summaryrefslogtreecommitdiffstats
path: root/modules-available/webinterface/inc/webinterface.inc.php
diff options
context:
space:
mode:
Diffstat (limited to 'modules-available/webinterface/inc/webinterface.inc.php')
-rw-r--r--modules-available/webinterface/inc/webinterface.inc.php65
1 files changed, 65 insertions, 0 deletions
diff --git a/modules-available/webinterface/inc/webinterface.inc.php b/modules-available/webinterface/inc/webinterface.inc.php
new file mode 100644
index 00000000..6dfd924f
--- /dev/null
+++ b/modules-available/webinterface/inc/webinterface.inc.php
@@ -0,0 +1,65 @@
+<?php
+
+class WebInterface
+{
+ public const PROP_TYPE = 'webinterface.https-type';
+ public const PROP_HSTS = 'webinterface.https-hsts';
+ public const PROP_REDIRECT = 'webinterface.https-redirect';
+ public const PROP_CURRENT_CERT_DOMAINS = 'webinterface.https-domains';
+
+ public const PROP_REDIRECT_DOMAIN = 'webinterface.redirect-domain';
+
+ /**
+ * Read data all handled domains from current certificate.
+ * SAN takes precedence, if empty, we fall back to CN.
+ * @param string[] $certDomains
+ * @return bool success reading?
+ */
+ public static function extractCurrentCertData(array &$certDomains, int &$expireTimestamp, string &$issuer): bool
+ {
+ if (!is_readable('/etc/lighttpd/pub-cert.pem'))
+ return false;
+ $cert = openssl_x509_parse(file_get_contents('/etc/lighttpd/pub-cert.pem'));
+ if ($cert === false)
+ return false;
+ // Domains
+ $certDomains = [];
+ if (isset($cert['extensions']['subjectAltName'])) {
+ $doms = preg_split('/[,\s]+/', $cert['extensions']['subjectAltName'], -1, PREG_SPLIT_NO_EMPTY);
+ foreach ($doms as $d) {
+ if (substr_compare($d, 'DNS:', 0, 4, true) !== 0)
+ continue;
+ $d = substr($d, 4);
+ if (preg_match('/^([a-z0-9_-]|\*\.)[a-z0-9_.-]+$/', $d) && !in_array($d, $certDomains)) {
+ $certDomains[] = $d;
+ }
+ }
+ }
+ if (empty($certDomains) && isset($cert['subject']['CN'])
+ && preg_match('/^([a-z0-9_-]|\*\.)[a-z0-9_.-]+$/', $cert['subject']['CN'])) {
+ $certDomains[] = $cert['subject']['CN'];
+ }
+ foreach ($certDomains as &$d) {
+ if ($d[-1] === '.') {
+ $d = substr($d, 0, -1);
+ }
+ }
+ Property::set(self::PROP_CURRENT_CERT_DOMAINS, implode(' ', $certDomains));
+ // Expire time
+ $expireTimestamp = $cert['validTo_time_t'] ?? 0;
+ // Issuer
+ $issuer = $cert['issuer']['CN'] ?? 'Unknown';
+ return true;
+ }
+
+ public static function setDomainRedirect(bool $enable): void
+ {
+ Property::set(self::PROP_REDIRECT_DOMAIN, $enable ? '1' : false);
+ }
+
+ public static function getDomainRedirect(): bool
+ {
+ return !empty(Property::get(self::PROP_REDIRECT_DOMAIN, false));
+ }
+
+} \ No newline at end of file
generated by cgit v1.2.3-55-g7522 (git 2.39.0) at 2024-11-21 13:25:54 +0100