Revision d588bb5c
Added by Jim Pingle about 2 years ago
| src/usr/local/www/system_crlmanager.php | ||
|---|---|---|
| 114 | 114 |
case 'addcert': |
| 115 | 115 |
unset($input_errors); |
| 116 | 116 |
$pconfig = $_REQUEST; |
| 117 |
|
|
| 118 |
/* input validation */ |
|
| 119 |
$reqdfields = explode(" ", "descr id");
|
|
| 120 |
$reqdfieldsn = array( |
|
| 121 |
gettext("Descriptive name"),
|
|
| 122 |
gettext("CRL ID"));
|
|
| 123 |
|
|
| 124 |
do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors); |
|
| 125 |
|
|
| 126 |
if (preg_match("/[\?\>\<\&\/\\\"\']/", $pconfig['descr'])) {
|
|
| 127 |
array_push($input_errors, "The field 'Descriptive Name' contains invalid characters."); |
|
| 128 |
} |
|
| 129 |
if ($pconfig['lifetime'] > $max_lifetime) {
|
|
| 130 |
$input_errors[] = gettext("Lifetime is longer than the maximum allowed value. Use a shorter lifetime.");
|
|
| 131 |
} |
|
| 132 |
if ((strlen($pconfig['serial']) > 0) && !cert_validate_serial($pconfig['serial'])) {
|
|
| 133 |
$input_errors[] = gettext("Please enter a valid integer serial number.");
|
|
| 134 |
} |
|
| 135 |
|
|
| 117 | 136 |
$revoke_list = array(); |
| 118 |
if (!$pconfig['crlref'] || (!$pconfig['certref'] && (strlen($pconfig['revokeserial']) == 0))) {
|
|
| 137 |
if (!$pconfig['crlref']) {
|
|
| 119 | 138 |
pfSenseHeader("system_crlmanager.php");
|
| 120 | 139 |
exit; |
| 121 | 140 |
} |
| 122 | 141 |
$crl =& lookup_crl($pconfig['crlref']); |
| 142 |
|
|
| 123 | 143 |
if (!is_array($pconfig['certref'])) {
|
| 124 | 144 |
$pconfig['certref'] = array(); |
| 125 | 145 |
} |
| ... | ... | |
| 136 | 156 |
} |
| 137 | 157 |
} |
| 138 | 158 |
} |
| 139 |
if (empty($pconfig['certref']) && empty($revoke_list)) {
|
|
| 159 |
if (empty($pconfig['save']) && empty($pconfig['certref']) && empty($revoke_list)) {
|
|
| 140 | 160 |
$input_errors[] = gettext("Select one or more certificates or enter a serial number to revoke.");
|
| 141 | 161 |
} |
| 142 | 162 |
foreach ($pconfig['certref'] as $rcert) {
|
| ... | ... | |
| 147 | 167 |
$input_errors[] = gettext("CA mismatch between the Certificate and CRL. Unable to Revoke.");
|
| 148 | 168 |
} |
| 149 | 169 |
} |
| 170 |
|
|
| 150 | 171 |
if (!$input_errors) {
|
| 151 |
$reason = (empty($pconfig['crlreason'])) ? 0 : $pconfig['crlreason']; |
|
| 152 |
foreach ($revoke_list as $cert) {
|
|
| 153 |
cert_revoke($cert, $crl, $reason); |
|
| 172 |
$crl['descr'] = $pconfig['descr']; |
|
| 173 |
$crl['lifetime'] = $pconfig['lifetime']; |
|
| 174 |
$crl['serial'] = $pconfig['serial']; |
|
| 175 |
if (!empty($revoke_list)) {
|
|
| 176 |
$savemsg = "Revoked certificate(s) in CRL {$crl['descr']}.";
|
|
| 177 |
$reason = (empty($pconfig['crlreason'])) ? 0 : $pconfig['crlreason']; |
|
| 178 |
foreach ($revoke_list as $cert) {
|
|
| 179 |
cert_revoke($cert, $crl, $reason); |
|
| 180 |
} |
|
| 181 |
// refresh IPsec and OpenVPN CRLs |
|
| 182 |
openvpn_refresh_crls(); |
|
| 183 |
ipsec_configure(); |
|
| 184 |
} else {
|
|
| 185 |
$savemsg = "Saved CRL {$crl['descr']}.";
|
|
| 154 | 186 |
} |
| 155 |
// refresh IPsec and OpenVPN CRLs |
|
| 156 |
openvpn_refresh_crls(); |
|
| 157 |
ipsec_configure(); |
|
| 158 |
write_config("Revoked certificate(s) in CRL {$crl['descr']}.");
|
|
| 187 |
write_config($savemsg); |
|
| 159 | 188 |
pfSenseHeader("system_crlmanager.php");
|
| 160 | 189 |
exit; |
| 161 | 190 |
} else {
|
| ... | ... | |
| 202 | 231 |
break; |
| 203 | 232 |
} |
| 204 | 233 |
|
| 205 |
if ($_POST['save']) {
|
|
| 234 |
if ($_POST['save'] && empty($input_errors)) {
|
|
| 206 | 235 |
$input_errors = array(); |
| 207 | 236 |
$pconfig = $_POST; |
| 208 | 237 |
|
| ... | ... | |
| 213 | 242 |
gettext("Descriptive name"),
|
| 214 | 243 |
gettext("Certificate Revocation List data"));
|
| 215 | 244 |
} |
| 216 |
if ($pconfig['method'] == "internal") {
|
|
| 245 |
if (($pconfig['method'] == "internal") || |
|
| 246 |
($act == "addcert")) {
|
|
| 217 | 247 |
$reqdfields = explode(" ", "descr caref");
|
| 218 | 248 |
$reqdfieldsn = array( |
| 219 | 249 |
gettext("Descriptive name"),
|
| ... | ... | |
| 451 | 481 |
'descr', |
| 452 | 482 |
'*Descriptive name', |
| 453 | 483 |
'text', |
| 454 |
$pconfig['descr']
|
|
| 484 |
$thiscrl['descr']
|
|
| 455 | 485 |
)); |
| 456 | 486 |
|
| 457 | 487 |
$section->addInput(new Form_Textarea( |
| 458 | 488 |
'crltext', |
| 459 | 489 |
'*CRL data', |
| 460 |
$pconfig['crltext']
|
|
| 490 |
!empty($thiscrl['text']) ? base64_decode($thiscrl['text']) : ''
|
|
| 461 | 491 |
))->setHelp('Paste a Certificate Revocation List in X.509 CRL format here.');
|
| 462 | 492 |
|
| 463 | 493 |
$form->addGlobal(new Form_Input( |
| ... | ... | |
| 481 | 511 |
} elseif ($act == "edit") {
|
| 482 | 512 |
$crl = $thiscrl; |
| 483 | 513 |
|
| 484 |
$form = new Form(false); |
|
| 514 |
$form = new Form(); |
|
| 515 |
|
|
| 516 |
$section = new Form_Section('Edit Internal Certificate Revocation List');
|
|
| 517 |
|
|
| 518 |
$section->addInput(new Form_Input( |
|
| 519 |
'descr', |
|
| 520 |
'*Descriptive name', |
|
| 521 |
'text', |
|
| 522 |
$crl['descr'] |
|
| 523 |
)); |
|
| 524 |
|
|
| 525 |
$section->addInput(new Form_Input( |
|
| 526 |
'lifetime', |
|
| 527 |
'CRL Lifetime (Days)', |
|
| 528 |
'number', |
|
| 529 |
$crl['lifetime'], |
|
| 530 |
['max' => $max_lifetime] |
|
| 531 |
)); |
|
| 532 |
|
|
| 533 |
$section->addInput(new Form_Input( |
|
| 534 |
'serial', |
|
| 535 |
'CRL Serial', |
|
| 536 |
'number', |
|
| 537 |
$crl['serial'], |
|
| 538 |
['min' => '0'] |
|
| 539 |
)); |
|
| 540 |
|
|
| 541 |
$form->add($section); |
|
| 485 | 542 |
?> |
| 486 | 543 |
|
| 487 | 544 |
<div class="panel panel-default"> |
Also available in: Unified diff
Allow editing of CRL properties. Fixes #14185
Fixes editing of imported CRLs and also allows editing properties of
internal CRLs.