system_crlmanager.php 27 KB
Newer Older
Ad Schellevis's avatar
Ad Schellevis committed
1 2
<?php
/*
3
	Copyright (C) 2014-2015 Deciso B.V.
Ad Schellevis's avatar
Ad Schellevis committed
4 5
	Copyright (C) 2010 Jim Pingle
	All rights reserved.
6

Ad Schellevis's avatar
Ad Schellevis committed
7 8
	Redistribution and use in source and binary forms, with or without
	modification, are permitted provided that the following conditions are met:
9

Ad Schellevis's avatar
Ad Schellevis committed
10 11
	1. Redistributions of source code must retain the above copyright notice,
	this list of conditions and the following disclaimer.
12

Ad Schellevis's avatar
Ad Schellevis committed
13 14 15
	2. Redistributions in binary form must reproduce the above copyright
	notice, this list of conditions and the following disclaimer in the
	documentation and/or other materials provided with the distribution.
16

Ad Schellevis's avatar
Ad Schellevis committed
17 18 19 20 21 22 23 24 25 26 27 28
	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
	INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
	AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
	AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
	OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
	SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
	INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
	CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
	ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
	POSSIBILITY OF SUCH DAMAGE.
*/

29
require_once("guiconfig.inc");
Ad Schellevis's avatar
Ad Schellevis committed
30 31
require_once('openvpn.inc');

32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63
function openvpn_refresh_crls() {
	global $g, $config;

	openvpn_create_dirs();

	if (isset($config['openvpn']['openvpn-server']) && is_array($config['openvpn']['openvpn-server'])) {
		foreach ($config['openvpn']['openvpn-server'] as $settings) {
			if (empty($settings))
				continue;
			if (isset($settings['disable']))
				continue;
			// Write the settings for the keys
			switch($settings['mode']) {
				case 'p2p_tls':
				case 'server_tls':
				case 'server_tls_user':
				case 'server_user':
					if (!empty($settings['crlref'])) {
						$crl = lookup_crl($settings['crlref']);
						crl_update($crl);
						$fpath = "/var/etc/openvpn/server{$settings['vpnid']}.crl-verify";
						file_put_contents($fpath, base64_decode($crl['text']));
						@chmod($fpath, 0644);
					}
					break;
			}
		}
	}
}



64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89
function cert_unrevoke($cert, & $crl) {
	global $config;
	if (!is_crl_internal($crl))
		return false;
	foreach ($crl['cert'] as $id => $rcert) {
		if (($rcert['refid'] == $cert['refid']) || ($rcert['descr'] == $cert['descr'])) {
			unset($crl['cert'][$id]);
			if (count($crl['cert']) == 0) {
				// Protect against accidentally switching the type to imported, for older CRLs
				if (!isset($crl['method']))
					$crl['method'] = "internal";
				crl_update($crl);
			} else
				crl_update($crl);
			return true;
		}
	}
	return false;
}

// Keep this general to allow for future expansion. See cert_in_use() above.
function crl_in_use($crlref) {
	return (is_openvpn_server_crl($crlref));
}


Ad Schellevis's avatar
Ad Schellevis committed
90 91 92 93 94
global $openssl_crl_status;

$pgtitle = array(gettext("System"), gettext("Certificate Revocation List Manager"));

$crl_methods = array(
95 96
    "internal" => gettext("Create an internal Certificate Revocation List"),
    "existing" => gettext("Import an existing Certificate Revocation List"));
Ad Schellevis's avatar
Ad Schellevis committed
97

98
if (isset($_GET['id']) && ctype_alnum($_GET['id'])) {
99
    $id = $_GET['id'];
100
} elseif (isset($_POST['id']) && ctype_alnum($_POST['id'])) {
101 102
    $id = $_POST['id'];
}
Ad Schellevis's avatar
Ad Schellevis committed
103

104 105 106
if (!is_array($config['ca'])) {
    $config['ca'] = array();
}
Ad Schellevis's avatar
Ad Schellevis committed
107 108 109

$a_ca =& $config['ca'];

110 111 112
if (!is_array($config['cert'])) {
    $config['cert'] = array();
}
Ad Schellevis's avatar
Ad Schellevis committed
113 114 115

$a_cert =& $config['cert'];

116
if (!isset($config['crl']) || !is_array($config['crl'])) {
117 118
    $config['crl'] = array();
}
Ad Schellevis's avatar
Ad Schellevis committed
119 120 121

$a_crl =& $config['crl'];

122 123 124 125 126
foreach ($a_crl as $cid => $acrl) {
    if (!isset($acrl['refid'])) {
        unset ($a_crl[$cid]);
    }
}
Ad Schellevis's avatar
Ad Schellevis committed
127

128 129 130 131 132
$act=null;
if (isset($_GET['act'])) {
	$act = $_GET['act'];
} elseif (isset($_POST['act'])) {
	$act = $_POST['act'];
133
}
Ad Schellevis's avatar
Ad Schellevis committed
134

135 136 137
if (!empty($id)) {
    $thiscrl =& lookup_crl($id);
}
Ad Schellevis's avatar
Ad Schellevis committed
138 139

// If we were given an invalid crlref in the id, no sense in continuing as it would only cause errors.
140
if (!isset($thiscrl) && (($act != "") && ($act != "new"))) {
141 142 143
    redirectHeader("system_crlmanager.php");
    $act="";
    $savemsg = gettext("Invalid CRL reference.");
Ad Schellevis's avatar
Ad Schellevis committed
144 145 146
}

if ($act == "del") {
147 148 149 150 151 152 153 154 155 156 157 158
    $name = $thiscrl['descr'];
    if (crl_in_use($id)) {
        $savemsg = sprintf(gettext("Certificate Revocation List %s is in use and cannot be deleted"), $name) . "<br />";
    } else {
        foreach ($a_crl as $cid => $acrl) {
            if ($acrl['refid'] == $thiscrl['refid']) {
                unset($a_crl[$cid]);
            }
        }
        write_config("Deleted CRL {$name}.");
        $savemsg = sprintf(gettext("Certificate Revocation List %s successfully deleted"), $name) . "<br />";
    }
Ad Schellevis's avatar
Ad Schellevis committed
159 160 161
}

if ($act == "new") {
162 163
    if (isset($_GET['method'])) {
        $pconfig['method'] = $_GET['method'];
164
    } else {
165 166 167 168 169 170 171
        $pconfig['method'] = null;
    }
    if (isset($_GET['caref'])) {
        $pconfig['caref'] = $_GET['caref'];
    } else {
        $pconfig['caref'] = null;
    }
172 173
    $pconfig['lifetime'] = "9999";
    $pconfig['serial'] = "0";
Ad Schellevis's avatar
Ad Schellevis committed
174 175 176
}

if ($act == "exp") {
177 178 179 180 181 182 183 184 185 186
    crl_update($thiscrl);
    $exp_name = urlencode("{$thiscrl['descr']}.crl");
    $exp_data = base64_decode($thiscrl['text']);
    $exp_size = strlen($exp_data);

    header("Content-Type: application/octet-stream");
    header("Content-Disposition: attachment; filename={$exp_name}");
    header("Content-Length: $exp_size");
    echo $exp_data;
    exit;
Ad Schellevis's avatar
Ad Schellevis committed
187 188 189
}

if ($act == "addcert") {
190
    if ($_POST) {
191
        $input_errors = array();
192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213
        $pconfig = $_POST;

        if (!$pconfig['crlref'] || !$pconfig['certref']) {
            redirectHeader("system_crlmanager.php");
            exit;
        }

        // certref, crlref
        $crl =& lookup_crl($pconfig['crlref']);
        $cert = lookup_cert($pconfig['certref']);

        if (!$crl['caref'] || !$cert['caref']) {
            $input_errors[] = gettext("Both the Certificate and CRL must be specified.");
        }

        if ($crl['caref'] != $cert['caref']) {
            $input_errors[] = gettext("CA mismatch between the Certificate and CRL. Unable to Revoke.");
        }
        if (!is_crl_internal($crl)) {
            $input_errors[] = gettext("Cannot revoke certificates for an imported/external CRL.");
        }

214
        if (!count($input_errors)) {
215 216 217 218 219 220 221 222
            $reason = (empty($pconfig['crlreason'])) ? OCSP_REVOKED_STATUS_UNSPECIFIED : $pconfig['crlreason'];
            cert_revoke($cert, $crl, $reason);
            openvpn_refresh_crls();
            write_config("Revoked cert {$cert['descr']} in CRL {$crl['descr']}.");
            redirectHeader("system_crlmanager.php");
            exit;
        }
    }
Ad Schellevis's avatar
Ad Schellevis committed
223 224 225
}

if ($act == "delcert") {
226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249
    if (!is_array($thiscrl['cert'])) {
        redirectHeader("system_crlmanager.php");
        exit;
    }
    $found = false;
    foreach ($thiscrl['cert'] as $acert) {
        if ($acert['refid'] == $_GET['certref']) {
            $found = true;
            $thiscert = $acert;
        }
    }
    if (!$found) {
        redirectHeader("system_crlmanager.php");
        exit;
    }
    $name = $thiscert['descr'];
    if (cert_unrevoke($thiscert, $thiscrl)) {
        $savemsg = sprintf(gettext("Deleted Certificate %s from CRL %s"), $name, $thiscrl['descr']) . "<br />";
        openvpn_refresh_crls();
        write_config(sprintf(gettext("Deleted Certificate %s from CRL %s"), $name, $thiscrl['descr']));
    } else {
        $savemsg = sprintf(gettext("Failed to delete Certificate %s from CRL %s"), $name, $thiscrl['descr']) . "<br />";
    }
    $act="edit";
Ad Schellevis's avatar
Ad Schellevis committed
250 251 252
}

if ($_POST) {
253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271
    unset($input_errors);
    $pconfig = $_POST;

    /* input validation */
    if (($pconfig['method'] == "existing") || ($act == "editimported")) {
        $reqdfields = explode(" ", "descr crltext");
        $reqdfieldsn = array(
                gettext("Descriptive name"),
                gettext("Certificate Revocation List data"));
    }
    if ($pconfig['method'] == "internal") {
        $reqdfields = explode(
            " ",
            "descr caref"
        );
        $reqdfieldsn = array(
                gettext("Descriptive name"),
                gettext("Certificate Authority"));
    }
Ad Schellevis's avatar
Ad Schellevis committed
272

273
    do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors);
Ad Schellevis's avatar
Ad Schellevis committed
274

275 276 277 278 279
    /* if this is an AJAX caller then handle via JSON */
    if (isAjax() && is_array($input_errors)) {
        input_errors2Ajax($input_errors);
        exit;
    }
Ad Schellevis's avatar
Ad Schellevis committed
280

281 282 283 284
    /* save modifications */
    if (!$input_errors) {
        $result = false;

285
        if (isset($thiscrl)) {
286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307
            $crl =& $thiscrl;
        } else {
            $crl = array();
            $crl['refid'] = uniqid();
        }

        $crl['descr'] = $pconfig['descr'];
        if ($act != "editimported") {
            $crl['caref'] = $pconfig['caref'];
            $crl['method'] = $pconfig['method'];
        }

        if (($pconfig['method'] == "existing") || ($act == "editimported")) {
            $crl['text'] = base64_encode($pconfig['crltext']);
        }

        if ($pconfig['method'] == "internal") {
            $crl['serial'] = empty($pconfig['serial']) ? 9999 : $pconfig['serial'];
            $crl['lifetime'] = empty($pconfig['lifetime']) ? 9999 : $pconfig['lifetime'];
            $crl['cert'] = array();
        }

308
        if (!isset($thiscrl)) {
309 310 311 312 313 314 315
            $a_crl[] = $crl;
        }

        write_config("Saved CRL {$crl['descr']}");
        openvpn_refresh_crls();
        redirectHeader("system_crlmanager.php");
    }
Ad Schellevis's avatar
Ad Schellevis committed
316 317 318 319 320
}

include("head.inc");
?>

321
<body>
322 323 324
    <?php include("fbegin.inc"); ?>
    <script type="text/javascript">
    //<![CDATA[
325

326
    function method_change() {
327 328 329 330 331 332 333 334 335 336 337 338 339

	method = document.iform.method.value;

	switch (method) {
		case "internal":
			document.getElementById("existing").style.display="none";
			document.getElementById("internal").style.display="";
			break;
		case "existing":
			document.getElementById("existing").style.display="";
			document.getElementById("internal").style.display="none";
			break;
	}
340
    }
341

342 343 344 345 346 347 348
    //]]>
    </script>


<!-- row -->
<section class="page-content-main">
	<div class="container-fluid">
349

350 351
        <div class="row">
            <?php
352
            if (isset($input_errors) && count($input_errors) > 0) {
353 354
                print_input_errors($input_errors);
            }
355
            if (isset($savemsg)) {
356 357
                print_info_box($savemsg);
            }
358 359
            ?>
            <section class="col-xs-12">
360

361
                <? include('system_certificates_tabs.inc'); ?>
362

363
                <div class="content-box tab-content">
Ad Schellevis's avatar
Ad Schellevis committed
364

365
				<?php if ($act == "new" || $act == gettext("Save") || (isset($input_errors) && count($input_errors)) ) :
366
?>
Ad Schellevis's avatar
Ad Schellevis committed
367

368 369
				<form action="system_crlmanager.php" method="post" name="iform" id="iform">
					<table width="100%" border="0" cellpadding="6" cellspacing="0" summary="main area" class="table table-striped">
370 371
						<?php if (!isset($id)) :
?>
372 373 374 375 376
						<tr>
							<td width="22%" valign="top" class="vncellreq"><?=gettext("Method");?></td>
							<td width="78%" class="vtable">
								<select name='method' id='method' class="formselect" onchange='method_change()'>
								<?php
377 378
                                    $rowIndex = 0;
                                foreach ($crl_methods as $method => $desc) :
379
                                    if (isset($_GET['importonly']) && ($_GET['importonly'] == "yes") && ($method != "existing")) {
380 381 382
                                        continue;
                                    }
                                    $selected = "";
383
                                    if (isset($pconfig['method']) && $pconfig['method'] == $method) {
384 385 386 387 388 389 390 391 392 393 394 395 396
                                        $selected = "selected=\"selected\"";
                                    }
                                    $rowIndex++;
                                ?>
                                <option value="<?=$method;
?>" <?=$selected;
?>><?=$desc;?></option>
								<?php
                                endforeach;
                                if ($rowIndex == 0) {
                                    echo "<option></option>";
                                }
                                ?>
397 398 399
								</select>
							</td>
						</tr>
400 401
						<?php
endif; ?>
402 403 404
						<tr>
							<td width="22%" valign="top" class="vncellreq"><?=gettext("Descriptive name");?></td>
							<td width="78%" class="vtable">
405
								<input name="descr" type="text" class="formfld unknown" id="descr" size="20" value="<?php if (isset($pconfig['descr'])) echo htmlspecialchars($pconfig['descr']);?>"/>
406 407 408 409 410 411 412
							</td>
						</tr>
						<tr>
							<td width="22%" valign="top" class="vncellreq"><?=gettext("Certificate Authority");?></td>
							<td width="78%" class="vtable">
								<select name='caref' id='caref' class="formselect">
								<?php
413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429
                                    $rowIndex = 0;
                                foreach ($a_ca as $ca) :
                                    $selected = "";
                                    if ($pconfig['caref'] == $ca['refid']) {
                                        $selected = "selected=\"selected\"";
                                    }
                                    $rowIndex++;
                                ?>
                                <option value="<?=$ca['refid'];
?>" <?=$selected;
?>><?=$ca['descr'];?></option>
								<?php
                                endforeach;
                                if ($rowIndex == 0) {
                                    echo "<option></option>";
                                }
                                ?>
430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446
								</select>
							</td>
						</tr>
					</table>

					<table width="100%" border="0" cellpadding="6" cellspacing="0" id="existing" summary="existing" class="table table-striped">
						<thead>
							<tr>
								<th colspan="2" valign="top" class="listtopic"><?=gettext("Existing Certificate Revocation List");?></th>
							</tr>
						</thead>

						<tbody>

							<tr>
								<td width="22%" valign="top" class="vncellreq"><?=gettext("CRL data");?></td>
								<td width="78%" class="vtable">
447
									<textarea name="crltext" id="crltext" cols="65" rows="7" class="formfld_crl"><?php if (isset($pconfig['crltext'])) echo $pconfig['crltext'];?></textarea>
448 449 450 451 452 453 454 455 456
									<br />
									<?=gettext("Paste a Certificate Revocation List in X.509 CRL format here.");?>
								</td>
							</tr>

						</tbody>
					</table>

					<table width="100%" border="0" cellpadding="6" cellspacing="0" id="internal" summary="internal" class="table table-striped">
457
                            <thead>
458 459 460
							<tr>
								<th colspan="2" valign="top" class="listtopic"><?=gettext("Internal Certificate Revocation List");?></th>
							</tr>
461
                            </thead>
462

463
                            <tbody>
464
                                <tr>
465 466 467 468 469 470 471 472 473 474 475 476 477 478 479
								<td width="22%" valign="top" class="vncellreq"><?=gettext("Lifetime");?></td>
								<td width="78%" class="vtable">
									<input name="lifetime" type="text" class="formfld unknown" id="lifetime" size="5" value="<?=htmlspecialchars($pconfig['lifetime']);?>"/>
									<?=gettext("days");?><br />
									<?=gettext("Default: 9999");?>
								</td>
							</tr>
							<tr>
								<td width="22%" valign="top" class="vncellreq"><?=gettext("Serial");?></td>
								<td width="78%" class="vtable">
									<input name="serial" type="text" class="formfld unknown" id="serial" size="5" value="<?=htmlspecialchars($pconfig['serial']);?>"/>
									<br />
									<?=gettext("Default: 0");?>
								</td>
							</tr>
480
					    </tbody>
481 482 483 484 485 486 487
					</table>

					<table width="100%" border="0" cellpadding="6" cellspacing="0" summary="save" class="table table-striped">
						<tr>
							<td width="22%" valign="top">&nbsp;</td>
							<td width="78%">
								<input id="submit" name="save" type="submit" class="btn btn-primary" value="<?=gettext("Save"); ?>" />
488 489
								<?php if (isset($id) && $thiscrl) :
?>
490
								<input name="id" type="hidden" value="<?=htmlspecialchars($id);?>" />
491 492
								<?php
endif;?>
493 494 495 496
							</td>
						</tr>
					</table>
				</form>
497 498 499
				<?php
elseif ($act == "editimported") :
?>
500 501 502 503 504 505 506 507 508 509 510 511 512 513 514 515 516 517 518 519 520 521 522 523 524 525 526 527 528 529 530

				<?php	$crl = $thiscrl; ?>
				<form action="system_crlmanager.php" method="post" name="iform" id="iform" class="table table-striped">
					<table width="100%" border="0" cellpadding="6" cellspacing="0" id="editimported" summary="import">
						<tr>
							<td colspan="2" valign="top" class="listtopic"><?=gettext("Edit Imported Certificate Revocation List");?></td>
						</tr>
						<tr>
							<td width="22%" valign="top" class="vncellreq"><?=gettext("Descriptive name");?></td>
							<td width="78%" class="vtable">
								<input name="descr" type="text" class="formfld unknown" id="descr" size="20" value="<?=htmlspecialchars($crl['descr']);?>"/>
							</td>
						</tr>
						<tr>
							<td width="22%" valign="top" class="vncellreq"><?=gettext("CRL data");?></td>
							<td width="78%" class="vtable">
								<textarea name="crltext" id="crltext" cols="65" rows="7" class="formfld_crl"><?=base64_decode($crl['text']);?></textarea>
								<br />
								<?=gettext("Paste a Certificate Revocation List in X.509 CRL format here.");?></td>
							</td>
						</tr>
						<tr>
							<td width="22%" valign="top">&nbsp;</td>
							<td width="78%">
								<input id="submit" name="save" type="submit" class="formbtn" value="<?=gettext("Save"); ?>" />
								<input name="id" type="hidden" value="<?=htmlspecialchars($id);?>" />
								<input name="act" type="hidden" value="editimported" />
							</td>
						</tr>
					</table>
				</form>
Ad Schellevis's avatar
Ad Schellevis committed
531

532 533 534
				<?php
elseif ($act == "edit") :
?>
535 536 537

				<?php	$crl = $thiscrl; ?>
				<form action="system_crlmanager.php" method="post" name="iform" id="iform">
538
				<table summary="revoke" class="table table-striped">
539 540
					<thead>
					<tr>
541
						<th colspan="4"><b><?php echo gettext("Currently Revoked Certificates for CRL") . ': ' . $crl['descr']; ?></b></th>
542 543
					</tr>
					<tr>
544 545 546 547
						<th><b><?php echo gettext("Certificate Name")?></b></th>
						<th><b><?php echo gettext("Revocation Reason")?></b></th>
						<th><b><?php echo gettext("Revoked At")?></b></th>
						<th></th>
548 549 550
					</tr>
					</thead>
					<tbody>
551
                        <?php /* List Certs on CRL */
552
                        if (!isset($crl['cert']) || !is_array($crl['cert']) || (count($crl['cert']) == 0)) :
553 554 555 556 557 558 559 560 561 562 563 564 565 566
?>
                        <tr>
                            <td colspan="4">
                                <?php echo gettext("No Certificates Found for this CRL."); ?>
                            </td>
                        </tr>
                            <?php
                        else :
                            foreach ($crl['cert'] as $i => $cert) :
                                $name = htmlspecialchars($cert['descr']);
                                ?>
                            <tr>
                                <td>
                                    <?php echo $name; ?>
567
						</td>
568
						<td>
569
            <?php echo $openssl_crl_status[$cert["reason"]]; ?>
570
						</td>
571
						<td>
572
            <?php echo date("D M j G:i:s T Y", $cert["revoke_time"]); ?>
573
						</td>
574
						<td>
575 576 577 578 579
            <a href="system_crlmanager.php?act=delcert&amp;id=<?php echo $crl['refid']; ?>&amp;certref=<?php echo $cert['refid'];
                        ?>" data-toggle="tooltip" data-placement="left" title="<?=gettext("Delete this certificate from the CRL ");
?>" onclick="return confirm('<?=gettext("Do you really want to delete this Certificate from the CRL?");?>')" class="btn btn-default btn-xs">
                <span class="glyphicon glyphicon-remove"></span>
            </a>
580 581 582
						</td>
					</tr>
					<?php
583 584 585
                            endforeach;
                        endif;
                    ?>
586
				<?php /* Drop-down with other certs from this CA. */
587 588 589
                    // Map Certs to CAs in one pass
                    $ca_certs = array();
                foreach ($a_cert as $cert) {
590
                    if (isset($cert['caref']) && isset($crl['caref'])  && $cert['caref'] == $crl['caref']) {
591 592 593 594 595
                        $ca_certs[] = $cert;
                    }
                }
                if (count($ca_certs) == 0) :
?>
596
					<tr>
597 598
						<td colspan="4">
							<?php echo gettext("No Certificates Found for this CA."); ?>
599 600
						</td>
					</tr>
601 602 603
                        <?php
                else :
?>
604 605
                    <tr>
                    <th colspan="4">
606 607 608
			<?=gettext("Revoke a Certificate"); ?>
			</th>
			</tr>
609
					<tr>
610
						<td>
611
							<b><?php echo gettext("Choose a Certificate to Revoke"); ?></b>:
612 613 614
						</td>
						<td colspan="3" align="left">
							<select name='certref' id='certref' class="selectpicker" data-style="btn-default" data-live-search="true">
615
                                <?php $rowIndex = 0;
616 617 618 619 620 621 622 623
                                foreach ($ca_certs as $cert) :
                                    $rowIndex++; ?>
                                    <option value="<?=$cert['refid'];?>"><?=htmlspecialchars($cert['descr'])?></option>
                                        <?php
                                endforeach;
                                if ($rowIndex == 0) {
                                    echo "<option></option>";
                                } ?>
624
							</select>
625 626 627
						</td>
					</tr>
					<tr>
628
						<td>
629
							<b><?php echo gettext("Reason");?></b>:
630 631 632
						</td>
						<td colspan="3" align="left">
							<select name='crlreason' id='crlreason' class="selectpicker" data-style="btn-default">
633
				<?php	$rowIndex = 0;
634 635
                foreach ($openssl_crl_status as $code => $reason) :
                    $rowIndex++; ?>
636
							<option value="<?= $code ?>"><?= htmlspecialchars($reason) ?></option>
637 638 639 640 641
                            <?php
                endforeach;
                if ($rowIndex == 0) {
                    echo "<option></option>";
                } ?>
642
							</select>
643 644 645 646 647
						</td>
					</tr>
					<tr>
						<td></td>
						<td colspan="3" align="left">
648 649 650
							<input name="act" type="hidden" value="addcert" />
							<input name="crlref" type="hidden" value="<?=$crl['refid'];?>" />
							<input name="id" type="hidden" value="<?=$crl['refid'];?>" />
651
							<input id="submit" name="add" type="submit" class="formbtn btn btn-primary" value="<?=gettext("Add"); ?>" />
652 653
						</td>
					</tr>
654 655
                        <?php
                endif; ?>
656 657 658 659
					</tbody>
				</table>
				</form>

660 661 662
				<?php
else :
?>
Ad Schellevis's avatar
Ad Schellevis committed
663

664 665 666 667 668 669 670 671 672 673 674 675 676 677 678 679 680 681 682 683
				<table width="100%" border="0" cellpadding="0" cellspacing="0" summary="ocpms" class="table table-striped">
					<thead>
					<tr>
						<td width="35%" class="listhdrr"><?=gettext("Name");?></td>
						<td width="10%" class="listhdrr"><?=gettext("Internal");?></td>
						<td width="35%" class="listhdrr"><?=gettext("Certificates");?></td>
						<td width="10%" class="listhdrr"><?=gettext("In Use");?></td>
						<td width="10%" class="list"></td>
					</tr>
					</thead>
					<tfoot>
					<tr>
						<td colspan="5">
							<p>
								<?=gettext("Additional Certificate Revocation Lists can be added here.");?>
							</p>
						</td>
					</tr>
					</tfoot>					<tbody>
					<?php
684 685 686 687 688 689 690 691 692 693 694 695 696 697 698 699 700
                        $caimg = "/themes/{$g['theme']}/images/icons/icon_frmfld_cert.png";
                        // Map CRLs to CAs in one pass
                        $ca_crl_map = array();
                    foreach ($a_crl as $crl) {
                        $ca_crl_map[$crl['caref']][] = $crl['refid'];
                    }

                        $i = 0;
                    foreach ($a_ca as $ca) :
                        $name = htmlspecialchars($ca['descr']);

                        if ($ca['prv']) {
                            $cainternal = "YES";
                        } else {
                            $cainternal = "NO";
                        }
                    ?>
701
					<tr>
702 703 704 705 706 707 708 709 710 711 712 713 714 715
                    <td class="listlr" colspan="4">
                        <?=$name;?>
                    </td>
                    <td class="list">
                    <?php if ($cainternal == "YES") :
?>
							<a href="system_crlmanager.php?act=new&amp;caref=<?php echo $ca['refid']; ?>" data-toggle="tooltip" data-placement="left" title="<?php printf(gettext("Add or Import CRL for %s"), $ca['descr']);?>" class="btn btn-default btn-xs"><span class="glyphicon glyphicon-plus"></span></a>
						<?php
else :
?>
							<a href="system_crlmanager.php?act=new&amp;caref=<?php echo $ca['refid']; ?>&amp;importonly=yes" data-toggle="tooltip" data-placement="left" title="<?php printf(gettext("Import CRL for %s"), $ca['descr']);?>" class="btn btn-default btn-xs"><span class="glyphicon glyphicon-plus"></span></a>
						<?php
endif; ?>
                    </td>
716 717
					</tr>

718
                    <?php
719
                    if (isset($ca_crl_map[$ca['refid']]) && is_array($ca_crl_map[$ca['refid']])) :
720 721 722 723 724
                        foreach ($ca_crl_map[$ca['refid']] as $crl) :
                            $tmpcrl = lookup_crl($crl);
                            $internal = is_crl_internal($tmpcrl);
                            $inuse = crl_in_use($tmpcrl['refid']);
                        ?>
725 726 727
					<tr>
						<td class="listlr"><?php echo $tmpcrl['descr']; ?></td>
						<td class="listr"><?php echo ($internal) ? "YES" : "NO"; ?></td>
728
						<td class="listr"><?php echo ($internal) ? (isset($tmpcrl['cert']) && count($tmpcrl['cert'])) : "Unknown (imported)"; ?></td>
729 730
						<td class="listr"><?php echo ($inuse) ? "YES" : "NO"; ?></td>
						<td valign="middle" class="list nowrap">
731 732 733 734 735
                        <a href="system_crlmanager.php?act=exp&amp;id=<?=$tmpcrl['refid'];?>" class="btn btn-default btn-xs">
                            <span class="glyphicon glyphicon-export" data-toggle="tooltip" data-placement="left" title="<?=gettext("Export CRL") . " " . htmlspecialchars($tmpcrl['descr']);?>"></span>
                        </a>
                        <?php if ($internal) :
?>
736 737
							<a href="system_crlmanager.php?act=edit&amp;id=<?=$tmpcrl['refid'];?>" class="btn btn-default btn-xs">
								<span class="glyphicon glyphicon-edit" data-toggle="tooltip" data-placement="left" title="<?=gettext("Edit CRL") . " " . htmlspecialchars($tmpcrl['descr']);?>"></span>
738
				            </a>
739 740 741
							<?php
else :
?>
742 743
							<a href="system_crlmanager.php?act=editimported&amp;id=<?=$tmpcrl['refid'];?>" class="btn btn-default btn-xs">
								<span class="glyphicon glyphicon-edit" data-toggle="tooltip" data-placement="left" title="<?=gettext("Edit CRL") . " " . htmlspecialchars($tmpcrl['descr']);?>"></span>
744
                                </a>
745 746 747 748 749 750
							<?php
endif; ?>
                        <?php if (!$inuse) :
?>
							<a href="system_crlmanager.php?act=del&amp;id=<?=$tmpcrl['refid'];
?>" onclick="return confirm('<?=gettext("Do you really want to delete this Certificate Revocation List?") . ' (' . htmlspecialchars($tmpcrl['descr']) . ')';?>')"  class="btn btn-default btn-xs">
751
								<span class="glyphicon glyphicon-remove" data-toggle="tooltip" data-placement="left" title="<?=gettext("Delete CRL") . " " . htmlspecialchars($tmpcrl['descr']);?>"></span>
752
							</a>
753 754
							<?php
endif; ?>
755 756
						</td>
					</tr>
757 758 759 760 761
						<?php $i++;

                        endforeach;

                    endif; ?>
762
					<tr><td colspan="5">&nbsp;</td></tr>
763 764 765
					<?php $i++;

                    endforeach; ?>
766 767
					</tbody>
				</table>
768

769 770
                <?php
endif; ?>
771 772 773 774 775 776 777

                </div>
            </section>
        </div>
	</div>
</section>

Ad Schellevis's avatar
Ad Schellevis committed
778 779 780 781 782 783
<script type="text/javascript">
//<![CDATA[
method_change();
//]]>
</script>

784
<?php include("foot.inc");