/src/usr/local/www/system_crlmanager.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/src/usr/local/www/system_crlmanager.php @ 2ee79571

1	81bfb231	jim-p	<?php
2			/*
3	aaec5634	Renato Botelho	* system_crlmanager.php
4	3a9f3078	Stephen Beaver	*
5	aaec5634	Renato Botelho	* part of pfSense (https://www.pfsense.org)
6			* Copyright (c) 2004-2016 Electric Sheep Fencing, LLC
7			* All rights reserved.
8	3a9f3078	Stephen Beaver	*
9	aaec5634	Renato Botelho	* Redistribution and use in source and binary forms, with or without
10			* modification, are permitted provided that the following conditions are met:
11	3a9f3078	Stephen Beaver	*
12	aaec5634	Renato Botelho	* 1. Redistributions of source code must retain the above copyright notice,
13			* this list of conditions and the following disclaimer.
14	3a9f3078	Stephen Beaver	*
15	aaec5634	Renato Botelho	* 2. Redistributions in binary form must reproduce the above copyright
16			* notice, this list of conditions and the following disclaimer in
17			* the documentation and/or other materials provided with the
18			* distribution.
19	3a9f3078	Stephen Beaver	*
20	aaec5634	Renato Botelho	* 3. All advertising materials mentioning features or use of this software
21			* must display the following acknowledgment:
22			* "This product includes software developed by the pfSense Project
23			* for use in the pfSense® software distribution. (http://www.pfsense.org/).
24	3a9f3078	Stephen Beaver	*
25	aaec5634	Renato Botelho	* 4. The names "pfSense" and "pfSense Project" must not be used to
26			* endorse or promote products derived from this software without
27			* prior written permission. For written permission, please contact
28			* coreteam@pfsense.org.
29	3a9f3078	Stephen Beaver	*
30	aaec5634	Renato Botelho	* 5. Products derived from this software may not be called "pfSense"
31			* nor may "pfSense" appear in their names without prior written
32			* permission of the Electric Sheep Fencing, LLC.
33	3a9f3078	Stephen Beaver	*
34	aaec5634	Renato Botelho	* 6. Redistributions of any form whatsoever must retain the following
35			* acknowledgment:
36	3a9f3078	Stephen Beaver	*
37	aaec5634	Renato Botelho	* "This product includes software developed by the pfSense Project
38			* for use in the pfSense software distribution (http://www.pfsense.org/).
39	3a9f3078	Stephen Beaver	*
40	aaec5634	Renato Botelho	* THIS SOFTWARE IS PROVIDED BY THE pfSense PROJECT ``AS IS'' AND ANY
41			* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42			* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
43			* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE pfSense PROJECT OR
44			* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
45			* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
46			* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
47			* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48			* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
49			* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
50			* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
51			* OF THE POSSIBILITY OF SUCH DAMAGE.
52	3a9f3078	Stephen Beaver	*/
53	81bfb231	jim-p
54			##\|+PRIV
55			##\|*IDENT=page-system-crlmanager
56			##\|*NAME=System: CRL Manager
57			##\|*DESCR=Allow access to the 'System: CRL Manager' page.
58			##\|MATCH=system_crlmanager.php
59			##\|-PRIV
60
61	aceaf18c	Phil Davis	require_once("guiconfig.inc");
62	81bfb231	jim-p	require_once("certs.inc");
63	0dea741f	Chris Buechler	require_once("openvpn.inc");
64			require_once("vpn.inc");
65	81bfb231	jim-p
66	fc54f29b	jim-p	global $openssl_crl_status;
67
68	81bfb231	jim-p	$crl_methods = array(
69			"internal" => gettext("Create an internal Certificate Revocation List"),
70			"existing" => gettext("Import an existing Certificate Revocation List"));
71
72	56b1ed39	Phil Davis	if (ctype_alnum($_GET['id'])) {
73	e41ec584	Renato Botelho	$id = $_GET['id'];
74	56b1ed39	Phil Davis	}
75			if (isset($_POST['id']) && ctype_alnum($_POST['id'])) {
76	81bfb231	jim-p	$id = $_POST['id'];
77	56b1ed39	Phil Davis	}
78	81bfb231	jim-p
79	56b1ed39	Phil Davis	if (!is_array($config['ca'])) {
80	81bfb231	jim-p	$config['ca'] = array();
81	56b1ed39	Phil Davis	}
82	81bfb231	jim-p
83			$a_ca =& $config['ca'];
84
85	56b1ed39	Phil Davis	if (!is_array($config['cert'])) {
86	81bfb231	jim-p	$config['cert'] = array();
87	56b1ed39	Phil Davis	}
88	81bfb231	jim-p
89			$a_cert =& $config['cert'];
90
91	56b1ed39	Phil Davis	if (!is_array($config['crl'])) {
92	81bfb231	jim-p	$config['crl'] = array();
93	56b1ed39	Phil Davis	}
94	81bfb231	jim-p
95			$a_crl =& $config['crl'];
96
97	56b1ed39	Phil Davis	foreach ($a_crl as $cid => $acrl) {
98			if (!isset($acrl['refid'])) {
99	c1f95f5c	jim-p	unset ($a_crl[$cid]);
100	56b1ed39	Phil Davis	}
101			}
102	c1f95f5c	jim-p
103	81bfb231	jim-p	$act = $_GET['act'];
104	56b1ed39	Phil Davis	if ($_POST['act']) {
105	81bfb231	jim-p	$act = $_POST['act'];
106	56b1ed39	Phil Davis	}
107	81bfb231	jim-p
108	56b1ed39	Phil Davis	if (!empty($id)) {
109	c1f95f5c	jim-p	$thiscrl =& lookup_crl($id);
110	56b1ed39	Phil Davis	}
111	81bfb231	jim-p
112	c1f95f5c	jim-p	// If we were given an invalid crlref in the id, no sense in continuing as it would only cause errors.
113			if (!$thiscrl && (($act != "") && ($act != "new"))) {
114			pfSenseHeader("system_crlmanager.php");
115			$act="";
116			$savemsg = gettext("Invalid CRL reference.");
117	3a9f3078	Stephen Beaver	}
118	c1f95f5c	jim-p
119			if ($act == "del") {
120	234cde4b	jim-p	$name = htmlspecialchars($thiscrl['descr']);
121	c1f95f5c	jim-p	if (crl_in_use($id)) {
122	8545adde	k-paulius	$savemsg = sprintf(gettext("Certificate Revocation List %s is in use and cannot be deleted."), $name);
123	ad8df715	jim-p	} else {
124	56b1ed39	Phil Davis	foreach ($a_crl as $cid => $acrl) {
125			if ($acrl['refid'] == $thiscrl['refid']) {
126	c1f95f5c	jim-p	unset($a_crl[$cid]);
127	56b1ed39	Phil Davis	}
128			}
129	ad08687b	jim-p	write_config("Deleted CRL {$name}.");
130	8545adde	k-paulius	$savemsg = sprintf(gettext("Certificate Revocation List %s successfully deleted."), $name);
131	ad8df715	jim-p	}
132	81bfb231	jim-p	}
133
134			if ($act == "new") {
135			$pconfig['method'] = $_GET['method'];
136			$pconfig['caref'] = $_GET['caref'];
137			$pconfig['lifetime'] = "9999";
138			$pconfig['serial'] = "0";
139			}
140
141			if ($act == "exp") {
142	45508803	jim-p	crl_update($thiscrl);
143	c1f95f5c	jim-p	$exp_name = urlencode("{$thiscrl['descr']}.crl");
144			$exp_data = base64_decode($thiscrl['text']);
145	81bfb231	jim-p	$exp_size = strlen($exp_data);
146
147			header("Content-Type: application/octet-stream");
148			header("Content-Disposition: attachment; filename={$exp_name}");
149			header("Content-Length: $exp_size");
150			echo $exp_data;
151			exit;
152			}
153
154	28ff7ace	jim-p	if ($act == "addcert") {
155			if ($_POST) {
156			unset($input_errors);
157			$pconfig = $_POST;
158
159			if (!$pconfig['crlref'] \|\| !$pconfig['certref']) {
160			pfSenseHeader("system_crlmanager.php");
161			exit;
162			}
163
164			// certref, crlref
165			$crl =& lookup_crl($pconfig['crlref']);
166			$cert = lookup_cert($pconfig['certref']);
167
168			if (!$crl['caref'] \|\| !$cert['caref']) {
169			$input_errors[] = gettext("Both the Certificate and CRL must be specified.");
170			}
171
172			if ($crl['caref'] != $cert['caref']) {
173			$input_errors[] = gettext("CA mismatch between the Certificate and CRL. Unable to Revoke.");
174			}
175			if (!is_crl_internal($crl)) {
176			$input_errors[] = gettext("Cannot revoke certificates for an imported/external CRL.");
177			}
178
179			if (!$input_errors) {
180	fc54f29b	jim-p	$reason = (empty($pconfig['crlreason'])) ? OCSP_REVOKED_STATUS_UNSPECIFIED : $pconfig['crlreason'];
181			cert_revoke($cert, $crl, $reason);
182	3a9f3078	Stephen Beaver	// refresh IPsec and OpenVPN CRLs
183	8e022a76	jim-p	openvpn_refresh_crls();
184	6141f51a	Chris Buechler	vpn_ipsec_configure();
185	cfcc6994	jim-p	write_config("Revoked cert {$cert['descr']} in CRL {$crl['descr']}.");
186	28ff7ace	jim-p	pfSenseHeader("system_crlmanager.php");
187	ad08687b	jim-p	exit;
188	28ff7ace	jim-p	}
189			}
190			}
191
192			if ($act == "delcert") {
193	c1f95f5c	jim-p	if (!is_array($thiscrl['cert'])) {
194	28ff7ace	jim-p	pfSenseHeader("system_crlmanager.php");
195			exit;
196			}
197	c1f95f5c	jim-p	$found = false;
198			foreach ($thiscrl['cert'] as $acert) {
199			if ($acert['refid'] == $_GET['certref']) {
200			$found = true;
201			$thiscert = $acert;
202			}
203			}
204			if (!$found) {
205			pfSenseHeader("system_crlmanager.php");
206			exit;
207			}
208	234cde4b	jim-p	$certname = htmlspecialchars($thiscert['descr']);
209			$crlname = htmlspecialchars($thiscrl['descr']);
210	c1f95f5c	jim-p	if (cert_unrevoke($thiscert, $thiscrl)) {
211	8545adde	k-paulius	$savemsg = sprintf(gettext("Deleted Certificate %s from CRL %s."), $certname, $crlname);
212	3a9f3078	Stephen Beaver	// refresh IPsec and OpenVPN CRLs
213	c1f95f5c	jim-p	openvpn_refresh_crls();
214	6141f51a	Chris Buechler	vpn_ipsec_configure();
215	762faef5	Phil Davis	write_config($savemsg);
216	c1f95f5c	jim-p	} else {
217	8545adde	k-paulius	$savemsg = sprintf(gettext("Failed to delete Certificate %s from CRL %s."), $certname, $crlname);
218	c1f95f5c	jim-p	}
219			$act="edit";
220	28ff7ace	jim-p	}
221
222	81bfb231	jim-p	if ($_POST) {
223	234cde4b	jim-p	$input_errors = array();
224	81bfb231	jim-p	$pconfig = $_POST;
225
226			/* input validation */
227	6f3d3a07	jim-p	if (($pconfig['method'] == "existing") \|\| ($act == "editimported")) {
228	5293bfec	jim-p	$reqdfields = explode(" ", "descr crltext");
229	81bfb231	jim-p	$reqdfieldsn = array(
230	6c07db48	Phil Davis	gettext("Descriptive name"),
231			gettext("Certificate Revocation List data"));
232	81bfb231	jim-p	}
233			if ($pconfig['method'] == "internal") {
234	6c07db48	Phil Davis	$reqdfields = explode(" ", "descr caref");
235	81bfb231	jim-p	$reqdfieldsn = array(
236	6c07db48	Phil Davis	gettext("Descriptive name"),
237			gettext("Certificate Authority"));
238	81bfb231	jim-p	}
239
240	1e9b4611	Renato Botelho	do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors);
241	81bfb231	jim-p
242	234cde4b	jim-p	if (preg_match("/[\?\>\<\&\/\\\"\']/", $pconfig['descr'])) {
243			array_push($input_errors, "The field 'Descriptive Name' contains invalid characters.");
244			}
245
246	81bfb231	jim-p	/* save modifications */
247			if (!$input_errors) {
248			$result = false;
249
250	304af9d8	jim-p	if ($thiscrl) {
251	c1f95f5c	jim-p	$crl =& $thiscrl;
252	304af9d8	jim-p	} else {
253			$crl = array();
254			$crl['refid'] = uniqid();
255			}
256	81bfb231	jim-p
257	f2a86ca9	jim-p	$crl['descr'] = $pconfig['descr'];
258	6f3d3a07	jim-p	if ($act != "editimported") {
259			$crl['caref'] = $pconfig['caref'];
260			$crl['method'] = $pconfig['method'];
261			}
262	81bfb231	jim-p
263	6f3d3a07	jim-p	if (($pconfig['method'] == "existing") \|\| ($act == "editimported")) {
264	304af9d8	jim-p	$crl['text'] = base64_encode($pconfig['crltext']);
265	81bfb231	jim-p	}
266
267			if ($pconfig['method'] == "internal") {
268			$crl['serial'] = empty($pconfig['serial']) ? 9999 : $pconfig['serial'];
269			$crl['lifetime'] = empty($pconfig['lifetime']) ? 9999 : $pconfig['lifetime'];
270			$crl['cert'] = array();
271			}
272
273	56b1ed39	Phil Davis	if (!$thiscrl) {
274	81bfb231	jim-p	$a_crl[] = $crl;
275	56b1ed39	Phil Davis	}
276	81bfb231	jim-p
277	304af9d8	jim-p	write_config("Saved CRL {$crl['descr']}");
278	3a9f3078	Stephen Beaver	// refresh IPsec and OpenVPN CRLs
279	6f3d3a07	jim-p	openvpn_refresh_crls();
280	6141f51a	Chris Buechler	vpn_ipsec_configure();
281	81bfb231	jim-p	pfSenseHeader("system_crlmanager.php");
282			}
283			}
284
285	56c6b1cb	k-paulius	$pgtitle = array(gettext("System"), gettext("Certificate Manager"), gettext("Certificate Revocation"));
286
287			if ($act == "new" \|\| $act == gettext("Save") \|\| $input_errors \|\| $act == "edit") {
288			$pgtitle[] = gettext('Edit');
289			}
290	81bfb231	jim-p	include("head.inc");
291			?>
292
293			<script type="text/javascript">
294	0d15afff	Colin Fleming	//<![CDATA[
295	81bfb231	jim-p
296			function method_change() {
297
298	44bcc1be	jim-p	method = document.iform.method.value;
299	81bfb231	jim-p
300			switch (method) {
301	44bcc1be	jim-p	case "internal":
302	81bfb231	jim-p	document.getElementById("existing").style.display="none";
303			document.getElementById("internal").style.display="";
304			break;
305	44bcc1be	jim-p	case "existing":
306	81bfb231	jim-p	document.getElementById("existing").style.display="";
307			document.getElementById("internal").style.display="none";
308			break;
309			}
310			}
311
312	0d15afff	Colin Fleming	//]]>
313	81bfb231	jim-p	</script>
314	f9ee8994	Stephen Beaver
315	81bfb231	jim-p	<?php
316	f9ee8994	Stephen Beaver
317			function build_method_list() {
318			global $_GET, $crl_methods;
319	3a9f3078	Stephen Beaver
320	f9ee8994	Stephen Beaver	$list = array();
321	3a9f3078	Stephen Beaver
322	78863416	Phil Davis	foreach ($crl_methods as $method => $desc) {
323			if (($_GET['importonly'] == "yes") && ($method != "existing")) {
324	f9ee8994	Stephen Beaver	continue;
325	78863416	Phil Davis	}
326	3a9f3078	Stephen Beaver
327	f9ee8994	Stephen Beaver	$list[$method] = $desc;
328	3a9f3078	Stephen Beaver	}
329
330			return($list);
331	f9ee8994	Stephen Beaver	}
332
333			function build_ca_list() {
334			global $a_ca;
335	3a9f3078	Stephen Beaver
336	f9ee8994	Stephen Beaver	$list = array();
337	3a9f3078	Stephen Beaver
338	78863416	Phil Davis	foreach ($a_ca as $ca) {
339	f9ee8994	Stephen Beaver	$list[$ca['refid']] = $ca['descr'];
340	78863416	Phil Davis	}
341	f9ee8994	Stephen Beaver
342			return($list);
343			}
344
345			function build_cacert_list() {
346			global $ca_certs;
347	3a9f3078	Stephen Beaver
348	f9ee8994	Stephen Beaver	$list = array();
349
350	78863416	Phil Davis	foreach($ca_certs as $cert) {
351	3a9f3078	Stephen Beaver	$list[$cert['refid']] = $cert['descr'];
352	78863416	Phil Davis	}
353	f9ee8994	Stephen Beaver
354			return($list);
355	3a9f3078	Stephen Beaver	}
356	f9ee8994	Stephen Beaver
357	78863416	Phil Davis	if ($input_errors) {
358	f9ee8994	Stephen Beaver	print_input_errors($input_errors);
359	78863416	Phil Davis	}
360	3a9f3078	Stephen Beaver
361	78863416	Phil Davis	if ($savemsg) {
362	1f70d78c	NewEraCracker	print_info_box($savemsg, 'success');
363	78863416	Phil Davis	}
364	3a9f3078	Stephen Beaver
365	f9ee8994	Stephen Beaver	$tab_array = array();
366			$tab_array[] = array(gettext("CAs"), false, "system_camanager.php");
367			$tab_array[] = array(gettext("Certificates"), false, "system_certmanager.php");
368			$tab_array[] = array(gettext("Certificate Revocation"), true, "system_crlmanager.php");
369			display_top_tabs($tab_array);
370
371			if ($act == "new" \|\| $act == gettext("Save") \|\| $input_errors) {
372			if (!isset($id)) {
373			$form = new Form();
374	3a9f3078	Stephen Beaver
375	5f88f964	k-paulius	$section = new Form_Section('Create new Revocation List');
376	3a9f3078	Stephen Beaver
377	f9ee8994	Stephen Beaver	$section->addInput(new Form_Select(
378			'method',
379			'Method',
380			$pconfig['method'],
381			build_method_list()
382			));
383	3a9f3078	Stephen Beaver
384	f9ee8994	Stephen Beaver	}
385	3a9f3078	Stephen Beaver
386	f9ee8994	Stephen Beaver	$section->addInput(new Form_Input(
387			'descr',
388			'Descriptive name',
389			'text',
390			$pconfig['descr']
391			));
392
393			$section->addInput(new Form_Select(
394			'caref',
395			'Certificate Authority',
396			$pconfig['caref'],
397			build_ca_list()
398			));
399	3a9f3078	Stephen Beaver
400	f9ee8994	Stephen Beaver	$form->add($section);
401	3a9f3078	Stephen Beaver
402	f9ee8994	Stephen Beaver	$section = new Form_Section('Existing Certificate Revocation List');
403			$section->addClass('existing');
404	3a9f3078	Stephen Beaver
405	f9ee8994	Stephen Beaver	$section->addInput(new Form_Textarea(
406			'crltext',
407			'CRL data',
408			$pconfig['crltext']
409			))->setHelp('Paste a Certificate Revocation List in X.509 CRL format here.');
410	3a9f3078	Stephen Beaver
411	f9ee8994	Stephen Beaver	$form->add($section);
412	3a9f3078	Stephen Beaver
413	f9ee8994	Stephen Beaver	$section = new Form_Section('Internal Certificate Revocation List');
414			$section->addClass('internal');
415	3a9f3078	Stephen Beaver
416	f9ee8994	Stephen Beaver	$section->addInput(new Form_Input(
417			'lifetime',
418			'Lifetime (Days)',
419			'number',
420			$pconfig['lifetime'],
421			[max => '9999']
422			));
423	3a9f3078	Stephen Beaver
424	f9ee8994	Stephen Beaver	$section->addInput(new Form_Input(
425			'serial',
426			'Serial',
427			'number',
428			$pconfig['serial'],
429	467d7777	BBcan177	['min' => '0', 'max' => '9999']
430	f9ee8994	Stephen Beaver	));
431	3a9f3078	Stephen Beaver
432			$form->add($section);
433
434	f9ee8994	Stephen Beaver	if (isset($id) && $thiscrl) {
435			$section->addInput(new Form_Input(
436			'id',
437			null,
438			'hidden',
439			$id
440	3a9f3078	Stephen Beaver	));
441	f9ee8994	Stephen Beaver	}
442	3a9f3078	Stephen Beaver
443	f9ee8994	Stephen Beaver	print($form);
444
445			} elseif ($act == "editimported") {
446	3a9f3078	Stephen Beaver
447	f9ee8994	Stephen Beaver	$form = new Form();
448	3a9f3078	Stephen Beaver
449			$section = new Form_Section('Edit Imported Certificate Revocation List');
450
451	f9ee8994	Stephen Beaver	$section->addInput(new Form_Input(
452			'descr',
453			'Descriptive name',
454			'text',
455			$pconfig['descr']
456			));
457	3a9f3078	Stephen Beaver
458	f9ee8994	Stephen Beaver	$section->addInput(new Form_Textarea(
459			'crltext',
460			'CRL data',
461			$pconfig['crltext']
462			))->setHelp('Paste a Certificate Revocation List in X.509 CRL format here.');
463	3a9f3078	Stephen Beaver
464	f9ee8994	Stephen Beaver	$section->addInput(new Form_Input(
465			'id',
466			null,
467			'hidden',
468			$id
469			));
470	3a9f3078	Stephen Beaver
471	f9ee8994	Stephen Beaver	$section->addInput(new Form_Input(
472			'act',
473			null,
474			'hidden',
475			'editimported'
476			));
477	3a9f3078	Stephen Beaver
478	f9ee8994	Stephen Beaver	$form->add($section);
479	3a9f3078	Stephen Beaver
480	f9ee8994	Stephen Beaver	print($form);
481	3a9f3078	Stephen Beaver
482	f9ee8994	Stephen Beaver	} elseif ($act == "edit") {
483			$crl = $thiscrl;
484	3a9f3078	Stephen Beaver
485	f9ee8994	Stephen Beaver	$form = new Form(false);
486	81bfb231	jim-p	?>
487	3a9f3078	Stephen Beaver
488	f9ee8994	Stephen Beaver	<div class="panel panel-default">
489			<div class="panel-heading"><h2 class="panel-title"><?=gettext("Currently Revoked Certificates for CRL") . ': ' . $crl['descr']?></h2></div>
490			<div class="panel-body table-responsive">
491	3a9f3078	Stephen Beaver	<?php
492	78863416	Phil Davis	if (!is_array($crl['cert']) \|\| (count($crl['cert']) == 0)) {
493	8545adde	k-paulius	print_info_box(gettext("No certificates found for this CRL."), 'danger');
494	78863416	Phil Davis	} else {
495	3a9f3078	Stephen Beaver	?>
496	f9ee8994	Stephen Beaver	<table class="table table-striped table-hover table-condensed">
497			<thead>
498	fc54f29b	jim-p	<tr>
499	f9ee8994	Stephen Beaver	<th><?=gettext("Certificate Name")?></th>
500			<th><?=gettext("Revocation Reason")?></th>
501			<th><?=gettext("Revoked At")?></th>
502			<th></th>
503	28ff7ace	jim-p	</tr>
504	f9ee8994	Stephen Beaver	</thead>
505			<tbody>
506	3a9f3078	Stephen Beaver	<?php
507	78863416	Phil Davis	foreach ($crl['cert'] as $i => $cert):
508	f9ee8994	Stephen Beaver	$name = htmlspecialchars($cert['descr']);
509			?>
510	28ff7ace	jim-p	<tr>
511			<td class="listlr">
512	f9ee8994	Stephen Beaver	<?=$name; ?>
513	28ff7ace	jim-p	</td>
514	fc54f29b	jim-p	<td class="listlr">
515	f9ee8994	Stephen Beaver	<?=$openssl_crl_status[$cert["reason"]]; ?>
516	fc54f29b	jim-p	</td>
517			<td class="listlr">
518	f9ee8994	Stephen Beaver	<?=date("D M j G:i:s T Y", $cert["revoke_time"]); ?>
519	fc54f29b	jim-p	</td>
520	28ff7ace	jim-p	<td class="list">
521	15b6dcac	jim-p	<a href="system_crlmanager.php?act=delcert&id=<?=$crl['refid']; ?>&certref=<?=$cert['refid']; ?>">
522			<i class="fa fa-trash" title="<?=gettext("Delete this certificate from the CRL")?>" alt="<?=gettext("Delete this certificate from the CRL")?>"></i>
523	28ff7ace	jim-p	</a>
524			</td>
525			</tr>
526	f9ee8994	Stephen Beaver	<?php
527			endforeach;
528			?>
529			</tbody>
530			</table>
531	f6fac5ac	Phil Davis	<?php
532			}
533			?>
534	f9ee8994	Stephen Beaver	</div>
535			</div>
536			<?php
537
538			$ca_certs = array();
539	78863416	Phil Davis	foreach ($a_cert as $cert) {
540			if ($cert['caref'] == $crl['caref']) {
541	f9ee8994	Stephen Beaver	$ca_certs[] = $cert;
542	78863416	Phil Davis	}
543			}
544	3a9f3078	Stephen Beaver
545	f6fac5ac	Phil Davis	if (count($ca_certs) == 0) {
546	8545adde	k-paulius	print_info_box(gettext("No certificates found for this CA."), 'danger');
547	f6fac5ac	Phil Davis	} else {
548	5f88f964	k-paulius	$section = new Form_Section('Choose a Certificate to Revoke');
549	f6fac5ac	Phil Davis	$group = new Form_Group(null);
550	3a9f3078	Stephen Beaver
551	f6fac5ac	Phil Davis	$group->add(new Form_Select(
552			'certref',
553			null,
554			$pconfig['certref'],
555			build_cacert_list()
556			))->setWidth(4)->setHelp('Certificate');
557	3a9f3078	Stephen Beaver
558	f6fac5ac	Phil Davis	$group->add(new Form_Select(
559			'crlreason',
560			null,
561			-1,
562			$openssl_crl_status
563			))->setHelp('Reason');
564	3a9f3078	Stephen Beaver
565	f6fac5ac	Phil Davis	$group->add(new Form_Button(
566			'submit',
567	faab522f	Renato Botelho	'Add',
568	827a3812	jim-p	null,
569			'fa-plus'
570			))->addClass('btn-success btn-sm');
571	3a9f3078	Stephen Beaver
572	f6fac5ac	Phil Davis	$section->add($group);
573	3a9f3078	Stephen Beaver
574	f6fac5ac	Phil Davis	$section->addInput(new Form_Input(
575			'id',
576			null,
577			'hidden',
578			$crl['refid']
579			));
580	3a9f3078	Stephen Beaver
581	f6fac5ac	Phil Davis	$section->addInput(new Form_Input(
582			'act',
583			null,
584			'hidden',
585			'addcert'
586			));
587	3a9f3078	Stephen Beaver
588	f6fac5ac	Phil Davis	$section->addInput(new Form_Input(
589			'crlref',
590			null,
591			'hidden',
592			$crl['refid']
593			));
594	3a9f3078	Stephen Beaver
595	f6fac5ac	Phil Davis	$form->add($section);
596			}
597	3a9f3078	Stephen Beaver
598	f9ee8994	Stephen Beaver	print($form);
599			} else {
600			?>
601
602			<div class="panel panel-default">
603			<div class="panel-heading"><h2 class="panel-title"><?=gettext("Additional Certificate Revocation Lists")?></h2></div>
604			<div class="panel-body table-responsive">
605	91677170	PiBa-NL	<table class="table table-striped table-hover table-condensed table-rowdblclickedit">
606	f9ee8994	Stephen Beaver	<thead>
607	0d15afff	Colin Fleming	<tr>
608	f9ee8994	Stephen Beaver	<th><?=gettext("Name")?></th>
609			<th><?=gettext("Internal")?></th>
610			<th><?=gettext("Certificates")?></th>
611			<th><?=gettext("In Use")?></th>
612	b1466a09	Phil Davis	<th><?=gettext("Actions")?></th>
613	0d15afff	Colin Fleming	</tr>
614	f9ee8994	Stephen Beaver	</thead>
615			<tbody>
616			<?php
617			// Map CRLs to CAs in one pass
618			$ca_crl_map = array();
619	78863416	Phil Davis	foreach ($a_crl as $crl) {
620	f9ee8994	Stephen Beaver	$ca_crl_map[$crl['caref']][] = $crl['refid'];
621	78863416	Phil Davis	}
622	f9ee8994	Stephen Beaver
623			$i = 0;
624	78863416	Phil Davis	foreach ($a_ca as $ca):
625	f9ee8994	Stephen Beaver	$name = htmlspecialchars($ca['descr']);
626
627	78863416	Phil Davis	if ($ca['prv']) {
628	f9ee8994	Stephen Beaver	$cainternal = "YES";
629	78863416	Phil Davis	} else {
630	f9ee8994	Stephen Beaver	$cainternal = "NO";
631	78863416	Phil Davis	}
632	3a9f3078	Stephen Beaver	?>
633	81bfb231	jim-p	<tr>
634	f9ee8994	Stephen Beaver	<td colspan="4">
635			<?=$name?>
636	81bfb231	jim-p	</td>
637	f9ee8994	Stephen Beaver	<td>
638	3a9f3078	Stephen Beaver	<?php
639	78863416	Phil Davis	if ($cainternal == "YES"):
640			?>
641	f9ee8994	Stephen Beaver	<a href="system_crlmanager.php?act=new&caref=<?=$ca['refid']; ?>" class="btn btn-xs btn-success">
642	15b6dcac	jim-p	<i class="fa fa-plus icon-embed-btn"></i>
643	c4e97dbe	Chris Buechler	<?=gettext("Add or Import CRL")?>
644	44bcc1be	jim-p	</a>
645	3a9f3078	Stephen Beaver	<?php
646	78863416	Phil Davis	else:
647			?>
648	f9ee8994	Stephen Beaver	<a href="system_crlmanager.php?act=new&caref=<?=$ca['refid']; ?>&importonly=yes" class="btn btn-xs btn-success">
649	15b6dcac	jim-p	<i class="fa fa-plus icon-embed-btn"></i>
650	c4e97dbe	Chris Buechler	<?=gettext("Add or Import CRL")?>
651	3a9f3078	Stephen Beaver	</a>
652			<?php
653	78863416	Phil Davis	endif;
654			?>
655	81bfb231	jim-p	</td>
656			</tr>
657	f9ee8994	Stephen Beaver	<?php
658			if (is_array($ca_crl_map[$ca['refid']])):
659	78863416	Phil Davis	foreach ($ca_crl_map[$ca['refid']] as $crl):
660	f9ee8994	Stephen Beaver	$tmpcrl = lookup_crl($crl);
661			$internal = is_crl_internal($tmpcrl);
662			$inuse = crl_in_use($tmpcrl['refid']);
663			?>
664	81bfb231	jim-p	<tr>
665	f9ee8994	Stephen Beaver	<td><?=$tmpcrl['descr']; ?></td>
666	ce883f9f	jim-p	<td><i class="fa fa-<?=($internal) ? "check" : "times"; ?>"></i></td>
667	f9ee8994	Stephen Beaver	<td><?=($internal) ? count($tmpcrl['cert']) : "Unknown (imported)"; ?></td>
668	ce883f9f	jim-p	<td><i class="fa fa-<?=($inuse) ? "check" : "times"; ?>"></i></td>
669	f9ee8994	Stephen Beaver	<td>
670	15b6dcac	jim-p	<a href="system_crlmanager.php?act=exp&id=<?=$tmpcrl['refid']?>" class="fa fa-download" title="<?=gettext("Export CRL")?>"></a>
671	3a9f3078	Stephen Beaver	<?php
672	f9ee8994	Stephen Beaver	if ($internal): ?>
673	15b6dcac	jim-p	<a href="system_crlmanager.php?act=edit&id=<?=$tmpcrl['refid']?>" class="fa fa-pencil" title="<?=gettext("Edit CRL")?>"></a>
674	3a9f3078	Stephen Beaver	<?php
675	78863416	Phil Davis	else:
676			?>
677	15b6dcac	jim-p	<a href="system_crlmanager.php?act=editimported&id=<?=$tmpcrl['refid']?>" class="fa fa-pencil" title="<?=gettext("Edit CRL")?>"></a>
678	3a9f3078	Stephen Beaver	<?php endif;
679	78863416	Phil Davis	if (!$inuse):
680			?>
681	15b6dcac	jim-p	<a href="system_crlmanager.php?act=del&id=<?=$tmpcrl['refid']?>" class="fa fa-trash" title="<?=gettext("Delete CRL")?>"></a>
682	3a9f3078	Stephen Beaver	<?php
683	78863416	Phil Davis	endif;
684			?>
685	81bfb231	jim-p	</td>
686			</tr>
687	f9ee8994	Stephen Beaver	<?php
688			$i++;
689			endforeach;
690			endif;
691			$i++;
692			endforeach;
693	3a9f3078	Stephen Beaver	?>
694	f9ee8994	Stephen Beaver	</tbody>
695			</table>
696			</div>
697			</div>
698	3a9f3078	Stephen Beaver
699
700			<?php
701	f9ee8994	Stephen Beaver	}
702			?>
703	81bfb231	jim-p
704	f9ee8994	Stephen Beaver	<script>
705	3a9f3078	Stephen Beaver	//<![CDATA[
706	78863416	Phil Davis	events.push(function() {
707	3a9f3078	Stephen Beaver
708			// Hides all elements of the specified class. This will usually be a section or group
709			function hideClass(s_class, hide) {
710	78863416	Phil Davis	if (hide) {
711	3a9f3078	Stephen Beaver	$('.' + s_class).hide();
712	78863416	Phil Davis	} else {
713	3a9f3078	Stephen Beaver	$('.' + s_class).show();
714	78863416	Phil Davis	}
715	3a9f3078	Stephen Beaver	}
716
717			// When the 'method" selector is changed, we show/hide certain sections
718			$('#method').on('change', function() {
719			hideClass('internal', ($('#method').val() == 'existing'));
720			hideClass('existing', ($('#method').val() == 'internal'));
721			});
722
723	f9ee8994	Stephen Beaver	hideClass('internal', ($('#method').val() == 'existing'));
724			hideClass('existing', ($('#method').val() == 'internal'));
725			});
726	3a9f3078	Stephen Beaver	//]]>
727	81bfb231	jim-p	</script>
728
729	f9ee8994	Stephen Beaver	<?php include("foot.inc");

Project

General

Profile

pfSense