# The LearningOnline Network with CAPA # Checksum installed LON-CAPA modules and some configuration files # # $Id: SSL.pm,v 1.10 2019/07/11 18:12:06 raeburn Exp $ # # The LearningOnline Network with CAPA # # Copyright Michigan State University Board of Trustees # # This file is part of the LearningOnline Network with CAPA (LON-CAPA). # # LON-CAPA is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # LON-CAPA is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with LON-CAPA; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # # /home/httpd/html/adm/gpl.txt # # http://www.lon-capa.org/ # package LONCAPA::SSL; use strict; use lib '/home/httpd/lib/perl/'; use Apache::lonlocal; use Apache::lonnet(); use Apache::loncommon(); use Apache::lonhtmlcommon(); use DateTime; use DateTime::Format::x509; use LONCAPA; sub print_certstatus { my ($servers,$target,$context) = @_; return unless (ref($servers) eq 'HASH'); my $message; my %lt = &Apache::lonlocal::texthash ( 'file' => 'File', 'avai' => 'Available', 'yes' => 'Yes', 'no' => 'No', 'cn' => 'Common Name (CN)', 'start' => 'Valid From', 'end' => 'Valid To', 'alg' => 'Signature Algorithm', 'size' => 'Public Key Size', 'status' => 'Status', 'email' => 'E-mail', 'key' => 'Private Key', 'host' => 'Connections Certificate', 'hostname' => 'Replication Certificate', 'crl' => 'Revocations List', 'ca' => 'LON-CAPA CA Certificate', 'expired' => 'Expired', 'future' => 'Future validity', 'nokey' => 'No key', 'otherkey' => 'No matching key', 'revoked' => 'Revoked by CA', 'wrongcn' => 'Incorrect CN', 'mismatch' => 'Mismatched Issuer', ); my @files = qw(key host hostname ca crl); my @fields = qw(status cn start end alg size email); foreach my $server (sort(keys(%{$servers}))) { my $hostname = $servers->{$server}; my ($result,$hashref) = &Apache::lonnet::get_servercerts_info($server, $hostname, $context); if ($result eq 'ok' && ref($hashref) eq 'HASH') { if ($target eq 'web') { $message .= "
$hostname ($server)". &Apache::loncommon::start_data_table(). &Apache::loncommon::start_data_table_header_row()."\n"; foreach my $item ('file','avai',@fields) { $message .= ''.$lt{$item}.''; } $message .= &Apache::loncommon::end_data_table_header_row()."\n"; } else { $message .= $server.':'; } my %csr; foreach my $file (@files) { if ($target eq 'web') { $message .= &Apache::loncommon::start_data_table_row()."\n". ''.$lt{$file}.''; } else { $message .= $file.'='; } if ((ref($hashref->{$file}) eq 'HASH') && (keys(%{$hashref->{$file}}) > 0)) { my ($starttime,$endtime,$dateinvalid); if ($target eq 'web') { $message .= ''.$lt{'yes'}.''; } else { $message .= 'yes,'; } unless ($file eq 'key') { if ($hashref->{$file}->{'end'} ne '') { if ($file eq 'crl') { $endtime = $hashref->{$file}->{'end'}; } else { my $dt = DateTime::Format::x509->parse_datetime($hashref->{$file}->{'end'}); if (ref($dt)) { $endtime = $dt->epoch; } } if (($endtime ne '') && ($endtime < time)) { $dateinvalid = 'expired'; } } if ($hashref->{$file}->{'start'} ne '') { if ($file eq 'crl') { $starttime = $hashref->{$file}->{'start'}; } else { my $dt = DateTime::Format::x509->parse_datetime($hashref->{$file}->{'start'}); if (ref($dt)) { $starttime = $dt->epoch; } } if ($starttime > time) { unless ($dateinvalid) { $dateinvalid = 'future'; } } } } foreach my $item (@fields) { my $display = $hashref->{$file}->{$item}; if ($item eq 'status') { if ($file eq 'key') { if ($display =~ /ok$/) { if ($target eq 'web') { $display = &Apache::lonhtmlcommon::confirm_success($display); } } } elsif ($file eq 'crl') { if ($dateinvalid) { if (($target eq 'web') && (exists($lt{$dateinvalid}))) { $display = $lt{$dateinvalid}; } else { $display = $dateinvalid; } } elsif ($target eq 'web') { if ($display ne '') { $display = &Apache::lonhtmlcommon::confirm_success($display); } my $details = $hashref->{$file}->{details}; if ($details ne '') { $display .= ' '.$details; } } } elsif ($file eq 'ca') { if ($dateinvalid) { if (($target eq 'web') && (exists($lt{$dateinvalid}))) { $display = $lt{$dateinvalid}; } else { $display = $dateinvalid; } } elsif ($target eq 'web') { if ($display ne '') { $display = &Apache::lonhtmlcommon::confirm_success($display); } } } elsif ($display =~ /^ok/) { if ($dateinvalid) { if (($target eq 'web') && (exists($lt{$dateinvalid}))) { $display = $lt{$dateinvalid}; } else { $display = $dateinvalid; } } elsif ($target eq 'web') { $display = &Apache::lonhtmlcommon::confirm_success($display); } } elsif (($display eq 'nokey') || ($display eq 'otherkey') || ($display eq 'revoked') || ($display eq 'expired') || ($display eq 'wrongcn') || ($display eq 'mismatch') || ($display eq '')) { if (($target eq 'web') && ($display ne '') && (exists($lt{$display}))) { $display = $lt{$display}; } if (ref($hashref->{$file.'-csr'}) eq 'HASH') { if ($hashref->{$file.'-csr'}->{$item} eq 'ok') { if ($target eq 'web') { $display .= (($display ne '')? '
':''). &mt('(New request awaiting signature)'); } $csr{$file} = 1; } } } } elsif ($item eq 'start') { if ($starttime) { if ($target eq 'web') { $display = &Apache::lonlocal::locallocaltime($starttime); } else { $display = $starttime; } } } elsif ($item eq 'end') { if ($endtime) { if ($target eq 'web') { $display = &Apache::lonlocal::locallocaltime($endtime); } else { $display = $endtime; } } } if ($target eq 'web') { $message .= "$display"; } else { $message .= "$display,"; } } } else { if ($target eq 'web') { $message .= ''.$lt{'no'}.''; } else { $message .= 'no,'; } if ((($file eq 'host') || ($file eq 'hostname')) && (ref($hashref->{$file.'-csr'}) eq 'HASH')) { if ($hashref->{$file.'-csr'}->{'status'} eq 'ok') { if ($target eq 'web') { my $colspan = scalar(@fields); $message .= ''. &mt('Request for [_1] awaiting signature', $lt{$file}).''; } $csr{$file} = 1; } } foreach my $item (@fields) { if ($target eq 'web') { unless ($csr{$file}) { $message .= ' '; } } else { $message .= ','; } } } if ($target eq 'web') { $message .= &Apache::loncommon::end_data_table_row()."\n"; } else { $message =~ s/,$//; $message .= '&'; } } if ($target eq 'web') { $message .= &Apache::loncommon::end_data_table().'
'; } else { if (keys(%csr)) { foreach my $file (keys(%csr)) { if (ref($hashref->{$file.'-csr'}) eq 'HASH') { $message .= $file.'-csr=yes,'; foreach my $item (@fields) { $message .= $hashref->{$file.'-csr'}->{$item}.','; } $message =~ s/,$//; $message .= '&'; } } } $message =~ s/\&$//; } $message .= "\n"; } else { if ($target eq 'web') { $message .= "$server:error\n"; } else { $message .= "$server:error\n"; } } } return $message; } 1;