Skip to content

O
OpnSense
Commit 949e6c31 authored by Ad Schellevis's avatar Ad Schellevis Committed by Franco Fichtner
Browse files
Options

(legacy) refactor system_crlmanager.php 

(cherry picked from commit 44d79821)
parent f48c9564
Show whitespace changes
Inline Side-by-side
Showing with 615 additions and 685 deletions
src/www/system_crlmanager.php
View file @ 949e6c31
......@@ -37,10 +37,9 @@ function openvpn_refresh_crls() {
if (isset($config['openvpn']['openvpn-server']) && is_array($config['openvpn']['openvpn-server'])) {
foreach ($config['openvpn']['openvpn-server'] as $settings) {
if (empty($settings))
continue;
if (isset($settings['disable']))
if (empty($settings) || isset($settings['disable'])) {
continue;
}
// Write the settings for the keys
switch($settings['mode']) {
case 'p2p_tls':
......@@ -64,114 +63,58 @@ function openvpn_refresh_crls() {
function cert_unrevoke($cert, & $crl) {
global $config;
if (!is_crl_internal($crl))
if (!is_crl_internal($crl)) {
return false;
}
foreach ($crl['cert'] as $id => $rcert) {
if (($rcert['refid'] == $cert['refid']) || ($rcert['descr'] == $cert['descr'])) {
unset($crl['cert'][$id]);
if (count($crl['cert']) == 0) {
// Protect against accidentally switching the type to imported, for older CRLs
if (!isset($crl['method']))
if (!isset($crl['method'])) {
$crl['method'] = "internal";
}
crl_update($crl);
} else
} else {
crl_update($crl);
}
return true;
}
}
return false;
}
// Keep this general to allow for future expansion. See cert_in_use() above.
function crl_in_use($crlref) {
return (is_openvpn_server_crl($crlref));
}
// openssl_crl_status messages from certs.inc
global $openssl_crl_status;
$crl_methods = array(
"internal" => gettext("Create an internal Certificate Revocation List"),
"existing" => gettext("Import an existing Certificate Revocation List"));
if (isset($_GET['id']) && ctype_alnum($_GET['id'])) {
$id = $_GET['id'];
} elseif (isset($_POST['id']) && ctype_alnum($_POST['id'])) {
$id = $_POST['id'];
}
if (!is_array($config['ca'])) {
// prepare config types
if (!isset($config['ca']) || !is_array($config['ca'])) {
$config['ca'] = array();
}
$a_ca =& $config['ca'];
if (!is_array($config['cert'])) {
if (!isset($config['cert']) || !is_array($config['cert'])) {
$config['cert'] = array();
}
$a_cert =& $config['cert'];
if (!isset($config['crl']) || !is_array($config['crl'])) {
$config['crl'] = array();
}
$a_crl =& $config['crl'];
foreach ($a_crl as $cid => $acrl) {
if (!isset($acrl['refid'])) {
unset ($a_crl[$cid]);
}
}
$thiscrl = false;
$act=null;
if (isset($_GET['act'])) {
$act = $_GET['act'];
} elseif (isset($_POST['act'])) {
$act = $_POST['act'];
}
if (!empty($id)) {
$thiscrl =& lookup_crl($id);
}
// If we were given an invalid crlref in the id, no sense in continuing as it would only cause errors.
if (!isset($thiscrl) && (($act != "") && ($act != "new"))) {
header("Location: system_crlmanager.php");
$act="";
$savemsg = gettext("Invalid CRL reference.");
}
if ($act == "del") {
$name = $thiscrl['descr'];
if (crl_in_use($id)) {
$savemsg = sprintf(gettext("Certificate Revocation List %s is in use and cannot be deleted"), $name) . "<br />";
} else {
foreach ($a_crl as $cid => $acrl) {
if ($acrl['refid'] == $thiscrl['refid']) {
unset($a_crl[$cid]);
if ($_SERVER['REQUEST_METHOD'] === 'GET') {
// locate cert by refid, returns false when not found
if (isset($_GET['id'])) {
$thiscrl =& lookup_crl($_GET['id']);
if ($thiscrl !== false) {
$id = $_GET['id'];
}
}
write_config("Deleted CRL {$name}.");
$savemsg = sprintf(gettext("Certificate Revocation List %s successfully deleted"), $name) . "<br />";
if (isset($_GET['act'])) {
$act = $_GET['act'];
}
}
if ($act == "new") {
if (isset($_GET['method'])) {
$pconfig['method'] = $_GET['method'];
} else {
$pconfig['method'] = null;
}
if (isset($_GET['caref'])) {
$pconfig['caref'] = $_GET['caref'];
} else {
$pconfig['caref'] = null;
}
$pconfig['lifetime'] = "9999";
$pconfig['serial'] = "0";
}
if ($act == "exp") {
if ($act == "exp") {
crl_update($thiscrl);
$exp_name = urlencode("{$thiscrl['descr']}.crl");
$exp_data = base64_decode($thiscrl['text']);
......@@ -182,52 +125,50 @@ if ($act == "exp") {
header("Content-Length: $exp_size");
echo $exp_data;
exit;
}
if ($act == "addcert") {
if ($_POST) {
$input_errors = array();
} elseif ($act == "new") {
$pconfig = array();
$pconfig['descr'] = null;
$pconfig['crltext'] = null;
$pconfig['crlmethod'] = !empty($_GET['method']) ? $_GET['method'] : null;
$pconfig['caref'] = !empty($_GET['caref']) ? $_GET['caref'] : null;
$pconfig['lifetime'] = "9999";
$pconfig['serial'] = "0";
}
} elseif ($_SERVER['REQUEST_METHOD'] === 'POST') {
$pconfig = $_POST;
if (!$pconfig['crlref'] || !$pconfig['certref']) {
header("Location: system_crlmanager.php");
exit;
// locate cert by refid, returns false when not found
if (isset($_POST['id'])) {
$thiscrl =& lookup_crl($_POST['id']);
if ($thiscrl !== false) {
$id = $_POST['id'];
}
// certref, crlref
$crl =& lookup_crl($pconfig['crlref']);
$cert = lookup_cert($pconfig['certref']);
if (!$crl['caref'] || !$cert['caref']) {
$input_errors[] = gettext("Both the Certificate and CRL must be specified.");
}
if (isset($_POST['act'])) {
$act = $_POST['act'];
}
if ($crl['caref'] != $cert['caref']) {
$input_errors[] = gettext("CA mismatch between the Certificate and CRL. Unable to Revoke.");
if ($act == "del" && isset($id)) {
$name = $thiscrl['descr'];
if (is_openvpn_server_crl($id)) {
$savemsg = sprintf(gettext("Certificate Revocation List %s is in use and cannot be deleted"), $name) . "<br />";
} else {
foreach ($a_crl as $cid => $acrl) {
if ($acrl['refid'] == $thiscrl['refid']) {
unset($a_crl[$cid]);
}
if (!is_crl_internal($crl)) {
$input_errors[] = gettext("Cannot revoke certificates for an imported/external CRL.");
}
if (!count($input_errors)) {
$reason = (empty($pconfig['crlreason'])) ? OCSP_REVOKED_STATUS_UNSPECIFIED : $pconfig['crlreason'];
cert_revoke($cert, $crl, $reason);
openvpn_refresh_crls();
write_config("Revoked cert {$cert['descr']} in CRL {$crl['descr']}.");
write_config("Deleted CRL {$name}.");
header("Location: system_crlmanager.php");
exit;
}
}
}
if ($act == "delcert") {
if (!is_array($thiscrl['cert'])) {
} elseif ($act == "delcert" && isset($id)) {
if (!isset($thiscrl['cert']) || !is_array($thiscrl['cert'])) {
header("Location: system_crlmanager.php");
exit;
}
$found = false;
foreach ($thiscrl['cert'] as $acert) {
if ($acert['refid'] == $_GET['certref']) {
if ($acert['refid'] == $pconfig['certref']) {
$found = true;
$thiscert = $acert;
}
......@@ -238,27 +179,55 @@ if ($act == "delcert") {
}
$name = $thiscert['descr'];
if (cert_unrevoke($thiscert, $thiscrl)) {
$savemsg = sprintf(gettext("Deleted Certificate %s from CRL %s"), $name, $thiscrl['descr']) . "<br />";
openvpn_refresh_crls();
write_config(sprintf(gettext("Deleted Certificate %s from CRL %s"), $name, $thiscrl['descr']));
header("Location: system_crlmanager.php");
exit;
} else {
$savemsg = sprintf(gettext("Failed to delete Certificate %s from CRL %s"), $name, $thiscrl['descr']) . "<br />";
}
$act="edit";
}
} elseif ($act == "addcert") {
$input_errors = array();
if (!isset($id)) {
header("Location: system_crlmanager.php");
exit;
}
if ($_POST) {
unset($input_errors);
// certref, crlref
$crl =& lookup_crl($id);
$cert = lookup_cert($pconfig['certref']);
if (empty($crl['caref']) || empty($cert['caref'])) {
$input_errors[] = gettext("Both the Certificate and CRL must be specified.");
}
if ($crl['caref'] != $cert['caref']) {
$input_errors[] = gettext("CA mismatch between the Certificate and CRL. Unable to Revoke.");
}
if (!is_crl_internal($crl)) {
$input_errors[] = gettext("Cannot revoke certificates for an imported/external CRL.");
}
if (!count($input_errors)) {
$reason = (empty($pconfig['crlreason'])) ? OCSP_REVOKED_STATUS_UNSPECIFIED : $pconfig['crlreason'];
cert_revoke($cert, $crl, $reason);
openvpn_refresh_crls();
write_config("Revoked cert {$cert['descr']} in CRL {$crl['descr']}.");
header("Location: system_crlmanager.php");
exit;
}
} else {
$input_errors = array();
$pconfig = $_POST;
/* input validation */
if (($pconfig['method'] == "existing") || ($act == "editimported")) {
if (($pconfig['crlmethod'] == "existing") || ($act == "editimported")) {
$reqdfields = explode(" ", "descr crltext");
$reqdfieldsn = array(
gettext("Descriptive name"),
gettext("Certificate Revocation List data"));
}
if ($pconfig['method'] == "internal") {
} elseif ($pconfig['crlmethod'] == "internal") {
$reqdfields = explode(
" ",
"descr caref"
......@@ -268,366 +237,350 @@ if ($_POST) {
gettext("Certificate Authority"));
}
do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors);
do_input_validation($pconfig, $reqdfields, $reqdfieldsn, $input_errors);
/* save modifications */
if (!$input_errors) {
$result = false;
if (isset($thiscrl)) {
if (count($input_errors) == 0) {
if (isset($id)) {
$crl =& $thiscrl;
} else {
$crl = array();
$crl['refid'] = uniqid();
}
$crl['descr'] = $pconfig['descr'];
if ($act != "editimported") {
$crl['caref'] = $pconfig['caref'];
$crl['method'] = $pconfig['method'];
foreach (array("descr", "caref", "crlmethod") as $fieldname) {
if (isset($pconfig[$fieldname])) {
$crl[$fieldname] = $pconfig[$fieldname];
}
}
if (($pconfig['method'] == "existing") || ($act == "editimported")) {
if (($pconfig['crlmethod'] == "existing") || ($act == "editimported")) {
$crl['text'] = base64_encode($pconfig['crltext']);
}
if ($pconfig['method'] == "internal") {
if ($pconfig['crlmethod'] == "internal") {
$crl['serial'] = empty($pconfig['serial']) ? 9999 : $pconfig['serial'];
$crl['lifetime'] = empty($pconfig['lifetime']) ? 9999 : $pconfig['lifetime'];
$crl['cert'] = array();
}
if (!isset($thiscrl)) {
if (!isset($id)) {
$a_crl[] = $crl;
}
write_config("Saved CRL {$crl['descr']}");
openvpn_refresh_crls();
header("Location: system_crlmanager.php");
exit;
}
}
}
legacy_html_escape_form_data($pconfig);
legacy_html_escape_form_data($thiscrl);
include("head.inc");
?>
<body>
<?php include("fbegin.inc"); ?>
<script type="text/javascript">
//<![CDATA[
function method_change() {
method = document.iform.method.value;
switch (method) {
case "internal":
document.getElementById("existing").style.display="none";
document.getElementById("internal").style.display="";
break;
case "existing":
document.getElementById("existing").style.display="";
document.getElementById("internal").style.display="none";
break;
}
}
//]]>
$( document ).ready(function() {
// delete cert revocation list
$(".act_delete").click(function(event){
event.preventDefault();
var id = $(this).data('id');
var descr = $(this).data('descr');
BootstrapDialog.show({
type:BootstrapDialog.TYPE_INFO,
title: "<?=gettext("Certificates");?>",
message: "<?=gettext("Do you really want to delete this Certificate Revocation List?");?> (" + descr + ")" ,
buttons: [{
label: "<?=gettext("No");?>",
action: function(dialogRef) {
dialogRef.close();
}}, {
label: "<?=gettext("Yes");?>",
action: function(dialogRef) {
$("#id").val(id);
$("#action").val("del");
$("#iform").submit();
}
}]
});
});
// Delete certificate from CRL
$(".act_delete_cert").click(function(event){
event.preventDefault();
var id = $(this).data('id');
var certref = $(this).data('certref');
BootstrapDialog.show({
type:BootstrapDialog.TYPE_INFO,
title: "<?=gettext("Certificates");?>",
message: "<?=gettext("Delete this certificate from the CRL ");?>",
buttons: [{
label: "<?=gettext("No");?>",
action: function(dialogRef) {
dialogRef.close();
}}, {
label: "<?=gettext("Yes");?>",
action: function(dialogRef) {
$("#id").val(id);
$("#certref").val(certref);
$("#action").val("delcert");
$("#iform").submit();
}
}]
});
});
$("#crlmethod").change(function(){
$("#existing").addClass("hidden");
$("#internal").addClass("hidden");
if ($("#crlmethod").val() == "internal") {
$("#internal").removeClass("hidden");
} else {
$("#existing").removeClass("hidden");
};
});
$("#crlmethod").change();
});
</script>
<?php include("fbegin.inc"); ?>
<!-- row -->
<section class="page-content-main">
<div class="container-fluid">
<div class="row">
<?php
<?php
if (isset($input_errors) && count($input_errors) > 0) {
print_input_errors($input_errors);
}
if (isset($savemsg)) {
print_info_box($savemsg);
}
?>
?>
<section class="col-xs-12">
<div class="content-box tab-content">
<?php if ($act == "new" || $act == gettext("Save") || (isset($input_errors) && count($input_errors)) ) :
?>
<form action="system_crlmanager.php" method="post" name="iform" id="iform">
<table width="100%" border="0" cellpadding="6" cellspacing="0" summary="main area" class="table table-striped">
<?php if (!isset($id)) :
?>
<?php
if ($act == "new") :?>
<form method="post" name="iform" id="iform">
<input type="hidden" name="act" id="action" value="<?=$act;?>"/>
<table class="table table-striped">
<?php
if (!isset($id)) :?>
<tr>
<td width="22%" valign="top" class="vncellreq"><?=gettext("Method");?></td>
<td width="78%" class="vtable">
<select name='method' id='method' class="formselect" onchange='method_change()'>
<?php
$rowIndex = 0;
foreach ($crl_methods as $method => $desc) :
if (isset($_GET['importonly']) && ($_GET['importonly'] == "yes") && ($method != "existing")) {
continue;
}
$selected = "";
if (isset($pconfig['method']) && $pconfig['method'] == $method) {
$selected = "selected=\"selected\"";
}
$rowIndex++;
?>
<option value="<?=$method;
?>" <?=$selected;
?>><?=$desc;?></option>
<?php
endforeach;
if ($rowIndex == 0) {
echo "<option></option>";
}
?>
<td width="22%"><i class="fa fa-info-circle text-muted"></i> <?=gettext("Method");?></td>
<td width="78%">
<select name="crlmethod" id='crlmethod' class="formselect">
<option value="internal" <?=$pconfig['crlmethod'] == "internal" ? "selected=\"selected\"" : "";?>><?=gettext("Create an internal Certificate Revocation List");?></option>
<option value="existing" <?=$pconfig['crlmethod'] == "existing" ? "selected=\"selected\"" : "";?>><?=gettext("Import an existing Certificate Revocation List");?></option>
</select>
</td>
</tr>
<?php
endif; ?>
<?php
endif; ?>
<tr>
<td width="22%" valign="top" class="vncellreq"><?=gettext("Descriptive name");?></td>
<td width="78%" class="vtable">
<input name="descr" type="text" class="formfld unknown" id="descr" size="20" value="<?php if (isset($pconfig['descr'])) echo htmlspecialchars($pconfig['descr']);?>"/>
<td><i class="fa fa-info-circle text-muted"></i> <?=gettext("Descriptive name");?></td>
<td>
<input name="descr" type="text" id="descr" size="20" value="<?=$pconfig['descr'];?>"/>
</td>
</tr>
<tr>
<td width="22%" valign="top" class="vncellreq"><?=gettext("Certificate Authority");?></td>
<td width="78%" class="vtable">
<select name='caref' id='caref' class="formselect">
<?php
$rowIndex = 0;
foreach ($a_ca as $ca) :
$selected = "";
if ($pconfig['caref'] == $ca['refid']) {
$selected = "selected=\"selected\"";
}
$rowIndex++;
?>
<option value="<?=$ca['refid'];
?>" <?=$selected;
?>><?=$ca['descr'];?></option>
<?php
endforeach;
if ($rowIndex == 0) {
echo "<option></option>";
}
?>
<td><i class="fa fa-info-circle text-muted"></i> <?=gettext("Certificate Authority");?></td>
<td>
<select name='caref' id='caref' class="selectpicker">
<?php
foreach ($config['ca'] as $ca):?>
<option value="<?=$ca['refid'];?>" <?=$pconfig['caref'] == $ca['refid'] ? "selected=\"selected\"" : "";?>>
<?=htmlentities($ca['descr']);?>
</option>
<?php
endforeach;?>
</select>
</td>
</tr>
</table>
<table width="100%" border="0" cellpadding="6" cellspacing="0" id="existing" summary="existing" class="table table-striped">
<!-- import existing -->
<table id="existing" class="table table-striped">
<thead>
<tr>
<th colspan="2" valign="top" class="listtopic"><?=gettext("Existing Certificate Revocation List");?></th>
<th colspan="2"><?=gettext("Existing Certificate Revocation List");?></th>
</tr>
</thead>
<tbody>
<tr>
<td width="22%" valign="top" class="vncellreq"><?=gettext("CRL data");?></td>
<td width="78%" class="vtable">
<textarea name="crltext" id="crltext" cols="65" rows="7" class="formfld_crl"><?php if (isset($pconfig['crltext'])) echo $pconfig['crltext'];?></textarea>
<br />
<td width="22%"><a id="help_for_crltext" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("CRL data");?></td>
<td width="78%">
<textarea name="crltext" id="crltext" cols="65" rows="7" class="formfld_crl"><?=$pconfig['crltext'];?></textarea>
<div class="hidden" for="help_for_crltext">
<?=gettext("Paste a Certificate Revocation List in X.509 CRL format here.");?>
</div>
</td>
</tr>
</tbody>
</table>
<table width="100%" border="0" cellpadding="6" cellspacing="0" id="internal" summary="internal" class="table table-striped">
<!-- create internal -->
<table id="internal" class="table table-striped">
<thead>
<tr>
<th colspan="2" valign="top" class="listtopic"><?=gettext("Internal Certificate Revocation List");?></th>
<th colspan="2"><?=gettext("Internal Certificate Revocation List");?></th>
</tr>
</thead>
<tbody>
<tr>
<td width="22%" valign="top" class="vncellreq"><?=gettext("Lifetime");?></td>
<td width="78%" class="vtable">
<input name="lifetime" type="text" class="formfld unknown" id="lifetime" size="5" value="<?=htmlspecialchars($pconfig['lifetime']);?>"/>
<?=gettext("days");?><br />
<td width="22%"><a id="help_for_lifetime" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Lifetime");?> (<?=gettext("days");?>)</td>
<td width="78%">
<input name="lifetime" type="text" id="lifetime" size="5" value="<?=$pconfig['lifetime'];?>"/>
<div class="hidden" for="help_for_lifetime">
<?=gettext("Default: 9999");?>
</div>
</td>
</tr>
<tr>
<td width="22%" valign="top" class="vncellreq"><?=gettext("Serial");?></td>
<td width="78%" class="vtable">
<input name="serial" type="text" class="formfld unknown" id="serial" size="5" value="<?=htmlspecialchars($pconfig['serial']);?>"/>
<br />
<td><a id="help_for_serial" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Serial");?></td>
<td>
<input name="serial" type="text" id="serial" size="5" value="<?=$pconfig['serial'];?>"/>
<div class="hidden" for="help_for_serial">
<?=gettext("Default: 0");?>
</div>
</td>
</tr>
</tbody>
</table>
<table width="100%" border="0" cellpadding="6" cellspacing="0" summary="save" class="table table-striped">
<table class="table table-striped">
<tr>
<td width="22%" valign="top">&nbsp;</td>
<td width="22%">&nbsp;</td>
<td width="78%">
<input id="submit" name="save" type="submit" class="btn btn-primary" value="<?=gettext("Save"); ?>" />
<?php if (isset($id) && $thiscrl) :
?>
<input name="id" type="hidden" value="<?=htmlspecialchars($id);?>" />
<?php
endif;?>
<?php
if (isset($id)) :?>
<input name="id" type="hidden" value="<?=$id;?>" />
<?php
endif;?>
</td>
</tr>
</table>
</form>
<?php
elseif ($act == "editimported") :
?>
<?php $crl = $thiscrl; ?>
<form action="system_crlmanager.php" method="post" name="iform" id="iform" class="table table-striped">
<table width="100%" border="0" cellpadding="6" cellspacing="0" id="editimported" summary="import">
<?php
elseif ($act == "editimported") :?>
<form method="post" name="iform" id="iform">
<table id="editimported" class="table table-striped">
<tr>
<td colspan="2" valign="top" class="listtopic"><?=gettext("Edit Imported Certificate Revocation List");?></td>
<th colspan="2"><?=gettext("Edit Imported Certificate Revocation List");?></th>
</tr>
<tr>
<td width="22%" valign="top" class="vncellreq"><?=gettext("Descriptive name");?></td>
<td width="78%" class="vtable">
<input name="descr" type="text" class="formfld unknown" id="descr" size="20" value="<?=htmlspecialchars($crl['descr']);?>"/>
<td width="22%"><i class="fa fa-info-circle text-muted"></i> <?=gettext("Descriptive name");?></td>
<td width="78%">
<input name="descr" type="text" id="descr" size="20" value="<?=$thiscrl['descr'];?>"/>
</td>
</tr>
<tr>
<td width="22%" valign="top" class="vncellreq"><?=gettext("CRL data");?></td>
<td width="78%" class="vtable">
<textarea name="crltext" id="crltext" cols="65" rows="7" class="formfld_crl"><?=base64_decode($crl['text']);?></textarea>
<br />
<?=gettext("Paste a Certificate Revocation List in X.509 CRL format here.");?></td>
<td><a id="help_for_crltext" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("CRL data");?></td>
<td>
<textarea name="crltext" id="crltext" cols="65" rows="7" class="formfld_crl"><?=$thiscrl['text'];?></textarea>
<div class="hidden" for="help_for_crltext">
<?=gettext("Paste a Certificate Revocation List in X.509 CRL format here.");?>
</div>
</td>
</tr>
<tr>
<td width="22%" valign="top">&nbsp;</td>
<td width="78%">
<input id="submit" name="save" type="submit" class="formbtn" value="<?=gettext("Save"); ?>" />
<input name="id" type="hidden" value="<?=htmlspecialchars($id);?>" />
<input name="act" type="hidden" value="editimported" />
<td>&nbsp;</td>
<td>
<input id="submit" name="save" type="submit" class="btn btn-primary" value="<?=gettext("Save"); ?>" />
<input name="id" type="hidden" value="<?=$id;?>" />
<input name="act" type="hidden" value="<?=$act;?>" />
</td>
</tr>
</table>
</form>
<?php
elseif ($act == "edit") :
?>
<?php $crl = $thiscrl; ?>
<form action="system_crlmanager.php" method="post" name="iform" id="iform">
<table summary="revoke" class="table table-striped">
<?php
elseif ($act == "edit") :?>
<form method="post" name="iform" id="iform">
<input type="hidden" name="id" id="id" value=""/>
<input type="hidden" name="certref" id="certref" value=""/>
<input type="hidden" name="act" id="action" value=""/>
</form>
<form method="post">
<table class="table table-striped">
<thead>
<tr>
<th colspan="4"><b><?php echo gettext("Currently Revoked Certificates for CRL") . ': ' . $crl['descr']; ?></b></th>
<th colspan="4"><?=gettext("Currently Revoked Certificates for CRL");?> : <?=$thiscrl['descr'];?></th>
</tr>
<tr>
<th><b><?php echo gettext("Certificate Name")?></b></th>
<th><b><?php echo gettext("Revocation Reason")?></b></th>
<th><b><?php echo gettext("Revoked At")?></b></th>
<th><?=gettext("Certificate Name")?></th>
<th><?=gettext("Revocation Reason")?></th>
<th><?=gettext("Revoked At")?></th>
<th></th>
</tr>
</thead>
<tbody>
<?php /* List Certs on CRL */
if (!isset($crl['cert']) || !is_array($crl['cert']) || (count($crl['cert']) == 0)) :
?>
<?php /* List Certs on CRL */
if (!isset($thiscrl['cert']) || !is_array($thiscrl['cert']) || (count($thiscrl['cert']) == 0)) :?>
<tr>
<td colspan="4">
<?php echo gettext("No Certificates Found for this CRL."); ?>
<?=gettext("No Certificates Found for this CRL."); ?>
</td>
</tr>
<?php
<?php
else :
foreach ($crl['cert'] as $i => $cert) :
$name = htmlspecialchars($cert['descr']);
?>
foreach ($thiscrl['cert'] as $i => $cert) :?>
<tr>
<td><?=$cert['descr']; ?></td>
<td><?=$openssl_crl_status[$cert["reason"]]; ?></td>
<td><?=date("D M j G:i:s T Y", $cert["revoke_time"]); ?></td>
<td>
<?php echo $name; ?>
</td>
<td>
<?php echo $openssl_crl_status[$cert["reason"]]; ?>
</td>
<td>
<?php echo date("D M j G:i:s T Y", $cert["revoke_time"]); ?>
</td>
<td>
<a href="system_crlmanager.php?act=delcert&amp;id=<?php echo $crl['refid']; ?>&amp;certref=<?php echo $cert['refid'];
?>" data-toggle="tooltip" data-placement="left" title="<?=gettext("Delete this certificate from the CRL ");
?>" onclick="return confirm('<?=gettext("Do you really want to delete this Certificate from the CRL?");?>')" class="btn btn-default btn-xs">
<a id="del_cert_<?=$thiscrl['refid'];?>" data-id="<?=$thiscrl['refid'];?>" data-certref="<?=$cert['refid'];?>" title="<?=gettext("Delete this certificate from the CRL ");?>" data-toggle="tooltip" class="act_delete_cert btn btn-default btn-xs">
<span class="glyphicon glyphicon-remove"></span>
</a>
</td>
</tr>
<?php
<?php
endforeach;
endif;
?>
<?php /* Drop-down with other certs from this CA. */
// Map Certs to CAs in one pass
$ca_certs = array();
foreach ($a_cert as $cert) {
if (isset($cert['caref']) && isset($crl['caref']) && $cert['caref'] == $crl['caref']) {
foreach ($config['cert'] as $cert) {
if (isset($cert['caref']) && isset($thiscrl['caref']) && $cert['caref'] == $thiscrl['caref']) {
$ca_certs[] = $cert;
}
}
if (count($ca_certs) == 0) :
?>
if (count($ca_certs) == 0) :?>
<tr>
<td colspan="4">
<?php echo gettext("No Certificates Found for this CA."); ?>
</td>
<td colspan="4"><?=gettext("No Certificates Found for this CA."); ?></td>
</tr>
<?php
else :
?>
<?php
else:?>
<tr>
<th colspan="4">
<?=gettext("Revoke a Certificate"); ?>
</th>
<th colspan="4"><?=gettext("Revoke a Certificate"); ?></th>
</tr>
<tr>
<td>
<b><?php echo gettext("Choose a Certificate to Revoke"); ?></b>:
<b><?=gettext("Choose a Certificate to Revoke"); ?></b>:
</td>
<td colspan="3" align="left">
<select name='certref' id='certref' class="selectpicker" data-style="btn-default" data-live-search="true">
<?php $rowIndex = 0;
foreach ($ca_certs as $cert) :
$rowIndex++; ?>
<?php
foreach ($ca_certs as $cert) :?>
<option value="<?=$cert['refid'];?>"><?=htmlspecialchars($cert['descr'])?></option>
<?php
endforeach;
if ($rowIndex == 0) {
echo "<option></option>";
} ?>
<?php
endforeach;?>
</select>
</td>
</tr>
<tr>
<td>
<b><?php echo gettext("Reason");?></b>:
<b><?=gettext("Reason");?></b>:
</td>
<td colspan="3" align="left">
<select name='crlreason' id='crlreason' class="selectpicker" data-style="btn-default">
<?php $rowIndex = 0;
foreach ($openssl_crl_status as $code => $reason) :
$rowIndex++; ?>
<option value="<?= $code ?>"><?= htmlspecialchars($reason) ?></option>
<?php
endforeach;
if ($rowIndex == 0) {
echo "<option></option>";
} ?>
<?php
foreach ($openssl_crl_status as $code => $reason) :?>
<option value="<?= $code ?>"><?=$reason?></option>
<?php
endforeach;?>
</select>
</td>
</tr>
......@@ -635,29 +588,28 @@ elseif ($act == "edit") :
<td></td>
<td colspan="3" align="left">
<input name="act" type="hidden" value="addcert" />
<input name="crlref" type="hidden" value="<?=$crl['refid'];?>" />
<input name="id" type="hidden" value="<?=$crl['refid'];?>" />
<input name="id" type="hidden" value="<?=$thiscrl['refid'];?>" />
<input id="submit" name="add" type="submit" class="formbtn btn btn-primary" value="<?=gettext("Add"); ?>" />
</td>
</tr>
<?php
<?php
endif; ?>
</tbody>
</table>
</form>
<?php
else :
?>
<table width="100%" border="0" cellpadding="0" cellspacing="0" summary="ocpms" class="table table-striped">
<?php
else :?>
<form method="post" id="iform" class="table table-striped">
<input type="hidden" name="id" id="id" value=""/>
<input type="hidden" name="act" id="action" value=""/>
<table class="table table-striped">
<thead>
<tr>
<td width="35%" class="listhdrr"><?=gettext("Name");?></td>
<td width="10%" class="listhdrr"><?=gettext("Internal");?></td>
<td width="35%" class="listhdrr"><?=gettext("Certificates");?></td>
<td width="10%" class="listhdrr"><?=gettext("In Use");?></td>
<td width="10%" class="list"></td>
<td><?=gettext("Name");?></td>
<td><?=gettext("Internal");?></td>
<td><?=gettext("Certificates");?></td>
<td><?=gettext("In Use");?></td>
<td></td>
</tr>
</thead>
<tfoot>
......@@ -668,105 +620,83 @@ else :
</p>
</td>
</tr>
</tfoot> <tbody>
<?php
// Map CRLs to CAs in one pass
</tfoot>
<tbody>
<?php
// Map CRLs to CAs
$ca_crl_map = array();
foreach ($a_crl as $crl) {
$ca_crl_map[$crl['caref']][] = $crl['refid'];
}
$i = 0;
foreach ($a_ca as $ca) :
$name = htmlspecialchars($ca['descr']);
if ($ca['prv']) {
$cainternal = "YES";
} else {
$cainternal = "NO";
}
?>
foreach ($config['ca'] as $ca) :?>
<tr>
<td class="listlr" colspan="4">
<?=$name;?>
</td>
<td class="list">
<?php if ($cainternal == "YES") :
?>
<a href="system_crlmanager.php?act=new&amp;caref=<?php echo $ca['refid']; ?>" data-toggle="tooltip" data-placement="left" title="<?php printf(gettext("Add or Import CRL for %s"), $ca['descr']);?>" class="btn btn-default btn-xs"><span class="glyphicon glyphicon-plus"></span></a>
<?php
else :
?>
<a href="system_crlmanager.php?act=new&amp;caref=<?php echo $ca['refid']; ?>&amp;importonly=yes" data-toggle="tooltip" data-placement="left" title="<?php printf(gettext("Import CRL for %s"), $ca['descr']);?>" class="btn btn-default btn-xs"><span class="glyphicon glyphicon-plus"></span></a>
<?php
endif; ?>
<td colspan="4"> <?=htmlspecialchars($ca['descr']);?></td>
<td>
<?php
if (!empty($ca['prv'])) :?>
<a href="system_crlmanager.php?act=new&amp;caref=<?=$ca['refid']; ?>" data-toggle="tooltip" data-placement="left" title="<?php printf(gettext("Add or Import CRL for %s"), htmlspecialchars($ca['descr']));?>" class="btn btn-default btn-xs">
<span class="glyphicon glyphicon-plus"></span>
</a>
<?php
else :?>
<a href="system_crlmanager.php?act=new&amp;caref=<?=$ca['refid']; ?>&amp;importonly=yes" data-toggle="tooltip" data-placement="left" title="<?php printf(gettext("Import CRL for %s"), htmlspecialchars($ca['descr']));?>" class="btn btn-default btn-xs">
<span class="glyphicon glyphicon-plus"></span>
</a>
<?php
endif;?>
</td>
</tr>
<?php
if (isset($ca_crl_map[$ca['refid']]) && is_array($ca_crl_map[$ca['refid']])) :
foreach ($ca_crl_map[$ca['refid']] as $crl) :
<?php
if (isset($ca_crl_map[$ca['refid']]) && is_array($ca_crl_map[$ca['refid']])):
foreach ($ca_crl_map[$ca['refid']] as $crl):
$tmpcrl = lookup_crl($crl);
$internal = is_crl_internal($tmpcrl);
$inuse = crl_in_use($tmpcrl['refid']);
?>
$inuse = is_openvpn_server_crl($tmpcrl['refid']);?>
<tr>
<td class="listlr"><?php echo $tmpcrl['descr']; ?></td>
<td class="listr"><?php echo ($internal) ? gettext("YES") : gettext("NO"); ?></td>
<td class="listr"><?php echo ($internal) ? (isset($tmpcrl['cert']) && count($tmpcrl['cert'])) : gettext("Unknown (imported)"); ?></td>
<td class="listr"><?php echo ($inuse) ? gettext("YES") : gettext("NO"); ?></td>
<td valign="middle" class="list nowrap">
<td><?=htmlspecialchars($tmpcrl['descr']); ?></td>
<td><?=$internal ? gettext("YES") : gettext("NO"); ?></td>
<td><?=$internal ? (isset($tmpcrl['cert']) && count($tmpcrl['cert'])) : gettext("Unknown (imported)"); ?></td>
<td><?=$inuse ? gettext("YES") : gettext("NO"); ?></td>
<td>
<a href="system_crlmanager.php?act=exp&amp;id=<?=$tmpcrl['refid'];?>" class="btn btn-default btn-xs">
<span class="glyphicon glyphicon-export" data-toggle="tooltip" data-placement="left" title="<?=gettext("Export CRL") . " " . htmlspecialchars($tmpcrl['descr']);?>"></span>
</a>
<?php if ($internal) :
?>
<?php
if ($internal) :?>
<a href="system_crlmanager.php?act=edit&amp;id=<?=$tmpcrl['refid'];?>" class="btn btn-default btn-xs">
<span class="glyphicon glyphicon-edit" data-toggle="tooltip" data-placement="left" title="<?=gettext("Edit CRL") . " " . htmlspecialchars($tmpcrl['descr']);?>"></span>
</a>
<?php
else :
?>
<?php
else :?>
<a href="system_crlmanager.php?act=editimported&amp;id=<?=$tmpcrl['refid'];?>" class="btn btn-default btn-xs">
<span class="glyphicon glyphicon-edit" data-toggle="tooltip" data-placement="left" title="<?=gettext("Edit CRL") . " " . htmlspecialchars($tmpcrl['descr']);?>"></span>
</a>
<?php
endif; ?>
<?php if (!$inuse) :
?>
<a href="system_crlmanager.php?act=del&amp;id=<?=$tmpcrl['refid'];
?>" onclick="return confirm('<?=gettext("Do you really want to delete this Certificate Revocation List?") . ' (' . htmlspecialchars($tmpcrl['descr']) . ')';?>')" class="btn btn-default btn-xs">
<span class="glyphicon glyphicon-remove" data-toggle="tooltip" data-placement="left" title="<?=gettext("Delete CRL") . " " . htmlspecialchars($tmpcrl['descr']);?>"></span>
<?php
endif; ?>
<?php
if (!$inuse) :?>
<a id="del_<?=$tmpcrl['refid'];?>" data-descr="<?=htmlspecialchars($tmpcrl['descr']);?>" data-id="<?=$tmpcrl['refid'];?>" title="<?=gettext("Delete CRL") . " " . htmlspecialchars($tmpcrl['descr']);?>" data-toggle="tooltip" class="act_delete btn btn-default btn-xs">
<span class="glyphicon glyphicon-remove"></span>
</a>
<?php
endif; ?>
<?php
endif; ?>
</td>
</tr>
<?php $i++;
<?php
endforeach;
endif; ?>
<tr><td colspan="5">&nbsp;</td></tr>
<?php $i++;
<?php
endforeach; ?>
</tbody>
</table>
<?php
endif; ?>
</form>
<?php
endif; ?>
</div>
</section>
</div>
</div>
</section>
<script type="text/javascript">
//<![CDATA[
method_change();
//]]>
</script>
<?php include("foot.inc");
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

Technounit-GROUP 2023