mirror of
https://github.com/getnamingo/registry.git
synced 2025-07-25 11:58:19 +02:00
More changes to support SSL cert upload in panel
This commit is contained in:
Pinga
parent
78efa1cc40
commit
08da49ca6b
3 changed files with 84 additions and 2 deletions
|
|
@ -780,6 +780,41 @@ class RegistrarsController extends Controller
|
|||
return $response->withHeader('Location', '/registrar/update/'.$registrar)->withStatus(302);
|
||||
}
|
||||
|
||||
$uploadedFiles = $request->getUploadedFiles();
|
||||
$certFile = $uploadedFiles['sslUpload'] ?? null;
|
||||
|
||||
if ($certFile && $certFile->getError() === UPLOAD_ERR_OK) {
|
||||
$filename = $certFile->getClientFilename();
|
||||
$extension = strtolower(pathinfo($filename, PATHINFO_EXTENSION));
|
||||
|
||||
if (!in_array($extension, ['pem', 'crt'])) {
|
||||
$this->container->get('flash')->addMessage('error', 'Invalid file extension for SSL upload');
|
||||
return $response->withHeader('Location', '/registrar/update/'.$registrar)->withStatus(302);
|
||||
}
|
||||
|
||||
$tmpPath = sys_get_temp_dir() . '/' . uniqid('cert_', true) . '.' . $extension;
|
||||
$certFile->moveTo($tmpPath);
|
||||
|
||||
$certContent = file_get_contents($tmpPath);
|
||||
|
||||
$certData = @openssl_x509_read($certContent);
|
||||
if ($certData === false) {
|
||||
unlink($tmpPath);
|
||||
$this->container->get('flash')->addMessage('error', 'Invalid certificate for SSL upload');
|
||||
return $response->withHeader('Location', '/registrar/update/'.$registrar)->withStatus(302);
|
||||
}
|
||||
|
||||
$pem = preg_replace('#-----BEGIN CERTIFICATE-----|-----END CERTIFICATE-----|\s+#', '', $certContent);
|
||||
$der = base64_decode($pem);
|
||||
$fingerprint = $der ? strtoupper(hash('sha256', $der)) : null;
|
||||
|
||||
unlink($tmpPath);
|
||||
} elseif (!empty($data['sslUploadHidden']) && preg_match('/^[A-F0-9]{64}$/', $data['sslUploadHidden'])) {
|
||||
$fingerprint = $data['sslUploadHidden'];
|
||||
} else {
|
||||
$fingerprint = null;
|
||||
}
|
||||
|
||||
$db->beginTransaction();
|
||||
|
||||
try {
|
||||
|
|
@ -812,6 +847,12 @@ class RegistrarsController extends Controller
|
|||
$updateData['pw'] = $eppPassword;
|
||||
}
|
||||
|
||||
if (!empty($fingerprint)) {
|
||||
$updateData['ssl_fingerprint'] = $fingerprint;
|
||||
} else {
|
||||
$updateData['ssl_fingerprint'] = null;
|
||||
}
|
||||
|
||||
$db->update(
|
||||
'registrar',
|
||||
$updateData,
|
||||
|
|
@ -1056,6 +1097,41 @@ class RegistrarsController extends Controller
|
|||
$this->container->get('flash')->addMessage('error', 'No email specified for update');
|
||||
return $response->withHeader('Location', '/registrar/edit')->withStatus(302);
|
||||
}
|
||||
|
||||
$uploadedFiles = $request->getUploadedFiles();
|
||||
$certFile = $uploadedFiles['sslUpload'] ?? null;
|
||||
|
||||
if ($certFile && $certFile->getError() === UPLOAD_ERR_OK) {
|
||||
$filename = $certFile->getClientFilename();
|
||||
$extension = strtolower(pathinfo($filename, PATHINFO_EXTENSION));
|
||||
|
||||
if (!in_array($extension, ['pem', 'crt'])) {
|
||||
$this->container->get('flash')->addMessage('error', 'Invalid file extension for SSL upload');
|
||||
return $response->withHeader('Location', '/registrar/update/'.$registrar)->withStatus(302);
|
||||
}
|
||||
|
||||
$tmpPath = sys_get_temp_dir() . '/' . uniqid('cert_', true) . '.' . $extension;
|
||||
$certFile->moveTo($tmpPath);
|
||||
|
||||
$certContent = file_get_contents($tmpPath);
|
||||
|
||||
$certData = @openssl_x509_read($certContent);
|
||||
if ($certData === false) {
|
||||
unlink($tmpPath);
|
||||
$this->container->get('flash')->addMessage('error', 'Invalid certificate for SSL upload');
|
||||
return $response->withHeader('Location', '/registrar/update/'.$registrar)->withStatus(302);
|
||||
}
|
||||
|
||||
$pem = preg_replace('#-----BEGIN CERTIFICATE-----|-----END CERTIFICATE-----|\s+#', '', $certContent);
|
||||
$der = base64_decode($pem);
|
||||
$fingerprint = $der ? strtoupper(hash('sha256', $der)) : null;
|
||||
|
||||
unlink($tmpPath);
|
||||
} elseif (!empty($data['sslUploadHidden']) && preg_match('/^[A-F0-9]{64}$/', $data['sslUploadHidden'])) {
|
||||
$fingerprint = $data['sslUploadHidden'];
|
||||
} else {
|
||||
$fingerprint = null;
|
||||
}
|
||||
|
||||
$db->beginTransaction();
|
||||
|
||||
|
|
@ -1088,6 +1164,12 @@ class RegistrarsController extends Controller
|
|||
$updateData['pw'] = $eppPassword;
|
||||
}
|
||||
|
||||
if (!empty($fingerprint)) {
|
||||
$updateData['ssl_fingerprint'] = $fingerprint;
|
||||
} else {
|
||||
$updateData['ssl_fingerprint'] = null;
|
||||
}
|
||||
|
||||
$db->update(
|
||||
'registrar',
|
||||
$updateData,
|
||||
|
|
|
|||
|
|
@ -511,7 +511,7 @@
|
|||
{% if registrar.ssl_fingerprint is not empty %}
|
||||
<div class="datagrid-item">
|
||||
<div class="datagrid-title">{{ __('SSL Certificate Fingerprint') }}</div>
|
||||
<div class="datagrid-content">{{ registrar.ssl_fingerprint }}</div>
|
||||
<div class="datagrid-content">{{ registrar.ssl_fingerprint }}<input type="hidden" name="sslUploadHidden" value="{{ registrar.ssl_fingerprint }}" /></div>
|
||||
</div>
|
||||
{% endif %}
|
||||
</div>
|
||||
|
|
|
|||
|
|
@ -493,7 +493,7 @@
|
|||
{% if registrar.ssl_fingerprint is not empty %}
|
||||
<div class="datagrid-item">
|
||||
<div class="datagrid-title">{{ __('SSL Certificate Fingerprint') }}</div>
|
||||
<div class="datagrid-content">{{ registrar.ssl_fingerprint }}</div>
|
||||
<div class="datagrid-content">{{ registrar.ssl_fingerprint }}<input type="hidden" name="sslUploadHidden" value="{{ registrar.ssl_fingerprint }}" /></div>
|
||||
</div>
|
||||
{% endif %}
|
||||
</div>
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue