add ssh key approval role and view

bwreg-jpa/src/main/java/edu/kit/scc/webreg/dao/ServiceDao.java

@@ -42,4 +42,6 @@ public interface ServiceDao extends BaseDao<ServiceEntity, Long> {
 
 	List<ServiceEntity> findByParentService(ServiceEntity service);
 
+	List<ServiceEntity> findBySshPubKeyApproverRole(RoleEntity role);
+
 }

bwreg-jpa/src/main/java/edu/kit/scc/webreg/dao/SshPubKeyApproverRoleDao.java

+/*******************************************************************************
+ * Copyright (c) 2014 Michael Simon.
+ * All rights reserved. This program and the accompanying materials
+ * are made available under the terms of the GNU Public License v3.0
+ * which accompanies this distribution, and is available at
+ * http://www.gnu.org/licenses/gpl.html
+ * 
+ * Contributors:
+ *     Michael Simon - initial
+ ******************************************************************************/
+package edu.kit.scc.webreg.dao;
+
+import edu.kit.scc.webreg.entity.SshPubKeyApproverRoleEntity;
+
+public interface SshPubKeyApproverRoleDao extends BaseDao<SshPubKeyApproverRoleEntity, Long> {
+
+}

bwreg-jpa/src/main/java/edu/kit/scc/webreg/dao/SshPubKeyRegistryDao.java

@@ -20,4 +20,6 @@ public interface SshPubKeyRegistryDao extends BaseDao<SshPubKeyRegistryEntity, L
 
 	List<SshPubKeyRegistryEntity> findByRegistry(Long registryId);
 
+	List<SshPubKeyRegistryEntity> findForApproval(Long serviceId);
+
 }

bwreg-jpa/src/main/java/edu/kit/scc/webreg/dao/jpa/JpaServiceDao.java

@@ -81,6 +81,13 @@ public class JpaServiceDao extends JpaBaseDao<ServiceEntity, Long> implements Se
 				.setParameter("role", role).getResultList();
 	}
 
+	@Override
+    @SuppressWarnings({"unchecked"})
+	public List<ServiceEntity> findBySshPubKeyApproverRole(RoleEntity role) {
+		return em.createQuery("select e from ServiceEntity e where e.sshPubKeyApproverRole = :role")
+				.setParameter("role", role).getResultList();
+	}
+
 	@Override
     @SuppressWarnings({"unchecked"})
 	public List<ServiceEntity> findByGroupAdminRole(RoleEntity role) {

bwreg-jpa/src/main/java/edu/kit/scc/webreg/dao/jpa/JpaSshPubKeyApproverRoleDao.java

+/*******************************************************************************
+ * Copyright (c) 2014 Michael Simon.
+ * All rights reserved. This program and the accompanying materials
+ * are made available under the terms of the GNU Public License v3.0
+ * which accompanies this distribution, and is available at
+ * http://www.gnu.org/licenses/gpl.html
+ * 
+ * Contributors:
+ *     Michael Simon - initial
+ ******************************************************************************/
+package edu.kit.scc.webreg.dao.jpa;
+
+import javax.enterprise.context.ApplicationScoped;
+import javax.inject.Named;
+
+import edu.kit.scc.webreg.dao.SshPubKeyApproverRoleDao;
+import edu.kit.scc.webreg.entity.SshPubKeyApproverRoleEntity;
+
+@Named
+@ApplicationScoped
+public class JpaSshPubKeyApproverRoleDao extends JpaBaseDao<SshPubKeyApproverRoleEntity, Long> implements SshPubKeyApproverRoleDao {
+
+	@Override
+	public Class<SshPubKeyApproverRoleEntity> getEntityClass() {
+		return SshPubKeyApproverRoleEntity.class;
+	}
+}

bwreg-jpa/src/main/java/edu/kit/scc/webreg/dao/jpa/JpaSshPubKeyRegistryDao.java

@@ -17,6 +17,7 @@ import javax.inject.Named;
 
 import edu.kit.scc.webreg.dao.SshPubKeyRegistryDao;
 import edu.kit.scc.webreg.entity.SshPubKeyRegistryEntity;
+import edu.kit.scc.webreg.entity.SshPubKeyRegistryStatus;
 
 @Named
 @ApplicationScoped
@@ -39,6 +40,16 @@ public class JpaSshPubKeyRegistryDao extends JpaBaseDao<SshPubKeyRegistryEntity,
 				.getResultList();	
 	}
 
+	@Override
+	@SuppressWarnings("unchecked")
+	public List<SshPubKeyRegistryEntity> findForApproval(Long serviceId) {
+		return em.createQuery("select e from SshPubKeyRegistryEntity e where e.registry.service.id = :serviceId "
+				+ "and e.keyStatus = :keyStatus")
+				.setParameter("serviceId", serviceId)
+				.setParameter("keyStatus", SshPubKeyRegistryStatus.PENDING)
+				.getResultList();	
+	}
+
 	@Override
     public Class<SshPubKeyRegistryEntity> getEntityClass() {
 		return SshPubKeyRegistryEntity.class;

bwreg-jpa/src/main/java/edu/kit/scc/webreg/entity/EventType.java

@@ -42,6 +42,7 @@ public enum EventType {
 	SSH_KEY_DELETED,
 	SSH_KEY_REGISTRY_APPROVAL,
 	SSH_KEY_REGISTRY_DEPLOYED,
+	SSH_KEY_REGISTRY_DENIED,
 	SSH_KEY_REGISTRY_DELETED,
 	
 }

bwreg-jpa/src/main/java/edu/kit/scc/webreg/entity/ServiceEntity.java

@@ -57,6 +57,9 @@ public class ServiceEntity extends AbstractBaseEntity {
 	@ManyToOne(targetEntity = ApproverRoleEntity.class)
 	private ApproverRoleEntity approverRole;
 	
+	@ManyToOne(targetEntity = SshPubKeyApproverRoleEntity.class)
+	private SshPubKeyApproverRoleEntity sshPubKeyApproverRole;
+	
 	@ManyToOne(targetEntity = GroupAdminRoleEntity.class)
 	private GroupAdminRoleEntity groupAdminRole;
 	
@@ -304,4 +307,12 @@ public class ServiceEntity extends AbstractBaseEntity {
 		this.sshPubKeyCapable = sshPubKeyCapable;
 	}
 
+	public SshPubKeyApproverRoleEntity getSshPubKeyApproverRole() {
+		return sshPubKeyApproverRole;
+	}
+
+	public void setSshPubKeyApproverRole(SshPubKeyApproverRoleEntity sshPubKeyApproverRole) {
+		this.sshPubKeyApproverRole = sshPubKeyApproverRole;
+	}
+
 }

bwreg-jpa/src/main/java/edu/kit/scc/webreg/entity/SshPubKeyApproverRoleEntity.java

+/*******************************************************************************
+ * Copyright (c) 2014 Michael Simon.
+ * All rights reserved. This program and the accompanying materials
+ * are made available under the terms of the GNU Public License v3.0
+ * which accompanies this distribution, and is available at
+ * http://www.gnu.org/licenses/gpl.html
+ * 
+ * Contributors:
+ *     Michael Simon - initial
+ ******************************************************************************/
+package edu.kit.scc.webreg.entity;
+
+import java.util.Set;
+
+import javax.persistence.Entity;
+import javax.persistence.OneToMany;
+
+@Entity(name = "SshPubKeyApproverRoleEntity")
+public class SshPubKeyApproverRoleEntity extends RoleEntity {
+
+	private static final long serialVersionUID = 1L;
+
+	@OneToMany(targetEntity = ServiceEntity.class, mappedBy = "sshPubKeyApproverRole")
+	private Set<ServiceEntity> sshPubKeyApproverForServices;
+
+	public Set<ServiceEntity> getSshPubKeyApproverForServices() {
+		return sshPubKeyApproverForServices;
+	}
+
+	public void setSshPubKeyApproverForServices(Set<ServiceEntity> sshPubKeyApproverForServices) {
+		this.sshPubKeyApproverForServices = sshPubKeyApproverForServices;
+	}	
+}

bwreg-jpa/src/main/java/edu/kit/scc/webreg/entity/SshPubKeyRegistryEntity.java

@@ -36,6 +36,15 @@ public class SshPubKeyRegistryEntity extends AbstractBaseEntity {
 	@Column(name = "comment", length = 1024)
 	private String comment;	
 
+	@Column(name = "approver_comment", length = 2048)
+	private String approverComment;	
+
+	@Column(name = "approved_at")
+	private Date approvedAt;	
+
+	@ManyToOne(targetEntity = UserEntity.class)
+	private UserEntity approvedBy;
+
 	@Column(name = "expires_at")
 	private Date expiresAt;
 
@@ -102,5 +111,29 @@ public class SshPubKeyRegistryEntity extends AbstractBaseEntity {
 	public void setExpiresAt(Date expiresAt) {
 		this.expiresAt = expiresAt;
 	}
+
+	public String getApproverComment() {
+		return approverComment;
+	}
+
+	public void setApproverComment(String approverComment) {
+		this.approverComment = approverComment;
+	}
+
+	public Date getApprovedAt() {
+		return approvedAt;
+	}
+
+	public void setApprovedAt(Date approvedAt) {
+		this.approvedAt = approvedAt;
+	}
+
+	public UserEntity getApprovedBy() {
+		return approvedBy;
+	}
+
+	public void setApprovedBy(UserEntity approvedBy) {
+		this.approvedBy = approvedBy;
+	}
 	
 }

bwreg-jpa/src/main/java/edu/kit/scc/webreg/entity/SshPubKeyRegistryStatus.java

@@ -14,5 +14,6 @@ public enum SshPubKeyRegistryStatus {
 
 	ACTIVE,
 	PENDING,
+	DENIED,
 
 }

bwreg-service/src/main/java/edu/kit/scc/webreg/service/ServiceService.java

@@ -42,4 +42,6 @@ public interface ServiceService extends BaseService<ServiceEntity, Long> {
 
 	List<ServiceEntity> findByParentService(ServiceEntity service);
 
+	List<ServiceEntity> findBySshPubKeyApproverRole(RoleEntity role);
+
 }

bwreg-service/src/main/java/edu/kit/scc/webreg/service/SshPubKeyApproverRoleService.java

+/*******************************************************************************
+ * Copyright (c) 2014 Michael Simon.
+ * All rights reserved. This program and the accompanying materials
+ * are made available under the terms of the GNU Public License v3.0
+ * which accompanies this distribution, and is available at
+ * http://www.gnu.org/licenses/gpl.html
+ * 
+ * Contributors:
+ *     Michael Simon - initial
+ ******************************************************************************/
+package edu.kit.scc.webreg.service;
+
+import edu.kit.scc.webreg.entity.SshPubKeyApproverRoleEntity;
+
+public interface SshPubKeyApproverRoleService extends BaseService<SshPubKeyApproverRoleEntity, Long> {
+	
+}

bwreg-service/src/main/java/edu/kit/scc/webreg/service/impl/ServiceServiceImpl.java

@@ -84,6 +84,11 @@ public class ServiceServiceImpl extends BaseServiceImpl<ServiceEntity, Long> imp
 		return dao.findByApproverRole(role);
 	}
 
+	@Override
+	public List<ServiceEntity> findBySshPubKeyApproverRole(RoleEntity role) {
+		return dao.findBySshPubKeyApproverRole(role);
+	}
+
 	@Override
 	public List<ServiceEntity> findByGroupAdminRole(RoleEntity role) {
 		return dao.findByGroupAdminRole(role);

bwreg-service/src/main/java/edu/kit/scc/webreg/service/impl/SshPubKeyApproverRoleServiceImpl.java

+/*******************************************************************************
+ * Copyright (c) 2014 Michael Simon.
+ * All rights reserved. This program and the accompanying materials
+ * are made available under the terms of the GNU Public License v3.0
+ * which accompanies this distribution, and is available at
+ * http://www.gnu.org/licenses/gpl.html
+ * 
+ * Contributors:
+ *     Michael Simon - initial
+ ******************************************************************************/
+package edu.kit.scc.webreg.service.impl;
+
+import javax.ejb.Stateless;
+import javax.inject.Inject;
+
+import edu.kit.scc.webreg.dao.BaseDao;
+import edu.kit.scc.webreg.dao.SshPubKeyApproverRoleDao;
+import edu.kit.scc.webreg.entity.SshPubKeyApproverRoleEntity;
+import edu.kit.scc.webreg.service.SshPubKeyApproverRoleService;
+
+@Stateless
+public class SshPubKeyApproverRoleServiceImpl extends BaseServiceImpl<SshPubKeyApproverRoleEntity, Long> implements SshPubKeyApproverRoleService {
+
+	private static final long serialVersionUID = 1L;
+
+	@Inject
+	private SshPubKeyApproverRoleDao dao;
+	
+	@Override
+	protected BaseDao<SshPubKeyApproverRoleEntity, Long> getDao() {
+		return dao;
+	}
+}

bwreg-service/src/main/java/edu/kit/scc/webreg/service/ssh/SshPubKeyRegistryService.java

@@ -25,4 +25,10 @@ public interface SshPubKeyRegistryService extends BaseService<SshPubKeyRegistryE
 
 	void deleteRegistry(SshPubKeyRegistryEntity entity, String executor);
 
+	List<SshPubKeyRegistryEntity> findForApproval(Long serviceId);
+
+	SshPubKeyRegistryEntity approveRegistry(SshPubKeyRegistryEntity entity, Long approverId);
+
+	SshPubKeyRegistryEntity denyRegistry(SshPubKeyRegistryEntity entity, Long approverId);
+
 }

bwreg-service/src/main/java/edu/kit/scc/webreg/service/ssh/SshPubKeyRegistryServiceImpl.java

@@ -10,6 +10,7 @@
  ******************************************************************************/
 package edu.kit.scc.webreg.service.ssh;
 
+import java.util.Date;
 import java.util.List;
 
 import javax.ejb.Stateless;
@@ -19,6 +20,7 @@ import org.slf4j.Logger;
 
 import edu.kit.scc.webreg.dao.BaseDao;
 import edu.kit.scc.webreg.dao.SshPubKeyRegistryDao;
+import edu.kit.scc.webreg.dao.UserDao;
 import edu.kit.scc.webreg.entity.EventType;
 import edu.kit.scc.webreg.entity.SshPubKeyRegistryEntity;
 import edu.kit.scc.webreg.entity.SshPubKeyRegistryStatus;
@@ -38,6 +40,9 @@ public class SshPubKeyRegistryServiceImpl extends BaseServiceImpl<SshPubKeyRegis
 	@Inject
 	private SshPubKeyRegistryDao dao;
 	
+	@Inject
+	private UserDao userDao;
+	
 	@Inject
 	private EventSubmitter eventSubmitter;
 
@@ -51,6 +56,11 @@ public class SshPubKeyRegistryServiceImpl extends BaseServiceImpl<SshPubKeyRegis
 		return dao.findByRegistry(registryId);
 	}
 	
+	@Override
+	public List<SshPubKeyRegistryEntity> findForApproval(Long serviceId) {
+		return dao.findForApproval(serviceId);
+	}
+	
 	@Override
 	public SshPubKeyRegistryEntity deployRegistry(SshPubKeyRegistryEntity entity, String executor) {
 		entity = dao.persist(entity);
@@ -69,6 +79,38 @@ public class SshPubKeyRegistryServiceImpl extends BaseServiceImpl<SshPubKeyRegis
 		return entity;
 	}
 	
+	@Override
+	public SshPubKeyRegistryEntity approveRegistry(SshPubKeyRegistryEntity entity, Long approverId) {
+		entity = dao.merge(entity);
+		entity.setKeyStatus(SshPubKeyRegistryStatus.ACTIVE);
+		entity.setApprovedBy(userDao.findById(approverId));
+		entity.setApprovedAt(new Date());
+		
+		SshPubKeyRegistryEvent event = new SshPubKeyRegistryEvent(entity);
+		try {
+			eventSubmitter.submit(event, EventType.SSH_KEY_REGISTRY_DEPLOYED, "user-" + approverId);
+		} catch (EventSubmitException e) {
+			logger.warn("Could not submit event", e);
+		}
+		return entity;
+	}
+
+	@Override
+	public SshPubKeyRegistryEntity denyRegistry(SshPubKeyRegistryEntity entity, Long approverId) {
+		entity = dao.merge(entity);
+		entity.setKeyStatus(SshPubKeyRegistryStatus.DENIED);
+		entity.setApprovedBy(userDao.findById(approverId));
+		entity.setApprovedAt(new Date());
+		
+		SshPubKeyRegistryEvent event = new SshPubKeyRegistryEvent(entity);
+		try {
+			eventSubmitter.submit(event, EventType.SSH_KEY_REGISTRY_DENIED, "user-" + approverId);
+		} catch (EventSubmitException e) {
+			logger.warn("Could not submit event", e);
+		}
+		return entity;
+	}
+
 	@Override
 	public void deleteRegistry(SshPubKeyRegistryEntity entity, String executor) {
 		

bwreg-service/src/main/java/edu/kit/scc/webreg/session/SessionManager.java

@@ -51,6 +51,7 @@ public class SessionManager implements Serializable {
 	private Long roleSetCreated;
 
 	private List<ServiceEntity> serviceApproverList;
+	private List<ServiceEntity> serviceSshPubKeyApproverList;
 	private List<ServiceEntity> serviceAdminList;
 	private List<ServiceEntity> serviceHotlineList;
 	private List<ServiceEntity> serviceGroupAdminList;
@@ -69,6 +70,7 @@ public class SessionManager implements Serializable {
 	@PostConstruct
 	public void init() {
 		serviceApproverList = new ArrayList<ServiceEntity>();
+		serviceSshPubKeyApproverList = new ArrayList<ServiceEntity>();
 		serviceAdminList = new ArrayList<ServiceEntity>();
 		serviceHotlineList = new ArrayList<ServiceEntity>();
 		serviceGroupAdminList = new ArrayList<ServiceEntity>();
@@ -79,6 +81,7 @@ public class SessionManager implements Serializable {
 	
 	public void clearRoleList() {
 		serviceApproverList.clear();
+		serviceSshPubKeyApproverList.clear();
 		serviceAdminList.clear();
 		serviceHotlineList.clear();
 		serviceGroupAdminList.clear();
@@ -258,4 +261,8 @@ public class SessionManager implements Serializable {
 	public void setAuthnRequestIdpConfigId(Long authnRequestIdpConfigId) {
 		this.authnRequestIdpConfigId = authnRequestIdpConfigId;
 	}
+
+	public List<ServiceEntity> getServiceSshPubKeyApproverList() {
+		return serviceSshPubKeyApproverList;
+	}
 }

bwreg-webapp/src/main/java/edu/kit/scc/webreg/bean/SshPubKeyApprovalListBean.java

+/*******************************************************************************
+ * Copyright (c) 2014 Michael Simon.
+ * All rights reserved. This program and the accompanying materials
+ * are made available under the terms of the GNU Public License v3.0
+ * which accompanies this distribution, and is available at
+ * http://www.gnu.org/licenses/gpl.html
+ * 
+ * Contributors:
+ *     Michael Simon - initial
+ ******************************************************************************/
+package edu.kit.scc.webreg.bean;
+
+import java.io.Serializable;
+import java.util.List;
+
+import javax.faces.bean.ManagedBean;
+import javax.faces.bean.ViewScoped;
+import javax.faces.event.ComponentSystemEvent;
+import javax.inject.Inject;
+
+import edu.kit.scc.webreg.entity.ServiceEntity;
+import edu.kit.scc.webreg.entity.SshPubKeyRegistryEntity;
+import edu.kit.scc.webreg.exc.NotAuthorizedException;
+import edu.kit.scc.webreg.sec.AuthorizationBean;
+import edu.kit.scc.webreg.service.ServiceService;
+import edu.kit.scc.webreg.service.ssh.SshPubKeyRegistryService;
+import edu.kit.scc.webreg.session.SessionManager;
+
+@ManagedBean
+@ViewScoped
+public class SshPubKeyApprovalListBean implements Serializable {
+
+	private static final long serialVersionUID = 1L;
+
+	private List<SshPubKeyRegistryEntity> list;
+    
+    @Inject
+    private SshPubKeyRegistryService service;
+
+    @Inject
+    private ServiceService serviceService;
+    
+    @Inject
+    private AuthorizationBean authBean;
+    
+    @Inject
+    private SessionManager sessionManager;
+    
+    private ServiceEntity serviceEntity;
+    
+    private Long serviceId;
+
+    private SshPubKeyRegistryEntity selectedKey;
+    private String approverComment;
+    
+	public void preRenderView(ComponentSystemEvent ev) {
+		if (serviceEntity == null) {
+			serviceEntity = serviceService.findById(serviceId); 
+		}
+
+		if (! authBean.isUserServiceSshPubKeyApprover(serviceEntity))
+			throw new NotAuthorizedException("Nicht autorisiert");
+		
+	}
+    
+	public String approve(SshPubKeyRegistryEntity key) {
+		key.setApproverComment(approverComment);
+		service.approveRegistry(key, sessionManager.getUserId());
+		list.remove(selectedKey);
+		return null;
+	}
+	
+	public String deny(SshPubKeyRegistryEntity key) {
+		key.setApproverComment(approverComment);
+		service.denyRegistry(key, sessionManager.getUserId());
+		list.remove(selectedKey);
+		return null;
+	}
+	
+	public List<SshPubKeyRegistryEntity> getList() {
+		if (list == null) {
+			list = service.findForApproval(serviceEntity.getId());
+		}
+		return list;
+	}
+
+	public ServiceEntity getServiceEntity() {
+		return serviceEntity;
+	}
+
+	public void setServiceEntity(ServiceEntity serviceEntity) {
+		this.serviceEntity = serviceEntity;
+	}
+
+	public Long getServiceId() {
+		return serviceId;
+	}
+
+	public void setServiceId(Long serviceId) {
+		this.serviceId = serviceId;
+	}
+
+	public SshPubKeyRegistryEntity getSelectedKey() {
+		return selectedKey;
+	}
+
+	public void setSelectedKey(SshPubKeyRegistryEntity selectedKey) {
+		this.selectedKey = selectedKey;
+	}
+
+	public String getApproverComment() {
+		return approverComment;
+	}
+
+	public void setApproverComment(String approverComment) {
+		this.approverComment = approverComment;
+	}
+
+}

bwreg-webapp/src/main/java/edu/kit/scc/webreg/bean/admin/role/AddSshPubKeyApproverRoleBean.java

+/*******************************************************************************
+ * Copyright (c) 2014 Michael Simon.
+ * All rights reserved. This program and the accompanying materials
+ * are made available under the terms of the GNU Public License v3.0
+ * which accompanies this distribution, and is available at
+ * http://www.gnu.org/licenses/gpl.html
+ * 
+ * Contributors:
+ *     Michael Simon - initial
+ ******************************************************************************/
+package edu.kit.scc.webreg.bean.admin.role;
+
+import java.io.Serializable;
+
+import javax.annotation.PostConstruct;
+import javax.enterprise.context.RequestScoped;
+import javax.inject.Inject;
+import javax.inject.Named;
+
+import edu.kit.scc.webreg.entity.SshPubKeyApproverRoleEntity;
+import edu.kit.scc.webreg.service.SshPubKeyApproverRoleService;
+import edu.kit.scc.webreg.util.ViewIds;
+
+@Named("addSshPubKeyApproverRoleBean")
+@RequestScoped
+public class AddSshPubKeyApproverRoleBean implements Serializable {
+
+	private static final long serialVersionUID = 1L;
+
+	@Inject
+	private SshPubKeyApproverRoleService roleService;
+	
+	private SshPubKeyApproverRoleEntity entity;
+
+	@PostConstruct
+	public void init() {
+		entity = roleService.createNew();
+	}
+	 
+	public String save() {
+		roleService.save(entity);
+		return ViewIds.LIST_ROLES;