use of org.jboss.hal.config.Environment in project console by hal.
the class EnableSSLWizard method show.
public void show() {
Constants constants = resources.constants();
AddressTemplate template = undertowHttps ? UNDERTOW_HTTPS_LISTENER_TEMPLATE : HTTP_INTERFACE_TEMPLATE;
Wizard.Builder<EnableSSLContext, EnableSSLState> wb = new Wizard.Builder<>(constants.enableSSLManagementTitle(), new EnableSSLContext());
wb.addStep(EnableSSLState.DEFINE_STRATEGY, new DefineStrategyStep(resources, environment.isStandalone(), undertowHttps)).addStep(EnableSSLState.CONFIGURATION, new ConfigurationStep(existingResources, resources, environment, undertowHttps, template)).addStep(EnableSSLState.REVIEW, new ReviewStep(dispatcher, statementContext, resources, environment, undertowHttps, template)).onBack((context, currentState) -> {
EnableSSLState previous = null;
switch(currentState) {
case DEFINE_STRATEGY:
break;
case CONFIGURATION:
previous = EnableSSLState.DEFINE_STRATEGY;
break;
case REVIEW:
previous = EnableSSLState.CONFIGURATION;
break;
default:
break;
}
return previous;
}).onNext((context, currentState) -> {
EnableSSLState next = null;
switch(currentState) {
case DEFINE_STRATEGY:
next = EnableSSLState.CONFIGURATION;
break;
case CONFIGURATION:
next = EnableSSLState.REVIEW;
break;
case REVIEW:
break;
default:
break;
}
return next;
}).stayOpenAfterFinish().onFinish((wizard, context) -> {
ModelNode model = context.model;
ModelNode credRef = new ModelNode();
credRef.get(CLEAR_TEXT).set(asString(model, AbstractConfiguration.KEY_STORE_PASSWORD));
// use Flow tasks to run DMR operations as there are resources that must exists before next
// operations are called, as in the example of a generate-key-pair and import-certificate
// the key-store must exists. For this case, the Composite doesn't work.
List<Task<FlowContext>> tasks = new ArrayList<>();
// key-store is only created when user chooses to create all resources or create a key-store based on
// an existing JKS file
boolean createKeyStore = !context.strategy.equals(EnableSSLContext.Strategy.KEYSTORE_RESOURCE_EXISTS);
String keyStoreName = createKeyStore ? asString(model, AbstractConfiguration.KEY_STORE_NAME) : asString(model, KEY_STORE);
if (createKeyStore) {
if (context.strategy.equals(EnableSSLContext.Strategy.KEYSTORE_CREATE)) {
ResourceAddress ksAddress = keyStoreTemplate().resolve(statementContext, keyStoreName);
tasks.add(flowContext -> {
Operation.Builder builder = new Operation.Builder(ksAddress, ADD).param(PATH, asString(model, KEY_STORE_PATH)).param(CREDENTIAL_REFERENCE, credRef).param(TYPE, asString(model, AbstractConfiguration.KEY_STORE_TYPE));
if (model.hasDefined(AbstractConfiguration.KEY_STORE_RELATIVE_TO)) {
builder.param(RELATIVE_TO, asString(model, AbstractConfiguration.KEY_STORE_RELATIVE_TO));
}
Operation keyStoreOp = builder.build();
return dispatcher.execute(keyStoreOp).doOnError(exception -> wizard.showError(constants.failed(), resources.messages().addKeyStoreError(keyStoreName), exception.getMessage(), false)).toCompletable();
});
tasks.add(flowContext -> {
Composite composite = new Composite();
// the generate-key=pair can only be called on an existing key-store
String dn = "CN=" + asString(model, AbstractConfiguration.PRIVATE_KEY_DN_CN) + ", OU=" + asString(model, AbstractConfiguration.PRIVATE_KEY_DN_OU) + ", O=" + asString(model, AbstractConfiguration.PRIVATE_KEY_DN_O) + ", L=" + asString(model, AbstractConfiguration.PRIVATE_KEY_DN_L) + ", ST=" + asString(model, AbstractConfiguration.PRIVATE_KEY_DN_ST) + ", C=" + asString(model, AbstractConfiguration.PRIVATE_KEY_DN_C);
Operation genKeyOp = new Operation.Builder(ksAddress, GENERATE_KEY_PAIR).param(ALIAS, asString(model, AbstractConfiguration.PRIVATE_KEY_ALIAS)).param(DISTINGUISHED_NAME, dn).param(VALIDITY, asString(model, AbstractConfiguration.PRIVATE_KEY_VALIDITY)).param(ModelDescriptionConstants.ALGORITHM, asString(model, AbstractConfiguration.PRIVATE_KEY_ALGORITHM)).build();
composite.add(genKeyOp);
Operation storeOp = new Operation.Builder(ksAddress, STORE).build();
composite.add(storeOp);
return dispatcher.execute(composite).toCompletable();
});
} else if (context.strategy.equals(EnableSSLContext.Strategy.KEYSTORE_FILE_EXISTS)) {
tasks.add(flowContext -> {
ResourceAddress ksAddress = keyStoreTemplate().resolve(statementContext, keyStoreName);
Operation.Builder builder = new Operation.Builder(ksAddress, ADD).param(PATH, asString(model, KEY_STORE_PATH)).param(CREDENTIAL_REFERENCE, credRef).param(TYPE, asString(model, AbstractConfiguration.KEY_STORE_TYPE)).param(REQUIRED, true);
if (model.hasDefined(AbstractConfiguration.KEY_STORE_RELATIVE_TO)) {
builder.param(RELATIVE_TO, asString(model, AbstractConfiguration.KEY_STORE_RELATIVE_TO));
}
Operation keyStoreOp = builder.build();
return dispatcher.execute(keyStoreOp).doOnError(exception -> wizard.showError(constants.failed(), resources.messages().addKeyStoreError(keyStoreName), exception.getMessage(), false)).toCompletable();
});
} else if (context.strategy.equals(EnableSSLContext.Strategy.KEYSTORE_OBTAIN_LETSENCRYPT)) {
ResourceAddress ksAddress = keyStoreTemplate().resolve(statementContext, keyStoreName);
tasks.add(flowContext -> {
Operation.Builder builder = new Operation.Builder(ksAddress, ADD).param(PATH, asString(model, KEY_STORE_PATH)).param(CREDENTIAL_REFERENCE, credRef).param(TYPE, asString(model, AbstractConfiguration.KEY_STORE_TYPE));
if (model.hasDefined(AbstractConfiguration.KEY_STORE_RELATIVE_TO)) {
builder.param(RELATIVE_TO, asString(model, AbstractConfiguration.KEY_STORE_RELATIVE_TO));
}
Operation keyStoreOp = builder.build();
return dispatcher.execute(keyStoreOp).doOnError(exception -> wizard.showError(constants.failed(), resources.messages().addKeyStoreError(keyStoreName), exception.getMessage(), false)).toCompletable();
});
String caaName = asString(model, CAA_NAME);
ResourceAddress caaAddress = certificateAuthorityAccountTemplate().resolve(statementContext, caaName);
tasks.add(flowContext -> {
Operation caaOp = new Operation.Builder(caaAddress, ADD).param(KEY_STORE, keyStoreName).param(ALIAS, asString(model, CAA_ALIAS)).build();
return dispatcher.execute(caaOp).doOnError(exception -> wizard.showError(constants.failed(), resources.messages().addResourceError(caaName, exception.getMessage()), false)).toCompletable();
});
tasks.add(flowContext -> {
Composite composite = new Composite();
String obtainAlias = asString(model, PRIVATE_KEY_ALIAS);
Operation obtainOp = new Operation.Builder(ksAddress, OBTAIN_CERTIFICATE).param(ALIAS, obtainAlias).param(CERTIFICATE_AUTHORITY_ACCOUNT, caaName).param("domain-names", model.get(CAA_DOMAIN_NAMES)).param("agree-to-terms-of-service", true).param("staging", asString(model, CAA_STAGING)).build();
composite.add(obtainOp);
Operation storeOp = new Operation.Builder(ksAddress, STORE).build();
composite.add(storeOp);
return dispatcher.execute(composite).doOnError(ex -> wizard.showError(constants.failed(), resources.messages().obtainCertificateError(obtainAlias, keyStoreName, ex.getMessage()), false)).toCompletable();
});
}
}
String trustManagerName = model.hasDefined(TRUST_MANAGER) ? asString(model, TRUST_MANAGER) : null;
if (context.mutualAuthentication) {
ModelNode tsCredRef = new ModelNode();
tsCredRef.get(CLEAR_TEXT).set(asString(model, AbstractConfiguration.TRUST_STORE_PASSWORD));
String trustStoreName = asString(model, AbstractConfiguration.TRUST_STORE_NAME);
ResourceAddress tsAddress = keyStoreTemplate().resolve(statementContext, trustStoreName);
tasks.add(flowContext -> {
Operation.Builder builder = new Operation.Builder(tsAddress, ADD).param(PATH, asString(model, AbstractConfiguration.TRUST_STORE_PATH)).param(CREDENTIAL_REFERENCE, tsCredRef).param(TYPE, asString(model, AbstractConfiguration.TRUST_STORE_TYPE));
if (model.hasDefined(AbstractConfiguration.TRUST_STORE_RELATIVE_TO)) {
builder.param(RELATIVE_TO, asString(model, AbstractConfiguration.TRUST_STORE_RELATIVE_TO));
}
Operation trustStoreOp = builder.build();
return dispatcher.execute(trustStoreOp).toCompletable();
});
tasks.add(flowContext -> {
Composite composite = new Composite();
Operation importCertOp = new Operation.Builder(tsAddress, IMPORT_CERTIFICATE).param(ALIAS, asString(model, AbstractConfiguration.CLIENT_CERTIFICATE_ALIAS)).param(PATH, asString(model, AbstractConfiguration.CLIENT_CERTIFICATE_PATH)).param(CREDENTIAL_REFERENCE, tsCredRef).param(VALIDATE, model.get(AbstractConfiguration.CLIENT_CERTIFICATE_VALIDATE).asBoolean(false)).param(TRUST_CACERTS, model.get(AbstractConfiguration.CLIENT_CERTIFICATE_TRUST).asBoolean(false)).build();
composite.add(importCertOp);
Operation storeOp = new Operation.Builder(tsAddress, STORE).build();
composite.add(storeOp);
ResourceAddress etmAddress = trustManagerTemplate().resolve(statementContext, trustManagerName);
Operation trustManagerOp = new Operation.Builder(etmAddress, ADD).param(KEY_STORE, trustStoreName).param(ModelDescriptionConstants.ALGORITHM, KEY_MANAGER_ALGORITHM).build();
composite.add(trustManagerOp);
return dispatcher.execute(composite).toCompletable();
});
}
Composite composite = new Composite();
String keyManager = asString(model, KEY_MANAGER);
ResourceAddress ekmAddress = keyManagerTemplate().resolve(statementContext, keyManager);
Operation keyManagerOp = new Operation.Builder(ekmAddress, ADD).param(KEY_STORE, keyStoreName).param(ModelDescriptionConstants.ALGORITHM, KEY_MANAGER_ALGORITHM).param(CREDENTIAL_REFERENCE, credRef).build();
composite.add(keyManagerOp);
ModelNode protocols = new ModelNode();
protocols.add(KEY_MANAGER_TLSV1_2);
String serverSslContext = asString(model, SERVER_SSL_CONTEXT);
ResourceAddress sslCtxAddress = sslContextTemplate().resolve(statementContext, serverSslContext);
Operation.Builder sslCtxBuilder = new Operation.Builder(sslCtxAddress, ADD).param(KEY_MANAGER, keyManager).param(PROTOCOLS, protocols);
if (context.mutualAuthentication) {
sslCtxBuilder.param(TRUST_MANAGER, trustManagerName);
sslCtxBuilder.param(WANT_CLIENT_AUTH, true);
}
Operation sslCtxOp = sslCtxBuilder.build();
composite.add(sslCtxOp);
if (undertowHttps) {
ResourceAddress httpsAddress = UNDERTOW_HTTPS_LISTENER_TEMPLATE.resolve(statementContext, undertowServer, httpsListener);
Operation writeSslCtxOp = new Operation.Builder(httpsAddress, WRITE_ATTRIBUTE_OPERATION).param(NAME, SSL_CONTEXT).param(VALUE, serverSslContext).build();
composite.add(writeSslCtxOp);
// undefine the "alternatives" attributes
composite.add(undefineAttribute(httpsAddress, SECURITY_REALM));
composite.add(undefineAttribute(httpsAddress, "verify-client"));
composite.add(undefineAttribute(httpsAddress, "enabled-cipher-suites"));
composite.add(undefineAttribute(httpsAddress, "enabled-protocols"));
composite.add(undefineAttribute(httpsAddress, "ssl-session-cache-size"));
composite.add(undefineAttribute(httpsAddress, "ssl-session-timeout"));
} else {
ResourceAddress httpInterfaceAddress = HTTP_INTERFACE_TEMPLATE.resolve(statementContext);
Operation writeSslCtxOp = new Operation.Builder(httpInterfaceAddress, WRITE_ATTRIBUTE_OPERATION).param(NAME, SSL_CONTEXT).param(VALUE, serverSslContext).build();
composite.add(writeSslCtxOp);
if (environment.isStandalone()) {
Operation writeSecureSocketBinding = new Operation.Builder(httpInterfaceAddress, WRITE_ATTRIBUTE_OPERATION).param(NAME, SECURE_SOCKET_BINDING).param(VALUE, asString(model, SECURE_SOCKET_BINDING)).build();
composite.add(writeSecureSocketBinding);
} else {
Operation writeSecurePortOp = new Operation.Builder(httpInterfaceAddress, WRITE_ATTRIBUTE_OPERATION).param(NAME, SECURE_PORT).param(VALUE, asString(model, SECURE_PORT)).build();
composite.add(writeSecurePortOp);
}
}
tasks.add(flowContext -> dispatcher.execute(composite).toCompletable());
series(new FlowContext(progress.get()), tasks).subscribe(new SuccessfulOutcome<FlowContext>(eventBus, resources) {
@Override
public void onSuccess(FlowContext flowContext) {
if (undertowHttps) {
wizard.showSuccess(resources.constants().success(), resources.messages().enableSSLResultsSuccessUndertow(httpsListener, serverSslContext), context1 -> presenter.reloadView(), true);
} else {
// constructs the http management console url
String serverName = environment.isStandalone() ? Names.STANDALONE_SERVER : Names.DOMAIN_CONTROLLER;
String label = resources.constants().reload() + " " + serverName;
SafeHtml description;
StringBuilder location = new StringBuilder("https://" + window.location.getHostname() + ":");
if (environment.isStandalone()) {
location.append(context.securePort);
description = resources.messages().enableSSLResultsSuccessStandalone(location.toString());
} else {
location.append(asString(model, SECURE_PORT));
description = resources.messages().enableSSLResultsSuccessDomain(location.toString());
}
// extracts the url search path, so the url shows the view the user is located
String urlSuffix = window.location.getHref();
urlSuffix = urlSuffix.substring(urlSuffix.indexOf("//") + 2);
urlSuffix = urlSuffix.substring(urlSuffix.indexOf("/"));
location.append(urlSuffix);
wizard.showSuccess(resources.constants().success(), description, label, // reloads the server/host if user clicks on the success action
context1 -> presenter.reloadServer(host, location.toString()), // reload only the view and displays a success message
context2 -> {
presenter.reloadView();
MessageEvent.fire(eventBus, Message.success(resources.messages().enableSSLSuccess()));
}, true);
}
}
@Override
public void onError(FlowContext context, Throwable exception) {
wizard.showError(resources.constants().failed(), resources.messages().enableSSLResultsError(), exception.getMessage(), false);
}
});
});
Wizard<EnableSSLContext, EnableSSLState> wizard = wb.build();
wizard.show();
}
use of org.jboss.hal.config.Environment in project console by hal.
the class HeaderView method updateRoles.
@Override
public void updateRoles(Environment environment, Settings settings, User user) {
for (Iterator<HTMLElement> iterator = Elements.iterator(userDropdown); iterator.hasNext(); ) {
HTMLElement element = iterator.next();
if (element == logoutItem) {
continue;
}
iterator.remove();
}
if (!user.getRoles().isEmpty()) {
String csr = user.getRoles().stream().sorted(Roles.STANDARD_FIRST.thenComparing(Roles.BY_NAME)).map(Role::getName).collect(joining(", "));
HTMLElement activeRoles = li().css(static_, CSS.activeRoles).textContent(resources.messages().activeRoles(csr)).title(resources.messages().activeRoles(csr)).element();
userDropdown.insertBefore(activeRoles, logoutItem);
userDropdown.insertBefore(divider(), logoutItem);
if (user.isSuperuser() && environment.getAccessControlProvider() == RBAC) {
Set<String> runAsRoleSetting = settings.get(RUN_AS).asSet();
HTMLElement runAs = li().css(static_).textContent(resources.constants().runAs()).element();
userDropdown.insertBefore(runAs, logoutItem);
stream(environment.getRoles().spliterator(), false).sorted(Roles.STANDARD_FIRST.thenComparing(Roles.BY_NAME)).forEach(role -> {
HTMLElement check, name;
HTMLElement runAsRole = li().add(a().css(clickable).on(click, event -> presenter.runAs(role.getName())).add(check = span().css(fontAwesome("check"), marginRight5).element()).add(name = span().textContent(role.getName()).element())).element();
if (!runAsRoleSetting.contains(role.getName())) {
// NON-NLS
check.style.visibility = "hidden";
}
if (role.isScoped()) {
name.title = role.getBaseRole().getName() + " / " + String.join(", ", role.getScope());
}
userDropdown.insertBefore(runAsRole, logoutItem);
});
if (runAsRoleSetting != null) {
HTMLElement clearRunAs = li().add(a().css(clickable).on(click, event -> presenter.clearRunAs()).textContent(resources.constants().clearRunAs())).element();
userDropdown.insertBefore(clearRunAs, logoutItem);
}
userDropdown.insertBefore(divider(), logoutItem);
}
}
}
use of org.jboss.hal.config.Environment in project console by hal.
the class CreateRrdOperationsTest method setUp.
@Before
public void setUp() {
Environment environment = Mockito.mock(Environment.class);
statementContext = StatementContext.NOOP;
rrdOps = new CreateRrdOperations(environment, statementContext, "en", MetadataProcessor.RRD_DEPTH);
}
use of org.jboss.hal.config.Environment in project console by hal.
the class DataSourceColumn method prepareWizard.
private void prepareWizard(boolean xa) {
Task<FlowContext> readDataSources = context -> crud.readChildren(DATA_SOURCE_SUBSYSTEM_TEMPLATE, xa ? XA_DATA_SOURCE : DATA_SOURCE).doOnSuccess(children -> {
List<DataSource> dataSources = children.stream().map(property -> new DataSource(property, xa)).collect(toList());
context.set(DATASOURCES, dataSources);
}).toCompletable();
List<Task<FlowContext>> tasks = new ArrayList<>();
tasks.add(readDataSources);
tasks.addAll(runningServers(environment, dispatcher, properties(PROFILE_NAME, statementContext.selectedProfile())));
tasks.add(new JdbcDriverTasks.ReadRuntime(environment, dispatcher));
tasks.add(new JdbcDriverTasks.CombineDriverResults());
series(new FlowContext(progress.get()), tasks).subscribe(new Outcome<FlowContext>() {
@Override
public void onError(FlowContext context, Throwable error) {
showWizard(Collections.emptyList(), Collections.emptyList(), xa);
}
@Override
public void onSuccess(FlowContext context) {
List<DataSource> dataSources = context.get(DATASOURCES);
List<JdbcDriver> drivers = context.get(JdbcDriverTasks.DRIVERS);
showWizard(dataSources, drivers, xa);
}
});
}
use of org.jboss.hal.config.Environment in project console by hal.
the class ReadEnvironment method call.
@Override
public Completable call(FlowContext context) {
logger.debug("Read environment");
Keycloak keycloak = keycloakHolder.getKeycloak();
environment.setSingleSignOn(keycloak != null);
if (keycloak != null) {
logger.debug("Keycloak token: {}", keycloak.token);
}
List<Operation> ops = new ArrayList<>();
ops.add(new Operation.Builder(ResourceAddress.root(), READ_RESOURCE_OPERATION).param(ATTRIBUTES_ONLY, true).param(INCLUDE_RUNTIME, true).build());
ops.add(new Operation.Builder(ResourceAddress.root(), WHOAMI).param(VERBOSE, true).build());
ops.add(new Operation.Builder(ResourceAddress.root(), READ_CHILDREN_RESOURCES_OPERATION).param(CHILD_TYPE, CORE_SERVICE).param(RECURSIVE, false).build());
return dispatcher.execute(new Composite(ops)).doOnSuccess((CompositeResult result) -> {
ModelNode node = result.step(0).get(RESULT);
// operation mode
OperationMode operationMode = asEnumValue(node, LAUNCH_TYPE, (name) -> OperationMode.valueOf(name), OperationMode.UNDEFINED);
environment.setOperationMode(operationMode);
logger.debug("Operation mode: {}", operationMode);
// name and org
if (node.get(NAME).isDefined()) {
String name = node.get(NAME).asString();
environment.setName(name);
}
String orgAttribute = environment.isStandalone() ? ORGANIZATION : DOMAIN_ORGANIZATION;
if (node.get(orgAttribute).isDefined()) {
String org = node.get(orgAttribute).asString();
environment.setOrganization(org);
}
// server info
environment.setInstanceInfo(node.get(PRODUCT_NAME).asString(), node.get(PRODUCT_VERSION).asString(), node.get(RELEASE_CODENAME).asString(), node.get(RELEASE_VERSION).asString());
// management version
Version version = ManagementModel.parseVersion(node);
environment.setManagementVersion(version);
logger.debug("Management model version: {}", version);
if (environment.isStandalone()) {
Server.STANDALONE.addServerAttributes(node);
}
// user info
if (environment.isSingleSignOn()) {
user.setName(keycloak.userProfile.username);
// are not supported on the javascript side when run in the browser.
if (keycloak.realmAccess != null && keycloak.realmAccess.roles != null) {
for (int i = 0; i < keycloak.realmAccess.roles.length; i++) {
String role = keycloak.realmAccess.roles[i];
user.addRole(new Role(role));
}
}
} else {
ModelNode whoami = result.step(1).get(RESULT);
String username = whoami.get("identity").get("username").asString();
user.setName(username);
if (whoami.hasDefined("mapped-roles")) {
List<ModelNode> roles = whoami.get("mapped-roles").asList();
for (ModelNode role : roles) {
String roleName = role.asString();
user.addRole(new Role(roleName));
}
}
}
user.setAuthenticated(true);
logger.debug("User info: {} {}", user.getName(), user.getRoles());
ModelNode step = result.step(2).get(RESULT);
environment.setPatchingEnabled(!environment.isStandalone() || step.get(PATCHING).isDefined());
}).toCompletable();
}
Aggregations