registerFunction("getEKM"); session_start(); $user = $_SESSION['user']; $in_xAjax = false; $xAjax_objResponse; include('IOB_inc.htm'); include('common_admin_inc.htm'); class EKMdata { var $primaryIP; var $primaryPort; // default is 3801 (decimal) var $secondaryIP; var $secondaryPort; // default is 3801 (decimal) function EKMdata( $primaryIP, $primaryPort, $secondaryIP, $secondaryPort ) { $this->primaryIP = $primaryIP; $this->primaryPort = $primaryPort; $this->secondaryIP = $secondaryIP; $this->secondaryPort = $secondaryPort; } }; function getEKM() { // !?! NOTE: Not using this function - but I left it in case I wanted to switch to using it in the future. global $in_xAjax; // global $xAjax_objResponse; $user = $_SESSION['user']; $xAjax_objResponse = new xajaxResponse(); /// $in_xAjax = true; error_log("Calling get_ekm($user);"); $ekm_data = get_ekm( $user ); error_log("ekm_data = ". print_r($ekm_data, true) ); $xAjax_objResponse->assign("primIP", "value", $ekm_data->primaryIP ); $xAjax_objResponse->assign("primPort", "value", $ekm_data->primaryPort ); $xAjax_objResponse->assign("secIP", "value", $ekm_data->secondaryIP ); $xAjax_objResponse->assign("secPort", "value", $ekm_data->secondaryPort ); // Some Debug examples //$xAjax_objResponse->script('alert(xajax.$("testlevel[1]").value);'); //$xAjax_objResponse->script('alert(xajax.viewSource());'); /// $in_xAjax = false; return $xAjax_objResponse; } $xajax->processRequest(); /*******************************************************************************************/ // Handle the progress screen if opened and set the NEW data //if (isset($_GET['method'])) if ($_SERVER[REQUEST_METHOD] == "POST") { error_log($_FILES." _FILES = ". print_r($_FILES, true) ); error_log($_SERVER['REQUEST_URI']." POST = ". print_r($_POST, true) ); $operationInProgress = true; $status = new ReturnStatus(); // By calling this here on all the SKM pages during the post the will all get the same error. if( $_SERVER['CONTENT_LENGTH'] > 20480 ) { error_log("TLSC file is too big:" . $_SERVER['CONTENT_LENGTH'] ); $status->setErrorCode("10752"); print $status->out(); return; } // If the checkbox to use the admin password was check set the client to the admin if( $_POST['useAdminCB'] == "on" ) $_POST['clientPassword'] = $_POST['adminPassword']; $keepGoing = true; for( $i=0; $i<3; $i++ ) //Loop until we break below { // See if we are uploading a bundel or seperate files if( isset($_FILES['qBundle']['name'] ) ) { // We are doing the Quantum Bundel $tmp_name = $_FILES['qBundle']['tmp_name']; $fileName = "/tmp/".$_FILES['qBundle']['name']; $fileType = 5; $keepGoing = false; // Only need to run this once. } else { // We are doing seperate files..... if( $i == 0 ) { // Test the Validity of the files if doing the sperate ones. $Root = $_FILES['rootCert']['tmp_name']; $fileName = $_FILES['adminCert']['tmp_name']; $password = $_POST['adminPassword']; error_log("****************** Running akm_validate_cert with $Root, $fileName, $fileType **********************\n"); $Ret = @akm_validate_cert($user, $Root, $fileName, 2, $password ); error_log("akm_validate_cert for the admin returned a ". print_r($Ret, true) ); // If resCode = 0 (Unknown) we could not run the validation so ONLY look at the caCertRes and certRes // If resCode = Validation failed CertMgmtResult::VerificationFailed: // 0x6F000005 (1862270981) // then caCertRes and certRes are probably invalid. if( $Ret->resCode == 0 || $Ret->resCode == -2147483648 /* Result::Succeeded */) { // The resCode was Unknown or Succedded so lets look at the other codes // Set the reCode to succes so it's not used below. $Ret->resCode = -2147483648; if( $Ret->caCertRes == 1 && $Ret->certRes == 1 ) { // The files were so bad we did not even get to the validate. // So set both files as corrupted. $status->setExtraText("Root certificate ". $_FILES['rootCert']['name'] . " and Admin certificate ".$_FILES['adminCert']['name'] .""); } else if( $Ret->caCertRes != -2147483648 ) // Result::Succeeded) $status->setExtraText("Root certificate: ".$_FILES['rootCert']['name']); else $status->setExtraText("Admin certificate: ".$_FILES['adminCert']['name']); } // If the first cert looks good get the next if( $Ret->resCode == -2147483648 && $Ret->caCertRes == -2147483648 && $Ret->certRes == -2147483648) // Result::Succeeded { $fileName = $_FILES['clientCert']['tmp_name']; $password = $_POST['clientPassword']; error_log("****************** Running akm_validate_cert with $Root, $fileName, $fileType **********************\n"); $Ret = @akm_validate_cert($user, $Root, $fileName, 1, $password ); error_log("akm_validate_cert for the client returned a ". print_r($Ret, true) ); if( $Ret->resCode == 0 || $Ret->resCode == -2147483648 /* Result::Succeeded */) { // The resCode was Unknow or Succedded s lets look at the other codes // Set the reCode to succes so it's not used below. $Ret->resCode = -2147483648; if( $Ret->caCertRes == 1 && $Ret->certRes == 1 ) { // The files were so bad we did not even get to the validate. // So set both files as corrupted. $status->setExtraText("Root certificate ". $_FILES['rootCert']['name'] . " and Client certificate ".$_FILES['clientCert']['name'] .""); } else if( $Ret->caCertRes != -2147483648 ) // Result::Succeeded) $status->setExtraText("Root certificate: ".$_FILES['rootCert']['name']); else $status->setExtraText("Client certificate: ".$_FILES['clientCert']['name']); } } // Handle errors for both Certs here...... error_log( "Using the following to show the error..." . print_r($Ret,true) ); if( $Ret->resCode != -2147483648 ) // Result::Succeeded { error_log("Using resCode!"); // The operation failed, -2147483648 = 0x80000000 = Succeeded; //$status->setErrorCode("2130706516"); //Certificate Error $status->setErrorCode($Ret->resCode); //Certificate Error print $status->out(); return; } else if( $Ret->caCertRes != -2147483648 ) // Result::Succeeded { error_log("Using caCertRes!"); // The operation failed, -2147483648 = 0x80000000 = Succeeded; //$status->setErrorCode("2130706516"); //Certificate Error // Set the general error to a file error if( $Ret->caCertRes == 1 ) $Ret->caCertRes = 1862270979; /*CertMgmtResult::FileFormatNotRecognized ); */ $status->setErrorCode($Ret->caCertRes); //Certificate Error print $status->out(); return; } else if( $Ret->certRes != -2147483648 ) // Result::Succeeded { error_log("Using certRes!"); // The operation failed, -2147483648 = 0x80000000 = Succeeded; //$status->setErrorCode("2130706516"); //Certificate Error // Set the general error to a file error if( $Ret->certRes == 1 ) $Ret->certRes = 1862270979; /*CertMgmtResult::FileFormatNotRecognized ); */ $status->setErrorCode($Ret->certRes); //Certificate Error print $status->out(); return; } else error_log("!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!SHOULD NEVER GET HERE!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"); } // Load up the varibles that will be used below in this iteration of the loop $password = ""; if( $i<1 && $_FILES['rootCert']['tmp_name'] != "" ) { $tmp_name = $_FILES['rootCert']['tmp_name']; $fileName = "/tmp/".$_FILES['rootCert']['name']; $fileType = 0; } else if( $i<2 && $_FILES['adminCert']['tmp_name'] != "" ) { $tmp_name = $_FILES['adminCert']['tmp_name']; $fileName = "/tmp/".$_FILES['adminCert']['name']; $fileType = 2; $password = $_POST['adminPassword']; $i = 1; // Make sure this one does not try to run if there was no root. } else if( $_FILES['clientCert']['tmp_name'] != "" ) { $tmp_name = $_FILES['clientCert']['tmp_name']; $fileName = "/tmp/".$_FILES['clientCert']['name']; $fileType = 1; $password = $_POST['clientPassword']; $keepGoing = false; // Don't need to loop after this one } else { continue; } error_log("---> Dealing with file $i - $tmp_name <----\n"); } error_log("The File has been uploaded - we will now verify it."); if(is_uploaded_file($tmp_name)) { /* CMIResult::FirmwareUpdateInProgress = 4125 */ //set_single_user_mode($user, true, 4125); error_log("The file was uploaded - processing now."); error_log("The file has been uploaded. We are now going to move it to ". $fileName ); if(!move_uploaded_file($tmp_name, $fileName)) { error_log("Failed to moved the uploaded file ". $fileName); $status->setErrorCode("4108"); } if( $fileType == 5 ) { error_log("****************** Running akm_cert_import with $fileName **********************\n"); $iRet = akm_cert_import($user, $fileName, true); } else { error_log("****************** Running akm_install_cert with $fileName, $fileType, $password **********************\n"); $iRet = akm_install_cert($user, $fileName, $fileType, $password ); } // Do we stop or keep gping to the next file if( $keepGoing && $iRet == 0 ) continue; if( $iRet == 0 ) { error_log("Closing the progress window."); /*########################################################### # Note: The code in $status->out() calls returnStatus( 1 ) # Which closes the popup and reloads the homepage in the # main Window. ###########################################################*/ // Close the progress Window. //print $status->closeOut(1); print $status->out(); } else { error_log("Problem Importing Certificate"); $status->setErrorCode(4112); //Force corrupt file } } else { if (is_null($_FILES[$fileType])) { error_log("The file is too big. key certificate was NULL"); $status->setErrorCode("4109"); } else { switch ($HTTP_POST_FILES[$fileType]['error']) { case 1 : //uploaded file exceeds the upload_max_filesize directive in php.ini case 2 : //uploaded file exceeds the MAX_FILE_SIZE directive that was specified in the html form error_log("The file you are trying to upload is too big."); $status->setErrorCode("4109"); break; case 3 : //uploaded file was only partially uploaded error_log("The file you are trying upload was only partially uploaded."); $status->setErrorCode("4110"); break; case 4 : //no file was uploaded error_log("You must select an image for upload."); $status->setErrorCode("4111"); break; default : //a default error, just in case! :) error_log("There was a problem with your upload."); $status->setErrorCode("4108"); break; } } } break; }//for() print $status->out(); return; } else { /* * If both are up a 1 is returned. * static const CcpAbstract::ResultCode PrimaryServerFailed = 0x7F000041 (2130706497); * static const CcpAbstract::ResultCode SecondaryServerFailed = 0x7F000042 (2130706498); * If Both are down BothServerFailed (2130706499): * if no certs are found 0x7F000052; 2130706514 * Note: The akm_servers_available converts certificate errors into either PrimaryServerFailed * or SecondaryServerFailed */ $akmServAvail = akm_servers_available($user); error_log("\n\n\nakmServAvail = $akmServAvail\n\n\n"); if( $akmServAvail != 0 ) { // Load the array data up on the get of the page. // $ver = akm_get_software_version($user); //!?! This has Code that checks for the new Townsedn code over the OLD // error_log("akm_get_software_version returned ". print_r($ver,true) ); // error_log("\n\n\n**********************************************************************************\n\n\n"); // $certList = akm_get_cert_list($user); // error_log("akm_get_cert_list returned ". print_r($certList, true) ); $infoArraySrv = akm_server_cert_info($user); error_log("akm_server_cert_info = ". print_r($infoArraySrv,true) ); } else { $infoArraySrv = array(); error_log("Setting infoArraySrv to an empty array"); } $bTLS = akm_comm_certs_loaded($user); $infoArray = akm_cert_info($user); error_log("akm_cert_info = ". print_r($infoArray,true) ); } ?> printJavascript(); ?> Tools - EKM Communication Certificate Import
Tools - EKM Communication Certificate Import
Import TLS communication certificate(s).

Quantum Encryption Key Manager must be licensed to configure or use it.
Please click here to add a license key.

Quantum Encryption Key Servers are not configured. Please make sure they are configured properly and are operational.

Note: Transport layer security (TLS) certificates may be uploaded by browsing to the files and selecting Apply.
Either individual certificates or a Quantum certificate bundle may be uploaded and installed.


Primary Server:Not Available":"Available")?> Secondary Server:Not Available":"Available")?>

Root Certificate File:
Admin Certificate File:
Admin Certificate Password:
Client Certificate File:
Client Certificate Password:  Use Admin's Password

Use the Quantum Certificate Bundle:
Quantum Communication Certificate Bundle File:

(TLS communication certificates are not currently installed on the library.)'; } else { echo '   (TLS communication certificates are currently installed on the library.)'; } // If there are no Certs - Don't show them $srvHasCerts = false; foreach( $infoArraySrv as $info ) { if( $info->SN != "" ) $srvHasCerts = true; } if( $srvHasCerts == true || sizeof($infoArray) > 0 ) { ?>
Type == 1 || $info->Type == 2 ) continue; /*if($i == 1) $info->IsValid = 0; else if($i == 2) $info->ExpireSoon = 1; $i++; */ if( !$info->IsValid ) $status = "Expired"; else if( $info->ExpireSoon ) $status = "Expires
Soon
"; else $status = "Valid"; $sType = split(" ", $info->sType); if( $sType[0] == "Root" ) { $certID = "rootInstalled"; } else if( $sType[0] == "Admin" ) { $certID = "adminInstalled"; } else if( $sType[0] == "Client" ) { $certID = "clientInstalled"; } // Highlight the tags in the Issuer and Subject $old = array("C:", "S:", "L:", "O:", "OU:", "CN:"); $new = array("C:", "S:", "L:", "O:", "OU:", "CN:"); $Issuer = str_replace($old, $new, $info->Issuer); $Subject = str_replace($old, $new, $info->Subject); ?> IsValid = 0; else if($i == 2) $info->ExpireSoon = 1; */ if( $i < 2 ) $Server = "Primary
Server"; else $Server = "Secondary
Server"; $i++; $sType = split(" ", $info->sType); if($sType[0] == "Admin") $sType[0] = "Server"; if( $info->SN == "" ) { $status = "Not Found"; $info->SN = " "; // So the table shows correctly $sType[0] = " "; // So the table shows correctly } else if( !$info->IsValid ) $status = "Expired"; else if( $info->ExpireSoon ) $status = "Expires
Soon
"; else $status = "Valid"; // Highlight the tags in the Issuer and Subject $old = array("C:", "S:", "L:", "O:", "OU:", "CN:"); $new = array("C:", "S:", "L:", "O:", "OU:", "CN:"); $Issuer = str_replace($old, $new, $info->Issuer); $Subject = str_replace($old, $new, $info->Subject); ?>
Type  Location  Serial Number Valid Between Dates Status Issuer and Subject
Library SN?> NotValidBefore?>
NotValidAfter?>
Issuer: 
Subject: 
SN?> NotValidBefore?>
NotValidAfter?>
Issuer: 
Subject: