![[BACK]](/icons/back.gif){kind=icon}
Return to SSL.pm CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [LON-CAPA] / loncom / configuration|
Return to SSL.pm CVS log | Up to [LON-CAPA] / loncom / configuration |
1.1 raeburn 1: # The LearningOnline Network with CAPA
2: # Checksum installed LON-CAPA modules and some configuration files
3: #
1.10 ! raeburn 4: # $Id: SSL.pm,v 1.9 2019/04/12 02:41:47 raeburn Exp $
1.1 raeburn 5: #
6: # The LearningOnline Network with CAPA
7: #
8: # Copyright Michigan State University Board of Trustees
9: #
10: # This file is part of the LearningOnline Network with CAPA (LON-CAPA).
11: #
12: # LON-CAPA is free software; you can redistribute it and/or modify
13: # it under the terms of the GNU General Public License as published by
14: # the Free Software Foundation; either version 2 of the License, or
15: # (at your option) any later version.
16: #
17: # LON-CAPA is distributed in the hope that it will be useful,
18: # but WITHOUT ANY WARRANTY; without even the implied warranty of
19: # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20: # GNU General Public License for more details.
21: #
22: # You should have received a copy of the GNU General Public License
23: # along with LON-CAPA; if not, write to the Free Software
24: # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
25: #
26: # /home/httpd/html/adm/gpl.txt
27: #
28: # http://www.lon-capa.org/
29: #
30:
31: package LONCAPA::SSL;
32: use strict;
33: use lib '/home/httpd/lib/perl/';
1.7 raeburn 34: use Apache::lonlocal;
1.1 raeburn 35: use Apache::lonnet();
36: use Apache::loncommon();
37: use Apache::lonhtmlcommon();
1.4 raeburn 38: use DateTime;
39: use DateTime::Format::x509;
1.1 raeburn 40: use LONCAPA;
41:
42: sub print_certstatus {
43: my ($servers,$target,$context) = @_;
44: return unless (ref($servers) eq 'HASH');
45: my $message;
46: my %lt = &Apache::lonlocal::texthash (
47: 'file' => 'File',
48: 'avai' => 'Available',
49: 'yes' => 'Yes',
50: 'no' => 'No',
1.7 raeburn 51: 'cn' => 'Common Name (CN)',
1.1 raeburn 52: 'start' => 'Valid From',
53: 'end' => 'Valid To',
54: 'alg' => 'Signature Algorithm',
55: 'size' => 'Public Key Size',
56: 'status' => 'Status',
57: 'email' => 'E-mail',
58: 'key' => 'Private Key',
59: 'host' => 'Connections Certificate',
60: 'hostname' => 'Replication Certificate',
1.10 ! raeburn 61: 'crl' => 'Revocations List',
1.1 raeburn 62: 'ca' => 'LON-CAPA CA Certificate',
1.4 raeburn 63: 'expired' => 'Expired',
64: 'future' => 'Future validity',
1.5 raeburn 65: 'nokey' => 'No key',
1.7 raeburn 66: 'otherkey' => 'No matching key',
67: 'revoked' => 'Revoked by CA',
68: 'wrongcn' => 'Incorrect CN',
1.8 raeburn 69: 'mismatch' => 'Mismatched Issuer',
1.1 raeburn 70: );
1.10 ! raeburn 71: my @files = qw(key host hostname ca crl);
1.1 raeburn 72: my @fields = qw(status cn start end alg size email);
73: foreach my $server (sort(keys(%{$servers}))) {
1.7 raeburn 74: my $hostname = $servers->{$server};
75: my ($result,$hashref) = &Apache::lonnet::get_servercerts_info($server,
76: $hostname,
77: $context);
1.1 raeburn 78: if ($result eq 'ok' && ref($hashref) eq 'HASH') {
79: if ($target eq 'web') {
80: $message .= "<fieldset><legend>$hostname ($server)</legend>".
81: &Apache::loncommon::start_data_table().
82: &Apache::loncommon::start_data_table_header_row()."\n";
83: foreach my $item ('file','avai',@fields) {
84: $message .= '<th>'.$lt{$item}.'</th>';
85: }
86: $message .= &Apache::loncommon::end_data_table_header_row()."\n";
87: } else {
88: $message .= $server.':';
89: }
1.7 raeburn 90: my %csr;
1.1 raeburn 91: foreach my $file (@files) {
92: if ($target eq 'web') {
93: $message .= &Apache::loncommon::start_data_table_row()."\n".
94: '<td>'.$lt{$file}.'</td>';
95: } else {
96: $message .= $file.'=';
97: }
1.9 raeburn 98: if ((ref($hashref->{$file}) eq 'HASH') && (keys(%{$hashref->{$file}}) > 0)) {
1.4 raeburn 99: my ($starttime,$endtime,$dateinvalid);
1.1 raeburn 100: if ($target eq 'web') {
101: $message .= '<td>'.$lt{'yes'}.'</td>';
102: } else {
1.5 raeburn 103: $message .= 'yes,';
1.1 raeburn 104: }
1.4 raeburn 105: unless ($file eq 'key') {
106: if ($hashref->{$file}->{'end'} ne '') {
1.10 ! raeburn 107: if ($file eq 'crl') {
! 108: $endtime = $hashref->{$file}->{'end'};
! 109: } else {
! 110: my $dt = DateTime::Format::x509->parse_datetime($hashref->{$file}->{'end'});
! 111: if (ref($dt)) {
! 112: $endtime = $dt->epoch;
1.4 raeburn 113: }
114: }
1.10 ! raeburn 115: if (($endtime ne '') && ($endtime < time)) {
! 116: $dateinvalid = 'expired';
! 117: }
1.4 raeburn 118: }
119: if ($hashref->{$file}->{'start'} ne '') {
1.10 ! raeburn 120: if ($file eq 'crl') {
! 121: $starttime = $hashref->{$file}->{'start'};
! 122: } else {
! 123: my $dt = DateTime::Format::x509->parse_datetime($hashref->{$file}->{'start'});
! 124: if (ref($dt)) {
! 125: $starttime = $dt->epoch;
! 126: }
! 127: }
! 128: if ($starttime > time) {
! 129: unless ($dateinvalid) {
! 130: $dateinvalid = 'future';
1.4 raeburn 131: }
132: }
133: }
134: }
1.1 raeburn 135: foreach my $item (@fields) {
136: my $display = $hashref->{$file}->{$item};
1.4 raeburn 137: if ($item eq 'status') {
138: if ($file eq 'key') {
139: if ($display =~ /ok$/) {
140: if ($target eq 'web') {
141: $display = &Apache::lonhtmlcommon::confirm_success($display);
142: }
143: }
1.10 ! raeburn 144: } elsif ($file eq 'crl') {
! 145: if ($dateinvalid) {
! 146: if (($target eq 'web') && (exists($lt{$dateinvalid}))) {
! 147: $display = $lt{$dateinvalid};
! 148: } else {
! 149: $display = $dateinvalid;
! 150: }
! 151: } elsif ($target eq 'web') {
! 152: if ($display ne '') {
! 153: $display = &Apache::lonhtmlcommon::confirm_success($display);
! 154: }
! 155: my $details = $hashref->{$file}->{details};
! 156: if ($details ne '') {
! 157: $display .= ' '.$details;
! 158: }
! 159: }
1.4 raeburn 160: } elsif ($file eq 'ca') {
161: if ($dateinvalid) {
1.10 ! raeburn 162: if (($target eq 'web') && (exists($lt{$dateinvalid}))) {
! 163: $display = $lt{$dateinvalid};
! 164: } else {
! 165: $display = $dateinvalid;
! 166: }
1.4 raeburn 167: } elsif ($target eq 'web') {
1.10 ! raeburn 168: if ($display ne '') {
! 169: $display = &Apache::lonhtmlcommon::confirm_success($display);
! 170: }
1.4 raeburn 171: }
172: } elsif ($display =~ /^ok/) {
173: if ($dateinvalid) {
1.10 ! raeburn 174: if (($target eq 'web') && (exists($lt{$dateinvalid}))) {
! 175: $display = $lt{$dateinvalid};
! 176: } else {
! 177: $display = $dateinvalid;
! 178: }
1.4 raeburn 179: } elsif ($target eq 'web') {
180: $display = &Apache::lonhtmlcommon::confirm_success($display);
181: }
1.7 raeburn 182: } elsif (($display eq 'nokey') || ($display eq 'otherkey') ||
183: ($display eq 'revoked') || ($display eq 'expired') ||
1.10 ! raeburn 184: ($display eq 'wrongcn') || ($display eq 'mismatch') ||
! 185: ($display eq '')) {
! 186: if (($target eq 'web') && ($display ne '') && (exists($lt{$display}))) {
1.7 raeburn 187: $display = $lt{$display};
188: }
189: if (ref($hashref->{$file.'-csr'}) eq 'HASH') {
190: if ($hashref->{$file.'-csr'}->{$item} eq 'ok') {
191: if ($target eq 'web') {
1.10 ! raeburn 192: $display .= (($display ne '')? '<br />':'').
! 193: &mt('(New request awaiting signature)');
1.7 raeburn 194: }
195: $csr{$file} = 1;
196: }
1.5 raeburn 197: }
1.4 raeburn 198: }
199: } elsif ($item eq 'start') {
200: if ($starttime) {
201: if ($target eq 'web') {
202: $display = &Apache::lonlocal::locallocaltime($starttime);
203: } else {
204: $display = $starttime;
205: }
206: }
207: } elsif ($item eq 'end') {
208: if ($endtime) {
209: if ($target eq 'web') {
210: $display = &Apache::lonlocal::locallocaltime($endtime);
211: } else {
212: $display = $endtime;
213: }
214: }
215: }
1.1 raeburn 216: if ($target eq 'web') {
217: $message .= "<td>$display</td>";
218: } else {
219: $message .= "$display,";
220: }
221: }
222: } else {
223: if ($target eq 'web') {
1.6 raeburn 224: $message .= '<td>'.$lt{'no'}.'</td>';
1.1 raeburn 225: } else {
1.5 raeburn 226: $message .= 'no,';
1.1 raeburn 227: }
1.7 raeburn 228: if ((($file eq 'host') || ($file eq 'hostname')) &&
229: (ref($hashref->{$file.'-csr'}) eq 'HASH')) {
230: if ($hashref->{$file.'-csr'}->{'status'} eq 'ok') {
231: if ($target eq 'web') {
232: my $colspan = scalar(@fields);
233: $message .= '<td colspan="'.$colspan.'">'.
234: &mt('Request for [_1] awaiting signature',
235: $lt{$file}).'</td>';
236: }
237: $csr{$file} = 1;
238: }
239: }
1.1 raeburn 240: foreach my $item (@fields) {
241: if ($target eq 'web') {
1.7 raeburn 242: unless ($csr{$file}) {
243: $message .= '<td> </td>';
244: }
1.1 raeburn 245: } else {
246: $message .= ',';
247: }
1.2 raeburn 248: }
249: }
250: if ($target eq 'web') {
251: $message .= &Apache::loncommon::end_data_table_row()."\n";
252: } else {
253: $message =~ s/,$//;
254: $message .= '&';
1.1 raeburn 255: }
256: }
257: if ($target eq 'web') {
258: $message .= &Apache::loncommon::end_data_table().'</fieldset>';
259: } else {
1.7 raeburn 260: if (keys(%csr)) {
261: foreach my $file (keys(%csr)) {
262: if (ref($hashref->{$file.'-csr'}) eq 'HASH') {
263: $message .= $file.'-csr=yes,';
264: foreach my $item (@fields) {
265: $message .= $hashref->{$file.'-csr'}->{$item}.',';
266: }
267: $message =~ s/,$//;
268: $message .= '&';
269: }
270: }
271: }
1.1 raeburn 272: $message =~ s/\&$//;
273: }
274: $message .= "\n";
275: } else {
276: if ($target eq 'web') {
1.3 raeburn 277: $message .= "$server:error\n";
1.1 raeburn 278: } else {
1.3 raeburn 279: $message .= "$server:error\n";
1.1 raeburn 280: }
281: }
282: }
283: return $message;
284: }
285:
286: 1;
287: