/src/usr/local/www/system_crlmanager.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/src/usr/local/www/system_crlmanager.php @ d1f5587d

1	81bfb231	jim-p	<?php
2			/*
3	c5d81585	Renato Botelho	* system_crlmanager.php
4			*
5			* part of pfSense (https://www.pfsense.org)
6	38809d47	Renato Botelho do Couto	* Copyright (c) 2004-2013 BSD Perimeter
7			* Copyright (c) 2013-2016 Electric Sheep Fencing
8			* Copyright (c) 2014-2019 Rubicon Communications, LLC (Netgate)
9	c5d81585	Renato Botelho	* All rights reserved.
10			*
11	b12ea3fb	Renato Botelho	* Licensed under the Apache License, Version 2.0 (the "License");
12			* you may not use this file except in compliance with the License.
13			* You may obtain a copy of the License at
14	c5d81585	Renato Botelho	*
15	b12ea3fb	Renato Botelho	* http://www.apache.org/licenses/LICENSE-2.0
16	c5d81585	Renato Botelho	*
17	b12ea3fb	Renato Botelho	* Unless required by applicable law or agreed to in writing, software
18			* distributed under the License is distributed on an "AS IS" BASIS,
19			* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
20			* See the License for the specific language governing permissions and
21			* limitations under the License.
22	3a9f3078	Stephen Beaver	*/
23	81bfb231	jim-p
24			##\|+PRIV
25			##\|*IDENT=page-system-crlmanager
26			##\|*NAME=System: CRL Manager
27			##\|*DESCR=Allow access to the 'System: CRL Manager' page.
28			##\|MATCH=system_crlmanager.php
29			##\|-PRIV
30
31	c81ef6e2	Phil Davis	require_once("guiconfig.inc");
32	81bfb231	jim-p	require_once("certs.inc");
33	0dea741f	Chris Buechler	require_once("openvpn.inc");
34	0661622a	doktornotor	require_once("pfsense-utils.inc");
35	0dea741f	Chris Buechler	require_once("vpn.inc");
36	81bfb231	jim-p
37	3a877e4a	jim-p	$max_lifetime = cert_get_max_lifetime();
38			$default_lifetime = min(9999, $max_lifetime);
39	9aa8f6a8	jim-p
40	fc54f29b	jim-p	global $openssl_crl_status;
41
42	81bfb231	jim-p	$crl_methods = array(
43			"internal" => gettext("Create an internal Certificate Revocation List"),
44			"existing" => gettext("Import an existing Certificate Revocation List"));
45
46	4611e283	Steve Beaver	if (isset($_REQUEST['id']) && ctype_alnum($_REQUEST['id'])) {
47			$id = $_REQUEST['id'];
48	56b1ed39	Phil Davis	}
49	81bfb231	jim-p
50	c6c398c6	jim-p	init_config_arr(array('ca'));
51			$a_ca = &$config['ca'];
52	81bfb231	jim-p
53	c6c398c6	jim-p	init_config_arr(array('cert'));
54			$a_cert = &$config['cert'];
55	81bfb231	jim-p
56	c6c398c6	jim-p	init_config_arr(array('crl'));
57			$a_crl = &$config['crl'];
58	81bfb231	jim-p
59	f0b38e39	jim-p	/* Clean up blank entries missing a reference ID */
60	56b1ed39	Phil Davis	foreach ($a_crl as $cid => $acrl) {
61			if (!isset($acrl['refid'])) {
62	c1f95f5c	jim-p	unset ($a_crl[$cid]);
63	56b1ed39	Phil Davis	}
64			}
65	c1f95f5c	jim-p
66	4611e283	Steve Beaver	$act = $_REQUEST['act'];
67	d565c182	Steve Beaver
68	a6487fc8	jim-p	$cacert_list = array();
69	81bfb231	jim-p
70	56b1ed39	Phil Davis	if (!empty($id)) {
71	c1f95f5c	jim-p	$thiscrl =& lookup_crl($id);
72	56b1ed39	Phil Davis	}
73	81bfb231	jim-p
74	7e83055a	jim-p	/* Actions other than 'new' require a CRL to act upon.
75			* 'del' action must be submitted via POST. */
76			if ((!empty($act) &&
77			($act != 'new') &&
78			!$thiscrl) \|\|
79			(($act == 'del') && empty($_POST))) {
80			pfSenseHeader("system_camanager.php");
81	c1f95f5c	jim-p	$act="";
82			$savemsg = gettext("Invalid CRL reference.");
83	61d1ca3e	Phil Davis	$class = "danger";
84	3a9f3078	Stephen Beaver	}
85	c1f95f5c	jim-p
86	7e83055a	jim-p	switch ($act) {
87			case 'del':
88			$name = htmlspecialchars($thiscrl['descr']);
89			if (crl_in_use($id)) {
90			$savemsg = sprintf(gettext("Certificate Revocation List %s is in use and cannot be deleted."), $name);
91			$class = "danger";
92			} else {
93			foreach ($a_crl as $cid => $acrl) {
94			if ($acrl['refid'] == $thiscrl['refid']) {
95			unset($a_crl[$cid]);
96			}
97	56b1ed39	Phil Davis	}
98	7e83055a	jim-p	write_config("Deleted CRL {$name}.");
99			$savemsg = sprintf(gettext("Certificate Revocation List %s successfully deleted."), $name);
100			$class = "success";
101	56b1ed39	Phil Davis	}
102	7e83055a	jim-p	break;
103			case 'new':
104			$pconfig['method'] = $_REQUEST['method'];
105			$pconfig['caref'] = $_REQUEST['caref'];
106			$pconfig['lifetime'] = $default_lifetime;
107			$pconfig['serial'] = "0";
108			$crlca =& lookup_ca($pconfig['caref']);
109			if (!$crlca) {
110			$input_errors[] = gettext('Invalid CA');
111			unset($act);
112	63fb68d7	jim-p	}
113	7e83055a	jim-p	break;
114			case 'addcert':
115			unset($input_errors);
116			$pconfig = $_REQUEST;
117			$revoke_list = array();
118			if (!$pconfig['crlref'] \|\| (!$pconfig['certref'] && !$pconfig['revokeserial'])) {
119			pfSenseHeader("system_crlmanager.php");
120			exit;
121			}
122			$crl =& lookup_crl($pconfig['crlref']);
123			if (!is_array($pconfig['certref'])) {
124			$pconfig['certref'] = array();
125			}
126			if (empty($pconfig['certref']) && empty($pconfig['revokeserial'])) {
127			$input_errors[] = gettext("Select one or more certificates or enter a serial number to revoke.");
128	63fb68d7	jim-p	}
129	7e83055a	jim-p	if (!is_crl_internal($crl)) {
130			$input_errors[] = gettext("Cannot revoke certificates for an imported/external CRL.");
131			}
132			foreach ($pconfig['certref'] as $rcert) {
133			$cert = lookup_cert($rcert);
134			if ($crl['caref'] == $cert['caref']) {
135			$revoke_list[] = $cert;
136			} else {
137			$input_errors[] = gettext("CA mismatch between the Certificate and CRL. Unable to Revoke.");
138			}
139			}
140			foreach (explode(' ', $pconfig['revokeserial']) as $serial) {
141			if (empty($serial)) {
142			continue;
143			}
144			$vserial = cert_validate_serial($serial, true, true);
145			if ($vserial != null) {
146			$revoke_list[] = $vserial;
147			} else {
148			$input_errors[] = gettext("Invalid serial in list (Must be ASN.1 integer compatible decimal or hex string).");
149			}
150			}
151			if (!$input_errors) {
152			$reason = (empty($pconfig['crlreason'])) ? 0 : $pconfig['crlreason'];
153			foreach ($revoke_list as $cert) {
154			cert_revoke($cert, $crl, $reason);
155			}
156			// refresh IPsec and OpenVPN CRLs
157			openvpn_refresh_crls();
158			vpn_ipsec_configure();
159			write_config("Revoked certificate(s) in CRL {$crl['descr']}.");
160			pfSenseHeader("system_crlmanager.php");
161			exit;
162	63fb68d7	jim-p	} else {
163	7e83055a	jim-p	$act = 'edit';
164	63fb68d7	jim-p	}
165	7e83055a	jim-p	break;
166			case 'delcert':
167			if (!is_array($thiscrl['cert'])) {
168			pfSenseHeader("system_crlmanager.php");
169			exit;
170	63fb68d7	jim-p	}
171	7e83055a	jim-p	$found = false;
172			foreach ($thiscrl['cert'] as $acert) {
173			if ($acert['refid'] == $_REQUEST['certref']) {
174			$found = true;
175			$thiscert = $acert;
176			}
177	c1f95f5c	jim-p	}
178	7e83055a	jim-p	if (!$found) {
179			pfSenseHeader("system_crlmanager.php");
180			exit;
181			}
182			$certname = htmlspecialchars($thiscert['descr']);
183			$crlname = htmlspecialchars($thiscrl['descr']);
184			if (cert_unrevoke($thiscert, $thiscrl)) {
185			$savemsg = sprintf(gettext('Deleted Certificate %1$s from CRL %2$s.'), $certname, $crlname);
186			$class = "success";
187			// refresh IPsec and OpenVPN CRLs
188			openvpn_refresh_crls();
189			vpn_ipsec_configure();
190			write_config($savemsg);
191			} else {
192			$savemsg = sprintf(gettext('Failed to delete Certificate %1$s from CRL %2$s.'), $certname, $crlname);
193			$class = "danger";
194			}
195			$act="edit";
196			break;
197			case 'exp':
198			/* Exporting the CRL contents*/
199			crl_update($thiscrl);
200			send_user_download('data', base64_decode($thiscrl['text']), "{$thiscrl['descr']}.crl");
201			break;
202			default:
203			break;
204	28ff7ace	jim-p	}
205
206	d565c182	Steve Beaver	if ($_POST['save']) {
207	234cde4b	jim-p	$input_errors = array();
208	81bfb231	jim-p	$pconfig = $_POST;
209
210			/* input validation */
211	6f3d3a07	jim-p	if (($pconfig['method'] == "existing") \|\| ($act == "editimported")) {
212	5293bfec	jim-p	$reqdfields = explode(" ", "descr crltext");
213	81bfb231	jim-p	$reqdfieldsn = array(
214	6c07db48	Phil Davis	gettext("Descriptive name"),
215			gettext("Certificate Revocation List data"));
216	81bfb231	jim-p	}
217			if ($pconfig['method'] == "internal") {
218	6c07db48	Phil Davis	$reqdfields = explode(" ", "descr caref");
219	81bfb231	jim-p	$reqdfieldsn = array(
220	6c07db48	Phil Davis	gettext("Descriptive name"),
221			gettext("Certificate Authority"));
222	81bfb231	jim-p	}
223
224	1e9b4611	Renato Botelho	do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors);
225	81bfb231	jim-p
226	234cde4b	jim-p	if (preg_match("/[\?\>\<\&\/\\\"\']/", $pconfig['descr'])) {
227			array_push($input_errors, "The field 'Descriptive Name' contains invalid characters.");
228			}
229	9aa8f6a8	jim-p	if ($pconfig['lifetime'] > $max_lifetime) {
230			$input_errors[] = gettext("Lifetime is longer than the maximum allowed value. Use a shorter lifetime.");
231			}
232	234cde4b	jim-p
233	a6bd9e78	jim-p	if (!empty($pconfig['serial']) && !cert_validate_serial($pconfig['serial'])) {
234			$input_errors[] = gettext("Please enter a valid integer serial number.");
235			}
236
237	81bfb231	jim-p	/* save modifications */
238			if (!$input_errors) {
239			$result = false;
240
241	304af9d8	jim-p	if ($thiscrl) {
242	c1f95f5c	jim-p	$crl =& $thiscrl;
243	304af9d8	jim-p	} else {
244			$crl = array();
245			$crl['refid'] = uniqid();
246			}
247	81bfb231	jim-p
248	f2a86ca9	jim-p	$crl['descr'] = $pconfig['descr'];
249	6f3d3a07	jim-p	if ($act != "editimported") {
250			$crl['caref'] = $pconfig['caref'];
251			$crl['method'] = $pconfig['method'];
252			}
253	81bfb231	jim-p
254	6f3d3a07	jim-p	if (($pconfig['method'] == "existing") \|\| ($act == "editimported")) {
255	304af9d8	jim-p	$crl['text'] = base64_encode($pconfig['crltext']);
256	81bfb231	jim-p	}
257
258			if ($pconfig['method'] == "internal") {
259			$crl['serial'] = empty($pconfig['serial']) ? 9999 : $pconfig['serial'];
260	9aa8f6a8	jim-p	$crl['lifetime'] = empty($pconfig['lifetime']) ? $default_lifetime : $pconfig['lifetime'];
261	81bfb231	jim-p	$crl['cert'] = array();
262			}
263
264	56b1ed39	Phil Davis	if (!$thiscrl) {
265	81bfb231	jim-p	$a_crl[] = $crl;
266	56b1ed39	Phil Davis	}
267	81bfb231	jim-p
268	304af9d8	jim-p	write_config("Saved CRL {$crl['descr']}");
269	3a9f3078	Stephen Beaver	// refresh IPsec and OpenVPN CRLs
270	6f3d3a07	jim-p	openvpn_refresh_crls();
271	6141f51a	Chris Buechler	vpn_ipsec_configure();
272	81bfb231	jim-p	pfSenseHeader("system_crlmanager.php");
273			}
274			}
275
276	56c6b1cb	k-paulius	$pgtitle = array(gettext("System"), gettext("Certificate Manager"), gettext("Certificate Revocation"));
277	edcd7535	Phil Davis	$pglinks = array("", "system_camanager.php", "system_crlmanager.php");
278	56c6b1cb	k-paulius
279			if ($act == "new" \|\| $act == gettext("Save") \|\| $input_errors \|\| $act == "edit") {
280			$pgtitle[] = gettext('Edit');
281	edcd7535	Phil Davis	$pglinks[] = "@self";
282	56c6b1cb	k-paulius	}
283	81bfb231	jim-p	include("head.inc");
284			?>
285
286			<script type="text/javascript">
287	0d15afff	Colin Fleming	//<![CDATA[
288	81bfb231	jim-p
289			function method_change() {
290
291	44bcc1be	jim-p	method = document.iform.method.value;
292	81bfb231	jim-p
293			switch (method) {
294	44bcc1be	jim-p	case "internal":
295	81bfb231	jim-p	document.getElementById("existing").style.display="none";
296			document.getElementById("internal").style.display="";
297			break;
298	44bcc1be	jim-p	case "existing":
299	81bfb231	jim-p	document.getElementById("existing").style.display="";
300			document.getElementById("internal").style.display="none";
301			break;
302			}
303			}
304
305	0d15afff	Colin Fleming	//]]>
306	81bfb231	jim-p	</script>
307	f9ee8994	Stephen Beaver
308	81bfb231	jim-p	<?php
309	f9ee8994	Stephen Beaver
310	63fb68d7	jim-p	function build_method_list($importonly = false) {
311	bda120a4	Steve Beaver	global $_POST, $crl_methods;
312	3a9f3078	Stephen Beaver
313	f9ee8994	Stephen Beaver	$list = array();
314	3a9f3078	Stephen Beaver
315	78863416	Phil Davis	foreach ($crl_methods as $method => $desc) {
316	63fb68d7	jim-p	if ($importonly && ($method != "existing")) {
317	f9ee8994	Stephen Beaver	continue;
318	78863416	Phil Davis	}
319	3a9f3078	Stephen Beaver
320	f9ee8994	Stephen Beaver	$list[$method] = $desc;
321	3a9f3078	Stephen Beaver	}
322
323			return($list);
324	f9ee8994	Stephen Beaver	}
325
326			function build_ca_list() {
327			global $a_ca;
328	3a9f3078	Stephen Beaver
329	f9ee8994	Stephen Beaver	$list = array();
330	3a9f3078	Stephen Beaver
331	78863416	Phil Davis	foreach ($a_ca as $ca) {
332	f9ee8994	Stephen Beaver	$list[$ca['refid']] = $ca['descr'];
333	78863416	Phil Davis	}
334	f9ee8994	Stephen Beaver
335			return($list);
336			}
337
338			function build_cacert_list() {
339	a6487fc8	jim-p	global $a_cert, $crl, $id;
340	3a9f3078	Stephen Beaver
341	f9ee8994	Stephen Beaver	$list = array();
342	a6487fc8	jim-p	foreach ($a_cert as $cert) {
343			if ((isset($cert['caref']) && !empty($cert['caref'])) &&
344			($cert['caref'] == $crl['caref']) &&
345			!is_cert_revoked($cert, $id)) {
346			$list[$cert['refid']] = $cert['descr'];
347			}
348	78863416	Phil Davis	}
349	f9ee8994	Stephen Beaver
350			return($list);
351	3a9f3078	Stephen Beaver	}
352	f9ee8994	Stephen Beaver
353	78863416	Phil Davis	if ($input_errors) {
354	f9ee8994	Stephen Beaver	print_input_errors($input_errors);
355	78863416	Phil Davis	}
356	3a9f3078	Stephen Beaver
357	78863416	Phil Davis	if ($savemsg) {
358	61d1ca3e	Phil Davis	print_info_box($savemsg, $class);
359	78863416	Phil Davis	}
360	3a9f3078	Stephen Beaver
361	f9ee8994	Stephen Beaver	$tab_array = array();
362			$tab_array[] = array(gettext("CAs"), false, "system_camanager.php");
363			$tab_array[] = array(gettext("Certificates"), false, "system_certmanager.php");
364			$tab_array[] = array(gettext("Certificate Revocation"), true, "system_crlmanager.php");
365			display_top_tabs($tab_array);
366
367	63fb68d7	jim-p	if ($act == "new" \|\| $act == gettext("Save")) {
368	6216cd4f	Peter Feichtinger	$form = new Form();
369	3a9f3078	Stephen Beaver
370	6216cd4f	Peter Feichtinger	$section = new Form_Section('Create new Revocation List');
371	3a9f3078	Stephen Beaver
372	63fb68d7	jim-p	$section->addInput(new Form_StaticText(
373			'Certificate Authority',
374			$crlca['descr'],
375			));
376
377	6216cd4f	Peter Feichtinger	if (!isset($id)) {
378	f9ee8994	Stephen Beaver	$section->addInput(new Form_Select(
379			'method',
380	153c3aa6	Phil Davis	'*Method',
381	f9ee8994	Stephen Beaver	$pconfig['method'],
382	63fb68d7	jim-p	build_method_list((!isset($crlca['prv']) \|\| empty($crlca['prv'])))
383	f9ee8994	Stephen Beaver	));
384			}
385	3a9f3078	Stephen Beaver
386	f9ee8994	Stephen Beaver	$section->addInput(new Form_Input(
387			'descr',
388	153c3aa6	Phil Davis	'*Descriptive name',
389	f9ee8994	Stephen Beaver	'text',
390			$pconfig['descr']
391			));
392
393	63fb68d7	jim-p	$form->addGlobal(new Form_Input(
394	f9ee8994	Stephen Beaver	'caref',
395	63fb68d7	jim-p	null,
396			'hidden',
397			$pconfig['caref']
398	f9ee8994	Stephen Beaver	));
399	3a9f3078	Stephen Beaver
400	f9ee8994	Stephen Beaver	$form->add($section);
401	3a9f3078	Stephen Beaver
402	f9ee8994	Stephen Beaver	$section = new Form_Section('Existing Certificate Revocation List');
403			$section->addClass('existing');
404	3a9f3078	Stephen Beaver
405	f9ee8994	Stephen Beaver	$section->addInput(new Form_Textarea(
406			'crltext',
407	153c3aa6	Phil Davis	'*CRL data',
408	f9ee8994	Stephen Beaver	$pconfig['crltext']
409			))->setHelp('Paste a Certificate Revocation List in X.509 CRL format here.');
410	3a9f3078	Stephen Beaver
411	f9ee8994	Stephen Beaver	$form->add($section);
412	3a9f3078	Stephen Beaver
413	f9ee8994	Stephen Beaver	$section = new Form_Section('Internal Certificate Revocation List');
414			$section->addClass('internal');
415	3a9f3078	Stephen Beaver
416	f9ee8994	Stephen Beaver	$section->addInput(new Form_Input(
417			'lifetime',
418			'Lifetime (Days)',
419			'number',
420			$pconfig['lifetime'],
421	9aa8f6a8	jim-p	['max' => $max_lifetime]
422	f9ee8994	Stephen Beaver	));
423	3a9f3078	Stephen Beaver
424	f9ee8994	Stephen Beaver	$section->addInput(new Form_Input(
425			'serial',
426			'Serial',
427			'number',
428			$pconfig['serial'],
429	3a877e4a	jim-p	['min' => '0']
430	f9ee8994	Stephen Beaver	));
431	3a9f3078	Stephen Beaver
432			$form->add($section);
433
434	f9ee8994	Stephen Beaver	if (isset($id) && $thiscrl) {
435	ee12dd78	Peter Feichtinger	$form->addGlobal(new Form_Input(
436	f9ee8994	Stephen Beaver	'id',
437			null,
438			'hidden',
439			$id
440	3a9f3078	Stephen Beaver	));
441	f9ee8994	Stephen Beaver	}
442	3a9f3078	Stephen Beaver
443	f9ee8994	Stephen Beaver	print($form);
444
445			} elseif ($act == "editimported") {
446	3a9f3078	Stephen Beaver
447	f9ee8994	Stephen Beaver	$form = new Form();
448	3a9f3078	Stephen Beaver
449			$section = new Form_Section('Edit Imported Certificate Revocation List');
450
451	f9ee8994	Stephen Beaver	$section->addInput(new Form_Input(
452			'descr',
453	153c3aa6	Phil Davis	'*Descriptive name',
454	f9ee8994	Stephen Beaver	'text',
455			$pconfig['descr']
456			));
457	3a9f3078	Stephen Beaver
458	f9ee8994	Stephen Beaver	$section->addInput(new Form_Textarea(
459			'crltext',
460	153c3aa6	Phil Davis	'*CRL data',
461	f9ee8994	Stephen Beaver	$pconfig['crltext']
462			))->setHelp('Paste a Certificate Revocation List in X.509 CRL format here.');
463	3a9f3078	Stephen Beaver
464	ee12dd78	Peter Feichtinger	$form->addGlobal(new Form_Input(
465	f9ee8994	Stephen Beaver	'id',
466			null,
467			'hidden',
468			$id
469			));
470	3a9f3078	Stephen Beaver
471	ee12dd78	Peter Feichtinger	$form->addGlobal(new Form_Input(
472	f9ee8994	Stephen Beaver	'act',
473			null,
474			'hidden',
475			'editimported'
476			));
477	3a9f3078	Stephen Beaver
478	f9ee8994	Stephen Beaver	$form->add($section);
479	3a9f3078	Stephen Beaver
480	f9ee8994	Stephen Beaver	print($form);
481	3a9f3078	Stephen Beaver
482	f9ee8994	Stephen Beaver	} elseif ($act == "edit") {
483			$crl = $thiscrl;
484	3a9f3078	Stephen Beaver
485	f9ee8994	Stephen Beaver	$form = new Form(false);
486	81bfb231	jim-p	?>
487	3a9f3078	Stephen Beaver
488	f9ee8994	Stephen Beaver	<div class="panel panel-default">
489	a6487fc8	jim-p	<div class="panel-heading"><h2 class="panel-title"><?=gettext("Revoked Certificates in CRL") . ': ' . $crl['descr']?></h2></div>
490	f9ee8994	Stephen Beaver	<div class="panel-body table-responsive">
491	3a9f3078	Stephen Beaver	<?php
492	78863416	Phil Davis	if (!is_array($crl['cert']) \|\| (count($crl['cert']) == 0)) {
493	8545adde	k-paulius	print_info_box(gettext("No certificates found for this CRL."), 'danger');
494	78863416	Phil Davis	} else {
495	3a9f3078	Stephen Beaver	?>
496	63fb68d7	jim-p	<table class="table table-striped table-hover table-condensed sortable-theme-bootstrap" data-sortable>
497	f9ee8994	Stephen Beaver	<thead>
498	fc54f29b	jim-p	<tr>
499	63fb68d7	jim-p	<th><?=gettext("Serial")?></th>
500	f9ee8994	Stephen Beaver	<th><?=gettext("Certificate Name")?></th>
501			<th><?=gettext("Revocation Reason")?></th>
502			<th><?=gettext("Revoked At")?></th>
503			<th></th>
504	28ff7ace	jim-p	</tr>
505	f9ee8994	Stephen Beaver	</thead>
506			<tbody>
507	3a9f3078	Stephen Beaver	<?php
508	78863416	Phil Davis	foreach ($crl['cert'] as $i => $cert):
509	63fb68d7	jim-p	$name = empty($cert['descr']) ? gettext('Revoked by Serial') : htmlspecialchars($cert['descr']);
510			$serial = crl_get_entry_serial($cert);
511			if (empty($serial)) {
512			$serial = gettext("Invalid");
513			} ?>
514	28ff7ace	jim-p	<tr>
515	63fb68d7	jim-p	<td><?=htmlspecialchars($serial);?></td>
516			<td><?=$name; ?></td>
517			<td><?=$openssl_crl_status[$cert['reason']]; ?></td>
518			<td><?=date("D M j G:i:s T Y", $cert['revoke_time']); ?></td>
519	28ff7ace	jim-p	<td class="list">
520	d565c182	Steve Beaver	<a href="system_crlmanager.php?act=delcert&id=<?=$crl['refid']; ?>&certref=<?=$cert['refid']; ?>" usepost>
521	15b6dcac	jim-p	<i class="fa fa-trash" title="<?=gettext("Delete this certificate from the CRL")?>" alt="<?=gettext("Delete this certificate from the CRL")?>"></i>
522	28ff7ace	jim-p	</a>
523			</td>
524			</tr>
525	f9ee8994	Stephen Beaver	<?php
526			endforeach;
527			?>
528			</tbody>
529			</table>
530	f6fac5ac	Phil Davis	<?php
531			}
532			?>
533	f9ee8994	Stephen Beaver	</div>
534			</div>
535			<?php
536
537	a6487fc8	jim-p	$section = new Form_Section('Revoke Certificates');
538	3a9f3078	Stephen Beaver
539	a6487fc8	jim-p	$section->addInput(new Form_Select(
540			'crlreason',
541			'Reason',
542			-1,
543			$openssl_crl_status
544			))->setHelp('Select the reason for which the certificates are being revoked.');
545
546			$cacert_list = build_cacert_list();
547			if (count($cacert_list) == 0) {
548	8545adde	k-paulius	print_info_box(gettext("No certificates found for this CA."), 'danger');
549	f6fac5ac	Phil Davis	} else {
550	63fb68d7	jim-p	$section->addInput(new Form_Select(
551			'certref',
552			'Revoke Certificates',
553			$pconfig['certref'],
554			$cacert_list,
555			true
556			))->addClass('multiselect')
557			->setHelp('Hold down CTRL (PC)/COMMAND (Mac) key to select multiple items.');
558	a6487fc8	jim-p	}
559	63fb68d7	jim-p
560	a6487fc8	jim-p	$section->addInput(new Form_Input(
561			'revokeserial',
562			'Revoke by Serial',
563			'text',
564			$pconfig['revokeserial']
565			))->setHelp('List of certificate serial numbers to revoke (separated by spaces)');
566	63fb68d7	jim-p
567	a6487fc8	jim-p	$form->addGlobal(new Form_Button(
568			'submit',
569			'Add',
570			null,
571			'fa-plus'
572			))->addClass('btn-success btn-sm');
573	3a9f3078	Stephen Beaver
574	a6487fc8	jim-p	$form->addGlobal(new Form_Input(
575			'id',
576			null,
577			'hidden',
578			$crl['refid']
579			));
580	3a9f3078	Stephen Beaver
581	a6487fc8	jim-p	$form->addGlobal(new Form_Input(
582			'act',
583			null,
584			'hidden',
585			'addcert'
586			));
587	3a9f3078	Stephen Beaver
588	a6487fc8	jim-p	$form->addGlobal(new Form_Input(
589			'crlref',
590			null,
591			'hidden',
592			$crl['refid']
593			));
594	3a9f3078	Stephen Beaver
595	a6487fc8	jim-p	$form->add($section);
596	3a9f3078	Stephen Beaver
597	f9ee8994	Stephen Beaver	print($form);
598			} else {
599			?>
600
601			<div class="panel panel-default">
602	63fb68d7	jim-p	<div class="panel-heading"><h2 class="panel-title"><?=gettext("Certificate Revocation Lists")?></h2></div>
603	f9ee8994	Stephen Beaver	<div class="panel-body table-responsive">
604	1c10ce97	PiBa-NL	<table class="table table-striped table-hover table-condensed table-rowdblclickedit">
605	f9ee8994	Stephen Beaver	<thead>
606	0d15afff	Colin Fleming	<tr>
607	63fb68d7	jim-p	<th><?=gettext("CA")?></th>
608	f9ee8994	Stephen Beaver	<th><?=gettext("Name")?></th>
609			<th><?=gettext("Internal")?></th>
610			<th><?=gettext("Certificates")?></th>
611			<th><?=gettext("In Use")?></th>
612	b1466a09	Phil Davis	<th><?=gettext("Actions")?></th>
613	0d15afff	Colin Fleming	</tr>
614	f9ee8994	Stephen Beaver	</thead>
615			<tbody>
616			<?php
617	3bde5cdd	PiBa-NL	$pluginparams = array();
618			$pluginparams['type'] = 'certificates';
619			$pluginparams['event'] = 'used_crl';
620			$certificates_used_by_packages = pkg_call_plugins('plugin_certificates', $pluginparams);
621	f9ee8994	Stephen Beaver	// Map CRLs to CAs in one pass
622			$ca_crl_map = array();
623	78863416	Phil Davis	foreach ($a_crl as $crl) {
624	f9ee8994	Stephen Beaver	$ca_crl_map[$crl['caref']][] = $crl['refid'];
625	78863416	Phil Davis	}
626	f9ee8994	Stephen Beaver
627			$i = 0;
628	78863416	Phil Davis	foreach ($a_ca as $ca):
629	63fb68d7	jim-p	$caname = htmlspecialchars($ca['descr']);
630	f9ee8994	Stephen Beaver	if (is_array($ca_crl_map[$ca['refid']])):
631	78863416	Phil Davis	foreach ($ca_crl_map[$ca['refid']] as $crl):
632	f9ee8994	Stephen Beaver	$tmpcrl = lookup_crl($crl);
633			$internal = is_crl_internal($tmpcrl);
634	d9064f0b	jim-p	if ($internal && (!isset($tmpcrl['cert']) \|\| empty($tmpcrl['cert'])) ) {
635			$tmpcrl['cert'] = array();
636			}
637	f9ee8994	Stephen Beaver	$inuse = crl_in_use($tmpcrl['refid']);
638			?>
639	81bfb231	jim-p	<tr>
640	63fb68d7	jim-p	<td><?=$caname?></td>
641	f9ee8994	Stephen Beaver	<td><?=$tmpcrl['descr']; ?></td>
642	ce883f9f	jim-p	<td><i class="fa fa-<?=($internal) ? "check" : "times"; ?>"></i></td>
643	f9ee8994	Stephen Beaver	<td><?=($internal) ? count($tmpcrl['cert']) : "Unknown (imported)"; ?></td>
644	3bde5cdd	PiBa-NL	<td><i class="fa fa-<?=($inuse) ? "check" : "times"; ?>"></i>
645			<?php echo cert_usedby_description($tmpcrl['refid'], $certificates_used_by_packages); ?>
646			</td>
647	f9ee8994	Stephen Beaver	<td>
648	4611e283	Steve Beaver	<a href="system_crlmanager.php?act=exp&id=<?=$tmpcrl['refid']?>" class="fa fa-download" title="<?=gettext("Export CRL")?>" ></a>
649	3a9f3078	Stephen Beaver	<?php
650	f9ee8994	Stephen Beaver	if ($internal): ?>
651	4611e283	Steve Beaver	<a href="system_crlmanager.php?act=edit&id=<?=$tmpcrl['refid']?>" class="fa fa-pencil" title="<?=gettext("Edit CRL")?>"></a>
652	3a9f3078	Stephen Beaver	<?php
653	78863416	Phil Davis	else:
654			?>
655	4611e283	Steve Beaver	<a href="system_crlmanager.php?act=editimported&id=<?=$tmpcrl['refid']?>" class="fa fa-pencil" title="<?=gettext("Edit CRL")?>"></a>
656	3a9f3078	Stephen Beaver	<?php endif;
657	78863416	Phil Davis	if (!$inuse):
658			?>
659	d565c182	Steve Beaver	<a href="system_crlmanager.php?act=del&id=<?=$tmpcrl['refid']?>" class="fa fa-trash" title="<?=gettext("Delete CRL")?>" usepost></a>
660	3a9f3078	Stephen Beaver	<?php
661	78863416	Phil Davis	endif;
662			?>
663	81bfb231	jim-p	</td>
664			</tr>
665	f9ee8994	Stephen Beaver	<?php
666			$i++;
667			endforeach;
668			endif;
669			$i++;
670			endforeach;
671	3a9f3078	Stephen Beaver	?>
672	f9ee8994	Stephen Beaver	</tbody>
673			</table>
674			</div>
675			</div>
676	3a9f3078	Stephen Beaver
677			<?php
678	63fb68d7	jim-p	$form = new Form(false);
679			$section = new Form_Section('Create or Import a New Certificate Revocation List');
680			$group = new Form_Group(null);
681			$group->add(new Form_Select(
682			'caref',
683			'Certificate Authority',
684			null,
685			build_ca_list()
686			))->setHelp('Select a Certificate Authority for the new CRL');
687			$group->add(new Form_Button(
688			'submit',
689			'Add',
690			null,
691			'fa-plus'
692			))->addClass('btn-success btn-sm');
693			$section->add($group);
694			$form->addGlobal(new Form_Input(
695			'act',
696			null,
697			'hidden',
698			'new'
699			));
700			$form->add($section);
701			print($form);
702	f9ee8994	Stephen Beaver	}
703	63fb68d7	jim-p
704	f9ee8994	Stephen Beaver	?>
705	81bfb231	jim-p
706	46345696	Colin Fleming	<script type="text/javascript">
707	3a9f3078	Stephen Beaver	//<![CDATA[
708	78863416	Phil Davis	events.push(function() {
709	3a9f3078	Stephen Beaver
710			// Hides all elements of the specified class. This will usually be a section or group
711			function hideClass(s_class, hide) {
712	78863416	Phil Davis	if (hide) {
713	3a9f3078	Stephen Beaver	$('.' + s_class).hide();
714	78863416	Phil Davis	} else {
715	3a9f3078	Stephen Beaver	$('.' + s_class).show();
716	78863416	Phil Davis	}
717	3a9f3078	Stephen Beaver	}
718
719			// When the 'method" selector is changed, we show/hide certain sections
720			$('#method').on('change', function() {
721			hideClass('internal', ($('#method').val() == 'existing'));
722			hideClass('existing', ($('#method').val() == 'internal'));
723			});
724
725	f9ee8994	Stephen Beaver	hideClass('internal', ($('#method').val() == 'existing'));
726			hideClass('existing', ($('#method').val() == 'internal'));
727	63fb68d7	jim-p	$('.multiselect').attr("size","<?= max(3, min(15, count($cacert_list))) ?>");
728	f9ee8994	Stephen Beaver	});
729	3a9f3078	Stephen Beaver	//]]>
730	81bfb231	jim-p	</script>
731
732	f9ee8994	Stephen Beaver	<?php include("foot.inc");

Project

General

Profile

pfSense