[hcoop/portal.git] / cert.mlt

<% @header [("title", ["SSL certificate permission requests"])];

val admin = Group.inGroupName "server";

if $"new" <> "" then
   val cert = $"cert";
   val domain = $"domain";
   val subdomain = $"subdomain";
   val msg = $"msg";

   if cert = "" then
      %><h3>Please fill in a path to a certificate.</h3><%
   elseif not (ChooseDomain.yourDomain {user = Init.getUserName (), domain = domain}) then
      %><h3>You don't have permissions on domain <tt><% Web.html domain %></tt>.</h3><%
   else
      %>Are you sure you want to ask for permissions on an SSL certificate
      <ul>
      <li> at <tt><% Web.html cert %></tt>,</li>
      <li> for domain <tt><% Sec.fulldomain (subdomain, domain) %></tt>?</li>
      </ul>
      <a href="?cmd=request&cert=<% Web.html cert %>&domain=<% Web.html domain %>&subdomain=<% Web.html subdomain %>&msg=<% Web.urlEncode msg %>">Yes, I want to request that.</a><%
   end
elseif $"cmd" = "request" then
   val cert = $"cert";
   val domain = $"domain";
   val subdomain = $"subdomain";
   val msg = $"msg";

   if cert = "" then
      %><h3>Please fill in a path to a certificate.</h3><%
   elseif not (ChooseDomain.yourDomain {user = Init.getUserName (), domain = domain}) then
      %><h3>You don't have permissions on domain <tt><% Web.html domain %></tt>.</h3><%
   else
     val text = "/afs/hcoop.net/common/etc/scripts/ca-install "
       ^ Init.getUserName () ^ " "
       ^ (Sec.fulldomain (subdomain, domain)) ^ " "
       ^ cert

     val id = Cert.add (Init.getUserId (), text, msg);
     if not (Cert.notifyNew id) then
	%><h3>Error sending e-mail notification</h3><%
     end
     %><h3>Request added</h3><%
  end
elseif $"cmd" = "open" then
	%><h3>Open requests</h3>
	<a href="?cmd=list">List all requests</a><%

	foreach (name, req) in Cert.listOpen () do %>
<br><hr><br>
<table class="blanks">
<tr> <td>By:</td> <td><a href="user?id=<% #usr req %>"><% name %></a></td> </tr>
<tr> <td>Time:</td> <td><% #stamp req %> (<% Util.diffFromNow (#stamp req) %> ago)</td> </tr>
<tr> <td>Request:</td> <td><tt><% #data req %></tt></td> </tr>
<tr> <td>Reason:</td> <td><% Web.html (#msg req) %></td> </tr>
</table>

<% if admin then %>
	<br>
	<a href="?mod=<% #id req %>">[Modify]</a>
	<a href="?del=<% #id req %>">[Delete]</a><br>
<% end %>

<%	end

elseif $"cmd" = "list" then
	%><h3>All requests</h3><%

	foreach (name, req) in Cert.list () do %>
<br><hr><br>
<table class="blanks">
<tr> <td>By:</td> <td><a href="user?id=<% #usr req %>"><% name %></a></td> </tr>
<tr> <td>Time:</td> <td><% #stamp req %> (<% Util.diffFromNow (#stamp req) %> ago)</td> </tr>
<tr> <td>Request:</td> <td><tt><% #data req %></tt></td> </tr>
<tr> <td>Reason:</td> <td><% Web.html (#msg req) %></td> </tr>
</table>

<% if admin then %>
	<br>
	<a href="?mod=<% #id req %>">[Modify]</a>
	<a href="?del=<% #id req %>">[Delete]</a>
<% end %>

<%	end

elseif $"mod" <> "" then
	Group.requireGroupName "server";
	val id = Web.stoi ($"mod");
	val req = Cert.lookup id;
	val user = Init.lookupUser (#usr req) %>
<h3>Handle request</h3>

<form method="post">
<input type="hidden" name="save" value="<% id %>">
<table class="blanks">
<tr> <td>Requestor:</td> <td><a href="user?id=<% #usr req %>"><% #name user %></a></td> </tr>
<tr> <td>Time:</td> <td><% #stamp req %> (<% Util.diffFromNow (#stamp req) %> ago)</td> </tr>
<tr> <td>Status:</td> <td><select name="status">
	<option value="0"<% if #status req = Cert.NEW then %> selected<% end %>>New</option>
	<option value="1"<% if #status req = Cert.INSTALLED then %> selected<% end %>>Installed</option>
	<option value="2"<% if #status req = Cert.REJECTED then %> selected<% end %>>Rejected</option>
</select></td> </tr>
<tr> <td>Request:</td> <td><input name="req" size="60" value="<% Web.html (#data req) %>"></td> </tr>
<tr> <td>Message:</td> <td><textarea name="msg" rows="10" cols="80" wrap="soft"><% Web.html (#msg req) %></textarea></td> </tr>
<tr> <td><input type="submit" value="Save"></td> </tr>
</table>
</form>

<% elseif $"save" <> "" then
	Group.requireGroupName "server";
	val id = Web.stoi ($"save");
	val req = Cert.lookup id;
	val oldStatus = #status req;
	val newStatus = Cert.statusFromInt (Web.stoi ($"status"));
	Cert.modify {req with data = $"req", msg = $"msg", status = newStatus};
	if not (Cert.notifyMod (oldStatus, newStatus, Init.getUserName(), id)) then
		%><h3>Error sending e-mail notification</h3><%
	end
	%><h3>Request modified</h3>
	Back to: <a href="?cmd=open">open requests</a>, <a href="?cmd=list">all requests</a>

<% elseif $"del" <> "" then
	Group.requireGroupName "server";
	val id = Web.stoi ($"del");
	val req = Cert.lookup id;
	val user = Init.lookupUser (#usr req)
	%><h3>Are you sure you want to delete request by <% #name user %> for <tt><% #data req %></tt>?</h3>
	<a href="?del2=<% id %>">Yes, I'm sure!</a>

<% elseif $"del2" <> "" then
	Group.requireGroupName "server";
	val id = Web.stoi ($"del2");
	Cert.delete id
	%><h3>Request deleted</b><h3>
	Back to: <a href="?cmd=open">open requests</a>, <a href="?cmd=list">all requests</a>

<% else %>

<h3>Request installation of an SSL certificate</h3>

<p>Use this form to request Domtool permissions to use an SSL certificate.  Give the location of your certificate/key (<tt>.pem</tt>) file within <tt>/afs/hcoop.net</tt>.</p>

<p>The <a href="http://wiki.hcoop.net/MemberManual/ServingWebsites/SslCert">instructions on our wiki for creating SSL certificates</a> may be helpful.</p>

<p>If you need to install <strong>intermediate certificates</strong>, please include the intermediate certificate chain in the combined <tt>pem</tt> file after the private key.</p>

<form method="post">
<input type="hidden" name="new" value="1">
<table class="blanks">
<tr> <td>Subdomain <span style="font-size: smaller">(optional)</span>:</td> <td><input name="subdomain" /></td></tr>
<tr> <td>Domain:</td> <td><% @chooseDomain [] %></td> </tr>
<tr> <td>OpenSSL certificate:</td> <td><input name="cert" size="60" required="required" value="<% Quotas.path ("user." ^ Init.getUserName ()) ^ "/certificates/" %>" ></td> </tr>
<tr> <td>Additional comments:</td> <td><textarea name="msg" rows="5" cols="80" wrap="soft"></textarea></td> </tr>
<tr> <td><input type="submit" value="Request"></td> </tr>
</table>
</form>

<h3>Your certificates</h3>

<ul>
  <% foreach cert in Domtool.perms "cert" (Init.getUserName ()) do %>
   <li><tt><% cert %></tt></li>
<% end %>
</ul>

<h3>Your intermediate certificates</h3>

<ul>
  <% foreach cert in Domtool.perms "cacert" (Init.getUserName ()) do %>
   <li><tt><% cert %></tt></li>
<% end %>
</ul>

<% end %>

<% @footer[] %>
Commit	Line	Data
95a4653e AC	1	<% @header [("title", ["SSL certificate permission requests"])];
	2
	3	val admin = Group.inGroupName "server";
	4
	5	if $"new" <> "" then
eafe3d52 AC	6	val cert = $"cert";
eafe3d52 AC	7	val domain = $"domain";
b5001e8f	8	val subdomain = $"subdomain";
eafe3d52 AC	9	val msg = $"msg";
	10
	11	if cert = "" then
	12	%><h3>Please fill in a path to a certificate.</h3><%
	13	elseif not (ChooseDomain.yourDomain {user = Init.getUserName (), domain = domain}) then
	14	%><h3>You don't have permissions on domain <tt><% Web.html domain %></tt>.</h3><%
	15	else
	16	%>Are you sure you want to ask for permissions on an SSL certificate
b5001e8f	17	<ul>
eafe3d52	18	<li> at <tt><% Web.html cert %></tt>,</li>
b5001e8f CE	19	<li> for domain <tt><% Sec.fulldomain (subdomain, domain) %></tt>?</li>
	20	</ul>
	21	<a href="?cmd=request&cert=<% Web.html cert %>&domain=<% Web.html domain %>&subdomain=<% Web.html subdomain %>&msg=<% Web.urlEncode msg %>">Yes, I want to request that.</a><%
eafe3d52	22	end
95a4653e	23	elseif $"cmd" = "request" then
eafe3d52 AC	24	val cert = $"cert";
eafe3d52 AC	25	val domain = $"domain";
b5001e8f	26	val subdomain = $"subdomain";
eafe3d52 AC	27	val msg = $"msg";
	28
	29	if cert = "" then
	30	%><h3>Please fill in a path to a certificate.</h3><%
	31	elseif not (ChooseDomain.yourDomain {user = Init.getUserName (), domain = domain}) then
	32	%><h3>You don't have permissions on domain <tt><% Web.html domain %></tt>.</h3><%
	33	else
	34	val text = "/afs/hcoop.net/common/etc/scripts/ca-install "
	35	^ Init.getUserName () ^ " "
b5001e8f	36	^ (Sec.fulldomain (subdomain, domain)) ^ " "
eafe3d52 AC	37	^ cert
	38
	39	val id = Cert.add (Init.getUserId (), text, msg);
	40	if not (Cert.notifyNew id) then
	41	%><h3>Error sending e-mail notification</h3><%
	42	end
	43	%><h3>Request added</h3><%
	44	end
95a4653e AC	45	elseif $"cmd" = "open" then
95a4653e AC	46	%><h3>Open requests</h3>
eafe3d52	47	<a href="?cmd=list">List all requests</a><%
95a4653e AC	48
	49	foreach (name, req) in Cert.listOpen () do %>
	50	<br><hr><br>
	51	<table class="blanks">
	52	<tr> <td>By:</td> <td><a href="user?id=<% #usr req %>"><% name %></a></td> </tr>
6b8b767b	53	<tr> <td>Time:</td> <td><% #stamp req %> (<% Util.diffFromNow (#stamp req) %> ago)</td> </tr>
eafe3d52	54	<tr> <td>Request:</td> <td><tt><% #data req %></tt></td> </tr>
95a4653e AC	55	<tr> <td>Reason:</td> <td><% Web.html (#msg req) %></td> </tr>
	56	</table>
	57
	58	<% if admin then %>
	59	<br>
eafe3d52 AC	60	<a href="?mod=<% #id req %>">[Modify]</a>
eafe3d52 AC	61	<a href="?del=<% #id req %>">[Delete]</a><br>
95a4653e AC	62	<% end %>
	63
	64	<% end
	65
	66	elseif $"cmd" = "list" then
	67	%><h3>All requests</h3><%
	68
	69	foreach (name, req) in Cert.list () do %>
	70	<br><hr><br>
	71	<table class="blanks">
	72	<tr> <td>By:</td> <td><a href="user?id=<% #usr req %>"><% name %></a></td> </tr>
6b8b767b	73	<tr> <td>Time:</td> <td><% #stamp req %> (<% Util.diffFromNow (#stamp req) %> ago)</td> </tr>
eafe3d52	74	<tr> <td>Request:</td> <td><tt><% #data req %></tt></td> </tr>
95a4653e AC	75	<tr> <td>Reason:</td> <td><% Web.html (#msg req) %></td> </tr>
	76	</table>
	77
	78	<% if admin then %>
	79	<br>
eafe3d52 AC	80	<a href="?mod=<% #id req %>">[Modify]</a>
eafe3d52 AC	81	<a href="?del=<% #id req %>">[Delete]</a>
95a4653e AC	82	<% end %>
	83
	84	<% end
	85
	86	elseif $"mod" <> "" then
	87	Group.requireGroupName "server";
	88	val id = Web.stoi ($"mod");
	89	val req = Cert.lookup id;
	90	val user = Init.lookupUser (#usr req) %>
	91	<h3>Handle request</h3>
	92
	93	<form method="post">
	94	<input type="hidden" name="save" value="<% id %>">
	95	<table class="blanks">
	96	<tr> <td>Requestor:</td> <td><a href="user?id=<% #usr req %>"><% #name user %></a></td> </tr>
6b8b767b	97	<tr> <td>Time:</td> <td><% #stamp req %> (<% Util.diffFromNow (#stamp req) %> ago)</td> </tr>
95a4653e AC	98	<tr> <td>Status:</td> <td><select name="status">
	99	<option value="0"<% if #status req = Cert.NEW then %> selected<% end %>>New</option>
	100	<option value="1"<% if #status req = Cert.INSTALLED then %> selected<% end %>>Installed</option>
	101	<option value="2"<% if #status req = Cert.REJECTED then %> selected<% end %>>Rejected</option>
	102	</select></td> </tr>
	103	<tr> <td>Request:</td> <td><input name="req" size="60" value="<% Web.html (#data req) %>"></td> </tr>
	104	<tr> <td>Message:</td> <td><textarea name="msg" rows="10" cols="80" wrap="soft"><% Web.html (#msg req) %></textarea></td> </tr>
	105	<tr> <td><input type="submit" value="Save"></td> </tr>
	106	</table>
	107	</form>
	108
	109	<% elseif $"save" <> "" then
	110	Group.requireGroupName "server";
	111	val id = Web.stoi ($"save");
	112	val req = Cert.lookup id;
	113	val oldStatus = #status req;
	114	val newStatus = Cert.statusFromInt (Web.stoi ($"status"));
	115	Cert.modify {req with data = $"req", msg = $"msg", status = newStatus};
8812fb4d AC	116	if not (Cert.notifyMod (oldStatus, newStatus, Init.getUserName(), id)) then
8812fb4d AC	117	%><h3>Error sending e-mail notification</h3><%
95a4653e AC	118	end
95a4653e AC	119	%><h3>Request modified</h3>
eafe3d52	120	Back to: <a href="?cmd=open">open requests</a>, <a href="?cmd=list">all requests</a>
95a4653e AC	121
	122	<% elseif $"del" <> "" then
	123	Group.requireGroupName "server";
	124	val id = Web.stoi ($"del");
	125	val req = Cert.lookup id;
	126	val user = Init.lookupUser (#usr req)
	127	%><h3>Are you sure you want to delete request by <% #name user %> for <tt><% #data req %></tt>?</h3>
eafe3d52	128	<a href="?del2=<% id %>">Yes, I'm sure!</a>
95a4653e AC	129
	130	<% elseif $"del2" <> "" then
	131	Group.requireGroupName "server";
	132	val id = Web.stoi ($"del2");
	133	Cert.delete id
	134	%><h3>Request deleted</b><h3>
eafe3d52	135	Back to: <a href="?cmd=open">open requests</a>, <a href="?cmd=list">all requests</a>
95a4653e AC	136
	137	<% else %>
	138
eafe3d52	139	<h3>Request installation of an SSL certificate</h3>
f986e0f2	140
eafe3d52	141	<p>Use this form to request Domtool permissions to use an SSL certificate. Give the location of your certificate/key (<tt>.pem</tt>) file within <tt>/afs/hcoop.net</tt>.</p>
f986e0f2	142
090e5fb2	143	<p>The <a href="http://wiki.hcoop.net/MemberManual/ServingWebsites/SslCert">instructions on our wiki for creating SSL certificates</a> may be helpful.</p>
acd6676c	144
2d53edb7	145	<p>If you need to install <strong>intermediate certificates</strong>, please include the intermediate certificate chain in the combined <tt>pem</tt> file after the private key.</p>
b5001e8f	146
95a4653e AC	147	<form method="post">
	148	<input type="hidden" name="new" value="1">
	149	<table class="blanks">
b5001e8f CE	150	<tr> <td>Subdomain <span style="font-size: smaller">(optional)</span>:</td> <td><input name="subdomain" /></td></tr>
b5001e8f CE	151	<tr> <td>Domain:</td> <td><% @chooseDomain [] %></td> </tr>
10e55875	152	<tr> <td>OpenSSL certificate:</td> <td><input name="cert" size="60" required="required" value="<% Quotas.path ("user." ^ Init.getUserName ()) ^ "/certificates/" %>" ></td> </tr>
95a4653e AC	153	<tr> <td>Additional comments:</td> <td><textarea name="msg" rows="5" cols="80" wrap="soft"></textarea></td> </tr>
	154	<tr> <td><input type="submit" value="Request"></td> </tr>
	155	</table>
	156	</form>
	157
b5001e8f CE	158	<h3>Your certificates</h3>
	159
	160	<ul>
	161	<% foreach cert in Domtool.perms "cert" (Init.getUserName ()) do %>
	162	<li><tt><% cert %></tt></li>
	163	<% end %>
	164	</ul>
	165
	166	<h3>Your intermediate certificates</h3>
	167
	168	<ul>
	169	<% foreach cert in Domtool.perms "cacert" (Init.getUserName ()) do %>
	170	<li><tt><% cert %></tt></li>
	171	<% end %>
	172	</ul>
	173
95a4653e AC	174	<% end %>
	175
	176	<% @footer[] %>