From 6d42ec03dc985833a1aac276fff7a211986c9863 Mon Sep 17 00:00:00 2001
From: Bill Marquette <bill.marquette@gmail.com>
Date: Fri, 15 Jul 2011 12:31:06 -0500
Subject: Use builtin certificate store

---
 config/imspector-wip/imspector.inc | 62 +++++++++++++++++++++++++++-----------
 config/imspector-wip/imspector.xml | 35 ++++++++-------------
 2 files changed, 57 insertions(+), 40 deletions(-)

diff --git a/config/imspector-wip/imspector.inc b/config/imspector-wip/imspector.inc
index 4be1e2ee..2151755e 100644
--- a/config/imspector-wip/imspector.inc
+++ b/config/imspector-wip/imspector.inc
@@ -227,26 +227,33 @@
 				}
 				
 				// Handle Jabber SSL options
-				if($imspector_config["ssl_ca_key"] && 
-				   $imspector_config["ssl_ca_cert"] &&
-				   $imspector_config["serverkey"]) {
+				if(isset($imspector_config["ssl_ca_cert"]) && $imspector_config["ssl_ca_cert"] != "none" &&
+				   isset($imspector_config["ssl_server_cert"]) && $imspector_config["ssl_server_cert"] != "none") {
 					$conf['ssl'] = "on";
 					if(!is_dir("/usr/local/etc/imspector/ssl"))	
 						mkdir("/usr/local/etc/imspector/ssl");
-					if(base64_decode($imspector_config["ssl_ca_key"])) {
-						file_put_contents("/usr/local/etc/imspector/ssl/ssl_ca_key.pem", 
-							base64_decode($imspector_config["ssl_ca_key"]));
-						$conf['ssl_ca_key'] = '/usr/local/etc/imspector/ssl/ssl_ca_key.pem';
-					}
-					if(base64_decode($imspector_config["ssl_ca_cert"])) {
-						file_put_contents("/usr/local/etc/imspector/ssl/ssl_ca_cert.pem", 
-							base64_decode($imspector_config["ssl_ca_cert"]));
-						$conf['ssl_ca_key'] = "/usr/local/etc/imspector/ssl/ssl_ca_cert.pem";
-					}
-					if(base64_decode($imspector_config["serverkey"])) {
-						file_put_contents("/usr/local/etc/imspector/ssl/serverkey.pem", 
-							base64_decode($imspector_config["serverkey"]));
-						$conf['ssl_key'] = '/usr/local/etc/imspector/ssl/serverkey.pem';
+						
+					$ca_cert = lookup_ca($imspector_config["ssl_ca_cert"]);
+					if ($ca_cert != false) {
+						if(base64_decode($ca_cert['prv'])) {
+							file_put_contents("/usr/local/etc/imspector/ssl/ssl_ca_key.pem", 
+								base64_decode($ca_cert['prv']));
+							$conf['ssl_ca_key'] = '/usr/local/etc/imspector/ssl/ssl_ca_key.pem';
+						}
+						if(base64_decode($ca_cert['crt'])) {
+							file_put_contents("/usr/local/etc/imspector/ssl/ssl_ca_cert.pem", 
+								base64_decode($ca_cert['crt']));
+							$conf['ssl_ca_key'] = "/usr/local/etc/imspector/ssl/ssl_ca_cert.pem";
+						}
+						$svr_cert = lookup_cert($imspector_config["ssl_server_cert"]);
+						if ($svr_cert != false) {
+							if(base64_decode($svr_cert['prv'])) {
+								file_put_contents("/usr/local/etc/imspector/ssl/ssl_server_key.pem", 
+									base64_decode($svr_cert['prv']));
+								$conf['ssl_key'] = '/usr/local/etc/imspector/ssl/ssl_server_key.pem';
+							}
+							
+						}
 					}
 				} else {
 					// SSL Not enabled.  Make sure Jabber-SSL is not processed.
@@ -318,4 +325,25 @@ EOD;
 		config_unlock();		
 	}
 
+	function imspector_get_ca_certs() {
+		global $config;
+
+		$ca_arr = array();
+		$ca_arr[] = array('refid' => 'none', 'descr' => 'none');
+		foreach ($config['ca'] as $ca) {
+			$ca_arr[] = array('refid' => $ca['refid'], 'descr' => $ca['descr']);
+		}
+		return $ca_arr;
+	}
+
+	function imspector_get_server_certs() {
+		global $config;
+		$cert_arr = array();
+		$cert_arr[] = array('refid' => 'none', 'descr' => 'none');
+		
+		foreach ($config['cert'] as $cert) {
+			$cert_arr[] = array('refid' => $cert['refid'], 'descr' => $cert['descr']);
+		}
+		return $cert_arr;
+	}
 ?>
\ No newline at end of file
diff --git a/config/imspector-wip/imspector.xml b/config/imspector-wip/imspector.xml
index 2c258a60..20c661cd 100644
--- a/config/imspector-wip/imspector.xml
+++ b/config/imspector-wip/imspector.xml
@@ -100,7 +100,7 @@
 			<fieldname>proto_array</fieldname>
 			<description>You can use the CTRL or COMMAND key to select multiple protocols.  NOTE: Gtalk/Jabber-SSL requires SSL certificates.</description>
 			<type>select</type>
-			<size>4</size>
+			<size>7</size>
 			<required/>
 			<multiple>true</multiple>
  			<options>
@@ -168,36 +168,25 @@
 		</field>
 		<field>
 			<fielddescr>SSL Certificate</fielddescr>
-			<fieldname>serverkey</fieldname>
+			<fieldname>ssl_server_cert</fieldname>
 			<description>
-				Enter the SSL Server Certificate here.
+				Choose the SSL Server Certificate here.
 			</description>
-			<type>textarea</type>
-			<encoding>base64</encoding>
-			<rows>5</rows>
-			<cols>40</cols>
-		</field>
-		<field>
-			<fielddescr>SSL CA Key</fielddescr>
-			<fieldname>ssl_ca_key</fieldname>
-			<description>
-				Enter the SSL CA key here.
-			</description>
-			<type>textarea</type>
-			<encoding>base64</encoding>
-			<rows>5</rows>
-			<cols>40</cols>
+			<type>select_source</type>
+			<source><![CDATA[imspector_get_server_certs()]]></source>
+			<source_name>descr</source_name>
+			<source_value>refid</source_value>
 		</field>
 		<field>
 			<fielddescr>SSL CA Certificate</fielddescr>
 			<fieldname>ssl_ca_cert</fieldname>
 			<description>
-				Enter the SSL CA Certficate here.
+				Choose the SSL CA Certficate here.
 			</description>
-			<type>textarea</type>
-			<encoding>base64</encoding>
-			<rows>5</rows>
-			<cols>40</cols>
+			<type>select_source</type>
+			<source><![CDATA[imspector_get_ca_certs()]]></source>
+			<source_name>descr</source_name>
+			<source_value>refid</source_value>
 		</field>
 		<field>
 			<fielddescr>Enable bad word filtering</fielddescr>
-- 
cgit v1.2.3