File:  [LON-CAPA] / loncom / configuration / SSL.pm
Revision 1.10: download - view: text, annotated - select for diffs
Thu Jul 11 18:12:06 2019 UTC (5 years, 6 months ago) by raeburn
Branches: MAIN
CVS tags: version_2_12_X, HEAD
- Information about Certificate Revocations List included in SSL Certificates
  status report.  LONCAPA-prerequisites needs perl-Crypt-X509-CRL.

# The LearningOnline Network with CAPA
# Checksum installed LON-CAPA modules and some configuration files
#
# $Id: SSL.pm,v 1.10 2019/07/11 18:12:06 raeburn Exp $
#
# The LearningOnline Network with CAPA
#
# Copyright Michigan State University Board of Trustees
#
# This file is part of the LearningOnline Network with CAPA (LON-CAPA).
#
# LON-CAPA is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# LON-CAPA is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with LON-CAPA; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
#
# /home/httpd/html/adm/gpl.txt
#
# http://www.lon-capa.org/
#

package LONCAPA::SSL;
use strict;
use lib '/home/httpd/lib/perl/';
use Apache::lonlocal;
use Apache::lonnet();
use Apache::loncommon();
use Apache::lonhtmlcommon();
use DateTime;
use DateTime::Format::x509;
use LONCAPA; 

sub print_certstatus {
    my ($servers,$target,$context) = @_;
    return unless (ref($servers) eq 'HASH');
    my $message;
    my %lt = &Apache::lonlocal::texthash (
                 'file'     => 'File',
                 'avai'     => 'Available',
                 'yes'      => 'Yes',
                 'no'       => 'No',
                 'cn'       => 'Common Name (CN)',
                 'start'    => 'Valid From',
                 'end'      => 'Valid To',
                 'alg'      => 'Signature Algorithm',
                 'size'     => 'Public Key Size',
                 'status'   => 'Status',
                 'email'    => 'E-mail',
                 'key'      => 'Private Key',
                 'host'     => 'Connections Certificate',
                 'hostname' => 'Replication Certificate',
                 'crl'      => 'Revocations List',
                 'ca'       => 'LON-CAPA CA Certificate',
                 'expired'  => 'Expired',
                 'future'   => 'Future validity',
                 'nokey'    => 'No key',
                 'otherkey' => 'No matching key',
                 'revoked'  => 'Revoked by CA',
                 'wrongcn'  => 'Incorrect CN',
                 'mismatch' => 'Mismatched Issuer',
    );
    my @files = qw(key host hostname ca crl);
    my @fields = qw(status cn start end alg size email);
    foreach my $server (sort(keys(%{$servers}))) {
        my $hostname = $servers->{$server};
        my ($result,$hashref) = &Apache::lonnet::get_servercerts_info($server,
                                                                      $hostname,
                                                                      $context);
        if ($result eq 'ok' && ref($hashref) eq 'HASH') {
            if ($target eq 'web') {
                $message .= "<fieldset><legend>$hostname ($server)</legend>".
                            &Apache::loncommon::start_data_table().
                            &Apache::loncommon::start_data_table_header_row()."\n";
                foreach my $item ('file','avai',@fields) {
                    $message .= '<th>'.$lt{$item}.'</th>';
                }
                $message .= &Apache::loncommon::end_data_table_header_row()."\n";
            } else {
                $message .= $server.':';
            }
            my %csr;
            foreach my $file (@files) {
                if ($target eq 'web') {
                    $message .= &Apache::loncommon::start_data_table_row()."\n".
                                '<td>'.$lt{$file}.'</td>';
                } else {
                    $message .= $file.'=';
                }
                if ((ref($hashref->{$file}) eq 'HASH') && (keys(%{$hashref->{$file}}) > 0)) {
                    my ($starttime,$endtime,$dateinvalid);
                    if ($target eq 'web') {
                        $message .= '<td>'.$lt{'yes'}.'</td>';
                    } else {
                        $message .= 'yes,';
                    }
                    unless ($file eq 'key') {
                        if ($hashref->{$file}->{'end'} ne '') {
                            if ($file eq 'crl') {
                                $endtime = $hashref->{$file}->{'end'};
                            } else {
                                my $dt = DateTime::Format::x509->parse_datetime($hashref->{$file}->{'end'});
                                if (ref($dt)) {
                                    $endtime = $dt->epoch;
                                }
                            }
                            if (($endtime ne '') && ($endtime < time)) {
                                $dateinvalid = 'expired';
                            }
                        }
                        if ($hashref->{$file}->{'start'} ne '') {
                            if ($file eq 'crl') {
                                $starttime = $hashref->{$file}->{'start'};
                            } else {
                                my $dt = DateTime::Format::x509->parse_datetime($hashref->{$file}->{'start'});
                                if (ref($dt)) {
                                    $starttime = $dt->epoch;
                                }
                            }
                            if ($starttime > time) {
                                unless ($dateinvalid) {
                                    $dateinvalid = 'future';
                                }
                            }
                        }
                    }
                    foreach my $item (@fields) {
                        my $display = $hashref->{$file}->{$item};
                        if ($item eq 'status') {
                            if ($file eq 'key') {
                                if ($display =~ /ok$/) {
                                    if ($target eq 'web') {
                                        $display = &Apache::lonhtmlcommon::confirm_success($display);
                                    }
                                }
                            } elsif ($file eq 'crl') {
                                if ($dateinvalid) {
                                    if (($target eq 'web') && (exists($lt{$dateinvalid}))) {
                                        $display = $lt{$dateinvalid};
                                    } else {  
                                        $display = $dateinvalid;
                                    }
                                } elsif ($target eq 'web') {
                                    if ($display ne '') {
                                        $display = &Apache::lonhtmlcommon::confirm_success($display);
                                    }
                                    my $details = $hashref->{$file}->{details};
                                    if ($details ne '') {
                                        $display .= ' '.$details;
                                    }
                                }
                            } elsif ($file eq 'ca') {
                                if ($dateinvalid) {
                                    if (($target eq 'web') && (exists($lt{$dateinvalid}))) {
                                        $display = $lt{$dateinvalid};
                                    } else {
                                        $display = $dateinvalid;
                                    }
                                } elsif ($target eq 'web') {
                                    if ($display ne '') {
                                        $display = &Apache::lonhtmlcommon::confirm_success($display);
                                    }
                                }
                            } elsif ($display =~ /^ok/) {
                                if ($dateinvalid) {
                                    if (($target eq 'web') && (exists($lt{$dateinvalid}))) {
                                        $display = $lt{$dateinvalid};
                                    } else {
                                        $display = $dateinvalid;
                                    }
                                } elsif ($target eq 'web') { 
                                    $display = &Apache::lonhtmlcommon::confirm_success($display);
                                }
                            } elsif (($display eq 'nokey') || ($display eq 'otherkey') ||
                                     ($display eq 'revoked') || ($display eq 'expired') ||
                                     ($display eq 'wrongcn') || ($display eq 'mismatch') ||
                                     ($display eq '')) {
                                if (($target eq 'web') && ($display ne '') && (exists($lt{$display}))) {
                                    $display = $lt{$display};
                                }
                                if (ref($hashref->{$file.'-csr'}) eq 'HASH') {
                                    if ($hashref->{$file.'-csr'}->{$item} eq 'ok') {
                                        if ($target eq 'web') {
                                            $display .= (($display ne '')? '<br />':'').
                                                        &mt('(New request awaiting signature)');
                                        }
                                        $csr{$file} = 1;
                                    }
                                }
                            }
                        } elsif ($item eq 'start') {
                            if ($starttime) {
                                if ($target eq 'web') {
                                    $display = &Apache::lonlocal::locallocaltime($starttime);
                                } else {
                                    $display = $starttime;
                                }
                            }
                        } elsif ($item eq 'end') {
                            if ($endtime) {
                                if ($target eq 'web') {
                                    $display = &Apache::lonlocal::locallocaltime($endtime);
                                } else {
                                    $display = $endtime;
                                }
                            }
                        }
                        if ($target eq 'web') {
                            $message .= "<td>$display</td>";
                        } else {
                            $message .= "$display,";
                        }
                    }
                } else {
                    if ($target eq 'web') {
                        $message .= '<td>'.$lt{'no'}.'</td>';
                    } else {
                        $message .= 'no,';
                    }
                    if ((($file eq 'host') || ($file eq 'hostname')) &&
                        (ref($hashref->{$file.'-csr'}) eq 'HASH')) {
                        if ($hashref->{$file.'-csr'}->{'status'} eq 'ok') {
                            if ($target eq 'web') {
                                my $colspan = scalar(@fields);
                                $message .= '<td colspan="'.$colspan.'">'.
                                            &mt('Request for [_1] awaiting signature',
                                                $lt{$file}).'</td>';
                            }
                            $csr{$file} = 1;
                        }
                    }
                    foreach my $item (@fields) {
                        if ($target eq 'web') {
                            unless ($csr{$file}) {
                                $message .= '<td>&nbsp;</td>';
                            }
                        } else {
                            $message .= ',';
                        }
                    } 
                }
                if ($target eq 'web') {
                    $message .= &Apache::loncommon::end_data_table_row()."\n";
                } else {
                    $message =~ s/,$//;
                    $message .= '&';
                }
            }
            if ($target eq 'web') {
                $message .= &Apache::loncommon::end_data_table().'</fieldset>';
            } else {
                if (keys(%csr)) {
                    foreach my $file (keys(%csr)) {
                        if (ref($hashref->{$file.'-csr'}) eq 'HASH') {
                            $message .= $file.'-csr=yes,';
                            foreach my $item (@fields) {
                                $message .= $hashref->{$file.'-csr'}->{$item}.',';
                            }
                            $message =~ s/,$//;
                            $message .= '&';
                        }
                    }
                }
                $message =~ s/\&$//;
            }
            $message .= "\n";
        } else {
            if ($target eq 'web') {
                $message .= "$server:error\n";
            } else {
                $message .= "$server:error\n";
            }
        }
    }
    return $message;
}

1;


FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>