certidude/certidude/static/views/authority.html

<section id="about">
<h2>{{ session.user.gn }} {{ session.user.sn }} ({{session.user.name }}) settings</h2>

<p>Mails will be sent to: {{ session.user.mail }}</p>

<p>You can click <a href="/api/bundle/">here</a> to generate bundle
for current user account.</p>

{% if session.authority %}

<h2>Authority certificate</h2>

<p>Several things such as CRL location and e-mails are hardcoded into
the <a href="/api/certificate">certificate</a> and
as such require complete reset of X509 infrastructure if some of them needs to be changed:</p>

<p>Mails will appear from: {{ session.authority.certificate.email_address }}</p>


<h2>Authority settings</h2>

<p>These can be reconfigured via /etc/certidude/server.conf on the server.</p>

<p>Outgoing mail server:
{% if session.authority.outbox %}
    {{ session.authority.outbox }}
{% else %}
    E-mail disabled
{% endif %}</p>

<p>Authenticated users allowed from:

{% if "0.0.0.0/0" in session.authority.user_subnets %}
    anywhere
    </p>
{% else %}
    </p>
    <ul>
        {% for i in session.authority.user_subnets %}
            <li>{{ i }}</li>
        {% endfor %}
    </ul>
{% endif %}


<p>Request submission is allowed from:

{% if "0.0.0.0/0" in session.authority.request_subnets %}
    anywhere
    </p>
{% else %}
    </p>
    <ul>
        {% for subnet in session.authority.request_subnets %}
            <li>{{ subnet }}</li>
        {% endfor %}
    </ul>
{% endif %}

<p>Autosign is allowed from:
{% if "0.0.0.0/0" in session.authority.autosign_subnets %}
    anywhere
    </p>
{% else %}
    </p>
    <ul>
        {% for subnet in session.autosign_subnets %}
            <li>{{ subnet }}</li>
        {% endfor %}
    </ul>
{% endif %}

<p>Authority administration is allowed from:
{% if "0.0.0.0/0" in session.authority.admin_subnets %}
    anywhere
    </p>
{% else %}
    <ul>
        {% for subnet in session.authority.admin_subnets %}
            <li>{{ subnet }}</li>
        {% endfor %}
    </ul>
{% endif %}

<p>Authority administration allowed for:</p>

<ul>
{% for user in session.authority.admin_users %}
    <li><a href="mailto:{{ user.mail}}">{{ user.given_name }} {{user.surname }}</a></li>
{% endfor %}
</ul>
</section>

{% else %}
<p>Here you can renew your certificates</p>

{% endif %}

{% set s = session.certificate.identity %}


{% if session.authority %}
<section id="requests">
    <h1>Pending requests</h1>

    <p>Submit a certificate signing request with Certidude:</p>
    <pre>certidude setup client {{session.common_name}}</pre>

    <ul id="pending_requests">
        {% for request in session.authority.requests %}
             {% include "views/request.html" %}
	    {% endfor %}
        <li class="notify">
            <p>No certificate signing requests to sign!</p>
        </li>
    </ul>
</section>

<section id="signed">
    <h1>Signed certificates</h1>
    <input id="search" type="search" class="icon search">
    <ul id="signed_certificates">
        {% for certificate in session.authority.signed | sort | reverse %}
            {% include "views/signed.html" %}
	    {% endfor %}
    </ul>
</section>

<section id="log">
    <h1>Log</h1>
    <p>
        <input id="log_level_critical" type="checkbox" checked/> <label for="log_level_critical">Critical</label>
        <input id="log_level_error" type="checkbox" checked/> <label for="log_level_error">Errors</label>
        <input id="log_level_warning" type="checkbox" checked/> <label for="log_level_warning">Warnings</label>
        <input id="log_level_info" type="checkbox" checked/> <label for="log_level_info">Info</label>
        <input id="log_level_debug" type="checkbox"/> <label for="log_level_debug">Debug</label>
    </p>
    <ul id="log_entries">
    </ul>
</section>

<section id="revoked">
    <h1>Revoked certificates</h1>
    <p>To fetch certificate revocation list:</p>
    <pre>curl {{window.location.href}}api/revoked/ | openssl crl -text -noout</pre>
    <!--
    <p>To perform online certificate status request</p>

    <pre>
    curl {{request.url}}/certificate/ > session.pem
    openssl ocsp -issuer session.pem -CAfile session.pem -url {{request.url}}/ocsp/ -serial 0x
    </pre>
    -->
    <ul>
        {% for j in session.authority.revoked %}
            <li id="certificate_{{ j.sha256sum }}">
                {{j.changed}}
                {{j.serial_number}} <span class="monospace">{{j.identity}}</span>
            </li>
        {% else %}
            <li>Great job! No certificate signing requests to sign.</li>
	    {% endfor %}
    </ul>
</section>

<section id="config">
</section>

{% endif %}