DaPortal

<?php //$Id$
//Copyright (c) 2015-2016 Pierre Pronchery <khorben@defora.org>
//This file is part of DeforaOS Web DaPortal
//
//This program is free software: you can redistribute it and/or modify
//it under the terms of the GNU General Public License as published by
//the Free Software Foundation, version 3 of the License.
//
//This program is distributed in the hope that it will be useful,
//but WITHOUT ANY WARRANTY; without even the implied warranty of
//MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
//GNU General Public License for more details.
//
//You should have received a copy of the GNU General Public License
//along with this program. If not, see <http://www.gnu.org/licenses/>.
//PKIModule
class PKIModule extends MultiContentModule
{
//public
//methods
//essential
//PKIModule::call
public function call(Engine $engine, Request $request, $internal = 0)
{
if($internal)
return parent::call($engine, $request, $internal);
switch(($action = $request->getAction()))
{
case 'latest':
$action = 'call'.$action;
return $this->$action($engine, $request);
}
return parent::call($engine, $request, $internal);
}
//protected
//properties
static protected $content_classes = array('ca' => 'CAPKIContent',
'caclient' => 'CAClientPKIContent',
'caserver' => 'CAServerPKIContent');
//methods
//PKIModule::PKIModule
protected function __construct($id, $name, $title = FALSE)
{
$title = ($title === FALSE) ? _('PKI') : $title;
$this->content_list_count = 20;
parent::__construct($id, $name, $title);
}
//accessors
//PKIModule::canRenew
public function canRenew(Engine $engine, Request $request = NULL,
Content $content = NULL, &$error = FALSE)
{
return $this->canSubmit($engine, $request, $content, $error);
}
//PKIModule::canRevoke
public function canRevoke(Engine $engine, Request $request = NULL,
Content $content = NULL, &$error = FALSE)
{
return $this->canSubmit($engine, $request, $content, $error);
}
//PKIModule::canSubmit
public function canSubmit(Engine $engine, Request $request = NULL,
Content $content = NULL, &$error = FALSE)
{
$credentials = $engine->getCredentials();
if(!$credentials->isAdmin())
return FALSE;
return parent::canSubmit($engine, $request, $content, $error);
}
//PKIModule::setContext
protected function setContext(Engine $engine = NULL,
Request $request = NULL, Content $content = NULL)
{
parent::setContext($engine, $request, $content);
switch(static::$content_class)
{
case static::$content_classes['caclient']:
$this->text_content_admin
= _('CA clients administration');
$this->text_content_list_title
= _('CA client list');
$this->text_content_list_title_by
= _('CA clients from');
$this->text_content_list_title_by_group
= _('CA clients from group');
$this->text_content_submit_content
= _('Client certificate request');
break;
case static::$content_classes['caserver']:
$this->text_content_admin
= _('CA servers administration');
$this->text_content_list_title
= _('CA server list');
$this->text_content_list_title_by
= _('CA servers from');
$this->text_content_list_title_by_group
= _('CA servers from group');
$this->text_content_submit_content
= _('Server certificate request');
break;
default:
case static::$content_classes['ca']:
$this->text_content_admin
= _('CAs administration');
$this->text_content_list_title
= _('Certification Authority list');
$this->text_content_list_title_by
= _('Certification Authorities from');
$this->text_content_list_title_by_group
= _('Certification Authorities from group');
$this->text_content_submit_content
= _('New Certification Authority');
break;
}
}
//calls
//PKIModule::callDefault
protected function callDefault(Engine $engine, Request $request)
{
$title = _('Certification activity');
$latest = array('ca', 'caserver', 'caclient');
if($request->getID() !== FALSE)
return $this->callDisplay($engine, $request);
$page = new Page(array('title' => $title));
$page->append('title', array('stock' => $this->getName(),
'text' => $title));
$hbox = $page->append('hbox');
foreach($latest as $l)
{
$request = $this->getRequest('latest', array(
'type' => $l));
$response = $this->call($engine, $request);
if($response instanceof PageResponse)
$hbox->append($response->getContent());
}
return new PageResponse($page);
}
//PKIModule::callLatest
protected function callLatest(Engine $engine, Request $request)
{
$type = $request->get('type');
//XXX merge these sub-functions together
switch($type)
{
case 'ca':
return $this->_latestCAs($engine, $request,
$type);
case 'caclient':
return $this->_latestCAClients($engine,
$request, $type);
case 'caserver':
default:
return $this->_latestCAServers($engine,
$request, $type);
}
}
private function _latestCAs(Engine $engine, Request $request, $type)
{
$class = static::$content_classes['ca'];
$title = _('Latest Certification Authorities');
//list the latest certification authorities
$page = new Page($title);
$page->append('title', array('stock' => $this->getName(),
'text' => $title));
$vbox = $page->append('vbox');
if(($bugs = $class::listAll($engine, $this, 'timestamp',
$this->content_headline_count)) === FALSE)
{
$error = _('Could not list Certification Authorities');
$page->append('dialog', array('type' => 'error',
'text' => $error));
return new PageResponse($page,
Response::$CODE_EUNKNOWN);
}
$columns = $class::getColumns();
$view = $vbox->append('treeview', array('columns' => $columns));
foreach($bugs as $b)
$view->append($b->displayRow($engine, $request));
$vbox->append('link', array('stock' => 'more',
'text' => _('More Certification Authorities...'),
'request' => $this->getRequest('list', array(
'type' => $type))));
return new PageResponse($page);
}
private function _latestCAClients(Engine $engine, Request $request,
$type)
{
$class = static::$content_classes['caclient'];
$title = _('Latest CA clients');
//list the latest CA clients
$page = new Page($title);
$page->append('title', array('stock' => $this->getName(),
'text' => $title));
$vbox = $page->append('vbox');
if(($bugs = $class::listAll($engine, $this, 'timestamp',
$this->content_headline_count)) === FALSE)
{
$error = _('Could not list CA clients');
$page->append('dialog', array('type' => 'error',
'text' => $error));
return new PageResponse($page,
Response::$CODE_EUNKNOWN);
}
$columns = $class::getColumns();
$view = $vbox->append('treeview', array('columns' => $columns));
foreach($bugs as $b)
$view->append($b->displayRow($engine, $request));
$vbox->append('link', array('stock' => 'more',
'text' => _('More CA clients...'),
'request' => $this->getRequest('list', array(
'type' => $type))));
return new PageResponse($page);
}
private function _latestCAServers(Engine $engine, Request $request,
$type)
{
$class = static::$content_classes['caserver'];
$title = _('Latest CA servers');
//list the latest CA servers
$page = new Page($title);
$page->append('title', array('stock' => $this->getName(),
'text' => $title));
$vbox = $page->append('vbox');
if(($bugs = $class::listAll($engine, $this, 'timestamp',
$this->content_headline_count)) === FALSE)
{
$error = _('Could not list CA servers');
$page->append('dialog', array('type' => 'error',
'text' => $error));
return new PageResponse($page,
Response::$CODE_EUNKNOWN);
}
$columns = $class::getColumns();
$view = $vbox->append('treeview', array('columns' => $columns));
foreach($bugs as $b)
$view->append($b->displayRow($engine, $request));
$vbox->append('link', array('stock' => 'more',
'text' => _('More CA servers...'),
'request' => $this->getRequest('list', array(
'type' => $type))));
return new PageResponse($page);
}
//PKIModule::formSubmit
protected function formSubmit(Engine $engine, Request $request)
{
$class = static::$content_classes['ca'];
$parent = $class::load($engine, $this, $request->getID(),
$request->getTitle());
if($parent !== FALSE)
$r = $parent->getRequest('submit', array(
'type' => $request->get('type')));
else
$r = $this->getRequest('submit', array(
'type' => $request->get('type')));
$form = new PageElement('form', array('request' => $r));
//content
$this->helperSubmitContent($engine, $request, $form);
//buttons
$this->helperSubmitButtons($engine, $request, $form);
return $form;
}
//PKIModule::helperAdminActions
protected function helperAdminActions(Engine $engine, Request $request)
{
//XXX update the parent actions instead
$actions = array('renew', 'revoke');
if(($ret = parent::helperAdminActions($engine, $request))
!== FALSE)
return $ret;
//additional actions
foreach($actions as $a)
if($request->get($a) !== FALSE)
{
$helper = 'helper'.$a;
if(!method_exists($this, $helper))
{
$error = $helper.': Unknown helper';
return $engine->log(LOG_DEBUG, $error);
}
return $this->$helper($engine, $request);
}
return FALSE;
}
//PKIModule::helperAdminToolbar
protected function helperAdminToolbar(Engine $engine, PageElement $page,
Request $request = NULL)
{
//XXX update the parent actions instead
$actions = array('renew' => _('Renew'),
'revoke' => _('Revoke'));
$toolbar = parent::helperAdminToolbar($engine, $page,
$request);
//additional actions
$toolitems = array();
foreach($actions as $action => $label)
{
$method = 'can'.$action;
if(method_exists($this, $method)
&& $this->$method($engine, $request))
$toolitems[$action] = $label;
}
foreach($toolitems as $action => $label)
$toolbar->append('button', array('stock' => $action,
'text' => $label, 'type' => 'submit',
'name' => 'action',
'value' => $action));
return $toolbar;
}
//PKIModule::helperRenew
protected function helperRenew(Engine $engine, Request $request)
{
$cred = $engine->getCredentials();
$affected = 0;
$message = _('The certificate(s) renewed successfully');
$failure = _('Could not renew certificate(s)');
$error = _('Permission denied');
if(!$this->canRenew($engine, $request, NULL, $error))
return new PageElement('dialog', array(
'type' => 'error', 'text' => $error));
$type = 'info';
if(($ids = $request->get('ids')) === FALSE || !is_array($ids))
$ids = array();
//lookup the certificates and renew
foreach($ids as $id)
{
if(($content = $this->getContent($engine, $id))
!== FALSE
&& $content->renew($engine))
{
$affected += $res->getAffectedCount();
continue;
}
$type = 'error';
$message = $failure;
}
return ($affected > 0) ? new PageElement('dialog', array(
'type' => $type, 'text' => $message)) : FALSE;
}
//PKIModule::helperRevoke
protected function helperRevoke(Engine $engine, Request $request)
{
$cred = $engine->getCredentials();
$affected = 0;
$message = _('The certificate(s) revoked successfully');
$failure = _('Could not revoke certificate(s)');
$error = _('Permission denied');
if(!$this->canRevoke($engine, $request, NULL, $error))
return new PageElement('dialog', array(
'type' => 'error', 'text' => $error));
$type = 'info';
if(($ids = $request->get('ids')) === FALSE || !is_array($ids))
$ids = array();
//lookup the certificates and revoke
foreach($ids as $id)
{
if(($content = $this->getContent($engine, $id))
!== FALSE
&& $content->revoke($engine))
{
$affected += $res->getAffectedCount();
continue;
}
$type = 'error';
$message = $failure;
}
return ($affected > 0) ? new PageElement('dialog', array(
'type' => $type, 'text' => $message)) : FALSE;
}
}
?>