Add support for displaying user certificates, that are recorded in the directory with a ;binary tag. Closes #75

2025-04-07 14:34:27 +10:00
parent 29c460fd4b
commit c4d28c8a23
8 changed files with 122 additions and 11 deletions
--- a/app/Classes/LDAP/Attribute.php
+++ b/app/Classes/LDAP/Attribute.php
@@ -16,7 +16,6 @@ class Attribute implements \Countable, \ArrayAccess
 {
 	// Attribute Name
 	protected string $name;
-	private int $counter = 0;

 	// Is this attribute an internal attribute
 	protected(set) bool $is_internal = FALSE;
--- a/app/Classes/LDAP/Attribute/Factory.php
+++ b/app/Classes/LDAP/Attribute/Factory.php
@@ -52,6 +52,7 @@ class Factory
 		'supportedfeatures' => Schema\OID::class,
 		'supportedldapversion' => Schema\Generic::class,
 		'supportedsaslmechanisms' => Schema\Mechanisms::class,
+		'usercertificate' => UserCertificate::class,
 		'userpassword' => Password::class,
 	];

--- a/app/Classes/LDAP/Attribute/UserCertificate.php
+++ b/app/Classes/LDAP/Attribute/UserCertificate.php
@@ -0,0 +1,52 @@
+<?php
+
+namespace App\Classes\LDAP\Attribute;
+
+use Carbon\Carbon;
+use Illuminate\Support\Arr;
+
+use App\Classes\LDAP\Attribute;
+use App\Traits\MD5Updates;
+
+/**
+ * Represents an attribute whose values is a binary user certificate
+ */
+final class UserCertificate extends Attribute
+{
+	use MD5Updates;
+
+	private array $_object = [];
+
+	public function certificate(int $key=0): string
+	{
+		return sprintf("-----BEGIN CERTIFICATE-----\n%s\n-----END CERTIFICATE-----",
+			join("\n",str_split(base64_encode(Arr::get($this->values_old,'binary.'.$key)),80))
+		);
+	}
+
+	public function cert_info(string $index,int $key=0): mixed
+	{
+		if (! array_key_exists($key,$this->_object))
+			$this->_object[$key] = openssl_x509_parse(openssl_x509_read($this->certificate($key)));
+
+
+		return Arr::get($this->_object[$key],$index);
+	}
+
+	public function expires($key=0): Carbon
+	{
+		return Carbon::createFromTimestampUTC($this->cert_info('validTo_time_t',$key));
+	}
+
+	public function render_item_old(string $dotkey): ?string
+	{
+		return join("\n",str_split(base64_encode(parent::render_item_old($dotkey)),80));
+	}
+
+	public function subject($key=0): string
+	{
+		$subject = collect($this->cert_info('subject',$key))->reverse();
+
+		return $subject->map(fn($item,$key)=>sprintf("%s=%s",$key,$item))->join(',');
+	}
+}
--- a/app/Ldap/Entry.php
+++ b/app/Ldap/Entry.php
@@ -389,7 +389,6 @@ class Entry extends Model
 						fn($item)=>
 							(! preg_match(sprintf('/^%s$/',self::TAG_NOTAG),$item))
 							&& (! preg_match(sprintf('/^%s+$/',self::TAG_CHARS_LANG),$item))
-							&& (! preg_match('/^binary$/',$item))
 						)
 						->count())
 			)
@@ -428,9 +427,17 @@ class Entry extends Model
 	 */
 	public function getVisibleAttributes(?string $tag=NULL): Collection
 	{
-		return $this->objects
-			->filter(fn($item)=>! $item->is_internal)
-			->filter(fn($item)=>is_null($tag) || count($item->tagValues($tag)) > 0);
+		static $cache = NULL;
+
+		if (is_null($cache)) {
+			$ot = $this->getOtherTags();
+
+			$cache = $this->objects
+				->filter(fn($item)=>! $item->is_internal)
+				->filter(fn($item)=>is_null($tag) || $ot->has($item->name_lc) || count($item->tagValues($tag)) > 0);
+		}
+
+		return $cache;
 	}

 	public function hasAttribute(int|string $key): bool