ImposrtSourceHook: Select import targets using ipl/orm

yhabteab · yhabteab · commit 409c37414c00 · 2022-10-05T15:56:31.000+02:00
diff --git a/library/X509/ProvidedHook/HostsImportSource.php b/library/X509/ProvidedHook/HostsImportSource.php
@@ -5,37 +5,40 @@
 namespace Icinga\Module\X509\ProvidedHook;
 
 use Icinga\Module\X509\DbTool;
+use Icinga\Module\X509\Model\X509Target;
 use ipl\Sql;
+use ipl\Stdlib\Filter;
 
 class HostsImportSource extends X509ImportSource
 {
     public function fetchData()
     {
-        $targets = (new Sql\Select())
-            ->from('x509_target t')
+        $targets = X509Target::on($this->getDb())
+            ->utilize('chain')
+            ->utilize('chain.certificate');
+
+        $targets
             ->columns([
-                'host_ip'   => 't.ip',
-                'host_name' => 't.hostname'
+                'host_ip'   => 'ip',
+                'host_name' => 'hostname'
             ])
-            ->join('x509_certificate_chain cc', 'cc.id = t.latest_certificate_chain_id')
-            ->join('x509_certificate_chain_link ccl', 'ccl.certificate_chain_id = cc.id')
-            ->join('x509_certificate c', 'c.id = ccl.certificate_id')
-            ->where(['ccl.order = ?' => 0])
-            ->groupBy(['t.ip', 't.hostname']);
+            ->getSelectBase()
+            ->where(new Sql\Expression('x509_target_chain_x509_certificate_chain_link.order = 0'))
+            ->groupBy(['ip', 'hostname']);
 
-        if ($this->getDb()->getConfig()->db === 'pgsql') {
-            $targets->columns(['host_ports' => 'ARRAY_TO_STRING(ARRAY_AGG(DISTINCT t.port),  \',\')']);
+        if ($this->getDb() instanceof Sql\Adapter\Pgsql) {
+            $targets->withColumns([
+                'host_ports' => new Sql\Expression('ARRAY_TO_STRING(ARRAY_AGG(DISTINCT port),  \',\')')
+            ]);
         } else {
-            $targets->columns(['host_ports' => 'GROUP_CONCAT(DISTINCT t.port SEPARATOR ",")']);
+            $targets->withColumns([
+                'host_ports' => new Sql\Expression('GROUP_CONCAT(DISTINCT port SEPARATOR ",")')
+            ]);
         }
 
         $results = [];
         $foundDupes = [];
-        foreach ($this->getDb()->select($targets) as $target) {
-            if ($this->getDb()->getConfig()->db === 'pgsql') {
-                $target->host_ip = DbTool::unmarshalBinary($target->host_ip);
-            }
-
+        foreach ($targets as $target) {
             list($ipv4, $ipv6) = $this->transformIpAddress($target->host_ip);
             $target->host_ip = $ipv4 ?: $ipv6;
             $target->host_address = $ipv4;
@@ -56,7 +59,10 @@ public function fetchData()
                 $target->host_name_or_ip = $target->host_ip;
             }
 
-            $results[$target->host_name_or_ip] = $target;
+            $properties = iterator_to_array($target->getIterator());
+            unset($properties['certificate_chain']); // We don't need any relation properties anymore
+
+            $results[$target->host_name_or_ip] = (object) $properties;
         }
 
         return $results;
diff --git a/library/X509/ProvidedHook/ServicesImportSource.php b/library/X509/ProvidedHook/ServicesImportSource.php
@@ -4,64 +4,88 @@
 
 namespace Icinga\Module\X509\ProvidedHook;
 
-use Icinga\Module\X509\DbTool;
+use Icinga\Module\X509\Model\X509CrtSubjAltName;
+use Icinga\Module\X509\Model\X509Target;
 use ipl\Sql;
+use ipl\Stdlib\Filter;
 
 class ServicesImportSource extends X509ImportSource
 {
     public function fetchData()
     {
-        $targets = (new Sql\Select())
-            ->from('x509_target t')
+        $targets = X509Target::on($this->getDb())->with([
+            'chain',
+            'chain.certificate',
+            'chain.certificate.dn',
+            'chain.certificate.issuer',
+        ]);
+
+        $targets->getWith()['x509_target.chain.certificate.issuer']->setJoinTypE('LEFT');
+        $targets
             ->columns([
-                'host_ip'          => 't.ip',
-                'host_name'        => 't.hostname',
-                'host_port'        => 't.port',
-                'cert_subject'     => 'c.subject',
-                'cert_issuer'      => 'c.issuer',
-                'cert_self_signed' => 'COALESCE(ci.self_signed, c.self_signed)',
-                'cert_trusted'     => 'c.trusted',
-                'cert_valid_from'  => 'c.valid_from',
-                'cert_valid_to'    => 'c.valid_to'
+                'host_ip'          => 'ip',
+                'host_name'        => 'hostname',
+                'host_port'        => 'port',
+                'cert_subject'     => 'chain.certificate.subject',
+                'cert_issuer'      => 'chain.certificate.issuer',
+                'cert_trusted'     => 'chain.certificate.trusted',
+                'cert_valid_from'  => 'chain.certificate.valid_from',
+                'cert_valid_to'    => 'chain.certificate.valid_to',
+                'cert_self_signed' => new Sql\Expression('COALESCE(%s, %s)', [
+                    'chain.certificate.issuer.self_signed',
+                    'chain.certificate.self_signed'
+                ])
             ])
-            ->join('x509_certificate_chain cc', 'cc.id = t.latest_certificate_chain_id')
-            ->join('x509_certificate_chain_link ccl', 'ccl.certificate_chain_id = cc.id')
-            ->join('x509_certificate c', 'c.id = ccl.certificate_id')
-            ->joinLeft('x509_certificate ci', 'ci.subject_hash = c.issuer_hash')
-            ->joinLeft('x509_dn dn', 'dn.hash = c.subject_hash')
-            ->where(['ccl.order = ?' => 0])
-            ->groupBy(['t.ip', 't.hostname', 't.port']);
-
-        $certAltName = (new Sql\Select())
-            ->from('x509_certificate_subject_alt_name can')
-            ->where(['can.certificate_id = c.id'])
-            ->groupBy(['can.certificate_id']);
-
-        if ($this->getDb()->getConfig()->db === 'pgsql') {
-            $targets->columns([
-                'cert_fingerprint' => 'ENCODE(c.fingerprint, \'hex\')',
-                'cert_dn'          => 'ARRAY_TO_STRING(ARRAY_AGG(CONCAT(dn.key, \'=\', dn.value)), \',\')'
-            ])
-                ->groupBy(['c.id', 'ci.id']);
-
-            $certAltName->columns('ARRAY_TO_STRING(ARRAY_AGG(CONCAT(can.type, \':\', can.value)), \',\')');
+            ->getSelectBase()
+            ->where(new Sql\Expression('x509_target_chain_x509_certificate_chain_link.order = 0'))
+            ->groupBy(['ip, hostname, port']);
+
+        $certAltName = X509CrtSubjAltName::on($this->getDb());
+        $certAltName
+            ->getSelectBase()
+            ->where(new Sql\Expression('certificate_id = x509_target_chain_certificate.id'))
+            ->groupBy(['x509_certificate_subject_alt_name.certificate_id']);
+
+        if ($this->getDb() instanceof Sql\Adapter\Pgsql) {
+            $targets
+                ->withColumns([
+                    'cert_fingerprint' => new Sql\Expression('ENCODE(%s, \'hex\')', [
+                        'chain.link.certificate.fingerprint'
+                    ]),
+                    'cert_dn'          => new Sql\Expression(
+                        'ARRAY_TO_STRING(ARRAY_AGG(CONCAT(%s, \'=\', %s)), \',\')',
+                        [
+                            'chain.link.certificate.dn.key',
+                            'chain.link.certificate.dn.value'
+                        ]
+                    )
+                ])
+                ->getSelectBase()
+                ->groupBy(['x509_target_chain_link_certificate.id', 'x509_target_chain_link_certificate_issuer.id']);
+
+            $certAltName->columns([
+                'subj_alt_name' => new Sql\Expression('ARRAY_TO_STRING(ARRAY_AGG(CONCAT(type, \':\', value)), \',\')')
+            ]);
         } else {
-            $targets->columns([
-                'cert_fingerprint' => 'HEX(c.fingerprint)',
-                'cert_dn'          => 'GROUP_CONCAT(CONCAT(dn.key, \'=\', dn.value) SEPARATOR \',\')'
+            $targets->withColumns([
+                'cert_fingerprint' => new Sql\Expression('HEX(%s)', ['chain.certificate.fingerprint']),
+                'cert_dn'          => new Sql\Expression(
+                    'GROUP_CONCAT(CONCAT(%s, \'=\', %s) SEPARATOR \',\')',
+                    [
+                        'chain.certificate.dn.key',
+                        'chain.certificate.dn.value'
+                    ]
+                )
             ]);
 
-            $certAltName->columns('GROUP_CONCAT(CONCAT(can.type, \':\', can.value) SEPARATOR \',\')');
+            $certAltName->columns([new Sql\Expression('GROUP_CONCAT(CONCAT(type, \':\', value) SEPARATOR \',\')')]);
         }
 
-        $targets->columns(['cert_subject_alt_name' => $certAltName]);
+        list($select, $values) = $certAltName->dump();
+        $targets->withColumns(['cert_subject_alt_name' => new Sql\Expression("$select", null, ...$values)]);
 
         $results = [];
-        foreach ($this->getDb()->select($targets) as $target) {
-            if ($this->getDb()->getConfig()->db === 'pgsql') {
-                $target->host_ip = DbTool::unmarshalBinary($target->host_ip);
-            }
-
+        foreach ($targets as $target) {
             list($ipv4, $ipv6) = $this->transformIpAddress($target->host_ip);
             $target->host_ip = $ipv4 ?: $ipv6;
             $target->host_address = $ipv4;
@@ -74,7 +98,10 @@ public function fetchData()
                 $target->host_port
             );
 
-            $results[$target->host_name_ip_and_port] = $target;
+            $properties = iterator_to_array($target->getIterator());
+            unset($properties['chain']); // We don't need any relation properties anymore
+
+            $results[$target->host_name_ip_and_port] = (object) $properties;
         }
 
         return $results;
