Add source info to TLS certificate assets and create them from host details

CHANGELOG.md

@@ -7,6 +7,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 ## [Unreleased]
 
 ### Added
+- Added TLS certificates as a new resource type [#585](https://github.com/greenbone/gvmd/pull/585) [#663](https://github.com/greenbone/gvmd/pull/663)
 - Update NVTs via OSP [#392](https://github.com/greenbone/gvmd/pull/392) [#609](https://github.com/greenbone/gvmd/pull/609) [#626](https://github.com/greenbone/gvmd/pull/626)
 - Handle addition of ID to NVT preferences. [#413](https://github.com/greenbone/gvmd/pull/413)
 - Add setting 'OMP Slave Check Period' [#491](https://github.com/greenbone/gvmd/pull/491)

CMakeLists.txt

@@ -113,7 +113,7 @@ include (CPack)
 
 ## Variables
 
-set (GVMD_DATABASE_VERSION 212)
+set (GVMD_DATABASE_VERSION 214)
 
 set (GVMD_SCAP_DATABASE_VERSION 15)
 

src/CMakeLists.txt

@@ -87,6 +87,7 @@ add_executable (manage-utils-test
                 manage_sql.c manage_sql_nvts.c manage_sql_secinfo.c
                 manage_sql_configs.c
                 manage_sql_tickets.c manage_sql_tls_certificates.c
+                manage_tls_certificates.c
                 manage_migrators.c scanner.c
                 sql_pg.c manage_pg.c
                 lsc_user.c lsc_crypt.c utils.c comm.c
@@ -110,6 +111,7 @@ add_executable (manage-test
                 manage_sql.c manage_sql_nvts.c manage_sql_secinfo.c
                 manage_sql_configs.c
                 manage_sql_tickets.c manage_sql_tls_certificates.c
+                manage_tls_certificates.c
                 manage_migrators.c scanner.c
                 sql_pg.c manage_pg.c
                 lsc_user.c lsc_crypt.c utils.c comm.c
@@ -133,6 +135,7 @@ add_executable (gmp-tickets-test
                 manage_sql.c manage_sql_nvts.c manage_sql_secinfo.c
                 manage_sql_configs.c
                 manage_sql_tickets.c manage_sql_tls_certificates.c
+                manage_tls_certificates.c
                 manage_migrators.c scanner.c
                 sql_pg.c manage_pg.c
                 lsc_user.c lsc_crypt.c utils.c comm.c
@@ -156,6 +159,7 @@ add_executable (gvmd
                 manage_sql.c manage_sql_nvts.c manage_sql_secinfo.c
                 manage_sql_configs.c
                 manage_sql_tickets.c manage_sql_tls_certificates.c
+                manage_tls_certificates.c
                 manage_migrators.c scanner.c
                 sql_pg.c manage_pg.c
                 lsc_user.c lsc_crypt.c utils.c comm.c

src/gmp.c

@@ -13249,10 +13249,19 @@ handle_get_credentials (gmp_parser_t *gmp_parser, GError **error)
           /* get certificate info */
           time_t activation_time, expiration_time;
           gchar *activation_time_str, *expiration_time_str;
-          gchar *fingerprint, *issuer;
-          get_certificate_info (cert, -1,
-                                &activation_time, &expiration_time,
-                                &fingerprint, NULL, &issuer, NULL);
+          gchar *md5_fingerprint, *issuer;
+
+          get_certificate_info (cert,
+                                -1,
+                                &activation_time,
+                                &expiration_time,
+                                &md5_fingerprint,
+                                NULL,   /* sha256_fingerprint */
+                                NULL,   /* subject */
+                                &issuer,
+                                NULL,   /* serial */
+                                NULL);  /* certificate_format */
+
           activation_time_str = certificate_iso_time (activation_time);
           expiration_time_str = certificate_iso_time (expiration_time);
           SENDF_TO_CLIENT_OR_FAIL
@@ -13266,11 +13275,11 @@ handle_get_credentials (gmp_parser_t *gmp_parser, GError **error)
             certificate_time_status (activation_time, expiration_time),
             activation_time_str,
             expiration_time_str,
-            fingerprint ? fingerprint : "",
+            md5_fingerprint ? md5_fingerprint : "",
             issuer ? issuer : "");
           g_free (activation_time_str);
           g_free (expiration_time_str);
-          g_free (fingerprint);
+          g_free (md5_fingerprint);
           g_free (issuer);
         }
 
@@ -16512,10 +16521,19 @@ handle_get_scanners (gmp_parser_t *gmp_parser, GError **error)
           if (scanner_iterator_ca_pub (&scanners))
             {
               /* CA Certificate */
-              gchar *fingerprint, *issuer;
-              get_certificate_info (scanner_iterator_ca_pub (&scanners), -1,
-                                    &activation_time, &expiration_time,
-                                    &fingerprint, NULL, &issuer, NULL);
+              gchar *md5_fingerprint, *issuer;
+
+              get_certificate_info (scanner_iterator_ca_pub (&scanners),
+                                    -1,
+                                    &activation_time,
+                                    &expiration_time,
+                                    &md5_fingerprint,
+                                    NULL,   /* sha256_fingerprint */
+                                    NULL,   /* subject */
+                                    &issuer,
+                                    NULL,   /* serial */
+                                    NULL);  /* certificate_format */
+
               activation_time_str = certificate_iso_time (activation_time);
               expiration_time_str = certificate_iso_time (expiration_time);
               SENDF_TO_CLIENT_OR_FAIL
@@ -16529,11 +16547,11 @@ handle_get_scanners (gmp_parser_t *gmp_parser, GError **error)
                 certificate_time_status (activation_time, expiration_time),
                 activation_time_str,
                 expiration_time_str,
-                fingerprint,
+                md5_fingerprint,
                 issuer);
               g_free (activation_time_str);
               g_free (expiration_time_str);
-              g_free (fingerprint);
+              g_free (md5_fingerprint);
               g_free (issuer);
             }
         }
@@ -16557,10 +16575,19 @@ handle_get_scanners (gmp_parser_t *gmp_parser, GError **error)
           if (scanner_iterator_key_pub (&scanners))
             {
               /* Certificate */
-              gchar *fingerprint, *issuer;
-              get_certificate_info (scanner_iterator_key_pub (&scanners), -1,
-                                    &activation_time, &expiration_time,
-                                    &fingerprint, NULL, &issuer, NULL);
+              gchar *md5_fingerprint, *issuer;
+
+              get_certificate_info (scanner_iterator_key_pub (&scanners),
+                                    -1,
+                                    &activation_time,
+                                    &expiration_time,
+                                    &md5_fingerprint,
+                                    NULL,   /* sha256_fingerprint */
+                                    NULL,   /* subject */
+                                    &issuer,
+                                    NULL,   /* serial */
+                                    NULL);  /* certificate_format */
+
               activation_time_str = certificate_iso_time (activation_time);
               expiration_time_str = certificate_iso_time (expiration_time);
               SENDF_TO_CLIENT_OR_FAIL
@@ -16574,11 +16601,11 @@ handle_get_scanners (gmp_parser_t *gmp_parser, GError **error)
                 certificate_time_status (activation_time, expiration_time),
                 activation_time_str,
                 expiration_time_str,
-                fingerprint,
+                md5_fingerprint,
                 issuer);
               g_free (activation_time_str);
               g_free (expiration_time_str);
-              g_free (fingerprint);
+              g_free (md5_fingerprint);
               g_free (issuer);
             }
         }
@@ -17433,13 +17460,20 @@ handle_get_settings (gmp_parser_t *gmp_parser, GError **error)
           && strlen (setting_iterator_value (&settings)))
         {
           time_t activation_time, expiration_time;
-          gchar *activation_time_str, *expiration_time_str, *fingerprint;
+          gchar *activation_time_str, *expiration_time_str, *md5_fingerprint;
           gchar *issuer;
 
-          get_certificate_info (setting_iterator_value (&settings), -1,
+          get_certificate_info (setting_iterator_value (&settings),
+                                -1,
                                 &activation_time,
-                                &expiration_time, &fingerprint,
-                                NULL, &issuer, NULL);
+                                &expiration_time,
+                                &md5_fingerprint,
+                                NULL,   /* sha256_fingerprint */
+                                NULL,   /* subject */
+                                &issuer,
+                                NULL,   /* serial */
+                                NULL);  /* certificate_format */
+
           activation_time_str = certificate_iso_time (activation_time);
           expiration_time_str = certificate_iso_time (expiration_time);
           SENDF_TO_CLIENT_OR_FAIL
@@ -17453,11 +17487,11 @@ handle_get_settings (gmp_parser_t *gmp_parser, GError **error)
             certificate_time_status (activation_time, expiration_time),
             activation_time_str,
             expiration_time_str,
-            fingerprint,
+            md5_fingerprint,
             issuer);
           g_free (activation_time_str);
           g_free (expiration_time_str);
-          g_free (fingerprint);
+          g_free (md5_fingerprint);
           g_free (issuer);
         }
 
@@ -20216,17 +20250,25 @@ gmp_xml_handle_end_element (/* unused */ GMarkupParseContext* context,
                 {
                   time_t activation_time, expiration_time;
                   gchar *activation_time_str, *expiration_time_str;
-                  gchar *fingerprint, *issuer;
+                  gchar *md5_fingerprint, *issuer;
 
                   SENDF_TO_CLIENT_OR_FAIL
                    ("<auth_conf_setting>"
                     "<key>cacert</key>"
                     "<value>%s</value>",
                     ldap_cacert);
 
-                  get_certificate_info (ldap_cacert, -1, &activation_time,
-                                        &expiration_time, &fingerprint,
-                                        NULL, &issuer, NULL);
+                  get_certificate_info (ldap_cacert,
+                                        -1,
+                                        &activation_time,
+                                        &expiration_time,
+                                        &md5_fingerprint,
+                                        NULL,   /* sha256_fingerprint */
+                                        NULL,   /* subject */
+                                        &issuer,
+                                        NULL,   /* serial */
+                                        NULL);  /* certificate_format */
+
                   activation_time_str = certificate_iso_time (activation_time);
                   expiration_time_str = certificate_iso_time (expiration_time);
                   SENDF_TO_CLIENT_OR_FAIL
@@ -20240,11 +20282,11 @@ gmp_xml_handle_end_element (/* unused */ GMarkupParseContext* context,
                     certificate_time_status (activation_time, expiration_time),
                     activation_time_str,
                     expiration_time_str,
-                    fingerprint,
+                    md5_fingerprint,
                     issuer);
                   g_free (activation_time_str);
                   g_free (expiration_time_str);
-                  g_free (fingerprint);
+                  g_free (md5_fingerprint);
                   g_free (issuer);
 
                   SEND_TO_CLIENT_OR_FAIL ("</auth_conf_setting>");

src/gmp_get.h

@@ -117,6 +117,30 @@ send_get_common (const char *, get_data_t *, iterator_t *,
     }                                                                      \
   while (0)
 
+/**
+ * @brief Send common part of GET response to client, returning on fail.
+ *
+ * This will work for types not using the trashcan.
+ *
+ * @param[in]  type      Type of resource.
+ * @param[in]  get       GET data.
+ * @param[in]  iterator  Iterator.
+ */
+#define SEND_GET_COMMON_NO_TRASH(type, get, iterator)                          \
+  do                                                                           \
+    {                                                                          \
+      if (send_get_common (G_STRINGIFY (type), get, iterator,                  \
+                           gmp_parser->client_writer,                          \
+                           gmp_parser->client_writer_data,                     \
+                           type##_writable (get_iterator_resource (iterator)), \
+                           type##_in_use (get_iterator_resource (iterator))))  \
+        {                                                                      \
+          error_send_to_client (error);                                        \
+          return;                                                              \
+        }                                                                      \
+    }                                                                          \
+  while (0)
+
 int
 buffer_get_filter_xml (GString *, const char *, const get_data_t *,
                        const char *, const char *);