--- loncom/configuration/SSL.pm 2016/08/01 13:55:05 1.2 +++ loncom/configuration/SSL.pm 2019/07/11 18:12:06 1.10 @@ -1,7 +1,7 @@ # The LearningOnline Network with CAPA # Checksum installed LON-CAPA modules and some configuration files # -# $Id: SSL.pm,v 1.2 2016/08/01 13:55:05 raeburn Exp $ +# $Id: SSL.pm,v 1.10 2019/07/11 18:12:06 raeburn Exp $ # # The LearningOnline Network with CAPA # @@ -31,10 +31,12 @@ package LONCAPA::SSL; use strict; use lib '/home/httpd/lib/perl/'; -use Apache::lonlocal(); +use Apache::lonlocal; use Apache::lonnet(); use Apache::loncommon(); use Apache::lonhtmlcommon(); +use DateTime; +use DateTime::Format::x509; use LONCAPA; sub print_certstatus { @@ -46,7 +48,7 @@ sub print_certstatus { 'avai' => 'Available', 'yes' => 'Yes', 'no' => 'No', - 'cn' => 'Common Name', + 'cn' => 'Common Name (CN)', 'start' => 'Valid From', 'end' => 'Valid To', 'alg' => 'Signature Algorithm', @@ -56,15 +58,25 @@ sub print_certstatus { 'key' => 'Private Key', 'host' => 'Connections Certificate', 'hostname' => 'Replication Certificate', + 'crl' => 'Revocations List', 'ca' => 'LON-CAPA CA Certificate', + 'expired' => 'Expired', + 'future' => 'Future validity', + 'nokey' => 'No key', + 'otherkey' => 'No matching key', + 'revoked' => 'Revoked by CA', + 'wrongcn' => 'Incorrect CN', + 'mismatch' => 'Mismatched Issuer', ); - my @files = qw(key host hostname ca); + my @files = qw(key host hostname ca crl); my @fields = qw(status cn start end alg size email); foreach my $server (sort(keys(%{$servers}))) { - my ($result,$hashref) = &Apache::lonnet::get_servercerts_info($server,$context); + my $hostname = $servers->{$server}; + my ($result,$hashref) = &Apache::lonnet::get_servercerts_info($server, + $hostname, + $context); if ($result eq 'ok' && ref($hashref) eq 'HASH') { if ($target eq 'web') { - my $hostname = &Apache::lonnet::hostname($server); $message .= "
$hostname ($server)". &Apache::loncommon::start_data_table(). &Apache::loncommon::start_data_table_header_row()."\n"; @@ -75,6 +87,7 @@ sub print_certstatus { } else { $message .= $server.':'; } + my %csr; foreach my $file (@files) { if ($target eq 'web') { $message .= &Apache::loncommon::start_data_table_row()."\n". @@ -82,33 +95,153 @@ sub print_certstatus { } else { $message .= $file.'='; } - if (ref($hashref->{$file}) eq 'HASH') { + if ((ref($hashref->{$file}) eq 'HASH') && (keys(%{$hashref->{$file}}) > 0)) { + my ($starttime,$endtime,$dateinvalid); if ($target eq 'web') { $message .= ''.$lt{'yes'}.''; } else { - $message .= $lt{'yes'}.','; + $message .= 'yes,'; + } + unless ($file eq 'key') { + if ($hashref->{$file}->{'end'} ne '') { + if ($file eq 'crl') { + $endtime = $hashref->{$file}->{'end'}; + } else { + my $dt = DateTime::Format::x509->parse_datetime($hashref->{$file}->{'end'}); + if (ref($dt)) { + $endtime = $dt->epoch; + } + } + if (($endtime ne '') && ($endtime < time)) { + $dateinvalid = 'expired'; + } + } + if ($hashref->{$file}->{'start'} ne '') { + if ($file eq 'crl') { + $starttime = $hashref->{$file}->{'start'}; + } else { + my $dt = DateTime::Format::x509->parse_datetime($hashref->{$file}->{'start'}); + if (ref($dt)) { + $starttime = $dt->epoch; + } + } + if ($starttime > time) { + unless ($dateinvalid) { + $dateinvalid = 'future'; + } + } + } } foreach my $item (@fields) { my $display = $hashref->{$file}->{$item}; - if ($target eq 'web') { - if ($item eq 'status') { - $display = &Apache::lonhtmlcommon::confirm_success($display); + if ($item eq 'status') { + if ($file eq 'key') { + if ($display =~ /ok$/) { + if ($target eq 'web') { + $display = &Apache::lonhtmlcommon::confirm_success($display); + } + } + } elsif ($file eq 'crl') { + if ($dateinvalid) { + if (($target eq 'web') && (exists($lt{$dateinvalid}))) { + $display = $lt{$dateinvalid}; + } else { + $display = $dateinvalid; + } + } elsif ($target eq 'web') { + if ($display ne '') { + $display = &Apache::lonhtmlcommon::confirm_success($display); + } + my $details = $hashref->{$file}->{details}; + if ($details ne '') { + $display .= ' '.$details; + } + } + } elsif ($file eq 'ca') { + if ($dateinvalid) { + if (($target eq 'web') && (exists($lt{$dateinvalid}))) { + $display = $lt{$dateinvalid}; + } else { + $display = $dateinvalid; + } + } elsif ($target eq 'web') { + if ($display ne '') { + $display = &Apache::lonhtmlcommon::confirm_success($display); + } + } + } elsif ($display =~ /^ok/) { + if ($dateinvalid) { + if (($target eq 'web') && (exists($lt{$dateinvalid}))) { + $display = $lt{$dateinvalid}; + } else { + $display = $dateinvalid; + } + } elsif ($target eq 'web') { + $display = &Apache::lonhtmlcommon::confirm_success($display); + } + } elsif (($display eq 'nokey') || ($display eq 'otherkey') || + ($display eq 'revoked') || ($display eq 'expired') || + ($display eq 'wrongcn') || ($display eq 'mismatch') || + ($display eq '')) { + if (($target eq 'web') && ($display ne '') && (exists($lt{$display}))) { + $display = $lt{$display}; + } + if (ref($hashref->{$file.'-csr'}) eq 'HASH') { + if ($hashref->{$file.'-csr'}->{$item} eq 'ok') { + if ($target eq 'web') { + $display .= (($display ne '')? '
':''). + &mt('(New request awaiting signature)'); + } + $csr{$file} = 1; + } + } + } + } elsif ($item eq 'start') { + if ($starttime) { + if ($target eq 'web') { + $display = &Apache::lonlocal::locallocaltime($starttime); + } else { + $display = $starttime; + } } + } elsif ($item eq 'end') { + if ($endtime) { + if ($target eq 'web') { + $display = &Apache::lonlocal::locallocaltime($endtime); + } else { + $display = $endtime; + } + } + } + if ($target eq 'web') { $message .= "$display"; } else { $message .= "$display,"; } } - } else { if ($target eq 'web') { - $message .= ''.$lt{'no'}.''; + $message .= ''.$lt{'no'}.''; } else { - $message .= $lt{'no'}.','; + $message .= 'no,'; + } + if ((($file eq 'host') || ($file eq 'hostname')) && + (ref($hashref->{$file.'-csr'}) eq 'HASH')) { + if ($hashref->{$file.'-csr'}->{'status'} eq 'ok') { + if ($target eq 'web') { + my $colspan = scalar(@fields); + $message .= ''. + &mt('Request for [_1] awaiting signature', + $lt{$file}).''; + } + $csr{$file} = 1; + } } foreach my $item (@fields) { if ($target eq 'web') { - $message .= ' '; + unless ($csr{$file}) { + $message .= ' '; + } } else { $message .= ','; } @@ -124,14 +257,26 @@ sub print_certstatus { if ($target eq 'web') { $message .= &Apache::loncommon::end_data_table().'
'; } else { + if (keys(%csr)) { + foreach my $file (keys(%csr)) { + if (ref($hashref->{$file.'-csr'}) eq 'HASH') { + $message .= $file.'-csr=yes,'; + foreach my $item (@fields) { + $message .= $hashref->{$file.'-csr'}->{$item}.','; + } + $message =~ s/,$//; + $message .= '&'; + } + } + } $message =~ s/\&$//; } $message .= "\n"; } else { if ($target eq 'web') { - $message .= "$server error\n"; + $message .= "$server:error\n"; } else { - $message .= "$server error\n"; + $message .= "$server:error\n"; } } }