feat: add download cert functionality to plugin (#13200)

* chore: minor flow refactoring #13186

Signed-off-by: jgomer2001 <bonustrack310@gmail.com>

* feat: add cert download functionality #13186

Signed-off-by: jgomer2001 <bonustrack310@gmail.com>

---------

Signed-off-by: jgomer2001 <bonustrack310@gmail.com>
Co-authored-by: Mohammad Abudayyeh <47318409+moabu@users.noreply.github.com>

Author: jgomer2001

jans-casa/plugins/cert-authn/agama/project/code/io.jans.casa.cert.oneStepAuthn.flow

@@ -23,25 +23,7 @@ Otherwise
 
     When obj.aborted is null    //User took usual Casa authentication, terminate as such
         Finish obj
-    
-Log "Smart card/User cert option selected"
-obj = Trigger io.jans.casa.cert.promptAndValidate
-
-When obj.success is true
-    fingerPrint = obj.data.cert.fingerPrint
-    x509 = obj.data.cert.x509
-    uid = Call io.jans.casa.certauthn.CertUtil#findOwner fingerPrint
-    
-    When uid is not null
-        Finish uid
 
-    uid = Call io.jans.casa.certauthn.CertUtil#register x509 conf.mappingClassField
-    status = Call io.jans.casa.certauthn.CertUtil#enroll uid x509 fingerPrint
-    status = Call status toString
-    
-    When status is "SUCCESS"
-        Finish uid
-
-    obj = { success: false }
-    
+Log "Smart card/User cert option selected"
+obj = Trigger io.jans.casa.cert.standaloneOneStepAuthn
 Finish obj

jans-casa/plugins/cert-authn/agama/project/code/io.jans.casa.cert.standaloneOneStepAuthn.flow

@@ -0,0 +1,24 @@
+Flow io.jans.casa.cert.standaloneOneStepAuthn
+    Basepath ""
+    Configs conf
+
+obj = Trigger io.jans.casa.cert.promptAndValidate
+
+When obj.success is true
+    fingerPrint = obj.data.cert.fingerPrint
+    x509 = obj.data.cert.x509
+    uid = Call io.jans.casa.certauthn.CertUtil#findOwner fingerPrint
+    
+    When uid is not null
+        Finish uid
+
+    uid = Call io.jans.casa.certauthn.CertUtil#register x509 conf.mappingClassField
+    status = Call io.jans.casa.certauthn.CertUtil#enroll uid x509 fingerPrint
+    status = Call status toString
+    
+    When status is "SUCCESS"
+        Finish uid
+
+    obj = { success: false }
+    
+Finish obj

jans-casa/plugins/cert-authn/agama/project/lib/io/jans/casa/certauthn/CertUtil.java

@@ -144,6 +144,7 @@ public static String findOwner(String fingerPrint) {
 
     }
 
+    @SuppressWarnings("unchecked")
     public static String register(X509Certificate certificate, String classField)
         throws IllegalAccessException, NoSuchFieldException {
 

jans-casa/plugins/cert-authn/agama/project/project.json

@@ -11,7 +11,9 @@
             "roundTripMaxTime": 45
         },
         "io.jans.casa.cert.oneStepAuthn": {
-            "useAcctLinking": false,
+            "useAcctLinking": false
+        },
+        "io.jans.casa.cert.standaloneOneStepAuthn": {
             "mappingClassField": "STRAIGHT"
         }
     }

jans-casa/plugins/cert-authn/src/main/java/io/jans/casa/plugins/certauthn/model/Certificate.java

@@ -9,6 +9,7 @@ public class Certificate {
     private long expirationDate;
     private boolean expired;
     private String fingerPrint;
+    private String pemContent;
 
     public String getCommonName() {
         return commonName;
@@ -66,4 +67,12 @@ public void setFormattedName(String formattedName) {
         this.formattedName = formattedName;
     }
 
+    public String getPemContent() {
+        return pemContent;
+    }
+
+    public void setPemContent(String pemContent) {
+        this.pemContent = pemContent;
+    }
+    
 }

jans-casa/plugins/cert-authn/src/main/java/io/jans/casa/plugins/certauthn/service/CertService.java

@@ -78,24 +78,23 @@ public int getDevicesTotal(String userId) {
 
     }
 
-    public boolean removeFromUser(String fingerPrint, String userId) throws Exception {
+    public boolean removeFromUser(Certificate certificate, String userId) throws Exception {
 
         CertPerson person = persistenceService.get(CertPerson.class, persistenceService.getPersonDn(userId));
-
         List<String> stringCerts = Optional.ofNullable(person.getX509Certificates()).orElse(new ArrayList<>());
         List<io.jans.scim.model.scim2.user.X509Certificate> scimCerts = getScimX509Certificates(stringCerts);
 
         boolean found = false;
         int i;
         for (i = 0; i < scimCerts.size() && !found; i++) {
             String val = scimCerts.get(i).getValue();
-            found = getFingerPrint(CertUtils.x509CertificateFromPem(val)).equals(fingerPrint);
+            found = val != null && val.equals(certificate.getPemContent());
         }
         if (found) {
             logger.info("Removing cert from SCIM profile data"); 
             person.getX509Certificates().remove(i - 1);
         }
-        person.getJansExtUid().remove(CERT_PREFIX + fingerPrint);
+        person.getJansExtUid().remove(CERT_PREFIX + certificate.getFingerPrint());
 
         logger.info("Removing cert reference from user");
         return persistenceService.modify(person);
@@ -141,6 +140,7 @@ private Certificate getExtraCertsInfo(String externalUid, List<io.jans.scim.mode
                     long date = x509Certificate.getNotAfter().getTime();
                     cert.setExpirationDate(date);
                     cert.setExpired(date < System.currentTimeMillis());
+                    cert.setPemContent(sc.getValue());
 
                     break;
                 }

jans-casa/plugins/cert-authn/src/main/java/io/jans/casa/plugins/certauthn/vm/CertAuthenticationSummaryVM.java

@@ -22,7 +22,7 @@
 import org.zkoss.util.resource.Labels;
 import org.zkoss.zk.ui.Executions;
 import org.zkoss.zk.ui.select.annotation.WireVariable;
-import org.zkoss.zul.Messagebox;
+import org.zkoss.zul.*;
 
 import static java.nio.charset.StandardCharsets.UTF_8;
 
@@ -96,6 +96,15 @@ public void redirect() throws URISyntaxException, StringEncrypter.EncryptionExce
 
     }
 
+    public void download(Certificate certificate) {
+        
+        String fileName = Optional.ofNullable(certificate.getCommonName())
+                .map(s -> s.replaceAll("[^\\w ]+", "_")).orElse("");
+        fileName = fileName.length() == 0 ? "cert" : fileName;
+        Filedownload.save(certificate.getPemContent(), "application/x-pem-file", fileName + ".pem");
+        
+    }
+    
     public void delete(Certificate certificate) {
 
         String resetMessages = sndFactorUtils.removalConflict(CertService.AGAMA_FLOW, certificates.size(), user).getY();
@@ -108,7 +117,7 @@ public void delete(Certificate certificate) {
                     if (Messagebox.ON_YES.equals(event.getName())) {
                         try {
                             String fingerprint = certificate.getFingerPrint();
-                            boolean success = certService.removeFromUser(fingerprint, userId);                           
+                            boolean success = certService.removeFromUser(certificate, userId);                           
 
                             if (success) {
                                 logger.info("Certificate {} removed from user account", fingerprint);

jans-casa/plugins/cert-authn/src/main/resources/assets/cert-detail.zul

@@ -10,7 +10,7 @@
         <z:include src="/back-home.zul" />
 
         <div class="ph4 mb2">
-            <div class="alert alert-success dn" id="feedback-cert-edit" role="alert" />
+            <div class="alert alert-success dn" id="feedback-cert-delete" role="alert" />
         </div>
 
         <div class="${css['sectionsWrapper']}">
@@ -61,7 +61,12 @@
                                 </p>
                             </div>
                             <div class="pl2 pt2">
-                                <h:button class="${css.deleteButton} mb2" w:onClick="alertRef = $('#feedback-cert-edit')"
+                                <h:button class="${css.editButton} mb2 mr2" visible="${each.pemContent ne null}"
+                                          onClick="@('download', each)"
+                                          data-original-title="${labels.usercert.download}" data-toggle="tooltip" data-placement="top">
+                                    <i class="fas fa-download" />
+                                </h:button>
+                                <h:button class="${css.deleteButton} mb2" w:onClick="alertRef = $('#feedback-cert-delete')"
                                           onClick="@('delete', each)"
                                           data-original-title="${labels.general.delete}" data-toggle="tooltip" data-placement="top">
                                     <i class="fas fa-trash-alt" />

jans-casa/plugins/cert-authn/src/main/resources/labels/zk-label.properties

@@ -41,3 +41,5 @@ You are about to remove this certificate.
 
 Proceed?
 }
+
+usercert.download=Download this certificate