1head: 2 prefix: crrbulk 3 label: I18N_OPENXPKI_UI_WORKFLOW_TYPE_CRR_BULK_LABEL 4 description: I18N_OPENXPKI_UI_WORKFLOW_TYPE_CRR_BULK_DESC 5 6state: 7 INITIAL: 8 action: initialize toarray > CHECK_BATCHMODE 9 10 CHECK_BATCHMODE: 11 autorun: 1 12 action: 13 - global_noop > PENDING ? !global_is_automated_request 14 - check_authorized_signer > CHECK_AUTHORIZATION ? global_is_signed_request 15 16 CHECK_AUTHORIZATION: 17 autorun: 1 18 action: 19 - global_set_error_signer_not_authorized > FAILURE ? !global_is_signer_authorized !global_is_signer_revoked 20 - global_set_error_signer_expired > FAILURE ? global_is_signer_authorized !global_is_signer_revoked !global_is_signer_validity_ok 21 - global_set_error_signer_revoked > FAILURE ? global_is_signer_revoked global_is_signer_validity_ok 22 - global_noop > APPROVED ? global_is_signer_authorized !global_is_signer_revoked global_is_signer_validity_ok 23 24 PENDING: 25 label: I18N_OPENXPKI_UI_WORKFLOW_STATE_CRR_BULK_PENDING_LABEL 26 description: I18N_OPENXPKI_UI_WORKFLOW_STATE_CRR_BULK_PENDING_DESC 27 action: 28 - approve_crr > APPROVED ? acl_can_approve 29 - reject_crr > REJECTED ? acl_can_reject 30 output: 31 - reason_code 32 - cert_identifier_list 33 - comment 34 35 button: 36 approve_crr: 37 format: expected 38 reject_crr: 39 format: failure 40 41 APPROVED: 42 autorun: 1 43 action: global_create_tmp_queue > HANDLE_REVOCATION_QUEUE 44 45 HANDLE_REVOCATION_QUEUE: 46 autorun: 1 47 action: 48 - global_get_next_cert_identifier > CHECK_CERT_STATUS ? !global_is_tmp_queue_empty 49 - global_noop > SUCCESS ? global_is_tmp_queue_empty 50 51 CHECK_CERT_STATUS: 52 autorun: 1 53 action: 54 - revoke_certificate > HANDLE_REVOCATION_QUEUE ? is_certificate_issued 55 - push_to_failed_queue > HANDLE_REVOCATION_QUEUE ? !is_certificate_issued 56 57 SUCCESS: 58 label: I18N_OPENXPKI_UI_WORKFLOW_STATE_SUCCESS_LABEL 59 description: I18N_OPENXPKI_UI_WORKFLOW_STATE_SUCCESS_DESC 60 output: 61 - reason_code 62 - cert_identifier_list 63 - cert_identifier_ignored 64 - comment 65 66 FAILURE: 67 label: I18N_OPENXPKI_UI_WORKFLOW_STATE_FAILURE_LABEL 68 description: I18N_OPENXPKI_UI_WORKFLOW_STATE_FAILURE_DESC 69 output: 70 - reason_code 71 - cert_identifier_list 72 - cert_identifier_ignored 73 - comment 74 75 REJECTED: 76 label: I18N_OPENXPKI_UI_WORKFLOW_STATE_REJECTED_LABEL 77 description: I18N_OPENXPKI_UI_WORKFLOW_STATE_REJECTED_DESC 78 output: 79 - reason_code 80 - cert_identifier_list 81 - cert_identifier_ignored 82 - comment 83 84action: 85 initialize: 86 class: OpenXPKI::Server::Workflow::Activity::Tools::SetSource 87 label: I18N_OPENXPKI_UI_WORKFLOW_ACTION_CREATE_CRR_LABEL 88 description: I18N_OPENXPKI_UI_WORKFLOW_ACTION_CREATE_CRR_DESC 89 input: 90 - cert_identifier_list 91 - reason_code 92 - comment 93 - server 94 - interface 95 - signer_cert 96 97 validator: 98 - global_reason_code 99 100 check_authorized_signer: 101 class: OpenXPKI::Server::Workflow::Activity::Tools::EvaluateSignerTrust 102 param: 103 _map_rules: "[% context.interface %].[% context.server %].authorized_signer" 104 105 approve_crr: 106 class: OpenXPKI::Server::Workflow::Activity::Tools::Approve 107 label: I18N_OPENXPKI_UI_WORKFLOW_ACTION_APPROVE_CRR_LABEL 108 description: I18N_OPENXPKI_UI_WORKFLOW_ACTION_APPROVE_CRR_DESC 109 param: 110 check_creator: 0 111 multi_role_approval: 0 112 113 reject_crr: 114 class: OpenXPKI::Server::Workflow::Activity::Noop 115 label: I18N_OPENXPKI_UI_WORKFLOW_ACTION_REJECT_CRR_LABEL 116 description: I18N_OPENXPKI_UI_WORKFLOW_ACTION_REJECT_CRR_DESC 117 118 revoke_certificate: 119 class: OpenXPKI::Server::Workflow::Activity::Tools::RevokeCertificate 120 param: 121 workflow: certificate_revocation_request_v2 122 _map_reason_code: $reason_code 123 _map_comment: $comment 124 flag_auto_approval : 1 125 flag_batch_mode: 1 126 127 push_to_failed_queue: 128 class: OpenXPKI::Server::Workflow::Activity::Tools::WFArray 129 param: 130 array_name: cert_identifier_ignored 131 context_key: cert_identifier 132 function: push 133 134 toarray: 135 class: OpenXPKI::Server::Workflow::Activity::Tools::StringToArray 136 param: 137 _map_value: $cert_identifier_list 138 target_key: cert_identifier_list 139 140 141condition: 142 143 acl_can_approve: 144 class: Workflow::Condition::LazyAND 145 param: 146 condition1: global_is_operator 147# condition2: "!global_is_creator" 148 149 acl_can_reject: 150 class: Workflow::Condition::LazyAND 151 param: 152 condition1: global_is_operator 153# condition2: "!global_is_creator" 154 155 is_certificate_issued: 156 class: OpenXPKI::Server::Workflow::Condition::CertificateHasStatus 157 param: 158 expected_status: ISSUED 159 160 161field: 162 entity: 163 label: I18N_OPENXPKI_UI_WORKFLOW_FIELD_ENTITY_LABEL 164 name: entity 165 required: 1 166 167 cert_identifier_list: 168 label: I18N_OPENXPKI_UI_WORKFLOW_FIELD_CERTIFICATE_IDENTIFIER_LIST_LABEL 169 name: cert_identifier_list 170 type: uploadarea 171 placeholder: I18N_OPENXPKI_UI_WORKFLOW_FIELD_CERTIFICATE_IDENTIFIER_LIST_PLACEHOLDER 172 format: linklist 173 preamble: Subject / Status / Identifier 174 yaml_template: > 175 [% USE Certificate %] 176 [% FOREACH identifier = value %] 177 - page: certificate!detail!identifier![% identifier %] 178 label: [% IF Certificate.status(identifier) %][% Certificate.dn(identifier, 'CN') %] / [% Certificate.status(identifier) %] / [% identifier %] 179 [% ELSE %]Unknown / Unknown / [% identifier %][% END %] 180 [% END %] 181 182 cert_identifier_ignored: 183 label: I18N_OPENXPKI_UI_WORKFLOW_FIELD_CERTIFICATE_IDENTIFIER_IGNORED_LABEL 184 name: cert_identifier_ignored 185 format: linklist 186 preamble: Subject / Status / Identifier 187 yaml_template: > 188 [% USE Certificate %] 189 [% FOREACH identifier = value %] 190 - page: certificate!detail!identifier![% identifier %] 191 label: [% IF Certificate.status(identifier) %][% Certificate.dn(identifier, 'CN') %] / [% Certificate.status(identifier) %] / [% identifier %] 192 [% ELSE %]Unknown / Unknown / [% identifier %][% END %] 193 [% END %] 194 195acl: 196 CA Operator: 197 creator: any 198 199 RA Operator: 200 creator: any 201 fail: 1 202 resume: 1 203 wakeup: 1 204 history: 1 205 techlog: 1 206 attribute: 1 207 context: 1 208 209 System: 210 creator: any 211 fail: 1 212 resume: 1 213 wakeup: 1 214 215