"Root", 1 => "Client", 2 => "Admin", 3 => "Bundle", 4 => "Client", 5 => "Client Private Key", 6 => "Admin", 7 => "Admin Private Key", 8 => "Root", 9 => "Client"); function print_cert_info($info, $type) { $status = "Valid"; if( !$info->IsValid ) $status = "Expired"; else if( $info->ExpireSoon ) $status = "Expires
Soon"; // Highlight the tags in the Issuer and Subject $old = array("C:", "S:", "L:", "O:", "OU:", "CN:"); $new = array("C:", "S:", "L:", "O:", "OU:", "CN:"); $Issuer = str_replace($old, $new, $info->Issuer); $Subject = str_replace($old, $new, $info->Subject); ?> Library SN?> NotValidBefore?>
NotValidAfter?>
Issuer: 
Subject: 
context = "tlsCertImport"; // By calling this here on all the SKM pages during the post the will all get the same error. if( $_SERVER['CONTENT_LENGTH'] > 20480 ) { error_log("TLSC file is too big:" . $_SERVER['CONTENT_LENGTH'] ); $status->setErrorCode("10752"); print $status->out(); return; } // If the checkbox to use the admin password was check set the client to the admin if( $_POST['useAdminCB'] == "on" ) $_POST['clientPassword'] = $_POST['adminPassword']; $keepGoing = true; for( $i=0; $i<3; $i++ ) //Loop until we break below { // See if we are uploading a bundel or seperate files if( isset($_FILES['qBundle']['name'] ) ) { // We are doing the Quantum Bundel $tmp_name = $_FILES['qBundle']['tmp_name']; $fileName = "/tmp/".$_FILES['qBundle']['name']; $fileType = 3; $keepGoing = false; // Only need to run this once. } else { if($i == 1 && $_POST['serverType'] == 4) { error_log("Skipping upload of Admin cert for KMIP"); continue; } // We are doing seperate files..... if( $i == 0 ) { // // Validate Admin Cert // $fileType = 2; // Test the Validity of the files if doing the sperate ones. $Root = $_FILES['rootCert']['tmp_name']; $fileName = $_FILES['adminCert']['tmp_name']; $password = $_POST['adminPassword']; if( $fileName == "" ) { error_log("Must be doing KMIP, there is no admin cert..."); } else { error_log("****************** Running akm_validate_cert with $Root, $fileName, $fileType **********************\n"); $Ret = @akm_validate_cert($user, $Root, $fileName, $fileType, $password ); error_log("akm_validate_cert for the admin returned a ". print_r($Ret, true) ); // If resCode = 0 (Unknown) we could not run the validation so ONLY look at the caCertRes and certRes // If resCode = Validation failed CertMgmtResult::VerificationFailed: // 0x6F000005 (1862270981) // then caCertRes and certRes are probably invalid. if( $Ret->resCode == 0 || $Ret->resCode == -2147483648 /* Result::Succeeded */) { // The resCode was Unknown or Succedded so lets look at the other codes // Set the reCode to succes so it's not used below. $Ret->resCode = -2147483648; if( $Ret->caCertRes == 1 && $Ret->certRes == 1 ) { // The files were so bad we did not even get to the validate. // So set both files as corrupted. $status->setExtraText("Root certificate ". $_FILES['rootCert']['name'] . " and Admin certificate ".$_FILES['adminCert']['name'] .""); } else if( $Ret->caCertRes != -2147483648 ) // Result::Succeeded) $status->setExtraText("Root certificate: ".$_FILES['rootCert']['name']); else $status->setExtraText("Admin certificate: ".$_FILES['adminCert']['name']); } } // If the first cert looks good get the next if($_POST['serverType'] == 4 || ($Ret->resCode == -2147483648 && $Ret->caCertRes == -2147483648 && $Ret->certRes == -2147483648)) // Result::Succeeded { // // Validate Client Cert // if( $_POST['serverType'] == 4 ) $fileType = 9; else $fileType = 1; $fileName = $_FILES['clientCert']['tmp_name']; $password = $_POST['clientPassword']; error_log("****************** Running akm_validate_cert with $Root, $fileName, $fileType **********************\n"); $Ret = @akm_validate_cert($user, $Root, $fileName, $fileType, $password ); error_log("akm_validate_cert for the client returned a ". print_r($Ret, true) ); if( $Ret->resCode == 0 || $Ret->resCode == -2147483648 /* Result::Succeeded */) { // The resCode was Unknow or Succedded s lets look at the other codes // Set the reCode to succes so it's not used below. $Ret->resCode = -2147483648; if( $Ret->caCertRes == 1 && $Ret->certRes == 1 ) { // The files were so bad we did not even get to the validate. // So set both files as corrupted. $status->setExtraText("Root certificate ". $_FILES['rootCert']['name'] . " and Client certificate ".$_FILES['clientCert']['name'] .""); } else if( $Ret->caCertRes != -2147483648 ) // Result::Succeeded) $status->setExtraText("Root certificate: ".$_FILES['rootCert']['name']); else $status->setExtraText("Client certificate: ".$_FILES['clientCert']['name']); } } // Handle errors for both Certs here...... error_log( "Using the following to show the error..." . print_r($Ret,true) ); if( $Ret->resCode != -2147483648 ) // Result::Succeeded { error_log("Using resCode!"); // The operation failed, -2147483648 = 0x80000000 = Succeeded; //$status->setErrorCode("2130706516"); //Certificate Error $status->setErrorCode($Ret->resCode); //Certificate Error print $status->out(); return; } else if( $Ret->caCertRes != -2147483648 ) // Result::Succeeded { error_log("Using caCertRes!"); // The operation failed, -2147483648 = 0x80000000 = Succeeded; //$status->setErrorCode("2130706516"); //Certificate Error // Set the general error to a file error if( $Ret->caCertRes == 1 ) $Ret->caCertRes = 1862270979; /*CertMgmtResult::FileFormatNotRecognized ); */ $status->setErrorCode($Ret->caCertRes); //Certificate Error print $status->out(); return; } else if( $Ret->certRes != -2147483648 ) // Result::Succeeded { error_log("Using certRes!"); // The operation failed, -2147483648 = 0x80000000 = Succeeded; //$status->setErrorCode("2130706516"); //Certificate Error // Set the general error to a file error if( $Ret->certRes == 1 ) $Ret->certRes = 1862270979; /*CertMgmtResult::FileFormatNotRecognized ); */ $status->setErrorCode($Ret->certRes); //Certificate Error print $status->out(); return; } else error_log("!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!SHOULD NEVER GET HERE!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"); } // Load up the varibles that will be used below in this iteration of the loop $password = ""; if( $i<1 && $_FILES['rootCert']['tmp_name'] != "" ) { $tmp_name = $_FILES['rootCert']['tmp_name']; $fileName = "/tmp/".$_FILES['rootCert']['name']; if( $_POST['serverType'] == 4 ) $fileType = 8; else $fileType = 0; } else if( $i<2 && $_FILES['adminCert']['tmp_name'] != "" ) { $tmp_name = $_FILES['adminCert']['tmp_name']; $fileName = "/tmp/".$_FILES['adminCert']['name']; $fileType = 2; $password = $_POST['adminPassword']; $i = 1; // Make sure this one does not try to run if there was no root. } else if( $_FILES['clientCert']['tmp_name'] != "" ) { $tmp_name = $_FILES['clientCert']['tmp_name']; $fileName = "/tmp/".$_FILES['clientCert']['name']; if( $_POST['serverType'] == 4 ) $fileType = 9; else $fileType = 1; $password = $_POST['clientPassword']; $keepGoing = false; // Don't need to loop after this one } else { continue; } error_log("---> Dealing with file $i - $tmp_name <----\n"); } error_log("The File has been uploaded - we will now verify it."); if(is_uploaded_file($tmp_name)) { /* CMIResult::FirmwareUpdateInProgress = 4125 */ //set_single_user_mode($user, true, 4125); error_log("The file was uploaded - processing now."); error_log("The file has been uploaded. We are now going to move it to ". $fileName ); if(!move_uploaded_file($tmp_name, $fileName)) { error_log("Failed to moved the uploaded file ". $fileName); $status->setErrorCode("4108"); } // PCR 31454 stated not to use the imnport for Bundles but to use the install function. // So I am commneting the use of th import out, but leaving the code in for awhile tell I'm sure all is working correctly.... // When getting rid of this code I should also get rid of the optional bool for TLS certs in akm_cert_import //if( $fileType == 3 ) //{ // error_log("****************** Running akm_cert_import with $fileName **********************\n"); // $iRet = akm_cert_import($user, $fileName, true); //} //else //{ error_log("****************** Running akm_install_cert with $fileName, $fileType, $password **********************\n"); $iRet = akm_install_cert($user, $fileName, $fileType, $password ); //} // Do we stop or keep gping to the next file if( $keepGoing && $iRet == 0 ) continue; if( $iRet == 0 ) { error_log("Closing the progress window."); /*########################################################### # Note: The code in $status->out() calls returnStatus( 1 ) # Which closes the popup and reloads the homepage in the # main Window. ###########################################################*/ // Close the progress Window. //print $status->closeOut(1); print $status->out(); } else { error_log("Problem Importing Certificate"); $status->setErrorCode(4112); //Force corrupt file } } else { if (is_null($_FILES[$fileType])) { error_log("The file is too big. key certificate was NULL"); $status->setErrorCode("4109"); } else { switch ($HTTP_POST_FILES[$fileType]['error']) { case 1 : //uploaded file exceeds the upload_max_filesize directive in php.ini case 2 : //uploaded file exceeds the MAX_FILE_SIZE directive that was specified in the html form error_log("The file you are trying to upload is too big."); $status->setErrorCode("4109"); break; case 3 : //uploaded file was only partially uploaded error_log("The file you are trying upload was only partially uploaded."); $status->setErrorCode("4110"); break; case 4 : //no file was uploaded error_log("You must select an image for upload."); $status->setErrorCode("4111"); break; default : //a default error, just in case! :) error_log("There was a problem with your upload."); $status->setErrorCode("4108"); break; } } } break; }//for() print $status->out(); return; } else { // get the server type to default toe comno box too $preferredServerType = get_ekm_type($user); if($preferredServerType == 1) $preferredServerType = 2; // If Q-EKM is currently selected, show SKM certs by default error_log("The get_ekm_type = $preferredServerType"); /*############################################################################################## # NOTE: When we added KMIP we decided to get rid of the akm_server_avlible checks in this page. # The servers are not needed to load the tls certificates, per Bob W. # We are alos taking out any server pinging code in this page. ##############################################################################################*/ /* * If both are up a 1 is returned. * static const CcpAbstract::ResultCode PrimaryServerFailed = 0x7F000041 (2130706497); * static const CcpAbstract::ResultCode SecondaryServerFailed = 0x7F000042 (2130706498); * If Both are down BothServerFailed (2130706499): * if no certs are found 0x7F000052; 2130706514 * Note: The akm_servers_available converts certificate errors into either PrimaryServerFailed * or SecondaryServerFailed */ $akmServAvail = akm_servers_available($user); error_log("\n\n\nakmServAvail = $akmServAvail\n\n\n"); if( $akmServAvail != 0 ) { // Load the array data up on the get of the page. // $ver = akm_get_software_version($user); //!?! This has Code that checks for the new Townsedn code over the OLD // error_log("akm_get_software_version returned ". print_r($ver,true) ); // error_log("\n\n\n**********************************************************************************\n\n\n"); // $certList = akm_get_cert_list($user); // error_log("akm_get_cert_list returned ". print_r($certList, true) ); $infoArraySrv = akm_server_cert_info($user); error_log("akm_server_cert_info = ". print_r($infoArraySrv,true) ); } else { $infoArraySrv = array(); error_log("Setting infoArraySrv to an empty array"); } $bSkmTLS = (has_certs_installed($user, 0, 4, 6) == 1); $bKmipTLS = (has_certs_installed($user, 8, 9) == 1); // Get SKM Certs $skmInfoArray = get_cert_info($user, 0, 4, 6); error_log("skm certs = ". print_r($skmInfoArray,true) ); // Get KMIP Certs $kmipInfoArray = get_cert_info($user, 8, 9); error_log("kmip certs = ". print_r($kmipInfoArray,true) ); } ?> Tools - EKM Communication Certificate Import
Tools - TLS Communication Certificate Import
Import TLS communication certificate(s).

An Encryption Key Management license must be installed on the library in order to use this feature.
Please click here to add a license key.

Note: Transport layer security (TLS) certificates may be uploaded by browsing to the files and selecting Apply.
Either individual certificates or a Quantum certificate bundle may be uploaded if applicable.
Quantum bundles are only applicable for SKM certificates.


Select the Certificate Type to install:
Root Certificate File:
Admin Certificate File: >
Admin Certificate Password: >
Client Certificate File:
Client Certificate Password:  >Use Admin Password

Use the Quantum Certificate Bundle: />
Quantum Communication Certificate Bundle File:

> (TLS communication certificates are not currently installed on the library.) Type]; print_cert_info($info, $Type); } if( $akmServAvail == true ) { $primary = true; foreach($infoArraySrv as $info) { if($info->Type != 6) continue; $Type = $primary ? "Primary
Server" : "Secondary
Server"; $primary = false; print_cert_info($info, $Type); } } ?>
Type  Location  Serial Number Valid Between Dates Status Issuer and Subject
> (KMIP TLS communication certificates are not currently installed on the library.) Type]; print_cert_info($info, $Type); } ?>
Type  Location  Serial Number Valid Between Dates Status Issuer and Subject