public function process() { if (!$this->person->isAuth()) { error_msg("This is an impossible condition. How did you get in here?"); return; } $subscriber = $this->person->getSubscriber(); if (empty($subscriber) || !$subscriber->isSubscribed()) { $this->tpl->assign('not_subscribed_header', $this->translateTag('l10n_not_sub_header', 'messages')); $this->tpl->assign('not_subscribed_1', $this->translateTag('l10n_not_sub_1', 'messages')); $this->tpl->assign('not_subscribed_2', $this->translateTag('l10n_not_sub_2', 'messages')); $this->tpl->assign('content', $this->tpl->fetch('errors/unsubscribed.tpl')); return; } /* test and handle flags */ $this->processDBCert(); try { $certList = $this->ca->getCertList($this->showAll); /* sort the revoked certificates after the active certificates */ $revoked = array_filter($certList, array($this, 'revokedFilter')); $non_revoked = array_diff_assoc($certList, $revoked); $certList = $non_revoked + $revoked; $this->tpl->assign('certList', $certList); $this->tpl->assign('showAll', $this->showAll); $this->tpl->assign('defaultDays', Config::get_config('capi_default_cert_poll_days')); } catch (ConfusaGenException $e) { Framework::error_output($this->translateMessageTag('downl_err_db') . " " . $e->getMessage()); } /* animate the user to install the root certificate in personal mode, * so Thunderbird will fully trust the certs when using them in S/MIME */ if (Config::get_config('cert_product') == PRD_PERSONAL) { $this->tpl->assign('ca_certificate', ConfusaConstants::$CAPI_PERSONAL_ROOT_CERT); } /* coming from browser signing - hint the user to install the cert */ $browserCertOrderNumber = CS::getSessionKey("browserCert"); if (isset($browserCertOrderNumber)) { CS::deleteSessionKey('browserCert'); $this->tpl->assign('newBrowserCert', $browserCertOrderNumber); } $this->tpl->assign('permission', $this->person->mayRequestCertificate()); $this->tpl->assign('standalone', Config::get_config('ca_mode') === CA_STANDALONE); $this->tpl->assign('content', $this->tpl->fetch('download_certificate.tpl')); }
/** * Delete the e-mails registered for a user from the sesssion information */ public function clearRegCertEmails() { CS::deleteSessionKey('CertEmails'); }
public function revokeCert($key, $reason) { $key = $this->transformToOrderNumber($key); $return_res = NULL; Logger::log_event(LOG_NOTICE, "Revoking certificate with order number " . $key . " using Comodo's auto-revoke-API. " . $this->owner_string); $revoke_endpoint = ConfusaConstants::$CAPI_REVOKE_ENDPOINT; $postfields_revoke = $this->bs_pf(); $postfields_revoke["revocationReason"] = $reason; $postfields_revoke["orderNumber"] = $key; $postfields_revoke["includeInCRL"] = 'Y'; /* will not revoke test certificates? */ if (Config::get_config('capi_test')) { Logger::log_event(LOG_DEBUG, "CA_C: in test-mode"); $postfields_revoke["test"] = 'Y'; } $data = CurlWrapper::curlContact($revoke_endpoint, "post", $postfields_revoke); /* try to catch all kinds of errors that can happen when connecting */ if ($data === FALSE) { Logger::log_event(LOG_NOTICE, "[CA_C]: Could not connect to revoke-API. Check configuration."); throw new CGE_ComodoAPIException("Could not connect to revoke-API! " . "Check Confusa configuration!\n"); } else { $error_parts = explode("\n", $data, 2); $STATUS_OK = "0"; if (!is_numeric($error_parts[0])) { throw new CGE_ComodoAPIException("Received an unexpected response from " . "the remote API. Probably Confusa is " . "misconfigured! Please contact an " . "administrator!"); } switch ($error_parts[0]) { case $STATUS_OK: CS::deleteSessionKey('rawCertList'); Logger::log_event(LOG_NOTICE, "Revoked certificate with " . "order number {$key} using Comodo's AutoRevoke " . "API. " . $this->owner_string); return true; break; default: $msg = $this->capiErrorMessage($error_parts[0], $error_parts[1]); Logger::log_event(LOG_ERR, "Revocation of certificate with " . "order_number {$key} failed! " . $this->owner_string); throw new CGE_ComodoAPIException("Received error message {$data}. {$msg}"); break; } } }
/** * Display a list of distinguished names whose certificates will be revoked * based on an uploaded CSV with a list of UIDs (e.g. eppns). Offer the * possibility to revoke these certificates. * * @param $eppn_file string The name of the $_FILES parameter containining the * CSV of unique identifiers * @param $subscriber string The name of the subscriber by which the search is * scoped * */ private function search_list_display($eppn_file, $subscriber) { /* These can become a *lot* of auth_keys/order_numbers. Thus, save the list * of auth_keys preferrably in the session, otherwise it will take forever * to download the site and I am not sure if it is such a good idea to send * an endless list of auth_keys as hidden parameters * to the user and then from there back again with a POST to the server */ CS::deleteSessionKey('auth_keys'); $csvl = new CSV_Lib($eppn_file); $eppn_list = $csvl->get_csv_entries(); $certs = array(); $auth_keys = array(); foreach ($eppn_list as $eppn) { $eppn = Input::sanitizeEPPN($eppn); $eppn_certs = $this->ca->getCertListForEPPN($eppn, $subscriber); $certs = array_merge($certs, $eppn_certs); } if (count($certs) > 0) { /* get the certificate owner/order number pairs into a ordering that * permits us to send the order-numbers for each certificate owner * to the revocation method */ foreach ($certs as $row) { $owners[] = str_replace(",", ", ", $row['cert_owner']); $auth_keys[] = $row['auth_key']; } $owners = array_unique($owners); CS::setSessionKey('auth_keys', $auth_keys); $this->tpl->assign('owners', $owners); $this->tpl->assign('revoke_list', true); $this->tpl->assign('nren_reasons', ConfusaConstants::$REVOCATION_REASONS); $this->tpl->assign('selected', 'unspecified'); } }