# The LearningOnline Network with CAPA
# Checksum installed LON-CAPA modules and some configuration files
#
# $Id: SSL.pm,v 1.10 2019/07/11 18:12:06 raeburn Exp $
#
# The LearningOnline Network with CAPA
#
# Copyright Michigan State University Board of Trustees
#
# This file is part of the LearningOnline Network with CAPA (LON-CAPA).
#
# LON-CAPA is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# LON-CAPA is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with LON-CAPA; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
# /home/httpd/html/adm/gpl.txt
#
# http://www.lon-capa.org/
#
package LONCAPA::SSL;
use strict;
use lib '/home/httpd/lib/perl/';
use Apache::lonlocal;
use Apache::lonnet();
use Apache::loncommon();
use Apache::lonhtmlcommon();
use DateTime;
use DateTime::Format::x509;
use LONCAPA;
sub print_certstatus {
my ($servers,$target,$context) = @_;
return unless (ref($servers) eq 'HASH');
my $message;
my %lt = &Apache::lonlocal::texthash (
'file' => 'File',
'avai' => 'Available',
'yes' => 'Yes',
'no' => 'No',
'cn' => 'Common Name (CN)',
'start' => 'Valid From',
'end' => 'Valid To',
'alg' => 'Signature Algorithm',
'size' => 'Public Key Size',
'status' => 'Status',
'email' => 'E-mail',
'key' => 'Private Key',
'host' => 'Connections Certificate',
'hostname' => 'Replication Certificate',
'crl' => 'Revocations List',
'ca' => 'LON-CAPA CA Certificate',
'expired' => 'Expired',
'future' => 'Future validity',
'nokey' => 'No key',
'otherkey' => 'No matching key',
'revoked' => 'Revoked by CA',
'wrongcn' => 'Incorrect CN',
'mismatch' => 'Mismatched Issuer',
);
my @files = qw(key host hostname ca crl);
my @fields = qw(status cn start end alg size email);
foreach my $server (sort(keys(%{$servers}))) {
my $hostname = $servers->{$server};
my ($result,$hashref) = &Apache::lonnet::get_servercerts_info($server,
$hostname,
$context);
if ($result eq 'ok' && ref($hashref) eq 'HASH') {
if ($target eq 'web') {
$message .= "<fieldset><legend>$hostname ($server)</legend>".
&Apache::loncommon::start_data_table().
&Apache::loncommon::start_data_table_header_row()."\n";
foreach my $item ('file','avai',@fields) {
$message .= '<th>'.$lt{$item}.'</th>';
}
$message .= &Apache::loncommon::end_data_table_header_row()."\n";
} else {
$message .= $server.':';
}
my %csr;
foreach my $file (@files) {
if ($target eq 'web') {
$message .= &Apache::loncommon::start_data_table_row()."\n".
'<td>'.$lt{$file}.'</td>';
} else {
$message .= $file.'=';
}
if ((ref($hashref->{$file}) eq 'HASH') && (keys(%{$hashref->{$file}}) > 0)) {
my ($starttime,$endtime,$dateinvalid);
if ($target eq 'web') {
$message .= '<td>'.$lt{'yes'}.'</td>';
} else {
$message .= 'yes,';
}
unless ($file eq 'key') {
if ($hashref->{$file}->{'end'} ne '') {
if ($file eq 'crl') {
$endtime = $hashref->{$file}->{'end'};
} else {
my $dt = DateTime::Format::x509->parse_datetime($hashref->{$file}->{'end'});
if (ref($dt)) {
$endtime = $dt->epoch;
}
}
if (($endtime ne '') && ($endtime < time)) {
$dateinvalid = 'expired';
}
}
if ($hashref->{$file}->{'start'} ne '') {
if ($file eq 'crl') {
$starttime = $hashref->{$file}->{'start'};
} else {
my $dt = DateTime::Format::x509->parse_datetime($hashref->{$file}->{'start'});
if (ref($dt)) {
$starttime = $dt->epoch;
}
}
if ($starttime > time) {
unless ($dateinvalid) {
$dateinvalid = 'future';
}
}
}
}
foreach my $item (@fields) {
my $display = $hashref->{$file}->{$item};
if ($item eq 'status') {
if ($file eq 'key') {
if ($display =~ /ok$/) {
if ($target eq 'web') {
$display = &Apache::lonhtmlcommon::confirm_success($display);
}
}
} elsif ($file eq 'crl') {
if ($dateinvalid) {
if (($target eq 'web') && (exists($lt{$dateinvalid}))) {
$display = $lt{$dateinvalid};
} else {
$display = $dateinvalid;
}
} elsif ($target eq 'web') {
if ($display ne '') {
$display = &Apache::lonhtmlcommon::confirm_success($display);
}
my $details = $hashref->{$file}->{details};
if ($details ne '') {
$display .= ' '.$details;
}
}
} elsif ($file eq 'ca') {
if ($dateinvalid) {
if (($target eq 'web') && (exists($lt{$dateinvalid}))) {
$display = $lt{$dateinvalid};
} else {
$display = $dateinvalid;
}
} elsif ($target eq 'web') {
if ($display ne '') {
$display = &Apache::lonhtmlcommon::confirm_success($display);
}
}
} elsif ($display =~ /^ok/) {
if ($dateinvalid) {
if (($target eq 'web') && (exists($lt{$dateinvalid}))) {
$display = $lt{$dateinvalid};
} else {
$display = $dateinvalid;
}
} elsif ($target eq 'web') {
$display = &Apache::lonhtmlcommon::confirm_success($display);
}
} elsif (($display eq 'nokey') || ($display eq 'otherkey') ||
($display eq 'revoked') || ($display eq 'expired') ||
($display eq 'wrongcn') || ($display eq 'mismatch') ||
($display eq '')) {
if (($target eq 'web') && ($display ne '') && (exists($lt{$display}))) {
$display = $lt{$display};
}
if (ref($hashref->{$file.'-csr'}) eq 'HASH') {
if ($hashref->{$file.'-csr'}->{$item} eq 'ok') {
if ($target eq 'web') {
$display .= (($display ne '')? '<br />':'').
&mt('(New request awaiting signature)');
}
$csr{$file} = 1;
}
}
}
} elsif ($item eq 'start') {
if ($starttime) {
if ($target eq 'web') {
$display = &Apache::lonlocal::locallocaltime($starttime);
} else {
$display = $starttime;
}
}
} elsif ($item eq 'end') {
if ($endtime) {
if ($target eq 'web') {
$display = &Apache::lonlocal::locallocaltime($endtime);
} else {
$display = $endtime;
}
}
}
if ($target eq 'web') {
$message .= "<td>$display</td>";
} else {
$message .= "$display,";
}
}
} else {
if ($target eq 'web') {
$message .= '<td>'.$lt{'no'}.'</td>';
} else {
$message .= 'no,';
}
if ((($file eq 'host') || ($file eq 'hostname')) &&
(ref($hashref->{$file.'-csr'}) eq 'HASH')) {
if ($hashref->{$file.'-csr'}->{'status'} eq 'ok') {
if ($target eq 'web') {
my $colspan = scalar(@fields);
$message .= '<td colspan="'.$colspan.'">'.
&mt('Request for [_1] awaiting signature',
$lt{$file}).'</td>';
}
$csr{$file} = 1;
}
}
foreach my $item (@fields) {
if ($target eq 'web') {
unless ($csr{$file}) {
$message .= '<td> </td>';
}
} else {
$message .= ',';
}
}
}
if ($target eq 'web') {
$message .= &Apache::loncommon::end_data_table_row()."\n";
} else {
$message =~ s/,$//;
$message .= '&';
}
}
if ($target eq 'web') {
$message .= &Apache::loncommon::end_data_table().'</fieldset>';
} else {
if (keys(%csr)) {
foreach my $file (keys(%csr)) {
if (ref($hashref->{$file.'-csr'}) eq 'HASH') {
$message .= $file.'-csr=yes,';
foreach my $item (@fields) {
$message .= $hashref->{$file.'-csr'}->{$item}.',';
}
$message =~ s/,$//;
$message .= '&';
}
}
}
$message =~ s/\&$//;
}
$message .= "\n";
} else {
if ($target eq 'web') {
$message .= "$server:error\n";
} else {
$message .= "$server:error\n";
}
}
}
return $message;
}
1;
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/back.gif){kind=icon}
Return to SSL.pm CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [LON-CAPA] / loncom / configuration