tyler.durden/icingaweb2
1
0
Fork 0
mirror of https://github.com/Icinga/icingaweb2.git synced 2025-09-23 18:07:42 +02:00
Code Issues Packages Projects Releases Wiki Activity

Implement hook for TLS root CA certificate collections locking

Browse Source 
refs #3016
This commit is contained in:
Alexander A. Klimov 2017-11-22 14:16:08 +01:00
parent 64b51ade16
commit 95aef5cb15
3 changed files with 95 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
application/controllers/TlsrootcacollectionController.php
View File

@ -4,6 +4,7 @@
namespace Icinga\Controllers;
use Exception;
use Icinga\Application\Hook;
use Icinga\Application\Icinga;
use Icinga\File\Storage\LocalFileStorage;
use Icinga\Forms\Config\Tls\RootCaCollection\AddCaForm;
@ -106,6 +107,17 @@ class TlsrootcacollectionController extends Controller
$this->view->form = $form = new ConfirmRemovalForm();
$form->setOnSuccess(function (ConfirmRemovalForm $form) use ($name, $fileName, $rootCaCollections) {
foreach (Hook::all('TlsRootCACertificateCollection') as $hook) {
/** @var Hook\TlsRootCACertificateCollectionHook $hook */
try {
$hook->beforeRemove($name);
} catch (Exception $e) {
$form->error($e->getMessage());
return false;
}
}
try {
$rootCaCollections->delete($fileName);
} catch (Exception $e) {

31
application/forms/Config/Tls/RootCaCollection/EditForm.php
View File

@ -4,6 +4,7 @@
namespace Icinga\Forms\Config\Tls\RootCaCollection;
use Exception;
use Icinga\Application\Hook;
use Icinga\File\Storage\LocalFileStorage;
use Icinga\Web\Form;
@ -54,6 +55,29 @@ class EditForm extends Form
$name = $this->getElement('name')->getValue();
if ($name !== $this->oldName) {
/** @var Hook\TlsRootCACertificateCollectionHook[] $succeededCascades */
$succeededCascades = array();
foreach (Hook::all('TlsRootCACertificateCollection') as $hook) {
/** @var Hook\TlsRootCACertificateCollectionHook $hook */
try {
$hook->beforeRename($this->oldName, $name);
} catch (Exception $e) {
foreach ($succeededCascades as $succeededCascade) {
try {
$succeededCascade->beforeRename($name, $this->oldName);
} catch (Exception $_) {
}
}
$this->error($e->getMessage());
return false;
}
$succeededCascades[] = $hook;
}
try {
$rootCaCollections = LocalFileStorage::common('tls/rootcacollections');
$oldFileName = bin2hex($this->oldName) . '.pem';
@ -61,6 +85,13 @@ class EditForm extends Form
$rootCaCollections->create(bin2hex($name) . '.pem', $rootCaCollections->read($oldFileName));
$rootCaCollections->delete($oldFileName);
} catch (Exception $e) {
foreach ($succeededCascades as $succeededCascade) {
try {
$succeededCascade->beforeRename($name, $this->oldName);
} catch (Exception $_) {
}
}
$this->error($e->getMessage());
return false;
}

52
library/Icinga/Application/Hook/TlsRootCACertificateCollectionHook.php Normal file
View File

@ -0,0 +1,52 @@
<?php
/* Icinga Web 2 | (c) 2017 Icinga Development Team | GPLv2+ */
namespace Icinga\Application\Hook;
/**
* TLS root CA certificate collection hook base class
*
* Extend this class if you want to prevent TLS root CA certificate collections used by your module from being removed.
*/
abstract class TlsRootCACertificateCollectionHook
{
/**
* Constructor
*/
final public function __construct()
{
$this->init();
}
/**
* Overwrite this function if you want to do some initialization stuff
*
* @return void
*/
protected function init()
{
}
/**
* Called before the given root CA certificate collection is removed
*
* If an exception is thrown, the removal fails.
*
* @param string $collectionName
*
* @throws \Exception
*/
abstract public function beforeRemove($collectionName);
/**
* Called before a root CA certificate collection is renamed as given
*
* If an exception is thrown, the renaming fails.
*
* @param string $oldCollectionName
* @param string $newCollectionName
*
* @throws \Exception
*/
abstract public function beforeRename($oldCollectionName, $newCollectionName);
}