Add missing behavior docs & rename DistinguishedEncodingRules

yhabteab · yhabteab · commit b67a4c9535fc · 2022-12-09T15:28:17.000+01:00
diff --git a/application/clicommands/CheckCommand.php b/application/clicommands/CheckCommand.php
@@ -116,7 +116,7 @@ public function hostAction()
             $targets->filter(Filter::equal('hostname', $hostname));
         }
         if ($this->params->has('port')) {
-            $targets->filter(Filter::equal('port', (int) $this->params->get('port')));
+            $targets->filter(Filter::equal('port', $this->params->get('port')));
         }
 
         $allowSelfSigned = (bool) $this->params->get('allow-self-signed', false);
diff --git a/library/X509/Job.php b/library/X509/Job.php
@@ -455,7 +455,7 @@ protected function processChain($target, $chain)
                 );
                 $targetId = $this->db->lastInsertId();
             } else {
-                $targetId = (int) $row->id;
+                $targetId = $row->id;
             }
 
             $chainUptodate = false;
@@ -474,7 +474,7 @@ protected function processChain($target, $chain)
                     ->getSelectBase()
                     ->where(new Expression(
                         'certificate_link.certificate_chain_id = %d',
-                        [(int) $lastChain->id]
+                        [$lastChain->id]
                     ))
                     ->orderBy('certificate_link.order');
 
@@ -523,13 +523,16 @@ protected function processChain($target, $chain)
                     $lastCertInfo[] = $index;
                 }
 
-                $rootCa = X509Certificate::on($this->db);
-                $rootCa
+                // There might be chains that do not include the self-signed top-level Ca,
+                // so we need to include it manually here, as we need to display the full
+                // chain in the UI.
+                $rootCa = X509Certificate::on($this->db)
                     ->columns(['id'])
-                    ->filter(Filter::equal('issuer_hash', $lastCertInfo[1]))
-                    ->filter(Filter::equal('trusted', true));
+                    ->filter(Filter::equal('subject_hash', $lastCertInfo[1]))
+                    ->filter(Filter::equal('self_signed', true))
+                    ->first();
 
-                if (($rootCa = $rootCa->first()) && $rootCa->id !== $lastCertInfo[0]) {
+                if ($rootCa && $rootCa->id !== $lastCertInfo[0]) {
                     $this->db->update(
                         'x509_certificate_chain',
                         ['length' => count($chain) + 1],
diff --git a/library/X509/Model/Behavior/DERBase64.php b/library/X509/Model/Behavior/DERBase64.php
@@ -4,7 +4,10 @@
 
 use ipl\Orm\Contract\PropertyBehavior;
 
-class DistinguishedEncodingRules extends PropertyBehavior
+/**
+ * Support automatically transformation of DER-encoded certificates to PEM and vice versa.
+ */
+class DERBase64 extends PropertyBehavior
 {
     public function fromDb($value, $key, $_)
     {
diff --git a/library/X509/Model/Behavior/ExpressionInjector.php b/library/X509/Model/Behavior/ExpressionInjector.php
@@ -7,6 +7,10 @@
 use ipl\Orm\Query;
 use ipl\Stdlib\Filter;
 
+/**
+ * Support expression columns (which don't really exist in the database, but rather
+ * resulted e.g. from a `case..when` expression), being used as filter columns
+ */
 class ExpressionInjector implements RewriteFilterBehavior, QueryAwareBehavior
 {
     /** @var array */
diff --git a/library/X509/Model/Behavior/Ip.php b/library/X509/Model/Behavior/Ip.php
@@ -4,6 +4,10 @@
 
 use ipl\Orm\Contract\PropertyBehavior;
 
+/**
+ * Support automatically transformation of human-readable IP addresses into their respective packed
+ * binary representation and vice versa.
+ */
 class Ip extends PropertyBehavior
 {
     public function fromDb($value, $key, $_)
diff --git a/library/X509/Model/X509Certificate.php b/library/X509/Model/X509Certificate.php
@@ -2,7 +2,7 @@
 
 namespace Icinga\Module\X509\Model;
 
-use Icinga\Module\X509\Model\Behavior\DistinguishedEncodingRules;
+use Icinga\Module\X509\Model\Behavior\DERBase64;
 use Icinga\Module\X509\Model\Behavior\ExpressionInjector;
 use ipl\Orm\Behavior\Binary;
 use ipl\Orm\Behavior\BoolCast;
@@ -120,7 +120,7 @@ public function createBehaviors(Behaviors $behaviors)
             'certificate'
         ]));
 
-        $behaviors->add(new DistinguishedEncodingRules(['certificate']));
+        $behaviors->add(new DERBase64(['certificate']));
 
         $behaviors->add(new BoolCast([
             'ca',

Original file line number	Diff line number	Diff line change
`@@ -116,7 +116,7 @@ public function hostAction()`
`116`	`116`	`$targets->filter(Filter::equal('hostname', $hostname));`
`117`	`117`	`}`
`118`	`118`	`if ($this->params->has('port')) {`
`119`		`- $targets->filter(Filter::equal('port', (int) $this->params->get('port')));`
	`119`	`+ $targets->filter(Filter::equal('port', $this->params->get('port')));`
`120`	`120`	`}`
`121`	`121`
`122`	`122`	`$allowSelfSigned = (bool) $this->params->get('allow-self-signed', false);`
Original file line number	Diff line number	Diff line change
`@@ -4,7 +4,10 @@`
`4`	`4`
`5`	`5`	`use ipl\Orm\Contract\PropertyBehavior;`
`6`	`6`
`7`		`-class DistinguishedEncodingRules extends PropertyBehavior`
	`7`	`+/**`
	`8`	`+ * Support automatically transformation of DER-encoded certificates to PEM and vice versa.`
	`9`	`+ */`
	`10`	`+class DERBase64 extends PropertyBehavior`
`8`	`11`	`{`
`9`	`12`	`public function fromDb($value, $key, $_)`
`10`	`13`	`{`
Original file line number	Diff line number	Diff line change
`@@ -4,6 +4,10 @@`
`4`	`4`
`5`	`5`	`use ipl\Orm\Contract\PropertyBehavior;`
`6`	`6`
	`7`	`+/**`
	`8`	`+ * Support automatically transformation of human-readable IP addresses into their respective packed`
	`9`	`+ * binary representation and vice versa.`
	`10`	`+ */`
`7`	`11`	`class Ip extends PropertyBehavior`
`8`	`12`	`{`
`9`	`13`	`public function fromDb($value, $key, $_)`