<?php
       
//------------------------------------------------------------------------------
//  Licensed Materials - Property of IBM
//  (c) Copyright IBM Corporation 2001,2002 All Rights Reserved.
//  US Government Users Restricted Rights - Use, duplication or disclosure 
//  restricted by GSA ADP Schedule Contract with IBM Corp.
//------------------------------------------------------------------------------
//  Upload User Defined SSL Communication Certificate
//  
//  Filename:  ml_set_certificate_upload.htm
//
//  This file uploads ssl communication certificate.
//
//  When a POST is received, POST data is retrieved and the appropriate
//  extension is called.  Return information is sent via a POST (form_out). 
//
//  Input:  POST data
//      url             original request page
//      userCertFile    User defined ssl certificate file
//
//  Ouput:  POST ('form_out')
//
//      url             original request page
//      errorCode       result of operation
//      returnMessage   text information about the operation results 
//      
//  Change History:
//      
//  Date        Defect  Changed By  Description of Change
//  ----        ------  ----------  ---------------------
//  02/26/2016          dtorske     File Created
//
//------------------------------------------------------------------------------  
   include('common_admin_inc.htm');

   include('main_inc.htm');


   //initialize variables
   $errorCode     = 0;
   $returnMessage = " ";
   $url           = " " ;
   

    if ($_SERVER['REQUEST_METHOD'] == "POST")
    {

       $url              = $_REQUEST['url'];

       error_log("url: ".print_r($url,true));
       error_log("files: ".print_r($_FILES, TRUE));

       $tmp_name = $_FILES['userCertFile']['tmp_name'];
       $filename = $_FILES['userCertFile']['name'];
       $certfilename="/home/embedded/library/HTTPService/certs/user_ssl.pem";
       $tmpfilename="/tmp/user_ssl.pem";

       error_log("The file has been uploaded. We are now going to move it to ". $tmpfilename );
       if(!move_uploaded_file($tmp_name, $tmpfilename))
       {
             error_log("Failed to move the uploaded file ". $filename);
             $returnMessage="SSL certificate file failed to upload.";
       }
       else
       {
             // Validate the uploaded file is a pem file.
             $output=array();
             $returnCode=0;
             $cmd="openssl x509 -in ".$tmpfilename." -text -noout 2>&1 >/dev/null";
             exec($cmd,$output,$returnCode);
             error_log("output: ".print_r($output,true));
             
             if ($returnCode == 0) {
                //
                // Check to make sure there is a key in the file
                //
                $cmd="openssl rsa -noout -modulus -in ".$tmpfilename;
                error_log("cmd: ".$cmd);
                exec($cmd,$keymodulus,$returnCode);
                if ($returnCode == 0) {
                   //
                   //  Make sure there is a certificate in the files
                   //
                   $cmd="openssl x509 -noout -modulus -in ".$tmpfilename;
                   error_log("cmd: ".$cmd);
                   exec($cmd,$certmodulus,$returnCode);
                   if ($returnCode == 0) {
                      //
                      // Verify the modulus match
                      //
                      error_log("keymoduls: ".$keymodulus."\ncertmodulus: $certmodulus");
                      if ($certmodulus == $keymodulus) {
                         $cmd="sudo mv ".$tmpfilename." ".$certfilename;
                         error_log("cmd: ".$cmd);
                         exec($cmd,$output,$returnCode);
                         if ($returnCode == 0) {
                            error_log("Uploaded file ".$filename." moved to ".$certfilename.".");
                            $returnMessage="SSL certificate file upload completed.";
                         } else {
                            error_log("Failed to move file ".$filename." to ".$certfilename.".");
                            $returnMessage="SSL certificate file move to https certificate directory failed.";
                         }
                      } else {
                         error_log("The key and certificate modulus do not match.");
                         $returnMessage="The key and certificate modulus do not match."; 
                      }
                   } else {
                      error_log("The uploaded file does not contain a certificate.");
                      $returnMessage="The uploaded file does not contain a certificate."; 
                   }
                } else {
                   //
                   //  Check and see if there is a password 
                   //
                   $cmd=" openssl rsa -noout -in /tmp/user_ssl.pem 2>&1 | grep 'bad password read'" ;
                   error_log("cmd: ".$cmd);
                   exec($cmd,$output,$returnCode);
                   error_log("output: ".print_r($output,true));
                   if ($returnCode == 0) {
                      error_log("The uploaded certificate file has a pass phrase.");
                      $returnMessage="The uploaded certificate file has a pass phrase."; 
                   } else {
                      $cmd=" openssl rsa -noout -in /tmp/user_ssl.pem 2>&1 | grep 'ANY PRIVATE KEY'" ;
                      error_log("cmd: ".$cmd);
                      exec($cmd,$output,$returnCode);
                      if ($returnCode == 0) {
                         error_log("The uploaded file does not contain the public/private key information.");
                         $returnMessage="The uploaded file does not contain the public/private key information."; 
                      } else {
                         error_log("The uploaded file contains invalid/corrupt public/private key information.");
                         $returnMessage="The uploaded file contains invalid/corrupt public/private key information."; 
                      }
                   }
                }
             } else {
                error_log("Uploaded file ".$filename." is not a pem file.");
                $returnMessage="Uploaded file ".$filename." is not a pem file."; 
             }
       }
   }
?>

<!doctype html >
  <html dir="LTR" lang="en-us">
  <head>
    <title>SSL Communication certificate upload</title>
    <meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
    <link href="css/3576.css" rel="stylesheet" type="text/css">

    <script type="text/javascript">

    function doWork()
    {
       
       // doWork is executed after all the php has completed and the work
       // (call to the extension) has been done, so submit the outgoing form
       // to the url passed in to this page (this is the return url)

       window.parent.stopTimer('<?=$returnMessage;?>','<?=$url;?>');
       document.form_out.submit(); 

       return;

    }
    </script>

    
  </head>                       
    
    <body dir="LTR" onload="javascript:doWork();" id="main">
    
     
      <form dir="ltr" id="form_out" method="POST" name="form_out" action="main_complete.htm" target="pretitlebar">
        <input id="errorCode"     name="errorCode"     type="hidden" value="<?=$errorCode;?>">
        <input id="url"           name="url"           type="hidden" value="<?=$url;?>">
        <input id="returnMessage" name="returnMessage" type="hidden" value="<?=$returnMessage;?>">
      </form>  

    </body>

</html>