Status updates, SSL updates

modules/ssl/classes/Model/SSL/CA.php

@@ -13,7 +13,11 @@ class Model_SSL_CA extends ORM_OSB {
 	protected $_updated_column = FALSE;
 
 	// Relationships
+	protected $_belongs_to = array(
+		'parent'=>array('model'=>'ssl_ca','foreign_key'=>'parent_ssl_ca_id'),
+	);
 	protected $_has_many = array(
+		'children'=>array('model'=>'ssl_ca','far_key'=>'id','foreign_key'=>'parent_ssl_ca_id'),
 		'service'=>array('through'=>'service__ssl'),
 	);
 
@@ -23,6 +27,14 @@ class Model_SSL_CA extends ORM_OSB {
 		),
 	);
 
+	public function filters() {
+		return array(
+			'parent_ssl_ca_id'=>array(
+				array(array($this,'filter_getParent')),
+			)
+		);
+	}
+
 	public function rules() {
 		return array(
 			'sign_cert'=>array(
@@ -30,19 +42,11 @@ class Model_SSL_CA extends ORM_OSB {
 				array(array($this,'isCA')),
 			),
 			'parent_ssl_ca_id'=>array(
-				array(array($this,'Rule_ParentExists')),
+				array(array($this,'rule_parentExist')),
 			),
 		);
 	}
 
-	public function filters() {
-		return array(
-			'parent_ssl_ca_id'=>array(
-				array(array($this,'Filter_GetParent')),
-			)
-		);
-	}
-
 	private $_so = NULL;
 
 	/**
@@ -51,10 +55,13 @@ class Model_SSL_CA extends ORM_OSB {
 	public function __call($name,$args) {
 		$m = 'get_'.$name;
 
+		if (is_null($this->_so))
+			return NULL;
+
 		if (method_exists($this->_so,$m))
 			return $this->_so->{$m}($args);
 		else
-			throw new Kohana_Exception('Unknown method :method',array(':method'=>$name));
+			throw new Kohana_Exception('Unknown method :method for :class',array(':method'=>$m,':class'=>get_class($this->_so)));
 	}
 
 	// We want to inject the SSL object into this Model
@@ -67,6 +74,42 @@ class Model_SSL_CA extends ORM_OSB {
 		return $this;
 	}
 
+	/**
+	 * List the child CA certs
+	 */
+	public function childca($children=FALSE) {
+		$result = 0;
+
+		if ($children)
+			foreach ($this->list_childca() as $cao)
+				$result += $cao->childca($children);
+
+		return $result+$this->list_childca()->count();
+	}
+
+	public function childcrt($children=FALSE) {
+		$result = 0;
+
+		if ($children)
+			foreach ($this->list_childca() as $cao)
+				$result += $cao->childcrt($children);
+
+		return $result+$this->list_childcrt()->count();
+	}
+
+	/**
+	 * Make sure we have our parent in the DB too
+	 */
+	public function validParent($format=FALSE) {
+		$result = NULL;
+
+		// If we are a root cert, we are valid
+		if (is_null($this->parent_ssl_ca_id) AND $this->isRoot())
+			return StaticList_YesNo::get(TRUE,$format);
+
+		return StaticList_YesNo::get($this->aki_keyid() == $this->parent->ski(),$format);
+	}
+
 	// If we change the SSL certificate, we need to reload our SSL object
 	public function values(array $values, array $expected = NULL) {
 		parent::values($values,$expected);
@@ -77,20 +120,23 @@ class Model_SSL_CA extends ORM_OSB {
 		return $this;
 	}
 
-	// @todo This could require some optimisation, by storing the keyid in the database and then getting the DB just to return that parent
-	public function Filter_GetParent() {
+	public function filter_getParent() {
 		foreach (ORM::factory($this->_object_name)->find_all() as $sco)
 			if ($sco->aki_keyid() == $this->aki_keyid())
 				return $sco->id;
 	}
 
-	public function Rule_ParentExists() {
-		// Our parent_ssl_ca_id should have been populated by Filter_GetParent().
-		return $this->parent_ssl_ca_id OR $this->isRoot();
+	public function list_childca() {
+		return $this->children->find_all();
 	}
 
-	public function list_issued() {
-		return $this->service->find_all();
+	public function list_childcrt() {
+		return $this->service->where_active()->find_all();
+	}
+
+	public function rule_parentExist() {
+		// Our parent_ssl_ca_id should have been populated by filter_GetParent().
+		return $this->parent_ssl_ca_id OR $this->isRoot();
 	}
 }
 ?>

modules/ssl/classes/Model/Service/Plugin/Ssl.php

@@ -18,7 +18,7 @@ class Model_Service_Plugin_Ssl extends Model_Service_Plugin {
 		'service'=>array(),
 	);
 	protected $_has_one = array(
-		'SSL_CA'=>array('far_key'=>'ssl_ca_id','foreign_key'=>'id'),
+		'ca'=>array('model'=>'SSL_CA','far_key'=>'ssl_ca_id','foreign_key'=>'id'),
 	);
 
 	protected $_display_filters = array(
@@ -31,9 +31,23 @@ class Model_Service_Plugin_Ssl extends Model_Service_Plugin {
 	);
 
 	// Required abstract functions
-	public function username_value() {} // Not used
+	public function expire($format=FALSE) {
+		return $this->_so->get_valid_to($format);
+	}
+
+	public function name() {
+		return ($this->cert AND $this->ca->loaded()) ? sprintf('%s:%s',$this->ca->subject(),$this->display('cert')) : $this->display('csr');
+	}
+
 	public function password_value() {} // Not used
 
+	public function service_view() {
+		return View::factory('service/user/plugin/ssl/view')
+			->set('o',$this);
+	}
+
+	public function username_value() {} // Not used
+
 	private $_so = NULL;
 
 	/**
@@ -58,6 +72,10 @@ class Model_Service_Plugin_Ssl extends Model_Service_Plugin {
 		return $this;
 	}
 
+	public function validCA() {
+		return $this->ca->validParent();
+	}
+
 	// If we change the SSL certificate, we need to reload our SSL object
 	public function values(array $values, array $expected = NULL) {
 		parent::values($values,$expected);
@@ -68,19 +86,6 @@ class Model_Service_Plugin_Ssl extends Model_Service_Plugin {
 		return $this;
 	}
 
-	public function expire($format=FALSE) {
-		return $this->_so->get_valid_to($format);
-	}
-
-	public function name() {
-		return ($this->cert AND $this->SSL_CA->loaded()) ? sprintf('%s:%s',$this->SSL_CA->subject(),$this->display('cert')) : $this->display('csr');
-	}
-
-	public function service_view() {
-		return View::factory('service/user/plugin/ssl/view')
-			->set('o',$this);
-	}
-
 	/**
 	 * Get specific service details for use in other modules
 	 * For Example: Invoice
@@ -103,7 +108,7 @@ class Model_Service_Plugin_Ssl extends Model_Service_Plugin {
 	public function admin_update() {
 		return View::factory('service/admin/plugin/ssl/update')
 			->set('mediapath',Route::get('default/media'))
-			->set('so',$this);
+			->set('o',$this);
 	}
 
 	public function download_button() {
@@ -134,17 +139,21 @@ class Model_Service_Plugin_Ssl extends Model_Service_Plugin {
 		return $result;
 	}
 
-	public function renew() {
-		$d = SSL::instance($this->cert);
+	/**
+	 * Renew an SSL Certificate
+	 */
+	public function renew($force=FALSE) {
+		$sslo = SSL::instance($this->cert);
 		$ssl_conf = Kohana::$config->load('ssl');
-		// @todo change this so an admin can force this.
-		$force = TRUE;
 
 		// If our certificate is not old enough skip
-		if ($d->get_valid_to() > time()+$ssl_conf['min_renew_days']*86400 AND ! $force)
+		if ($sslo->get_valid_to() > time()+$ssl_conf['min_renew_days']*86400 AND ! $force)
 			return FALSE;
 
-		$res = openssl_csr_sign($this->csr,$this->SSL_CA->sign_cert,$this->SSL_CA->sign_pk,$this->service->product->plugin()->days,array(
+		$today = mktime(0,0,0,date('n'),date('j'),date('Y'));
+		$days = (int)(($this->service->invoiced_to()-$today)/86400);
+
+		$res = openssl_csr_sign($this->csr,$this->ca->sign_cert,$this->ca->sign_pk,$days,array(
 			'config'=>$ssl_conf['config'],
 			'x509_extensions'=>$this->service->product->plugin()->extensions,
 			'digest_alg'=>'sha1',
@@ -155,11 +164,12 @@ class Model_Service_Plugin_Ssl extends Model_Service_Plugin {
 			$this->save();
 
 			return TRUE;
+
 		} else {
 			print_r(array(
 				'csr'=>$this->csr,
-				'ca'=>$this->SSL_CA->sign_cert,
-				'capk'=>$this->SSL_CA->sign_pk,
+				'ca'=>$this->ca->sign_cert,
+				'capk'=>$this->ca->sign_pk,
 				'days'=>$this->service->product->plugin()->days,
 				'ssl'=>$ssl_conf,
 				'x509e'=>$this->service->product->plugin()->extensions