[bpt/portal.git] / cert.mlt

<% @header [("title", ["SSL certificate permission requests"])];

val admin = Group.inGroupName "server";

if $"new" <> "" then
   val cert = $"cert";
   val domain = $"domain";
   val msg = $"msg";

   if cert = "" then
      %><h3>Please fill in a path to a certificate.</h3><%
   elseif not (ChooseDomain.yourDomain {user = Init.getUserName (), domain = domain}) then
      %><h3>You don't have permissions on domain <tt><% Web.html domain %></tt>.</h3><%
   else
      %>Are you sure you want to ask for permissions on an SSL certificate
      <li> at <tt><% Web.html cert %></tt>,</li>
      <li> for domain <tt><% domain %></tt>?</li>
      <a href="?cmd=request&cert=<% Web.html cert %>&domain=<% Web.html domain %>&msg=<% Web.urlEncode msg %>">Yes, I want to request that.</a><%
   end
elseif $"cmd" = "request" then
   val cert = $"cert";
   val domain = $"domain";
   val msg = $"msg";

   if cert = "" then
      %><h3>Please fill in a path to a certificate.</h3><%
   elseif not (ChooseDomain.yourDomain {user = Init.getUserName (), domain = domain}) then
      %><h3>You don't have permissions on domain <tt><% Web.html domain %></tt>.</h3><%
   else
     val text = "/afs/hcoop.net/common/etc/scripts/ca-install "
       ^ Init.getUserName () ^ " "
       ^ domain ^ " "
       ^ cert

     val id = Cert.add (Init.getUserId (), text, msg);
     if not (Cert.notifyNew id) then
	%><h3>Error sending e-mail notification</h3><%
     end
     %><h3>Request added</h3><%
  end
elseif $"cmd" = "open" then
	%><h3>Open requests</h3>
	<a href="?cmd=list">List all requests</a><%

	foreach (name, req) in Cert.listOpen () do %>
<br><hr><br>
<table class="blanks">
<tr> <td>By:</td> <td><a href="user?id=<% #usr req %>"><% name %></a></td> </tr>
<tr> <td>Time:</td> <td><% #stamp req %> (<% Util.diffFromNow (#stamp req) %> ago)</td> </tr>
<tr> <td>Request:</td> <td><tt><% #data req %></tt></td> </tr>
<tr> <td>Reason:</td> <td><% Web.html (#msg req) %></td> </tr>
</table>

<% if admin then %>
	<br>
	<a href="?mod=<% #id req %>">[Modify]</a>
	<a href="?del=<% #id req %>">[Delete]</a><br>
<% end %>

<%	end

elseif $"cmd" = "list" then
	%><h3>All requests</h3><%

	foreach (name, req) in Cert.list () do %>
<br><hr><br>
<table class="blanks">
<tr> <td>By:</td> <td><a href="user?id=<% #usr req %>"><% name %></a></td> </tr>
<tr> <td>Time:</td> <td><% #stamp req %> (<% Util.diffFromNow (#stamp req) %> ago)</td> </tr>
<tr> <td>Request:</td> <td><tt><% #data req %></tt></td> </tr>
<tr> <td>Reason:</td> <td><% Web.html (#msg req) %></td> </tr>
</table>

<% if admin then %>
	<br>
	<a href="?mod=<% #id req %>">[Modify]</a>
	<a href="?del=<% #id req %>">[Delete]</a>
<% end %>

<%	end

elseif $"mod" <> "" then
	Group.requireGroupName "server";
	val id = Web.stoi ($"mod");
	val req = Cert.lookup id;
	val user = Init.lookupUser (#usr req) %>
<h3>Handle request</h3>

<form method="post">
<input type="hidden" name="save" value="<% id %>">
<table class="blanks">
<tr> <td>Requestor:</td> <td><a href="user?id=<% #usr req %>"><% #name user %></a></td> </tr>
<tr> <td>Time:</td> <td><% #stamp req %> (<% Util.diffFromNow (#stamp req) %> ago)</td> </tr>
<tr> <td>Status:</td> <td><select name="status">
	<option value="0"<% if #status req = Cert.NEW then %> selected<% end %>>New</option>
	<option value="1"<% if #status req = Cert.INSTALLED then %> selected<% end %>>Installed</option>
	<option value="2"<% if #status req = Cert.REJECTED then %> selected<% end %>>Rejected</option>
</select></td> </tr>
<tr> <td>Request:</td> <td><input name="req" size="60" value="<% Web.html (#data req) %>"></td> </tr>
<tr> <td>Message:</td> <td><textarea name="msg" rows="10" cols="80" wrap="soft"><% Web.html (#msg req) %></textarea></td> </tr>
<tr> <td><input type="submit" value="Save"></td> </tr>
</table>
</form>

<% elseif $"save" <> "" then
	Group.requireGroupName "server";
	val id = Web.stoi ($"save");
	val req = Cert.lookup id;
	val oldStatus = #status req;
	val newStatus = Cert.statusFromInt (Web.stoi ($"status"));
	Cert.modify {req with data = $"req", msg = $"msg", status = newStatus};
	if not (Cert.notifyMod (oldStatus, newStatus, Init.getUserName(), id)) then
		%><h3>Error sending e-mail notification</h3><%
	end
	%><h3>Request modified</h3>
	Back to: <a href="?cmd=open">open requests</a>, <a href="?cmd=list">all requests</a>

<% elseif $"del" <> "" then
	Group.requireGroupName "server";
	val id = Web.stoi ($"del");
	val req = Cert.lookup id;
	val user = Init.lookupUser (#usr req)
	%><h3>Are you sure you want to delete request by <% #name user %> for <tt><% #data req %></tt>?</h3>
	<a href="?del2=<% id %>">Yes, I'm sure!</a>

<% elseif $"del2" <> "" then
	Group.requireGroupName "server";
	val id = Web.stoi ($"del2");
	Cert.delete id
	%><h3>Request deleted</b><h3>
	Back to: <a href="?cmd=open">open requests</a>, <a href="?cmd=list">all requests</a>

<% else %>

<h3>Request installation of an SSL certificate</h3>

<p>Use this form to request Domtool permissions to use an SSL certificate.  Give the location of your certificate/key (<tt>.pem</tt>) file within <tt>/afs/hcoop.net</tt>.</p>

<p>If you want your certificate authenticated by chaining through HCoop's root certificate, then <a href="sign">get it signed</a> before submitting this form.</p>

<p>Note that you can't use SSL certificates very well over HTTPS without an IP address assigned to your web virtual host.  You can request one separately on <a href="ip">the IP address request page</a>.</p>

<p>The <a href="http://wiki.hcoop.net/MemberManual/ServingWebsites/SslCert">instructions on our wiki for creating SSL certificates</a> may be helpful.</p>

<form method="post">
<input type="hidden" name="new" value="1">
<table class="blanks">
<tr> <td>Domain:</td> <td><% @chooseDomain[] %></td> </tr>
<tr> <td>OpenSSL certificate:</td> <td><input name="cert" size="60"></td> </tr>
<tr> <td>Additional comments:</td> <td><textarea name="msg" rows="5" cols="80" wrap="soft"></textarea></td> </tr>
<tr> <td><input type="submit" value="Request"></td> </tr>
</table>
</form>

<% end %>

<% @footer[] %>
Commit	Line	Data
95a4653e AC	1	<% @header [("title", ["SSL certificate permission requests"])];
	2
	3	val admin = Group.inGroupName "server";
	4
	5	if $"new" <> "" then
eafe3d52 AC	6	val cert = $"cert";
	7	val domain = $"domain";
	8	val msg = $"msg";
	9
	10	if cert = "" then
	11	%><h3>Please fill in a path to a certificate.</h3><%
	12	elseif not (ChooseDomain.yourDomain {user = Init.getUserName (), domain = domain}) then
	13	%><h3>You don't have permissions on domain <tt><% Web.html domain %></tt>.</h3><%
	14	else
	15	%>Are you sure you want to ask for permissions on an SSL certificate
	16	<li> at <tt><% Web.html cert %></tt>,</li>
	17	<li> for domain <tt><% domain %></tt>?</li>
	18	<a href="?cmd=request&cert=<% Web.html cert %>&domain=<% Web.html domain %>&msg=<% Web.urlEncode msg %>">Yes, I want to request that.</a><%
	19	end
95a4653e	20	elseif $"cmd" = "request" then
eafe3d52 AC	21	val cert = $"cert";
	22	val domain = $"domain";
	23	val msg = $"msg";
	24
	25	if cert = "" then
	26	%><h3>Please fill in a path to a certificate.</h3><%
	27	elseif not (ChooseDomain.yourDomain {user = Init.getUserName (), domain = domain}) then
	28	%><h3>You don't have permissions on domain <tt><% Web.html domain %></tt>.</h3><%
	29	else
	30	val text = "/afs/hcoop.net/common/etc/scripts/ca-install "
	31	^ Init.getUserName () ^ " "
	32	^ domain ^ " "
	33	^ cert
	34
	35	val id = Cert.add (Init.getUserId (), text, msg);
	36	if not (Cert.notifyNew id) then
	37	%><h3>Error sending e-mail notification</h3><%
	38	end
	39	%><h3>Request added</h3><%
	40	end
95a4653e AC	41	elseif $"cmd" = "open" then
95a4653e AC	42	%><h3>Open requests</h3>
eafe3d52	43	<a href="?cmd=list">List all requests</a><%
95a4653e AC	44
	45	foreach (name, req) in Cert.listOpen () do %>
	46	<br><hr><br>
	47	<table class="blanks">
	48	<tr> <td>By:</td> <td><a href="user?id=<% #usr req %>"><% name %></a></td> </tr>
6b8b767b	49	<tr> <td>Time:</td> <td><% #stamp req %> (<% Util.diffFromNow (#stamp req) %> ago)</td> </tr>
eafe3d52	50	<tr> <td>Request:</td> <td><tt><% #data req %></tt></td> </tr>
95a4653e AC	51	<tr> <td>Reason:</td> <td><% Web.html (#msg req) %></td> </tr>
	52	</table>
	53
	54	<% if admin then %>
	55	<br>
eafe3d52 AC	56	<a href="?mod=<% #id req %>">[Modify]</a>
eafe3d52 AC	57	<a href="?del=<% #id req %>">[Delete]</a><br>
95a4653e AC	58	<% end %>
	59
	60	<% end
	61
	62	elseif $"cmd" = "list" then
	63	%><h3>All requests</h3><%
	64
	65	foreach (name, req) in Cert.list () do %>
	66	<br><hr><br>
	67	<table class="blanks">
	68	<tr> <td>By:</td> <td><a href="user?id=<% #usr req %>"><% name %></a></td> </tr>
6b8b767b	69	<tr> <td>Time:</td> <td><% #stamp req %> (<% Util.diffFromNow (#stamp req) %> ago)</td> </tr>
eafe3d52	70	<tr> <td>Request:</td> <td><tt><% #data req %></tt></td> </tr>
95a4653e AC	71	<tr> <td>Reason:</td> <td><% Web.html (#msg req) %></td> </tr>
	72	</table>
	73
	74	<% if admin then %>
	75	<br>
eafe3d52 AC	76	<a href="?mod=<% #id req %>">[Modify]</a>
eafe3d52 AC	77	<a href="?del=<% #id req %>">[Delete]</a>
95a4653e AC	78	<% end %>
	79
	80	<% end
	81
	82	elseif $"mod" <> "" then
	83	Group.requireGroupName "server";
	84	val id = Web.stoi ($"mod");
	85	val req = Cert.lookup id;
	86	val user = Init.lookupUser (#usr req) %>
	87	<h3>Handle request</h3>
	88
	89	<form method="post">
	90	<input type="hidden" name="save" value="<% id %>">
	91	<table class="blanks">
	92	<tr> <td>Requestor:</td> <td><a href="user?id=<% #usr req %>"><% #name user %></a></td> </tr>
6b8b767b	93	<tr> <td>Time:</td> <td><% #stamp req %> (<% Util.diffFromNow (#stamp req) %> ago)</td> </tr>
95a4653e AC	94	<tr> <td>Status:</td> <td><select name="status">
	95	<option value="0"<% if #status req = Cert.NEW then %> selected<% end %>>New</option>
	96	<option value="1"<% if #status req = Cert.INSTALLED then %> selected<% end %>>Installed</option>
	97	<option value="2"<% if #status req = Cert.REJECTED then %> selected<% end %>>Rejected</option>
	98	</select></td> </tr>
	99	<tr> <td>Request:</td> <td><input name="req" size="60" value="<% Web.html (#data req) %>"></td> </tr>
	100	<tr> <td>Message:</td> <td><textarea name="msg" rows="10" cols="80" wrap="soft"><% Web.html (#msg req) %></textarea></td> </tr>
	101	<tr> <td><input type="submit" value="Save"></td> </tr>
	102	</table>
	103	</form>
	104
	105	<% elseif $"save" <> "" then
	106	Group.requireGroupName "server";
	107	val id = Web.stoi ($"save");
	108	val req = Cert.lookup id;
	109	val oldStatus = #status req;
	110	val newStatus = Cert.statusFromInt (Web.stoi ($"status"));
	111	Cert.modify {req with data = $"req", msg = $"msg", status = newStatus};
8812fb4d AC	112	if not (Cert.notifyMod (oldStatus, newStatus, Init.getUserName(), id)) then
8812fb4d AC	113	%><h3>Error sending e-mail notification</h3><%
95a4653e AC	114	end
95a4653e AC	115	%><h3>Request modified</h3>
eafe3d52	116	Back to: <a href="?cmd=open">open requests</a>, <a href="?cmd=list">all requests</a>
95a4653e AC	117
	118	<% elseif $"del" <> "" then
	119	Group.requireGroupName "server";
	120	val id = Web.stoi ($"del");
	121	val req = Cert.lookup id;
	122	val user = Init.lookupUser (#usr req)
	123	%><h3>Are you sure you want to delete request by <% #name user %> for <tt><% #data req %></tt>?</h3>
eafe3d52	124	<a href="?del2=<% id %>">Yes, I'm sure!</a>
95a4653e AC	125
	126	<% elseif $"del2" <> "" then
	127	Group.requireGroupName "server";
	128	val id = Web.stoi ($"del2");
	129	Cert.delete id
	130	%><h3>Request deleted</b><h3>
eafe3d52	131	Back to: <a href="?cmd=open">open requests</a>, <a href="?cmd=list">all requests</a>
95a4653e AC	132
	133	<% else %>
	134
eafe3d52	135	<h3>Request installation of an SSL certificate</h3>
f986e0f2	136
eafe3d52	137	<p>Use this form to request Domtool permissions to use an SSL certificate. Give the location of your certificate/key (<tt>.pem</tt>) file within <tt>/afs/hcoop.net</tt>.</p>
f986e0f2	138
eafe3d52	139	<p>If you want your certificate authenticated by chaining through HCoop's root certificate, then <a href="sign">get it signed</a> before submitting this form.</p>
95a4653e	140
36b1d1b0 AC	141	<p>Note that you can't use SSL certificates very well over HTTPS without an IP address assigned to your web virtual host. You can request one separately on <a href="ip">the IP address request page</a>.</p>
36b1d1b0 AC	142
090e5fb2	143	<p>The <a href="http://wiki.hcoop.net/MemberManual/ServingWebsites/SslCert">instructions on our wiki for creating SSL certificates</a> may be helpful.</p>
acd6676c	144
95a4653e AC	145	<form method="post">
	146	<input type="hidden" name="new" value="1">
	147	<table class="blanks">
eafe3d52 AC	148	<tr> <td>Domain:</td> <td><% @chooseDomain[] %></td> </tr>
eafe3d52 AC	149	<tr> <td>OpenSSL certificate:</td> <td><input name="cert" size="60"></td> </tr>
95a4653e AC	150	<tr> <td>Additional comments:</td> <td><textarea name="msg" rows="5" cols="80" wrap="soft"></textarea></td> </tr>
	151	<tr> <td><input type="submit" value="Request"></td> </tr>
	152	</table>
	153	</form>
	154
	155	<% end %>
	156
	157	<% @footer[] %>