summaryrefslogtreecommitdiffstats
path: root/library/X509/ProvidedHook/ServicesImportSource.php
diff options
context:
space:
mode:
Diffstat (limited to 'library/X509/ProvidedHook/ServicesImportSource.php')
-rw-r--r--library/X509/ProvidedHook/ServicesImportSource.php85
1 files changed, 85 insertions, 0 deletions
diff --git a/library/X509/ProvidedHook/ServicesImportSource.php b/library/X509/ProvidedHook/ServicesImportSource.php
new file mode 100644
index 0000000..19f9de9
--- /dev/null
+++ b/library/X509/ProvidedHook/ServicesImportSource.php
@@ -0,0 +1,85 @@
+<?php
+// Icinga Web 2 X.509 Module | (c) 2019 Icinga GmbH | GPLv2
+
+namespace Icinga\Module\X509\ProvidedHook;
+
+use ipl\Sql;
+
+class ServicesImportSource extends x509ImportSource
+{
+ public function fetchData()
+ {
+ $targets = (new Sql\Select())
+ ->from('x509_target t')
+ ->columns([
+ 'host_ip' => 't.ip',
+ 'host_name' => 't.hostname',
+ 'host_port' => 't.port',
+ 'cert_subject' => 'c.subject',
+ 'cert_issuer' => 'c.issuer',
+ 'cert_self_signed' => 'COALESCE(ci.self_signed, c.self_signed)',
+ 'cert_trusted' => 'c.trusted',
+ 'cert_valid_from' => 'c.valid_from',
+ 'cert_valid_to' => 'c.valid_to',
+ 'cert_fingerprint' => 'HEX(c.fingerprint)',
+ 'cert_dn' => 'GROUP_CONCAT(CONCAT(dn.key, \'=\', dn.value) SEPARATOR \',\')',
+ 'cert_subject_alt_name' => (new Sql\Select())
+ ->from('x509_certificate_subject_alt_name can')
+ ->columns('GROUP_CONCAT(CONCAT(can.type, \':\', can.value) SEPARATOR \',\')')
+ ->where(['can.certificate_id = c.id'])
+ ->groupBy(['can.certificate_id'])
+ ])
+ ->join('x509_certificate_chain cc', 'cc.id = t.latest_certificate_chain_id')
+ ->join('x509_certificate_chain_link ccl', 'ccl.certificate_chain_id = cc.id')
+ ->join('x509_certificate c', 'c.id = ccl.certificate_id')
+ ->joinLeft('x509_certificate ci', 'ci.subject_hash = c.issuer_hash')
+ ->joinLeft('x509_dn dn', 'dn.hash = c.subject_hash')
+ ->where(['ccl.order = ?' => 0])
+ ->groupBy(['t.ip', 't.hostname', 't.port']);
+
+ $results = [];
+ foreach ($this->getDb()->select($targets) as $target) {
+ list($ipv4, $ipv6) = $this->transformIpAddress($target->host_ip);
+ $target->host_ip = $ipv4 ?: $ipv6;
+ $target->host_address = $ipv4;
+ $target->host_address6 = $ipv6;
+
+ $target->host_name_ip_and_port = sprintf(
+ '%s/%s:%d',
+ $target->host_name,
+ $target->host_ip,
+ $target->host_port
+ );
+
+ $results[$target->host_name_ip_and_port] = $target;
+ }
+
+ return $results;
+ }
+
+ public function listColumns()
+ {
+ return [
+ 'host_name_ip_and_port',
+ 'host_ip',
+ 'host_name',
+ 'host_port',
+ 'host_address',
+ 'host_address6',
+ 'cert_subject',
+ 'cert_issuer',
+ 'cert_self_signed',
+ 'cert_trusted',
+ 'cert_valid_from',
+ 'cert_valid_to',
+ 'cert_fingerprint',
+ 'cert_dn',
+ 'cert_subject_alt_name'
+ ];
+ }
+
+ public static function getDefaultKeyColumnName()
+ {
+ return 'host_name_ip_and_port';
+ }
+}