2013-10-10 13:44:53 +11:00
|
|
|
<?php defined('SYSPATH') or die('No direct access allowed.');
|
|
|
|
|
|
|
|
/**
|
|
|
|
* This class supports SSL
|
|
|
|
*
|
|
|
|
* @package SSL
|
|
|
|
* @category Models
|
|
|
|
* @author Deon George
|
|
|
|
* @copyright (c) 2009-2013 Open Source Billing
|
|
|
|
* @license http://dev.osbill.net/license.html
|
|
|
|
*/
|
|
|
|
class Model_SSL_CA extends ORM_OSB {
|
|
|
|
protected $_updated_column = FALSE;
|
|
|
|
|
|
|
|
// Relationships
|
2013-11-08 22:02:32 +11:00
|
|
|
protected $_belongs_to = array(
|
|
|
|
'parent'=>array('model'=>'ssl_ca','foreign_key'=>'parent_ssl_ca_id'),
|
|
|
|
);
|
2013-10-10 13:44:53 +11:00
|
|
|
protected $_has_many = array(
|
2013-11-08 22:02:32 +11:00
|
|
|
'children'=>array('model'=>'ssl_ca','far_key'=>'id','foreign_key'=>'parent_ssl_ca_id'),
|
2013-10-10 13:44:53 +11:00
|
|
|
'service'=>array('through'=>'service__ssl'),
|
|
|
|
);
|
|
|
|
|
|
|
|
protected $_display_filters = array(
|
|
|
|
'sign_cert'=>array(
|
|
|
|
array('SSL::subject',array(':value')),
|
|
|
|
),
|
|
|
|
);
|
|
|
|
|
2013-11-08 22:02:32 +11:00
|
|
|
public function filters() {
|
|
|
|
return array(
|
|
|
|
'parent_ssl_ca_id'=>array(
|
|
|
|
array(array($this,'filter_getParent')),
|
|
|
|
)
|
|
|
|
);
|
|
|
|
}
|
|
|
|
|
2013-10-10 13:44:53 +11:00
|
|
|
public function rules() {
|
2013-12-02 15:16:28 +11:00
|
|
|
return Arr::merge(parent::rules(),array(
|
2013-10-10 13:44:53 +11:00
|
|
|
'sign_cert'=>array(
|
2013-12-02 15:16:28 +11:00
|
|
|
array('not_empty'),
|
2013-10-10 13:44:53 +11:00
|
|
|
array(array($this,'isCert')),
|
|
|
|
array(array($this,'isCA')),
|
|
|
|
),
|
|
|
|
'parent_ssl_ca_id'=>array(
|
2013-11-08 22:02:32 +11:00
|
|
|
array(array($this,'rule_parentExist')),
|
2013-10-10 13:44:53 +11:00
|
|
|
),
|
2013-12-02 15:16:28 +11:00
|
|
|
));
|
2013-10-10 13:44:53 +11:00
|
|
|
}
|
|
|
|
|
|
|
|
private $_so = NULL;
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Resolve any queries to certificate details
|
|
|
|
*/
|
|
|
|
public function __call($name,$args) {
|
|
|
|
$m = 'get_'.$name;
|
|
|
|
|
2013-11-08 22:02:32 +11:00
|
|
|
if (is_null($this->_so))
|
|
|
|
return NULL;
|
|
|
|
|
2013-10-10 13:44:53 +11:00
|
|
|
if (method_exists($this->_so,$m))
|
|
|
|
return $this->_so->{$m}($args);
|
|
|
|
else
|
2013-11-08 22:02:32 +11:00
|
|
|
throw new Kohana_Exception('Unknown method :method for :class',array(':method'=>$m,':class'=>get_class($this->_so)));
|
2013-10-10 13:44:53 +11:00
|
|
|
}
|
|
|
|
|
|
|
|
// We want to inject the SSL object into this Model
|
|
|
|
protected function _load_values(array $values) {
|
|
|
|
parent::_load_values($values);
|
|
|
|
|
|
|
|
if ($this->sign_cert)
|
|
|
|
$this->_so = SSL::instance($this->sign_cert);
|
|
|
|
|
|
|
|
return $this;
|
|
|
|
}
|
|
|
|
|
2013-11-08 22:02:32 +11:00
|
|
|
/**
|
|
|
|
* List the child CA certs
|
|
|
|
*/
|
|
|
|
public function childca($children=FALSE) {
|
|
|
|
$result = 0;
|
|
|
|
|
|
|
|
if ($children)
|
|
|
|
foreach ($this->list_childca() as $cao)
|
|
|
|
$result += $cao->childca($children);
|
|
|
|
|
|
|
|
return $result+$this->list_childca()->count();
|
|
|
|
}
|
|
|
|
|
|
|
|
public function childcrt($children=FALSE) {
|
|
|
|
$result = 0;
|
|
|
|
|
|
|
|
if ($children)
|
|
|
|
foreach ($this->list_childca() as $cao)
|
|
|
|
$result += $cao->childcrt($children);
|
|
|
|
|
|
|
|
return $result+$this->list_childcrt()->count();
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Make sure we have our parent in the DB too
|
|
|
|
*/
|
|
|
|
public function validParent($format=FALSE) {
|
|
|
|
$result = NULL;
|
|
|
|
|
|
|
|
// If we are a root cert, we are valid
|
|
|
|
if (is_null($this->parent_ssl_ca_id) AND $this->isRoot())
|
|
|
|
return StaticList_YesNo::get(TRUE,$format);
|
|
|
|
|
|
|
|
return StaticList_YesNo::get($this->aki_keyid() == $this->parent->ski(),$format);
|
|
|
|
}
|
|
|
|
|
2013-10-10 13:44:53 +11:00
|
|
|
// If we change the SSL certificate, we need to reload our SSL object
|
|
|
|
public function values(array $values, array $expected = NULL) {
|
|
|
|
parent::values($values,$expected);
|
|
|
|
|
|
|
|
if (array_key_exists('sign_cert',$values))
|
|
|
|
$this->_so = SSL::instance($this->sign_cert);
|
|
|
|
|
|
|
|
return $this;
|
|
|
|
}
|
|
|
|
|
2013-12-02 15:16:28 +11:00
|
|
|
/**
|
|
|
|
* Filter to find the parent SSL_CA
|
|
|
|
*
|
|
|
|
* @notes This filter only runs when the value passed is -1
|
|
|
|
*/
|
2013-11-08 22:02:32 +11:00
|
|
|
public function filter_getParent() {
|
2013-12-02 15:16:28 +11:00
|
|
|
// This cannot be an array
|
|
|
|
if (count(func_get_args()) != 1)
|
|
|
|
return NULL;
|
|
|
|
|
|
|
|
$x = func_get_args();
|
|
|
|
$x = array_pop($x);
|
|
|
|
|
|
|
|
// This filter only runs when our value is -1
|
|
|
|
if ($x != -1)
|
|
|
|
return $x;
|
|
|
|
|
|
|
|
foreach (ORM::factory($this->_object_name)->find_all() as $sco) {
|
|
|
|
if ($sco->ski() == $this->aki_keyid())
|
2013-10-10 13:44:53 +11:00
|
|
|
return $sco->id;
|
2013-12-02 15:16:28 +11:00
|
|
|
}
|
|
|
|
|
|
|
|
// If we got here, we couldnt find it
|
|
|
|
return $this->isRoot() ? NULL : $x;
|
2013-10-10 13:44:53 +11:00
|
|
|
}
|
|
|
|
|
2013-11-08 22:02:32 +11:00
|
|
|
public function list_childca() {
|
2014-08-26 16:22:31 +10:00
|
|
|
return $this->children->where_active()->find_all();
|
2013-11-08 22:02:32 +11:00
|
|
|
}
|
|
|
|
|
|
|
|
public function list_childcrt() {
|
|
|
|
return $this->service->where_active()->find_all();
|
2013-10-10 13:44:53 +11:00
|
|
|
}
|
|
|
|
|
2013-11-08 22:02:32 +11:00
|
|
|
public function rule_parentExist() {
|
|
|
|
// Our parent_ssl_ca_id should have been populated by filter_GetParent().
|
2013-12-02 15:16:28 +11:00
|
|
|
return ($this->parent_ssl_ca_id > 0) OR $this->isRoot();
|
2013-10-10 13:44:53 +11:00
|
|
|
}
|
|
|
|
}
|
|
|
|
?>
|