cert.mlt

   1 <% @header [("title", ["SSL certificate permission requests"])];
   2
   3 val admin = Group.inGroupName "server";
   4
   5 if $"new" <> "" then
   6    val cert = $"cert";
   7    val domain = $"domain";
   8    val msg = $"msg";
   9
  10    if cert = "" then
  11       %><h3>Please fill in a path to a certificate.</h3><%
  12    elseif not (ChooseDomain.yourDomain {user = Init.getUserName (), domain = domain}) then
  13       %><h3>You don't have permissions on domain <tt><% Web.html domain %></tt>.</h3><%
  14    else
  15       %>Are you sure you want to ask for permissions on an SSL certificate
  16       <li> at <tt><% Web.html cert %></tt>,</li>
  17       <li> for domain <tt><% domain %></tt>?</li>
  18       <a href="?cmd=request&cert=<% Web.html cert %>&domain=<% Web.html domain %>&msg=<% Web.urlEncode msg %>">Yes, I want to request that.</a><%
  19    end
  20 elseif $"cmd" = "request" then
  21    val cert = $"cert";
  22    val domain = $"domain";
  23    val msg = $"msg";
  24
  25    if cert = "" then
  26       %><h3>Please fill in a path to a certificate.</h3><%
  27    elseif not (ChooseDomain.yourDomain {user = Init.getUserName (), domain = domain}) then
  28       %><h3>You don't have permissions on domain <tt><% Web.html domain %></tt>.</h3><%
  29    else
  30      val text = "/afs/hcoop.net/common/etc/scripts/ca-install "
  31        ^ Init.getUserName () ^ " "
  32        ^ domain ^ " "
  33        ^ cert
  34
  35      val id = Cert.add (Init.getUserId (), text, msg);
  36      if not (Cert.notifyNew id) then
  37         %><h3>Error sending e-mail notification</h3><%
  38      end
  39      %><h3>Request added</h3><%
  40   end
  41 elseif $"cmd" = "open" then
  42         %><h3>Open requests</h3>
  43         <a href="?cmd=list">List all requests</a><%
  44
  45         foreach (name, req) in Cert.listOpen () do %>
  46 <br><hr><br>
  47 <table class="blanks">
  48 <tr> <td>By:</td> <td><a href="user?id=<% #usr req %>"><% name %></a></td> </tr>
  49 <tr> <td>Time:</td> <td><% #stamp req %> (<% Util.diffFromNow (#stamp req) %> ago)</td> </tr>
  50 <tr> <td>Request:</td> <td><tt><% #data req %></tt></td> </tr>
  51 <tr> <td>Reason:</td> <td><% Web.html (#msg req) %></td> </tr>
  52 </table>
  53
  54 <% if admin then %>
  55         <br>
  56         <a href="?mod=<% #id req %>">[Modify]</a>
  57         <a href="?del=<% #id req %>">[Delete]</a><br>
  58 <% end %>
  59
  60 <%      end
  61
  62 elseif $"cmd" = "list" then
  63         %><h3>All requests</h3><%
  64
  65         foreach (name, req) in Cert.list () do %>
  66 <br><hr><br>
  67 <table class="blanks">
  68 <tr> <td>By:</td> <td><a href="user?id=<% #usr req %>"><% name %></a></td> </tr>
  69 <tr> <td>Time:</td> <td><% #stamp req %> (<% Util.diffFromNow (#stamp req) %> ago)</td> </tr>
  70 <tr> <td>Request:</td> <td><tt><% #data req %></tt></td> </tr>
  71 <tr> <td>Reason:</td> <td><% Web.html (#msg req) %></td> </tr>
  72 </table>
  73
  74 <% if admin then %>
  75         <br>
  76         <a href="?mod=<% #id req %>">[Modify]</a>
  77         <a href="?del=<% #id req %>">[Delete]</a>
  78 <% end %>
  79
  80 <%      end
  81
  82 elseif $"mod" <> "" then
  83         Group.requireGroupName "server";
  84         val id = Web.stoi ($"mod");
  85         val req = Cert.lookup id;
  86         val user = Init.lookupUser (#usr req) %>
  87 <h3>Handle request</h3>
  88
  89 <form method="post">
  90 <input type="hidden" name="save" value="<% id %>">
  91 <table class="blanks">
  92 <tr> <td>Requestor:</td> <td><a href="user?id=<% #usr req %>"><% #name user %></a></td> </tr>
  93 <tr> <td>Time:</td> <td><% #stamp req %> (<% Util.diffFromNow (#stamp req) %> ago)</td> </tr>
  94 <tr> <td>Status:</td> <td><select name="status">
  95         <option value="0"<% if #status req = Cert.NEW then %> selected<% end %>>New</option>
  96         <option value="1"<% if #status req = Cert.INSTALLED then %> selected<% end %>>Installed</option>
  97         <option value="2"<% if #status req = Cert.REJECTED then %> selected<% end %>>Rejected</option>
  98 </select></td> </tr>
  99 <tr> <td>Request:</td> <td><input name="req" size="60" value="<% Web.html (#data req) %>"></td> </tr>
 100 <tr> <td>Message:</td> <td><textarea name="msg" rows="10" cols="80" wrap="soft"><% Web.html (#msg req) %></textarea></td> </tr>
 101 <tr> <td><input type="submit" value="Save"></td> </tr>
 102 </table>
 103 </form>
 104
 105 <% elseif $"save" <> "" then
 106         Group.requireGroupName "server";
 107         val id = Web.stoi ($"save");
 108         val req = Cert.lookup id;
 109         val oldStatus = #status req;
 110         val newStatus = Cert.statusFromInt (Web.stoi ($"status"));
 111         Cert.modify {req with data = $"req", msg = $"msg", status = newStatus};
 112         if not (Cert.notifyMod (oldStatus, newStatus, Init.getUserName(), id)) then
 113                 %><h3>Error sending e-mail notification</h3><%
 114         end
 115         %><h3>Request modified</h3>
 116         Back to: <a href="?cmd=open">open requests</a>, <a href="?cmd=list">all requests</a>
 117
 118 <% elseif $"del" <> "" then
 119         Group.requireGroupName "server";
 120         val id = Web.stoi ($"del");
 121         val req = Cert.lookup id;
 122         val user = Init.lookupUser (#usr req)
 123         %><h3>Are you sure you want to delete request by <% #name user %> for <tt><% #data req %></tt>?</h3>
 124         <a href="?del2=<% id %>">Yes, I'm sure!</a>
 125
 126 <% elseif $"del2" <> "" then
 127         Group.requireGroupName "server";
 128         val id = Web.stoi ($"del2");
 129         Cert.delete id
 130         %><h3>Request deleted</b><h3>
 131         Back to: <a href="?cmd=open">open requests</a>, <a href="?cmd=list">all requests</a>
 132
 133 <% else %>
 134
 135 <h3>Request installation of an SSL certificate</h3>
 136
 137 <p>Use this form to request Domtool permissions to use an SSL certificate.  Give the location of your certificate/key (<tt>.pem</tt>) file within <tt>/afs/hcoop.net</tt>.</p>
 138
 139 <p>If you want your certificate authenticated by chaining through HCoop's root certificate, then <a href="sign">get it signed</a> before submitting this form.</p>
 140
 141 <p>Note that you can't use SSL certificates very well over HTTPS without an IP address assigned to your web virtual host.  You can request one separately on <a href="ip">the IP address request page</a>.</p>
 142
 143 <p>The <a href="http://wiki.hcoop.net/MemberManual/ServingWebsites/SslCert">instructions on our wiki for creating SSL certificates</a> may be helpful.</p>
 144
 145 <form method="post">
 146 <input type="hidden" name="new" value="1">
 147 <table class="blanks">
 148 <tr> <td>Domain:</td> <td><% @chooseDomain[] %></td> </tr>
 149 <tr> <td>OpenSSL certificate:</td> <td><input name="cert" size="60"></td> </tr>
 150 <tr> <td>Additional comments:</td> <td><textarea name="msg" rows="5" cols="80" wrap="soft"></textarea></td> </tr>
 151 <tr> <td><input type="submit" value="Request"></td> </tr>
 152 </table>
 153 </form>
 154
 155 <% end %>
 156
 157 <% @footer[] %>