head: prefix: crrbulk label: I18N_OPENXPKI_UI_WORKFLOW_TYPE_CRR_BULK_LABEL description: I18N_OPENXPKI_UI_WORKFLOW_TYPE_CRR_BULK_DESC state: INITIAL: action: initialize toarray > CHECK_BATCHMODE CHECK_BATCHMODE: autorun: 1 action: - global_noop > PENDING ? !global_is_automated_request - check_authorized_signer > CHECK_AUTHORIZATION ? global_is_signed_request CHECK_AUTHORIZATION: autorun: 1 action: - global_set_error_signer_not_authorized > FAILURE ? !global_is_signer_authorized !global_is_signer_revoked - global_set_error_signer_expired > FAILURE ? global_is_signer_authorized !global_is_signer_revoked !global_is_signer_validity_ok - global_set_error_signer_revoked > FAILURE ? global_is_signer_revoked global_is_signer_validity_ok - global_noop > APPROVED ? global_is_signer_authorized !global_is_signer_revoked global_is_signer_validity_ok PENDING: label: I18N_OPENXPKI_UI_WORKFLOW_STATE_CRR_BULK_PENDING_LABEL description: I18N_OPENXPKI_UI_WORKFLOW_STATE_CRR_BULK_PENDING_DESC action: - approve_crr > APPROVED ? acl_can_approve - reject_crr > REJECTED ? acl_can_reject output: - reason_code - cert_identifier_list - comment button: approve_crr: format: expected reject_crr: format: failure APPROVED: autorun: 1 action: global_create_tmp_queue > HANDLE_REVOCATION_QUEUE HANDLE_REVOCATION_QUEUE: autorun: 1 action: - global_get_next_cert_identifier > CHECK_CERT_STATUS ? !global_is_tmp_queue_empty - global_noop > SUCCESS ? global_is_tmp_queue_empty CHECK_CERT_STATUS: autorun: 1 action: - revoke_certificate > HANDLE_REVOCATION_QUEUE ? is_certificate_issued - push_to_failed_queue > HANDLE_REVOCATION_QUEUE ? !is_certificate_issued SUCCESS: label: I18N_OPENXPKI_UI_WORKFLOW_STATE_SUCCESS_LABEL description: I18N_OPENXPKI_UI_WORKFLOW_STATE_SUCCESS_DESC output: - reason_code - cert_identifier_list - cert_identifier_ignored - comment FAILURE: label: I18N_OPENXPKI_UI_WORKFLOW_STATE_FAILURE_LABEL description: I18N_OPENXPKI_UI_WORKFLOW_STATE_FAILURE_DESC output: - reason_code - cert_identifier_list - cert_identifier_ignored - comment REJECTED: label: I18N_OPENXPKI_UI_WORKFLOW_STATE_REJECTED_LABEL description: I18N_OPENXPKI_UI_WORKFLOW_STATE_REJECTED_DESC output: - reason_code - cert_identifier_list - cert_identifier_ignored - comment action: initialize: class: OpenXPKI::Server::Workflow::Activity::Tools::SetSource label: I18N_OPENXPKI_UI_WORKFLOW_ACTION_CREATE_CRR_LABEL description: I18N_OPENXPKI_UI_WORKFLOW_ACTION_CREATE_CRR_DESC input: - cert_identifier_list - reason_code - comment - server - interface - signer_cert validator: - global_reason_code check_authorized_signer: class: OpenXPKI::Server::Workflow::Activity::Tools::EvaluateSignerTrust param: _map_rules: "[% context.interface %].[% context.server %].authorized_signer" approve_crr: class: OpenXPKI::Server::Workflow::Activity::Tools::Approve label: I18N_OPENXPKI_UI_WORKFLOW_ACTION_APPROVE_CRR_LABEL description: I18N_OPENXPKI_UI_WORKFLOW_ACTION_APPROVE_CRR_DESC param: check_creator: 0 multi_role_approval: 0 reject_crr: class: OpenXPKI::Server::Workflow::Activity::Noop label: I18N_OPENXPKI_UI_WORKFLOW_ACTION_REJECT_CRR_LABEL description: I18N_OPENXPKI_UI_WORKFLOW_ACTION_REJECT_CRR_DESC revoke_certificate: class: OpenXPKI::Server::Workflow::Activity::Tools::RevokeCertificate param: workflow: certificate_revocation_request_v2 _map_reason_code: $reason_code _map_comment: $comment flag_auto_approval : 1 flag_batch_mode: 1 push_to_failed_queue: class: OpenXPKI::Server::Workflow::Activity::Tools::WFArray param: array_name: cert_identifier_ignored context_key: cert_identifier function: push toarray: class: OpenXPKI::Server::Workflow::Activity::Tools::StringToArray param: _map_value: $cert_identifier_list target_key: cert_identifier_list condition: acl_can_approve: class: Workflow::Condition::LazyAND param: condition1: global_is_operator # condition2: "!global_is_creator" acl_can_reject: class: Workflow::Condition::LazyAND param: condition1: global_is_operator # condition2: "!global_is_creator" is_certificate_issued: class: OpenXPKI::Server::Workflow::Condition::CertificateHasStatus param: expected_status: ISSUED field: entity: label: I18N_OPENXPKI_UI_WORKFLOW_FIELD_ENTITY_LABEL name: entity required: 1 cert_identifier_list: label: I18N_OPENXPKI_UI_WORKFLOW_FIELD_CERTIFICATE_IDENTIFIER_LIST_LABEL name: cert_identifier_list type: uploadarea placeholder: I18N_OPENXPKI_UI_WORKFLOW_FIELD_CERTIFICATE_IDENTIFIER_LIST_PLACEHOLDER format: linklist preamble: Subject / Status / Identifier yaml_template: > [% USE Certificate %] [% FOREACH identifier = value %] - page: certificate!detail!identifier![% identifier %] label: [% IF Certificate.status(identifier) %][% Certificate.dn(identifier, 'CN') %] / [% Certificate.status(identifier) %] / [% identifier %] [% ELSE %]Unknown / Unknown / [% identifier %][% END %] [% END %] cert_identifier_ignored: label: I18N_OPENXPKI_UI_WORKFLOW_FIELD_CERTIFICATE_IDENTIFIER_IGNORED_LABEL name: cert_identifier_ignored format: linklist preamble: Subject / Status / Identifier yaml_template: > [% USE Certificate %] [% FOREACH identifier = value %] - page: certificate!detail!identifier![% identifier %] label: [% IF Certificate.status(identifier) %][% Certificate.dn(identifier, 'CN') %] / [% Certificate.status(identifier) %] / [% identifier %] [% ELSE %]Unknown / Unknown / [% identifier %][% END %] [% END %] acl: CA Operator: creator: any RA Operator: creator: any fail: 1 resume: 1 wakeup: 1 history: 1 techlog: 1 attribute: 1 context: 1 System: creator: any fail: 1 resume: 1 wakeup: 1