From c4d28c8a23063ea27e0fc5be8bd5ea8ae9dfa0bc Mon Sep 17 00:00:00 2001
From: Deon George <deon@dege.au>
Date: Mon, 7 Apr 2025 14:34:27 +1000
Subject: [PATCH] Add support for displaying user certificates, that are
 recorded in the directory with a ;binary tag. Closes #75

---
 app/Classes/LDAP/Attribute.php                |  1 -
 app/Classes/LDAP/Attribute/Factory.php        |  1 +
 .../LDAP/Attribute/UserCertificate.php        | 52 +++++++++++++++++++
 app/Ldap/Entry.php                            | 15 ++++--
 composer.json                                 |  1 +
 .../attribute/usercertificate.blade.php       | 25 +++++++++
 .../attribute/widget/options.blade.php        | 36 +++++++++++--
 resources/views/frames/dn.blade.php           |  2 +-
 8 files changed, 122 insertions(+), 11 deletions(-)
 create mode 100644 app/Classes/LDAP/Attribute/UserCertificate.php
 create mode 100644 resources/views/components/attribute/usercertificate.blade.php

diff --git a/app/Classes/LDAP/Attribute.php b/app/Classes/LDAP/Attribute.php
index 82c22ef9..0e2c9380 100644
--- a/app/Classes/LDAP/Attribute.php
+++ b/app/Classes/LDAP/Attribute.php
@@ -16,7 +16,6 @@ class Attribute implements \Countable, \ArrayAccess
 {
 	// Attribute Name
 	protected string $name;
-	private int $counter = 0;
 
 	// Is this attribute an internal attribute
 	protected(set) bool $is_internal = FALSE;
diff --git a/app/Classes/LDAP/Attribute/Factory.php b/app/Classes/LDAP/Attribute/Factory.php
index 3d23fc9e..457f633b 100644
--- a/app/Classes/LDAP/Attribute/Factory.php
+++ b/app/Classes/LDAP/Attribute/Factory.php
@@ -52,6 +52,7 @@ class Factory
 		'supportedfeatures' => Schema\OID::class,
 		'supportedldapversion' => Schema\Generic::class,
 		'supportedsaslmechanisms' => Schema\Mechanisms::class,
+		'usercertificate' => UserCertificate::class,
 		'userpassword' => Password::class,
 	];
 
diff --git a/app/Classes/LDAP/Attribute/UserCertificate.php b/app/Classes/LDAP/Attribute/UserCertificate.php
new file mode 100644
index 00000000..eba299bb
--- /dev/null
+++ b/app/Classes/LDAP/Attribute/UserCertificate.php
@@ -0,0 +1,52 @@
+<?php
+
+namespace App\Classes\LDAP\Attribute;
+
+use Carbon\Carbon;
+use Illuminate\Support\Arr;
+
+use App\Classes\LDAP\Attribute;
+use App\Traits\MD5Updates;
+
+/**
+ * Represents an attribute whose values is a binary user certificate
+ */
+final class UserCertificate extends Attribute
+{
+	use MD5Updates;
+
+	private array $_object = [];
+
+	public function certificate(int $key=0): string
+	{
+		return sprintf("-----BEGIN CERTIFICATE-----\n%s\n-----END CERTIFICATE-----",
+			join("\n",str_split(base64_encode(Arr::get($this->values_old,'binary.'.$key)),80))
+		);
+	}
+
+	public function cert_info(string $index,int $key=0): mixed
+	{
+		if (! array_key_exists($key,$this->_object))
+			$this->_object[$key] = openssl_x509_parse(openssl_x509_read($this->certificate($key)));
+
+
+		return Arr::get($this->_object[$key],$index);
+	}
+
+	public function expires($key=0): Carbon
+	{
+		return Carbon::createFromTimestampUTC($this->cert_info('validTo_time_t',$key));
+	}
+
+	public function render_item_old(string $dotkey): ?string
+	{
+		return join("\n",str_split(base64_encode(parent::render_item_old($dotkey)),80));
+	}
+
+	public function subject($key=0): string
+	{
+		$subject = collect($this->cert_info('subject',$key))->reverse();
+
+		return $subject->map(fn($item,$key)=>sprintf("%s=%s",$key,$item))->join(',');
+	}
+}
\ No newline at end of file
diff --git a/app/Ldap/Entry.php b/app/Ldap/Entry.php
index 741ee998..5eddd64f 100644
--- a/app/Ldap/Entry.php
+++ b/app/Ldap/Entry.php
@@ -389,7 +389,6 @@ class Entry extends Model
 						fn($item)=>
 							(! preg_match(sprintf('/^%s$/',self::TAG_NOTAG),$item))
 							&& (! preg_match(sprintf('/^%s+$/',self::TAG_CHARS_LANG),$item))
-							&& (! preg_match('/^binary$/',$item))
 						)
 						->count())
 			)
@@ -428,9 +427,17 @@ class Entry extends Model
 	 */
 	public function getVisibleAttributes(?string $tag=NULL): Collection
 	{
-		return $this->objects
-			->filter(fn($item)=>! $item->is_internal)
-			->filter(fn($item)=>is_null($tag) || count($item->tagValues($tag)) > 0);
+		static $cache = NULL;
+
+		if (is_null($cache)) {
+			$ot = $this->getOtherTags();
+
+			$cache = $this->objects
+				->filter(fn($item)=>! $item->is_internal)
+				->filter(fn($item)=>is_null($tag) || $ot->has($item->name_lc) || count($item->tagValues($tag)) > 0);
+		}
+
+		return $cache;
 	}
 
 	public function hasAttribute(int|string $key): bool
diff --git a/composer.json b/composer.json
index ff2cc10d..eeb735db 100644
--- a/composer.json
+++ b/composer.json
@@ -7,6 +7,7 @@
     "require": {
         "ext-fileinfo": "*",
         "ext-ldap": "*",
+        "ext-openssl": "*",
         "php": "^8.4",
         "directorytree/ldaprecord-laravel": "^3.0",
         "laravel/framework": "^11.9",
diff --git a/resources/views/components/attribute/usercertificate.blade.php b/resources/views/components/attribute/usercertificate.blade.php
new file mode 100644
index 00000000..41e37457
--- /dev/null
+++ b/resources/views/components/attribute/usercertificate.blade.php
@@ -0,0 +1,25 @@
+<!-- $o=UserCertificate::class -->
+<x-attribute.layout :edit="$edit ?? FALSE" :new="$new ?? FALSE" :o="$o" langtag="binary">
+	@foreach($o->tagValuesOld('binary') as $key => $value)
+		@if($edit)
+			<input type="hidden" name="name={{ $o->name_lc }}[binary][]" value="{{ md5($value) }}">
+
+			<div class="input-group has-validation mb-3">
+				<textarea class="form-control mb-1 font-monospace" rows="{{ count(explode("\n",$x=$o->certificate())) }}" style="overflow:hidden" disabled>{{ $x }}</textarea>
+
+				<div class="invalid-feedback pb-2">
+					@if($e=$errors->get($o->name_lc.'.'.$langtag.'.'.$loop->index))
+						{{ join('|',$e) }}
+					@endif
+				</div>
+			</div>
+			<div class="input-helper">
+				@lang('Certificate Subject'): <strong>{{ $o->subject($loop->index) }}</strong><br/>
+				{{ ($expire=$o->expires($loop->index))->isPast() ? __('Expired') : __('Expires') }}: <strong>{{ $expire->format(config('pla.datetime_format','Y-m-d H:i:s')) }}</strong>
+			</div>
+
+		@else
+			<span class="form-control mb-1"><pre class="m-0">{{ $o->render_item_old('binary.'.$key) }}</pre></span>
+		@endif
+	@endforeach
+</x-attribute.layout>
\ No newline at end of file
diff --git a/resources/views/components/attribute/widget/options.blade.php b/resources/views/components/attribute/widget/options.blade.php
index 75065534..f33b42ba 100644
--- a/resources/views/components/attribute/widget/options.blade.php
+++ b/resources/views/components/attribute/widget/options.blade.php
@@ -1,16 +1,12 @@
 @use(App\Classes\LDAP\Attribute\Binary\JpegPhoto)
 @use(App\Classes\LDAP\Attribute\ObjectClass)
+@use(App\Classes\LDAP\Attribute\UserCertificate)
 @php($clone=FALSE)
 <span class="p-0 m-0">
 	@if($o->is_rdn)
 		<button class="btn btn-sm btn-outline-focus mt-3" disabled><i class="fas fa-fw fa-exchange"></i> @lang('Rename')</button>
 	@elseif($edit && $o->can_addvalues)
 		@switch(get_class($o))
-			@case(JpegPhoto::class)
-				<span @class(['btn','btn-sm','btn-outline-primary','mt-3','addable','d-none'=>(! $new)]) id="{{ $o->name_lc }}" disabled><i class="fas fa-fw fa-plus"></i> @lang('Upload JpegPhoto')</span>
-
-				@break
-
 			@case(ObjectClass::class)
 				<span type="button" @class(['btn','btn-sm','btn-outline-primary','mt-3','addable','d-none'=>(! $new)]) data-bs-toggle="modal" data-bs-target="#new_objectclass-modal"><i class="fas fa-fw fa-plus"></i> @lang('Add Objectclass')</span>
 
@@ -216,6 +212,36 @@
 				@append
 				@break
 
+			@case(JpegPhoto::class)
+				<span @class(['btn','btn-sm','btn-outline-primary','mt-3','addable','d-none'=>(! $new)]) id="{{ $o->name }}-upload" disabled><i class="fas fa-fw fa-file-arrow-up"></i> @lang('Upload JpegPhoto')</span>
+				@section('page-scripts')
+					<script type="text/javascript">
+							$(document).ready(function() {
+								$('#{{ $o->name }}-upload.addable').click(function(e) {
+									alert('Sorry, not implemented yet');
+									e.preventDefault();
+									return false;
+								});
+							});
+					</script>
+				@append
+				@break
+
+			@case(UserCertificate::class)
+				<span @class(['btn','btn-sm','btn-outline-primary','mt-3','addable','d-none'=>(! $new)]) id="{{ $o->name }}-replace" disabled><i class="fas fa-fw fa-certificate"></i> @lang('Replace Certificate')</span>
+				@section('page-scripts')
+					<script type="text/javascript">
+							$(document).ready(function() {
+								$('#{{ $o->name }}-replace.addable').click(function(e) {
+									alert('Sorry, not implemented yet');
+									e.preventDefault();
+									return false;
+								});
+							});
+					</script>
+				@append
+				@break
+
 			<!-- All other attributes -->
 			@default
 				@php($clone=TRUE)
diff --git a/resources/views/frames/dn.blade.php b/resources/views/frames/dn.blade.php
index 6cd68ba2..02cd7223 100644
--- a/resources/views/frames/dn.blade.php
+++ b/resources/views/frames/dn.blade.php
@@ -54,7 +54,7 @@
 
 	<div class="row">
 		<div class="col">
-			@if(($x=$o->getOtherTags())->count())
+			@if(($x=$o->getOtherTags()->filter(fn($item)=>$item->diff(['binary'])->count()))->count())
 				<div class="ms-4 mt-4 alert alert-danger p-2" style="max-width: 30em; font-size: 0.80em;">
 					This entry has [<strong>{!! $x->flatten()->join('</strong>, <strong>') !!}</strong>] tags used by [<strong>{!! $x->keys()->join('</strong>, <strong>') !!}</strong>] that cant be managed by PLA. You can though manage those tags with an LDIF import.
 				</div>