mirror of
https://github.com/lucaspalomodevelop/core.git
synced 2026-03-19 02:54:38 +00:00
System: Trust: Revocation - work in progress for https://github.com/opnsense/core/issues/7248
add ocsp index.txt sample download to align with documentation (https://docs.opnsense.org/manual/certificates.html)
This commit is contained in:
Ad Schellevis
parent
0591ff28a6
commit
87c1d69bdb
@ -371,9 +371,9 @@ class CrlController extends ApiControllerBase
|
||||
}
|
||||
|
||||
|
||||
public function rawDumpAction($uuid)
|
||||
public function rawDumpAction($caref)
|
||||
{
|
||||
$payload = $this->getAction($uuid);
|
||||
$payload = $this->getAction($caref);
|
||||
if (!empty($payload['crl'])) {
|
||||
if (!empty($payload['crl']['text'])) {
|
||||
return CertStore::dumpCRL($payload['crl']['text']);
|
||||
@ -381,4 +381,52 @@ class CrlController extends ApiControllerBase
|
||||
}
|
||||
return [];
|
||||
}
|
||||
|
||||
/**
|
||||
* for demonstration purposes, we need a CA index file as specified
|
||||
* at https://pki-tutorial.readthedocs.io/en/latest/cadb.html
|
||||
*/
|
||||
function getOcspInfoDataAction($caref)
|
||||
{
|
||||
$config = Config::getInstance()->object();
|
||||
|
||||
$revoked = [];
|
||||
foreach ($config->crl as $crl) {
|
||||
if ((string)$crl->caref == $caref) {
|
||||
foreach ($crl->cert as $cert) {
|
||||
if (!empty((string)$cert->revoke_time)) {
|
||||
$dt = new \DateTime("@".$cert->revoke_time);
|
||||
$revoked[(string)$cert->refid] = $dt->format("ymdHis") . "Z";
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
$result = '';
|
||||
foreach ($config->cert as $cert) {
|
||||
if ((string)$cert->caref == $caref) {
|
||||
$refid = (string)$cert->refid;
|
||||
$x509 = openssl_x509_parse(base64_decode($cert->crt));
|
||||
$valid_to = date('Y-m-d H:i:s', $x509['validTo_time_t']);
|
||||
$rev_date = '';
|
||||
if (!empty($revoked[$refid])) {
|
||||
$status = 'R';
|
||||
$rev_date = $revoked[$refid];
|
||||
} elseif ($x509['validTo_time_t'] < time()) {
|
||||
$status = 'E';
|
||||
} else {
|
||||
$status = 'V';
|
||||
}
|
||||
$result .= sprintf(
|
||||
"%s\t%s\t%s\t%s\tunknown\t%s\n",
|
||||
$status, // Certificate status flag (V=valid, R=revoked, E=expired).
|
||||
$x509['validTo'], // Certificate expiration date in YYMMDDHHMMSSZ format.
|
||||
$rev_date, // Certificate revocation date in YYMMDDHHMMSSZ[,reason] format.
|
||||
$x509['serialNumberHex'], // Certificate serial number in hex.
|
||||
$x509['name'] // Certificate distinguished name.
|
||||
);
|
||||
}
|
||||
}
|
||||
return ['payload' => $result];
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@ -26,6 +26,8 @@
|
||||
|
||||
<script>
|
||||
'use strict';
|
||||
|
||||
|
||||
$( document ).ready(function () {
|
||||
let grid_crl = $("#grid-crl").UIBootgrid({
|
||||
search:'/api/trust/crl/search/',
|
||||
@ -54,6 +56,19 @@
|
||||
},
|
||||
copy: {
|
||||
classname: undefined
|
||||
},
|
||||
download: {
|
||||
method: function(event){
|
||||
let refid = $(this).data("row-id") !== undefined ? $(this).data("row-id") : '';
|
||||
ajaxGet('/api/trust/crl/get_ocsp_info_data/' + refid, {}, function(data, status){
|
||||
if (data.payload) {
|
||||
download_content(data.payload, 'index.txt', 'application/octet-stream');
|
||||
}
|
||||
});
|
||||
},
|
||||
classname: 'fa fa-fw fa-cloud-download',
|
||||
title: "{{ lang._('Download OCSP demo index') }}",
|
||||
sequence: 10
|
||||
}
|
||||
}
|
||||
});
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user