Skip to content

O
OpnSense
Commit 949e6c31 authored by Ad Schellevis's avatar Ad Schellevis Committed by Franco Fichtner
Browse files
Options

(legacy) refactor system_crlmanager.php 

(cherry picked from commit 44d79821)
parent f48c9564
Show whitespace changes
Inline Side-by-side
Showing with 615 additions and 685 deletions
src/www/system_crlmanager.php
View file @ 949e6c31
...@@ -37,10 +37,9 @@ function openvpn_refresh_crls() { ...@@ -37,10 +37,9 @@ function openvpn_refresh_crls() {
if (isset($config['openvpn']['openvpn-server']) && is_array($config['openvpn']['openvpn-server'])) { if (isset($config['openvpn']['openvpn-server']) && is_array($config['openvpn']['openvpn-server'])) {
foreach ($config['openvpn']['openvpn-server'] as $settings) { foreach ($config['openvpn']['openvpn-server'] as $settings) {
if (empty($settings)) if (empty($settings) || isset($settings['disable'])) {
continue;
if (isset($settings['disable']))
continue; continue;
}
// Write the settings for the keys // Write the settings for the keys
switch($settings['mode']) { switch($settings['mode']) {
case 'p2p_tls': case 'p2p_tls':
...@@ -64,114 +63,58 @@ function openvpn_refresh_crls() { ...@@ -64,114 +63,58 @@ function openvpn_refresh_crls() {
function cert_unrevoke($cert, & $crl) { function cert_unrevoke($cert, & $crl) {
global $config; global $config;
if (!is_crl_internal($crl)) if (!is_crl_internal($crl)) {
return false; return false;
}
foreach ($crl['cert'] as $id => $rcert) { foreach ($crl['cert'] as $id => $rcert) {
if (($rcert['refid'] == $cert['refid']) || ($rcert['descr'] == $cert['descr'])) { if (($rcert['refid'] == $cert['refid']) || ($rcert['descr'] == $cert['descr'])) {
unset($crl['cert'][$id]); unset($crl['cert'][$id]);
if (count($crl['cert']) == 0) { if (count($crl['cert']) == 0) {
// Protect against accidentally switching the type to imported, for older CRLs // Protect against accidentally switching the type to imported, for older CRLs
if (!isset($crl['method'])) if (!isset($crl['method'])) {
$crl['method'] = "internal"; $crl['method'] = "internal";
}
crl_update($crl); crl_update($crl);
} else } else {
crl_update($crl); crl_update($crl);
}
return true; return true;
} }
} }
return false; return false;
} }
// openssl_crl_status messages from certs.inc
// Keep this general to allow for future expansion. See cert_in_use() above.
function crl_in_use($crlref) {
return (is_openvpn_server_crl($crlref));
}
global $openssl_crl_status; global $openssl_crl_status;
$crl_methods = array( // prepare config types
"internal" => gettext("Create an internal Certificate Revocation List"), if (!isset($config['ca']) || !is_array($config['ca'])) {
"existing" => gettext("Import an existing Certificate Revocation List"));
if (isset($_GET['id']) && ctype_alnum($_GET['id'])) {
$id = $_GET['id'];
} elseif (isset($_POST['id']) && ctype_alnum($_POST['id'])) {
$id = $_POST['id'];
}
if (!is_array($config['ca'])) {
$config['ca'] = array(); $config['ca'] = array();
} }
if (!isset($config['cert']) || !is_array($config['cert'])) {
$a_ca =& $config['ca'];
if (!is_array($config['cert'])) {
$config['cert'] = array(); $config['cert'] = array();
} }
$a_cert =& $config['cert'];
if (!isset($config['crl']) || !is_array($config['crl'])) { if (!isset($config['crl']) || !is_array($config['crl'])) {
$config['crl'] = array(); $config['crl'] = array();
} }
$a_crl =& $config['crl']; $a_crl =& $config['crl'];
foreach ($a_crl as $cid => $acrl) {
if (!isset($acrl['refid'])) {
unset ($a_crl[$cid]);
}
}
$thiscrl = false;
$act=null; $act=null;
if (isset($_GET['act'])) { if ($_SERVER['REQUEST_METHOD'] === 'GET') {
$act = $_GET['act']; // locate cert by refid, returns false when not found
} elseif (isset($_POST['act'])) { if (isset($_GET['id'])) {
$act = $_POST['act']; $thiscrl =& lookup_crl($_GET['id']);
} if ($thiscrl !== false) {
$id = $_GET['id'];
if (!empty($id)) {
$thiscrl =& lookup_crl($id);
}
// If we were given an invalid crlref in the id, no sense in continuing as it would only cause errors.
if (!isset($thiscrl) && (($act != "") && ($act != "new"))) {
header("Location: system_crlmanager.php");
$act="";
$savemsg = gettext("Invalid CRL reference.");
}
if ($act == "del") {
$name = $thiscrl['descr'];
if (crl_in_use($id)) {
$savemsg = sprintf(gettext("Certificate Revocation List %s is in use and cannot be deleted"), $name) . "<br />";
} else {
foreach ($a_crl as $cid => $acrl) {
if ($acrl['refid'] == $thiscrl['refid']) {
unset($a_crl[$cid]);
} }
} }
write_config("Deleted CRL {$name}."); if (isset($_GET['act'])) {
$savemsg = sprintf(gettext("Certificate Revocation List %s successfully deleted"), $name) . "<br />"; $act = $_GET['act'];
} }
}
if ($act == "new") { if ($act == "exp") {
if (isset($_GET['method'])) {
$pconfig['method'] = $_GET['method'];
} else {
$pconfig['method'] = null;
}
if (isset($_GET['caref'])) {
$pconfig['caref'] = $_GET['caref'];
} else {
$pconfig['caref'] = null;
}
$pconfig['lifetime'] = "9999";
$pconfig['serial'] = "0";
}
if ($act == "exp") {
crl_update($thiscrl); crl_update($thiscrl);
$exp_name = urlencode("{$thiscrl['descr']}.crl"); $exp_name = urlencode("{$thiscrl['descr']}.crl");
$exp_data = base64_decode($thiscrl['text']); $exp_data = base64_decode($thiscrl['text']);
...@@ -182,52 +125,50 @@ if ($act == "exp") { ...@@ -182,52 +125,50 @@ if ($act == "exp") {
header("Content-Length: $exp_size"); header("Content-Length: $exp_size");
echo $exp_data; echo $exp_data;
exit; exit;
} } elseif ($act == "new") {
$pconfig = array();
if ($act == "addcert") { $pconfig['descr'] = null;
if ($_POST) { $pconfig['crltext'] = null;
$input_errors = array(); $pconfig['crlmethod'] = !empty($_GET['method']) ? $_GET['method'] : null;
$pconfig['caref'] = !empty($_GET['caref']) ? $_GET['caref'] : null;
$pconfig['lifetime'] = "9999";
$pconfig['serial'] = "0";
}
} elseif ($_SERVER['REQUEST_METHOD'] === 'POST') {
$pconfig = $_POST; $pconfig = $_POST;
// locate cert by refid, returns false when not found
if (!$pconfig['crlref'] || !$pconfig['certref']) { if (isset($_POST['id'])) {
header("Location: system_crlmanager.php"); $thiscrl =& lookup_crl($_POST['id']);
exit; if ($thiscrl !== false) {
$id = $_POST['id'];
} }
}
// certref, crlref if (isset($_POST['act'])) {
$crl =& lookup_crl($pconfig['crlref']); $act = $_POST['act'];
$cert = lookup_cert($pconfig['certref']);
if (!$crl['caref'] || !$cert['caref']) {
$input_errors[] = gettext("Both the Certificate and CRL must be specified.");
} }
if ($crl['caref'] != $cert['caref']) { if ($act == "del" && isset($id)) {
$input_errors[] = gettext("CA mismatch between the Certificate and CRL. Unable to Revoke."); $name = $thiscrl['descr'];
if (is_openvpn_server_crl($id)) {
$savemsg = sprintf(gettext("Certificate Revocation List %s is in use and cannot be deleted"), $name) . "<br />";
} else {
foreach ($a_crl as $cid => $acrl) {
if ($acrl['refid'] == $thiscrl['refid']) {
unset($a_crl[$cid]);
} }
if (!is_crl_internal($crl)) {
$input_errors[] = gettext("Cannot revoke certificates for an imported/external CRL.");
} }
write_config("Deleted CRL {$name}.");
if (!count($input_errors)) {
$reason = (empty($pconfig['crlreason'])) ? OCSP_REVOKED_STATUS_UNSPECIFIED : $pconfig['crlreason'];
cert_revoke($cert, $crl, $reason);
openvpn_refresh_crls();
write_config("Revoked cert {$cert['descr']} in CRL {$crl['descr']}.");
header("Location: system_crlmanager.php"); header("Location: system_crlmanager.php");
exit; exit;
} }
} } elseif ($act == "delcert" && isset($id)) {
} if (!isset($thiscrl['cert']) || !is_array($thiscrl['cert'])) {
if ($act == "delcert") {
if (!is_array($thiscrl['cert'])) {
header("Location: system_crlmanager.php"); header("Location: system_crlmanager.php");
exit; exit;
} }
$found = false; $found = false;
foreach ($thiscrl['cert'] as $acert) { foreach ($thiscrl['cert'] as $acert) {
if ($acert['refid'] == $_GET['certref']) { if ($acert['refid'] == $pconfig['certref']) {
$found = true; $found = true;
$thiscert = $acert; $thiscert = $acert;
} }
...@@ -238,27 +179,55 @@ if ($act == "delcert") { ...@@ -238,27 +179,55 @@ if ($act == "delcert") {
} }
$name = $thiscert['descr']; $name = $thiscert['descr'];
if (cert_unrevoke($thiscert, $thiscrl)) { if (cert_unrevoke($thiscert, $thiscrl)) {
$savemsg = sprintf(gettext("Deleted Certificate %s from CRL %s"), $name, $thiscrl['descr']) . "<br />";
openvpn_refresh_crls(); openvpn_refresh_crls();
write_config(sprintf(gettext("Deleted Certificate %s from CRL %s"), $name, $thiscrl['descr'])); write_config(sprintf(gettext("Deleted Certificate %s from CRL %s"), $name, $thiscrl['descr']));
header("Location: system_crlmanager.php");
exit;
} else { } else {
$savemsg = sprintf(gettext("Failed to delete Certificate %s from CRL %s"), $name, $thiscrl['descr']) . "<br />"; $savemsg = sprintf(gettext("Failed to delete Certificate %s from CRL %s"), $name, $thiscrl['descr']) . "<br />";
} }
$act="edit"; $act="edit";
} } elseif ($act == "addcert") {
$input_errors = array();
if (!isset($id)) {
header("Location: system_crlmanager.php");
exit;
}
if ($_POST) { // certref, crlref
unset($input_errors); $crl =& lookup_crl($id);
$cert = lookup_cert($pconfig['certref']);
if (empty($crl['caref']) || empty($cert['caref'])) {
$input_errors[] = gettext("Both the Certificate and CRL must be specified.");
}
if ($crl['caref'] != $cert['caref']) {
$input_errors[] = gettext("CA mismatch between the Certificate and CRL. Unable to Revoke.");
}
if (!is_crl_internal($crl)) {
$input_errors[] = gettext("Cannot revoke certificates for an imported/external CRL.");
}
if (!count($input_errors)) {
$reason = (empty($pconfig['crlreason'])) ? OCSP_REVOKED_STATUS_UNSPECIFIED : $pconfig['crlreason'];
cert_revoke($cert, $crl, $reason);
openvpn_refresh_crls();
write_config("Revoked cert {$cert['descr']} in CRL {$crl['descr']}.");
header("Location: system_crlmanager.php");
exit;
}
} else {
$input_errors = array();
$pconfig = $_POST; $pconfig = $_POST;
/* input validation */ /* input validation */
if (($pconfig['method'] == "existing") || ($act == "editimported")) { if (($pconfig['crlmethod'] == "existing") || ($act == "editimported")) {
$reqdfields = explode(" ", "descr crltext"); $reqdfields = explode(" ", "descr crltext");
$reqdfieldsn = array( $reqdfieldsn = array(
gettext("Descriptive name"), gettext("Descriptive name"),
gettext("Certificate Revocation List data")); gettext("Certificate Revocation List data"));
} } elseif ($pconfig['crlmethod'] == "internal") {
if ($pconfig['method'] == "internal") {
$reqdfields = explode( $reqdfields = explode(
" ", " ",
"descr caref" "descr caref"
...@@ -268,366 +237,350 @@ if ($_POST) { ...@@ -268,366 +237,350 @@ if ($_POST) {
gettext("Certificate Authority")); gettext("Certificate Authority"));
} }
do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors); do_input_validation($pconfig, $reqdfields, $reqdfieldsn, $input_errors);
/* save modifications */ /* save modifications */
if (!$input_errors) { if (count($input_errors) == 0) {
$result = false; if (isset($id)) {
if (isset($thiscrl)) {
$crl =& $thiscrl; $crl =& $thiscrl;
} else { } else {
$crl = array(); $crl = array();
$crl['refid'] = uniqid(); $crl['refid'] = uniqid();
} }
$crl['descr'] = $pconfig['descr']; foreach (array("descr", "caref", "crlmethod") as $fieldname) {
if ($act != "editimported") { if (isset($pconfig[$fieldname])) {
$crl['caref'] = $pconfig['caref']; $crl[$fieldname] = $pconfig[$fieldname];
$crl['method'] = $pconfig['method']; }
} }
if (($pconfig['method'] == "existing") || ($act == "editimported")) { if (($pconfig['crlmethod'] == "existing") || ($act == "editimported")) {
$crl['text'] = base64_encode($pconfig['crltext']); $crl['text'] = base64_encode($pconfig['crltext']);
} }
if ($pconfig['method'] == "internal") { if ($pconfig['crlmethod'] == "internal") {
$crl['serial'] = empty($pconfig['serial']) ? 9999 : $pconfig['serial']; $crl['serial'] = empty($pconfig['serial']) ? 9999 : $pconfig['serial'];
$crl['lifetime'] = empty($pconfig['lifetime']) ? 9999 : $pconfig['lifetime']; $crl['lifetime'] = empty($pconfig['lifetime']) ? 9999 : $pconfig['lifetime'];
$crl['cert'] = array(); $crl['cert'] = array();
} }
if (!isset($thiscrl)) { if (!isset($id)) {
$a_crl[] = $crl; $a_crl[] = $crl;
} }
write_config("Saved CRL {$crl['descr']}"); write_config("Saved CRL {$crl['descr']}");
openvpn_refresh_crls(); openvpn_refresh_crls();
header("Location: system_crlmanager.php"); header("Location: system_crlmanager.php");
exit;
} }
}
} }
legacy_html_escape_form_data($pconfig);
legacy_html_escape_form_data($thiscrl);
include("head.inc"); include("head.inc");
?> ?>
<body> <body>
<?php include("fbegin.inc"); ?>
<script type="text/javascript"> <script type="text/javascript">
//<![CDATA[
function method_change() {
method = document.iform.method.value;
switch (method) {
case "internal":
document.getElementById("existing").style.display="none";
document.getElementById("internal").style.display="";
break;
case "existing":
document.getElementById("existing").style.display="";
document.getElementById("internal").style.display="none";
break;
}
}
//]]> $( document ).ready(function() {
// delete cert revocation list
$(".act_delete").click(function(event){
event.preventDefault();
var id = $(this).data('id');
var descr = $(this).data('descr');
BootstrapDialog.show({
type:BootstrapDialog.TYPE_INFO,
title: "<?=gettext("Certificates");?>",
message: "<?=gettext("Do you really want to delete this Certificate Revocation List?");?> (" + descr + ")" ,
buttons: [{
label: "<?=gettext("No");?>",
action: function(dialogRef) {
dialogRef.close();
}}, {
label: "<?=gettext("Yes");?>",
action: function(dialogRef) {
$("#id").val(id);
$("#action").val("del");
$("#iform").submit();
}
}]
});
});
// Delete certificate from CRL
$(".act_delete_cert").click(function(event){
event.preventDefault();
var id = $(this).data('id');
var certref = $(this).data('certref');
BootstrapDialog.show({
type:BootstrapDialog.TYPE_INFO,
title: "<?=gettext("Certificates");?>",
message: "<?=gettext("Delete this certificate from the CRL ");?>",
buttons: [{
label: "<?=gettext("No");?>",
action: function(dialogRef) {
dialogRef.close();
}}, {
label: "<?=gettext("Yes");?>",
action: function(dialogRef) {
$("#id").val(id);
$("#certref").val(certref);
$("#action").val("delcert");
$("#iform").submit();
}
}]
});
});
$("#crlmethod").change(function(){
$("#existing").addClass("hidden");
$("#internal").addClass("hidden");
if ($("#crlmethod").val() == "internal") {
$("#internal").removeClass("hidden");
} else {
$("#existing").removeClass("hidden");
};
});
$("#crlmethod").change();
});
</script> </script>
<?php include("fbegin.inc"); ?>
<!-- row -->
<section class="page-content-main"> <section class="page-content-main">
<div class="container-fluid"> <div class="container-fluid">
<div class="row"> <div class="row">
<?php <?php
if (isset($input_errors) && count($input_errors) > 0) { if (isset($input_errors) && count($input_errors) > 0) {
print_input_errors($input_errors); print_input_errors($input_errors);
} }
if (isset($savemsg)) { if (isset($savemsg)) {
print_info_box($savemsg); print_info_box($savemsg);
} }
?> ?>
<section class="col-xs-12"> <section class="col-xs-12">
<div class="content-box tab-content"> <div class="content-box tab-content">
<?php
<?php if ($act == "new" || $act == gettext("Save") || (isset($input_errors) && count($input_errors)) ) : if ($act == "new") :?>
?> <form method="post" name="iform" id="iform">
<input type="hidden" name="act" id="action" value="<?=$act;?>"/>
<form action="system_crlmanager.php" method="post" name="iform" id="iform"> <table class="table table-striped">
<table width="100%" border="0" cellpadding="6" cellspacing="0" summary="main area" class="table table-striped"> <?php
<?php if (!isset($id)) : if (!isset($id)) :?>
?>
<tr> <tr>
<td width="22%" valign="top" class="vncellreq"><?=gettext("Method");?></td> <td width="22%"><i class="fa fa-info-circle text-muted"></i> <?=gettext("Method");?></td>
<td width="78%" class="vtable"> <td width="78%">
<select name='method' id='method' class="formselect" onchange='method_change()'> <select name="crlmethod" id='crlmethod' class="formselect">
<?php <option value="internal" <?=$pconfig['crlmethod'] == "internal" ? "selected=\"selected\"" : "";?>><?=gettext("Create an internal Certificate Revocation List");?></option>
$rowIndex = 0; <option value="existing" <?=$pconfig['crlmethod'] == "existing" ? "selected=\"selected\"" : "";?>><?=gettext("Import an existing Certificate Revocation List");?></option>
foreach ($crl_methods as $method => $desc) :
if (isset($_GET['importonly']) && ($_GET['importonly'] == "yes") && ($method != "existing")) {
continue;
}
$selected = "";
if (isset($pconfig['method']) && $pconfig['method'] == $method) {
$selected = "selected=\"selected\"";
}
$rowIndex++;
?>
<option value="<?=$method;
?>" <?=$selected;
?>><?=$desc;?></option>
<?php
endforeach;
if ($rowIndex == 0) {
echo "<option></option>";
}
?>
</select> </select>
</td> </td>
</tr> </tr>
<?php <?php
endif; ?> endif; ?>
<tr> <tr>
<td width="22%" valign="top" class="vncellreq"><?=gettext("Descriptive name");?></td> <td><i class="fa fa-info-circle text-muted"></i> <?=gettext("Descriptive name");?></td>
<td width="78%" class="vtable"> <td>
<input name="descr" type="text" class="formfld unknown" id="descr" size="20" value="<?php if (isset($pconfig['descr'])) echo htmlspecialchars($pconfig['descr']);?>"/> <input name="descr" type="text" id="descr" size="20" value="<?=$pconfig['descr'];?>"/>
</td> </td>
</tr> </tr>
<tr> <tr>
<td width="22%" valign="top" class="vncellreq"><?=gettext("Certificate Authority");?></td> <td><i class="fa fa-info-circle text-muted"></i> <?=gettext("Certificate Authority");?></td>
<td width="78%" class="vtable"> <td>
<select name='caref' id='caref' class="formselect"> <select name='caref' id='caref' class="selectpicker">
<?php <?php
$rowIndex = 0; foreach ($config['ca'] as $ca):?>
foreach ($a_ca as $ca) : <option value="<?=$ca['refid'];?>" <?=$pconfig['caref'] == $ca['refid'] ? "selected=\"selected\"" : "";?>>
$selected = ""; <?=htmlentities($ca['descr']);?>
if ($pconfig['caref'] == $ca['refid']) { </option>
$selected = "selected=\"selected\""; <?php
} endforeach;?>
$rowIndex++;
?>
<option value="<?=$ca['refid'];
?>" <?=$selected;
?>><?=$ca['descr'];?></option>
<?php
endforeach;
if ($rowIndex == 0) {
echo "<option></option>";
}
?>
</select> </select>
</td> </td>
</tr> </tr>
</table> </table>
<!-- import existing -->
<table width="100%" border="0" cellpadding="6" cellspacing="0" id="existing" summary="existing" class="table table-striped"> <table id="existing" class="table table-striped">
<thead> <thead>
<tr> <tr>
<th colspan="2" valign="top" class="listtopic"><?=gettext("Existing Certificate Revocation List");?></th> <th colspan="2"><?=gettext("Existing Certificate Revocation List");?></th>
</tr> </tr>
</thead> </thead>
<tbody> <tbody>
<tr> <tr>
<td width="22%" valign="top" class="vncellreq"><?=gettext("CRL data");?></td> <td width="22%"><a id="help_for_crltext" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("CRL data");?></td>
<td width="78%" class="vtable"> <td width="78%">
<textarea name="crltext" id="crltext" cols="65" rows="7" class="formfld_crl"><?php if (isset($pconfig['crltext'])) echo $pconfig['crltext'];?></textarea> <textarea name="crltext" id="crltext" cols="65" rows="7" class="formfld_crl"><?=$pconfig['crltext'];?></textarea>
<br /> <div class="hidden" for="help_for_crltext">
<?=gettext("Paste a Certificate Revocation List in X.509 CRL format here.");?> <?=gettext("Paste a Certificate Revocation List in X.509 CRL format here.");?>
</div>
</td> </td>
</tr> </tr>
</tbody> </tbody>
</table> </table>
<!-- create internal -->
<table width="100%" border="0" cellpadding="6" cellspacing="0" id="internal" summary="internal" class="table table-striped"> <table id="internal" class="table table-striped">
<thead> <thead>
<tr> <tr>
<th colspan="2" valign="top" class="listtopic"><?=gettext("Internal Certificate Revocation List");?></th> <th colspan="2"><?=gettext("Internal Certificate Revocation List");?></th>
</tr> </tr>
</thead> </thead>
<tbody> <tbody>
<tr> <tr>
<td width="22%" valign="top" class="vncellreq"><?=gettext("Lifetime");?></td> <td width="22%"><a id="help_for_lifetime" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Lifetime");?> (<?=gettext("days");?>)</td>
<td width="78%" class="vtable"> <td width="78%">
<input name="lifetime" type="text" class="formfld unknown" id="lifetime" size="5" value="<?=htmlspecialchars($pconfig['lifetime']);?>"/> <input name="lifetime" type="text" id="lifetime" size="5" value="<?=$pconfig['lifetime'];?>"/>
<?=gettext("days");?><br /> <div class="hidden" for="help_for_lifetime">
<?=gettext("Default: 9999");?> <?=gettext("Default: 9999");?>
</div>
</td> </td>
</tr> </tr>
<tr> <tr>
<td width="22%" valign="top" class="vncellreq"><?=gettext("Serial");?></td> <td><a id="help_for_serial" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Serial");?></td>
<td width="78%" class="vtable"> <td>
<input name="serial" type="text" class="formfld unknown" id="serial" size="5" value="<?=htmlspecialchars($pconfig['serial']);?>"/> <input name="serial" type="text" id="serial" size="5" value="<?=$pconfig['serial'];?>"/>
<br /> <div class="hidden" for="help_for_serial">
<?=gettext("Default: 0");?> <?=gettext("Default: 0");?>
</div>
</td> </td>
</tr> </tr>
</tbody> </tbody>
</table> </table>
<table width="100%" border="0" cellpadding="6" cellspacing="0" summary="save" class="table table-striped"> <table class="table table-striped">
<tr> <tr>
<td width="22%" valign="top">&nbsp;</td> <td width="22%">&nbsp;</td>
<td width="78%"> <td width="78%">
<input id="submit" name="save" type="submit" class="btn btn-primary" value="<?=gettext("Save"); ?>" /> <input id="submit" name="save" type="submit" class="btn btn-primary" value="<?=gettext("Save"); ?>" />
<?php if (isset($id) && $thiscrl) : <?php
?> if (isset($id)) :?>
<input name="id" type="hidden" value="<?=htmlspecialchars($id);?>" /> <input name="id" type="hidden" value="<?=$id;?>" />
<?php <?php
endif;?> endif;?>
</td> </td>
</tr> </tr>
</table> </table>
</form> </form>
<?php <?php
elseif ($act == "editimported") : elseif ($act == "editimported") :?>
?> <form method="post" name="iform" id="iform">
<table id="editimported" class="table table-striped">
<?php $crl = $thiscrl; ?>
<form action="system_crlmanager.php" method="post" name="iform" id="iform" class="table table-striped">
<table width="100%" border="0" cellpadding="6" cellspacing="0" id="editimported" summary="import">
<tr> <tr>
<td colspan="2" valign="top" class="listtopic"><?=gettext("Edit Imported Certificate Revocation List");?></td> <th colspan="2"><?=gettext("Edit Imported Certificate Revocation List");?></th>
</tr> </tr>
<tr> <tr>
<td width="22%" valign="top" class="vncellreq"><?=gettext("Descriptive name");?></td> <td width="22%"><i class="fa fa-info-circle text-muted"></i> <?=gettext("Descriptive name");?></td>
<td width="78%" class="vtable"> <td width="78%">
<input name="descr" type="text" class="formfld unknown" id="descr" size="20" value="<?=htmlspecialchars($crl['descr']);?>"/> <input name="descr" type="text" id="descr" size="20" value="<?=$thiscrl['descr'];?>"/>
</td> </td>
</tr> </tr>
<tr> <tr>
<td width="22%" valign="top" class="vncellreq"><?=gettext("CRL data");?></td> <td><a id="help_for_crltext" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("CRL data");?></td>
<td width="78%" class="vtable"> <td>
<textarea name="crltext" id="crltext" cols="65" rows="7" class="formfld_crl"><?=base64_decode($crl['text']);?></textarea> <textarea name="crltext" id="crltext" cols="65" rows="7" class="formfld_crl"><?=$thiscrl['text'];?></textarea>
<br /> <div class="hidden" for="help_for_crltext">
<?=gettext("Paste a Certificate Revocation List in X.509 CRL format here.");?></td> <?=gettext("Paste a Certificate Revocation List in X.509 CRL format here.");?>
</div>
</td> </td>
</tr> </tr>
<tr> <tr>
<td width="22%" valign="top">&nbsp;</td> <td>&nbsp;</td>
<td width="78%"> <td>
<input id="submit" name="save" type="submit" class="formbtn" value="<?=gettext("Save"); ?>" /> <input id="submit" name="save" type="submit" class="btn btn-primary" value="<?=gettext("Save"); ?>" />
<input name="id" type="hidden" value="<?=htmlspecialchars($id);?>" /> <input name="id" type="hidden" value="<?=$id;?>" />
<input name="act" type="hidden" value="editimported" /> <input name="act" type="hidden" value="<?=$act;?>" />
</td> </td>
</tr> </tr>
</table> </table>
</form> </form>
<?php
<?php elseif ($act == "edit") :?>
elseif ($act == "edit") : <form method="post" name="iform" id="iform">
?> <input type="hidden" name="id" id="id" value=""/>
<input type="hidden" name="certref" id="certref" value=""/>
<?php $crl = $thiscrl; ?> <input type="hidden" name="act" id="action" value=""/>
<form action="system_crlmanager.php" method="post" name="iform" id="iform"> </form>
<table summary="revoke" class="table table-striped"> <form method="post">
<table class="table table-striped">
<thead> <thead>
<tr> <tr>
<th colspan="4"><b><?php echo gettext("Currently Revoked Certificates for CRL") . ': ' . $crl['descr']; ?></b></th> <th colspan="4"><?=gettext("Currently Revoked Certificates for CRL");?> : <?=$thiscrl['descr'];?></th>
</tr> </tr>
<tr> <tr>
<th><b><?php echo gettext("Certificate Name")?></b></th> <th><?=gettext("Certificate Name")?></th>
<th><b><?php echo gettext("Revocation Reason")?></b></th> <th><?=gettext("Revocation Reason")?></th>
<th><b><?php echo gettext("Revoked At")?></b></th> <th><?=gettext("Revoked At")?></th>
<th></th> <th></th>
</tr> </tr>
</thead> </thead>
<tbody> <tbody>
<?php /* List Certs on CRL */ <?php /* List Certs on CRL */
if (!isset($crl['cert']) || !is_array($crl['cert']) || (count($crl['cert']) == 0)) : if (!isset($thiscrl['cert']) || !is_array($thiscrl['cert']) || (count($thiscrl['cert']) == 0)) :?>
?>
<tr> <tr>
<td colspan="4"> <td colspan="4">
<?php echo gettext("No Certificates Found for this CRL."); ?> <?=gettext("No Certificates Found for this CRL."); ?>
</td> </td>
</tr> </tr>
<?php <?php
else : else :
foreach ($crl['cert'] as $i => $cert) : foreach ($thiscrl['cert'] as $i => $cert) :?>
$name = htmlspecialchars($cert['descr']);
?>
<tr> <tr>
<td><?=$cert['descr']; ?></td>
<td><?=$openssl_crl_status[$cert["reason"]]; ?></td>
<td><?=date("D M j G:i:s T Y", $cert["revoke_time"]); ?></td>
<td> <td>
<?php echo $name; ?> <a id="del_cert_<?=$thiscrl['refid'];?>" data-id="<?=$thiscrl['refid'];?>" data-certref="<?=$cert['refid'];?>" title="<?=gettext("Delete this certificate from the CRL ");?>" data-toggle="tooltip" class="act_delete_cert btn btn-default btn-xs">
</td>
<td>
<?php echo $openssl_crl_status[$cert["reason"]]; ?>
</td>
<td>
<?php echo date("D M j G:i:s T Y", $cert["revoke_time"]); ?>
</td>
<td>
<a href="system_crlmanager.php?act=delcert&amp;id=<?php echo $crl['refid']; ?>&amp;certref=<?php echo $cert['refid'];
?>" data-toggle="tooltip" data-placement="left" title="<?=gettext("Delete this certificate from the CRL ");
?>" onclick="return confirm('<?=gettext("Do you really want to delete this Certificate from the CRL?");?>')" class="btn btn-default btn-xs">
<span class="glyphicon glyphicon-remove"></span> <span class="glyphicon glyphicon-remove"></span>
</a> </a>
</td> </td>
</tr> </tr>
<?php <?php
endforeach; endforeach;
endif; endif;
?>
<?php /* Drop-down with other certs from this CA. */
// Map Certs to CAs in one pass
$ca_certs = array(); $ca_certs = array();
foreach ($a_cert as $cert) { foreach ($config['cert'] as $cert) {
if (isset($cert['caref']) && isset($crl['caref']) && $cert['caref'] == $crl['caref']) { if (isset($cert['caref']) && isset($thiscrl['caref']) && $cert['caref'] == $thiscrl['caref']) {
$ca_certs[] = $cert; $ca_certs[] = $cert;
} }
} }
if (count($ca_certs) == 0) : if (count($ca_certs) == 0) :?>
?>
<tr> <tr>
<td colspan="4"> <td colspan="4"><?=gettext("No Certificates Found for this CA."); ?></td>
<?php echo gettext("No Certificates Found for this CA."); ?>
</td>
</tr> </tr>
<?php <?php
else : else:?>
?>
<tr> <tr>
<th colspan="4"> <th colspan="4"><?=gettext("Revoke a Certificate"); ?></th>
<?=gettext("Revoke a Certificate"); ?>
</th>
</tr> </tr>
<tr> <tr>
<td> <td>
<b><?php echo gettext("Choose a Certificate to Revoke"); ?></b>: <b><?=gettext("Choose a Certificate to Revoke"); ?></b>:
</td> </td>
<td colspan="3" align="left"> <td colspan="3" align="left">
<select name='certref' id='certref' class="selectpicker" data-style="btn-default" data-live-search="true"> <select name='certref' id='certref' class="selectpicker" data-style="btn-default" data-live-search="true">
<?php $rowIndex = 0; <?php
foreach ($ca_certs as $cert) : foreach ($ca_certs as $cert) :?>
$rowIndex++; ?>
<option value="<?=$cert['refid'];?>"><?=htmlspecialchars($cert['descr'])?></option> <option value="<?=$cert['refid'];?>"><?=htmlspecialchars($cert['descr'])?></option>
<?php <?php
endforeach; endforeach;?>
if ($rowIndex == 0) {
echo "<option></option>";
} ?>
</select> </select>
</td> </td>
</tr> </tr>
<tr> <tr>
<td> <td>
<b><?php echo gettext("Reason");?></b>: <b><?=gettext("Reason");?></b>:
</td> </td>
<td colspan="3" align="left"> <td colspan="3" align="left">
<select name='crlreason' id='crlreason' class="selectpicker" data-style="btn-default"> <select name='crlreason' id='crlreason' class="selectpicker" data-style="btn-default">
<?php $rowIndex = 0; <?php
foreach ($openssl_crl_status as $code => $reason) : foreach ($openssl_crl_status as $code => $reason) :?>
$rowIndex++; ?> <option value="<?= $code ?>"><?=$reason?></option>
<option value="<?= $code ?>"><?= htmlspecialchars($reason) ?></option> <?php
<?php endforeach;?>
endforeach;
if ($rowIndex == 0) {
echo "<option></option>";
} ?>
</select> </select>
</td> </td>
</tr> </tr>
...@@ -635,29 +588,28 @@ elseif ($act == "edit") : ...@@ -635,29 +588,28 @@ elseif ($act == "edit") :
<td></td> <td></td>
<td colspan="3" align="left"> <td colspan="3" align="left">
<input name="act" type="hidden" value="addcert" /> <input name="act" type="hidden" value="addcert" />
<input name="crlref" type="hidden" value="<?=$crl['refid'];?>" /> <input name="id" type="hidden" value="<?=$thiscrl['refid'];?>" />
<input name="id" type="hidden" value="<?=$crl['refid'];?>" />
<input id="submit" name="add" type="submit" class="formbtn btn btn-primary" value="<?=gettext("Add"); ?>" /> <input id="submit" name="add" type="submit" class="formbtn btn btn-primary" value="<?=gettext("Add"); ?>" />
</td> </td>
</tr> </tr>
<?php <?php
endif; ?> endif; ?>
</tbody> </tbody>
</table> </table>
</form> </form>
<?php
<?php else :?>
else : <form method="post" id="iform" class="table table-striped">
?> <input type="hidden" name="id" id="id" value=""/>
<input type="hidden" name="act" id="action" value=""/>
<table width="100%" border="0" cellpadding="0" cellspacing="0" summary="ocpms" class="table table-striped"> <table class="table table-striped">
<thead> <thead>
<tr> <tr>
<td width="35%" class="listhdrr"><?=gettext("Name");?></td> <td><?=gettext("Name");?></td>
<td width="10%" class="listhdrr"><?=gettext("Internal");?></td> <td><?=gettext("Internal");?></td>
<td width="35%" class="listhdrr"><?=gettext("Certificates");?></td> <td><?=gettext("Certificates");?></td>
<td width="10%" class="listhdrr"><?=gettext("In Use");?></td> <td><?=gettext("In Use");?></td>
<td width="10%" class="list"></td> <td></td>
</tr> </tr>
</thead> </thead>
<tfoot> <tfoot>
...@@ -668,105 +620,83 @@ else : ...@@ -668,105 +620,83 @@ else :
</p> </p>
</td> </td>
</tr> </tr>
</tfoot> <tbody> </tfoot>
<?php <tbody>
// Map CRLs to CAs in one pass <?php
// Map CRLs to CAs
$ca_crl_map = array(); $ca_crl_map = array();
foreach ($a_crl as $crl) { foreach ($a_crl as $crl) {
$ca_crl_map[$crl['caref']][] = $crl['refid']; $ca_crl_map[$crl['caref']][] = $crl['refid'];
} }
$i = 0; foreach ($config['ca'] as $ca) :?>
foreach ($a_ca as $ca) :
$name = htmlspecialchars($ca['descr']);
if ($ca['prv']) {
$cainternal = "YES";
} else {
$cainternal = "NO";
}
?>
<tr> <tr>
<td class="listlr" colspan="4"> <td colspan="4"> <?=htmlspecialchars($ca['descr']);?></td>
<?=$name;?> <td>
</td> <?php
<td class="list"> if (!empty($ca['prv'])) :?>
<?php if ($cainternal == "YES") : <a href="system_crlmanager.php?act=new&amp;caref=<?=$ca['refid']; ?>" data-toggle="tooltip" data-placement="left" title="<?php printf(gettext("Add or Import CRL for %s"), htmlspecialchars($ca['descr']));?>" class="btn btn-default btn-xs">
?> <span class="glyphicon glyphicon-plus"></span>
<a href="system_crlmanager.php?act=new&amp;caref=<?php echo $ca['refid']; ?>" data-toggle="tooltip" data-placement="left" title="<?php printf(gettext("Add or Import CRL for %s"), $ca['descr']);?>" class="btn btn-default btn-xs"><span class="glyphicon glyphicon-plus"></span></a> </a>
<?php <?php
else : else :?>
?> <a href="system_crlmanager.php?act=new&amp;caref=<?=$ca['refid']; ?>&amp;importonly=yes" data-toggle="tooltip" data-placement="left" title="<?php printf(gettext("Import CRL for %s"), htmlspecialchars($ca['descr']));?>" class="btn btn-default btn-xs">
<a href="system_crlmanager.php?act=new&amp;caref=<?php echo $ca['refid']; ?>&amp;importonly=yes" data-toggle="tooltip" data-placement="left" title="<?php printf(gettext("Import CRL for %s"), $ca['descr']);?>" class="btn btn-default btn-xs"><span class="glyphicon glyphicon-plus"></span></a> <span class="glyphicon glyphicon-plus"></span>
<?php </a>
endif; ?> <?php
endif;?>
</td> </td>
</tr> </tr>
<?php
<?php if (isset($ca_crl_map[$ca['refid']]) && is_array($ca_crl_map[$ca['refid']])):
if (isset($ca_crl_map[$ca['refid']]) && is_array($ca_crl_map[$ca['refid']])) : foreach ($ca_crl_map[$ca['refid']] as $crl):
foreach ($ca_crl_map[$ca['refid']] as $crl) :
$tmpcrl = lookup_crl($crl); $tmpcrl = lookup_crl($crl);
$internal = is_crl_internal($tmpcrl); $internal = is_crl_internal($tmpcrl);
$inuse = crl_in_use($tmpcrl['refid']); $inuse = is_openvpn_server_crl($tmpcrl['refid']);?>
?>
<tr> <tr>
<td class="listlr"><?php echo $tmpcrl['descr']; ?></td> <td><?=htmlspecialchars($tmpcrl['descr']); ?></td>
<td class="listr"><?php echo ($internal) ? gettext("YES") : gettext("NO"); ?></td> <td><?=$internal ? gettext("YES") : gettext("NO"); ?></td>
<td class="listr"><?php echo ($internal) ? (isset($tmpcrl['cert']) && count($tmpcrl['cert'])) : gettext("Unknown (imported)"); ?></td> <td><?=$internal ? (isset($tmpcrl['cert']) && count($tmpcrl['cert'])) : gettext("Unknown (imported)"); ?></td>
<td class="listr"><?php echo ($inuse) ? gettext("YES") : gettext("NO"); ?></td> <td><?=$inuse ? gettext("YES") : gettext("NO"); ?></td>
<td valign="middle" class="list nowrap"> <td>
<a href="system_crlmanager.php?act=exp&amp;id=<?=$tmpcrl['refid'];?>" class="btn btn-default btn-xs"> <a href="system_crlmanager.php?act=exp&amp;id=<?=$tmpcrl['refid'];?>" class="btn btn-default btn-xs">
<span class="glyphicon glyphicon-export" data-toggle="tooltip" data-placement="left" title="<?=gettext("Export CRL") . " " . htmlspecialchars($tmpcrl['descr']);?>"></span> <span class="glyphicon glyphicon-export" data-toggle="tooltip" data-placement="left" title="<?=gettext("Export CRL") . " " . htmlspecialchars($tmpcrl['descr']);?>"></span>
</a> </a>
<?php if ($internal) : <?php
?> if ($internal) :?>
<a href="system_crlmanager.php?act=edit&amp;id=<?=$tmpcrl['refid'];?>" class="btn btn-default btn-xs"> <a href="system_crlmanager.php?act=edit&amp;id=<?=$tmpcrl['refid'];?>" class="btn btn-default btn-xs">
<span class="glyphicon glyphicon-edit" data-toggle="tooltip" data-placement="left" title="<?=gettext("Edit CRL") . " " . htmlspecialchars($tmpcrl['descr']);?>"></span> <span class="glyphicon glyphicon-edit" data-toggle="tooltip" data-placement="left" title="<?=gettext("Edit CRL") . " " . htmlspecialchars($tmpcrl['descr']);?>"></span>
</a> </a>
<?php <?php
else : else :?>
?>
<a href="system_crlmanager.php?act=editimported&amp;id=<?=$tmpcrl['refid'];?>" class="btn btn-default btn-xs"> <a href="system_crlmanager.php?act=editimported&amp;id=<?=$tmpcrl['refid'];?>" class="btn btn-default btn-xs">
<span class="glyphicon glyphicon-edit" data-toggle="tooltip" data-placement="left" title="<?=gettext("Edit CRL") . " " . htmlspecialchars($tmpcrl['descr']);?>"></span> <span class="glyphicon glyphicon-edit" data-toggle="tooltip" data-placement="left" title="<?=gettext("Edit CRL") . " " . htmlspecialchars($tmpcrl['descr']);?>"></span>
</a> </a>
<?php <?php
endif; ?> endif; ?>
<?php if (!$inuse) : <?php
?> if (!$inuse) :?>
<a href="system_crlmanager.php?act=del&amp;id=<?=$tmpcrl['refid']; <a id="del_<?=$tmpcrl['refid'];?>" data-descr="<?=htmlspecialchars($tmpcrl['descr']);?>" data-id="<?=$tmpcrl['refid'];?>" title="<?=gettext("Delete CRL") . " " . htmlspecialchars($tmpcrl['descr']);?>" data-toggle="tooltip" class="act_delete btn btn-default btn-xs">
?>" onclick="return confirm('<?=gettext("Do you really want to delete this Certificate Revocation List?") . ' (' . htmlspecialchars($tmpcrl['descr']) . ')';?>')" class="btn btn-default btn-xs"> <span class="glyphicon glyphicon-remove"></span>
<span class="glyphicon glyphicon-remove" data-toggle="tooltip" data-placement="left" title="<?=gettext("Delete CRL") . " " . htmlspecialchars($tmpcrl['descr']);?>"></span>
</a> </a>
<?php <?php
endif; ?> endif; ?>
</td> </td>
</tr> </tr>
<?php $i++; <?php
endforeach; endforeach;
endif; ?> endif; ?>
<tr><td colspan="5">&nbsp;</td></tr> <tr><td colspan="5">&nbsp;</td></tr>
<?php $i++; <?php
endforeach; ?> endforeach; ?>
</tbody> </tbody>
</table> </table>
</form>
<?php <?php
endif; ?> endif; ?>
</div> </div>
</section> </section>
</div> </div>
</div> </div>
</section> </section>
<script type="text/javascript">
//<![CDATA[
method_change();
//]]>
</script>
<?php include("foot.inc"); <?php include("foot.inc");
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

Technounit-GROUP 2023