/src/usr/local/www/system_crlmanager.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/src/usr/local/www/system_crlmanager.php @ c8763391

1	81bfb231	jim-p	<?php
2			/*
3	aaec5634	Renato Botelho	* system_crlmanager.php
4	3a9f3078	Stephen Beaver	*
5	aaec5634	Renato Botelho	* part of pfSense (https://www.pfsense.org)
6	2a2396a6	Renato Botelho	* Copyright (c) 2004-2016 Rubicon Communications, LLC (Netgate)
7	aaec5634	Renato Botelho	* All rights reserved.
8	3a9f3078	Stephen Beaver	*
9	aaec5634	Renato Botelho	* Redistribution and use in source and binary forms, with or without
10			* modification, are permitted provided that the following conditions are met:
11	3a9f3078	Stephen Beaver	*
12	aaec5634	Renato Botelho	* 1. Redistributions of source code must retain the above copyright notice,
13			* this list of conditions and the following disclaimer.
14	3a9f3078	Stephen Beaver	*
15	aaec5634	Renato Botelho	* 2. Redistributions in binary form must reproduce the above copyright
16			* notice, this list of conditions and the following disclaimer in
17			* the documentation and/or other materials provided with the
18			* distribution.
19	3a9f3078	Stephen Beaver	*
20	aaec5634	Renato Botelho	* 3. All advertising materials mentioning features or use of this software
21			* must display the following acknowledgment:
22			* "This product includes software developed by the pfSense Project
23			* for use in the pfSense® software distribution. (http://www.pfsense.org/).
24	3a9f3078	Stephen Beaver	*
25	aaec5634	Renato Botelho	* 4. The names "pfSense" and "pfSense Project" must not be used to
26			* endorse or promote products derived from this software without
27			* prior written permission. For written permission, please contact
28			* coreteam@pfsense.org.
29	3a9f3078	Stephen Beaver	*
30	aaec5634	Renato Botelho	* 5. Products derived from this software may not be called "pfSense"
31			* nor may "pfSense" appear in their names without prior written
32			* permission of the Electric Sheep Fencing, LLC.
33	3a9f3078	Stephen Beaver	*
34	aaec5634	Renato Botelho	* 6. Redistributions of any form whatsoever must retain the following
35			* acknowledgment:
36	3a9f3078	Stephen Beaver	*
37	aaec5634	Renato Botelho	* "This product includes software developed by the pfSense Project
38			* for use in the pfSense software distribution (http://www.pfsense.org/).
39	3a9f3078	Stephen Beaver	*
40	aaec5634	Renato Botelho	* THIS SOFTWARE IS PROVIDED BY THE pfSense PROJECT ``AS IS'' AND ANY
41			* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42			* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
43			* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE pfSense PROJECT OR
44			* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
45			* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
46			* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
47			* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48			* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
49			* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
50			* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
51			* OF THE POSSIBILITY OF SUCH DAMAGE.
52	3a9f3078	Stephen Beaver	*/
53	81bfb231	jim-p
54			##\|+PRIV
55			##\|*IDENT=page-system-crlmanager
56			##\|*NAME=System: CRL Manager
57			##\|*DESCR=Allow access to the 'System: CRL Manager' page.
58			##\|MATCH=system_crlmanager.php
59			##\|-PRIV
60
61	aceaf18c	Phil Davis	require_once("guiconfig.inc");
62	81bfb231	jim-p	require_once("certs.inc");
63	0dea741f	Chris Buechler	require_once("openvpn.inc");
64			require_once("vpn.inc");
65	81bfb231	jim-p
66	fc54f29b	jim-p	global $openssl_crl_status;
67
68	81bfb231	jim-p	$crl_methods = array(
69			"internal" => gettext("Create an internal Certificate Revocation List"),
70			"existing" => gettext("Import an existing Certificate Revocation List"));
71
72	56b1ed39	Phil Davis	if (ctype_alnum($_GET['id'])) {
73	e41ec584	Renato Botelho	$id = $_GET['id'];
74	56b1ed39	Phil Davis	}
75			if (isset($_POST['id']) && ctype_alnum($_POST['id'])) {
76	81bfb231	jim-p	$id = $_POST['id'];
77	56b1ed39	Phil Davis	}
78	81bfb231	jim-p
79	56b1ed39	Phil Davis	if (!is_array($config['ca'])) {
80	81bfb231	jim-p	$config['ca'] = array();
81	56b1ed39	Phil Davis	}
82	81bfb231	jim-p
83			$a_ca =& $config['ca'];
84
85	56b1ed39	Phil Davis	if (!is_array($config['cert'])) {
86	81bfb231	jim-p	$config['cert'] = array();
87	56b1ed39	Phil Davis	}
88	81bfb231	jim-p
89			$a_cert =& $config['cert'];
90
91	56b1ed39	Phil Davis	if (!is_array($config['crl'])) {
92	81bfb231	jim-p	$config['crl'] = array();
93	56b1ed39	Phil Davis	}
94	81bfb231	jim-p
95			$a_crl =& $config['crl'];
96
97	56b1ed39	Phil Davis	foreach ($a_crl as $cid => $acrl) {
98			if (!isset($acrl['refid'])) {
99	c1f95f5c	jim-p	unset ($a_crl[$cid]);
100	56b1ed39	Phil Davis	}
101			}
102	c1f95f5c	jim-p
103	81bfb231	jim-p	$act = $_GET['act'];
104	56b1ed39	Phil Davis	if ($_POST['act']) {
105	81bfb231	jim-p	$act = $_POST['act'];
106	56b1ed39	Phil Davis	}
107	81bfb231	jim-p
108	56b1ed39	Phil Davis	if (!empty($id)) {
109	c1f95f5c	jim-p	$thiscrl =& lookup_crl($id);
110	56b1ed39	Phil Davis	}
111	81bfb231	jim-p
112	c1f95f5c	jim-p	// If we were given an invalid crlref in the id, no sense in continuing as it would only cause errors.
113			if (!$thiscrl && (($act != "") && ($act != "new"))) {
114			pfSenseHeader("system_crlmanager.php");
115			$act="";
116			$savemsg = gettext("Invalid CRL reference.");
117	7f799b0b	Phil Davis	$class = "danger";
118	3a9f3078	Stephen Beaver	}
119	c1f95f5c	jim-p
120			if ($act == "del") {
121	234cde4b	jim-p	$name = htmlspecialchars($thiscrl['descr']);
122	c1f95f5c	jim-p	if (crl_in_use($id)) {
123	8545adde	k-paulius	$savemsg = sprintf(gettext("Certificate Revocation List %s is in use and cannot be deleted."), $name);
124	7f799b0b	Phil Davis	$class = "danger";
125	ad8df715	jim-p	} else {
126	56b1ed39	Phil Davis	foreach ($a_crl as $cid => $acrl) {
127			if ($acrl['refid'] == $thiscrl['refid']) {
128	c1f95f5c	jim-p	unset($a_crl[$cid]);
129	56b1ed39	Phil Davis	}
130			}
131	ad08687b	jim-p	write_config("Deleted CRL {$name}.");
132	8545adde	k-paulius	$savemsg = sprintf(gettext("Certificate Revocation List %s successfully deleted."), $name);
133	7f799b0b	Phil Davis	$class = "success";
134	ad8df715	jim-p	}
135	81bfb231	jim-p	}
136
137			if ($act == "new") {
138			$pconfig['method'] = $_GET['method'];
139			$pconfig['caref'] = $_GET['caref'];
140			$pconfig['lifetime'] = "9999";
141			$pconfig['serial'] = "0";
142			}
143
144			if ($act == "exp") {
145	45508803	jim-p	crl_update($thiscrl);
146	c1f95f5c	jim-p	$exp_name = urlencode("{$thiscrl['descr']}.crl");
147			$exp_data = base64_decode($thiscrl['text']);
148	81bfb231	jim-p	$exp_size = strlen($exp_data);
149
150			header("Content-Type: application/octet-stream");
151			header("Content-Disposition: attachment; filename={$exp_name}");
152			header("Content-Length: $exp_size");
153			echo $exp_data;
154			exit;
155			}
156
157	28ff7ace	jim-p	if ($act == "addcert") {
158			if ($_POST) {
159			unset($input_errors);
160			$pconfig = $_POST;
161
162			if (!$pconfig['crlref'] \|\| !$pconfig['certref']) {
163			pfSenseHeader("system_crlmanager.php");
164			exit;
165			}
166
167			// certref, crlref
168			$crl =& lookup_crl($pconfig['crlref']);
169			$cert = lookup_cert($pconfig['certref']);
170
171			if (!$crl['caref'] \|\| !$cert['caref']) {
172			$input_errors[] = gettext("Both the Certificate and CRL must be specified.");
173			}
174
175			if ($crl['caref'] != $cert['caref']) {
176			$input_errors[] = gettext("CA mismatch between the Certificate and CRL. Unable to Revoke.");
177			}
178			if (!is_crl_internal($crl)) {
179			$input_errors[] = gettext("Cannot revoke certificates for an imported/external CRL.");
180			}
181
182			if (!$input_errors) {
183	fc54f29b	jim-p	$reason = (empty($pconfig['crlreason'])) ? OCSP_REVOKED_STATUS_UNSPECIFIED : $pconfig['crlreason'];
184			cert_revoke($cert, $crl, $reason);
185	3a9f3078	Stephen Beaver	// refresh IPsec and OpenVPN CRLs
186	8e022a76	jim-p	openvpn_refresh_crls();
187	6141f51a	Chris Buechler	vpn_ipsec_configure();
188	cfcc6994	jim-p	write_config("Revoked cert {$cert['descr']} in CRL {$crl['descr']}.");
189	28ff7ace	jim-p	pfSenseHeader("system_crlmanager.php");
190	ad08687b	jim-p	exit;
191	28ff7ace	jim-p	}
192			}
193			}
194
195			if ($act == "delcert") {
196	c1f95f5c	jim-p	if (!is_array($thiscrl['cert'])) {
197	28ff7ace	jim-p	pfSenseHeader("system_crlmanager.php");
198			exit;
199			}
200	c1f95f5c	jim-p	$found = false;
201			foreach ($thiscrl['cert'] as $acert) {
202			if ($acert['refid'] == $_GET['certref']) {
203			$found = true;
204			$thiscert = $acert;
205			}
206			}
207			if (!$found) {
208			pfSenseHeader("system_crlmanager.php");
209			exit;
210			}
211	234cde4b	jim-p	$certname = htmlspecialchars($thiscert['descr']);
212			$crlname = htmlspecialchars($thiscrl['descr']);
213	c1f95f5c	jim-p	if (cert_unrevoke($thiscert, $thiscrl)) {
214	8545adde	k-paulius	$savemsg = sprintf(gettext("Deleted Certificate %s from CRL %s."), $certname, $crlname);
215	7f799b0b	Phil Davis	$class = "success";
216	3a9f3078	Stephen Beaver	// refresh IPsec and OpenVPN CRLs
217	c1f95f5c	jim-p	openvpn_refresh_crls();
218	6141f51a	Chris Buechler	vpn_ipsec_configure();
219	762faef5	Phil Davis	write_config($savemsg);
220	c1f95f5c	jim-p	} else {
221	8545adde	k-paulius	$savemsg = sprintf(gettext("Failed to delete Certificate %s from CRL %s."), $certname, $crlname);
222	7f799b0b	Phil Davis	$class = "danger";
223	c1f95f5c	jim-p	}
224			$act="edit";
225	28ff7ace	jim-p	}
226
227	81bfb231	jim-p	if ($_POST) {
228	234cde4b	jim-p	$input_errors = array();
229	81bfb231	jim-p	$pconfig = $_POST;
230
231			/* input validation */
232	6f3d3a07	jim-p	if (($pconfig['method'] == "existing") \|\| ($act == "editimported")) {
233	5293bfec	jim-p	$reqdfields = explode(" ", "descr crltext");
234	81bfb231	jim-p	$reqdfieldsn = array(
235	6c07db48	Phil Davis	gettext("Descriptive name"),
236			gettext("Certificate Revocation List data"));
237	81bfb231	jim-p	}
238			if ($pconfig['method'] == "internal") {
239	6c07db48	Phil Davis	$reqdfields = explode(" ", "descr caref");
240	81bfb231	jim-p	$reqdfieldsn = array(
241	6c07db48	Phil Davis	gettext("Descriptive name"),
242			gettext("Certificate Authority"));
243	81bfb231	jim-p	}
244
245	1e9b4611	Renato Botelho	do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors);
246	81bfb231	jim-p
247	234cde4b	jim-p	if (preg_match("/[\?\>\<\&\/\\\"\']/", $pconfig['descr'])) {
248			array_push($input_errors, "The field 'Descriptive Name' contains invalid characters.");
249			}
250
251	81bfb231	jim-p	/* save modifications */
252			if (!$input_errors) {
253			$result = false;
254
255	304af9d8	jim-p	if ($thiscrl) {
256	c1f95f5c	jim-p	$crl =& $thiscrl;
257	304af9d8	jim-p	} else {
258			$crl = array();
259			$crl['refid'] = uniqid();
260			}
261	81bfb231	jim-p
262	f2a86ca9	jim-p	$crl['descr'] = $pconfig['descr'];
263	6f3d3a07	jim-p	if ($act != "editimported") {
264			$crl['caref'] = $pconfig['caref'];
265			$crl['method'] = $pconfig['method'];
266			}
267	81bfb231	jim-p
268	6f3d3a07	jim-p	if (($pconfig['method'] == "existing") \|\| ($act == "editimported")) {
269	304af9d8	jim-p	$crl['text'] = base64_encode($pconfig['crltext']);
270	81bfb231	jim-p	}
271
272			if ($pconfig['method'] == "internal") {
273			$crl['serial'] = empty($pconfig['serial']) ? 9999 : $pconfig['serial'];
274			$crl['lifetime'] = empty($pconfig['lifetime']) ? 9999 : $pconfig['lifetime'];
275			$crl['cert'] = array();
276			}
277
278	56b1ed39	Phil Davis	if (!$thiscrl) {
279	81bfb231	jim-p	$a_crl[] = $crl;
280	56b1ed39	Phil Davis	}
281	81bfb231	jim-p
282	304af9d8	jim-p	write_config("Saved CRL {$crl['descr']}");
283	3a9f3078	Stephen Beaver	// refresh IPsec and OpenVPN CRLs
284	6f3d3a07	jim-p	openvpn_refresh_crls();
285	6141f51a	Chris Buechler	vpn_ipsec_configure();
286	81bfb231	jim-p	pfSenseHeader("system_crlmanager.php");
287			}
288			}
289
290	56c6b1cb	k-paulius	$pgtitle = array(gettext("System"), gettext("Certificate Manager"), gettext("Certificate Revocation"));
291	de02dc29	Phil Davis	$pglinks = array("", "system_camanager.php", "system_crlmanager.php");
292	56c6b1cb	k-paulius
293			if ($act == "new" \|\| $act == gettext("Save") \|\| $input_errors \|\| $act == "edit") {
294			$pgtitle[] = gettext('Edit');
295	de02dc29	Phil Davis	$pglinks[] = "@self";
296	56c6b1cb	k-paulius	}
297	81bfb231	jim-p	include("head.inc");
298			?>
299
300			<script type="text/javascript">
301	0d15afff	Colin Fleming	//<![CDATA[
302	81bfb231	jim-p
303			function method_change() {
304
305	44bcc1be	jim-p	method = document.iform.method.value;
306	81bfb231	jim-p
307			switch (method) {
308	44bcc1be	jim-p	case "internal":
309	81bfb231	jim-p	document.getElementById("existing").style.display="none";
310			document.getElementById("internal").style.display="";
311			break;
312	44bcc1be	jim-p	case "existing":
313	81bfb231	jim-p	document.getElementById("existing").style.display="";
314			document.getElementById("internal").style.display="none";
315			break;
316			}
317			}
318
319	0d15afff	Colin Fleming	//]]>
320	81bfb231	jim-p	</script>
321	f9ee8994	Stephen Beaver
322	81bfb231	jim-p	<?php
323	f9ee8994	Stephen Beaver
324			function build_method_list() {
325			global $_GET, $crl_methods;
326	3a9f3078	Stephen Beaver
327	f9ee8994	Stephen Beaver	$list = array();
328	3a9f3078	Stephen Beaver
329	78863416	Phil Davis	foreach ($crl_methods as $method => $desc) {
330			if (($_GET['importonly'] == "yes") && ($method != "existing")) {
331	f9ee8994	Stephen Beaver	continue;
332	78863416	Phil Davis	}
333	3a9f3078	Stephen Beaver
334	f9ee8994	Stephen Beaver	$list[$method] = $desc;
335	3a9f3078	Stephen Beaver	}
336
337			return($list);
338	f9ee8994	Stephen Beaver	}
339
340			function build_ca_list() {
341			global $a_ca;
342	3a9f3078	Stephen Beaver
343	f9ee8994	Stephen Beaver	$list = array();
344	3a9f3078	Stephen Beaver
345	78863416	Phil Davis	foreach ($a_ca as $ca) {
346	f9ee8994	Stephen Beaver	$list[$ca['refid']] = $ca['descr'];
347	78863416	Phil Davis	}
348	f9ee8994	Stephen Beaver
349			return($list);
350			}
351
352			function build_cacert_list() {
353			global $ca_certs;
354	3a9f3078	Stephen Beaver
355	f9ee8994	Stephen Beaver	$list = array();
356
357	9488f42b	Phil Davis	foreach ($ca_certs as $cert) {
358	3a9f3078	Stephen Beaver	$list[$cert['refid']] = $cert['descr'];
359	78863416	Phil Davis	}
360	f9ee8994	Stephen Beaver
361			return($list);
362	3a9f3078	Stephen Beaver	}
363	f9ee8994	Stephen Beaver
364	78863416	Phil Davis	if ($input_errors) {
365	f9ee8994	Stephen Beaver	print_input_errors($input_errors);
366	78863416	Phil Davis	}
367	3a9f3078	Stephen Beaver
368	78863416	Phil Davis	if ($savemsg) {
369	7f799b0b	Phil Davis	print_info_box($savemsg, $class);
370	78863416	Phil Davis	}
371	3a9f3078	Stephen Beaver
372	f9ee8994	Stephen Beaver	$tab_array = array();
373			$tab_array[] = array(gettext("CAs"), false, "system_camanager.php");
374			$tab_array[] = array(gettext("Certificates"), false, "system_certmanager.php");
375			$tab_array[] = array(gettext("Certificate Revocation"), true, "system_crlmanager.php");
376			display_top_tabs($tab_array);
377
378			if ($act == "new" \|\| $act == gettext("Save") \|\| $input_errors) {
379			if (!isset($id)) {
380			$form = new Form();
381	3a9f3078	Stephen Beaver
382	5f88f964	k-paulius	$section = new Form_Section('Create new Revocation List');
383	3a9f3078	Stephen Beaver
384	f9ee8994	Stephen Beaver	$section->addInput(new Form_Select(
385			'method',
386	51685157	Phil Davis	'*Method',
387	f9ee8994	Stephen Beaver	$pconfig['method'],
388			build_method_list()
389			));
390	3a9f3078	Stephen Beaver
391	f9ee8994	Stephen Beaver	}
392	3a9f3078	Stephen Beaver
393	f9ee8994	Stephen Beaver	$section->addInput(new Form_Input(
394			'descr',
395	51685157	Phil Davis	'*Descriptive name',
396	f9ee8994	Stephen Beaver	'text',
397			$pconfig['descr']
398			));
399
400			$section->addInput(new Form_Select(
401			'caref',
402	51685157	Phil Davis	'*Certificate Authority',
403	f9ee8994	Stephen Beaver	$pconfig['caref'],
404			build_ca_list()
405			));
406	3a9f3078	Stephen Beaver
407	f9ee8994	Stephen Beaver	$form->add($section);
408	3a9f3078	Stephen Beaver
409	f9ee8994	Stephen Beaver	$section = new Form_Section('Existing Certificate Revocation List');
410			$section->addClass('existing');
411	3a9f3078	Stephen Beaver
412	f9ee8994	Stephen Beaver	$section->addInput(new Form_Textarea(
413			'crltext',
414	51685157	Phil Davis	'*CRL data',
415	f9ee8994	Stephen Beaver	$pconfig['crltext']
416			))->setHelp('Paste a Certificate Revocation List in X.509 CRL format here.');
417	3a9f3078	Stephen Beaver
418	f9ee8994	Stephen Beaver	$form->add($section);
419	3a9f3078	Stephen Beaver
420	f9ee8994	Stephen Beaver	$section = new Form_Section('Internal Certificate Revocation List');
421			$section->addClass('internal');
422	3a9f3078	Stephen Beaver
423	f9ee8994	Stephen Beaver	$section->addInput(new Form_Input(
424			'lifetime',
425			'Lifetime (Days)',
426			'number',
427			$pconfig['lifetime'],
428			[max => '9999']
429			));
430	3a9f3078	Stephen Beaver
431	f9ee8994	Stephen Beaver	$section->addInput(new Form_Input(
432			'serial',
433			'Serial',
434			'number',
435			$pconfig['serial'],
436	467d7777	BBcan177	['min' => '0', 'max' => '9999']
437	f9ee8994	Stephen Beaver	));
438	3a9f3078	Stephen Beaver
439			$form->add($section);
440
441	f9ee8994	Stephen Beaver	if (isset($id) && $thiscrl) {
442			$section->addInput(new Form_Input(
443			'id',
444			null,
445			'hidden',
446			$id
447	3a9f3078	Stephen Beaver	));
448	f9ee8994	Stephen Beaver	}
449	3a9f3078	Stephen Beaver
450	f9ee8994	Stephen Beaver	print($form);
451
452			} elseif ($act == "editimported") {
453	3a9f3078	Stephen Beaver
454	f9ee8994	Stephen Beaver	$form = new Form();
455	3a9f3078	Stephen Beaver
456			$section = new Form_Section('Edit Imported Certificate Revocation List');
457
458	f9ee8994	Stephen Beaver	$section->addInput(new Form_Input(
459			'descr',
460	51685157	Phil Davis	'*Descriptive name',
461	f9ee8994	Stephen Beaver	'text',
462			$pconfig['descr']
463			));
464	3a9f3078	Stephen Beaver
465	f9ee8994	Stephen Beaver	$section->addInput(new Form_Textarea(
466			'crltext',
467	51685157	Phil Davis	'*CRL data',
468	f9ee8994	Stephen Beaver	$pconfig['crltext']
469			))->setHelp('Paste a Certificate Revocation List in X.509 CRL format here.');
470	3a9f3078	Stephen Beaver
471	f9ee8994	Stephen Beaver	$section->addInput(new Form_Input(
472			'id',
473			null,
474			'hidden',
475			$id
476			));
477	3a9f3078	Stephen Beaver
478	f9ee8994	Stephen Beaver	$section->addInput(new Form_Input(
479			'act',
480			null,
481			'hidden',
482			'editimported'
483			));
484	3a9f3078	Stephen Beaver
485	f9ee8994	Stephen Beaver	$form->add($section);
486	3a9f3078	Stephen Beaver
487	f9ee8994	Stephen Beaver	print($form);
488	3a9f3078	Stephen Beaver
489	f9ee8994	Stephen Beaver	} elseif ($act == "edit") {
490			$crl = $thiscrl;
491	3a9f3078	Stephen Beaver
492	f9ee8994	Stephen Beaver	$form = new Form(false);
493	81bfb231	jim-p	?>
494	3a9f3078	Stephen Beaver
495	f9ee8994	Stephen Beaver	<div class="panel panel-default">
496			<div class="panel-heading"><h2 class="panel-title"><?=gettext("Currently Revoked Certificates for CRL") . ': ' . $crl['descr']?></h2></div>
497			<div class="panel-body table-responsive">
498	3a9f3078	Stephen Beaver	<?php
499	78863416	Phil Davis	if (!is_array($crl['cert']) \|\| (count($crl['cert']) == 0)) {
500	8545adde	k-paulius	print_info_box(gettext("No certificates found for this CRL."), 'danger');
501	78863416	Phil Davis	} else {
502	3a9f3078	Stephen Beaver	?>
503	f9ee8994	Stephen Beaver	<table class="table table-striped table-hover table-condensed">
504			<thead>
505	fc54f29b	jim-p	<tr>
506	f9ee8994	Stephen Beaver	<th><?=gettext("Certificate Name")?></th>
507			<th><?=gettext("Revocation Reason")?></th>
508			<th><?=gettext("Revoked At")?></th>
509			<th></th>
510	28ff7ace	jim-p	</tr>
511	f9ee8994	Stephen Beaver	</thead>
512			<tbody>
513	3a9f3078	Stephen Beaver	<?php
514	78863416	Phil Davis	foreach ($crl['cert'] as $i => $cert):
515	f9ee8994	Stephen Beaver	$name = htmlspecialchars($cert['descr']);
516			?>
517	28ff7ace	jim-p	<tr>
518			<td class="listlr">
519	f9ee8994	Stephen Beaver	<?=$name; ?>
520	28ff7ace	jim-p	</td>
521	fc54f29b	jim-p	<td class="listlr">
522	f9ee8994	Stephen Beaver	<?=$openssl_crl_status[$cert["reason"]]; ?>
523	fc54f29b	jim-p	</td>
524			<td class="listlr">
525	f9ee8994	Stephen Beaver	<?=date("D M j G:i:s T Y", $cert["revoke_time"]); ?>
526	fc54f29b	jim-p	</td>
527	28ff7ace	jim-p	<td class="list">
528	15b6dcac	jim-p	<a href="system_crlmanager.php?act=delcert&id=<?=$crl['refid']; ?>&certref=<?=$cert['refid']; ?>">
529			<i class="fa fa-trash" title="<?=gettext("Delete this certificate from the CRL")?>" alt="<?=gettext("Delete this certificate from the CRL")?>"></i>
530	28ff7ace	jim-p	</a>
531			</td>
532			</tr>
533	f9ee8994	Stephen Beaver	<?php
534			endforeach;
535			?>
536			</tbody>
537			</table>
538	f6fac5ac	Phil Davis	<?php
539			}
540			?>
541	f9ee8994	Stephen Beaver	</div>
542			</div>
543			<?php
544
545			$ca_certs = array();
546	78863416	Phil Davis	foreach ($a_cert as $cert) {
547	419cfa1e	skrude61	if ($cert['caref'] == $crl['caref'] && !is_cert_revoked($cert, $id)) {
548	f9ee8994	Stephen Beaver	$ca_certs[] = $cert;
549	78863416	Phil Davis	}
550			}
551	3a9f3078	Stephen Beaver
552	f6fac5ac	Phil Davis	if (count($ca_certs) == 0) {
553	8545adde	k-paulius	print_info_box(gettext("No certificates found for this CA."), 'danger');
554	f6fac5ac	Phil Davis	} else {
555	5f88f964	k-paulius	$section = new Form_Section('Choose a Certificate to Revoke');
556	f6fac5ac	Phil Davis	$group = new Form_Group(null);
557	3a9f3078	Stephen Beaver
558	f6fac5ac	Phil Davis	$group->add(new Form_Select(
559			'certref',
560			null,
561			$pconfig['certref'],
562			build_cacert_list()
563			))->setWidth(4)->setHelp('Certificate');
564	3a9f3078	Stephen Beaver
565	f6fac5ac	Phil Davis	$group->add(new Form_Select(
566			'crlreason',
567			null,
568			-1,
569			$openssl_crl_status
570			))->setHelp('Reason');
571	3a9f3078	Stephen Beaver
572	f6fac5ac	Phil Davis	$group->add(new Form_Button(
573			'submit',
574	faab522f	Renato Botelho	'Add',
575	827a3812	jim-p	null,
576			'fa-plus'
577			))->addClass('btn-success btn-sm');
578	3a9f3078	Stephen Beaver
579	f6fac5ac	Phil Davis	$section->add($group);
580	3a9f3078	Stephen Beaver
581	f6fac5ac	Phil Davis	$section->addInput(new Form_Input(
582			'id',
583			null,
584			'hidden',
585			$crl['refid']
586			));
587	3a9f3078	Stephen Beaver
588	f6fac5ac	Phil Davis	$section->addInput(new Form_Input(
589			'act',
590			null,
591			'hidden',
592			'addcert'
593			));
594	3a9f3078	Stephen Beaver
595	f6fac5ac	Phil Davis	$section->addInput(new Form_Input(
596			'crlref',
597			null,
598			'hidden',
599			$crl['refid']
600			));
601	3a9f3078	Stephen Beaver
602	f6fac5ac	Phil Davis	$form->add($section);
603			}
604	3a9f3078	Stephen Beaver
605	f9ee8994	Stephen Beaver	print($form);
606			} else {
607			?>
608
609			<div class="panel panel-default">
610			<div class="panel-heading"><h2 class="panel-title"><?=gettext("Additional Certificate Revocation Lists")?></h2></div>
611			<div class="panel-body table-responsive">
612	91677170	PiBa-NL	<table class="table table-striped table-hover table-condensed table-rowdblclickedit">
613	f9ee8994	Stephen Beaver	<thead>
614	0d15afff	Colin Fleming	<tr>
615	f9ee8994	Stephen Beaver	<th><?=gettext("Name")?></th>
616			<th><?=gettext("Internal")?></th>
617			<th><?=gettext("Certificates")?></th>
618			<th><?=gettext("In Use")?></th>
619	b1466a09	Phil Davis	<th><?=gettext("Actions")?></th>
620	0d15afff	Colin Fleming	</tr>
621	f9ee8994	Stephen Beaver	</thead>
622			<tbody>
623			<?php
624			// Map CRLs to CAs in one pass
625			$ca_crl_map = array();
626	78863416	Phil Davis	foreach ($a_crl as $crl) {
627	f9ee8994	Stephen Beaver	$ca_crl_map[$crl['caref']][] = $crl['refid'];
628	78863416	Phil Davis	}
629	f9ee8994	Stephen Beaver
630			$i = 0;
631	78863416	Phil Davis	foreach ($a_ca as $ca):
632	f9ee8994	Stephen Beaver	$name = htmlspecialchars($ca['descr']);
633
634	78863416	Phil Davis	if ($ca['prv']) {
635	f9ee8994	Stephen Beaver	$cainternal = "YES";
636	78863416	Phil Davis	} else {
637	f9ee8994	Stephen Beaver	$cainternal = "NO";
638	78863416	Phil Davis	}
639	3a9f3078	Stephen Beaver	?>
640	81bfb231	jim-p	<tr>
641	f9ee8994	Stephen Beaver	<td colspan="4">
642			<?=$name?>
643	81bfb231	jim-p	</td>
644	f9ee8994	Stephen Beaver	<td>
645	3a9f3078	Stephen Beaver	<?php
646	78863416	Phil Davis	if ($cainternal == "YES"):
647			?>
648	f9ee8994	Stephen Beaver	<a href="system_crlmanager.php?act=new&caref=<?=$ca['refid']; ?>" class="btn btn-xs btn-success">
649	15b6dcac	jim-p	<i class="fa fa-plus icon-embed-btn"></i>
650	c4e97dbe	Chris Buechler	<?=gettext("Add or Import CRL")?>
651	44bcc1be	jim-p	</a>
652	3a9f3078	Stephen Beaver	<?php
653	78863416	Phil Davis	else:
654			?>
655	f9ee8994	Stephen Beaver	<a href="system_crlmanager.php?act=new&caref=<?=$ca['refid']; ?>&importonly=yes" class="btn btn-xs btn-success">
656	15b6dcac	jim-p	<i class="fa fa-plus icon-embed-btn"></i>
657	c4e97dbe	Chris Buechler	<?=gettext("Add or Import CRL")?>
658	3a9f3078	Stephen Beaver	</a>
659			<?php
660	78863416	Phil Davis	endif;
661			?>
662	81bfb231	jim-p	</td>
663			</tr>
664	f9ee8994	Stephen Beaver	<?php
665			if (is_array($ca_crl_map[$ca['refid']])):
666	78863416	Phil Davis	foreach ($ca_crl_map[$ca['refid']] as $crl):
667	f9ee8994	Stephen Beaver	$tmpcrl = lookup_crl($crl);
668			$internal = is_crl_internal($tmpcrl);
669			$inuse = crl_in_use($tmpcrl['refid']);
670			?>
671	81bfb231	jim-p	<tr>
672	f9ee8994	Stephen Beaver	<td><?=$tmpcrl['descr']; ?></td>
673	ce883f9f	jim-p	<td><i class="fa fa-<?=($internal) ? "check" : "times"; ?>"></i></td>
674	f9ee8994	Stephen Beaver	<td><?=($internal) ? count($tmpcrl['cert']) : "Unknown (imported)"; ?></td>
675	ce883f9f	jim-p	<td><i class="fa fa-<?=($inuse) ? "check" : "times"; ?>"></i></td>
676	f9ee8994	Stephen Beaver	<td>
677	15b6dcac	jim-p	<a href="system_crlmanager.php?act=exp&id=<?=$tmpcrl['refid']?>" class="fa fa-download" title="<?=gettext("Export CRL")?>"></a>
678	3a9f3078	Stephen Beaver	<?php
679	f9ee8994	Stephen Beaver	if ($internal): ?>
680	15b6dcac	jim-p	<a href="system_crlmanager.php?act=edit&id=<?=$tmpcrl['refid']?>" class="fa fa-pencil" title="<?=gettext("Edit CRL")?>"></a>
681	3a9f3078	Stephen Beaver	<?php
682	78863416	Phil Davis	else:
683			?>
684	15b6dcac	jim-p	<a href="system_crlmanager.php?act=editimported&id=<?=$tmpcrl['refid']?>" class="fa fa-pencil" title="<?=gettext("Edit CRL")?>"></a>
685	3a9f3078	Stephen Beaver	<?php endif;
686	78863416	Phil Davis	if (!$inuse):
687			?>
688	15b6dcac	jim-p	<a href="system_crlmanager.php?act=del&id=<?=$tmpcrl['refid']?>" class="fa fa-trash" title="<?=gettext("Delete CRL")?>"></a>
689	3a9f3078	Stephen Beaver	<?php
690	78863416	Phil Davis	endif;
691			?>
692	81bfb231	jim-p	</td>
693			</tr>
694	f9ee8994	Stephen Beaver	<?php
695			$i++;
696			endforeach;
697			endif;
698			$i++;
699			endforeach;
700	3a9f3078	Stephen Beaver	?>
701	f9ee8994	Stephen Beaver	</tbody>
702			</table>
703			</div>
704			</div>
705	3a9f3078	Stephen Beaver
706
707			<?php
708	f9ee8994	Stephen Beaver	}
709			?>
710	81bfb231	jim-p
711	e296b399	Colin Fleming	<script type="text/javascript">
712	3a9f3078	Stephen Beaver	//<![CDATA[
713	78863416	Phil Davis	events.push(function() {
714	3a9f3078	Stephen Beaver
715			// Hides all elements of the specified class. This will usually be a section or group
716			function hideClass(s_class, hide) {
717	78863416	Phil Davis	if (hide) {
718	3a9f3078	Stephen Beaver	$('.' + s_class).hide();
719	78863416	Phil Davis	} else {
720	3a9f3078	Stephen Beaver	$('.' + s_class).show();
721	78863416	Phil Davis	}
722	3a9f3078	Stephen Beaver	}
723
724			// When the 'method" selector is changed, we show/hide certain sections
725			$('#method').on('change', function() {
726			hideClass('internal', ($('#method').val() == 'existing'));
727			hideClass('existing', ($('#method').val() == 'internal'));
728			});
729
730	f9ee8994	Stephen Beaver	hideClass('internal', ($('#method').val() == 'existing'));
731			hideClass('existing', ($('#method').val() == 'internal'));
732			});
733	3a9f3078	Stephen Beaver	//]]>
734	81bfb231	jim-p	</script>
735
736	f9ee8994	Stephen Beaver	<?php include("foot.inc");

Project

General

Profile

pfSense