Skip to content

Commit

Permalink
Merge pull request #1455 from timopollmeier/gsad-tls_certificates
Browse files Browse the repository at this point in the history 
Add tls_certificate commands to gsad
  • Loading branch information
@swaterkamp
swaterkamp authored Jun 26, 2019
2 parents 9b5b9cb + 537e4ab commit 000967f
Show file tree
Hide file tree
Showing 4 changed files with 266 additions and 2 deletions.
1 change: 1 addition & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).

### Added
- Add storybook [#1272](https://github.com/greenbone/gsa/pull/1286)
- Added TLS certificates to the asset management. [#1455](https://github.com/greenbone/gsa/pull/1455)

### Changed
- Modified the BarChart's y-domain to avoid range [0,0]. [#1447](https://github.com/greenbone/gsa/pull/1447)
Expand Down
17 changes: 15 additions & 2 deletions gsad/src/gsad.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -273,6 +273,7 @@ init_validator ()
"|(create_target)"
"|(create_task)"
"|(create_ticket)"
"|(create_tls_certificate)"
"|(create_user)"
"|(cvss_calculator)"
"|(delete_agent)"
Expand All @@ -297,6 +298,7 @@ init_validator ()
"|(delete_target)"
"|(delete_task)"
"|(delete_ticket)"
"|(delete_tls_certificate)"
"|(delete_user)"
"|(download_agent)"
"|(download_credential)"
Expand Down Expand Up @@ -402,6 +404,8 @@ init_validator ()
"|(get_tasks)"
"|(get_ticket)"
"|(get_tickets)"
"|(get_tls_certificate)"
"|(get_tls_certificates)"
"|(get_trash)"
"|(get_user)"
"|(get_users)"
Expand Down Expand Up @@ -444,6 +448,7 @@ init_validator ()
"|(save_target)"
"|(save_task)"
"|(save_ticket)"
"|(save_tls_certificate)"
"|(save_user)"
"|(start_task)"
"|(stop_task)"
Expand Down Expand Up @@ -663,15 +668,15 @@ init_validator ()
"^(agent|alert|asset|cert_bund_adv|config|cpe|credential|cve|dfn_cert_adv|"
"filter|group|host|info|nvt|note|os|ovaldef|override|permission|port_list|"
"report|report_format|result|role|scanner|schedule|tag|target|task|ticket|"
"user|vuln|)$");
"tls_certificate|user|vuln|)$");
gvm_validator_add (validator, "resource_id", "^[[:alnum:]-_.:\\/~]*$");
gvm_validator_add (validator, "resources_action", "^(|add|set|remove)$");
gvm_validator_add (
validator, "optional_resource_type",
"^(agent|alert|asset|cert_bund_adv|config|cpe|credential|cve|dfn_cert_adv|"
"filter|group|host|info|nvt|note|os|ovaldef|override|permission|port_list|"
"report|report_format|result|role|scanner|schedule|tag|target|task|ticket|"
"user|vuln|)?$");
"tls_certificate|user|vuln|)?$");
gvm_validator_add (validator, "select:value", "^.*$");
gvm_validator_add (validator, "ssl_cert", "^.*$");
gvm_validator_add (validator, "method_data:name", "^.*$");
Expand Down Expand Up @@ -738,6 +743,7 @@ init_validator ()
gvm_validator_add (validator, "icalendar", "(?s)^BEGIN:VCALENDAR.+$");

/* Binary data params that should not use no UTF-8 validation */
gvm_validator_add_binary (validator, "certificate_bin");
gvm_validator_add_binary (validator, "installer");
gvm_validator_add_binary (validator, "method_data:pkcs12:");

Expand Down Expand Up @@ -900,7 +906,9 @@ init_validator ()
gvm_validator_alias (validator, "task_uuid", "optional_id");
gvm_validator_alias (validator, "ticket_id", "id");
gvm_validator_alias (validator, "timeout", "boolean");
gvm_validator_alias (validator, "tls_certificate_id", "id");
gvm_validator_alias (validator, "trend:name", "family");
gvm_validator_alias (validator, "trust", "boolean");
gvm_validator_alias (validator, "user_id", "id");
gvm_validator_alias (validator, "user_id_optional", "id_optional");
gvm_validator_alias (validator, "xml", "boolean");
Expand Down Expand Up @@ -1471,6 +1479,7 @@ exec_gmp_post (http_connection_t *con, gsad_connection_info_t *con_info,
ELSE (create_tag)
ELSE (create_target)
ELSE (create_ticket)
ELSE (create_tls_certificate)
ELSE (create_user)
ELSE (create_role)
ELSE (delete_agent)
Expand All @@ -1495,6 +1504,7 @@ exec_gmp_post (http_connection_t *con, gsad_connection_info_t *con_info,
ELSE (delete_target)
ELSE (delete_task)
ELSE (delete_ticket)
ELSE (delete_tls_certificate)
ELSE (delete_user)
ELSE (empty_trashcan)
ELSE (import_config)
Expand Down Expand Up @@ -1535,6 +1545,7 @@ exec_gmp_post (http_connection_t *con, gsad_connection_info_t *con_info,
ELSE (save_task)
ELSE (save_ticket)
ELSE (save_container_task)
ELSE (save_tls_certificate)
ELSE (save_user)
ELSE (start_task)
ELSE (stop_task)
Expand Down Expand Up @@ -2091,6 +2102,8 @@ exec_gmp_get (http_connection_t *con, gsad_connection_info_t *con_info,
ELSE (get_targets)
ELSE (get_ticket)
ELSE (get_tickets)
ELSE (get_tls_certificate)
ELSE (get_tls_certificates)
ELSE (get_trash)
ELSE (get_user)
ELSE (get_users)
Expand Down
234 changes: 234 additions & 0 deletions gsad/src/gsad_gmp.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11589,6 +11589,9 @@ get_trash (gvm_connection_t *connection, credentials_t *credentials,

GET_TRASH_RESOURCE ("GET_TICKETS", "get_tickets", "tickets");

GET_TRASH_RESOURCE ("GET_TLS_CERTIFICATES", "get_tls_certificates",
"tls_certificates");

/* Cleanup, and return transformed XML. */

g_string_append (xml, "</get_trash>");
Expand Down Expand Up @@ -17038,6 +17041,237 @@ delete_ticket_gmp (gvm_connection_t *connection, credentials_t *credentials,
response_data);
}

/**
* @brief Get all TLS certificates, envelope the result.
*
* @param[in] connection Connection to manager.
* @param[in] credentials Username and password for authentication.
* @param[in] params Request parameters.
* @param[out] response_data Extra data return for the HTTP response.
*
* @return Enveloped XML object.
*/
char *
get_tls_certificates_gmp (gvm_connection_t *connection,
credentials_t *credentials, params_t *params,
cmd_response_data_t *response_data)
{
return get_many (connection, "tls_certificates", credentials, params, NULL,
response_data);
}

/**
* @brief Get single TLS certificates, envelope the result.
*
* @param[in] connection Connection to manager.
* @param[in] credentials Username and password for authentication.
* @param[in] params Request parameters.
* @param[out] response_data Extra data return for the HTTP response.
*
* @return Enveloped XML object.
*/
char *
get_tls_certificate_gmp (gvm_connection_t *connection,
credentials_t *credentials, params_t *params,
cmd_response_data_t *response_data)
{
return get_one (connection, "tls_certificate", credentials, params, NULL,
NULL, response_data);
}

/**
* @brief Create a TLS certificate.
*
* @param[in] connection Connection to manager.
* @param[in] credentials Username and password for authentication.
* @param[in] params Request parameters.
* @param[out] response_data Extra data return for the HTTP response.
*
* @return Enveloped XML object.
*/
char *
create_tls_certificate_gmp (gvm_connection_t *connection,
credentials_t *credentials, params_t *params,
cmd_response_data_t *response_data)
{
gchar *response = NULL;
entity_t entity = NULL;
const gchar *name, *comment, *trust, *certificate_bin;
size_t certificate_size;
gchar *certificate_b64;
gchar *ret;

name = params_value (params, "name");
comment = params_value (params, "comment");
trust = params_value (params, "trust");
certificate_bin = params_value (params, "certificate_bin");
certificate_size = params_value_size (params, "certificate_bin");

certificate_b64 =
(certificate_size > 0)
? g_base64_encode ((guchar *) certificate_bin, certificate_size)
: g_strdup ("");

CHECK_VARIABLE_INVALID (name, "Create TLS Certificate");
CHECK_VARIABLE_INVALID (comment, "Create TLS Certificate");
CHECK_VARIABLE_INVALID (trust, "Create TLS Certificate");

switch (gmpf (connection, credentials, &response, &entity, response_data,
"<create_tls_certificate>"
"<name>%s</name>"
"<comment>%s</comment>"
"<trust>%s</trust>"
"<certificate>%s</certificate>"
"</create_tls_certificate>",
name, comment, trust, certificate_b64))
{
case 0:
case -1:
break;
case 1:
cmd_response_data_set_status_code (response_data,
MHD_HTTP_INTERNAL_SERVER_ERROR);
return gsad_message (
credentials, "Internal error", __FUNCTION__, __LINE__,
"An internal error occurred while creating a TLS certificate. "
"Diagnostics: Failure to send command to manager daemon.",
response_data);
case 2:
cmd_response_data_set_status_code (response_data,
MHD_HTTP_INTERNAL_SERVER_ERROR);
return gsad_message (
credentials, "Internal error", __FUNCTION__, __LINE__,
"An internal error occurred while creating a TLS certificate. "
"It is unclear whether the TLS certificate has been created or not. "
"Diagnostics: Failure to receive response from manager daemon.",
response_data);
default:
cmd_response_data_set_status_code (response_data,
MHD_HTTP_INTERNAL_SERVER_ERROR);
return gsad_message (
credentials, "Internal error", __FUNCTION__, __LINE__,
"An internal error occurred while creating a TLS certificate. "
"It is unclear whether the TLS certificate has been created or not. "
"Diagnostics: Internal Error.",
response_data);
}

ret = response_from_entity (connection, credentials, params, entity,
"Create TLS Certificate", response_data);

free_entity (entity);
g_free (response);
g_free (certificate_b64);
return ret;
}

/**
* @brief Modify a TLS certificate.
*
* @param[in] connection Connection to manager.
* @param[in] credentials Username and password for authentication.
* @param[in] params Request parameters.
* @param[out] response_data Extra data return for the HTTP response.
*
* @return Enveloped XML object.
*/
char *
save_tls_certificate_gmp (gvm_connection_t *connection,
credentials_t *credentials, params_t *params,
cmd_response_data_t *response_data)
{
gchar *response = NULL;
entity_t entity = NULL;
const gchar *tls_certificate_id, *name, *comment, *trust, *certificate_bin;
size_t certificate_size;
gchar *certificate_b64;
gchar *ret;

tls_certificate_id = params_value (params, "tls_certificate_id");
name = params_value (params, "name");
comment = params_value (params, "comment");
trust = params_value (params, "trust");
certificate_bin = params_value (params, "certificate_bin");
certificate_size = params_value_size (params, "certificate_bin");

certificate_b64 =
(certificate_size > 0)
? g_base64_encode ((guchar *) certificate_bin, certificate_size)
: g_strdup ("");

CHECK_VARIABLE_INVALID (tls_certificate_id, "Save TLS Certificate");
CHECK_VARIABLE_INVALID (name, "Save TLS Certificate");
CHECK_VARIABLE_INVALID (comment, "Save TLS Certificate");
CHECK_VARIABLE_INVALID (trust, "Save TLS Certificate");

switch (gmpf (connection, credentials, &response, &entity, response_data,
"<modify_tls_certificate tls_certificate_id=\"%s\">"
"<name>%s</name>"
"<comment>%s</comment>"
"<trust>%s</trust>"
"<certificate>%s</certificate>"
"</modify_tls_certificate>",
tls_certificate_id, name, comment, trust, certificate_b64))
{
case 0:
case -1:
break;
case 1:
cmd_response_data_set_status_code (response_data,
MHD_HTTP_INTERNAL_SERVER_ERROR);
return gsad_message (
credentials, "Internal error", __FUNCTION__, __LINE__,
"An internal error occurred while saving a TLS certificate. "
"Diagnostics: Failure to send command to manager daemon.",
response_data);
case 2:
cmd_response_data_set_status_code (response_data,
MHD_HTTP_INTERNAL_SERVER_ERROR);
return gsad_message (
credentials, "Internal error", __FUNCTION__, __LINE__,
"An internal error occurred while saving a TLS certificate. "
"It is unclear whether the TLS certificate has been saved or not. "
"Diagnostics: Failure to receive response from manager daemon.",
response_data);
default:
cmd_response_data_set_status_code (response_data,
MHD_HTTP_INTERNAL_SERVER_ERROR);
return gsad_message (
credentials, "Internal error", __FUNCTION__, __LINE__,
"An internal error occurred while saving a TLS certificate. "
"It is unclear whether the TLS certificate has been saved or not. "
"Diagnostics: Internal Error.",
response_data);
}

ret = response_from_entity (connection, credentials, params, entity,
"Save TLS Certificate", response_data);

free_entity (entity);
g_free (response);
g_free (certificate_b64);
return ret;
}

/**
* @brief Delete a TLS certificate.
*
* @param[in] connection Connection to manager.
* @param[in] credentials Username and password for authentication.
* @param[in] params Request parameters.
* @param[out] response_data Extra data return for the HTTP response.
*
* @return Enveloped XML object.
*/
char *
delete_tls_certificate_gmp (gvm_connection_t *connection,
credentials_t *credentials, params_t *params,
cmd_response_data_t *response_data)
{
return move_resource_to_trash (connection, "tls_certificate", credentials,
params, response_data);
}

char *
renew_session_gmp (gvm_connection_t *connection, credentials_t *credentials,
params_t *params, cmd_response_data_t *response_data)
Expand Down
16 changes: 16 additions & 0 deletions gsad/src/gsad_gmp.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -728,6 +728,22 @@ char *
delete_ticket_gmp (gvm_connection_t *, credentials_t *, params_t *,
cmd_response_data_t *);

char *
get_tls_certificates_gmp (gvm_connection_t *, credentials_t *, params_t *,
cmd_response_data_t *);
char *
get_tls_certificate_gmp (gvm_connection_t *, credentials_t *, params_t *,
cmd_response_data_t *);
char *
create_tls_certificate_gmp (gvm_connection_t *, credentials_t *, params_t *,
cmd_response_data_t *);
char *
save_tls_certificate_gmp (gvm_connection_t *, credentials_t *, params_t *,
cmd_response_data_t *);
char *
delete_tls_certificate_gmp (gvm_connection_t *, credentials_t *, params_t *,
cmd_response_data_t *);

char *
renew_session_gmp (gvm_connection_t *, credentials_t *, params_t *,
cmd_response_data_t *);
Expand Down

0 comments on commit 000967f

Please sign in to comment.