From 56da4c078fa1429966e94327cea5bf33e3c829aa Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ale=C5=A1=20Kastner?= Date: Sun, 22 Aug 2021 11:20:11 +0200 Subject: [PATCH 1/4] Add files via upload --- 3.php | 101 +++ account_stuff.php | 294 +++++++++ cap.php | 295 +++++++++ capnew.php | 1617 +++++++++++++++++++++++++++++++++++++++++++++ client.pl | 1184 +++++++++++++++++++++++++++++++++ coapnew.php | 1598 ++++++++++++++++++++++++++++++++++++++++++++ ttp.php | 213 ++++++ usbclient.pl | 1019 ++++++++++++++++++++++++++++ 8 files changed, 6321 insertions(+) create mode 100644 3.php create mode 100644 account_stuff.php create mode 100644 cap.php create mode 100644 capnew.php create mode 100644 client.pl create mode 100644 coapnew.php create mode 100644 ttp.php create mode 100644 usbclient.pl diff --git a/3.php b/3.php new file mode 100644 index 00000000..f52b8e32 --- /dev/null +++ b/3.php @@ -0,0 +1,101 @@ + + +

","")?>

+ +

+ + +

+ + +

+ + + + + /** + Since we don't seem to have a way to GPG sign our current key, we have, at least temporarily, removed this. + + https://bugs.cacert.org/view.php?id=1305#c5784 + + **/ +

+
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+For most software, the fingerprint is reported as (SHA1):
+DD:FC:DA:54:1E:75:77:AD:DC:A8:7E:88:27:A9:8A:50:60:32:52:A5
+(and/or SHA256):
+07:ED:BD:82:4A:49:88:CF:EF:42:15:DA:20:D4:8C:2B:
+41:D7:15:29:D7:C9:00:F5:70:92:6F:27:7C:C2:30:C5
+
+Under MS MMC-Certificates and MS browsers the thumbprint is reported as:
+ddfc da54 1e75 77ad dca8 7e88 27a9 8a50 6032 52a5
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.2.2 (GNU/Linux)
+
+iD8DBQE/VtRZ0rsNAWXQ/VgRAphfAJ9jh6TKBDexG0NTTUHvdNuf6O9RuQCdE5kD
+Mch2LMZhK4h/SBIft5ROzVU=
+=R/pJ
+-----END PGP SIGNATURE-----
+
+ + +
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+pub  1024D/65D0FD58 2003-07-11 CA Cert Signing Authority (Root CA)
+     Key fingerprint = A31D 4F81 EF4E BD07 B456  FA04 D2BB 0D01 65D0 FD58
+sub  2048g/113ED0F2 2003-07-11 [expires: 2033-07-03]
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.2.5 (GNU/Linux)
+
+iD8DBQFCEDLN0rsNAWXQ/VgRArhhAJ9EY1TJOzsVVuy2lL98CoKL0vnJjQCfbdBk
+TG1yj+lkktROGGyn0hJ5SbM=
+=tXoj
+-----END PGP SIGNATURE-----
+
+ +

+

+', + '') ?> +

diff --git a/account_stuff.php b/account_stuff.php new file mode 100644 index 00000000..529741f1 --- /dev/null +++ b/account_stuff.php @@ -0,0 +1,294 @@ + + + +<?=$title?> + + + + + + +
+

+ + +
+ +
+
+

+ +

+ + +
+
+
| | | + | + | ©2002-
+
+ +Image((array_key_exists('bw',$_REQUEST) && $_REQUEST['bw'])?'images/CAcert-logo-mono-1000.png':'images/CAcert-logo-colour-1000.png',8,8,100); + $this->SetFont('Arial','B',14); + if($_SESSION['_config']['language'] == "ja") + $this->SetFont('SJIS','',14); + $this->Cell(100); + $this->Cell(40,20,recode($_SESSION['_config']['recode'], _("CAcert Assurance Programme"))); + $this->Ln(6); + $this->Cell(100); + $this->Cell(40,20,recode($_SESSION['_config']['recode'], _("Identity Verification Form"))); + $this->Ln(10); + + $this->SetY(36); + $this->SetFont('Arial','I',8); + if($_SESSION['_config']['language'] == "ja") + $this->SetFont('SJIS','I',8); + $this->Cell(0,0,'CAcert Inc. - Hangar 10 Airfield Avenue - Murwillumbah NSW 2484 - Australia - http://www.CAcert.org',0,0,'C'); + $this->Ln(3); + $this->SetFont('Arial','',6); + if($_SESSION['_config']['language'] == "ja") + $this->SetFont('SJIS','',6); + $this->Cell(0,0, recode($_SESSION['_config']['recode'], _("CAcert's Root Certificate fingerprints"). _(" (since 2019)")),0,0,'C'); + $this->ln(3); + $this->Cell(0,0, recode($_SESSION['_config']['recode'], "SHA1: root: DDFC DA54 1E75 77AD DCA8 7E88 27A9 8A50 6032 52A5 "._("and")." class3: D8A8 3A64 117F FD21 94FE E198 3DD2 5C7B 32A8 FFC8"),0,0,'C'); + $this->ln(3); + $this->Cell(0,0, recode($_SESSION['_config']['recode'], "SHA256: root: 07ED BD82 4A49 88CF EF42 15DA 20D4 8C2B 41D7 1529 D7C9 00F5 7092 6F27 7CC2 30C5 "._("and")." class3: 1BC5 A61A 2C0C 0132 C52B 284F 3DA0 D8DA CF71 7A0F 6C1D DF81 D80B 36EE E444 2869"),0,0,'C'); + $this->SetLineWidth(0.05); // added 3 points to the abcissa 43 -> 46 to get second line fingerprints + $this->Line(1, 46, $this->w - 1, 46); + $this->SetLineWidth(0.2); + } + + function Footer() + { + } + + function Body($name = "", $dob = "", $email = "", $assurer = "", $date = "", $maxpoints = "", $document1 = "", $document2 = "", $location = "") + { + if($date == "now") + $date = date("Y-m-d"); + + // Show text blurb at top of page + $this->SetY(48); // added 3 points to the abcissa 45 -> 48 to get second line fingerprints + $this->SetFont('Arial','',10); + if($_SESSION['_config']['language'] == "ja") + $this->SetFont('SJIS','',10); + $this->Write(4,sprintf(recode($_SESSION['_config']['recode'], _("To the Assurer: The CAcert Assurance Programme (CAP) aims to verify the identities of Internet users through face-to-face witnessing of government issued identity documents. The Applicant asks you to verify to CAcert.org that you have met them and verified their identity against one or more original, trusted, government photo identity documents. If you have ANY doubts or concerns about the Applicant's identity, DO NOT COMPLETE OR SIGN this form. For more information about the CAcert Assurance Programme, including detailed guides for CAcert Assurers, please visit: %s")), "http://www.CAcert.org")); + $this->Ln(10); + $this->Write(4,recode($_SESSION['_config']['recode'], _("As the assurer, you are required to keep the signed document on file for 7 years. Should Cacert Inc. have any concerns about a meeting taking place, Cacert Inc. can request proof, in the form of this signed document, to ensure the process is being followed correctly. After 7 years if you wish to dispose of this form it's preferred that you shred and burn it. You do not need to retain copies of ID at all."))); + $this->Ln(10); + $this->Write(4,recode($_SESSION['_config']['recode'], _("It's encouraged that you tear the top of this form off and give it to the person you are assuring as a reminder to sign up, and as a side benefit the tear off section also contains a method of offline verification of our fingerprints."))); + + // Assuree Section + $top = 120; + $this->Rect(11, $top, $this->w - 25, 60, "D"); //50 -> 60 + $this->SetXY(11, $top + 5); + $this->SetFont("Arial", "BUI", "20"); + if($_SESSION['_config']['language'] == "ja") + $this->SetFont('SJIS','BUI',20); + $this->Write(0, recode($_SESSION['_config']['recode'], _("Applicant's Statement"))); + $this->Rect(13, $top + 10, $this->w - 29, 6, "D"); + $this->Line(80, $top + 10, 80, $top + 16); + $this->SetXY(15, $top + 13); + $this->SetFont("Arial", "B", "12"); + if($_SESSION['_config']['language'] == "ja") + $this->SetFont('SJIS','B',12); + $this->Write(0, recode($_SESSION['_config']['recode'], _("Names")).":"); + if($name) + { + $this->SetXY(82, $top + 13); + $this->SetFont("Arial", '', "11"); + if($_SESSION['_config']['language'] == "ja") + $this->SetFont('SJIS','',11); + $this->Write(0, $name); + } + $this->Rect(13, $top + 16, $this->w - 29, 6, "D"); + $this->Line(80, $top + 16, 80, $top + 22); + $this->SetXY(15, $top + 19); + $this->SetFont("Arial", "B", "12"); + if($_SESSION['_config']['language'] == "ja") + $this->SetFont('SJIS','B',12); + $this->Write(0, recode($_SESSION['_config']['recode'], _("Date of Birth")).": "); + $this->SetFont("Arial", "", "8"); + if($_SESSION['_config']['language'] == "ja") + $this->SetFont('SJIS','',8); + $this->Write(0, "(".recode($_SESSION['_config']['recode'], _("YYYY-MM-DD")).")"); + if($dob) + { + $this->SetXY(82, $top + 19); + $this->SetFont("Arial", "", "11"); + if($_SESSION['_config']['language'] == "ja") + $this->SetFont('SJIS','',11); + $this->Write(0, $dob); + } + $this->Rect(13, $top + 22, $this->w - 29, 6, "D"); + $this->Line(80, $top + 22, 80, $top + 28); + $this->SetXY(15, $top + 25); + $this->SetFont("Arial", "B", "12"); + if($_SESSION['_config']['language'] == "ja") + $this->SetFont('SJIS','B',12); + $this->Write(0, recode($_SESSION['_config']['recode'], _("Email Address")).":"); + if($email) + { + $this->SetXY(82, $top + 25); + $this->SetFont("Arial", "", "11"); + if($_SESSION['_config']['language'] == "ja") + $this->SetFont('SJIS','',11); + $this->Write(0, $email); + } + $this->SetXY(13, $top + 32); + $this->SetFont("Arial", "", "9"); + if($_SESSION['_config']['language'] == "ja") + $this->SetFont('SJIS','',9); + $this->MultiCell($this->w - 29, 3, recode($_SESSION['_config']['recode'], _("I hereby confirm that the information stated above is both true and correct, and request the CAcert Assurer (identified below) to verify me according to CAcert Assurance Policy."))); +// new da start + $this->SetXY(13, $top + 42); + $this->SetFont("Arial", "", "9"); + if($_SESSION['_config']['language'] == "ja") + $this->SetFont('SJIS','',9); + $this->MultiCell($this->w - 29, 3, recode($_SESSION['_config']['recode'], _("I agree to the CAcert Community Agreement.")." ( http://www.cacert.org/policy/CAcertCommunityAgreement.html )")); +// new da end + $this->SetXY(13, $top + 55); //45->55 + $this->Write(0, recode($_SESSION['_config']['recode'], _("Applicant's signature")).": __________________________________"); + $this->SetXY(135, $top + 55);//45->55 + $this->Write(0, recode($_SESSION['_config']['recode'], _("Date (YYYY-MM-DD)")).": "); + if($date == "") + { + $this->Write(0, "20___-___-___"); + } else { + $this->SetFont("Arial", "U", "10"); + if($_SESSION['_config']['language'] == "ja") + $this->SetFont('SJIS','U',10); + $this->Write(0, str_pad($date, 13, " ")); + } + + // Assurer Section + $top += 65; // 55->65 + $this->Rect(11, $top, $this->w - 25, 83, "D"); //63->93 + $this->SetXY(11, $top + 5); + $this->SetFont("Arial", "BUI", "20"); + if($_SESSION['_config']['language'] == "ja") + $this->SetFont('SJIS','BUI',20); + $this->Write(0, recode($_SESSION['_config']['recode'], _("CAcert Assurer"))); + $this->SetFont("Arial", "", "9"); + if($_SESSION['_config']['language'] == "ja") + $this->SetFont('SJIS','',9); + $this->SetXY(13, $top + 15); + if($assurer) + { + $this->Write(0, recode($_SESSION['_config']['recode'], _("Assurer's Name")).": "); + $this->SetFont("Arial", "", "10"); + if($_SESSION['_config']['language'] == "ja") + $this->SetFont('SJIS','U',10); +// $this->MultiCell($this->w - 70, 2, recode($_SESSION['_config']['recode'], $assurer)); + $this->Write(0, str_pad($assurer, 50, " ")); + } else { + $this->SetFont("Arial", "U", "10"); + $this->Write(0, recode($_SESSION['_config']['recode'], _("Assurer's Name")).": ________________________________________________________________"); + } + $this->SetFont("Arial", "", "9"); + if($_SESSION['_config']['language'] == "ja") + $this->SetFont('SJIS','',9); + $this->SetXY(13, $top + 22); + $this->MultiCell($this->w - 34, 3, recode($_SESSION['_config']['recode'], _("Photo ID Shown: (ID types, not numbers. eg Drivers license, Passport)"))); + $this->SetXY(13, $top + 30); + if($document1 == "") + { + $this->Write(0, "1. __________________________________________________________________"); + } else { + $this->Write(0, "1. "); + $this->SetFont("Arial", "U", "10"); + if($_SESSION['_config']['language'] == "ja") + $this->SetFont('SJIS','U',10); + $this->Write(0, str_pad($document1, 90, " ")); + } + $this->SetFont("Arial", "", "9"); + if($_SESSION['_config']['language'] == "ja") + $this->SetFont('SJIS','',9); + $this->SetXY(13, $top + 35); + if($document2 == "") + { + $this->Write(0, "2. __________________________________________________________________"); + } else { + $this->Write(0, "2. "); + $this->SetFont("Arial", "U", "10"); + if($_SESSION['_config']['language'] == "ja") + $this->SetFont('SJIS','U',10); + $this->Write(0, str_pad($document2, 90, " ")); + } + $this->SetFont("Arial", "", "9"); + if($_SESSION['_config']['language'] == "ja") + $this->SetFont('SJIS','',9); + $this->SetXY(13, $top + 45); + $this->Write(0, recode($_SESSION['_config']['recode'], _("Location of Face-to-face Meeting")).": "); + if($location == "") + { + $this->Write(0, "_____________________________________________"); + } else { + $this->SetFont("Arial", "U", "10"); + if($_SESSION['_config']['language'] == "ja") + $this->SetFont('SJIS','U',10); + $this->Write(0, str_pad($location, 70, " ")); + } + $this->SetFont("Arial", "", "9"); + if($_SESSION['_config']['language'] == "ja") + $this->SetFont('SJIS','',9); + $this->SetXY(13, $top + 50); + if($maxpoints > 0) + { + $this->Write(0, recode($_SESSION['_config']['recode'], _("Maximum Points")).": ".$maxpoints); + } else { + $this->Write(0, recode($_SESSION['_config']['recode'], _("Points Allocated")).": ______________"); + } + $this->SetFont("Arial", "", "9"); + if($_SESSION['_config']['language'] == "ja") + $this->SetFont('SJIS','',9); + $this->SetXY(13, $top + 54); + $this->MultiCell($this->w - 33, 3, recode($_SESSION['_config']['recode'], _("I, the Assurer, hereby confirm that I have verified the Member according to CAcert Assurance Policy."))); + $this->SetXY(13, $top + 59); + $this->MultiCell($this->w - 33, 3, recode($_SESSION['_config']['recode'], _("I am a CAcert Community Member, have passed the Assurance Challenge, and have been assured with at least 100 Assurance Points."))); + + $this->SetFont("Arial", "", "9"); + if($_SESSION['_config']['language'] == "ja") + $this->SetFont('SJIS','',9); + $this->SetXY(13, $top + 74); //22->67 + $this->Write(0, recode($_SESSION['_config']['recode'], _("Assurer's signature")).": __________________________________"); + $this->SetXY(135, $top + 74); //22->67 + $this->Write(0, recode($_SESSION['_config']['recode'], _("Date (YYYY-MM-DD)")).": "); + if($date == "") + { + $this->Write(0, "20___-___-___"); + } else { + $this->SetFont("Arial", "U", "10"); + if($_SESSION['_config']['language'] == "ja") + $this->SetFont('SJIS','U',10); + $this->Write(0, str_pad($date, 13, " ")); + } + + } + } + + $format = array_key_exists('format',$_REQUEST)?$_REQUEST['format']:""; + if($format != "letter") + $format = "A4"; + + $maxpoints = array_key_exists('maxpoints',$_REQUEST)?intval($_GET['maxpoints']):0; + if($maxpoints < 0) + $maxpoints = 0; + + $pdf = new PDF('P', 'mm', $format); + if($_SESSION['_config']['language'] == "ja") + $pdf->AddSJISFont(); + $pdf->Open(); + $pdf->AddPage(); + $pdf->Body(array_key_exists('name',$_REQUEST)?$_REQUEST['name']:"", array_key_exists('dob',$_REQUEST)?$_REQUEST['dob']:"", array_key_exists('email',$_REQUEST)?$_REQUEST['email']:"", array_key_exists('assurer',$_REQUEST)?$_REQUEST['assurer']:"", array_key_exists('date',$_REQUEST)?$_REQUEST['date']:"", $maxpoints, array_key_exists('document1',$_REQUEST)?$_REQUEST['document1']:"", array_key_exists('document2',$_REQUEST)?$_REQUEST['document2']:"", array_key_exists('location',$_REQUEST)?$_REQUEST['location']:""); + header("Expires: ".gmdate("D, j M Y G:i:s \G\M\T", time()+10800)); + header("Content-Disposition: attachment; filename=cap.pdf"); + header("Cache-Control: public, max-age=10800"); + header("Pragma: cache"); + $pdf->output(); + exit; +?> diff --git a/capnew.php b/capnew.php new file mode 100644 index 00000000..237c7a59 --- /dev/null +++ b/capnew.php @@ -0,0 +1,1617 @@ + zapfdingbats.utf metrics file +** php -q makefont.php zapfsdingbats.ttf zapfdingbats.utf -> .php,.ctg.z,.z +** install files: zapfdingbats.{php,z,ctg.z} in tcpdf/fonts dir +** UTF8 package for unicode (utf8/native/core.php): +** utf8_substr() only when package is found and needs to be used +** transliteration (and abbreviation): +** if full name has non-ascii char(s) try to use: utf8_to_ascii() +** First from transtab.php package which is Markus Kuhn compliant +** transtab.php is CAcert php package. +** Transtab depends on on its turn on UTF8 package. +** Secondly if not found utf8ascii lib tried (artistic license) +** http://sourceforge.net/projects/phputf8 +** .../utf8_to_ascii-0.3.tar.gz +** see UTF8_ASCII definition for location requirements +** Thirdly: if not found transliteration feature is disabled. +** +** policy documents for pdf inclusion: +** define CCA file (default policy) +** LOGO: CAcert logo logos directory is LOGO +** +** Functionality: +** Test: use environment variable settings as parameters for +** Assuree: names, dob, sign date, id types, email +** if name gets too long font size is increased to get it on one line +** Assurer: name, email, dob (mutual ass), sign date +** Assurance: location, date of assurance +** Form fields: javascript form fields with fields for printout and change +** Printout: printed, and completed for final signatures +** On transliteration and abbreviation of a name: +** if shoes a std way show accepted conversion as pdf comment +** Orientation: on landscape (dflt) print 2-up +** PDF URL links are used to web, wiki, and faq for more info search +** Only on non-ascii chars in a name the utf8 routines are loaded +** PDF reader has wiki info url's and easy email feedback +** ENABLED: +** included is the CCA generates 2 extra pages (needs work to limit vert spacing) +** +** For other re-use of some routines: +** abbreviate() abbreviate a name on std way +** transliterate() provide name in translated format in std way +** +** For tests: +** environment settings (FORM, FORMAT, CCA, ...) define used test data +** In test modus variable path_url from tcpdf package unset warnings +** Set for operation modus TEST on false (or comment code out) +** +** Future: +** digitally sign form and process it via network +** +** unicode and UTF-8 support: +** php4/5 recode() is alias of recode_string() of PHP library +** If not provided: should check every string is transcoded? +** recode(), recode_string(0 is said to have too many (japanese) defeats +** recode_string() is only used on GET[] input (html->utf-8), +** UTF-8 use routines from http://www.sourceforge.net/projects/phputf8 +** which replaces php recode() package. +** on many places own utf-8 handling code exists and is loaded (tcpdf problem) +** _() translation routine. The returned HTML string is translated to utf-8 string. +** the GET() routines expects utf-8 code (see test defs) but might be changed +** to use html entity conversion routine of PHP (5.2 has a problem...). +** +** PDF compression zlib: (now disabled) +** if PHP lib zcompress() is present, generated PDF is compressed +** +** FONTS future use ? http://www.slovo.info/unifonts.htm? (not used now) +** or Bitstream Cyberbit http://www.orwell.ru/download/cyberbit.zip +** Latter font is no longer for free download +** For now: FreeVeraSans is used now and embedded (std in TCPDF package) +** ZapfDingbat font: some Open Source readers have bad font handling or +** no zapfdingbat font. So one is embedded +** To be generated with tooling in util directory. +** +** TO DO, to CHECK and KNOWN PROBLEMS: +** Japanse package (maybe not needed with TCPDF?) +** CCA informal should be on one page (no CCA printed yet) +** form field checks, print button (Java script) +** data structs in Java script and globalize property settings +** XML +** timestamping, signatures and certificate usage +** list of recipients, encrypt the document and send it off +** On Acrobat 7.0: first form field call error (have work around) +** eps problem with logo (no eps logo yet) +** multi selection of ID types in form fields (value editable now) +** ugly capital char use in intro to bold or italic lowercase +** tables over page boundaries do not fully work yet +** +** DEPENDENCIES: +** This PDF GENERATION package relies on the PHP PDF generation +** package of TCPDF source force project: +** http://sourceforge.net/projects/tcpdf/ V 4.0.007 18th July 2008 +** The tcpdf software supports encryption, signatures, and form fields +** TCPDF is using URF-8 code (good!) +** The TRANSLITERATE code tables db (utf8ascii) is not compliant (!?) with +** Markus Kuhn -- 2001-09-02 +** First is tried to use Markus his tables +** For a test file with all chars see there (it is also in tcpdf package). +** Both transliteration packages rely on UTF-8 code, only loaded when available and +** when really needed. +** PDF generation: The alternative is the one from the std PHP library. +** +** SECURITY: +** PHP libs: packages seems to download files on the fly into local filesystem!!! +** +** All sizes (in mm) is related to A5 base, so other page formats are scaled. +** +** Parameters (API): +** $_GET['date'] date of assurance and signature assuree +** $_GET['name'] first full name assuree default empty for upward compatibility +** $_GET['name1'] first full name assuree default empty equal to 'name' (new) +** $_GET['name<%d>'] etc. %d = 1-9 (new) +** $_GET['name1ID'] ID of first name (new) +** $_GET['name<%d>ID'] ID of second name (new) +** $_GET['name1Pnts'] assurance points for first name (new) +** $_GET['name<%d>Pnts'] assurance points for second name (new) +** $_GET['dob'] date of birth assuree default empty +** $_GET['document1'] ID type assuree default empty (deprecated) +** $_GET['document2'] second ID type assuree default empty (deprecated) +** $_GET['email'] email address assuree default empty +** $_GET['assurer'] full name assurer default empty +** $_GET['assurerdob'] date of birth assurer default empty (new) +** $_GET['assureremail'] email address assurer default empty (new) +** $_GET['assurerdate'] date of signature assurer (new) +** $_GET['assurancedate'] date of assurance (new) +** $_GET['location'] location of assurance +** $_GET['maxpoints'] max points allocated depends on assurer default 35 +** $_GET['nocca'] do not print CCA on back side (dflt: false) +** $_GET['policy<%d>'] to include policy document(s) in pdf file %d = 1-9 (new) +** $_GET['noform'] do not print form (dflt: true) (new) +** $_GET['format'] paper format required A0-A6,Letter, Folio, B0-B6 (dflt A4) +** $_GET['watermark'] watermark on the page +** $_GET['orientation'] paper orientation default 'portrait' +** $_SESSION['_config']['language'] for 'ja' japanese default != ja +** $_SESSION['_config']['recode'] = 'format' recode() uses it: needed ? +** recode() is aliased to php lib function recode_string() +** $_REQUEST['bw'] if exists use black/white, default use colour +** +** Output, package generates: +** PDF display screen is scaled to 150% A5 size +** PDF property fields have CAcert info +** on non empty _GET strings, the package generates prefilled form fields. +** PDF form field variables (Java Script): +** Assuree +** Assuree.Names[].Name 1..9 +** Assuree.Names[].TypeID 1..9 language dependant (passport, ID card, etc.) +** Assuree.Names[].Points 1..9 points:empty, 0..max points (dflt max 35) +** Assuree.Email +** Assuree.DoB +** Assuree.Date date of signature +** Assurer +** Assurer.Name string may have Assurer email address +** Assurer.Email +** Assurer.DoB +** Assurer.Date date of signature +** Assurance +** Assurance.Location string may have date of meeting +** Assurance.Date date of assurance +** Form Revision string is generated from RCS revision string. +** More info on PDF fields: +** http://www.adobe.com/devnet/acrobat/pdfs/js_developer_guide.pdf +** +*/ + +// use next define if you test this code +define( 'TEST', true ); +// INSTALLATION DIRS OF PACKAGES ============================== +// make sure packages are installed here +define('RT','./'); +define('TCPDF_DIR', '/usr/share/tcpdf_php4'); +define('UTF8',RT.'/utf8/native/core.php'); +if( file_exists(RT.'/transtab.php') ) // wherever it is + define('UTF8_ASCII', RT.'/transtab.php'); +else + define('UTF8_ASCII', RT.'/utf8_to_ascii/utf8_to_ascii.php'); // optional +// end operational special code defs + +if( defined( 'TEST' ) ) { + // ONLY FOR TEST PURPOSES ===================================== + /* test data */ + + $_SESSION['_config']['recode'] = 'html..utf-8'; // ???? + if( isset($_SERVER['LANG']) ) + $_SESSION['_config']['language'] = $_SERVER['LANG']; + + if( array_key_exists('FORMAT',$_SERVER) AND $_SERVER['FORMAT'] ) + $_GET['format'] = $_SERVER['FORMAT']; + else { + //$_GET['format'] = 'A5'; // ok, default + //$_GET['format'] = 'Legal'; // ok + //$_GET['format'] = 'Folio'; // ok + //$_GET['format'] = 'Letter'; // letter little margin problem + //$_GET['format'] = 'A4'; // ok + } + if( array_key_exists('ORIENTATION',$_SERVER) AND $_SERVER['ORIENTATION'] ) + $_GET['orientation'] = $_SERVER['ORIENTATION']; + else { + //$_GET['orientation'] = 'portrait'; // default 2 pages, or portrait + } + $_GET['nocca'] = isset($_SERVER['CCA']) ? $_SERVER['CCA'] : ''; + //$_GET['policy1'] = 'policy/PolicyOnPolicy.html'; + if( isset($_SERVER['FORM']) AND $_SERVER['FORM'] == 'noform' ) + $_GET['noform'] = 'true'; + + if( array_key_exists('FORM',$_SERVER) AND $_SERVER['FORM'] != 'empty' ){ + // assuree info part + $_GET['date'] = '2008-11-04'; + $_GET['name'] = 'drs. T. Fabrice Ghuege-Denis'; // upwards competable + $_GET['name1'] = $_GET['name']; // will void 'name' + $_GET['name1ID'] = 'rijbewijs'; + //$_GET['name1Pnts'] = ''; + $_GET['name2'] = 'drs. Teus F. Ghuege-Denis'; // second name + //$_GET['name2ID'] = ''; + $_GET['name2Pnts'] = '10'; // seems not to work properly yet + $_GET['name3'] = 'Tänўs Iʼntèrnątiœñalîsàtïǿn Ĝügé'; // third, show of javascript error + $_GET['name3ID'] = 'paspoort'; + $_GET['name3Pnts'] = '12'; + $_GET['name8'] = 'This Should Be invisible'; + $_GET['dob'] = '1945-10-06'; + $_GET['document1'] = 'führerschein'; + $_GET['document2'] = 'paspoort'; + $_GET['email'] = 'tesu.hagaen@thesu.xs4all.eu'; + // assurer info + $_GET['assurer'] = 'mr A. B. C. Äßurer';// one name only + $_GET['assurerdob'] = '2010-12-32'; // for mutual assurance + $_GET['assureremail'] = 'assurer.email@cacert.org'; // for mutual assurance + // meeting info + $_GET['location'] = 'Grubbenvorst, the Carabiën'; + $_GET['assurerdate'] = ''; + $_GET['assurancedate'] = '2008-12-31'; + $_GET['maxpoints'] = '20'; + $_GET['watermark'] = 'just an EXAMPLE'; + } else { + //$_GET['ALL'] = 'empty'; + } + + //$_REQUEST[bw] = true; + +} // end of TEST code =========================================================== + +/* Directory settings for installation */ +// change next for directory settings for packages !!!!!!!!!!!!!!!!!!!!!! +// set to correct internal path to TCPDF pakage installation +// Make sure pdf generation package is not connecting internet for +// whatever reason and downloading files into this host!!!! +// UCPDF as well PHP PDF std package have unsecure code as well.... +require_once(TCPDF_DIR . '/config/lang/eng.php'); +require_once(TCPDF_DIR . '/tcpdf.php'); + +// CAcert logo path/file name is extended with eg color, mono and format type +define( 'LOGO','logos/CAcert-logo-'); +// eps should give better quality, LOGO_TYPE -> .eps +// eps does not work with CAcert logo, set to .eps when ok +define( 'LOGO_DPI', '1000'); +define( 'LOGO_TYPE','-'.LOGO_DPI.'.png'); +// logo colors RGB hex +define('BLUE', '#11568C'); // RGB 17 86 140 +define('LBLUE', '#ADC5D7'); // RGB 112 154 186 +define('LLBLUE','#D6E2EB'); // lighhter blue RGB 173 197 215 +define('LIME', '#C7FF00'); // RGB 199 255 0 +define('GREEN', '#00BE00'); // 0 190 0 + +define('POBOX','Hangar 10 Airfield Avenue, Murwillumbah NSW 2484, New South Wales, (Commonwealth of) Australia'); +define('WEB', 'http://www.cacert.org'); +define('WIKI','http://wiki.cacert.org/wiki'); +define('ROOTKEYS','http://www.cacert.org/index.php?id=3'); +define('ASSCAP', WIKI.'/FAQ/AssuranceByCAP'); +define('ASSHBK', WIKI.'/AssuranceHandbook'); +define('ASSINFO', WIKI.'/FAQ/AssuranceInformationForCAP'); +define('ASSINTRO', WIKI.'/FAQ/AssuranceIntroduction'); +define('ASSORG', WIKI.'/OrganisationAssurance'); +define('ARBIT', WIKI.'/ArbitrationForum'); +// CAcert Community Agreement +define('CCA', 'CAcertCommunityAgreement'); // default policy to print +define('POLICY','policy/'); // default polciy doc directory +define('EXT','.html'); // default polciy doc extention, should be html +/* finger print CAcert Root Key SHA256 since 2021*/ // should obtain this automatically +define('CLASS1_SHA256','07ED BD82 4A49 88CF EF42 15DA 20D4 8C2B 41D7 1529 D7C9 00F5 7092 6F27 7CC2 30C5'); +define('CLASS3_SHA256','1BC5 A61A 2C0C 0132 C52B 284F 3DA0 D8DA CF71 7A0F 6C1D DF81 D80B 36EE E444 2869'); +/* finger print CAcert Root Key */ // not to use since 2019 +/* finger print CAcert Root Key SHA1 since 2021*/ // should obtain this automatically +define('CLASS1_SHA1','DDFC DA54 1E75 77AD DCA8 7E88 27A9 8A50 6032 52A5'); +define('CLASS3_SHA1','‎D8A8 3A64 117F FD21 94FE E198 3DD2 5C7B 32A8 FFC8'); +// next two are not used on the form, possibly outdated +define('CLASS1_MD5','A6:1B:37:5E:39:0D:9C:36:54:EE:BD:20:31:46:1F:6B'); +define('CLASS3_MD5','F7:25:12:82:4E:67:B5:D0:8D:92:B7:7C:0B:86:7A:42'); +// if on draft provide std message +define('WATERMARK',''); + +// other definitions for the form +define('MAX_COLS', 2); // max coulumns per page Landscape is printed with 2-up +// put next to 200 and it will disable printout +define('MINH', 98.5); // in A5 mm is current estimated left over space on one page +define('H', 5); // height of a name entry field +//set margins +define('MARGIN',11.296); // 2-up will be scaled +// base of font size +define( 'F_SIZE', 7 ); + +define('DFL_FORMAT', 'html..utf-8'); + +// enviroment dependent constants +// Japanese is not supported? +if( array_key_exists('_config', $_SESSION) ) { + if( isset($_SESSION['_config']['language']) ) { + if($_SESSION['_config']['language'] == 'ja') + define('FONT','SJIS'); + else define( 'FONT', 'freesans'); + } + else define( 'FONT', 'freesans'); +} +else + //define( 'FONT', 'dejavusans'); + define( 'FONT', 'freesans'); + +// generate black/white? +if(array_key_exists('bw',$_REQUEST)) + define('BW', true); +else + define('BW', false); + +// function is left in tact, but to new tcpdf code UFT-8 is fully supported now. +function my_recode($strg = NULL ) +{ + static $format = NULL; + if( $strg == NULL OR !$strg ) return ( '' ); + if( $format == NULL ) { + if( array_key_exists('_config', $_SESSION) ) { + if( isset( $_SESSION['_config']['recode']) ) + $format = $_SESSION['_config']['recode']; + else $format = DFL_FORMAT; + } + else $format = DFL_FORMAT; + } + // newer tcpdf package is full UTF-8 Voided by this package? + if( function_exists('recode_string' ) ) + return ( recode_string($format, $strg) ); + else return( $strg ); +} + +// return TRUE if string is ascii and not device control chars specialized for +// personal names (no device controls) +function utf8_is_ascii_ctrl($str) { + if ( strlen($str) > 0 ) { + // Search for any bytes which are outside the ASCII range, + // or are device control codes + //return (preg_match('/[^\x09\x0A\x0D\x20-\x7E]/',$str) !== 1); deleted \r and \n + return (preg_match('/[^\x09\x20-\x7E]/',$str) !== 1); + } + return FALSE; +} + + +// extend TCPF with custom functions +class CAPPDF extends TCPDF { + + // do cap form version numbering automatically '$Revision: 1.6 $' + /*public*/ function Version() { + strtok(REV, ' '); + return(strtok(' ')); + } + + /*public*/ function myHeader( $msg = NULL, $url = NULL ) + { + static $my_url = NULL; + if( $msg != NULL ) { + $this->my_header_msg = $msg; $my_url = $url; return; + } + if( $this->my_header_msg == NULL ) return; + if( $this->msg_page_nr > 0 ) { + $font_fam = $this->FontFamily; + $font_style = $this->FontStyle.($this->underline ? 'U' : '').($this->linethrough ? 'D' : ''); + $font_size = $this->getFontSize(); + $this->SetFont(FONT,'', F_SIZE-1); + $this->setXY($this->lMargin, MARGIN-3); + $this->Cell($this->colwidth, 3,$this->my_header_msg, 0, 0, 'R'); + if( !empty($font_fam ) ) + $this->SetFont($font_fam,$font_style,$font_size); + if( $my_url != NULL AND $my_url != '' ) + $this->myLink($this->lMargin+$this->colwidth/2,$this->lMargin-4,$this->colwidth,(F_SIZE+5)/2.9,$my_url); + } + $this->setXY($this->lMargin, MARGIN+3); + $this->y0 = $this->getY(); + } + + // undefine default header and footer handling + // default routines do not handle columns + function Footer() { } + function Header() { } + function Mark( $string = '' ) { + return array( $string, 1+substr_count($string,'.') ); + } + + /*public*/ function myFooter( $msg = NULL, $url = NULL ) + { + static $my_url = NULL; + if( $msg != NULL ) { + $this->my_footer_msg = $msg; $this->msg_page_nr = 0; + $my_url = $url; return; + } + if( $this->my_footer_msg == NULL ) return; + $this->InFooter = true; + $this->msg_page_nr++; + $font_fam = $this->FontFamily; + $font_style = $this->FontStyle.($this->underline ? 'U' : '').($this->linethrough ? 'D' : ''); + $font_size = $this->getFontSize(); + $this->SetFont(FONT,'', F_SIZE-1); + if( $this->msg_page_nr > 1 ) { + $this->SetXY($this->lMargin, $this->GetPageHeight()/$this->scale*100.0-6); + $this->Cell($this->colwidth, 3, + sprintf("%s %d", $this->unhtmlentities( _('page') ), $this->msg_page_nr), + 0, 0, 'C'); + } + if( $this->my_footer_msg != '' ) { + $strg = '© '. date('Y'). ' CAcert Inc.'.', '. $this->my_footer_msg; + $this->SetXY($this->lMargin+MARGIN/2, $this->GetPageHeight()/$this->scale*100.0-6); + $this->Cell($this->colwidth, 3, $strg, 0, 0, 'R'); + if( $my_url != NULL AND $my_url != '' ) + $this->myLink($this->lMargin+MARGIN/2,$this->GetPageHeight()/$this->scale*100.0-6,$this->colwidth,(F_SIZE+5)/2.9,$my_url); + } + if( $this->Watermark != '' ) { + $this->StartTransform(); + $savex = $this->GetX(); $savey = $this->GetY(); + $this->SetFont(FONT,'', F_SIZE*7); + $l = $this->GetStringWidth($this->Watermark); + $h = $this->GetPageHeight()/$this->scale*100.0/2; + $w = $this->colwidth/2+MARGIN; + $this->SetXY(0,0); + $this->TranslateY($h+(F_SIZE*7)/2.9); + $this->TranslateX($w-MARGIN+$this->lMargin); + $this->Rotate(rad2deg(atan($h/$w))); + $this->Text(-$l/2,0,$this->Watermark, 0.8); + $this->StopTransform(); + $this->SetXY($savex,$savey); + } + + if( !empty($font_fam ) ) + $this->SetFont($font_fam,$font_style,$font_size); + $this->InFooter = false; + } + + // user and print preferences + // NumCopies, PrintPageRange, DisplayDocTitle, HideMenuBar, HideToolBar, ... + /*public*/ var $ViewerPrefs = array( + 'Duplex' => 'Simplex', + 'NumCopies'=> 2, + 'DisplayDocTitle' => 'CAcert Assurance Programme (CAP)', + 'HideToolBar' => true, + 'FitWindow' => true, + ); + + //number of colums + /*protected*/ var $ncols=1; + + // columns width + /*protected*/ var $colwidth=0; + + // space between columns + /*protected*/ var $column_space = 0; + + //Current column + /*protected*/ var $col=0; + + //Ordinate of column start + /*protected*/ var $y0; + + // scaling factor + /*protected*/ var $scale = 100.0; + + // print header and footer + /*protected*/ var $my_footer_msg = NULL; + /*protected*/ var $my_header_msg = NULL; + /*protected*/ var $msg_page_nr = 0; + + // print short watermark on the page + /*public*/ var $Watermark = WATERMARK; + + /*public*/ function SetFormat( $format = 'a5' ) { + switch( strtolower($format) ) { + // there is some scale problems with margins... + case 'a1': + case 'b1': + $this->scale *= 1.4142; + case 'a2': + case 'b2': + $this->scale *= 1.4142; + case 'a3': + case 'b3': + $this->scale *= 1.4142; break; + case 'a5': + case 'b5': + $this->scale /= 1.4142; break; + case 'letter': + $this->scale *= 0.97; break; + default: $format = 'a4'; + case 'a4': + case 'b4': + case 'folio': + case 'legal': + break; + } + $this->SetDisplayMode(intval($this->scale), 'SinglePage', 'UseOC'); + return( $format ); + } + + //Set position at a given column + /*private*/ function SetCol($col = -1) { + static $pagecolwidth = 1.0; + static $column_space = 1.0; + + $this->InFooter = true; + if( $col == -1 ) $col = $this->col+1; + if( $this->colwidth == 0 ) { + // only once at start; set default values + //set margins + $this->addPage(); $col = 0; // reset to zero + $this->SetMargins(MARGIN, MARGIN, MARGIN); + if( $this->CurOrientation != 'L' ) { + $this->scale *= 1.4142; + $this->ScaleXY($this->scale,0,0); + } else { + $this->scale *= 1.0; + $this->ScaleXY($this->scale,0,0); + } + $this->ncols = $this->CurOrientation == 'L'? MAX_COLS : 1; + $this->colwidth = $this->w / $this->scale * 100 / $this->ncols - MARGIN*2; + $pagecolwidth = $this->w/$this->ncols; + // space between columns + if ($this->ncols > 1) { + $column_space = round((float)($this->w - ($this->ncols * $pagecolwidth)) / ($this->ncols - 1)); + } else { + $column_space = 0; + } + $this->y0 = $this->GetY(); + } + else { + if( $col == $this->col ) { // reset on close of this column + $x = MARGIN + $this->col*($pagecolwidth+$column_space); + $this->SetLeftMargin($x); + //$this->SetRightMargin($this->w - $x - $this->colwidth); + } + $this->PrintTable('', -1); // if pending table close up table + $this->myFooter(); // print footer msg if defined + } + if( $col >= $this->ncols ) { + $this->addPage(); $col = 0; + $this->ScaleXY($this->scale,0,0); + $this->y0 = 0; //no header/footer done... + } elseif ( $col > 0 AND $col < $this->ncols) { + // print column separator + $x = $this->w/$this->ncols*($this->col+1); + $y = $this->tMargin; + $this->SetLineWidth(0.1); $this->SetDrawColor(195); + $this->SetLineStyle(array('dash'=>'1,8') ); // gray dotted + $this->Line( $x, $y+27, $x, $y+185); + $this->SetLineWidth(0.2); $this->SetDrawColor(0); + $this->SetLineStyle(array('dash'=>'0') ); + } + $this->col = $col; + // X position of the current column + $x = MARGIN + $col*($pagecolwidth+$column_space); + $this->SetLeftMargin($x); + $this->SetRightMargin($this->w - $x - $this->colwidth); + $this->SetXY($x, $this->y0); + $this->myHeader(); //print header msg if defined + $this->PrintTable('', 0); // if in table reprint title table + $this->InFooter = false; + } + + //Method accepting or not automatic page break + /*public*/ function AcceptPageBreak() { + $this->SetCol(); + return false; + } + + // redefine this routine from tcpdf.php due to scaling bug + /*protected*/ function checkPageBreak($h) { + if (((($this->y + $h)*$this->scale/100.0) > $this->PageBreakTrigger) ) { + if ( !$this->InFooter ) { + if ( ($this->AcceptPageBreak())) { + $rs = ''; + //Automatic page break + $x = $this->x; + $ws = $this->ws; + if ($ws > 0) { + $this->ws = 0; + $rs .= '0 Tw'; + } + $this->AddPage($this->CurOrientation); + if ($ws > 0) { + $this->ws = $ws; + $rs .= sprintf('%.3f Tw', $ws * $k); + } + $this->_out($rs); + $this->y = $this->tMargin; + $this->x = $x; + } + } + } + } + + /*private*/ function myLine( $x1 = 0, $y1 = 0, $x2 = 0, $y2 = 0 ) { + if ( BW ) { + $this->SetDrawColor(195); + } else { + $this->SetDrawColor(173,197,215); + } + $this->SetLineWidth(0.1); // small line in points collumn + $this->Line($x1, $y1, $x2, $y2 ); + $this->SetLineWidth(0.2); $this->SetDrawColor(0); + + } + + /*private*/ function S( $value = 1.0 ) { + return( $value * $this->scale / 100.0 ); + } + + // put Link in user space + /*private*/ function myLink( $x, $y, $w, $h, $Lnk = NULL, $Type = array('SubType'=>'Link') ) { + if( $Lnk == NULL ) return; + if( $Lnk == '' ) $Lnk = WEB; + $this->Annotation( $this->S($x), $this->S($y), $this->S($w), $this->S($h), $Lnk, $Type); + } + + + //require_once('../utf8/native/core.php'); + // only for to upper case //require_once('../utf8/utils/unicoe.php'); + + //setlocale(LC_ALL, 'de_DE'); + // try to abbreviate a full name, returns name if abbreviation was/is done + // has pointers to sur name, first name, avoids titles and extentions + // is based that given names and family names starts with capital + // all names between first given name and surname are secondary names + // will use utf8 routines only when needed and available + /*private*/ function Abbreviate( $name = '') { + // need to change this for utf8 uppercase detection + // substr and strtoupper arte dependent of setlocale... + $substr = 'substr'; + $strtoupper = 'strtoupper'; + $tokens = array(); + $cnt = preg_match_all('/([^\s\.]+\.|[^\s\.]+)/', $name, $tokens, PREG_SET_ORDER); + if( $cnt <= 0 ) return ( $name ); + $fam = -1; $married = 0; $i = 0; $success = FALSE; $first_name = -1; + for( $j = 0; $j < $cnt ; $j++ ) { + $tk = $tokens[$j]; + $nm = $tk[0]; if( $nm == '' ) continue; + // not utf8 + $ltr = $substr( $nm, 0, 1 ); + if(preg_match('/[^\x09\x20-\x7E]/',$ltr) !== 1 AND // it is utf8 + function_exists( 'utf8_substr') ) { + $substr='utf8_substr'; + //$strtoupper = 'utf8_strtoupper'; // requires utf8/utils/unicode.php + } + if( $strtoupper($ltr) != $ltr ) continue; // lower case setlocale dependent + elseif( preg_match('/\./', $nm ) ) { + if( $first_name < 0 ) $first_name = $j; + if( $first_name >= 0 ) $success = TRUE; // was abbreviated + continue; // title + } + if( $first_name < 0 ) $first_name = $j; + if( $married == 0 ) $fam = $j; + if( preg_match('/[-_]/', $nm ) ) { + // find special markers + if( $married == 0 ) $fam = $j; + $married++; + } + } + $name = ''; + for( $j = 0; $j < $cnt; $j++ ){ + $tk = $tokens[$j]; + if( !isset($tk[0]) ) continue; + $nm = $tk[0]; if( $nm == '' ) continue; + if( $name != '') $name .= ' '; + $ltr = $substr( $nm, 0, 1 ); + if( $j == $fam ) $name .= $nm; + elseif( $strtoupper($ltr) != $ltr ) $name .= $nm; // lower case + elseif( preg_match('/\./', $nm ) ) $name .= $nm; + elseif( $j < $fam ) { // need to abbreviate + // not utf8 + // and abbreviate + if( $j == $first_name ) + $abr = '('. $substr( $nm, 1 ) . ')'; + else $abr = '.'; + $name .= $ltr . $abr; $success = TRUE; // is abbreviated + } else $name .= $nm; + } + $ext = -1; for( $j = $cnt-1; $j >= 0 AND $j >= $fam; $j-- ) { + // try to find family names and see if there is abbreviation + $tk = $tokens[$j]; + if( !isset($tk[0]) ) continue; + $nm = $tk[0]; + if( $ext < 0 AND preg_match('/(^[^A-Z]|\.)/', $nm ) ) continue; + if( $ext < 0 ) $ext = $j+1; + if( preg_match('/\./', $nm ) ) { $success = TRUE; break; } + } + return( $success? $name : '' ); // and return abbriviated name + } + + // set formfield coordinates + // this routine is needed due to field ordinates are not scaled and in user space + // to be called before form field call (or as width parameter) + // and just after with true argument to restore X Y ordinates. + /*private*/ function SetFieldXY( $x=NULL, $y=NULL, $w=0) { + static $savex; + static $savey; + static $restored = true; + $restoreXY = $x == NULL ? true : false; + + if( $restored == $restoreXY ) + $this->Error("internal Form Field save/restore error\n"); + if( !$restoreXY ) { + /* save X Y ordinates */ + $savex = $this->GetX(); $savey = $this->GetY(); + // scale to user ordinates + $this->SetY( $this->S($y)); + $this->SetX( $this->S($x)); + } else { + /* restore X Y ordinates */ + $this->SetY( $savey); // different from SetXY() + $this->SetX( $savex); // different from SetXY() + } + $restored = $restoreXY; + return( $this->S($w) ); + } + + // print Date on left or right side + /*private*/ function PrintDate( $x=10, $y=10, $dstrg='teus', $dvalue='1945-10-6', $field = NULL , $RL = 'L') + { + static $TextProps = array('strokeColor' => LLBLUE, 'value' => '', 'fillColor' => LBLUE , 'textSize' => '11', 'charLimit'=> 10); + // next statements will cause php to go into an infinite loop + //if( $dstrg != NULL AND $dstrg == '') + // $TextProps['userName'] = $this->unhtmlentities( _("On mutual assurance provide Assurer date of birth (yyyy-mm-dd)") ); + //else + $TextProps['userName'] = $this->unhtmlentities( _("yyyy-mm-dd") ); + + $this->SetFont( FONT, '', F_SIZE); + $this->SetXY($RL == 'L'? $x : $x-50, $y); + $this->Cell(50, 3, $dstrg, 0, 0, $RL); + if($dvalue) { + $this->SetXY($RL == 'L'? $x :$x-50, $y+3.5); + $this->SetFont(FONT, 'B', F_SIZE); + $this->Cell(50, 3, $dvalue, 0 , 0, $RL); + } + if( $field == NULL ) return; + $TextProps['value'] = $dvalue; + $this->TextField($field, $this->SetFieldXY(($RL == 'L'? $x+1 : $x-17), ($y+3.5),17), 5, $TextProps ); + $this->SetFieldXY(); + } + + // Add import HTML text eg from CCA + /*private*/ function PrintHTML( $url = NULL ) { + if( $url == NULL OR $url == '' ) return; + $error = ''; $title = ''; $url = POLICY.$url.EXT; + if( ! file_exists($url) ) $url = WEB.'/'.$url; + $data = file_get_contents($url); + if( !$data ) $error = "\nInternal Error: no ".$url.' found.'; + else { + $regs = array(); + preg_match('/<[Tt][Ii][Tt][Ll][Ee][^>]*>/', $data, $regs); + if( count($regs) < 1 ) $error .= "\nInternal Error: no open tag title found on $url."; + else { + $start = strpos($data, $regs[0]) + strlen($regs[0]); + $data = substr($data, $start); + } + $regs = array(); + preg_match('/<\/[Tt][Ii][Tt][Ll][Ee][^>]*>/', $data, $regs); + if( count($regs) < 1 ) $error .= "\nInternal Error: no close title tag found on $url."; + else { + $end = strpos($data, $regs[0]); + $title = trim(substr($data,0,$end)); + $data = substr($data, $end+strlen($regs[0])); + } + $regs = array(); + preg_match('/<[Bb][oO][Dd][yY][^>]*>/', $data, $regs); + if( count($regs) < 1 ) $error .= "\nInternal Error: no open html body tag found on $url."; + else { + $start = strpos($data, $regs[0]) + strlen($regs[0]); + $data = substr($data, $start); + } + $regs = array(); + preg_match('/<\/[Bb][oO][Dd][yY][^>]*>/', $data, $regs); + if( count($regs) < 1 ) $error .= "\nInternal Error: no closing html body tag found on $url."; + else { + $end = strpos($data, $regs[0])-1; + $data = substr($data, 1, $end); + } + } + if( !$title ) $title = $url; + $this->SetCol(); + $this->setFont(FONT, F_SIZE); + if( !$error ) { + $this->PrintHeader($this->unhtmlentities( _($title) ), $this->unhtmlentities( _('policy document') ), strncmp($url,WEB,strlen(WEB))==0? $url : (WEB.'/'.$url)); + if( $title ) $this->Bookmark($title,0); + $this->writeHTMLCell($this->colwidth,2.5,$this->lMargin+1,$this->GetY()+2.5, + $data, 0,2,0,'L'); + } + else + $this->MultiCell($this->colwidth, 3, $error); + } + + /*private*/ function PrintCAP($assuree = NULL, $assurer = NULL, $assurance = NULL, $page = NULL ) { + $this->SetCol(); + $this->PrintHeader($this->unhtmlentities( _('CAcert Assurance Programme') ), $this->unhtmlentities( _('Identity Verification Form (CAP) form') ), defined('ASSCAP')?ASSCAP:'',defined('WEB')? WEB.substr(__FILE__, strrpos(__FILE__,'/')) : ''); + // define slightly different footer message + $this->myFooter('V'. substr($this->Version(), 0, strpos($this->Version(), '.')).', '. $this->unhtmlentities( _('generated') ).' '.date('Y-n-j'), NULL); + $this->AssuranceInfo($assurance); + $this->InfoAssuree($assuree, $assurer, $assurance); + $this->StatementAssuree( $assuree['date']); + $this->StatementAssurer( $assurer, $assurance ); + } + + //Add form and/or CCA (on duplex only when more as one page is printed) + /*public*/ function PrintForm( $assuree = NULL, $assurer = NULL, $assurance = NULL, $page = NULL ) { + + for($cnt=0 ; $cnt < $this->ncols; $cnt++ ) { + if( !isset( $page['form']) OR $page['form'] ) { + // the form is one page, use new room? + if ( $assuree == NULL OR $assurer == NULL OR $assurance == NULL ) + $this->Error('Assuree or Assurer data records failure'); + $this->PrintCap( $assuree, $assurer, $assurance); + } + + // print off policy documents to be included in pdf file + foreach( $page['policies'] as $i => $file ) { + $this->Watermark = WATERMARK; // no watermark on these pages + if( $file ) $this->PrintHTML( $file ); + } + if( $this->col > 0 OR $this->getPage() > 1 ) break; + } + if( $this->getPage() > 1 ) { + // and on duplex print back side with Community Agreement + if( $this->CurOrientation == 'P' ) + $this->ViewerPrefs['Duplex'] = 'DuplexFlipLongEdge'; + else + $this->ViewerPrefs['Duplex'] = 'DuplexFlipShortEdge'; + } + // close up this column, make sure footer is printed. + $this->my_header_msg = NULL; $this->SetCol($this->col); + } + +// Set form title (right align) +/*public*/ function PrintHeader($title1 = ' ', $title2 = ' ' , $url1 = NULL, $url2 = NULL) { + // store current top margin value + $tSide = $this->tMargin; + + // CAcert logo + // eps should be better, but it does not seem to work with CAcert logo + $this->rMargin -= 1; + $this->myFooter($title1,$url1); + $this->myHeader($title2,$url2); + if( LOGO_TYPE == '.eps' ) + $this->ImageEPS(BW?LOGO.'mono'.LOGO_TYPE:LOGO.'colour'.LOGO_TYPE, + ($this->lMargin+$this->colwidth)-51,$tSide-3,51); + else + // png image 1000 X 229 * 8 bits + $this->Image(BW?LOGO.'mono'.LOGO_TYPE:LOGO.'colour'.LOGO_TYPE, + ($this->lMargin+$this->colwidth)-51,$tSide-3,51,0,0, + NULL,0,true,intval(LOGO_DPI)); + $this->myLink($this->lMargin+$this->colwidth-51, $tSide-3,51,51/1000*229,WEB); + // form type + $this->SetFont(FONT,'B',F_SIZE+5); + $this->SetY($tSide+5); $this->SetX($this->lMargin); + $l = $this->GetStringWidth($title1); + $this->Cell($this->colwidth+1,14,$title1,0,0,'R',0,NULL); + if( $url1 != NULL AND $url1 != '' ) + $this->myLink($this->lMargin+$this->colwidth-$l,$this->GetY()+5,$l,(F_SIZE+5)/2.9,$url1); + $this->Ln(5); $this->SetX($this->lMargin); + $l = $this->GetStringWidth($title2); + $this->Cell($this->colwidth+1,14,$title2,0,0,'R',0,NULL); + if( $url2 != NULL AND $url2 != '' ) + $this->myLink($this->lMargin+$this->colwidth-$l,$this->GetY()+5,$l,(F_SIZE+5)/2.9,$url2); + + // CAcert Inc. postbox address + $this->Ln(6); $this->SetX($this->lMargin); + $this->SetFont(FONT,'',F_SIZE); + $savex = $this->GetX(); $savey = $this->GetY(); + $strg = POBOX .' - '. WEB; + $this->SetXY($this->lMargin+$this->colwidth-$this->GetStringWidth($strg)-1.1,$this->GetY()+3.5); // right align + if( !BW ) $this->SetTextColor(17,86,140); + $ret = $this->Write(0, $strg, NULL); + $l = $this->GetStringWidth($strg); + $this->myLink($this->lMargin+$this->colwidth-$l,$this->GetY()+0.5,$l,F_SIZE/2.9,WEB); + $this->Ln(); + if( !BW ) $this->SetTextColor(0); + $this->SetXY($savex,$savey); + + // sha1 fingerprint CAcert rootkeys class 1 and class 3 + $strg = $this->unhtmlentities( _("CAcert's Root Certificate sha256 fingerprints (since 2019)") ) . ', class 1: '. CLASS1_SHA256 . ', class 3: ' . CLASS3_SHA256; + $this->Ln(3); $this->SetX($this->lMargin); + $this->SetFont(FONT,'',F_SIZE * $this->colwidth / ($this->GetStringWidth($strg) +1)); + $this->Cell($this->colwidth,10, $strg,0,0,'C',0,NULL); + $this->myLink($this->lMargin, $this->GetY()+4,$this->colwidth,F_SIZE/2.9,ROOTKEYS); + $this->SetLineWidth(0.1); + if ( BW ) { $this->SetDrawColor(195); + } else { $this->SetDrawColor(17,86,140); + } + + $this->Line($this->lMargin, $tSide+25, $this->lMargin+$this->colwidth, $tSide+25); + $this->SetLineWidth(0.2); $this->SetDrawColor(0); + $this->rMargin += 1; + $this->SetXY($this->lMargin, $tSide+26); // top + } + +// Set general form information + /*private*/ function PrintInfo( $strg = '', $url = '') { + // store current margin values + + // Print text blurb paragraph at top of page + $this->SetFont(FONT,'',F_SIZE+0.5); + $this->SetXY($this->lMargin, $this->GetY()-1.5); + $y = $this->GetY(); $x = $this->GetX(); + $cnt=$this->MultiCell($this->colwidth+1, 0, $strg,0,'L',0,2); + if ( $url != '' ) // link should be in user space + $this->myLink($x, $y, $this->colwidth, $this->GetY()-$y, $url); + return($cnt); + } + +// print general CAP info +/*public*/ function AssuranceInfo( $assurance = NULL ) { + // store current margin values + $cellcnt = 0; + $this->SetY($this->GetY()+0.5); + $this->Bookmark($this->unhtmlentities( _('CAcert CAP form') ),0,$this->S($this->GetY())); + + // Show text blurb at top of page + $strg = $this->unhtmlentities( _('The CAcert Assurance Programme (CAP) aims to verify the identities of Internet users through face to face witnessing of government-issued photo identity documents.') ); + $strg .= ' '. $this->unhtmlentities( _("The Applicant asks the Assurer to verify to the CAcert Community that the Assurer has met and verified the Applicant's identity against original documents.") ); + $strg .= ' '. $this->unhtmlentities( _('Assurer may leave a copy of the details with the Applicant, and may complete and sign her final form after the meeting.') ); + $strg .= ' '. $this->unhtmlentities( _("If there are any doubts or concerns about the Applicant's identity, do not allocate points. You are encouraged to perform a mutual Assurance.") ); + $cellcnt += $this->PrintInfo( $strg, defined('ASSINTRO')? ASSINTRO:''); + $cellcnt += $this->PrintInfo( $this->unhtmlentities( _('For more information about the CAcert Assurance Programme, including detailed guides for CAcert Assurers, please visit:') ).' '.WEB, defined('ASSCAP')?ASSCAP:''); + $cellcnt += $this->PrintInfo( $this->unhtmlentities( _('A CAcert Arbitrator can require the Assurer to deliver the completed form in the event of a dispute. After 7 years this form should be securely disposed of to prevent identity misuse. E.g. shred or burn the form. The Assurer does not retain copies of ID at all.') ),defined('ARBIT')?ARBIT:''); + $cellcnt += $this->PrintInfo( $this->unhtmlentities( _('For the CAcert Organisation Assurance Programme there is a separate special COAP form.') ),defined('ASSORG')?ASSORG:''); + $this->SetY($this->GetY()-0.1); + $this->PrintLocation( $assurance ); + $this->SetY($this->GetY()+1); + + } + + // print empty table with title for statements (called twice per table) + /*private*/ function PrintTable( $strg = NULL, $height = -1, $ext = 0 ) { + // store current margin values + static $tSide = -1; + static $title = ''; + if( $height < 0 ) { // mark table position, leave room for title + if( $strg != '' ) $title = $strg; + if( $title == '' ) return ($this->GetY()); // nothing to do + $tSide = $this->GetY()+1; + // background + if ( BW ) { + $this->SetFillColor(195); + $this->SetDrawColor(195); + } else { + $this->SetFillColor(173,197,215); + $this->SetDrawColor(173,197,215); + } + $this->Rect($this->lMargin-1,$tSide-1,1,9, 'F'); + $this->Rect($this->lMargin-1,$tSide-1,$this->colwidth,1, 'F'); + $this->SetFillColor(255); + if ( BW ) { $this->SetFillColor(125); + } else { $this->SetFillColor(17,86,140); + } + $this->Rect($this->lMargin,$tSide,$this->colwidth,7, 'DF'); + $this->SetFillColor(255); $this->SetDrawColor(0); + + $this->SetXY($this->lMargin+1, $tSide+0.6); + $this->Bookmark($title,1,$this->S($tSide)); + $this->SetFont(FONT, '', F_SIZE+7); + $this->SetTextColor(255); + $this->Write(0, $title); + $this->SetTextColor(0); + $this->SetXY($this->lMargin+1, $tSide + 7); + $tSide += 8; // save old top + if ( $height != 0 ) return($this->GetY()); + } + elseif( $tSide < 0 ) return( $this->GetY()); + if( $height == 0 ) { // interrupted bottum of column reached + $height = $this-GetY() - $tSide; $save = $title; + $this->PrintTable('', $height); // finish till bottumn page + $tSide = $this->originalMargin; + $title = $save; + return( $this->GetY()); + } + if( $strg != '' ) $title = $strg; // just to be defensive + + // background + if ( BW ) { + $this->SetFillColor(195); + $this->SetDrawColor(195); + } else { + $this->SetFillColor(173,197,215); + $this->SetDrawColor(173,197,215); + } + $this->Rect($this->lMargin-1,$tSide,1,$height-1+$ext, 'F'); + if( $ext ) + $this->Rect($this->lMargin-1,$tSide+$height,$this->colwidth,$ext, 'F'); + $this->SetFillColor(255); + // borders of the table left, bottumn, right + $this->Line($this->lMargin,$tSide+$height-1, $this->lMargin, $tSide+$height); + $this->Line($this->lMargin,$tSide+$height,$this->lMargin+$this->colwidth,$tSide+$height); + $this->Line($this->lMargin+$this->colwidth,$tSide-1, $this->lMargin+$this->colwidth, $tSide+$height); + $this->SetDrawColor(0); + $this->SetY($tSide + $height + 1); // set Y ordinate to plus 7 + $tSide = -1; $title = ''; + return($this->GetY()); + } + +// assuree information + /*private*/ function PrintName( $names = NULL, $assurancemax = -1 ) { + //$H = 5; // height of the name cell + $name = $names == NULL ? '': $names['name']; + $id_type = $names == NULL ? '' : $names['idtype']; + // store current margin values + static $nr = 0; + static $idtypes = NULL; + static $listpoints = NULL; + static $ComboProps = array( 'fillColor'=> LBLUE, 'strokeColor'=> LLBLUE, 'editable'=> 'true', 'textSize' => 9, 'rotate'=> '0'); + static $TextProps = array('strokeColor'=> LLBLUE, 'value' => ' ', 'fillColor'=> LBLUE, 'doNotScrole'=> 'false', 'textSize' => 12, 'rotate'=> '0'); + static $TextBlankProps = array('strokeColor'=> 'white', 'fillColor'=> 'white', 'readonly' => 'true', 'doNotScrole'=> 'true', /* 'lineWidth'=> '0'*/); + $TextProps['textSize'] = 12/6*H; + + $nr++; + $savey = $this->GetY(); + + $namepoints = intval($names == NULL? -1 : $names['points']); + if( $namepoints <= 0 ) $namepoints = $assurancemax; + if( $namepoints <= 0 OR $namepoints >= 35 ) $namepoints = 35; + if( $listpoints == NULL ) { + $listpoints = array( 0=> ' '); + for ($i = 0; $i <= $namepoints; $i++) + $listpoints += array( ($i+1) => sprintf("%d",$namepoints-$i) ); + } + $points = sprintf("AssureeNames_%d_Points", $nr); + + // just once to recover from Acrobat 7.0 problem !!!!!!!!!!!!!!!!!!!!!!!!!! + // make sure before the first time form field JS is called the fake is done + static $AcrobatName = array('strokeColor'=> LLBLUE, 'fillColor'=> LLBLUE, 'readonly' => 'true'); + if( $AcrobatName != NULL ) { + $this->TextField( 'NameNone', $this->SetFieldXY(300, $this->GetY()+2, 0), 0, $AcrobatName); + $this->SetFieldXY(); $AcrobatName = NULL; + } + static $AcrobatCombo = array( 'fillColor'=> LLBLUE, 'strokeColor'=> LLBLUE, 'editable'=> 'false'); + if( $AcrobatCombo != NULL ) { + $this->ComboBox( 'PointsNone', $this->SetFieldXY(300, $this->GetY()+20, 0), 0, array(' '), $AcrobatCombo); + $this->SetFieldXY(); $AcrobatCombo = NULL; + } + // end of Acrobat defeat !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + + $this->ComboBox( $points, $this->SetFieldXY($this->lMargin+$this->colwidth-15, $this->GetY()+2, 10),(5/6*H), $listpoints, $ComboProps); + $this->SetFieldXY(); + // small line in points collumn + $this->myLine($this->lMargin+$this->colwidth-8.5,$savey+H+0.3,$this->lMargin+$this->colwidth-8,$savey+H+0.3); + if( $namepoints >= 0 ) { + // this seems not to be visible: no points printed... + $this->SetXY( $this->lMargin+$this->colwidth-17.5, $savey+1 ); + $this->SetFont(FONT, 'B', (F_SIZE+1)/6*H); + $this->Cell( 15, sprintf("(%d)", $namepoints), 0, 0, 'C'); + } + + $TextProps['value'] = $name ? $name : ' '; $TextProps['textSize'] = 14; + $TextProps['userName'] = $this->unhtmlentities( _('Exact full name as on shown ID for this name.') ); + $this->TextField(sprintf('AssureeNames_%d_Name',$nr), $this->SetFieldXY($this->lMargin+2,$savey+0.9,$this->colwidth-40), 8/6*H, $TextProps); + $this->SetFieldXY(); + $this->SetXY($this->lMargin+2, $savey); + if($name) { + $token = $name; + $fnt = (F_SIZE+4)/6*H; + $this->SetFont(FONT, 'B', $fnt); + $lngth = $this->GetStringWidth($token); + if( $lngth > $this->colwidth-35 ) $fnt *= ($this->colwidth-35) / $lngth; + $this->SetFont(FONT, 'B', $fnt); + $this->MultiCell($this->colwidth-25, 0, $token, 0, 'L'); + if( function_exists('utf8_to_ascii') AND + !utf8_is_ascii_ctrl( $name) ) + $ascii = utf8_to_ascii($name); + else + $ascii = ''; + $abbr = $this->Abbreviate( $name ); + if( strcmp($ascii,$name) != 0 OR strcmp($abbr,$name) != 0) { + $msg = $this->unhtmlentities( _('The exact name of the assuree may have transliterated characters and/or some given names may be abbreviated. If present the first given name will be shown abbreviated and parentheses around the last part of the given name.\n') ); + if( $ascii != '' AND strcmp($ascii,$name) != 0 ) $msg .= $this->unhtmlentities( _('transliterated: ') ). $ascii.'\n'; + if( $abbr != '' AND strcmp($abbr, $name) != 0 ) $msg .= $this->unhtmlentities( _('abbreviated: ') ). $abbr.'\n'; + $this->myLink($this->lMargin-7, $savey+1, 3, 3, $msg, + array('subtype'=> 'Text', 'Open' => 'false', + 'c'=> array(173,197,215), 'name'=> 'Comment', + 'f'=> array( 'nozoom', 'readonly', 'norotate'), + 't'=> $this->unhtmlentities( _('On the assuree full name') ))); + } + } else { + $id_type = ''; + // no name, give a line to write on + $this->myLine($this->lMargin+2,$savey+H+0.3,$this->lMargin+$this->colwidth-37,$savey+H+0.3); // line under name + } + $this->SetXY($this->lMargin+2, $savey); + if ( !$name ) $idtypes = NULL ; + if( $idtypes == NULL ) { + $idtypes = array( ); $i = 0; + if (!$name) $idtypes = array( $i++ => ' '); + if( $id_type ) { + $token = $id_type; + $token = strtok($token,'/'); + for( ; $token != ''; $i++) { + $idtypes += array( $i => $token ); $token = strtok('/'); + } + } + $idtypes += array( $i => $this->unhtmlentities( _('passport') ), $this->unhtmlentities( _('driver license') ), $this->unhtmlentities( _('ID card') ), $this->unhtmlentities( _('mil. ID') ), $this->unhtmlentities( _('certificate') ), $this->unhtmlentities( _('TTP') ) ); + } + if( !$id_type ) { + $this->myLine($this->lMargin+$this->colwidth-37,$savey+H+0.3,$this->lMargin+$this->colwidth -17,$savey+H+0.3);// line under ID + $this->myLine($this->lMargin+$this->colwidth-37,$savey+H-0.7,$this->lMargin+$this->colwidth-37,$savey+H+0.1); // l small ID vert + } else { + $this->SetXY($this->lMargin+20, $savey+1); + $this->SetFont(FONT, 'B', (F_SIZE+1)/6*H); + $this->Cell($this->colwidth-37, 2, '('.$id_type .')', 0, 0, 'R'); + // hide id type print on screen with the formfields, just nicety + // one could extend the name field, but this has more drawbacks + $this->TextField(sprintf('AssureeNames_%d_None',$nr), $this->SetFieldXY($this->lMargin+$this->colwidth-38,$savey+0.5,20), 7/6*H, $TextBlankProps); + $this->SetFieldXY(); + } + $this->ComboBox( sprintf("AssureeNames_%d_TypeID",$nr), $this->SetFieldXY($this->lMargin+$this->colwidth-37, $savey+2, 19), 5/6*H, $idtypes, $ComboProps); + $this->SetFieldXY(); + $this->SetXY($this->lMargin+2, $savey+H); + return( $name ); + } + +// All information of Assuree goes in one table +/*public*/ function InfoAssuree( $assuree = NULL, $assurer = NULL, $assurance = NULL ) { + $dob = $assuree['dob']; + $email = $assuree['email']; + $assurancemax = $assurance['maxpoints']; + if( $assurancemax <= 0 ) $assurancemax = 35; + + // Assuree Identity information part + $tSide = $this->PrintTable($this->unhtmlentities( _("Applicant's Identity Information") ))+1; + + $msg = $this->unhtmlentities( _('Some examples of possible standard transliterations in a full individual name. If more than one transliteration of a character is possible, it is denoted within parentheses.') ); + $msg .= $this->unhtmlentities( _('a and y umlaut, and o/slash examples of accepted transliterations for the full name(s)') ).':'; + $msg .= "\n* ". 'J(ae|a)hny G(oe|o)le McName'; + $msg .= "\n\n".$this->unhtmlentities( _('As an example standard abbreviation on given names is provided here. If a given name is counted as first given name part of the name is denoted with parentheses around the name.') ); + $msg .= $this->unhtmlentities( _('Examples of accepted abbreviation(s) for full name(s)') ).':'; + $msg .= "\n* ". 'sir J(ähnÿ) G. McName'; + $msg .= "\n"; + // put hint on comparing names on title table + $this->myLink($this->lMargin-7, $tSide-7, 5, 5, $msg, + array('subtype'=> 'Text', 'Open' => 'true', + 'c'=> array(173,197,215), 'name'=> 'Comment', + 'f'=> array( 'nozoom', 'readonly', 'norotate'), + 't'=> $this->unhtmlentities( _('On comparing names') ))); + + // names of applicant + $this->SetXY($this->lMargin+1, $tSide); + $this->SetFont(FONT, '', F_SIZE+1); + $this->Write(0, $this->unhtmlentities( _('Exact full name on the ID') ).': '); + $strg = '('. $this->unhtmlentities( _('type of ID shown') ).')'; + $this->SetFont(FONT, '', F_SIZE); + $this->SetXY($this->lMargin+$this->colwidth-$this->GetStringwidth($strg)-19, $tSide); + $this->Write(0, $strg); + if( $assurancemax > 0 AND $assurancemax <= 50 ) { + $strg = sprintf($this->unhtmlentities( _('max') ) . " %d", $assurancemax); + $this->SetFont(FONT, F_SIZE); + $strg = $strg; + $this->SetXY($this->lMargin+$this->colwidth-19, $tSide); + $this->Cell(20, 3, $strg, 0, 0, 'C'); + } + $this->SetXY($this->lMargin+2, $tSide+3); + + // all (max) three names with ID type right aligned. + $cnt = $assuree['namecnt']; + $space = $this->getPageHeight()/$this->scale*100.0 -MINH ; // margin + for( $i = 0; $i < $cnt; $i++ ) { // names to be printed + $this->PrintName( $assuree['names'][$i], $assurer['maxpoints'] < 0? 35: $assurer['maxpoints'] ); + if( $space < $this->getY() ) break; + } + for( $j=0 ; $j < $i+3; $j++ ) { + // empty fields up to max 3 empty fields and allowed space + if( $space < $this->getY() ) break; + $this->PrintName( NULL, $assurer['maxpoints'] < 0? 35: $assurer['maxpoints']); + } + + // email address assuree + $savey = $this->GetY()+1; + $this->myLine($this->lMargin+$this->colwidth-17,$savey-0.7,$this->lMargin+$this->colwidth,$savey-0.7); // line above DoB + $this->myLine($this->lMargin+$this->colwidth-17,$tSide+3,$this->lMargin+$this->colwidth-17,$savey-0.7); // left points column + $this->SetXY($this->lMargin+1, $savey); + $this->SetFont(FONT, '', F_SIZE); + $strg = $this->unhtmlentities( _('Email address') ).': '; + $l = $this->GetStringWidth($strg); + $this->Write(0, $strg); + if($email) { + $this->SetFont(FONT, 'B', F_SIZE+1); + if( !BW ) $this->SetTextColor(17,86,140); $this->SetXY($this->GetX(),$this->GetY()-0.35); + $ret = $this->Write(0, $email); + $this->myLink($this->lMargin+2,$this->GetY(),$l, F_SIZE/2, 'mailto:'.$email.'?subject=Your CAcert Assurance'); + $this->Ln(); + if( !BW ) $this->SetTextColor(0); + } + // somehow fields are not scaled.... + $TextProps = array('strokeColor'=> LLBLUE, 'value' => '', 'fillColor'=> LBLUE, 'doNotScrole'=> 'true', /* 'lineWidth'=> '0', */ 'textSize' => '11', 'rotate'=>0, 'userName'=> $this->unhtmlentities( _('email address as e.g. john.family@gmail.com') ) ); + $TextProps['value'] = $email; + $this->TextField('AssureeEmail', $this->SetFieldXY($this->lMargin+2+$l, $savey,$this->colwidth-40-$l), 5, $TextProps); + $this->SetFieldXY(); + + $this->SetXY($this->lMargin+$this->colwidth-25, $savey); + // date of birth assuree + $strg = $this->unhtmlentities( _('Date of Birth') ); + if( $dob == '' ) + $strg .= ' ('.$this->unhtmlentities( _("yyyy-mm-dd") ). ')'; + $this->PrintDate( $this->lMargin+$this->colwidth-3, $savey, $strg, $dob, 'AssureeDoB', 'R'); + $savey += 4; + + $this->myLine($this->lMargin+$this->colwidth-16.9,$tSide-7.0,$this->lMargin+$this->colwidth-16.9,$tSide-2); // column left + $this->SetXY($this->lMargin+$this->colwidth-14.95, $tSide-8.7); + $this->SetFont(FONT, '', F_SIZE); + $this->SetTextColor(255); + $this->MultiCell(14.9,2, $this->unhtmlentities( _("points allocated") ), 0, 0, 'C'); + $this->SetTextColor(0); + $this->SetXY($this->lMargin+1, $savey); + $savey += 3; // save some room for DoB + $next = $this->PrintTable( '', $savey-$tSide, 5); + $this->SetY($next); + } + + // print marked paragraph in the table + /*private*/ function PrintTicked( $strg = '', $tick = true ) { + // store current margin values + $savey = $this->GetY(); + + $celcnt = 0; $this->SetX($this->lMargin + 1); + if( $tick ) { + // use ✔ and ❑ of zapfdingbats font for OK tick + $savex = $this->GetX(); + $this->SetXY($this->GetX(), $savey+0.9); + $this->SetFont('zapfdingbats', F_SIZE+3); + $this->Write(0,'q'); // ❑ + $this->SetXY($savex+0.1, $savey+0.1); + if ( BW ) + $this->SetTextColor(80); + else + $this->SetTextColor(17, 86, 140); + //$this->SetTextColor(0,92,0); // #00BE00 lime + $this->Write(0,'4 ');// ✓ + $this->SetTextColor(0); + } + $this->SetXY($this->GetX(), $savey); + $this->SetFont(FONT,'',F_SIZE+0.5); + $celcnt = $this->MultiCell($this->lMargin+$this->colwidth-$this->GetX(), 3, $strg,0,'L'); + $this->SetXY($this->lMargin+1, $this->GetY()-1.5); + return($celcnt); + } + +// assuree statement +/*public*/ function StatementAssuree( $date = '' ) { + // store current margin values + $cellcnt = 0; + + // assuree statement section + $tSide = $this->PrintTable($this->unhtmlentities( _("Applicant's Statement") )); // mark table header + + $cellcnt += $this->PrintTicked( $this->unhtmlentities( _("Make sure you have read and agreed with the CAcert Community Agreement") ), false /* no tick */); + if( !BW ) $this->SetTextColor(17, 86, 140); + $ret = $this->Write($this->lasth, WEB.'/'.POLICY.CCA.EXT, NULL); + $this->myLink($this->lMargin+1, $this->GetY()-F_SIZE/2.9, $this->colwidth-2, F_SIZE*2.9/2.9, WEB.'/'.POLICY.CCA.EXT); + $this->Ln(4); + if( !BW ) $this->SetTextColor(0); + + $cellcnt += $this->PrintTicked( $this->unhtmlentities( _('I hereby confirm that the information stating my Identity Information above is both true and correct, and request the CAcert Assurer (see below) to witness my identity in the CAcert Assurance Programme.') ), true /* tick */); + $cellcnt += $this->PrintTicked( $this->unhtmlentities( _('I agree to the CAcert Community Agreement.') ), true /* tick */); + + $this->Ln(0.5); + $this->SetFont(FONT, F_SIZE+1); $savey = $this->GetY(); + $strg = $this->unhtmlentities( _('Date') ); + if($date == '') + $strg .= ' ('. $this->unhtmlentities( _("yyyy-mm-dd") ) . ')'; + $strg = $strg; + $this->PrintDate( $this->lMargin+1, $savey+1, $strg, $date, 'AssureeDate', 'L'); + + $strg = $this->unhtmlentities( _("Applicant's signature") ); + $this->SetFont(FONT, '', F_SIZE); + $l = $this->GetStringWidth( $strg ); + $this->SetXY($this->lMargin+$this->colwidth-$l-3, $savey+1); + $this->Write(0, $strg); $this->Ln(7) ; // and leave some room + + // draw the table borders and header at marked ordinate + $next = $this->PrintTable('', $this->GetY()-$tSide); + + $this->SetY($next); + } + +// assurer statement + /*public*/ function StatementAssurer( $assurer = NULL, $assurance = NULL ) { + if( $assurer == NULL OR $assurance == NULL ) return; + + // store current margin values + $TextProps = array('strokeColor'=> LLBLUE, 'value' => '', 'fillColor'=> LBLUE, 'doNotScrole'=> 'true', 'textSize' => '14', 'rotate'=>0); + $cellcnt = 0; + + $tSide = $this->PrintTable($this->unhtmlentities( _("Assurer's Statement") )); // mark table ordinate + // put hint on mutaul assurance in pdf file for mouse over + $msg = $this->unhtmlentities( _('One is advised for a mutual assurance. If done so the exact full name, email address and date of birth of the Assurer is also required on a form. In this case the Assuree assures the Assurer as well. In this case two copies are needed of the CAP form.') ); + $this->myLink($this->lMargin-7, $tSide-6, 5, 5, $msg, + array('subtype'=> 'Text', 'Open' => 'true', + 'c'=> array(173,197,215), 'name'=> 'Comment', + 'f'=> array( 'nozoom', 'readonly', 'norotate'), + 't'=> $this->unhtmlentities( _('On mutual assurance') ))); + // assurer identity info + // name, meeting date, meeting location, + // dob and email address string only is printed when info available + $this->SetXY($this->lMargin+1, $tSide); + $savey = $this->GetY()+2.5; + $this->SetFont(FONT, '', F_SIZE); + $strg = $this->unhtmlentities( _("Assurer's Name") ) . ': '; + if( $assurer['name'] AND + function_exists('utf8_to_ascii') AND + !utf8_is_ascii_ctrl( $assurer['name']) ) + $ascii = utf8_to_ascii($assurer['name']); + else + $ascii = ''; + if( $ascii == $assurer['name'] ) $ascii = ''; + $abbr = $this->Abbreviate( $assurer[ 'name'] ); + if( $ascii != '' OR $abbr != '') { + $msg = $this->unhtmlentities( _('The exact name of the assurer may have transliterated characters and/or some given names may be abbreviated. If present the first given name will be shown abbreviated and parentheses around the last part of the given name.\n') ); + if( $ascii != '' ) $msg .= '* '. $ascii . "\n"; + if( $abbr != '' ) $msg .= '* '. $abbr . "\n"; + $this->myLink($this->lMargin-7, $tSide+2, 3, 3, $msg, + array('subtype'=> 'Text', 'Open' => 'false', + 'c'=> array(173,197,215), 'name'=> 'Comment', + 'f'=> array( 'nozoom', 'readonly', 'norotate'), + 't'=> $this->unhtmlentities( _('On the full name of the Assurer') ))); + } + $this->Write(0, $strg); + $strg = ''; + if( $assurer['dob'] ) $strg = $this->unhtmlentities( _('Date of Birth') ); + // if assurer dob is space we print format date + if( $assurer['dob'] == ' ' ) { + $strg .= ' ('. $this->unhtmlentities( _("yyyy-mm-dd") ) .')'; + $assurer['dob'] = ''; + } + $this->PrintDate($this->lMargin+$this->colwidth-3, $savey-2.5, $strg, $assurer['dob'], 'AssurerDoB', 'R'); + $this->SetXY($this->lMargin+2, $savey); + if($assurer[ 'name']) { + $strg = $assurer[ 'name']; + $this->SetFont(FONT, 'B', F_SIZE); + $cellcnt += $this->MultiCell($this->colwidth-22, 3, $strg, 0, 1); + $this->SetFont(FONT, '', F_SIZE); + if( $assurer['email'] ) { + $sx = $this->GetX(); $sy = $this->GetY(); + $sw = $this->GetStringWidth($strg) + 2; + $this->SetXY( $this->lMargin+$sw+4, $sy-4.1); + if( !BW ) $this->SetTextColor(17,86,140); + $ret = $this->Write(0, $assurer[ 'email'], 'mailto:'. $assurer[ 'email']); $this->Ln(); + if( !BW ) $this->SetTextColor(0); + } + } + $TextProps['value'] = $assurer[ 'name'] ? $assurer[ 'name'] : ' '; + $TextProps['textSize'] = 11; $TextProps['userName'] = $this->unhtmlentities( _('Full exact name of Assurer. On mutual assurance provide date of birth as well.') ); + $this->TextField('AssurerName', $this->SetFieldXY($this->lMargin+2, $savey+1, $this->colwidth-60), 5, $TextProps ); + $this->SetFieldXY(); + $TextProps['value'] = $assurer['email'] ? $assurer['email'] : $this->unhtmlentities( _('email') ) . '?'; + $TextProps['userName'] = $this->unhtmlentities( _('On mutual assurance provide email address of Assurer.') ); + $this->TextField('AssurerEmail', $this->SetFieldXY($this->lMargin+68.5, $savey+1, 35), 5, $TextProps ); + $this->SetFieldXY(); + $this->SetXY($this->lMargin+2, $savey+5); + + // assurer statements + $cellcnt += $this->PrintTicked( $this->unhtmlentities( _("I, the Assurer, hereby confirm that I have verified the Applicant's Identity Information, I will witness the Applicant's identity in the CAcert Assurance Programme, and allocate Assurance Points.") ), true /* ticked */); + $cellcnt += $this->PrintTicked( $this->unhtmlentities( _('I am a CAcert Community Member, have passed the Assurance Challenge, and have been assured with at least 100 Assurance Points.') ), true /* ticked */); + $this->Ln(1); $savey = $this->GetY(); + + $strg = $this->unhtmlentities( _('Date') ); + if( $assurer['date'] == '' ) $strg .= ' (' . $this->unhtmlentities( _("yyyy-mm-dd") ) . ')'; + $strg = $strg; + $this->PrintDate( $this->lMargin+1, $savey, $strg, $assurer['date'], 'AssurerDate', 'L'); + + $this->SetXY($this->lMargin+1, $savey); + $this->SetFont(FONT, '',F_SIZE); + $strg = $this->unhtmlentities( _("Assurer's signature") ); + $this->SetXY($this->lMargin+$this->colwidth-$this->GetStringWidth($strg)-3, $savey); + $this->Write(0, $strg ); + $savey = $this->GetY()+7; // leave room for date and signature + if( $this->GetPageHeight()/$this->scale*100.0-$savey > MARGIN+4) + $savey += 2; + $this->SetXY($this->lMargin+1, $savey); + $l = $this->GetPageHeight()/$this->scale*100.0-$this->GetY() - MARGIN; + if($l > 3 ) $l = 3; if( $l > 0 ) $this->Ln($l); // try to come close to margin + $next = $this->PrintTable('', $this->GetY()-$tSide); + $this->SetY($next); + } + + // location print within caller table +/*private*/ function PrintLocation( $assurance = NULL ) { + if( $assurance == NULL ) return; + $savey = $this->GetY(); + //$this->SetXY($this->GetX(), $savey); + $strg = $this->unhtmlentities( _('Date and location of the face-to-face meeting') ). ': '; + $this->SetFont(FONT,'I', F_SIZE); + $this->Write(0, $strg); + $l = $this->GetStringWidth($strg); + $strg = $assurance['location']; + if( $strg) { + if( $assurance['date'] ) $strg = $assurance['date'] . ', '. $strg; + $strg = $strg; + $this->SetFont(FONT, 'B', F_SIZE); + $this->Write(0,$strg); + } + $TextProps['textSize'] = 11; + $TextProps['value'] = $assurance['location'] ? $assurance['location'] : ' '; + $TextProps['userName'] = $this->unhtmlentities( _('location of the assurance') ); + $this->TextField('AssuranceLocation', $this->SetFieldXY($this->lMargin+$l+19, $savey,$this->colwidth-$l-21), 5, $TextProps ); + $this->SetFieldXY(); + $TextProps['value'] = $assurance['date'] ? $assurance['date'] : ' '; + $TextProps['charLimit'] = 10; + $TextProps['userName'] = $this->unhtmlentities( _("yyyy-mm-dd") ).' '. $this->unhtmlentities( _('date of assurance') ); + $this->TextField('AssuranceDate', $this->SetFieldXY($this->lMargin+1+$l, $savey, 17), 5, $TextProps ); + $this->SetFieldXY(); + $this->SetXY($this->lMargin,$savey+3); + } + +// End of CAPPDF TCPDF class extension +} + + +// -------------------------------------------------------------------------------- +// import environmental data ------------------------------------------------------- +// get $form, $orientation, $assuree, $assurer, $assurance info +// FONT and BW are set already + +// import info +function GET( $key = '' ) { + return ( array_key_exists( $key, $_GET) ? $_GET[$key] : ''); +} + +// form, CCA and page format info + $page['format'] = strtolower(GET('format')); // A3, A4, A5, letter, legal, etc. + if( !$page['format'] ) $page['format'] = 'a4'; // default + // on landscape orientation we do two half pages + $page['orientation'] = strtolower(GET('orientation')); + if( $page['orientation'] != 'l' AND $page['orientation'] != 'landscape' ) { + // default portrait 1-up + $page['orientation'] = 'p'; // landscape implies 2-up + } + $page['form'] = GET('noform') != '' ? false : true; + // dft is now true it should go to true + $page['policies'] = array(); + if( GET('nocca') == '' ) { + if( defined('CCA') ) $page['policies'][] = CCA; + } + // set $page['form'] on 'simplex' or 'duplex' to get CCA on pdf page + +// Assurer info +$assurer = array ( 'name' => my_recode(GET('assurer')) , + 'dob' => my_recode(GET('assurerdob')), + 'email' => my_recode(GET('assureremail')), + 'maxpoints' => intval(my_recode(GET('maxpoints'))) < 0? -1 : + intval(my_recode(GET('maxpoints'))), + 'date' => my_recode(GET('assurerdate')) ? my_recode(GET('assurerdate')) : + my_recode(GET('date')) + ); +if( $assurer['name'] != '' AND + !utf8_is_ascii_ctrl($assurer['name']) AND + !function_exists('utf8_to_ascii')) + require_once ( UTF8_ASCII ); + +// assurance info +$assurance = array ( 'location' => my_recode(GET('location')), + 'date' => my_recode(GET('assurancedate'))?my_recode(GET('assurancedate')): + my_recode(GET('date')), + 'maxpoints'=> intval(my_recode(GET('maxpoints'))) < 0? -1 : + intval(my_recode(GET('maxpoints'))), + 'notes' => '' // not yet used + ); + +// Assuree info +$assuree = array ( 'names' => array( ), + 'namecnt' => 0, + 'dob' => my_recode(GET('dob')), + 'email' => my_recode(GET('email')), + 'date' => my_recode(GET('date')) == 'now' ? date('Y-m-d') : + my_recode(GET('date')) + ); + +// defeats due to history +if( $assuree['date'] == '' AND $assurer['date'] ) $assuree['date'] = $assurer['date']; +if( $assurance['date'] == '' AND $assuree['date'] ) $assurance['date'] = $assuree['date']; +if( $assurer['date'] == 'now' ) $assurer['date'] = date('Y-m-d'); +if( $assurance['date'] == 'now' ) $assurance['date'] = date('Y-m-d'); +$document = my_recode(GET('document1')); +if( GET('document2') ) $document .= '/'. my_recode(GET('document2')); +// for history sake do special, next can void other arguments... +if( GET('name') ) $_GET['name1'] = GET('name'); +if( $document ) $_GET['name1ID'] = $document; + +function Dstr( $strg = '', $cnt = 1 ) { + return( sprintf("name%d%s", $cnt, $strg)); +} +$j = 0; // after two successive empty names we stop +for( $i = 1; $i <= 9 AND $j < 2; $i++) { // max 9 names we only print 4 max... + $name = my_recode(GET(Dstr('', $i))); + if( $name ) { $j = 0; + $assuree[ 'namecnt' ]++; + $assuree[ 'names' ] [] = array ( + 'name' => $name ? $name : '', + 'idtype' => my_recode(GET(Dstr('ID',$i)))? my_recode(GET(Dstr('ID',$i))) : '', + 'points' => my_recode(GET(Dstr('Pnts',$i))) != '' ? intval(my_recode(GET(Dstr('Pnts',$i)))) : -1 + ); + if( $name != '' AND + !utf8_is_ascii_ctrl($name) AND + !function_exists('utf8_to_ascii')) + require_once ( UTF8_ASCII ); + } else $j++; +} + +// try to get policy documents names to be printed off +$j = 0; // after two successive empty name we stop searching +for( $i = 1; $i <= 9 AND $j<2; $i++ ) { + $name = GET(sprintf("policy%d", $i)); + if( $name != '' ) { $page['policies'][] = $name; $j = 0; } + else $j++; +} + +unset( $document ); unset( $i ); unset( $j); // unset($_GET); +// end of arguments imports + + header('Expires: '.gmdate("D, j M Y G:i:s \G\M\T", time()+10800)); + header('Content-Disposition: attachment; filename=CAcert cap.pdf'); + header('Cache-Control: public, max-age=10800'); + header('Pragma: cache'); +// Content-Type and Content Length is done by tcpdf package + +// create new PDF document ===================================================== + $pdf = new CAPPDF( + /* PDF_PAGE_ORIENTATION */ $page['orientation'], + PDF_UNIT /* mm */, + /* PDF_PAGE_FORMAT */ $page['format'], + true + ); + $pdf->SetFormat( $page['format'] ); // set paper size scaling + +// protection is encryption and this will cause 3.5 times performance loss +// $pdf->SetProtection(array('print', 'annot-forms')); + +// set document property information + $pdf->SetCreator('LibreSSL - CAcert web application'); + $pdf->SetAuthor('© ' . date('Y') . ' CAcert Inc., Australia.'); + $pdf->SetKeywords('X.509, Assurance Programme, CAP form, Community Agreement, Digital Certificates, CAcert'); + $pdf->SetTitle('CAcert Assurance Programme'); + $pdf->SetSubject('CAP form V'.$pdf->Version().', generated ' . date("Y-n-j H:i:s T")); + if( GET('watermark') != '') $pdf->Watermark = my_recode(GET('watermark')); + // requires zlib and will decrease response time but increase bandwidth + // if no zlib is found, automatically no compression is done + $pdf->SetCompression(true); // turn it off when more pperformance is needed + +// AddSJISFont function is not present in tcpdf package !!!! + +//set auto page breaks + $pdf->SetAutoPageBreak(TRUE, MARGIN*0.707); + +//set image scale factor + $pdf->setImageScale(PDF_IMAGE_SCALE_RATIO); + +//set some language-dependent strings + $pdf->setLanguageArray($l); + +//initialize document + $pdf->AliasNbPages(); + +// AND GENERATE THE FORM =================================== + // generation properties which have been set from environment: + // deflt: BW (color), FONT (free Sans Vera), portrait 1-up, A5, duplex, with CCA + // orientation landscape gives 2-up + if ( FONT == 'SJIS') $pdf->AddSJISFont(); + $pdf->PrintForm($assuree, $assurer, $assurance, $page); + $pdf->setViewerPreferences($pdf->ViewerPrefs); + +//Close and output PDF document + $pdf->Output('CAcert CAP.pdf', 'I'); + +//============================================================+ +// END OF FILE +//============================================================+ +?> diff --git a/client.pl b/client.pl new file mode 100644 index 00000000..735c00b3 --- /dev/null +++ b/client.pl @@ -0,0 +1,1184 @@ +#!/usr/bin/perl -w + +# CommModule - CAcert Communication Module +# Copyright (C) 2006-2021 CAcert Inc. +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; version 2 of the License. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + + +# Production Client / CommModule + +use strict; +use Device::SerialPort qw( :PARAM :STAT 0.07 ); +use POSIX; +use IO::Select; +use Time::HiRes q(usleep); +use File::CounterFile; +use IPC::Open3; +use File::Copy; +use DBI; +use Locale::gettext; +use IO::Socket; +use MIME::Base64; +use Digest::SHA qw(sha1_hex); + +#Protocol version: +my $ver=1; + +my $paranoid=1; + +my $debug=0; + +#my $serialport="/dev/ttyS0"; +my $serialport="/dev/ttyUSB0"; + +my $gpgbin="/usr/bin/gpg"; + +my $opensslbin="/usr/bin/openssl"; + + +my $mysqlphp="/home/cacert/www/includes/mysql.php"; + +my %revokefile=(2=>"../www/class3-revoke.crl",1=>"../www/revoke.crl"); + +my $newlayout=1; + +#End of configurations + +######################################################## + + +my %monarr = ("Jan" => 1, "Feb" => 2, "Mar" => 3, "Apr" => 4, "May" => 5, "Jun" => 6, "Jul" => 7, "Aug" => 8, "Sep" => 9, "Oct" => 10, "Nov" => 11, "Dec" => 12); + + +my $password=""; +if(open IN,"<$mysqlphp") +{ + my $content=""; +undef $/; +$content=; +$password=$1 if($content=~m/mysql_connect\s*\("[^"]+",\s*"\w+",\s*"(\w+)"/); +close IN; +$/="\n"; + +} +else +{ + die "Could not read file: $!\n"; +} + + +my $dbh = DBI->connect("DBI:mysql:cacert:localhost","cacert",$password, { RaiseError => 1, AutoCommit => 1 }) || die ("Error with the database connection.\n"); + +sub readfile($) +{ + my $save=$/; + undef $/; + open READIN,"<$_[0]"; + my $content=; + close READIN; + $/=$save; + return $content; +} + + + +#Logging functions: +my $lastdate = ""; + +sub SysLog($) +{ + return if(not defined($_[0])); + my $timestamp = strftime("%Y-%m-%d %H:%M:%S", localtime); + my $currdate = substr($timestamp, 0, 10); + if ($lastdate ne $currdate) { + close LOG if ($lastdate ne ""); + $lastdate = $currdate; + open LOG,">>logfile$lastdate.txt"; + } + print LOG "$timestamp $_[0]"; + flush LOG; +} + +sub Error($) +{ +SysLog($_[0]); +if($paranoid) +{ +die $_[0]; +} +} + + +my $timestamp=strftime("%Y-%m-%d %H:%M:%S",localtime); + +#mkdir "revokehashes"; +foreach (keys %revokefile) +{ + next unless (-f $revokefile{$_}); + my $revokehash=sha1_hex(readfile($revokefile{$_})); + SysLog "Root $_: Hash $revokefile{$_} = $revokehash\n"; +} + + + +sub mysql_query($) +{ +$dbh->do($_[0]); +} + +sub trim($) +{ +my $new=$_[0]; +$new=~s/^\s*//; +$new=~s/\s*$//; +return($new); +} +sub addslashes($) +{ +my $new=$_[0]; +$new=~s/['"\\]/\\$1/g; +return($new); +} + +sub recode +{ +return $_[1]; +} + + + +SysLog("Opening Serial interface:\n"); +sub SerialSettings($) +{ +my $PortObj=$_[0]; +if(!defined($PortObj)) +{ +Error "Could not open Serial Port!\n" ; +} +else +{ +$PortObj->baudrate(115200); +$PortObj->parity("none"); +$PortObj->databits(8); +$PortObj->stopbits(1); +} +} + +#We have to open the SerialPort and close it again, so that we can bind it to a Handle +if(! -f "serial.conf") +{ +my $PortObj = new Device::SerialPort($serialport); +SerialSettings($PortObj); +$PortObj->save("serial.conf"); +undef $PortObj; +} + +my $PortObj = tie (*SER, 'Device::SerialPort', "serial.conf") || Error "Can't tie using Configuration_File_Name: $!\n"; + +Error "Could not open Serial Interface!\n" if(not defined($PortObj)); +SerialSettings($PortObj); +#open SER,">$serialport"; + +SysLog("Serial interface opened: $PortObj\n"); + +my $sel = new IO::Select( \*SER ); + + + +#Hexdump function: Returns the hexdump representation of a string +sub hexdump($) +{ +return "" if(not defined($_[0])); +my $content=""; +$content.=sprintf("%02X ",unpack("C",substr($_[0],$_,1))) foreach (0 .. length($_[0])-1); +return $content; +} + +#pack3 packs together the length of the data in 3 bytes and the data itself, size limited to 16MB. In case the data is more than 16 MB, it is ignored, and a 0 Byte block is transferred +sub pack3 +{ + return "\x00\x00\x00" if(!defined($_[0])); + my $data=(length($_[0]) >= 2**24)? "":$_[0]; + my $len=pack("N",length($data)); + SysLog "len: ".length($data)."\n" if($debug); + return substr($len,1,3).$data; +} + + +#unpack3 unpacks packed data. +sub unpack3($) +{ +return undef if((not defined($_[0])) or length($_[0])<3); +#SysLog "hexdump: ".hexdump("\x00".substr($_[0],0,3))."\n"; +my $len=unpack("N","\x00".substr($_[0],0,3)); +#SysLog "len3: $len length(): ".length($_[0])." length()-3: ".(length($_[0])-3)."\n"; +return undef if(length($_[0])-3 != $len); +return substr($_[0],3); +} + + +#unpack3array extracts a whole array of concatented pack3ed data. +sub unpack3array($) +{ +my @retarr=(); +if((not defined($_[0])) or length($_[0])<3) +{ +SysLog "Begin of structure corrupt\n"; +return (); +} +my $dataleft=$_[0]; +while(length($dataleft)>=3) +{ +#SysLog "hexdump: ".hexdump("\x00".substr($dataleft,0,3))."\n"; +my $len=unpack("N","\x00".substr($dataleft,0,3)); +#SysLog "len3: $len length(): ".length($dataleft)." length()-3: ".(length($dataleft)-3)."\n"; +if(length($dataleft)-3 < $len) +{ +SysLog "Structure cut off\n"; +return (); +} +push @retarr, substr($dataleft,3,$len); +$dataleft=substr($dataleft,3+$len); +} +if(length($dataleft)!=0) +{ +SysLog "End of structure cut off\n"; +return (); +} +return @retarr; +} + + +#Raw send function over the Serial Interface (+debugging) +sub SendIt($) +{ + return unless defined($_[0]); + SysLog "Sending ".length($_[0])."\n"; #hexdump($_[0])."\n" if($debug); + my $data=$_[0]; + my $runcount=0; + my $total=0; + my $mtu=30; + while(length($data)) + { + my $iwrote=scalar($PortObj->write(substr($data,0,$mtu)))||0; + #usleep(270*$iwrote+9000); # On Linux, we have to wait to make sure it is being sent, and we dont loose any data. + $total+=$iwrote; + $data=substr($data,$iwrote); + if ($debug) { + print "i wrote: $iwrote total: $total left: ".length($data)."\n" if(!($runcount++ %10)); + } + } + SysLog "Sent message.\n" if($debug); + # print "Sending ".length($_[0])."\n"; #hexdump($_[0])."\n"; + # foreach(0 .. length($_[0])) + # { + # $PortObj->write(substr($_[0],$_,1)); + # } + +} + + +my $modus=0; +my $cnt=0; + + +#Send data over the Serial Interface with handshaking: +sub SendHandshaked($) +{ + SysLog "Shaking hands ...\n" if($debug); + SendIt("\x02"); + + Error "Handshake uncompleted. Connection lost2! $!\n" if(!scalar($sel->can_read(20))); + my $data=""; + my $length=read SER,$data,1; + if($length && $data eq "\x10") + { + #print "OK ...\n"; + my $xor=0; + foreach(0 .. length($_[0])-1) + { + #print "xor mit ".unpack("C",substr($_[0],$_,1))."\n"; + $xor ^= unpack("C",substr($_[0],$_,1)); + } + #print "XOR: $xor\n"; + + my $tryagain=1; + while($tryagain) + { + SendIt($_[0].pack("C",$xor)."rie4Ech7"); + + Error "Packet receipt was not confirmed in 5 seconds. Connection lost!\n" if(!scalar($sel->can_read(5))); + + $data=""; + $length=read SER,$data,1; + + if($length && $data eq "\x10") + { + SysLog "Sent successfully!...\n"; + $tryagain=0; + } + elsif($length && $data eq "\x11") + { + $tryagain=1; + } + else + { + Error "I cannot send! $length ".unpack("C",$data)."\n"; + } + } + + } + else + { + print "!Cannot send! $length \n"; + Error "!Stopped sending.\n"; + } +} + + + +sub Receive +{ +my $data=""; +my @ready = $sel->can_read(120); + +my $length=read SER,$data,1,0; + +#SysLog "Data: ".hexdump($data)."\n"; + +if($data eq "\x02") +{ +$modus=1; +SysLog "Start received, sending OK\n" if($debug); +SendIt("\x10"); + +my $block=""; +my $blockfinished=0; +my $tries=100000; + +while(!$blockfinished) +{ +Error("Tried reading too often\n") if(($tries--)<=0); +# SysLog ("tries: $tries") if(!($tries%10)); + +$data=""; +if(!scalar($sel->can_read(5))) +{ +Error "Handshake uncompleted. Connection lost variant3! $!\n" ; +return; +} +$length=read SER,$data,100,0; +if($length) +{ +$block.=$data; +} +#SysLog("Received: $length ".length($block)."\n"); +$blockfinished=defined(unpack3(substr($block,0,-9)))?1:0; + +if(!$blockfinished and substr($block,-8,8) eq "rie4Ech7") +{ +SysLog "BROKEN Block detected!\n"; +SendIt("\x11"); +$block=""; +$blockfinished=0; +$tries=100000; +} + +} +SysLog "Block done: ".hexdump($block)."\n" if($debug); +SendIt("\x10"); +return($block); +} +else +{ +Error("Error: No Answer received, Timeout.\n") if(length($data)==0); +Error("Error: Wrong Startbyte: ".hexdump($data)." !\n"); +} + +SysLog "Waiting on next request ...\n"; + +} + + + +# @result(Version,Action,Errorcode,Response)=Request(Version=1,Action=1,System=1,Root=1,Configuration="...",Parameter="...",Request="..."); +sub Request($$$$$$$$$$$) +{ + SysLog "Version: $_[0] Action: $_[1] System: $_[2] Root: $_[3] Config: $_[4]\n"; + $_[3]=0 if($_[3]<0); + SendHandshaked(pack3(pack3(pack("C*",$_[0],$_[1],$_[2],$_[3],$_[4],$_[5],$_[6]>>8,$_[6]&255,$_[7])).pack3($_[8]).pack3($_[9]).pack3($_[10]))); + my $data=Receive(); + my @fields=unpack3array(substr($data,3,-9)); + + SysLog "Answer from Server: ".hexdump($data)."\n" if($debug); + + #if(open OUT,">result.dat") + #{ + # print OUT $data; + # close OUT; + #} + #else + #{ + # SysLog "Could not write result: $!\n"; + #} + return $fields[1]; +} + + +sub calculateDays($) +{ + if($_[0]) + { + my @sum = $dbh->selectrow_array("select sum(`points`) as `total` from `notary` where `to`='".$_[0]."' and `deleted`=0 group by `to`"); + SysLog("Summe: $sum[0]\n") if($debug); + + return ($sum[0]>=50)?730:180; + } + return 180; +} + +sub X509extractSAN($) +{ + my @bits = split("/", $_[0]); + my $SAN=""; + my $newsubject=""; + foreach my $val(@bits) + { + my @bit=split("=",$val); + if($bit[0] eq "subjectAltName") + { + $SAN.="," if($SAN ne ""); + $SAN.= trim($bit[1]); + } + else + { + $newsubject .= "/".$val; + } + } + $newsubject=~s{^//}{/}; + $newsubject=~s/[\n\r\t\x00"\\']//g; + $SAN=~s/[ \n\r\t\x00"\\']//g; + return($SAN,$newsubject); +} + +sub X509extractExpiryDate($) +{ + # TIMEZONE ?!? + my $data=`$opensslbin x509 -in "$_[0]" -noout -enddate`; + + #notAfter=Aug 8 10:26:34 2007 GMT + if($data=~m/notAfter=(\w{2,4}) *(\d{1,2}) *(\d{1,2}:\d{1,2}:\d{1,2}) (\d{4}) GMT/) + { + my $date="$4-".$monarr{$1}."-$2 $3"; + SysLog "Expiry Date found: $date\n" if($debug); + return $date; + } + else + { + SysLog "Expiry Date not found: $data\n"; + } + return ""; +} + +sub CRLuptodate($) +{ + return 0 unless(-f $_[0]); + my $data=`$opensslbin crl -in "$_[0]" -noout -lastupdate -inform der`; + SysLog "CRL: $data\n"; + #lastUpdate=Aug 8 10:26:34 2007 GMT + # Is the timezone handled properly? + if($data=~m/lastUpdate=(\w{2,4}) *(\d{1,2}) *(\d{1,2}:\d{1,2}:\d{1,2}) (\d{4}) GMT/) + { + my $date=sprintf("%04d-%02d-%02d",$4,$monarr{$1},$2); + SysLog "CRL Issueing Date found: $date\n" if($debug); + my $compare = strftime("%Y-%m-%d", localtime); + SysLog "Comparing $date with $compare\n" if($debug); + return $date eq $compare; + } + else + { + SysLog "Expiry Date not found. Perhaps DER format is necessary? Hint: $data\n"; + } + return 0; +} + + +sub X509extractSerialNumber($) +{ + # TIMEZONE ?!? + my $data=`$opensslbin x509 -in "$_[0]" -noout -serial`; + if($data=~m/serial=([0-9A-F]+)/) + { + return $1; + } + return ""; +} + +sub OpenPGPextractExpiryDate ($) +{ + my $r=""; + my $cts; + my @date; + + open(RGPG, $gpgbin.' -vv '.$_[0].' 2>&1 |') or Error('Can\'t start GnuPG($gpgbin): '.$!."\n"); + open(OUT, '> infogpg.txt' ) or Error('Can\'t open output file: infogpg.txt: '.$!); + $/="\n"; + while () + { + print OUT $_; + unless ($r) + { + if ( /^\s*version \d+, created (\d+), md5len 0, sigclass (?:0x[0-9a-fA-F]+|\d+)\s*$/ ) + { + SysLog "Detected CTS: $1\n"; + $cts = int($1); + } elsif ( /^\s*critical hashed subpkt \d+ len \d+ \(sig expires after ((\d+)y)?((\d+)d)?((\d+)h)?(\d+)m\)\s*$/ ) + { + SysLog "Detected FRAME $2 $4 $6 $8\n"; + $cts += $2 * 31536000; # secs per year (60 * 60 * 24 * 365) + $cts += $4 * 86400; # secs per day (60 * 60 * 24) + $cts += $6 * 3600; # secs per hour (60 * 60) + $cts += $8 * 60; # secs per min (60) + $r = $cts; + } + elsif(/version/) + { + SysLog "Detected VERSION\n"; + } + } + } + + close(OUT ); + close(RGPG); + + SysLog "CTS: $cts R: $r\n"; + + if ( $r ) + { + @date = gmtime($r); + $r = sprintf('%.4i-%.2i-%.2i %.2i:%.2i:%.2i', # date format + $date[5] + 1900, $date[4] + 1, $date[3], # day + $date[2], $date[1], $date[0], # time + ); + + } + SysLog "$r\n"; + return $r; +} + +#sub OpenPGPextractExpiryDate($) +#{ +# my $data=`$gpgbin -v $_[0]`; +# open OUT,">infogpg.txt"; +# print OUT $data; +# close OUT; +# if($data=~m/^sig\s+[0-9A-F]{8} (\d{4}-\d\d-\d\d) [^\[]/) +# { +# return "$1 00:00:00"; +# } +# return ""; +#} + + +# Sets the locale according to the users preferred language +sub setUsersLanguage($) +{ + my $lang="en_US"; + print "Searching for the language of the user $_[0]\n"; + my @a=$dbh->selectrow_array("select language from users where id='".int($_[0])."'"); + $lang = $1 if($a[0]=~m/(\w+_[\w.@]+)/); + + SysLog "The users preferred language: $lang\n"; + + if($lang ne "") + { + $ENV{"LANG"}=$lang; + setlocale(LC_ALL, $lang); + } else { + $ENV{"LANG"}="en_AU"; + setlocale(LC_ALL, "en_AU"); + } +} + + +sub getUserData($) +{ + return() unless($_[0]=~m/^\d+$/); + my $sth = $dbh->prepare("select * from users where id='$_[0]'"); + $sth->execute(); + #SysLog "USER DUMP:\n"; + while ( my $rowdata = $sth->fetchrow_hashref() ) + { + my %tmp=%{$rowdata}; + #foreach (sort keys %tmp) + #{ + #SysLog " $_ -> $tmp{$_}\n"; + #} + return %tmp; + } + return (); +} + + +sub _($) +{ + return gettext($_[0]); +} + +sub sendmail($$$$$$$) +{ + my ($to, $subject, $message, $from, $replyto, $toname, $fromname)=@_; + my $errorsto="returns\@cacert.org"; + my $extra=""; + + + # sendmail($user{email}, "[CAcert.org] Your GPG/PGP Key", $body, "support\@cacert.org", "", "", "CAcert Support"); + my @lines=split("\n",$message); + $message = ""; + foreach my $line (@lines) + { + $line = trim($line); + if($line eq ".") + { + $message .= " .\n"; + } else + { + $message .= $line."\n"; + } + } + + $fromname = $from if($fromname eq ""); + + my @bits = split(",", $from); + $from = addslashes($bits['0']); + $fromname = addslashes($fromname); + + my $smtp = IO::Socket::INET->new(PeerAddr => 'localhost:25'); + $/="\n"; + SysLog "SMTP: ".<$smtp>; + print $smtp "HELO hlin.cacert.org\r\n"; + SysLog "SMTP: ".<$smtp>; + print $smtp "MAIL FROM:\r\n"; + SysLog "MAIL FROM: ".<$smtp>; + + @bits = split(",", $to); + foreach my $user (@bits) + { + print $smtp "RCPT TO:<".trim($user).">\r\n"; + SysLog "RCPT TO: ".<$smtp>; + } + print $smtp "DATA\r\n"; + SysLog "DATA: ".<$smtp>; + + print $smtp "X-Mailer: CAcert.org Website\r\n"; + print $smtp "X-OriginatingIP: ".$ENV{"REMOTE_ADDR"}."\r\n"; + print $smtp "Sender: $errorsto\r\n"; + print $smtp "Errors-To: $errorsto\r\n"; + if($replyto ne "") + { + print $smtp "Reply-To: $replyto\r\n"; + } + else + { + print $smtp "Reply-To: $from\r\n"; + } + print $smtp "From: $from ($fromname)\r\n"; + print $smtp "To: $to\r\n"; + my $newsubj=encode_base64(recode("html..utf-8", trim($subject))); + #SysLog("NewSubj: --".$newsubj."--\n") if($debug); + $newsubj=~s/\n*$//; + #SysLog("NewSubj: --".$newsubj."--\n") if($debug); + print $smtp trim($subject)=~m/[^a-zA-Z0-9 ,.\[\]\/-]/?"Subject: =?utf-8?B?$newsubj?=\r\n":"Subject: $subject\r\n"; + print $smtp "Mime-Version: 1.0\r\n"; + if($extra eq "") + { + print $smtp "Content-Type: text/plain; charset=\"utf-8\"\r\n"; + print $smtp "Content-Transfer-Encoding: 8bit\r\n"; + } + else + { + print $smtp "Content-Type: text/plain; charset=\"iso-8859-1\"\r\n"; + print $smtp "Content-Transfer-Encoding: quoted-printable\r\n"; + print $smtp "Content-Disposition: inline\r\n"; + }; +# print $smtp "Content-Transfer-Encoding: BASE64\r\n"; + print $smtp "\r\n"; +# print $smtp chunk_split(encode_base64(recode("html..utf-8", $message)))."\r\n.\r\n"; + print $smtp recode("html..utf-8", $message)."\r\n.\r\n"; + SysLog "ENDOFTEXT: ".<$smtp>; + print $smtp "QUIT\n"; + SysLog "QUIT: ".<$smtp>; + close($smtp); +} + + +sub HandleCerts($$) +{ + my $org=$_[0]?"org":""; + my $server=$_[1]; + + + my $table=$org.($server?"domaincerts":"emailcerts"); + + SysLog "HandleCerts $table\n"; + + my $sth = $dbh->prepare("select * from $table where crt_name='' and csr_name!='' and warning<3"); + $sth->execute(); + #$rowdata; + while ( my $rowdata = $sth->fetchrow_hashref() ) + { + my %row=%{$rowdata}; + my $prefix=$org.($server?"server":"client"); + my $short=int($row{'id'}/1000); + my $csrname = "../csr/$prefix-".$row{'id'}.".csr"; + $csrname = "../csr/$prefix/$short/$prefix-".$row{'id'}.".csr" if($newlayout); + SysLog("New Layout: "."../csr/$prefix/$short/$prefix-".$row{'id'}.".csr\n"); + + #my $crtname = "../crt/$prefix-".$row{'id'}.".crt"; + my $crtname=$csrname; $crtname=~s/^\.\.\/csr/..\/crt/; $crtname=~s/\.csr$/.crt/; + my $dirname=$crtname; $dirname=~s/\/[^\/]*\.crt//; + mkdir $dirname,0777; + SysLog("New Layout: $crtname\n"); + + if($server) + { + #Weird SQL structure ... + my @sqlres=$dbh->selectrow_array("select memid from domains where id='".int($row{'domid'})."'"); + $row{'memid'}=$sqlres[0]; + SysLog("Fetched memid: $row{'memid'}\n") if($debug); + } + + SysLog "Opening $csrname\n"; + + my $crt=""; + + my $profile=0; + + # "0"=>"client.cnf", + # "1"=>"client-org.cnf", + # "2"=>"client-codesign.cnf", + # "3"=>"client-machine.cnf", + # "4"=>"client-ads.cnf", + # "5"=>"server.cnf", + # "6"=>"server-org.cnf", + # "7"=>"server-jabber.cnf", + # "8"=>"server-ocsp.cnf", + # "9"=>"server-timestamp.cnf", + # "10"=>"proxy.cnf", + # "11"=>"subca.cnf" + + + if($row{"type"} =~ m/^(8|9)$/) + { + $profile=$row{"type"}; + } + elsif($org) + { + if($row{'codesign'}) + { + $profile=2; ## TODO! + } + elsif($server) + { + $profile=6; + } + else + { + $profile=1; + } + } + else + { + if($row{'codesign'}) + { + $profile=2; + } + elsif($server) + { + $profile=5; + } + else + { + $profile=0; + } + + + } + + + + if(open(IN,"<$csrname")) + { + undef $/; + my $content=; + close IN; + SysLog "Read $csrname.\n" if($debug); + SysLog "Subject: --$row{'subject'}--\n" if($debug); + + my ($SAN,$subject)=X509extractSAN($row{'subject'}); + SysLog "Subject: --$subject--\n" if($debug); + SysLog "SAN: --$SAN--\n" if($debug); + SysLog "memid: $row{'memid'}\n" if($debug); + + my $days=$org?($server?(365*2):365):calculateDays($row{"memid"}); + + my $md_id = 0; + $md_id = 1 if( $row{'md'} eq "md5"); + $md_id = 2 if( $row{'md'} eq "sha1"); + $md_id = 3 if( $row{'md'} eq "rmd160"); + $md_id = 8 if( $row{'md'} eq "sha256"); + $md_id = 9 if( $row{'md'} eq "sha384"); + $md_id =10 if( $row{'md'} eq "sha512"); + + $crt=Request($ver,1,1,$row{'rootcert'}-1,$profile,$md_id,$days,$row{'keytype'}eq"NS"?1:0,$content,$SAN,$subject); + if(length($crt)) + { + if($crt=~m/^-----BEGIN CERTIFICATE-----/) + { + open OUT,">$crtname"; + print OUT $crt; + close OUT; + } + else + { + open OUT,">$crtname.der"; + print OUT $crt; + close OUT; + system "$opensslbin x509 -in $crtname.der -inform der -out $crtname"; + } + } + else + { + SysLog "ZERO Length certificate received.\n"; + } + } + else + { + print "Error: $! Konnte $csrname nicht laden\n"; + } + + + + if(-s $crtname) + { + SysLog "Opening $crtname\n"; + + my $date=X509extractExpiryDate($crtname); + my $serial=X509extractSerialNumber($crtname); + + setUsersLanguage($row{memid}); + + my %user=getUserData($row{memid}); + + foreach (sort keys %user) + { + SysLog " $_ -> $user{$_}\n" if($debug); + } + + SysLog("update `$table` set `crt_name`='$crtname', modified=now(), serial='$serial', `expire`='$date' where `id`='".$row{'id'}."'\n"); + + $dbh->do("update `$table` set `crt_name`='$crtname', modified=now(), serial='$serial', `expire`='$date' where `id`='".$row{'id'}."'"); + + my $body = _("Hi")." $user{fname},\n\n"; + $body .= sprintf(_("You can collect your certificate for %s by going to the following location:")."\n\n", $row{'email'}.$row{'CN'}); + $body .= "https://www.cacert.org/account.php?id=".($server?"15":"6")."&cert=$row{id}\n\n"; + $body .= _("If you have not imported CAcert's root certificate, please go to:")."\n"; + $body .= "https://www.cacert.org/index.php?id=3\n"; + $body .= "Root cert fingerprint SHA256 = 07ED BD82 4A49 88CF EF42 15DA 20D4 8C2B 41D7 1529 D7C9 00F5 7092 6F27 7CC2 30C5\n"; + $body .= "Root cert fingerprint SHA1 = DDFC DA54 1E75 77AD DCA8 7E88 27A9 8A50 6032 52A5\n\n"; + $body .= _("Best regards")."\n"._("CAcert.org Support!")."\n\n"; + sendmail($user{email}, "[CAcert.org] "._("Your certificate"), $body, "support\@cacert.org", "", "", "CAcert Support"); + } + else + { + SysLog("Could not find the issued certificate. $crtname ".$row{"id"}."\n"); + $dbh->do("update `$table` set warning=warning+1 where `id`='".$row{'id'}."'"); + } + } +} + + +sub DoCRL($$) +{ + my $crl=$_[0]; + my $crlname=$_[1]; + + if(length($crl)) + { + if($crl=~m/^-----BEGIN X509 CRL-----/) + { + open OUT,">$crlname.pem"; + print OUT $crl; + close OUT; + system "$opensslbin crl -in $crlname.pem -outform der -out $crlname.tmp"; + } + else + { + open OUT,">$crlname.patch"; + print OUT $crl; + close OUT; + my $res=system "xdelta patch $crlname.patch $crlname $crlname.tmp"; + #print "xdelta res: $res\n"; + if($res==512) + { + open OUT,">$crlname.tmp"; + print OUT $crl; + close OUT; + } + } + + my $res=`openssl crl -verify -in $crlname.tmp -inform der -noout 2>&1`; + SysLog "verify: $res\n"; + if($res=~m/verify OK/) + { + rename "$crlname.tmp","$crlname"; + } + else + { + SysLog "VERIFICATION OF NEW CRL DID NOT SUCCEED! PLEASE REPAIR!\n"; + SysLog "Broken CRL is available as $crlname.tmp\n"; + #Override for testing: + rename "$crlname.tmp","$crlname"; + } + return 1; + } + else + { + SysLog("RECEIVED AN EMPTY CRL!\n"); + } + return 0; +} + + +sub RefreshCRLs() +{ + foreach my $rootcert (keys %revokefile) + { + if(!CRLuptodate($revokefile{$rootcert})) + { + SysLog "Update of the CRL $rootcert is necessary!\n"; + my $crlname = $revokefile{$rootcert}; + my $revokehash=sha1_hex(readfile($crlname)); + my $crl=Request($ver,2,1,$rootcert-1,0,0,365,0,"","",$revokehash); + #print "Received ".length($crl)." ".hexdump($crl)."\n"; + DoCRL($crl,$crlname); + } + } +} + + +sub RevokeCerts($$) +{ + my $org=$_[0]?"org":""; + my $server=$_[1]; + + my $table=$org.($server?"domaincerts":"emailcerts"); + + my $sth = $dbh->prepare("select * from $table where revoked='1970-01-01 10:00:01'"); # WHICH TIMEZONE? + $sth->execute(); + #$rowdata; + while ( my $rowdata = $sth->fetchrow_hashref() ) + { + my %row=%{$rowdata}; + + my $prefix=$org.($server?"server":"client"); + my $short=int($row{'id'}/1000); + + my $csrname = "../csr/$prefix-".$row{'id'}.".csr"; + $csrname = "../csr/$prefix/$short/$prefix-".$row{'id'}.".csr" if($newlayout); + SysLog("New Layout: "."../csr/$prefix/$short/$prefix-".$row{'id'}.".csr\n"); + + #my $crtname = "../crt/$prefix-".$row{'id'}.".crt"; + my $crtname=$csrname; $crtname=~s/^\.\.\/csr/..\/crt/; $crtname=~s/\.csr$/.crt/; + SysLog("New Layout: $crtname\n"); + + #my $csrname = "../csr/".$org.($server?"server-":"client-").$row{'id'}.".csr"; + #my $crtname = "../crt/".$org.($server?"server-":"client-").$row{'id'}.".crt"; + my $crlname = $revokefile{$row{'rootcert'}}; + + my $crt=""; + + + if(open(IN,"<$crtname")) + { + undef $/; + my $content=; + close IN; + my $revokehash=sha1_hex(readfile($crlname)); + + my $crl=Request($ver,2,1,$row{'rootcert'}-1,0,0,365,0,$content,"",$revokehash); + my $result=DoCRL($crl,$crlname); + + if($result) + { + $dbh->do("update `$table` set `revoked`=now() where `id`='".$row{'id'}."'"); + + if($org eq "") + { + if($server) + { + my @a=$dbh->selectrow_array("select `memid` from `domains` where `id`='".int($row{domid})."'"); + sendRevokeMail($a[0], $row{'CN'}, $row{'serial'}); + } + else + { + sendRevokeMail($row{memid}, $row{'CN'}, $row{'serial'}); + } + } + else + { + my $orgsth = $dbh->prepare("select `memid` from `org` where `orgid`='".int($row{orgid})."'"); + $orgsth->execute(); + while ( my ($memid) = $orgsth->fetchrow_array() ) + { + sendRevokeMail($memid, $row{'CN'}, $row{'serial'}); + } + } + } + + } + else + { + SysLog("Error in RevokeCerts: $crtname $!\n") if($debug); + } + + } + +} + +sub sendRevokeMail() +{ + my $memid = $_[0]; + my $certName = $_[1]; + my $serial = $_[2]; + setUsersLanguage($memid); + + my %user=getUserData($memid); + + my $body = _("Hi")." $user{fname},\n\n"; + $body .= sprintf(_("Your certificate for '%s' with the serial number '%s' has been revoked, as per request.")."\n\n", $certName, $serial); + $body .= _("Best regards")."\n"._("CAcert.org Support!")."\n\n"; + SysLog("Sending email to ".$user{"email"}."\n") if($debug); + sendmail($user{email}, "[CAcert.org] "._("Your certificate"), $body, "support\@cacert.org", "", "", "CAcert Support"); +} + + + +sub HandleGPG() +{ + my $sth = $dbh->prepare("select * from gpg where crt='' and csr!='' "); + $sth->execute(); + my $rowdata; + while ( $rowdata = $sth->fetchrow_hashref() ) + { + my %row=%{$rowdata}; + + my $prefix="gpg"; + my $short=int($row{'id'}/1000); + my $csrname = "../csr/$prefix-".$row{'id'}.".csr"; + $csrname = "../csr/$prefix/$short/$prefix-".$row{'id'}.".csr" if($newlayout); + SysLog("New Layout: "."../csr/$prefix/$short/$prefix-".$row{'id'}.".csr\n"); + + #my $crtname = "../crt/$prefix-".$row{'id'}.".crt"; + my $crtname=$csrname; $crtname=~s/^\.\.\/csr/..\/crt/; $crtname=~s/\.csr$/.crt/; + SysLog("New Layout: $crtname\n"); + + + #my $csrname = "../csr/gpg-".$row{'id'}.".csr"; + #my $crtname = "../crt/gpg-".$row{'id'}.".crt"; + + SysLog "Opening $csrname\n"; + + my $crt=""; + + if(-s $csrname && open(IN,"<$csrname")) + { + undef $/; + my $content=; + close IN; + SysLog "Read $csrname.\n"; + $crt=Request($ver,1,2,0,0,2,366,0,$content,"",""); + if(length($crt)) + { + open OUT,">$crtname"; + print OUT $crt; + close OUT; + } + + } + else + { + #Error("Error: $!\n"); + next; + } + + if(-s $crtname) + { + SysLog "Opening $crtname\n"; + setUsersLanguage($row{memid}); + + my $date=OpenPGPextractExpiryDate($crtname); + my %user=getUserData($row{memid}); + + $dbh->do("update `gpg` set `crt`='$crtname', issued=now(), `expire`='$date' where `id`='".$row{'id'}."'"); + + my $body = _("Hi")." $user{fname},\n\n"; + $body .= sprintf(_("Your CAcert signed key for %s is available online at:")."\n\n", $row{'email'}); + $body .= "https://www.cacert.org/gpg.php?id=3&cert=$row{id}\n\n"; + $body .= _("To help improve the trust of CAcert in general, it's appreciated if you could also sign our key and upload it to a key server. Below is a copy of our primary key details:")."\n\n"; + $body .= "pub 1024D/65D0FD58 2003-07-11 CA Cert Signing Authority (Root CA) \n"; + $body .= "Key fingerprint = A31D 4F81 EF4E BD07 B456 FA04 D2BB 0D01 65D0 FD58\n\n"; + $body .= _("Best regards")."\n"._("CAcert.org Support!")."\n\n"; + sendmail($user{email}, "[CAcert.org] Your GPG/PGP Key", $body, "support\@cacert.org", "", "", "CAcert Support"); + } else { + SysLog("Could not find the issued gpg key. ".$row{"id"}."\n"); + #$dbh->do("delete from `gpg` where `id`='".$row{'id'}."'"); + } + } +} + + +# Main program loop + +my $crlcheck=0; + +while ( -f "./client.pl-active" ) +{ + SysLog("Handling GPG database ...\n"); + HandleGPG(); + SysLog("Issueing certs ...\n"); + HandleCerts(0,0); #personal client certs + HandleCerts(0,1); #personal server certs + HandleCerts(1,0); #org client certs + HandleCerts(1,1); #org server certs + SysLog("Revoking certs ...\n"); + RevokeCerts(0,0); #personal client certs + RevokeCerts(0,1); #personal server certs + RevokeCerts(1,0); #org client certs + RevokeCerts(1,1); #org server certs + + $crlcheck++; + RefreshCRLs() if(($crlcheck%100) == 1); + + #print "Sign Request X.509, Root0\n"; + #my $reqcontent=""; + #Request($ver,1,1,0,5,2,365,0,$reqcontent,"","/CN=supertest.cacert.at"); + + SysLog("NUL Request:\n"); + my $timestamp=strftime("%m%d%H%M%Y.%S",gmtime); + Request($ver,0,0,0,0,0,0,0,$timestamp,"",""); + sleep(1); + usleep(1700000); +} diff --git a/coapnew.php b/coapnew.php new file mode 100644 index 00000000..54a8cc56 --- /dev/null +++ b/coapnew.php @@ -0,0 +1,1598 @@ + zapfdingbats.utf metrics file +** php -q makefont.php zapfsdingbats.ttf zapfdingbats.utf -> .php,.ctg.z,.z +** install files: zapfdingbats.{php,z,ctg.z} in tcpdf/fonts dir +** UTF8 package for unicode (utf8/native/core.php): +** utf8_substr() only when package is found and needs to be used +** transliteration (and abbreviation): +** if full name has non-ascii char(s) try to use: utf8_to_ascii() +** First from transtab.php package which is Markus Kuhn compliant +** transtab.php is CAcert php package. +** Transtab depends on on its turn on UTF8 package. +** Secondly if not found utf8ascii lib tried (artistic license) +** http://sourceforge.net/projects/phputf8 +** .../utf8_to_ascii-0.3.tar.gz +** see UTF8_ASCII definition for location requirements +** Thirdly: if not found transliteration feature is disabled. +** +** policy documents for pdf inclusion: +** define CCA file (default policy) +** LOGO: CAcert logo logos directory is LOGO +** +** Functionality: +** Test: use environment variable settings as parameters for +** Organisation: name, dba's, director, sign date, trade license ID +** address, country/state jurisdiction, domain(s) +** o-admins: name, email, phone +** Registry: name, region +** Assurer: name, email, sign date +** +** Form fields: javascript form fields with fields for printout and change +** Printout: printed, and completed for final signatures +** On transliteration and abbreviation of a name: +** if shoes a std way show accepted conversion as pdf comment +** Orientation: on landscape (dflt) print 2-up +** PDF URL links are used to web, wiki, and faq for more info search +** Only on non-ascii chars in a name the utf8 routines are loaded +** PDF reader has wiki info url's and easy email feedback +** ENABLED: +** included is the CCA generates 2 extra pages (needs work to limit vert spacing) +** +** For other re-use of some routines: +** abbreviate() abbreviate a name on std way +** transliterate() provide name in translated format in std way +** +** For tests: +** environment settings (FORM, FORMAT, CCA, ...) define used test data +** In test modus variable path_url from tcpdf package unset warnings +** Set for operation modus TEST on false (or comment code out) +** +** Future: +** digitally sign form and process it via network +** +** unicode and UTF-8 support: +** php4/5 recode() is alias of recode_string() of PHP library +** If not provided: should check every string is transcoded? +** recode(), recode_string(0 is said to have too many (japanese) defeats +** recode_string() is only used on GET[] input (html->utf-8), +** UTF-8 use routines from http://www.sourceforge.net/projects/phputf8 +** which replaces php recode() package. +** on many places own utf-8 handling code exists and is loaded (tcpdf problem) +** _() translation routine. The returned HTML string is translated to utf-8 string. +** the GET() routines expects utf-8 code (see test defs) but might be changed +** to use html entity conversion routine of PHP (5.2 has a problem...). +** +** PDF compression zlib: (now disabled) +** if PHP lib zcompress() is present, generated PDF is compressed +** +** FONTS future use ? http://www.slovo.info/unifonts.htm? (not used now) +** or Bitstream Cyberbit http://www.orwell.ru/download/cyberbit.zip +** Latter font is no longer for free download +** For now: FreeVeraSans is used now and embedded (std in TCPDF package) +** Zapf Dingbats font: some Open Source readers have bad font handling or +** no zapfdingbat font. So one is embedded +** To be generated with tooling in util directory. +** +** TO DO, to CHECK and KNOWN PROBLEMS: +** _() translation routine returns recoded and checks UTF-8 chars? +** Japanse package (maybe not needed with TCPDF?) +** CCA informal should be on one page (no CCA printed yet) +** form field checks, print button (Java script) +** data structs in Java script and globalize property settings +** XML +** timestamping, signatures and certificate usage +** list of recipients, encrypt the document and send it off +** On Acrobat 7.0: first form field call error (have work around) +** eps problem with logo (no eps logo yet) +** multi selection of ID types in form fields (value editable now) +** ugly capital char use in intro to bold or italic lowercase +** tables over page boundaries do not fully work yet +** +** DEPENDENCIES: +** This PDF GENERATION package relies on the PHP PDF generation +** package of TCPDF source force project: +** http://sourceforge.net/projects/tcpdf/ V 4.0.007 18th July 2008 +** The tcpdf software supports encryption, signatures, and form fields +** TCPDF is using URF-8 code (good!) +** The TRANSLITERATE code tables db (utf8ascii) is not compliant (!?) with +** Markus Kuhn -- 2001-09-02 +** First is tried to use Markus his tables +** For a test file with all chars see there (it is also in tcpdf package). +** Both transliteration packages rely on UTF-8 code, only loaded when available and +** when really needed. +** PDF generation: The alternative is the one from the std PHP library. +** +** SECURITY: +** PHP libs: packages seems to download files on the fly into local filesystem!!! +** +** All sizes (in mm) is related to A5 base, so other page formats are scaled. +** +** Parameters (API): +** $_GET['date'] date of assurance and signature applicant organisation +** $_GET['name'] full name assuree default empty for upward compatibility +** $_GET['dba<1-9>'] etc. %d = 1-9 trade names +** $_GET['address'] postal address department, office, street, zip, city +** $_GET['state'] jurisdiction +** $_GET['country'] jurisdiction address +** $_GET['type'] type of organisation: e.g. foundation, partnership, Lmtd +** $_GET['domain<0..n>'] domain names of organisation +** $_GET['director'] can sign for the organisation +** $_GET['email'] email address for organisation contact +** $_GET['phone'] organisation phone number for contact +** $_GET['admin'] o-admin name +** $_GET['adminemail'] o-admin emailo address +** $_GET['adminphone'] o-admin phone number +** $_GET['admin<1-9>'] o-admin name +** $_GET['admin<1-9>email'] o-admin emailo address +** $_GET['admin<1-9>phone'] o-admin phone number +** $_GET['identity'] trade office license Identification number +** $_GET['tor'] trade office name +//** $_GET['tordate'] trade office extract date (depreciated) +** $_GET['torregion'] trade office region (depreciated) +** $_GET['assurer'] full name assurer default empty +** $_GET['assureremail'] email address assurer default empty (new) +** $_GET['assurerdate'] date of signature assurer (new) +** $_GET['assurerphone'] contact phone number of assurer (new) +//** $_GET['assurancedate'] date of assurance (new) (depreciated) +//** $_GET['location'] location of assurance (depreciated) +** $_GET['nocca'] do not print CCA on back side (dflt: false) +** $_GET['policy<%d>'] to include policy document(s) in pdf file %d = 1-9 (new) +** $_GET['noform'] do not print form (dflt: true) (new) +** $_GET['format'] paper format required A0-A6,Letter, Folio, B0-B6 (dflt A4) +** $_GET['watermark'] watermark on the page +** $_GET['orientation'] paper orientation default "landscape" default 2-up (new) +** $_SESSION['_config']['language'] for "ja" japanese default != ja +** $_SESSION['_config']['recode'] = "format" recode() uses it: needed ? +** recode() is aliased to php lib function recode_string() +** $_REQUEST[bw] if exists use black/white, default use colour +** +** Output, package generates: +** PDF display screen is scaled to 100% A4 size +** PDF property fields have CAcert info +** on non empty _GET strings, the package generates prefilled form fields. +** PDF form field variables (Java Script): +** Applicant +** Organisation.Names[0] organisation name +** Organisation.Address street address, zip, city +** Organisation.Type comma separated values (csv) +** type of organisation +** state +** country +** Organisation.DBA registered trade names (csv) +** Organisation.Domains organisation domain names (csv) +** Organisation.Director.Name name of director with signing power +** Organisation.Director.Email corporate email address +** Organisation.Director.Phone corporate phone number +** Organisation.Date date of signature director +** Organisation.Admin[].Name 0..9 name of org. admnin +** Organisation.Admin[].Email 0..9 o-admin email address +** Organisation.Admin[].Phone 0..9 o-admin phone number +** Trade Office Registry +** tor.info comma separated values (csv): +** unique trade office Identification number +** name trade office registry +** region trade office (depreciated) +** date of trade office Extract (depreciated) +** Assurer +** Assurer.Name full name of assurer +** Assurer.Email email address assurer +** Assurer.Date date signature assurer +//** Assurance info (depreciated) +//** assurance.location string may have date of meeting (depreciated) +//** assurance.date date of assurance (depreciated) +** Form Revision string is generated from RCS revision string. +** More info on PDF fields: +** http://www.adobe.com/devnet/acrobat/pdfs/js_developer_guide.pdf +** +*/ + +// use next define if you test this code +define( 'TEST', true ); + +// INSTALLATION DIRS OF PACKAGES ============================== +// make sure packages are installed here +define('RT','./'); +define('TCPDF_DIR','/usr/share/tcpdf_php4'); +define('UTF8',RT."/utf8/native/core.php"); +if( file_exists(RT.'/transtab.php') ) // wherever it is + define('UTF8_ASCII', RT.'/transtab.php'); +else + define('UTF8_ASCII', RT.'/utf8_to_ascii/utf8_to_ascii.php'); // optional +// end operational special code defs + +if( defined( 'TEST' ) ) { +// ONLY FOR TEST PURPOSES ===================================== + /* test data */ + + $_SESSION['_config']['recode'] = "html..utf-8"; // ???? + if( isset($_SERVER['LANG']) ) + $_SESSION['_config']['language'] = $_SERVER['LANG']; + + if( array_key_exists('FORMAT',$_SERVER) AND $_SERVER['FORMAT'] ) + $_GET['format'] = $_SERVER['FORMAT']; + else { + //$_GET['format'] = "A5"; // margin scale problem... does not work + //$_GET['format'] = "Legal"; // ok + //$_GET['format'] = "Folio"; // ok + //$_GET['format'] = "Letter"; // letter little margin problem + //$_GET['format'] = "A4"; // A4, default ok + } + if( array_key_exists('ORIENTATION',$_SERVER) AND $_SERVER['ORIENTATION'] ) + $_GET['orientation'] = $_SERVER['ORIENTATION']; + else { + //$_GET['orientation'] = "portrait"; // default 2 pages, or portrait + } + $_GET['nocca'] = isset($_SERVER['CCA']) ? $_SERVER['CCA'] : ""; + if( isset($_SERVER['FORM']) AND $_SERVER['FORM'] == "noform" ) + $_GET['noform'] = "true"; + + if( array_key_exists('FORM',$_SERVER) AND $_SERVER['FORM'] != 'empty' ){ + // organisation info part + $_GET['name'] = "Stichting Oophaga foundation"; + $_GET['address'] = "De Burgerstraat 25, office 268, 1098 SJ, Amsterdam-Buitenveldert"; + $_GET['state'] = ""; + $_GET['country'] = "Netherlands"; + $_GET['type'] = "foundation"; + $_GET['dba1'] = "Oophaga"; // trade names + //$_GET['DBA2..9'] = "St. Oophaga"; + // applicant signer for organisation + $_GET['director'] = "Gerard H. M. Sühmple"; // upwards competable + //$_GET['email'] = "director@oophaga.org"; + $_GET['phone'] = "+31 773270066"; + $_GET['date'] = "2008-08-18"; // upwards compatible + // trade office information + $_GET['identifier'] = "NL-238603-AA02"; + $_GET['tor'] = "Kamer van Koophandel"; + $_GET['torregion'] = "Amsterdam"; + //$_GET['tordate'] = "2008-04-03"; + // contact name(s) + $_GET['domain1'] = "oophaga.org, oophaga.nl"; + $_GET['domain2'] = "oophaga.net"; + $_GET['domain4'] = "oophaga.eu"; + $_GET['admin'] = "Görge H. M. Sämple"; // upwards competable + $_GET['adminemail'] = "tesu.hagaen@thesu.xs4all.eu"; + $_GET['adminphone'] = "+31 77 327996"; + //$_GET['admin2..9XX'] = ""; // name, email, phone + // assurer info + $_GET['assurer'] = "My O. Assurer-Name"; + $_GET['assurerdate'] = "now"; + $_GET['assureremail'] = "Assurer@cacert.org"; + $_GET['assurerphone'] = "+31737201060"; + // assurance info + //$_GET['assurancedate'] = "2008-12-21"; depreciated + //$_GET['location'] = "Amsterdam, Holland"; depreciated + //$_GET['notes'] = "bla bla"; depreciated + // handy + $_GET['watermark'] = "just an EXAMPLE"; + } else { + //$_GET['ALL'] = "empty"; + } + + //$_REQUEST['bw'] = true; + +} // end of TEST code =========================================================== + +/* Directory settings for installation */ +// change next for directory settings for packages !!!!!!!!!!!!!!!!!!!!!! +// set to correct internal path to TCPDF pakage installation +// Make sure pdf generation package is not connecting internet for +// whatever reason and downloading files into this host!!!! +// UCPDF as well PHP PDF std package have unsecure code as well.... +require_once(TCPDF_DIR . '/config/lang/eng.php'); +require_once(TCPDF_DIR . '/tcpdf.php'); + +// CAcert logo path/file name is extended with eg color, mono and format type +define( 'LOGO','logos/CAcert-logo-'); +// eps should give better quality, LOGO_TYPE -> .eps +// eps does not work with CAcert logo, set to .eps when ok +define( 'LOGO_DPI', '1000'); +define( 'LOGO_TYPE','-'.LOGO_DPI.'.png'); +// logo colors RGB hex +define('BLUE', '#11568C'); // RGB 17 86 140 +define('LBLUE', '#ADC5D7'); // RGB 112 154 186 +define('LLBLUE','#D6E2EB'); // lighhter blue RGB 173 197 215 +define('LIME', '#C7FF00'); // RGB 199 255 0 +define('GREEN', '#00BE00'); // 0 190 0 + +define('POBOX','Hangar 10 Airfield Avenue, Murwillumbah NSW 2484, New South Wales, (Commonwealth of) Australia '); +define('WEB', 'http://www.cacert.org'); +define('WIKI','http://wiki.cacert.org/wiki'); +define('ROOTKEYS','http://www.cacert.org/index.php?id=3'); +define('ASSCOAP', WIKI.'/FAQ/AssuranceByCAP'); +define('ASSHBK', WIKI.'/OrganisationAssuranceManual'); +define('ASSINFO', WIKI.'/OrganisationEntities'); +define('ASSINTRO', WIKI.'/FAQ/AssuranceIntroduction'); +define('ASSORG', WIKI."/OrganisationAssurance"); +define('ARBIT', WIKI."/ArbitrationForum"); +// CAcert Community Agreement +define('CCA', "CAcertCommunityAgreement"); // default policy to print +define('POLICY','policy/'); // default polciy doc directory +define('EXT','.html'); // default polciy doc extention, should be html +/* finger print CAcert Root Key SHA256 since 2021 */ // should obtain this automatically +define('CLASS1_SHA256','07ED BD82 4A49 88CF EF42 15DA 20D4 8C2B 41D7 1529 D7C9 00F5 7092 6F27 7CC2 30C5'); +define('CLASS3_SHA256','1BC5 A61A 2C0C 0132 C52B 284F 3DA0 D8DA CF71 7A0F 6C1D DF81 D80B 36EE E444 2869'); +/* finger print CAcert Root Key */ // not to use since 2019 +/* finger print CAcert Root Key */ // should obtain this automatically +define('CLASS1_SHA1','DDFC DA54 1E75 77AD DCA8 7E88 27A9 8A50 6032 52A5'); +define('CLASS3_SHA1','D8A8 3A64 117F FD21 94FE E198 3DD2 5C7B 32A8 FFC8'); +// next two are not used on the form, obsolete +define('CLASS1_MD5','A6:1B:37:5E:39:0D:9C:36:54:EE:BD:20:31:46:1F:6B'); +define('CLASS3_MD5','F7:25:12:82:4E:67:B5:D0:8D:92:B7:7C:0B:86:7A:42'); +// if on draft provide std message +define('WATERMARK',""); + +// other definitions for the form +define("MAX_COLS", 2); // max coulumns per page Landscape is printed with 2-up +// put next to 200 and it will disable printout +define("MINH", 107.5); // in A5 mm is current estimated left over space on one page +define("H", 5); // height of a name entry field +//set margins +define("MARGIN",11.296); // 2-up will be scaled +// base of font size +define( 'F_SIZE', 7 ); + +define('DFL_FORMAT', 'html..utf-8'); + +// enviroment dependent constants +// Japanese is not supported? +if( array_key_exists('_config', $_SESSION) ) { + if( isset($_SESSION['_config']['language']) ) { + if($_SESSION['_config']['language'] == "ja") + define('FONT','SJIS'); + else define( 'FONT', 'freesans'); + } + else define( 'FONT', 'freesans'); +} +else + //define( 'FONT', 'dejavusans'); + define( 'FONT', 'freesans'); + +// generate black/white? +if(array_key_exists('bw',$_REQUEST)) + define('BW', true); +else + define('BW', false); + +// function is left in tact, but to new tcpdf code UFT-8 is fully supported now. +function my_recode($strg = NULL ) +{ + static $format = NULL; + if( $strg == NULL OR !$strg ) return ( "" ); + if( $format == NULL ) { + if( array_key_exists('_config', $_SESSION) ) { + if( isset( $_SESSION['_config']['recode']) ) + $format = $_SESSION['_config']['recode']; + else $format = DFL_FORMAT; + } + else $format = DFL_FORMAT; + } + // newer tcpdf package is full UTF-8 Voided by this package? + if( function_exists("recode_string" ) ) + return ( recode_string($format, $strg) ); + else return( $strg ); +} + +// return TRUE if string is ascii and not device control chars specialized for +// personal names (no device controls) +function utf8_is_ascii_ctrl($str) { + if ( strlen($str) > 0 ) { + // Search for any bytes which are outside the ASCII range, + // or are device control codes + //return (preg_match('/[^\x09\x0A\x0D\x20-\x7E]/',$str) !== 1); deleted \r and \n + return (preg_match('/[^\x09\x20-\x7E]/',$str) !== 1); + } + return FALSE; +} + + +// extend TCPF with custom functions +class COAPPDF extends TCPDF { + + // do cap form version numbering automatically "$Revision: 1.6 $" + /*public*/ function Version() { + strtok(REV, " "); + return(strtok(" ")); + } + + /*public*/ function myHeader( $msg = NULL, $url = NULL ) + { + static $my_url = NULL; + if( $msg != NULL ) { + $this->my_header_msg = $msg; $my_url = $url; return; + } + if( $this->my_header_msg == NULL ) return; + if( $this->msg_page_nr > 0 ) { + $font_fam = $this->FontFamily; + $font_style = $this->FontStyle.($this->underline ? 'U' : '').($this->linethrough ? 'D' : ''); + $font_size = $this->getFontSize(); + $this->SetFont(FONT,'', F_SIZE-1); + $this->setXY($this->lMargin, MARGIN-3); + $this->Cell($this->colwidth, 3,$this->my_header_msg, 0, 0, 'R'); + if( !empty($font_fam ) ) + $this->SetFont($font_fam,$font_style,$font_size); + if( $my_url != NULL AND $my_url != "" ) + $this->myLink($this->lMargin+$this->colwidth/2,$this->lMargin-4,$this->colwidth,(F_SIZE+5)/2.9,$my_url); + } + $this->setXY($this->lMargin, MARGIN+3); + $this->y0 = $this->getY(); + } + + // undefine default header and footer handling + // default routines do not handle columns + function Footer() { } + function Header() { } + function Mark( $string = "" ) { + return array( $string, 1+substr_count($string,'.') ); + } + + /*public*/ function myFooter( $msg = NULL, $url = NULL ) + { + static $my_url = NULL; + if( $msg != NULL ) { + $this->my_footer_msg = $msg; $this->msg_page_nr = 0; + $my_url = $url; return; + } + if( $this->my_footer_msg == NULL ) return; + $this->InFooter = true; + $this->msg_page_nr++; + $font_fam = $this->FontFamily; + $font_style = $this->FontStyle.($this->underline ? 'U' : '').($this->linethrough ? 'D' : ''); + $font_size = $this->getFontSize(); + $this->SetFont(FONT,'', F_SIZE-1); + if( $this->msg_page_nr > 1 ) { + $this->SetXY($this->lMargin, $this->GetPageHeight()/$this->scale*100.0-6); + $this->Cell($this->colwidth, 3, + sprintf("%s %d", $this->unhtmlentities( _('page') ), $this->msg_page_nr), + 0, 0, 'C'); + } + if( $this->my_footer_msg != "" ) { + $strg = "© ". date("Y"). " CAcert Inc.".", ". $this->my_footer_msg; + $this->SetXY($this->lMargin+MARGIN/2, $this->GetPageHeight()/$this->scale*100.0-6); + $this->Cell($this->colwidth, 3, $strg, 0, 0, 'R'); + if( $my_url != NULL AND $my_url != "" ) + $this->myLink($this->lMargin+MARGIN/2,$this->GetPageHeight()/$this->scale*100.0-6,$this->colwidth,(F_SIZE+5)/2.9,$my_url); + } + if( $this->Watermark != "" ) { + $this->StartTransform(); + $savex = $this->GetX(); $savey = $this->GetY(); + $this->SetFont(FONT,'', F_SIZE*7); + $l = $this->GetStringWidth($this->Watermark); + $h = $this->GetPageHeight()/$this->scale*100.0/2; + $w = $this->colwidth/2+MARGIN; + $this->SetXY(0,0); + $this->TranslateY($h+(F_SIZE*7)/2.9); + $this->TranslateX($w-MARGIN+$this->lMargin); + $this->Rotate(rad2deg(atan($h/$w))); + $this->Text(-$l/2,0,$this->Watermark, 0.8); + $this->StopTransform(); + $this->SetXY($savex,$savey); + } + + if( !empty($font_fam ) ) + $this->SetFont($font_fam,$font_style,$font_size); + $this->InFooter = false; + } + + // user and print preferences + // NumCopies, PrintPageRange, DisplayDocTitle, HideMenuBar, HideToolBar, ... + /*public*/ var $ViewerPrefs = array( + 'Duplex' => 'Simplex', + 'NumCopies'=> '1', + 'DisplayDocTitle' => 'CAcert Organisation Assurance Programme (COAP) form', + 'HideToolBar' => true, + 'FitWindow' => true, + ); + + //number of colums + /*protected*/ var $ncols=1; + + // columns width + /*protected*/ var $colwidth=0; + + // space between columns + /*protected*/ var $column_space = 0; + + //Current column + /*protected*/ var $col=0; + + //Ordinate of column start + /*protected*/ var $y0; + + // scaling factor + /*protected*/ var $scale = 100.0; + + // print header and footer + /*protected*/ var $my_footer_msg = NULL; + /*protected*/ var $my_header_msg = NULL; + /*protected*/ var $msg_page_nr = 0; + + // print short watermark on the page + /*public*/ var $Watermark = WATERMARK; + + /*public*/ function SetFormat( $format = "A4" ) { + switch( strtolower($format) ) { + // there is some scale problems with margins... + case "a1": + case "b1": + $this->scale *= 1.4142; + case "a2": + case "b2": + $this->scale *= 1.4142; + case "a3": + case "b3": + $this->scale *= 1.4142; break; + case "a5": + case "b5": + $this->scale /= 1.4142; break; + case "letter": + $this->scale *= 0.97; break; + default: $format = "A4"; + case "a4": + case "b4": + case "folio": + case "legal": + break; + } + $this->SetDisplayMode(intval($this->scale), 'SinglePage', 'UseOC'); + return( $format ); + } + + //Set position at a given column + /*private*/ function SetCol($col = -1) { + static $pagecolwidth = 1.0; + static $column_space = 1.0; + + if( $col == -1 ) $col = $this->col+1; + if( $this->colwidth == 0 ) { + // only once at start; set default values + //set margins + $this->addPage(); $col = 0; // reset to zero + $this->SetMargins(MARGIN, MARGIN, MARGIN); + if( $this->CurOrientation != 'L' ) { + $this->scale *= 1.4142; + $this->ScaleXY($this->scale,0,0); + } else { + $this->scale *= 1.0; + $this->ScaleXY($this->scale,0,0); + } + $this->ncols = $this->CurOrientation == 'L'? MAX_COLS : 1; + $this->colwidth = $this->w / $this->scale * 100 / $this->ncols - MARGIN*2; + $pagecolwidth = $this->w/$this->ncols; + // space between columns + if ($this->ncols > 1) { + $column_space = round((float)($this->w - ($this->ncols * $pagecolwidth)) / ($this->ncols - 1)); + } else { + $column_space = 0; + } + $this->y0 = $this->GetY(); + } + else { + if( $col == $this->col ) { // reset on close of this column + $x = MARGIN + $this->col*($pagecolwidth+$column_space); + $this->SetLeftMargin($x); + //$this->SetRightMargin($this->w - $x - $this->colwidth); + } + $this->PrintTable("", -1); // if pending table close up table + $this->myFooter(); // print footer msg if defined + } + if( $col >= $this->ncols ) { + $this->addPage(); $col = 0; + $this->ScaleXY($this->scale,0,0); + $this->y0 = 0; //no header/footer done... + } elseif ( $col > 0 AND $col < $this->ncols) { + // print column separator + $x = $this->w/$this->ncols*($this->col+1); + $y = $this->tMargin; + $this->SetLineWidth(0.1); $this->SetDrawColor(195); + $this->SetLineStyle(array('dash'=>'1,8') ); // gray dotted + $this->Line( $x, $y+27, $x, $y+185); + $this->SetLineWidth(0.2); $this->SetDrawColor(0); + $this->SetLineStyle(array('dash'=>'0') ); + } + $this->col = $col; + // X position of the current column + $x = MARGIN + $col*($pagecolwidth+$column_space); + $this->SetLeftMargin($x); + $this->SetRightMargin($this->w - $x - $this->colwidth); + $this->SetXY($x, $this->y0); + $this->myHeader(); //print header msg if defined + $this->PrintTable("", 0); // if in table reprint title table + } + + //Method accepting or not automatic page break + /*public*/ function AcceptPageBreak() { + $this->SetCol(); + return false; + } + + // redefine this routine from tcpdf.php due to scaling bug + /*protected*/ function checkPageBreak($h) { + if (((($this->y + $h)*$this->scale/100.0) > $this->PageBreakTrigger) ) { + if ( !$this->InFooter ) { + if ( ($this->AcceptPageBreak())) { + $rs = ""; + //Automatic page break + $x = $this->x; + $ws = $this->ws; + if ($ws > 0) { + $this->ws = 0; + $rs .= '0 Tw'; + } + $this->AddPage($this->CurOrientation); + if ($ws > 0) { + $this->ws = $ws; + $rs .= sprintf('%.3f Tw', $ws * $k); + } + $this->_out($rs); + $this->y = $this->tMargin; + $this->x = $x; + } + } + } + } + + /*private*/ function S( $value = 1.0 ) { + return( $value * $this->scale / 100.0 ); + } + + // put Link in user space + /*private*/ function myLink( $x, $y, $w, $h, $Lnk = NULL, $Type = array('SubType'=>'Link') ) { + if( $Lnk == NULL ) return; + if( $Lnk == "" ) $Lnk = WEB."/"; + $this->Annotation( $this->S($x), $this->S($y), $this->S($w), $this->S($h), $Lnk, $Type); + //$this->Annotation( $x, $y, $w, $h, $Lnk, $Type); + } + + + //require_once("../utf8/native/core.php"); + // only for to upper case //require_once("../utf8/utils/unicode.php"); + + //setlocale(LC_ALL, 'de_DE'); + // try to abbreviate a full name, returns name if abbreviation was/is done + // has pointers to sur name, first name, avoids titles and extentions + // is based that given names and family names starts with capital + // all names between first given name and surname are secondary names + // will use utf8 routines only when needed and available + /*private*/ function Abbreviate( $name = "") { + // need to change this for utf8 uppercase detection + // substr and strtoupper arte dependent of setlocale... + $substr = 'substr'; + $strtoupper = 'strtoupper'; + $tokens = array(); + $cnt = preg_match_all('/([^\s\.]+\.|[^\s\.]+)/', $name, $tokens, PREG_SET_ORDER); + if( $cnt <= 0 ) return ( $name ); + $fam = -1; $married = 0; $i = 0; $success = FALSE; $first_name = -1; + for( $j = 0; $j < $cnt ; $j++ ) { + $tk = $tokens[$j]; + $nm = $tk[0]; if( $nm == "" ) continue; + // not utf8 + $ltr = $substr( $nm, 0, 1 ); + if(preg_match('/[^\x09\x20-\x7E]/',$ltr) !== 1 AND // it is utf8 + function_exists( 'utf8_substr') ) { + $substr='utf8_substr'; + //$strtoupper = 'utf8_strtoupper'; // requires utf8/utils/unicode.php + } + if( $strtoupper($ltr) != $ltr ) continue; // lower case setlocale dependent + elseif( preg_match('/\./', $nm ) ) { + if( $first_name < 0 ) $first_name = $j; + if( $first_name >= 0 ) $success = TRUE; // was abbreviated + continue; // title + } + if( $first_name < 0 ) $first_name = $j; + if( $married == 0 ) $fam = $j; + if( preg_match('/[-_]/', $nm ) ) { + // find special markers + if( $married == 0 ) $fam = $j; + $married++; + } + } + $name = ""; + for( $j = 0; $j < $cnt; $j++ ){ + $tk = $tokens[$j]; + if( !isset($tk[0]) ) continue; + $nm = $tk[0]; if( $nm == "" ) continue; + if( $name != "") $name .= " "; + $ltr = $substr( $nm, 0, 1 ); + if( $j == $fam ) $name .= $nm; + elseif( $strtoupper($ltr) != $ltr ) $name .= $nm; // lower case + elseif( preg_match('/\./', $nm ) ) $name .= $nm; + elseif( $j < $fam ) { // need to abbreviate + // not utf8 + // and abbreviate + if( $j == $first_name ) + $abr = "(". $substr( $nm, 1 ) . ")"; + else $abr = "."; + $name .= $ltr . $abr; $success = TRUE; // is abbreviated + } else $name .= $nm; + } + $ext = -1; for( $j = $cnt-1; $j >= 0 AND $j >= $fam; $j-- ) { + // try to find family names and see if there is abbreviation + $tk = $tokens[$j]; + if( !isset($tk[0]) ) continue; + $nm = $tk[0]; + if( $ext < 0 AND preg_match('/(^[^A-Z]|\.)/', $nm ) ) continue; + if( $ext < 0 ) $ext = $j+1; + if( preg_match('/\./', $nm ) ) { $success = TRUE; break; } + } + return( $success? $name : "" ); // and return abbriviated name + } + + // set formfield coordinates + // this routine is needed due to field ordinates are not scaled and in user space + // to be called before form field call (or as width parameter) + // and just after with true argument to restore X Y ordinates. + /*private*/ function SetFieldXY( $x=NULL, $y=NULL, $w=0) { + static $savex; + static $savey; + static $restored = true; + $restoreXY = $x == NULL ? true : false; + + if( $restored == $restoreXY ) + $this->Error("internal Form Field save/restore error\n"); + if( !$restoreXY ) { + /* save X Y ordinates */ + $savex = $this->GetX(); $savey = $this->GetY(); + // scale to user ordinates + $this->SetY( $this->S($y)); + $this->SetX( $this->S($x)); + } else { + /* restore X Y ordinates */ + $this->SetY( $savey); // different from SetXY() + $this->SetX( $savex); // different from SetXY() + } + $restored = $restoreXY; + return( $this->S($w) ); + } + + // print Date on left or right side + /*private*/ function PrintDate( $x=10, $y=10, $dstrg="teus", $dvalue="1945-10-6", $field = NULL , $RL = 'L') + { + static $TextProps = array('strokeColor' => LLBLUE, 'value' => "", 'fillColor' => LBLUE , 'textSize' => '11', 'charLimit'=> 10); + $TextProps['userName'] = $this->unhtmlentities( _("yyyy-mm-dd") ); + + $this->SetFont( FONT, '', F_SIZE); + $this->SetXY($RL == 'L'? $x : $x-50, $y); + $this->Cell(50, 3, $dstrg, 0, 0, $RL); + if($dvalue) { + $this->SetXY($RL == 'L'? $x :$x-50, $y+3.5); + $this->SetFont(FONT, "B", F_SIZE); + $this->Cell(50, 3, $dvalue, 0 , 0, $RL); + } + if( $field == NULL ) return; + $TextProps['value'] = $dvalue; + $this->TextField($field, $this->SetFieldXY(($RL == 'L'? $x+1 : $x-17), ($y+3.5),17), 5, $TextProps ); + $this->SetFieldXY(); + } + + // Add import HTML text eg from CCA + /*public*/ function PrintHTML( $url = NULL ) { + if( $url == NULL OR $url == "" ) return; + $error = ""; $title = ""; $url = POLICY.$url.EXT; + if( ! file_exists($url) ) $url = WEB."/".$url; + $data = file_get_contents($url); + if( !$data ) $error = "\nInternal Error: no ".$url." found."; + else { + $regs = array(); + preg_match('/<[Tt][Ii][Tt][Ll][Ee][^>]*>/', $data, $regs); + if( count($regs) < 1 ) $error .= "\nInternal Error: no open tag title found on $url."; + else { + $start = strpos($data, $regs[0]) + strlen($regs[0]); + $data = substr($data, $start); + } + $regs = array(); + preg_match('/<\/[Tt][Ii][Tt][Ll][Ee][^>]*>/', $data, $regs); + if( count($regs) < 1 ) $error .= "\nInternal Error: no close title tag found on $url."; + else { + $end = strpos($data, $regs[0]); + $title = trim(substr($data,0,$end)); + $data = substr($data, $end+strlen($regs[0])); + } + $regs = array(); + preg_match('/<[Bb][oO][Dd][yY][^>]*>/', $data, $regs); + if( count($regs) < 1 ) $error .= "\nInternal Error: no open html body tag found on $url."; + else { + $start = strpos($data, $regs[0]) + strlen($regs[0]); + $data = substr($data, $start); + } + $regs = array(); + preg_match('/<\/[Bb][oO][Dd][yY][^>]*>/', $data, $regs); + if( count($regs) < 1 ) $error .= "\nInternal Error: no closing html body tag found on $url."; + else { + $end = strpos($data, $regs[0])-1; + $data = substr($data, 1, $end); + } + } + if( !$title ) $title = $url; + $this->SetCol(); + $this->setFont(FONT, F_SIZE); + if( !$error ) { + $this->PrintHeader(_($title), $this->unhtmlentities( _('policy document') ), strncmp($url,WEB,strlen(WEB))==0? $url : (WEB."/".$url)); + if( $title ) $this->Bookmark($title,0); + $this->writeHTMLCell($this->colwidth,2.5,$this->lMargin+1,$this->GetY()+2.5, + $data, 0,2,0,'L'); + } + else + $this->MultiCell($this->colwidth, 3, $error); + } + + /*private*/ function PrintCOAP($organisation = NULL, $registry = NULL, $assurer = NULL, $assurance = NULL){ + $this->SetCol(); + $this->PrintHeader($this->unhtmlentities( _('CAcert Organisation Assurance Programme'), _('Organisation Information (COAP) form'), defined('ASSCOAP')?ASSCOAP:"",defined('WEB')? WEB.substr(__FILE__, strrpos(__FILE__,"/")) : "") ); + // define slighly different footer message + $this->myFooter("V". substr($this->Version(), 0, strpos($this->Version(), '.')).", ". $this->unhtmlentities( _('generated')." ".date("Y-n-j") )); + $this->AssuranceInfo(); + $this->InfoOrganisation($organisation, $registry); + $this->StatementOrganisation($organisation); + $this->StatementAssurer( $assurer, $assurance ); + } + + //Add form and/or CCA (on duplex only when more as one page is printed) + /*public*/ function PrintForm( $organisation = NULL, $registry = NULL, $assurer = NULL, $page = NULL ) { + + for($cnt=0 ; $cnt < $this->ncols; $cnt++ ) { + if( !isset( $page['form']) OR $page['form'] ) { + // the form is one page, use new room? + if ( $organisation == NULL OR $registry == NULL OR $assurer == NULL ) + $this->Error("Organisation or Assurer data records failure"); + $this->PrintCOAP( $organisation, $registry, $assurer); + } + // print off policy documents to be included in pdf file + foreach( $page['policies'] as $i => $file ) { + $this->Watermark = WATERMARK; // no watermark on these pages + if( $file ) $this->PrintHTML( $file ); + } + if( $this->col > 0 OR $this->getPage() > 1 ) break; + } + if( $this->getPage() > 1 ) { + // and on duplex print back side with Community Agreement + if( $this->CurOrientation == 'P' ) + $this->ViewerPrefs['Duplex'] = 'DuplexFlipLongEdge'; + else + $this->ViewerPrefs['Duplex'] = 'DuplexFlipShortEdge'; + } + // close up this column, make sure footer is printed. + $this->my_header_msg = NULL; $this->SetCol($this->col); + } + +// Set form title (right align) +/*public*/ function PrintHeader($title1 = " ", $title2 = " " , $url1 = NULL, $url2 = NULL) { + // store current top margin value + $tSide = $this->tMargin; + + // CAcert logo + // eps should be better, but it does not seem to work with CAcert logo + $this->rMargin -= 1; + $this->myFooter($title1,$url1); + $this->myHeader($title2,$url2); + if( LOGO_TYPE == '.eps' ) + $this->ImageEPS(BW?LOGO.'mono'.LOGO_TYPE:LOGO.'colour'.LOGO_TYPE, + ($this->lMargin+$this->colwidth)-51,$tSide-3,51); + else + // png image 1000 X 229 * 8 bits + $this->Image(BW?LOGO.'mono'.LOGO_TYPE:LOGO.'colour'.LOGO_TYPE, + ($this->lMargin+$this->colwidth)-51,$tSide-3,51,0,0, + NULL,0,true,intval(LOGO_DPI)); + $this->myLink($this->lMargin+$this->colwidth-51, $tSide-3,51,51/1000*229,WEB."/"); + // form type + $this->SetFont(FONT,'B',F_SIZE+5); + $this->SetY($tSide+5); $this->SetX($this->lMargin); + $l = $this->GetStringWidth($title1); + $this->Cell($this->colwidth+1,14,$title1,0,0,'R',0,NULL); + if( $url1 != NULL AND $url1 != "" ) + $this->myLink($this->lMargin+$this->colwidth-$l,$this->GetY()+5,$l,(F_SIZE+5)/2.9,$url1); + $this->Ln(5); $this->SetX($this->lMargin); + $l = $this->GetStringWidth($title2); + $this->Cell($this->colwidth+1,14,$title2,0,0,'R',0,NULL); + if( $url2 != NULL AND $url2 != "" ) + $this->myLink($this->lMargin+$this->colwidth-$l,$this->GetY()+5,$l,(F_SIZE+5)/2.9,$url2); + + // CAcert Inc. postbox address + $this->Ln(6); $this->SetX($this->lMargin); + $this->SetFont(FONT,'',F_SIZE); + $savex = $this->GetX(); $savey = $this->GetY(); + $strg = POBOX ." - ". WEB; + $this->SetXY($this->lMargin+$this->colwidth-$this->GetStringWidth($strg)-1.1,$this->GetY()+3.5); // right align + if( !BW ) $this->SetTextColor(17,86,140); + $ret = $this->Write(0, $strg, NULL); + $l = $this->GetStringWidth($strg); + $this->myLink($this->lMargin+$this->colwidth-$l,$this->GetY()+0.5,$l,F_SIZE/2.9,WEB); + $this->Ln(); + if( !BW ) $this->SetTextColor(0); + $this->SetXY($savex,$savey); + + // sha1 fingerprint CAcert rootkeys class 1 and class 3 + $strg = $this->unhtmlentities( _("CAcert's Root Certificate sha256 fingerprints") ) . ", class 1: ". CLASS1_SHA256 . ", class 3: " . CLASS3_SHA256; + $this->Ln(3); $this->SetX($this->lMargin); + $this->SetFont(FONT,'',F_SIZE * $this->colwidth / ($this->GetStringWidth($strg) +1)); + $this->Cell($this->colwidth,10, $strg,0,0,'C',0,NULL); + $this->myLink($this->lMargin, $this->GetY()+4,$this->colwidth,F_SIZE/2.9,ROOTKEYS); + $this->SetLineWidth(0.1); + if ( BW ) { $this->SetDrawColor(195); + } else { $this->SetDrawColor(17,86,140); + } + + $this->Line($this->lMargin, $tSide+25, $this->lMargin+$this->colwidth, $tSide+25); + $this->SetLineWidth(0.2); $this->SetDrawColor(0); + $this->rMargin += 1; + $this->SetXY($this->lMargin, $tSide+26); // top + } + +// Set general form information + /*private*/ function PrintInfo( $strg = "", $url = "") { + // store current margin values + + // Print text blurb paragraph at top of page + $this->SetFont(FONT,'',F_SIZE+0.5); + $this->SetXY($this->lMargin, $this->GetY()-1.5); + $y = $this->GetY(); $x = $this->GetX(); + $cnt=$this->MultiCell($this->colwidth+1, 0, $strg,0,'L',0,2); + if ( $url != "" ) // link should be in user space + $this->myLink($x, $y, $this->colwidth, $this->GetY()-$y, $url); + return($cnt); + } + +// print general CAP info +/*public*/ function AssuranceInfo( ) { + // store current margin values + $cellcnt = 0; + $this->SetY($this->GetY()+0.5); + $this->Bookmark($this->unhtmlentities( _('CAcert COAP form') ),0,$this->S($this->GetY())); + + // Show text blurb at top of page + $strg = $this->unhtmlentities( _('The CAcert Organisation Programme (COAP) aims to verify the identity of the organisation.') ); + $strg .= "\r\n". $this->unhtmlentities( _('The Applicant asks the Organisation Assurer to verify to CAcert Community that the information provided by the Applicant is correct, and according to the official trade office registration bodies.') ); + $cellcnt += $this->PrintInfo( $strg, defined('ASSINTRO')? ASSINTRO:""); + $cellcnt += $this->PrintInfo( $this->unhtmlentities( _('For more information about the CAcert Organisation Assurance Programme, including detailed guides to CAcert Organisation Assurers, please visit:')." ".WEB, defined('ASSCOAP')?ASSCOAP:"") ); + $cellcnt += $this->PrintInfo( $this->unhtmlentities( _('A CAcert Arbitrator can require the Organisation Assurer to deliver the completed forms and accompanying documents in the event of a dispute.'),defined('ARBIT')?ARBIT:"") ); + $this->SetY($this->GetY()+0.3); + return( $cellcnt); + } + + // print empty table with title for statements (called twice per table) + /*private*/ function PrintTable( $strg = NULL, $height = -1, $ext = 0 ) { + // store current margin values + static $tSide = -1; + static $title = ""; + if( $height < 0 ) { // mark table position, leave room for title + if( $strg != "" ) $title = $strg; + if( $title == "" ) return ($this->GetY()); // nothing to do + $tSide = $this->GetY()+1; + // background + if ( BW ) { + $this->SetFillColor(195); + $this->SetDrawColor(195); + } else { + $this->SetFillColor(173,197,215); + $this->SetDrawColor(173,197,215); + } + $this->Rect($this->lMargin-1,$tSide-1,1,9, "F"); + $this->Rect($this->lMargin-1,$tSide-1,$this->colwidth,1, "F"); + $this->SetFillColor(255); + if ( BW ) { $this->SetFillColor(125); + } else { $this->SetFillColor(17,86,140); + } + $this->Rect($this->lMargin,$tSide,$this->colwidth,7, "DF"); + $this->SetFillColor(255); $this->SetDrawColor(0); + + $this->SetXY($this->lMargin+1, $tSide+0.6); + $this->Bookmark($title,1,$this->S($tSide)); + $this->SetFont(FONT, '', F_SIZE+7); + $this->SetTextColor(255); + $this->Write(0, $title); + $this->SetTextColor(0); + $this->SetXY($this->lMargin+1, $tSide + 7); + $tSide += 8; // save old top + if ( $height != 0 ) return($this->GetY()); + } + elseif( $tSide < 0 ) return( $this->GetY()); + if( $height == 0 ) { // interrupted bottum of column reached + $height = $this-GetY() - $tSide; $save = $title; + $this->PrintTable("", $height); // finish till bottumn page + $tSide = $this->originalMargin; + $title = $save; + return( $this->GetY()); + } + if( $strg != "" ) $title = $strg; // just to be defensive + + // background + if ( BW ) { + $this->SetFillColor(195); + $this->SetDrawColor(195); + } else { + $this->SetFillColor(173,197,215); + $this->SetDrawColor(173,197,215); + } + $this->Rect($this->lMargin-1,$tSide,1,$height-1+$ext, "F"); + if( $ext ) + $this->Rect($this->lMargin-1,$tSide+$height,$this->colwidth,$ext, "F"); + $this->SetFillColor(255); + // borders of the table left, bottumn, right + $this->Line($this->lMargin,$tSide+$height-1, $this->lMargin, $tSide+$height); + $this->Line($this->lMargin,$tSide+$height,$this->lMargin+$this->colwidth,$tSide+$height); + $this->Line($this->lMargin+$this->colwidth,$tSide-1, $this->lMargin+$this->colwidth, $tSide+$height); + $this->SetDrawColor(0); + $this->SetY($tSide + $height + 1); // set Y ordinate to plus 7 + $tSide = -1; $title = ""; + return($this->GetY()); + } + +// a name, email address, phone number + /*private*/ function PrintName( $info = "", $title = "", $field = "", $name = "", $email = NULL, $phone = NULL, $backgrnd = false ) { + static $TextProps = array('strokeColor'=> LLBLUE, 'value' => " ", 'fillColor'=> LBLUE, 'doNotScrole'=> 'false', 'textSize' => 10, 'rotate'=> '0'); + + // just once to recover from Acrobat 7.0 problem !!!!!!!!!!!!!!!!!!!!!!!!!! + // make sure before the first time form field JS is called the fake is done + static $AcrobatName = array('strokeColor'=> LLBLUE, 'fillColor'=> LLBLUE, 'readonly' => 'true'); + if( $AcrobatName != NULL ) { + $this->TextField( 'NameNone', $this->SetFieldXY(300, $this->GetY()+2, 0), 0, $AcrobatName); + $this->SetFieldXY(); $AcrobatName = NULL; + } + // end of Acrobat defeat !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + $cellcnt = 1; $msg = ""; + // put assurer help for assurance in pdf file for mouse over + if ( $info != "" ) $msg = $info; + if ( $email != NULL AND $email != "" AND $title != "" ) + $msg .= " ". $this->unhtmlentities( _('The email address, which matches the CAcert account email address, is handy for administrative and contact reasons. For organisation administrator the email address is required.') ); + if( $msg != "" ) + $this->myLink($this->lMargin-7, $this->GetY()-1, 5, 3, $msg, + array('subtype'=> 'Text', 'Open' => true, + 'c'=> array(173,197,215), 'name' => 'Comment', + 'f'=> array( 'nozoom', 'readonly', 'norotate'), + 't'=> $this->unhtmlentities( _('COAP form help') )) + ); + if( $backgrnd ) { + if ( BW ) { + $this->SetFillColor(241); + } else { + //$this->SetFillColor(173,197,215); + $this->SetFillColor(234, 241, 246); + } + $this->Rect($this->lMargin+37.5,$this->GetY()+0.1, + $this->colwidth-38.5, + ($email != NULL AND $email != "") ? 5.7 : 2.8, + "F"); + $this->Rect($this->lMargin+1,$this->GetY()+0.1, + 35.5, + ($email != NULL AND $email != "") ? 5.7 : 2.8, + "F"); + $this->SetFillColor(255); + } + // assurer identity info + $this->SetX($this->lMargin+1); + $savey = $this->GetY(); + $this->SetFont(FONT, '', F_SIZE); + $l = $this->GetStringWidth($title); + //$l = ($l<=0? 0 : ($l < 35? 35 : $l)); + $l = $l < 35 ? 35 : $l; + $this->Write(0, $title); + $this->SetXY($this->lMargin+2+$l, $savey); + if( $name ) { + $this->SetFont(FONT, 'B', F_SIZE); + $this->SetXY( $this->lMargin+2 + $l, $savey-1); + $cellcnt += $this->MultiCell($this->colwidth-$l-3, 3, $name, 0, 1); + if( function_exists('utf8_to_ascii') AND + !utf8_is_ascii_ctrl( $name) ) + $ascii = utf8_to_ascii($name); + else + $ascii = ""; + if( $ascii == $name ) $ascii = ""; + if( $email != NULL ) $abbr = $this->Abbreviate( $name ); else $abbr=""; + if( $ascii != "" OR $abbr != "") { + $la = $this->GetStringWidth($name) + 5; + $msg = $this->unhtmlentities( _('The exact name of the individual may have transliterated characters and/or some given names may be abbreviated. If present the first given name will be shown abbreviated and parentheses around the last part of the given name.') )."\r\n"; + if( $ascii != "" ) $msg .= '* '. $ascii . "\r\n"; + if( $abbr != "" ) $msg .= '* '. $abbr . "\r\n"; + $this->myLink($this->lMargin+$l+$la, $savey, 3, 2, $msg, + array('subtype'=> 'Text', 'Open' => false, + 'c' => array(173,197,215), 'name' => 'Comment', + 'f'=> array( 'nozoom', 'readonly', 'norotate'), + 't' => $this->unhtmlentities( _('On the full name of the Assurer') ))); + } + } + $TextProps['value'] = $name ? $name : " "; + $TextProps['userName'] = $this->unhtmlentities( _('Full exact name of the individual.') ); + $this->TextField($field.($email? 'Name' : ""), $this->SetFieldXY($this->lMargin+2+$l, $savey, $this->colwidth-$l-3-($phone?25:0)), 4.5, $TextProps ); + $this->SetFieldXY(); + if( $phone AND $phone != " " ) { + $sx = $this->GetX(); $sy = $this->GetY(); + $this->SetFont(FONT, "", F_SIZE); + $sw = $this->GetStringWidth($phone) + 2; + $this->SetXY( $this->lMargin+$this->colwidth-$sw -4, $sy-4.8); + $this->SetFont('zapfdingbats', "", F_SIZE+3); + $this->Write(0, "&"); // telephone symbol + $this->SetXY( $this->lMargin+$this->colwidth-$sw-1, $sy-4.1); + $this->SetFont(FONT, "", F_SIZE); + $this->Cell($sw+1,0,$phone); + } + if( $phone ) { + $TextProps['value'] = $phone ? $phone : $this->unhtmlentities( _('phone nr') ) . "?"; + $TextProps['userName'] = $this->unhtmlentities( _('For organisation administrators and assurer: provide email address and optionally your phone number.') ); + $this->TextField($field.'Phone', $this->SetFieldXY($this->lMargin+$this->colwidth-25, $savey, 24), 4.5, $TextProps ); + $this->SetFieldXY(); + } + $savey += 3; + if( $email AND $email != " " ) { + $this->SetXY($this->lMargin+2+$l, $savey); $cellcnt++; + $this->SetFont(FONT, "", F_SIZE); + if( !BW ) $this->SetTextColor(17,86,140); + $this->Write(0, $email); + $this->myLink($this->lMargin+$l, $savey,$this->GetStringWidth($email), 3, "mailto:". $email . "?subject=" . $this->unhtmlentities( _('Organisation Assurance') )); + if( !BW ) $this->SetTextColor(0); + } + if( $email ) { + $TextProps['value'] = $email ? $email : $this->unhtmlentities( _('email') ) . "?"; + $TextProps['userName'] = $this->unhtmlentities( _('For organisation administrators and assurer: provide email address and optionally your phone number.') ); + $this->TextField($field.'Email', $this->SetFieldXY($this->lMargin+2+$l, $savey, $this->colwidth-$l-28), 4.5, $TextProps); + $this->SetFieldXY(); $savey += 3; + } +// phone number + $this->SetXY($this->lMargin+2, $savey); + return( $cellcnt ); + //$H = 5; // height of the name cell + } + +// All information of Applicant goes in one table +/*public*/ function InfoOrganisation( $organisation = NULL, $registry = NULL ){ + // Applicant Identity information part + $tSide = $this->PrintTable($this->unhtmlentities( _('Organisation Identity Information') ))+1; + + $msg = $this->unhtmlentities( _('The organisation name, director name and signature, and applicable company law is checked by the Organisation Assurer with the official Trade Office Registration (Extract) or by other means. The organisation domain name(s) are checked of ownership against the internet domain DNS records.') ); + $msg .= "\r\nThe organisation administrator (a CAcert Assurer) email address must be the primary email address registered with CAcert."; + // put hint on comparing names on title table + $this->myLink($this->lMargin-7, $tSide-7, 5, 5, $msg, + array('subtype'=> 'Text', 'Open' => true, + 'c'=> array(173,197,215), 'name' => 'Comment', + 'f'=> array( 'nozoom', 'readonly', 'norotate'), + 't'=> $this->unhtmlentities( _('On organisation identity information') ))); + + $this->SetXY($this->lMargin+1, $tSide); + $this->PrintName( + $this->unhtmlentities( _('The official full name of the organisation equal to the name of the organisation registered e.g. at the trade office registration of the state.') ), + $this->unhtmlentities( _('Name of the organisation') )." ", + "OrganisationNames0", + $organisation['namecnt']>0?$organisation['names'][0]:" ", + NULL, NULL, true); + $this->PrintName( + $this->unhtmlentities( _('The organisation address which should be equal to the address registered with the trade office.') ), + $this->unhtmlentities( _('Address (comma separated)') )." ", + "OrganisationAddress", + $organisation['address'], + NULL, NULL, true); + $strg = ""; + foreach( array( $organisation['type'], $organisation['state'], $organisation['country']) as $i ) + if( $i != "" ) $strg .= ($strg != "" ? ", ": "") . $i; + $this->PrintName( + $this->unhtmlentities( _('The legal organisation type: eg Ltd, EPS, society, foundation, association, etc. The state/country under which jurisdiction the organisation operates.') ), + $this->unhtmlentities( _('Type, jurisdiction (state)') )." ", + "OrganisationType", + $strg, + NULL, NULL, true); + //$this->Ln(0.4); + $strg = $organisation['namecnt'] <= 1 ? "" : $organisation['names'][1]; + for( $i = 3; $i <= $organisation['namecnt']; $i++) + $strg .= ", ". $organisation['names'][$i-1]; + $this->PrintName( $this->unhtmlentities( _('Other registered trade names of the organisation. (comma separated)') ), + $this->unhtmlentities( _('Registered Trade Names') ), 'OrganisationDBA', + $strg, + NULL, NULL, true); + //$this->Ln(0.4); + $strg = ""; + foreach( array( $registry['identifier'], $registry['name'], $registry['region'], $registry['date'] ) as $i ) + if( $i != "" ) $strg .= ($strg != "" ? ", " : "") . $i; + $this->PrintName( + $this->unhtmlentities( _('Trade Office Registry information, as organisation registration Identification number or license number, name of the trade office registry, trade office operating region, and optionally date of extract.') ), + $this->unhtmlentities( _('Registration (id, name, region)') ), + 'torinfo', + $strg, + NULL, NULL, true); + $this->Ln(0.4); + $strg = ""; foreach( $organisation['domains'] as $i ) + $strg .= ($strg != "" ? ", " : "") . $i; + $this->PrintName( + $this->unhtmlentities( _('The internet domain name(s) the organisation controls and owns. The names will be checked with WHOIS with e.g. the DNS official top domain registrar e.g. the country ccTLD . registrar.') ), + $this->unhtmlentities( _('Internet Domain(s)') ), + 'OrganisationDomains', + $strg, + NULL, NULL, true); + $this->Ln(0.4); + // all (max) three names with ID type right aligned. + // contact info o-admin address assuree + $cnt = $organisation['admincnt']; + $space = $this->getPageHeight()/$this->scale*100.0 -MINH ; // margin + for( $i = 0; $i < $cnt; $i++ ) { // names to be printed + $this->PrintName( + $this->unhtmlentities( _('The organisation administrator (CAcert Assurer) contact information. The administrator is appointed by the organisation director to administer the organisation domain certificates, secure the certificates and maintain them.') ), + $this->unhtmlentities( _('Organisation Administrator') ), + sprintf("OrganisationAdmin%d",$i), + $organisation['admins'][$i]['name'], + $organisation['admins'][$i]['email']? $organisation['admins'][$i]['email']:" ", + $organisation['admins'][$i]['phone']? $organisation['admins'][$i]['phone']:" ", + TRUE); + if( $space < $this->getY() ) break; + } + for( $j=0 ; $j < $i+3; $j++ ) { + // empty fields up to max 3 empty fields and allowed space + if( $space < $this->getY() ) break; + $this->PrintName( + $i+$j == 0? $this->unhtmlentities( _('The organisation administrator (CAcert Assurer) contact information. The administrator is appointed by the organisation director to administer the organisation domain certificates, secure the certificates and maintain them.') ):"", + $i+$j > 0? "": $this->unhtmlentities( _('Organisation Administrator') ), + sprintf("OrganisationAdmin%d",$i+$j), + "", " ", " ", TRUE); + } + $this->Ln(0.8); + //$this->SetXY($this->lMargin+1, $this->GetY()+0.35); + $next = $this->PrintTable( "", $this->GetY()-$tSide, 5); + $this->SetY($next); +} + + // print marked paragraph in the table + /*private*/ function PrintTicked( $strg = "", $tick = true ) { + // store current margin values + $savey = $this->GetY(); + + $celcnt = 0; $this->SetX($this->lMargin + 1); + if( $tick ) { + // use ✔ and ❑ of zapfdingbats font for OK tick + $savex = $this->GetX(); + $this->SetXY($this->GetX(), $savey+0.9); + $this->SetFont("zapfdingbats", F_SIZE+3); + $this->Write(0,"q"); // ❑ + $this->SetXY($savex+0.1, $savey+0.1); + if ( BW ) + $this->SetTextColor(80); + else + $this->SetTextColor(17, 86, 140); + //$this->SetTextColor(0,92,0); // #00BE00 lime + $this->Write(0,"4 ");// ✓ + $this->SetTextColor(0); + } + $this->SetXY($this->GetX(), $savey); + $this->SetFont(FONT,'',F_SIZE+0.5); + $celcnt = $this->MultiCell($this->lMargin+$this->colwidth-$this->GetX(), 3, $strg,0,'L'); + $this->SetXY($this->lMargin+1, $this->GetY()-1.5); + return($celcnt); + } + +// assuree statement +/*public*/ function StatementOrganisation( $organisation = NULL ) { + // store current margin values + $cellcnt = 0; + + // assuree statement section + $tSide = $this->PrintTable($this->unhtmlentities( _("Organisation's Statement") )); // mark table header + $msg = $this->unhtmlentities( _('The Director indicated by the Trade Office Registry Extract, has to underwrite the correctness of the information for the organisation and allowance of certificate operations by the administrators.') ); + $msg .= "\r\nFor formal contact with the organisation the email address of the organisation is required."; + // put hint on comparing names on title table + $this->myLink($this->lMargin-7, $tSide-7, 5, 5, $msg, + array('subtype'=> 'Text', 'Open' => true, + 'c'=> array(173,197,215), 'name'=> 'Comment', + 'f'=> array( 'nozoom', 'readonly', 'norotate'), + 't'=> $this->unhtmlentities( _("On director's statement") ))); + + $cellcnt += $this->PrintTicked( $this->unhtmlentities( _("Make sure you have read and agreed with the CAcert Community Agreement") ), false /* no tick */); + if( !BW ) $this->SetTextColor(17, 86, 140); + $this->SetXY($this->lMargin+2,$this->GetY()-0.5); + $ret = $this->Write($this->lasth, WEB."/".POLICY.CCA.EXT, NULL); + $this->myLink($this->lMargin+1, $this->GetY()-F_SIZE/2.9, $this->colwidth-2, F_SIZE*2.9/2.9, WEB."/".POLICY.CCA.EXT); + $this->Ln(4); + if( !BW ) $this->SetTextColor(0); + $this->Ln(0.3); + + $this->PrintName($this->unhtmlentities( _('Name and contact details (organisation email address & optionally phone number), of the Director of the organisation as is referred to in the trade office extract.') ), + $this->unhtmlentities( _('Director') ), "OrganisationDirector", $organisation['director'], + $organisation['email']?$organisation['email'] : "email:", + $organisation['phone']? $organisation['phone']:" "); + $cellcnt += $this->PrintTicked( $this->unhtmlentities( _('I agree to the CAcert Community Agreement.') ), true /* tick */); + $cellcnt += $this->PrintTicked( $this->unhtmlentities( _('I hereby confirm that all information is complete and accurate and will notify CAcert of any updates or changes thereof.') ), true /* tick */); + $cellcnt += $this->PrintTicked( $this->unhtmlentities( _('I am duly authorised to act on behalf of the organisation, I grant operational certificate administrative privileges to the specified Organisation Administrator and, I request the Organisation Assurer to verify the organisation information according to the Assurance Policies.') ), true /* tick */); + + $this->Ln(0.5); + $savey = $this->GetY(); + $strg = $this->unhtmlentities( _('Date') ); + if($organisation['date'] == "") + $strg .= " (". $this->unhtmlentities( _("yyyy-mm-dd") ). ")"; + $strg = $strg; + $this->PrintDate( $this->lMargin+1, $savey+1, $strg, $organisation['date'], 'OrganisationDate', 'L'); + + $strg = $this->unhtmlentities( _('Signature and organisation stamp') ); + $this->SetFont(FONT, '', F_SIZE); + $l = $this->GetStringWidth( $strg ); + $this->SetXY($this->lMargin+$this->colwidth-$l-3, $savey+1); + $this->Write(0, $strg); $this->Ln(7) ; // and leave some room + + // draw the table borders and header at marked ordinate + $next = $this->PrintTable("", $this->GetY()-$tSide); + + $this->SetY($next); + } + +// assurer statement + /*public*/ function StatementAssurer( $assurer = NULL ) { + if( $assurer == NULL ) return; + + // store current margin values + $TextProps = array('strokeColor'=> LLBLUE, 'value' => "", 'fillColor'=> LBLUE, 'doNotScrole'=> 'true', 'textSize' => '14', 'rotate'=>0); + $cellcnt = 0; + + $tSide = $this->PrintTable($this->unhtmlentities( _("Organisation Assurer's Statement") )); // mark table ordinate + // put assurer help for assurance in pdf file for mouse over + $msg = $this->unhtmlentities( _('The organisation assurer will check the trade office registry for company information (name, location, country of jurisdiction, director names, trade office Identification number, domain name ownership, and system admin reference). Any associated costs for this research will be reimborsed by the assurer from the organisation.') ); + $this->myLink($this->lMargin-7, $tSide-6, 5, 5, $msg, + array('subtype'=> 'Text', 'Open' => true, + 'c'=> array(173,197,215), 'name'=> 'Comment', + 'f'=> array( 'nozoom', 'readonly', 'norotate'), + 't'=> $this->unhtmlentities( _('On mutual assurance') ))); + // assurer identity info + $this->Ln(0.9); + $this->PrintName( + $this->unhtmlentities( _('The Organisation Assurer contact information. This assurer will verify the organisation identity and registration information.') ), + $this->unhtmlentities( _('Organisation Assurer') ) . " ","Assurer", + $assurer['name'], + $assurer['email']? $assurer['email']:" ", + $assurer['phone']? $assurer['phone']:" "); + + // assurer statements + $this->SetY($this->GetY()-0.5); + $cellcnt += $this->PrintTicked( $this->unhtmlentities( _("I, the Assurer, hereby confirm that I have verified the official Information for the organisation, I will witness the organisation's identity in the CAcert Organisation Assurance Programme, and complete the Assurance.") ), true /* ticked */); + $cellcnt += $this->PrintTicked( $this->unhtmlentities( _('I am a CAcert Community Member, have passed the Organisation Assurance Challenge, and have been appointed for Organisation Assurances within the country where the organisation is registered.') ), true /* ticked */); + $this->Ln(1); $savey = $this->GetY(); + + $strg = $this->unhtmlentities( _('Date') ); + if( $assurer['date'] == "" ) $strg .= " (" . $this->unhtmlentities( _("yyyy-mm-dd") ).")"; + $strg = $strg; + $this->PrintDate( $this->lMargin+1, $savey, $strg, $assurer['date'], 'AssurerDate', 'L'); + + $this->SetXY($this->lMargin+1, $savey); + $this->SetFont(FONT, "",F_SIZE); + $strg = $this->unhtmlentities( _("Organisation Assurer's signature") ); + $this->SetXY($this->lMargin+$this->colwidth-$this->GetStringWidth($strg)-3, $savey); + $this->Write(0, $strg ); + $savey = $this->GetY()+7; // leave room for date and signature + if( $this->GetPageHeight()/$this->scale*100.0-$savey > MARGIN+4) + $savey += 2; + $this->SetXY($this->lMargin+1, $savey); + $l = $this->GetPageHeight()/$this->scale*100.0-$this->GetY() - MARGIN; + if($l > 3 ) $l = 3; if( $l > 0 ) $this->Ln($l); // try to come close to margin + $next = $this->PrintTable("", $this->GetY()-$tSide); + $this->SetY($next); + } + +// End of CAPPDF TCPDF class extension +} + + +// -------------------------------------------------------------------------------- +// import environmental data ------------------------------------------------------- +// get $form, $orientation, $assuree, $assurer, $assurance info +// FONT and BW are set already + +// import info +$utf8 = false; +function GET( $key = "" ) { + global $utf8; + $strg = array_key_exists( $key, $_GET) ? $_GET[$key] : ""; + if(!$utf8 AND $strg != "" AND + !utf8_is_ascii_ctrl($strg) AND + !function_exists('utf8_to_ascii')) { + $utf8 = true; + } + return( $strg ); +} + +// form, CCA and page format info + $page['format'] = strtolower(GET('format')); // A3, A4, A5, letter, legal, etc. + if( !$page['format'] ) $page['format'] = 'a4'; // default a4, portrait + // on landscape orientation we do two half pages + $page['orientation'] = strtolower(GET('orientation')); + if( $page['orientation'] != 'l' AND $page['orientation'] != "landscape" ) { + $page['orientation'] = 'p'; // default is portrait and 1 up + } + $page['form'] = GET('noform') != "" ? false : true; + // dft is now true it should go to true + $page['policies'] = array(); + if( GET('nocca') == "" ) { + if( defined('CCA') ) $page['policies'][] = CCA; + } + // set $page['form'] on 'simplex' or 'duplex' to get CCA on pdf page + +// Assurer info +$assurer = array ( 'name' => my_recode(GET('assurer')) , + 'email' => my_recode(GET('assureremail')), + 'date' => my_recode(GET('assurerdate')), + 'phone' => my_recode(GET('assurerphone')), + ); + +/* +// assurance info +$assurance = array ( 'location' => my_recode(GET('location')), + 'date' => my_recode(GET('assurancedate'))?my_recode(GET('assurancedate')): + my_recode(GET('date')), + 'notes' => '' // not yet used + ); +*/ + +// trade office info +$registry = array ( + 'identifier' => my_recode(GET('identifier')), + 'date' => my_recode(GET('tordate')), + 'region' => my_recode(GET('torregion')), + 'name' => my_recode(GET('tor')), + ); + +// Assuree info +$organisation = array ( + 'names' => array( ), // [0] full name, [>0] DBA's + 'namecnt' => 0, + 'date' => my_recode(GET('date')) == "now" ? date("Y-m-d") : + my_recode(GET('date')), + 'address' => my_recode(GET('address')), + 'state' => my_recode(GET('state')), + 'country' => my_recode(GET('country')), + 'type' => my_recode(GET('type')), + 'director' => my_recode(GET('director')), + 'email' => my_recode(GET('email')), + 'phone' => my_recode(GET('phone')), + 'domains' => array(), // dns names for server certs + 'admincnt' => 0, + 'admins' => array(), // name, email, phone + ); + +if( $assurer['date'] == "now" ) $assurer['date'] = date("Y-m-d"); +//if( $registry['date'] == "now" ) $registry['date'] = date("Y-m-d"); + +function Dstr( $first = "", $strg = "", $cnt = 0 ) { + return( $cnt>0? sprintf("%s%d%s", $first, $cnt, $strg) : $first.$strg ); +} +// company name info and trade names +$j = 0; // after two successive empty names we stop +for( $i = -1; $i <= 9 AND $j < 3; $i++) { // max 9 names we only print 4 max... + $name = my_recode(GET(Dstr($i>=0? "dba" : "name", "", $i))); + if( $name ) { $j = 0; + $organisation[ 'namecnt' ]++; + $organisation[ 'names' ] [] = $name; + } else $j++; +} +// administrator info +$j = 0; // after two successive empty names we stop +for( $i = 0; $i <= 9 AND $j < 2; $i++) { // max 9 names we only print 4 max... + $name = my_recode(GET(Dstr("admin", "", $i))); + if( $name ) { $j = 0; + $organisation[ 'admincnt' ]++; + $organisation[ 'admins' ] [] = array ( + 'name' => $name ? $name : "", + 'email' => my_recode(GET(Dstr("admin","email",$i))), + 'phone' => my_recode(GET(Dstr("admin","phone",$i))), + ); + } else $j++; +} +// organisation domain names convert to array of lowercased names +$j = 0; $domains = ""; +for( $i = 0; $i <= 25 AND $j < 2; $i++ ) { + $name = my_recode(GET(Dstr("domain", "", $i))); + if( $name ) { $j = 0; + if( $domains != "" ) $domains .= ","; + $domains .= strtolower($name); + } else $j ++; +} +$i = 0; +if( $domains ) { // csv list to array and trim white spaces + $domains = strtok($domains,','); + for( ; $domains != ""; $i++) { + $organisation['domains'][$i] = trim($domains); $domains = strtok(','); + } + sort( $organisation['domains'] ); +} else $organisation['domains'][0] = " "; +unset($domains); + +// try to get policy documents names to be printed off +$j = 0; // after two successive empty name we stop searching +for( $i = 1; $i <= 9 AND $j<2; $i++ ) { + $name = GET(sprintf("policy%d", $i)); + if( $name != "" ) { $page['policies'][] = $name; $j = 0; } + else $j++; +} + +if( $utf8 ) { // have scanned arguments for non-ascii code now + //require_once("../utf8/native/core.php"); + // only for to upper case require_once("../utf8/utils/unicode.php"); + require_once ( UTF8_ASCII ); +} + +unset( $i ); unset( $j); unset( $utf8 ); // unset($_GET); +// end of arguments imports + + header("Expires: ".gmdate("D, j M Y G:i:s \G\M\T", time()+10800)); + header("Content-Disposition: attachment; filename=CAcert cap.pdf"); + header("Cache-Control: public, max-age=10800"); + header("Pragma: cache"); +// Content-Type and Content Length is done by tcpdf package + +// create new PDF document ===================================================== + $pdf = new COAPPDF( + /* PDF_PAGE_ORIENTATION */ $page['orientation'], + PDF_UNIT /* mm */, + /* PDF_PAGE_FORMAT */ $page['format'], + true + ); + $pdf->SetFormat( $page['format'] ); // set paper size scaling + +// protection is encryption and this will cause 3.5 times performance loss +// $pdf->SetProtection(array('print', 'annot-forms')); + +// set document property information + $pdf->SetCreator("LibreSSL - CAcert web application"); + $pdf->SetAuthor("© " . date("Y") . " CAcert Inc., Australia."); + $pdf->SetKeywords("X.509, Organisation Assurance Programme, COAP form, digital certificates, CAcert, Community Agreement"); + $pdf->SetTitle("CAcert Organisation Assurance Programme"); + $pdf->SetSubject("COAP form V".$pdf->Version().", generated " . date("Y-n-j H:i:s T")); + if( GET('watermark') != '') $pdf->Watermark = my_recode(GET('watermark')); + // requires zlib and will decrease response time but increase bandwidth + // if no zlib is found, automatically no compression is done + $pdf->SetCompression(true); // turn it off when more pperformance is needed + +// AddSJISFont function is not present in tcpdf package !!!! + +//set auto page breaks + $pdf->SetAutoPageBreak(TRUE, MARGIN*0.707); + +//set image scale factor + $pdf->setImageScale(PDF_IMAGE_SCALE_RATIO); + +//set some language-dependent strings + $pdf->setLanguageArray($l); + +//initialize document + $pdf->AliasNbPages(); + +// AND GENERATE THE FORM =================================== + // generation properties which have been set from environment: + // BW (color), FONT (free Sans Vera), orientation (portrait, 1-up), format (A4) + if ( FONT == 'SJIS') $pdf->AddSJISFont(); + $pdf->PrintForm($organisation, $registry, $assurer, $page); + $pdf->setViewerPreferences($pdf->ViewerPrefs); + +//Close and output PDF document + $pdf->Output("CAcert COAP.pdf", "I"); + +//============================================================+ +// END OF FILE +//============================================================+ +?> diff --git a/ttp.php b/ttp.php new file mode 100644 index 00000000..cc01bcbb --- /dev/null +++ b/ttp.php @@ -0,0 +1,213 @@ +GetStringWidth($blt)+$this->cMargin*2; + $bak_x = $this->x; + $this->Cell($blt_width,$h,$blt,0,'',$fill); + $this->MultiCell($w-$blt_width,$h,$txt,$border,$align,$fill); + $this->x = $bak_x; + } + + function Header() + { + $this->Image($_REQUEST['bw']?'images/CAcert-logo-mono-1000.png':'images/CAcert-logo-colour-1000.png',8,8,100); + $this->SetFont('Arial','B',14); + if($_SESSION['_config']['language'] == "ja") + $this->SetFont('SJIS','B',14); + $this->Cell(100); + $this->Cell(40,20,recode($_SESSION['_config']['recode'], _("Trusted Third Party"))); + $this->Ln(6); + $this->Cell(100); + $this->Cell(40,20,recode($_SESSION['_config']['recode'], _("Identity Verification Form"))); + $this->Ln(10); + } + + function Footer() + { + $this->SetY(-10); + $this->SetFont('Arial','I',8); + if($_SESSION['_config']['language'] == "ja") + $this->SetFont('SJIS','I',8); + $this->Cell(0,0,'CAcert Inc. - P.O. Box 4107 - Denistone East NSW 2112 - Australia - http://www.CAcert.org',0,0,'C'); + $this->SetY(-7); + $this->SetFont('Arial','',6); + if($_SESSION['_config']['language'] == "ja") + $this->SetFont('SJIS','',6); + $this->Cell(0,0, recode($_SESSION['_config']['recode'], _("CAcert's Root Certificate fingerprints")).": 07ED BD82 4A49 88CF EF42 15DA 20D4 8C2B 41D7 1529 D7C9 00F5 7092 6F27 7CC2 30C5 "._("and")." DDFC DA54 1E75 77AD DCA8 7E88 27A9 8A50 6032 52A5",0,0,'C'); + } + + function Body($name = "", $dob = "", $email = "", $date = "") + { + if($date == "now") + $date = date("Y-m-d"); + + // Show text blurb at top of page + $this->SetY(40); + $this->SetFont('Arial','',10); + if($_SESSION['_config']['language'] == "ja") + $this->SetFont('SJIS','',10); + $this->Write(4, recode($_SESSION['_config']['recode'], _("The CAcert Trusted Third Party (TTP) Programme is designed to assure Internet user identities through personal verification of government issued identity documents."))); + $this->Ln(7); + $this->Write(4, recode($_SESSION['_config']['recode'], _("The Applicant asks you to certify to CAcert that you have met with the Applicant and verified the Full Name, Date of Birth, and ID Numbers of the Applicant against two separate original government issued photo-identity documents. Once the photocopies of the photo IDs have been verified by the TTP they must be signed by the TTP with the statement 'I certify that this copy is a true copy of the original document'. The verified and signed photocopies of IDs are then to be included with the completed TTP forms and returned to CAcert Inc."))); + $this->Ln(7); + $this->Write(4, recode($_SESSION['_config']['recode'], _("Please complete and sign this form, and sign the photocopies of the IDs, to acknowledge that").":")); + $this->Ln(7); + $this->MultiCellBlt($this->w - 25, 5, "1", recode($_SESSION['_config']['recode'], _("You have viewed two of the Applicant's photo identity documents and you are convinced of their authenticity, and are convinced that the photos indeed depict the Applicant (allowed documents are government-issued documents with photos such as driver's license, passport, or others that are normally accepted as legal identification in your country; expired documents are allowed)."))); + $this->Ln(2); + $this->MultiCellBlt($this->w - 25, 5, "2", recode($_SESSION['_config']['recode'], _("You have verified that the Full Name, Date of Birth, and ID Numbers on the identity documents matches those filled in the Applicant section below and in the photocopies provided."))); + $this->Ln(4); + $this->Write(4, sprintf(recode($_SESSION['_config']['recode'], _("If you have ANY doubts or concerns about the identity of the Applicant then please DO NOT COMPLETE AND SIGN this form. For more information about the Web of Trust, including detailed guides for Trusted Third Parties, please see: %s")), "http://www.CAcert.org")); + $this->Ln(8); + $this->Write(4, recode($_SESSION['_config']['recode'], _("PLEASE NOTE: You must get 2 fully completed TTP forms before sending anything to CAcert. Failure to do so will only cause your application to be delayed until all forms have been received by CAcert!"))); + + // TTP Section + $top = 160; + $this->Rect(11, $top, $this->w - 25, 45, "D"); + $this->Line(11, $top + 6, $this->w - 14, $top + 6); + $this->Line(11, $top + 12, 120, $top + 12); + $this->Line(11, $top + 18, 120, $top + 18); + $this->Line(11, $top + 24, 120, $top + 24); + $this->Line(11, $top + 30, 120, $top + 30); + $this->Line(11, $top + 36, $this->w - 14, $top + 36); + $this->Line(120, $top + 6, 120, $top + 36); + $this->SetXY(11, $top + 3); + $this->SetFont("Arial", "BUI", "12"); + if($_SESSION['_config']['language'] == "ja") + $this->SetFont('SJIS','BUI',12); + $this->Write(0, recode($_SESSION['_config']['recode'],_("Person Verifying Applicant's Identity"))); + $this->SetXY(11, $top + 9); + $this->SetFont("Arial", "B", "8"); + if($_SESSION['_config']['language'] == "ja") + $this->SetFont('SJIS','B',8); + $this->Write(0, recode($_SESSION['_config']['recode'],_("Names").":")); + $this->SetXY(120, $top + 9); + $this->Write(0, recode($_SESSION['_config']['recode'],_("Office Street Address").":")); + $this->SetFont("Arial", "B", "6"); + if($_SESSION['_config']['language'] == "ja") + $this->SetFont('SJIS','B',6); + $this->SetXY(11, $top + 14); + $this->Write(0, recode($_SESSION['_config']['recode'],_("Profession (Please circle one)")).":"); + $this->SetXY(11, $top + 16); + $this->Write(0, recode($_SESSION['_config']['recode'],_("Justice of the Peace, Public Notary, Lawyer, Accountant, or Bank Manager"))); + $this->SetXY(11, $top + 20); + $this->Write(0, recode($_SESSION['_config']['recode'],_("Bar Association, CPA Number or Bank Name and Branch, JP/Notary Number")).":"); + $this->SetXY(11, $top + 22); + $this->Write(0, recode($_SESSION['_config']['recode'], "("._("as applicable")."):")); + $this->SetFont("Arial", "B", "8"); + if($_SESSION['_config']['language'] == "ja") + $this->SetFont('SJIS','B',8); + $this->SetXY(11, $top + 27); + $this->Write(0, recode($_SESSION['_config']['recode'],_("Office Phone")).":"); + $this->SetXY(11, $top + 33); + $this->Write(0, recode($_SESSION['_config']['recode'],_("Email (if applicable)")).":"); + $this->SetXY(11, $top + 39); + $this->Write(0, recode($_SESSION['_config']['recode'],_("Signature")).":"); + $this->SetXY(120, $top + 39); + $this->Write(0, recode($_SESSION['_config']['recode'],_("Date")).": "); + if($date) + $this->Write(0, $date); + + // TTP Section + $top += 50; + $this->Rect(11, $top, $this->w - 25, 45, "D"); + $this->Line(11, $top + 6, $this->w - 14, $top + 6); + $this->Line(11, $top + 12, $this->w - 14, $top + 12); + $this->Line(11, $top + 18, $this->w - 14, $top + 18); + $this->Line(11, $top + 24, $this->w - 14, $top + 24); + $this->Line(11, $top + 30, $this->w - 14, $top + 30); + $this->Line(11, $top + 36, $this->w - 14, $top + 36); + $this->Line(120, $top + 6, 120, $top + 36); + $this->SetXY(11, $top + 3); + $this->SetFont("Arial", "BUI", "12"); + if($_SESSION['_config']['language'] == "ja") + $this->SetFont('SJIS','BUI',12); + $this->Write(0, recode($_SESSION['_config']['recode'],_("Applicant Information"))); + $this->SetXY(11, $top + 9); + $this->SetFont("Arial", "B", "8"); + if($_SESSION['_config']['language'] == "ja") + $this->SetFont('SJIS','B',8); + $this->Write(0, recode($_SESSION['_config']['recode'],_("Full Name (as shown on ID)").":")); + if($name) + { + $this->SetXY(120, $top + 9); + $this->Write(0, $name); + } + $this->SetXY(11, $top + 15); + $this->Write(0, recode($_SESSION['_config']['recode'],_("Main email (so we can find you)")).":"); + if($email) + { + $this->SetXY(120, $top + 15); + $this->Write(0, $email); + } + $this->SetXY(11, $top + 21); + $this->Write(0, recode($_SESSION['_config']['recode'],_("Date of Birth")).": "); + $this->SetFont("Arial", "B", "6"); + if($_SESSION['_config']['language'] == "ja") + $this->SetFont('SJIS','B',6); + $this->Write(0, "(".recode($_SESSION['_config']['recode'], _("YYYY-MM-DD")).")"); + $this->SetFont("Arial", "B", "8"); + if($_SESSION['_config']['language'] == "ja") + $this->SetFont('SJIS','B',8); + if($dob) + { + $this->SetXY(120, $top + 21); + $this->Write(0, $dob); + } + $this->SetXY(11, $top + 27); + $this->Write(0, recode($_SESSION['_config']['recode'],_("First ID Number (driver's license, passport etc)")).":"); + $this->SetXY(11, $top + 33); + $this->Write(0, recode($_SESSION['_config']['recode'],_("Second ID Number (driver's license, passport etc)")).":"); + $this->SetXY(11, $top + 39); + $this->Write(0, recode($_SESSION['_config']['recode'],_("Signature")).":"); + $this->SetXY(120, $top + 39); + $this->Write(0, recode($_SESSION['_config']['recode'],_("Date")).": "); + if($date) + $this->Write(0, $date); + } + } + + $format = $_GET['format']; + if($format != "letter") + $format = "A4"; + + $pdf = new PDF('P', 'mm', $format); + if($_SESSION['_config']['language'] == "ja") + $pdf->AddSJISFont(); + $pdf->Open(); + $pdf->AddPage(); + $pdf->Body($_GET['name'], $_GET['dob'], $_GET['email'], $_GET['date']); + header("Expires: ".gmdate("D, j M Y G:i:s \G\M\T", time()+10800)); + header("Content-Disposition: attachment; filename=ttp.pdf"); + header("Cache-Control: public, max-age=10800"); + header("Pragma: cache"); + $pdf->output(); + exit; +?> diff --git a/usbclient.pl b/usbclient.pl new file mode 100644 index 00000000..f2186340 --- /dev/null +++ b/usbclient.pl @@ -0,0 +1,1019 @@ +#!/usr/bin/perl -w + +# CommModule - CAcert Communication module +# Copyright (C) 2004-2021 CAcert Inc. +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; version 2 of the License. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + +# Production Client / CommModule + +use strict; +use Device::USB; +use POSIX; +use Time::HiRes q(usleep); +use File::CounterFile; +use File::Copy; +use DBI; +use Locale::gettext; +use IO::Socket; +use MIME::Base64; +use Digest::SHA1 qw(sha1_hex sha1); + +#Protocol version: +my $ver=1; + +#Debugging does not delete work-files for later inspection +my $debug=0; + +#Paranoid exists the program on a malicious request +my $paranoid=1; + +#Location of the openssl and gpg binaries +my $gpgbin="/usr/bin/gpg"; +my $opensslbin="/usr/bin/openssl"; + +my $mysqlphp="/home/cacert/www/includes/mysql.php"; + +my %revokefile=(2=>"../www/class3-revoke.crl",1=>"../www/revoke.crl",0=>"../www/revoke.crl"); + +#USB-Link settings +my $PACKETSIZE=0x100; +my $SALT="Salz"; +my $HASHSIZE=20; + +#End of configurations + +######################################################## + + +#Reads a while file and returns the content +#Returns undef on failure +sub readfile($) +{ + my $olds=$/; + my $content=undef; + if(open READIN,"<$_[0]") + { + binmode READIN; + undef $/; + $content=; + close READIN; + $/=$olds; + } + return $content; +} + +#Writes/Overwrites a file with content. +#Returns 1 on success, 0 on failure. +sub writefile($$) +{ + if(open WRITEOUT,">$_[0]") + { + binmode WRITEOUT; + print WRITEOUT $_[1]; + close WRITEOUT; + return 1; + } + return 0; +} + +#mkdir "revokehashes"; +foreach (keys %revokefile) +{ + my $revokehash=sha1_hex(readfile($revokefile{$_})); + print "Root $_: Hash $revokefile{$_} = $revokehash\n"; +} + +my %monarr = ("Jan" => 1, "Feb" => 2, "Mar" => 3, "Apr" => 4, "May" => 5, "Jun" => 6, "Jul" => 7, "Aug" => 8, "Sep" => 9, "Oct" => 10, "Nov" => 11, "Dec" => 12); + +my $content=readfile($mysqlphp); +my $password="";$password=$1 if($content=~m/mysql_connect\("[^"]+",\s*"\w+",\s*"(\w+)"/); +$content=""; + +my $dbh = DBI->connect("DBI:mysql:cacert:localhost",$password?"cacert":"",$password, { RaiseError => 1, AutoCommit => 1 }) || die ("Error with the database connection.\n"); + + +#Logging functions: +sub SysLog($) +{ + my @ltime=localtime; + my $date=strftime("%Y-%m-%d",@ltime); + open LOG,">>logfile$date.txt"; + return if(not defined($_[0])); + my $timestamp=strftime("%Y-%m-%d %H:%M:%S",@ltime); + #$syslog->write($_[0]."\x00"); + print LOG "$timestamp $_[0]"; + print "$timestamp $_[0]"; + flush LOG; + close LOG; +} + + +sub Error($) +{ + SysLog($_[0]); + if($paranoid) + { + die $_[0]; + } +} + + +my $timestamp=strftime("%Y-%m-%d %H:%M:%S",localtime); + + +sub mysql_query($) +{ + $dbh->do($_[0]); +} + +sub trim($) +{ + my $new=$_[0]; + $new=~s/^\s*//; + $new=~s/\s*$//; + return($new); +} + +sub addslashes($) +{ + my $new=$_[0]; + $new=~s/['"\\]/\\$1/g; + return($new); +} + +sub recode +{ + return $_[1]; +} + + +#Hexdump function: Returns the hexdump representation of a string +sub hexdump($) +{ + return "" if(not defined($_[0])); + my $content=""; + $content.=sprintf("%02X ",unpack("C",substr($_[0],$_,1))) foreach (0 .. length($_[0])-1); + return $content; +} + +#pack3 packs together the length of the data in 3 bytes and the data itself, size limited to 16MB. In case the data is more than 16 MB, it is ignored, and a 0 Byte block is transferred +sub pack3 +{ + return "\x00\x00\x00" if(!defined($_[0])); + my $data=(length($_[0]) >= 2**24)? "":$_[0]; + my $len=pack("N",length($data)); + #print "len: ".length($data)."\n"; + return substr($len,1,3).$data; +} + + +#unpack3 unpacks packed data. +sub unpack3($) +{ + return undef if((not defined($_[0])) or length($_[0])<3); + #print "hexdump: ".hexdump("\x00".substr($_[0],0,3))."\n"; + my $len=unpack("N","\x00".substr($_[0],0,3)); + #print "len3: $len length(): ".length($_[0])." length()-3: ".(length($_[0])-3)."\n"; + return undef if(length($_[0])-3 != $len); + return substr($_[0],3); +} + + +#unpack3array extracts a whole array of concatented packed data. +sub unpack3array($) +{ + my @retarr=(); + if((not defined($_[0])) or length($_[0])<3) + { + SysLog "Datenanfang kaputt\n"; + return (); + } + my $dataleft=$_[0]; + while(length($dataleft)>=3) + { + #print "hexdump: ".hexdump("\x00".substr($dataleft,0,3))."\n"; + my $len=unpack("N","\x00".substr($dataleft,0,3)); + #print "len3: $len length(): ".length($dataleft)." length()-3: ".(length($dataleft)-3)."\n"; + if(length($dataleft)-3 < $len) + { + SysLog "Datensatz abgeschnitten\n"; + return (); + } + push @retarr, substr($dataleft,3,$len); + $dataleft=substr($dataleft,3+$len); + } + if(length($dataleft)!=0) + { + SysLog "Ende abgeschnitten\n"; + return (); + } + return @retarr; +} + +#Pack4 packs and secret-key signs some data. +sub pack4($) +{ + return pack("N",length($_[0])).$_[0].sha1($SALT.$_[0]); +} + + + + + +$timestamp=strftime("%Y-%m-%d %H:%M:%S",localtime); + +SysLog("Starting Server at $timestamp\n"); + +$SALT=readfile(".salt.key"); + +SysLog("Opening USB-Link interface:\n"); + +#Opening USB device: +my $usb = Device::USB->new(); +my @list=$usb->list_devices(0x067b,0x2501); +my $dev = $list[0]; +if(defined($dev)) +{ + #print "USB-Link Device found: ", $dev->filename(), "\n"; + if($dev->open()) + { + #print "\t", $dev->manufacturer(), ": ", $dev->product(), "\n"; + $dev->claim_interface(0); + + my $buffer=" "; + + $dev->control_msg(0xc0 , 0xfb, 0, 0, $buffer, 2, 1000); + + if($buffer ne "\x04\x08" and $buffer ne "\x0c\x04" and $buffer ne "\x00\x0c" and $buffer ne "\x04\x0c") + { + print "Please plug the USB-Link cable into the other computer.\n"; + } + else + { + print "USB-Link ok.\n"; + } + } + else + { + print "Unable to work with USB-Link device: $!\n"; + } +} +else +{ + print "USB-Link Device not found. Please plug the cable into this computer.\n"; +} + + + + + + +#sends a single packet (pack4 encoded). Returns the returncode +sub send_packet($) +{ + if((14+length($_[0])+$HASHSIZE) > $PACKETSIZE) + { + return -1; + } + # 4 Bytes Length, N Bytes Data, 20 Bytes SHA1 Hash, 0 Padding + my $data="CommModule".pack4($_[0]); + $data.=("\x00"x($PACKETSIZE-length($data))); + my $ret=$dev->bulk_write(0x2,$data,length($data),1000); + print "Send-result: $ret\n"; + return $ret; +} + +#Receives several consecutive packets. Returns the concatenated payload +sub receive_packets() +{ + print "Receiving packets ...\n"; + my $collectedpayload=""; + my $done=0; + while(!$done) + { + my $data=" "x$PACKETSIZE; + my $re=$dev->bulk_read(0x83,$data,length($data),10000); + writefile("usbpacket.dat",$data); + print "Read: $re Bytes: ".length($data)."\n"; + if($re > 0) + { + $data=~s/^.*?CommModule//s; + my $len=unpack("N",substr($data,0,4)); + print "len: $len\n"; + if($len>=0 and $len<=$PACKETSIZE-$HASHSIZE-4) + { + my $payload=substr($data,4,$len); + if(sha1($SALT.$payload) eq substr($data,4+$len,$HASHSIZE)) + { + print "Hash OK!\n"; + $collectedpayload.=substr($payload,1); + $done=1 if(substr($payload,0,1)eq "0"); + } + else + { + print "Hash NOT OK: ".sha1_hex($SALT.$payload)." vs. ".hexdump(substr($data,4+$len,$HASHSIZE))." !\n"; + return ""; + } + } + } + elsif($re == 0) + { + print "USB-Link cable disconnected?\n"; + #return ""; + } + } + print "Receiving done.\n"; + return $collectedpayload; +} + + + + +my $MAXCHUNK=$PACKETSIZE-100; + +#Sends data over the USB-Link, without handshaking +sub SendPackets($) +{ + print "Sending Packets ...\n"; + my $data=pack4($_[0]); + my $done=0; + return if(!defined($data) or !length($data)); + + while(!$done) + { + while(length($data)>0) + { + my $d=substr($data,0,$MAXCHUNK); + if(length($data)>$MAXCHUNK) + { + send_packet("1".$d); + $data=substr($data,$MAXCHUNK); + } + else + { + send_packet("0".$d); + $data=""; + } + } + $done=1; + } + print "Sending Packets done.\n"; +} + +#Receives several packets, verifies the secret key signature and extracts the payload +#Returns the payload +sub Receive +{ + my $data=receive_packets(); + if (!defined($data) or length($data)<4) + { + print "Received data too short!\n"; + return ""; + } + my $len=unpack("N",substr($data,0,4)); + if($len != (length($data)-$HASHSIZE-4)) + { + print "Length field does not match data on Receive!\n"; + return ""; + } + my $payload=substr($data,4,$len); + if(sha1($SALT.$payload) ne substr($data,4+$len,$HASHSIZE)) + { + print "Hash on Receive is BROKEN!\n"; + return ""; + } + return $payload; +} + + + + +# @result(Version,Action,Errorcode,Response)=Request(Version=1,Action=1,System=1,Root=1,Configuration="...",Parameter="...",Request="..."); +sub Request($$$$$$$$$$$) +{ + print "Version: $_[0] Action: $_[1] System: $_[2] Root: $_[3] Config: $_[4]\n"; + $_[3]=0 if($_[3]<0); + SendPackets(pack3(pack3(pack("C*",$_[0],$_[1],$_[2],$_[3],$_[4],$_[5],$_[6]>>8,$_[6]&255,$_[7])).pack3($_[8]).pack3($_[9]).pack3($_[10]))); + my $data=Receive(); + if(defined($data) and length($data)>6) + { + my @fields=unpack3array(substr($data,3)); + + SysLog "Answer from Server: ".hexdump($data)."\n" if($debug); + + #writefile("result.dat",$data); + + return $fields[1]; + } + return ""; +} + + +sub calculateDays($) +{ + if($_[0]) + { + my @sum = $dbh->selectrow_array("select sum(`points`) as `total` from `notary` where `to`='".$_[0]."' and `deleted`=0 group by `to`"); + SysLog("Summe: $sum[0]\n") if($debug); + + return ($sum[0]>=50)?730:180; + } + return 180; +} + +sub X509extractSAN($) +{ + my @bits = split("/", $_[0]); + my $SAN=""; + my $newsubject=""; + foreach my $val(@bits) + { + my @bit=split("=",$val); + if($bit[0] eq "subjectAltName") + { + $SAN.="," if($SAN ne ""); + $SAN.= trim($bit[1]); + } + else + { + $newsubject .= "/".$val; + } + } + $newsubject=~s{^//}{/}; + $newsubject=~s/[\n\r\t\x00"\\']//g; + $SAN=~s/[ \n\r\t\x00"\\']//g; + return($SAN,$newsubject); +} + +sub X509extractExpiryDate($) +{ + # TIMEZONE ?!? + my $data=`$opensslbin x509 -in "$_[0]" -noout -enddate`; + + #notAfter=Aug 8 10:26:34 2007 GMT + if($data=~m/notAfter=(\w{2,4}) *(\d{1,2}) *(\d{1,2}:\d{1,2}:\d{1,2}) (\d{4}) GMT/) + { + my $date="$4-".$monarr{$1}."-$2 $3"; + SysLog "Expiry Date found: $date\n" if($debug); + return $date; + } + else + { + SysLog "Expiry Date not found: $data\n"; + } + return ""; +} +sub X509extractSerialNumber($) +{ + # TIMEZONE ?!? + my $data=`$opensslbin x509 -in "$_[0]" -noout -serial`; + if($data=~m/serial=([0-9A-F]+)/) + { + return $1; + } + return ""; +} + +sub OpenPGPextractExpiryDate ($) +{ + my $r=""; + my $cts; + my @date; + + open(RGPG, $gpgbin.' -vv '.$_[0].' 2>&1 |') or Error('Can\'t start GnuPG($gpgbin): '.$!."\n"); + open(OUT, '> infogpg.txt' ) or Error('Can\'t open output file: infogpg.txt: '.$!); + $/="\n"; + while () + { + print OUT $_; + unless ($r) + { + if ( /^\s*version \d+, created (\d+), md5len 0, sigclass \d+\s*$/ ) + { + SysLog "Detected CTS: $1\n"; + $cts = int($1); + } elsif ( /^\s*critical hashed subpkt \d+ len \d+ \(sig expires after ((\d+)y)?((\d+)d)?((\d+)h)?(\d+)m\)\s*$/ ) + { + SysLog "Detected FRAME $2 $4 $6 $8\n"; + $cts += $2 * 31536000; # secs per year (60 * 60 * 24 * 365) + $cts += $4 * 86400; # secs per day (60 * 60 * 24) + $cts += $6 * 3600; # secs per hour (60 * 60) + $cts += $8 * 60; # secs per min (60) + $r = $cts; + } + elsif(/version/) + { + SysLog "Detected VERSION\n"; + } + } + } + + close(OUT ); + close(RGPG); + + SysLog "CTS: $cts R: $r\n"; + + if ( $r ) + { + @date = gmtime($r); + $r = sprintf('%.4i-%.2i-%.2i %.2i:%.2i:%.2i', # date format + $date[5] + 1900, $date[4] + 1, $date[3], # day + $date[2], $date[1], $date[0], # time + ); + + } + SysLog "$r\n"; + return $r; +} + + +# Sets the locale according to the users preferred language +sub setUsersLanguage($) +{ + my $lang="de_DE"; + print "Searching for the language of the user $_[0]\n"; + my @a=$dbh->selectrow_array("select language from users where id='".int($_[0])."'"); + $lang = $1 if($a[0]=~m/(\w+_[\w.@]+)/); + + SysLog "The users preferred language: $lang\n"; + + if($lang ne "") + { + $ENV{"LANG"}=$lang; + setlocale(LC_ALL, $lang); + } else { + $ENV{"LANG"}="en_AU"; + setlocale(LC_ALL, "en_AU"); + } +} + + +sub getUserData($) +{ + my $sth = $dbh->prepare("select * from users where id='$_[0]'"); + $sth->execute(); + #SysLog "USER DUMP:\n"; + while ( my $rowdata = $sth->fetchrow_hashref() ) + { + my %tmp=%{$rowdata}; + #foreach (sort keys %tmp) + #{ + #SysLog " $_ -> $tmp{$_}\n"; + #} + return %tmp; + } + return (); +} + + +sub _($) +{ + return gettext($_[0]); +} + +sub sendmail($$$$$$$) +{ + my ($to, $subject, $message, $from, $replyto, $toname, $fromname)=@_; + my $errorsto="returns\@cacert.org"; + my $extra=""; + + + # sendmail($user{email}, "[CAcert.org] Your GPG/PGP Key", $body, "support\@cacert.org", "", "", "CAcert Support"); + my @lines=split("\n",$message); + $message = ""; + foreach my $line (@lines) + { + $line = trim($line); + if($line eq ".") + { + $message .= " .\n"; + } else + { + $message .= $line."\n"; + } + } + + $fromname = $from if($fromname eq ""); + + my @bits = split(",", $from); + $from = addslashes($bits['0']); + $fromname = addslashes($fromname); + + my $smtp = IO::Socket::INET->new(PeerAddr => 'localhost:25'); + $/="\n"; + SysLog "SMTP: ".<$smtp>."\n"; + print $smtp "HELO hlin.cacert.org\r\n"; + SysLog "SMTP: ".<$smtp>."\n"; + print $smtp "MAIL FROM: \r\n"; + SysLog "MAIL FROM: ".<$smtp>."\n"; + + @bits = split(",", $to); + foreach my $user (@bits) + { + print $smtp "RCPT TO: <".trim($user).">\r\n"; + SysLog "RCPT TO: ".<$smtp>."\n"; + } + print $smtp "DATA\r\n"; + SysLog "DATA: ".<$smtp>."\n"; + + print $smtp "X-Mailer: CAcert.org Website\r\n"; + print $smtp "X-OriginatingIP: ".$ENV{"REMOTE_ADDR"}."\r\n"; + print $smtp "Sender: $errorsto\r\n"; + print $smtp "Errors-To: $errorsto\r\n"; + if($replyto ne "") + { + print $smtp "Reply-To: $replyto\r\n"; + } + else + { + print $smtp "Reply-To: $from\r\n"; + } + print $smtp "From: $from ($fromname)\r\n"; + print $smtp "To: $to\r\n"; + my $newsubj=encode_base64(recode("html..utf-8", trim($subject))); + #SysLog("NewSubj: --".$newsubj."--\n") if($debug); + $newsubj=~s/\n*$//; + #SysLog("NewSubj: --".$newsubj."--\n") if($debug); + print $smtp "Subject: =?utf-8?B?$newsubj?=\r\n"; + print $smtp "Mime-Version: 1.0\r\n"; + if($extra eq "") + { + print $smtp "Content-Type: text/plain; charset=\"utf-8\"\r\n"; + print $smtp "Content-Transfer-Encoding: 8bit\r\n"; + } else { + print $smtp "Content-Type: text/plain; charset=\"iso-8859-1\"\r\n"; + print $smtp "Content-Transfer-Encoding: quoted-printable\r\n"; + print $smtp "Content-Disposition: inline\r\n"; + }; +# print $smtp "Content-Transfer-Encoding: BASE64\r\n"; + print $smtp "\r\n"; +# print $smtp chunk_split(encode_base64(recode("html..utf-8", $message)))."\r\n.\r\n"; + print $smtp recode("html..utf-8", $message)."\r\n.\r\n"; + SysLog "ENDOFTEXT: ".<$smtp>."\n"; + print $smtp "QUIT\n"; + SysLog "QUIT: ".<$smtp>."\n"; + close($smtp); +} + + +sub HandleCerts($$) +{ + my $org=$_[0]?"org":""; + my $server=$_[1]; + + my $table=$org.($server?"domaincerts":"emailcerts"); + + my $sth = $dbh->prepare("select * from $table where crt_name='' and csr_name!='' "); + $sth->execute(); + #$rowdata; + while ( my $rowdata = $sth->fetchrow_hashref() ) + { + my %row=%{$rowdata}; + + my $csrname = "../csr/".$org.($server?"server-":"client-").$row{'id'}.".csr"; + my $crtname = "../crt/".$org.($server?"server-":"client-").$row{'id'}.".crt"; + + + if($server) + { + #Weird SQL structure ... + my @sqlres=$dbh->selectrow_array("select memid from domains where id='".int($row{'domid'})."'"); + $row{'memid'}=$sqlres[0]; + SysLog("Fetched memid: $row{'memid'}\n") if($debug); + } + + SysLog "Opening $csrname\n"; + + my $crt=""; + + my $profile=0; + + # "0"=>"client.cnf", + # "1"=>"client-org.cnf", + # "2"=>"client-codesign.cnf", + # "3"=>"client-machine.cnf", + # "4"=>"client-ads.cnf", + # "5"=>"server.cnf", + # "6"=>"server-org.cnf", + # "7"=>"server-jabber.cnf", + # "8"=>"server-ocsp.cnf", + # "9"=>"server-timestamp.cnf", + # "10"=>"proxy.cnf", + # "11"=>"subca.cnf" + + + if($row{"type"} =~ m/^(8|9)$/) + { + $profile=$row{"type"}; + } + elsif($org) + { + if($row{'codesign'}) + { + $profile=2; ## TODO! + } + elsif($server) + { + $profile=6; + } + else + { + $profile=1; + } + } + else + { + if($row{'codesign'}) + { + $profile=2; + } + elsif($server) + { + $profile=5; + } + else + { + $profile=0; + } + + + } + + + + if(open(IN,"<$csrname")) + { + undef $/; + my $content=; + close IN; + SysLog "Read.\n" if($debug); + SysLog "Subject: --$row{'subject'}--\n" if($debug); + + my ($SAN,$subject)=X509extractSAN($row{'subject'}); + SysLog "Subject: --$subject--\n" if($debug); + SysLog "SAN: --$SAN--\n" if($debug); + SysLog "memid: $row{'memid'}\n" if($debug); + + my $days=$org?($server?(365*2):365):calculateDays($row{"memid"}); + + + $crt=Request($ver,1,1,$row{'rootcert'}-1,$profile,$row{'md'}eq"sha1"?2:0,$days,$row{'keytype'}eq"NS"?1:0,$content,$SAN,$subject); + if(length($crt)) + { + if($crt=~m/^-----BEGIN CERTIFICATE-----/) + { + open OUT,">$crtname"; + print OUT $crt; + close OUT; + } + else + { + open OUT,">$crtname.der"; + print OUT $crt; + close OUT; + system "$opensslbin x509 -in $crtname.der -inform der -out $crtname"; + } + } + + } + else + { + print "Error: $! Konnte $csrname nicht laden\n"; + } + + + + if(-s $crtname) + { + SysLog "Opening $crtname\n"; + + my $date=X509extractExpiryDate($crtname); + my $serial=X509extractSerialNumber($crtname); + + setUsersLanguage($row{memid}); + + my %user=getUserData($row{memid}); + + foreach (sort keys %user) + { + SysLog " $_ -> $user{$_}\n" if($debug); + } + + SysLog("update `$table` set `crt_name`='$crtname', modified=now(), serial='$serial', `expire`='$date' where `id`='".$row{'id'}."'\n"); + + $dbh->do("update `$table` set `crt_name`='$crtname', modified=now(), serial='$serial', `expire`='$date' where `id`='".$row{'id'}."'"); + + my $body = _("Hi")." $user{fname},\n\n"; + $body .= sprintf(_("You can collect your certificate for %s by going to the following location:")."\n\n", $row{'email'}); + $body .= "https://www.cacert.org/account.php?id=".($server?"15":"6")."&cert=$row{id}\n\n"; + $body .= _("If you havent imported CAcert´s root certificate, please go to:")."\n"; + $body .= "https://www.cacert.org/index.php?id=3\n"; + $body .= "Root cert fingerprint SHA256 = 07ED BD82 4A49 88CF EF42 15DA 20D4 8C2B 41D7 1529 D7C9 00F5 7092 6F27 7CC2 30C5\n"; + $body .= "Root cert fingerprint SHA1 = DDFC DA54 1E75 77AD DCA8 7E88 27A9 8A50 6032 52A5\n\n"; + $body .= _("Best regards")."\n"._("CAcert.org Support!")."\n\n"; + sendmail($user{email}, "[CAcert.org] "._("Your certificate"), $body, "support\@cacert.org", "", "", "CAcert Support"); + } else { + $dbh->do("delete from `$table` where `id`='".$row{'id'}."'"); + } + } +} + +sub HandleNewCRL($$) +{ + my ($crl,$crlname)=@_; + if(length($crl)) + { + if($crl=~m/^\%XD/) + { + writefile("$crlname.patch",$crl); + system "xdelta patch $crlname.patch $crlname $crlname.tmp"; + } + elsif($crl=~m/^-----BEGIN X509 CRL-----/) + { + writefile("$crlname.pem",$crl); + system "$opensslbin crl -in $crlname.pem -outform der -out $crlname.tmp"; + } + elsif($crl=~m/^\x30/) + { + writefile("$crlname.tmp",$crl); + } + else + { + Error "Unknown CRL format!".(substr($crl,0,5))."\n"; + } + rename "$crlname.tmp","$crlname"; # Atomic move + } +} + + +sub RevokeCerts($$) +{ + my $org=$_[0]?"org":""; + my $server=$_[1]; + + my $table=$org.($server?"domaincerts":"emailcerts"); + + my $sth = $dbh->prepare("select * from $table where revoked='1970-01-01 10:00:01'"); # WHICH TIMEZONE? + $sth->execute(); + #$rowdata; + while ( my $rowdata = $sth->fetchrow_hashref() ) + { + my %row=%{$rowdata}; + + my $csrname = "../csr/".$org.($server?"server-":"client-").$row{'id'}.".csr"; + my $crtname = "../crt/".$org.($server?"server-":"client-").$row{'id'}.".crt"; + my $crlname = $revokefile{$row{'rootcert'}}; + + my $crt=""; + + + if(open(IN,"<$crtname")) + { + undef $/; + my $content=; + close IN; + my $revokehash=sha1_hex(readfile($crlname)); + + my $crl=Request($ver,2,1,$row{'rootcert'}-1,0,0,365,0,$content,"",$revokehash); + HandleNewCRL($crl,$crlname); + + if(-s $crlname) + { + setUsersLanguage($row{memid}); + + my %user=getUserData($row{memid}); + + $dbh->do("update `$table` set `revoked`=now() where `id`='".$row{'id'}."'"); + + my $body = _("Hi")." $user{fname},\n\n"; + $body .= sprintf(_("Your certificate for %s has been revoked, as per request.")."\n\n", $row{'CN'}); + $body .= _("Best regards")."\n"._("CAcert.org Support!")."\n\n"; + sendmail($user{email}, "[CAcert.org] "._("Your certificate"), $body, "support\@cacert.org", "", "", "CAcert Support"); + } + + } + else + { + SysLog("Error: $crtname $!\n") if($debug); + } + + } + +} + + + + + +sub HandleGPG() +{ + my $sth = $dbh->prepare("select * from gpg where crt='' and csr!='' "); + $sth->execute(); + my $rowdata; + while ( $rowdata = $sth->fetchrow_hashref() ) + { + my %row=%{$rowdata}; + + my $csrname = "../csr/gpg-".$row{'id'}.".csr"; + my $crtname = "../crt/gpg-".$row{'id'}.".crt"; + + SysLog "Opening $csrname\n"; + + my $crt=""; + + if(-s $csrname && open(IN,"<$csrname")) + { + undef $/; + my $content=; + close IN; + SysLog "Read.\n"; + $crt=Request($ver,1,2,0,0,2,366,0,$content,"",""); + if(length($crt)) + { + open OUT,">$crtname"; + print OUT $crt; + close OUT; + } + + } + else + { + #Error("Error: $!\n"); + next; + } + + if(-s $crtname) + { + SysLog "Opening $crtname\n"; + setUsersLanguage($row{memid}); + + my $date=OpenPGPextractExpiryDate($crtname); + my %user=getUserData($row{memid}); + + $dbh->do("update `gpg` set `crt`='$crtname', issued=now(), `expire`='$date' where `id`='".$row{'id'}."'"); + + my $body = _("Hi")." $user{fname},\n\n"; + $body .= sprintf(_("Your CAcert signed key for %s is available online at:")."\n\n", $row{'email'}); + $body .= "https://www.cacert.org/gpg.php?id=3&cert=$row{id}\n\n"; + $body .= _("To help improve the trust of CAcert in general, it's appreciated if you could also sign our key and upload it to a key server. Below is a copy of our primary key details:")."\n\n"; + $body .= "pub 1024D/65D0FD58 2003-07-11 CA Cert Signing Authority (Root CA) \n"; + $body .= "Key fingerprint = A31D 4F81 EF4E BD07 B456 FA04 D2BB 0D01 65D0 FD58\n\n"; + $body .= _("Best regards")."\n"._("CAcert.org Support!")."\n\n"; + sendmail($user{email}, "[CAcert.org] Your GPG/PGP Key", $body, "support\@cacert.org", "", "", "CAcert Support"); + } else { + $dbh->do("delete from `gpg` where `id`='".$row{'id'}."'"); + } + } +} + + +# Main program loop + +while(1) +{ + SysLog("Handling GPG database ...\n"); +# HandleGPG(); + SysLog("Issueing certs ...\n"); +# HandleCerts(0,0); #personal client certs +# HandleCerts(0,1); #personal server certs +# HandleCerts(1,0); #org client certs +# HandleCerts(1,1); #org server certs +# SysLog("Revoking certs ...\n"); +# RevokeCerts(0,0); #personal client certs +# RevokeCerts(0,1); #personal server certs +# RevokeCerts(1,0); #org client certs +# RevokeCerts(1,1); #org server certs + + #print "Sign Request X.509, Root0\n"; + #my $reqcontent=""; + #Request($ver,1,1,0,5,2,365,0,$reqcontent,"","/CN=supertest.cacert.at"); + + SysLog("NUL Request:\n"); + my $timestamp=strftime("%m%d%H%M%Y.%S",gmtime); + my $ret=Request($ver,0,0,0,0,0,0,0,$timestamp,"",""); + print "RET: $ret\n"; + + SysLog("Generate regular CRLs:\n"); + foreach my $root ((1,2)) + { + my $crlname = $revokefile{$root}; + my $revokehash=sha1_hex(readfile($crlname)); + print "Aktueller Hash am Webserver: $revokehash\n"; + my $crl=Request($ver,2,1,$root-1,0,0,365,0,"","",$revokehash); + HandleNewCRL($crl,$crlname); + } + + usleep(700000); +} From aca79c42c5b3f57b1e6eafabbeba198e27295bb8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ale=C5=A1=20Kastner?= Date: Mon, 23 Aug 2021 10:37:32 +0200 Subject: [PATCH 2/4] Update client.pl --- CommModule/client.pl | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/CommModule/client.pl b/CommModule/client.pl index 0874477a..5bc54ed7 100755 --- a/CommModule/client.pl +++ b/CommModule/client.pl @@ -1,7 +1,7 @@ #!/usr/bin/perl -w # CommModule - CAcert Communication Module -# Copyright (C) 2006-2009 CAcert Inc. +# Copyright (C) 2006-2021 CAcert Inc. # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -896,8 +896,8 @@ ($$) $body .= "https://www.cacert.org/account.php?id=".($server?"15":"6")."&cert=$row{id}\n\n"; $body .= _("If you have not imported CAcert's root certificate, please go to:")."\n"; $body .= "https://www.cacert.org/index.php?id=3\n"; - $body .= "Root cert fingerprint = A6:1B:37:5E:39:0D:9C:36:54:EE:BD:20:31:46:1F:6B\n"; - $body .= "Root cert fingerprint = 135C EC36 F49C B8E9 3B1A B270 CD80 8846 76CE 8F33\n\n"; + $body .= "Root cert fingerprint SHA1 = DDFC DA54 1E75 77AD DCA8 7E88 27A9 8A50 6032 52A5\n\n"; + $body .= "Root cert fingerprint SHA256 = 07ED BD82 4A49 88CF EF42 15DA 20D4 8C2B 41D7 1529 D7C9 00F5 7092 6F27 7CC2 30C5\n"; $body .= _("Best regards")."\n"._("CAcert.org Support!")."\n\n"; sendmail($user{email}, "[CAcert.org] "._("Your certificate"), $body, "support\@cacert.org", "", "", "CAcert Support"); } From 44de4ed44afcaf475dcee2379762c2fe0ec8d8d7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ale=C5=A1=20Kastner?= Date: Mon, 23 Aug 2021 10:41:33 +0200 Subject: [PATCH 3/4] Update usbclient.pl --- CommModule/usbclient.pl | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/CommModule/usbclient.pl b/CommModule/usbclient.pl index 6cbc1110..2acb0f8b 100755 --- a/CommModule/usbclient.pl +++ b/CommModule/usbclient.pl @@ -1,7 +1,7 @@ #!/usr/bin/perl -w # CommModule - CAcert Communication module -# Copyright (C) 2004-2008 CAcert Inc. +# Copyright (C) 2004-2021 CAcert Inc. # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -820,8 +820,8 @@ ($$) $body .= "https://www.cacert.org/account.php?id=".($server?"15":"6")."&cert=$row{id}\n\n"; $body .= _("If you havent imported CAcert´s root certificate, please go to:")."\n"; $body .= "https://www.cacert.org/index.php?id=3\n"; - $body .= "Root cert fingerprint = A6:1B:37:5E:39:0D:9C:36:54:EE:BD:20:31:46:1F:6B\n"; - $body .= "Root cert fingerprint = 135C EC36 F49C B8E9 3B1A B270 CD80 8846 76CE 8F33\n\n"; + $body .= "Root cert fingerprint SHA1 = DDFC DA54 1E75 77AD DCA8 7E88 27A9 8A50 6032 52A5\n\n"; + $body .= "Root cert fingerprint SHA256 = 07ED BD82 4A49 88CF EF42 15DA 20D4 8C2B 41D7 1529 D7C9 00F5 7092 6F27 7CC2 30C5\n"; $body .= _("Best regards")."\n"._("CAcert.org Support!")."\n\n"; sendmail($user{email}, "[CAcert.org] "._("Your certificate"), $body, "support\@cacert.org", "", "", "CAcert Support"); } else { From cbc5df4086da70da4f30057c48a153db6d3941db Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ale=C5=A1=20Kastner?= Date: Mon, 23 Aug 2021 11:02:37 +0200 Subject: [PATCH 4/4] Update 3.php --- pages/index/3.php | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/pages/index/3.php b/pages/index/3.php index 57e9af84..a98d8afd 100644 --- a/pages/index/3.php +++ b/pages/index/3.php @@ -1,6 +1,6 @@