Add missing behavior docs & rename DistinguishedEncodingRules

Icinga · Dec 12, 2022 · ee16c18 · ee16c18
1 parent 9c2a33d
commit ee16c18
Show file tree

Hide file tree

Showing 7 changed files with 26 additions and 12 deletions.
diff --git a/application/clicommands/CheckCommand.php b/application/clicommands/CheckCommand.php
@@ -116,7 +116,7 @@ public function hostAction()
             $targets->filter(Filter::equal('hostname', $hostname));
         }
         if ($this->params->has('port')) {
-            $targets->filter(Filter::equal('port', (int) $this->params->get('port')));
+            $targets->filter(Filter::equal('port', $this->params->get('port')));
         }
 
         $allowSelfSigned = (bool) $this->params->get('allow-self-signed', false);

diff --git a/library/X509/Job.php b/library/X509/Job.php
@@ -455,7 +455,7 @@ protected function processChain($target, $chain)
                 );
                 $targetId = $this->db->lastInsertId();
             } else {
-                $targetId = (int) $row->id;
+                $targetId = $row->id;
             }
 
             $chainUptodate = false;
@@ -474,7 +474,7 @@ protected function processChain($target, $chain)
                     ->getSelectBase()
                     ->where(new Expression(
                         'certificate_link.certificate_chain_id = %d',
-                        [(int) $lastChain->id]
+                        [$lastChain->id]
                     ))
                     ->orderBy('certificate_link.order');
 
@@ -523,13 +523,16 @@ protected function processChain($target, $chain)
                     $lastCertInfo[] = $index;
                 }
 
-                $rootCa = X509Certificate::on($this->db);
-                $rootCa
+                // There might be chains that do not include the self-signed top-level Ca,
+                // so we need to include it manually here, as we need to display the full
+                // chain in the UI.
+                $rootCa = X509Certificate::on($this->db)
                     ->columns(['id'])
-                    ->filter(Filter::equal('issuer_hash', $lastCertInfo[1]))
-                    ->filter(Filter::equal('trusted', true));
+                    ->filter(Filter::equal('subject_hash', $lastCertInfo[1]))
+                    ->filter(Filter::equal('self_signed', true))
+                    ->first();
 
-                if (($rootCa = $rootCa->first()) && $rootCa->id !== $lastCertInfo[0]) {
+                if ($rootCa && $rootCa->id !== $lastCertInfo[0]) {
                     $this->db->update(
                         'x509_certificate_chain',
                         ['length' => count($chain) + 1],

diff --git a/...l/Behavior/DistinguishedEncodingRules.php → library/X509/Model/Behavior/DERBase64.php b/...l/Behavior/DistinguishedEncodingRules.php → library/X509/Model/Behavior/DERBase64.php
@@ -4,7 +4,10 @@
 
 use ipl\Orm\Contract\PropertyBehavior;
 
-class DistinguishedEncodingRules extends PropertyBehavior
+/**
+ * Support automatically transformation of DER-encoded certificates to PEM and vice versa.
+ */
+class DERBase64 extends PropertyBehavior
 {
     public function fromDb($value, $key, $_)
     {

diff --git a/library/X509/Model/Behavior/ExpressionInjector.php b/library/X509/Model/Behavior/ExpressionInjector.php
@@ -7,6 +7,10 @@
 use ipl\Orm\Query;
 use ipl\Stdlib\Filter;
 
+/**
+ * Support expression columns (which don't really exist in the database, but rather
+ * resulted e.g. from a `case..when` expression), being used as filter columns
+ */
 class ExpressionInjector implements RewriteFilterBehavior, QueryAwareBehavior
 {
     /** @var array */

diff --git a/library/X509/Model/Behavior/Ip.php b/library/X509/Model/Behavior/Ip.php
@@ -4,6 +4,10 @@
 
 use ipl\Orm\Contract\PropertyBehavior;
 
+/**
+ * Support automatically transformation of human-readable IP addresses into their respective packed
+ * binary representation and vice versa.
+ */
 class Ip extends PropertyBehavior
 {
     public function fromDb($value, $key, $_)

diff --git a/library/X509/Model/X509Certificate.php b/library/X509/Model/X509Certificate.php
@@ -2,7 +2,7 @@
 
 namespace Icinga\Module\X509\Model;
 
-use Icinga\Module\X509\Model\Behavior\DistinguishedEncodingRules;
+use Icinga\Module\X509\Model\Behavior\DERBase64;
 use Icinga\Module\X509\Model\Behavior\ExpressionInjector;
 use ipl\Orm\Behavior\Binary;
 use ipl\Orm\Behavior\BoolCast;
@@ -120,7 +120,7 @@ public function createBehaviors(Behaviors $behaviors)
             'certificate'
         ]));
 
-        $behaviors->add(new DistinguishedEncodingRules(['certificate']));
+        $behaviors->add(new DERBase64(['certificate']));
 
         $behaviors->add(new BoolCast([
             'ca',

diff --git a/library/X509/Web/Control/SearchBar/ObjectSuggestions.php b/library/X509/Web/Control/SearchBar/ObjectSuggestions.php
@@ -132,7 +132,7 @@ protected function fetchValueSuggestions($column, $searchTerm, Filter\Chain $sea
                 $value = $model->$columnName;
                 if ($value && is_string($value) && ! ctype_print($value)) { // Is binary
                     $value = sprintf('\\x%s', bin2hex($value));
-                } elseif (is_bool(null)) {
+                } elseif ($value === false || $value === true) {
                     // TODO: The search bar is never going to suggest boolean types, so this
                     //  is a hack to workaround this limitation!!
                     $value = $value ? 'y' : 'n';