result);
    $pubkey = $row['pubkey'];
    
    header("Content-Type: text/plain");
116
    header("Content-Disposition: attachment; filename='${FILENAME}.pem'");
117 118 119
    echo "-----BEGIN RSA PRIVATE KEY-----\n";
    echo $key;
    echo "-----END RSA PRIVATE KEY-----\n";
120 121 122 123 124
    # The user does not generally need this and it causes confusion.
    if ($pub) {
	echo $pubkey;
	echo "\n";
    }
125 126 127
}
else {
    header("Content-Type: text/plain");
128
    header("Content-Disposition: attachment; filename='${FILENAME}.pem'");
129 130 131 132 133 134 135
    echo "-----BEGIN RSA PRIVATE KEY-----\n";
    echo $key;
    echo "-----END RSA PRIVATE KEY-----\n";
    echo "-----BEGIN CERTIFICATE-----\n";
    echo $cert;
    echo "-----END CERTIFICATE-----\n";
}
136

137
?>