/src/usr/local/www/system_crlmanager.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/src/usr/local/www/system_crlmanager.php @ 32be4696

1	81bfb231	jim-p	<?php
2			/*
3	c5d81585	Renato Botelho	* system_crlmanager.php
4			*
5			* part of pfSense (https://www.pfsense.org)
6	38809d47	Renato Botelho do Couto	* Copyright (c) 2004-2013 BSD Perimeter
7			* Copyright (c) 2013-2016 Electric Sheep Fencing
8	402c98a2	Reid Linnemann	* Copyright (c) 2014-2023 Rubicon Communications, LLC (Netgate)
9	c5d81585	Renato Botelho	* All rights reserved.
10			*
11	b12ea3fb	Renato Botelho	* Licensed under the Apache License, Version 2.0 (the "License");
12			* you may not use this file except in compliance with the License.
13			* You may obtain a copy of the License at
14	c5d81585	Renato Botelho	*
15	b12ea3fb	Renato Botelho	* http://www.apache.org/licenses/LICENSE-2.0
16	c5d81585	Renato Botelho	*
17	b12ea3fb	Renato Botelho	* Unless required by applicable law or agreed to in writing, software
18			* distributed under the License is distributed on an "AS IS" BASIS,
19			* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
20			* See the License for the specific language governing permissions and
21			* limitations under the License.
22	3a9f3078	Stephen Beaver	*/
23	81bfb231	jim-p
24			##\|+PRIV
25			##\|*IDENT=page-system-crlmanager
26			##\|*NAME=System: CRL Manager
27			##\|*DESCR=Allow access to the 'System: CRL Manager' page.
28			##\|MATCH=system_crlmanager.php
29			##\|-PRIV
30
31	c81ef6e2	Phil Davis	require_once("guiconfig.inc");
32	81bfb231	jim-p	require_once("certs.inc");
33	0dea741f	Chris Buechler	require_once("openvpn.inc");
34	0661622a	doktornotor	require_once("pfsense-utils.inc");
35	0dea741f	Chris Buechler	require_once("vpn.inc");
36	81bfb231	jim-p
37	a3c15890	jim-p	$max_lifetime = crl_get_max_lifetime();
38			$default_lifetime = min(730, $max_lifetime);
39	9aa8f6a8	jim-p
40	fc54f29b	jim-p	global $openssl_crl_status;
41
42	81bfb231	jim-p	$crl_methods = array(
43			"internal" => gettext("Create an internal Certificate Revocation List"),
44			"existing" => gettext("Import an existing Certificate Revocation List"));
45
46	4611e283	Steve Beaver	if (isset($_REQUEST['id']) && ctype_alnum($_REQUEST['id'])) {
47			$id = $_REQUEST['id'];
48	56b1ed39	Phil Davis	}
49	81bfb231	jim-p
50	c6c398c6	jim-p	init_config_arr(array('ca'));
51			$a_ca = &$config['ca'];
52	81bfb231	jim-p
53	c6c398c6	jim-p	init_config_arr(array('cert'));
54			$a_cert = &$config['cert'];
55	81bfb231	jim-p
56	c6c398c6	jim-p	init_config_arr(array('crl'));
57			$a_crl = &$config['crl'];
58	81bfb231	jim-p
59	f0b38e39	jim-p	/* Clean up blank entries missing a reference ID */
60	56b1ed39	Phil Davis	foreach ($a_crl as $cid => $acrl) {
61			if (!isset($acrl['refid'])) {
62	c1f95f5c	jim-p	unset ($a_crl[$cid]);
63	56b1ed39	Phil Davis	}
64			}
65	c1f95f5c	jim-p
66	4611e283	Steve Beaver	$act = $_REQUEST['act'];
67	d565c182	Steve Beaver
68	a6487fc8	jim-p	$cacert_list = array();
69	81bfb231	jim-p
70	56b1ed39	Phil Davis	if (!empty($id)) {
71	c1f95f5c	jim-p	$thiscrl =& lookup_crl($id);
72	56b1ed39	Phil Davis	}
73	81bfb231	jim-p
74	7e83055a	jim-p	/* Actions other than 'new' require a CRL to act upon.
75			* 'del' action must be submitted via POST. */
76			if ((!empty($act) &&
77			($act != 'new') &&
78			!$thiscrl) \|\|
79			(($act == 'del') && empty($_POST))) {
80			pfSenseHeader("system_camanager.php");
81	c1f95f5c	jim-p	$act="";
82			$savemsg = gettext("Invalid CRL reference.");
83	61d1ca3e	Phil Davis	$class = "danger";
84	3a9f3078	Stephen Beaver	}
85	c1f95f5c	jim-p
86	7e83055a	jim-p	switch ($act) {
87			case 'del':
88			$name = htmlspecialchars($thiscrl['descr']);
89			if (crl_in_use($id)) {
90			$savemsg = sprintf(gettext("Certificate Revocation List %s is in use and cannot be deleted."), $name);
91			$class = "danger";
92			} else {
93			foreach ($a_crl as $cid => $acrl) {
94			if ($acrl['refid'] == $thiscrl['refid']) {
95			unset($a_crl[$cid]);
96			}
97	56b1ed39	Phil Davis	}
98	7e83055a	jim-p	write_config("Deleted CRL {$name}.");
99			$savemsg = sprintf(gettext("Certificate Revocation List %s successfully deleted."), $name);
100			$class = "success";
101	56b1ed39	Phil Davis	}
102	7e83055a	jim-p	break;
103			case 'new':
104			$pconfig['method'] = $_REQUEST['method'];
105			$pconfig['caref'] = $_REQUEST['caref'];
106			$pconfig['lifetime'] = $default_lifetime;
107			$pconfig['serial'] = "0";
108			$crlca =& lookup_ca($pconfig['caref']);
109			if (!$crlca) {
110			$input_errors[] = gettext('Invalid CA');
111			unset($act);
112	63fb68d7	jim-p	}
113	7e83055a	jim-p	break;
114			case 'addcert':
115			unset($input_errors);
116			$pconfig = $_REQUEST;
117	d588bb5c	jim-p
118			/* input validation */
119			$reqdfields = explode(" ", "descr id");
120			$reqdfieldsn = array(
121			gettext("Descriptive name"),
122			gettext("CRL ID"));
123
124			do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors);
125
126			if (preg_match("/[\?\>\<\&\/\\\"\']/", $pconfig['descr'])) {
127			array_push($input_errors, "The field 'Descriptive Name' contains invalid characters.");
128			}
129			if ($pconfig['lifetime'] > $max_lifetime) {
130			$input_errors[] = gettext("Lifetime is longer than the maximum allowed value. Use a shorter lifetime.");
131			}
132			if ((strlen($pconfig['serial']) > 0) && !cert_validate_serial($pconfig['serial'])) {
133			$input_errors[] = gettext("Please enter a valid integer serial number.");
134			}
135
136	7e83055a	jim-p	$revoke_list = array();
137	d588bb5c	jim-p	if (!$pconfig['crlref']) {
138	7e83055a	jim-p	pfSenseHeader("system_crlmanager.php");
139			exit;
140			}
141			$crl =& lookup_crl($pconfig['crlref']);
142	d588bb5c	jim-p
143	7e83055a	jim-p	if (!is_array($pconfig['certref'])) {
144			$pconfig['certref'] = array();
145			}
146			if (!is_crl_internal($crl)) {
147			$input_errors[] = gettext("Cannot revoke certificates for an imported/external CRL.");
148			}
149	47799389	Viktor G	if (!empty($pconfig['revokeserial'])) {
150			foreach (explode(' ', $pconfig['revokeserial']) as $serial) {
151			$vserial = cert_validate_serial($serial, true, true);
152			if ($vserial != null) {
153			$revoke_list[] = $vserial;
154			} else {
155			$input_errors[] = gettext("Invalid serial in list (Must be ASN.1 integer compatible decimal or hex string).");
156			}
157	7e83055a	jim-p	}
158			}
159	d588bb5c	jim-p	if (empty($pconfig['save']) && empty($pconfig['certref']) && empty($revoke_list)) {
160	8471df75	Viktor G	$input_errors[] = gettext("Select one or more certificates or enter a serial number to revoke.");
161			}
162			foreach ($pconfig['certref'] as $rcert) {
163			$cert = lookup_cert($rcert);
164			if ($crl['caref'] == $cert['caref']) {
165			$revoke_list[] = $cert;
166			} else {
167			$input_errors[] = gettext("CA mismatch between the Certificate and CRL. Unable to Revoke.");
168			}
169			}
170	d588bb5c	jim-p
171	7e83055a	jim-p	if (!$input_errors) {
172	d588bb5c	jim-p	$crl['descr'] = $pconfig['descr'];
173			$crl['lifetime'] = $pconfig['lifetime'];
174			$crl['serial'] = $pconfig['serial'];
175			if (!empty($revoke_list)) {
176			$savemsg = "Revoked certificate(s) in CRL {$crl['descr']}.";
177			$reason = (empty($pconfig['crlreason'])) ? 0 : $pconfig['crlreason'];
178			foreach ($revoke_list as $cert) {
179			cert_revoke($cert, $crl, $reason);
180			}
181			// refresh IPsec and OpenVPN CRLs
182			openvpn_refresh_crls();
183			ipsec_configure();
184			} else {
185			$savemsg = "Saved CRL {$crl['descr']}.";
186	7e83055a	jim-p	}
187	d588bb5c	jim-p	write_config($savemsg);
188	7e83055a	jim-p	pfSenseHeader("system_crlmanager.php");
189			exit;
190	63fb68d7	jim-p	} else {
191	7e83055a	jim-p	$act = 'edit';
192	63fb68d7	jim-p	}
193	7e83055a	jim-p	break;
194			case 'delcert':
195			if (!is_array($thiscrl['cert'])) {
196			pfSenseHeader("system_crlmanager.php");
197			exit;
198	63fb68d7	jim-p	}
199	7e83055a	jim-p	$found = false;
200			foreach ($thiscrl['cert'] as $acert) {
201			if ($acert['refid'] == $_REQUEST['certref']) {
202			$found = true;
203			$thiscert = $acert;
204			}
205	c1f95f5c	jim-p	}
206	7e83055a	jim-p	if (!$found) {
207			pfSenseHeader("system_crlmanager.php");
208			exit;
209			}
210			$certname = htmlspecialchars($thiscert['descr']);
211			$crlname = htmlspecialchars($thiscrl['descr']);
212			if (cert_unrevoke($thiscert, $thiscrl)) {
213			$savemsg = sprintf(gettext('Deleted Certificate %1$s from CRL %2$s.'), $certname, $crlname);
214			$class = "success";
215			// refresh IPsec and OpenVPN CRLs
216			openvpn_refresh_crls();
217	c6220dcf	jim-p	ipsec_configure();
218	7e83055a	jim-p	write_config($savemsg);
219			} else {
220			$savemsg = sprintf(gettext('Failed to delete Certificate %1$s from CRL %2$s.'), $certname, $crlname);
221			$class = "danger";
222			}
223			$act="edit";
224			break;
225			case 'exp':
226			/* Exporting the CRL contents*/
227			crl_update($thiscrl);
228			send_user_download('data', base64_decode($thiscrl['text']), "{$thiscrl['descr']}.crl");
229			break;
230			default:
231			break;
232	28ff7ace	jim-p	}
233
234	d588bb5c	jim-p	if ($_POST['save'] && empty($input_errors)) {
235	234cde4b	jim-p	$input_errors = array();
236	81bfb231	jim-p	$pconfig = $_POST;
237
238			/* input validation */
239	6f3d3a07	jim-p	if (($pconfig['method'] == "existing") \|\| ($act == "editimported")) {
240	5293bfec	jim-p	$reqdfields = explode(" ", "descr crltext");
241	81bfb231	jim-p	$reqdfieldsn = array(
242	6c07db48	Phil Davis	gettext("Descriptive name"),
243			gettext("Certificate Revocation List data"));
244	81bfb231	jim-p	}
245	d588bb5c	jim-p	if (($pconfig['method'] == "internal") \|\|
246			($act == "addcert")) {
247	6c07db48	Phil Davis	$reqdfields = explode(" ", "descr caref");
248	81bfb231	jim-p	$reqdfieldsn = array(
249	6c07db48	Phil Davis	gettext("Descriptive name"),
250			gettext("Certificate Authority"));
251	81bfb231	jim-p	}
252
253	1e9b4611	Renato Botelho	do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors);
254	81bfb231	jim-p
255	234cde4b	jim-p	if (preg_match("/[\?\>\<\&\/\\\"\']/", $pconfig['descr'])) {
256			array_push($input_errors, "The field 'Descriptive Name' contains invalid characters.");
257			}
258	9aa8f6a8	jim-p	if ($pconfig['lifetime'] > $max_lifetime) {
259			$input_errors[] = gettext("Lifetime is longer than the maximum allowed value. Use a shorter lifetime.");
260			}
261	234cde4b	jim-p
262	5b535261	jim-p	if ((strlen($pconfig['serial']) > 0) && !cert_validate_serial($pconfig['serial'])) {
263	a6bd9e78	jim-p	$input_errors[] = gettext("Please enter a valid integer serial number.");
264			}
265
266	81bfb231	jim-p	/* save modifications */
267			if (!$input_errors) {
268			$result = false;
269
270	304af9d8	jim-p	if ($thiscrl) {
271	c1f95f5c	jim-p	$crl =& $thiscrl;
272	304af9d8	jim-p	} else {
273			$crl = array();
274			$crl['refid'] = uniqid();
275			}
276	81bfb231	jim-p
277	f2a86ca9	jim-p	$crl['descr'] = $pconfig['descr'];
278	6f3d3a07	jim-p	if ($act != "editimported") {
279			$crl['caref'] = $pconfig['caref'];
280			$crl['method'] = $pconfig['method'];
281			}
282	81bfb231	jim-p
283	6f3d3a07	jim-p	if (($pconfig['method'] == "existing") \|\| ($act == "editimported")) {
284	304af9d8	jim-p	$crl['text'] = base64_encode($pconfig['crltext']);
285	81bfb231	jim-p	}
286
287			if ($pconfig['method'] == "internal") {
288	a3c15890	jim-p	$crl['serial'] = empty($pconfig['serial']) ? '0' : $pconfig['serial'];
289	9aa8f6a8	jim-p	$crl['lifetime'] = empty($pconfig['lifetime']) ? $default_lifetime : $pconfig['lifetime'];
290	81bfb231	jim-p	$crl['cert'] = array();
291			}
292
293	56b1ed39	Phil Davis	if (!$thiscrl) {
294	81bfb231	jim-p	$a_crl[] = $crl;
295	56b1ed39	Phil Davis	}
296	81bfb231	jim-p
297	304af9d8	jim-p	write_config("Saved CRL {$crl['descr']}");
298	3a9f3078	Stephen Beaver	// refresh IPsec and OpenVPN CRLs
299	6f3d3a07	jim-p	openvpn_refresh_crls();
300	c6220dcf	jim-p	ipsec_configure();
301	81bfb231	jim-p	pfSenseHeader("system_crlmanager.php");
302			}
303			}
304
305	c8014348	Christian McDonald	$pgtitle = array(gettext('System'), gettext('Certificates'), gettext('Revocation'));
306	edcd7535	Phil Davis	$pglinks = array("", "system_camanager.php", "system_crlmanager.php");
307	56c6b1cb	k-paulius
308			if ($act == "new" \|\| $act == gettext("Save") \|\| $input_errors \|\| $act == "edit") {
309			$pgtitle[] = gettext('Edit');
310	edcd7535	Phil Davis	$pglinks[] = "@self";
311	56c6b1cb	k-paulius	}
312	81bfb231	jim-p	include("head.inc");
313			?>
314
315			<script type="text/javascript">
316	0d15afff	Colin Fleming	//<![CDATA[
317	81bfb231	jim-p
318			function method_change() {
319
320	44bcc1be	jim-p	method = document.iform.method.value;
321	81bfb231	jim-p
322			switch (method) {
323	44bcc1be	jim-p	case "internal":
324	81bfb231	jim-p	document.getElementById("existing").style.display="none";
325			document.getElementById("internal").style.display="";
326			break;
327	44bcc1be	jim-p	case "existing":
328	81bfb231	jim-p	document.getElementById("existing").style.display="";
329			document.getElementById("internal").style.display="none";
330			break;
331			}
332			}
333
334	0d15afff	Colin Fleming	//]]>
335	81bfb231	jim-p	</script>
336	f9ee8994	Stephen Beaver
337	81bfb231	jim-p	<?php
338	f9ee8994	Stephen Beaver
339	63fb68d7	jim-p	function build_method_list($importonly = false) {
340	bda120a4	Steve Beaver	global $_POST, $crl_methods;
341	3a9f3078	Stephen Beaver
342	f9ee8994	Stephen Beaver	$list = array();
343	3a9f3078	Stephen Beaver
344	78863416	Phil Davis	foreach ($crl_methods as $method => $desc) {
345	63fb68d7	jim-p	if ($importonly && ($method != "existing")) {
346	f9ee8994	Stephen Beaver	continue;
347	78863416	Phil Davis	}
348	3a9f3078	Stephen Beaver
349	f9ee8994	Stephen Beaver	$list[$method] = $desc;
350	3a9f3078	Stephen Beaver	}
351
352			return($list);
353	f9ee8994	Stephen Beaver	}
354
355			function build_ca_list() {
356			global $a_ca;
357	3a9f3078	Stephen Beaver
358	f9ee8994	Stephen Beaver	$list = array();
359	3a9f3078	Stephen Beaver
360	78863416	Phil Davis	foreach ($a_ca as $ca) {
361	f9ee8994	Stephen Beaver	$list[$ca['refid']] = $ca['descr'];
362	78863416	Phil Davis	}
363	f9ee8994	Stephen Beaver
364			return($list);
365			}
366
367			function build_cacert_list() {
368	a6487fc8	jim-p	global $a_cert, $crl, $id;
369	3a9f3078	Stephen Beaver
370	f9ee8994	Stephen Beaver	$list = array();
371	a6487fc8	jim-p	foreach ($a_cert as $cert) {
372			if ((isset($cert['caref']) && !empty($cert['caref'])) &&
373			($cert['caref'] == $crl['caref']) &&
374			!is_cert_revoked($cert, $id)) {
375			$list[$cert['refid']] = $cert['descr'];
376			}
377	78863416	Phil Davis	}
378	f9ee8994	Stephen Beaver
379			return($list);
380	3a9f3078	Stephen Beaver	}
381	f9ee8994	Stephen Beaver
382	78863416	Phil Davis	if ($input_errors) {
383	f9ee8994	Stephen Beaver	print_input_errors($input_errors);
384	78863416	Phil Davis	}
385	3a9f3078	Stephen Beaver
386	78863416	Phil Davis	if ($savemsg) {
387	61d1ca3e	Phil Davis	print_info_box($savemsg, $class);
388	78863416	Phil Davis	}
389	3a9f3078	Stephen Beaver
390	f9ee8994	Stephen Beaver	$tab_array = array();
391	c8014348	Christian McDonald	$tab_array[] = array(gettext('Authorities'), false, 'system_camanager.php');
392			$tab_array[] = array(gettext('Certificates'), false, 'system_certmanager.php');
393			$tab_array[] = array(gettext('Revocation'), true, 'system_crlmanager.php');
394	f9ee8994	Stephen Beaver	display_top_tabs($tab_array);
395
396	63fb68d7	jim-p	if ($act == "new" \|\| $act == gettext("Save")) {
397	6216cd4f	Peter Feichtinger	$form = new Form();
398	3a9f3078	Stephen Beaver
399	6216cd4f	Peter Feichtinger	$section = new Form_Section('Create new Revocation List');
400	3a9f3078	Stephen Beaver
401	63fb68d7	jim-p	$section->addInput(new Form_StaticText(
402			'Certificate Authority',
403	4bdbb898	jim-p	$crlca['descr']
404	63fb68d7	jim-p	));
405
406	6216cd4f	Peter Feichtinger	if (!isset($id)) {
407	f9ee8994	Stephen Beaver	$section->addInput(new Form_Select(
408			'method',
409	153c3aa6	Phil Davis	'*Method',
410	f9ee8994	Stephen Beaver	$pconfig['method'],
411	63fb68d7	jim-p	build_method_list((!isset($crlca['prv']) \|\| empty($crlca['prv'])))
412	f9ee8994	Stephen Beaver	));
413			}
414	3a9f3078	Stephen Beaver
415	f9ee8994	Stephen Beaver	$section->addInput(new Form_Input(
416			'descr',
417	153c3aa6	Phil Davis	'*Descriptive name',
418	f9ee8994	Stephen Beaver	'text',
419			$pconfig['descr']
420			));
421
422	63fb68d7	jim-p	$form->addGlobal(new Form_Input(
423	f9ee8994	Stephen Beaver	'caref',
424	63fb68d7	jim-p	null,
425			'hidden',
426			$pconfig['caref']
427	f9ee8994	Stephen Beaver	));
428	3a9f3078	Stephen Beaver
429	f9ee8994	Stephen Beaver	$form->add($section);
430	3a9f3078	Stephen Beaver
431	f9ee8994	Stephen Beaver	$section = new Form_Section('Existing Certificate Revocation List');
432			$section->addClass('existing');
433	3a9f3078	Stephen Beaver
434	f9ee8994	Stephen Beaver	$section->addInput(new Form_Textarea(
435			'crltext',
436	153c3aa6	Phil Davis	'*CRL data',
437	f9ee8994	Stephen Beaver	$pconfig['crltext']
438			))->setHelp('Paste a Certificate Revocation List in X.509 CRL format here.');
439	3a9f3078	Stephen Beaver
440	f9ee8994	Stephen Beaver	$form->add($section);
441	3a9f3078	Stephen Beaver
442	f9ee8994	Stephen Beaver	$section = new Form_Section('Internal Certificate Revocation List');
443			$section->addClass('internal');
444	3a9f3078	Stephen Beaver
445	f9ee8994	Stephen Beaver	$section->addInput(new Form_Input(
446			'lifetime',
447			'Lifetime (Days)',
448			'number',
449			$pconfig['lifetime'],
450	9aa8f6a8	jim-p	['max' => $max_lifetime]
451	f9ee8994	Stephen Beaver	));
452	3a9f3078	Stephen Beaver
453	f9ee8994	Stephen Beaver	$section->addInput(new Form_Input(
454			'serial',
455			'Serial',
456			'number',
457			$pconfig['serial'],
458	3a877e4a	jim-p	['min' => '0']
459	f9ee8994	Stephen Beaver	));
460	3a9f3078	Stephen Beaver
461			$form->add($section);
462
463	f9ee8994	Stephen Beaver	if (isset($id) && $thiscrl) {
464	ee12dd78	Peter Feichtinger	$form->addGlobal(new Form_Input(
465	f9ee8994	Stephen Beaver	'id',
466			null,
467			'hidden',
468			$id
469	3a9f3078	Stephen Beaver	));
470	f9ee8994	Stephen Beaver	}
471	3a9f3078	Stephen Beaver
472	f9ee8994	Stephen Beaver	print($form);
473
474			} elseif ($act == "editimported") {
475	3a9f3078	Stephen Beaver
476	f9ee8994	Stephen Beaver	$form = new Form();
477	3a9f3078	Stephen Beaver
478			$section = new Form_Section('Edit Imported Certificate Revocation List');
479
480	f9ee8994	Stephen Beaver	$section->addInput(new Form_Input(
481			'descr',
482	153c3aa6	Phil Davis	'*Descriptive name',
483	f9ee8994	Stephen Beaver	'text',
484	d588bb5c	jim-p	$thiscrl['descr']
485	f9ee8994	Stephen Beaver	));
486	3a9f3078	Stephen Beaver
487	f9ee8994	Stephen Beaver	$section->addInput(new Form_Textarea(
488			'crltext',
489	153c3aa6	Phil Davis	'*CRL data',
490	d588bb5c	jim-p	!empty($thiscrl['text']) ? base64_decode($thiscrl['text']) : ''
491	f9ee8994	Stephen Beaver	))->setHelp('Paste a Certificate Revocation List in X.509 CRL format here.');
492	3a9f3078	Stephen Beaver
493	ee12dd78	Peter Feichtinger	$form->addGlobal(new Form_Input(
494	f9ee8994	Stephen Beaver	'id',
495			null,
496			'hidden',
497			$id
498			));
499	3a9f3078	Stephen Beaver
500	ee12dd78	Peter Feichtinger	$form->addGlobal(new Form_Input(
501	f9ee8994	Stephen Beaver	'act',
502			null,
503			'hidden',
504			'editimported'
505			));
506	3a9f3078	Stephen Beaver
507	f9ee8994	Stephen Beaver	$form->add($section);
508	3a9f3078	Stephen Beaver
509	f9ee8994	Stephen Beaver	print($form);
510	3a9f3078	Stephen Beaver
511	f9ee8994	Stephen Beaver	} elseif ($act == "edit") {
512			$crl = $thiscrl;
513	3a9f3078	Stephen Beaver
514	d588bb5c	jim-p	$form = new Form();
515
516			$section = new Form_Section('Edit Internal Certificate Revocation List');
517
518			$section->addInput(new Form_Input(
519			'descr',
520			'*Descriptive name',
521			'text',
522			$crl['descr']
523			));
524
525			$section->addInput(new Form_Input(
526			'lifetime',
527			'CRL Lifetime (Days)',
528			'number',
529			$crl['lifetime'],
530			['max' => $max_lifetime]
531			));
532
533			$section->addInput(new Form_Input(
534			'serial',
535			'CRL Serial',
536			'number',
537			$crl['serial'],
538			['min' => '0']
539			));
540
541			$form->add($section);
542	81bfb231	jim-p	?>
543	3a9f3078	Stephen Beaver
544	f9ee8994	Stephen Beaver	<div class="panel panel-default">
545	a6487fc8	jim-p	<div class="panel-heading"><h2 class="panel-title"><?=gettext("Revoked Certificates in CRL") . ': ' . $crl['descr']?></h2></div>
546	f9ee8994	Stephen Beaver	<div class="panel-body table-responsive">
547	3a9f3078	Stephen Beaver	<?php
548	78863416	Phil Davis	if (!is_array($crl['cert']) \|\| (count($crl['cert']) == 0)) {
549	8545adde	k-paulius	print_info_box(gettext("No certificates found for this CRL."), 'danger');
550	78863416	Phil Davis	} else {
551	3a9f3078	Stephen Beaver	?>
552	63fb68d7	jim-p	<table class="table table-striped table-hover table-condensed sortable-theme-bootstrap" data-sortable>
553	f9ee8994	Stephen Beaver	<thead>
554	fc54f29b	jim-p	<tr>
555	63fb68d7	jim-p	<th><?=gettext("Serial")?></th>
556	f9ee8994	Stephen Beaver	<th><?=gettext("Certificate Name")?></th>
557			<th><?=gettext("Revocation Reason")?></th>
558			<th><?=gettext("Revoked At")?></th>
559			<th></th>
560	28ff7ace	jim-p	</tr>
561	f9ee8994	Stephen Beaver	</thead>
562			<tbody>
563	3a9f3078	Stephen Beaver	<?php
564	d35a18fc	Christian McDonald	foreach ($crl['cert'] as $cert):
565	63fb68d7	jim-p	$name = empty($cert['descr']) ? gettext('Revoked by Serial') : htmlspecialchars($cert['descr']);
566			$serial = crl_get_entry_serial($cert);
567	5b535261	jim-p	if (strlen($serial) == 0) {
568	63fb68d7	jim-p	$serial = gettext("Invalid");
569			} ?>
570	28ff7ace	jim-p	<tr>
571	63fb68d7	jim-p	<td><?=htmlspecialchars($serial);?></td>
572			<td><?=$name; ?></td>
573			<td><?=$openssl_crl_status[$cert['reason']]; ?></td>
574			<td><?=date("D M j G:i:s T Y", $cert['revoke_time']); ?></td>
575	28ff7ace	jim-p	<td class="list">
576	d565c182	Steve Beaver	<a href="system_crlmanager.php?act=delcert&id=<?=$crl['refid']; ?>&certref=<?=$cert['refid']; ?>" usepost>
577	32be4696	Marcos Mendoza	<i class="fa-solid fa-trash-can" title="<?=gettext("Delete this certificate from the CRL")?>" alt="<?=gettext("Delete this certificate from the CRL")?>"></i>
578	28ff7ace	jim-p	</a>
579			</td>
580			</tr>
581	f9ee8994	Stephen Beaver	<?php
582			endforeach;
583			?>
584			</tbody>
585			</table>
586	f6fac5ac	Phil Davis	<?php
587			}
588			?>
589	f9ee8994	Stephen Beaver	</div>
590			</div>
591			<?php
592
593	a6487fc8	jim-p	$section = new Form_Section('Revoke Certificates');
594	3a9f3078	Stephen Beaver
595	a6487fc8	jim-p	$section->addInput(new Form_Select(
596			'crlreason',
597			'Reason',
598			-1,
599			$openssl_crl_status
600			))->setHelp('Select the reason for which the certificates are being revoked.');
601
602			$cacert_list = build_cacert_list();
603			if (count($cacert_list) == 0) {
604	8545adde	k-paulius	print_info_box(gettext("No certificates found for this CA."), 'danger');
605	f6fac5ac	Phil Davis	} else {
606	63fb68d7	jim-p	$section->addInput(new Form_Select(
607			'certref',
608			'Revoke Certificates',
609			$pconfig['certref'],
610			$cacert_list,
611			true
612			))->addClass('multiselect')
613			->setHelp('Hold down CTRL (PC)/COMMAND (Mac) key to select multiple items.');
614	a6487fc8	jim-p	}
615	63fb68d7	jim-p
616	a6487fc8	jim-p	$section->addInput(new Form_Input(
617			'revokeserial',
618			'Revoke by Serial',
619			'text',
620			$pconfig['revokeserial']
621			))->setHelp('List of certificate serial numbers to revoke (separated by spaces)');
622	63fb68d7	jim-p
623	a6487fc8	jim-p	$form->addGlobal(new Form_Button(
624			'submit',
625			'Add',
626			null,
627			'fa-plus'
628			))->addClass('btn-success btn-sm');
629	3a9f3078	Stephen Beaver
630	a6487fc8	jim-p	$form->addGlobal(new Form_Input(
631			'id',
632			null,
633			'hidden',
634			$crl['refid']
635			));
636	3a9f3078	Stephen Beaver
637	a6487fc8	jim-p	$form->addGlobal(new Form_Input(
638			'act',
639			null,
640			'hidden',
641			'addcert'
642			));
643	3a9f3078	Stephen Beaver
644	a6487fc8	jim-p	$form->addGlobal(new Form_Input(
645			'crlref',
646			null,
647			'hidden',
648			$crl['refid']
649			));
650	3a9f3078	Stephen Beaver
651	a6487fc8	jim-p	$form->add($section);
652	3a9f3078	Stephen Beaver
653	f9ee8994	Stephen Beaver	print($form);
654			} else {
655			?>
656
657			<div class="panel panel-default">
658	63fb68d7	jim-p	<div class="panel-heading"><h2 class="panel-title"><?=gettext("Certificate Revocation Lists")?></h2></div>
659	f9ee8994	Stephen Beaver	<div class="panel-body table-responsive">
660	1c10ce97	PiBa-NL	<table class="table table-striped table-hover table-condensed table-rowdblclickedit">
661	f9ee8994	Stephen Beaver	<thead>
662	0d15afff	Colin Fleming	<tr>
663	63fb68d7	jim-p	<th><?=gettext("CA")?></th>
664	f9ee8994	Stephen Beaver	<th><?=gettext("Name")?></th>
665			<th><?=gettext("Internal")?></th>
666			<th><?=gettext("Certificates")?></th>
667			<th><?=gettext("In Use")?></th>
668	b1466a09	Phil Davis	<th><?=gettext("Actions")?></th>
669	0d15afff	Colin Fleming	</tr>
670	f9ee8994	Stephen Beaver	</thead>
671			<tbody>
672			<?php
673	3bde5cdd	PiBa-NL	$pluginparams = array();
674			$pluginparams['type'] = 'certificates';
675			$pluginparams['event'] = 'used_crl';
676			$certificates_used_by_packages = pkg_call_plugins('plugin_certificates', $pluginparams);
677	f9ee8994	Stephen Beaver	// Map CRLs to CAs in one pass
678			$ca_crl_map = array();
679	78863416	Phil Davis	foreach ($a_crl as $crl) {
680	f9ee8994	Stephen Beaver	$ca_crl_map[$crl['caref']][] = $crl['refid'];
681	78863416	Phil Davis	}
682	f9ee8994	Stephen Beaver
683			$i = 0;
684	78863416	Phil Davis	foreach ($a_ca as $ca):
685	63fb68d7	jim-p	$caname = htmlspecialchars($ca['descr']);
686	f9ee8994	Stephen Beaver	if (is_array($ca_crl_map[$ca['refid']])):
687	78863416	Phil Davis	foreach ($ca_crl_map[$ca['refid']] as $crl):
688	f9ee8994	Stephen Beaver	$tmpcrl = lookup_crl($crl);
689			$internal = is_crl_internal($tmpcrl);
690	d9064f0b	jim-p	if ($internal && (!isset($tmpcrl['cert']) \|\| empty($tmpcrl['cert'])) ) {
691			$tmpcrl['cert'] = array();
692			}
693	f9ee8994	Stephen Beaver	$inuse = crl_in_use($tmpcrl['refid']);
694			?>
695	81bfb231	jim-p	<tr>
696	63fb68d7	jim-p	<td><?=$caname?></td>
697	f9ee8994	Stephen Beaver	<td><?=$tmpcrl['descr']; ?></td>
698	e0cb987c	Marcos Mendoza	<td><i class="fa-solid fa-<?=($internal) ? "check" : "times"; ?>"></i></td>
699	f9ee8994	Stephen Beaver	<td><?=($internal) ? count($tmpcrl['cert']) : "Unknown (imported)"; ?></td>
700	1b1723da	Mark Silinio	<td>
701			<?php if (is_openvpn_server_crl($tmpcrl['refid'])): ?>
702			<?=gettext("OpenVPN Server")?>
703			<?php endif?>
704	3bde5cdd	PiBa-NL	<?php echo cert_usedby_description($tmpcrl['refid'], $certificates_used_by_packages); ?>
705			</td>
706	f9ee8994	Stephen Beaver	<td>
707	e0cb987c	Marcos Mendoza	<a href="system_crlmanager.php?act=exp&id=<?=$tmpcrl['refid']?>" class="fa-solid fa-download" title="<?=gettext("Export CRL")?>" ></a>
708	3a9f3078	Stephen Beaver	<?php
709	f9ee8994	Stephen Beaver	if ($internal): ?>
710	e0cb987c	Marcos Mendoza	<a href="system_crlmanager.php?act=edit&id=<?=$tmpcrl['refid']?>" class="fa-solid fa-pencil" title="<?=gettext("Edit CRL")?>"></a>
711	3a9f3078	Stephen Beaver	<?php
712	78863416	Phil Davis	else:
713			?>
714	e0cb987c	Marcos Mendoza	<a href="system_crlmanager.php?act=editimported&id=<?=$tmpcrl['refid']?>" class="fa-solid fa-pencil" title="<?=gettext("Edit CRL")?>"></a>
715	3a9f3078	Stephen Beaver	<?php endif;
716	78863416	Phil Davis	if (!$inuse):
717			?>
718	32be4696	Marcos Mendoza	<a href="system_crlmanager.php?act=del&id=<?=$tmpcrl['refid']?>" class="fa-solid fa-trash-can" title="<?=gettext("Delete CRL")?>" usepost></a>
719	3a9f3078	Stephen Beaver	<?php
720	78863416	Phil Davis	endif;
721			?>
722	81bfb231	jim-p	</td>
723			</tr>
724	f9ee8994	Stephen Beaver	<?php
725			$i++;
726			endforeach;
727			endif;
728			$i++;
729			endforeach;
730	3a9f3078	Stephen Beaver	?>
731	f9ee8994	Stephen Beaver	</tbody>
732			</table>
733			</div>
734			</div>
735	3a9f3078	Stephen Beaver
736			<?php
737	63fb68d7	jim-p	$form = new Form(false);
738			$section = new Form_Section('Create or Import a New Certificate Revocation List');
739			$group = new Form_Group(null);
740			$group->add(new Form_Select(
741			'caref',
742			'Certificate Authority',
743			null,
744			build_ca_list()
745			))->setHelp('Select a Certificate Authority for the new CRL');
746			$group->add(new Form_Button(
747			'submit',
748			'Add',
749			null,
750			'fa-plus'
751			))->addClass('btn-success btn-sm');
752			$section->add($group);
753			$form->addGlobal(new Form_Input(
754			'act',
755			null,
756			'hidden',
757			'new'
758			));
759			$form->add($section);
760			print($form);
761	f9ee8994	Stephen Beaver	}
762	63fb68d7	jim-p
763	f9ee8994	Stephen Beaver	?>
764	81bfb231	jim-p
765	46345696	Colin Fleming	<script type="text/javascript">
766	3a9f3078	Stephen Beaver	//<![CDATA[
767	78863416	Phil Davis	events.push(function() {
768	3a9f3078	Stephen Beaver
769			// Hides all elements of the specified class. This will usually be a section or group
770			function hideClass(s_class, hide) {
771	78863416	Phil Davis	if (hide) {
772	3a9f3078	Stephen Beaver	$('.' + s_class).hide();
773	78863416	Phil Davis	} else {
774	3a9f3078	Stephen Beaver	$('.' + s_class).show();
775	78863416	Phil Davis	}
776	3a9f3078	Stephen Beaver	}
777
778			// When the 'method" selector is changed, we show/hide certain sections
779			$('#method').on('change', function() {
780			hideClass('internal', ($('#method').val() == 'existing'));
781			hideClass('existing', ($('#method').val() == 'internal'));
782			});
783
784	f9ee8994	Stephen Beaver	hideClass('internal', ($('#method').val() == 'existing'));
785			hideClass('existing', ($('#method').val() == 'internal'));
786	63fb68d7	jim-p	$('.multiselect').attr("size","<?= max(3, min(15, count($cacert_list))) ?>");
787	f9ee8994	Stephen Beaver	});
788	3a9f3078	Stephen Beaver	//]]>
789	81bfb231	jim-p	</script>
790
791	f9ee8994	Stephen Beaver	<?php include("foot.inc");

Project

General

Profile

pfSense