/usr/local/www/system_crlmanager.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/usr/local/www/system_crlmanager.php @ e9bf4980

1	81bfb231	jim-p	<?php
2			/*
3			system_crlmanager.php
4
5			Copyright (C) 2010 Jim Pingle
6			All rights reserved.
7
8			Redistribution and use in source and binary forms, with or without
9			modification, are permitted provided that the following conditions are met:
10
11			1. Redistributions of source code must retain the above copyright notice,
12			this list of conditions and the following disclaimer.
13
14			2. Redistributions in binary form must reproduce the above copyright
15			notice, this list of conditions and the following disclaimer in the
16			documentation and/or other materials provided with the distribution.
17
18			THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
19			INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
20			AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
21			AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
22			OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
23			SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
24			INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
25			CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
26			ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
27			POSSIBILITY OF SUCH DAMAGE.
28			*/
29			/*
30			pfSense_MODULE: certificate_managaer
31			*/
32
33			##\|+PRIV
34			##\|*IDENT=page-system-crlmanager
35			##\|*NAME=System: CRL Manager
36			##\|*DESCR=Allow access to the 'System: CRL Manager' page.
37			##\|MATCH=system_crlmanager.php
38			##\|-PRIV
39
40			require("guiconfig.inc");
41			require_once("certs.inc");
42	94efbf8b	jim-p	require_once('openvpn.inc');
43	81bfb231	jim-p
44	fc54f29b	jim-p	global $openssl_crl_status;
45
46	81bfb231	jim-p	$pgtitle = array(gettext("System"), gettext("Certificate Revocation List Manager"));
47
48			$crl_methods = array(
49			"internal" => gettext("Create an internal Certificate Revocation List"),
50			"existing" => gettext("Import an existing Certificate Revocation List"));
51
52			$id = $_GET['id'];
53			if (isset($_POST['id']))
54			$id = $_POST['id'];
55
56			if (!is_array($config['ca']))
57			$config['ca'] = array();
58
59			$a_ca =& $config['ca'];
60
61			if (!is_array($config['cert']))
62			$config['cert'] = array();
63
64			$a_cert =& $config['cert'];
65
66			if (!is_array($config['crl']))
67			$config['crl'] = array();
68
69			$a_crl =& $config['crl'];
70
71	c1f95f5c	jim-p	foreach ($a_crl as $cid => $acrl)
72			if (!isset($acrl['refid']))
73			unset ($a_crl[$cid]);
74
75	81bfb231	jim-p	$act = $_GET['act'];
76			if ($_POST['act'])
77			$act = $_POST['act'];
78
79	c1f95f5c	jim-p	if (!empty($id))
80			$thiscrl =& lookup_crl($id);
81	81bfb231	jim-p
82	c1f95f5c	jim-p	// If we were given an invalid crlref in the id, no sense in continuing as it would only cause errors.
83			if (!$thiscrl && (($act != "") && ($act != "new"))) {
84			pfSenseHeader("system_crlmanager.php");
85			$act="";
86			$savemsg = gettext("Invalid CRL reference.");
87			}
88
89			if ($act == "del") {
90			$name = $thiscrl['descr'];
91			if (crl_in_use($id)) {
92	ad8df715	jim-p	$savemsg = sprintf(gettext("Certificate Revocation List %s is in use and cannot be deleted"), $name) . "<br/>";
93			} else {
94	c1f95f5c	jim-p	foreach ($a_crl as $cid => $acrl)
95			if ($acrl['refid'] == $thiscrl['refid'])
96			unset($a_crl[$cid]);
97	ad08687b	jim-p	write_config("Deleted CRL {$name}.");
98	ad8df715	jim-p	$savemsg = sprintf(gettext("Certificate Revocation List %s successfully deleted"), $name) . "<br/>";
99			}
100	81bfb231	jim-p	}
101
102			if ($act == "new") {
103			$pconfig['method'] = $_GET['method'];
104			$pconfig['caref'] = $_GET['caref'];
105			$pconfig['lifetime'] = "9999";
106			$pconfig['serial'] = "0";
107			}
108
109			if ($act == "exp") {
110	45508803	jim-p	crl_update($thiscrl);
111	c1f95f5c	jim-p	$exp_name = urlencode("{$thiscrl['descr']}.crl");
112			$exp_data = base64_decode($thiscrl['text']);
113	81bfb231	jim-p	$exp_size = strlen($exp_data);
114
115			header("Content-Type: application/octet-stream");
116			header("Content-Disposition: attachment; filename={$exp_name}");
117			header("Content-Length: $exp_size");
118			echo $exp_data;
119			exit;
120			}
121
122	28ff7ace	jim-p	if ($act == "addcert") {
123			if ($_POST) {
124			unset($input_errors);
125			$pconfig = $_POST;
126
127			if (!$pconfig['crlref'] \|\| !$pconfig['certref']) {
128			pfSenseHeader("system_crlmanager.php");
129			exit;
130			}
131
132			// certref, crlref
133			$crl =& lookup_crl($pconfig['crlref']);
134			$cert = lookup_cert($pconfig['certref']);
135
136			if (!$crl['caref'] \|\| !$cert['caref']) {
137			$input_errors[] = gettext("Both the Certificate and CRL must be specified.");
138			}
139
140			if ($crl['caref'] != $cert['caref']) {
141			$input_errors[] = gettext("CA mismatch between the Certificate and CRL. Unable to Revoke.");
142			}
143			if (!is_crl_internal($crl)) {
144			$input_errors[] = gettext("Cannot revoke certificates for an imported/external CRL.");
145			}
146
147			if (!$input_errors) {
148	fc54f29b	jim-p	$reason = (empty($pconfig['crlreason'])) ? OCSP_REVOKED_STATUS_UNSPECIFIED : $pconfig['crlreason'];
149			cert_revoke($cert, $crl, $reason);
150	8e022a76	jim-p	openvpn_refresh_crls();
151	cfcc6994	jim-p	write_config("Revoked cert {$cert['descr']} in CRL {$crl['descr']}.");
152	28ff7ace	jim-p	pfSenseHeader("system_crlmanager.php");
153	ad08687b	jim-p	exit;
154	28ff7ace	jim-p	}
155			}
156			}
157
158			if ($act == "delcert") {
159	c1f95f5c	jim-p	if (!is_array($thiscrl['cert'])) {
160	28ff7ace	jim-p	pfSenseHeader("system_crlmanager.php");
161			exit;
162			}
163	c1f95f5c	jim-p	$found = false;
164			foreach ($thiscrl['cert'] as $acert) {
165			if ($acert['refid'] == $_GET['certref']) {
166			$found = true;
167			$thiscert = $acert;
168			}
169			}
170			if (!$found) {
171			pfSenseHeader("system_crlmanager.php");
172			exit;
173			}
174			$name = $thiscert['descr'];
175			if (cert_unrevoke($thiscert, $thiscrl)) {
176			$savemsg = sprintf(gettext("Deleted Certificate %s from CRL %s"), $name, $thiscrl['descr']) . "<br/>";
177			openvpn_refresh_crls();
178	cfcc6994	jim-p	write_config(sprintf(gettext("Deleted Certificate %s from CRL %s"), $name, $thiscrl['descr']));
179	c1f95f5c	jim-p	} else {
180			$savemsg = sprintf(gettext("Failed to delete Certificate %s from CRL %s"), $name, $thiscrl['descr']) . "<br/>";
181			}
182			$act="edit";
183	28ff7ace	jim-p	}
184
185	81bfb231	jim-p	if ($_POST) {
186			unset($input_errors);
187			$pconfig = $_POST;
188
189			/* input validation */
190	6f3d3a07	jim-p	if (($pconfig['method'] == "existing") \|\| ($act == "editimported")) {
191	5293bfec	jim-p	$reqdfields = explode(" ", "descr crltext");
192	81bfb231	jim-p	$reqdfieldsn = array(
193			gettext("Descriptive name"),
194			gettext("Certificate Revocation List data"));
195			}
196			if ($pconfig['method'] == "internal") {
197			$reqdfields = explode(" ",
198	5293bfec	jim-p	"descr caref");
199	81bfb231	jim-p	$reqdfieldsn = array(
200			gettext("Descriptive name"),
201			gettext("Certificate Authority"));
202			}
203
204	1e9b4611	Renato Botelho	do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors);
205	81bfb231	jim-p
206			/* if this is an AJAX caller then handle via JSON */
207			if (isAjax() && is_array($input_errors)) {
208			input_errors2Ajax($input_errors);
209			exit;
210			}
211
212			/* save modifications */
213			if (!$input_errors) {
214			$result = false;
215
216	304af9d8	jim-p	if ($thiscrl) {
217	c1f95f5c	jim-p	$crl =& $thiscrl;
218	304af9d8	jim-p	} else {
219			$crl = array();
220			$crl['refid'] = uniqid();
221			}
222	81bfb231	jim-p
223	f2a86ca9	jim-p	$crl['descr'] = $pconfig['descr'];
224	6f3d3a07	jim-p	if ($act != "editimported") {
225			$crl['caref'] = $pconfig['caref'];
226			$crl['method'] = $pconfig['method'];
227			}
228	81bfb231	jim-p
229	6f3d3a07	jim-p	if (($pconfig['method'] == "existing") \|\| ($act == "editimported")) {
230	304af9d8	jim-p	$crl['text'] = base64_encode($pconfig['crltext']);
231	81bfb231	jim-p	}
232
233			if ($pconfig['method'] == "internal") {
234			$crl['serial'] = empty($pconfig['serial']) ? 9999 : $pconfig['serial'];
235			$crl['lifetime'] = empty($pconfig['lifetime']) ? 9999 : $pconfig['lifetime'];
236			$crl['cert'] = array();
237			}
238
239	c1f95f5c	jim-p	if (!$thiscrl)
240	81bfb231	jim-p	$a_crl[] = $crl;
241
242	304af9d8	jim-p	write_config("Saved CRL {$crl['descr']}");
243	6f3d3a07	jim-p	openvpn_refresh_crls();
244	81bfb231	jim-p	pfSenseHeader("system_crlmanager.php");
245			}
246			}
247
248			include("head.inc");
249			?>
250
251			<body link="#000000" vlink="#000000" alink="#000000" onload="<?= $jsevents["body"]["onload"] ?>">
252			<?php include("fbegin.inc"); ?>
253			<script type="text/javascript">
254	0d15afff	Colin Fleming	//<![CDATA[
255	81bfb231	jim-p
256			function method_change() {
257
258	44bcc1be	jim-p	method = document.iform.method.value;
259	81bfb231	jim-p
260			switch (method) {
261	44bcc1be	jim-p	case "internal":
262	81bfb231	jim-p	document.getElementById("existing").style.display="none";
263			document.getElementById("internal").style.display="";
264			break;
265	44bcc1be	jim-p	case "existing":
266	81bfb231	jim-p	document.getElementById("existing").style.display="";
267			document.getElementById("internal").style.display="none";
268			break;
269			}
270			}
271
272	0d15afff	Colin Fleming	//]]>
273	81bfb231	jim-p	</script>
274			<?php
275			if ($input_errors)
276			print_input_errors($input_errors);
277			if ($savemsg)
278			print_info_box($savemsg);
279			?>
280	0d15afff	Colin Fleming	<table width="100%" border="0" cellpadding="0" cellspacing="0" summary="CRL manager">
281	81bfb231	jim-p	<tr>
282			<td>
283			<?php
284			$tab_array = array();
285			$tab_array[] = array(gettext("CAs"), false, "system_camanager.php");
286			$tab_array[] = array(gettext("Certificates"), false, "system_certmanager.php");
287			$tab_array[] = array(gettext("Certificate Revocation"), true, "system_crlmanager.php");
288			display_top_tabs($tab_array);
289			?>
290			</td>
291			</tr>
292			<tr>
293			<td id="mainarea">
294			<div class="tabcont">
295
296			<?php if ($act == "new" \|\| $act == gettext("Save") \|\| $input_errors): ?>
297
298			<form action="system_crlmanager.php" method="post" name="iform" id="iform">
299	0d15afff	Colin Fleming	<table width="100%" border="0" cellpadding="6" cellspacing="0" summary="main area">
300	81bfb231	jim-p	<?php if (!isset($id)): ?>
301			<tr>
302			<td width="22%" valign="top" class="vncellreq"><?=gettext("Method");?></td>
303			<td width="78%" class="vtable">
304			<select name='method' id='method' class="formselect" onchange='method_change()'>
305			<?php
306			foreach($crl_methods as $method => $desc):
307	44bcc1be	jim-p	if (($_GET['importonly'] == "yes") && ($method != "existing"))
308			continue;
309	81bfb231	jim-p	$selected = "";
310			if ($pconfig['method'] == $method)
311	0d15afff	Colin Fleming	$selected = "selected=\"selected\"";
312	81bfb231	jim-p	?>
313			<option value="<?=$method;?>"<?=$selected;?>><?=$desc;?></option>
314			<?php endforeach; ?>
315			</select>
316			</td>
317			</tr>
318			<?php endif; ?>
319			<tr>
320			<td width="22%" valign="top" class="vncellreq"><?=gettext("Descriptive name");?></td>
321			<td width="78%" class="vtable">
322	f2a86ca9	jim-p	<input name="descr" type="text" class="formfld unknown" id="descr" size="20" value="<?=htmlspecialchars($pconfig['descr']);?>"/>
323	81bfb231	jim-p	</td>
324			</tr>
325			<tr>
326			<td width="22%" valign="top" class="vncellreq"><?=gettext("Certificate Authority");?></td>
327			<td width="78%" class="vtable">
328			<select name='caref' id='caref' class="formselect">
329			<?php
330			foreach($a_ca as $ca):
331			$selected = "";
332			if ($pconfig['caref'] == $ca['refid'])
333	0d15afff	Colin Fleming	$selected = "selected=\"selected\"";
334	81bfb231	jim-p	?>
335	f2a86ca9	jim-p	<option value="<?=$ca['refid'];?>"<?=$selected;?>><?=$ca['descr'];?></option>
336	81bfb231	jim-p	<?php endforeach; ?>
337			</select>
338			</td>
339			</tr>
340			</table>
341
342	0d15afff	Colin Fleming	<table width="100%" border="0" cellpadding="6" cellspacing="0" id="existing" summary="existing">
343	81bfb231	jim-p	<tr>
344			<td colspan="2" class="list" height="12"></td>
345			</tr>
346			<tr>
347			<td colspan="2" valign="top" class="listtopic"><?=gettext("Existing Certificate Revocation List");?></td>
348			</tr>
349
350			<tr>
351			<td width="22%" valign="top" class="vncellreq"><?=gettext("CRL data");?></td>
352			<td width="78%" class="vtable">
353	364ecdd1	jim-p	<textarea name="crltext" id="crltext" cols="65" rows="7" class="formfld_crl"><?=$pconfig['crltext'];?></textarea>
354	0d15afff	Colin Fleming	<br/>
355			<?=gettext("Paste a Certificate Revocation List in X.509 CRL format here.");?>
356	81bfb231	jim-p	</td>
357			</tr>
358			</table>
359
360	0d15afff	Colin Fleming	<table width="100%" border="0" cellpadding="6" cellspacing="0" id="internal" summary="internal">
361	81bfb231	jim-p	<tr>
362			<td colspan="2" class="list" height="12"></td>
363			</tr>
364			<tr>
365			<td colspan="2" valign="top" class="listtopic"><?=gettext("Internal Certificate Revocation List");?></td>
366			</tr>
367			<tr>
368			<td width="22%" valign="top" class="vncellreq"><?=gettext("Lifetime");?></td>
369			<td width="78%" class="vtable">
370			<input name="lifetime" type="text" class="formfld unknown" id="lifetime" size="5" value="<?=htmlspecialchars($pconfig['lifetime']);?>"/>
371			<?=gettext("days");?><br/>
372			<?=gettext("Default: 9999");?>
373			</td>
374			</tr>
375			<tr>
376			<td width="22%" valign="top" class="vncellreq"><?=gettext("Serial");?></td>
377			<td width="78%" class="vtable">
378	0d15afff	Colin Fleming	<input name="serial" type="text" class="formfld unknown" id="serial" size="5" value="<?=htmlspecialchars($pconfig['serial']);?>"/>
379	81bfb231	jim-p	<br/>
380			<?=gettext("Default: 0");?>
381			</td>
382			</tr>
383			</table>
384
385	0d15afff	Colin Fleming	<table width="100%" border="0" cellpadding="6" cellspacing="0" summary="save">
386	81bfb231	jim-p	<tr>
387			<td width="22%" valign="top"> </td>
388			<td width="78%">
389			<input id="submit" name="save" type="submit" class="formbtn" value="<?=gettext("Save"); ?>" />
390	c1f95f5c	jim-p	<?php if (isset($id) && $thiscrl): ?>
391	81bfb231	jim-p	<input name="id" type="hidden" value="<?=$id;?>" />
392			<?php endif;?>
393			</td>
394			</tr>
395			</table>
396			</form>
397	6f3d3a07	jim-p	<?php elseif ($act == "editimported"): ?>
398			<?php $crl = $thiscrl; ?>
399			<form action="system_crlmanager.php" method="post" name="iform" id="iform">
400	0d15afff	Colin Fleming	<table width="100%" border="0" cellpadding="6" cellspacing="0" id="editimported" summary="import">
401	6f3d3a07	jim-p	<tr>
402			<td colspan="2" valign="top" class="listtopic"><?=gettext("Edit Imported Certificate Revocation List");?></td>
403			</tr>
404			<tr>
405			<td width="22%" valign="top" class="vncellreq"><?=gettext("Descriptive name");?></td>
406			<td width="78%" class="vtable">
407			<input name="descr" type="text" class="formfld unknown" id="descr" size="20" value="<?=htmlspecialchars($crl['descr']);?>"/>
408			</td>
409			</tr>
410			<tr>
411			<td width="22%" valign="top" class="vncellreq"><?=gettext("CRL data");?></td>
412			<td width="78%" class="vtable">
413			<textarea name="crltext" id="crltext" cols="65" rows="7" class="formfld_crl"><?=base64_decode($crl['text']);?></textarea>
414	0d15afff	Colin Fleming	<br/>
415	6f3d3a07	jim-p	<?=gettext("Paste a Certificate Revocation List in X.509 CRL format here.");?></td>
416			</td>
417			</tr>
418			<tr>
419			<td width="22%" valign="top"> </td>
420			<td width="78%">
421			<input id="submit" name="save" type="submit" class="formbtn" value="<?=gettext("Save"); ?>" />
422			<input name="id" type="hidden" value="<?=$id;?>" />
423			<input name="act" type="hidden" value="editimported" />
424			</td>
425			</tr>
426			</table>
427			</form>
428
429	28ff7ace	jim-p	<?php elseif ($act == "edit"): ?>
430	c1f95f5c	jim-p	<?php $crl = $thiscrl; ?>
431	28ff7ace	jim-p	<form action="system_crlmanager.php" method="post" name="iform" id="iform">
432	0d15afff	Colin Fleming	<table width="100%" border="0" cellpadding="0" cellspacing="0" summary="revoke">
433	28ff7ace	jim-p	<thead>
434			<tr>
435	fc54f29b	jim-p	<th width="90%" class="listhdrr" colspan="3"><b><?php echo gettext("Currently Revoked Certificates for CRL") . ': ' . $crl['descr']; ?></b></th>
436			<th width="10%" class="list"></th>
437			</tr>
438			<tr>
439			<th width="30%" class="listhdrr"><b><?php echo gettext("Certificate Name")?></b></th>
440			<th width="30%" class="listhdrr"><b><?php echo gettext("Revocation Reason")?></b></th>
441			<th width="30%" class="listhdrr"><b><?php echo gettext("Revoked At")?></b></th>
442			<th width="10%" class="list"></th>
443	28ff7ace	jim-p	</tr>
444			</thead>
445			<tbody>
446			<?php /* List Certs on CRL */
447			if (!is_array($crl['cert']) \|\| (count($crl['cert']) == 0)): ?>
448			<tr>
449	fc54f29b	jim-p	<td class="listlr" colspan="3">
450	28ff7ace	jim-p	<?php echo gettext("No Certificates Found for this CRL."); ?>
451			</td>
452			<td class="list"> </td>
453			</td>
454			<?php else:
455			foreach($crl['cert'] as $i => $cert):
456			$name = htmlspecialchars($cert['descr']);
457			?>
458			<tr>
459			<td class="listlr">
460			<?php echo $name; ?>
461			</td>
462	fc54f29b	jim-p	<td class="listlr">
463			<?php echo $openssl_crl_status[$cert["reason"]]; ?>
464			</td>
465			<td class="listlr">
466			<?php echo date("D M j G:i:s T Y", $cert["revoke_time"]); ?>
467			</td>
468	28ff7ace	jim-p	<td class="list">
469	0d15afff	Colin Fleming	<a href="system_crlmanager.php?act=delcert&id=<?php echo $crl['refid']; ?>&certref=<?php echo $cert['refid']; ?>" onclick="return confirm('<?=gettext("Do you really want to delete this Certificate from the CRL?");?>')">
470	28ff7ace	jim-p	<img src="/themes/<?= $g['theme'];?>/images/icons/icon_x.gif" title="<?=gettext("Delete this certificate from the CRL ");?>" alt="<?=gettext("Delete this certificate from the CRL ");?>" width="17" height="17" border="0" />
471			</a>
472			</td>
473			</tr>
474			<?php
475			endforeach;
476			endif;
477			?>
478			<?php /* Drop-down with other certs from this CA. */
479			// Map Certs to CAs in one pass
480			$ca_certs = array();
481			foreach($a_cert as $cert)
482			if ($cert['caref'] == $crl['caref'])
483			$ca_certs[] = $cert;
484			if (count($ca_certs) == 0): ?>
485			<tr>
486	fc54f29b	jim-p	<td class="listlr" colspan="3">
487	28ff7ace	jim-p	<?php echo gettext("No Certificates Found for this CA."); ?>
488			</td>
489			<td class="list"> </td>
490			</td>
491			<?php else: ?>
492			<tr>
493	fc54f29b	jim-p	<td class="listlr" colspan="3" align="center">
494	28ff7ace	jim-p	<b><?php echo gettext("Choose a Certificate to Revoke"); ?></b>: <select name='certref' id='certref' class="formselect">
495			<?php foreach($ca_certs as $cert): ?>
496	fc54f29b	jim-p	<option value="<?=$cert['refid'];?>"><?=htmlspecialchars($cert['descr'])?></option>
497	28ff7ace	jim-p	<?php endforeach; ?>
498	fc54f29b	jim-p	</select>
499			<b><?php echo gettext("Reason");?></b>:
500			<select name='crlreason' id='crlreason' class="formselect">
501			<?php foreach($openssl_crl_status as $code => $reason): ?>
502			<option value="<?= $code ?>"><?= htmlspecialchars($reason) ?></option>
503			<?php endforeach; ?>
504			</select>
505	28ff7ace	jim-p	<input name="act" type="hidden" value="addcert" />
506			<input name="crlref" type="hidden" value="<?=$crl['refid'];?>" />
507	c1f95f5c	jim-p	<input name="id" type="hidden" value="<?=$crl['refid'];?>" />
508	28ff7ace	jim-p	<input id="submit" name="add" type="submit" class="formbtn" value="<?=gettext("Add"); ?>" />
509			</td>
510			<td class="list"> </td>
511			</tr>
512			<?php endif; ?>
513			</tbody>
514			</table>
515			</form>
516	81bfb231	jim-p	<?php else: ?>
517
518	0d15afff	Colin Fleming	<table width="100%" border="0" cellpadding="0" cellspacing="0" summary="ocpms">
519	81bfb231	jim-p	<thead>
520			<tr>
521			<td width="35%" class="listhdrr"><?=gettext("Name");?></td>
522			<td width="10%" class="listhdrr"><?=gettext("Internal");?></td>
523			<td width="35%" class="listhdrr"><?=gettext("Certificates");?></td>
524			<td width="10%" class="listhdrr"><?=gettext("In Use");?></td>
525			<td width="10%" class="list"></td>
526			</tr>
527			</thead>
528	0d15afff	Colin Fleming	<tfoot>
529			<tr>
530			<td colspan="5">
531			<p>
532			<?=gettext("Additional Certificate Revocation Lists can be added here.");?>
533			</p>
534			</td>
535			</tr>
536			</tfoot> <tbody>
537	81bfb231	jim-p	<?php
538	0d5c21f7	Chris Buechler	$caimg = "/themes/{$g['theme']}/images/icons/icon_frmfld_cert.png";
539	28ff7ace	jim-p	// Map CRLs to CAs in one pass
540	81bfb231	jim-p	$ca_crl_map = array();
541			foreach($a_crl as $crl)
542			$ca_crl_map[$crl['caref']][] = $crl['refid'];
543
544			$i = 0;
545			foreach($a_ca as $ca):
546	f2a86ca9	jim-p	$name = htmlspecialchars($ca['descr']);
547	81bfb231	jim-p
548			if($ca['prv']) {
549	44bcc1be	jim-p	$cainternal = "YES";
550	81bfb231	jim-p	} else
551	44bcc1be	jim-p	$cainternal = "NO";
552	81bfb231	jim-p	?>
553			<tr>
554			<td class="listlr" colspan="4">
555	0d15afff	Colin Fleming	<table border="0" cellpadding="0" cellspacing="0" summary="icon">
556	81bfb231	jim-p	<tr>
557	0d15afff	Colin Fleming	<td align="left" valign="middle">
558	81bfb231	jim-p	<img src="<?=$caimg;?>" alt="CA" title="CA" border="0" height="16" width="16" />
559			</td>
560			<td align="left" valign="middle">
561			<?=$name;?>
562			</td>
563			</tr>
564			</table>
565			</td>
566			<td class="list">
567	44bcc1be	jim-p	<?php if ($cainternal == "YES"): ?>
568	d5059f4c	bcyrill	<a href="system_crlmanager.php?act=new&caref=<?php echo $ca['refid']; ?>">
569	b1e4005f	Vinicius Coque	<img src="/themes/<?= $g['theme'];?>/images/icons/icon_plus.gif" title="<?php printf(gettext("Add or Import CRL for %s"),$ca['descr']);?>" alt="<?=gettext("add crl");?>" width="17" height="17" border="0" />
570	81bfb231	jim-p	</a>
571	44bcc1be	jim-p	<?php else: ?>
572	d5059f4c	bcyrill	<a href="system_crlmanager.php?act=new&caref=<?php echo $ca['refid']; ?>&importonly=yes">
573	b1e4005f	Vinicius Coque	<img src="/themes/<?= $g['theme'];?>/images/icons/icon_plus.gif" title="<?php printf(gettext("Import CRL for %s"),$ca['descr']);?>" alt="<?=gettext("add crl");?>" width="17" height="17" border="0" />
574	44bcc1be	jim-p	</a>
575			<?php endif; ?>
576	81bfb231	jim-p	</td>
577			</tr>
578
579			<?php
580			if (is_array($ca_crl_map[$ca['refid']])):
581			foreach($ca_crl_map[$ca['refid']] as $crl):
582			$tmpcrl = lookup_crl($crl);
583	ad8df715	jim-p	$internal = is_crl_internal($tmpcrl);
584			$inuse = crl_in_use($tmpcrl['refid']);
585	81bfb231	jim-p	?>
586			<tr>
587	f2a86ca9	jim-p	<td class="listlr"><?php echo $tmpcrl['descr']; ?></td>
588	ad8df715	jim-p	<td class="listr"><?php echo ($internal) ? "YES" : "NO"; ?></td>
589			<td class="listr"><?php echo ($internal) ? count($tmpcrl['cert']) : "Unknown (imported)"; ?></td>
590			<td class="listr"><?php echo ($inuse) ? "YES" : "NO"; ?></td>
591	0d15afff	Colin Fleming	<td valign="middle" class="list nowrap">
592			<a href="system_crlmanager.php?act=exp&id=<?=$tmpcrl['refid'];?>">
593	f2a86ca9	jim-p	<img src="/themes/<?= $g['theme'];?>/images/icons/icon_down.gif" title="<?=gettext("Export CRL") . " " . htmlspecialchars($tmpcrl['descr']);?>" alt="<?=gettext("Export CRL") . " " . htmlspecialchars($tmpcrl['descr']);?>" width="17" height="17" border="0" />
594	81bfb231	jim-p	</a>
595	28ff7ace	jim-p	<?php if ($internal): ?>
596	0d15afff	Colin Fleming	<a href="system_crlmanager.php?act=edit&id=<?=$tmpcrl['refid'];?>">
597	c1f95f5c	jim-p	<img src="/themes/<?= $g['theme'];?>/images/icons/icon_e.gif" title="<?=gettext("Edit CRL") . " " . htmlspecialchars($tmpcrl['descr']);?>" alt="<?=gettext("Edit CRL") . " " . htmlspecialchars($tmpcrl['descr']);?>" width="17" height="17" border="0" />
598	28ff7ace	jim-p	</a>
599	6f3d3a07	jim-p	<?php else: ?>
600	d5059f4c	bcyrill	<a href="system_crlmanager.php?act=editimported&id=<?=$tmpcrl['refid'];?>">
601	6f3d3a07	jim-p	<img src="/themes/<?= $g['theme'];?>/images/icons/icon_e.gif" title="<?=gettext("Edit CRL") . " " . htmlspecialchars($tmpcrl['descr']);?>" alt="<?=gettext("Edit CRL") . " " . htmlspecialchars($tmpcrl['descr']);?>" width="17" height="17" border="0" />
602			</a>
603	28ff7ace	jim-p	<?php endif; ?>
604	ad8df715	jim-p	<?php if (!$inuse): ?>
605	0d15afff	Colin Fleming	<a href="system_crlmanager.php?act=del&id=<?=$tmpcrl['refid'];?>" onclick="return confirm('<?=gettext("Do you really want to delete this Certificate Revocation List?") . ' (' . htmlspecialchars($tmpcrl['descr']) . ')';?>')">
606	f2a86ca9	jim-p	<img src="/themes/<?= $g['theme'];?>/images/icons/icon_x.gif" title="<?=gettext("Delete CRL") . " " . htmlspecialchars($tmpcrl['descr']);?>" alt="<?=gettext("Delete CRL") . " " . htmlspecialchars($tmpcrl['descr']); ?>" width="17" height="17" border="0" />
607	81bfb231	jim-p	</a>
608	ad8df715	jim-p	<?php endif; ?>
609	81bfb231	jim-p	</td>
610			</tr>
611			<?php
612			$i++;
613			endforeach;
614			endif;
615			?>
616			<tr><td colspan="5"> </td></tr>
617			<?php
618			$i++;
619			endforeach;
620			?>
621			</tbody>
622			</table>
623
624			<?php endif; ?>
625
626			</div>
627			</td>
628			</tr>
629			</table>
630			<?php include("fend.inc");?>
631			<script type="text/javascript">
632	0d15afff	Colin Fleming	//<![CDATA[
633	81bfb231	jim-p
634			method_change();
635
636	0d15afff	Colin Fleming	//]]>
637	81bfb231	jim-p	</script>
638
639			</body>
640	0d15afff	Colin Fleming	</html>

Project

General

Profile

pfSense