From 79bdd4ce51a7cc043d7f54f8ab3fb4947bc88747 Mon Sep 17 00:00:00 2001 From: Deon George Date: Thu, 10 Jan 2013 15:05:27 +1100 Subject: [PATCH] Added ADMIN statements and openssl config --- application/config/openssl.cnf | 278 ++++++++++++++++++ .../classes/controller/admin/statement.php | 88 ++++++ 2 files changed, 366 insertions(+) create mode 100644 application/config/openssl.cnf create mode 100644 modules/statement/classes/controller/admin/statement.php diff --git a/application/config/openssl.cnf b/application/config/openssl.cnf new file mode 100644 index 00000000..e846bc06 --- /dev/null +++ b/application/config/openssl.cnf @@ -0,0 +1,278 @@ +# OpenSSL example configuration file. + +# Extra OBJECT IDENTIFIER info: +#oid_file = $ENV::HOME/.oid +oid_section = new_oids + +# To use this configuration file with the "-extfile" option of the +# "openssl x509" utility, name here the section containing the +# X.509v3 extensions to use: +# extensions = +# (Alternatively, use a configuration file that has only +# X.509v3 extensions in its main [= default] section.) + +[ new_oids ] + +# We can add new OIDs in here for use by 'ca' and 'req'. +# Add a simple OID like this: +# testoid1=1.2.3.4 +# Or use config file substitution like this: +# testoid2=${testoid1}.5.6 + +#################################################################### +[ ca ] +default_ca = CA_default # The default ca section + +#################################################################### +[ CA_default ] + +dir = modules/ssl/config# Where everything is kept +certs = $dir # Where the issued certs are kept +crl_dir = $dir # Where the issued crl are kept +database = $dir/index.txt # database index file. +new_certs_dir = $dir # default place for new certs. + +certificate = $dir/ca.crt # The CA certificate +serial = $dir/serial # The current serial number +crl = $dir/crl.pem # The current CRL +private_key = $dir/ca.key # The private key +RANDFILE = $dir/.rand # private random number file + +x509_extensions = usr_cert # The extentions to add to the cert + +# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs +# so this is commented out by default to leave a V1 CRL. +crl_extensions = crl_ext + +default_days = 375 # how long to certify for +default_crl_days = 30 # how long before next CRL +default_md = sha1 # which md to use. +preserve = no # keep passed DN ordering + +# A few difference way of specifying how similar the request should look +# For type CA, the listed attributes must be the same, and the optional +# and supplied fields are just that :-) +policy = policy_match + +# For the CA policy +[ policy_match ] +countryName = match +stateOrProvinceName = supplied +organizationName = supplied +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +[ policy_o ] +countryName = match +stateOrProvinceName = supplied +organizationName = supplied +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +[ policy_ou ] +countryName = match +stateOrProvinceName = match +organizationName = match +organizationalUnitName = supplied +commonName = supplied +emailAddress = optional + +# For the 'anything' policy +# At this point in time, you must list all acceptable 'object' +# types. +[ policy_anything ] +countryName = optional +stateOrProvinceName = optional +localityName = optional +organizationName = optional +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +#################################################################### +[ req ] +default_bits = 1024 +default_keyfile = privkey.pem +distinguished_name = req_distinguished_name +attributes = req_attributes +x509_extensions = v3_ca # The extentions to add to the self signed cert + +# Passwords for private keys if not present they will be prompted for +# input_password = secret +# output_password = secret + +# This sets a mask for permitted string types. There are several options. +# default: PrintableString, T61String, BMPString. +# pkix : PrintableString, BMPString. +# utf8only: only UTF8Strings. +# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings). +# MASK:XXXX a literal mask value. +# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings +# so use this option with caution! +string_mask = nombstr + +req_extensions = v3_req # The extensions to add to a certificate request + +[ req_distinguished_name ] +countryName = Country Name (2 letter code) +countryName_default = AU +countryName_min = 2 +countryName_max = 2 + +stateOrProvinceName = State or Province Name (full name) +stateOrProvinceName_default = VIC + +localityName = Locality Name (eg, city) +localityName_default = Bendigo + +0.organizationName = Organization Name (eg, company) +#0.organizationName_default = $ENV::KEY_ORG + +# we can do this but it is not needed normally :-) +#1.organizationName = Second Organization Name (eg, company) +#1.organizationName_default = World Wide Web Pty Ltd + +organizationalUnitName = Organizational Unit Name (eg, section) +#organizationalUnitName_default = $ENV::KEY_OU +#organizationalUnitName_default = + +commonName = Common Name (eg, your name or your server\'s hostname) +#commonName_default = $ENV::KEY_CN +commonName_max = 64 + +#emailAddress = Email Address +#emailAddress_default = $ENV::KEY_EMAIL +#emailAddress_max = 40 + +# SET-ex3 = SET extension number 3 + +[ req_attributes ] +challengePassword = A challenge password +challengePassword_min = 4 +challengePassword_max = 20 + +# unstructuredName = An optional company name + +[ usr_cert ] + +# These extensions are added when 'ca' signs a request. + +# This goes against PKIX guidelines but some CAs do it and some software +# requires this to avoid interpreting an end user certificate as a CA. + +#basicConstraints = CA:FALSE + +# Here are some examples of the usage of nsCertType. If it is omitted +# the certificate can be used for anything *except* object signing. + +# This is OK for an SSL server. +# nsCertType = server + +# For an object signing certificate this would be used. +# nsCertType = objsign + +# For normal client use this is typical +# nsCertType = client, email + +# and for everything including object signing: +# nsCertType = client, email, objsign + +# This is typical in keyUsage for a client certificate. +# keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +# PKIX recommendations harmless if included in all certificates. +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid,issuer:always + +# This stuff is for subjectAltName and issuerAltname. +# Import the email address. +# subjectAltName=email:copy + +# Copy subject details +issuerAltName = issuer:copy,URI:https://www.graytech.net.au +authorityInfoAccess = OCSP;URI:https://www.graytech.net.au/ssl/ocsp,caIssuers;URI:https://www.graytech.net.au/ssl/ca +crlDistributionPoints = URI:https://www.graytech.net.au/ssl/crl + +## Should add --extensions client to client certs +[ client ] + +nsCertType = client,email,objsign +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid,issuer:always +issuerAltName = issuer:copy,URI:https://www.graytech.net.au +authorityInfoAccess = OCSP;URI:https://www.graytech.net.au/ssl/ocsp,caIssuers;URI:https://www.graytech.net.au/ssl/ca +crlDistributionPoints = URI:https://www.graytech.net.au/ssl/crl + +## Should add --extensions server to server certs +[ server ] + +nsCertType = server +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid,issuer:always +issuerAltName = issuer:copy,URI:https://www.graytech.net.au +authorityInfoAccess = OCSP;URI:https://www.graytech.net.au/ssl/ocsp,caIssuers;URI:https://www.graytech.net.au/ssl/ca +crlDistributionPoints = URI:https://www.graytech.net.au/ssl/crl + +[ v3_req ] + +# Extensions to add to a certificate request +basicConstraints = CA:FALSE +keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +[ v3_ca ] +basicConstraints = critical,CA:true,pathlen:0 + +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always,issuer:always +keyUsage = cRLSign, keyCertSign +nsCertType = sslCA, emailCA + +issuerAltName = issuer:copy,URI:https://www.graytech.net.au +authorityInfoAccess = OCSP;URI:https://www.graytech.net.au/ssl/ocsp,caIssuers;URI:https://www.graytech.net.au/ssl/ca +crlDistributionPoints = URI:https://www.graytech.net.au/ssl/crl + +[ v3_ca_ou ] +basicConstraints = critical,CA:true,pathlen:0 + +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always,issuer:always +keyUsage = cRLSign, keyCertSign +nsCertType = sslCA, emailCA + +issuerAltName = issuer:copy,URI:https://www.graytech.net.au +authorityInfoAccess = OCSP;URI:https://www.graytech.net.au/ssl/ocsp,caIssuers;URI:https://www.graytech.net.au/ssl/ca +crlDistributionPoints = URI:https://www.graytech.net.au/ssl/crl + +[ v3_ca_o ] +basicConstraints = critical,CA:true,pathlen:1 + +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always,issuer:always +keyUsage = cRLSign, keyCertSign +nsCertType = sslCA, emailCA + +issuerAltName = issuer:copy,URI:https://www.graytech.net.au +authorityInfoAccess = OCSP;URI:https://www.graytech.net.au/ssl/ocsp,caIssuers;URI:https://www.graytech.net.au/ssl/ca +crlDistributionPoints = URI:https://www.graytech.net.au/ssl/crl + +[ v3_ca_ca ] +basicConstraints = critical,CA:true,pathlen:2 + +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always,issuer:always +keyUsage = cRLSign, keyCertSign +nsCertType = sslCA, emailCA + +issuerAltName = issuer:copy,URI:https://www.graytech.net.au +authorityInfoAccess = OCSP;URI:https://www.graytech.net.au/ssl/ocsp,caIssuers;URI:https://www.graytech.net.au/ssl/ca +crlDistributionPoints = URI:https://www.graytech.net.au/ssl/crl + +[ crl_ext ] + +# CRL extensions. +# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL. + +# issuerAltName=issuer:copy +authorityKeyIdentifier = keyid:always,issuer:always diff --git a/modules/statement/classes/controller/admin/statement.php b/modules/statement/classes/controller/admin/statement.php new file mode 100644 index 00000000..d703c786 --- /dev/null +++ b/modules/statement/classes/controller/admin/statement.php @@ -0,0 +1,88 @@ +TRUE, + ); + + /** + * Show a payments received + */ + public function action_show() { + $ao = ORM::factory('account',$this->request->param('id')); + $ta = array(); + + foreach ($ao->payment->find_all() as $o) { + if (round($o->total_amt-$o->refund_status,0) == 0) + continue; + + $i = count($ta); + $ta[$i]['time'] = $o->date_payment; + $ta[$i]['payment'] = $o; + } + + foreach ($ao->invoice->list_active() as $o) { + $i = count($ta); + $ta[$i]['time'] = $o->date_orig; + $ta[$i]['invoice'] = $o; + } + + Sort::MAsort($ta,'time'); + + $t = 0; + $a = 0; + foreach ($ta as $k => $v) { + // If 2 metrics have the same time, we need to increment 1 by a small number so that it doesnt affect the next sorting + if ($a == $v['time']) { + $ta[$k]['time'] += 1; + } + + if (isset($v['invoice'])) + $t += $v['invoice']->total(); + elseif (isset($v['payment'])) + $t -= $v['payment']->total_amt-$v['payment']->refund_status; + + $ta[$k]['total'] = $t; + $a = $v['time']; + } + + Sort::MAsort($ta,'time',1); + + $pag = new Pagination(array( + 'total_items'=>count($ta), + )); + + $output = (string)$pag; + $output .= View::factory('statement/user/show'.'/head'); + + $i = 0; + foreach ($ta as $k => $v) { + if (++$i < $pag->current_first_item()) + continue; + elseif ($i > $pag->current_last_item()) + break; + + $output .= View::factory('statement/user/show/'.'/body') + ->set('o',$v) + ->set('trc',$i%2 ? 'odd' : 'even'); + } + + $output .= View::factory('statement/user/show/'.'/foot'); + + Block::add(array( + 'title'=>sprintf('%s: %s - %s',_('Transactions For'),$ao->accnum(),$ao->name(TRUE)), + 'body'=>$output, + )); + } +} +?>