/src/usr/local/www/system_crlmanager.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/src/usr/local/www/system_crlmanager.php @ 58325912

1	81bfb231	jim-p	<?php
2			/*
3	c5d81585	Renato Botelho	* system_crlmanager.php
4			*
5			* part of pfSense (https://www.pfsense.org)
6	81299b5c	Renato Botelho	* Copyright (c) 2004-2016 Rubicon Communications, LLC (Netgate)
7	c5d81585	Renato Botelho	* All rights reserved.
8			*
9	b12ea3fb	Renato Botelho	* Licensed under the Apache License, Version 2.0 (the "License");
10			* you may not use this file except in compliance with the License.
11			* You may obtain a copy of the License at
12	c5d81585	Renato Botelho	*
13	b12ea3fb	Renato Botelho	* http://www.apache.org/licenses/LICENSE-2.0
14	c5d81585	Renato Botelho	*
15	b12ea3fb	Renato Botelho	* Unless required by applicable law or agreed to in writing, software
16			* distributed under the License is distributed on an "AS IS" BASIS,
17			* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
18			* See the License for the specific language governing permissions and
19			* limitations under the License.
20	3a9f3078	Stephen Beaver	*/
21	81bfb231	jim-p
22			##\|+PRIV
23			##\|*IDENT=page-system-crlmanager
24			##\|*NAME=System: CRL Manager
25			##\|*DESCR=Allow access to the 'System: CRL Manager' page.
26			##\|MATCH=system_crlmanager.php
27			##\|-PRIV
28
29	c81ef6e2	Phil Davis	require_once("guiconfig.inc");
30	81bfb231	jim-p	require_once("certs.inc");
31	0dea741f	Chris Buechler	require_once("openvpn.inc");
32			require_once("vpn.inc");
33	81bfb231	jim-p
34	fc54f29b	jim-p	global $openssl_crl_status;
35
36	81bfb231	jim-p	$crl_methods = array(
37			"internal" => gettext("Create an internal Certificate Revocation List"),
38			"existing" => gettext("Import an existing Certificate Revocation List"));
39
40	56b1ed39	Phil Davis	if (ctype_alnum($_GET['id'])) {
41	e41ec584	Renato Botelho	$id = $_GET['id'];
42	56b1ed39	Phil Davis	}
43			if (isset($_POST['id']) && ctype_alnum($_POST['id'])) {
44	81bfb231	jim-p	$id = $_POST['id'];
45	56b1ed39	Phil Davis	}
46	81bfb231	jim-p
47	56b1ed39	Phil Davis	if (!is_array($config['ca'])) {
48	81bfb231	jim-p	$config['ca'] = array();
49	56b1ed39	Phil Davis	}
50	81bfb231	jim-p
51			$a_ca =& $config['ca'];
52
53	56b1ed39	Phil Davis	if (!is_array($config['cert'])) {
54	81bfb231	jim-p	$config['cert'] = array();
55	56b1ed39	Phil Davis	}
56	81bfb231	jim-p
57			$a_cert =& $config['cert'];
58
59	56b1ed39	Phil Davis	if (!is_array($config['crl'])) {
60	81bfb231	jim-p	$config['crl'] = array();
61	56b1ed39	Phil Davis	}
62	81bfb231	jim-p
63			$a_crl =& $config['crl'];
64
65	56b1ed39	Phil Davis	foreach ($a_crl as $cid => $acrl) {
66			if (!isset($acrl['refid'])) {
67	c1f95f5c	jim-p	unset ($a_crl[$cid]);
68	56b1ed39	Phil Davis	}
69			}
70	c1f95f5c	jim-p
71	81bfb231	jim-p	$act = $_GET['act'];
72	56b1ed39	Phil Davis	if ($_POST['act']) {
73	81bfb231	jim-p	$act = $_POST['act'];
74	56b1ed39	Phil Davis	}
75	81bfb231	jim-p
76	56b1ed39	Phil Davis	if (!empty($id)) {
77	c1f95f5c	jim-p	$thiscrl =& lookup_crl($id);
78	56b1ed39	Phil Davis	}
79	81bfb231	jim-p
80	c1f95f5c	jim-p	// If we were given an invalid crlref in the id, no sense in continuing as it would only cause errors.
81			if (!$thiscrl && (($act != "") && ($act != "new"))) {
82			pfSenseHeader("system_crlmanager.php");
83			$act="";
84			$savemsg = gettext("Invalid CRL reference.");
85	3a9f3078	Stephen Beaver	}
86	c1f95f5c	jim-p
87			if ($act == "del") {
88	234cde4b	jim-p	$name = htmlspecialchars($thiscrl['descr']);
89	c1f95f5c	jim-p	if (crl_in_use($id)) {
90	8545adde	k-paulius	$savemsg = sprintf(gettext("Certificate Revocation List %s is in use and cannot be deleted."), $name);
91	ad8df715	jim-p	} else {
92	56b1ed39	Phil Davis	foreach ($a_crl as $cid => $acrl) {
93			if ($acrl['refid'] == $thiscrl['refid']) {
94	c1f95f5c	jim-p	unset($a_crl[$cid]);
95	56b1ed39	Phil Davis	}
96			}
97	ad08687b	jim-p	write_config("Deleted CRL {$name}.");
98	8545adde	k-paulius	$savemsg = sprintf(gettext("Certificate Revocation List %s successfully deleted."), $name);
99	ad8df715	jim-p	}
100	81bfb231	jim-p	}
101
102			if ($act == "new") {
103			$pconfig['method'] = $_GET['method'];
104			$pconfig['caref'] = $_GET['caref'];
105			$pconfig['lifetime'] = "9999";
106			$pconfig['serial'] = "0";
107			}
108
109			if ($act == "exp") {
110	45508803	jim-p	crl_update($thiscrl);
111	c1f95f5c	jim-p	$exp_name = urlencode("{$thiscrl['descr']}.crl");
112			$exp_data = base64_decode($thiscrl['text']);
113	81bfb231	jim-p	$exp_size = strlen($exp_data);
114
115			header("Content-Type: application/octet-stream");
116			header("Content-Disposition: attachment; filename={$exp_name}");
117			header("Content-Length: $exp_size");
118			echo $exp_data;
119			exit;
120			}
121
122	28ff7ace	jim-p	if ($act == "addcert") {
123			if ($_POST) {
124			unset($input_errors);
125			$pconfig = $_POST;
126
127			if (!$pconfig['crlref'] \|\| !$pconfig['certref']) {
128			pfSenseHeader("system_crlmanager.php");
129			exit;
130			}
131
132			// certref, crlref
133			$crl =& lookup_crl($pconfig['crlref']);
134			$cert = lookup_cert($pconfig['certref']);
135
136			if (!$crl['caref'] \|\| !$cert['caref']) {
137			$input_errors[] = gettext("Both the Certificate and CRL must be specified.");
138			}
139
140			if ($crl['caref'] != $cert['caref']) {
141			$input_errors[] = gettext("CA mismatch between the Certificate and CRL. Unable to Revoke.");
142			}
143			if (!is_crl_internal($crl)) {
144			$input_errors[] = gettext("Cannot revoke certificates for an imported/external CRL.");
145			}
146
147			if (!$input_errors) {
148	fc54f29b	jim-p	$reason = (empty($pconfig['crlreason'])) ? OCSP_REVOKED_STATUS_UNSPECIFIED : $pconfig['crlreason'];
149			cert_revoke($cert, $crl, $reason);
150	3a9f3078	Stephen Beaver	// refresh IPsec and OpenVPN CRLs
151	8e022a76	jim-p	openvpn_refresh_crls();
152	6141f51a	Chris Buechler	vpn_ipsec_configure();
153	cfcc6994	jim-p	write_config("Revoked cert {$cert['descr']} in CRL {$crl['descr']}.");
154	28ff7ace	jim-p	pfSenseHeader("system_crlmanager.php");
155	ad08687b	jim-p	exit;
156	28ff7ace	jim-p	}
157			}
158			}
159
160			if ($act == "delcert") {
161	c1f95f5c	jim-p	if (!is_array($thiscrl['cert'])) {
162	28ff7ace	jim-p	pfSenseHeader("system_crlmanager.php");
163			exit;
164			}
165	c1f95f5c	jim-p	$found = false;
166			foreach ($thiscrl['cert'] as $acert) {
167			if ($acert['refid'] == $_GET['certref']) {
168			$found = true;
169			$thiscert = $acert;
170			}
171			}
172			if (!$found) {
173			pfSenseHeader("system_crlmanager.php");
174			exit;
175			}
176	234cde4b	jim-p	$certname = htmlspecialchars($thiscert['descr']);
177			$crlname = htmlspecialchars($thiscrl['descr']);
178	c1f95f5c	jim-p	if (cert_unrevoke($thiscert, $thiscrl)) {
179	8545adde	k-paulius	$savemsg = sprintf(gettext("Deleted Certificate %s from CRL %s."), $certname, $crlname);
180	3a9f3078	Stephen Beaver	// refresh IPsec and OpenVPN CRLs
181	c1f95f5c	jim-p	openvpn_refresh_crls();
182	6141f51a	Chris Buechler	vpn_ipsec_configure();
183	762faef5	Phil Davis	write_config($savemsg);
184	c1f95f5c	jim-p	} else {
185	8545adde	k-paulius	$savemsg = sprintf(gettext("Failed to delete Certificate %s from CRL %s."), $certname, $crlname);
186	c1f95f5c	jim-p	}
187			$act="edit";
188	28ff7ace	jim-p	}
189
190	81bfb231	jim-p	if ($_POST) {
191	234cde4b	jim-p	$input_errors = array();
192	81bfb231	jim-p	$pconfig = $_POST;
193
194			/* input validation */
195	6f3d3a07	jim-p	if (($pconfig['method'] == "existing") \|\| ($act == "editimported")) {
196	5293bfec	jim-p	$reqdfields = explode(" ", "descr crltext");
197	81bfb231	jim-p	$reqdfieldsn = array(
198	6c07db48	Phil Davis	gettext("Descriptive name"),
199			gettext("Certificate Revocation List data"));
200	81bfb231	jim-p	}
201			if ($pconfig['method'] == "internal") {
202	6c07db48	Phil Davis	$reqdfields = explode(" ", "descr caref");
203	81bfb231	jim-p	$reqdfieldsn = array(
204	6c07db48	Phil Davis	gettext("Descriptive name"),
205			gettext("Certificate Authority"));
206	81bfb231	jim-p	}
207
208	1e9b4611	Renato Botelho	do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors);
209	81bfb231	jim-p
210	234cde4b	jim-p	if (preg_match("/[\?\>\<\&\/\\\"\']/", $pconfig['descr'])) {
211			array_push($input_errors, "The field 'Descriptive Name' contains invalid characters.");
212			}
213
214	81bfb231	jim-p	/* save modifications */
215			if (!$input_errors) {
216			$result = false;
217
218	304af9d8	jim-p	if ($thiscrl) {
219	c1f95f5c	jim-p	$crl =& $thiscrl;
220	304af9d8	jim-p	} else {
221			$crl = array();
222			$crl['refid'] = uniqid();
223			}
224	81bfb231	jim-p
225	f2a86ca9	jim-p	$crl['descr'] = $pconfig['descr'];
226	6f3d3a07	jim-p	if ($act != "editimported") {
227			$crl['caref'] = $pconfig['caref'];
228			$crl['method'] = $pconfig['method'];
229			}
230	81bfb231	jim-p
231	6f3d3a07	jim-p	if (($pconfig['method'] == "existing") \|\| ($act == "editimported")) {
232	304af9d8	jim-p	$crl['text'] = base64_encode($pconfig['crltext']);
233	81bfb231	jim-p	}
234
235			if ($pconfig['method'] == "internal") {
236			$crl['serial'] = empty($pconfig['serial']) ? 9999 : $pconfig['serial'];
237			$crl['lifetime'] = empty($pconfig['lifetime']) ? 9999 : $pconfig['lifetime'];
238			$crl['cert'] = array();
239			}
240
241	56b1ed39	Phil Davis	if (!$thiscrl) {
242	81bfb231	jim-p	$a_crl[] = $crl;
243	56b1ed39	Phil Davis	}
244	81bfb231	jim-p
245	304af9d8	jim-p	write_config("Saved CRL {$crl['descr']}");
246	3a9f3078	Stephen Beaver	// refresh IPsec and OpenVPN CRLs
247	6f3d3a07	jim-p	openvpn_refresh_crls();
248	6141f51a	Chris Buechler	vpn_ipsec_configure();
249	81bfb231	jim-p	pfSenseHeader("system_crlmanager.php");
250			}
251			}
252
253	56c6b1cb	k-paulius	$pgtitle = array(gettext("System"), gettext("Certificate Manager"), gettext("Certificate Revocation"));
254
255			if ($act == "new" \|\| $act == gettext("Save") \|\| $input_errors \|\| $act == "edit") {
256			$pgtitle[] = gettext('Edit');
257			}
258	81bfb231	jim-p	include("head.inc");
259			?>
260
261			<script type="text/javascript">
262	0d15afff	Colin Fleming	//<![CDATA[
263	81bfb231	jim-p
264			function method_change() {
265
266	44bcc1be	jim-p	method = document.iform.method.value;
267	81bfb231	jim-p
268			switch (method) {
269	44bcc1be	jim-p	case "internal":
270	81bfb231	jim-p	document.getElementById("existing").style.display="none";
271			document.getElementById("internal").style.display="";
272			break;
273	44bcc1be	jim-p	case "existing":
274	81bfb231	jim-p	document.getElementById("existing").style.display="";
275			document.getElementById("internal").style.display="none";
276			break;
277			}
278			}
279
280	0d15afff	Colin Fleming	//]]>
281	81bfb231	jim-p	</script>
282	f9ee8994	Stephen Beaver
283	81bfb231	jim-p	<?php
284	f9ee8994	Stephen Beaver
285			function build_method_list() {
286			global $_GET, $crl_methods;
287	3a9f3078	Stephen Beaver
288	f9ee8994	Stephen Beaver	$list = array();
289	3a9f3078	Stephen Beaver
290	78863416	Phil Davis	foreach ($crl_methods as $method => $desc) {
291			if (($_GET['importonly'] == "yes") && ($method != "existing")) {
292	f9ee8994	Stephen Beaver	continue;
293	78863416	Phil Davis	}
294	3a9f3078	Stephen Beaver
295	f9ee8994	Stephen Beaver	$list[$method] = $desc;
296	3a9f3078	Stephen Beaver	}
297
298			return($list);
299	f9ee8994	Stephen Beaver	}
300
301			function build_ca_list() {
302			global $a_ca;
303	3a9f3078	Stephen Beaver
304	f9ee8994	Stephen Beaver	$list = array();
305	3a9f3078	Stephen Beaver
306	78863416	Phil Davis	foreach ($a_ca as $ca) {
307	f9ee8994	Stephen Beaver	$list[$ca['refid']] = $ca['descr'];
308	78863416	Phil Davis	}
309	f9ee8994	Stephen Beaver
310			return($list);
311			}
312
313			function build_cacert_list() {
314			global $ca_certs;
315	3a9f3078	Stephen Beaver
316	f9ee8994	Stephen Beaver	$list = array();
317
318	9d3e8723	Phil Davis	foreach ($ca_certs as $cert) {
319	3a9f3078	Stephen Beaver	$list[$cert['refid']] = $cert['descr'];
320	78863416	Phil Davis	}
321	f9ee8994	Stephen Beaver
322			return($list);
323	3a9f3078	Stephen Beaver	}
324	f9ee8994	Stephen Beaver
325	78863416	Phil Davis	if ($input_errors) {
326	f9ee8994	Stephen Beaver	print_input_errors($input_errors);
327	78863416	Phil Davis	}
328	3a9f3078	Stephen Beaver
329	78863416	Phil Davis	if ($savemsg) {
330	1f70d78c	NewEraCracker	print_info_box($savemsg, 'success');
331	78863416	Phil Davis	}
332	3a9f3078	Stephen Beaver
333	f9ee8994	Stephen Beaver	$tab_array = array();
334			$tab_array[] = array(gettext("CAs"), false, "system_camanager.php");
335			$tab_array[] = array(gettext("Certificates"), false, "system_certmanager.php");
336			$tab_array[] = array(gettext("Certificate Revocation"), true, "system_crlmanager.php");
337			display_top_tabs($tab_array);
338
339			if ($act == "new" \|\| $act == gettext("Save") \|\| $input_errors) {
340			if (!isset($id)) {
341			$form = new Form();
342	3a9f3078	Stephen Beaver
343	5f88f964	k-paulius	$section = new Form_Section('Create new Revocation List');
344	3a9f3078	Stephen Beaver
345	f9ee8994	Stephen Beaver	$section->addInput(new Form_Select(
346			'method',
347			'Method',
348			$pconfig['method'],
349			build_method_list()
350			));
351	3a9f3078	Stephen Beaver
352	f9ee8994	Stephen Beaver	}
353	3a9f3078	Stephen Beaver
354	f9ee8994	Stephen Beaver	$section->addInput(new Form_Input(
355			'descr',
356			'Descriptive name',
357			'text',
358			$pconfig['descr']
359			));
360
361			$section->addInput(new Form_Select(
362			'caref',
363			'Certificate Authority',
364			$pconfig['caref'],
365			build_ca_list()
366			));
367	3a9f3078	Stephen Beaver
368	f9ee8994	Stephen Beaver	$form->add($section);
369	3a9f3078	Stephen Beaver
370	f9ee8994	Stephen Beaver	$section = new Form_Section('Existing Certificate Revocation List');
371			$section->addClass('existing');
372	3a9f3078	Stephen Beaver
373	f9ee8994	Stephen Beaver	$section->addInput(new Form_Textarea(
374			'crltext',
375			'CRL data',
376			$pconfig['crltext']
377			))->setHelp('Paste a Certificate Revocation List in X.509 CRL format here.');
378	3a9f3078	Stephen Beaver
379	f9ee8994	Stephen Beaver	$form->add($section);
380	3a9f3078	Stephen Beaver
381	f9ee8994	Stephen Beaver	$section = new Form_Section('Internal Certificate Revocation List');
382			$section->addClass('internal');
383	3a9f3078	Stephen Beaver
384	f9ee8994	Stephen Beaver	$section->addInput(new Form_Input(
385			'lifetime',
386			'Lifetime (Days)',
387			'number',
388			$pconfig['lifetime'],
389			[max => '9999']
390			));
391	3a9f3078	Stephen Beaver
392	f9ee8994	Stephen Beaver	$section->addInput(new Form_Input(
393			'serial',
394			'Serial',
395			'number',
396			$pconfig['serial'],
397	d0c62202	BBcan177	['min' => '0', 'max' => '9999']
398	f9ee8994	Stephen Beaver	));
399	3a9f3078	Stephen Beaver
400			$form->add($section);
401
402	f9ee8994	Stephen Beaver	if (isset($id) && $thiscrl) {
403			$section->addInput(new Form_Input(
404			'id',
405			null,
406			'hidden',
407			$id
408	3a9f3078	Stephen Beaver	));
409	f9ee8994	Stephen Beaver	}
410	3a9f3078	Stephen Beaver
411	f9ee8994	Stephen Beaver	print($form);
412
413			} elseif ($act == "editimported") {
414	3a9f3078	Stephen Beaver
415	f9ee8994	Stephen Beaver	$form = new Form();
416	3a9f3078	Stephen Beaver
417			$section = new Form_Section('Edit Imported Certificate Revocation List');
418
419	f9ee8994	Stephen Beaver	$section->addInput(new Form_Input(
420			'descr',
421			'Descriptive name',
422			'text',
423			$pconfig['descr']
424			));
425	3a9f3078	Stephen Beaver
426	f9ee8994	Stephen Beaver	$section->addInput(new Form_Textarea(
427			'crltext',
428			'CRL data',
429			$pconfig['crltext']
430			))->setHelp('Paste a Certificate Revocation List in X.509 CRL format here.');
431	3a9f3078	Stephen Beaver
432	f9ee8994	Stephen Beaver	$section->addInput(new Form_Input(
433			'id',
434			null,
435			'hidden',
436			$id
437			));
438	3a9f3078	Stephen Beaver
439	f9ee8994	Stephen Beaver	$section->addInput(new Form_Input(
440			'act',
441			null,
442			'hidden',
443			'editimported'
444			));
445	3a9f3078	Stephen Beaver
446	f9ee8994	Stephen Beaver	$form->add($section);
447	3a9f3078	Stephen Beaver
448	f9ee8994	Stephen Beaver	print($form);
449	3a9f3078	Stephen Beaver
450	f9ee8994	Stephen Beaver	} elseif ($act == "edit") {
451			$crl = $thiscrl;
452	3a9f3078	Stephen Beaver
453	f9ee8994	Stephen Beaver	$form = new Form(false);
454	81bfb231	jim-p	?>
455	3a9f3078	Stephen Beaver
456	f9ee8994	Stephen Beaver	<div class="panel panel-default">
457			<div class="panel-heading"><h2 class="panel-title"><?=gettext("Currently Revoked Certificates for CRL") . ': ' . $crl['descr']?></h2></div>
458			<div class="panel-body table-responsive">
459	3a9f3078	Stephen Beaver	<?php
460	78863416	Phil Davis	if (!is_array($crl['cert']) \|\| (count($crl['cert']) == 0)) {
461	8545adde	k-paulius	print_info_box(gettext("No certificates found for this CRL."), 'danger');
462	78863416	Phil Davis	} else {
463	3a9f3078	Stephen Beaver	?>
464	f9ee8994	Stephen Beaver	<table class="table table-striped table-hover table-condensed">
465			<thead>
466	fc54f29b	jim-p	<tr>
467	f9ee8994	Stephen Beaver	<th><?=gettext("Certificate Name")?></th>
468			<th><?=gettext("Revocation Reason")?></th>
469			<th><?=gettext("Revoked At")?></th>
470			<th></th>
471	28ff7ace	jim-p	</tr>
472	f9ee8994	Stephen Beaver	</thead>
473			<tbody>
474	3a9f3078	Stephen Beaver	<?php
475	78863416	Phil Davis	foreach ($crl['cert'] as $i => $cert):
476	f9ee8994	Stephen Beaver	$name = htmlspecialchars($cert['descr']);
477			?>
478	28ff7ace	jim-p	<tr>
479			<td class="listlr">
480	f9ee8994	Stephen Beaver	<?=$name; ?>
481	28ff7ace	jim-p	</td>
482	fc54f29b	jim-p	<td class="listlr">
483	f9ee8994	Stephen Beaver	<?=$openssl_crl_status[$cert["reason"]]; ?>
484	fc54f29b	jim-p	</td>
485			<td class="listlr">
486	f9ee8994	Stephen Beaver	<?=date("D M j G:i:s T Y", $cert["revoke_time"]); ?>
487	fc54f29b	jim-p	</td>
488	28ff7ace	jim-p	<td class="list">
489	15b6dcac	jim-p	<a href="system_crlmanager.php?act=delcert&id=<?=$crl['refid']; ?>&certref=<?=$cert['refid']; ?>">
490			<i class="fa fa-trash" title="<?=gettext("Delete this certificate from the CRL")?>" alt="<?=gettext("Delete this certificate from the CRL")?>"></i>
491	28ff7ace	jim-p	</a>
492			</td>
493			</tr>
494	f9ee8994	Stephen Beaver	<?php
495			endforeach;
496			?>
497			</tbody>
498			</table>
499	f6fac5ac	Phil Davis	<?php
500			}
501			?>
502	f9ee8994	Stephen Beaver	</div>
503			</div>
504			<?php
505
506			$ca_certs = array();
507	78863416	Phil Davis	foreach ($a_cert as $cert) {
508			if ($cert['caref'] == $crl['caref']) {
509	f9ee8994	Stephen Beaver	$ca_certs[] = $cert;
510	78863416	Phil Davis	}
511			}
512	3a9f3078	Stephen Beaver
513	f6fac5ac	Phil Davis	if (count($ca_certs) == 0) {
514	8545adde	k-paulius	print_info_box(gettext("No certificates found for this CA."), 'danger');
515	f6fac5ac	Phil Davis	} else {
516	5f88f964	k-paulius	$section = new Form_Section('Choose a Certificate to Revoke');
517	f6fac5ac	Phil Davis	$group = new Form_Group(null);
518	3a9f3078	Stephen Beaver
519	f6fac5ac	Phil Davis	$group->add(new Form_Select(
520			'certref',
521			null,
522			$pconfig['certref'],
523			build_cacert_list()
524			))->setWidth(4)->setHelp('Certificate');
525	3a9f3078	Stephen Beaver
526	f6fac5ac	Phil Davis	$group->add(new Form_Select(
527			'crlreason',
528			null,
529			-1,
530			$openssl_crl_status
531			))->setHelp('Reason');
532	3a9f3078	Stephen Beaver
533	f6fac5ac	Phil Davis	$group->add(new Form_Button(
534			'submit',
535	faab522f	Renato Botelho	'Add',
536	827a3812	jim-p	null,
537			'fa-plus'
538			))->addClass('btn-success btn-sm');
539	3a9f3078	Stephen Beaver
540	f6fac5ac	Phil Davis	$section->add($group);
541	3a9f3078	Stephen Beaver
542	f6fac5ac	Phil Davis	$section->addInput(new Form_Input(
543			'id',
544			null,
545			'hidden',
546			$crl['refid']
547			));
548	3a9f3078	Stephen Beaver
549	f6fac5ac	Phil Davis	$section->addInput(new Form_Input(
550			'act',
551			null,
552			'hidden',
553			'addcert'
554			));
555	3a9f3078	Stephen Beaver
556	f6fac5ac	Phil Davis	$section->addInput(new Form_Input(
557			'crlref',
558			null,
559			'hidden',
560			$crl['refid']
561			));
562	3a9f3078	Stephen Beaver
563	f6fac5ac	Phil Davis	$form->add($section);
564			}
565	3a9f3078	Stephen Beaver
566	f9ee8994	Stephen Beaver	print($form);
567			} else {
568			?>
569
570			<div class="panel panel-default">
571			<div class="panel-heading"><h2 class="panel-title"><?=gettext("Additional Certificate Revocation Lists")?></h2></div>
572			<div class="panel-body table-responsive">
573	1c10ce97	PiBa-NL	<table class="table table-striped table-hover table-condensed table-rowdblclickedit">
574	f9ee8994	Stephen Beaver	<thead>
575	0d15afff	Colin Fleming	<tr>
576	f9ee8994	Stephen Beaver	<th><?=gettext("Name")?></th>
577			<th><?=gettext("Internal")?></th>
578			<th><?=gettext("Certificates")?></th>
579			<th><?=gettext("In Use")?></th>
580	b1466a09	Phil Davis	<th><?=gettext("Actions")?></th>
581	0d15afff	Colin Fleming	</tr>
582	f9ee8994	Stephen Beaver	</thead>
583			<tbody>
584			<?php
585			// Map CRLs to CAs in one pass
586			$ca_crl_map = array();
587	78863416	Phil Davis	foreach ($a_crl as $crl) {
588	f9ee8994	Stephen Beaver	$ca_crl_map[$crl['caref']][] = $crl['refid'];
589	78863416	Phil Davis	}
590	f9ee8994	Stephen Beaver
591			$i = 0;
592	78863416	Phil Davis	foreach ($a_ca as $ca):
593	f9ee8994	Stephen Beaver	$name = htmlspecialchars($ca['descr']);
594
595	78863416	Phil Davis	if ($ca['prv']) {
596	f9ee8994	Stephen Beaver	$cainternal = "YES";
597	78863416	Phil Davis	} else {
598	f9ee8994	Stephen Beaver	$cainternal = "NO";
599	78863416	Phil Davis	}
600	3a9f3078	Stephen Beaver	?>
601	81bfb231	jim-p	<tr>
602	f9ee8994	Stephen Beaver	<td colspan="4">
603			<?=$name?>
604	81bfb231	jim-p	</td>
605	f9ee8994	Stephen Beaver	<td>
606	3a9f3078	Stephen Beaver	<?php
607	78863416	Phil Davis	if ($cainternal == "YES"):
608			?>
609	f9ee8994	Stephen Beaver	<a href="system_crlmanager.php?act=new&caref=<?=$ca['refid']; ?>" class="btn btn-xs btn-success">
610	15b6dcac	jim-p	<i class="fa fa-plus icon-embed-btn"></i>
611	c4e97dbe	Chris Buechler	<?=gettext("Add or Import CRL")?>
612	44bcc1be	jim-p	</a>
613	3a9f3078	Stephen Beaver	<?php
614	78863416	Phil Davis	else:
615			?>
616	f9ee8994	Stephen Beaver	<a href="system_crlmanager.php?act=new&caref=<?=$ca['refid']; ?>&importonly=yes" class="btn btn-xs btn-success">
617	15b6dcac	jim-p	<i class="fa fa-plus icon-embed-btn"></i>
618	c4e97dbe	Chris Buechler	<?=gettext("Add or Import CRL")?>
619	3a9f3078	Stephen Beaver	</a>
620			<?php
621	78863416	Phil Davis	endif;
622			?>
623	81bfb231	jim-p	</td>
624			</tr>
625	f9ee8994	Stephen Beaver	<?php
626			if (is_array($ca_crl_map[$ca['refid']])):
627	78863416	Phil Davis	foreach ($ca_crl_map[$ca['refid']] as $crl):
628	f9ee8994	Stephen Beaver	$tmpcrl = lookup_crl($crl);
629			$internal = is_crl_internal($tmpcrl);
630			$inuse = crl_in_use($tmpcrl['refid']);
631			?>
632	81bfb231	jim-p	<tr>
633	f9ee8994	Stephen Beaver	<td><?=$tmpcrl['descr']; ?></td>
634	ce883f9f	jim-p	<td><i class="fa fa-<?=($internal) ? "check" : "times"; ?>"></i></td>
635	f9ee8994	Stephen Beaver	<td><?=($internal) ? count($tmpcrl['cert']) : "Unknown (imported)"; ?></td>
636	ce883f9f	jim-p	<td><i class="fa fa-<?=($inuse) ? "check" : "times"; ?>"></i></td>
637	f9ee8994	Stephen Beaver	<td>
638	15b6dcac	jim-p	<a href="system_crlmanager.php?act=exp&id=<?=$tmpcrl['refid']?>" class="fa fa-download" title="<?=gettext("Export CRL")?>"></a>
639	3a9f3078	Stephen Beaver	<?php
640	f9ee8994	Stephen Beaver	if ($internal): ?>
641	15b6dcac	jim-p	<a href="system_crlmanager.php?act=edit&id=<?=$tmpcrl['refid']?>" class="fa fa-pencil" title="<?=gettext("Edit CRL")?>"></a>
642	3a9f3078	Stephen Beaver	<?php
643	78863416	Phil Davis	else:
644			?>
645	15b6dcac	jim-p	<a href="system_crlmanager.php?act=editimported&id=<?=$tmpcrl['refid']?>" class="fa fa-pencil" title="<?=gettext("Edit CRL")?>"></a>
646	3a9f3078	Stephen Beaver	<?php endif;
647	78863416	Phil Davis	if (!$inuse):
648			?>
649	15b6dcac	jim-p	<a href="system_crlmanager.php?act=del&id=<?=$tmpcrl['refid']?>" class="fa fa-trash" title="<?=gettext("Delete CRL")?>"></a>
650	3a9f3078	Stephen Beaver	<?php
651	78863416	Phil Davis	endif;
652			?>
653	81bfb231	jim-p	</td>
654			</tr>
655	f9ee8994	Stephen Beaver	<?php
656			$i++;
657			endforeach;
658			endif;
659			$i++;
660			endforeach;
661	3a9f3078	Stephen Beaver	?>
662	f9ee8994	Stephen Beaver	</tbody>
663			</table>
664			</div>
665			</div>
666	3a9f3078	Stephen Beaver
667
668			<?php
669	f9ee8994	Stephen Beaver	}
670			?>
671	81bfb231	jim-p
672	f9ee8994	Stephen Beaver	<script>
673	3a9f3078	Stephen Beaver	//<![CDATA[
674	78863416	Phil Davis	events.push(function() {
675	3a9f3078	Stephen Beaver
676			// Hides all elements of the specified class. This will usually be a section or group
677			function hideClass(s_class, hide) {
678	78863416	Phil Davis	if (hide) {
679	3a9f3078	Stephen Beaver	$('.' + s_class).hide();
680	78863416	Phil Davis	} else {
681	3a9f3078	Stephen Beaver	$('.' + s_class).show();
682	78863416	Phil Davis	}
683	3a9f3078	Stephen Beaver	}
684
685			// When the 'method" selector is changed, we show/hide certain sections
686			$('#method').on('change', function() {
687			hideClass('internal', ($('#method').val() == 'existing'));
688			hideClass('existing', ($('#method').val() == 'internal'));
689			});
690
691	f9ee8994	Stephen Beaver	hideClass('internal', ($('#method').val() == 'existing'));
692			hideClass('existing', ($('#method').val() == 'internal'));
693			});
694	3a9f3078	Stephen Beaver	//]]>
695	81bfb231	jim-p	</script>
696
697	f9ee8994	Stephen Beaver	<?php include("foot.inc");

Project

General

Profile

pfSense