--- loncom/configuration/SSL.pm 2016/08/01 13:55:05 1.2
+++ loncom/configuration/SSL.pm 2018/08/18 22:07:53 1.7
@@ -1,7 +1,7 @@
# The LearningOnline Network with CAPA
# Checksum installed LON-CAPA modules and some configuration files
#
-# $Id: SSL.pm,v 1.2 2016/08/01 13:55:05 raeburn Exp $
+# $Id: SSL.pm,v 1.7 2018/08/18 22:07:53 raeburn Exp $
#
# The LearningOnline Network with CAPA
#
@@ -31,10 +31,12 @@
package LONCAPA::SSL;
use strict;
use lib '/home/httpd/lib/perl/';
-use Apache::lonlocal();
+use Apache::lonlocal;
use Apache::lonnet();
use Apache::loncommon();
use Apache::lonhtmlcommon();
+use DateTime;
+use DateTime::Format::x509;
use LONCAPA;
sub print_certstatus {
@@ -46,7 +48,7 @@ sub print_certstatus {
'avai' => 'Available',
'yes' => 'Yes',
'no' => 'No',
- 'cn' => 'Common Name',
+ 'cn' => 'Common Name (CN)',
'start' => 'Valid From',
'end' => 'Valid To',
'alg' => 'Signature Algorithm',
@@ -57,14 +59,22 @@ sub print_certstatus {
'host' => 'Connections Certificate',
'hostname' => 'Replication Certificate',
'ca' => 'LON-CAPA CA Certificate',
+ 'expired' => 'Expired',
+ 'future' => 'Future validity',
+ 'nokey' => 'No key',
+ 'otherkey' => 'No matching key',
+ 'revoked' => 'Revoked by CA',
+ 'wrongcn' => 'Incorrect CN',
);
my @files = qw(key host hostname ca);
my @fields = qw(status cn start end alg size email);
foreach my $server (sort(keys(%{$servers}))) {
- my ($result,$hashref) = &Apache::lonnet::get_servercerts_info($server,$context);
+ my $hostname = $servers->{$server};
+ my ($result,$hashref) = &Apache::lonnet::get_servercerts_info($server,
+ $hostname,
+ $context);
if ($result eq 'ok' && ref($hashref) eq 'HASH') {
if ($target eq 'web') {
- my $hostname = &Apache::lonnet::hostname($server);
$message .= "<fieldset><legend>$hostname ($server)</legend>".
&Apache::loncommon::start_data_table().
&Apache::loncommon::start_data_table_header_row()."\n";
@@ -75,6 +85,7 @@ sub print_certstatus {
} else {
$message .= $server.':';
}
+ my %csr;
foreach my $file (@files) {
if ($target eq 'web') {
$message .= &Apache::loncommon::start_data_table_row()."\n".
@@ -83,32 +94,124 @@ sub print_certstatus {
$message .= $file.'=';
}
if (ref($hashref->{$file}) eq 'HASH') {
+ my ($starttime,$endtime,$dateinvalid);
if ($target eq 'web') {
$message .= '<td>'.$lt{'yes'}.'</td>';
} else {
- $message .= $lt{'yes'}.',';
+ $message .= 'yes,';
+ }
+ unless ($file eq 'key') {
+ if ($hashref->{$file}->{'end'} ne '') {
+ my $dt = DateTime::Format::x509->parse_datetime($hashref->{$file}->{'end'});
+ if (ref($dt)) {
+ $endtime = $dt->epoch;
+ if ($endtime < time) {
+ if ($target eq 'web') {
+ $dateinvalid = $lt{'expired'};
+ } else {
+ $dateinvalid = 'expired';
+ }
+ }
+ }
+ }
+ if ($hashref->{$file}->{'start'} ne '') {
+ my $dt = DateTime::Format::x509->parse_datetime($hashref->{$file}->{'start'});
+ if (ref($dt)) {
+ $starttime = $dt->epoch;
+ if ($starttime > time) {
+ unless ($dateinvalid) {
+ if ($target eq 'web') {
+ $dateinvalid = $lt{'future'};
+ } else {
+ $dateinvalid = 'future';
+ }
+ }
+ }
+ }
+ }
}
foreach my $item (@fields) {
my $display = $hashref->{$file}->{$item};
- if ($target eq 'web') {
- if ($item eq 'status') {
- $display = &Apache::lonhtmlcommon::confirm_success($display);
+ if ($item eq 'status') {
+ if ($file eq 'key') {
+ if ($display =~ /ok$/) {
+ if ($target eq 'web') {
+ $display = &Apache::lonhtmlcommon::confirm_success($display);
+ }
+ }
+ } elsif ($file eq 'ca') {
+ if ($dateinvalid) {
+ $display = $dateinvalid;
+ } elsif ($target eq 'web') {
+ $display = &Apache::lonhtmlcommon::confirm_success($display);
+ }
+ } elsif ($display =~ /^ok/) {
+ if ($dateinvalid) {
+ $display = $dateinvalid;
+ } elsif ($target eq 'web') {
+ $display = &Apache::lonhtmlcommon::confirm_success($display);
+ }
+ } elsif (($display eq 'nokey') || ($display eq 'otherkey') ||
+ ($display eq 'revoked') || ($display eq 'expired') ||
+ ($display eq 'wrongcn')) {
+ if ($target eq 'web') {
+ $display = $lt{$display};
+ }
+ if (ref($hashref->{$file.'-csr'}) eq 'HASH') {
+ if ($hashref->{$file.'-csr'}->{$item} eq 'ok') {
+ if ($target eq 'web') {
+ $display .= '<br />'.&mt('(New request awaiting signature)');
+ }
+ $csr{$file} = 1;
+ }
+ }
+ }
+ } elsif ($item eq 'start') {
+ if ($starttime) {
+ if ($target eq 'web') {
+ $display = &Apache::lonlocal::locallocaltime($starttime);
+ } else {
+ $display = $starttime;
+ }
+ }
+ } elsif ($item eq 'end') {
+ if ($endtime) {
+ if ($target eq 'web') {
+ $display = &Apache::lonlocal::locallocaltime($endtime);
+ } else {
+ $display = $endtime;
+ }
}
+ }
+ if ($target eq 'web') {
$message .= "<td>$display</td>";
} else {
$message .= "$display,";
}
}
-
} else {
if ($target eq 'web') {
- $message .= '<td>'.$lt{'no'}.'<td>';
+ $message .= '<td>'.$lt{'no'}.'</td>';
} else {
- $message .= $lt{'no'}.',';
+ $message .= 'no,';
+ }
+ if ((($file eq 'host') || ($file eq 'hostname')) &&
+ (ref($hashref->{$file.'-csr'}) eq 'HASH')) {
+ if ($hashref->{$file.'-csr'}->{'status'} eq 'ok') {
+ if ($target eq 'web') {
+ my $colspan = scalar(@fields);
+ $message .= '<td colspan="'.$colspan.'">'.
+ &mt('Request for [_1] awaiting signature',
+ $lt{$file}).'</td>';
+ }
+ $csr{$file} = 1;
+ }
}
foreach my $item (@fields) {
if ($target eq 'web') {
- $message .= '<td> </td>';
+ unless ($csr{$file}) {
+ $message .= '<td> </td>';
+ }
} else {
$message .= ',';
}
@@ -124,14 +227,26 @@ sub print_certstatus {
if ($target eq 'web') {
$message .= &Apache::loncommon::end_data_table().'</fieldset>';
} else {
+ if (keys(%csr)) {
+ foreach my $file (keys(%csr)) {
+ if (ref($hashref->{$file.'-csr'}) eq 'HASH') {
+ $message .= $file.'-csr=yes,';
+ foreach my $item (@fields) {
+ $message .= $hashref->{$file.'-csr'}->{$item}.',';
+ }
+ $message =~ s/,$//;
+ $message .= '&';
+ }
+ }
+ }
$message =~ s/\&$//;
}
$message .= "\n";
} else {
if ($target eq 'web') {
- $message .= "$server error\n";
+ $message .= "$server:error\n";
} else {
- $message .= "$server error\n";
+ $message .= "$server:error\n";
}
}
}