xref: /openbmc/phosphor-webui/app/access-control/controllers/certificate-controller.js (revision 2cc89bf3e149cf0cf14ebc7194a581299ed5f6f3)
1/**
2 * Controller for Certificate Management
3 *
4 * @module app/access-control
5 * @exports certificateController
6 * @name certificateController
7 */
8
9window.angular && (function(angular) {
10  'use strict';
11
12  angular.module('app.accessControl').controller('certificateController', [
13    '$scope', 'APIUtils', '$q', 'Constants', 'toastService',
14    function($scope, APIUtils, $q, Constants, toastService) {
15      $scope.loading = false;
16      $scope.certificates = [];
17      $scope.availableCertificateTypes = [];
18      $scope.allCertificateTypes = Constants.CERTIFICATE_TYPES;
19      $scope.addCertificateModal = false;
20      $scope.addCSRModal = false;
21      $scope.newCertificate = {};
22      $scope.newCSR = {};
23      $scope.submitted = false;
24      $scope.csrSubmitted = false;
25      $scope.csrCode = '';
26      $scope.displayCSRCode = false;
27      $scope.keyBitLength = Constants.CERTIFICATE.KEY_BIT_LENGTH;
28      $scope.keyPairAlgorithm = Constants.CERTIFICATE.KEY_PAIR_ALGORITHM;
29      $scope.keyCurveId = Constants.CERTIFICATE.KEY_CURVE_ID;
30      $scope.countryList = Constants.COUNTRIES;
31
32
33      $scope.$on('$viewContentLoaded', () => {
34        getBmcTime();
35      })
36
37      $scope.loadCertificates = function() {
38        $scope.certificates = [];
39        $scope.availableCertificateTypes = Constants.CERTIFICATE_TYPES;
40        $scope.loading = true;
41        // Use Certificate Service to get the locations of all the certificates,
42        // then add a promise for fetching each certificate
43        APIUtils.getCertificateLocations().then(
44            function(data) {
45              var promises = [];
46              var locations = data.Links.Certificates;
47              for (var i in locations) {
48                var location = locations[i];
49                promises.push(getCertificatePromise(location['@odata.id']));
50              }
51              $q.all(promises)
52                  .catch(function(error) {
53                    toastService.error('Failed to load certificates.');
54                    console.log(JSON.stringify(error));
55                  })
56                  .finally(function() {
57                    $scope.loading = false;
58                  });
59            },
60            function(error) {
61              $scope.loading = false;
62              $scope.availableCertificateTypes = [];
63              toastService.error('Failed to load certificates.');
64              console.log(JSON.stringify(error));
65            });
66      };
67
68      $scope.uploadCertificate = function() {
69        if ($scope.newCertificate.file.name.split('.').pop() !== 'pem') {
70          toastService.error('Certificate must be a .pem file.');
71          return;
72        }
73        $scope.addCertificateModal = false;
74        APIUtils
75            .addNewCertificate(
76                $scope.newCertificate.file, $scope.newCertificate.selectedType)
77            .then(
78                function(data) {
79                  toastService.success(
80                      $scope.newCertificate.selectedType.name +
81                      ' was uploaded.');
82                  $scope.newCertificate = {};
83                  $scope.loadCertificates();
84                },
85                function(error) {
86                  toastService.error(
87                      $scope.newCertificate.selectedType.name +
88                      ' failed upload.');
89                  console.log(JSON.stringify(error));
90                });
91      };
92
93      var getCertificatePromise = function(url) {
94        var promise = APIUtils.getCertificate(url).then(function(data) {
95          var certificate = data;
96          isExpiring(certificate);
97          updateAvailableTypes(certificate);
98          $scope.certificates.push(certificate);
99        });
100        return promise;
101      };
102
103      var isExpiring = function(certificate) {
104        // convert certificate time to epoch time
105        // if ValidNotAfter is less than or equal to 30 days from bmc time
106        // (2592000000), isExpiring. If less than or equal to 0, is expired.
107        // dividing bmc time by 1000 converts epoch milliseconds to seconds
108        var difference = (new Date(certificate.ValidNotAfter).getTime()) -
109            ($scope.bmcTime) / 1000;
110        if (difference <= 0) {
111          certificate.isExpired = true;
112        } else if (difference <= 2592000000) {
113          certificate.isExpiring = true;
114        } else {
115          certificate.isExpired = false;
116          certificate.isExpiring = false;
117        }
118      };
119
120      // add optional name
121      $scope.names = [];
122      $scope.addOptionalRow = function() {
123        $scope.names.push({Value: ''})
124      };
125
126      // remove optional name row
127      $scope.deleteOptionalRow = function(index) {
128        $scope.names.splice(index, 1);
129        if ($scope.names.length == 0) {
130          $scope.names = [];
131        }
132      };
133
134
135      // create a CSR object to send to the backend
136      $scope.getCSRCode = function() {
137        var addCSR = {};
138        let alternativeNames = $scope.names.map(name => name.Value);
139
140        // if user provided a first alternative name then push to alternative
141        // names array
142        $scope.newCSR.firstAlternativeName ?
143            alternativeNames.push($scope.newCSR.firstAlternativeName) :
144            $scope.newCSR.firstAlternativeName = '';
145
146
147        addCSR.CertificateCollection = {
148          '@odata.id': $scope.newCSR.certificateCollection.location
149        };
150        addCSR.CommonName = $scope.newCSR.commonName;
151        addCSR.ContactPerson = $scope.newCSR.contactPerson || '';
152        addCSR.City = $scope.newCSR.city;
153        addCSR.AlternativeNames = alternativeNames || [];
154        addCSR.ChallengePassword = $scope.newCSR.challengePassword || '';
155        addCSR.Email = $scope.newCSR.emailAddress || '';
156        addCSR.Country = $scope.newCSR.countryCode.code;
157        addCSR.Organization = $scope.newCSR.organization;
158        addCSR.OrganizationalUnit = $scope.newCSR.companyUnit;
159        addCSR.KeyCurveId = $scope.newCSR.keyCurveId || '';
160        addCSR.KeyBitLength = $scope.newCSR.keyBitLength
161        addCSR.KeyPairAlgorithm = $scope.newCSR.keyPairAlgorithm || '';
162        addCSR.State = $scope.newCSR.state;
163
164        APIUtils.createCSRCertificate(addCSR).then(
165            function(data) {
166              $scope.displayCSRCode = true;
167              $scope.csrCode = data;
168            },
169            function(error) {
170              $scope.addCSRModal = false;
171              toastService.error('Unable to generate CSR. Try again.');
172              console.log(JSON.stringify(error));
173            })
174      };
175
176      // resetting the modal when user clicks cancel/closes the
177      // modal
178      $scope.resetCSRModal = function() {
179        $scope.addCSRModal = false;
180        $scope.displayCSRCode = false;
181        $scope.newCSR.certificateCollection = $scope.selectOption;
182        $scope.newCSR.commonName = '';
183        $scope.newCSR.contactPerson = '';
184        $scope.newCSR.city = '';
185        $scope.names = [];
186        $scope.newCSR.challengePassword = '';
187        $scope.newCSR.emailAddress = '';
188        $scope.newCSR.countryCode = '';
189        $scope.newCSR.keyCurveId = '';
190        $scope.newCSR.firstAlternativeName = '';
191        $scope.newCSR.keyBitLength = $scope.selectOption;
192        $scope.newCSR.keyPairAlgorithm = $scope.selectOption;
193        $scope.newCSR.organization = '';
194        $scope.newCSR.companyUnit = '';
195        $scope.newCSR.state = '';
196      };
197
198      // copies the CSR code
199      $scope.copySuccess = function(event) {
200        $scope.copied = true;
201        $timeout(function() {
202          $scope.copied = false;
203        }, 5000);
204      };
205      $scope.copyFailed = function(err) {
206        console.log(JSON.stringify(err));
207      };
208
209
210      var getBmcTime = function() {
211        APIUtils.getBMCTime().then(function(data) {
212          $scope.bmcTime = data.data.Elapsed;
213        });
214
215        return $scope.bmcTime;
216      };
217
218      var updateAvailableTypes = function(certificate) {
219        $scope.availableCertificateTypes =
220            $scope.availableCertificateTypes.filter(function(type) {
221              if (type.Description == 'TrustStore Certificate') {
222                return true;
223              }
224              return type.Description !== certificate.Description;
225            });
226      };
227
228      $scope.getDays = function(endDate) {
229        // finds number of days until certificate expiration
230        // dividing bmc time by 1000 converts milliseconds to seconds
231        var ms = (new Date(endDate).getTime()) - ($scope.bmcTime) / 1000;
232        return Math.floor(ms / (24 * 60 * 60 * 1000));
233      };
234
235      $scope.loadCertificates();
236    }
237  ]);
238})(angular);
239