gettext("Create an internal Certificate Revocation List"), "existing" => gettext("Import an existing Certificate Revocation List")); if (ctype_alnum($_GET['id'])) $id = $_GET['id']; if (isset($_POST['id']) && ctype_alnum($_POST['id'])) $id = $_POST['id']; if (!is_array($config['ca'])) $config['ca'] = array(); $a_ca =& $config['ca']; if (!is_array($config['cert'])) $config['cert'] = array(); $a_cert =& $config['cert']; if (!is_array($config['crl'])) $config['crl'] = array(); $a_crl =& $config['crl']; foreach ($a_crl as $cid => $acrl) if (!isset($acrl['refid'])) unset ($a_crl[$cid]); $act = $_GET['act']; if ($_POST['act']) $act = $_POST['act']; if (!empty($id)) $thiscrl =& lookup_crl($id); // If we were given an invalid crlref in the id, no sense in continuing as it would only cause errors. if (!$thiscrl && (($act != "") && ($act != "new"))) { pfSenseHeader("system_crlmanager.php"); $act=""; $savemsg = gettext("Invalid CRL reference."); } if ($act == "del") { $name = $thiscrl['descr']; if (crl_in_use($id)) { $savemsg = sprintf(gettext("Certificate Revocation List %s is in use and cannot be deleted"), $name) . "
"; } else { foreach ($a_crl as $cid => $acrl) if ($acrl['refid'] == $thiscrl['refid']) unset($a_crl[$cid]); write_config("Deleted CRL {$name}."); $savemsg = sprintf(gettext("Certificate Revocation List %s successfully deleted"), $name) . "
"; } } if ($act == "new") { $pconfig['method'] = $_GET['method']; $pconfig['caref'] = $_GET['caref']; $pconfig['lifetime'] = "9999"; $pconfig['serial'] = "0"; } if ($act == "exp") { crl_update($thiscrl); $exp_name = urlencode("{$thiscrl['descr']}.crl"); $exp_data = base64_decode($thiscrl['text']); $exp_size = strlen($exp_data); header("Content-Type: application/octet-stream"); header("Content-Disposition: attachment; filename={$exp_name}"); header("Content-Length: $exp_size"); echo $exp_data; exit; } if ($act == "addcert") { if ($_POST) { unset($input_errors); $pconfig = $_POST; if (!$pconfig['crlref'] || !$pconfig['certref']) { pfSenseHeader("system_crlmanager.php"); exit; } // certref, crlref $crl =& lookup_crl($pconfig['crlref']); $cert = lookup_cert($pconfig['certref']); if (!$crl['caref'] || !$cert['caref']) { $input_errors[] = gettext("Both the Certificate and CRL must be specified."); } if ($crl['caref'] != $cert['caref']) { $input_errors[] = gettext("CA mismatch between the Certificate and CRL. Unable to Revoke."); } if (!is_crl_internal($crl)) { $input_errors[] = gettext("Cannot revoke certificates for an imported/external CRL."); } if (!$input_errors) { $reason = (empty($pconfig['crlreason'])) ? OCSP_REVOKED_STATUS_UNSPECIFIED : $pconfig['crlreason']; cert_revoke($cert, $crl, $reason); openvpn_refresh_crls(); write_config("Revoked cert {$cert['descr']} in CRL {$crl['descr']}."); pfSenseHeader("system_crlmanager.php"); exit; } } } if ($act == "delcert") { if (!is_array($thiscrl['cert'])) { pfSenseHeader("system_crlmanager.php"); exit; } $found = false; foreach ($thiscrl['cert'] as $acert) { if ($acert['refid'] == $_GET['certref']) { $found = true; $thiscert = $acert; } } if (!$found) { pfSenseHeader("system_crlmanager.php"); exit; } $name = $thiscert['descr']; if (cert_unrevoke($thiscert, $thiscrl)) { $savemsg = sprintf(gettext("Deleted Certificate %s from CRL %s"), $name, $thiscrl['descr']) . "
"; openvpn_refresh_crls(); write_config(sprintf(gettext("Deleted Certificate %s from CRL %s"), $name, $thiscrl['descr'])); } else { $savemsg = sprintf(gettext("Failed to delete Certificate %s from CRL %s"), $name, $thiscrl['descr']) . "
"; } $act="edit"; } if ($_POST) { unset($input_errors); $pconfig = $_POST; /* input validation */ if (($pconfig['method'] == "existing") || ($act == "editimported")) { $reqdfields = explode(" ", "descr crltext"); $reqdfieldsn = array( gettext("Descriptive name"), gettext("Certificate Revocation List data")); } if ($pconfig['method'] == "internal") { $reqdfields = explode(" ", "descr caref"); $reqdfieldsn = array( gettext("Descriptive name"), gettext("Certificate Authority")); } do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors); /* if this is an AJAX caller then handle via JSON */ if (isAjax() && is_array($input_errors)) { input_errors2Ajax($input_errors); exit; } /* save modifications */ if (!$input_errors) { $result = false; if ($thiscrl) { $crl =& $thiscrl; } else { $crl = array(); $crl['refid'] = uniqid(); } $crl['descr'] = $pconfig['descr']; if ($act != "editimported") { $crl['caref'] = $pconfig['caref']; $crl['method'] = $pconfig['method']; } if (($pconfig['method'] == "existing") || ($act == "editimported")) { $crl['text'] = base64_encode($pconfig['crltext']); } if ($pconfig['method'] == "internal") { $crl['serial'] = empty($pconfig['serial']) ? 9999 : $pconfig['serial']; $crl['lifetime'] = empty($pconfig['lifetime']) ? 9999 : $pconfig['lifetime']; $crl['cert'] = array(); } if (!$thiscrl) $a_crl[] = $crl; write_config("Saved CRL {$crl['descr']}"); openvpn_refresh_crls(); pfSenseHeader("system_crlmanager.php"); } } include("head.inc"); ?> ">



  " />

  " />
$cert): $name = htmlspecialchars($cert['descr']); ?>
      
')"> " alt="" width="17" height="17" border="0" />
      
: : " />  

CA
" alt="" width="17" height="17" border="0" /> " alt="" width="17" height="17" border="0" />
" alt="" width="17" height="17" border="0" /> " alt="" width="17" height="17" border="0" /> " alt="" width="17" height="17" border="0" /> ')"> " alt="" width="17" height="17" border="0" />