Status updates, SSL updates
This commit is contained in:
Deon George
@@ -1,109 +0,0 @@
|
||||
<?php defined('SYSPATH') or die('No direct access allowed.');
|
||||
|
||||
/**
|
||||
* This class provides Admin SSL functions
|
||||
*
|
||||
* @package SSL
|
||||
* @category Controllers/Admin
|
||||
* @author Deon George
|
||||
* @copyright (c) 2009-2013 Open Source Billing
|
||||
* @license http://dev.osbill.net/license.html
|
||||
*/
|
||||
class Controller_Admin_SSL extends Controller_TemplateDefault_Admin {
|
||||
protected $secure_actions = array(
|
||||
'add'=>TRUE,
|
||||
'list'=>TRUE,
|
||||
'view'=>TRUE,
|
||||
);
|
||||
|
||||
public function action_list() {
|
||||
Block::add(array(
|
||||
'title'=>_('SSL CA Certificates'),
|
||||
'body'=>Table::display(
|
||||
ORM::factory('SSL_CA')->find_all(),
|
||||
25,
|
||||
array(
|
||||
'id'=>array('label'=>'ID','url'=>URL::link('admin','ssl/view/')),
|
||||
'sign_cert'=>array('label'=>'Cert'),
|
||||
'issuer()'=>array('label'=>'Issuer'),
|
||||
'valid_to(TRUE)'=>array('label'=>'Expires'),
|
||||
),
|
||||
array(
|
||||
'page'=>TRUE,
|
||||
'type'=>'select',
|
||||
'form'=>URL::link('admin','ssl/view'),
|
||||
)),
|
||||
));
|
||||
}
|
||||
|
||||
private function add_view($id=NULL,$output='') {
|
||||
$so = ORM::factory('SSL_CA',$id);
|
||||
|
||||
if ($_POST) {
|
||||
if ($so->values($_POST)->changed()) {
|
||||
try {
|
||||
$so->save();
|
||||
SystemMessage::add(array(
|
||||
'title'=>'SSL Certificate Saved',
|
||||
'type'=>'info',
|
||||
'body'=>'SSL Certificate successfully recorded.',
|
||||
));
|
||||
|
||||
} catch (ORM_Validation_Exception $e) {
|
||||
$errors = $e->errors('models');
|
||||
|
||||
SystemMessage::add(array(
|
||||
'title'=>'SSL Certificate NOT saved',
|
||||
'type'=>'error',
|
||||
'body'=>join("\n",array_values($errors)),
|
||||
));
|
||||
|
||||
$so->reload();
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
$output .= Form::open();
|
||||
$output .= View::factory('ssl/admin/add_view')
|
||||
->set('o',$so);
|
||||
$output .= Form::submit('submit','submit',array('class'=>'form_button'));
|
||||
$output .= Form::close();
|
||||
|
||||
return $output;
|
||||
}
|
||||
|
||||
public function action_add() {
|
||||
Block::add(array(
|
||||
'title'=>_('Add SSL CA Certificate'),
|
||||
'body'=>$this->add_view(),
|
||||
));
|
||||
}
|
||||
|
||||
public function action_view() {
|
||||
list($id,$output) = Table::page(__METHOD__);
|
||||
|
||||
Block::add(array(
|
||||
'title'=>sprintf('%s: %s (%s)',_('View SSL CA Certificate'),$id,ORM::factory('SSL_CA',$id)->display('sign_cert')),
|
||||
'body'=>$this->add_view($id,$output),
|
||||
));
|
||||
|
||||
Block::add(array(
|
||||
'title'=>_('Services using this Certificate'),
|
||||
'body'=>Table::display(
|
||||
ORM::factory('SSL_CA',$id)->list_issued(),
|
||||
25,
|
||||
array(
|
||||
'id'=>array('label'=>'ID','url'=>URL::link('admin','service/view/')),
|
||||
'plugin()->dn()'=>array('label'=>'Cert'),
|
||||
'plugin()->valid_to(TRUE)'=>array('label'=>'Expires'),
|
||||
),
|
||||
array(
|
||||
'page'=>TRUE,
|
||||
'type'=>'select',
|
||||
'form'=>URL::link('admin','service/view'),
|
||||
)),
|
||||
));
|
||||
|
||||
}
|
||||
}
|
||||
?>
|
||||
162
modules/ssl/classes/Controller/Reseller/Ssl.php
Normal file
162
modules/ssl/classes/Controller/Reseller/Ssl.php
Normal file
@@ -0,0 +1,162 @@
|
||||
<?php defined('SYSPATH') or die('No direct access allowed.');
|
||||
|
||||
/**
|
||||
* This class provides Reseller SSL functions
|
||||
*
|
||||
* @package SSL
|
||||
* @category Controllers/Reseller
|
||||
* @author Deon George
|
||||
* @copyright (c) 2009-2013 Open Source Billing
|
||||
* @license http://dev.osbill.net/license.html
|
||||
*/
|
||||
class Controller_Reseller_SSL extends Controller_SSL {
|
||||
protected $secure_actions = array(
|
||||
'add'=>TRUE,
|
||||
'edit'=>TRUE,
|
||||
'list'=>TRUE,
|
||||
'renew'=>TRUE,
|
||||
'listchildca'=>TRUE,
|
||||
'listchildcrt'=>TRUE,
|
||||
);
|
||||
|
||||
public function action_list() {
|
||||
Block::factory()
|
||||
->title('SSL CA Certificates')
|
||||
->title_icon('icon-th-list')
|
||||
->body(Table::factory()
|
||||
->jssort('ca')
|
||||
->data(ORM::factory('SSL_CA')->where_authorised($this->ao)->find_all())
|
||||
->columns(array(
|
||||
'id'=>'ID',
|
||||
'sign_cert'=>'Cert',
|
||||
'valid_to(TRUE)'=>'Expires',
|
||||
'validParent(TRUE)'=>'Valid',
|
||||
'childca(TRUE)'=>'cCA',
|
||||
'childcrt(TRUE)'=>'Crts',
|
||||
'issuer()'=>'Issuer',
|
||||
))
|
||||
->prepend(array(
|
||||
'id'=>array('url'=>URL::link('reseller','ssl/edit/')),
|
||||
'childca(TRUE)'=>array('url_resolve'=>URL::link('reseller','ssl/listchildca/%id%')),
|
||||
'childcrt(TRUE)'=>array('url_resolve'=>URL::link('reseller','ssl/listchildcrt/%id%')),
|
||||
))
|
||||
);
|
||||
}
|
||||
|
||||
public function action_listchildca() {
|
||||
list($id,$output) = Table::page(__METHOD__);
|
||||
$sco = ORM::factory('SSL_CA',$id);
|
||||
|
||||
if ($sco->childca())
|
||||
Block::factory()
|
||||
->title(sprintf('SSL CA Certificates for CA: %s',$sco->dn()))
|
||||
->title_icon('icon-th-list')
|
||||
->body(Table::factory()
|
||||
->jssort('ca')
|
||||
->data($sco->where_authorised($this->ao)->list_childca())
|
||||
->columns(array(
|
||||
'id'=>'ID',
|
||||
'sign_cert'=>'Cert',
|
||||
'ski()'=>'Identifier',
|
||||
'valid_to(TRUE)'=>'Expires',
|
||||
'validParent(TRUE)'=>'Valid',
|
||||
'childca()'=>'cCA',
|
||||
'childcrt()'=>'Crts',
|
||||
))
|
||||
->prepend(array(
|
||||
'id'=>array('url'=>URL::link('reseller','ssl/edit/')),
|
||||
'childca()'=>array('url_resolve'=>URL::link('reseller','ssl/listchildca/%id%')),
|
||||
'childcrt()'=>array('url_resolve'=>URL::link('reseller','ssl/listchildcrt/%id%')),
|
||||
))
|
||||
);
|
||||
|
||||
if ($sco->childcrt())
|
||||
$this->action_listchildcrt();
|
||||
}
|
||||
|
||||
public function action_listchildcrt() {
|
||||
list($id,$output) = Table::page(__METHOD__);
|
||||
$sco = ORM::factory('SSL_CA',$id);
|
||||
|
||||
Block::factory()
|
||||
->title(sprintf('SSL Certificates for CA: %s',$sco->dn()))
|
||||
->title_icon('icon-th-list')
|
||||
->body(Table::factory()
|
||||
->jssort('crt')
|
||||
->data($sco->where_authorised($this->ao)->list_childcrt())
|
||||
->columns(array(
|
||||
'id'=>'ID',
|
||||
'plugin()->dn()'=>'Cert',
|
||||
'plugin()->valid_to(TRUE)'=>'Expires',
|
||||
))
|
||||
->prepend(array(
|
||||
'id'=>array('url'=>URL::link('user','service/view/')),
|
||||
))
|
||||
);
|
||||
}
|
||||
|
||||
public function action_add() {
|
||||
Block::factory()
|
||||
->type('form-horizontal')
|
||||
->title('Add/View SSL CA')
|
||||
->title_icon('icon-wrench')
|
||||
->body($this->add_edit());
|
||||
}
|
||||
|
||||
public function action_edit() {
|
||||
list($id,$output) = Table::page(__METHOD__);
|
||||
|
||||
Block::factory()
|
||||
->type('form-horizontal')
|
||||
->title(sprintf('%s: %s',_('Add/View SSL CA'),$id))
|
||||
->title_icon('icon-wrench')
|
||||
->body($this->add_edit($id,$output));
|
||||
}
|
||||
|
||||
public function action_renew() {
|
||||
$so = ORM::factory('Service',Request::current()->param('id'));
|
||||
|
||||
if (! $so->loaded() OR ! Auth::instance()->authorised($so->account)) {
|
||||
SystemMessage::factory()
|
||||
->title('SSL Certificate not updated')
|
||||
->type('error')
|
||||
->body('Either the Service doesnt exist, or you are not authorised to see it');
|
||||
|
||||
HTTP::redirect('welcome');
|
||||
}
|
||||
|
||||
$so->plugin()->renew();
|
||||
HTTP::redirect(URL::link('user','service/view/'.$so->id));
|
||||
}
|
||||
|
||||
private function add_edit($id=NULL,$output='') {
|
||||
$sco = ORM::factory('SSL_CA',$id);
|
||||
|
||||
if ($_POST) {
|
||||
// Entry updated
|
||||
if ($sco->values($_POST)->check()) {
|
||||
try {
|
||||
$sco->save();
|
||||
SystemMessage::factory()
|
||||
->title('Record updated')
|
||||
->type('success')
|
||||
->body(_('Your Charge record has been recorded/updated.'));
|
||||
|
||||
} catch (ORM_Validation_Exception $e) {
|
||||
$errors = $e->errors('models');
|
||||
|
||||
SystemMessage::factory()
|
||||
->title('Record NOT updated')
|
||||
->type('error')
|
||||
->body(join('<br/>',array_values($errors)));
|
||||
|
||||
$sco->reload();
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return View::factory('ssl/reseller/add_edit')
|
||||
->set('o',$sco);
|
||||
}
|
||||
}
|
||||
?>
|
||||
@@ -13,7 +13,11 @@ class Model_SSL_CA extends ORM_OSB {
|
||||
protected $_updated_column = FALSE;
|
||||
|
||||
// Relationships
|
||||
protected $_belongs_to = array(
|
||||
'parent'=>array('model'=>'ssl_ca','foreign_key'=>'parent_ssl_ca_id'),
|
||||
);
|
||||
protected $_has_many = array(
|
||||
'children'=>array('model'=>'ssl_ca','far_key'=>'id','foreign_key'=>'parent_ssl_ca_id'),
|
||||
'service'=>array('through'=>'service__ssl'),
|
||||
);
|
||||
|
||||
@@ -23,6 +27,14 @@ class Model_SSL_CA extends ORM_OSB {
|
||||
),
|
||||
);
|
||||
|
||||
public function filters() {
|
||||
return array(
|
||||
'parent_ssl_ca_id'=>array(
|
||||
array(array($this,'filter_getParent')),
|
||||
)
|
||||
);
|
||||
}
|
||||
|
||||
public function rules() {
|
||||
return array(
|
||||
'sign_cert'=>array(
|
||||
@@ -30,19 +42,11 @@ class Model_SSL_CA extends ORM_OSB {
|
||||
array(array($this,'isCA')),
|
||||
),
|
||||
'parent_ssl_ca_id'=>array(
|
||||
array(array($this,'Rule_ParentExists')),
|
||||
array(array($this,'rule_parentExist')),
|
||||
),
|
||||
);
|
||||
}
|
||||
|
||||
public function filters() {
|
||||
return array(
|
||||
'parent_ssl_ca_id'=>array(
|
||||
array(array($this,'Filter_GetParent')),
|
||||
)
|
||||
);
|
||||
}
|
||||
|
||||
private $_so = NULL;
|
||||
|
||||
/**
|
||||
@@ -51,10 +55,13 @@ class Model_SSL_CA extends ORM_OSB {
|
||||
public function __call($name,$args) {
|
||||
$m = 'get_'.$name;
|
||||
|
||||
if (is_null($this->_so))
|
||||
return NULL;
|
||||
|
||||
if (method_exists($this->_so,$m))
|
||||
return $this->_so->{$m}($args);
|
||||
else
|
||||
throw new Kohana_Exception('Unknown method :method',array(':method'=>$name));
|
||||
throw new Kohana_Exception('Unknown method :method for :class',array(':method'=>$m,':class'=>get_class($this->_so)));
|
||||
}
|
||||
|
||||
// We want to inject the SSL object into this Model
|
||||
@@ -67,6 +74,42 @@ class Model_SSL_CA extends ORM_OSB {
|
||||
return $this;
|
||||
}
|
||||
|
||||
/**
|
||||
* List the child CA certs
|
||||
*/
|
||||
public function childca($children=FALSE) {
|
||||
$result = 0;
|
||||
|
||||
if ($children)
|
||||
foreach ($this->list_childca() as $cao)
|
||||
$result += $cao->childca($children);
|
||||
|
||||
return $result+$this->list_childca()->count();
|
||||
}
|
||||
|
||||
public function childcrt($children=FALSE) {
|
||||
$result = 0;
|
||||
|
||||
if ($children)
|
||||
foreach ($this->list_childca() as $cao)
|
||||
$result += $cao->childcrt($children);
|
||||
|
||||
return $result+$this->list_childcrt()->count();
|
||||
}
|
||||
|
||||
/**
|
||||
* Make sure we have our parent in the DB too
|
||||
*/
|
||||
public function validParent($format=FALSE) {
|
||||
$result = NULL;
|
||||
|
||||
// If we are a root cert, we are valid
|
||||
if (is_null($this->parent_ssl_ca_id) AND $this->isRoot())
|
||||
return StaticList_YesNo::get(TRUE,$format);
|
||||
|
||||
return StaticList_YesNo::get($this->aki_keyid() == $this->parent->ski(),$format);
|
||||
}
|
||||
|
||||
// If we change the SSL certificate, we need to reload our SSL object
|
||||
public function values(array $values, array $expected = NULL) {
|
||||
parent::values($values,$expected);
|
||||
@@ -77,20 +120,23 @@ class Model_SSL_CA extends ORM_OSB {
|
||||
return $this;
|
||||
}
|
||||
|
||||
// @todo This could require some optimisation, by storing the keyid in the database and then getting the DB just to return that parent
|
||||
public function Filter_GetParent() {
|
||||
public function filter_getParent() {
|
||||
foreach (ORM::factory($this->_object_name)->find_all() as $sco)
|
||||
if ($sco->aki_keyid() == $this->aki_keyid())
|
||||
return $sco->id;
|
||||
}
|
||||
|
||||
public function Rule_ParentExists() {
|
||||
// Our parent_ssl_ca_id should have been populated by Filter_GetParent().
|
||||
return $this->parent_ssl_ca_id OR $this->isRoot();
|
||||
public function list_childca() {
|
||||
return $this->children->find_all();
|
||||
}
|
||||
|
||||
public function list_issued() {
|
||||
return $this->service->find_all();
|
||||
public function list_childcrt() {
|
||||
return $this->service->where_active()->find_all();
|
||||
}
|
||||
|
||||
public function rule_parentExist() {
|
||||
// Our parent_ssl_ca_id should have been populated by filter_GetParent().
|
||||
return $this->parent_ssl_ca_id OR $this->isRoot();
|
||||
}
|
||||
}
|
||||
?>
|
||||
|
||||
@@ -18,7 +18,7 @@ class Model_Service_Plugin_Ssl extends Model_Service_Plugin {
|
||||
'service'=>array(),
|
||||
);
|
||||
protected $_has_one = array(
|
||||
'SSL_CA'=>array('far_key'=>'ssl_ca_id','foreign_key'=>'id'),
|
||||
'ca'=>array('model'=>'SSL_CA','far_key'=>'ssl_ca_id','foreign_key'=>'id'),
|
||||
);
|
||||
|
||||
protected $_display_filters = array(
|
||||
@@ -31,9 +31,23 @@ class Model_Service_Plugin_Ssl extends Model_Service_Plugin {
|
||||
);
|
||||
|
||||
// Required abstract functions
|
||||
public function username_value() {} // Not used
|
||||
public function expire($format=FALSE) {
|
||||
return $this->_so->get_valid_to($format);
|
||||
}
|
||||
|
||||
public function name() {
|
||||
return ($this->cert AND $this->ca->loaded()) ? sprintf('%s:%s',$this->ca->subject(),$this->display('cert')) : $this->display('csr');
|
||||
}
|
||||
|
||||
public function password_value() {} // Not used
|
||||
|
||||
public function service_view() {
|
||||
return View::factory('service/user/plugin/ssl/view')
|
||||
->set('o',$this);
|
||||
}
|
||||
|
||||
public function username_value() {} // Not used
|
||||
|
||||
private $_so = NULL;
|
||||
|
||||
/**
|
||||
@@ -58,6 +72,10 @@ class Model_Service_Plugin_Ssl extends Model_Service_Plugin {
|
||||
return $this;
|
||||
}
|
||||
|
||||
public function validCA() {
|
||||
return $this->ca->validParent();
|
||||
}
|
||||
|
||||
// If we change the SSL certificate, we need to reload our SSL object
|
||||
public function values(array $values, array $expected = NULL) {
|
||||
parent::values($values,$expected);
|
||||
@@ -68,19 +86,6 @@ class Model_Service_Plugin_Ssl extends Model_Service_Plugin {
|
||||
return $this;
|
||||
}
|
||||
|
||||
public function expire($format=FALSE) {
|
||||
return $this->_so->get_valid_to($format);
|
||||
}
|
||||
|
||||
public function name() {
|
||||
return ($this->cert AND $this->SSL_CA->loaded()) ? sprintf('%s:%s',$this->SSL_CA->subject(),$this->display('cert')) : $this->display('csr');
|
||||
}
|
||||
|
||||
public function service_view() {
|
||||
return View::factory('service/user/plugin/ssl/view')
|
||||
->set('o',$this);
|
||||
}
|
||||
|
||||
/**
|
||||
* Get specific service details for use in other modules
|
||||
* For Example: Invoice
|
||||
@@ -103,7 +108,7 @@ class Model_Service_Plugin_Ssl extends Model_Service_Plugin {
|
||||
public function admin_update() {
|
||||
return View::factory('service/admin/plugin/ssl/update')
|
||||
->set('mediapath',Route::get('default/media'))
|
||||
->set('so',$this);
|
||||
->set('o',$this);
|
||||
}
|
||||
|
||||
public function download_button() {
|
||||
@@ -134,17 +139,21 @@ class Model_Service_Plugin_Ssl extends Model_Service_Plugin {
|
||||
return $result;
|
||||
}
|
||||
|
||||
public function renew() {
|
||||
$d = SSL::instance($this->cert);
|
||||
/**
|
||||
* Renew an SSL Certificate
|
||||
*/
|
||||
public function renew($force=FALSE) {
|
||||
$sslo = SSL::instance($this->cert);
|
||||
$ssl_conf = Kohana::$config->load('ssl');
|
||||
// @todo change this so an admin can force this.
|
||||
$force = TRUE;
|
||||
|
||||
// If our certificate is not old enough skip
|
||||
if ($d->get_valid_to() > time()+$ssl_conf['min_renew_days']*86400 AND ! $force)
|
||||
if ($sslo->get_valid_to() > time()+$ssl_conf['min_renew_days']*86400 AND ! $force)
|
||||
return FALSE;
|
||||
|
||||
$res = openssl_csr_sign($this->csr,$this->SSL_CA->sign_cert,$this->SSL_CA->sign_pk,$this->service->product->plugin()->days,array(
|
||||
$today = mktime(0,0,0,date('n'),date('j'),date('Y'));
|
||||
$days = (int)(($this->service->invoiced_to()-$today)/86400);
|
||||
|
||||
$res = openssl_csr_sign($this->csr,$this->ca->sign_cert,$this->ca->sign_pk,$days,array(
|
||||
'config'=>$ssl_conf['config'],
|
||||
'x509_extensions'=>$this->service->product->plugin()->extensions,
|
||||
'digest_alg'=>'sha1',
|
||||
@@ -155,11 +164,12 @@ class Model_Service_Plugin_Ssl extends Model_Service_Plugin {
|
||||
$this->save();
|
||||
|
||||
return TRUE;
|
||||
|
||||
} else {
|
||||
print_r(array(
|
||||
'csr'=>$this->csr,
|
||||
'ca'=>$this->SSL_CA->sign_cert,
|
||||
'capk'=>$this->SSL_CA->sign_pk,
|
||||
'ca'=>$this->ca->sign_cert,
|
||||
'capk'=>$this->ca->sign_pk,
|
||||
'days'=>$this->service->product->plugin()->days,
|
||||
'ssl'=>$ssl_conf,
|
||||
'x509e'=>$this->service->product->plugin()->extensions
|
||||
|
||||
@@ -12,14 +12,14 @@
|
||||
class Task_SSL_Renew extends Minion_Task {
|
||||
protected $_options = array(
|
||||
'id'=>NULL,
|
||||
'force'=>FALSE,
|
||||
);
|
||||
|
||||
/**
|
||||
* Renew a certificate
|
||||
*/
|
||||
protected function _execute(array $params) {
|
||||
// @todo, Change this to be a SSL id, maybe list all the certs expiring
|
||||
ORM::factory('Service',$params['id'])->plugin()->renew();
|
||||
ORM::factory('Service',$params['id'])->plugin()->renew($params['force']);
|
||||
}
|
||||
}
|
||||
?>
|
||||
|
||||
Reference in New Issue
Block a user