gettext("Create an internal Certificate Revocation List"),
"existing" => gettext("Import an existing Certificate Revocation List"));
$id = $_GET['id'];
if (isset($_POST['id']))
$id = $_POST['id'];
if (!is_array($config['ca']))
$config['ca'] = array();
$a_ca =& $config['ca'];
if (!is_array($config['cert']))
$config['cert'] = array();
$a_cert =& $config['cert'];
if (!is_array($config['crl']))
$config['crl'] = array();
$a_crl =& $config['crl'];
$act = $_GET['act'];
if ($_POST['act'])
$act = $_POST['act'];
if ($act == "del") {
if (!$a_crl[$id]) {
pfSenseHeader("system_crlmanager.php");
exit;
}
if (crl_in_use($a_crl[$id]['refid'])) {
$savemsg = sprintf(gettext("Certificate Revocation List %s is in use and cannot be deleted"), $name) . "
";
} else {
$name = $a_crl[$id]['descr'];
unset($a_crl[$id]);
write_config("Deleted CRL {$name}.");
$savemsg = sprintf(gettext("Certificate Revocation List %s successfully deleted"), $name) . "
";
}
}
if ($act == "edit") {
if (!$a_crl[$id]) {
pfSenseHeader("system_crlmanager.php");
exit;
}
}
if ($act == "new") {
$pconfig['method'] = $_GET['method'];
$pconfig['caref'] = $_GET['caref'];
$pconfig['lifetime'] = "9999";
$pconfig['serial'] = "0";
}
if ($act == "exp") {
if (!$a_crl[$id]) {
pfSenseHeader("system_crlmanager.php");
exit;
}
$exp_name = urlencode("{$a_crl[$id]['descr']}.crl");
$exp_data = base64_decode($a_crl[$id]['text']);
$exp_size = strlen($exp_data);
header("Content-Type: application/octet-stream");
header("Content-Disposition: attachment; filename={$exp_name}");
header("Content-Length: $exp_size");
echo $exp_data;
exit;
}
if ($act == "addcert") {
if ($_POST) {
unset($input_errors);
$pconfig = $_POST;
if (!$pconfig['crlref'] || !$pconfig['certref']) {
pfSenseHeader("system_crlmanager.php");
exit;
}
// certref, crlref
$crl =& lookup_crl($pconfig['crlref']);
$cert = lookup_cert($pconfig['certref']);
if (!$crl['caref'] || !$cert['caref']) {
$input_errors[] = gettext("Both the Certificate and CRL must be specified.");
}
if ($crl['caref'] != $cert['caref']) {
$input_errors[] = gettext("CA mismatch between the Certificate and CRL. Unable to Revoke.");
}
if (!is_crl_internal($crl)) {
$input_errors[] = gettext("Cannot revoke certificates for an imported/external CRL.");
}
if (!$input_errors) {
$reason = (empty($pconfig['crlreason'])) ? OCSP_REVOKED_STATUS_UNSPECIFIED : $pconfig['crlreason'];
cert_revoke($cert, $crl, $reason);
write_config("Revoked cert {$cert['descr']} in CRL {$crl['descr']}.");
require_once('openvpn.inc');
openvpn_refresh_crls();
pfSenseHeader("system_crlmanager.php");
exit;
}
}
}
if ($act == "delcert") {
$crl =& lookup_crl($_GET['crlref']);
if (!$crl['cert'][$id]) {
pfSenseHeader("system_crlmanager.php");
exit;
}
$name = $crl['cert'][$id]['descr'];
cert_unrevoke($crl['cert'][$id], $crl);
write_config("Deleted Cert {$name} from CRL {$crl['descr']}.");
$savemsg = sprintf(gettext("Deleted Certificate %s from CRL %s"), $name, $crl['descr']) . "
";
require_once('openvpn.inc');
openvpn_refresh_crls();
pfSenseHeader("system_crlmanager.php");
exit;
}
if ($_POST) {
unset($input_errors);
$pconfig = $_POST;
/* input validation */
if ($pconfig['method'] == "existing") {
$reqdfields = explode(" ", "descr crltext");
$reqdfieldsn = array(
gettext("Descriptive name"),
gettext("Certificate Revocation List data"));
}
if ($pconfig['method'] == "internal") {
$reqdfields = explode(" ",
"descr caref");
$reqdfieldsn = array(
gettext("Descriptive name"),
gettext("Certificate Authority"));
}
do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
/* if this is an AJAX caller then handle via JSON */
if (isAjax() && is_array($input_errors)) {
input_errors2Ajax($input_errors);
exit;
}
/* save modifications */
if (!$input_errors) {
$result = false;
$crl = array();
$crl['refid'] = uniqid();
if (isset($id) && $a_crl[$id])
$crl = $a_crl[$id];
$crl['descr'] = $pconfig['descr'];
$crl['caref'] = $pconfig['caref'];
if ($pconfig['method'] == "existing") {
$crl['text'] == base64_encode($pconfig['crltext']);
}
if ($pconfig['method'] == "internal") {
$crl['serial'] = empty($pconfig['serial']) ? 9999 : $pconfig['serial'];
$crl['lifetime'] = empty($pconfig['lifetime']) ? 9999 : $pconfig['lifetime'];
$crl['cert'] = array();
}
if (isset($id) && $a_crl[$id])
$a_crl[$id] = $crl;
else
$a_crl[] = $crl;
write_config("Saved CRL {$crl['caref']}");
pfSenseHeader("system_crlmanager.php");
}
}
include("head.inc");
?>
">