cert.mlt

   1 <% @header [("title", ["SSL certificate permission requests"])];
   2
   3 val admin = Group.inGroupName "server";
   4
   5 if $"new" <> "" then
   6    val cert = $"cert";
   7    val domain = $"domain";
   8    val subdomain = $"subdomain";
   9    val msg = $"msg";
  10
  11    if cert = "" then
  12       %><h3>Please fill in a path to a certificate.</h3><%
  13    elseif not (ChooseDomain.yourDomain {user = Init.getUserName (), domain = domain}) then
  14       %><h3>You don't have permissions on domain <tt><% Web.html domain %></tt>.</h3><%
  15    else
  16       %>Are you sure you want to ask for permissions on an SSL certificate
  17       <ul>
  18       <li> at <tt><% Web.html cert %></tt>,</li>
  19       <li> for domain <tt><% Sec.fulldomain (subdomain, domain) %></tt>?</li>
  20       </ul>
  21       <a href="?cmd=request&cert=<% Web.html cert %>&domain=<% Web.html domain %>&subdomain=<% Web.html subdomain %>&msg=<% Web.urlEncode msg %>">Yes, I want to request that.</a><%
  22    end
  23 elseif $"cmd" = "request" then
  24    val cert = $"cert";
  25    val domain = $"domain";
  26    val subdomain = $"subdomain";
  27    val msg = $"msg";
  28
  29    if cert = "" then
  30       %><h3>Please fill in a path to a certificate.</h3><%
  31    elseif not (ChooseDomain.yourDomain {user = Init.getUserName (), domain = domain}) then
  32       %><h3>You don't have permissions on domain <tt><% Web.html domain %></tt>.</h3><%
  33    else
  34      val text = "/afs/hcoop.net/common/etc/scripts/ca-install "
  35        ^ Init.getUserName () ^ " "
  36        ^ (Sec.fulldomain (subdomain, domain)) ^ " "
  37        ^ cert
  38
  39      val id = Cert.add (Init.getUserId (), text, msg);
  40      if not (Cert.notifyNew id) then
  41         %><h3>Error sending e-mail notification</h3><%
  42      end
  43      %><h3>Request added</h3><%
  44   end
  45 elseif $"cmd" = "open" then
  46         %><h3>Open requests</h3>
  47         <a href="?cmd=list">List all requests</a><%
  48
  49         foreach (name, req) in Cert.listOpen () do %>
  50 <br><hr><br>
  51 <table class="blanks">
  52 <tr> <td>By:</td> <td><a href="user?id=<% #usr req %>"><% name %></a></td> </tr>
  53 <tr> <td>Time:</td> <td><% #stamp req %> (<% Util.diffFromNow (#stamp req) %> ago)</td> </tr>
  54 <tr> <td>Request:</td> <td><tt><% #data req %></tt></td> </tr>
  55 <tr> <td>Reason:</td> <td><% Web.html (#msg req) %></td> </tr>
  56 </table>
  57
  58 <% if admin then %>
  59         <br>
  60         <a href="?mod=<% #id req %>">[Modify]</a>
  61         <a href="?del=<% #id req %>">[Delete]</a><br>
  62 <% end %>
  63
  64 <%      end
  65
  66 elseif $"cmd" = "list" then
  67         %><h3>All requests</h3><%
  68
  69         foreach (name, req) in Cert.list () do %>
  70 <br><hr><br>
  71 <table class="blanks">
  72 <tr> <td>By:</td> <td><a href="user?id=<% #usr req %>"><% name %></a></td> </tr>
  73 <tr> <td>Time:</td> <td><% #stamp req %> (<% Util.diffFromNow (#stamp req) %> ago)</td> </tr>
  74 <tr> <td>Request:</td> <td><tt><% #data req %></tt></td> </tr>
  75 <tr> <td>Reason:</td> <td><% Web.html (#msg req) %></td> </tr>
  76 </table>
  77
  78 <% if admin then %>
  79         <br>
  80         <a href="?mod=<% #id req %>">[Modify]</a>
  81         <a href="?del=<% #id req %>">[Delete]</a>
  82 <% end %>
  83
  84 <%      end
  85
  86 elseif $"mod" <> "" then
  87         Group.requireGroupName "server";
  88         val id = Web.stoi ($"mod");
  89         val req = Cert.lookup id;
  90         val user = Init.lookupUser (#usr req) %>
  91 <h3>Handle request</h3>
  92
  93 <form method="post">
  94 <input type="hidden" name="save" value="<% id %>">
  95 <table class="blanks">
  96 <tr> <td>Requestor:</td> <td><a href="user?id=<% #usr req %>"><% #name user %></a></td> </tr>
  97 <tr> <td>Time:</td> <td><% #stamp req %> (<% Util.diffFromNow (#stamp req) %> ago)</td> </tr>
  98 <tr> <td>Status:</td> <td><select name="status">
  99         <option value="0"<% if #status req = Cert.NEW then %> selected<% end %>>New</option>
 100         <option value="1"<% if #status req = Cert.INSTALLED then %> selected<% end %>>Installed</option>
 101         <option value="2"<% if #status req = Cert.REJECTED then %> selected<% end %>>Rejected</option>
 102 </select></td> </tr>
 103 <tr> <td>Request:</td> <td><input name="req" size="60" value="<% Web.html (#data req) %>"></td> </tr>
 104 <tr> <td>Message:</td> <td><textarea name="msg" rows="10" cols="80" wrap="soft"><% Web.html (#msg req) %></textarea></td> </tr>
 105 <tr> <td><input type="submit" value="Save"></td> </tr>
 106 </table>
 107 </form>
 108
 109 <% elseif $"save" <> "" then
 110         Group.requireGroupName "server";
 111         val id = Web.stoi ($"save");
 112         val req = Cert.lookup id;
 113         val oldStatus = #status req;
 114         val newStatus = Cert.statusFromInt (Web.stoi ($"status"));
 115         Cert.modify {req with data = $"req", msg = $"msg", status = newStatus};
 116         if not (Cert.notifyMod (oldStatus, newStatus, Init.getUserName(), id)) then
 117                 %><h3>Error sending e-mail notification</h3><%
 118         end
 119         %><h3>Request modified</h3>
 120         Back to: <a href="?cmd=open">open requests</a>, <a href="?cmd=list">all requests</a>
 121
 122 <% elseif $"del" <> "" then
 123         Group.requireGroupName "server";
 124         val id = Web.stoi ($"del");
 125         val req = Cert.lookup id;
 126         val user = Init.lookupUser (#usr req)
 127         %><h3>Are you sure you want to delete request by <% #name user %> for <tt><% #data req %></tt>?</h3>
 128         <a href="?del2=<% id %>">Yes, I'm sure!</a>
 129
 130 <% elseif $"del2" <> "" then
 131         Group.requireGroupName "server";
 132         val id = Web.stoi ($"del2");
 133         Cert.delete id
 134         %><h3>Request deleted</b><h3>
 135         Back to: <a href="?cmd=open">open requests</a>, <a href="?cmd=list">all requests</a>
 136
 137 <% else %>
 138
 139 <h3>Request installation of an SSL certificate</h3>
 140
 141 <p>Use this form to request Domtool permissions to use an SSL certificate.  Give the location of your certificate/key (<tt>.pem</tt>) file within <tt>/afs/hcoop.net</tt>.</p>
 142
 143 <p>The <a href="http://wiki.hcoop.net/MemberManual/ServingWebsites/SslCert">instructions on our wiki for creating SSL certificates</a> may be helpful.</p>
 144
 145 <p>If you need to install <strong>intermediate certificates</strong>, please include the intermediate certificate chain in the combined <tt>pem</tt> file after the private key.</p>
 146
 147 <form method="post">
 148 <input type="hidden" name="new" value="1">
 149 <table class="blanks">
 150 <tr> <td>Subdomain <span style="font-size: smaller">(optional)</span>:</td> <td><input name="subdomain" /></td></tr>
 151 <tr> <td>Domain:</td> <td><% @chooseDomain [] %></td> </tr>
 152 <tr> <td>OpenSSL certificate:</td> <td><input name="cert" size="60" required="required" value="<% Quotas.path ("user." ^ Init.getUserName ()) ^ "/certificates/" %>" ></td> </tr>
 153 <tr> <td>Additional comments:</td> <td><textarea name="msg" rows="5" cols="80" wrap="soft"></textarea></td> </tr>
 154 <tr> <td><input type="submit" value="Request"></td> </tr>
 155 </table>
 156 </form>
 157
 158 <h3>Your certificates</h3>
 159
 160 <ul>
 161   <% foreach cert in Domtool.perms "cert" (Init.getUserName ()) do %>
 162    <li><tt><% cert %></tt></li>
 163 <% end %>
 164 </ul>
 165
 166 <h3>Your intermediate certificates</h3>
 167
 168 <ul>
 169   <% foreach cert in Domtool.perms "cacert" (Init.getUserName ()) do %>
 170    <li><tt><% cert %></tt></li>
 171 <% end %>
 172 </ul>
 173
 174 <% end %>
 175
 176 <% @footer[] %>