use of com.helger.phoss.smp.domain.serviceinfo.ISMPEndpoint in project phoss-smp by phax.
the class PageSecureEndpointChangeCertificate method fillContent.
@Override
protected void fillContent(@Nonnull final WebPageExecutionContext aWPEC) {
final Locale aDisplayLocale = aWPEC.getDisplayLocale();
final HCNodeList aNodeList = aWPEC.getNodeList();
final ISMPServiceInformationManager aServiceInfoMgr = SMPMetaManager.getServiceInformationMgr();
boolean bShowList = true;
final ICommonsMap<String, ICommonsList<ISMPEndpoint>> aEndpointsGroupedPerURL = new CommonsHashMap<>();
final ICommonsMap<String, ICommonsSet<ISMPServiceGroup>> aServiceGroupsGroupedPerURL = new CommonsHashMap<>();
final ICommonsList<ISMPServiceInformation> aAllSIs = aServiceInfoMgr.getAllSMPServiceInformation();
int nTotalEndpointCount = 0;
for (final ISMPServiceInformation aSI : aAllSIs) {
final ISMPServiceGroup aSG = aSI.getServiceGroup();
for (final ISMPProcess aProcess : aSI.getAllProcesses()) for (final ISMPEndpoint aEndpoint : aProcess.getAllEndpoints()) {
final String sUnifiedCertificate = _getUnifiedCert(aEndpoint.getCertificate());
aEndpointsGroupedPerURL.computeIfAbsent(sUnifiedCertificate, k -> new CommonsArrayList<>()).add(aEndpoint);
aServiceGroupsGroupedPerURL.computeIfAbsent(sUnifiedCertificate, k -> new CommonsHashSet<>()).add(aSG);
++nTotalEndpointCount;
}
}
{
final BootstrapButtonToolbar aToolbar = new BootstrapButtonToolbar(aWPEC);
aToolbar.addButton("Refresh", aWPEC.getSelfHref(), EDefaultIcon.REFRESH);
aNodeList.addChild(aToolbar);
final int nCount = BulkChangeCertificate.getRunningJobCount();
if (nCount > 0) {
aNodeList.addChild(warn((nCount == 1 ? "1 bulk change is" : nCount + " bulk changes are") + " currently running in the background"));
}
}
if (aWPEC.hasAction(CPageParam.ACTION_EDIT)) {
bShowList = false;
final FormErrorList aFormErrors = new FormErrorList();
final String sOldUnifiedCert = _getUnifiedCert(aWPEC.params().getAsString(FIELD_OLD_CERTIFICATE));
if (aWPEC.hasSubAction(CPageParam.ACTION_SAVE)) {
final String sNewCert = aWPEC.params().getAsString(FIELD_NEW_CERTIFICATE);
final String sNewUnifiedCert = _getUnifiedCert(sNewCert);
if (StringHelper.hasNoText(sOldUnifiedCert))
aFormErrors.addFieldInfo(FIELD_OLD_CERTIFICATE, "An old certificate must be provided");
else {
final String sErrorDetails = _getCertificateParsingError(sOldUnifiedCert);
if (sErrorDetails != null)
aFormErrors.addFieldInfo(FIELD_OLD_CERTIFICATE, "The old certificate is invalid: " + sErrorDetails);
}
if (StringHelper.hasNoText(sNewUnifiedCert))
aFormErrors.addFieldError(FIELD_NEW_CERTIFICATE, "A new certificate must be provided");
else {
final String sErrorDetails = _getCertificateParsingError(sNewUnifiedCert);
if (sErrorDetails != null)
aFormErrors.addFieldError(FIELD_NEW_CERTIFICATE, "The new certificate is invalid: " + sErrorDetails);
else if (sNewUnifiedCert.equals(sOldUnifiedCert))
aFormErrors.addFieldError(FIELD_NEW_CERTIFICATE, "The new certificate is identical to the old certificate");
}
// Validate parameters
if (aFormErrors.containsNoError()) {
PhotonWorkerPool.getInstance().run("BulkChangeCertificate", new BulkChangeCertificate(aAllSIs, aDisplayLocale, sOldUnifiedCert, sNewCert));
aWPEC.postRedirectGetInternal(success().addChildren(div("The bulk change of the endpoint certificate to"), _getCertificateDisplay(sNewUnifiedCert, aDisplayLocale), div("is now running in the background. Please manually refresh the page to see the update.")));
}
}
final ICommonsSet<ISMPServiceGroup> aServiceGroups = aServiceGroupsGroupedPerURL.get(sOldUnifiedCert);
final int nSGCount = CollectionHelper.getSize(aServiceGroups);
final int nEPCount = CollectionHelper.getSize(aEndpointsGroupedPerURL.get(sOldUnifiedCert));
aNodeList.addChild(info("The selected old certificate is currently used in " + nEPCount + " " + (nEPCount == 1 ? "endpoint" : "endpoints") + " of " + nSGCount + " " + (nSGCount == 1 ? "service group" : "service groups") + "."));
// Show edit screen
final BootstrapForm aForm = aNodeList.addAndReturnChild(getUIHandler().createFormSelf(aWPEC));
aForm.addChild(new HCHiddenField(CPageParam.PARAM_ACTION, CPageParam.ACTION_EDIT));
aForm.addChild(new HCHiddenField(CPageParam.PARAM_SUBACTION, CPageParam.ACTION_SAVE));
aForm.addChild(new HCHiddenField(FIELD_OLD_CERTIFICATE, sOldUnifiedCert));
aForm.addFormGroup(new BootstrapFormGroup().setLabel("Old certificate").setCtrl(_getCertificateDisplay(sOldUnifiedCert, aDisplayLocale)).setHelpText("The old certificate that is to be changed in all matching endpoints").setErrorList(aFormErrors.getListOfField(FIELD_OLD_CERTIFICATE)));
aForm.addFormGroup(new BootstrapFormGroup().setLabelMandatory("New certificate").setCtrl(new HCTextArea(new RequestField(FIELD_NEW_CERTIFICATE, sOldUnifiedCert)).setRows(10)).setHelpText("The new certificate that is used instead").setErrorList(aFormErrors.getListOfField(FIELD_NEW_CERTIFICATE)));
final BootstrapButtonToolbar aToolbar = aForm.addAndReturnChild(getUIHandler().createToolbar(aWPEC));
aToolbar.addSubmitButton("Save changes", EDefaultIcon.SAVE);
aToolbar.addButtonCancel(aDisplayLocale);
}
if (bShowList) {
aNodeList.addChild(info().addChildren(div("This page lets you change the certificates of multiple endpoints at once. This is e.g. helpful when the old certificate expired."), div("Currently " + (nTotalEndpointCount == 1 ? "1 endpoint is" : nTotalEndpointCount + " endpoints are") + " registered.")));
final HCTable aTable = new HCTable(new DTCol("Certificate").setInitialSorting(ESortOrder.ASCENDING), new DTCol("Service Group Count").setDisplayType(EDTColType.INT, aDisplayLocale), new DTCol("Endpoint Count").setDisplayType(EDTColType.INT, aDisplayLocale), new BootstrapDTColAction(aDisplayLocale)).setID(getID());
aEndpointsGroupedPerURL.forEach((sCert, aEndpoints) -> {
final HCRow aRow = aTable.addBodyRow();
aRow.addCell(_getCertificateDisplay(sCert, aDisplayLocale));
final int nSGCount = CollectionHelper.getSize(aServiceGroupsGroupedPerURL.get(sCert));
aRow.addCell(Integer.toString(nSGCount));
aRow.addCell(Integer.toString(aEndpoints.size()));
final ISimpleURL aEditURL = aWPEC.getSelfHref().add(CPageParam.PARAM_ACTION, CPageParam.ACTION_EDIT).add(FIELD_OLD_CERTIFICATE, sCert);
aRow.addCell(new HCA(aEditURL).setTitle("Change all endpoints using this certificate").addChild(EDefaultIcon.EDIT.getAsNode()));
});
final DataTables aDataTables = BootstrapDataTables.createDefaultDataTables(aWPEC, aTable);
aNodeList.addChild(aTable).addChild(aDataTables);
}
}
use of com.helger.phoss.smp.domain.serviceinfo.ISMPEndpoint in project phoss-smp by phax.
the class PageSecureTasksProblems method fillContent.
@Override
protected void fillContent(@Nonnull final WebPageExecutionContext aWPEC) {
final HCNodeList aNodeList = aWPEC.getNodeList();
final Locale aDisplayLocale = aWPEC.getDisplayLocale();
final ISMPServiceGroupManager aServiceGroupMgr = SMPMetaManager.getServiceGroupMgr();
final ISMPServiceInformationManager aServiceInfoMgr = SMPMetaManager.getServiceInformationMgr();
final OffsetDateTime aNowDT = PDTFactory.getCurrentOffsetDateTime();
final OffsetDateTime aNowPlusDT = aNowDT.plusMonths(3);
aNodeList.addChild(info("This page tries to identify upcoming tasks and potential problems in the SMP configuration. It is meant to highlight immediate and upcoming action items as well as potential misconfiguration."));
final HCOL aOL = new HCOL();
// Check for default password
if (PhotonSecurityManager.getUserMgr().areUserIDAndPasswordValid(CSecurity.USER_ADMINISTRATOR_ID, CSecurity.USER_ADMINISTRATOR_PASSWORD)) {
aOL.addItem(_createError("Please change the password of the default user " + CSecurity.USER_ADMINISTRATOR_EMAIL + "!"), div("This is a severe security risk"));
}
_checkSettings(aOL);
// check keystore configuration
_checkKeyStore(aWPEC, aOL, aNowDT, aNowPlusDT);
// Check truststore configuration
_checkTrustStore(aWPEC, aOL, aNowDT, aNowPlusDT);
// Check SML configuration
_checkSMLConfiguration(aOL);
// Check Directory configuration
_checkDirectoryConfig(aWPEC, aOL, aNowDT, aNowPlusDT);
// check service groups and redirects
{
final ICommonsList<ISMPServiceGroup> aServiceGroups = aServiceGroupMgr.getAllSMPServiceGroups();
if (aServiceGroups.isEmpty()) {
aOL.addItem(_createWarning("No service group is configured. This SMP is currently empty."));
} else {
// For all service groups
for (final ISMPServiceGroup aServiceGroup : CollectionHelper.getSorted(aServiceGroups, ISMPServiceGroup.comparator())) {
final HCUL aULPerSG = new HCUL();
final ICommonsList<ISMPServiceInformation> aServiceInfos = aServiceInfoMgr.getAllSMPServiceInformationOfServiceGroup(aServiceGroup);
if (aServiceInfos.isEmpty()) {
// This is merely a warning or an error
aULPerSG.addItem(_createInfo("No endpoint is configured for this service group."));
} else {
for (final ISMPServiceInformation aServiceInfo : aServiceInfos) {
final HCUL aULPerDocType = new HCUL();
final ICommonsList<ISMPProcess> aProcesses = aServiceInfo.getAllProcesses();
for (final ISMPProcess aProcess : aProcesses) {
final HCUL aULPerProcess = new HCUL();
final ICommonsList<ISMPEndpoint> aEndpoints = aProcess.getAllEndpoints();
for (final ISMPEndpoint aEndpoint : aEndpoints) {
final HCUL aULPerEndpoint = new HCUL();
final ESMPTransportProfile eTransportProfile = ESMPTransportProfile.getFromIDOrNull(aEndpoint.getTransportProfile());
if (eTransportProfile == null)
aULPerEndpoint.addItem(_createWarning("The endpoint uses the non-standard transport profile '" + aEndpoint.getTransportProfile() + "'."));
if (aEndpoint.getServiceActivationDateTime() != null) {
if (aEndpoint.getServiceActivationDateTime().isAfter(XMLOffsetDateTime.of(aNowDT)))
aULPerEndpoint.addItem(_createWarning("The endpoint is not yet active."), div("It will be active from " + PDTToString.getAsString(aEndpoint.getServiceActivationDateTime(), aDisplayLocale) + "."));
}
if (aEndpoint.getServiceExpirationDateTime() != null) {
if (aEndpoint.getServiceExpirationDateTime().isBefore(XMLOffsetDateTime.of(aNowDT)))
aULPerEndpoint.addItem(_createError("The endpoint is no longer active."), div("It was valid until " + PDTToString.getAsString(aEndpoint.getServiceExpirationDateTime(), aDisplayLocale) + "."));
else if (aEndpoint.getServiceExpirationDateTime().isBefore(XMLOffsetDateTime.of(aNowPlusDT)))
aULPerEndpoint.addItem(_createWarning("The endpoint will be inactive soon."), div("It is only valid until " + PDTToString.getAsString(aEndpoint.getServiceExpirationDateTime(), aDisplayLocale) + "."));
}
X509Certificate aX509Cert = null;
try {
aX509Cert = CertificateHelper.convertStringToCertficate(aEndpoint.getCertificate());
} catch (final CertificateException ex) {
// Ignore
}
if (aX509Cert == null)
aULPerEndpoint.addItem(_createError("The X.509 certificate configured at the endpoint is invalid and could not be interpreted as a certificate."));
else {
final OffsetDateTime aNotBefore = PDTFactory.createOffsetDateTime(aX509Cert.getNotBefore());
if (aNowDT.isBefore(aNotBefore))
aULPerEndpoint.addItem(_createError("The endpoint certificate is not yet active."), div("It will be valid from " + PDTToString.getAsString(aNotBefore, aDisplayLocale) + "."));
final OffsetDateTime aNotAfter = PDTFactory.createOffsetDateTime(aX509Cert.getNotAfter());
if (aNowDT.isAfter(aNotAfter))
aULPerEndpoint.addItem(_createError("The endpoint certificate is already expired."), div("It was valid until " + PDTToString.getAsString(aNotAfter, aDisplayLocale) + "."));
else if (aNowPlusDT.isAfter(aNotAfter))
aULPerEndpoint.addItem(_createWarning("The endpoint certificate will expire soon."), div("It is only valid until " + PDTToString.getAsString(aNotAfter, aDisplayLocale) + "."));
}
// Show per endpoint errors
if (aULPerEndpoint.hasChildren())
aULPerProcess.addItem(div("Transport profile ").addChild(code(aEndpoint.getTransportProfile())), aULPerEndpoint);
}
// Show per process errors
if (aULPerProcess.hasChildren())
aULPerDocType.addItem(div("Process ").addChild(code(aProcess.getProcessIdentifier().getURIEncoded()).addClass(CUICoreCSS.CSS_CLASS_NOWRAP)), aULPerProcess);
}
// Show per document type errors
if (aULPerDocType.hasChildren())
aULPerSG.addItem(div("Document type ").addChild(code(aServiceInfo.getDocumentTypeIdentifier().getURIEncoded()).addClass(CUICoreCSS.CSS_CLASS_NOWRAP)), aULPerDocType);
}
}
// Show per service group errors
if (aULPerSG.hasChildren())
aOL.addItem(div("Service group ").addChild(code(aServiceGroup.getParticipantIdentifier().getURIEncoded())), aULPerSG);
}
}
}
// Show results
if (aOL.hasChildren()) {
aNodeList.addChild(warn("The following list of tasks and problems were identified:"));
aNodeList.addChild(aOL);
} else
aNodeList.addChild(success("Great job, no tasks or problems identified!"));
}
Aggregations