/src/usr/local/www/system_crlmanager.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/src/usr/local/www/system_crlmanager.php @ abe98adb

1	81bfb231	jim-p	<?php
2			/*
3			system_crlmanager.php
4			*/
5	3a9f3078	Stephen Beaver	/* ====================================================================
6			* Copyright (c) 2004-2015 Electric Sheep Fencing, LLC. All rights reserved.
7			*
8			* Redistribution and use in source and binary forms, with or without modification,
9			* are permitted provided that the following conditions are met:
10			*
11			* 1. Redistributions of source code must retain the above copyright notice,
12			* this list of conditions and the following disclaimer.
13			*
14			* 2. Redistributions in binary form must reproduce the above copyright
15			* notice, this list of conditions and the following disclaimer in
16			* the documentation and/or other materials provided with the
17			* distribution.
18			*
19			* 3. All advertising materials mentioning features or use of this software
20			* must display the following acknowledgment:
21			* "This product includes software developed by the pfSense Project
22			* for use in the pfSense software distribution. (http://www.pfsense.org/).
23			*
24			* 4. The names "pfSense" and "pfSense Project" must not be used to
25			* endorse or promote products derived from this software without
26			* prior written permission. For written permission, please contact
27			* coreteam@pfsense.org.
28			*
29			* 5. Products derived from this software may not be called "pfSense"
30			* nor may "pfSense" appear in their names without prior written
31			* permission of the Electric Sheep Fencing, LLC.
32			*
33			* 6. Redistributions of any form whatsoever must retain the following
34			* acknowledgment:
35			*
36			* "This product includes software developed by the pfSense Project
37			* for use in the pfSense software distribution (http://www.pfsense.org/).
38			*
39			* THIS SOFTWARE IS PROVIDED BY THE pfSense PROJECT ``AS IS'' AND ANY
40			* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41			* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42			* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE pfSense PROJECT OR
43			* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44			* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45			* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46			* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47			* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48			* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49			* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50			* OF THE POSSIBILITY OF SUCH DAMAGE.
51			*
52			* ====================================================================
53			*
54			*/
55	81bfb231	jim-p	/*
56	3a9f3078	Stephen Beaver	pfSense_MODULE: certificate_manager
57	81bfb231	jim-p	*/
58
59			##\|+PRIV
60			##\|*IDENT=page-system-crlmanager
61			##\|*NAME=System: CRL Manager
62			##\|*DESCR=Allow access to the 'System: CRL Manager' page.
63			##\|MATCH=system_crlmanager.php
64			##\|-PRIV
65
66			require("guiconfig.inc");
67			require_once("certs.inc");
68	0dea741f	Chris Buechler	require_once("openvpn.inc");
69			require_once("vpn.inc");
70	81bfb231	jim-p
71	fc54f29b	jim-p	global $openssl_crl_status;
72
73	2d0d804b	Phil Davis	$pgtitle = array(gettext("System"), gettext("Certificate Manager"), gettext("Certificate Revocation Lists"));
74	81bfb231	jim-p
75			$crl_methods = array(
76			"internal" => gettext("Create an internal Certificate Revocation List"),
77			"existing" => gettext("Import an existing Certificate Revocation List"));
78
79	56b1ed39	Phil Davis	if (ctype_alnum($_GET['id'])) {
80	e41ec584	Renato Botelho	$id = $_GET['id'];
81	56b1ed39	Phil Davis	}
82			if (isset($_POST['id']) && ctype_alnum($_POST['id'])) {
83	81bfb231	jim-p	$id = $_POST['id'];
84	56b1ed39	Phil Davis	}
85	81bfb231	jim-p
86	56b1ed39	Phil Davis	if (!is_array($config['ca'])) {
87	81bfb231	jim-p	$config['ca'] = array();
88	56b1ed39	Phil Davis	}
89	81bfb231	jim-p
90			$a_ca =& $config['ca'];
91
92	56b1ed39	Phil Davis	if (!is_array($config['cert'])) {
93	81bfb231	jim-p	$config['cert'] = array();
94	56b1ed39	Phil Davis	}
95	81bfb231	jim-p
96			$a_cert =& $config['cert'];
97
98	56b1ed39	Phil Davis	if (!is_array($config['crl'])) {
99	81bfb231	jim-p	$config['crl'] = array();
100	56b1ed39	Phil Davis	}
101	81bfb231	jim-p
102			$a_crl =& $config['crl'];
103
104	56b1ed39	Phil Davis	foreach ($a_crl as $cid => $acrl) {
105			if (!isset($acrl['refid'])) {
106	c1f95f5c	jim-p	unset ($a_crl[$cid]);
107	56b1ed39	Phil Davis	}
108			}
109	c1f95f5c	jim-p
110	81bfb231	jim-p	$act = $_GET['act'];
111	56b1ed39	Phil Davis	if ($_POST['act']) {
112	81bfb231	jim-p	$act = $_POST['act'];
113	56b1ed39	Phil Davis	}
114	81bfb231	jim-p
115	56b1ed39	Phil Davis	if (!empty($id)) {
116	c1f95f5c	jim-p	$thiscrl =& lookup_crl($id);
117	56b1ed39	Phil Davis	}
118	81bfb231	jim-p
119	c1f95f5c	jim-p	// If we were given an invalid crlref in the id, no sense in continuing as it would only cause errors.
120			if (!$thiscrl && (($act != "") && ($act != "new"))) {
121			pfSenseHeader("system_crlmanager.php");
122			$act="";
123			$savemsg = gettext("Invalid CRL reference.");
124	3a9f3078	Stephen Beaver	}
125	c1f95f5c	jim-p
126			if ($act == "del") {
127	234cde4b	jim-p	$name = htmlspecialchars($thiscrl['descr']);
128	c1f95f5c	jim-p	if (crl_in_use($id)) {
129	8cd558b6	ayvis	$savemsg = sprintf(gettext("Certificate Revocation List %s is in use and cannot be deleted"), $name) . "<br />";
130	ad8df715	jim-p	} else {
131	56b1ed39	Phil Davis	foreach ($a_crl as $cid => $acrl) {
132			if ($acrl['refid'] == $thiscrl['refid']) {
133	c1f95f5c	jim-p	unset($a_crl[$cid]);
134	56b1ed39	Phil Davis	}
135			}
136	ad08687b	jim-p	write_config("Deleted CRL {$name}.");
137	8cd558b6	ayvis	$savemsg = sprintf(gettext("Certificate Revocation List %s successfully deleted"), $name) . "<br />";
138	ad8df715	jim-p	}
139	81bfb231	jim-p	}
140
141			if ($act == "new") {
142			$pconfig['method'] = $_GET['method'];
143			$pconfig['caref'] = $_GET['caref'];
144			$pconfig['lifetime'] = "9999";
145			$pconfig['serial'] = "0";
146			}
147
148			if ($act == "exp") {
149	45508803	jim-p	crl_update($thiscrl);
150	c1f95f5c	jim-p	$exp_name = urlencode("{$thiscrl['descr']}.crl");
151			$exp_data = base64_decode($thiscrl['text']);
152	81bfb231	jim-p	$exp_size = strlen($exp_data);
153
154			header("Content-Type: application/octet-stream");
155			header("Content-Disposition: attachment; filename={$exp_name}");
156			header("Content-Length: $exp_size");
157			echo $exp_data;
158			exit;
159			}
160
161	28ff7ace	jim-p	if ($act == "addcert") {
162			if ($_POST) {
163			unset($input_errors);
164			$pconfig = $_POST;
165
166			if (!$pconfig['crlref'] \|\| !$pconfig['certref']) {
167			pfSenseHeader("system_crlmanager.php");
168			exit;
169			}
170
171			// certref, crlref
172			$crl =& lookup_crl($pconfig['crlref']);
173			$cert = lookup_cert($pconfig['certref']);
174
175			if (!$crl['caref'] \|\| !$cert['caref']) {
176			$input_errors[] = gettext("Both the Certificate and CRL must be specified.");
177			}
178
179			if ($crl['caref'] != $cert['caref']) {
180			$input_errors[] = gettext("CA mismatch between the Certificate and CRL. Unable to Revoke.");
181			}
182			if (!is_crl_internal($crl)) {
183			$input_errors[] = gettext("Cannot revoke certificates for an imported/external CRL.");
184			}
185
186			if (!$input_errors) {
187	fc54f29b	jim-p	$reason = (empty($pconfig['crlreason'])) ? OCSP_REVOKED_STATUS_UNSPECIFIED : $pconfig['crlreason'];
188			cert_revoke($cert, $crl, $reason);
189	3a9f3078	Stephen Beaver	// refresh IPsec and OpenVPN CRLs
190	8e022a76	jim-p	openvpn_refresh_crls();
191	6141f51a	Chris Buechler	vpn_ipsec_configure();
192	cfcc6994	jim-p	write_config("Revoked cert {$cert['descr']} in CRL {$crl['descr']}.");
193	28ff7ace	jim-p	pfSenseHeader("system_crlmanager.php");
194	ad08687b	jim-p	exit;
195	28ff7ace	jim-p	}
196			}
197			}
198
199			if ($act == "delcert") {
200	c1f95f5c	jim-p	if (!is_array($thiscrl['cert'])) {
201	28ff7ace	jim-p	pfSenseHeader("system_crlmanager.php");
202			exit;
203			}
204	c1f95f5c	jim-p	$found = false;
205			foreach ($thiscrl['cert'] as $acert) {
206			if ($acert['refid'] == $_GET['certref']) {
207			$found = true;
208			$thiscert = $acert;
209			}
210			}
211			if (!$found) {
212			pfSenseHeader("system_crlmanager.php");
213			exit;
214			}
215	234cde4b	jim-p	$certname = htmlspecialchars($thiscert['descr']);
216			$crlname = htmlspecialchars($thiscrl['descr']);
217	c1f95f5c	jim-p	if (cert_unrevoke($thiscert, $thiscrl)) {
218	234cde4b	jim-p	$savemsg = sprintf(gettext("Deleted Certificate %s from CRL %s"), $certname, $crlname) . "<br />";
219	3a9f3078	Stephen Beaver	// refresh IPsec and OpenVPN CRLs
220	c1f95f5c	jim-p	openvpn_refresh_crls();
221	6141f51a	Chris Buechler	vpn_ipsec_configure();
222	234cde4b	jim-p	write_config(sprintf(gettext("Deleted Certificate %s from CRL %s"), $certname, $crlname));
223	c1f95f5c	jim-p	} else {
224	234cde4b	jim-p	$savemsg = sprintf(gettext("Failed to delete Certificate %s from CRL %s"), $certname, $crlname) . "<br />";
225	c1f95f5c	jim-p	}
226			$act="edit";
227	28ff7ace	jim-p	}
228
229	81bfb231	jim-p	if ($_POST) {
230	234cde4b	jim-p	$input_errors = array();
231	81bfb231	jim-p	$pconfig = $_POST;
232
233			/* input validation */
234	6f3d3a07	jim-p	if (($pconfig['method'] == "existing") \|\| ($act == "editimported")) {
235	5293bfec	jim-p	$reqdfields = explode(" ", "descr crltext");
236	81bfb231	jim-p	$reqdfieldsn = array(
237	6c07db48	Phil Davis	gettext("Descriptive name"),
238			gettext("Certificate Revocation List data"));
239	81bfb231	jim-p	}
240			if ($pconfig['method'] == "internal") {
241	6c07db48	Phil Davis	$reqdfields = explode(" ", "descr caref");
242	81bfb231	jim-p	$reqdfieldsn = array(
243	6c07db48	Phil Davis	gettext("Descriptive name"),
244			gettext("Certificate Authority"));
245	81bfb231	jim-p	}
246
247	1e9b4611	Renato Botelho	do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors);
248	81bfb231	jim-p
249	234cde4b	jim-p	if (preg_match("/[\?\>\<\&\/\\\"\']/", $pconfig['descr'])) {
250			array_push($input_errors, "The field 'Descriptive Name' contains invalid characters.");
251			}
252
253	81bfb231	jim-p	/* if this is an AJAX caller then handle via JSON */
254			if (isAjax() && is_array($input_errors)) {
255			input_errors2Ajax($input_errors);
256			exit;
257			}
258
259			/* save modifications */
260			if (!$input_errors) {
261			$result = false;
262
263	304af9d8	jim-p	if ($thiscrl) {
264	c1f95f5c	jim-p	$crl =& $thiscrl;
265	304af9d8	jim-p	} else {
266			$crl = array();
267			$crl['refid'] = uniqid();
268			}
269	81bfb231	jim-p
270	f2a86ca9	jim-p	$crl['descr'] = $pconfig['descr'];
271	6f3d3a07	jim-p	if ($act != "editimported") {
272			$crl['caref'] = $pconfig['caref'];
273			$crl['method'] = $pconfig['method'];
274			}
275	81bfb231	jim-p
276	6f3d3a07	jim-p	if (($pconfig['method'] == "existing") \|\| ($act == "editimported")) {
277	304af9d8	jim-p	$crl['text'] = base64_encode($pconfig['crltext']);
278	81bfb231	jim-p	}
279
280			if ($pconfig['method'] == "internal") {
281			$crl['serial'] = empty($pconfig['serial']) ? 9999 : $pconfig['serial'];
282			$crl['lifetime'] = empty($pconfig['lifetime']) ? 9999 : $pconfig['lifetime'];
283			$crl['cert'] = array();
284			}
285
286	56b1ed39	Phil Davis	if (!$thiscrl) {
287	81bfb231	jim-p	$a_crl[] = $crl;
288	56b1ed39	Phil Davis	}
289	81bfb231	jim-p
290	304af9d8	jim-p	write_config("Saved CRL {$crl['descr']}");
291	3a9f3078	Stephen Beaver	// refresh IPsec and OpenVPN CRLs
292	6f3d3a07	jim-p	openvpn_refresh_crls();
293	6141f51a	Chris Buechler	vpn_ipsec_configure();
294	81bfb231	jim-p	pfSenseHeader("system_crlmanager.php");
295			}
296			}
297
298			include("head.inc");
299			?>
300
301			<script type="text/javascript">
302	0d15afff	Colin Fleming	//<![CDATA[
303	81bfb231	jim-p
304			function method_change() {
305
306	44bcc1be	jim-p	method = document.iform.method.value;
307	81bfb231	jim-p
308			switch (method) {
309	44bcc1be	jim-p	case "internal":
310	81bfb231	jim-p	document.getElementById("existing").style.display="none";
311			document.getElementById("internal").style.display="";
312			break;
313	44bcc1be	jim-p	case "existing":
314	81bfb231	jim-p	document.getElementById("existing").style.display="";
315			document.getElementById("internal").style.display="none";
316			break;
317			}
318			}
319
320	0d15afff	Colin Fleming	//]]>
321	81bfb231	jim-p	</script>
322	f9ee8994	Stephen Beaver
323	81bfb231	jim-p	<?php
324	f9ee8994	Stephen Beaver
325			function build_method_list() {
326			global $_GET, $crl_methods;
327	3a9f3078	Stephen Beaver
328	f9ee8994	Stephen Beaver	$list = array();
329	3a9f3078	Stephen Beaver
330	f9ee8994	Stephen Beaver	foreach($crl_methods as $method => $desc) {
331			if (($_GET['importonly'] == "yes") && ($method != "existing"))
332			continue;
333	3a9f3078	Stephen Beaver
334	f9ee8994	Stephen Beaver	$list[$method] = $desc;
335	3a9f3078	Stephen Beaver	}
336
337			return($list);
338	f9ee8994	Stephen Beaver	}
339
340			function build_ca_list() {
341			global $a_ca;
342	3a9f3078	Stephen Beaver
343	f9ee8994	Stephen Beaver	$list = array();
344	3a9f3078	Stephen Beaver
345	f9ee8994	Stephen Beaver	foreach($a_ca as $ca)
346			$list[$ca['refid']] = $ca['descr'];
347
348			return($list);
349			}
350
351			function build_cacert_list() {
352			global $ca_certs;
353	3a9f3078	Stephen Beaver
354	f9ee8994	Stephen Beaver	$list = array();
355
356			foreach($ca_certs as $cert)
357	3a9f3078	Stephen Beaver	$list[$cert['refid']] = $cert['descr'];
358	f9ee8994	Stephen Beaver
359			return($list);
360	3a9f3078	Stephen Beaver	}
361	f9ee8994	Stephen Beaver
362			if ($input_errors)
363			print_input_errors($input_errors);
364	3a9f3078	Stephen Beaver
365	f9ee8994	Stephen Beaver	if ($savemsg)
366	3a9f3078	Stephen Beaver	print_info_box($savemsg, 'sucess');
367
368	f9ee8994	Stephen Beaver	$tab_array = array();
369			$tab_array[] = array(gettext("CAs"), false, "system_camanager.php");
370			$tab_array[] = array(gettext("Certificates"), false, "system_certmanager.php");
371			$tab_array[] = array(gettext("Certificate Revocation"), true, "system_crlmanager.php");
372			display_top_tabs($tab_array);
373
374			if ($act == "new" \|\| $act == gettext("Save") \|\| $input_errors) {
375			if (!isset($id)) {
376			$form = new Form();
377	3a9f3078	Stephen Beaver
378	f9ee8994	Stephen Beaver	$section = new Form_Section('Create new revocation list');
379	3a9f3078	Stephen Beaver
380	f9ee8994	Stephen Beaver	$section->addInput(new Form_Select(
381			'method',
382			'Method',
383			$pconfig['method'],
384			build_method_list()
385			));
386	3a9f3078	Stephen Beaver
387	f9ee8994	Stephen Beaver	}
388	3a9f3078	Stephen Beaver
389	f9ee8994	Stephen Beaver	$section->addInput(new Form_Input(
390			'descr',
391			'Descriptive name',
392			'text',
393			$pconfig['descr']
394			));
395
396			$section->addInput(new Form_Select(
397			'caref',
398			'Certificate Authority',
399			$pconfig['caref'],
400			build_ca_list()
401			));
402	3a9f3078	Stephen Beaver
403	f9ee8994	Stephen Beaver	$form->add($section);
404	3a9f3078	Stephen Beaver
405	f9ee8994	Stephen Beaver	$section = new Form_Section('Existing Certificate Revocation List');
406			$section->addClass('existing');
407	3a9f3078	Stephen Beaver
408	f9ee8994	Stephen Beaver	$section->addInput(new Form_Textarea(
409			'crltext',
410			'CRL data',
411			$pconfig['crltext']
412			))->setHelp('Paste a Certificate Revocation List in X.509 CRL format here.');
413	3a9f3078	Stephen Beaver
414	f9ee8994	Stephen Beaver	$form->add($section);
415	3a9f3078	Stephen Beaver
416	f9ee8994	Stephen Beaver	$section = new Form_Section('Internal Certificate Revocation List');
417			$section->addClass('internal');
418	3a9f3078	Stephen Beaver
419	f9ee8994	Stephen Beaver	$section->addInput(new Form_Input(
420			'lifetime',
421			'Lifetime (Days)',
422			'number',
423			$pconfig['lifetime'],
424			[max => '9999']
425			));
426	3a9f3078	Stephen Beaver
427	f9ee8994	Stephen Beaver	$section->addInput(new Form_Input(
428			'serial',
429			'Serial',
430			'number',
431			$pconfig['serial'],
432	3a9f3078	Stephen Beaver	[min => '0', max => '9999']
433	f9ee8994	Stephen Beaver	));
434	3a9f3078	Stephen Beaver
435			$form->add($section);
436
437	f9ee8994	Stephen Beaver	if (isset($id) && $thiscrl) {
438			$section->addInput(new Form_Input(
439			'id',
440			null,
441			'hidden',
442			$id
443	3a9f3078	Stephen Beaver	));
444	f9ee8994	Stephen Beaver	}
445	3a9f3078	Stephen Beaver
446	f9ee8994	Stephen Beaver	print($form);
447
448			} elseif ($act == "editimported") {
449	3a9f3078	Stephen Beaver
450	f9ee8994	Stephen Beaver	$form = new Form();
451	3a9f3078	Stephen Beaver
452			$section = new Form_Section('Edit Imported Certificate Revocation List');
453
454	f9ee8994	Stephen Beaver	$section->addInput(new Form_Input(
455			'descr',
456			'Descriptive name',
457			'text',
458			$pconfig['descr']
459			));
460	3a9f3078	Stephen Beaver
461	f9ee8994	Stephen Beaver	$section->addInput(new Form_Textarea(
462			'crltext',
463			'CRL data',
464			$pconfig['crltext']
465			))->setHelp('Paste a Certificate Revocation List in X.509 CRL format here.');
466	3a9f3078	Stephen Beaver
467	f9ee8994	Stephen Beaver	$section->addInput(new Form_Input(
468			'id',
469			null,
470			'hidden',
471			$id
472			));
473	3a9f3078	Stephen Beaver
474	f9ee8994	Stephen Beaver	$section->addInput(new Form_Input(
475			'act',
476			null,
477			'hidden',
478			'editimported'
479			));
480	3a9f3078	Stephen Beaver
481	f9ee8994	Stephen Beaver	$form->add($section);
482	3a9f3078	Stephen Beaver
483	f9ee8994	Stephen Beaver	print($form);
484	3a9f3078	Stephen Beaver
485	f9ee8994	Stephen Beaver	} elseif ($act == "edit") {
486			$crl = $thiscrl;
487	3a9f3078	Stephen Beaver
488	f9ee8994	Stephen Beaver	$form = new Form(false);
489	81bfb231	jim-p	?>
490	3a9f3078	Stephen Beaver
491	f9ee8994	Stephen Beaver	<div class="panel panel-default">
492			<div class="panel-heading"><h2 class="panel-title"><?=gettext("Currently Revoked Certificates for CRL") . ': ' . $crl['descr']?></h2></div>
493			<div class="panel-body table-responsive">
494	3a9f3078	Stephen Beaver	<?php
495	f9ee8994	Stephen Beaver	if (!is_array($crl['cert']) \|\| (count($crl['cert']) == 0))
496			print_info_box(gettext("No Certificates Found for this CRL."), 'danger');
497			else {
498	3a9f3078	Stephen Beaver	?>
499	f9ee8994	Stephen Beaver	<table class="table table-striped table-hover table-condensed">
500			<thead>
501	fc54f29b	jim-p	<tr>
502	f9ee8994	Stephen Beaver	<th><?=gettext("Certificate Name")?></th>
503			<th><?=gettext("Revocation Reason")?></th>
504			<th><?=gettext("Revoked At")?></th>
505			<th></th>
506	28ff7ace	jim-p	</tr>
507	f9ee8994	Stephen Beaver	</thead>
508			<tbody>
509	3a9f3078	Stephen Beaver	<?php
510	f9ee8994	Stephen Beaver	foreach($crl['cert'] as $i => $cert):
511			$name = htmlspecialchars($cert['descr']);
512			?>
513	28ff7ace	jim-p	<tr>
514			<td class="listlr">
515	f9ee8994	Stephen Beaver	<?=$name; ?>
516	28ff7ace	jim-p	</td>
517	fc54f29b	jim-p	<td class="listlr">
518	f9ee8994	Stephen Beaver	<?=$openssl_crl_status[$cert["reason"]]; ?>
519	fc54f29b	jim-p	</td>
520			<td class="listlr">
521	f9ee8994	Stephen Beaver	<?=date("D M j G:i:s T Y", $cert["revoke_time"]); ?>
522	fc54f29b	jim-p	</td>
523	28ff7ace	jim-p	<td class="list">
524	f9ee8994	Stephen Beaver	<a href="system_crlmanager.php?act=delcert&id=<?=$crl['refid']; ?>&certref=<?=$cert['refid']; ?>" onclick="return confirm('<?=gettext("Do you really want to delete this Certificate from the CRL?")?>')">
525	7ea65674	Jared Dillard	<i class="fa fa-times-circle" title="<?=gettext("Delete this certificate from the CRL ")?>" alt="<?=gettext("Delete this certificate from the CRL ")?>"></i>
526	28ff7ace	jim-p	</a>
527			</td>
528			</tr>
529	f9ee8994	Stephen Beaver	<?php
530			endforeach;
531			?>
532			</tbody>
533			</table>
534	3a9f3078	Stephen Beaver	<?php } ?>
535	f9ee8994	Stephen Beaver	</div>
536			</div>
537			<?php
538
539			$ca_certs = array();
540			foreach($a_cert as $cert)
541			if ($cert['caref'] == $crl['caref'])
542			$ca_certs[] = $cert;
543	3a9f3078	Stephen Beaver
544	f9ee8994	Stephen Beaver	if (count($ca_certs) == 0)
545			print_info_box(gettext("No Certificates Found for this CA."), 'danger');
546			else
547	3a9f3078	Stephen Beaver
548	f9ee8994	Stephen Beaver	$section = new Form_Section('Choose a certificate to revoke');
549			$group = new Form_Group(null);
550	3a9f3078	Stephen Beaver
551	f9ee8994	Stephen Beaver	$group->add(new Form_Select(
552			'certref',
553			null,
554			$pconfig['certref'],
555	3a9f3078	Stephen Beaver	build_cacert_list()
556	f9ee8994	Stephen Beaver	))->setWidth(4)->setHelp('Certificate');
557	3a9f3078	Stephen Beaver
558	f9ee8994	Stephen Beaver	$group->add(new Form_Select(
559			'crlreason',
560			null,
561			-1,
562			$openssl_crl_status
563			))->setHelp('Reason');
564	3a9f3078	Stephen Beaver
565	f9ee8994	Stephen Beaver	$group->add(new Form_Button(
566			'submit',
567			'Add'
568			))->removeClass('btn-primary')->addClass('btn-success btn-sm');
569	3a9f3078	Stephen Beaver
570	f9ee8994	Stephen Beaver	$section->add($group);
571	3a9f3078	Stephen Beaver
572	f9ee8994	Stephen Beaver	$section->addInput(new Form_Input(
573			'id',
574			null,
575			'hidden',
576			$crl['refid']
577			));
578	3a9f3078	Stephen Beaver
579	f9ee8994	Stephen Beaver	$section->addInput(new Form_Input(
580			'act',
581			null,
582			'hidden',
583			'addcert'
584			));
585	3a9f3078	Stephen Beaver
586	f9ee8994	Stephen Beaver	$section->addInput(new Form_Input(
587			'crlref',
588			null,
589			'hidden',
590			$crl['refid']
591			));
592	3a9f3078	Stephen Beaver
593	f9ee8994	Stephen Beaver	$form->add($section);
594			print($form);
595			} else {
596			?>
597
598			<div class="panel panel-default">
599			<div class="panel-heading"><h2 class="panel-title"><?=gettext("Additional Certificate Revocation Lists")?></h2></div>
600			<div class="panel-body table-responsive">
601			<table class="table table-striped table-hover table-condensed">
602			<thead>
603	0d15afff	Colin Fleming	<tr>
604	f9ee8994	Stephen Beaver	<th><?=gettext("Name")?></th>
605			<th><?=gettext("Internal")?></th>
606			<th><?=gettext("Certificates")?></th>
607			<th><?=gettext("In Use")?></th>
608			<th></th>
609	0d15afff	Colin Fleming	</tr>
610	f9ee8994	Stephen Beaver	</thead>
611			<tbody>
612			<?php
613			// Map CRLs to CAs in one pass
614			$ca_crl_map = array();
615			foreach($a_crl as $crl)
616			$ca_crl_map[$crl['caref']][] = $crl['refid'];
617
618			$i = 0;
619			foreach($a_ca as $ca):
620			$name = htmlspecialchars($ca['descr']);
621
622			if($ca['prv']) {
623			$cainternal = "YES";
624	3a9f3078	Stephen Beaver	} else
625	f9ee8994	Stephen Beaver	$cainternal = "NO";
626	3a9f3078	Stephen Beaver	?>
627	81bfb231	jim-p	<tr>
628	f9ee8994	Stephen Beaver	<td colspan="4">
629			<?=$name?>
630	81bfb231	jim-p	</td>
631	f9ee8994	Stephen Beaver	<td>
632	3a9f3078	Stephen Beaver	<?php
633	f9ee8994	Stephen Beaver	if ($cainternal == "YES"): ?>
634			<a href="system_crlmanager.php?act=new&caref=<?=$ca['refid']; ?>" class="btn btn-xs btn-success">
635	c4e97dbe	Chris Buechler	<?=gettext("Add or Import CRL")?>
636	44bcc1be	jim-p	</a>
637	3a9f3078	Stephen Beaver	<?php
638	f9ee8994	Stephen Beaver	else: ?>
639			<a href="system_crlmanager.php?act=new&caref=<?=$ca['refid']; ?>&importonly=yes" class="btn btn-xs btn-success">
640	c4e97dbe	Chris Buechler	<?=gettext("Add or Import CRL")?>
641	3a9f3078	Stephen Beaver	</a>
642			<?php
643	f9ee8994	Stephen Beaver	endif; ?>
644	81bfb231	jim-p	</td>
645			</tr>
646	f9ee8994	Stephen Beaver	<?php
647			if (is_array($ca_crl_map[$ca['refid']])):
648			foreach($ca_crl_map[$ca['refid']] as $crl):
649			$tmpcrl = lookup_crl($crl);
650			$internal = is_crl_internal($tmpcrl);
651			$inuse = crl_in_use($tmpcrl['refid']);
652			?>
653	81bfb231	jim-p	<tr>
654	f9ee8994	Stephen Beaver	<td><?=$tmpcrl['descr']; ?></td>
655			<td><?=($internal) ? "YES" : "NO"; ?></td>
656			<td><?=($internal) ? count($tmpcrl['cert']) : "Unknown (imported)"; ?></td>
657			<td><?=($inuse) ? "YES" : "NO"; ?></td>
658			<td>
659			<a href="system_crlmanager.php?act=exp&id=<?=$tmpcrl['refid']?>" class="btn btn-xs btn-success">
660	97d27a2e	Chris Buechler	<?=gettext("Export CRL")?>
661	81bfb231	jim-p	</a>
662	3a9f3078	Stephen Beaver	<?php
663	f9ee8994	Stephen Beaver	if ($internal): ?>
664			<a href="system_crlmanager.php?act=edit&id=<?=$tmpcrl['refid']?>" class="btn btn-xs btn-info">
665			<?=gettext("Edit CRL")?>
666	28ff7ace	jim-p	</a>
667	3a9f3078	Stephen Beaver	<?php
668	f9ee8994	Stephen Beaver	else: ?>
669			<a href="system_crlmanager.php?act=editimported&id=<?=$tmpcrl['refid']?>" class="btn btn-xs btn-info">
670			<?=gettext("Edit CRL")?>
671	6f3d3a07	jim-p	</a>
672	3a9f3078	Stephen Beaver	<?php endif;
673	f9ee8994	Stephen Beaver	if (!$inuse): ?>
674			<a href="system_crlmanager.php?act=del&id=<?=$tmpcrl['refid']?>" class="btn btn-xs btn-danger">
675			<?=gettext("Delete CRL")?>
676	81bfb231	jim-p	</a>
677	3a9f3078	Stephen Beaver	<?php
678	f9ee8994	Stephen Beaver	endif; ?>
679	81bfb231	jim-p	</td>
680			</tr>
681	f9ee8994	Stephen Beaver	<?php
682			$i++;
683			endforeach;
684			endif;
685			$i++;
686			endforeach;
687	3a9f3078	Stephen Beaver	?>
688	f9ee8994	Stephen Beaver	</tbody>
689			</table>
690			</div>
691			</div>
692	3a9f3078	Stephen Beaver
693
694			<?php
695	f9ee8994	Stephen Beaver	}
696			?>
697	81bfb231	jim-p
698	f9ee8994	Stephen Beaver	<script>
699	3a9f3078	Stephen Beaver	//<![CDATA[
700	f9ee8994	Stephen Beaver	events.push(function(){
701	3a9f3078	Stephen Beaver
702			// Hides all elements of the specified class. This will usually be a section or group
703			function hideClass(s_class, hide) {
704			if(hide)
705			$('.' + s_class).hide();
706			else
707			$('.' + s_class).show();
708			}
709
710			// When the 'method" selector is changed, we show/hide certain sections
711			$('#method').on('change', function() {
712			hideClass('internal', ($('#method').val() == 'existing'));
713			hideClass('existing', ($('#method').val() == 'internal'));
714			});
715
716	f9ee8994	Stephen Beaver	hideClass('internal', ($('#method').val() == 'existing'));
717			hideClass('existing', ($('#method').val() == 'internal'));
718			});
719	3a9f3078	Stephen Beaver	//]]>
720	81bfb231	jim-p	</script>
721
722	f9ee8994	Stephen Beaver	<?php include("foot.inc");

Project

General

Profile

pfSense