application/controllers/ChainController.php


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83

<?php
// Icinga Web 2 X.509 Module | (c) 2018 Icinga GmbH | GPLv2

namespace Icinga\Module\X509\Controllers;

use Icinga\Exception\ConfigurationError;
use Icinga\Module\X509\ChainDetails;
use Icinga\Module\X509\Controller;
use ipl\Html\Attribute;
use ipl\Html\Html;
use ipl\Html\HtmlDocument;
use ipl\Sql;

class ChainController extends Controller
{
    public function indexAction()
    {
        $id = $this->params->getRequired('id');

        try {
            $conn = $this->getDb();
        } catch (ConfigurationError $_) {
            $this->render('missing-resource', null, true);
            return;
        }

        $chainSelect = (new Sql\Select())
            ->from('x509_certificate_chain ch')
            ->columns('*')
            ->join('x509_target t', 't.id = ch.target_id')
            ->where(['ch.id = ?' => $id]);

        $chain = $conn->select($chainSelect)->fetch();

        if ($chain === false) {
            $this->httpNotFound($this->translate('Certificate not found.'));
        }

        $this->setTitle($this->translate('X.509 Certificate Chain'));

        $ip = $chain['ip'];
        $ipv4 = ltrim($ip, "\0");
        if (strlen($ipv4) === 4) {
            $ip = $ipv4;
        }

        $chainInfo = Html::tag('div');
        $chainInfo->add(Html::tag('dl', [
            Html::tag('dt', $this->translate('Host')),
            Html::tag('dd', $chain['hostname']),
            Html::tag('dt', $this->translate('IP')),
            Html::tag('dd', inet_ntop($ip)),
            Html::tag('dt', $this->translate('Port')),
            Html::tag('dd', $chain['port'])
        ]));

        $valid = Html::tag('div', ['class' => 'cert-chain']);

        if ($chain['valid'] === 'yes') {
            $valid->getAttributes()->add('class', '-valid');
            $valid->add(Html::tag('p', $this->translate('Certificate chain is valid.')));
        } else {
            $valid->getAttributes()->add('class', '-invalid');
            $valid->add(Html::tag('p', sprintf(
                $this->translate('Certificate chain is invalid: %s.'),
                $chain['invalid_reason']
            )));
        }

        $certsSelect = (new Sql\Select())
            ->from('x509_certificate c')
            ->columns('*')
            ->join('x509_certificate_chain_link ccl', 'ccl.certificate_id = c.id')
            ->join('x509_certificate_chain cc', 'cc.id = ccl.certificate_chain_id')
            ->where(['cc.id = ?' => $id])
            ->orderBy('ccl.order');

        $this->view->chain = (new HtmlDocument())
            ->add($chainInfo)
            ->add($valid)
            ->add((new ChainDetails())->setData($conn->select($certsSelect)));
    }
}