tyler.durden/icingaweb2
1
0
Fork 0
mirror of https://github.com/Icinga/icingaweb2.git synced 2025-09-22 17:37:45 +02:00
Code Issues Packages Projects Releases Wiki Activity

Implement hook for TLS client identities locking

Browse Source 
refs #3016
This commit is contained in:
Alexander A. Klimov 2017-11-22 14:33:04 +01:00
parent 95aef5cb15
commit dbc88f9c1b
3 changed files with 95 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
application/controllers/TlsclientidentityController.php
View File

@ -4,6 +4,7 @@
namespace Icinga\Controllers;
use Exception;
use Icinga\Application\Hook;
use Icinga\File\Storage\LocalFileStorage;
use Icinga\Forms\Config\Tls\ClientIdentity\CreateForm;
use Icinga\Forms\Config\Tls\ClientIdentity\EditForm;
@ -88,6 +89,17 @@ class TlsclientidentityController extends Controller
$this->view->form = $form = new ConfirmRemovalForm();
$form->setOnSuccess(function (ConfirmRemovalForm $form) use ($name, $fileName, $clientIdentities) {
foreach (Hook::all('TlsClientIdentity') as $hook) {
/** @var Hook\TlsClientIdentityHook $hook */
try {
$hook->beforeRemove($name);
} catch (Exception $e) {
$form->error($e->getMessage());
return false;
}
}
try {
$clientIdentities->delete($fileName);
} catch (Exception $e) {

31
application/forms/Config/Tls/ClientIdentity/EditForm.php
View File

@ -4,6 +4,7 @@
namespace Icinga\Forms\Config\Tls\ClientIdentity;
use Exception;
use Icinga\Application\Hook;
use Icinga\File\Storage\LocalFileStorage;
use Icinga\Web\Form;
@ -54,6 +55,29 @@ class EditForm extends Form
$name = $this->getElement('name')->getValue();
if ($name !== $this->oldName) {
/** @var Hook\TlsClientIdentityHook[] $succeededCascades */
$succeededCascades = array();
foreach (Hook::all('TlsClientIdentity') as $hook) {
/** @var Hook\TlsClientIdentityHook $hook */
try {
$hook->beforeRename($this->oldName, $name);
} catch (Exception $e) {
foreach ($succeededCascades as $succeededCascade) {
try {
$succeededCascade->beforeRename($name, $this->oldName);
} catch (Exception $_) {
}
}
$this->error($e->getMessage());
return false;
}
$succeededCascades[] = $hook;
}
try {
$clientIdentities = LocalFileStorage::common('tls/clientidentities');
$oldFileName = bin2hex($this->oldName) . '.pem';
@ -61,6 +85,13 @@ class EditForm extends Form
$clientIdentities->create(bin2hex($name) . '.pem', $clientIdentities->read($oldFileName));
$clientIdentities->delete($oldFileName);
} catch (Exception $e) {
foreach ($succeededCascades as $succeededCascade) {
try {
$succeededCascade->beforeRename($name, $this->oldName);
} catch (Exception $_) {
}
}
$this->error($e->getMessage());
return false;
}

52
library/Icinga/Application/Hook/TlsClientIdentityHook.php Normal file
View File

@ -0,0 +1,52 @@
<?php
/* Icinga Web 2 | (c) 2017 Icinga Development Team | GPLv2+ */
namespace Icinga\Application\Hook;
/**
* TLS client identity hook base class
*
* Extend this class if you want to prevent TLS client identities used by your module from being removed.
*/
abstract class TlsClientIdentityHook
{
/**
* Constructor
*/
final public function __construct()
{
$this->init();
}
/**
* Overwrite this function if you want to do some initialization stuff
*
* @return void
*/
protected function init()
{
}
/**
* Called before the given client identity is removed
*
* If an exception is thrown, the removal fails.
*
* @param string $clientIdentityName
*
* @throws \Exception
*/
abstract public function beforeRemove($clientIdentityName);
/**
* Called before a client identity is renamed as given
*
* If an exception is thrown, the renaming fails.
*
* @param string $oldClientIdentityName
* @param string $newClientIdentityName
*
* @throws \Exception
*/
abstract public function beforeRename($oldClientIdentityName, $newClientIdentityName);
}