diff --git a/src/www/system_crlmanager.php b/src/www/system_crlmanager.php
index 47c08246a..d662318f2 100644
--- a/src/www/system_crlmanager.php
+++ b/src/www/system_crlmanager.php
@@ -210,6 +210,55 @@ function crl_update(&$crl)
return true;
}
+
+/**
+ * for demonstration purposes, we need a CA index file as specified
+ * at https://pki-tutorial.readthedocs.io/en/latest/cadb.html
+ */
+function get_ocsp_info_data($caref)
+{
+ global $config;
+ $result = '';
+ $revoked = [];
+ if (!empty($config['crl'])) {
+ foreach ($config['crl'] as $crl) {
+ if (!empty($crl['cert']) && !empty($crl['caref']) && $crl['caref'] == $caref) {
+ foreach ($crl['cert'] as $crt) {
+ if (!empty($crt['revoke_time'])) {
+ $dt = new \DateTime("@".$crt['revoke_time']);
+ $revoked[$crt['refid']] = $dt->format("ymdHis") . "Z";
+ }
+ }
+ }
+ }
+ }
+ foreach ($config['cert'] as $crt) {
+ if ($crt['caref'] == $caref) {
+ $x509 = openssl_x509_parse(base64_decode($crt['crt']));
+ $valid_to = date('Y-m-d H:i:s', $x509['validTo_time_t']);
+ $rev_date = '';
+ if (!empty($revoked[$crt['refid']])) {
+ $status = 'R';
+ $rev_date = $revoked[$crt['refid']];
+ } elseif ($x509['validTo_time_t'] < time()) {
+ $status = 'E';
+ } else {
+ $status = 'V';
+ }
+
+ $result .= sprintf(
+ "%s\t%s\t%s\tunknown\t%s\t%s\n",
+ $status, // Certificate status flag (V=valid, R=revoked, E=expired).
+ $x509['validTo'], // Certificate expiration date in YYMMDDHHMMSSZ format.
+ $rev_date, // Certificate revocation date in YYMMDDHHMMSSZ[,reason] format. Empty if not revoked.
+ $x509['serialNumberHex'], // Certificate serial number in hex.
+ $x509['name'] // Certificate distinguished name.
+ );
+ }
+ }
+ return $result;
+}
+
// prepare config types
$a_crl = &config_read_array('crl');
$a_cert = &config_read_array('cert');
@@ -248,6 +297,14 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
$pconfig['caref'] = !empty($_GET['caref']) ? $_GET['caref'] : null;
$pconfig['lifetime'] = "9999";
$pconfig['serial'] = "0";
+ } elseif ($act == "ocsp_index" && !empty($_GET['caref'])) {
+ $exp_data = get_ocsp_info_data($_GET['caref']);
+ $exp_size = strlen($exp_data);
+ header("Content-Type: application/octet-stream");
+ header("Content-Disposition: attachment; filename=index.txt");
+ header("Content-Length: $exp_size");
+ echo $exp_data;
+ exit;
}
} elseif ($_SERVER['REQUEST_METHOD'] === 'POST') {
$pconfig = $_POST;
@@ -788,6 +845,9 @@ include("head.inc");
+
+ ">
+
@@ -814,6 +874,9 @@ include("head.inc");
+
+ ">
+
">