--- loncom/configuration/SSL.pm 2016/08/07 04:18:21 1.4
+++ loncom/configuration/SSL.pm 2019/07/11 18:12:06 1.10
@@ -1,7 +1,7 @@
# The LearningOnline Network with CAPA
# Checksum installed LON-CAPA modules and some configuration files
#
-# $Id: SSL.pm,v 1.4 2016/08/07 04:18:21 raeburn Exp $
+# $Id: SSL.pm,v 1.10 2019/07/11 18:12:06 raeburn Exp $
#
# The LearningOnline Network with CAPA
#
@@ -31,7 +31,7 @@
package LONCAPA::SSL;
use strict;
use lib '/home/httpd/lib/perl/';
-use Apache::lonlocal();
+use Apache::lonlocal;
use Apache::lonnet();
use Apache::loncommon();
use Apache::lonhtmlcommon();
@@ -48,7 +48,7 @@ sub print_certstatus {
'avai' => 'Available',
'yes' => 'Yes',
'no' => 'No',
- 'cn' => 'Common Name',
+ 'cn' => 'Common Name (CN)',
'start' => 'Valid From',
'end' => 'Valid To',
'alg' => 'Signature Algorithm',
@@ -58,17 +58,25 @@ sub print_certstatus {
'key' => 'Private Key',
'host' => 'Connections Certificate',
'hostname' => 'Replication Certificate',
+ 'crl' => 'Revocations List',
'ca' => 'LON-CAPA CA Certificate',
'expired' => 'Expired',
'future' => 'Future validity',
+ 'nokey' => 'No key',
+ 'otherkey' => 'No matching key',
+ 'revoked' => 'Revoked by CA',
+ 'wrongcn' => 'Incorrect CN',
+ 'mismatch' => 'Mismatched Issuer',
);
- my @files = qw(key host hostname ca);
+ my @files = qw(key host hostname ca crl);
my @fields = qw(status cn start end alg size email);
foreach my $server (sort(keys(%{$servers}))) {
- my ($result,$hashref) = &Apache::lonnet::get_servercerts_info($server,$context);
+ my $hostname = $servers->{$server};
+ my ($result,$hashref) = &Apache::lonnet::get_servercerts_info($server,
+ $hostname,
+ $context);
if ($result eq 'ok' && ref($hashref) eq 'HASH') {
if ($target eq 'web') {
- my $hostname = &Apache::lonnet::hostname($server);
$message .= "<fieldset><legend>$hostname ($server)</legend>".
&Apache::loncommon::start_data_table().
&Apache::loncommon::start_data_table_header_row()."\n";
@@ -79,6 +87,7 @@ sub print_certstatus {
} else {
$message .= $server.':';
}
+ my %csr;
foreach my $file (@files) {
if ($target eq 'web') {
$message .= &Apache::loncommon::start_data_table_row()."\n".
@@ -86,31 +95,39 @@ sub print_certstatus {
} else {
$message .= $file.'=';
}
- if (ref($hashref->{$file}) eq 'HASH') {
+ if ((ref($hashref->{$file}) eq 'HASH') && (keys(%{$hashref->{$file}}) > 0)) {
my ($starttime,$endtime,$dateinvalid);
if ($target eq 'web') {
$message .= '<td>'.$lt{'yes'}.'</td>';
} else {
- $message .= $lt{'yes'}.',';
+ $message .= 'yes,';
}
unless ($file eq 'key') {
if ($hashref->{$file}->{'end'} ne '') {
- my $dt = DateTime::Format::x509->parse_datetime($hashref->{$file}->{'end'});
- if (ref($dt)) {
- $endtime = $dt->epoch;
- if ($endtime < time) {
- $dateinvalid = $lt{'expired'};
+ if ($file eq 'crl') {
+ $endtime = $hashref->{$file}->{'end'};
+ } else {
+ my $dt = DateTime::Format::x509->parse_datetime($hashref->{$file}->{'end'});
+ if (ref($dt)) {
+ $endtime = $dt->epoch;
}
}
+ if (($endtime ne '') && ($endtime < time)) {
+ $dateinvalid = 'expired';
+ }
}
if ($hashref->{$file}->{'start'} ne '') {
- my $dt = DateTime::Format::x509->parse_datetime($hashref->{$file}->{'start'});
- if (ref($dt)) {
- $starttime = $dt->epoch;
- if ($starttime > time) {
- unless ($dateinvalid) {
- $dateinvalid = $lt{'future'};
- }
+ if ($file eq 'crl') {
+ $starttime = $hashref->{$file}->{'start'};
+ } else {
+ my $dt = DateTime::Format::x509->parse_datetime($hashref->{$file}->{'start'});
+ if (ref($dt)) {
+ $starttime = $dt->epoch;
+ }
+ }
+ if ($starttime > time) {
+ unless ($dateinvalid) {
+ $dateinvalid = 'future';
}
}
}
@@ -124,18 +141,60 @@ sub print_certstatus {
$display = &Apache::lonhtmlcommon::confirm_success($display);
}
}
+ } elsif ($file eq 'crl') {
+ if ($dateinvalid) {
+ if (($target eq 'web') && (exists($lt{$dateinvalid}))) {
+ $display = $lt{$dateinvalid};
+ } else {
+ $display = $dateinvalid;
+ }
+ } elsif ($target eq 'web') {
+ if ($display ne '') {
+ $display = &Apache::lonhtmlcommon::confirm_success($display);
+ }
+ my $details = $hashref->{$file}->{details};
+ if ($details ne '') {
+ $display .= ' '.$details;
+ }
+ }
} elsif ($file eq 'ca') {
if ($dateinvalid) {
- $display = $dateinvalid;
+ if (($target eq 'web') && (exists($lt{$dateinvalid}))) {
+ $display = $lt{$dateinvalid};
+ } else {
+ $display = $dateinvalid;
+ }
} elsif ($target eq 'web') {
- $display = &Apache::lonhtmlcommon::confirm_success($display);
+ if ($display ne '') {
+ $display = &Apache::lonhtmlcommon::confirm_success($display);
+ }
}
} elsif ($display =~ /^ok/) {
if ($dateinvalid) {
- $display = $dateinvalid;
+ if (($target eq 'web') && (exists($lt{$dateinvalid}))) {
+ $display = $lt{$dateinvalid};
+ } else {
+ $display = $dateinvalid;
+ }
} elsif ($target eq 'web') {
$display = &Apache::lonhtmlcommon::confirm_success($display);
}
+ } elsif (($display eq 'nokey') || ($display eq 'otherkey') ||
+ ($display eq 'revoked') || ($display eq 'expired') ||
+ ($display eq 'wrongcn') || ($display eq 'mismatch') ||
+ ($display eq '')) {
+ if (($target eq 'web') && ($display ne '') && (exists($lt{$display}))) {
+ $display = $lt{$display};
+ }
+ if (ref($hashref->{$file.'-csr'}) eq 'HASH') {
+ if ($hashref->{$file.'-csr'}->{$item} eq 'ok') {
+ if ($target eq 'web') {
+ $display .= (($display ne '')? '<br />':'').
+ &mt('(New request awaiting signature)');
+ }
+ $csr{$file} = 1;
+ }
+ }
}
} elsif ($item eq 'start') {
if ($starttime) {
@@ -162,13 +221,27 @@ sub print_certstatus {
}
} else {
if ($target eq 'web') {
- $message .= '<td>'.$lt{'no'}.'<td>';
+ $message .= '<td>'.$lt{'no'}.'</td>';
} else {
- $message .= $lt{'no'}.',';
+ $message .= 'no,';
+ }
+ if ((($file eq 'host') || ($file eq 'hostname')) &&
+ (ref($hashref->{$file.'-csr'}) eq 'HASH')) {
+ if ($hashref->{$file.'-csr'}->{'status'} eq 'ok') {
+ if ($target eq 'web') {
+ my $colspan = scalar(@fields);
+ $message .= '<td colspan="'.$colspan.'">'.
+ &mt('Request for [_1] awaiting signature',
+ $lt{$file}).'</td>';
+ }
+ $csr{$file} = 1;
+ }
}
foreach my $item (@fields) {
if ($target eq 'web') {
- $message .= '<td> </td>';
+ unless ($csr{$file}) {
+ $message .= '<td> </td>';
+ }
} else {
$message .= ',';
}
@@ -184,6 +257,18 @@ sub print_certstatus {
if ($target eq 'web') {
$message .= &Apache::loncommon::end_data_table().'</fieldset>';
} else {
+ if (keys(%csr)) {
+ foreach my $file (keys(%csr)) {
+ if (ref($hashref->{$file.'-csr'}) eq 'HASH') {
+ $message .= $file.'-csr=yes,';
+ foreach my $item (@fields) {
+ $message .= $hashref->{$file.'-csr'}->{$item}.',';
+ }
+ $message =~ s/,$//;
+ $message .= '&';
+ }
+ }
+ }
$message =~ s/\&$//;
}
$message .= "\n";