/src/usr/local/www/system_crlmanager.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/src/usr/local/www/system_crlmanager.php @ fc9795b5

1	81bfb231	jim-p	<?php
2			/*
3			system_crlmanager.php
4			*/
5	3a9f3078	Stephen Beaver	/* ====================================================================
6			* Copyright (c) 2004-2015 Electric Sheep Fencing, LLC. All rights reserved.
7			*
8			* Redistribution and use in source and binary forms, with or without modification,
9			* are permitted provided that the following conditions are met:
10			*
11			* 1. Redistributions of source code must retain the above copyright notice,
12			* this list of conditions and the following disclaimer.
13			*
14			* 2. Redistributions in binary form must reproduce the above copyright
15			* notice, this list of conditions and the following disclaimer in
16			* the documentation and/or other materials provided with the
17			* distribution.
18			*
19			* 3. All advertising materials mentioning features or use of this software
20			* must display the following acknowledgment:
21			* "This product includes software developed by the pfSense Project
22			* for use in the pfSense software distribution. (http://www.pfsense.org/).
23			*
24			* 4. The names "pfSense" and "pfSense Project" must not be used to
25			* endorse or promote products derived from this software without
26			* prior written permission. For written permission, please contact
27			* coreteam@pfsense.org.
28			*
29			* 5. Products derived from this software may not be called "pfSense"
30			* nor may "pfSense" appear in their names without prior written
31			* permission of the Electric Sheep Fencing, LLC.
32			*
33			* 6. Redistributions of any form whatsoever must retain the following
34			* acknowledgment:
35			*
36			* "This product includes software developed by the pfSense Project
37			* for use in the pfSense software distribution (http://www.pfsense.org/).
38			*
39			* THIS SOFTWARE IS PROVIDED BY THE pfSense PROJECT ``AS IS'' AND ANY
40			* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41			* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42			* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE pfSense PROJECT OR
43			* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44			* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45			* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46			* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47			* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48			* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49			* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50			* OF THE POSSIBILITY OF SUCH DAMAGE.
51			*
52			* ====================================================================
53			*
54			*/
55	81bfb231	jim-p
56			##\|+PRIV
57			##\|*IDENT=page-system-crlmanager
58			##\|*NAME=System: CRL Manager
59			##\|*DESCR=Allow access to the 'System: CRL Manager' page.
60			##\|MATCH=system_crlmanager.php
61			##\|-PRIV
62
63			require("guiconfig.inc");
64			require_once("certs.inc");
65	0dea741f	Chris Buechler	require_once("openvpn.inc");
66			require_once("vpn.inc");
67	81bfb231	jim-p
68	fc54f29b	jim-p	global $openssl_crl_status;
69
70	2d0d804b	Phil Davis	$pgtitle = array(gettext("System"), gettext("Certificate Manager"), gettext("Certificate Revocation Lists"));
71	81bfb231	jim-p
72			$crl_methods = array(
73			"internal" => gettext("Create an internal Certificate Revocation List"),
74			"existing" => gettext("Import an existing Certificate Revocation List"));
75
76	56b1ed39	Phil Davis	if (ctype_alnum($_GET['id'])) {
77	e41ec584	Renato Botelho	$id = $_GET['id'];
78	56b1ed39	Phil Davis	}
79			if (isset($_POST['id']) && ctype_alnum($_POST['id'])) {
80	81bfb231	jim-p	$id = $_POST['id'];
81	56b1ed39	Phil Davis	}
82	81bfb231	jim-p
83	56b1ed39	Phil Davis	if (!is_array($config['ca'])) {
84	81bfb231	jim-p	$config['ca'] = array();
85	56b1ed39	Phil Davis	}
86	81bfb231	jim-p
87			$a_ca =& $config['ca'];
88
89	56b1ed39	Phil Davis	if (!is_array($config['cert'])) {
90	81bfb231	jim-p	$config['cert'] = array();
91	56b1ed39	Phil Davis	}
92	81bfb231	jim-p
93			$a_cert =& $config['cert'];
94
95	56b1ed39	Phil Davis	if (!is_array($config['crl'])) {
96	81bfb231	jim-p	$config['crl'] = array();
97	56b1ed39	Phil Davis	}
98	81bfb231	jim-p
99			$a_crl =& $config['crl'];
100
101	56b1ed39	Phil Davis	foreach ($a_crl as $cid => $acrl) {
102			if (!isset($acrl['refid'])) {
103	c1f95f5c	jim-p	unset ($a_crl[$cid]);
104	56b1ed39	Phil Davis	}
105			}
106	c1f95f5c	jim-p
107	81bfb231	jim-p	$act = $_GET['act'];
108	56b1ed39	Phil Davis	if ($_POST['act']) {
109	81bfb231	jim-p	$act = $_POST['act'];
110	56b1ed39	Phil Davis	}
111	81bfb231	jim-p
112	56b1ed39	Phil Davis	if (!empty($id)) {
113	c1f95f5c	jim-p	$thiscrl =& lookup_crl($id);
114	56b1ed39	Phil Davis	}
115	81bfb231	jim-p
116	c1f95f5c	jim-p	// If we were given an invalid crlref in the id, no sense in continuing as it would only cause errors.
117			if (!$thiscrl && (($act != "") && ($act != "new"))) {
118			pfSenseHeader("system_crlmanager.php");
119			$act="";
120			$savemsg = gettext("Invalid CRL reference.");
121	3a9f3078	Stephen Beaver	}
122	c1f95f5c	jim-p
123			if ($act == "del") {
124	234cde4b	jim-p	$name = htmlspecialchars($thiscrl['descr']);
125	c1f95f5c	jim-p	if (crl_in_use($id)) {
126	8cd558b6	ayvis	$savemsg = sprintf(gettext("Certificate Revocation List %s is in use and cannot be deleted"), $name) . "<br />";
127	ad8df715	jim-p	} else {
128	56b1ed39	Phil Davis	foreach ($a_crl as $cid => $acrl) {
129			if ($acrl['refid'] == $thiscrl['refid']) {
130	c1f95f5c	jim-p	unset($a_crl[$cid]);
131	56b1ed39	Phil Davis	}
132			}
133	ad08687b	jim-p	write_config("Deleted CRL {$name}.");
134	8cd558b6	ayvis	$savemsg = sprintf(gettext("Certificate Revocation List %s successfully deleted"), $name) . "<br />";
135	ad8df715	jim-p	}
136	81bfb231	jim-p	}
137
138			if ($act == "new") {
139			$pconfig['method'] = $_GET['method'];
140			$pconfig['caref'] = $_GET['caref'];
141			$pconfig['lifetime'] = "9999";
142			$pconfig['serial'] = "0";
143			}
144
145			if ($act == "exp") {
146	45508803	jim-p	crl_update($thiscrl);
147	c1f95f5c	jim-p	$exp_name = urlencode("{$thiscrl['descr']}.crl");
148			$exp_data = base64_decode($thiscrl['text']);
149	81bfb231	jim-p	$exp_size = strlen($exp_data);
150
151			header("Content-Type: application/octet-stream");
152			header("Content-Disposition: attachment; filename={$exp_name}");
153			header("Content-Length: $exp_size");
154			echo $exp_data;
155			exit;
156			}
157
158	28ff7ace	jim-p	if ($act == "addcert") {
159			if ($_POST) {
160			unset($input_errors);
161			$pconfig = $_POST;
162
163			if (!$pconfig['crlref'] \|\| !$pconfig['certref']) {
164			pfSenseHeader("system_crlmanager.php");
165			exit;
166			}
167
168			// certref, crlref
169			$crl =& lookup_crl($pconfig['crlref']);
170			$cert = lookup_cert($pconfig['certref']);
171
172			if (!$crl['caref'] \|\| !$cert['caref']) {
173			$input_errors[] = gettext("Both the Certificate and CRL must be specified.");
174			}
175
176			if ($crl['caref'] != $cert['caref']) {
177			$input_errors[] = gettext("CA mismatch between the Certificate and CRL. Unable to Revoke.");
178			}
179			if (!is_crl_internal($crl)) {
180			$input_errors[] = gettext("Cannot revoke certificates for an imported/external CRL.");
181			}
182
183			if (!$input_errors) {
184	fc54f29b	jim-p	$reason = (empty($pconfig['crlreason'])) ? OCSP_REVOKED_STATUS_UNSPECIFIED : $pconfig['crlreason'];
185			cert_revoke($cert, $crl, $reason);
186	3a9f3078	Stephen Beaver	// refresh IPsec and OpenVPN CRLs
187	8e022a76	jim-p	openvpn_refresh_crls();
188	6141f51a	Chris Buechler	vpn_ipsec_configure();
189	cfcc6994	jim-p	write_config("Revoked cert {$cert['descr']} in CRL {$crl['descr']}.");
190	28ff7ace	jim-p	pfSenseHeader("system_crlmanager.php");
191	ad08687b	jim-p	exit;
192	28ff7ace	jim-p	}
193			}
194			}
195
196			if ($act == "delcert") {
197	c1f95f5c	jim-p	if (!is_array($thiscrl['cert'])) {
198	28ff7ace	jim-p	pfSenseHeader("system_crlmanager.php");
199			exit;
200			}
201	c1f95f5c	jim-p	$found = false;
202			foreach ($thiscrl['cert'] as $acert) {
203			if ($acert['refid'] == $_GET['certref']) {
204			$found = true;
205			$thiscert = $acert;
206			}
207			}
208			if (!$found) {
209			pfSenseHeader("system_crlmanager.php");
210			exit;
211			}
212	234cde4b	jim-p	$certname = htmlspecialchars($thiscert['descr']);
213			$crlname = htmlspecialchars($thiscrl['descr']);
214	c1f95f5c	jim-p	if (cert_unrevoke($thiscert, $thiscrl)) {
215	234cde4b	jim-p	$savemsg = sprintf(gettext("Deleted Certificate %s from CRL %s"), $certname, $crlname) . "<br />";
216	3a9f3078	Stephen Beaver	// refresh IPsec and OpenVPN CRLs
217	c1f95f5c	jim-p	openvpn_refresh_crls();
218	6141f51a	Chris Buechler	vpn_ipsec_configure();
219	234cde4b	jim-p	write_config(sprintf(gettext("Deleted Certificate %s from CRL %s"), $certname, $crlname));
220	c1f95f5c	jim-p	} else {
221	234cde4b	jim-p	$savemsg = sprintf(gettext("Failed to delete Certificate %s from CRL %s"), $certname, $crlname) . "<br />";
222	c1f95f5c	jim-p	}
223			$act="edit";
224	28ff7ace	jim-p	}
225
226	81bfb231	jim-p	if ($_POST) {
227	234cde4b	jim-p	$input_errors = array();
228	81bfb231	jim-p	$pconfig = $_POST;
229
230			/* input validation */
231	6f3d3a07	jim-p	if (($pconfig['method'] == "existing") \|\| ($act == "editimported")) {
232	5293bfec	jim-p	$reqdfields = explode(" ", "descr crltext");
233	81bfb231	jim-p	$reqdfieldsn = array(
234	6c07db48	Phil Davis	gettext("Descriptive name"),
235			gettext("Certificate Revocation List data"));
236	81bfb231	jim-p	}
237			if ($pconfig['method'] == "internal") {
238	6c07db48	Phil Davis	$reqdfields = explode(" ", "descr caref");
239	81bfb231	jim-p	$reqdfieldsn = array(
240	6c07db48	Phil Davis	gettext("Descriptive name"),
241			gettext("Certificate Authority"));
242	81bfb231	jim-p	}
243
244	1e9b4611	Renato Botelho	do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors);
245	81bfb231	jim-p
246	234cde4b	jim-p	if (preg_match("/[\?\>\<\&\/\\\"\']/", $pconfig['descr'])) {
247			array_push($input_errors, "The field 'Descriptive Name' contains invalid characters.");
248			}
249
250	81bfb231	jim-p	/* if this is an AJAX caller then handle via JSON */
251			if (isAjax() && is_array($input_errors)) {
252			input_errors2Ajax($input_errors);
253			exit;
254			}
255
256			/* save modifications */
257			if (!$input_errors) {
258			$result = false;
259
260	304af9d8	jim-p	if ($thiscrl) {
261	c1f95f5c	jim-p	$crl =& $thiscrl;
262	304af9d8	jim-p	} else {
263			$crl = array();
264			$crl['refid'] = uniqid();
265			}
266	81bfb231	jim-p
267	f2a86ca9	jim-p	$crl['descr'] = $pconfig['descr'];
268	6f3d3a07	jim-p	if ($act != "editimported") {
269			$crl['caref'] = $pconfig['caref'];
270			$crl['method'] = $pconfig['method'];
271			}
272	81bfb231	jim-p
273	6f3d3a07	jim-p	if (($pconfig['method'] == "existing") \|\| ($act == "editimported")) {
274	304af9d8	jim-p	$crl['text'] = base64_encode($pconfig['crltext']);
275	81bfb231	jim-p	}
276
277			if ($pconfig['method'] == "internal") {
278			$crl['serial'] = empty($pconfig['serial']) ? 9999 : $pconfig['serial'];
279			$crl['lifetime'] = empty($pconfig['lifetime']) ? 9999 : $pconfig['lifetime'];
280			$crl['cert'] = array();
281			}
282
283	56b1ed39	Phil Davis	if (!$thiscrl) {
284	81bfb231	jim-p	$a_crl[] = $crl;
285	56b1ed39	Phil Davis	}
286	81bfb231	jim-p
287	304af9d8	jim-p	write_config("Saved CRL {$crl['descr']}");
288	3a9f3078	Stephen Beaver	// refresh IPsec and OpenVPN CRLs
289	6f3d3a07	jim-p	openvpn_refresh_crls();
290	6141f51a	Chris Buechler	vpn_ipsec_configure();
291	81bfb231	jim-p	pfSenseHeader("system_crlmanager.php");
292			}
293			}
294
295			include("head.inc");
296			?>
297
298			<script type="text/javascript">
299	0d15afff	Colin Fleming	//<![CDATA[
300	81bfb231	jim-p
301			function method_change() {
302
303	44bcc1be	jim-p	method = document.iform.method.value;
304	81bfb231	jim-p
305			switch (method) {
306	44bcc1be	jim-p	case "internal":
307	81bfb231	jim-p	document.getElementById("existing").style.display="none";
308			document.getElementById("internal").style.display="";
309			break;
310	44bcc1be	jim-p	case "existing":
311	81bfb231	jim-p	document.getElementById("existing").style.display="";
312			document.getElementById("internal").style.display="none";
313			break;
314			}
315			}
316
317	0d15afff	Colin Fleming	//]]>
318	81bfb231	jim-p	</script>
319	f9ee8994	Stephen Beaver
320	81bfb231	jim-p	<?php
321	f9ee8994	Stephen Beaver
322			function build_method_list() {
323			global $_GET, $crl_methods;
324	3a9f3078	Stephen Beaver
325	f9ee8994	Stephen Beaver	$list = array();
326	3a9f3078	Stephen Beaver
327	78863416	Phil Davis	foreach ($crl_methods as $method => $desc) {
328			if (($_GET['importonly'] == "yes") && ($method != "existing")) {
329	f9ee8994	Stephen Beaver	continue;
330	78863416	Phil Davis	}
331	3a9f3078	Stephen Beaver
332	f9ee8994	Stephen Beaver	$list[$method] = $desc;
333	3a9f3078	Stephen Beaver	}
334
335			return($list);
336	f9ee8994	Stephen Beaver	}
337
338			function build_ca_list() {
339			global $a_ca;
340	3a9f3078	Stephen Beaver
341	f9ee8994	Stephen Beaver	$list = array();
342	3a9f3078	Stephen Beaver
343	78863416	Phil Davis	foreach ($a_ca as $ca) {
344	f9ee8994	Stephen Beaver	$list[$ca['refid']] = $ca['descr'];
345	78863416	Phil Davis	}
346	f9ee8994	Stephen Beaver
347			return($list);
348			}
349
350			function build_cacert_list() {
351			global $ca_certs;
352	3a9f3078	Stephen Beaver
353	f9ee8994	Stephen Beaver	$list = array();
354
355	78863416	Phil Davis	foreach($ca_certs as $cert) {
356	3a9f3078	Stephen Beaver	$list[$cert['refid']] = $cert['descr'];
357	78863416	Phil Davis	}
358	f9ee8994	Stephen Beaver
359			return($list);
360	3a9f3078	Stephen Beaver	}
361	f9ee8994	Stephen Beaver
362	78863416	Phil Davis	if ($input_errors) {
363	f9ee8994	Stephen Beaver	print_input_errors($input_errors);
364	78863416	Phil Davis	}
365	3a9f3078	Stephen Beaver
366	78863416	Phil Davis	if ($savemsg) {
367	1f70d78c	NewEraCracker	print_info_box($savemsg, 'success');
368	78863416	Phil Davis	}
369	3a9f3078	Stephen Beaver
370	f9ee8994	Stephen Beaver	$tab_array = array();
371			$tab_array[] = array(gettext("CAs"), false, "system_camanager.php");
372			$tab_array[] = array(gettext("Certificates"), false, "system_certmanager.php");
373			$tab_array[] = array(gettext("Certificate Revocation"), true, "system_crlmanager.php");
374			display_top_tabs($tab_array);
375
376			if ($act == "new" \|\| $act == gettext("Save") \|\| $input_errors) {
377			if (!isset($id)) {
378			$form = new Form();
379	3a9f3078	Stephen Beaver
380	f9ee8994	Stephen Beaver	$section = new Form_Section('Create new revocation list');
381	3a9f3078	Stephen Beaver
382	f9ee8994	Stephen Beaver	$section->addInput(new Form_Select(
383			'method',
384			'Method',
385			$pconfig['method'],
386			build_method_list()
387			));
388	3a9f3078	Stephen Beaver
389	f9ee8994	Stephen Beaver	}
390	3a9f3078	Stephen Beaver
391	f9ee8994	Stephen Beaver	$section->addInput(new Form_Input(
392			'descr',
393			'Descriptive name',
394			'text',
395			$pconfig['descr']
396			));
397
398			$section->addInput(new Form_Select(
399			'caref',
400			'Certificate Authority',
401			$pconfig['caref'],
402			build_ca_list()
403			));
404	3a9f3078	Stephen Beaver
405	f9ee8994	Stephen Beaver	$form->add($section);
406	3a9f3078	Stephen Beaver
407	f9ee8994	Stephen Beaver	$section = new Form_Section('Existing Certificate Revocation List');
408			$section->addClass('existing');
409	3a9f3078	Stephen Beaver
410	f9ee8994	Stephen Beaver	$section->addInput(new Form_Textarea(
411			'crltext',
412			'CRL data',
413			$pconfig['crltext']
414			))->setHelp('Paste a Certificate Revocation List in X.509 CRL format here.');
415	3a9f3078	Stephen Beaver
416	f9ee8994	Stephen Beaver	$form->add($section);
417	3a9f3078	Stephen Beaver
418	f9ee8994	Stephen Beaver	$section = new Form_Section('Internal Certificate Revocation List');
419			$section->addClass('internal');
420	3a9f3078	Stephen Beaver
421	f9ee8994	Stephen Beaver	$section->addInput(new Form_Input(
422			'lifetime',
423			'Lifetime (Days)',
424			'number',
425			$pconfig['lifetime'],
426			[max => '9999']
427			));
428	3a9f3078	Stephen Beaver
429	f9ee8994	Stephen Beaver	$section->addInput(new Form_Input(
430			'serial',
431			'Serial',
432			'number',
433			$pconfig['serial'],
434	3a9f3078	Stephen Beaver	[min => '0', max => '9999']
435	f9ee8994	Stephen Beaver	));
436	3a9f3078	Stephen Beaver
437			$form->add($section);
438
439	f9ee8994	Stephen Beaver	if (isset($id) && $thiscrl) {
440			$section->addInput(new Form_Input(
441			'id',
442			null,
443			'hidden',
444			$id
445	3a9f3078	Stephen Beaver	));
446	f9ee8994	Stephen Beaver	}
447	3a9f3078	Stephen Beaver
448	f9ee8994	Stephen Beaver	print($form);
449
450			} elseif ($act == "editimported") {
451	3a9f3078	Stephen Beaver
452	f9ee8994	Stephen Beaver	$form = new Form();
453	3a9f3078	Stephen Beaver
454			$section = new Form_Section('Edit Imported Certificate Revocation List');
455
456	f9ee8994	Stephen Beaver	$section->addInput(new Form_Input(
457			'descr',
458			'Descriptive name',
459			'text',
460			$pconfig['descr']
461			));
462	3a9f3078	Stephen Beaver
463	f9ee8994	Stephen Beaver	$section->addInput(new Form_Textarea(
464			'crltext',
465			'CRL data',
466			$pconfig['crltext']
467			))->setHelp('Paste a Certificate Revocation List in X.509 CRL format here.');
468	3a9f3078	Stephen Beaver
469	f9ee8994	Stephen Beaver	$section->addInput(new Form_Input(
470			'id',
471			null,
472			'hidden',
473			$id
474			));
475	3a9f3078	Stephen Beaver
476	f9ee8994	Stephen Beaver	$section->addInput(new Form_Input(
477			'act',
478			null,
479			'hidden',
480			'editimported'
481			));
482	3a9f3078	Stephen Beaver
483	f9ee8994	Stephen Beaver	$form->add($section);
484	3a9f3078	Stephen Beaver
485	f9ee8994	Stephen Beaver	print($form);
486	3a9f3078	Stephen Beaver
487	f9ee8994	Stephen Beaver	} elseif ($act == "edit") {
488			$crl = $thiscrl;
489	3a9f3078	Stephen Beaver
490	f9ee8994	Stephen Beaver	$form = new Form(false);
491	81bfb231	jim-p	?>
492	3a9f3078	Stephen Beaver
493	f9ee8994	Stephen Beaver	<div class="panel panel-default">
494			<div class="panel-heading"><h2 class="panel-title"><?=gettext("Currently Revoked Certificates for CRL") . ': ' . $crl['descr']?></h2></div>
495			<div class="panel-body table-responsive">
496	3a9f3078	Stephen Beaver	<?php
497	78863416	Phil Davis	if (!is_array($crl['cert']) \|\| (count($crl['cert']) == 0)) {
498	f9ee8994	Stephen Beaver	print_info_box(gettext("No Certificates Found for this CRL."), 'danger');
499	78863416	Phil Davis	} else {
500	3a9f3078	Stephen Beaver	?>
501	f9ee8994	Stephen Beaver	<table class="table table-striped table-hover table-condensed">
502			<thead>
503	fc54f29b	jim-p	<tr>
504	f9ee8994	Stephen Beaver	<th><?=gettext("Certificate Name")?></th>
505			<th><?=gettext("Revocation Reason")?></th>
506			<th><?=gettext("Revoked At")?></th>
507			<th></th>
508	28ff7ace	jim-p	</tr>
509	f9ee8994	Stephen Beaver	</thead>
510			<tbody>
511	3a9f3078	Stephen Beaver	<?php
512	78863416	Phil Davis	foreach ($crl['cert'] as $i => $cert):
513	f9ee8994	Stephen Beaver	$name = htmlspecialchars($cert['descr']);
514			?>
515	28ff7ace	jim-p	<tr>
516			<td class="listlr">
517	f9ee8994	Stephen Beaver	<?=$name; ?>
518	28ff7ace	jim-p	</td>
519	fc54f29b	jim-p	<td class="listlr">
520	f9ee8994	Stephen Beaver	<?=$openssl_crl_status[$cert["reason"]]; ?>
521	fc54f29b	jim-p	</td>
522			<td class="listlr">
523	f9ee8994	Stephen Beaver	<?=date("D M j G:i:s T Y", $cert["revoke_time"]); ?>
524	fc54f29b	jim-p	</td>
525	28ff7ace	jim-p	<td class="list">
526	f9ee8994	Stephen Beaver	<a href="system_crlmanager.php?act=delcert&id=<?=$crl['refid']; ?>&certref=<?=$cert['refid']; ?>" onclick="return confirm('<?=gettext("Do you really want to delete this Certificate from the CRL?")?>')">
527	7ea65674	Jared Dillard	<i class="fa fa-times-circle" title="<?=gettext("Delete this certificate from the CRL ")?>" alt="<?=gettext("Delete this certificate from the CRL ")?>"></i>
528	28ff7ace	jim-p	</a>
529			</td>
530			</tr>
531	f9ee8994	Stephen Beaver	<?php
532			endforeach;
533			?>
534			</tbody>
535			</table>
536	f6fac5ac	Phil Davis	<?php
537			}
538			?>
539	f9ee8994	Stephen Beaver	</div>
540			</div>
541			<?php
542
543			$ca_certs = array();
544	78863416	Phil Davis	foreach ($a_cert as $cert) {
545			if ($cert['caref'] == $crl['caref']) {
546	f9ee8994	Stephen Beaver	$ca_certs[] = $cert;
547	78863416	Phil Davis	}
548			}
549	3a9f3078	Stephen Beaver
550	f6fac5ac	Phil Davis	if (count($ca_certs) == 0) {
551	f9ee8994	Stephen Beaver	print_info_box(gettext("No Certificates Found for this CA."), 'danger');
552	f6fac5ac	Phil Davis	} else {
553			$section = new Form_Section('Choose a certificate to revoke');
554			$group = new Form_Group(null);
555	3a9f3078	Stephen Beaver
556	f6fac5ac	Phil Davis	$group->add(new Form_Select(
557			'certref',
558			null,
559			$pconfig['certref'],
560			build_cacert_list()
561			))->setWidth(4)->setHelp('Certificate');
562	3a9f3078	Stephen Beaver
563	f6fac5ac	Phil Davis	$group->add(new Form_Select(
564			'crlreason',
565			null,
566			-1,
567			$openssl_crl_status
568			))->setHelp('Reason');
569	3a9f3078	Stephen Beaver
570	f6fac5ac	Phil Davis	$group->add(new Form_Button(
571			'submit',
572			'Add'
573			))->removeClass('btn-primary')->addClass('btn-success btn-sm');
574	3a9f3078	Stephen Beaver
575	f6fac5ac	Phil Davis	$section->add($group);
576	3a9f3078	Stephen Beaver
577	f6fac5ac	Phil Davis	$section->addInput(new Form_Input(
578			'id',
579			null,
580			'hidden',
581			$crl['refid']
582			));
583	3a9f3078	Stephen Beaver
584	f6fac5ac	Phil Davis	$section->addInput(new Form_Input(
585			'act',
586			null,
587			'hidden',
588			'addcert'
589			));
590	3a9f3078	Stephen Beaver
591	f6fac5ac	Phil Davis	$section->addInput(new Form_Input(
592			'crlref',
593			null,
594			'hidden',
595			$crl['refid']
596			));
597	3a9f3078	Stephen Beaver
598	f6fac5ac	Phil Davis	$form->add($section);
599			}
600	3a9f3078	Stephen Beaver
601	f9ee8994	Stephen Beaver	print($form);
602			} else {
603			?>
604
605			<div class="panel panel-default">
606			<div class="panel-heading"><h2 class="panel-title"><?=gettext("Additional Certificate Revocation Lists")?></h2></div>
607			<div class="panel-body table-responsive">
608			<table class="table table-striped table-hover table-condensed">
609			<thead>
610	0d15afff	Colin Fleming	<tr>
611	f9ee8994	Stephen Beaver	<th><?=gettext("Name")?></th>
612			<th><?=gettext("Internal")?></th>
613			<th><?=gettext("Certificates")?></th>
614			<th><?=gettext("In Use")?></th>
615			<th></th>
616	0d15afff	Colin Fleming	</tr>
617	f9ee8994	Stephen Beaver	</thead>
618			<tbody>
619			<?php
620			// Map CRLs to CAs in one pass
621			$ca_crl_map = array();
622	78863416	Phil Davis	foreach ($a_crl as $crl) {
623	f9ee8994	Stephen Beaver	$ca_crl_map[$crl['caref']][] = $crl['refid'];
624	78863416	Phil Davis	}
625	f9ee8994	Stephen Beaver
626			$i = 0;
627	78863416	Phil Davis	foreach ($a_ca as $ca):
628	f9ee8994	Stephen Beaver	$name = htmlspecialchars($ca['descr']);
629
630	78863416	Phil Davis	if ($ca['prv']) {
631	f9ee8994	Stephen Beaver	$cainternal = "YES";
632	78863416	Phil Davis	} else {
633	f9ee8994	Stephen Beaver	$cainternal = "NO";
634	78863416	Phil Davis	}
635	3a9f3078	Stephen Beaver	?>
636	81bfb231	jim-p	<tr>
637	f9ee8994	Stephen Beaver	<td colspan="4">
638			<?=$name?>
639	81bfb231	jim-p	</td>
640	f9ee8994	Stephen Beaver	<td>
641	3a9f3078	Stephen Beaver	<?php
642	78863416	Phil Davis	if ($cainternal == "YES"):
643			?>
644	f9ee8994	Stephen Beaver	<a href="system_crlmanager.php?act=new&caref=<?=$ca['refid']; ?>" class="btn btn-xs btn-success">
645	c4e97dbe	Chris Buechler	<?=gettext("Add or Import CRL")?>
646	44bcc1be	jim-p	</a>
647	3a9f3078	Stephen Beaver	<?php
648	78863416	Phil Davis	else:
649			?>
650	f9ee8994	Stephen Beaver	<a href="system_crlmanager.php?act=new&caref=<?=$ca['refid']; ?>&importonly=yes" class="btn btn-xs btn-success">
651	c4e97dbe	Chris Buechler	<?=gettext("Add or Import CRL")?>
652	3a9f3078	Stephen Beaver	</a>
653			<?php
654	78863416	Phil Davis	endif;
655			?>
656	81bfb231	jim-p	</td>
657			</tr>
658	f9ee8994	Stephen Beaver	<?php
659			if (is_array($ca_crl_map[$ca['refid']])):
660	78863416	Phil Davis	foreach ($ca_crl_map[$ca['refid']] as $crl):
661	f9ee8994	Stephen Beaver	$tmpcrl = lookup_crl($crl);
662			$internal = is_crl_internal($tmpcrl);
663			$inuse = crl_in_use($tmpcrl['refid']);
664			?>
665	81bfb231	jim-p	<tr>
666	f9ee8994	Stephen Beaver	<td><?=$tmpcrl['descr']; ?></td>
667			<td><?=($internal) ? "YES" : "NO"; ?></td>
668			<td><?=($internal) ? count($tmpcrl['cert']) : "Unknown (imported)"; ?></td>
669			<td><?=($inuse) ? "YES" : "NO"; ?></td>
670			<td>
671			<a href="system_crlmanager.php?act=exp&id=<?=$tmpcrl['refid']?>" class="btn btn-xs btn-success">
672	97d27a2e	Chris Buechler	<?=gettext("Export CRL")?>
673	81bfb231	jim-p	</a>
674	3a9f3078	Stephen Beaver	<?php
675	f9ee8994	Stephen Beaver	if ($internal): ?>
676			<a href="system_crlmanager.php?act=edit&id=<?=$tmpcrl['refid']?>" class="btn btn-xs btn-info">
677			<?=gettext("Edit CRL")?>
678	28ff7ace	jim-p	</a>
679	3a9f3078	Stephen Beaver	<?php
680	78863416	Phil Davis	else:
681			?>
682	f9ee8994	Stephen Beaver	<a href="system_crlmanager.php?act=editimported&id=<?=$tmpcrl['refid']?>" class="btn btn-xs btn-info">
683			<?=gettext("Edit CRL")?>
684	6f3d3a07	jim-p	</a>
685	3a9f3078	Stephen Beaver	<?php endif;
686	78863416	Phil Davis	if (!$inuse):
687			?>
688	f9ee8994	Stephen Beaver	<a href="system_crlmanager.php?act=del&id=<?=$tmpcrl['refid']?>" class="btn btn-xs btn-danger">
689			<?=gettext("Delete CRL")?>
690	81bfb231	jim-p	</a>
691	3a9f3078	Stephen Beaver	<?php
692	78863416	Phil Davis	endif;
693			?>
694	81bfb231	jim-p	</td>
695			</tr>
696	f9ee8994	Stephen Beaver	<?php
697			$i++;
698			endforeach;
699			endif;
700			$i++;
701			endforeach;
702	3a9f3078	Stephen Beaver	?>
703	f9ee8994	Stephen Beaver	</tbody>
704			</table>
705			</div>
706			</div>
707	3a9f3078	Stephen Beaver
708
709			<?php
710	f9ee8994	Stephen Beaver	}
711			?>
712	81bfb231	jim-p
713	f9ee8994	Stephen Beaver	<script>
714	3a9f3078	Stephen Beaver	//<![CDATA[
715	78863416	Phil Davis	events.push(function() {
716	3a9f3078	Stephen Beaver
717			// Hides all elements of the specified class. This will usually be a section or group
718			function hideClass(s_class, hide) {
719	78863416	Phil Davis	if (hide) {
720	3a9f3078	Stephen Beaver	$('.' + s_class).hide();
721	78863416	Phil Davis	} else {
722	3a9f3078	Stephen Beaver	$('.' + s_class).show();
723	78863416	Phil Davis	}
724	3a9f3078	Stephen Beaver	}
725
726			// When the 'method" selector is changed, we show/hide certain sections
727			$('#method').on('change', function() {
728			hideClass('internal', ($('#method').val() == 'existing'));
729			hideClass('existing', ($('#method').val() == 'internal'));
730			});
731
732	f9ee8994	Stephen Beaver	hideClass('internal', ($('#method').val() == 'existing'));
733			hideClass('existing', ($('#method').val() == 'internal'));
734			});
735	3a9f3078	Stephen Beaver	//]]>
736	81bfb231	jim-p	</script>
737
738	f9ee8994	Stephen Beaver	<?php include("foot.inc");

Project

General

Profile

pfSense