/src/usr/local/www/system_crlmanager.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/src/usr/local/www/system_crlmanager.php @ 3314e626

1	81bfb231	jim-p	<?php
2			/*
3			system_crlmanager.php
4			*/
5	3a9f3078	Stephen Beaver	/* ====================================================================
6			* Copyright (c) 2004-2015 Electric Sheep Fencing, LLC. All rights reserved.
7			*
8			* Redistribution and use in source and binary forms, with or without modification,
9			* are permitted provided that the following conditions are met:
10			*
11			* 1. Redistributions of source code must retain the above copyright notice,
12			* this list of conditions and the following disclaimer.
13			*
14			* 2. Redistributions in binary form must reproduce the above copyright
15			* notice, this list of conditions and the following disclaimer in
16			* the documentation and/or other materials provided with the
17			* distribution.
18			*
19			* 3. All advertising materials mentioning features or use of this software
20			* must display the following acknowledgment:
21			* "This product includes software developed by the pfSense Project
22			* for use in the pfSense software distribution. (http://www.pfsense.org/).
23			*
24			* 4. The names "pfSense" and "pfSense Project" must not be used to
25			* endorse or promote products derived from this software without
26			* prior written permission. For written permission, please contact
27			* coreteam@pfsense.org.
28			*
29			* 5. Products derived from this software may not be called "pfSense"
30			* nor may "pfSense" appear in their names without prior written
31			* permission of the Electric Sheep Fencing, LLC.
32			*
33			* 6. Redistributions of any form whatsoever must retain the following
34			* acknowledgment:
35			*
36			* "This product includes software developed by the pfSense Project
37			* for use in the pfSense software distribution (http://www.pfsense.org/).
38			*
39			* THIS SOFTWARE IS PROVIDED BY THE pfSense PROJECT ``AS IS'' AND ANY
40			* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41			* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42			* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE pfSense PROJECT OR
43			* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44			* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45			* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46			* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47			* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48			* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49			* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50			* OF THE POSSIBILITY OF SUCH DAMAGE.
51			*
52			* ====================================================================
53			*
54			*/
55	81bfb231	jim-p
56			##\|+PRIV
57			##\|*IDENT=page-system-crlmanager
58			##\|*NAME=System: CRL Manager
59			##\|*DESCR=Allow access to the 'System: CRL Manager' page.
60			##\|MATCH=system_crlmanager.php
61			##\|-PRIV
62
63			require("guiconfig.inc");
64			require_once("certs.inc");
65	0dea741f	Chris Buechler	require_once("openvpn.inc");
66			require_once("vpn.inc");
67	81bfb231	jim-p
68	fc54f29b	jim-p	global $openssl_crl_status;
69
70	81bfb231	jim-p	$crl_methods = array(
71			"internal" => gettext("Create an internal Certificate Revocation List"),
72			"existing" => gettext("Import an existing Certificate Revocation List"));
73
74	56b1ed39	Phil Davis	if (ctype_alnum($_GET['id'])) {
75	e41ec584	Renato Botelho	$id = $_GET['id'];
76	56b1ed39	Phil Davis	}
77			if (isset($_POST['id']) && ctype_alnum($_POST['id'])) {
78	81bfb231	jim-p	$id = $_POST['id'];
79	56b1ed39	Phil Davis	}
80	81bfb231	jim-p
81	56b1ed39	Phil Davis	if (!is_array($config['ca'])) {
82	81bfb231	jim-p	$config['ca'] = array();
83	56b1ed39	Phil Davis	}
84	81bfb231	jim-p
85			$a_ca =& $config['ca'];
86
87	56b1ed39	Phil Davis	if (!is_array($config['cert'])) {
88	81bfb231	jim-p	$config['cert'] = array();
89	56b1ed39	Phil Davis	}
90	81bfb231	jim-p
91			$a_cert =& $config['cert'];
92
93	56b1ed39	Phil Davis	if (!is_array($config['crl'])) {
94	81bfb231	jim-p	$config['crl'] = array();
95	56b1ed39	Phil Davis	}
96	81bfb231	jim-p
97			$a_crl =& $config['crl'];
98
99	56b1ed39	Phil Davis	foreach ($a_crl as $cid => $acrl) {
100			if (!isset($acrl['refid'])) {
101	c1f95f5c	jim-p	unset ($a_crl[$cid]);
102	56b1ed39	Phil Davis	}
103			}
104	c1f95f5c	jim-p
105	81bfb231	jim-p	$act = $_GET['act'];
106	56b1ed39	Phil Davis	if ($_POST['act']) {
107	81bfb231	jim-p	$act = $_POST['act'];
108	56b1ed39	Phil Davis	}
109	81bfb231	jim-p
110	56b1ed39	Phil Davis	if (!empty($id)) {
111	c1f95f5c	jim-p	$thiscrl =& lookup_crl($id);
112	56b1ed39	Phil Davis	}
113	81bfb231	jim-p
114	c1f95f5c	jim-p	// If we were given an invalid crlref in the id, no sense in continuing as it would only cause errors.
115			if (!$thiscrl && (($act != "") && ($act != "new"))) {
116			pfSenseHeader("system_crlmanager.php");
117			$act="";
118			$savemsg = gettext("Invalid CRL reference.");
119	3a9f3078	Stephen Beaver	}
120	c1f95f5c	jim-p
121			if ($act == "del") {
122	234cde4b	jim-p	$name = htmlspecialchars($thiscrl['descr']);
123	c1f95f5c	jim-p	if (crl_in_use($id)) {
124	8545adde	k-paulius	$savemsg = sprintf(gettext("Certificate Revocation List %s is in use and cannot be deleted."), $name);
125	ad8df715	jim-p	} else {
126	56b1ed39	Phil Davis	foreach ($a_crl as $cid => $acrl) {
127			if ($acrl['refid'] == $thiscrl['refid']) {
128	c1f95f5c	jim-p	unset($a_crl[$cid]);
129	56b1ed39	Phil Davis	}
130			}
131	ad08687b	jim-p	write_config("Deleted CRL {$name}.");
132	8545adde	k-paulius	$savemsg = sprintf(gettext("Certificate Revocation List %s successfully deleted."), $name);
133	ad8df715	jim-p	}
134	81bfb231	jim-p	}
135
136			if ($act == "new") {
137			$pconfig['method'] = $_GET['method'];
138			$pconfig['caref'] = $_GET['caref'];
139			$pconfig['lifetime'] = "9999";
140			$pconfig['serial'] = "0";
141			}
142
143			if ($act == "exp") {
144	45508803	jim-p	crl_update($thiscrl);
145	c1f95f5c	jim-p	$exp_name = urlencode("{$thiscrl['descr']}.crl");
146			$exp_data = base64_decode($thiscrl['text']);
147	81bfb231	jim-p	$exp_size = strlen($exp_data);
148
149			header("Content-Type: application/octet-stream");
150			header("Content-Disposition: attachment; filename={$exp_name}");
151			header("Content-Length: $exp_size");
152			echo $exp_data;
153			exit;
154			}
155
156	28ff7ace	jim-p	if ($act == "addcert") {
157			if ($_POST) {
158			unset($input_errors);
159			$pconfig = $_POST;
160
161			if (!$pconfig['crlref'] \|\| !$pconfig['certref']) {
162			pfSenseHeader("system_crlmanager.php");
163			exit;
164			}
165
166			// certref, crlref
167			$crl =& lookup_crl($pconfig['crlref']);
168			$cert = lookup_cert($pconfig['certref']);
169
170			if (!$crl['caref'] \|\| !$cert['caref']) {
171			$input_errors[] = gettext("Both the Certificate and CRL must be specified.");
172			}
173
174			if ($crl['caref'] != $cert['caref']) {
175			$input_errors[] = gettext("CA mismatch between the Certificate and CRL. Unable to Revoke.");
176			}
177			if (!is_crl_internal($crl)) {
178			$input_errors[] = gettext("Cannot revoke certificates for an imported/external CRL.");
179			}
180
181			if (!$input_errors) {
182	fc54f29b	jim-p	$reason = (empty($pconfig['crlreason'])) ? OCSP_REVOKED_STATUS_UNSPECIFIED : $pconfig['crlreason'];
183			cert_revoke($cert, $crl, $reason);
184	3a9f3078	Stephen Beaver	// refresh IPsec and OpenVPN CRLs
185	8e022a76	jim-p	openvpn_refresh_crls();
186	6141f51a	Chris Buechler	vpn_ipsec_configure();
187	cfcc6994	jim-p	write_config("Revoked cert {$cert['descr']} in CRL {$crl['descr']}.");
188	28ff7ace	jim-p	pfSenseHeader("system_crlmanager.php");
189	ad08687b	jim-p	exit;
190	28ff7ace	jim-p	}
191			}
192			}
193
194			if ($act == "delcert") {
195	c1f95f5c	jim-p	if (!is_array($thiscrl['cert'])) {
196	28ff7ace	jim-p	pfSenseHeader("system_crlmanager.php");
197			exit;
198			}
199	c1f95f5c	jim-p	$found = false;
200			foreach ($thiscrl['cert'] as $acert) {
201			if ($acert['refid'] == $_GET['certref']) {
202			$found = true;
203			$thiscert = $acert;
204			}
205			}
206			if (!$found) {
207			pfSenseHeader("system_crlmanager.php");
208			exit;
209			}
210	234cde4b	jim-p	$certname = htmlspecialchars($thiscert['descr']);
211			$crlname = htmlspecialchars($thiscrl['descr']);
212	c1f95f5c	jim-p	if (cert_unrevoke($thiscert, $thiscrl)) {
213	8545adde	k-paulius	$savemsg = sprintf(gettext("Deleted Certificate %s from CRL %s."), $certname, $crlname);
214	3a9f3078	Stephen Beaver	// refresh IPsec and OpenVPN CRLs
215	c1f95f5c	jim-p	openvpn_refresh_crls();
216	6141f51a	Chris Buechler	vpn_ipsec_configure();
217	762faef5	Phil Davis	write_config($savemsg);
218	c1f95f5c	jim-p	} else {
219	8545adde	k-paulius	$savemsg = sprintf(gettext("Failed to delete Certificate %s from CRL %s."), $certname, $crlname);
220	c1f95f5c	jim-p	}
221			$act="edit";
222	28ff7ace	jim-p	}
223
224	81bfb231	jim-p	if ($_POST) {
225	234cde4b	jim-p	$input_errors = array();
226	81bfb231	jim-p	$pconfig = $_POST;
227
228			/* input validation */
229	6f3d3a07	jim-p	if (($pconfig['method'] == "existing") \|\| ($act == "editimported")) {
230	5293bfec	jim-p	$reqdfields = explode(" ", "descr crltext");
231	81bfb231	jim-p	$reqdfieldsn = array(
232	6c07db48	Phil Davis	gettext("Descriptive name"),
233			gettext("Certificate Revocation List data"));
234	81bfb231	jim-p	}
235			if ($pconfig['method'] == "internal") {
236	6c07db48	Phil Davis	$reqdfields = explode(" ", "descr caref");
237	81bfb231	jim-p	$reqdfieldsn = array(
238	6c07db48	Phil Davis	gettext("Descriptive name"),
239			gettext("Certificate Authority"));
240	81bfb231	jim-p	}
241
242	1e9b4611	Renato Botelho	do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors);
243	81bfb231	jim-p
244	234cde4b	jim-p	if (preg_match("/[\?\>\<\&\/\\\"\']/", $pconfig['descr'])) {
245			array_push($input_errors, "The field 'Descriptive Name' contains invalid characters.");
246			}
247
248	81bfb231	jim-p	/* if this is an AJAX caller then handle via JSON */
249			if (isAjax() && is_array($input_errors)) {
250			input_errors2Ajax($input_errors);
251			exit;
252			}
253
254			/* save modifications */
255			if (!$input_errors) {
256			$result = false;
257
258	304af9d8	jim-p	if ($thiscrl) {
259	c1f95f5c	jim-p	$crl =& $thiscrl;
260	304af9d8	jim-p	} else {
261			$crl = array();
262			$crl['refid'] = uniqid();
263			}
264	81bfb231	jim-p
265	f2a86ca9	jim-p	$crl['descr'] = $pconfig['descr'];
266	6f3d3a07	jim-p	if ($act != "editimported") {
267			$crl['caref'] = $pconfig['caref'];
268			$crl['method'] = $pconfig['method'];
269			}
270	81bfb231	jim-p
271	6f3d3a07	jim-p	if (($pconfig['method'] == "existing") \|\| ($act == "editimported")) {
272	304af9d8	jim-p	$crl['text'] = base64_encode($pconfig['crltext']);
273	81bfb231	jim-p	}
274
275			if ($pconfig['method'] == "internal") {
276			$crl['serial'] = empty($pconfig['serial']) ? 9999 : $pconfig['serial'];
277			$crl['lifetime'] = empty($pconfig['lifetime']) ? 9999 : $pconfig['lifetime'];
278			$crl['cert'] = array();
279			}
280
281	56b1ed39	Phil Davis	if (!$thiscrl) {
282	81bfb231	jim-p	$a_crl[] = $crl;
283	56b1ed39	Phil Davis	}
284	81bfb231	jim-p
285	304af9d8	jim-p	write_config("Saved CRL {$crl['descr']}");
286	3a9f3078	Stephen Beaver	// refresh IPsec and OpenVPN CRLs
287	6f3d3a07	jim-p	openvpn_refresh_crls();
288	6141f51a	Chris Buechler	vpn_ipsec_configure();
289	81bfb231	jim-p	pfSenseHeader("system_crlmanager.php");
290			}
291			}
292
293	56c6b1cb	k-paulius	$pgtitle = array(gettext("System"), gettext("Certificate Manager"), gettext("Certificate Revocation"));
294
295			if ($act == "new" \|\| $act == gettext("Save") \|\| $input_errors \|\| $act == "edit") {
296			$pgtitle[] = gettext('Edit');
297			}
298	81bfb231	jim-p	include("head.inc");
299			?>
300
301			<script type="text/javascript">
302	0d15afff	Colin Fleming	//<![CDATA[
303	81bfb231	jim-p
304			function method_change() {
305
306	44bcc1be	jim-p	method = document.iform.method.value;
307	81bfb231	jim-p
308			switch (method) {
309	44bcc1be	jim-p	case "internal":
310	81bfb231	jim-p	document.getElementById("existing").style.display="none";
311			document.getElementById("internal").style.display="";
312			break;
313	44bcc1be	jim-p	case "existing":
314	81bfb231	jim-p	document.getElementById("existing").style.display="";
315			document.getElementById("internal").style.display="none";
316			break;
317			}
318			}
319
320	0d15afff	Colin Fleming	//]]>
321	81bfb231	jim-p	</script>
322	f9ee8994	Stephen Beaver
323	81bfb231	jim-p	<?php
324	f9ee8994	Stephen Beaver
325			function build_method_list() {
326			global $_GET, $crl_methods;
327	3a9f3078	Stephen Beaver
328	f9ee8994	Stephen Beaver	$list = array();
329	3a9f3078	Stephen Beaver
330	78863416	Phil Davis	foreach ($crl_methods as $method => $desc) {
331			if (($_GET['importonly'] == "yes") && ($method != "existing")) {
332	f9ee8994	Stephen Beaver	continue;
333	78863416	Phil Davis	}
334	3a9f3078	Stephen Beaver
335	f9ee8994	Stephen Beaver	$list[$method] = $desc;
336	3a9f3078	Stephen Beaver	}
337
338			return($list);
339	f9ee8994	Stephen Beaver	}
340
341			function build_ca_list() {
342			global $a_ca;
343	3a9f3078	Stephen Beaver
344	f9ee8994	Stephen Beaver	$list = array();
345	3a9f3078	Stephen Beaver
346	78863416	Phil Davis	foreach ($a_ca as $ca) {
347	f9ee8994	Stephen Beaver	$list[$ca['refid']] = $ca['descr'];
348	78863416	Phil Davis	}
349	f9ee8994	Stephen Beaver
350			return($list);
351			}
352
353			function build_cacert_list() {
354			global $ca_certs;
355	3a9f3078	Stephen Beaver
356	f9ee8994	Stephen Beaver	$list = array();
357
358	78863416	Phil Davis	foreach($ca_certs as $cert) {
359	3a9f3078	Stephen Beaver	$list[$cert['refid']] = $cert['descr'];
360	78863416	Phil Davis	}
361	f9ee8994	Stephen Beaver
362			return($list);
363	3a9f3078	Stephen Beaver	}
364	f9ee8994	Stephen Beaver
365	78863416	Phil Davis	if ($input_errors) {
366	f9ee8994	Stephen Beaver	print_input_errors($input_errors);
367	78863416	Phil Davis	}
368	3a9f3078	Stephen Beaver
369	78863416	Phil Davis	if ($savemsg) {
370	1f70d78c	NewEraCracker	print_info_box($savemsg, 'success');
371	78863416	Phil Davis	}
372	3a9f3078	Stephen Beaver
373	f9ee8994	Stephen Beaver	$tab_array = array();
374			$tab_array[] = array(gettext("CAs"), false, "system_camanager.php");
375			$tab_array[] = array(gettext("Certificates"), false, "system_certmanager.php");
376			$tab_array[] = array(gettext("Certificate Revocation"), true, "system_crlmanager.php");
377			display_top_tabs($tab_array);
378
379			if ($act == "new" \|\| $act == gettext("Save") \|\| $input_errors) {
380			if (!isset($id)) {
381			$form = new Form();
382	3a9f3078	Stephen Beaver
383	5f88f964	k-paulius	$section = new Form_Section('Create new Revocation List');
384	3a9f3078	Stephen Beaver
385	f9ee8994	Stephen Beaver	$section->addInput(new Form_Select(
386			'method',
387			'Method',
388			$pconfig['method'],
389			build_method_list()
390			));
391	3a9f3078	Stephen Beaver
392	f9ee8994	Stephen Beaver	}
393	3a9f3078	Stephen Beaver
394	f9ee8994	Stephen Beaver	$section->addInput(new Form_Input(
395			'descr',
396			'Descriptive name',
397			'text',
398			$pconfig['descr']
399			));
400
401			$section->addInput(new Form_Select(
402			'caref',
403			'Certificate Authority',
404			$pconfig['caref'],
405			build_ca_list()
406			));
407	3a9f3078	Stephen Beaver
408	f9ee8994	Stephen Beaver	$form->add($section);
409	3a9f3078	Stephen Beaver
410	f9ee8994	Stephen Beaver	$section = new Form_Section('Existing Certificate Revocation List');
411			$section->addClass('existing');
412	3a9f3078	Stephen Beaver
413	f9ee8994	Stephen Beaver	$section->addInput(new Form_Textarea(
414			'crltext',
415			'CRL data',
416			$pconfig['crltext']
417			))->setHelp('Paste a Certificate Revocation List in X.509 CRL format here.');
418	3a9f3078	Stephen Beaver
419	f9ee8994	Stephen Beaver	$form->add($section);
420	3a9f3078	Stephen Beaver
421	f9ee8994	Stephen Beaver	$section = new Form_Section('Internal Certificate Revocation List');
422			$section->addClass('internal');
423	3a9f3078	Stephen Beaver
424	f9ee8994	Stephen Beaver	$section->addInput(new Form_Input(
425			'lifetime',
426			'Lifetime (Days)',
427			'number',
428			$pconfig['lifetime'],
429			[max => '9999']
430			));
431	3a9f3078	Stephen Beaver
432	f9ee8994	Stephen Beaver	$section->addInput(new Form_Input(
433			'serial',
434			'Serial',
435			'number',
436			$pconfig['serial'],
437	3a9f3078	Stephen Beaver	[min => '0', max => '9999']
438	f9ee8994	Stephen Beaver	));
439	3a9f3078	Stephen Beaver
440			$form->add($section);
441
442	f9ee8994	Stephen Beaver	if (isset($id) && $thiscrl) {
443			$section->addInput(new Form_Input(
444			'id',
445			null,
446			'hidden',
447			$id
448	3a9f3078	Stephen Beaver	));
449	f9ee8994	Stephen Beaver	}
450	3a9f3078	Stephen Beaver
451	f9ee8994	Stephen Beaver	print($form);
452
453			} elseif ($act == "editimported") {
454	3a9f3078	Stephen Beaver
455	f9ee8994	Stephen Beaver	$form = new Form();
456	3a9f3078	Stephen Beaver
457			$section = new Form_Section('Edit Imported Certificate Revocation List');
458
459	f9ee8994	Stephen Beaver	$section->addInput(new Form_Input(
460			'descr',
461			'Descriptive name',
462			'text',
463			$pconfig['descr']
464			));
465	3a9f3078	Stephen Beaver
466	f9ee8994	Stephen Beaver	$section->addInput(new Form_Textarea(
467			'crltext',
468			'CRL data',
469			$pconfig['crltext']
470			))->setHelp('Paste a Certificate Revocation List in X.509 CRL format here.');
471	3a9f3078	Stephen Beaver
472	f9ee8994	Stephen Beaver	$section->addInput(new Form_Input(
473			'id',
474			null,
475			'hidden',
476			$id
477			));
478	3a9f3078	Stephen Beaver
479	f9ee8994	Stephen Beaver	$section->addInput(new Form_Input(
480			'act',
481			null,
482			'hidden',
483			'editimported'
484			));
485	3a9f3078	Stephen Beaver
486	f9ee8994	Stephen Beaver	$form->add($section);
487	3a9f3078	Stephen Beaver
488	f9ee8994	Stephen Beaver	print($form);
489	3a9f3078	Stephen Beaver
490	f9ee8994	Stephen Beaver	} elseif ($act == "edit") {
491			$crl = $thiscrl;
492	3a9f3078	Stephen Beaver
493	f9ee8994	Stephen Beaver	$form = new Form(false);
494	81bfb231	jim-p	?>
495	3a9f3078	Stephen Beaver
496	f9ee8994	Stephen Beaver	<div class="panel panel-default">
497			<div class="panel-heading"><h2 class="panel-title"><?=gettext("Currently Revoked Certificates for CRL") . ': ' . $crl['descr']?></h2></div>
498			<div class="panel-body table-responsive">
499	3a9f3078	Stephen Beaver	<?php
500	78863416	Phil Davis	if (!is_array($crl['cert']) \|\| (count($crl['cert']) == 0)) {
501	8545adde	k-paulius	print_info_box(gettext("No certificates found for this CRL."), 'danger');
502	78863416	Phil Davis	} else {
503	3a9f3078	Stephen Beaver	?>
504	f9ee8994	Stephen Beaver	<table class="table table-striped table-hover table-condensed">
505			<thead>
506	fc54f29b	jim-p	<tr>
507	f9ee8994	Stephen Beaver	<th><?=gettext("Certificate Name")?></th>
508			<th><?=gettext("Revocation Reason")?></th>
509			<th><?=gettext("Revoked At")?></th>
510			<th></th>
511	28ff7ace	jim-p	</tr>
512	f9ee8994	Stephen Beaver	</thead>
513			<tbody>
514	3a9f3078	Stephen Beaver	<?php
515	78863416	Phil Davis	foreach ($crl['cert'] as $i => $cert):
516	f9ee8994	Stephen Beaver	$name = htmlspecialchars($cert['descr']);
517			?>
518	28ff7ace	jim-p	<tr>
519			<td class="listlr">
520	f9ee8994	Stephen Beaver	<?=$name; ?>
521	28ff7ace	jim-p	</td>
522	fc54f29b	jim-p	<td class="listlr">
523	f9ee8994	Stephen Beaver	<?=$openssl_crl_status[$cert["reason"]]; ?>
524	fc54f29b	jim-p	</td>
525			<td class="listlr">
526	f9ee8994	Stephen Beaver	<?=date("D M j G:i:s T Y", $cert["revoke_time"]); ?>
527	fc54f29b	jim-p	</td>
528	28ff7ace	jim-p	<td class="list">
529	15b6dcac	jim-p	<a href="system_crlmanager.php?act=delcert&id=<?=$crl['refid']; ?>&certref=<?=$cert['refid']; ?>">
530			<i class="fa fa-trash" title="<?=gettext("Delete this certificate from the CRL")?>" alt="<?=gettext("Delete this certificate from the CRL")?>"></i>
531	28ff7ace	jim-p	</a>
532			</td>
533			</tr>
534	f9ee8994	Stephen Beaver	<?php
535			endforeach;
536			?>
537			</tbody>
538			</table>
539	f6fac5ac	Phil Davis	<?php
540			}
541			?>
542	f9ee8994	Stephen Beaver	</div>
543			</div>
544			<?php
545
546			$ca_certs = array();
547	78863416	Phil Davis	foreach ($a_cert as $cert) {
548			if ($cert['caref'] == $crl['caref']) {
549	f9ee8994	Stephen Beaver	$ca_certs[] = $cert;
550	78863416	Phil Davis	}
551			}
552	3a9f3078	Stephen Beaver
553	f6fac5ac	Phil Davis	if (count($ca_certs) == 0) {
554	8545adde	k-paulius	print_info_box(gettext("No certificates found for this CA."), 'danger');
555	f6fac5ac	Phil Davis	} else {
556	5f88f964	k-paulius	$section = new Form_Section('Choose a Certificate to Revoke');
557	f6fac5ac	Phil Davis	$group = new Form_Group(null);
558	3a9f3078	Stephen Beaver
559	f6fac5ac	Phil Davis	$group->add(new Form_Select(
560			'certref',
561			null,
562			$pconfig['certref'],
563			build_cacert_list()
564			))->setWidth(4)->setHelp('Certificate');
565	3a9f3078	Stephen Beaver
566	f6fac5ac	Phil Davis	$group->add(new Form_Select(
567			'crlreason',
568			null,
569			-1,
570			$openssl_crl_status
571			))->setHelp('Reason');
572	3a9f3078	Stephen Beaver
573	f6fac5ac	Phil Davis	$group->add(new Form_Button(
574			'submit',
575			'Add'
576			))->removeClass('btn-primary')->addClass('btn-success btn-sm');
577	3a9f3078	Stephen Beaver
578	f6fac5ac	Phil Davis	$section->add($group);
579	3a9f3078	Stephen Beaver
580	f6fac5ac	Phil Davis	$section->addInput(new Form_Input(
581			'id',
582			null,
583			'hidden',
584			$crl['refid']
585			));
586	3a9f3078	Stephen Beaver
587	f6fac5ac	Phil Davis	$section->addInput(new Form_Input(
588			'act',
589			null,
590			'hidden',
591			'addcert'
592			));
593	3a9f3078	Stephen Beaver
594	f6fac5ac	Phil Davis	$section->addInput(new Form_Input(
595			'crlref',
596			null,
597			'hidden',
598			$crl['refid']
599			));
600	3a9f3078	Stephen Beaver
601	f6fac5ac	Phil Davis	$form->add($section);
602			}
603	3a9f3078	Stephen Beaver
604	f9ee8994	Stephen Beaver	print($form);
605			} else {
606			?>
607
608			<div class="panel panel-default">
609			<div class="panel-heading"><h2 class="panel-title"><?=gettext("Additional Certificate Revocation Lists")?></h2></div>
610			<div class="panel-body table-responsive">
611			<table class="table table-striped table-hover table-condensed">
612			<thead>
613	0d15afff	Colin Fleming	<tr>
614	f9ee8994	Stephen Beaver	<th><?=gettext("Name")?></th>
615			<th><?=gettext("Internal")?></th>
616			<th><?=gettext("Certificates")?></th>
617			<th><?=gettext("In Use")?></th>
618	b1466a09	Phil Davis	<th><?=gettext("Actions")?></th>
619	0d15afff	Colin Fleming	</tr>
620	f9ee8994	Stephen Beaver	</thead>
621			<tbody>
622			<?php
623			// Map CRLs to CAs in one pass
624			$ca_crl_map = array();
625	78863416	Phil Davis	foreach ($a_crl as $crl) {
626	f9ee8994	Stephen Beaver	$ca_crl_map[$crl['caref']][] = $crl['refid'];
627	78863416	Phil Davis	}
628	f9ee8994	Stephen Beaver
629			$i = 0;
630	78863416	Phil Davis	foreach ($a_ca as $ca):
631	f9ee8994	Stephen Beaver	$name = htmlspecialchars($ca['descr']);
632
633	78863416	Phil Davis	if ($ca['prv']) {
634	f9ee8994	Stephen Beaver	$cainternal = "YES";
635	78863416	Phil Davis	} else {
636	f9ee8994	Stephen Beaver	$cainternal = "NO";
637	78863416	Phil Davis	}
638	3a9f3078	Stephen Beaver	?>
639	81bfb231	jim-p	<tr>
640	f9ee8994	Stephen Beaver	<td colspan="4">
641			<?=$name?>
642	81bfb231	jim-p	</td>
643	f9ee8994	Stephen Beaver	<td>
644	3a9f3078	Stephen Beaver	<?php
645	78863416	Phil Davis	if ($cainternal == "YES"):
646			?>
647	f9ee8994	Stephen Beaver	<a href="system_crlmanager.php?act=new&caref=<?=$ca['refid']; ?>" class="btn btn-xs btn-success">
648	15b6dcac	jim-p	<i class="fa fa-plus icon-embed-btn"></i>
649	c4e97dbe	Chris Buechler	<?=gettext("Add or Import CRL")?>
650	44bcc1be	jim-p	</a>
651	3a9f3078	Stephen Beaver	<?php
652	78863416	Phil Davis	else:
653			?>
654	f9ee8994	Stephen Beaver	<a href="system_crlmanager.php?act=new&caref=<?=$ca['refid']; ?>&importonly=yes" class="btn btn-xs btn-success">
655	15b6dcac	jim-p	<i class="fa fa-plus icon-embed-btn"></i>
656	c4e97dbe	Chris Buechler	<?=gettext("Add or Import CRL")?>
657	3a9f3078	Stephen Beaver	</a>
658			<?php
659	78863416	Phil Davis	endif;
660			?>
661	81bfb231	jim-p	</td>
662			</tr>
663	f9ee8994	Stephen Beaver	<?php
664			if (is_array($ca_crl_map[$ca['refid']])):
665	78863416	Phil Davis	foreach ($ca_crl_map[$ca['refid']] as $crl):
666	f9ee8994	Stephen Beaver	$tmpcrl = lookup_crl($crl);
667			$internal = is_crl_internal($tmpcrl);
668			$inuse = crl_in_use($tmpcrl['refid']);
669			?>
670	81bfb231	jim-p	<tr>
671	f9ee8994	Stephen Beaver	<td><?=$tmpcrl['descr']; ?></td>
672	ce883f9f	jim-p	<td><i class="fa fa-<?=($internal) ? "check" : "times"; ?>"></i></td>
673	f9ee8994	Stephen Beaver	<td><?=($internal) ? count($tmpcrl['cert']) : "Unknown (imported)"; ?></td>
674	ce883f9f	jim-p	<td><i class="fa fa-<?=($inuse) ? "check" : "times"; ?>"></i></td>
675	f9ee8994	Stephen Beaver	<td>
676	15b6dcac	jim-p	<a href="system_crlmanager.php?act=exp&id=<?=$tmpcrl['refid']?>" class="fa fa-download" title="<?=gettext("Export CRL")?>"></a>
677	3a9f3078	Stephen Beaver	<?php
678	f9ee8994	Stephen Beaver	if ($internal): ?>
679	15b6dcac	jim-p	<a href="system_crlmanager.php?act=edit&id=<?=$tmpcrl['refid']?>" class="fa fa-pencil" title="<?=gettext("Edit CRL")?>"></a>
680	3a9f3078	Stephen Beaver	<?php
681	78863416	Phil Davis	else:
682			?>
683	15b6dcac	jim-p	<a href="system_crlmanager.php?act=editimported&id=<?=$tmpcrl['refid']?>" class="fa fa-pencil" title="<?=gettext("Edit CRL")?>"></a>
684	3a9f3078	Stephen Beaver	<?php endif;
685	78863416	Phil Davis	if (!$inuse):
686			?>
687	15b6dcac	jim-p	<a href="system_crlmanager.php?act=del&id=<?=$tmpcrl['refid']?>" class="fa fa-trash" title="<?=gettext("Delete CRL")?>"></a>
688	3a9f3078	Stephen Beaver	<?php
689	78863416	Phil Davis	endif;
690			?>
691	81bfb231	jim-p	</td>
692			</tr>
693	f9ee8994	Stephen Beaver	<?php
694			$i++;
695			endforeach;
696			endif;
697			$i++;
698			endforeach;
699	3a9f3078	Stephen Beaver	?>
700	f9ee8994	Stephen Beaver	</tbody>
701			</table>
702			</div>
703			</div>
704	3a9f3078	Stephen Beaver
705
706			<?php
707	f9ee8994	Stephen Beaver	}
708			?>
709	81bfb231	jim-p
710	f9ee8994	Stephen Beaver	<script>
711	3a9f3078	Stephen Beaver	//<![CDATA[
712	78863416	Phil Davis	events.push(function() {
713	3a9f3078	Stephen Beaver
714			// Hides all elements of the specified class. This will usually be a section or group
715			function hideClass(s_class, hide) {
716	78863416	Phil Davis	if (hide) {
717	3a9f3078	Stephen Beaver	$('.' + s_class).hide();
718	78863416	Phil Davis	} else {
719	3a9f3078	Stephen Beaver	$('.' + s_class).show();
720	78863416	Phil Davis	}
721	3a9f3078	Stephen Beaver	}
722
723			// When the 'method" selector is changed, we show/hide certain sections
724			$('#method').on('change', function() {
725			hideClass('internal', ($('#method').val() == 'existing'));
726			hideClass('existing', ($('#method').val() == 'internal'));
727			});
728
729	f9ee8994	Stephen Beaver	hideClass('internal', ($('#method').val() == 'existing'));
730			hideClass('existing', ($('#method').val() == 'internal'));
731			});
732	3a9f3078	Stephen Beaver	//]]>
733	81bfb231	jim-p	</script>
734
735	f9ee8994	Stephen Beaver	<?php include("foot.inc");

Project

General

Profile

pfSense