array(), ); protected $_has_one = array( 'ca'=>array('model'=>'SSL_CA','far_key'=>'ssl_ca_id','foreign_key'=>'id'), ); protected $_display_filters = array( 'csr'=>array( array('SSL::csrsubject',array(':value')), ), 'cert'=>array( array('SSL::subject',array(':value')), ), ); protected $_save_message = TRUE; /** REQUIRED ABSTRACT METHODS **/ public function attributes($variable=NULL) { return array( 'SSL DN'=>$this->namesub($variable), 'Valid From'=>$this->ca->valid_from(TRUE), 'Valid To'=>$this->ca->valid_to(TRUE), ); } public function expire($format=FALSE) { return (! $this->_so) ? ($format ? 'Not Issued' : 0) : $this->_so->get_valid_to($format); } public function password() {} // Not used public function username() {} // Not used /** LOCAL METHODS **/ private $_so = NULL; /** * Resolve any queries to certificate details */ public function __call($name,$args) { $m = 'get_'.$name; if ($this->isCSR() AND method_exists($this,$m)) return $this->{$m}($args); elseif (method_exists($this->_so,$m)) return $this->_so->{$m}($args); else throw new Kohana_Exception('Unknown method :method',array(':method'=>$name)); } // We want to inject the SSL object into this Model protected function _load_values(array $values) { parent::_load_values($values); if ($this->cert) $this->_so = SSL::instance($this->cert); return $this; } /** * Is this just a CSR? */ public function isCSR() { return ! $this->cert AND $this->csr; } /** * Return all our CA Certs for this certificate * @deprecated Use chain() instead. */ public function cacerts() { $result = array(); $x = $this->ssl_ca_id; while ($x) { $sco = ORM::factory('SSL_CA',$x); array_push($result,$sco->sign_cert); $x = $sco->parent_ssl_ca_id; } return $result; } /** * Return the Certificate Chain * * @return array Of SSL_CA Objects representing the Chain */ public function chain() { $result = array(); // Get the first parent CA certificate $po = $this->ca; //echo Debug::vars([__METHOD__,'this'=>$this,'po'=>$po,'vp'=>$po->validParent()]);die(); $c = 0; while ($po AND $po->loaded() AND $c++ < 5) { array_push($result,$po); $po = ($po->validParent() AND $po->id != $po->parent_ssl_ca_id) ? $po->parent : NULL; } return $result; } public function download_button() { if (! $this->pk OR ! $this->service->active OR ! preg_match('/client/',$this->service->product->plugin()->extensions) OR $this->valid_to() < time()) return ''; $output = Form::open(URL::link('user','ssl/download'),array('class'=>'form-inline')); $output .= Form::hidden('sid',$this->service->id); $output .= '

'; $output .= Form::password('passwd','',array('placeholder'=>_('Choose a password'),'required','nocg'=>TRUE,'pattern'=>'.{6,}','title'=>'Minimum 6 chars')); $output .= Form::button('download','PKCS12',array('class'=>'btn btn-default','nocg'=>TRUE)); $output .= '

'; $output .= Form::close(); return $output; } public function get_dn() { return SSL::csrsubject($this->csr); } public function get_valid_to() { // @todo return 'Unknown'; } public function name($variable=NULL) { return ($this->cert AND $this->ca->loaded()) ? sprintf('%s:%s',$this->ca->subject(),$this->display('cert')) : $this->display('csr'); } public function namesub($variable=NULL) { return $this->ca->dn(); } /** * Renew an SSL Certificate */ // @todo: Renew renews the expiry date as 1 day too early. public function renew($force=FALSE) { $ssl_conf = Kohana::$config->load('ssl'); if ($this->cert) { $sslo = SSL::instance($this->cert); // If our certificate is not old enough skip if ($sslo->get_valid_to() > time()+$ssl_conf['min_renew_days']*86400 AND ! $force) return FALSE; } elseif (! $this->csr) { throw new Kohana_Exception('Unable to renew, no CERT or CSR'); } $today = mktime(0,0,0,date('n'),date('j'),date('Y')); $days = (int)(($this->service->invoiced_to()-$today)/86400); $res = openssl_csr_sign($this->csr,$this->ca->sign_cert,$this->ca->sign_pk,$days,array( 'config'=>$ssl_conf['config'], 'x509_extensions'=>$this->service->product->plugin()->extensions, 'digest_alg'=>$ssl_conf['digest'], ),time()); if ($res AND openssl_x509_export($res,$cert)) { $this->cert = $cert; $this->save(); return TRUE; } else { print_r(array( 'csr'=>$this->csr, 'ca'=>$this->ca->sign_cert, 'capk'=>$this->ca->sign_pk, 'days'=>$this->service->product->plugin()->days, 'ssl'=>$ssl_conf, 'x509e'=>$this->service->product->plugin()->extensions )); throw new Kohana_Exception('Error Creating SSL Certificate :error',array(':error'=>openssl_error_string())); } } public function validCA() { return $this->ca->validParent(); } // If we change the SSL certificate, we need to reload our SSL object public function values(array $values, array $expected = NULL) { parent::values($values,$expected); if (array_key_exists('cert',$values)) $this->_so = SSL::instance($this->cert); return $this; } } ?>