From 9adb516515c54717833f157e0d77008184aea275 Mon Sep 17 00:00:00 2001
From: "Alexander A. Klimov" <alexander.klimov@icinga.com>
Date: Fri, 17 Nov 2017 12:23:42 +0100
Subject: [PATCH] Implement config/tls

refs #3016
---
 application/controllers/ConfigController.php |  39 ++++++
 application/views/scripts/config/tls.phtml   | 119 +++++++++++++++++++
 2 files changed, 158 insertions(+)
 create mode 100644 application/views/scripts/config/tls.phtml

diff --git a/application/controllers/ConfigController.php b/application/controllers/ConfigController.php
index fe25e7ca3..e15ca2c8c 100644
--- a/application/controllers/ConfigController.php
+++ b/application/controllers/ConfigController.php
@@ -5,6 +5,7 @@ namespace Icinga\Controllers;
 
 use Exception;
 use Icinga\Application\Version;
+use Icinga\File\Storage\LocalFileStorage;
 use InvalidArgumentException;
 use Icinga\Application\Config;
 use Icinga\Application\Icinga;
@@ -52,6 +53,12 @@ class ConfigController extends Controller
             'url'   => 'config/userbackend',
             'baseTarget' => '_main'
         ));
+        $tabs->add('tls', array(
+            'title' => $this->translate('Configure TLS root CA certificate collections and TLS client identities'),
+            'label' => $this->translate('TLS'),
+            'url'   => 'config/tls',
+            'baseTarget' => '_main'
+        ));
         return $tabs;
     }
 
@@ -188,6 +195,38 @@ class ConfigController extends Controller
         $this->render('userbackend/reorder');
     }
 
+    /**
+     * Action for listing TLS root CA certificate collections and TLS client identities
+     */
+    public function tlsAction()
+    {
+        $this->assertPermission('config/application/tlscert');
+
+        $this->createApplicationTabs()->activate('tls');
+
+        $rootCaCollections = array();
+        foreach (new LocalFileStorage(Icinga::app()->getStorageDir('framework/tls/rootcacollections')) as $ca) {
+            $matches = array();
+            if (preg_match('~\A([0-9a-f]{2}+)\.pem\z~i', $ca, $matches)) {
+                $rootCaCollections[hex2bin($matches[1])] = null;
+            }
+        }
+
+        ksort($rootCaCollections);
+        $this->view->rootCaCollections = array_keys($rootCaCollections);
+
+        $clientIdentities = array();
+        foreach (new LocalFileStorage(Icinga::app()->getStorageDir('framework/tls/clientidentities')) as $client) {
+            $matches = array();
+            if (preg_match('~\A([0-9a-f]{2}+)\.pem\z~i', $client, $matches)) {
+                $clientIdentities[hex2bin($matches[1])] = null;
+            }
+        }
+
+        ksort($clientIdentities);
+        $this->view->clientIdentities = array_keys($clientIdentities);
+    }
+
     /**
      * Create a new user backend
      */
diff --git a/application/views/scripts/config/tls.phtml b/application/views/scripts/config/tls.phtml
new file mode 100644
index 000000000..3182e2654
--- /dev/null
+++ b/application/views/scripts/config/tls.phtml
@@ -0,0 +1,119 @@
+<?php
+/** @var \Icinga\Web\Widget\Tabs $tabs */
+/** @var string[] $rootCaCollections */
+/** @var string[] $clientIdentities */
+?>
+<div class="controls">
+    <?= $tabs ?>
+</div>
+<div class="content">
+    <h1><?= $this->translate('TLS Root CA Certificate Collections') ?></h1>
+
+    <?= $this->qlink(
+        $this->translate('Create A New TLS Root CA Certificate Collection') ,
+        'tlsrootcacollection/create',
+        null,
+        array(
+            'class'             => 'button-link',
+            'data-base-target'  => '_next',
+            'icon'              => 'plus',
+            'title'             => $this->translate('Create a new TLS root CA certificate collection')
+        )
+    ) ?>
+
+    <?php if (! empty($rootCaCollections)): ?>
+        <table class="table-row-selectable common-table" data-base-target="_next">
+            <thead>
+                <tr>
+                    <th><?= $this->translate('Certificate Collection Name') ?></th>
+                    <th></th>
+                </tr>
+            </thead>
+            <tbody>
+            <?php foreach ($rootCaCollections as $name): ?>
+                <tr>
+                    <td><?= $this->qlink(
+                        $name,
+                        'tlsrootcacollection/edit',
+                        array('name' => $name),
+                        array(
+                            'title' => sprintf(
+                                $this->translate('Edit TLS root CA certificate collection "%s"'),
+                                $name
+                            )
+                        )
+                    ) ?></td>
+                    <td class="icon-col text-right"><?= $this->qlink(
+                        null,
+                        'tlsrootcacollection/remove',
+                        array('name' => $name),
+                        array(
+                            'class' => 'action-link',
+                            'icon'  => 'cancel',
+                            'title' => sprintf(
+                                $this->translate('Remove TLS root CA certificate collection "%s"'),
+                                $name
+                            )
+                        )
+                    ) ?></td>
+                </tr>
+            <?php endforeach ?>
+            </tbody>
+        </table>
+    <?php endif; ?>
+
+    <h1><?= $this->translate('TLS Client Identities') ?></h1>
+
+    <?= $this->qlink(
+        $this->translate('Create A New TLS Client Identity') ,
+        'tlsclientidentity/create',
+        null,
+        array(
+            'class'             => 'button-link',
+            'data-base-target'  => '_next',
+            'icon'              => 'plus',
+            'title'             => $this->translate('Create a new TLS client identity')
+        )
+    ) ?>
+
+    <?php if (! empty($clientIdentities)): ?>
+        <table class="table-row-selectable common-table" data-base-target="_next">
+            <thead>
+                <tr>
+                    <th><?= $this->translate('Client Identity Name') ?></th>
+                    <th></th>
+                </tr>
+            </thead>
+            <tbody>
+            <?php foreach ($clientIdentities as $name): ?>
+                <tr>
+                    <td><?= $this->qlink(
+                        $name,
+                        'tlsclientidentity/edit',
+                        array('name' => $name),
+                        array(
+                            'title' => sprintf(
+                                $this->translate('Edit TLS client identity "%s"'),
+                                $name
+                            )
+                        )
+                    ) ?></td>
+                    <td class="icon-col text-right"><?= $this->qlink(
+                        null,
+                        'tlsclientidentity/remove',
+                        array('name' => $name),
+                        array(
+                            'class' => 'action-link',
+                            'icon'  => 'cancel',
+                            'title' => sprintf(
+                                $this->translate('Remove TLS client identity "%s"'),
+                                $name
+                            )
+                        )
+                    ) ?></td>
+                </tr>
+            <?php endforeach ?>
+            </tbody>
+        </table>
+    <?php endif; ?>
+</div>