|
| 1 | +<!-- |
| 2 | + - SPDX-FileCopyrightText: 2026 LibreCode coop and LibreCode contributors |
| 3 | + - SPDX-License-Identifier: AGPL-3.0-or-later |
| 4 | +--> |
| 5 | +<template> |
| 6 | + <NcSettingsSection |
| 7 | + :name="sectionTitle" |
| 8 | + :description="sectionDescription"> |
| 9 | + <NcCheckboxRadioSwitch |
| 10 | + type="switch" |
| 11 | + v-model="enabled" |
| 12 | + @update:model-value="saveEnabled"> |
| 13 | + {{ toggleLabel }} |
| 14 | + </NcCheckboxRadioSwitch> |
| 15 | + |
| 16 | + <NcNoteCard v-if="enabled && !ldapExtensionAvailable" |
| 17 | + type="warning" |
| 18 | + class="crl-note"> |
| 19 | + {{ ldapMissingWarning }} |
| 20 | + </NcNoteCard> |
| 21 | + |
| 22 | + <NcNoteCard v-if="!enabled" |
| 23 | + type="warning" |
| 24 | + class="crl-note"> |
| 25 | + {{ disabledWarning }} |
| 26 | + </NcNoteCard> |
| 27 | + </NcSettingsSection> |
| 28 | +</template> |
| 29 | + |
| 30 | +<script> |
| 31 | +import { loadState } from '@nextcloud/initial-state' |
| 32 | +import { t } from '@nextcloud/l10n' |
| 33 | +
|
| 34 | +import NcCheckboxRadioSwitch from '@nextcloud/vue/components/NcCheckboxRadioSwitch' |
| 35 | +import NcNoteCard from '@nextcloud/vue/components/NcNoteCard' |
| 36 | +import NcSettingsSection from '@nextcloud/vue/components/NcSettingsSection' |
| 37 | +
|
| 38 | +export default { |
| 39 | + name: 'CrlValidation', |
| 40 | + components: { |
| 41 | + NcCheckboxRadioSwitch, |
| 42 | + NcNoteCard, |
| 43 | + NcSettingsSection, |
| 44 | + }, |
| 45 | + data() { |
| 46 | + return { |
| 47 | + enabled: loadState('libresign', 'crl_external_validation_enabled', true), |
| 48 | + ldapExtensionAvailable: loadState('libresign', 'ldap_extension_available', true), |
| 49 | + } |
| 50 | + }, |
| 51 | + computed: { |
| 52 | + sectionTitle() { |
| 53 | + // TRANSLATORS: Section title. CRL (Certificate Revocation List) is a file published by a certificate authority listing certificates that have been cancelled before their expiry date, similar to a blacklist of invalid credentials. |
| 54 | + return t('libresign', 'Certificate Revocation (CRL)') |
| 55 | + }, |
| 56 | + sectionDescription() { |
| 57 | + // TRANSLATORS: Section description. A CRL Distribution Point is a web address embedded in a certificate that tells software where to download the revocation list and check whether that certificate has been cancelled. |
| 58 | + return t('libresign', 'Controls external CRL validation when signing with personal certificates.') |
| 59 | + }, |
| 60 | + toggleLabel() { |
| 61 | + // TRANSLATORS: Toggle label. "CRL Distribution Points" are web addresses (URLs) embedded in the certificate that point to the revocation list file. "External" means those addresses lead to servers outside this Nextcloud instance (e.g. a government or corporate CA server). |
| 62 | + return t('libresign', 'Validate external CRL Distribution Points') |
| 63 | + }, |
| 64 | + ldapMissingWarning() { |
| 65 | + // TRANSLATORS: Warning shown when CRL validation is on but the PHP LDAP extension is missing. LDAP is a network protocol used by some certificate authorities (especially government ones) to publish their revocation lists instead of a normal HTTPS address. The "extension" refers to a PHP software module that must be installed on the server. |
| 66 | + return t('libresign', 'The PHP LDAP extension is not installed. Users with certificates that use LDAP-based CRL Distribution Points will not be able to sign documents.') |
| 67 | + }, |
| 68 | + disabledWarning() { |
| 69 | + // TRANSLATORS: Warning shown when the admin disables external CRL validation. "Revoked" means the certificate authority has cancelled a certificate before its expiry date, for example when a user is removed and their certificate is invalidated. This only affects certificates from external authorities that embed CRL Distribution Points. Certificates issued by LibreSign are not affected. |
| 70 | + return t('libresign', 'External CRL validation is disabled. Revocation of certificates from external authorities will not be checked. Certificates issued by LibreSign are not affected.') |
| 71 | + }, |
| 72 | + }, |
| 73 | + methods: { |
| 74 | + t, |
| 75 | + saveEnabled() { |
| 76 | + OCP.AppConfig.setValue('libresign', 'crl_external_validation_enabled', this.enabled ? '1' : '0') |
| 77 | + }, |
| 78 | + }, |
| 79 | +} |
| 80 | +</script> |
| 81 | + |
| 82 | +<style lang="scss" scoped> |
| 83 | +.crl-note { |
| 84 | + margin-top: 12px; |
| 85 | +} |
| 86 | +</style> |
0 commit comments