/src/usr/local/www/system_crlmanager.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/src/usr/local/www/system_crlmanager.php @ 309ff2c7

1	81bfb231	jim-p	<?php
2			/*
3	c5d81585	Renato Botelho	* system_crlmanager.php
4			*
5			* part of pfSense (https://www.pfsense.org)
6	38809d47	Renato Botelho do Couto	* Copyright (c) 2004-2013 BSD Perimeter
7			* Copyright (c) 2013-2016 Electric Sheep Fencing
8			* Copyright (c) 2014-2019 Rubicon Communications, LLC (Netgate)
9	c5d81585	Renato Botelho	* All rights reserved.
10			*
11	b12ea3fb	Renato Botelho	* Licensed under the Apache License, Version 2.0 (the "License");
12			* you may not use this file except in compliance with the License.
13			* You may obtain a copy of the License at
14	c5d81585	Renato Botelho	*
15	b12ea3fb	Renato Botelho	* http://www.apache.org/licenses/LICENSE-2.0
16	c5d81585	Renato Botelho	*
17	b12ea3fb	Renato Botelho	* Unless required by applicable law or agreed to in writing, software
18			* distributed under the License is distributed on an "AS IS" BASIS,
19			* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
20			* See the License for the specific language governing permissions and
21			* limitations under the License.
22	3a9f3078	Stephen Beaver	*/
23	81bfb231	jim-p
24			##\|+PRIV
25			##\|*IDENT=page-system-crlmanager
26			##\|*NAME=System: CRL Manager
27			##\|*DESCR=Allow access to the 'System: CRL Manager' page.
28			##\|MATCH=system_crlmanager.php
29			##\|-PRIV
30
31	c81ef6e2	Phil Davis	require_once("guiconfig.inc");
32	81bfb231	jim-p	require_once("certs.inc");
33	0dea741f	Chris Buechler	require_once("openvpn.inc");
34	0661622a	doktornotor	require_once("pfsense-utils.inc");
35	0dea741f	Chris Buechler	require_once("vpn.inc");
36	81bfb231	jim-p
37	9aa8f6a8	jim-p	$max_lifetime = crl_get_max_lifetime();
38			$default_lifetime = 3650;
39			if ($max_lifetime < $default_lifetime) {
40			$default_lifetime = $max_lifetime;
41			}
42
43	fc54f29b	jim-p	global $openssl_crl_status;
44
45	81bfb231	jim-p	$crl_methods = array(
46			"internal" => gettext("Create an internal Certificate Revocation List"),
47			"existing" => gettext("Import an existing Certificate Revocation List"));
48
49	4611e283	Steve Beaver	if (isset($_REQUEST['id']) && ctype_alnum($_REQUEST['id'])) {
50			$id = $_REQUEST['id'];
51	56b1ed39	Phil Davis	}
52	81bfb231	jim-p
53	c6c398c6	jim-p	init_config_arr(array('ca'));
54			$a_ca = &$config['ca'];
55	81bfb231	jim-p
56	c6c398c6	jim-p	init_config_arr(array('cert'));
57			$a_cert = &$config['cert'];
58	81bfb231	jim-p
59	c6c398c6	jim-p	init_config_arr(array('crl'));
60			$a_crl = &$config['crl'];
61	81bfb231	jim-p
62	56b1ed39	Phil Davis	foreach ($a_crl as $cid => $acrl) {
63			if (!isset($acrl['refid'])) {
64	c1f95f5c	jim-p	unset ($a_crl[$cid]);
65	56b1ed39	Phil Davis	}
66			}
67	c1f95f5c	jim-p
68	4611e283	Steve Beaver	$act = $_REQUEST['act'];
69	d565c182	Steve Beaver
70	81bfb231	jim-p
71	56b1ed39	Phil Davis	if (!empty($id)) {
72	c1f95f5c	jim-p	$thiscrl =& lookup_crl($id);
73	56b1ed39	Phil Davis	}
74	81bfb231	jim-p
75	c1f95f5c	jim-p	// If we were given an invalid crlref in the id, no sense in continuing as it would only cause errors.
76			if (!$thiscrl && (($act != "") && ($act != "new"))) {
77			pfSenseHeader("system_crlmanager.php");
78			$act="";
79			$savemsg = gettext("Invalid CRL reference.");
80	61d1ca3e	Phil Davis	$class = "danger";
81	3a9f3078	Stephen Beaver	}
82	c1f95f5c	jim-p
83	4611e283	Steve Beaver	if ($_POST['act'] == "del") {
84	234cde4b	jim-p	$name = htmlspecialchars($thiscrl['descr']);
85	c1f95f5c	jim-p	if (crl_in_use($id)) {
86	8545adde	k-paulius	$savemsg = sprintf(gettext("Certificate Revocation List %s is in use and cannot be deleted."), $name);
87	61d1ca3e	Phil Davis	$class = "danger";
88	ad8df715	jim-p	} else {
89	56b1ed39	Phil Davis	foreach ($a_crl as $cid => $acrl) {
90			if ($acrl['refid'] == $thiscrl['refid']) {
91	c1f95f5c	jim-p	unset($a_crl[$cid]);
92	56b1ed39	Phil Davis	}
93			}
94	ad08687b	jim-p	write_config("Deleted CRL {$name}.");
95	8545adde	k-paulius	$savemsg = sprintf(gettext("Certificate Revocation List %s successfully deleted."), $name);
96	61d1ca3e	Phil Davis	$class = "success";
97	ad8df715	jim-p	}
98	81bfb231	jim-p	}
99
100			if ($act == "new") {
101	4611e283	Steve Beaver	$pconfig['method'] = $_REQUEST['method'];
102			$pconfig['caref'] = $_REQUEST['caref'];
103	9aa8f6a8	jim-p	$pconfig['lifetime'] = $default_lifetime;
104	81bfb231	jim-p	$pconfig['serial'] = "0";
105			}
106
107			if ($act == "exp") {
108	45508803	jim-p	crl_update($thiscrl);
109	c1f95f5c	jim-p	$exp_name = urlencode("{$thiscrl['descr']}.crl");
110			$exp_data = base64_decode($thiscrl['text']);
111	81bfb231	jim-p	$exp_size = strlen($exp_data);
112
113			header("Content-Type: application/octet-stream");
114			header("Content-Disposition: attachment; filename={$exp_name}");
115			header("Content-Length: $exp_size");
116			echo $exp_data;
117			exit;
118			}
119
120	28ff7ace	jim-p	if ($act == "addcert") {
121	d565c182	Steve Beaver	unset($input_errors);
122	4611e283	Steve Beaver	$pconfig = $_REQUEST;
123	28ff7ace	jim-p
124	d565c182	Steve Beaver	if (!$pconfig['crlref'] \|\| !$pconfig['certref']) {
125			pfSenseHeader("system_crlmanager.php");
126			exit;
127			}
128	28ff7ace	jim-p
129	d565c182	Steve Beaver	// certref, crlref
130			$crl =& lookup_crl($pconfig['crlref']);
131			$cert = lookup_cert($pconfig['certref']);
132	28ff7ace	jim-p
133	d565c182	Steve Beaver	if (!$crl['caref'] \|\| !$cert['caref']) {
134			$input_errors[] = gettext("Both the Certificate and CRL must be specified.");
135			}
136	28ff7ace	jim-p
137	d565c182	Steve Beaver	if ($crl['caref'] != $cert['caref']) {
138			$input_errors[] = gettext("CA mismatch between the Certificate and CRL. Unable to Revoke.");
139			}
140			if (!is_crl_internal($crl)) {
141			$input_errors[] = gettext("Cannot revoke certificates for an imported/external CRL.");
142			}
143
144			if (!$input_errors) {
145	981d6364	jim-p	$reason = (empty($pconfig['crlreason'])) ? 0 : $pconfig['crlreason'];
146	d565c182	Steve Beaver	cert_revoke($cert, $crl, $reason);
147			// refresh IPsec and OpenVPN CRLs
148			openvpn_refresh_crls();
149			vpn_ipsec_configure();
150			write_config("Revoked cert {$cert['descr']} in CRL {$crl['descr']}.");
151			pfSenseHeader("system_crlmanager.php");
152			exit;
153	28ff7ace	jim-p	}
154			}
155
156			if ($act == "delcert") {
157	c1f95f5c	jim-p	if (!is_array($thiscrl['cert'])) {
158	28ff7ace	jim-p	pfSenseHeader("system_crlmanager.php");
159			exit;
160			}
161	c1f95f5c	jim-p	$found = false;
162			foreach ($thiscrl['cert'] as $acert) {
163	4611e283	Steve Beaver	if ($acert['refid'] == $_REQUEST['certref']) {
164	c1f95f5c	jim-p	$found = true;
165			$thiscert = $acert;
166			}
167			}
168			if (!$found) {
169			pfSenseHeader("system_crlmanager.php");
170			exit;
171			}
172	234cde4b	jim-p	$certname = htmlspecialchars($thiscert['descr']);
173			$crlname = htmlspecialchars($thiscrl['descr']);
174	c1f95f5c	jim-p	if (cert_unrevoke($thiscert, $thiscrl)) {
175	702fa4d0	Phil Davis	$savemsg = sprintf(gettext('Deleted Certificate %1$s from CRL %2$s.'), $certname, $crlname);
176	61d1ca3e	Phil Davis	$class = "success";
177	3a9f3078	Stephen Beaver	// refresh IPsec and OpenVPN CRLs
178	c1f95f5c	jim-p	openvpn_refresh_crls();
179	6141f51a	Chris Buechler	vpn_ipsec_configure();
180	762faef5	Phil Davis	write_config($savemsg);
181	c1f95f5c	jim-p	} else {
182	702fa4d0	Phil Davis	$savemsg = sprintf(gettext('Failed to delete Certificate %1$s from CRL %2$s.'), $certname, $crlname);
183	61d1ca3e	Phil Davis	$class = "danger";
184	c1f95f5c	jim-p	}
185			$act="edit";
186	28ff7ace	jim-p	}
187
188	d565c182	Steve Beaver	if ($_POST['save']) {
189	234cde4b	jim-p	$input_errors = array();
190	81bfb231	jim-p	$pconfig = $_POST;
191
192			/* input validation */
193	6f3d3a07	jim-p	if (($pconfig['method'] == "existing") \|\| ($act == "editimported")) {
194	5293bfec	jim-p	$reqdfields = explode(" ", "descr crltext");
195	81bfb231	jim-p	$reqdfieldsn = array(
196	6c07db48	Phil Davis	gettext("Descriptive name"),
197			gettext("Certificate Revocation List data"));
198	81bfb231	jim-p	}
199			if ($pconfig['method'] == "internal") {
200	6c07db48	Phil Davis	$reqdfields = explode(" ", "descr caref");
201	81bfb231	jim-p	$reqdfieldsn = array(
202	6c07db48	Phil Davis	gettext("Descriptive name"),
203			gettext("Certificate Authority"));
204	81bfb231	jim-p	}
205
206	1e9b4611	Renato Botelho	do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors);
207	81bfb231	jim-p
208	234cde4b	jim-p	if (preg_match("/[\?\>\<\&\/\\\"\']/", $pconfig['descr'])) {
209			array_push($input_errors, "The field 'Descriptive Name' contains invalid characters.");
210			}
211	9aa8f6a8	jim-p	if ($pconfig['lifetime'] > $max_lifetime) {
212			$input_errors[] = gettext("Lifetime is longer than the maximum allowed value. Use a shorter lifetime.");
213			}
214	234cde4b	jim-p
215	81bfb231	jim-p	/* save modifications */
216			if (!$input_errors) {
217			$result = false;
218
219	304af9d8	jim-p	if ($thiscrl) {
220	c1f95f5c	jim-p	$crl =& $thiscrl;
221	304af9d8	jim-p	} else {
222			$crl = array();
223			$crl['refid'] = uniqid();
224			}
225	81bfb231	jim-p
226	f2a86ca9	jim-p	$crl['descr'] = $pconfig['descr'];
227	6f3d3a07	jim-p	if ($act != "editimported") {
228			$crl['caref'] = $pconfig['caref'];
229			$crl['method'] = $pconfig['method'];
230			}
231	81bfb231	jim-p
232	6f3d3a07	jim-p	if (($pconfig['method'] == "existing") \|\| ($act == "editimported")) {
233	304af9d8	jim-p	$crl['text'] = base64_encode($pconfig['crltext']);
234	81bfb231	jim-p	}
235
236			if ($pconfig['method'] == "internal") {
237			$crl['serial'] = empty($pconfig['serial']) ? 9999 : $pconfig['serial'];
238	9aa8f6a8	jim-p	$crl['lifetime'] = empty($pconfig['lifetime']) ? $default_lifetime : $pconfig['lifetime'];
239	81bfb231	jim-p	$crl['cert'] = array();
240			}
241
242	56b1ed39	Phil Davis	if (!$thiscrl) {
243	81bfb231	jim-p	$a_crl[] = $crl;
244	56b1ed39	Phil Davis	}
245	81bfb231	jim-p
246	304af9d8	jim-p	write_config("Saved CRL {$crl['descr']}");
247	3a9f3078	Stephen Beaver	// refresh IPsec and OpenVPN CRLs
248	6f3d3a07	jim-p	openvpn_refresh_crls();
249	6141f51a	Chris Buechler	vpn_ipsec_configure();
250	81bfb231	jim-p	pfSenseHeader("system_crlmanager.php");
251			}
252			}
253
254	56c6b1cb	k-paulius	$pgtitle = array(gettext("System"), gettext("Certificate Manager"), gettext("Certificate Revocation"));
255	edcd7535	Phil Davis	$pglinks = array("", "system_camanager.php", "system_crlmanager.php");
256	56c6b1cb	k-paulius
257			if ($act == "new" \|\| $act == gettext("Save") \|\| $input_errors \|\| $act == "edit") {
258			$pgtitle[] = gettext('Edit');
259	edcd7535	Phil Davis	$pglinks[] = "@self";
260	56c6b1cb	k-paulius	}
261	81bfb231	jim-p	include("head.inc");
262			?>
263
264			<script type="text/javascript">
265	0d15afff	Colin Fleming	//<![CDATA[
266	81bfb231	jim-p
267			function method_change() {
268
269	44bcc1be	jim-p	method = document.iform.method.value;
270	81bfb231	jim-p
271			switch (method) {
272	44bcc1be	jim-p	case "internal":
273	81bfb231	jim-p	document.getElementById("existing").style.display="none";
274			document.getElementById("internal").style.display="";
275			break;
276	44bcc1be	jim-p	case "existing":
277	81bfb231	jim-p	document.getElementById("existing").style.display="";
278			document.getElementById("internal").style.display="none";
279			break;
280			}
281			}
282
283	0d15afff	Colin Fleming	//]]>
284	81bfb231	jim-p	</script>
285	f9ee8994	Stephen Beaver
286	81bfb231	jim-p	<?php
287	f9ee8994	Stephen Beaver
288			function build_method_list() {
289	bda120a4	Steve Beaver	global $_POST, $crl_methods;
290	3a9f3078	Stephen Beaver
291	f9ee8994	Stephen Beaver	$list = array();
292	3a9f3078	Stephen Beaver
293	78863416	Phil Davis	foreach ($crl_methods as $method => $desc) {
294	bda120a4	Steve Beaver	if (($_POST['importonly'] == "yes") && ($method != "existing")) {
295	f9ee8994	Stephen Beaver	continue;
296	78863416	Phil Davis	}
297	3a9f3078	Stephen Beaver
298	f9ee8994	Stephen Beaver	$list[$method] = $desc;
299	3a9f3078	Stephen Beaver	}
300
301			return($list);
302	f9ee8994	Stephen Beaver	}
303
304			function build_ca_list() {
305			global $a_ca;
306	3a9f3078	Stephen Beaver
307	f9ee8994	Stephen Beaver	$list = array();
308	3a9f3078	Stephen Beaver
309	78863416	Phil Davis	foreach ($a_ca as $ca) {
310	f9ee8994	Stephen Beaver	$list[$ca['refid']] = $ca['descr'];
311	78863416	Phil Davis	}
312	f9ee8994	Stephen Beaver
313			return($list);
314			}
315
316			function build_cacert_list() {
317			global $ca_certs;
318	3a9f3078	Stephen Beaver
319	f9ee8994	Stephen Beaver	$list = array();
320
321	9d3e8723	Phil Davis	foreach ($ca_certs as $cert) {
322	3a9f3078	Stephen Beaver	$list[$cert['refid']] = $cert['descr'];
323	78863416	Phil Davis	}
324	f9ee8994	Stephen Beaver
325			return($list);
326	3a9f3078	Stephen Beaver	}
327	f9ee8994	Stephen Beaver
328	78863416	Phil Davis	if ($input_errors) {
329	f9ee8994	Stephen Beaver	print_input_errors($input_errors);
330	78863416	Phil Davis	}
331	3a9f3078	Stephen Beaver
332	78863416	Phil Davis	if ($savemsg) {
333	61d1ca3e	Phil Davis	print_info_box($savemsg, $class);
334	78863416	Phil Davis	}
335	3a9f3078	Stephen Beaver
336	f9ee8994	Stephen Beaver	$tab_array = array();
337			$tab_array[] = array(gettext("CAs"), false, "system_camanager.php");
338			$tab_array[] = array(gettext("Certificates"), false, "system_certmanager.php");
339			$tab_array[] = array(gettext("Certificate Revocation"), true, "system_crlmanager.php");
340			display_top_tabs($tab_array);
341
342			if ($act == "new" \|\| $act == gettext("Save") \|\| $input_errors) {
343	6216cd4f	Peter Feichtinger	$form = new Form();
344	3a9f3078	Stephen Beaver
345	6216cd4f	Peter Feichtinger	$section = new Form_Section('Create new Revocation List');
346	3a9f3078	Stephen Beaver
347	6216cd4f	Peter Feichtinger	if (!isset($id)) {
348	f9ee8994	Stephen Beaver	$section->addInput(new Form_Select(
349			'method',
350	153c3aa6	Phil Davis	'*Method',
351	f9ee8994	Stephen Beaver	$pconfig['method'],
352			build_method_list()
353			));
354			}
355	3a9f3078	Stephen Beaver
356	f9ee8994	Stephen Beaver	$section->addInput(new Form_Input(
357			'descr',
358	153c3aa6	Phil Davis	'*Descriptive name',
359	f9ee8994	Stephen Beaver	'text',
360			$pconfig['descr']
361			));
362
363			$section->addInput(new Form_Select(
364			'caref',
365	153c3aa6	Phil Davis	'*Certificate Authority',
366	f9ee8994	Stephen Beaver	$pconfig['caref'],
367			build_ca_list()
368			));
369	3a9f3078	Stephen Beaver
370	f9ee8994	Stephen Beaver	$form->add($section);
371	3a9f3078	Stephen Beaver
372	f9ee8994	Stephen Beaver	$section = new Form_Section('Existing Certificate Revocation List');
373			$section->addClass('existing');
374	3a9f3078	Stephen Beaver
375	f9ee8994	Stephen Beaver	$section->addInput(new Form_Textarea(
376			'crltext',
377	153c3aa6	Phil Davis	'*CRL data',
378	f9ee8994	Stephen Beaver	$pconfig['crltext']
379			))->setHelp('Paste a Certificate Revocation List in X.509 CRL format here.');
380	3a9f3078	Stephen Beaver
381	f9ee8994	Stephen Beaver	$form->add($section);
382	3a9f3078	Stephen Beaver
383	f9ee8994	Stephen Beaver	$section = new Form_Section('Internal Certificate Revocation List');
384			$section->addClass('internal');
385	3a9f3078	Stephen Beaver
386	f9ee8994	Stephen Beaver	$section->addInput(new Form_Input(
387			'lifetime',
388			'Lifetime (Days)',
389			'number',
390			$pconfig['lifetime'],
391	9aa8f6a8	jim-p	['max' => $max_lifetime]
392	f9ee8994	Stephen Beaver	));
393	3a9f3078	Stephen Beaver
394	f9ee8994	Stephen Beaver	$section->addInput(new Form_Input(
395			'serial',
396			'Serial',
397			'number',
398			$pconfig['serial'],
399	d0c62202	BBcan177	['min' => '0', 'max' => '9999']
400	f9ee8994	Stephen Beaver	));
401	3a9f3078	Stephen Beaver
402			$form->add($section);
403
404	f9ee8994	Stephen Beaver	if (isset($id) && $thiscrl) {
405	ee12dd78	Peter Feichtinger	$form->addGlobal(new Form_Input(
406	f9ee8994	Stephen Beaver	'id',
407			null,
408			'hidden',
409			$id
410	3a9f3078	Stephen Beaver	));
411	f9ee8994	Stephen Beaver	}
412	3a9f3078	Stephen Beaver
413	f9ee8994	Stephen Beaver	print($form);
414
415			} elseif ($act == "editimported") {
416	3a9f3078	Stephen Beaver
417	f9ee8994	Stephen Beaver	$form = new Form();
418	3a9f3078	Stephen Beaver
419			$section = new Form_Section('Edit Imported Certificate Revocation List');
420
421	f9ee8994	Stephen Beaver	$section->addInput(new Form_Input(
422			'descr',
423	153c3aa6	Phil Davis	'*Descriptive name',
424	f9ee8994	Stephen Beaver	'text',
425			$pconfig['descr']
426			));
427	3a9f3078	Stephen Beaver
428	f9ee8994	Stephen Beaver	$section->addInput(new Form_Textarea(
429			'crltext',
430	153c3aa6	Phil Davis	'*CRL data',
431	f9ee8994	Stephen Beaver	$pconfig['crltext']
432			))->setHelp('Paste a Certificate Revocation List in X.509 CRL format here.');
433	3a9f3078	Stephen Beaver
434	ee12dd78	Peter Feichtinger	$form->addGlobal(new Form_Input(
435	f9ee8994	Stephen Beaver	'id',
436			null,
437			'hidden',
438			$id
439			));
440	3a9f3078	Stephen Beaver
441	ee12dd78	Peter Feichtinger	$form->addGlobal(new Form_Input(
442	f9ee8994	Stephen Beaver	'act',
443			null,
444			'hidden',
445			'editimported'
446			));
447	3a9f3078	Stephen Beaver
448	f9ee8994	Stephen Beaver	$form->add($section);
449	3a9f3078	Stephen Beaver
450	f9ee8994	Stephen Beaver	print($form);
451	3a9f3078	Stephen Beaver
452	f9ee8994	Stephen Beaver	} elseif ($act == "edit") {
453			$crl = $thiscrl;
454	3a9f3078	Stephen Beaver
455	f9ee8994	Stephen Beaver	$form = new Form(false);
456	81bfb231	jim-p	?>
457	3a9f3078	Stephen Beaver
458	f9ee8994	Stephen Beaver	<div class="panel panel-default">
459			<div class="panel-heading"><h2 class="panel-title"><?=gettext("Currently Revoked Certificates for CRL") . ': ' . $crl['descr']?></h2></div>
460			<div class="panel-body table-responsive">
461	3a9f3078	Stephen Beaver	<?php
462	78863416	Phil Davis	if (!is_array($crl['cert']) \|\| (count($crl['cert']) == 0)) {
463	8545adde	k-paulius	print_info_box(gettext("No certificates found for this CRL."), 'danger');
464	78863416	Phil Davis	} else {
465	3a9f3078	Stephen Beaver	?>
466	f9ee8994	Stephen Beaver	<table class="table table-striped table-hover table-condensed">
467			<thead>
468	fc54f29b	jim-p	<tr>
469	f9ee8994	Stephen Beaver	<th><?=gettext("Certificate Name")?></th>
470			<th><?=gettext("Revocation Reason")?></th>
471			<th><?=gettext("Revoked At")?></th>
472			<th></th>
473	28ff7ace	jim-p	</tr>
474	f9ee8994	Stephen Beaver	</thead>
475			<tbody>
476	3a9f3078	Stephen Beaver	<?php
477	78863416	Phil Davis	foreach ($crl['cert'] as $i => $cert):
478	f9ee8994	Stephen Beaver	$name = htmlspecialchars($cert['descr']);
479			?>
480	28ff7ace	jim-p	<tr>
481			<td class="listlr">
482	f9ee8994	Stephen Beaver	<?=$name; ?>
483	28ff7ace	jim-p	</td>
484	fc54f29b	jim-p	<td class="listlr">
485	f9ee8994	Stephen Beaver	<?=$openssl_crl_status[$cert["reason"]]; ?>
486	fc54f29b	jim-p	</td>
487			<td class="listlr">
488	f9ee8994	Stephen Beaver	<?=date("D M j G:i:s T Y", $cert["revoke_time"]); ?>
489	fc54f29b	jim-p	</td>
490	28ff7ace	jim-p	<td class="list">
491	d565c182	Steve Beaver	<a href="system_crlmanager.php?act=delcert&id=<?=$crl['refid']; ?>&certref=<?=$cert['refid']; ?>" usepost>
492	15b6dcac	jim-p	<i class="fa fa-trash" title="<?=gettext("Delete this certificate from the CRL")?>" alt="<?=gettext("Delete this certificate from the CRL")?>"></i>
493	28ff7ace	jim-p	</a>
494			</td>
495			</tr>
496	f9ee8994	Stephen Beaver	<?php
497			endforeach;
498			?>
499			</tbody>
500			</table>
501	f6fac5ac	Phil Davis	<?php
502			}
503			?>
504	f9ee8994	Stephen Beaver	</div>
505			</div>
506			<?php
507
508			$ca_certs = array();
509	78863416	Phil Davis	foreach ($a_cert as $cert) {
510	63844c33	skrude61	if ($cert['caref'] == $crl['caref'] && !is_cert_revoked($cert, $id)) {
511	f9ee8994	Stephen Beaver	$ca_certs[] = $cert;
512	78863416	Phil Davis	}
513			}
514	3a9f3078	Stephen Beaver
515	f6fac5ac	Phil Davis	if (count($ca_certs) == 0) {
516	8545adde	k-paulius	print_info_box(gettext("No certificates found for this CA."), 'danger');
517	f6fac5ac	Phil Davis	} else {
518	5f88f964	k-paulius	$section = new Form_Section('Choose a Certificate to Revoke');
519	f6fac5ac	Phil Davis	$group = new Form_Group(null);
520	3a9f3078	Stephen Beaver
521	f6fac5ac	Phil Davis	$group->add(new Form_Select(
522			'certref',
523			null,
524			$pconfig['certref'],
525			build_cacert_list()
526			))->setWidth(4)->setHelp('Certificate');
527	3a9f3078	Stephen Beaver
528	f6fac5ac	Phil Davis	$group->add(new Form_Select(
529			'crlreason',
530			null,
531			-1,
532			$openssl_crl_status
533			))->setHelp('Reason');
534	3a9f3078	Stephen Beaver
535	f6fac5ac	Phil Davis	$group->add(new Form_Button(
536			'submit',
537	faab522f	Renato Botelho	'Add',
538	827a3812	jim-p	null,
539			'fa-plus'
540			))->addClass('btn-success btn-sm');
541	3a9f3078	Stephen Beaver
542	f6fac5ac	Phil Davis	$section->add($group);
543	3a9f3078	Stephen Beaver
544	ee12dd78	Peter Feichtinger	$form->addGlobal(new Form_Input(
545	f6fac5ac	Phil Davis	'id',
546			null,
547			'hidden',
548			$crl['refid']
549			));
550	3a9f3078	Stephen Beaver
551	ee12dd78	Peter Feichtinger	$form->addGlobal(new Form_Input(
552	f6fac5ac	Phil Davis	'act',
553			null,
554			'hidden',
555			'addcert'
556			));
557	3a9f3078	Stephen Beaver
558	ee12dd78	Peter Feichtinger	$form->addGlobal(new Form_Input(
559	f6fac5ac	Phil Davis	'crlref',
560			null,
561			'hidden',
562			$crl['refid']
563			));
564	3a9f3078	Stephen Beaver
565	f6fac5ac	Phil Davis	$form->add($section);
566			}
567	3a9f3078	Stephen Beaver
568	f9ee8994	Stephen Beaver	print($form);
569			} else {
570			?>
571
572			<div class="panel panel-default">
573			<div class="panel-heading"><h2 class="panel-title"><?=gettext("Additional Certificate Revocation Lists")?></h2></div>
574			<div class="panel-body table-responsive">
575	1c10ce97	PiBa-NL	<table class="table table-striped table-hover table-condensed table-rowdblclickedit">
576	f9ee8994	Stephen Beaver	<thead>
577	0d15afff	Colin Fleming	<tr>
578	f9ee8994	Stephen Beaver	<th><?=gettext("Name")?></th>
579			<th><?=gettext("Internal")?></th>
580			<th><?=gettext("Certificates")?></th>
581			<th><?=gettext("In Use")?></th>
582	b1466a09	Phil Davis	<th><?=gettext("Actions")?></th>
583	0d15afff	Colin Fleming	</tr>
584	f9ee8994	Stephen Beaver	</thead>
585			<tbody>
586			<?php
587	3bde5cdd	PiBa-NL	$pluginparams = array();
588			$pluginparams['type'] = 'certificates';
589			$pluginparams['event'] = 'used_crl';
590			$certificates_used_by_packages = pkg_call_plugins('plugin_certificates', $pluginparams);
591	f9ee8994	Stephen Beaver	// Map CRLs to CAs in one pass
592			$ca_crl_map = array();
593	78863416	Phil Davis	foreach ($a_crl as $crl) {
594	f9ee8994	Stephen Beaver	$ca_crl_map[$crl['caref']][] = $crl['refid'];
595	78863416	Phil Davis	}
596	f9ee8994	Stephen Beaver
597			$i = 0;
598	78863416	Phil Davis	foreach ($a_ca as $ca):
599	f9ee8994	Stephen Beaver	$name = htmlspecialchars($ca['descr']);
600
601	78863416	Phil Davis	if ($ca['prv']) {
602	f9ee8994	Stephen Beaver	$cainternal = "YES";
603	78863416	Phil Davis	} else {
604	f9ee8994	Stephen Beaver	$cainternal = "NO";
605	78863416	Phil Davis	}
606	3a9f3078	Stephen Beaver	?>
607	81bfb231	jim-p	<tr>
608	f9ee8994	Stephen Beaver	<td colspan="4">
609			<?=$name?>
610	81bfb231	jim-p	</td>
611	f9ee8994	Stephen Beaver	<td>
612	3a9f3078	Stephen Beaver	<?php
613	78863416	Phil Davis	if ($cainternal == "YES"):
614			?>
615	4611e283	Steve Beaver	<a href="system_crlmanager.php?act=new&caref=<?=$ca['refid']; ?>" class="btn btn-xs btn-success">
616	15b6dcac	jim-p	<i class="fa fa-plus icon-embed-btn"></i>
617	c4e97dbe	Chris Buechler	<?=gettext("Add or Import CRL")?>
618	44bcc1be	jim-p	</a>
619	3a9f3078	Stephen Beaver	<?php
620	78863416	Phil Davis	else:
621			?>
622	4611e283	Steve Beaver	<a href="system_crlmanager.php?act=new&caref=<?=$ca['refid']; ?>&importonly=yes" class="btn btn-xs btn-success">
623	15b6dcac	jim-p	<i class="fa fa-plus icon-embed-btn"></i>
624	c4e97dbe	Chris Buechler	<?=gettext("Add or Import CRL")?>
625	3a9f3078	Stephen Beaver	</a>
626			<?php
627	78863416	Phil Davis	endif;
628			?>
629	81bfb231	jim-p	</td>
630			</tr>
631	f9ee8994	Stephen Beaver	<?php
632			if (is_array($ca_crl_map[$ca['refid']])):
633	78863416	Phil Davis	foreach ($ca_crl_map[$ca['refid']] as $crl):
634	f9ee8994	Stephen Beaver	$tmpcrl = lookup_crl($crl);
635			$internal = is_crl_internal($tmpcrl);
636	d9064f0b	jim-p	if ($internal && (!isset($tmpcrl['cert']) \|\| empty($tmpcrl['cert'])) ) {
637			$tmpcrl['cert'] = array();
638			}
639	f9ee8994	Stephen Beaver	$inuse = crl_in_use($tmpcrl['refid']);
640			?>
641	81bfb231	jim-p	<tr>
642	f9ee8994	Stephen Beaver	<td><?=$tmpcrl['descr']; ?></td>
643	ce883f9f	jim-p	<td><i class="fa fa-<?=($internal) ? "check" : "times"; ?>"></i></td>
644	f9ee8994	Stephen Beaver	<td><?=($internal) ? count($tmpcrl['cert']) : "Unknown (imported)"; ?></td>
645	3bde5cdd	PiBa-NL	<td><i class="fa fa-<?=($inuse) ? "check" : "times"; ?>"></i>
646			<?php echo cert_usedby_description($tmpcrl['refid'], $certificates_used_by_packages); ?>
647			</td>
648	f9ee8994	Stephen Beaver	<td>
649	4611e283	Steve Beaver	<a href="system_crlmanager.php?act=exp&id=<?=$tmpcrl['refid']?>" class="fa fa-download" title="<?=gettext("Export CRL")?>" ></a>
650	3a9f3078	Stephen Beaver	<?php
651	f9ee8994	Stephen Beaver	if ($internal): ?>
652	4611e283	Steve Beaver	<a href="system_crlmanager.php?act=edit&id=<?=$tmpcrl['refid']?>" class="fa fa-pencil" title="<?=gettext("Edit CRL")?>"></a>
653	3a9f3078	Stephen Beaver	<?php
654	78863416	Phil Davis	else:
655			?>
656	4611e283	Steve Beaver	<a href="system_crlmanager.php?act=editimported&id=<?=$tmpcrl['refid']?>" class="fa fa-pencil" title="<?=gettext("Edit CRL")?>"></a>
657	3a9f3078	Stephen Beaver	<?php endif;
658	78863416	Phil Davis	if (!$inuse):
659			?>
660	d565c182	Steve Beaver	<a href="system_crlmanager.php?act=del&id=<?=$tmpcrl['refid']?>" class="fa fa-trash" title="<?=gettext("Delete CRL")?>" usepost></a>
661	3a9f3078	Stephen Beaver	<?php
662	78863416	Phil Davis	endif;
663			?>
664	81bfb231	jim-p	</td>
665			</tr>
666	f9ee8994	Stephen Beaver	<?php
667			$i++;
668			endforeach;
669			endif;
670			$i++;
671			endforeach;
672	3a9f3078	Stephen Beaver	?>
673	f9ee8994	Stephen Beaver	</tbody>
674			</table>
675			</div>
676			</div>
677	3a9f3078	Stephen Beaver
678
679			<?php
680	f9ee8994	Stephen Beaver	}
681			?>
682	81bfb231	jim-p
683	46345696	Colin Fleming	<script type="text/javascript">
684	3a9f3078	Stephen Beaver	//<![CDATA[
685	78863416	Phil Davis	events.push(function() {
686	3a9f3078	Stephen Beaver
687			// Hides all elements of the specified class. This will usually be a section or group
688			function hideClass(s_class, hide) {
689	78863416	Phil Davis	if (hide) {
690	3a9f3078	Stephen Beaver	$('.' + s_class).hide();
691	78863416	Phil Davis	} else {
692	3a9f3078	Stephen Beaver	$('.' + s_class).show();
693	78863416	Phil Davis	}
694	3a9f3078	Stephen Beaver	}
695
696			// When the 'method" selector is changed, we show/hide certain sections
697			$('#method').on('change', function() {
698			hideClass('internal', ($('#method').val() == 'existing'));
699			hideClass('existing', ($('#method').val() == 'internal'));
700			});
701
702	f9ee8994	Stephen Beaver	hideClass('internal', ($('#method').val() == 'existing'));
703			hideClass('existing', ($('#method').val() == 'internal'));
704			});
705	3a9f3078	Stephen Beaver	//]]>
706	81bfb231	jim-p	</script>
707
708	f9ee8994	Stephen Beaver	<?php include("foot.inc");

Project

General

Profile

pfSense