sign.mlt

   1 <% @header [("title", ["SSL certificate signing requests"])];
   2
   3 val admin = Group.inGroupName "server";
   4
   5 if $"new" <> "" then
   6    val req = $"req";
   7    val key = $"key";
   8    val days = Web.stoi ($"days");
   9    val domain = $"domain";
  10    val msg = $"msg";
  11
  12    if req = "" then
  13       %><h3>Please fill in a path to a certificate request.</h3><%
  14    elseif key = "" then
  15       %><h3>Please fill in a path to a key.</h3><%
  16    elseif days <= 0 then
  17       %><h3>Please give a positive number of days for the certificate to live.</h3><%
  18    elseif not (ChooseDomain.yourDomain {user = Init.getUserName (), domain = domain}) then
  19       %><h3>You don't have permissions on domain <tt><% Web.html domain %></tt>.</h3><%
  20    else
  21       %>Are you sure you want to ask for permissions on an SSL certificate
  22       <li> with request <tt><% Web.html req %></tt>,</li>
  23       <li> with key <tt><% Web.html key %></tt>,</li>
  24       <li> for domain <tt><% domain %></tt>,</li>
  25       <li> lasting <% days %> days?</li>
  26       <a href="?cmd=request&req=<% Web.html req %>&key=<% Web.html key %>&days=<% days %>&domain=<% Web.html domain %>&msg=<% Web.urlEncode msg %>">Yes, I want to request that.</a><%
  27    end
  28 elseif $"cmd" = "request" then
  29    val req = $"req";
  30    val key = $"key";
  31    val days = Web.stoi ($"days");
  32    val domain = $"domain";
  33    val msg = $"msg";
  34
  35    if req = "" then
  36       %><h3>Please fill in a path to a certificate request.</h3><%
  37    elseif key = "" then
  38       %><h3>Please fill in a path to a key.</h3><%
  39    elseif days <= 0 then
  40       %><h3>Please give a positive number of days for the certificate to live.</h3><%
  41    elseif not (ChooseDomain.yourDomain {user = Init.getUserName (), domain = domain}) then
  42       %><h3>You don't have permissions on domain <tt><% Web.html domain %></tt>.</h3><%
  43    else
  44      val gen = req;
  45
  46      val text = "/afs/hcoop.net/common/etc/scripts/ca-sign "
  47        ^ Int.toString days ^ " "
  48        ^ req ^ " "
  49        ^ key ^ " "
  50        ^ gen ^ " "
  51        ^ domain;
  52
  53      val id = Sign.add (Init.getUserId (), text, msg);
  54      if not (Sign.notifyNew id) then
  55         %><h3>Error sending e-mail notification</h3><%
  56      end
  57      %><h3>Request added</h3><%
  58   end
  59 elseif $"cmd" = "open" then
  60         %><h3>Open requests</h3>
  61         <a href="?cmd=list">List all requests</a><%
  62
  63         foreach (name, req) in Sign.listOpen () do %>
  64 <br><hr><br>
  65 <table class="blanks">
  66 <tr> <td>By:</td> <td><a href="user?id=<% #usr req %>"><% name %></a></td> </tr>
  67 <tr> <td>Time:</td> <td><% #stamp req %> (<% Util.diffFromNow (#stamp req) %> ago)</td> </tr>
  68 <tr> <td>Request:</td> <td><tt><% #data req %></tt></td> </tr>
  69 <tr> <td>Reason:</td> <td><% Web.html (#msg req) %></td> </tr>
  70 </table>
  71
  72 <% if admin then %>
  73         <br>
  74         <a href="?mod=<% #id req %>">[Modify]</a>
  75         <a href="?del=<% #id req %>">[Delete]</a><br>
  76 <% end %>
  77
  78 <%      end
  79
  80 elseif $"cmd" = "list" then
  81         %><h3>All requests</h3><%
  82
  83         foreach (name, req) in Sign.list () do %>
  84 <br><hr><br>
  85 <table class="blanks">
  86 <tr> <td>By:</td> <td><a href="user?id=<% #usr req %>"><% name %></a></td> </tr>
  87 <tr> <td>Time:</td> <td><% #stamp req %> (<% Util.diffFromNow (#stamp req) %> ago)</td> </tr>
  88 <tr> <td>Request:</td> <td><tt><% #data req %></tt></td> </tr>
  89 <tr> <td>Reason:</td> <td><% Web.html (#msg req) %></td> </tr>
  90 </table>
  91
  92 <% if admin then %>
  93         <br>
  94         <a href="?mod=<% #id req %>">[Modify]</a>
  95         <a href="?del=<% #id req %>">[Delete]</a>
  96 <% end %>
  97
  98 <%      end
  99
 100 elseif $"mod" <> "" then
 101         Group.requireGroupName "server";
 102         val id = Web.stoi ($"mod");
 103         val req = Sign.lookup id;
 104         val user = Init.lookupUser (#usr req) %>
 105 <h3>Handle request</h3>
 106
 107 <form method="post">
 108 <input type="hidden" name="save" value="<% id %>">
 109 <table class="blanks">
 110 <tr> <td>Requestor:</td> <td><a href="user?id=<% #usr req %>"><% #name user %></a></td> </tr>
 111 <tr> <td>Time:</td> <td><% #stamp req %> (<% Util.diffFromNow (#stamp req) %> ago)</td> </tr>
 112 <tr> <td>Status:</td> <td><select name="status">
 113         <option value="0"<% if #status req = Sign.NEW then %> selected<% end %>>New</option>
 114         <option value="1"<% if #status req = Sign.INSTALLED then %> selected<% end %>>Installed</option>
 115         <option value="2"<% if #status req = Sign.REJECTED then %> selected<% end %>>Rejected</option>
 116 </select></td> </tr>
 117 <tr> <td>Request:</td> <td><input name="req" size="60" value="<% Web.html (#data req) %>"></td> </tr>
 118 <tr> <td>Message:</td> <td><textarea name="msg" rows="10" cols="80" wrap="soft"><% Web.html (#msg req) %></textarea></td> </tr>
 119 <tr> <td><input type="submit" value="Save"></td> </tr>
 120 </table>
 121 </form>
 122
 123 <% elseif $"save" <> "" then
 124         Group.requireGroupName "server";
 125         val id = Web.stoi ($"save");
 126         val req = Sign.lookup id;
 127         val oldStatus = #status req;
 128         val newStatus = Sign.statusFromInt (Web.stoi ($"status"));
 129         Sign.modify {req with data = $"req", msg = $"msg", status = newStatus};
 130         if not (Sign.notifyMod (oldStatus, newStatus, Init.getUserName(), id)) then
 131                 %><h3>Error sending e-mail notification</h3><%
 132         end
 133         %><h3>Request modified</h3>
 134         Back to: <a href="?cmd=open">open requests</a>, <a href="?cmd=list">all requests</a>
 135
 136 <% elseif $"del" <> "" then
 137         Group.requireGroupName "server";
 138         val id = Web.stoi ($"del");
 139         val req = Sign.lookup id;
 140         val user = Init.lookupUser (#usr req)
 141         %><h3>Are you sure you want to delete request by <% #name user %> for <tt><% #data req %></tt>?</h3>
 142         <a href="?del2=<% id %>">Yes, I'm sure!</a>
 143
 144 <% elseif $"del2" <> "" then
 145         Group.requireGroupName "server";
 146         val id = Web.stoi ($"del2");
 147         Sign.delete id
 148         %><h3>Request deleted</b><h3>
 149         Back to: <a href="?cmd=open">open requests</a>, <a href="?cmd=list">all requests</a>
 150
 151 <% else %>
 152
 153 <h3>Request SSL certificate signing</h3>
 154
 155 <p>Use this form to request that we sign an an SSL certificate with our certificate authority.  Give the location of your certificate request (<tt>.csr</tt> file) and key (<tt>.key</tt> file) within <tt>/afs/hcoop.net</tt>.</p>
 156
 157 <p>The <a href="http://wiki.hcoop.net/MemberManual/ServingWebsites/SslCert">instructions on our wiki for creating SSL certificates</a> may be helpful.</p>
 158
 159 <form method="post">
 160 <input type="hidden" name="new" value="1">
 161 <table class="blanks">
 162 <tr> <td>Domain:</td> <td><% @chooseDomain[] %></td> </tr>
 163 <tr> <td>OpenSSL request file:</td> <td><input name="req" size="60"></td> </tr>
 164 <tr> <td>OpenSSL key file:</td> <td><input name="key" size="60"></td> </tr>
 165 <tr> <td>Certificate lifetime, in days:</td> <td><input name="days" size="5" value="3650"></td></tr>
 166 <tr> <td>Additional comments:</td> <td><textarea name="msg" rows="5" cols="80" wrap="soft"></textarea></td> </tr>
 167 <tr> <td><input type="submit" value="Request"></td> </tr>
 168 </table>
 169 </form>
 170
 171 <% end %>
 172
 173 <% @footer[] %>