From 08da49ca6bd6292a0bea9e7989b2023f70114911 Mon Sep 17 00:00:00 2001 From: Pinga Date: Tue, 15 Jul 2025 14:48:20 +0300 Subject: [PATCH] More changes to support SSL cert upload in panel --- cp/app/Controllers/RegistrarsController.php | 82 +++++++++++++++++++ .../admin/registrars/updateRegistrar.twig | 2 +- .../admin/registrars/updateRegistrarUser.twig | 2 +- 3 files changed, 84 insertions(+), 2 deletions(-) diff --git a/cp/app/Controllers/RegistrarsController.php b/cp/app/Controllers/RegistrarsController.php index 65cc564..e0766b0 100644 --- a/cp/app/Controllers/RegistrarsController.php +++ b/cp/app/Controllers/RegistrarsController.php @@ -780,6 +780,41 @@ class RegistrarsController extends Controller return $response->withHeader('Location', '/registrar/update/'.$registrar)->withStatus(302); } + $uploadedFiles = $request->getUploadedFiles(); + $certFile = $uploadedFiles['sslUpload'] ?? null; + + if ($certFile && $certFile->getError() === UPLOAD_ERR_OK) { + $filename = $certFile->getClientFilename(); + $extension = strtolower(pathinfo($filename, PATHINFO_EXTENSION)); + + if (!in_array($extension, ['pem', 'crt'])) { + $this->container->get('flash')->addMessage('error', 'Invalid file extension for SSL upload'); + return $response->withHeader('Location', '/registrar/update/'.$registrar)->withStatus(302); + } + + $tmpPath = sys_get_temp_dir() . '/' . uniqid('cert_', true) . '.' . $extension; + $certFile->moveTo($tmpPath); + + $certContent = file_get_contents($tmpPath); + + $certData = @openssl_x509_read($certContent); + if ($certData === false) { + unlink($tmpPath); + $this->container->get('flash')->addMessage('error', 'Invalid certificate for SSL upload'); + return $response->withHeader('Location', '/registrar/update/'.$registrar)->withStatus(302); + } + + $pem = preg_replace('#-----BEGIN CERTIFICATE-----|-----END CERTIFICATE-----|\s+#', '', $certContent); + $der = base64_decode($pem); + $fingerprint = $der ? strtoupper(hash('sha256', $der)) : null; + + unlink($tmpPath); + } elseif (!empty($data['sslUploadHidden']) && preg_match('/^[A-F0-9]{64}$/', $data['sslUploadHidden'])) { + $fingerprint = $data['sslUploadHidden']; + } else { + $fingerprint = null; + } + $db->beginTransaction(); try { @@ -812,6 +847,12 @@ class RegistrarsController extends Controller $updateData['pw'] = $eppPassword; } + if (!empty($fingerprint)) { + $updateData['ssl_fingerprint'] = $fingerprint; + } else { + $updateData['ssl_fingerprint'] = null; + } + $db->update( 'registrar', $updateData, @@ -1056,6 +1097,41 @@ class RegistrarsController extends Controller $this->container->get('flash')->addMessage('error', 'No email specified for update'); return $response->withHeader('Location', '/registrar/edit')->withStatus(302); } + + $uploadedFiles = $request->getUploadedFiles(); + $certFile = $uploadedFiles['sslUpload'] ?? null; + + if ($certFile && $certFile->getError() === UPLOAD_ERR_OK) { + $filename = $certFile->getClientFilename(); + $extension = strtolower(pathinfo($filename, PATHINFO_EXTENSION)); + + if (!in_array($extension, ['pem', 'crt'])) { + $this->container->get('flash')->addMessage('error', 'Invalid file extension for SSL upload'); + return $response->withHeader('Location', '/registrar/update/'.$registrar)->withStatus(302); + } + + $tmpPath = sys_get_temp_dir() . '/' . uniqid('cert_', true) . '.' . $extension; + $certFile->moveTo($tmpPath); + + $certContent = file_get_contents($tmpPath); + + $certData = @openssl_x509_read($certContent); + if ($certData === false) { + unlink($tmpPath); + $this->container->get('flash')->addMessage('error', 'Invalid certificate for SSL upload'); + return $response->withHeader('Location', '/registrar/update/'.$registrar)->withStatus(302); + } + + $pem = preg_replace('#-----BEGIN CERTIFICATE-----|-----END CERTIFICATE-----|\s+#', '', $certContent); + $der = base64_decode($pem); + $fingerprint = $der ? strtoupper(hash('sha256', $der)) : null; + + unlink($tmpPath); + } elseif (!empty($data['sslUploadHidden']) && preg_match('/^[A-F0-9]{64}$/', $data['sslUploadHidden'])) { + $fingerprint = $data['sslUploadHidden']; + } else { + $fingerprint = null; + } $db->beginTransaction(); @@ -1088,6 +1164,12 @@ class RegistrarsController extends Controller $updateData['pw'] = $eppPassword; } + if (!empty($fingerprint)) { + $updateData['ssl_fingerprint'] = $fingerprint; + } else { + $updateData['ssl_fingerprint'] = null; + } + $db->update( 'registrar', $updateData, diff --git a/cp/resources/views/admin/registrars/updateRegistrar.twig b/cp/resources/views/admin/registrars/updateRegistrar.twig index 2da58bb..af5cace 100644 --- a/cp/resources/views/admin/registrars/updateRegistrar.twig +++ b/cp/resources/views/admin/registrars/updateRegistrar.twig @@ -511,7 +511,7 @@ {% if registrar.ssl_fingerprint is not empty %}
{{ __('SSL Certificate Fingerprint') }}
-
{{ registrar.ssl_fingerprint }}
+
{{ registrar.ssl_fingerprint }}
{% endif %} diff --git a/cp/resources/views/admin/registrars/updateRegistrarUser.twig b/cp/resources/views/admin/registrars/updateRegistrarUser.twig index 8c2347d..2e9d09c 100644 --- a/cp/resources/views/admin/registrars/updateRegistrarUser.twig +++ b/cp/resources/views/admin/registrars/updateRegistrarUser.twig @@ -493,7 +493,7 @@ {% if registrar.ssl_fingerprint is not empty %}
{{ __('SSL Certificate Fingerprint') }}
-
{{ registrar.ssl_fingerprint }}
+
{{ registrar.ssl_fingerprint }}
{% endif %}