File:  [LON-CAPA] / loncom / cgi / loncertstatus.pl
Revision 1.1: download - view: text, annotated - select for diffs
Mon Jul 25 19:50:01 2016 UTC (8 years, 5 months ago) by raeburn
Branches: MAIN
CVS tags: version_2_12_X, HEAD
- Use Server Name Indication (SNI) and SSL when replicating content from
  /raw/.
- Domain status screen has link to show status of LON-CAPA SSL certificates.
- "SSL" domain config for (a) "internal" LON-CAPA SSL connection to servers/VMs
  in other domain, (b) Replication of domain's resources to other domains.
- Replication can use name-based virtual hosts with SSL, with verification of
  client certificate (cert: /home/httpd/lonCerts/lonhostnamecert.pem, signed
  by LON-CAPA CA, with Common Name of internal-<server hostname>, same IP address
  as server hostname).

#!/usr/bin/perl
$|=1;
# Displays status of LON-CAPA SSL certificates in /home/httpd/lonCerts
# on domain's servers.
#
# $Id: loncertstatus.pl,v 1.1 2016/07/25 19:50:01 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
# This file is part of the LearningOnline Network with CAPA (LON-CAPA).
#
# LON-CAPA is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# LON-CAPA is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with LON-CAPA; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
#
# /home/httpd/html/adm/gpl.txt
#
# http://www.lon-capa.org/
#

use strict;

use lib '/home/httpd/lib/perl/';
use Apache::lonlocal();
use Apache::lonhtmlcommon;
use LONCAPA::Configuration();
use LONCAPA::loncgi();
use LONCAPA::lonauthcgi();
use LONCAPA::SSL();

my $perlvar=&LONCAPA::Configuration::read_conf('loncapa.conf');
my $lonhost;
if (ref($perlvar) eq 'HASH') {
    my @reqd = qw(lonnetPrivateKey lonnetCertificate lonnetHostnameCertificate 
                  lonnetCertificateAuthority lonCertificateDirectory);
    $lonhost = $perlvar->{'lonHostID'};
    foreach my $key (keys(%{$perlvar})) {
        unless (grep(/^\Q$key\E$/,@reqd)) {
            delete($perlvar->{$key});
        }
    }
}

print &LONCAPA::loncgi::cgi_header('text/html',1);
&main($lonhost);

sub main {
    my ($lonhost) = @_;
    my $machine_dom = &Apache::lonnet::host_domain($lonhost);
    if (&LONCAPA::lonauthcgi::check_ipbased_access('certstatus')) {
        &LONCAPA::loncgi::check_cookie_and_load_env();
    } else {
        if (!&LONCAPA::loncgi::check_cookie_and_load_env()) {
            &Apache::lonlocal::get_language_handle();
            print(&LONCAPA::loncgi::missing_cookie_msg());
            return;
        }
        if (!&LONCAPA::lonauthcgi::can_view('certstatus')) {
            &Apache::lonlocal::get_language_handle();
            print(&LONCAPA::lonauthcgi::unauthorized_msg('certstatus'));
            return;
        }
    }
    my %domservers = &Apache::lonnet::get_servers($machine_dom);
    &Apache::lonlocal::get_language_handle();
    &Apache::lonhtmlcommon::add_breadcrumb(
        {href=>"/cgi-bin/loncertstatus.pl",
         text=>"LON-CAPA Certificate Status"});
    print &Apache::loncommon::start_page('LON-CAPA SSL Certificates Status').
          &Apache::lonhtmlcommon::breadcrumbs('SSL Certificates');
    print &LONCAPA::SSL::print_certstatus(\%domservers,'web','cgi');
    print &Apache::loncommon::end_page();
    return;
}


FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>