/src/usr/local/www/system_crlmanager.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/src/usr/local/www/system_crlmanager.php @ 573ec19d

1	81bfb231	jim-p	<?php
2			/*
3	c5d81585	Renato Botelho	* system_crlmanager.php
4			*
5			* part of pfSense (https://www.pfsense.org)
6	38809d47	Renato Botelho do Couto	* Copyright (c) 2004-2013 BSD Perimeter
7			* Copyright (c) 2013-2016 Electric Sheep Fencing
8	0284d79e	jim-p	* Copyright (c) 2014-2020 Rubicon Communications, LLC (Netgate)
9	c5d81585	Renato Botelho	* All rights reserved.
10			*
11	b12ea3fb	Renato Botelho	* Licensed under the Apache License, Version 2.0 (the "License");
12			* you may not use this file except in compliance with the License.
13			* You may obtain a copy of the License at
14	c5d81585	Renato Botelho	*
15	b12ea3fb	Renato Botelho	* http://www.apache.org/licenses/LICENSE-2.0
16	c5d81585	Renato Botelho	*
17	b12ea3fb	Renato Botelho	* Unless required by applicable law or agreed to in writing, software
18			* distributed under the License is distributed on an "AS IS" BASIS,
19			* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
20			* See the License for the specific language governing permissions and
21			* limitations under the License.
22	3a9f3078	Stephen Beaver	*/
23	81bfb231	jim-p
24			##\|+PRIV
25			##\|*IDENT=page-system-crlmanager
26			##\|*NAME=System: CRL Manager
27			##\|*DESCR=Allow access to the 'System: CRL Manager' page.
28			##\|MATCH=system_crlmanager.php
29			##\|-PRIV
30
31	c81ef6e2	Phil Davis	require_once("guiconfig.inc");
32	81bfb231	jim-p	require_once("certs.inc");
33	0dea741f	Chris Buechler	require_once("openvpn.inc");
34	0661622a	doktornotor	require_once("pfsense-utils.inc");
35	0dea741f	Chris Buechler	require_once("vpn.inc");
36	81bfb231	jim-p
37	3a877e4a	jim-p	$max_lifetime = cert_get_max_lifetime();
38			$default_lifetime = min(9999, $max_lifetime);
39	9aa8f6a8	jim-p
40	fc54f29b	jim-p	global $openssl_crl_status;
41
42	81bfb231	jim-p	$crl_methods = array(
43			"internal" => gettext("Create an internal Certificate Revocation List"),
44			"existing" => gettext("Import an existing Certificate Revocation List"));
45
46	4611e283	Steve Beaver	if (isset($_REQUEST['id']) && ctype_alnum($_REQUEST['id'])) {
47			$id = $_REQUEST['id'];
48	56b1ed39	Phil Davis	}
49	81bfb231	jim-p
50	c6c398c6	jim-p	init_config_arr(array('ca'));
51			$a_ca = &$config['ca'];
52	81bfb231	jim-p
53	c6c398c6	jim-p	init_config_arr(array('cert'));
54			$a_cert = &$config['cert'];
55	81bfb231	jim-p
56	c6c398c6	jim-p	init_config_arr(array('crl'));
57			$a_crl = &$config['crl'];
58	81bfb231	jim-p
59	f0b38e39	jim-p	/* Clean up blank entries missing a reference ID */
60	56b1ed39	Phil Davis	foreach ($a_crl as $cid => $acrl) {
61			if (!isset($acrl['refid'])) {
62	c1f95f5c	jim-p	unset ($a_crl[$cid]);
63	56b1ed39	Phil Davis	}
64			}
65	c1f95f5c	jim-p
66	4611e283	Steve Beaver	$act = $_REQUEST['act'];
67	d565c182	Steve Beaver
68	a6487fc8	jim-p	$cacert_list = array();
69	81bfb231	jim-p
70	56b1ed39	Phil Davis	if (!empty($id)) {
71	c1f95f5c	jim-p	$thiscrl =& lookup_crl($id);
72	56b1ed39	Phil Davis	}
73	81bfb231	jim-p
74	7e83055a	jim-p	/* Actions other than 'new' require a CRL to act upon.
75			* 'del' action must be submitted via POST. */
76			if ((!empty($act) &&
77			($act != 'new') &&
78			!$thiscrl) \|\|
79			(($act == 'del') && empty($_POST))) {
80			pfSenseHeader("system_camanager.php");
81	c1f95f5c	jim-p	$act="";
82			$savemsg = gettext("Invalid CRL reference.");
83	61d1ca3e	Phil Davis	$class = "danger";
84	3a9f3078	Stephen Beaver	}
85	c1f95f5c	jim-p
86	7e83055a	jim-p	switch ($act) {
87			case 'del':
88			$name = htmlspecialchars($thiscrl['descr']);
89			if (crl_in_use($id)) {
90			$savemsg = sprintf(gettext("Certificate Revocation List %s is in use and cannot be deleted."), $name);
91			$class = "danger";
92			} else {
93			foreach ($a_crl as $cid => $acrl) {
94			if ($acrl['refid'] == $thiscrl['refid']) {
95			unset($a_crl[$cid]);
96			}
97	56b1ed39	Phil Davis	}
98	7e83055a	jim-p	write_config("Deleted CRL {$name}.");
99			$savemsg = sprintf(gettext("Certificate Revocation List %s successfully deleted."), $name);
100			$class = "success";
101	56b1ed39	Phil Davis	}
102	7e83055a	jim-p	break;
103			case 'new':
104			$pconfig['method'] = $_REQUEST['method'];
105			$pconfig['caref'] = $_REQUEST['caref'];
106			$pconfig['lifetime'] = $default_lifetime;
107			$pconfig['serial'] = "0";
108			$crlca =& lookup_ca($pconfig['caref']);
109			if (!$crlca) {
110			$input_errors[] = gettext('Invalid CA');
111			unset($act);
112	63fb68d7	jim-p	}
113	7e83055a	jim-p	break;
114			case 'addcert':
115			unset($input_errors);
116			$pconfig = $_REQUEST;
117			$revoke_list = array();
118	5b535261	jim-p	if (!$pconfig['crlref'] \|\| (!$pconfig['certref'] && (strlen($pconfig['revokeserial']) == 0))) {
119	7e83055a	jim-p	pfSenseHeader("system_crlmanager.php");
120			exit;
121			}
122			$crl =& lookup_crl($pconfig['crlref']);
123			if (!is_array($pconfig['certref'])) {
124			$pconfig['certref'] = array();
125			}
126			if (!is_crl_internal($crl)) {
127			$input_errors[] = gettext("Cannot revoke certificates for an imported/external CRL.");
128			}
129	47799389	Viktor G	if (!empty($pconfig['revokeserial'])) {
130			foreach (explode(' ', $pconfig['revokeserial']) as $serial) {
131			$vserial = cert_validate_serial($serial, true, true);
132			if ($vserial != null) {
133			$revoke_list[] = $vserial;
134			} else {
135			$input_errors[] = gettext("Invalid serial in list (Must be ASN.1 integer compatible decimal or hex string).");
136			}
137	7e83055a	jim-p	}
138			}
139	8471df75	Viktor G	if (empty($pconfig['certref']) && empty($revoke_list)) {
140			$input_errors[] = gettext("Select one or more certificates or enter a serial number to revoke.");
141			}
142			foreach ($pconfig['certref'] as $rcert) {
143			$cert = lookup_cert($rcert);
144			if ($crl['caref'] == $cert['caref']) {
145			$revoke_list[] = $cert;
146			} else {
147			$input_errors[] = gettext("CA mismatch between the Certificate and CRL. Unable to Revoke.");
148			}
149			}
150	7e83055a	jim-p	if (!$input_errors) {
151			$reason = (empty($pconfig['crlreason'])) ? 0 : $pconfig['crlreason'];
152			foreach ($revoke_list as $cert) {
153			cert_revoke($cert, $crl, $reason);
154			}
155			// refresh IPsec and OpenVPN CRLs
156			openvpn_refresh_crls();
157	c6220dcf	jim-p	ipsec_configure();
158	7e83055a	jim-p	write_config("Revoked certificate(s) in CRL {$crl['descr']}.");
159			pfSenseHeader("system_crlmanager.php");
160			exit;
161	63fb68d7	jim-p	} else {
162	7e83055a	jim-p	$act = 'edit';
163	63fb68d7	jim-p	}
164	7e83055a	jim-p	break;
165			case 'delcert':
166			if (!is_array($thiscrl['cert'])) {
167			pfSenseHeader("system_crlmanager.php");
168			exit;
169	63fb68d7	jim-p	}
170	7e83055a	jim-p	$found = false;
171			foreach ($thiscrl['cert'] as $acert) {
172			if ($acert['refid'] == $_REQUEST['certref']) {
173			$found = true;
174			$thiscert = $acert;
175			}
176	c1f95f5c	jim-p	}
177	7e83055a	jim-p	if (!$found) {
178			pfSenseHeader("system_crlmanager.php");
179			exit;
180			}
181			$certname = htmlspecialchars($thiscert['descr']);
182			$crlname = htmlspecialchars($thiscrl['descr']);
183			if (cert_unrevoke($thiscert, $thiscrl)) {
184			$savemsg = sprintf(gettext('Deleted Certificate %1$s from CRL %2$s.'), $certname, $crlname);
185			$class = "success";
186			// refresh IPsec and OpenVPN CRLs
187			openvpn_refresh_crls();
188	c6220dcf	jim-p	ipsec_configure();
189	7e83055a	jim-p	write_config($savemsg);
190			} else {
191			$savemsg = sprintf(gettext('Failed to delete Certificate %1$s from CRL %2$s.'), $certname, $crlname);
192			$class = "danger";
193			}
194			$act="edit";
195			break;
196			case 'exp':
197			/* Exporting the CRL contents*/
198			crl_update($thiscrl);
199			send_user_download('data', base64_decode($thiscrl['text']), "{$thiscrl['descr']}.crl");
200			break;
201			default:
202			break;
203	28ff7ace	jim-p	}
204
205	d565c182	Steve Beaver	if ($_POST['save']) {
206	234cde4b	jim-p	$input_errors = array();
207	81bfb231	jim-p	$pconfig = $_POST;
208
209			/* input validation */
210	6f3d3a07	jim-p	if (($pconfig['method'] == "existing") \|\| ($act == "editimported")) {
211	5293bfec	jim-p	$reqdfields = explode(" ", "descr crltext");
212	81bfb231	jim-p	$reqdfieldsn = array(
213	6c07db48	Phil Davis	gettext("Descriptive name"),
214			gettext("Certificate Revocation List data"));
215	81bfb231	jim-p	}
216			if ($pconfig['method'] == "internal") {
217	6c07db48	Phil Davis	$reqdfields = explode(" ", "descr caref");
218	81bfb231	jim-p	$reqdfieldsn = array(
219	6c07db48	Phil Davis	gettext("Descriptive name"),
220			gettext("Certificate Authority"));
221	81bfb231	jim-p	}
222
223	1e9b4611	Renato Botelho	do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors);
224	81bfb231	jim-p
225	234cde4b	jim-p	if (preg_match("/[\?\>\<\&\/\\\"\']/", $pconfig['descr'])) {
226			array_push($input_errors, "The field 'Descriptive Name' contains invalid characters.");
227			}
228	9aa8f6a8	jim-p	if ($pconfig['lifetime'] > $max_lifetime) {
229			$input_errors[] = gettext("Lifetime is longer than the maximum allowed value. Use a shorter lifetime.");
230			}
231	234cde4b	jim-p
232	5b535261	jim-p	if ((strlen($pconfig['serial']) > 0) && !cert_validate_serial($pconfig['serial'])) {
233	a6bd9e78	jim-p	$input_errors[] = gettext("Please enter a valid integer serial number.");
234			}
235
236	81bfb231	jim-p	/* save modifications */
237			if (!$input_errors) {
238			$result = false;
239
240	304af9d8	jim-p	if ($thiscrl) {
241	c1f95f5c	jim-p	$crl =& $thiscrl;
242	304af9d8	jim-p	} else {
243			$crl = array();
244			$crl['refid'] = uniqid();
245			}
246	81bfb231	jim-p
247	f2a86ca9	jim-p	$crl['descr'] = $pconfig['descr'];
248	6f3d3a07	jim-p	if ($act != "editimported") {
249			$crl['caref'] = $pconfig['caref'];
250			$crl['method'] = $pconfig['method'];
251			}
252	81bfb231	jim-p
253	6f3d3a07	jim-p	if (($pconfig['method'] == "existing") \|\| ($act == "editimported")) {
254	304af9d8	jim-p	$crl['text'] = base64_encode($pconfig['crltext']);
255	81bfb231	jim-p	}
256
257			if ($pconfig['method'] == "internal") {
258			$crl['serial'] = empty($pconfig['serial']) ? 9999 : $pconfig['serial'];
259	9aa8f6a8	jim-p	$crl['lifetime'] = empty($pconfig['lifetime']) ? $default_lifetime : $pconfig['lifetime'];
260	81bfb231	jim-p	$crl['cert'] = array();
261			}
262
263	56b1ed39	Phil Davis	if (!$thiscrl) {
264	81bfb231	jim-p	$a_crl[] = $crl;
265	56b1ed39	Phil Davis	}
266	81bfb231	jim-p
267	304af9d8	jim-p	write_config("Saved CRL {$crl['descr']}");
268	3a9f3078	Stephen Beaver	// refresh IPsec and OpenVPN CRLs
269	6f3d3a07	jim-p	openvpn_refresh_crls();
270	c6220dcf	jim-p	ipsec_configure();
271	81bfb231	jim-p	pfSenseHeader("system_crlmanager.php");
272			}
273			}
274
275	56c6b1cb	k-paulius	$pgtitle = array(gettext("System"), gettext("Certificate Manager"), gettext("Certificate Revocation"));
276	edcd7535	Phil Davis	$pglinks = array("", "system_camanager.php", "system_crlmanager.php");
277	56c6b1cb	k-paulius
278			if ($act == "new" \|\| $act == gettext("Save") \|\| $input_errors \|\| $act == "edit") {
279			$pgtitle[] = gettext('Edit');
280	edcd7535	Phil Davis	$pglinks[] = "@self";
281	56c6b1cb	k-paulius	}
282	81bfb231	jim-p	include("head.inc");
283			?>
284
285			<script type="text/javascript">
286	0d15afff	Colin Fleming	//<![CDATA[
287	81bfb231	jim-p
288			function method_change() {
289
290	44bcc1be	jim-p	method = document.iform.method.value;
291	81bfb231	jim-p
292			switch (method) {
293	44bcc1be	jim-p	case "internal":
294	81bfb231	jim-p	document.getElementById("existing").style.display="none";
295			document.getElementById("internal").style.display="";
296			break;
297	44bcc1be	jim-p	case "existing":
298	81bfb231	jim-p	document.getElementById("existing").style.display="";
299			document.getElementById("internal").style.display="none";
300			break;
301			}
302			}
303
304	0d15afff	Colin Fleming	//]]>
305	81bfb231	jim-p	</script>
306	f9ee8994	Stephen Beaver
307	81bfb231	jim-p	<?php
308	f9ee8994	Stephen Beaver
309	63fb68d7	jim-p	function build_method_list($importonly = false) {
310	bda120a4	Steve Beaver	global $_POST, $crl_methods;
311	3a9f3078	Stephen Beaver
312	f9ee8994	Stephen Beaver	$list = array();
313	3a9f3078	Stephen Beaver
314	78863416	Phil Davis	foreach ($crl_methods as $method => $desc) {
315	63fb68d7	jim-p	if ($importonly && ($method != "existing")) {
316	f9ee8994	Stephen Beaver	continue;
317	78863416	Phil Davis	}
318	3a9f3078	Stephen Beaver
319	f9ee8994	Stephen Beaver	$list[$method] = $desc;
320	3a9f3078	Stephen Beaver	}
321
322			return($list);
323	f9ee8994	Stephen Beaver	}
324
325			function build_ca_list() {
326			global $a_ca;
327	3a9f3078	Stephen Beaver
328	f9ee8994	Stephen Beaver	$list = array();
329	3a9f3078	Stephen Beaver
330	78863416	Phil Davis	foreach ($a_ca as $ca) {
331	f9ee8994	Stephen Beaver	$list[$ca['refid']] = $ca['descr'];
332	78863416	Phil Davis	}
333	f9ee8994	Stephen Beaver
334			return($list);
335			}
336
337			function build_cacert_list() {
338	a6487fc8	jim-p	global $a_cert, $crl, $id;
339	3a9f3078	Stephen Beaver
340	f9ee8994	Stephen Beaver	$list = array();
341	a6487fc8	jim-p	foreach ($a_cert as $cert) {
342			if ((isset($cert['caref']) && !empty($cert['caref'])) &&
343			($cert['caref'] == $crl['caref']) &&
344			!is_cert_revoked($cert, $id)) {
345			$list[$cert['refid']] = $cert['descr'];
346			}
347	78863416	Phil Davis	}
348	f9ee8994	Stephen Beaver
349			return($list);
350	3a9f3078	Stephen Beaver	}
351	f9ee8994	Stephen Beaver
352	78863416	Phil Davis	if ($input_errors) {
353	f9ee8994	Stephen Beaver	print_input_errors($input_errors);
354	78863416	Phil Davis	}
355	3a9f3078	Stephen Beaver
356	78863416	Phil Davis	if ($savemsg) {
357	61d1ca3e	Phil Davis	print_info_box($savemsg, $class);
358	78863416	Phil Davis	}
359	3a9f3078	Stephen Beaver
360	f9ee8994	Stephen Beaver	$tab_array = array();
361			$tab_array[] = array(gettext("CAs"), false, "system_camanager.php");
362			$tab_array[] = array(gettext("Certificates"), false, "system_certmanager.php");
363			$tab_array[] = array(gettext("Certificate Revocation"), true, "system_crlmanager.php");
364			display_top_tabs($tab_array);
365
366	63fb68d7	jim-p	if ($act == "new" \|\| $act == gettext("Save")) {
367	6216cd4f	Peter Feichtinger	$form = new Form();
368	3a9f3078	Stephen Beaver
369	6216cd4f	Peter Feichtinger	$section = new Form_Section('Create new Revocation List');
370	3a9f3078	Stephen Beaver
371	63fb68d7	jim-p	$section->addInput(new Form_StaticText(
372			'Certificate Authority',
373	4bdbb898	jim-p	$crlca['descr']
374	63fb68d7	jim-p	));
375
376	6216cd4f	Peter Feichtinger	if (!isset($id)) {
377	f9ee8994	Stephen Beaver	$section->addInput(new Form_Select(
378			'method',
379	153c3aa6	Phil Davis	'*Method',
380	f9ee8994	Stephen Beaver	$pconfig['method'],
381	63fb68d7	jim-p	build_method_list((!isset($crlca['prv']) \|\| empty($crlca['prv'])))
382	f9ee8994	Stephen Beaver	));
383			}
384	3a9f3078	Stephen Beaver
385	f9ee8994	Stephen Beaver	$section->addInput(new Form_Input(
386			'descr',
387	153c3aa6	Phil Davis	'*Descriptive name',
388	f9ee8994	Stephen Beaver	'text',
389			$pconfig['descr']
390			));
391
392	63fb68d7	jim-p	$form->addGlobal(new Form_Input(
393	f9ee8994	Stephen Beaver	'caref',
394	63fb68d7	jim-p	null,
395			'hidden',
396			$pconfig['caref']
397	f9ee8994	Stephen Beaver	));
398	3a9f3078	Stephen Beaver
399	f9ee8994	Stephen Beaver	$form->add($section);
400	3a9f3078	Stephen Beaver
401	f9ee8994	Stephen Beaver	$section = new Form_Section('Existing Certificate Revocation List');
402			$section->addClass('existing');
403	3a9f3078	Stephen Beaver
404	f9ee8994	Stephen Beaver	$section->addInput(new Form_Textarea(
405			'crltext',
406	153c3aa6	Phil Davis	'*CRL data',
407	f9ee8994	Stephen Beaver	$pconfig['crltext']
408			))->setHelp('Paste a Certificate Revocation List in X.509 CRL format here.');
409	3a9f3078	Stephen Beaver
410	f9ee8994	Stephen Beaver	$form->add($section);
411	3a9f3078	Stephen Beaver
412	f9ee8994	Stephen Beaver	$section = new Form_Section('Internal Certificate Revocation List');
413			$section->addClass('internal');
414	3a9f3078	Stephen Beaver
415	f9ee8994	Stephen Beaver	$section->addInput(new Form_Input(
416			'lifetime',
417			'Lifetime (Days)',
418			'number',
419			$pconfig['lifetime'],
420	9aa8f6a8	jim-p	['max' => $max_lifetime]
421	f9ee8994	Stephen Beaver	));
422	3a9f3078	Stephen Beaver
423	f9ee8994	Stephen Beaver	$section->addInput(new Form_Input(
424			'serial',
425			'Serial',
426			'number',
427			$pconfig['serial'],
428	3a877e4a	jim-p	['min' => '0']
429	f9ee8994	Stephen Beaver	));
430	3a9f3078	Stephen Beaver
431			$form->add($section);
432
433	f9ee8994	Stephen Beaver	if (isset($id) && $thiscrl) {
434	ee12dd78	Peter Feichtinger	$form->addGlobal(new Form_Input(
435	f9ee8994	Stephen Beaver	'id',
436			null,
437			'hidden',
438			$id
439	3a9f3078	Stephen Beaver	));
440	f9ee8994	Stephen Beaver	}
441	3a9f3078	Stephen Beaver
442	f9ee8994	Stephen Beaver	print($form);
443
444			} elseif ($act == "editimported") {
445	3a9f3078	Stephen Beaver
446	f9ee8994	Stephen Beaver	$form = new Form();
447	3a9f3078	Stephen Beaver
448			$section = new Form_Section('Edit Imported Certificate Revocation List');
449
450	f9ee8994	Stephen Beaver	$section->addInput(new Form_Input(
451			'descr',
452	153c3aa6	Phil Davis	'*Descriptive name',
453	f9ee8994	Stephen Beaver	'text',
454			$pconfig['descr']
455			));
456	3a9f3078	Stephen Beaver
457	f9ee8994	Stephen Beaver	$section->addInput(new Form_Textarea(
458			'crltext',
459	153c3aa6	Phil Davis	'*CRL data',
460	f9ee8994	Stephen Beaver	$pconfig['crltext']
461			))->setHelp('Paste a Certificate Revocation List in X.509 CRL format here.');
462	3a9f3078	Stephen Beaver
463	ee12dd78	Peter Feichtinger	$form->addGlobal(new Form_Input(
464	f9ee8994	Stephen Beaver	'id',
465			null,
466			'hidden',
467			$id
468			));
469	3a9f3078	Stephen Beaver
470	ee12dd78	Peter Feichtinger	$form->addGlobal(new Form_Input(
471	f9ee8994	Stephen Beaver	'act',
472			null,
473			'hidden',
474			'editimported'
475			));
476	3a9f3078	Stephen Beaver
477	f9ee8994	Stephen Beaver	$form->add($section);
478	3a9f3078	Stephen Beaver
479	f9ee8994	Stephen Beaver	print($form);
480	3a9f3078	Stephen Beaver
481	f9ee8994	Stephen Beaver	} elseif ($act == "edit") {
482			$crl = $thiscrl;
483	3a9f3078	Stephen Beaver
484	f9ee8994	Stephen Beaver	$form = new Form(false);
485	81bfb231	jim-p	?>
486	3a9f3078	Stephen Beaver
487	f9ee8994	Stephen Beaver	<div class="panel panel-default">
488	a6487fc8	jim-p	<div class="panel-heading"><h2 class="panel-title"><?=gettext("Revoked Certificates in CRL") . ': ' . $crl['descr']?></h2></div>
489	f9ee8994	Stephen Beaver	<div class="panel-body table-responsive">
490	3a9f3078	Stephen Beaver	<?php
491	78863416	Phil Davis	if (!is_array($crl['cert']) \|\| (count($crl['cert']) == 0)) {
492	8545adde	k-paulius	print_info_box(gettext("No certificates found for this CRL."), 'danger');
493	78863416	Phil Davis	} else {
494	3a9f3078	Stephen Beaver	?>
495	63fb68d7	jim-p	<table class="table table-striped table-hover table-condensed sortable-theme-bootstrap" data-sortable>
496	f9ee8994	Stephen Beaver	<thead>
497	fc54f29b	jim-p	<tr>
498	63fb68d7	jim-p	<th><?=gettext("Serial")?></th>
499	f9ee8994	Stephen Beaver	<th><?=gettext("Certificate Name")?></th>
500			<th><?=gettext("Revocation Reason")?></th>
501			<th><?=gettext("Revoked At")?></th>
502			<th></th>
503	28ff7ace	jim-p	</tr>
504	f9ee8994	Stephen Beaver	</thead>
505			<tbody>
506	3a9f3078	Stephen Beaver	<?php
507	78863416	Phil Davis	foreach ($crl['cert'] as $i => $cert):
508	63fb68d7	jim-p	$name = empty($cert['descr']) ? gettext('Revoked by Serial') : htmlspecialchars($cert['descr']);
509			$serial = crl_get_entry_serial($cert);
510	5b535261	jim-p	if (strlen($serial) == 0) {
511	63fb68d7	jim-p	$serial = gettext("Invalid");
512			} ?>
513	28ff7ace	jim-p	<tr>
514	63fb68d7	jim-p	<td><?=htmlspecialchars($serial);?></td>
515			<td><?=$name; ?></td>
516			<td><?=$openssl_crl_status[$cert['reason']]; ?></td>
517			<td><?=date("D M j G:i:s T Y", $cert['revoke_time']); ?></td>
518	28ff7ace	jim-p	<td class="list">
519	d565c182	Steve Beaver	<a href="system_crlmanager.php?act=delcert&id=<?=$crl['refid']; ?>&certref=<?=$cert['refid']; ?>" usepost>
520	15b6dcac	jim-p	<i class="fa fa-trash" title="<?=gettext("Delete this certificate from the CRL")?>" alt="<?=gettext("Delete this certificate from the CRL")?>"></i>
521	28ff7ace	jim-p	</a>
522			</td>
523			</tr>
524	f9ee8994	Stephen Beaver	<?php
525			endforeach;
526			?>
527			</tbody>
528			</table>
529	f6fac5ac	Phil Davis	<?php
530			}
531			?>
532	f9ee8994	Stephen Beaver	</div>
533			</div>
534			<?php
535
536	a6487fc8	jim-p	$section = new Form_Section('Revoke Certificates');
537	3a9f3078	Stephen Beaver
538	a6487fc8	jim-p	$section->addInput(new Form_Select(
539			'crlreason',
540			'Reason',
541			-1,
542			$openssl_crl_status
543			))->setHelp('Select the reason for which the certificates are being revoked.');
544
545			$cacert_list = build_cacert_list();
546			if (count($cacert_list) == 0) {
547	8545adde	k-paulius	print_info_box(gettext("No certificates found for this CA."), 'danger');
548	f6fac5ac	Phil Davis	} else {
549	63fb68d7	jim-p	$section->addInput(new Form_Select(
550			'certref',
551			'Revoke Certificates',
552			$pconfig['certref'],
553			$cacert_list,
554			true
555			))->addClass('multiselect')
556			->setHelp('Hold down CTRL (PC)/COMMAND (Mac) key to select multiple items.');
557	a6487fc8	jim-p	}
558	63fb68d7	jim-p
559	a6487fc8	jim-p	$section->addInput(new Form_Input(
560			'revokeserial',
561			'Revoke by Serial',
562			'text',
563			$pconfig['revokeserial']
564			))->setHelp('List of certificate serial numbers to revoke (separated by spaces)');
565	63fb68d7	jim-p
566	a6487fc8	jim-p	$form->addGlobal(new Form_Button(
567			'submit',
568			'Add',
569			null,
570			'fa-plus'
571			))->addClass('btn-success btn-sm');
572	3a9f3078	Stephen Beaver
573	a6487fc8	jim-p	$form->addGlobal(new Form_Input(
574			'id',
575			null,
576			'hidden',
577			$crl['refid']
578			));
579	3a9f3078	Stephen Beaver
580	a6487fc8	jim-p	$form->addGlobal(new Form_Input(
581			'act',
582			null,
583			'hidden',
584			'addcert'
585			));
586	3a9f3078	Stephen Beaver
587	a6487fc8	jim-p	$form->addGlobal(new Form_Input(
588			'crlref',
589			null,
590			'hidden',
591			$crl['refid']
592			));
593	3a9f3078	Stephen Beaver
594	a6487fc8	jim-p	$form->add($section);
595	3a9f3078	Stephen Beaver
596	f9ee8994	Stephen Beaver	print($form);
597			} else {
598			?>
599
600			<div class="panel panel-default">
601	63fb68d7	jim-p	<div class="panel-heading"><h2 class="panel-title"><?=gettext("Certificate Revocation Lists")?></h2></div>
602	f9ee8994	Stephen Beaver	<div class="panel-body table-responsive">
603	1c10ce97	PiBa-NL	<table class="table table-striped table-hover table-condensed table-rowdblclickedit">
604	f9ee8994	Stephen Beaver	<thead>
605	0d15afff	Colin Fleming	<tr>
606	63fb68d7	jim-p	<th><?=gettext("CA")?></th>
607	f9ee8994	Stephen Beaver	<th><?=gettext("Name")?></th>
608			<th><?=gettext("Internal")?></th>
609			<th><?=gettext("Certificates")?></th>
610			<th><?=gettext("In Use")?></th>
611	b1466a09	Phil Davis	<th><?=gettext("Actions")?></th>
612	0d15afff	Colin Fleming	</tr>
613	f9ee8994	Stephen Beaver	</thead>
614			<tbody>
615			<?php
616	3bde5cdd	PiBa-NL	$pluginparams = array();
617			$pluginparams['type'] = 'certificates';
618			$pluginparams['event'] = 'used_crl';
619			$certificates_used_by_packages = pkg_call_plugins('plugin_certificates', $pluginparams);
620	f9ee8994	Stephen Beaver	// Map CRLs to CAs in one pass
621			$ca_crl_map = array();
622	78863416	Phil Davis	foreach ($a_crl as $crl) {
623	f9ee8994	Stephen Beaver	$ca_crl_map[$crl['caref']][] = $crl['refid'];
624	78863416	Phil Davis	}
625	f9ee8994	Stephen Beaver
626			$i = 0;
627	78863416	Phil Davis	foreach ($a_ca as $ca):
628	63fb68d7	jim-p	$caname = htmlspecialchars($ca['descr']);
629	f9ee8994	Stephen Beaver	if (is_array($ca_crl_map[$ca['refid']])):
630	78863416	Phil Davis	foreach ($ca_crl_map[$ca['refid']] as $crl):
631	f9ee8994	Stephen Beaver	$tmpcrl = lookup_crl($crl);
632			$internal = is_crl_internal($tmpcrl);
633	d9064f0b	jim-p	if ($internal && (!isset($tmpcrl['cert']) \|\| empty($tmpcrl['cert'])) ) {
634			$tmpcrl['cert'] = array();
635			}
636	f9ee8994	Stephen Beaver	$inuse = crl_in_use($tmpcrl['refid']);
637			?>
638	81bfb231	jim-p	<tr>
639	63fb68d7	jim-p	<td><?=$caname?></td>
640	f9ee8994	Stephen Beaver	<td><?=$tmpcrl['descr']; ?></td>
641	ce883f9f	jim-p	<td><i class="fa fa-<?=($internal) ? "check" : "times"; ?>"></i></td>
642	f9ee8994	Stephen Beaver	<td><?=($internal) ? count($tmpcrl['cert']) : "Unknown (imported)"; ?></td>
643	3bde5cdd	PiBa-NL	<td><i class="fa fa-<?=($inuse) ? "check" : "times"; ?>"></i>
644			<?php echo cert_usedby_description($tmpcrl['refid'], $certificates_used_by_packages); ?>
645			</td>
646	f9ee8994	Stephen Beaver	<td>
647	4611e283	Steve Beaver	<a href="system_crlmanager.php?act=exp&id=<?=$tmpcrl['refid']?>" class="fa fa-download" title="<?=gettext("Export CRL")?>" ></a>
648	3a9f3078	Stephen Beaver	<?php
649	f9ee8994	Stephen Beaver	if ($internal): ?>
650	4611e283	Steve Beaver	<a href="system_crlmanager.php?act=edit&id=<?=$tmpcrl['refid']?>" class="fa fa-pencil" title="<?=gettext("Edit CRL")?>"></a>
651	3a9f3078	Stephen Beaver	<?php
652	78863416	Phil Davis	else:
653			?>
654	4611e283	Steve Beaver	<a href="system_crlmanager.php?act=editimported&id=<?=$tmpcrl['refid']?>" class="fa fa-pencil" title="<?=gettext("Edit CRL")?>"></a>
655	3a9f3078	Stephen Beaver	<?php endif;
656	78863416	Phil Davis	if (!$inuse):
657			?>
658	d565c182	Steve Beaver	<a href="system_crlmanager.php?act=del&id=<?=$tmpcrl['refid']?>" class="fa fa-trash" title="<?=gettext("Delete CRL")?>" usepost></a>
659	3a9f3078	Stephen Beaver	<?php
660	78863416	Phil Davis	endif;
661			?>
662	81bfb231	jim-p	</td>
663			</tr>
664	f9ee8994	Stephen Beaver	<?php
665			$i++;
666			endforeach;
667			endif;
668			$i++;
669			endforeach;
670	3a9f3078	Stephen Beaver	?>
671	f9ee8994	Stephen Beaver	</tbody>
672			</table>
673			</div>
674			</div>
675	3a9f3078	Stephen Beaver
676			<?php
677	63fb68d7	jim-p	$form = new Form(false);
678			$section = new Form_Section('Create or Import a New Certificate Revocation List');
679			$group = new Form_Group(null);
680			$group->add(new Form_Select(
681			'caref',
682			'Certificate Authority',
683			null,
684			build_ca_list()
685			))->setHelp('Select a Certificate Authority for the new CRL');
686			$group->add(new Form_Button(
687			'submit',
688			'Add',
689			null,
690			'fa-plus'
691			))->addClass('btn-success btn-sm');
692			$section->add($group);
693			$form->addGlobal(new Form_Input(
694			'act',
695			null,
696			'hidden',
697			'new'
698			));
699			$form->add($section);
700			print($form);
701	f9ee8994	Stephen Beaver	}
702	63fb68d7	jim-p
703	f9ee8994	Stephen Beaver	?>
704	81bfb231	jim-p
705	46345696	Colin Fleming	<script type="text/javascript">
706	3a9f3078	Stephen Beaver	//<![CDATA[
707	78863416	Phil Davis	events.push(function() {
708	3a9f3078	Stephen Beaver
709			// Hides all elements of the specified class. This will usually be a section or group
710			function hideClass(s_class, hide) {
711	78863416	Phil Davis	if (hide) {
712	3a9f3078	Stephen Beaver	$('.' + s_class).hide();
713	78863416	Phil Davis	} else {
714	3a9f3078	Stephen Beaver	$('.' + s_class).show();
715	78863416	Phil Davis	}
716	3a9f3078	Stephen Beaver	}
717
718			// When the 'method" selector is changed, we show/hide certain sections
719			$('#method').on('change', function() {
720			hideClass('internal', ($('#method').val() == 'existing'));
721			hideClass('existing', ($('#method').val() == 'internal'));
722			});
723
724	f9ee8994	Stephen Beaver	hideClass('internal', ($('#method').val() == 'existing'));
725			hideClass('existing', ($('#method').val() == 'internal'));
726	63fb68d7	jim-p	$('.multiselect').attr("size","<?= max(3, min(15, count($cacert_list))) ?>");
727	f9ee8994	Stephen Beaver	});
728	3a9f3078	Stephen Beaver	//]]>
729	81bfb231	jim-p	</script>
730
731	f9ee8994	Stephen Beaver	<?php include("foot.inc");

Project

General

Profile

pfSense