gettext("Create an internal Certificate Revocation List"), "existing" => gettext("Import an existing Certificate Revocation List")); $id = $_GET['id']; if (isset($_POST['id'])) $id = $_POST['id']; if (!is_array($config['ca'])) $config['ca'] = array(); $a_ca =& $config['ca']; if (!is_array($config['cert'])) $config['cert'] = array(); $a_cert =& $config['cert']; if (!is_array($config['crl'])) $config['crl'] = array(); $a_crl =& $config['crl']; $act = $_GET['act']; if ($_POST['act']) $act = $_POST['act']; if ($act == "del") { if (!$a_crl[$id]) { pfSenseHeader("system_crlmanager.php"); exit; } if (crl_in_use($a_crl[$id]['refid'])) { $savemsg = sprintf(gettext("Certificate Revocation List %s is in use and cannot be deleted"), $name) . "
"; } else { $name = $a_crl[$id]['descr']; unset($a_crl[$id]); write_config("Deleted CRL {$name}."); $savemsg = sprintf(gettext("Certificate Revocation List %s successfully deleted"), $name) . "
"; } } if ($act == "edit") { if (!$a_crl[$id]) { pfSenseHeader("system_crlmanager.php"); exit; } } if ($act == "new") { $pconfig['method'] = $_GET['method']; $pconfig['caref'] = $_GET['caref']; $pconfig['lifetime'] = "9999"; $pconfig['serial'] = "0"; } if ($act == "exp") { if (!$a_crl[$id]) { pfSenseHeader("system_crlmanager.php"); exit; } $exp_name = urlencode("{$a_crl[$id]['descr']}.crl"); $exp_data = base64_decode($a_crl[$id]['text']); $exp_size = strlen($exp_data); header("Content-Type: application/octet-stream"); header("Content-Disposition: attachment; filename={$exp_name}"); header("Content-Length: $exp_size"); echo $exp_data; exit; } if ($act == "addcert") { if ($_POST) { unset($input_errors); $pconfig = $_POST; if (!$pconfig['crlref'] || !$pconfig['certref']) { pfSenseHeader("system_crlmanager.php"); exit; } // certref, crlref $crl =& lookup_crl($pconfig['crlref']); $cert = lookup_cert($pconfig['certref']); if (!$crl['caref'] || !$cert['caref']) { $input_errors[] = gettext("Both the Certificate and CRL must be specified."); } if ($crl['caref'] != $cert['caref']) { $input_errors[] = gettext("CA mismatch between the Certificate and CRL. Unable to Revoke."); } if (!is_crl_internal($crl)) { $input_errors[] = gettext("Cannot revoke certificates for an imported/external CRL."); } if (!$input_errors) { $reason = (empty($pconfig['crlreason'])) ? OCSP_REVOKED_STATUS_UNSPECIFIED : $pconfig['crlreason']; cert_revoke($cert, $crl, $reason); write_config("Revoked cert {$cert['descr']} in CRL {$crl['descr']}."); require_once(''); openvpn_refresh_crls(); pfSenseHeader("system_crlmanager.php"); exit; } } } if ($act == "delcert") { $crl =& lookup_crl($_GET['crlref']); if (!$crl['cert'][$id]) { pfSenseHeader("system_crlmanager.php"); exit; } $name = $crl['cert'][$id]['descr']; cert_unrevoke($crl['cert'][$id], $crl); write_config("Deleted Cert {$name} from CRL {$crl['descr']}."); $savemsg = sprintf(gettext("Deleted Certificate %s from CRL %s"), $name, $crl['descr']) . "
"; require_once(''); openvpn_refresh_crls(); pfSenseHeader("system_crlmanager.php"); exit; } if ($_POST) { unset($input_errors); $pconfig = $_POST; /* input validation */ if ($pconfig['method'] == "existing") { $reqdfields = explode(" ", "descr crltext"); $reqdfieldsn = array( gettext("Descriptive name"), gettext("Certificate Revocation List data")); } if ($pconfig['method'] == "internal") { $reqdfields = explode(" ", "descr caref"); $reqdfieldsn = array( gettext("Descriptive name"), gettext("Certificate Authority")); } do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); /* if this is an AJAX caller then handle via JSON */ if (isAjax() && is_array($input_errors)) { input_errors2Ajax($input_errors); exit; } /* save modifications */ if (!$input_errors) { $result = false; $crl = array(); $crl['refid'] = uniqid(); if (isset($id) && $a_crl[$id]) $crl = $a_crl[$id]; $crl['descr'] = $pconfig['descr']; $crl['caref'] = $pconfig['caref']; if ($pconfig['method'] == "existing") { $crl['text'] == base64_encode($pconfig['crltext']); } if ($pconfig['method'] == "internal") { $crl['serial'] = empty($pconfig['serial']) ? 9999 : $pconfig['serial']; $crl['lifetime'] = empty($pconfig['lifetime']) ? 9999 : $pconfig['lifetime']; $crl['cert'] = array(); } if (isset($id) && $a_crl[$id]) $a_crl[$id] = $crl; else $a_crl[] = $crl; write_config("Saved CRL {$crl['caref']}"); pfSenseHeader("system_crlmanager.php"); } } include(""); ?> ">

  " />
$cert): $name = htmlspecialchars($cert['descr']); ?>
')"> " alt="" width="17" height="17" border="0" />
: : " />  
" alt="" width="17" height="17" border="0" />
" alt="" width="17" height="17" border="0" /> " alt="" width="17" height="17" border="0" /> ')"> " alt="" width="17" height="17" border="0" />