Roxen.git / server / base_server / roxen.pike

version» Context lines:

Roxen.git/server/base_server/roxen.pike:2616:    }       void certificates_changed(Variable.Variable|void ignored,    void|int ignore_eaddrinuse)    {    int old_cert_failure = cert_failure;    cert_failure = 0;       Variable.Variable Keys = getvar("ssl_keys");    -  array(int) keypairs = Keys->query(); -  if (!sizeof(keypairs)) { +  array(string) keypair_names = Keys->query(); +  if (!sizeof(keypair_names)) {    // No new-style certificates configured.       // Check if there are old-style certificates; in case of which    // this is probably an upgrade.    Variable.Variable Certificates = getvar("ssl_cert_file");    Variable.Variable KeyFile = getvar("ssl_key_file");    -  keypairs = +  keypair_names =    CertDB.register_pem_files(Certificates->query() + ({ KeyFile->query() }),    query("ssl_password"));    -  if (!sizeof(keypairs)) { +  if (!sizeof(keypair_names)) {    // No Old-style certificate configuration found.    // Fall back to using all known certs. -  keypairs = Keys->get_choice_list(); +  keypair_names = Keys->get_choice_list();    }    -  if (sizeof(keypairs)) { +  if (sizeof(keypair_names)) {    // Certificates found. -  Keys->set(keypairs); +  Keys->set(keypair_names);       save();    } else {    // No certs known to the server.    // Not reached except in very special circumstances.    // FIXME: Use anonymous suites?    report_error ("TLS port %s: %s", get_url(),    LOC_M(63,"No certificates found.\n"));    cert_err_unbind();    cert_failure = 1;    return;    }    }    -  +  array(int) keypairs = +  map(keypair_names, CertDB.get_keypairs_by_name) * ({}); +     // FIXME: Only do this if there are certs loaded?    // We must reset the set of certificates.    SSLContext ctx = SSLContext();    ctx->random = Crypto.Random.random_string;    set_version(ctx);    filter_preferred_suites(ctx);       foreach(keypairs, int keypair_id) {    array(Crypto.Sign.State|array(string)) keypair =    CertDB.get_keypair(keypair_id);
Roxen.git/server/base_server/roxen.pike:2694:    bind (ignore_eaddrinuse);    if (old_cert_failure && bound)    report_notice (LOC_M(64, "TLS port %s opened.\n"), get_url());    if (!bound)    report_notice("Failed to bind port %s.\n", get_url());    }    }       class CertificateKeyChoiceVariable    { -  inherit Variable.IntChoice; +  inherit Variable.StringChoice;    -  mapping(int:string) get_translation_table() +  array(string) get_choice_list()    { -  array(mapping(string:int|string)) keypairs = CertDB.list_keypairs(); -  return mkmapping(keypairs->id, keypairs->name); +  return Array.uniq(sort(CertDB.list_keypairs()->name));    }    -  array(int) get_choice_list() -  { -  return CertDB.list_keypairs()->id; -  } -  +     array(string|mixed) verify_set(array(int) new_value)    {    if (!sizeof(new_value)) {    // The list of certificates should never be empty.    return ({ "Selection reset to all selected.", get_choice_list() });    }    return ::verify_set(new_value);    }       protected mapping(Standards.ASN1.Types.Identifier:string)
Roxen.git/server/base_server/roxen.pike:2733:    pair = pair[0];    if(pair->type_name!="SEQUENCE" || sizeof(pair)!=2)    continue;    if(pair[0]->type_name=="OBJECT IDENTIFIER" &&    pair[1]->value && !ids[pair[0]])    ids[pair[0]] = pair[1]->value;    }    return ids;    }    -  protected array(string) render_element(int keypair_id) +  protected array(string) render_keypair(int keypair_id)    {    array(Crypto.Sign.State|array(string)) keypair =    CertDB.get_keypair(keypair_id);    if (!keypair) {    return ({ "<td colspan='2'>" +    LOC_C(1129, "Lost certificate") +    "</td>" });    }    [Crypto.Sign.State private_key, array(string) certs] = keypair;   
Roxen.git/server/base_server/roxen.pike:2875:    "<font color='&usr.warncolor;'>" +    LOC_C(1139, "Lost file") +    "</font>";    }) * "<br/>")    });    }       return res;    }    +  protected array(string) render_element(string keypair_name) +  { +  return map(CertDB.get_keypairs_by_name(keypair_name), render_keypair) * +  ({}); +  } +     string render_form(RequestID id, void|mapping additional_args) { -  array(string) current = map(query(), _name); +  array(string) current = Array.uniq(sort(map(query(), _name)));    string res = "<table width='100%'>\n";    foreach( get_choice_list(); int i; mixed elem ) {    if (i != 0) {    res += "<tr><td colspan='3'><hr/></td></tr>\n";    }    mapping m = ([    "type": "checkbox",    "name": path(),    "value": _name(elem),    ]);
Roxen.git/server/base_server/roxen.pike:2920:    "checked": "checked",    ]);    string title = sprintf(LOC_C(1121,"(stale value %s)"), value);    res += sprintf("<tr><td>%s</td><td>%s</td></tr>\n",    Roxen.make_tag( "input", m),    Roxen.html_encode_string(title));    }    return res + "</table>";    }    +  string low_decode_keypair_id(mixed val) { +  if (intp(val)) { +  // Convert from cert keypair id to cert keypair name. +  mapping md = CertDB.get_keypair_metadata(val); +  if (md) return md->name; +  } +  return val; +  } +  +  int decode(mixed encoded) +  { +  // Convert from cert keypair ids to cert keypair names. +  if (arrayp(encoded)) { +  encoded = map(encoded, low_decode_keypair_id); +  } +  return ::decode(encoded); +  } +     protected void create( void|int _flags, void|LocaleString std_name,    void|LocaleString std_doc )    {    ::create(({}), UNDEFINED, _flags, std_name, std_doc);    }    }      #if 1    // Old-style SSL Certificate variables.    // FIXME: Keep these around for at least a few major versions (10 years?).