/src/usr/local/www/system_crlmanager.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/src/usr/local/www/system_crlmanager.php @ c5ecf722

1	81bfb231	jim-p	<?php
2			/*
3			system_crlmanager.php
4			*/
5	3a9f3078	Stephen Beaver	/* ====================================================================
6			* Copyright (c) 2004-2015 Electric Sheep Fencing, LLC. All rights reserved.
7			* Copyright (c) 2004, 2005 Scott Ullrich
8			* Copyright (c) 2010 Jim Pingle
9			*
10			* Redistribution and use in source and binary forms, with or without modification,
11			* are permitted provided that the following conditions are met:
12			*
13			* 1. Redistributions of source code must retain the above copyright notice,
14			* this list of conditions and the following disclaimer.
15			*
16			* 2. Redistributions in binary form must reproduce the above copyright
17			* notice, this list of conditions and the following disclaimer in
18			* the documentation and/or other materials provided with the
19			* distribution.
20			*
21			* 3. All advertising materials mentioning features or use of this software
22			* must display the following acknowledgment:
23			* "This product includes software developed by the pfSense Project
24			* for use in the pfSense software distribution. (http://www.pfsense.org/).
25			*
26			* 4. The names "pfSense" and "pfSense Project" must not be used to
27			* endorse or promote products derived from this software without
28			* prior written permission. For written permission, please contact
29			* coreteam@pfsense.org.
30			*
31			* 5. Products derived from this software may not be called "pfSense"
32			* nor may "pfSense" appear in their names without prior written
33			* permission of the Electric Sheep Fencing, LLC.
34			*
35			* 6. Redistributions of any form whatsoever must retain the following
36			* acknowledgment:
37			*
38			* "This product includes software developed by the pfSense Project
39			* for use in the pfSense software distribution (http://www.pfsense.org/).
40			*
41			* THIS SOFTWARE IS PROVIDED BY THE pfSense PROJECT ``AS IS'' AND ANY
42			* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43			* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
44			* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE pfSense PROJECT OR
45			* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
46			* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
47			* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
48			* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
49			* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
50			* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
51			* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
52			* OF THE POSSIBILITY OF SUCH DAMAGE.
53			*
54			* ====================================================================
55			*
56			*/
57	81bfb231	jim-p	/*
58	3a9f3078	Stephen Beaver	pfSense_MODULE: certificate_manager
59	81bfb231	jim-p	*/
60
61			##\|+PRIV
62			##\|*IDENT=page-system-crlmanager
63			##\|*NAME=System: CRL Manager
64			##\|*DESCR=Allow access to the 'System: CRL Manager' page.
65			##\|MATCH=system_crlmanager.php
66			##\|-PRIV
67
68			require("guiconfig.inc");
69			require_once("certs.inc");
70	0dea741f	Chris Buechler	require_once("openvpn.inc");
71			require_once("vpn.inc");
72	81bfb231	jim-p
73	fc54f29b	jim-p	global $openssl_crl_status;
74
75	81bfb231	jim-p	$pgtitle = array(gettext("System"), gettext("Certificate Revocation List Manager"));
76
77			$crl_methods = array(
78			"internal" => gettext("Create an internal Certificate Revocation List"),
79			"existing" => gettext("Import an existing Certificate Revocation List"));
80
81	56b1ed39	Phil Davis	if (ctype_alnum($_GET['id'])) {
82	e41ec584	Renato Botelho	$id = $_GET['id'];
83	56b1ed39	Phil Davis	}
84			if (isset($_POST['id']) && ctype_alnum($_POST['id'])) {
85	81bfb231	jim-p	$id = $_POST['id'];
86	56b1ed39	Phil Davis	}
87	81bfb231	jim-p
88	56b1ed39	Phil Davis	if (!is_array($config['ca'])) {
89	81bfb231	jim-p	$config['ca'] = array();
90	56b1ed39	Phil Davis	}
91	81bfb231	jim-p
92			$a_ca =& $config['ca'];
93
94	56b1ed39	Phil Davis	if (!is_array($config['cert'])) {
95	81bfb231	jim-p	$config['cert'] = array();
96	56b1ed39	Phil Davis	}
97	81bfb231	jim-p
98			$a_cert =& $config['cert'];
99
100	56b1ed39	Phil Davis	if (!is_array($config['crl'])) {
101	81bfb231	jim-p	$config['crl'] = array();
102	56b1ed39	Phil Davis	}
103	81bfb231	jim-p
104			$a_crl =& $config['crl'];
105
106	56b1ed39	Phil Davis	foreach ($a_crl as $cid => $acrl) {
107			if (!isset($acrl['refid'])) {
108	c1f95f5c	jim-p	unset ($a_crl[$cid]);
109	56b1ed39	Phil Davis	}
110			}
111	c1f95f5c	jim-p
112	81bfb231	jim-p	$act = $_GET['act'];
113	56b1ed39	Phil Davis	if ($_POST['act']) {
114	81bfb231	jim-p	$act = $_POST['act'];
115	56b1ed39	Phil Davis	}
116	81bfb231	jim-p
117	56b1ed39	Phil Davis	if (!empty($id)) {
118	c1f95f5c	jim-p	$thiscrl =& lookup_crl($id);
119	56b1ed39	Phil Davis	}
120	81bfb231	jim-p
121	c1f95f5c	jim-p	// If we were given an invalid crlref in the id, no sense in continuing as it would only cause errors.
122			if (!$thiscrl && (($act != "") && ($act != "new"))) {
123			pfSenseHeader("system_crlmanager.php");
124			$act="";
125			$savemsg = gettext("Invalid CRL reference.");
126	3a9f3078	Stephen Beaver	}
127	c1f95f5c	jim-p
128			if ($act == "del") {
129	234cde4b	jim-p	$name = htmlspecialchars($thiscrl['descr']);
130	c1f95f5c	jim-p	if (crl_in_use($id)) {
131	8cd558b6	ayvis	$savemsg = sprintf(gettext("Certificate Revocation List %s is in use and cannot be deleted"), $name) . "<br />";
132	ad8df715	jim-p	} else {
133	56b1ed39	Phil Davis	foreach ($a_crl as $cid => $acrl) {
134			if ($acrl['refid'] == $thiscrl['refid']) {
135	c1f95f5c	jim-p	unset($a_crl[$cid]);
136	56b1ed39	Phil Davis	}
137			}
138	ad08687b	jim-p	write_config("Deleted CRL {$name}.");
139	8cd558b6	ayvis	$savemsg = sprintf(gettext("Certificate Revocation List %s successfully deleted"), $name) . "<br />";
140	ad8df715	jim-p	}
141	81bfb231	jim-p	}
142
143			if ($act == "new") {
144			$pconfig['method'] = $_GET['method'];
145			$pconfig['caref'] = $_GET['caref'];
146			$pconfig['lifetime'] = "9999";
147			$pconfig['serial'] = "0";
148			}
149
150			if ($act == "exp") {
151	45508803	jim-p	crl_update($thiscrl);
152	c1f95f5c	jim-p	$exp_name = urlencode("{$thiscrl['descr']}.crl");
153			$exp_data = base64_decode($thiscrl['text']);
154	81bfb231	jim-p	$exp_size = strlen($exp_data);
155
156			header("Content-Type: application/octet-stream");
157			header("Content-Disposition: attachment; filename={$exp_name}");
158			header("Content-Length: $exp_size");
159			echo $exp_data;
160			exit;
161			}
162
163	28ff7ace	jim-p	if ($act == "addcert") {
164			if ($_POST) {
165			unset($input_errors);
166			$pconfig = $_POST;
167
168			if (!$pconfig['crlref'] \|\| !$pconfig['certref']) {
169			pfSenseHeader("system_crlmanager.php");
170			exit;
171			}
172
173			// certref, crlref
174			$crl =& lookup_crl($pconfig['crlref']);
175			$cert = lookup_cert($pconfig['certref']);
176
177			if (!$crl['caref'] \|\| !$cert['caref']) {
178			$input_errors[] = gettext("Both the Certificate and CRL must be specified.");
179			}
180
181			if ($crl['caref'] != $cert['caref']) {
182			$input_errors[] = gettext("CA mismatch between the Certificate and CRL. Unable to Revoke.");
183			}
184			if (!is_crl_internal($crl)) {
185			$input_errors[] = gettext("Cannot revoke certificates for an imported/external CRL.");
186			}
187
188			if (!$input_errors) {
189	fc54f29b	jim-p	$reason = (empty($pconfig['crlreason'])) ? OCSP_REVOKED_STATUS_UNSPECIFIED : $pconfig['crlreason'];
190			cert_revoke($cert, $crl, $reason);
191	3a9f3078	Stephen Beaver	// refresh IPsec and OpenVPN CRLs
192	8e022a76	jim-p	openvpn_refresh_crls();
193	6141f51a	Chris Buechler	vpn_ipsec_configure();
194	cfcc6994	jim-p	write_config("Revoked cert {$cert['descr']} in CRL {$crl['descr']}.");
195	28ff7ace	jim-p	pfSenseHeader("system_crlmanager.php");
196	ad08687b	jim-p	exit;
197	28ff7ace	jim-p	}
198			}
199			}
200
201			if ($act == "delcert") {
202	c1f95f5c	jim-p	if (!is_array($thiscrl['cert'])) {
203	28ff7ace	jim-p	pfSenseHeader("system_crlmanager.php");
204			exit;
205			}
206	c1f95f5c	jim-p	$found = false;
207			foreach ($thiscrl['cert'] as $acert) {
208			if ($acert['refid'] == $_GET['certref']) {
209			$found = true;
210			$thiscert = $acert;
211			}
212			}
213			if (!$found) {
214			pfSenseHeader("system_crlmanager.php");
215			exit;
216			}
217	234cde4b	jim-p	$certname = htmlspecialchars($thiscert['descr']);
218			$crlname = htmlspecialchars($thiscrl['descr']);
219	c1f95f5c	jim-p	if (cert_unrevoke($thiscert, $thiscrl)) {
220	234cde4b	jim-p	$savemsg = sprintf(gettext("Deleted Certificate %s from CRL %s"), $certname, $crlname) . "<br />";
221	3a9f3078	Stephen Beaver	// refresh IPsec and OpenVPN CRLs
222	c1f95f5c	jim-p	openvpn_refresh_crls();
223	6141f51a	Chris Buechler	vpn_ipsec_configure();
224	234cde4b	jim-p	write_config(sprintf(gettext("Deleted Certificate %s from CRL %s"), $certname, $crlname));
225	c1f95f5c	jim-p	} else {
226	234cde4b	jim-p	$savemsg = sprintf(gettext("Failed to delete Certificate %s from CRL %s"), $certname, $crlname) . "<br />";
227	c1f95f5c	jim-p	}
228			$act="edit";
229	28ff7ace	jim-p	}
230
231	81bfb231	jim-p	if ($_POST) {
232	234cde4b	jim-p	$input_errors = array();
233	81bfb231	jim-p	$pconfig = $_POST;
234
235			/* input validation */
236	6f3d3a07	jim-p	if (($pconfig['method'] == "existing") \|\| ($act == "editimported")) {
237	5293bfec	jim-p	$reqdfields = explode(" ", "descr crltext");
238	81bfb231	jim-p	$reqdfieldsn = array(
239	6c07db48	Phil Davis	gettext("Descriptive name"),
240			gettext("Certificate Revocation List data"));
241	81bfb231	jim-p	}
242			if ($pconfig['method'] == "internal") {
243	6c07db48	Phil Davis	$reqdfields = explode(" ", "descr caref");
244	81bfb231	jim-p	$reqdfieldsn = array(
245	6c07db48	Phil Davis	gettext("Descriptive name"),
246			gettext("Certificate Authority"));
247	81bfb231	jim-p	}
248
249	1e9b4611	Renato Botelho	do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors);
250	81bfb231	jim-p
251	234cde4b	jim-p	if (preg_match("/[\?\>\<\&\/\\\"\']/", $pconfig['descr'])) {
252			array_push($input_errors, "The field 'Descriptive Name' contains invalid characters.");
253			}
254
255	81bfb231	jim-p	/* if this is an AJAX caller then handle via JSON */
256			if (isAjax() && is_array($input_errors)) {
257			input_errors2Ajax($input_errors);
258			exit;
259			}
260
261			/* save modifications */
262			if (!$input_errors) {
263			$result = false;
264
265	304af9d8	jim-p	if ($thiscrl) {
266	c1f95f5c	jim-p	$crl =& $thiscrl;
267	304af9d8	jim-p	} else {
268			$crl = array();
269			$crl['refid'] = uniqid();
270			}
271	81bfb231	jim-p
272	f2a86ca9	jim-p	$crl['descr'] = $pconfig['descr'];
273	6f3d3a07	jim-p	if ($act != "editimported") {
274			$crl['caref'] = $pconfig['caref'];
275			$crl['method'] = $pconfig['method'];
276			}
277	81bfb231	jim-p
278	6f3d3a07	jim-p	if (($pconfig['method'] == "existing") \|\| ($act == "editimported")) {
279	304af9d8	jim-p	$crl['text'] = base64_encode($pconfig['crltext']);
280	81bfb231	jim-p	}
281
282			if ($pconfig['method'] == "internal") {
283			$crl['serial'] = empty($pconfig['serial']) ? 9999 : $pconfig['serial'];
284			$crl['lifetime'] = empty($pconfig['lifetime']) ? 9999 : $pconfig['lifetime'];
285			$crl['cert'] = array();
286			}
287
288	56b1ed39	Phil Davis	if (!$thiscrl) {
289	81bfb231	jim-p	$a_crl[] = $crl;
290	56b1ed39	Phil Davis	}
291	81bfb231	jim-p
292	304af9d8	jim-p	write_config("Saved CRL {$crl['descr']}");
293	3a9f3078	Stephen Beaver	// refresh IPsec and OpenVPN CRLs
294	6f3d3a07	jim-p	openvpn_refresh_crls();
295	6141f51a	Chris Buechler	vpn_ipsec_configure();
296	81bfb231	jim-p	pfSenseHeader("system_crlmanager.php");
297			}
298			}
299
300			include("head.inc");
301			?>
302
303			<script type="text/javascript">
304	0d15afff	Colin Fleming	//<![CDATA[
305	81bfb231	jim-p
306			function method_change() {
307
308	44bcc1be	jim-p	method = document.iform.method.value;
309	81bfb231	jim-p
310			switch (method) {
311	44bcc1be	jim-p	case "internal":
312	81bfb231	jim-p	document.getElementById("existing").style.display="none";
313			document.getElementById("internal").style.display="";
314			break;
315	44bcc1be	jim-p	case "existing":
316	81bfb231	jim-p	document.getElementById("existing").style.display="";
317			document.getElementById("internal").style.display="none";
318			break;
319			}
320			}
321
322	0d15afff	Colin Fleming	//]]>
323	81bfb231	jim-p	</script>
324	f9ee8994	Stephen Beaver
325	81bfb231	jim-p	<?php
326	f9ee8994	Stephen Beaver
327			function build_method_list() {
328			global $_GET, $crl_methods;
329	3a9f3078	Stephen Beaver
330	f9ee8994	Stephen Beaver	$list = array();
331	3a9f3078	Stephen Beaver
332	f9ee8994	Stephen Beaver	foreach($crl_methods as $method => $desc) {
333			if (($_GET['importonly'] == "yes") && ($method != "existing"))
334			continue;
335	3a9f3078	Stephen Beaver
336	f9ee8994	Stephen Beaver	$list[$method] = $desc;
337	3a9f3078	Stephen Beaver	}
338
339			return($list);
340	f9ee8994	Stephen Beaver	}
341
342			function build_ca_list() {
343			global $a_ca;
344	3a9f3078	Stephen Beaver
345	f9ee8994	Stephen Beaver	$list = array();
346	3a9f3078	Stephen Beaver
347	f9ee8994	Stephen Beaver	foreach($a_ca as $ca)
348			$list[$ca['refid']] = $ca['descr'];
349
350			return($list);
351			}
352
353			function build_cacert_list() {
354			global $ca_certs;
355	3a9f3078	Stephen Beaver
356	f9ee8994	Stephen Beaver	$list = array();
357
358			foreach($ca_certs as $cert)
359	3a9f3078	Stephen Beaver	$list[$cert['refid']] = $cert['descr'];
360	f9ee8994	Stephen Beaver
361			return($list);
362	3a9f3078	Stephen Beaver	}
363	f9ee8994	Stephen Beaver
364			if ($input_errors)
365			print_input_errors($input_errors);
366	3a9f3078	Stephen Beaver
367	f9ee8994	Stephen Beaver	if ($savemsg)
368	3a9f3078	Stephen Beaver	print_info_box($savemsg, 'sucess');
369
370	f9ee8994	Stephen Beaver	$tab_array = array();
371			$tab_array[] = array(gettext("CAs"), false, "system_camanager.php");
372			$tab_array[] = array(gettext("Certificates"), false, "system_certmanager.php");
373			$tab_array[] = array(gettext("Certificate Revocation"), true, "system_crlmanager.php");
374			display_top_tabs($tab_array);
375
376	ad2879b8	PiBa-NL	require_once('classes/Form.class.php');
377	f9ee8994	Stephen Beaver
378			if ($act == "new" \|\| $act == gettext("Save") \|\| $input_errors) {
379			if (!isset($id)) {
380			$form = new Form();
381	3a9f3078	Stephen Beaver
382	f9ee8994	Stephen Beaver	$section = new Form_Section('Create new revocation list');
383	3a9f3078	Stephen Beaver
384	f9ee8994	Stephen Beaver	$section->addInput(new Form_Select(
385			'method',
386			'Method',
387			$pconfig['method'],
388			build_method_list()
389			));
390	3a9f3078	Stephen Beaver
391	f9ee8994	Stephen Beaver	}
392	3a9f3078	Stephen Beaver
393	f9ee8994	Stephen Beaver	$section->addInput(new Form_Input(
394			'descr',
395			'Descriptive name',
396			'text',
397			$pconfig['descr']
398			));
399
400			$section->addInput(new Form_Select(
401			'caref',
402			'Certificate Authority',
403			$pconfig['caref'],
404			build_ca_list()
405			));
406	3a9f3078	Stephen Beaver
407	f9ee8994	Stephen Beaver	$form->add($section);
408	3a9f3078	Stephen Beaver
409	f9ee8994	Stephen Beaver	$section = new Form_Section('Existing Certificate Revocation List');
410			$section->addClass('existing');
411	3a9f3078	Stephen Beaver
412	f9ee8994	Stephen Beaver	$section->addInput(new Form_Textarea(
413			'crltext',
414			'CRL data',
415			$pconfig['crltext']
416			))->setHelp('Paste a Certificate Revocation List in X.509 CRL format here.');
417	3a9f3078	Stephen Beaver
418	f9ee8994	Stephen Beaver	$form->add($section);
419	3a9f3078	Stephen Beaver
420	f9ee8994	Stephen Beaver	$section = new Form_Section('Internal Certificate Revocation List');
421			$section->addClass('internal');
422	3a9f3078	Stephen Beaver
423	f9ee8994	Stephen Beaver	$section->addInput(new Form_Input(
424			'lifetime',
425			'Lifetime (Days)',
426			'number',
427			$pconfig['lifetime'],
428			[max => '9999']
429			));
430	3a9f3078	Stephen Beaver
431	f9ee8994	Stephen Beaver	$section->addInput(new Form_Input(
432			'serial',
433			'Serial',
434			'number',
435			$pconfig['serial'],
436	3a9f3078	Stephen Beaver	[min => '0', max => '9999']
437	f9ee8994	Stephen Beaver	));
438	3a9f3078	Stephen Beaver
439			$form->add($section);
440
441	f9ee8994	Stephen Beaver	if (isset($id) && $thiscrl) {
442			$section->addInput(new Form_Input(
443			'id',
444			null,
445			'hidden',
446			$id
447	3a9f3078	Stephen Beaver	));
448	f9ee8994	Stephen Beaver	}
449	3a9f3078	Stephen Beaver
450	f9ee8994	Stephen Beaver	print($form);
451
452			} elseif ($act == "editimported") {
453	3a9f3078	Stephen Beaver
454	f9ee8994	Stephen Beaver	$form = new Form();
455	3a9f3078	Stephen Beaver
456			$section = new Form_Section('Edit Imported Certificate Revocation List');
457
458	f9ee8994	Stephen Beaver	$section->addInput(new Form_Input(
459			'descr',
460			'Descriptive name',
461			'text',
462			$pconfig['descr']
463			));
464	3a9f3078	Stephen Beaver
465	f9ee8994	Stephen Beaver	$section->addInput(new Form_Textarea(
466			'crltext',
467			'CRL data',
468			$pconfig['crltext']
469			))->setHelp('Paste a Certificate Revocation List in X.509 CRL format here.');
470	3a9f3078	Stephen Beaver
471	f9ee8994	Stephen Beaver	$section->addInput(new Form_Input(
472			'id',
473			null,
474			'hidden',
475			$id
476			));
477	3a9f3078	Stephen Beaver
478	f9ee8994	Stephen Beaver	$section->addInput(new Form_Input(
479			'act',
480			null,
481			'hidden',
482			'editimported'
483			));
484	3a9f3078	Stephen Beaver
485	f9ee8994	Stephen Beaver	$form->add($section);
486	3a9f3078	Stephen Beaver
487	f9ee8994	Stephen Beaver	print($form);
488	3a9f3078	Stephen Beaver
489	f9ee8994	Stephen Beaver	} elseif ($act == "edit") {
490			$crl = $thiscrl;
491	3a9f3078	Stephen Beaver
492	f9ee8994	Stephen Beaver	$form = new Form(false);
493	81bfb231	jim-p	?>
494	3a9f3078	Stephen Beaver
495	f9ee8994	Stephen Beaver	<div class="panel panel-default">
496			<div class="panel-heading"><h2 class="panel-title"><?=gettext("Currently Revoked Certificates for CRL") . ': ' . $crl['descr']?></h2></div>
497			<div class="panel-body table-responsive">
498	3a9f3078	Stephen Beaver	<?php
499	f9ee8994	Stephen Beaver	if (!is_array($crl['cert']) \|\| (count($crl['cert']) == 0))
500			print_info_box(gettext("No Certificates Found for this CRL."), 'danger');
501			else {
502	3a9f3078	Stephen Beaver	?>
503	f9ee8994	Stephen Beaver	<table class="table table-striped table-hover table-condensed">
504			<thead>
505	fc54f29b	jim-p	<tr>
506	f9ee8994	Stephen Beaver	<th><?=gettext("Certificate Name")?></th>
507			<th><?=gettext("Revocation Reason")?></th>
508			<th><?=gettext("Revoked At")?></th>
509			<th></th>
510	28ff7ace	jim-p	</tr>
511	f9ee8994	Stephen Beaver	</thead>
512			<tbody>
513	3a9f3078	Stephen Beaver	<?php
514	f9ee8994	Stephen Beaver	foreach($crl['cert'] as $i => $cert):
515			$name = htmlspecialchars($cert['descr']);
516			?>
517	28ff7ace	jim-p	<tr>
518			<td class="listlr">
519	f9ee8994	Stephen Beaver	<?=$name; ?>
520	28ff7ace	jim-p	</td>
521	fc54f29b	jim-p	<td class="listlr">
522	f9ee8994	Stephen Beaver	<?=$openssl_crl_status[$cert["reason"]]; ?>
523	fc54f29b	jim-p	</td>
524			<td class="listlr">
525	f9ee8994	Stephen Beaver	<?=date("D M j G:i:s T Y", $cert["revoke_time"]); ?>
526	fc54f29b	jim-p	</td>
527	28ff7ace	jim-p	<td class="list">
528	f9ee8994	Stephen Beaver	<a href="system_crlmanager.php?act=delcert&id=<?=$crl['refid']; ?>&certref=<?=$cert['refid']; ?>" onclick="return confirm('<?=gettext("Do you really want to delete this Certificate from the CRL?")?>')">
529	99297d97	Jared Dillard	<i class="icon-large icon-remove-sign" title="<?=gettext("Delete this certificate from the CRL ")?>" alt="<?=gettext("Delete this certificate from the CRL ")?>"></i>
530	28ff7ace	jim-p	</a>
531			</td>
532			</tr>
533	f9ee8994	Stephen Beaver	<?php
534			endforeach;
535			?>
536			</tbody>
537			</table>
538	3a9f3078	Stephen Beaver	<?php } ?>
539	f9ee8994	Stephen Beaver	</div>
540			</div>
541			<?php
542
543			$ca_certs = array();
544			foreach($a_cert as $cert)
545			if ($cert['caref'] == $crl['caref'])
546			$ca_certs[] = $cert;
547	3a9f3078	Stephen Beaver
548	f9ee8994	Stephen Beaver	if (count($ca_certs) == 0)
549			print_info_box(gettext("No Certificates Found for this CA."), 'danger');
550			else
551	3a9f3078	Stephen Beaver
552	f9ee8994	Stephen Beaver	$section = new Form_Section('Choose a certificate to revoke');
553			$group = new Form_Group(null);
554	3a9f3078	Stephen Beaver
555	f9ee8994	Stephen Beaver	$group->add(new Form_Select(
556			'certref',
557			null,
558			$pconfig['certref'],
559	3a9f3078	Stephen Beaver	build_cacert_list()
560	f9ee8994	Stephen Beaver	))->setWidth(4)->setHelp('Certificate');
561	3a9f3078	Stephen Beaver
562	f9ee8994	Stephen Beaver	$group->add(new Form_Select(
563			'crlreason',
564			null,
565			-1,
566			$openssl_crl_status
567			))->setHelp('Reason');
568	3a9f3078	Stephen Beaver
569	f9ee8994	Stephen Beaver	$group->add(new Form_Button(
570			'submit',
571			'Add'
572			))->removeClass('btn-primary')->addClass('btn-success btn-sm');
573	3a9f3078	Stephen Beaver
574	f9ee8994	Stephen Beaver	$section->add($group);
575	3a9f3078	Stephen Beaver
576	f9ee8994	Stephen Beaver	$section->addInput(new Form_Input(
577			'id',
578			null,
579			'hidden',
580			$crl['refid']
581			));
582	3a9f3078	Stephen Beaver
583	f9ee8994	Stephen Beaver	$section->addInput(new Form_Input(
584			'act',
585			null,
586			'hidden',
587			'addcert'
588			));
589	3a9f3078	Stephen Beaver
590	f9ee8994	Stephen Beaver	$section->addInput(new Form_Input(
591			'crlref',
592			null,
593			'hidden',
594			$crl['refid']
595			));
596	3a9f3078	Stephen Beaver
597	f9ee8994	Stephen Beaver	$form->add($section);
598			print($form);
599			} else {
600			?>
601
602			<div class="panel panel-default">
603			<div class="panel-heading"><h2 class="panel-title"><?=gettext("Additional Certificate Revocation Lists")?></h2></div>
604			<div class="panel-body table-responsive">
605			<table class="table table-striped table-hover table-condensed">
606			<thead>
607	0d15afff	Colin Fleming	<tr>
608	f9ee8994	Stephen Beaver	<th><?=gettext("Name")?></th>
609			<th><?=gettext("Internal")?></th>
610			<th><?=gettext("Certificates")?></th>
611			<th><?=gettext("In Use")?></th>
612			<th></th>
613	0d15afff	Colin Fleming	</tr>
614	f9ee8994	Stephen Beaver	</thead>
615			<tbody>
616			<?php
617			$caimg = "/themes/{$g['theme']}/images/icons/icon_frmfld_cert.png";
618			// Map CRLs to CAs in one pass
619			$ca_crl_map = array();
620			foreach($a_crl as $crl)
621			$ca_crl_map[$crl['caref']][] = $crl['refid'];
622
623			$i = 0;
624			foreach($a_ca as $ca):
625			$name = htmlspecialchars($ca['descr']);
626
627			if($ca['prv']) {
628			$cainternal = "YES";
629	3a9f3078	Stephen Beaver	} else
630	f9ee8994	Stephen Beaver	$cainternal = "NO";
631	3a9f3078	Stephen Beaver	?>
632	81bfb231	jim-p	<tr>
633	f9ee8994	Stephen Beaver	<td colspan="4">
634			<?=$name?>
635	81bfb231	jim-p	</td>
636	f9ee8994	Stephen Beaver	<td>
637	3a9f3078	Stephen Beaver	<?php
638	f9ee8994	Stephen Beaver	if ($cainternal == "YES"): ?>
639			<a href="system_crlmanager.php?act=new&caref=<?=$ca['refid']; ?>" class="btn btn-xs btn-success">
640	c4e97dbe	Chris Buechler	<?=gettext("Add or Import CRL")?>
641	44bcc1be	jim-p	</a>
642	3a9f3078	Stephen Beaver	<?php
643	f9ee8994	Stephen Beaver	else: ?>
644			<a href="system_crlmanager.php?act=new&caref=<?=$ca['refid']; ?>&importonly=yes" class="btn btn-xs btn-success">
645	c4e97dbe	Chris Buechler	<?=gettext("Add or Import CRL")?>
646	3a9f3078	Stephen Beaver	</a>
647			<?php
648	f9ee8994	Stephen Beaver	endif; ?>
649	81bfb231	jim-p	</td>
650			</tr>
651	f9ee8994	Stephen Beaver	<?php
652			if (is_array($ca_crl_map[$ca['refid']])):
653			foreach($ca_crl_map[$ca['refid']] as $crl):
654			$tmpcrl = lookup_crl($crl);
655			$internal = is_crl_internal($tmpcrl);
656			$inuse = crl_in_use($tmpcrl['refid']);
657			?>
658	81bfb231	jim-p	<tr>
659	f9ee8994	Stephen Beaver	<td><?=$tmpcrl['descr']; ?></td>
660			<td><?=($internal) ? "YES" : "NO"; ?></td>
661			<td><?=($internal) ? count($tmpcrl['cert']) : "Unknown (imported)"; ?></td>
662			<td><?=($inuse) ? "YES" : "NO"; ?></td>
663			<td>
664			<a href="system_crlmanager.php?act=exp&id=<?=$tmpcrl['refid']?>" class="btn btn-xs btn-success">
665	97d27a2e	Chris Buechler	<?=gettext("Export CRL")?>
666	81bfb231	jim-p	</a>
667	3a9f3078	Stephen Beaver	<?php
668	f9ee8994	Stephen Beaver	if ($internal): ?>
669			<a href="system_crlmanager.php?act=edit&id=<?=$tmpcrl['refid']?>" class="btn btn-xs btn-info">
670			<?=gettext("Edit CRL")?>
671	28ff7ace	jim-p	</a>
672	3a9f3078	Stephen Beaver	<?php
673	f9ee8994	Stephen Beaver	else: ?>
674			<a href="system_crlmanager.php?act=editimported&id=<?=$tmpcrl['refid']?>" class="btn btn-xs btn-info">
675			<?=gettext("Edit CRL")?>
676	6f3d3a07	jim-p	</a>
677	3a9f3078	Stephen Beaver	<?php endif;
678	f9ee8994	Stephen Beaver	if (!$inuse): ?>
679			<a href="system_crlmanager.php?act=del&id=<?=$tmpcrl['refid']?>" class="btn btn-xs btn-danger">
680			<?=gettext("Delete CRL")?>
681	81bfb231	jim-p	</a>
682	3a9f3078	Stephen Beaver	<?php
683	f9ee8994	Stephen Beaver	endif; ?>
684	81bfb231	jim-p	</td>
685			</tr>
686	f9ee8994	Stephen Beaver	<?php
687			$i++;
688			endforeach;
689			endif;
690			$i++;
691			endforeach;
692	3a9f3078	Stephen Beaver	?>
693	f9ee8994	Stephen Beaver	</tbody>
694			</table>
695			</div>
696			</div>
697	3a9f3078	Stephen Beaver
698
699			<?php
700	f9ee8994	Stephen Beaver	}
701			?>
702	81bfb231	jim-p
703	f9ee8994	Stephen Beaver	<script>
704	3a9f3078	Stephen Beaver	//<![CDATA[
705	f9ee8994	Stephen Beaver	events.push(function(){
706	3a9f3078	Stephen Beaver
707			// Hides all elements of the specified class. This will usually be a section or group
708			function hideClass(s_class, hide) {
709			if(hide)
710			$('.' + s_class).hide();
711			else
712			$('.' + s_class).show();
713			}
714
715			// When the 'method" selector is changed, we show/hide certain sections
716			$('#method').on('change', function() {
717			hideClass('internal', ($('#method').val() == 'existing'));
718			hideClass('existing', ($('#method').val() == 'internal'));
719			});
720
721	f9ee8994	Stephen Beaver	hideClass('internal', ($('#method').val() == 'existing'));
722			hideClass('existing', ($('#method').val() == 'internal'));
723			});
724	3a9f3078	Stephen Beaver	//]]>
725	81bfb231	jim-p	</script>
726
727	f9ee8994	Stephen Beaver	<?php include("foot.inc");

Project

General

Profile

pfSense