GVM management layer: TLS Certificates SQL. More...

#include "manage_tls_certificates.h"
#include "manage_acl.h"
#include "manage_sql_tls_certificates.h"
#include "manage_sql.h"
#include "utils.h"
#include "sql.h"
#include <stdlib.h>
#include <string.h>

Macros
#define	G_LOG_DOMAIN "md manage"
	GLib log domain.

#define	TLS_CERTIFICATE_ITERATOR_FILTER_COLUMNS
	Filter columns for tls_certificate iterator. More...

#define	TLS_CERTIFICATE_ITERATOR_COLUMNS
	TLS Certificate iterator columns.

Functions
static tls_certificate_t	user_tls_certificate_match_internal (tls_certificate_t tls_certificate, user_t user, const char sha256_fingerprint, const char md5_fingerprint)
	Tries to find a matching certificate for a given user. More...

const char **	tls_certificate_filter_columns ()
	Gets the filter columns for TLS certificates. More...

column_t *	tls_certificate_select_columns ()
	Gets the select columns for TLS certificates. More...

gchar *	tls_certificate_extra_where (const char *filter)
	Get extra_where string for a TLS certificate iterator or count. More...

int	tls_certificate_count (const get_data_t *get)
	Count number of tls_certificates. More...

int	init_tls_certificate_iterator (iterator_t iterator, const get_data_t get)
	Initialise a tls_certificate iterator. More...

int	tls_certificate_iterator_trust (iterator_t *iterator)
	Get a column value from a tls_certificate iterator. More...

int	tls_certificate_iterator_valid (iterator_t *iterator)
	Get a column value from a tls_certificate iterator. More...

int	tls_certificate_in_use (tls_certificate_t tls_certificate)
	Return whether a tls_certificate is in use. More...

int	tls_certificate_writable (tls_certificate_t tls_certificate)
	Return whether a tls_certificate is writable. More...

static int	make_tls_certificate (const char name, const char comment, const char certificate_b64, time_t activation_time, time_t expiration_time, const char md5_fingerprint, const char sha256_fingerprint, const char subject_dn, const char issuer_dn, const char serial, gnutls_x509_crt_fmt_t certificate_format, int trust, int update, tls_certificate_t *tls_certificate)
	Create or update a TLS certificate from collected data. More...

int	make_tls_certificate_from_base64 (const char name, const char comment, const char certificate_b64, const char fallback_fpr, int trust, int allow_failed_info, int update, tls_certificate_t *tls_certificate)
	Create or update a TLS certificate from Base64 encoded file content. More...

int	create_tls_certificate (const char name, const char comment, const char certificate_b64, int trust, tls_certificate_t tls_certificate)
	Create a TLS certificate. More...

int	copy_tls_certificate (const char name, const char comment, const char tls_certificate_id, tls_certificate_t new_tls_certificate)
	Create a TLS certificate from an existing TLS certificate. More...

int	delete_tls_certificate (const char *tls_certificate_id, int ultimate)
	Delete a tls_certificate. More...

void	delete_tls_certificates_user (user_t user)
	Delete all TLS certificate owned by a user. More...

void	inherit_tls_certificates (user_t user, user_t inheritor)
	Change ownership of tls_certificate, for user deletion. More...

int	modify_tls_certificate (const gchar tls_certificate_id, const gchar comment, const gchar *name, int trust)
	Modify a TLS certificate. More...

char *	tls_certificate_uuid (tls_certificate_t tls_certificate)
	Return the UUID of a TLS certificate. More...

int	init_tls_certificate_source_iterator (iterator_t *iterator, tls_certificate_t tls_certificate)
	Initialise an iterator of TLS certificate sources. More...

resource_t	get_or_make_tls_certificate_location (const char host_ip, const char port)
	Gets or creates a tls_certificate_location. More...

resource_t	get_or_make_tls_certificate_origin (const char origin_type, const char origin_id, const char *origin_data)
	Gets or creates a tls_certificate_origin. More...

resource_t	get_or_make_tls_certificate_source (tls_certificate_t tls_certificate, const char host_ip, const char port, const char origin_type, const char origin_id, const char *origin_data)
	Gets or creates a tls_certificate_source. More...

int	user_has_tls_certificate (tls_certificate_t tls_certificate, user_t user)
	Checks if user owns a certificate or one with the same fingerprints. More...

int	add_tls_certificates_from_report_host (report_host_t report_host, const char report_id, const char host_ip)
	Collects and add TLS certificates from the details of a report host. More...

char *	tls_certificate_host_asset_id (const char host_ip, const char origin_id)
	Get the host asset UUID of a TLS certificate location. More...

Detailed Description

GVM management layer: TLS Certificates SQL.

The TLS Certificates SQL for the GVM management layer.

Macro Definition Documentation

◆ TLS_CERTIFICATE_ITERATOR_FILTER_COLUMNS

#define TLS_CERTIFICATE_ITERATOR_FILTER_COLUMNS

Value:

{ GET_ITERATOR_FILTER_COLUMNS, "subject_dn", "issuer_dn", "md5_fingerprint", \
   "activates", "expires", "valid", "certificate_format", "last_seen",        \
   "sha256_fingerprint", "serial", "time_status", NULL }

Filter columns for tls_certificate iterator.

Function Documentation

◆ add_tls_certificates_from_report_host()

int add_tls_certificates_from_report_host	(	report_host_t	report_host,
		const char *	report_id,
		const char *	host_ip
	)

Collects and add TLS certificates from the details of a report host.

Parameters

[in]	report_host	The report host to get certificates from.
[in]	report_id	UUID of the report
[in]	host_ip	The IP address of the report host.

Returns: 0: success, -1: error

◆ copy_tls_certificate()

int copy_tls_certificate	(	const char *	name,
		const char *	comment,
		const char *	tls_certificate_id,
		tls_certificate_t *	new_tls_certificate
	)

Create a TLS certificate from an existing TLS certificate.

Parameters

[in]	name	Name. NULL to copy from existing TLS certificate.
[in]	comment	Comment. NULL to copy from existing TLS certificate.
[in]	tls_certificate_id	UUID of existing TLS certificate.
[out]	new_tls_certificate	New TLS certificate.

Returns: 0 success, 1 TLS certificate exists already, 2 failed to find existing TLS certificate, 99 permission denied, -1 error.

◆ create_tls_certificate()

int create_tls_certificate	(	const char *	name,
		const char *	comment,
		const char *	certificate_b64,
		int	trust,
		tls_certificate_t *	tls_certificate
	)

Create a TLS certificate.

Parameters

[in]	name	Name of new TLS certificate.
[in]	comment	Comment of TLS certificate.
[in]	certificate_b64	Base64 certificate file content.
[in]	trust	Whether to trust the certificate.
[out]	tls_certificate	Created TLS certificate.

Returns: 0 success, 1 invalid certificate content, 2 certificate not Base64, 3 certificate already exists, 99 permission denied, -1 error.

◆ delete_tls_certificate()

int delete_tls_certificate	(	const char *	tls_certificate_id,
		int	ultimate
	)

Delete a tls_certificate.

TLS certificates do not use the trashcan, so the "ultimate" param is ignored and the resource is always removed completely.

Parameters

[in]	tls_certificate_id	UUID of tls_certificate.
[in]	ultimate	Dummy for consistency with other delete commands.

Returns: 0 success, 1 fail because tls_certificate is in use, 2 failed to find tls_certificate, 99 permission denied, -1 error.

◆ delete_tls_certificates_user()

void delete_tls_certificates_user ( user_t user )

Delete all TLS certificate owned by a user.

Also delete trash TLS certificates.

Parameters

[in] user The user.

◆ get_or_make_tls_certificate_location()

resource_t get_or_make_tls_certificate_location	(	const char *	host_ip,
		const char *	port
	)

Gets or creates a tls_certificate_location.

If a location with matching host_ip and port exists its id is returned, otherwise a new one is created and its id is returned.

Parameters

[in]	host_ip	IP address of the location
[in]	port	Port number of the location

Returns: Row id of the tls_certificate_location

◆ get_or_make_tls_certificate_origin()

resource_t get_or_make_tls_certificate_origin	(	const char *	origin_type,
		const char *	origin_id,
		const char *	origin_data
	)

Gets or creates a tls_certificate_origin.

If an origin with matching type, id and data exists its id is returned, otherwise a new one is created and its id is returned.

Parameters

[in]	origin_type	Origin type, e.g. "GMP" or "Report"
[in]	origin_id	Origin resource id, e.g. a report UUID.
[in]	origin_data	Origin extra data, e.g. OID of generating NVT.

Returns: Row id of the tls_certificate_origin

◆ get_or_make_tls_certificate_source()

resource_t get_or_make_tls_certificate_source	(	tls_certificate_t	tls_certificate,
		const char *	host_ip,
		const char *	port,
		const char *	origin_type,
		const char *	origin_id,
		const char *	origin_data
	)

Gets or creates a tls_certificate_source.

If a source with matching location and origin data exists its id is returned, otherwise a new one is created and its id is returned.

If all the location data is NULL a NULL location is fetched / created.

Parameters

[in]	tls_certificate	The TLS certificate of the source
[in]	host_ip	IP address of the location
[in]	port	Port number of the location
[in]	origin_type	Origin type, e.g. "GMP" or "Report"
[in]	origin_id	Origin resource id, e.g. a report UUID.
[in]	origin_data	Origin extra data, e.g. OID of generating NVT.

Returns: Row id of the tls_certificate_origin

◆ inherit_tls_certificates()

void inherit_tls_certificates	(	user_t	user,
		user_t	inheritor
	)

Change ownership of tls_certificate, for user deletion.

Also assign tls_certificate that are assigned to the user to the inheritor.

Parameters

[in]	user	Current owner.
[in]	inheritor	New owner.

◆ init_tls_certificate_iterator()

int init_tls_certificate_iterator	(	iterator_t *	iterator,
		const get_data_t *	get
	)

Initialise a tls_certificate iterator.

Parameters

[in]	iterator	Iterator.
[in]	get	GET data.

Returns: 0 success, 1 failed to find tls_certificate, 2 failed to find filter, -1 error.

◆ init_tls_certificate_source_iterator()

int init_tls_certificate_source_iterator	(	iterator_t *	iterator,
		tls_certificate_t	tls_certificate
	)

Initialise an iterator of TLS certificate sources.

Parameters

[in]	iterator	Iterator to initialise.
[in]	tls_certificate	TLS certificate to get sources for.

Returns: 0 success, -1 error.

◆ make_tls_certificate()

static int make_tls_certificate	(	const char *	name,
		const char *	comment,
		const char *	certificate_b64,
		time_t	activation_time,
		time_t	expiration_time,
		const char *	md5_fingerprint,
		const char *	sha256_fingerprint,
		const char *	subject_dn,
		const char *	issuer_dn,
		const char *	serial,
		gnutls_x509_crt_fmt_t	certificate_format,
		int	trust,
		int	update,
		tls_certificate_t *	tls_certificate
	)

static

Create or update a TLS certificate from collected data.

Parameters

[in]	name	Optional name for the certificate.
[in]	comment	Optional comment for the certificate.
[in]	certificate_b64	Base64 encoded certificate.
[in]	activation_time	Activation time of the certificate.
[in]	expiration_time	Expiration time of the certificate
[in]	md5_fingerprint	MD5 fingerprint of the certificate.
[in]	sha256_fingerprint	SHA-256 fingerprint of the certificate.
[in]	subject_dn	Subject DN of the certificate.
[in]	issuer_dn	Issuer DN of the certificate.
[in]	serial	Serial of the certificate.
[in]	certificate_format	Certificate format (0 = DER, 1 = PEM).
[in]	trust	Whether to trust the certificate.
[in]	update	Whether/how to update if certificate exists. 0: reject, 1: update missing.
[out]	tls_certificate	Created TLS certificate.

Returns: 0 success, -1 error, 3 certificate already exists.

◆ make_tls_certificate_from_base64()

int make_tls_certificate_from_base64	(	const char *	name,
		const char *	comment,
		const char *	certificate_b64,
		const char *	fallback_fpr,
		int	trust,
		int	allow_failed_info,
		int	update,
		tls_certificate_t *	tls_certificate
	)

Create or update a TLS certificate from Base64 encoded file content.

Parameters

[in]	name	Name of new TLS certificate.
[in]	comment	Comment of TLS certificate.
[in]	certificate_b64	Base64 certificate file content.
[in]	fallback_fpr	Fallback fingerprint if getting data fails.
[in]	trust	Whether to trust the certificate.
[in]	allow_failed_info	Whether to use if get_certificate_info fails.
[in]	update	Whether/how to update if certificate exists. 0: reject, 1: update missing.
[out]	tls_certificate	Created TLS certificate.

Returns: 0 success, 1 invalid certificate content, 2 certificate not Base64, 3 certificate already exists, 99 permission denied, -1 error.

◆ modify_tls_certificate()

int modify_tls_certificate	(	const gchar *	tls_certificate_id,
		const gchar *	comment,
		const gchar *	name,
		int	trust
	)

Modify a TLS certificate.

Parameters

[in]	tls_certificate_id	UUID of TLS certificate.
[in]	comment	New comment on TLS certificate.
[in]	name	New name of TLS certificate.
[in]	trust	New trust value or -1 to keep old value.

Returns: 0 success, 1 TLS certificate exists already, 2 failed to find TLS certificate, 3 invalid certificate content, 4 certificate is not valid Base64, 99 permission denied, -1 error.

◆ tls_certificate_count()

int tls_certificate_count ( const get_data_t * get )

Count number of tls_certificates.

Parameters

[in] get GET params.

Returns: Total number of tls_certificates in filtered set.

◆ tls_certificate_extra_where()

gchar* tls_certificate_extra_where ( const char * filter )

Get extra_where string for a TLS certificate iterator or count.

Parameters

[in] filter Filter string.

Returns: Newly allocated extra_where string.

◆ tls_certificate_filter_columns()

const char** tls_certificate_filter_columns ( )

Gets the filter columns for TLS certificates.

Returns: Constant array of filter columns.

◆ tls_certificate_host_asset_id()

char* tls_certificate_host_asset_id	(	const char *	host_ip,
		const char *	origin_id
	)

Get the host asset UUID of a TLS certificate location.

Parameters

[in]	host_ip	IP address of the host.
[in]	origin_id	UUID of the origin report.

Returns: The newly allocated host asset UUID.

◆ tls_certificate_in_use()

int tls_certificate_in_use ( tls_certificate_t tls_certificate )

Return whether a tls_certificate is in use.

Parameters

[in] tls_certificate TLS Certificate.

Returns: 1 if in use, else 0.

◆ tls_certificate_iterator_trust()

int tls_certificate_iterator_trust ( iterator_t * iterator )

Get a column value from a tls_certificate iterator.

Parameters

[in] iterator Iterator.

Returns: Value of the column or NULL if iteration is complete.

◆ tls_certificate_iterator_valid()

int tls_certificate_iterator_valid ( iterator_t * iterator )

Get a column value from a tls_certificate iterator.

Parameters

[in] iterator Iterator.

Returns: Value of the column or NULL if iteration is complete.

◆ tls_certificate_select_columns()

column_t* tls_certificate_select_columns ( )

Gets the select columns for TLS certificates.

Returns: Constant array of select columns.

◆ tls_certificate_uuid()

char* tls_certificate_uuid ( tls_certificate_t tls_certificate )

Return the UUID of a TLS certificate.

Parameters

[in] tls_certificate TLS certificate.

Returns: Newly allocated UUID if available, else NULL.

◆ tls_certificate_writable()

int tls_certificate_writable ( tls_certificate_t tls_certificate )

Return whether a tls_certificate is writable.

Parameters

[in] tls_certificate TLS Certificate.

Returns: 1 if writable, else 0.

◆ user_has_tls_certificate()

int user_has_tls_certificate	(	tls_certificate_t	tls_certificate,
		user_t	user
	)

Checks if user owns a certificate or one with the same fingerprints.

Parameters

[in]	tls_certificate	The certificate to check
[in]	user	The user to check

Returns: 1 matching certificate found, 0 no matching certificate

◆ user_tls_certificate_match_internal()

static tls_certificate_t user_tls_certificate_match_internal	(	tls_certificate_t	tls_certificate,
		user_t	user,
		const char *	sha256_fingerprint,
		const char *	md5_fingerprint
	)

static

Tries to find a matching certificate for a given user.

Parameters

[in]	tls_certificate	The certificate to check
[in]	user	The user to check
[in]	sha256_fingerprint	The SHA256 fingerprint to match
[in]	md5_fingerprint	The MD5 fingerprint to match

Returns: The matching certificate or 0 if none is found.

Macros

Functions

Detailed Description

Macro Definition Documentation

◆ TLS_CERTIFICATE_ITERATOR_FILTER_COLUMNS

Function Documentation

◆ add_tls_certificates_from_report_host()

◆ copy_tls_certificate()

◆ create_tls_certificate()

◆ delete_tls_certificate()

◆ delete_tls_certificates_user()

◆ get_or_make_tls_certificate_location()

◆ get_or_make_tls_certificate_origin()

◆ get_or_make_tls_certificate_source()

◆ inherit_tls_certificates()

◆ init_tls_certificate_iterator()

◆ init_tls_certificate_source_iterator()

◆ make_tls_certificate()

◆ make_tls_certificate_from_base64()

◆ modify_tls_certificate()

◆ tls_certificate_count()

◆ tls_certificate_extra_where()

◆ tls_certificate_filter_columns()

◆ tls_certificate_host_asset_id()

◆ tls_certificate_in_use()

◆ tls_certificate_iterator_trust()

◆ tls_certificate_iterator_valid()

◆ tls_certificate_select_columns()

◆ tls_certificate_uuid()

◆ tls_certificate_writable()

◆ user_has_tls_certificate()

◆ user_tls_certificate_match_internal()