/usr/local/www/system_crlmanager.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/usr/local/www/system_crlmanager.php @ 460719c8

1	81bfb231	jim-p	<?php
2			/*
3			system_crlmanager.php
4
5			Copyright (C) 2010 Jim Pingle
6	ce77a9c4	Phil Davis	Copyright (C) 2013-2015 Electric Sheep Fencing, LP
7	81bfb231	jim-p	All rights reserved.
8
9			Redistribution and use in source and binary forms, with or without
10			modification, are permitted provided that the following conditions are met:
11
12			1. Redistributions of source code must retain the above copyright notice,
13			this list of conditions and the following disclaimer.
14
15			2. Redistributions in binary form must reproduce the above copyright
16			notice, this list of conditions and the following disclaimer in the
17			documentation and/or other materials provided with the distribution.
18
19			THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
20			INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
21			AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
22			AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
23			OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
24			SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
25			INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
26			CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
27			ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
28			POSSIBILITY OF SUCH DAMAGE.
29			*/
30			/*
31	ce77a9c4	Phil Davis	pfSense_MODULE: certificate_manager
32	81bfb231	jim-p	*/
33
34			##\|+PRIV
35			##\|*IDENT=page-system-crlmanager
36			##\|*NAME=System: CRL Manager
37			##\|*DESCR=Allow access to the 'System: CRL Manager' page.
38			##\|MATCH=system_crlmanager.php
39			##\|-PRIV
40
41			require("guiconfig.inc");
42			require_once("certs.inc");
43	94efbf8b	jim-p	require_once('openvpn.inc');
44	81bfb231	jim-p
45	fc54f29b	jim-p	global $openssl_crl_status;
46
47	81bfb231	jim-p	$pgtitle = array(gettext("System"), gettext("Certificate Revocation List Manager"));
48
49			$crl_methods = array(
50			"internal" => gettext("Create an internal Certificate Revocation List"),
51			"existing" => gettext("Import an existing Certificate Revocation List"));
52
53	80f48850	jim-p	if (ctype_alnum($_GET['id']))
54	e41ec584	Renato Botelho	$id = $_GET['id'];
55	80f48850	jim-p	if (isset($_POST['id']) && ctype_alnum($_POST['id']))
56	81bfb231	jim-p	$id = $_POST['id'];
57
58			if (!is_array($config['ca']))
59			$config['ca'] = array();
60
61			$a_ca =& $config['ca'];
62
63			if (!is_array($config['cert']))
64			$config['cert'] = array();
65
66			$a_cert =& $config['cert'];
67
68			if (!is_array($config['crl']))
69			$config['crl'] = array();
70
71			$a_crl =& $config['crl'];
72
73	c1f95f5c	jim-p	foreach ($a_crl as $cid => $acrl)
74			if (!isset($acrl['refid']))
75			unset ($a_crl[$cid]);
76
77	81bfb231	jim-p	$act = $_GET['act'];
78			if ($_POST['act'])
79			$act = $_POST['act'];
80
81	c1f95f5c	jim-p	if (!empty($id))
82			$thiscrl =& lookup_crl($id);
83	81bfb231	jim-p
84	c1f95f5c	jim-p	// If we were given an invalid crlref in the id, no sense in continuing as it would only cause errors.
85			if (!$thiscrl && (($act != "") && ($act != "new"))) {
86			pfSenseHeader("system_crlmanager.php");
87			$act="";
88			$savemsg = gettext("Invalid CRL reference.");
89			}
90
91			if ($act == "del") {
92			$name = $thiscrl['descr'];
93			if (crl_in_use($id)) {
94	8cd558b6	ayvis	$savemsg = sprintf(gettext("Certificate Revocation List %s is in use and cannot be deleted"), $name) . "<br />";
95	ad8df715	jim-p	} else {
96	c1f95f5c	jim-p	foreach ($a_crl as $cid => $acrl)
97			if ($acrl['refid'] == $thiscrl['refid'])
98			unset($a_crl[$cid]);
99	ad08687b	jim-p	write_config("Deleted CRL {$name}.");
100	8cd558b6	ayvis	$savemsg = sprintf(gettext("Certificate Revocation List %s successfully deleted"), $name) . "<br />";
101	ad8df715	jim-p	}
102	81bfb231	jim-p	}
103
104			if ($act == "new") {
105			$pconfig['method'] = $_GET['method'];
106			$pconfig['caref'] = $_GET['caref'];
107			$pconfig['lifetime'] = "9999";
108			$pconfig['serial'] = "0";
109			}
110
111			if ($act == "exp") {
112	45508803	jim-p	crl_update($thiscrl);
113	c1f95f5c	jim-p	$exp_name = urlencode("{$thiscrl['descr']}.crl");
114			$exp_data = base64_decode($thiscrl['text']);
115	81bfb231	jim-p	$exp_size = strlen($exp_data);
116
117			header("Content-Type: application/octet-stream");
118			header("Content-Disposition: attachment; filename={$exp_name}");
119			header("Content-Length: $exp_size");
120			echo $exp_data;
121			exit;
122			}
123
124	28ff7ace	jim-p	if ($act == "addcert") {
125			if ($_POST) {
126			unset($input_errors);
127			$pconfig = $_POST;
128
129			if (!$pconfig['crlref'] \|\| !$pconfig['certref']) {
130			pfSenseHeader("system_crlmanager.php");
131			exit;
132			}
133
134			// certref, crlref
135			$crl =& lookup_crl($pconfig['crlref']);
136			$cert = lookup_cert($pconfig['certref']);
137
138			if (!$crl['caref'] \|\| !$cert['caref']) {
139			$input_errors[] = gettext("Both the Certificate and CRL must be specified.");
140			}
141
142			if ($crl['caref'] != $cert['caref']) {
143			$input_errors[] = gettext("CA mismatch between the Certificate and CRL. Unable to Revoke.");
144			}
145			if (!is_crl_internal($crl)) {
146			$input_errors[] = gettext("Cannot revoke certificates for an imported/external CRL.");
147			}
148
149			if (!$input_errors) {
150	fc54f29b	jim-p	$reason = (empty($pconfig['crlreason'])) ? OCSP_REVOKED_STATUS_UNSPECIFIED : $pconfig['crlreason'];
151			cert_revoke($cert, $crl, $reason);
152	8e022a76	jim-p	openvpn_refresh_crls();
153	cfcc6994	jim-p	write_config("Revoked cert {$cert['descr']} in CRL {$crl['descr']}.");
154	28ff7ace	jim-p	pfSenseHeader("system_crlmanager.php");
155	ad08687b	jim-p	exit;
156	28ff7ace	jim-p	}
157			}
158			}
159
160			if ($act == "delcert") {
161	c1f95f5c	jim-p	if (!is_array($thiscrl['cert'])) {
162	28ff7ace	jim-p	pfSenseHeader("system_crlmanager.php");
163			exit;
164			}
165	c1f95f5c	jim-p	$found = false;
166			foreach ($thiscrl['cert'] as $acert) {
167			if ($acert['refid'] == $_GET['certref']) {
168			$found = true;
169			$thiscert = $acert;
170			}
171			}
172			if (!$found) {
173			pfSenseHeader("system_crlmanager.php");
174			exit;
175			}
176			$name = $thiscert['descr'];
177			if (cert_unrevoke($thiscert, $thiscrl)) {
178	8cd558b6	ayvis	$savemsg = sprintf(gettext("Deleted Certificate %s from CRL %s"), $name, $thiscrl['descr']) . "<br />";
179	c1f95f5c	jim-p	openvpn_refresh_crls();
180	cfcc6994	jim-p	write_config(sprintf(gettext("Deleted Certificate %s from CRL %s"), $name, $thiscrl['descr']));
181	c1f95f5c	jim-p	} else {
182	8cd558b6	ayvis	$savemsg = sprintf(gettext("Failed to delete Certificate %s from CRL %s"), $name, $thiscrl['descr']) . "<br />";
183	c1f95f5c	jim-p	}
184			$act="edit";
185	28ff7ace	jim-p	}
186
187	81bfb231	jim-p	if ($_POST) {
188			unset($input_errors);
189			$pconfig = $_POST;
190
191			/* input validation */
192	6f3d3a07	jim-p	if (($pconfig['method'] == "existing") \|\| ($act == "editimported")) {
193	5293bfec	jim-p	$reqdfields = explode(" ", "descr crltext");
194	81bfb231	jim-p	$reqdfieldsn = array(
195			gettext("Descriptive name"),
196			gettext("Certificate Revocation List data"));
197			}
198			if ($pconfig['method'] == "internal") {
199			$reqdfields = explode(" ",
200	5293bfec	jim-p	"descr caref");
201	81bfb231	jim-p	$reqdfieldsn = array(
202			gettext("Descriptive name"),
203			gettext("Certificate Authority"));
204			}
205
206	1e9b4611	Renato Botelho	do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors);
207	81bfb231	jim-p
208			/* if this is an AJAX caller then handle via JSON */
209			if (isAjax() && is_array($input_errors)) {
210			input_errors2Ajax($input_errors);
211			exit;
212			}
213
214			/* save modifications */
215			if (!$input_errors) {
216			$result = false;
217
218	304af9d8	jim-p	if ($thiscrl) {
219	c1f95f5c	jim-p	$crl =& $thiscrl;
220	304af9d8	jim-p	} else {
221			$crl = array();
222			$crl['refid'] = uniqid();
223			}
224	81bfb231	jim-p
225	f2a86ca9	jim-p	$crl['descr'] = $pconfig['descr'];
226	6f3d3a07	jim-p	if ($act != "editimported") {
227			$crl['caref'] = $pconfig['caref'];
228			$crl['method'] = $pconfig['method'];
229			}
230	81bfb231	jim-p
231	6f3d3a07	jim-p	if (($pconfig['method'] == "existing") \|\| ($act == "editimported")) {
232	304af9d8	jim-p	$crl['text'] = base64_encode($pconfig['crltext']);
233	81bfb231	jim-p	}
234
235			if ($pconfig['method'] == "internal") {
236			$crl['serial'] = empty($pconfig['serial']) ? 9999 : $pconfig['serial'];
237			$crl['lifetime'] = empty($pconfig['lifetime']) ? 9999 : $pconfig['lifetime'];
238			$crl['cert'] = array();
239			}
240
241	c1f95f5c	jim-p	if (!$thiscrl)
242	81bfb231	jim-p	$a_crl[] = $crl;
243
244	304af9d8	jim-p	write_config("Saved CRL {$crl['descr']}");
245	6f3d3a07	jim-p	openvpn_refresh_crls();
246	81bfb231	jim-p	pfSenseHeader("system_crlmanager.php");
247			}
248			}
249
250			include("head.inc");
251			?>
252
253			<body link="#000000" vlink="#000000" alink="#000000" onload="<?= $jsevents["body"]["onload"] ?>">
254			<?php include("fbegin.inc"); ?>
255			<script type="text/javascript">
256	0d15afff	Colin Fleming	//<![CDATA[
257	81bfb231	jim-p
258			function method_change() {
259
260	44bcc1be	jim-p	method = document.iform.method.value;
261	81bfb231	jim-p
262			switch (method) {
263	44bcc1be	jim-p	case "internal":
264	81bfb231	jim-p	document.getElementById("existing").style.display="none";
265			document.getElementById("internal").style.display="";
266			break;
267	44bcc1be	jim-p	case "existing":
268	81bfb231	jim-p	document.getElementById("existing").style.display="";
269			document.getElementById("internal").style.display="none";
270			break;
271			}
272			}
273
274	0d15afff	Colin Fleming	//]]>
275	81bfb231	jim-p	</script>
276			<?php
277			if ($input_errors)
278			print_input_errors($input_errors);
279			if ($savemsg)
280			print_info_box($savemsg);
281			?>
282	0d15afff	Colin Fleming	<table width="100%" border="0" cellpadding="0" cellspacing="0" summary="CRL manager">
283	81bfb231	jim-p	<tr>
284			<td>
285			<?php
286			$tab_array = array();
287			$tab_array[] = array(gettext("CAs"), false, "system_camanager.php");
288			$tab_array[] = array(gettext("Certificates"), false, "system_certmanager.php");
289			$tab_array[] = array(gettext("Certificate Revocation"), true, "system_crlmanager.php");
290			display_top_tabs($tab_array);
291			?>
292			</td>
293			</tr>
294			<tr>
295			<td id="mainarea">
296			<div class="tabcont">
297
298			<?php if ($act == "new" \|\| $act == gettext("Save") \|\| $input_errors): ?>
299
300			<form action="system_crlmanager.php" method="post" name="iform" id="iform">
301	0d15afff	Colin Fleming	<table width="100%" border="0" cellpadding="6" cellspacing="0" summary="main area">
302	81bfb231	jim-p	<?php if (!isset($id)): ?>
303			<tr>
304			<td width="22%" valign="top" class="vncellreq"><?=gettext("Method");?></td>
305			<td width="78%" class="vtable">
306			<select name='method' id='method' class="formselect" onchange='method_change()'>
307			<?php
308	2464e353	N0YB	$rowIndex = 0;
309	81bfb231	jim-p	foreach($crl_methods as $method => $desc):
310	44bcc1be	jim-p	if (($_GET['importonly'] == "yes") && ($method != "existing"))
311			continue;
312	81bfb231	jim-p	$selected = "";
313			if ($pconfig['method'] == $method)
314	0d15afff	Colin Fleming	$selected = "selected=\"selected\"";
315	2464e353	N0YB	$rowIndex++;
316	81bfb231	jim-p	?>
317	b4e9a4da	N0YB	<option value="<?=$method;?>" <?=$selected;?>><?=$desc;?></option>
318	2464e353	N0YB	<?php endforeach;
319			if ($rowIndex == 0)
320			echo "<option></option>";
321	81bfb231	jim-p	?>
322			</select>
323			</td>
324			</tr>
325			<?php endif; ?>
326			<tr>
327			<td width="22%" valign="top" class="vncellreq"><?=gettext("Descriptive name");?></td>
328			<td width="78%" class="vtable">
329	f2a86ca9	jim-p	<input name="descr" type="text" class="formfld unknown" id="descr" size="20" value="<?=htmlspecialchars($pconfig['descr']);?>"/>
330	81bfb231	jim-p	</td>
331			</tr>
332			<tr>
333			<td width="22%" valign="top" class="vncellreq"><?=gettext("Certificate Authority");?></td>
334			<td width="78%" class="vtable">
335			<select name='caref' id='caref' class="formselect">
336			<?php
337	2464e353	N0YB	$rowIndex = 0;
338	81bfb231	jim-p	foreach($a_ca as $ca):
339			$selected = "";
340			if ($pconfig['caref'] == $ca['refid'])
341	0d15afff	Colin Fleming	$selected = "selected=\"selected\"";
342	2464e353	N0YB	$rowIndex++;
343	81bfb231	jim-p	?>
344	b4e9a4da	N0YB	<option value="<?=$ca['refid'];?>" <?=$selected;?>><?=$ca['descr'];?></option>
345	2464e353	N0YB	<?php endforeach;
346			if ($rowIndex == 0)
347			echo "<option></option>";
348	81bfb231	jim-p	?>
349			</select>
350			</td>
351			</tr>
352			</table>
353
354	0d15afff	Colin Fleming	<table width="100%" border="0" cellpadding="6" cellspacing="0" id="existing" summary="existing">
355	81bfb231	jim-p	<tr>
356			<td colspan="2" class="list" height="12"></td>
357			</tr>
358			<tr>
359			<td colspan="2" valign="top" class="listtopic"><?=gettext("Existing Certificate Revocation List");?></td>
360			</tr>
361
362			<tr>
363			<td width="22%" valign="top" class="vncellreq"><?=gettext("CRL data");?></td>
364			<td width="78%" class="vtable">
365	364ecdd1	jim-p	<textarea name="crltext" id="crltext" cols="65" rows="7" class="formfld_crl"><?=$pconfig['crltext'];?></textarea>
366	8cd558b6	ayvis	<br />
367	0d15afff	Colin Fleming	<?=gettext("Paste a Certificate Revocation List in X.509 CRL format here.");?>
368	81bfb231	jim-p	</td>
369			</tr>
370			</table>
371
372	0d15afff	Colin Fleming	<table width="100%" border="0" cellpadding="6" cellspacing="0" id="internal" summary="internal">
373	81bfb231	jim-p	<tr>
374			<td colspan="2" class="list" height="12"></td>
375			</tr>
376			<tr>
377			<td colspan="2" valign="top" class="listtopic"><?=gettext("Internal Certificate Revocation List");?></td>
378			</tr>
379			<tr>
380			<td width="22%" valign="top" class="vncellreq"><?=gettext("Lifetime");?></td>
381			<td width="78%" class="vtable">
382			<input name="lifetime" type="text" class="formfld unknown" id="lifetime" size="5" value="<?=htmlspecialchars($pconfig['lifetime']);?>"/>
383	8cd558b6	ayvis	<?=gettext("days");?><br />
384	81bfb231	jim-p	<?=gettext("Default: 9999");?>
385			</td>
386			</tr>
387			<tr>
388			<td width="22%" valign="top" class="vncellreq"><?=gettext("Serial");?></td>
389			<td width="78%" class="vtable">
390	0d15afff	Colin Fleming	<input name="serial" type="text" class="formfld unknown" id="serial" size="5" value="<?=htmlspecialchars($pconfig['serial']);?>"/>
391	8cd558b6	ayvis	<br />
392	81bfb231	jim-p	<?=gettext("Default: 0");?>
393			</td>
394			</tr>
395			</table>
396
397	0d15afff	Colin Fleming	<table width="100%" border="0" cellpadding="6" cellspacing="0" summary="save">
398	81bfb231	jim-p	<tr>
399			<td width="22%" valign="top"> </td>
400			<td width="78%">
401			<input id="submit" name="save" type="submit" class="formbtn" value="<?=gettext("Save"); ?>" />
402	c1f95f5c	jim-p	<?php if (isset($id) && $thiscrl): ?>
403	e41ec584	Renato Botelho	<input name="id" type="hidden" value="<?=htmlspecialchars($id);?>" />
404	81bfb231	jim-p	<?php endif;?>
405			</td>
406			</tr>
407			</table>
408			</form>
409	6f3d3a07	jim-p	<?php elseif ($act == "editimported"): ?>
410			<?php $crl = $thiscrl; ?>
411			<form action="system_crlmanager.php" method="post" name="iform" id="iform">
412	0d15afff	Colin Fleming	<table width="100%" border="0" cellpadding="6" cellspacing="0" id="editimported" summary="import">
413	6f3d3a07	jim-p	<tr>
414			<td colspan="2" valign="top" class="listtopic"><?=gettext("Edit Imported Certificate Revocation List");?></td>
415			</tr>
416			<tr>
417			<td width="22%" valign="top" class="vncellreq"><?=gettext("Descriptive name");?></td>
418			<td width="78%" class="vtable">
419			<input name="descr" type="text" class="formfld unknown" id="descr" size="20" value="<?=htmlspecialchars($crl['descr']);?>"/>
420			</td>
421			</tr>
422			<tr>
423			<td width="22%" valign="top" class="vncellreq"><?=gettext("CRL data");?></td>
424			<td width="78%" class="vtable">
425			<textarea name="crltext" id="crltext" cols="65" rows="7" class="formfld_crl"><?=base64_decode($crl['text']);?></textarea>
426	8cd558b6	ayvis	<br />
427	6f3d3a07	jim-p	<?=gettext("Paste a Certificate Revocation List in X.509 CRL format here.");?></td>
428			</td>
429			</tr>
430			<tr>
431			<td width="22%" valign="top"> </td>
432			<td width="78%">
433			<input id="submit" name="save" type="submit" class="formbtn" value="<?=gettext("Save"); ?>" />
434	e41ec584	Renato Botelho	<input name="id" type="hidden" value="<?=htmlspecialchars($id);?>" />
435	6f3d3a07	jim-p	<input name="act" type="hidden" value="editimported" />
436			</td>
437			</tr>
438			</table>
439			</form>
440
441	28ff7ace	jim-p	<?php elseif ($act == "edit"): ?>
442	c1f95f5c	jim-p	<?php $crl = $thiscrl; ?>
443	28ff7ace	jim-p	<form action="system_crlmanager.php" method="post" name="iform" id="iform">
444	0d15afff	Colin Fleming	<table width="100%" border="0" cellpadding="0" cellspacing="0" summary="revoke">
445	28ff7ace	jim-p	<thead>
446			<tr>
447	fc54f29b	jim-p	<th width="90%" class="listhdrr" colspan="3"><b><?php echo gettext("Currently Revoked Certificates for CRL") . ': ' . $crl['descr']; ?></b></th>
448			<th width="10%" class="list"></th>
449			</tr>
450			<tr>
451			<th width="30%" class="listhdrr"><b><?php echo gettext("Certificate Name")?></b></th>
452			<th width="30%" class="listhdrr"><b><?php echo gettext("Revocation Reason")?></b></th>
453			<th width="30%" class="listhdrr"><b><?php echo gettext("Revoked At")?></b></th>
454			<th width="10%" class="list"></th>
455	28ff7ace	jim-p	</tr>
456			</thead>
457			<tbody>
458			<?php /* List Certs on CRL */
459			if (!is_array($crl['cert']) \|\| (count($crl['cert']) == 0)): ?>
460			<tr>
461	fc54f29b	jim-p	<td class="listlr" colspan="3">
462	28ff7ace	jim-p	<?php echo gettext("No Certificates Found for this CRL."); ?>
463			</td>
464			<td class="list"> </td>
465	fbe0c5ff	Colin Fleming	</tr>
466	28ff7ace	jim-p	<?php else:
467			foreach($crl['cert'] as $i => $cert):
468			$name = htmlspecialchars($cert['descr']);
469			?>
470			<tr>
471			<td class="listlr">
472			<?php echo $name; ?>
473			</td>
474	fc54f29b	jim-p	<td class="listlr">
475			<?php echo $openssl_crl_status[$cert["reason"]]; ?>
476			</td>
477			<td class="listlr">
478			<?php echo date("D M j G:i:s T Y", $cert["revoke_time"]); ?>
479			</td>
480	28ff7ace	jim-p	<td class="list">
481	0d15afff	Colin Fleming	<a href="system_crlmanager.php?act=delcert&id=<?php echo $crl['refid']; ?>&certref=<?php echo $cert['refid']; ?>" onclick="return confirm('<?=gettext("Do you really want to delete this Certificate from the CRL?");?>')">
482	28ff7ace	jim-p	<img src="/themes/<?= $g['theme'];?>/images/icons/icon_x.gif" title="<?=gettext("Delete this certificate from the CRL ");?>" alt="<?=gettext("Delete this certificate from the CRL ");?>" width="17" height="17" border="0" />
483			</a>
484			</td>
485			</tr>
486			<?php
487			endforeach;
488			endif;
489			?>
490			<?php /* Drop-down with other certs from this CA. */
491			// Map Certs to CAs in one pass
492			$ca_certs = array();
493			foreach($a_cert as $cert)
494			if ($cert['caref'] == $crl['caref'])
495			$ca_certs[] = $cert;
496			if (count($ca_certs) == 0): ?>
497			<tr>
498	fc54f29b	jim-p	<td class="listlr" colspan="3">
499	28ff7ace	jim-p	<?php echo gettext("No Certificates Found for this CA."); ?>
500			</td>
501			<td class="list"> </td>
502	fbe0c5ff	Colin Fleming	</tr>
503	28ff7ace	jim-p	<?php else: ?>
504			<tr>
505	fc54f29b	jim-p	<td class="listlr" colspan="3" align="center">
506	28ff7ace	jim-p	<b><?php echo gettext("Choose a Certificate to Revoke"); ?></b>: <select name='certref' id='certref' class="formselect">
507	2464e353	N0YB	<?php $rowIndex = 0;
508			foreach($ca_certs as $cert):
509			$rowIndex++; ?>
510	fc54f29b	jim-p	<option value="<?=$cert['refid'];?>"><?=htmlspecialchars($cert['descr'])?></option>
511	2464e353	N0YB	<?php endforeach;
512			if ($rowIndex == 0)
513			echo "<option></option>"; ?>
514	fc54f29b	jim-p	</select>
515			<b><?php echo gettext("Reason");?></b>:
516			<select name='crlreason' id='crlreason' class="formselect">
517	2464e353	N0YB	<?php $rowIndex = 0;
518			foreach($openssl_crl_status as $code => $reason):
519			$rowIndex++; ?>
520	fc54f29b	jim-p	<option value="<?= $code ?>"><?= htmlspecialchars($reason) ?></option>
521	2464e353	N0YB	<?php endforeach;
522			if ($rowIndex == 0)
523			echo "<option></option>"; ?>
524	fc54f29b	jim-p	</select>
525	28ff7ace	jim-p	<input name="act" type="hidden" value="addcert" />
526			<input name="crlref" type="hidden" value="<?=$crl['refid'];?>" />
527	c1f95f5c	jim-p	<input name="id" type="hidden" value="<?=$crl['refid'];?>" />
528	28ff7ace	jim-p	<input id="submit" name="add" type="submit" class="formbtn" value="<?=gettext("Add"); ?>" />
529			</td>
530			<td class="list"> </td>
531			</tr>
532			<?php endif; ?>
533			</tbody>
534			</table>
535			</form>
536	81bfb231	jim-p	<?php else: ?>
537
538	0d15afff	Colin Fleming	<table width="100%" border="0" cellpadding="0" cellspacing="0" summary="ocpms">
539	81bfb231	jim-p	<thead>
540			<tr>
541			<td width="35%" class="listhdrr"><?=gettext("Name");?></td>
542			<td width="10%" class="listhdrr"><?=gettext("Internal");?></td>
543			<td width="35%" class="listhdrr"><?=gettext("Certificates");?></td>
544			<td width="10%" class="listhdrr"><?=gettext("In Use");?></td>
545			<td width="10%" class="list"></td>
546			</tr>
547			</thead>
548	0d15afff	Colin Fleming	<tfoot>
549			<tr>
550			<td colspan="5">
551			<p>
552			<?=gettext("Additional Certificate Revocation Lists can be added here.");?>
553			</p>
554			</td>
555			</tr>
556			</tfoot> <tbody>
557	81bfb231	jim-p	<?php
558	0d5c21f7	Chris Buechler	$caimg = "/themes/{$g['theme']}/images/icons/icon_frmfld_cert.png";
559	28ff7ace	jim-p	// Map CRLs to CAs in one pass
560	81bfb231	jim-p	$ca_crl_map = array();
561			foreach($a_crl as $crl)
562			$ca_crl_map[$crl['caref']][] = $crl['refid'];
563
564			$i = 0;
565			foreach($a_ca as $ca):
566	f2a86ca9	jim-p	$name = htmlspecialchars($ca['descr']);
567	81bfb231	jim-p
568			if($ca['prv']) {
569	44bcc1be	jim-p	$cainternal = "YES";
570	81bfb231	jim-p	} else
571	44bcc1be	jim-p	$cainternal = "NO";
572	81bfb231	jim-p	?>
573			<tr>
574			<td class="listlr" colspan="4">
575	0d15afff	Colin Fleming	<table border="0" cellpadding="0" cellspacing="0" summary="icon">
576	81bfb231	jim-p	<tr>
577	0d15afff	Colin Fleming	<td align="left" valign="middle">
578	81bfb231	jim-p	<img src="<?=$caimg;?>" alt="CA" title="CA" border="0" height="16" width="16" />
579			</td>
580			<td align="left" valign="middle">
581			<?=$name;?>
582			</td>
583			</tr>
584			</table>
585			</td>
586			<td class="list">
587	44bcc1be	jim-p	<?php if ($cainternal == "YES"): ?>
588	d5059f4c	bcyrill	<a href="system_crlmanager.php?act=new&caref=<?php echo $ca['refid']; ?>">
589	b1e4005f	Vinicius Coque	<img src="/themes/<?= $g['theme'];?>/images/icons/icon_plus.gif" title="<?php printf(gettext("Add or Import CRL for %s"),$ca['descr']);?>" alt="<?=gettext("add crl");?>" width="17" height="17" border="0" />
590	81bfb231	jim-p	</a>
591	44bcc1be	jim-p	<?php else: ?>
592	d5059f4c	bcyrill	<a href="system_crlmanager.php?act=new&caref=<?php echo $ca['refid']; ?>&importonly=yes">
593	b1e4005f	Vinicius Coque	<img src="/themes/<?= $g['theme'];?>/images/icons/icon_plus.gif" title="<?php printf(gettext("Import CRL for %s"),$ca['descr']);?>" alt="<?=gettext("add crl");?>" width="17" height="17" border="0" />
594	44bcc1be	jim-p	</a>
595			<?php endif; ?>
596	81bfb231	jim-p	</td>
597			</tr>
598
599			<?php
600			if (is_array($ca_crl_map[$ca['refid']])):
601			foreach($ca_crl_map[$ca['refid']] as $crl):
602			$tmpcrl = lookup_crl($crl);
603	ad8df715	jim-p	$internal = is_crl_internal($tmpcrl);
604			$inuse = crl_in_use($tmpcrl['refid']);
605	81bfb231	jim-p	?>
606			<tr>
607	f2a86ca9	jim-p	<td class="listlr"><?php echo $tmpcrl['descr']; ?></td>
608	ad8df715	jim-p	<td class="listr"><?php echo ($internal) ? "YES" : "NO"; ?></td>
609			<td class="listr"><?php echo ($internal) ? count($tmpcrl['cert']) : "Unknown (imported)"; ?></td>
610			<td class="listr"><?php echo ($inuse) ? "YES" : "NO"; ?></td>
611	0d15afff	Colin Fleming	<td valign="middle" class="list nowrap">
612			<a href="system_crlmanager.php?act=exp&id=<?=$tmpcrl['refid'];?>">
613	f2a86ca9	jim-p	<img src="/themes/<?= $g['theme'];?>/images/icons/icon_down.gif" title="<?=gettext("Export CRL") . " " . htmlspecialchars($tmpcrl['descr']);?>" alt="<?=gettext("Export CRL") . " " . htmlspecialchars($tmpcrl['descr']);?>" width="17" height="17" border="0" />
614	81bfb231	jim-p	</a>
615	28ff7ace	jim-p	<?php if ($internal): ?>
616	0d15afff	Colin Fleming	<a href="system_crlmanager.php?act=edit&id=<?=$tmpcrl['refid'];?>">
617	c1f95f5c	jim-p	<img src="/themes/<?= $g['theme'];?>/images/icons/icon_e.gif" title="<?=gettext("Edit CRL") . " " . htmlspecialchars($tmpcrl['descr']);?>" alt="<?=gettext("Edit CRL") . " " . htmlspecialchars($tmpcrl['descr']);?>" width="17" height="17" border="0" />
618	28ff7ace	jim-p	</a>
619	6f3d3a07	jim-p	<?php else: ?>
620	b3733e10	Colin Fleming	<a href="system_crlmanager.php?act=editimported&id=<?=$tmpcrl['refid'];?>">
621	6f3d3a07	jim-p	<img src="/themes/<?= $g['theme'];?>/images/icons/icon_e.gif" title="<?=gettext("Edit CRL") . " " . htmlspecialchars($tmpcrl['descr']);?>" alt="<?=gettext("Edit CRL") . " " . htmlspecialchars($tmpcrl['descr']);?>" width="17" height="17" border="0" />
622			</a>
623	28ff7ace	jim-p	<?php endif; ?>
624	ad8df715	jim-p	<?php if (!$inuse): ?>
625	0d15afff	Colin Fleming	<a href="system_crlmanager.php?act=del&id=<?=$tmpcrl['refid'];?>" onclick="return confirm('<?=gettext("Do you really want to delete this Certificate Revocation List?") . ' (' . htmlspecialchars($tmpcrl['descr']) . ')';?>')">
626	f2a86ca9	jim-p	<img src="/themes/<?= $g['theme'];?>/images/icons/icon_x.gif" title="<?=gettext("Delete CRL") . " " . htmlspecialchars($tmpcrl['descr']);?>" alt="<?=gettext("Delete CRL") . " " . htmlspecialchars($tmpcrl['descr']); ?>" width="17" height="17" border="0" />
627	81bfb231	jim-p	</a>
628	ad8df715	jim-p	<?php endif; ?>
629	81bfb231	jim-p	</td>
630			</tr>
631			<?php
632			$i++;
633			endforeach;
634			endif;
635			?>
636			<tr><td colspan="5"> </td></tr>
637			<?php
638			$i++;
639			endforeach;
640			?>
641			</tbody>
642			</table>
643
644			<?php endif; ?>
645
646			</div>
647			</td>
648			</tr>
649			</table>
650			<?php include("fend.inc");?>
651			<script type="text/javascript">
652	0d15afff	Colin Fleming	//<![CDATA[
653	81bfb231	jim-p
654			method_change();
655
656	0d15afff	Colin Fleming	//]]>
657	81bfb231	jim-p	</script>
658
659			</body>
660	e41ec584	Renato Botelho	</html>

Project

General

Profile

pfSense