static void display_item(scepitem_t *ip) {
switch (ip->type) {
case ITEM_TYPE_CERT:
display_cert(ip);
break;
case ITEM_TYPE_REQ:
display_req(ip);
break;
}
}
int cgiMain() {
X509 *cert;
BIO *outbio;
char format[5] = "";
char certfilepath[255] = "";
char expfilepath[255] = "";
char pemfileurl[255] = "";
char derfileurl[255] = "";
char p12fileurl[255] = "";
char certnamestr[81] = "";
char certfilestr[81] = "[n/a]";
FILE *certfile = NULL;
/* the title can't be static because we possibly change it for the CA cert */
char title[41] = "Display Certificate";
if (! (cgiFormString("cfilename", certfilestr, sizeof(certfilestr)) == cgiFormSuccess))
int_error("Error getting >cfilename< from calling form");
if (cgiFormString("format", format, sizeof(format)) == cgiFormSuccess) {
if (! (strcmp(format, "text") || strcmp(format, "pem")))
int_error("Error getting correct format parameter in URL");
}
else strcpy(format, "pem");
/* -------------------------------------------------------------------------- *
* Since we gonna display the file, we must make sure no "../../.." is passed *
* from the calling URL or else sensitive files could be read and we have a *
* huge security problem. We scan and must reject all occurrences of '..' '/' *
* ---------------------------------------------------------------------------*/
if ( strstr(certfilestr, "..") ||
strchr(certfilestr, '/') ||
(! strstr(certfilestr, ".pem")) )
int_error("Error incorrect data in >cfilename<");
/* -------------------------------------------------------------------------- *
* check if should display the CA cert, or open the requested filename *
* ---------------------------------------------------------------------------*/
if (strcmp(certfilestr, "cacert.pem") == 0) {
if (! (certfile = fopen(CACERT, "r")))
int_error("Error can't open CA certificate file");
strncpy(title, "Display Root CA Certificate", sizeof(title));
} else {
snprintf(certfilepath, sizeof(certfilepath), "%s/%s", CACERTSTORE,
certfilestr);
if (! (certfile = fopen(certfilepath, "r")))
int_error("Error cant open Certificate file");
}
/* -------------------------------------------------------------------------- *
* decode the certificate and define BIO output stream *
* ---------------------------------------------------------------------------*/
outbio = BIO_new(BIO_s_file());
BIO_set_fp(outbio, cgiOut, BIO_NOCLOSE);
if (! (cert = PEM_read_X509(certfile,NULL,NULL,NULL)))
int_error("Error loading cert into memory");
/* -------------------------------------------------------------------------- *
* strip off the file format extension from the file name *
* ---------------------------------------------------------------------------*/
strncpy(certnamestr, certfilestr, sizeof(certnamestr));
strtok(certnamestr, ".");
/* -------------------------------------------------------------------------- *
* check if there are exported pem|der|p12 versions of this certificate *
* ---------------------------------------------------------------------------*/
snprintf(expfilepath, sizeof(expfilepath), "%s/%s.pem",
CERTEXPORTDIR, certnamestr);
if (fopen(expfilepath, "r"))
snprintf(pemfileurl, sizeof(pemfileurl), "%s/%s.pem",
CERTEXPORTURL, certnamestr);
snprintf(expfilepath, sizeof(expfilepath), "%s/%s.der",
CERTEXPORTDIR, certnamestr);
if (fopen(expfilepath, "r"))
snprintf(derfileurl, sizeof(derfileurl), "%s/%s.der",
CERTEXPORTURL, certnamestr);
snprintf(expfilepath, sizeof(expfilepath), "%s/%s.p12",
CERTEXPORTDIR, certnamestr);
if (fopen(expfilepath, "r"))
snprintf(p12fileurl, sizeof(p12fileurl), "%s/%s.p12",
CERTEXPORTURL, certnamestr);
/* -------------------------------------------------------------------------- *
* start the html output *
* ---------------------------------------------------------------------------*/
pagehead(title);
if (strcmp(certfilestr, "cacert.pem") == 0)
display_cert(cert, "WebCert Root CA", "wct_chain", -1);
else
display_cert(cert, "Server/System/Application", "wct_chain", -1);
fprintf(cgiOut, "<p></p>\n");
fprintf(cgiOut, "<table>\n");
fprintf(cgiOut, "<tr>\n");
// Print View
fprintf(cgiOut, "<th>\n");
fprintf(cgiOut, "<input type=\"button\" value=\"Print Page\" ");
fprintf(cgiOut, "onclick=\"print(); return false;\" />");
fprintf(cgiOut, "</th>\n");
if (strlen(p12fileurl) == 0) {
fprintf(cgiOut, "<th>\n");
fprintf(cgiOut, "<form action=\"certexport.cgi\" method=\"post\">\n");
fprintf(cgiOut, "<input type=\"submit\" value=\"Export P12\" />\n");
fprintf(cgiOut, "<input type=\"hidden\" name=\"cfilename\" ");
fprintf(cgiOut, "value=\"%s\" />\n", certfilestr);
fprintf(cgiOut, "<input type=\"hidden\" name=\"format\" value=\"p12\" />\n");
fprintf(cgiOut, "</form>\n");
fprintf(cgiOut, "</th>\n");
}
else {
fprintf(cgiOut, "<th>\n");
fprintf(cgiOut, "<input type=\"button\" value=\"Get P12\" ");
fprintf(cgiOut, "onclick=\"self.location.href='%s'\" />\n", p12fileurl);
fprintf(cgiOut, "</th>\n");
}
if (strlen(pemfileurl) == 0) {
fprintf(cgiOut, "<th>\n");
fprintf(cgiOut, "<form action=\"certexport.cgi\" method=\"post\">\n");
fprintf(cgiOut, "<input type=\"submit\" value=\"Export PEM\" />\n");
fprintf(cgiOut, "<input type=\"hidden\" name=\"cfilename\" ");
fprintf(cgiOut, "value=\"%s\" />\n", certfilestr);
fprintf(cgiOut, "<input type=\"hidden\" name=\"format\" value=\"pem\" />\n");
fprintf(cgiOut, "</form>\n");
fprintf(cgiOut, "</th>\n");
}
else {
fprintf(cgiOut, "<th>\n");
fprintf(cgiOut, "<input type=\"button\" value=\"Get PEM\" ");
fprintf(cgiOut, "onclick=\"self.location.href='%s'\" />", pemfileurl);
fprintf(cgiOut, "</th>\n");
}
if (strlen(derfileurl) == 0) {
fprintf(cgiOut, "<th>\n");
fprintf(cgiOut, "<form action=\"certexport.cgi\" method=\"post\">\n");
fprintf(cgiOut, "<input type=\"submit\" value=\"Export DER\" />\n");
fprintf(cgiOut, "<input type=\"hidden\" name=\"cfilename\" ");
fprintf(cgiOut, "value=\"%s\" />\n", certfilestr);
fprintf(cgiOut, "<input type=\"hidden\" name=\"format\" value=\"der\" />\n");
fprintf(cgiOut, "</form>\n");
fprintf(cgiOut, "</th>\n");
}
else {
fprintf(cgiOut, "<th>\n");
fprintf(cgiOut, "<input type=\"button\" value=\"Get DER\" ");
fprintf(cgiOut, "onclick=\"self.location.href='%s'\" />\n", derfileurl);
fprintf(cgiOut, "</th>\n");
}
fprintf(cgiOut, "</tr>\n");
fprintf(cgiOut, "</table>\n");
// If we show the Root CA cert, we also provide the retired Root CA certs (hardcoded)
if (strcmp(certfilestr, "cacert.pem") == 0) {
fprintf(cgiOut, "<p></p>\n");
fprintf(cgiOut, "<h3>Retired WebCert Root CA certificates:</h3>\n");
fprintf(cgiOut, "<hr />\n");
fprintf(cgiOut, "<p><strong>2007-12-07</strong> 1024 bit RSA WebCert Root CA certificate with SHA-1 signature: ");
fprintf(cgiOut, "<a href=\"../export/webcert-20071207_1021.pem\">webcert-20071207_1021.pem</a></p>\n");
fprintf(cgiOut, "<p><strong>2004-12-18</strong> 1024 bit RSA WebCert Root CA certificate with MD5 signature: ");
fprintf(cgiOut, "<a href=\"../export/webcert-20041218_0138.pem\">webcert-20041218_0138.pem</a></p>\n");
}
pagefoot();
BIO_free(outbio);
return(0);
}
