diff options
Diffstat (limited to 'library/X509/ProvidedHook/ServicesImportSource.php')
-rw-r--r-- | library/X509/ProvidedHook/ServicesImportSource.php | 85 |
1 files changed, 85 insertions, 0 deletions
diff --git a/library/X509/ProvidedHook/ServicesImportSource.php b/library/X509/ProvidedHook/ServicesImportSource.php new file mode 100644 index 0000000..19f9de9 --- /dev/null +++ b/library/X509/ProvidedHook/ServicesImportSource.php @@ -0,0 +1,85 @@ +<?php +// Icinga Web 2 X.509 Module | (c) 2019 Icinga GmbH | GPLv2 + +namespace Icinga\Module\X509\ProvidedHook; + +use ipl\Sql; + +class ServicesImportSource extends x509ImportSource +{ + public function fetchData() + { + $targets = (new Sql\Select()) + ->from('x509_target t') + ->columns([ + 'host_ip' => 't.ip', + 'host_name' => 't.hostname', + 'host_port' => 't.port', + 'cert_subject' => 'c.subject', + 'cert_issuer' => 'c.issuer', + 'cert_self_signed' => 'COALESCE(ci.self_signed, c.self_signed)', + 'cert_trusted' => 'c.trusted', + 'cert_valid_from' => 'c.valid_from', + 'cert_valid_to' => 'c.valid_to', + 'cert_fingerprint' => 'HEX(c.fingerprint)', + 'cert_dn' => 'GROUP_CONCAT(CONCAT(dn.key, \'=\', dn.value) SEPARATOR \',\')', + 'cert_subject_alt_name' => (new Sql\Select()) + ->from('x509_certificate_subject_alt_name can') + ->columns('GROUP_CONCAT(CONCAT(can.type, \':\', can.value) SEPARATOR \',\')') + ->where(['can.certificate_id = c.id']) + ->groupBy(['can.certificate_id']) + ]) + ->join('x509_certificate_chain cc', 'cc.id = t.latest_certificate_chain_id') + ->join('x509_certificate_chain_link ccl', 'ccl.certificate_chain_id = cc.id') + ->join('x509_certificate c', 'c.id = ccl.certificate_id') + ->joinLeft('x509_certificate ci', 'ci.subject_hash = c.issuer_hash') + ->joinLeft('x509_dn dn', 'dn.hash = c.subject_hash') + ->where(['ccl.order = ?' => 0]) + ->groupBy(['t.ip', 't.hostname', 't.port']); + + $results = []; + foreach ($this->getDb()->select($targets) as $target) { + list($ipv4, $ipv6) = $this->transformIpAddress($target->host_ip); + $target->host_ip = $ipv4 ?: $ipv6; + $target->host_address = $ipv4; + $target->host_address6 = $ipv6; + + $target->host_name_ip_and_port = sprintf( + '%s/%s:%d', + $target->host_name, + $target->host_ip, + $target->host_port + ); + + $results[$target->host_name_ip_and_port] = $target; + } + + return $results; + } + + public function listColumns() + { + return [ + 'host_name_ip_and_port', + 'host_ip', + 'host_name', + 'host_port', + 'host_address', + 'host_address6', + 'cert_subject', + 'cert_issuer', + 'cert_self_signed', + 'cert_trusted', + 'cert_valid_from', + 'cert_valid_to', + 'cert_fingerprint', + 'cert_dn', + 'cert_subject_alt_name' + ]; + } + + public static function getDefaultKeyColumnName() + { + return 'host_name_ip_and_port'; + } +} |