This repository has been archived on 2024-04-08. You can view files and clone it, but cannot push or open issues or pull requests.
khosb/modules/ssl/classes/Model/Service/Plugin/Ssl.php
2018-06-13 21:40:08 +10:00

223 lines
5.5 KiB
PHP

<?php defined('SYSPATH') or die('No direct access allowed.');
/**
* This class supports Services
*
* @package SSL
* @category Models
* @author Deon George
* @copyright (c) 2009-2013 Open Source Billing
* @license http://dev.osbill.net/license.html
*/
class Model_Service_Plugin_Ssl extends Model_Service_Plugin {
protected $_table_name = 'service__ssl';
protected $_created_column = FALSE;
protected $_updated_column = FALSE;
// Relationships
protected $_belongs_to = array(
'service'=>array(),
);
protected $_has_one = array(
'ca'=>array('model'=>'SSL_CA','far_key'=>'ssl_ca_id','foreign_key'=>'id'),
);
protected $_display_filters = array(
'csr'=>array(
array('SSL::csrsubject',array(':value')),
),
'cert'=>array(
array('SSL::subject',array(':value')),
),
);
protected $_save_message = TRUE;
/** REQUIRED ABSTRACT METHODS **/
public function attributes($variable=NULL) {
return array(
'SSL DN'=>$this->namesub($variable),
'Valid From'=>$this->ca->valid_from(TRUE),
'Valid To'=>$this->ca->valid_to(TRUE),
);
}
public function expire($format=FALSE) {
return (! $this->_so) ? ($format ? 'Not Issued' : 0) : $this->_so->get_valid_to($format);
}
public function password() {} // Not used
public function username() {} // Not used
/** LOCAL METHODS **/
private $_so = NULL;
/**
* Resolve any queries to certificate details
*/
public function __call($name,$args) {
$m = 'get_'.$name;
if ($this->isCSR() AND method_exists($this,$m))
return $this->{$m}($args);
elseif (method_exists($this->_so,$m))
return $this->_so->{$m}($args);
else
throw new Kohana_Exception('Unknown method :method',array(':method'=>$name));
}
// We want to inject the SSL object into this Model
protected function _load_values(array $values) {
parent::_load_values($values);
if ($this->cert)
$this->_so = SSL::instance($this->cert);
return $this;
}
/**
* Is this just a CSR?
*/
public function isCSR() {
return ! $this->cert AND $this->csr;
}
/**
* Return all our CA Certs for this certificate
* @deprecated Use chain() instead.
*/
public function cacerts() {
$result = array();
$x = $this->ssl_ca_id;
while ($x) {
$sco = ORM::factory('SSL_CA',$x);
array_push($result,$sco->sign_cert);
$x = $sco->parent_ssl_ca_id;
}
return $result;
}
/**
* Return the Certificate Chain
*
* @return array Of SSL_CA Objects representing the Chain
*/
public function chain() {
$result = array();
// Get the first parent CA certificate
$po = $this->ca;
//echo Debug::vars([__METHOD__,'this'=>$this,'po'=>$po,'vp'=>$po->validParent()]);die();
$c = 0;
while ($po AND $po->loaded() AND $c++ < 5) {
array_push($result,$po);
$po = ($po->validParent() AND $po->id != $po->parent_ssl_ca_id) ? $po->parent : NULL;
}
return $result;
}
public function download_button() {
if (! $this->pk OR ! $this->service->active OR ! preg_match('/client/',$this->service->product->plugin()->extensions) OR $this->valid_to() < time())
return '';
$output = Form::open(URL::link('user','ssl/download'),array('class'=>'form-inline'));
$output .= Form::hidden('sid',$this->service->id);
$output .= '<div class="input-append">';
$output .= Form::password('passwd','',array('placeholder'=>_('Choose a password'),'required','nocg'=>TRUE,'pattern'=>'.{6,}','title'=>'Minimum 6 chars'));
$output .= Form::button('download','PKCS12',array('class'=>'btn btn-default','nocg'=>TRUE));
$output .= '</div>';
$output .= Form::close();
return $output;
}
public function get_dn() {
return SSL::csrsubject($this->csr);
}
public function get_valid_to() {
// @todo
return 'Unknown';
}
public function name($variable=NULL) {
return ($this->cert AND $this->ca->loaded()) ? sprintf('%s:%s',$this->ca->subject(),$this->display('cert')) : $this->display('csr');
}
public function namesub($variable=NULL) {
return $this->ca->dn();
}
/**
* Renew an SSL Certificate
*/
// @todo: Renew renews the expiry date as 1 day too early.
public function renew($force=FALSE) {
$ssl_conf = Kohana::$config->load('ssl');
if ($this->cert) {
$sslo = SSL::instance($this->cert);
// If our certificate is not old enough skip
if ($sslo->get_valid_to() > time()+$ssl_conf['min_renew_days']*86400 AND ! $force)
return FALSE;
} elseif (! $this->csr) {
throw new Kohana_Exception('Unable to renew, no CERT or CSR');
}
$today = mktime(0,0,0,date('n'),date('j'),date('Y'));
$days = (int)(($this->service->invoiced_to()-$today)/86400);
$res = openssl_csr_sign($this->csr,$this->ca->sign_cert,$this->ca->sign_pk,$days,array(
'config'=>$ssl_conf['config'],
'x509_extensions'=>$this->service->product->plugin()->extensions,
'digest_alg'=>$ssl_conf['digest'],
),time());
if ($res AND openssl_x509_export($res,$cert)) {
$this->cert = $cert;
$this->save();
return TRUE;
} else {
print_r(array(
'csr'=>$this->csr,
'ca'=>$this->ca->sign_cert,
'capk'=>$this->ca->sign_pk,
'days'=>$this->service->product->plugin()->days,
'ssl'=>$ssl_conf,
'x509e'=>$this->service->product->plugin()->extensions
));
throw new Kohana_Exception('Error Creating SSL Certificate :error',array(':error'=>openssl_error_string()));
}
}
public function validCA() {
return $this->ca->validParent();
}
// If we change the SSL certificate, we need to reload our SSL object
public function values(array $values, array $expected = NULL) {
parent::values($values,$expected);
if (array_key_exists('cert',$values))
$this->_so = SSL::instance($this->cert);
return $this;
}
}
?>