/**
* Revoke a CA certificate.
* @return void
*/
public function getPageCaRevoke()
{
$this->html->setPageTitle('Revoke CA Certificate');
$id = $this->html->crumbGet(WA_QS_ID);
if (!is_numeric($id) or $id < 1) {
$this->html->errorMsgSet('Must specify valid certificate id.');
die($this->getPageCaView());
}
$this->moduleRequired('ca,client,server');
$this->ca->resetProperties();
if ($this->ca->populateFromDb($id) === false) {
$this->html->errorMsgSet('Failed to locate the specified certificate.');
die($this->getPageCaView());
}
$cert = new phpmycaCert($this->ca);
// Is it already revoked?
if ($cert->isRevoked()) {
$this->html->errorMsgSet('The certificate is already revoked.');
die($this->getPageCaView());
}
// Is it already expired?
if ($cert->isExpired()) {
$this->html->errorMsgSet('Certificate is expired, will not revoke.');
die($this->getPageCaView());
}
// Can it be revoked?
if (!$cert->isRevokable()) {
$m = 'Certificate cannot be revoked. Either the private key is missing' . ' or it has already been revoked.';
$this->html->errorMsgSet($m);
die($this->getPageCaView());
}
$this->html->setVar('cert', &$cert);
// Construct a recursive array that contains all of child certs that will
// be affected. Starting with all ca (issuer) certificates.
$idTree = $this->ca->getCaFamilyTree($id);
if (!is_array($idTree)) {
$msg = 'Failed to query CA certs signed by this CA, will not ' . 'continue.';
$this->html->errorMsgSet($msg);
die($this->getPageCaView());
}
$caIds = $this->ca->getCaFamilyTreeIds($idTree);
if (!is_array($caIds)) {
$msg = 'Failed to query intermediate CA cert ids signed by this CA, ' . 'will not continue.';
$this->html->errorMsgSet($msg);
die($this->getPageCaView());
}
// Construct array of ca certificate phpmycaCert objects that will be
// affected by the revoke.
$caCerts = array();
foreach ($caIds as $caid) {
$this->ca->resetProperties();
if ($this->ca->populateFromDb($caid) === false) {
$m = 'Failed to query CA certificate ID ' . $caid;
$this->html->errorMsgSet($m);
die($this->getPageCaView());
}
$caCerts[] = new phpmycaCert($this->ca);
}
$this->html->setVar('caCerts', &$caCerts);
// Get list of client certs the affected issuer certs have signed.
// Don't forget to add our current id to the ca ids ;)
$caIds[] = $id;
$this->client->searchReset();
foreach ($this->client->getPropertyList() as $prop) {
$this->client->setSearchSelect($prop);
}
$this->client->setSearchFilter('ParentId', $caIds, 'in');
$certs = $this->client->query();
if (!is_array($certs)) {
$msg = 'Failed to query client certs signed by this CA, will not ' . 'continue.';
$this->html->errorMsgSet($msg);
die($this->getPageCaView());
}
// convert the client certs
$clientCerts = array();
foreach ($certs as &$ar) {
$clientCerts[] = new phpmycaCert($ar, 'client', 'user', false);
}
$this->html->setVar('clientCerts', &$clientCerts);
// Get list of server certs this ca has signed
$this->server->searchReset();
foreach ($this->server->getPropertyList() as $prop) {
$this->server->setSearchSelect($prop);
}
$this->server->setSearchFilter('ParentId', $caIds, 'in');
$certs = $this->server->query();
if (!is_array($certs)) {
$msg = 'Failed to query server certs signed by this CA, will not ' . 'continue.';
$this->html->errorMsgSet($msg);
die($this->getPageCaView());
}
// convert the server certs
$serverCerts = array();
foreach ($certs as &$ar) {
$serverCerts[] = new phpmycaCert($ar, 'server', 'user', false);
}
$this->html->setVar('serverCerts', &$serverCerts);
// Have they confirmed?
if ($this->html->getRequestVar(WA_QS_CONFIRM) !== 'yes') {
die($this->html->loadTemplate('ca.revoke.confirm.php'));
}
// If encrypted, did the user enter the private key passphrase?
if ($cert->isEncrypted()) {
$m = 'Certificate cannot be revoked, pass phrase not specified or ' . 'invalid.';
$pass = isset($_POST['caPassPhrase']) ? stripslashes(trim($_POST['caPassPhrase'])) : false;
$rc = $cert->validatePassphrase($pass);
if (!($rc === true)) {
$this->html->errorMsgSet($m);
die($this->html->loadTemplate('ca.revoke.confirm.php'));
}
}
// Get on wit it
$this->ca->setProperty('RevokeDate', 'now()');
$rc = $this->ca->update();
if (!($rc === true)) {
$this->html->errorMsgSet($rc);
}
die($this->getPageCaView());
}
/**
* Revoke a CA certificate.
* @return void
*/
public function getPageCaRevoke()
{
$this->html->setPageTitle('Revoke CA Certificate');
$id = $this->html->crumbGet(WA_QS_ID);
if (!is_numeric($id) or $id < 1) {
$this->html->errorMsgSet('Must specify valid certificate id.');
die($this->getPageCaView());
}
$this->moduleRequired('ca,client,server');
$this->ca->resetProperties();
if ($this->ca->populateFromDb($id) === false) {
$this->html->errorMsgSet('Failed to locate the specified certificate.');
die($this->getPageCaView());
}
$cert = new phpmycaCert($this->ca);
// Is it already revoked?
if ($cert->isRevoked()) {
$this->html->errorMsgSet('The certificate is already revoked.');
die($this->getPageCaView());
}
// Is it already expired?
if ($cert->isExpired()) {
$this->html->errorMsgSet('Certificate is expired, will not revoke.');
die($this->getPageCaView());
}
// Can it be revoked?
if (!$cert->isRevokable()) {
$m = 'Certificate cannot be revoked. Either the private key is missing' . ' or it has already been revoked.';
$this->html->errorMsgSet($m);
die($this->getPageCaView());
}
$this->html->setVar('cert', &$cert);
// Get list of other ca certs this ca has signed.
$certs = $this->ca->getIssuerSubjects($id);
if (!is_array($certs)) {
$msg = 'Failed to query CA certs signed by this CA, will not ' . 'continue.';
$this->html->errorMsgSet($msg);
die($this->getPageCaView());
}
// convert the ca certs
$caCerts = array();
foreach ($certs as &$ar) {
$caCerts[] = new phpmycaCert($ar, 'ca', 'user', false);
}
$this->html->setVar('caCerts', &$caCerts);
// Get list of client certs this ca has signed
$certs = $this->client->getIssuerSubjects($id);
if (!is_array($certs)) {
$msg = 'Failed to query client certs signed by this CA, will not ' . 'continue.';
$this->html->errorMsgSet($msg);
die($this->getPageCaView());
}
// convert the client certs
$clientCerts = array();
foreach ($certs as &$ar) {
$clientCerts[] = new phpmycaCert($ar, 'client', 'user', false);
}
$this->html->setVar('clientCerts', &$clientCerts);
// Get list of server certs this ca has signed
$certs = $this->server->getIssuerSubjects($id);
if (!is_array($certs)) {
$msg = 'Failed to query server certs signed by this CA, will not ' . 'continue.';
$this->html->errorMsgSet($msg);
die($this->getPageCaView());
}
// convert the server certs
$serverCerts = array();
foreach ($certs as &$ar) {
$serverCerts[] = new phpmycaCert($ar, 'server', 'user', false);
}
$this->html->setVar('serverCerts', &$serverCerts);
// Have they confirmed?
if ($this->html->getRequestVar(WA_QS_CONFIRM) !== 'yes') {
die($this->html->loadTemplate('ca.revoke.confirm.php'));
}
// Get on wit it
$this->ca->setProperty('RevokeDate', 'now()');
$rc = $this->ca->update();
if (!($rc === true)) {
$this->html->errorMsgSet($rc);
}
die($this->getPageCaView());
}
