version 1.89, 2018/06/19 12:26:32
|
version 1.90, 2018/08/18 22:08:05
|
Line 537 sub get_ssldesc {
|
Line 537 sub get_ssldesc {
|
} |
} |
|
|
sub get_cert_status { |
sub get_cert_status { |
my ($lonHostID,$perlvarstatic) = @_; |
my ($lonHostID,$hostname,$perlvarstatic) = @_; |
my $currcerts = &LONCAPA::SSL::print_certstatus({$lonHostID => 1,},'text','cgi'); |
my $currcerts = &LONCAPA::SSL::print_certstatus({$lonHostID => $hostname,},'text','cgi'); |
my ($lonkeystatus,$lonhostcertstatus,$lonhostnamecertstatus,%sslstatus); |
my ($lonkeystatus,$lonhostcertstatus,$lonhostnamecertstatus,%sslstatus); |
my $output = ''; |
my $output = ''; |
if ($currcerts eq "$lonHostID:error") { |
if ($currcerts eq "$lonHostID:error") { |
Line 553 sub get_cert_status {
|
Line 553 sub get_cert_status {
|
} else { |
} else { |
my %sslnames = &get_sslnames(); |
my %sslnames = &get_sslnames(); |
my %ssldesc = &get_ssldesc(); |
my %ssldesc = &get_ssldesc(); |
|
my %csr; |
my ($lonhost,$info) = split(/\:/,$currcerts,2); |
my ($lonhost,$info) = split(/\:/,$currcerts,2); |
if ($lonhost eq $lonHostID) { |
if ($lonhost eq $lonHostID) { |
my @items = split(/\&/,$info); |
my @items = split(/\&/,$info); |
foreach my $item (@items) { |
foreach my $item (@items) { |
my ($key,$value) = split(/=/,$item,2); |
my ($key,$value) = split(/=/,$item,2); |
|
if ($key =~ /^(host(?:|name))\-csr$/) { |
|
$csr{$1} = $value; |
|
} |
my @data = split(/,/,$value); |
my @data = split(/,/,$value); |
if (grep(/^\Q$key\E$/,keys(%sslnames))) { |
if (grep(/^\Q$key\E$/,keys(%sslnames))) { |
|
my ($checkcsr,$comparecsr); |
if (lc($data[0]) eq 'yes') { |
if (lc($data[0]) eq 'yes') { |
$output .= "$ssldesc{$key} ".$perlvarstatic->{$sslnames{$key}}." available with status = $data[1]\n"; |
$output .= "$ssldesc{$key} ".$perlvarstatic->{$sslnames{$key}}." available with status = $data[1]\n"; |
if ($key eq 'key') { |
if ($key eq 'key') { |
Line 587 sub get_cert_status {
|
Line 592 sub get_cert_status {
|
$lonhostnamecertstatus = "status: created with missing key"; |
$lonhostnamecertstatus = "status: created with missing key"; |
} |
} |
} |
} |
|
if ($setstatus) { |
|
$comparecsr = 1; |
|
} |
} |
} |
unless ($setstatus) { |
unless ($setstatus) { |
if ($data[1] eq 'expired') { |
if ($data[1] eq 'expired') { |
Line 606 sub get_cert_status {
|
Line 614 sub get_cert_status {
|
} else { |
} else { |
$sslstatus{$key} = 0; |
$sslstatus{$key} = 0; |
$output .= "$ssldesc{$key} ".$perlvarstatic->{$sslnames{$key}}." not available\n"; |
$output .= "$ssldesc{$key} ".$perlvarstatic->{$sslnames{$key}}." not available\n"; |
if (($key eq 'host') || ($key eq 'hostname')) { |
if ($key eq 'key') { |
my $csr = $perlvarstatic->{$sslnames{$key}}; |
$lonkeystatus = 'still needed'; |
$csr =~s /\.pem$/.csr/; |
} elsif (($key eq 'host') || ($key eq 'hostname')) { |
my $csrstatus; |
$checkcsr = 1; |
if (-e $perlvarstatic->{'lonCertificateDirectory'}."/$csr") { |
} |
open(PIPE,"openssl req -text -noout -verify -in ".$perlvarstatic->{'lonCertificateDirectory'}."/$csr 2>&1 |"); |
} |
while(<PIPE>) { |
if (($checkcsr) || ($comparecsr)) { |
chomp(); |
my $csrfile = $perlvarstatic->{$sslnames{$key}}; |
$csrstatus = $_; |
$csrfile =~s /\.pem$/.csr/; |
last; |
my $csrstatus; |
} |
if (-e $perlvarstatic->{'lonCertificateDirectory'}."/$csrfile") { |
close(PIPE); |
open(PIPE,"openssl req -text -noout -verify -in ".$perlvarstatic->{'lonCertificateDirectory'}."/$csrfile 2>&1 |"); |
|
while(<PIPE>) { |
|
chomp(); |
|
$csrstatus = $_; |
|
last; |
|
} |
|
close(PIPE); |
|
if ((($comparecsr) && ($csr{$key})) || ($checkcsr)) { |
$output .= "Certificate signing request for $ssldesc{$key} available with status = $csrstatus\n\n"; |
$output .= "Certificate signing request for $ssldesc{$key} available with status = $csrstatus\n\n"; |
if ($key eq 'host') { |
if ($key eq 'host') { |
$lonhostcertstatus = 'awaiting signature'; |
$lonhostcertstatus = 'awaiting signature'; |
Line 625 sub get_cert_status {
|
Line 640 sub get_cert_status {
|
$lonhostnamecertstatus = 'awaiting signature'; |
$lonhostnamecertstatus = 'awaiting signature'; |
} |
} |
$sslstatus{$key} = 3; |
$sslstatus{$key} = 3; |
|
} |
|
} elsif ($checkcsr) { |
|
$output .= "No certificate signing request available for $ssldesc{$key}\n\n"; |
|
if ($key eq 'host') { |
|
$lonhostcertstatus = 'still needed'; |
} else { |
} else { |
$output .= "No certificate signing request available for $ssldesc{$key}\n\n"; |
$lonhostnamecertstatus = 'still needed'; |
if ($key eq 'host') { |
|
$lonhostcertstatus = 'still needed'; |
|
} else { |
|
$lonhostnamecertstatus = 'still needed'; |
|
} |
|
} |
} |
} elsif ($key eq 'key') { |
|
$lonkeystatus = 'still needed'; |
|
} |
} |
} |
} |
} |
} |
Line 1601 if ($supportmail) {
|
Line 1614 if ($supportmail) {
|
|
|
print "\nRetrieving status information for SSL key and certificates ...\n\n"; |
print "\nRetrieving status information for SSL key and certificates ...\n\n"; |
my ($certinfo,$lonkeystatus,$lonhostcertstatus,$lonhostnamecertstatus,$sslref) = |
my ($certinfo,$lonkeystatus,$lonhostcertstatus,$lonhostnamecertstatus,$sslref) = |
&get_cert_status($perlvar{'lonHostID'},$perlvarstatic); |
&get_cert_status($perlvar{'lonHostID'},$desiredhostname,$perlvarstatic); |
print $certinfo; |
print $certinfo; |
my %sslstatus; |
my %sslstatus; |
if (ref($sslref) eq 'HASH') { |
if (ref($sslref) eq 'HASH') { |
Line 1918 END
|
Line 1931 END
|
&make_key($certsdir,$privkey,$sslkeypass); |
&make_key($certsdir,$privkey,$sslkeypass); |
print "\nRetrieving status information for SSL key and certificates ...\n\n"; |
print "\nRetrieving status information for SSL key and certificates ...\n\n"; |
($certinfo,$lonkeystatus,$lonhostcertstatus,$lonhostnamecertstatus,$sslref) = |
($certinfo,$lonkeystatus,$lonhostcertstatus,$lonhostnamecertstatus,$sslref) = |
&get_cert_status($perlvar{'lonHostID'},$perlvarstatic); |
&get_cert_status($perlvar{'lonHostID'},$desiredhostname,$perlvarstatic); |
if (ref($sslref) eq 'HASH') { |
if (ref($sslref) eq 'HASH') { |
%sslstatus = %{$sslref}; |
%sslstatus = %{$sslref}; |
} |
} |
Line 1957 END
|
Line 1970 END
|
&mail_csr('host',$lonCluster,$perlvar{'lonHostID'},$desiredhostname,$certsdir,$connectcsr,$replicatecsr,$perlvarstatic); |
&mail_csr('host',$lonCluster,$perlvar{'lonHostID'},$desiredhostname,$certsdir,$connectcsr,$replicatecsr,$perlvarstatic); |
print "\nRetrieving status information for SSL key and certificates ...\n\n"; |
print "\nRetrieving status information for SSL key and certificates ...\n\n"; |
($certinfo,$lonkeystatus,$lonhostcertstatus,$lonhostnamecertstatus,$sslref) = |
($certinfo,$lonkeystatus,$lonhostcertstatus,$lonhostnamecertstatus,$sslref) = |
&get_cert_status($perlvar{'lonHostID'},$perlvarstatic); |
&get_cert_status($perlvar{'lonHostID'},$desiredhostname,$perlvarstatic); |
if (ref($sslref) eq 'HASH') { |
if (ref($sslref) eq 'HASH') { |
%sslstatus = %{$sslref}; |
%sslstatus = %{$sslref}; |
} |
} |
Line 2002 END
|
Line 2015 END
|
&mail_csr('host',$lonCluster,$perlvar{'lonHostID'},$desiredhostname,$certsdir,$connectcsr,$replicatecsr,$perlvarstatic); |
&mail_csr('host',$lonCluster,$perlvar{'lonHostID'},$desiredhostname,$certsdir,$connectcsr,$replicatecsr,$perlvarstatic); |
print "\nRetrieving status information for SSL key and certificates ...\n\n"; |
print "\nRetrieving status information for SSL key and certificates ...\n\n"; |
($certinfo,$lonkeystatus,$lonhostcertstatus,$lonhostnamecertstatus,$sslref) = |
($certinfo,$lonkeystatus,$lonhostcertstatus,$lonhostnamecertstatus,$sslref) = |
&get_cert_status($perlvar{'lonHostID'},$perlvarstatic); |
&get_cert_status($perlvar{'lonHostID'},$desiredhostname,$perlvarstatic); |
if (ref($sslref) eq 'HASH') { |
if (ref($sslref) eq 'HASH') { |
%sslstatus = %{$sslref}; |
%sslstatus = %{$sslref}; |
} |
} |
Line 2039 END
|
Line 2052 END
|
&mail_csr('hostname',$lonCluster,$perlvar{'lonHostID'},$desiredhostname,$certsdir,$connectcsr,$replicatecsr,$perlvarstatic); |
&mail_csr('hostname',$lonCluster,$perlvar{'lonHostID'},$desiredhostname,$certsdir,$connectcsr,$replicatecsr,$perlvarstatic); |
print "\nRetrieving status information for SSL key and certificates ...\n\n"; |
print "\nRetrieving status information for SSL key and certificates ...\n\n"; |
($certinfo,$lonkeystatus,$lonhostcertstatus,$lonhostnamecertstatus,$sslref) = |
($certinfo,$lonkeystatus,$lonhostcertstatus,$lonhostnamecertstatus,$sslref) = |
&get_cert_status($perlvar{'lonHostID'},$perlvarstatic); |
&get_cert_status($perlvar{'lonHostID'},$desiredhostname,$perlvarstatic); |
if (ref($sslref) eq 'HASH') { |
if (ref($sslref) eq 'HASH') { |
%sslstatus = %{$sslref}; |
%sslstatus = %{$sslref}; |
} |
} |
Line 2084 END
|
Line 2097 END
|
&mail_csr('hostname',$lonCluster,$perlvar{'lonHostID'},$desiredhostname,$certsdir,$connectcsr,$replicatecsr,$perlvarstatic); |
&mail_csr('hostname',$lonCluster,$perlvar{'lonHostID'},$desiredhostname,$certsdir,$connectcsr,$replicatecsr,$perlvarstatic); |
print "\nRetrieving status information for SSL key and certificates ...\n\n"; |
print "\nRetrieving status information for SSL key and certificates ...\n\n"; |
($certinfo,$lonkeystatus,$lonhostcertstatus,$lonhostnamecertstatus,$sslref) = |
($certinfo,$lonkeystatus,$lonhostcertstatus,$lonhostnamecertstatus,$sslref) = |
&get_cert_status($perlvar{'lonHostID'},$perlvarstatic); |
&get_cert_status($perlvar{'lonHostID'},$desiredhostname,$perlvarstatic); |
if (ref($sslref) eq 'HASH') { |
if (ref($sslref) eq 'HASH') { |
%sslstatus = %{$sslref}; |
%sslstatus = %{$sslref}; |
} |
} |