dohertj2/lmxopcua
1
0
Fork 0
Code Issues 2 Pull Requests 1 Actions Packages Projects Releases Wiki Activity
Files
8c429c3131362e91e7e8d027469b3ce1792e0c57
lmxopcua/src/Server/ZB.MOM.WW.OtOpcUa.AdminUI/Components/Pages/Certificates.razor
T

194 lines
8.2 KiB
Plaintext
Raw Blame History

@page "/certificates"
@attribute [Microsoft.AspNetCore.Authorization.Authorize]
@rendermode RenderMode.InteractiveServer
@using System.Security.Cryptography.X509Certificates
@using Microsoft.Extensions.Configuration
@using Microsoft.AspNetCore.Components.Authorization
@using ZB.MOM.WW.OtOpcUa.AdminUI.Certificates
@inject IConfiguration Config
@inject CertificateStoreManager CertManager
@implements IDisposable
<div class="d-flex justify-content-between align-items-center mb-3">
<h4 class="mb-0">OPC UA certificates</h4>
</div>
<section class="panel notice rise" style="animation-delay:.02s">
PKI store layout: <span class="mono">{PkiStoreRoot}/own</span> (this server's identity),
<span class="mono">issuer</span> / <span class="mono">trusted</span> (peers we accept),
<span class="mono">rejected</span> (peers we've turned away). F13a wires SDK
auto-creation so the own-store self-signs on first boot.
</section>
@if (_rows is null)
{
<p class="mt-3">Loading…</p>
}
else
{
@if (_statusMsg is not null)
{
<section class="panel @(_statusError ? "error" : "notice") rise mt-3">@_statusMsg</section>
}
@if (_pending is { } p)
{
<section class="panel notice rise mt-3">
Confirm <strong>@p.Verb</strong> of <span class="mono small">@p.Subject</span>?
<button class="btn btn-sm btn-primary" @onclick="ConfirmAction">Confirm</button>
<button class="btn btn-sm btn-outline-secondary" @onclick="CancelAction">Cancel</button>
</section>
}
@foreach (var store in _rows)
{
<section class="panel rise mt-3" style="animation-delay:.08s">
<div class="panel-head">@store.Label &middot; @store.Certificates.Count entry@(store.Certificates.Count == 1 ? "" : "s")</div>
@if (string.IsNullOrEmpty(store.Path))
{
<div style="padding:1rem" class="text-muted">No path configured.</div>
}
else if (!Directory.Exists(store.Path))
{
<div style="padding:1rem" class="text-muted">
<span class="mono">@store.Path</span> doesn't exist yet. It will be created on first boot.
</div>
}
else if (store.Certificates.Count == 0)
{
<div style="padding:1rem" class="text-muted">No certificates in <span class="mono">@store.Path</span>.</div>
}
else
{
<div class="table-wrap">
<table class="data-table">
<thead>
<tr>
<th>Subject</th>
<th>Issuer</th>
<th>Thumbprint</th>
<th>Not before</th>
<th>Not after</th>
@if (store.Kind is StoreKind.Trusted or StoreKind.Rejected)
{
<th>Actions</th>
}
</tr>
</thead>
<tbody>
@foreach (var c in store.Certificates)
{
<tr>
<td><span class="mono small">@c.Subject</span></td>
<td><span class="mono small">@c.Issuer</span></td>
<td><span class="mono small">@c.Thumbprint[..16]…</span></td>
<td>@c.NotBefore.ToString("u")</td>
<td>@c.NotAfter.ToString("u")</td>
@if (store.Kind is StoreKind.Trusted or StoreKind.Rejected)
{
<td>
<AuthorizeView Policy="FleetAdmin">
<Authorized>
@if (store.Kind == StoreKind.Rejected)
{
<button class="btn btn-sm btn-outline-primary" @onclick='() => RequestAction(store.Kind, c, "trust")'>Trust</button>
}
else
{
<button class="btn btn-sm btn-outline-secondary" @onclick='() => RequestAction(store.Kind, c, "untrust")'>Untrust</button>
}
<button class="btn btn-sm btn-outline-danger" @onclick='() => RequestAction(store.Kind, c, "delete")'>Delete</button>
</Authorized>
</AuthorizeView>
</td>
}
</tr>
}
</tbody>
</table>
</div>
}
</section>
}
}
@code {
private List<StoreView>? _rows;
private enum StoreKind { Own, Trusted, Issuer, Rejected }
private sealed record StoreView(string Label, StoreKind Kind, string Path, List<X509Certificate2> Certificates);
private (StoreKind Kind, string Thumbprint, string Subject, string Verb)? _pending;
private string? _statusMsg;
private bool _statusError;
protected override void OnInitialized() => LoadAll();
private void LoadAll()
{
DisposeRows();
var pkiRoot = Config.GetValue<string?>("OpcUa:PkiStoreRoot") ?? "pki";
_rows = new()
{
LoadStore("Own", StoreKind.Own, Path.Combine(pkiRoot, "own", "certs")),
LoadStore("Trusted peers", StoreKind.Trusted, Path.Combine(pkiRoot, "trusted", "certs")),
LoadStore("Trusted issuers", StoreKind.Issuer, Path.Combine(pkiRoot, "issuer", "certs")),
LoadStore("Rejected", StoreKind.Rejected, Path.Combine(pkiRoot, "rejected", "certs")),
};
_pending = null;
}
private void DisposeRows()
{
if (_rows is null) return;
foreach (var store in _rows)
foreach (var c in store.Certificates)
c.Dispose();
}
public void Dispose() => DisposeRows();
private static StoreView LoadStore(string label, StoreKind kind, string path)
{
var view = new StoreView(label, kind, path, new List<X509Certificate2>());
if (!Directory.Exists(path)) return view;
foreach (var file in Directory.EnumerateFiles(path).Where(IsCertFile))
{
try { view.Certificates.Add(X509CertificateLoader.LoadCertificateFromFile(file)); }
catch { /* ignore unreadable entries */ }
}
return view;
}
private static bool IsCertFile(string path)
{
var ext = Path.GetExtension(path);
return ext.Equals(".der", StringComparison.OrdinalIgnoreCase)
|| ext.Equals(".cer", StringComparison.OrdinalIgnoreCase)
|| ext.Equals(".crt", StringComparison.OrdinalIgnoreCase);
}
private void RequestAction(StoreKind kind, X509Certificate2 cert, string verb)
{
_pending = (kind, cert.Thumbprint!, cert.Subject, verb);
_statusMsg = null;
}
private void CancelAction() => _pending = null;
private void ConfirmAction()
{
if (_pending is not { } p) return;
var result = p.Verb switch
{
"trust" => CertManager.Trust(p.Thumbprint),
"untrust" => CertManager.Untrust(p.Thumbprint),
"delete" => CertManager.Delete(p.Kind == StoreKind.Trusted ? "trusted" : "rejected", p.Thumbprint),
_ => CertActionResult.Fail("unknown action"),
};
_statusError = !result.Success;
_statusMsg = result.Success
? $"{char.ToUpper(p.Verb[0])}{p.Verb[1..]} of {p.Subject} succeeded."
: $"{p.Verb} failed: {result.Error}";
LoadAll(); // clears _pending
}
}
Reference in New Issue View Git Blame Copy Permalink