/** * Revoke a CA certificate. * @return void */ public function getPageCaRevoke() { $this->html->setPageTitle('Revoke CA Certificate'); $id = $this->html->crumbGet(WA_QS_ID); if (!is_numeric($id) or $id < 1) { $this->html->errorMsgSet('Must specify valid certificate id.'); die($this->getPageCaView()); } $this->moduleRequired('ca,client,server'); $this->ca->resetProperties(); if ($this->ca->populateFromDb($id) === false) { $this->html->errorMsgSet('Failed to locate the specified certificate.'); die($this->getPageCaView()); } $cert = new phpmycaCert($this->ca); // Is it already revoked? if ($cert->isRevoked()) { $this->html->errorMsgSet('The certificate is already revoked.'); die($this->getPageCaView()); } // Is it already expired? if ($cert->isExpired()) { $this->html->errorMsgSet('Certificate is expired, will not revoke.'); die($this->getPageCaView()); } // Can it be revoked? if (!$cert->isRevokable()) { $m = 'Certificate cannot be revoked. Either the private key is missing' . ' or it has already been revoked.'; $this->html->errorMsgSet($m); die($this->getPageCaView()); } $this->html->setVar('cert', &$cert); // Construct a recursive array that contains all of child certs that will // be affected. Starting with all ca (issuer) certificates. $idTree = $this->ca->getCaFamilyTree($id); if (!is_array($idTree)) { $msg = 'Failed to query CA certs signed by this CA, will not ' . 'continue.'; $this->html->errorMsgSet($msg); die($this->getPageCaView()); } $caIds = $this->ca->getCaFamilyTreeIds($idTree); if (!is_array($caIds)) { $msg = 'Failed to query intermediate CA cert ids signed by this CA, ' . 'will not continue.'; $this->html->errorMsgSet($msg); die($this->getPageCaView()); } // Construct array of ca certificate phpmycaCert objects that will be // affected by the revoke. $caCerts = array(); foreach ($caIds as $caid) { $this->ca->resetProperties(); if ($this->ca->populateFromDb($caid) === false) { $m = 'Failed to query CA certificate ID ' . $caid; $this->html->errorMsgSet($m); die($this->getPageCaView()); } $caCerts[] = new phpmycaCert($this->ca); } $this->html->setVar('caCerts', &$caCerts); // Get list of client certs the affected issuer certs have signed. // Don't forget to add our current id to the ca ids ;) $caIds[] = $id; $this->client->searchReset(); foreach ($this->client->getPropertyList() as $prop) { $this->client->setSearchSelect($prop); } $this->client->setSearchFilter('ParentId', $caIds, 'in'); $certs = $this->client->query(); if (!is_array($certs)) { $msg = 'Failed to query client certs signed by this CA, will not ' . 'continue.'; $this->html->errorMsgSet($msg); die($this->getPageCaView()); } // convert the client certs $clientCerts = array(); foreach ($certs as &$ar) { $clientCerts[] = new phpmycaCert($ar, 'client', 'user', false); } $this->html->setVar('clientCerts', &$clientCerts); // Get list of server certs this ca has signed $this->server->searchReset(); foreach ($this->server->getPropertyList() as $prop) { $this->server->setSearchSelect($prop); } $this->server->setSearchFilter('ParentId', $caIds, 'in'); $certs = $this->server->query(); if (!is_array($certs)) { $msg = 'Failed to query server certs signed by this CA, will not ' . 'continue.'; $this->html->errorMsgSet($msg); die($this->getPageCaView()); } // convert the server certs $serverCerts = array(); foreach ($certs as &$ar) { $serverCerts[] = new phpmycaCert($ar, 'server', 'user', false); } $this->html->setVar('serverCerts', &$serverCerts); // Have they confirmed? if ($this->html->getRequestVar(WA_QS_CONFIRM) !== 'yes') { die($this->html->loadTemplate('ca.revoke.confirm.php')); } // If encrypted, did the user enter the private key passphrase? if ($cert->isEncrypted()) { $m = 'Certificate cannot be revoked, pass phrase not specified or ' . 'invalid.'; $pass = isset($_POST['caPassPhrase']) ? stripslashes(trim($_POST['caPassPhrase'])) : false; $rc = $cert->validatePassphrase($pass); if (!($rc === true)) { $this->html->errorMsgSet($m); die($this->html->loadTemplate('ca.revoke.confirm.php')); } } // Get on wit it $this->ca->setProperty('RevokeDate', 'now()'); $rc = $this->ca->update(); if (!($rc === true)) { $this->html->errorMsgSet($rc); } die($this->getPageCaView()); }
/** * Revoke a CA certificate. * @return void */ public function getPageCaRevoke() { $this->html->setPageTitle('Revoke CA Certificate'); $id = $this->html->crumbGet(WA_QS_ID); if (!is_numeric($id) or $id < 1) { $this->html->errorMsgSet('Must specify valid certificate id.'); die($this->getPageCaView()); } $this->moduleRequired('ca,client,server'); $this->ca->resetProperties(); if ($this->ca->populateFromDb($id) === false) { $this->html->errorMsgSet('Failed to locate the specified certificate.'); die($this->getPageCaView()); } $cert = new phpmycaCert($this->ca); // Is it already revoked? if ($cert->isRevoked()) { $this->html->errorMsgSet('The certificate is already revoked.'); die($this->getPageCaView()); } // Is it already expired? if ($cert->isExpired()) { $this->html->errorMsgSet('Certificate is expired, will not revoke.'); die($this->getPageCaView()); } // Can it be revoked? if (!$cert->isRevokable()) { $m = 'Certificate cannot be revoked. Either the private key is missing' . ' or it has already been revoked.'; $this->html->errorMsgSet($m); die($this->getPageCaView()); } $this->html->setVar('cert', &$cert); // Get list of other ca certs this ca has signed. $certs = $this->ca->getIssuerSubjects($id); if (!is_array($certs)) { $msg = 'Failed to query CA certs signed by this CA, will not ' . 'continue.'; $this->html->errorMsgSet($msg); die($this->getPageCaView()); } // convert the ca certs $caCerts = array(); foreach ($certs as &$ar) { $caCerts[] = new phpmycaCert($ar, 'ca', 'user', false); } $this->html->setVar('caCerts', &$caCerts); // Get list of client certs this ca has signed $certs = $this->client->getIssuerSubjects($id); if (!is_array($certs)) { $msg = 'Failed to query client certs signed by this CA, will not ' . 'continue.'; $this->html->errorMsgSet($msg); die($this->getPageCaView()); } // convert the client certs $clientCerts = array(); foreach ($certs as &$ar) { $clientCerts[] = new phpmycaCert($ar, 'client', 'user', false); } $this->html->setVar('clientCerts', &$clientCerts); // Get list of server certs this ca has signed $certs = $this->server->getIssuerSubjects($id); if (!is_array($certs)) { $msg = 'Failed to query server certs signed by this CA, will not ' . 'continue.'; $this->html->errorMsgSet($msg); die($this->getPageCaView()); } // convert the server certs $serverCerts = array(); foreach ($certs as &$ar) { $serverCerts[] = new phpmycaCert($ar, 'server', 'user', false); } $this->html->setVar('serverCerts', &$serverCerts); // Have they confirmed? if ($this->html->getRequestVar(WA_QS_CONFIRM) !== 'yes') { die($this->html->loadTemplate('ca.revoke.confirm.php')); } // Get on wit it $this->ca->setProperty('RevokeDate', 'now()'); $rc = $this->ca->update(); if (!($rc === true)) { $this->html->errorMsgSet($rc); } die($this->getPageCaView()); }