--- loncom/configuration/SSL.pm	2016/07/25 19:50:16	1.1
+++ loncom/configuration/SSL.pm	2018/08/18 22:07:53	1.7
@@ -1,7 +1,7 @@
 # The LearningOnline Network with CAPA
 # Checksum installed LON-CAPA modules and some configuration files
 #
-# $Id: SSL.pm,v 1.1 2016/07/25 19:50:16 raeburn Exp $
+# $Id: SSL.pm,v 1.7 2018/08/18 22:07:53 raeburn Exp $
 #
 # The LearningOnline Network with CAPA
 #
@@ -31,10 +31,12 @@
 package LONCAPA::SSL;
 use strict;
 use lib '/home/httpd/lib/perl/';
-use Apache::lonlocal();
+use Apache::lonlocal;
 use Apache::lonnet();
 use Apache::loncommon();
 use Apache::lonhtmlcommon();
+use DateTime;
+use DateTime::Format::x509;
 use LONCAPA; 
 
 sub print_certstatus {
@@ -46,7 +48,7 @@ sub print_certstatus {
                  'avai'     => 'Available',
                  'yes'      => 'Yes',
                  'no'       => 'No',
-                 'cn'       => 'Common Name',
+                 'cn'       => 'Common Name (CN)',
                  'start'    => 'Valid From',
                  'end'      => 'Valid To',
                  'alg'      => 'Signature Algorithm',
@@ -57,12 +59,20 @@ sub print_certstatus {
                  'host'     => 'Connections Certificate',
                  'hostname' => 'Replication Certificate',
                  'ca'       => 'LON-CAPA CA Certificate',
+                 'expired'  => 'Expired',
+                 'future'   => 'Future validity',
+                 'nokey'    => 'No key',
+                 'otherkey' => 'No matching key',
+                 'revoked'  => 'Revoked by CA',
+                 'wrongcn'  => 'Incorrect CN',
     );
     my @files = qw(key host hostname ca);
     my @fields = qw(status cn start end alg size email);
     foreach my $server (sort(keys(%{$servers}))) {
-        my $hostname = &Apache::lonnet::hostname($server);
-        my ($result,$hashref) = &Apache::lonnet::get_servercerts_info($server,$context);
+        my $hostname = $servers->{$server};
+        my ($result,$hashref) = &Apache::lonnet::get_servercerts_info($server,
+                                                                      $hostname,
+                                                                      $context);
         if ($result eq 'ok' && ref($hashref) eq 'HASH') {
             if ($target eq 'web') {
                 $message .= "<fieldset><legend>$hostname ($server)</legend>".
@@ -75,6 +85,7 @@ sub print_certstatus {
             } else {
                 $message .= $server.':';
             }
+            my %csr;
             foreach my $file (@files) {
                 if ($target eq 'web') {
                     $message .= &Apache::loncommon::start_data_table_row()."\n".
@@ -83,17 +94,96 @@ sub print_certstatus {
                     $message .= $file.'=';
                 }
                 if (ref($hashref->{$file}) eq 'HASH') {
+                    my ($starttime,$endtime,$dateinvalid);
                     if ($target eq 'web') {
                         $message .= '<td>'.$lt{'yes'}.'</td>';
                     } else {
-                        $message .= $lt{'yes'}.',';
+                        $message .= 'yes,';
+                    }
+                    unless ($file eq 'key') {
+                        if ($hashref->{$file}->{'end'} ne '') {
+                            my $dt = DateTime::Format::x509->parse_datetime($hashref->{$file}->{'end'});
+                            if (ref($dt)) {
+                                $endtime = $dt->epoch;
+                                if ($endtime < time) {
+                                    if ($target eq 'web') {
+                                        $dateinvalid = $lt{'expired'};
+                                    } else {
+                                        $dateinvalid = 'expired';
+                                    }
+                                }
+                            }
+                        }
+                        if ($hashref->{$file}->{'start'} ne '') {
+                            my $dt = DateTime::Format::x509->parse_datetime($hashref->{$file}->{'start'});
+                            if (ref($dt)) {
+                                $starttime = $dt->epoch;
+                                if ($starttime > time) {
+                                    unless ($dateinvalid) {
+                                        if ($target eq 'web') {
+                                            $dateinvalid = $lt{'future'};
+                                        } else {
+                                            $dateinvalid = 'future';
+                                        }
+                                    }
+                                }
+                            }
+                        }
                     }
                     foreach my $item (@fields) {
                         my $display = $hashref->{$file}->{$item};
-                        if ($target eq 'web') {
-                            if ($item eq 'status') {
-                                $display = &Apache::lonhtmlcommon::confirm_success($display);
+                        if ($item eq 'status') {
+                            if ($file eq 'key') {
+                                if ($display =~ /ok$/) {
+                                    if ($target eq 'web') {
+                                        $display = &Apache::lonhtmlcommon::confirm_success($display);
+                                    }
+                                }
+                            } elsif ($file eq 'ca') {
+                                if ($dateinvalid) {
+                                    $display = $dateinvalid;
+                                } elsif ($target eq 'web') {
+                                    $display = &Apache::lonhtmlcommon::confirm_success($display);
+                                }
+                            } elsif ($display =~ /^ok/) {
+                                if ($dateinvalid) {
+                                    $display = $dateinvalid;
+                                } elsif ($target eq 'web') { 
+                                    $display = &Apache::lonhtmlcommon::confirm_success($display);
+                                }
+                            } elsif (($display eq 'nokey') || ($display eq 'otherkey') ||
+                                     ($display eq 'revoked') || ($display eq 'expired') ||
+                                     ($display eq 'wrongcn')) {
+                                if ($target eq 'web') {
+                                    $display = $lt{$display};
+                                }
+                                if (ref($hashref->{$file.'-csr'}) eq 'HASH') {
+                                    if ($hashref->{$file.'-csr'}->{$item} eq 'ok') {
+                                        if ($target eq 'web') {
+                                            $display .= '<br />'.&mt('(New request awaiting signature)');
+                                        }
+                                        $csr{$file} = 1;
+                                    }
+                                }
+                            }
+                        } elsif ($item eq 'start') {
+                            if ($starttime) {
+                                if ($target eq 'web') {
+                                    $display = &Apache::lonlocal::locallocaltime($starttime);
+                                } else {
+                                    $display = $starttime;
+                                }
                             }
+                        } elsif ($item eq 'end') {
+                            if ($endtime) {
+                                if ($target eq 'web') {
+                                    $display = &Apache::lonlocal::locallocaltime($endtime);
+                                } else {
+                                    $display = $endtime;
+                                }
+                            }
+                        }
+                        if ($target eq 'web') {
                             $message .= "<td>$display</td>";
                         } else {
                             $message .= "$display,";
@@ -101,36 +191,62 @@ sub print_certstatus {
                     }
                 } else {
                     if ($target eq 'web') {
-                        $message .= '<td>'.$lt{'no'}.'<td>';
+                        $message .= '<td>'.$lt{'no'}.'</td>';
                     } else {
-                        $message .= $lt{'no'}.',';
+                        $message .= 'no,';
+                    }
+                    if ((($file eq 'host') || ($file eq 'hostname')) &&
+                        (ref($hashref->{$file.'-csr'}) eq 'HASH')) {
+                        if ($hashref->{$file.'-csr'}->{'status'} eq 'ok') {
+                            if ($target eq 'web') {
+                                my $colspan = scalar(@fields);
+                                $message .= '<td colspan="'.$colspan.'">'.
+                                            &mt('Request for [_1] awaiting signature',
+                                                $lt{$file}).'</td>';
+                            }
+                            $csr{$file} = 1;
+                        }
                     }
                     foreach my $item (@fields) {
                         if ($target eq 'web') {
-                            $message .= '<td>&nbsp;</td>';
+                            unless ($csr{$file}) {
+                                $message .= '<td>&nbsp;</td>';
+                            }
                         } else {
                             $message .= ',';
                         }
-                    }
-                    if ($target eq 'web') {
-                        $message .= &Apache::loncommon::end_data_table_row()."\n";
-                    } else {
-                        $message =~ s/,$//;
-                        $message .= '&';
-                    }
+                    } 
+                }
+                if ($target eq 'web') {
+                    $message .= &Apache::loncommon::end_data_table_row()."\n";
+                } else {
+                    $message =~ s/,$//;
+                    $message .= '&';
                 }
             }
             if ($target eq 'web') {
                 $message .= &Apache::loncommon::end_data_table().'</fieldset>';
             } else {
+                if (keys(%csr)) {
+                    foreach my $file (keys(%csr)) {
+                        if (ref($hashref->{$file.'-csr'}) eq 'HASH') {
+                            $message .= $file.'-csr=yes,';
+                            foreach my $item (@fields) {
+                                $message .= $hashref->{$file.'-csr'}->{$item}.',';
+                            }
+                            $message =~ s/,$//;
+                            $message .= '&';
+                        }
+                    }
+                }
                 $message =~ s/\&$//;
             }
             $message .= "\n";
         } else {
             if ($target eq 'web') {
-                $message .= "$server error\n";
+                $message .= "$server:error\n";
             } else {
-                $message .= "$server error\n";
+                $message .= "$server:error\n";
             }
         }
     }