Skip to content

Commit

Permalink
Merge pull request Fraunhofer-AISEC#153 from MatthiasGr/est-renewal
Browse files Browse the repository at this point in the history
Add EST-Based Certificate Renewal
  • Loading branch information
milux authored Jun 17, 2024
2 parents fd7d66d + d7fe620 commit 16fb979
Show file tree
Hide file tree
Showing 18 changed files with 335 additions and 8 deletions.
2 changes: 1 addition & 1 deletion build.gradle.kts
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ licenseReport {

allprojects {
group = "de.fhg.aisec.ids"
version = "7.2.2"
version = "7.3.0"

val versionRegex = ".*((rc|beta|alpha)-?[0-9]*|-b[0-9.]+)$".toRegex(RegexOption.IGNORE_CASE)

Expand Down
4 changes: 4 additions & 0 deletions examples/src/main/resources/etc/application.yml
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,10 @@ logging:
de.fhg.aisec.ids.idscp2: trace
de.fhg.aisec.ids.camel: trace

server:
error:
include-message: always

ids-multipart:
daps-bean-name: rootDaps

Expand Down
Binary file added examples/trusted-connector-examples_7.3.0.zip
Binary file not shown.
6 changes: 5 additions & 1 deletion ids-webconsole/src/main/angular/src/app/app.module.ts
Original file line number Diff line number Diff line change
Expand Up @@ -54,6 +54,8 @@ import { UserService } from './users/user.service';
import { UserCardComponent } from './users/user-card.component';
import { NewIdentityESTComponent } from './keycerts/identitynewest.component';
import { ESTService } from './keycerts/est-service';
import { RenewIdentityESTComponent } from './keycerts/identityrenewest.component';
import { SnackbarComponent } from './keycerts/snackbar.component';

@NgModule({ declarations: [
AppComponent,
Expand Down Expand Up @@ -88,7 +90,9 @@ import { ESTService } from './keycerts/est-service';
DetailUserComponent,
UserCardComponent,
UsersComponent,
NewIdentityESTComponent
NewIdentityESTComponent,
RenewIdentityESTComponent,
SnackbarComponent
],
bootstrap: [
AppComponent
Expand Down
4 changes: 3 additions & 1 deletion ids-webconsole/src/main/angular/src/app/app.routing.ts
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@ import { RouteeditorComponent } from './routes/routeeditor/routeeditor.component
import { UsersComponent } from './users/users.component';
import { NewUserComponent } from './users/usernew.component';
import { DetailUserComponent } from './users/userdetail.component';
import { RenewIdentityESTComponent } from './keycerts/identityrenewest.component';
import { RoutesComponent } from './routes/routes.component';
import { NewIdentityESTComponent } from './keycerts/identitynewest.component';

Expand All @@ -43,7 +44,8 @@ const appRoutes: Routes = [
{ path: 'usernew', component: NewUserComponent, canActivate: guards },
{ path: 'userdetail', component: DetailUserComponent, canActivate: guards },
{ path: 'certificates', component: KeycertsComponent, canActivate: guards },
{ path: 'identitynewest', component: NewIdentityESTComponent, canActivate: guards }
{ path: 'identitynewest', component: NewIdentityESTComponent, canActivate: guards },
{ path: 'identityrenewest/:alias', component: RenewIdentityESTComponent, canActivate: guards }
]
},
// Pages using the "login" layout (centered full page without sidebar)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -7,10 +7,13 @@
{{ certificate.subjectDistinguishedName }}
</span>
</span>
<span class="mdl-list__item-secondary-content" style="text-align:right">
<div class="mdl-list__item-secondary-content" style="text-align:right;align-items:flex-start;flex-direction:row;">
<a *ngIf="onRenewCallback !== null" class="mdl-list__item-secondary-action mdl-color-text--grey-600" (click)="onRenew(certificate.alias)">
<icon class="material-icons">refresh</icon>
</a>
<a class="mdl-list__item-secondary-action mdl-color-text--grey-600" (click)="onDelete(certificate.alias)">
<icon class="material-icons">delete</icon>
</a>
</span>
</div>
</li>
</ul>
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@ export class CertificateCardComponent implements OnInit {
@Input() public certificates: Certificate[];
@Input() public trusts: Certificate[];
@Input() private readonly onDeleteCallback: (alias: string) => void;
@Input() private readonly onRenewCallback: (alias: string) => void = null;
public result: string;

constructor(private readonly confirmService: ConfirmService) {
Expand All @@ -29,6 +30,13 @@ export class CertificateCardComponent implements OnInit {
return item.subjectS + item.subjectCN + item.subjectOU + item.subjectO + item.subjectL + item.subjectC;
}

public onRenew(alias: string): void {
// Sanity check
if (this.onRenewCallback) {
this.onRenewCallback(alias);
}
}

public async onDelete(alias: string): Promise<void> {
return this.confirmService.activate('Are you sure that you want to delete this item?')
.then(res => {
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
export interface EstReEnrollment {
estUrl: string;
rootCertHash: string;
alias: string;
};
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ import { Observable } from 'rxjs';

import { environment } from '../../environments/environment';
import { EstEnrollment } from './est-enrollment.interface';
import { EstReEnrollment } from './est-re-enrollment.interface';

@Injectable()
export class ESTService {
Expand Down Expand Up @@ -40,4 +41,12 @@ export class ESTService {
responseType: 'text'
});
}

// Renew an existing identity identified by its alias via the EST
public renewIdentity(data: EstReEnrollment) {
return this.http.post(environment.apiURL + '/certs/renew_est_identity', data, {
headers: new HttpHeaders({'Content-Type': 'application/json'}),
responseType: 'text'
});
}
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
<div class="mdl-grid">
<div class="mdl-card card-dark mdl-cell mdl-cell--12-col">
<div class="mdl-card__title">
<h2 class="mdl-card__title-text">Renew Identity</h2>
</div>
<div class="mdl-card__supporting-text">
<form (ngSubmit)="onSubmit()" class="mdl-cell--12-col mdl-grid">
<div>
<h5>EST Re-Enrollment</h5>
</div>
<div class="mdl-cell--12-col">
<div class="mdl-textfield mdl-js-textfield mdl-textfield--floating-label has-placeholder mdl-cell--12-col form-group">
<label class="mdl-textfield__label" for="estUrl">EST Url*</label>
<input class="mdl-textfield__input" name="estUrl" type="url" [(ngModel)]="estUrl" required>
</div>
</div>
<div class="mdl-cell--12-col">
<div class="mdl-textfield mdl-js-textfield mdl-textfield--floating-label has-placeholder mdl-cell--12-col form-group">
<label class="mdl-textfield__label" for="rootCertHash">Root CA Certificate Hash*</label>
<input class="mdl-textfield__input" name="rootCertHash" type="text" [(ngModel)]="rootCertHash" required>
</div>
</div>
<div class="mdl-cell--12-col" style="margin-top:20px">
<button type="submit" class="mdl-button mdl-color--accent mdl-button--raised">Renew certificate</button>
</div>
</form>
</div>
</div>
</div>
<snackbar #errorSnackbar subtitle="Check the trusted connector log for more details"/>
Original file line number Diff line number Diff line change
@@ -0,0 +1,50 @@
import { Component, ViewChild } from '@angular/core';
import { Title } from '@angular/platform-browser';
import { ESTService } from './est-service';
import { ActivatedRoute, Router } from '@angular/router';
import { HttpErrorResponse } from '@angular/common/http';
import { SnackbarComponent } from './snackbar.component';

@Component({
templateUrl: './identityrenewest.component.html'
})
export class RenewIdentityESTComponent {
estUrl = 'https://daps-dev.aisec.fraunhofer.de';
rootCertHash = '7d3f260abb4b0bfa339c159398c0ab480a251faa385639218198adcad9a3c17d';

@ViewChild("errorSnackbar")
errorSnackbar: SnackbarComponent;

constructor(private readonly titleService: Title,
private readonly estService: ESTService,
private readonly router: Router,
private readonly route: ActivatedRoute) {
this.titleService.setTitle('Renew Identity via the EST');
}

handleError(err: HttpErrorResponse) {
if (err.status === 0) {
this.errorSnackbar.title = 'Network Error';
} else {
const errObj = JSON.parse(err.error);
if (errObj.message) {
this.errorSnackbar.title = errObj.message;
} else {
// Errors have no message if it is disabled by the spring application
this.errorSnackbar.title = `Error response from connector: ${err.status}: ${errObj.error}`;
}
}
this.errorSnackbar.visible = true;
}

onSubmit() {
this.estService.renewIdentity({
estUrl: this.estUrl,
rootCertHash: this.rootCertHash,
alias: this.route.snapshot.paramMap.get('alias')
}).subscribe(
() => this.router.navigate([ '/certificates' ]),
err => this.handleError(err)
);
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
<h2 class="mdl-card__title-text">My Identities</h2>
</div>
<div class="mdl-card__supporting-text">
<certificate-card [certificates]="identities" [onDeleteCallback]="deleteIdentity"></certificate-card>
<certificate-card [certificates]="identities" [onDeleteCallback]="deleteIdentity" [onRenewCallback]="renewIdentity"></certificate-card>
</div>
<div class="mdl-card__menu">
<button routerLink="/identitynew"
Expand Down
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
import { Component } from '@angular/core';
import { Title } from '@angular/platform-browser';
import { Router } from '@angular/router';

import { Certificate } from './certificate';
import { CertificateService } from './keycert.service';
Expand All @@ -13,7 +14,9 @@ export class KeycertsComponent {
public identities: Certificate[];
public certificates: Certificate[];

constructor(private readonly titleService: Title, private readonly certificateService: CertificateService) {
constructor(private readonly titleService: Title,
private readonly certificateService: CertificateService,
private readonly rotuer: Router) {
this.titleService.setTitle('Certificates');

this.certificateService.getIdentities()
Expand Down Expand Up @@ -44,4 +47,8 @@ export class KeycertsComponent {
}
});
};

public renewIdentity = (alias: string) => {
this.rotuer.navigate(['/identityrenewest', alias]);
};
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
.snackbar {
-webkit-transform: translate(-50%, 100px);
transform: translate(-50%, 100px);
}

.snackbar-content {
display: flex;
flex-direction: column;
}

.snackbar-subtitle {
font-size: smaller;
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
<div id="est-error-snackbar" class="mdl-snackbar" [ngClass]="{'snackbar': !visible, 'mdl-snackbar--active': visible}">
<div class="mdl-snackbar__text snackbar-content">
<span>{{ title }}</span>
<span *ngIf="subtitle !== null" class="mdl-color-text--grey-300 snackbar-subtitle">
{{ subtitle }}
</span>
</div>
<button class="mdl-snackbar__action" type="button" (click)="invokeOnDismiss()">Dismiss</button>
</div>
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
import { Component, Input } from '@angular/core';

@Component({
selector: 'snackbar',
templateUrl: './snackbar.component.html',
styleUrl: './snackbar.component.css'
})
export class SnackbarComponent {
@Input() title: string = null;
@Input() subtitle: string = null;
@Input() visible: boolean = false;
@Input() onDismiss: ()=>void = null;

invokeOnDismiss() {
if (this.onDismiss !== null) {
this.onDismiss()
} else {
this.visible = false;
}
}
}
Loading

0 comments on commit 16fb979

Please sign in to comment.