Merge pull request #153 from MatthiasGr/est-renewal

Add EST-Based Certificate Renewal
Fraunhofer-AISEC · Jun 17, 2024 · 16fb979 · 16fb979
2 parents fd7d66d + d7fe620
commit 16fb979
Show file tree

Hide file tree

Showing 18 changed files with 335 additions and 8 deletions.
diff --git a/build.gradle.kts b/build.gradle.kts
@@ -26,7 +26,7 @@ licenseReport {
 
 allprojects {
     group = "de.fhg.aisec.ids"
-    version = "7.2.2"
+    version = "7.3.0"
 
     val versionRegex = ".*((rc|beta|alpha)-?[0-9]*|-b[0-9.]+)$".toRegex(RegexOption.IGNORE_CASE)
 

diff --git a/examples/src/main/resources/etc/application.yml b/examples/src/main/resources/etc/application.yml
@@ -4,6 +4,10 @@ logging:
     de.fhg.aisec.ids.idscp2: trace
     de.fhg.aisec.ids.camel: trace
 
+server:
+  error:
+    include-message: always
+
 ids-multipart:
   daps-bean-name: rootDaps
 

diff --git a/examples/trusted-connector-examples_7.3.0.zip b/examples/trusted-connector-examples_7.3.0.zip
diff --git a/ids-webconsole/src/main/angular/src/app/app.module.ts b/ids-webconsole/src/main/angular/src/app/app.module.ts
@@ -54,6 +54,8 @@ import { UserService } from './users/user.service';
 import { UserCardComponent } from './users/user-card.component';
 import { NewIdentityESTComponent } from './keycerts/identitynewest.component';
 import { ESTService } from './keycerts/est-service';
+import { RenewIdentityESTComponent } from './keycerts/identityrenewest.component';
+import { SnackbarComponent } from './keycerts/snackbar.component';
 
 @NgModule({ declarations: [
         AppComponent,
@@ -88,7 +90,9 @@ import { ESTService } from './keycerts/est-service';
         DetailUserComponent,
         UserCardComponent,
         UsersComponent,
-        NewIdentityESTComponent
+        NewIdentityESTComponent,
+        RenewIdentityESTComponent,
+        SnackbarComponent
     ],
     bootstrap: [
         AppComponent

diff --git a/ids-webconsole/src/main/angular/src/app/app.routing.ts b/ids-webconsole/src/main/angular/src/app/app.routing.ts
@@ -18,6 +18,7 @@ import { RouteeditorComponent } from './routes/routeeditor/routeeditor.component
 import { UsersComponent } from './users/users.component';
 import { NewUserComponent } from './users/usernew.component';
 import { DetailUserComponent } from './users/userdetail.component';
+import { RenewIdentityESTComponent } from './keycerts/identityrenewest.component';
 import { RoutesComponent } from './routes/routes.component';
 import { NewIdentityESTComponent } from './keycerts/identitynewest.component';
 
@@ -43,7 +44,8 @@ const appRoutes: Routes = [
       { path: 'usernew', component: NewUserComponent, canActivate: guards },
       { path: 'userdetail', component: DetailUserComponent, canActivate: guards },
       { path: 'certificates', component: KeycertsComponent, canActivate: guards  },
-      { path: 'identitynewest', component: NewIdentityESTComponent, canActivate: guards }
+      { path: 'identitynewest', component: NewIdentityESTComponent, canActivate: guards },
+      { path: 'identityrenewest/:alias', component: RenewIdentityESTComponent, canActivate: guards }
     ]
   },
   // Pages using the "login" layout (centered full page without sidebar)

diff --git a/ids-webconsole/src/main/angular/src/app/keycerts/certificate-card.component.html b/ids-webconsole/src/main/angular/src/app/keycerts/certificate-card.component.html
@@ -7,10 +7,13 @@
         {{ certificate.subjectDistinguishedName }}
       </span>
     </span>
-    <span class="mdl-list__item-secondary-content" style="text-align:right">
+    <div class="mdl-list__item-secondary-content" style="text-align:right;align-items:flex-start;flex-direction:row;">
+      <a *ngIf="onRenewCallback !== null" class="mdl-list__item-secondary-action mdl-color-text--grey-600" (click)="onRenew(certificate.alias)">
+        <icon class="material-icons">refresh</icon>
+      </a>
       <a class="mdl-list__item-secondary-action mdl-color-text--grey-600" (click)="onDelete(certificate.alias)">
         <icon class="material-icons">delete</icon>
       </a>
-    </span>
+    </div>
   </li>
 </ul>
diff --git a/ids-webconsole/src/main/angular/src/app/keycerts/certificate-card.component.ts b/ids-webconsole/src/main/angular/src/app/keycerts/certificate-card.component.ts
@@ -16,6 +16,7 @@ export class CertificateCardComponent implements OnInit {
     @Input() public certificates: Certificate[];
     @Input() public trusts: Certificate[];
     @Input() private readonly onDeleteCallback: (alias: string) => void;
+    @Input() private readonly onRenewCallback: (alias: string) => void = null;
     public result: string;
 
     constructor(private readonly confirmService: ConfirmService) {
@@ -29,6 +30,13 @@ export class CertificateCardComponent implements OnInit {
         return item.subjectS + item.subjectCN + item.subjectOU + item.subjectO + item.subjectL + item.subjectC;
     }
 
+    public onRenew(alias: string): void {
+        // Sanity check
+        if (this.onRenewCallback) {
+            this.onRenewCallback(alias);
+        }
+    }
+
     public async onDelete(alias: string): Promise<void> {
         return this.confirmService.activate('Are you sure that you want to delete this item?')
             .then(res => {

diff --git a/ids-webconsole/src/main/angular/src/app/keycerts/est-re-enrollment.interface.ts b/ids-webconsole/src/main/angular/src/app/keycerts/est-re-enrollment.interface.ts
@@ -0,0 +1,5 @@
+export interface EstReEnrollment {
+    estUrl: string;
+    rootCertHash: string;
+    alias: string;
+};
diff --git a/ids-webconsole/src/main/angular/src/app/keycerts/est-service.ts b/ids-webconsole/src/main/angular/src/app/keycerts/est-service.ts
@@ -4,6 +4,7 @@ import { Observable } from 'rxjs';
 
 import { environment } from '../../environments/environment';
 import { EstEnrollment } from './est-enrollment.interface';
+import { EstReEnrollment } from './est-re-enrollment.interface';
 
 @Injectable()
 export class ESTService {
@@ -40,4 +41,12 @@ export class ESTService {
             responseType: 'text'
         });
     }
+
+    // Renew an existing identity identified by its alias via the EST
+    public renewIdentity(data: EstReEnrollment) {
+        return this.http.post(environment.apiURL + '/certs/renew_est_identity', data, {
+            headers: new HttpHeaders({'Content-Type': 'application/json'}),
+            responseType: 'text'
+        });
+    }
 }
diff --git a/ids-webconsole/src/main/angular/src/app/keycerts/identityrenewest.component.html b/ids-webconsole/src/main/angular/src/app/keycerts/identityrenewest.component.html
@@ -0,0 +1,30 @@
+<div class="mdl-grid">
+    <div class="mdl-card card-dark mdl-cell mdl-cell--12-col">
+        <div class="mdl-card__title">
+            <h2 class="mdl-card__title-text">Renew Identity</h2>
+        </div>
+        <div class="mdl-card__supporting-text">
+            <form (ngSubmit)="onSubmit()" class="mdl-cell--12-col mdl-grid">
+                <div>
+                    <h5>EST Re-Enrollment</h5>
+                </div>
+                <div class="mdl-cell--12-col">
+                    <div class="mdl-textfield mdl-js-textfield mdl-textfield--floating-label has-placeholder mdl-cell--12-col form-group">
+                        <label class="mdl-textfield__label" for="estUrl">EST Url*</label>
+                        <input class="mdl-textfield__input" name="estUrl" type="url" [(ngModel)]="estUrl" required>
+                    </div>
+                </div>
+                <div class="mdl-cell--12-col">
+                    <div class="mdl-textfield mdl-js-textfield mdl-textfield--floating-label has-placeholder mdl-cell--12-col form-group">
+                        <label class="mdl-textfield__label" for="rootCertHash">Root CA Certificate Hash*</label>
+                        <input class="mdl-textfield__input" name="rootCertHash" type="text" [(ngModel)]="rootCertHash" required>
+                    </div>
+                </div>
+                <div class="mdl-cell--12-col" style="margin-top:20px">
+                    <button type="submit" class="mdl-button mdl-color--accent mdl-button--raised">Renew certificate</button>
+                </div>
+            </form>
+        </div>
+    </div>
+</div>
+<snackbar #errorSnackbar subtitle="Check the trusted connector log for more details"/>
diff --git a/ids-webconsole/src/main/angular/src/app/keycerts/identityrenewest.component.ts b/ids-webconsole/src/main/angular/src/app/keycerts/identityrenewest.component.ts
@@ -0,0 +1,50 @@
+import { Component, ViewChild } from '@angular/core';
+import { Title } from '@angular/platform-browser';
+import { ESTService } from './est-service';
+import { ActivatedRoute, Router } from '@angular/router';
+import { HttpErrorResponse } from '@angular/common/http';
+import { SnackbarComponent } from './snackbar.component';
+
+@Component({
+    templateUrl: './identityrenewest.component.html'
+})
+export class RenewIdentityESTComponent {
+    estUrl = 'https://daps-dev.aisec.fraunhofer.de';
+    rootCertHash = '7d3f260abb4b0bfa339c159398c0ab480a251faa385639218198adcad9a3c17d';
+
+    @ViewChild("errorSnackbar")
+    errorSnackbar: SnackbarComponent;
+
+    constructor(private readonly titleService: Title,
+                private readonly estService: ESTService,
+                private readonly router: Router,
+                private readonly route: ActivatedRoute) {
+        this.titleService.setTitle('Renew Identity via the EST');
+    }
+
+    handleError(err: HttpErrorResponse) {
+        if (err.status === 0) {
+            this.errorSnackbar.title = 'Network Error';
+        } else {
+            const errObj = JSON.parse(err.error);
+            if (errObj.message) {
+                this.errorSnackbar.title = errObj.message;
+            } else {
+                // Errors have no message if it is disabled by the spring application
+                this.errorSnackbar.title = `Error response from connector: ${err.status}: ${errObj.error}`;
+            }
+        }
+        this.errorSnackbar.visible = true;
+    }
+
+    onSubmit() {
+        this.estService.renewIdentity({
+            estUrl: this.estUrl,
+            rootCertHash: this.rootCertHash,
+            alias: this.route.snapshot.paramMap.get('alias')
+        }).subscribe(
+            () => this.router.navigate([ '/certificates' ]),
+            err => this.handleError(err)
+        );
+    }
+}
diff --git a/ids-webconsole/src/main/angular/src/app/keycerts/keycerts.component.html b/ids-webconsole/src/main/angular/src/app/keycerts/keycerts.component.html
@@ -5,7 +5,7 @@
             <h2 class="mdl-card__title-text">My Identities</h2>
         </div>
         <div class="mdl-card__supporting-text">
-            <certificate-card [certificates]="identities" [onDeleteCallback]="deleteIdentity"></certificate-card>
+            <certificate-card [certificates]="identities" [onDeleteCallback]="deleteIdentity" [onRenewCallback]="renewIdentity"></certificate-card>
         </div>
         <div class="mdl-card__menu">
             <button routerLink="/identitynew"

diff --git a/ids-webconsole/src/main/angular/src/app/keycerts/keycerts.component.ts b/ids-webconsole/src/main/angular/src/app/keycerts/keycerts.component.ts
@@ -1,5 +1,6 @@
 import { Component } from '@angular/core';
 import { Title } from '@angular/platform-browser';
+import { Router } from '@angular/router';
 
 import { Certificate } from './certificate';
 import { CertificateService } from './keycert.service';
@@ -13,7 +14,9 @@ export class KeycertsComponent {
     public identities: Certificate[];
     public certificates: Certificate[];
 
-    constructor(private readonly titleService: Title, private readonly certificateService: CertificateService) {
+    constructor(private readonly titleService: Title,
+                private readonly certificateService: CertificateService,
+                private readonly rotuer: Router) {
         this.titleService.setTitle('Certificates');
 
         this.certificateService.getIdentities()
@@ -44,4 +47,8 @@ export class KeycertsComponent {
                 }
             });
     };
+
+    public renewIdentity = (alias: string) => {
+        this.rotuer.navigate(['/identityrenewest', alias]);
+    };
 }
diff --git a/ids-webconsole/src/main/angular/src/app/keycerts/snackbar.component.css b/ids-webconsole/src/main/angular/src/app/keycerts/snackbar.component.css
@@ -0,0 +1,13 @@
+.snackbar {
+    -webkit-transform: translate(-50%, 100px);
+    transform: translate(-50%, 100px);
+}
+
+.snackbar-content {
+    display: flex;
+    flex-direction: column;
+}
+
+.snackbar-subtitle {
+    font-size: smaller;
+}
diff --git a/ids-webconsole/src/main/angular/src/app/keycerts/snackbar.component.html b/ids-webconsole/src/main/angular/src/app/keycerts/snackbar.component.html
@@ -0,0 +1,9 @@
+<div id="est-error-snackbar" class="mdl-snackbar" [ngClass]="{'snackbar': !visible, 'mdl-snackbar--active': visible}">
+    <div class="mdl-snackbar__text snackbar-content">
+        <span>{{ title }}</span>
+        <span *ngIf="subtitle !== null" class="mdl-color-text--grey-300 snackbar-subtitle">
+            {{ subtitle }}
+        </span>
+    </div>
+    <button class="mdl-snackbar__action" type="button" (click)="invokeOnDismiss()">Dismiss</button>
+</div>
diff --git a/ids-webconsole/src/main/angular/src/app/keycerts/snackbar.component.ts b/ids-webconsole/src/main/angular/src/app/keycerts/snackbar.component.ts
@@ -0,0 +1,21 @@
+import { Component, Input } from '@angular/core';
+
+@Component({
+    selector: 'snackbar',
+    templateUrl: './snackbar.component.html',
+    styleUrl: './snackbar.component.css'
+})
+export class SnackbarComponent {
+    @Input() title: string = null;
+    @Input() subtitle: string = null;
+    @Input() visible: boolean = false;
+    @Input() onDismiss: ()=>void = null;
+
+    invokeOnDismiss() {
+        if (this.onDismiss !== null) {
+            this.onDismiss()
+        } else {
+            this.visible = false;
+        }
+    }
+}