diff --git a/application/controllers/ConfigController.php b/application/controllers/ConfigController.php index fe25e7ca3..e15ca2c8c 100644 --- a/application/controllers/ConfigController.php +++ b/application/controllers/ConfigController.php @@ -5,6 +5,7 @@ namespace Icinga\Controllers; use Exception; use Icinga\Application\Version; +use Icinga\File\Storage\LocalFileStorage; use InvalidArgumentException; use Icinga\Application\Config; use Icinga\Application\Icinga; @@ -52,6 +53,12 @@ class ConfigController extends Controller 'url' => 'config/userbackend', 'baseTarget' => '_main' )); + $tabs->add('tls', array( + 'title' => $this->translate('Configure TLS root CA certificate collections and TLS client identities'), + 'label' => $this->translate('TLS'), + 'url' => 'config/tls', + 'baseTarget' => '_main' + )); return $tabs; } @@ -188,6 +195,38 @@ class ConfigController extends Controller $this->render('userbackend/reorder'); } + /** + * Action for listing TLS root CA certificate collections and TLS client identities + */ + public function tlsAction() + { + $this->assertPermission('config/application/tlscert'); + + $this->createApplicationTabs()->activate('tls'); + + $rootCaCollections = array(); + foreach (new LocalFileStorage(Icinga::app()->getStorageDir('framework/tls/rootcacollections')) as $ca) { + $matches = array(); + if (preg_match('~\A([0-9a-f]{2}+)\.pem\z~i', $ca, $matches)) { + $rootCaCollections[hex2bin($matches[1])] = null; + } + } + + ksort($rootCaCollections); + $this->view->rootCaCollections = array_keys($rootCaCollections); + + $clientIdentities = array(); + foreach (new LocalFileStorage(Icinga::app()->getStorageDir('framework/tls/clientidentities')) as $client) { + $matches = array(); + if (preg_match('~\A([0-9a-f]{2}+)\.pem\z~i', $client, $matches)) { + $clientIdentities[hex2bin($matches[1])] = null; + } + } + + ksort($clientIdentities); + $this->view->clientIdentities = array_keys($clientIdentities); + } + /** * Create a new user backend */ diff --git a/application/views/scripts/config/tls.phtml b/application/views/scripts/config/tls.phtml new file mode 100644 index 000000000..3182e2654 --- /dev/null +++ b/application/views/scripts/config/tls.phtml @@ -0,0 +1,119 @@ + +
+ +
+
+

translate('TLS Root CA Certificate Collections') ?>

+ + qlink( + $this->translate('Create A New TLS Root CA Certificate Collection') , + 'tlsrootcacollection/create', + null, + array( + 'class' => 'button-link', + 'data-base-target' => '_next', + 'icon' => 'plus', + 'title' => $this->translate('Create a new TLS root CA certificate collection') + ) + ) ?> + + + + + + + + + + + + + + + + + +
translate('Certificate Collection Name') ?>
qlink( + $name, + 'tlsrootcacollection/edit', + array('name' => $name), + array( + 'title' => sprintf( + $this->translate('Edit TLS root CA certificate collection "%s"'), + $name + ) + ) + ) ?>qlink( + null, + 'tlsrootcacollection/remove', + array('name' => $name), + array( + 'class' => 'action-link', + 'icon' => 'cancel', + 'title' => sprintf( + $this->translate('Remove TLS root CA certificate collection "%s"'), + $name + ) + ) + ) ?>
+ + +

translate('TLS Client Identities') ?>

+ + qlink( + $this->translate('Create A New TLS Client Identity') , + 'tlsclientidentity/create', + null, + array( + 'class' => 'button-link', + 'data-base-target' => '_next', + 'icon' => 'plus', + 'title' => $this->translate('Create a new TLS client identity') + ) + ) ?> + + + + + + + + + + + + + + + + + +
translate('Client Identity Name') ?>
qlink( + $name, + 'tlsclientidentity/edit', + array('name' => $name), + array( + 'title' => sprintf( + $this->translate('Edit TLS client identity "%s"'), + $name + ) + ) + ) ?>qlink( + null, + 'tlsclientidentity/remove', + array('name' => $name), + array( + 'class' => 'action-link', + 'icon' => 'cancel', + 'title' => sprintf( + $this->translate('Remove TLS client identity "%s"'), + $name + ) + ) + ) ?>
+ +