2 * ============LICENSE_START====================================================
4 * ===========================================================================
5 * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
6 * ===========================================================================
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
11 * http://www.apache.org/licenses/LICENSE-2.0
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 * ============LICENSE_END====================================================
22 package org.onap.aaf.auth.gui.pages;
24 import java.io.IOException;
25 import java.net.ConnectException;
27 import org.onap.aaf.auth.cmd.AAFcli;
28 import org.onap.aaf.auth.env.AuthzTrans;
29 import org.onap.aaf.auth.gui.AAF_GUI;
30 import org.onap.aaf.auth.gui.BreadCrumbs;
31 import org.onap.aaf.auth.gui.NamedCode;
32 import org.onap.aaf.auth.gui.Page;
33 import org.onap.aaf.cadi.CadiException;
34 import org.onap.aaf.cadi.client.Future;
35 import org.onap.aaf.cadi.client.Holder;
36 import org.onap.aaf.cadi.client.Rcli;
37 import org.onap.aaf.cadi.client.Retryable;
38 import org.onap.aaf.cadi.util.Vars;
39 import org.onap.aaf.misc.env.APIException;
40 import org.onap.aaf.misc.env.Slot;
41 import org.onap.aaf.misc.env.Data.TYPE;
42 import org.onap.aaf.misc.env.util.IPValidator;
43 import org.onap.aaf.misc.env.util.Split;
44 import org.onap.aaf.misc.xgen.Cache;
45 import org.onap.aaf.misc.xgen.DynamicCode;
46 import org.onap.aaf.misc.xgen.html.HTMLGen;
48 import aaf.v2_0.Error;
49 import certman.v1_0.Artifacts;
50 import certman.v1_0.Artifacts.Artifact;
52 public class CMArtiChangeAction extends Page {
53 public CMArtiChangeAction(final AAF_GUI gui, final Page ... breadcrumbs) throws APIException, IOException {
54 super(gui.env,CMArtiChangeForm.NAME,CMArtiChangeForm.HREF, CMArtiChangeForm.fields,
55 new BreadCrumbs(breadcrumbs),
56 new NamedCode(true,"content") {
57 final Slot sID = gui.env.slot(CMArtiChangeForm.NAME+'.'+CMArtiChangeForm.fields[0]);
58 final Slot sMachine = gui.env.slot(CMArtiChangeForm.NAME+'.'+CMArtiChangeForm.fields[1]);
59 final Slot sNS = gui.env.slot(CMArtiChangeForm.NAME+'.'+CMArtiChangeForm.fields[2]);
60 final Slot sDirectory = gui.env.slot(CMArtiChangeForm.NAME+'.'+CMArtiChangeForm.fields[3]);
61 final Slot sCA = gui.env.slot(CMArtiChangeForm.NAME+'.'+CMArtiChangeForm.fields[4]);
62 final Slot sOSUser = gui.env.slot(CMArtiChangeForm.NAME+'.'+CMArtiChangeForm.fields[5]);
63 final Slot sRenewal = gui.env.slot(CMArtiChangeForm.NAME+'.'+CMArtiChangeForm.fields[6]);
64 final Slot sNotify = gui.env.slot(CMArtiChangeForm.NAME+'.'+CMArtiChangeForm.fields[7]);
65 final Slot sCmd = gui.env.slot(CMArtiChangeForm.NAME+'.'+CMArtiChangeForm.fields[8]);
66 final Slot sOther = gui.env.slot(CMArtiChangeForm.NAME+'.'+CMArtiChangeForm.fields[9]);
67 final Slot sType = gui.env.slot(CMArtiChangeForm.NAME+'.'+CMArtiChangeForm.fields[10]);
68 final Slot sSans = gui.env.slot(CMArtiChangeForm.NAME+'.'+CMArtiChangeForm.fields[11]);
71 public void code(final Cache<HTMLGen> cache, final HTMLGen hgen) throws APIException, IOException {
72 cache.dynamic(hgen, new DynamicCode<HTMLGen,AAF_GUI, AuthzTrans>() {
74 public void code(final AAF_GUI gui, final AuthzTrans trans,final Cache<HTMLGen> cache, final HTMLGen hgen) throws APIException, IOException {
75 trans.info().log("Step 1");
76 final Artifact arti = new Artifact();
77 final String machine = trans.get(sMachine,null);
78 final String ca = trans.get(sCA, null);
79 final String sans = ((String)trans.get(sSans,null));
81 for(String s: Split.splitTrim(',', sans)) {
82 arti.getSans().add(s);
85 // Disallow IP entries, except by special Permission
86 if(!trans.fish(getPerm(ca,"ip"))) {
88 if(IPValidator.ip(machine)) {
92 for(String s: arti.getSans()) {
93 if(IPValidator.ip(s)) {
100 hgen.p("Policy Failure: IPs in certificates are only allowed by Exception.");
105 // Disallow Domain based Definitions without exception
106 if(machine.startsWith("*")) { // Domain set
107 if(!trans.fish(getPerm(ca, "domain"))) {
108 hgen.p("Policy Failure: Domain Artifact Declarations are only allowed by Exception.");
113 arti.setMechid((String)trans.get(sID,null));
114 arti.setMachine(machine);
115 arti.setNs((String)trans.get(sNS,null));
116 arti.setDir((String)trans.get(sDirectory,null));
118 arti.setOsUser((String)trans.get(sOSUser, null));
119 arti.setRenewDays(Integer.parseInt((String)trans.get(sRenewal, null)));
120 arti.setNotification((String)trans.get(sNotify, null));
121 String[] checkbox = trans.get(sType,null);
122 for(int i=0;i<CMArtiChangeForm.types.length;++i) {
123 if("on".equals(checkbox[i])) {
124 arti.getType().add(CMArtiChangeForm.types[i]);
129 if (arti.getMechid()==null || arti.getMechid().indexOf('@')<=0) {
130 hgen.p("Data Entry Failure: Please enter a valid ID, including domain.");
132 } else { // everything else is checked by Server
135 final Artifacts artifacts = new Artifacts();
136 artifacts.getArtifact().add(arti);
137 final Holder<Boolean> ok = new Holder<Boolean>(false);
138 final Holder<Boolean> deleted = new Holder<Boolean>(false);
139 Future<?> f = gui.cmClientAsUser(trans.getUserPrincipal(), new Retryable<Future<?>>() {
141 public Future<?> code(Rcli<?> client)throws CadiException, ConnectException, APIException {
143 switch((String)trans.get(sCmd, "")) {
144 case CMArtiChangeForm.CREATE:
145 Future<Artifacts> fc;
146 rv = fc = client.create("/cert/artifacts", gui.artifactsDF, artifacts);
147 if(fc.get(AAFcli.timeout())) {
148 hgen.p("Created Artifact " + arti.getMechid() + " on " + arti.getMachine());
152 case CMArtiChangeForm.UPDATE:
153 Future<Artifacts> fu = client.update("/cert/artifacts", gui.artifactsDF, artifacts);
154 if((rv=fu).get(AAFcli.timeout())) {
155 hgen.p("Artifact " + arti.getMechid() + " on " + arti.getMachine() + " is updated");
159 case CMArtiChangeForm.COPY:
160 Future<Artifacts> future = client.read("/cert/artifacts/"+arti.getMechid()+'/'+arti.getMachine(), gui.artifactsDF);
162 if(future.get(AAFcli.timeout())) {
163 for(Artifact a : future.value.getArtifact()) { // only one, because these two are key
164 for(String newMachine :Split.split(',', trans.get(sOther, ""))) {
165 a.setMachine(newMachine);
166 Future<Artifacts> fup = client.update("/cert/artifacts", gui.artifactsDF, future.value);
167 if(fup.get(AAFcli.timeout())) {
168 hgen.p("Copied to " + newMachine);
175 case CMArtiChangeForm.DELETE:
177 rv = fv = client.delete("/cert/artifacts/"+arti.getMechid()+"/"+arti.getMachine(),"application/json");
178 if(fv.get(AAFcli.timeout())) {
179 hgen.p("Deleted " + arti.getMechid() + " on " + arti.getMachine());
190 hgen.p("Unknown Command");
192 if(f.body().contains("%")) {
193 Error err = gui.getDF(Error.class).newData().in(TYPE.JSON).load(f.body()).asObject();
194 hgen.p(Vars.convert(err.getText(),err.getVariables()));
196 hgen.p(arti.getMechid() + " on " + arti.getMachine() + ": " + f.body());
200 hgen.br().leaf(HTMLGen.A,"class=greenbutton","href="+(deleted.get()?CMArtifactShow.HREF:CMArtiChangeForm.HREF)+
201 "?id="+arti.getMechid()+
202 "&machine="+arti.getMachine() +
203 "&ns="+arti.getNs())
207 } catch (Exception e) {
208 hgen.p("Unknown Error");
Code Review / aaf / authz.git / blob