$ifdetail) { if (!isset($ifdetail['enable'])) continue; if (!isset($ifdetail['ipaddr'])) continue; $item = array(); $item[ip] = get_interface_ip($if); $item[name] = $ifdetail['descr'].' address (IPv4)'; $bindable[$if.'_ipv4'] = $item; } } if (in_array('carp',$interfacetypes)){ $carplist = get_configured_carp_interface_list(); foreach ($carplist as $carpif => $carpip){ if (is_ipaddrv4($carpip)){ $item = array(); $item['ip'] = $carpip; $item['name'] = $carpip." (".get_vip_descr($carpip).")"; $bindable[$carpip] = $item; } } } if (in_array('ipalias',$interfacetypes)){ $aliaslist = get_configured_ip_aliases_list(); foreach ($aliaslist as $aliasip => $aliasif){ if (is_ipaddrv4($aliasip)){ $item = array(); $item['ip'] = $aliasip; $item['name'] = $aliasip." (".get_vip_descr($aliasip).")"; $bindable[$aliasip.'_ipv4'] = $item; } } } } if (in_array("ipv6",$ipverions)){ if (in_array('any',$interfacetypes)){ $item = array(); $item[ip] = '::'; $item[name] = 'any (IPv6)'; $bindable['any_ipv6'] = $item; } if (in_array('localhost',$interfacetypes)){ $item = array(); $item[ip] = '::1'; $item[name] = 'localhost (IPv6)'; $bindable['localhost_ipv6'] = $item; } if (in_array('real',$interfacetypes)){ foreach($config['interfaces'] as $if => $ifdetail) { if (!isset($ifdetail['enable'])) continue; if (!isset($ifdetail['ipaddrv6'])) continue; $item = array(); $item[ip] = get_interface_ipv6($if); $item[name] = $ifdetail['descr'].' address (IPv6)'; $bindable[$if.'_ipv6'] = $item; } } if (in_array('carp',$interfacetypes)){ $carplist = get_configured_carp_interface_list(); foreach ($carplist as $carpif => $carpip){ if (is_ipaddrv6($carpip)){ $item = array(); $item['ip'] = $carpip; $item['name'] = $carpip." (".get_vip_descr($carpip).")"; $bindable[$carpip] = $item; } } } if (in_array('ipalias',$interfacetypes)){ $aliaslist = get_configured_ip_aliases_list(); foreach ($aliaslist as $aliasip => $aliasif){ if (is_ipaddrv6($aliasip)){ $item = array(); $item['ip'] = $aliasip; $item['name'] = $aliasip." (".get_vip_descr($aliasip).")"; $bindable[$aliasip] = $item; } } } } return $bindable; } function haproxy_get_cert_extensions($crt){ $cert = openssl_x509_parse(base64_decode($crt['crt'])); return $cert['extensions']; } function haproxy_get_cert_authoritykeyidentifier($cert) { $certextension = haproxy_get_cert_extensions($cert); $lines = preg_split('/[\n]+/',$certextension['authorityKeyIdentifier']); return substr($lines[0],6);// cut off the starting string 'keyid:' } function haproxy_get_cert_subjectKeyIdentifier($cert) { $certextension = haproxy_get_cert_extensions($cert); $lines = preg_split('/[\n]+/',$certextension['subjectKeyIdentifier']); return $lines[0]; } function haproxy_cert_signed_by($cert, $signedbycert) { // checks if $cert was signed by $signedbycert // this does NOT validate a proper signature but only checks if the extension properties match. $authoritykeyid = haproxy_get_cert_authoritykeyidentifier($cert); $subjectid = haproxy_get_cert_subjectKeyIdentifier($signedbycert); return $authoritykeyid == $subjectid; } function haproxy_get_certificates(){ global $config; $allcerts = array(); foreach($config['cert'] as &$cert) $allcerts[] = &$cert; foreach($config['ca'] as &$cert) $allcerts[] = &$cert; return $allcerts; } function haproxy_recalculate_certifcate_chain(){ // and set "selfsigned" for certificates that where used to sign themselves // recalculate the "caref" for all certificates where it is currently unkown. $allcertificates = haproxy_get_certificates(); $items_recalculated = 0; foreach($allcertificates as &$cert){ $recalculate=false; if (!isset($cert['selfsigned'])){ if (!isset($cert['caref'])) $recalculate=true; else { $ca = lookup_ca($cert['caref']); if (!$ca) $recalculate=true; } } if ($recalculate){ foreach($allcertificates as &$signedbycert){ if(haproxy_cert_signed_by($cert, $signedbycert)){ if ($cert['refid'] == $signedbycert['refid']){ $cert['selfsigned'] = true; } else { $cert['caref'] = $signedbycert['refid']; } $items_recalculated++; } } } } if ($items_recalculated > 0) write_config("Services: HAProxy: Recalculated $items_recalculated certificate chains."); return $items_recalculated; } function phparray_to_javascriptarray_recursive($nestID, $path, $items, $nodeName, $includeitems) { $offset = str_repeat(' ',$nestID); $itemName = "item$nestID"; echo "{$offset}$nodeName = {};\n"; if (is_array($items)) foreach ($items as $key => $item) { if (in_array($path.'/'.$key, $includeitems)) $subpath = $path.'/'.$key; else $subpath = $path.'/*'; if (in_array($subpath, $includeitems) || in_array($path.'/*', $includeitems)) { if (is_array($item)) { $subNodeName = "item$nestID"; phparray_to_javascriptarray_recursive($nestID+1, $subpath, $items[$key], $subNodeName, $includeitems); echo "{$offset}{$nodeName}['{$key}'] = $itemName;\n"; } else echo "{$offset}{$nodeName}['$key'] = '$item';\n"; } } } function phparray_to_javascriptarray($items, $javaMapName, $includeitems) { phparray_to_javascriptarray_recursive(1,'',$items, $javaMapName, $includeitems); } function echo_html_select($name, $keyvaluelist, $selected, $listEmptyMessage="", $onchangeEvent="") { if (count($keyvaluelist)>0){ if ($onchangeEvent != "") $onchangeEvent .= " onchange=$onchangeEvent"; echo ""; foreach($keyvaluelist as $key => $desc){ $selectedhtml = $key == $selected ? "selected" : ""; $name = htmlspecialchars($desc['name']); echo "{$name}"; } echo ""; } else { echo $listEmptyMessage; } } ?>