diff options
author | jim-p <jimp@pfsense.org> | 2010-10-20 15:40:52 -0400 |
---|---|---|
committer | jim-p <jimp@pfsense.org> | 2010-10-20 15:41:26 -0400 |
commit | 28ff7ace4b77ae89deddb9bd3a7f3a7e969dc826 (patch) | |
tree | 71485de69683cb2b136565bb1eb242dd2b7e20a9 /usr/local | |
parent | 5293bfecd822c8491305eed20458165d55e44f0e (diff) | |
download | pfsense-28ff7ace4b77ae89deddb9bd3a7f3a7e969dc826.zip pfsense-28ff7ace4b77ae89deddb9bd3a7f3a7e969dc826.tar.gz |
Add more CRL functionality. Needs to wait on a new build for further testing.
Diffstat (limited to 'usr/local')
-rw-r--r-- | usr/local/www/system_crlmanager.php | 130 |
1 files changed, 128 insertions, 2 deletions
diff --git a/usr/local/www/system_crlmanager.php b/usr/local/www/system_crlmanager.php index 780a35c..34ecd21 100644 --- a/usr/local/www/system_crlmanager.php +++ b/usr/local/www/system_crlmanager.php @@ -85,6 +85,13 @@ if ($act == "del") { } } +if ($act == "edit") { + if (!$a_crl[$id]) { + pfSenseHeader("system_crlmanager.php"); + exit; + } +} + if ($act == "new") { $pconfig['method'] = $_GET['method']; $pconfig['caref'] = $_GET['caref']; @@ -110,6 +117,47 @@ if ($act == "exp") { exit; } +if ($act == "addcert") { + if ($_POST) { + unset($input_errors); + $pconfig = $_POST; + + if (!$pconfig['crlref'] || !$pconfig['certref']) { + pfSenseHeader("system_crlmanager.php"); + exit; + } + + // certref, crlref + $crl =& lookup_crl($pconfig['crlref']); + $cert = lookup_cert($pconfig['certref']); + + if (!$crl['caref'] || !$cert['caref']) { + $input_errors[] = gettext("Both the Certificate and CRL must be specified."); + } + + if ($crl['caref'] != $cert['caref']) { + $input_errors[] = gettext("CA mismatch between the Certificate and CRL. Unable to Revoke."); + } + if (!is_crl_internal($crl)) { + $input_errors[] = gettext("Cannot revoke certificates for an imported/external CRL."); + } + + if (!$input_errors) { + cert_revoke($cert, $crl, OCSP_REVOKED_STATUS_UNSPECIFIED); + write_config("Revoked cert {$cert['descr']} in CRL {$crl['descr']}."); + pfSenseHeader("system_crlmanager.php"); + } + } +} + +// Not Finished Yet! +if ($act == "delcert") { + if (!$a_crl[$id]) { + pfSenseHeader("system_crlmanager.php"); + exit; + } +} + if ($_POST) { unset($input_errors); @@ -319,7 +367,80 @@ NOTE: This page is still a work in progress and is not yet fully functional. </tr> </table> </form> - + <?php elseif ($act == "edit"): ?> + <?php $crl = $a_crl[$id]; ?> + <form action="system_crlmanager.php" method="post" name="iform" id="iform"> + <table width="100%" border="0" cellpadding="0" cellspacing="0"> + <thead> + <tr> + <td width="90%" class="listhdrr"><?=gettext("Edit CRL");?> <?php echo $crl['descr']; ?></td> + <td width="10%" class="list"></td> + </tr> + </thead> + <tbody> + <tr> + <td class="listlr"> + <b><?php echo gettext("Currently Revoked Certificates"); ?></b><br/><br/> + </td> + <td class="list"> </td> + </td> + <?php /* List Certs on CRL */ + if (!is_array($crl['cert']) || (count($crl['cert']) == 0)): ?> + <tr> + <td class="listlr"> + <?php echo gettext("No Certificates Found for this CRL."); ?> + </td> + <td class="list"> </td> + </td> + <?php else: + foreach($crl['cert'] as $i => $cert): + $name = htmlspecialchars($cert['descr']); + ?> + <tr> + <td class="listlr"> + <?php echo $name; ?> + </td> + <td class="list"> + <a href="system_crlmanager.php?act=delcert&crlref=<?php echo $crl['refid']; ?>&id=<?php echo $i; ?>"> + <img src="/themes/<?= $g['theme'];?>/images/icons/icon_x.gif" title="<?=gettext("Delete this certificate from the CRL ");?>" alt="<?=gettext("Delete this certificate from the CRL ");?>" width="17" height="17" border="0" /> + </a> + </td> + </tr> + <?php + endforeach; + endif; + ?> + <?php /* Drop-down with other certs from this CA. */ + // Map Certs to CAs in one pass + $ca_certs = array(); + foreach($a_cert as $cert) + if ($cert['caref'] == $crl['caref']) + $ca_certs[] = $cert; + if (count($ca_certs) == 0): ?> + <tr> + <td class="listlr"> + <?php echo gettext("No Certificates Found for this CA."); ?> + </td> + <td class="list"> </td> + </td> + <?php else: ?> + <tr> + <td class="listlr"> + <b><?php echo gettext("Choose a Certificate to Revoke"); ?></b>: <select name='certref' id='certref' class="formselect"> + <?php foreach($ca_certs as $cert): ?> + <option value="<?=$cert['refid'];?>"><?=htmlspecialchars($cert['descr'])?></option> + <?php endforeach; ?> + <input name="act" type="hidden" value="addcert" /> + <input name="crlref" type="hidden" value="<?=$crl['refid'];?>" /> + <input id="submit" name="add" type="submit" class="formbtn" value="<?=gettext("Add"); ?>" /> + </select> + </td> + <td class="list"> </td> + </tr> + <?php endif; ?> + </tbody> + </table> + </form> <?php else: ?> <table width="100%" border="0" cellpadding="0" cellspacing="0"> @@ -334,7 +455,7 @@ NOTE: This page is still a work in progress and is not yet fully functional. </thead> <tbody> <?php - // Map CRLs to GWs in one pass + // Map CRLs to CAs in one pass $ca_crl_map = array(); foreach($a_crl as $crl) $ca_crl_map[$crl['caref']][] = $crl['refid']; @@ -385,6 +506,11 @@ NOTE: This page is still a work in progress and is not yet fully functional. <a href="system_crlmanager.php?act=exp&id=<?=$i;?>")"> <img src="/themes/<?= $g['theme'];?>/images/icons/icon_down.gif" title="<?=gettext("Export CRL") . " " . htmlspecialchars($tmpcrl['descr']);?>" alt="<?=gettext("Export CRL") . " " . htmlspecialchars($tmpcrl['descr']);?>" width="17" height="17" border="0" /> </a> + <?php if ($internal): ?> + <a href="system_crlmanager.php?act=edit&id=<?=$i;?>")"> + <img src="/themes/<?= $g['theme'];?>/images/icons/icon_e.gif" title="<?=gettext("Export CRL") . " " . htmlspecialchars($tmpcrl['descr']);?>" alt="<?=gettext("Edit CRL") . " " . htmlspecialchars($tmpcrl['descr']);?>" width="17" height="17" border="0" /> + </a> + <?php endif; ?> <?php if (!$inuse): ?> <a href="system_crlmanager.php?act=del&id=<?=$i;?>" onclick="return confirm('<?=gettext("Do you really want to delete this Certificate Revocation List?") . ' (' . htmlspecialchars($tmpcrl['descr']) . ')';?>')"> <img src="/themes/<?= $g['theme'];?>/images/icons/icon_x.gif" title="<?=gettext("Delete CRL") . " " . htmlspecialchars($tmpcrl['descr']);?>" alt="<?=gettext("Delete CRL") . " " . htmlspecialchars($tmpcrl['descr']); ?>" width="17" height="17" border="0" /> |