IPsecService.java example

Explorer
coprhd-controller-master
/*
 * Copyright (c) 2015 EMC Corporation
 * All Rights Reserved
 */
package com.emc.storageos.systemservices.impl.resource;

import com.emc.storageos.model.ipsec.IPsecStatus;
import com.emc.storageos.security.audit.AuditLogManager;
import com.emc.storageos.security.authorization.CheckPermission;
import com.emc.storageos.security.authorization.Role;
import com.emc.storageos.services.OperationTypeEnum;
import com.emc.storageos.systemservices.impl.ipsec.IPsecManager;
import org.springframework.beans.factory.annotation.Autowired;

import javax.ws.rs.*;
import javax.ws.rs.core.MediaType;

/**
 * Web resource class for IPsec
 */
@Path("/ipsec")
public class IPsecService {


    private static final String IPSEC_SERVICE_TYPE = "ipsec";
    private static final String IPSEC_STATUS = "ipsec_status";
    @Autowired
    private IPsecManager ipsecMgr;

    @Autowired
    private AuditLogManager auditMgr;

    /**
     * Rotate the VIPR IPsec Pre-shared key.
     * @return the new version of the key which is used for checking status if needed
     */
    @POST
    @Path("/key")
    @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
    @Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
    @CheckPermission(roles = { Role.SECURITY_ADMIN, Role.RESTRICTED_SECURITY_ADMIN }, blockProxies = true)
    public String rotateIPsecKey() {
        ipsecMgr.verifyIPsecOpAllowable();
        String version = ipsecMgr.rotateKey();
        auditMgr.recordAuditLog(null, null,
                IPSEC_SERVICE_TYPE,
                OperationTypeEnum.UPDATE_SYSTEM_PROPERTY,
                System.currentTimeMillis(),
                AuditLogManager.AUDITLOG_SUCCESS,
                null, "config_version=" + version);

        return version;
    }

    /**
     * Check the status of IPsec.
     * @return
     */
    @GET
    @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
    @Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
    @CheckPermission(roles = { Role.SECURITY_ADMIN, Role.RESTRICTED_SECURITY_ADMIN })
    public IPsecStatus getIPsecStatus() {
        return ipsecMgr.checkStatus();
    }

    /**
     * Change IPsec status to enabled/disabled within VDC and across sites.
     *
     * Setting status to disabled is not recommended in production environment, as it
     * will downgrade the security protection level.
     *
     * @param status - valid values [ enabled | disabled ] (case insensitive)
     * @return the new IPsec state
     */
    @POST
    @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
    @Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
    @CheckPermission(roles = { Role.SECURITY_ADMIN, Role.RESTRICTED_SECURITY_ADMIN }, blockProxies = true)
    public String changeIpsecState(@QueryParam("status") String status) {
        ipsecMgr.verifyIPsecOpAllowable();
        String result = ipsecMgr.changeIpsecStatus(status);
        auditMgr.recordAuditLog(null, null,
                IPSEC_SERVICE_TYPE,
                OperationTypeEnum.UPDATE_SYSTEM_PROPERTY,
                System.currentTimeMillis(),
                AuditLogManager.AUDITLOG_SUCCESS,
                null, IPSEC_STATUS + "=" + status);

        return result;
    }
}