lucaspalomodevelop/core
1
0
Fork 0
mirror of https://github.com/lucaspalomodevelop/core.git synced 2026-03-20 03:16:12 +00:00
Code Issues Packages Projects Releases Wiki Activity

System: Trust: Revocation - add ocsp index.txt file download, needed for demonstration purposes (https://github.com/opnsense/core/issues/7114)

Browse Source
This commit is contained in:
Ad Schellevis 2024-01-04 17:22:25 +01:00
parent d0e43f829d
commit da5b772ba1
1 changed files with 63 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

63
src/www/system_crlmanager.php
View File

@ -210,6 +210,55 @@ function crl_update(&$crl)
return true;
}
/**
* for demonstration purposes, we need a CA index file as specified
* at https://pki-tutorial.readthedocs.io/en/latest/cadb.html
*/
function get_ocsp_info_data($caref)
{
global $config;
$result = '';
$revoked = [];
if (!empty($config['crl'])) {
foreach ($config['crl'] as $crl) {
if (!empty($crl['cert']) && !empty($crl['caref']) && $crl['caref'] == $caref) {
foreach ($crl['cert'] as $crt) {
if (!empty($crt['revoke_time'])) {
$dt = new \DateTime("@".$crt['revoke_time']);
$revoked[$crt['refid']] = $dt->format("ymdHis") . "Z";
}
}
}
}
}
foreach ($config['cert'] as $crt) {
if ($crt['caref'] == $caref) {
$x509 = openssl_x509_parse(base64_decode($crt['crt']));
$valid_to = date('Y-m-d H:i:s', $x509['validTo_time_t']);
$rev_date = '';
if (!empty($revoked[$crt['refid']])) {
$status = 'R';
$rev_date = $revoked[$crt['refid']];
} elseif ($x509['validTo_time_t'] < time()) {
$status = 'E';
} else {
$status = 'V';
}
$result .= sprintf(
"%s\t%s\t%s\tunknown\t%s\t%s\n",
$status, // Certificate status flag (V=valid, R=revoked, E=expired).
$x509['validTo'], // Certificate expiration date in YYMMDDHHMMSSZ format.
$rev_date, // Certificate revocation date in YYMMDDHHMMSSZ[,reason] format. Empty if not revoked.
$x509['serialNumberHex'], // Certificate serial number in hex.
$x509['name'] // Certificate distinguished name.
);
}
}
return $result;
}
// prepare config types
$a_crl = &config_read_array('crl');
$a_cert = &config_read_array('cert');
@ -248,6 +297,14 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
$pconfig['caref'] = !empty($_GET['caref']) ? $_GET['caref'] : null;
$pconfig['lifetime'] = "9999";
$pconfig['serial'] = "0";
} elseif ($act == "ocsp_index" && !empty($_GET['caref'])) {
$exp_data = get_ocsp_info_data($_GET['caref']);
$exp_size = strlen($exp_data);
header("Content-Type: application/octet-stream");
header("Content-Disposition: attachment; filename=index.txt");
header("Content-Length: $exp_size");
echo $exp_data;
exit;
}
} elseif ($_SERVER['REQUEST_METHOD'] === 'POST') {
$pconfig = $_POST;
@ -788,6 +845,9 @@ include("head.inc");
<a href="system_crlmanager.php?act=new&amp;caref=<?=$ca['refid']; ?>" data-toggle="tooltip" title="<?= html_safe(sprintf(gettext('Add or Import CRL for %s'), $ca['descr'])) ?>" class="btn btn-default btn-xs">
<i class="fa fa-plus fa-fw"></i>
</a>
<a href="system_crlmanager.php?act=ocsp_index&amp;caref=<?=$ca['refid'];?>" class="btn btn-default btn-xs">
<i class="fa fa-file-code-o fa-fw" data-toggle="tooltip" title="<?=gettext("Export OCSP index.txt sample file") . " " . htmlspecialchars($tmpcrl['descr']);?>"></i>
</a>
<?php
else :?>
<a href="system_crlmanager.php?act=new&amp;caref=<?=$ca['refid']; ?>&amp;method=existing" data-toggle="tooltip" title="<?= html_safe(sprintf(gettext('Import CRL for %s'), $ca['descr'])) ?>" class="btn btn-default btn-xs">
@ -814,6 +874,9 @@ include("head.inc");
</a>
<?php
if ($internal) :?>
<a href="system_crlmanager.php?act=ocsp_index&amp;caref=<?=$ca['refid'];?>" class="btn btn-default btn-xs">
<i class="fa fa-file-code-o fa-fw" data-toggle="tooltip" title="<?=gettext("Export OCSP index.txt sample file") . " " . htmlspecialchars($tmpcrl['descr']);?>"></i>
</a>
<a href="system_crlmanager.php?act=edit&amp;id=<?=$tmpcrl['refid'];?>" class="btn btn-default btn-xs">
<i class="fa fa-pencil fa-fw" data-toggle="tooltip" title="<?=gettext("Edit CRL") . " " . htmlspecialchars($tmpcrl['descr']);?>"></i>
</a>