diff --git a/kura/org.eclipse.kura.api/src/main/java/org/eclipse/kura/net/firewall/FirewallPortForwardConfig.java b/kura/org.eclipse.kura.api/src/main/java/org/eclipse/kura/net/firewall/FirewallPortForwardConfig.java index 64321a7b8e7..99dd5be74f0 100644 --- a/kura/org.eclipse.kura.api/src/main/java/org/eclipse/kura/net/firewall/FirewallPortForwardConfig.java +++ b/kura/org.eclipse.kura.api/src/main/java/org/eclipse/kura/net/firewall/FirewallPortForwardConfig.java @@ -58,6 +58,14 @@ public interface FirewallPortForwardConfig extends NetConfig { */ public IPAddress getIPAddress(); + /** + * The netmask of the LAN IP address to forward connections to + * + * @return The netmask of the LAN IPAddress to forward connections to + * @since 2.6 + */ + public short getIPAddressNetmask(); + /** * Gets the type of network protocol (TCP or UDP) that is used for this configuration * diff --git a/kura/org.eclipse.kura.api/src/main/java/org/eclipse/kura/net/firewall/FirewallPortForwardConfigIP4.java b/kura/org.eclipse.kura.api/src/main/java/org/eclipse/kura/net/firewall/FirewallPortForwardConfigIP4.java index 3cbbe1e676d..270ebf010d6 100644 --- a/kura/org.eclipse.kura.api/src/main/java/org/eclipse/kura/net/firewall/FirewallPortForwardConfigIP4.java +++ b/kura/org.eclipse.kura.api/src/main/java/org/eclipse/kura/net/firewall/FirewallPortForwardConfigIP4.java @@ -61,6 +61,14 @@ public static FirewallPortForwardConfigIP4Builder builder() { return new FirewallPortForwardConfigIP4Builder(); } + /** + * @since 2.6 + */ + @Override + public short getIPAddressNetmask() { + return (short) 32; + } + /** * The builder class for the IPv4 firewall port forward configuration * diff --git a/kura/org.eclipse.kura.api/src/main/java/org/eclipse/kura/net/firewall/FirewallPortForwardConfigIP6.java b/kura/org.eclipse.kura.api/src/main/java/org/eclipse/kura/net/firewall/FirewallPortForwardConfigIP6.java index 9c2cf95e6f6..5b6cac4811a 100644 --- a/kura/org.eclipse.kura.api/src/main/java/org/eclipse/kura/net/firewall/FirewallPortForwardConfigIP6.java +++ b/kura/org.eclipse.kura.api/src/main/java/org/eclipse/kura/net/firewall/FirewallPortForwardConfigIP6.java @@ -36,6 +36,14 @@ public static FirewallPortForwardConfigIP6Builder builder() { return new FirewallPortForwardConfigIP6Builder(); } + /** + * @since 2.6 + */ + @Override + public short getIPAddressNetmask() { + return (short) 128; + } + /** * The builder class for the IPv6 firewall port forward configuration */ diff --git a/kura/org.eclipse.kura.core.net/src/main/java/org/eclipse/kura/core/net/FirewallConfiguration.java b/kura/org.eclipse.kura.core.net/src/main/java/org/eclipse/kura/core/net/FirewallConfiguration.java index 0f65b405b39..ef1dd99fb83 100644 --- a/kura/org.eclipse.kura.core.net/src/main/java/org/eclipse/kura/core/net/FirewallConfiguration.java +++ b/kura/org.eclipse.kura.core.net/src/main/java/org/eclipse/kura/core/net/FirewallConfiguration.java @@ -377,7 +377,7 @@ private String formPortForwardConfigPropValue() { } sb.append(','); if (portForwardConfig.getIPAddress() != null) { - sb.append(portForwardConfig.getIPAddress()); + sb.append(portForwardConfig.getIPAddress().getHostAddress()); } sb.append(','); if (portForwardConfig.getProtocol() != null) { diff --git a/kura/org.eclipse.kura.linux.net/src/main/java/org/eclipse/kura/linux/net/iptables/AbstractLinuxFirewall.java b/kura/org.eclipse.kura.linux.net/src/main/java/org/eclipse/kura/linux/net/iptables/AbstractLinuxFirewall.java index 0e9026ff79b..0dc733a9d27 100644 --- a/kura/org.eclipse.kura.linux.net/src/main/java/org/eclipse/kura/linux/net/iptables/AbstractLinuxFirewall.java +++ b/kura/org.eclipse.kura.linux.net/src/main/java/org/eclipse/kura/linux/net/iptables/AbstractLinuxFirewall.java @@ -66,6 +66,13 @@ protected void setExecutorService(CommandExecutorService executorService) { protected abstract String getIpForwardFileName(); + /* + * Add a Local rule to the firewall. + * + * @deprecated since 1.2. Use {@link addLocalRules(List + * newLocalRules)} + */ + @Deprecated @SuppressWarnings("checkstyle:parameterNumber") public void addLocalRule(int port, String protocol, String permittedNetwork, String permittedNetworkPrefix, String permittedInterfaceName, String unpermittedInterfaceName, String permittedMAC, String sourcePortRange) @@ -117,6 +124,13 @@ public void addLocalRules(List newLocalRules) throws KuraException { } } + /* + * Add a Port Forward rule to the firewall. + * + * @deprecated since 1.2. Use {@link addPortForwardRules(List + * newPortForwardRules)} + */ + @Deprecated @SuppressWarnings("checkstyle:parameterNumber") public void addPortForwardRule(String inboundIface, String outboundIface, String address, String protocol, int inPort, int outPort, boolean masquerade, String permittedNetwork, String permittedNetworkPrefix, @@ -157,15 +171,12 @@ public void addPortForwardRules(List newPortForwardRules) throw } } - /** - * Adds automatic NAT rule - * - * @param sourceInterface - * @param destinationInterface - * @param masquerade - * @param type - * @throws KuraException + /* + * Add a Nat rule to the firewall. + * + * @deprecated since 1.2. Use {@link addNatRules(List newNatRules))} */ + @Deprecated public void addNatRule(String sourceInterface, String destinationInterface, boolean masquerade, RuleType type) throws KuraException { if (sourceInterface == null || sourceInterface.isEmpty()) { @@ -182,18 +193,12 @@ public void addNatRule(String sourceInterface, String destinationInterface, bool addAutoNatRules(natRuleList); } - /** - * Adds NAT Rule - * - * @param sourceInterface - * @param destinationInterface - * @param protocol - * @param source - * @param destination - * @param masquerade - * @param type - * @throws KuraException + /* + * Add a Nat Forward rule to the firewall. + * + * @deprecated since 1.2. Use {@link addNatRules(List newNatRules)} */ + @Deprecated public void addNatRule(String sourceInterface, String destinationInterface, String protocol, String source, String destination, boolean masquerade, RuleType type) throws KuraException { @@ -282,6 +287,14 @@ public void deleteAutoNatRule(NATRule rule) throws KuraException { update(); } + public void deleteNatRule(NATRule rule) throws KuraException { + if (this.natRules == null) { + return; + } + this.natRules.remove(rule); + update(); + } + public void deleteAllLocalRules() throws KuraException { this.localRules.clear(); update(); diff --git a/kura/org.eclipse.kura.linux.net/src/main/java/org/eclipse/kura/linux/net/iptables/FilterForwardChainRule.java b/kura/org.eclipse.kura.linux.net/src/main/java/org/eclipse/kura/linux/net/iptables/FilterForwardChainRule.java index 71e197dd06c..eaee5143d34 100644 --- a/kura/org.eclipse.kura.linux.net/src/main/java/org/eclipse/kura/linux/net/iptables/FilterForwardChainRule.java +++ b/kura/org.eclipse.kura.linux.net/src/main/java/org/eclipse/kura/linux/net/iptables/FilterForwardChainRule.java @@ -147,16 +147,10 @@ public List toStrings() { List ret = new ArrayList<>(); StringBuilder sb = new StringBuilder("-A " + chain); if (this.srcNetwork != null) { - sb.append(" -s ") // - .append(this.srcNetwork) // - .append('/') // - .append(this.srcMask); + sb.append(" -s ").append(this.srcNetwork).append('/').append(this.srcMask); } if (this.dstNetwork != null) { - sb.append(" -d ") // - .append(this.dstNetwork) // - .append('/') // - .append(this.dstMask); + sb.append(" -d ").append(this.dstNetwork).append('/').append(this.dstMask); } sb.append(" -i ").append(this.inputInterface); sb.append(" -o ").append(this.outputInterface); @@ -168,10 +162,7 @@ public List toStrings() { sb.append(" -m mac --mac-source ").append(this.permittedMacAddress); } if (this.srcPortFirst > 0 && this.srcPortLast >= this.srcPortFirst) { - sb.append(" --sport ") // - .append(this.srcPortFirst) // - .append(':') // - .append(this.srcPortLast); + sb.append(" --sport ").append(this.srcPortFirst).append(':').append(this.srcPortLast); } if (this.dstPort > 0) { sb.append(" --dport ").append(this.dstPort); @@ -180,10 +171,7 @@ public List toStrings() { ret.add(sb.toString()); sb = new StringBuilder("-A " + chain); if (this.dstNetwork != null) { - sb.append(" -s ") // - .append(this.dstNetwork) // - .append('/') // - .append(this.dstMask); + sb.append(" -s ").append(this.dstNetwork).append('/').append(this.dstMask); } sb.append(" -i ").append(this.outputInterface); sb.append(" -o ").append(this.inputInterface); diff --git a/kura/org.eclipse.kura.linux.net/src/main/java/org/eclipse/kura/linux/net/iptables/LocalRule.java b/kura/org.eclipse.kura.linux.net/src/main/java/org/eclipse/kura/linux/net/iptables/LocalRule.java index ab7da496dde..3b24a1cf940 100644 --- a/kura/org.eclipse.kura.linux.net/src/main/java/org/eclipse/kura/linux/net/iptables/LocalRule.java +++ b/kura/org.eclipse.kura.linux.net/src/main/java/org/eclipse/kura/linux/net/iptables/LocalRule.java @@ -22,7 +22,8 @@ import org.eclipse.kura.net.NetworkPair; /** - * Creates an iptables command for a Local Rule, allowing an incoming port connection. + * Creates an iptables command for a Local Rule, allowing an incoming port + * connection. * */ public class LocalRule { @@ -46,19 +47,24 @@ public class LocalRule { * Constructor of LocalRule object. * * @param port - * destination local IP port number to allow + * destination local IP port number to allow * @param protocol - * protocol of port (tcp, udp) + * protocol of port (tcp, udp) * @param sourcePortRange - * range of source ports allowed on IP connection (sourcePort1:sourcePort2) + * range of source ports allowed on IP + * connection (sourcePort1:sourcePort2) * @param permittedNetwork - * source network or ip address from which connection is allowed (such as 192.168.1.0/24) + * source network or ip address from which + * connection is allowed (such as + * 192.168.1.0/24) * @param permittedInterfaceName - * only allow open port for this interface + * only allow open port for this interface * @param unpermittedInterfaceName - * allow open port for all interfaces except this one + * allow open port for all interfaces except + * this one * @param permittedMAC - * MAC address from which connection is allowed (such as AA:BB:CC:DD:EE:FF) + * MAC address from which connection is allowed + * (such as AA:BB:CC:DD:EE:FF) */ public LocalRule(int port, String protocol, NetworkPair permittedNetwork, String permittedInterfaceName, String unpermittedInterfaceName, String permittedMAC, @@ -88,19 +94,26 @@ public LocalRule(int port, String protocol, NetworkPair per * Constructor of LocalRule object. * * @param portRange - * destination local IP port range to allow of the form X:Y where X permittedNetwork, String permittedInterfaceName, String unpermittedInterfaceName, String permittedMAC, @@ -170,7 +183,8 @@ public LocalRule(String rule) throws KuraException { } /** - * Returns true if the required LocalRule parameters have all been set. Returns false otherwise. + * Returns true if the required LocalRule parameters have all been + * set. Returns false otherwise. * * @return A boolean representing whether all parameters have been set. */ @@ -188,7 +202,7 @@ public boolean isComplete() { * Setter for the protocol. * * @param protocol - * A String representing the protocol. + * A String representing the protocol. */ public void setProtocol(String protocol) { this.protocol = protocol; @@ -198,7 +212,7 @@ public void setProtocol(String protocol) { * Setter for the permittedNetwork. * * @param permittedNetwork - * A String representing the permittedNetwork. + * A String representing the permittedNetwork. */ public void setPermittedNetwork(NetworkPair permittedNetwork) { if (permittedNetwork != null) { @@ -211,7 +225,8 @@ public void setPermittedNetwork(NetworkPair permittedNetwor * Setter for the permittedInterfaceName. * * @param permittedInterfaceName - * A String representing the only interface allowed on this open port + * A String representing the only interface + * allowed on this open port */ public void setPermittedInterfaceName(String permittedInterfaceName) { if (permittedInterfaceName != null && !permittedInterfaceName.trim().isEmpty()) { @@ -223,7 +238,8 @@ public void setPermittedInterfaceName(String permittedInterfaceName) { * Setter for the unpermittedInterfaceName. * * @param unpermittedInterfaceName - * A String representing the only interface not allowed on this open port + * A String representing the only interface not + * allowed on this open port */ public void setUnpermittedInterfaceName(String unpermittedInterfaceName) { if (unpermittedInterfaceName != null && !unpermittedInterfaceName.trim().isEmpty()) { @@ -235,7 +251,7 @@ public void setUnpermittedInterfaceName(String unpermittedInterfaceName) { * Setter for the permittedMAC. * * @param permittedMAC - * A String representing the permittedMAC. + * A String representing the permittedMAC. */ public void setPermittedMAC(String permittedMAC) { if (permittedMAC != null && !permittedMAC.trim().isEmpty()) { @@ -247,7 +263,7 @@ public void setPermittedMAC(String permittedMAC) { * Setter for the sourcePortRange. * * @param sourcePortRange - * A String representing the sourcePortRange. + * A String representing the sourcePortRange. */ public void setSourcePortRange(String sourcePortRange) { if (sourcePortRange != null && !sourcePortRange.trim().isEmpty()) { @@ -259,7 +275,7 @@ public void setSourcePortRange(String sourcePortRange) { * Setter for the port. * * @param port - * An int representing the port. + * An int representing the port. */ public void setPort(int port) { this.port = port; @@ -270,7 +286,8 @@ public void setPort(int port) { * Setter for the portRange * * @param portRange - * A string representing the port range of the form X:Y where X < Y and both are valid ports + * A string representing the port range of the form X:Y where X + * < Y and both are valid ports */ public void setPortRange(String portRange) { this.port = -1; @@ -296,7 +313,8 @@ public String getSourcePortRange() { * Getter for the permittedInterfaceName. * * @param permittedInterfaceName - * A String representing the only interface allowed on this open port + * A String representing the only interface + * allowed on this open port */ public String getPermittedInterfaceName() { if (this.permittedInterfaceName.isPresent()) { @@ -310,7 +328,8 @@ public String getPermittedInterfaceName() { * Getter for the unpermittedInterfaceName. * * @param unpermittedInterfaceName - * A String representing the only interface not allowed on this open port + * A String representing the only interface not + * allowed on this open port */ public String getUnpermittedInterfaceName() { if (this.unpermittedInterfaceName.isPresent()) { @@ -392,7 +411,8 @@ public String getPermittedMAC() { /** * Converts the LocalRule to a String. - * Returns one of the following iptables strings depending on the LocalRule format: + * Returns one of the following iptables strings depending on the + * LocalRule format: * *

-A input-kura -p {protocol} --dport {port} -j ACCEPT *

-A input-kura -p {protocol} --sport {sourcePort1:sourcePort2} --dport {port} -j ACCEPT @@ -407,61 +427,34 @@ public String getPermittedMAC() { */ @Override public String toString() { - String interfaceString = null; + StringBuilder localRuleSB = new StringBuilder(A_INPUT_KURA_P).append(this.protocol); + + this.permittedNetworkString.ifPresent(permittedNetwork -> { + localRuleSB.append(" -s ").append(permittedNetwork); + }); + if (this.permittedInterfaceName.isPresent()) { - interfaceString = new StringBuilder().append(" -i ").append(this.permittedInterfaceName.get()).toString(); + localRuleSB.append(" -i ").append(this.permittedInterfaceName.get()).toString(); } else if (this.unpermittedInterfaceName.isPresent()) { - interfaceString = new StringBuilder().append(" ! -i ").append(this.unpermittedInterfaceName.get()) - .toString(); + localRuleSB.append(" ! -i ").append(this.unpermittedInterfaceName.get()).toString(); } - if (this.port != -1) { - return getLocalRuleWithPort(interfaceString); - } else { - return getLocalRuleWithoutPort(interfaceString); - } - } + this.permittedMAC.ifPresent(macAddress -> { + localRuleSB.append(M_MAC_MAC_SOURCE).append(macAddress); + }); - private String getLocalRuleWithPort(String interfaceString) { - String localRuleString = ""; - if (!this.permittedMAC.isPresent() && !this.sourcePortRange.isPresent()) { - localRuleString = A_INPUT_KURA_P + this.protocol + " -s " + this.permittedNetworkString.get() - + (interfaceString != null ? interfaceString : "") + DPORT + this.port + J_ACCEPT; - } else if (!this.permittedMAC.isPresent()) { - localRuleString = A_INPUT_KURA_P + this.protocol + " -s " + this.permittedNetworkString.get() - + (interfaceString != null ? interfaceString : "") + SPORT + this.sourcePortRange.get() + DPORT - + this.port + J_ACCEPT; - } else if (!this.sourcePortRange.isPresent()) { - localRuleString = A_INPUT_KURA_P + this.protocol + " -s " + this.permittedNetworkString.get() - + (interfaceString != null ? interfaceString : "") + M_MAC_MAC_SOURCE + this.permittedMAC.get() - + DPORT + this.port + J_ACCEPT; - } else { - localRuleString = A_INPUT_KURA_P + this.protocol + " -s " + this.permittedNetworkString.get() - + (interfaceString != null ? interfaceString : "") + M_MAC_MAC_SOURCE + this.permittedMAC.get() - + SPORT + this.sourcePortRange.get() + DPORT + this.port + J_ACCEPT; - } - return localRuleString; - } + this.sourcePortRange.ifPresent(sourceRange -> { + localRuleSB.append(SPORT).append(sourceRange); + }); - private String getLocalRuleWithoutPort(String interfaceString) { - String localRuleString = ""; - if (!this.permittedMAC.isPresent() && !this.sourcePortRange.isPresent()) { - localRuleString = A_INPUT_KURA_P + this.protocol + " -s " + this.permittedNetworkString.get() - + (interfaceString != null ? interfaceString : "") + DPORT + this.portRange.get() + J_ACCEPT; - } else if (!this.permittedMAC.isPresent()) { - localRuleString = A_INPUT_KURA_P + this.protocol + " -s " + this.permittedNetworkString.get() - + (interfaceString != null ? interfaceString : "") + SPORT + this.sourcePortRange.get() + DPORT - + this.portRange.get() + J_ACCEPT; - } else if (!this.sourcePortRange.isPresent()) { - localRuleString = A_INPUT_KURA_P + this.protocol + " -s " + this.permittedNetworkString.get() - + (interfaceString != null ? interfaceString : "") + M_MAC_MAC_SOURCE + this.permittedMAC.get() - + DPORT + this.portRange.get() + J_ACCEPT; + if (this.port != -1) { + localRuleSB.append(DPORT).append(this.port); } else { - localRuleString = A_INPUT_KURA_P + this.protocol + " -s " + this.permittedNetworkString.get() - + (interfaceString != null ? interfaceString : "") + M_MAC_MAC_SOURCE + this.permittedMAC.get() - + SPORT + this.sourcePortRange.get() + DPORT + this.portRange.get() + J_ACCEPT; + localRuleSB.append(DPORT).append(this.portRange.get()); } - return localRuleString; + + localRuleSB.append(J_ACCEPT); + return localRuleSB.toString(); } private boolean isPortRangeValid(String range) { diff --git a/kura/org.eclipse.kura.linux.net/src/main/java/org/eclipse/kura/linux/net/iptables/PortForwardRule.java b/kura/org.eclipse.kura.linux.net/src/main/java/org/eclipse/kura/linux/net/iptables/PortForwardRule.java index 7e085fc16df..9b1d2e84f5f 100644 --- a/kura/org.eclipse.kura.linux.net/src/main/java/org/eclipse/kura/linux/net/iptables/PortForwardRule.java +++ b/kura/org.eclipse.kura.linux.net/src/main/java/org/eclipse/kura/linux/net/iptables/PortForwardRule.java @@ -26,6 +26,7 @@ public class PortForwardRule { private String inboundIface; private String outboundIface; private String address; + private int addressMask; private String protocol; private int inPort; private int outPort; @@ -51,6 +52,8 @@ public class PortForwardRule { * protocol of port connection (tcp, udp) * @param address * destination IP address to forward IP traffic + * @param addressMask + * destination IP address netmask * @param outPort * destination port to forward IP traffic * @param masquerade @@ -70,6 +73,7 @@ public PortForwardRule() { this.inPort = 0; this.protocol = null; this.address = null; + this.addressMask = 0; this.outPort = 0; this.masquerade = false; this.permittedNetworkMask = 0; @@ -94,6 +98,11 @@ public PortForwardRule address(String address) { return this; } + public PortForwardRule addressMask(int addressMask) { + this.addressMask = addressMask; + return this; + } + public PortForwardRule protocol(String protocol) { this.protocol = protocol; return this; @@ -170,7 +179,7 @@ public NatPreroutingChainRule getNatPreroutingChainRule() { } public NatPostroutingChainRule getNatPostroutingChainRule() { - return new NatPostroutingChainRule().dstNetwork(this.address).dstMask((short) 32) + return new NatPostroutingChainRule().dstNetwork(this.address).dstMask((short) this.addressMask) .srcNetwork(this.permittedNetwork).srcMask((short) this.permittedNetworkMask) .dstInterface(this.outboundIface).protocol(this.protocol).masquerade(this.masquerade) .type(RuleType.PORT_FORWARDING); @@ -179,7 +188,7 @@ public NatPostroutingChainRule getNatPostroutingChainRule() { public FilterForwardChainRule getFilterForwardChainRule() { return new FilterForwardChainRule().inputInterface(this.inboundIface).outputInterface(this.outboundIface) .srcNetwork(this.permittedNetwork).srcMask((short) this.permittedNetworkMask).dstNetwork(this.address) - .dstMask((short) 32).protocol(this.protocol).permittedMacAddress(this.permittedMAC) + .dstMask((short) this.addressMask).protocol(this.protocol).permittedMacAddress(this.permittedMAC) .srcPortFirst(this.sourcePortStart).srcPortLast(this.sourcePortEnd).type(RuleType.PORT_FORWARDING); } diff --git a/kura/org.eclipse.kura.net.admin.firewall/src/main/java/org/eclipse/kura/net/admin/AbstractFirewallConfigurationServiceImpl.java b/kura/org.eclipse.kura.net.admin.firewall/src/main/java/org/eclipse/kura/net/admin/AbstractFirewallConfigurationServiceImpl.java index bafcb93fe5f..39b12cd052d 100644 --- a/kura/org.eclipse.kura.net.admin.firewall/src/main/java/org/eclipse/kura/net/admin/AbstractFirewallConfigurationServiceImpl.java +++ b/kura/org.eclipse.kura.net.admin.firewall/src/main/java/org/eclipse/kura/net/admin/AbstractFirewallConfigurationServiceImpl.java @@ -258,6 +258,7 @@ public void setFirewallPortForwardingConfiguration( .inboundIface(portForwardEntry.getInboundInterface()) .outboundIface(portForwardEntry.getOutboundInterface()) .address(portForwardEntry.getIPAddress().getHostAddress()) + .addressMask(portForwardEntry.getIPAddressNetmask()) .protocol(portForwardEntry.getProtocol().name()).inPort(portForwardEntry.getInPort()) .outPort(portForwardEntry.getOutPort()).masquerade(portForwardEntry.isMasquerade()) .permittedNetwork(convertNetworkPairToString(portForwardEntry.getPermittedNetwork())) diff --git a/kura/org.eclipse.kura.net.admin.firewall/src/main/java/org/eclipse/kura/net/admin/FirewallConfigurationServiceImpl.java b/kura/org.eclipse.kura.net.admin.firewall/src/main/java/org/eclipse/kura/net/admin/FirewallConfigurationServiceImpl.java index b4688ebb9a5..df6e0025e16 100644 --- a/kura/org.eclipse.kura.net.admin.firewall/src/main/java/org/eclipse/kura/net/admin/FirewallConfigurationServiceImpl.java +++ b/kura/org.eclipse.kura.net.admin.firewall/src/main/java/org/eclipse/kura/net/admin/FirewallConfigurationServiceImpl.java @@ -143,4 +143,5 @@ protected AbstractLinuxFirewall getLinuxFirewall() { } return this.firewall; } + } diff --git a/kura/org.eclipse.kura.web2/META-INF/MANIFEST.MF b/kura/org.eclipse.kura.web2/META-INF/MANIFEST.MF index 9259019a32a..d284faac524 100644 --- a/kura/org.eclipse.kura.web2/META-INF/MANIFEST.MF +++ b/kura/org.eclipse.kura.web2/META-INF/MANIFEST.MF @@ -62,6 +62,7 @@ Import-Package: com.eclipsesource.json;version="0.9.5", org.eclipse.kura.marshalling;version="[1.0,2.0)", org.eclipse.kura.net;version="[2.1,3.0)", org.eclipse.kura.net.admin;version="[1.6,3.0)";resolution:=optional, + org.eclipse.kura.net.admin.ipv6;version="[1.0,2.0)";resolution:=optional, org.eclipse.kura.net.dhcp;version="[1.0,2.0)", org.eclipse.kura.net.firewall;version="[2.0,3.0)", org.eclipse.kura.net.modem;version="[2.2,3.0)", @@ -70,7 +71,7 @@ Import-Package: com.eclipsesource.json;version="0.9.5", org.eclipse.kura.net.status.modem;version="[1.0,2.0)", org.eclipse.kura.net.status.wifi;version="[1.0,2.0)", org.eclipse.kura.net.status.vlan;version="[1.0,2.0)", - org.eclipse.kura.net.wifi;version="[2.4,2.5)", + org.eclipse.kura.net.wifi;version="[2.4,3.0)", org.eclipse.kura.net.vlan;version="[1.0,2.0)", org.eclipse.kura.position;version="[1.0,2.0)", org.eclipse.kura.rest.configuration.api;version="[1.0,2.0)", diff --git a/kura/org.eclipse.kura.web2/src/main/java/org/eclipse/kura/web/client/ui/firewall/FirewallPanelUi.java b/kura/org.eclipse.kura.web2/src/main/java/org/eclipse/kura/web/client/ui/firewall/FirewallPanelUi.java index 41b9d0e9ec8..ed1795a9ad3 100644 --- a/kura/org.eclipse.kura.web2/src/main/java/org/eclipse/kura/web/client/ui/firewall/FirewallPanelUi.java +++ b/kura/org.eclipse.kura.web2/src/main/java/org/eclipse/kura/web/client/ui/firewall/FirewallPanelUi.java @@ -1,12 +1,12 @@ /******************************************************************************* - * Copyright (c) 2011, 2020 Eurotech and/or its affiliates and others - * + * Copyright (c) 2011, 2023 Eurotech and/or its affiliates and others + * * This program and the accompanying materials are made * available under the terms of the Eclipse Public License 2.0 * which is available at https://www.eclipse.org/legal/epl-2.0/ - * + * * SPDX-License-Identifier: EPL-2.0 - * + * * Contributors: * Eurotech *******************************************************************************/ @@ -15,6 +15,9 @@ import org.eclipse.kura.web.client.messages.Messages; import org.eclipse.kura.web.client.ui.Tab; import org.eclipse.kura.web.client.ui.Tab.RefreshHandler; +import org.eclipse.kura.web.client.util.FailureHandler; +import org.eclipse.kura.web.shared.service.GwtNetworkService; +import org.eclipse.kura.web.shared.service.GwtNetworkServiceAsync; import org.gwtbootstrap3.client.ui.Anchor; import org.gwtbootstrap3.client.ui.Button; import org.gwtbootstrap3.client.ui.Modal; @@ -25,6 +28,7 @@ import com.google.gwt.event.dom.client.ClickEvent; import com.google.gwt.uibinder.client.UiBinder; import com.google.gwt.uibinder.client.UiField; +import com.google.gwt.user.client.rpc.AsyncCallback; import com.google.gwt.user.client.ui.Composite; import com.google.gwt.user.client.ui.HTMLPanel; import com.google.gwt.user.client.ui.Widget; @@ -36,12 +40,20 @@ public class FirewallPanelUi extends Composite { interface FirewallPanelUiUiBinder extends UiBinder { } + private final GwtNetworkServiceAsync gwtNetworkService = GWT.create(GwtNetworkService.class); + @UiField OpenPortsTabUi openPortsPanel; @UiField PortForwardingTabUi portForwardingPanel; @UiField NatTabUi ipForwardingPanel; + @UiField + OpenPortsIPv6TabUi openPortsIPv6Panel; + @UiField + PortForwardingIPv6TabUi portForwardingIPv6Panel; + @UiField + NatIPv6TabUi ipForwardingIPv6Panel; private static final Messages MSGS = GWT.create(Messages.class); @@ -53,6 +65,12 @@ interface FirewallPanelUiUiBinder extends UiBinder { TabListItem portForwarding; @UiField TabListItem ipForwarding; + @UiField + TabListItem openPortsIPv6; + @UiField + TabListItem portForwardingIPv6; + @UiField + TabListItem ipForwardingIPv6; @UiField Modal dirtyModal; @@ -62,42 +80,72 @@ interface FirewallPanelUiUiBinder extends UiBinder { Button no; private TabListItem currentlySelectedTab; - private Tab.RefreshHandler openPortsHandler; - private Tab.RefreshHandler portForwardingHandler; - private Tab.RefreshHandler ipForwardingHandler; + private final Tab.RefreshHandler openPortsHandler; + private final Tab.RefreshHandler portForwardingHandler; + private final Tab.RefreshHandler ipForwardingHandler; + private final Tab.RefreshHandler openPortsIPv6Handler; + private final Tab.RefreshHandler portForwardingIPv6Handler; + private final Tab.RefreshHandler ipForwardingIPv6Handler; public FirewallPanelUi() { initWidget(uiBinder.createAndBindUi(this)); + detectIfNet2(); this.firewallIntro.add(new Span("

" + MSGS.firewallIntro() + "

")); + this.openPorts.setText(MSGS.firewallOpenPorts()); this.portForwarding.setText(MSGS.firewallPortForwarding()); this.ipForwarding.setText(MSGS.firewallNat()); + this.openPortsIPv6.setText(MSGS.firewallOpenPortsIPv6()); + this.portForwardingIPv6.setText(MSGS.firewallPortForwardingIPv6()); + this.ipForwardingIPv6.setText(MSGS.firewallNatIPv6()); + this.openPortsHandler = new Tab.RefreshHandler(this.openPortsPanel); this.openPorts.addClickHandler(event -> handleEvent(event, this.openPortsHandler)); this.portForwardingHandler = new Tab.RefreshHandler(this.portForwardingPanel); this.portForwarding.addClickHandler(event -> handleEvent(event, this.portForwardingHandler)); this.ipForwardingHandler = new Tab.RefreshHandler(this.ipForwardingPanel); this.ipForwarding.addClickHandler(event -> handleEvent(event, this.ipForwardingHandler)); + + this.openPortsIPv6Handler = new Tab.RefreshHandler(this.openPortsIPv6Panel); + this.openPortsIPv6.addClickHandler(event -> handleEvent(event, this.openPortsIPv6Handler)); + this.portForwardingIPv6Handler = new Tab.RefreshHandler(this.portForwardingIPv6Panel); + this.portForwardingIPv6.addClickHandler(event -> handleEvent(event, this.portForwardingIPv6Handler)); + this.ipForwardingIPv6Handler = new Tab.RefreshHandler(this.ipForwardingIPv6Panel); + this.ipForwardingIPv6.addClickHandler(event -> handleEvent(event, this.ipForwardingIPv6Handler)); } public void initFirewallPanel() { - FirewallPanelUi.this.currentlySelectedTab = openPorts; + FirewallPanelUi.this.currentlySelectedTab = this.openPorts; + this.portForwardingPanel.clear(); this.ipForwardingPanel.clear(); this.openPortsPanel.refresh(); + + this.portForwardingIPv6Panel.clear(); + this.ipForwardingIPv6Panel.clear(); + this.openPortsIPv6Panel.refresh(); + this.openPorts.showTab(); } public boolean isDirty() { - return this.openPortsPanel.isDirty() || this.portForwardingPanel.isDirty() || this.ipForwardingPanel.isDirty(); + boolean ipv4PanelsDirty = this.openPortsPanel.isDirty() || this.portForwardingPanel.isDirty() + || this.ipForwardingPanel.isDirty(); + boolean ipv6PanelsDirty = this.openPortsIPv6Panel.isDirty() || this.portForwardingIPv6Panel.isDirty() + || this.ipForwardingIPv6Panel.isDirty(); + return ipv4PanelsDirty || ipv6PanelsDirty; } public void setDirty(boolean b) { this.openPortsPanel.setDirty(b); this.portForwardingPanel.setDirty(b); this.ipForwardingPanel.setDirty(b); + + this.openPortsIPv6Panel.setDirty(b); + this.portForwardingIPv6Panel.setDirty(b); + this.ipForwardingIPv6Panel.setDirty(b); } private void showDirtyModal(TabListItem newTabListItem, RefreshHandler newTabRefreshHandler) { @@ -136,8 +184,35 @@ private Tab getTab(TabListItem item) { return this.portForwardingPanel; } else if (item.getDataTarget().equals("#ipForwardingPanel")) { return this.ipForwardingPanel; + } else if (item.getDataTarget().equals("#openPortsIPv6Panel")) { + return this.openPortsIPv6Panel; + } else if (item.getDataTarget().equals("#portForwardingIPv6Panel")) { + return this.portForwardingIPv6Panel; + } else if (item.getDataTarget().equals("#ipForwardingIPv6Panel")) { + return this.ipForwardingIPv6Panel; } else { return this.openPortsPanel; } } + + private void detectIfNet2() { + this.gwtNetworkService.isNet2(new AsyncCallback() { + + @Override + public void onFailure(Throwable caught) { + FailureHandler.handle(caught); + } + + @Override + public void onSuccess(Boolean result) { + initNet2FeaturesOnly(result); + } + }); + } + + private void initNet2FeaturesOnly(boolean isNet2) { + this.openPortsIPv6.setVisible(isNet2); + this.portForwardingIPv6.setVisible(isNet2); + this.ipForwardingIPv6.setVisible(isNet2); + } } diff --git a/kura/org.eclipse.kura.web2/src/main/java/org/eclipse/kura/web/client/ui/firewall/FirewallPanelUi.ui.xml b/kura/org.eclipse.kura.web2/src/main/java/org/eclipse/kura/web/client/ui/firewall/FirewallPanelUi.ui.xml index 0e967f4ca71..df765f6fb53 100644 --- a/kura/org.eclipse.kura.web2/src/main/java/org/eclipse/kura/web/client/ui/firewall/FirewallPanelUi.ui.xml +++ b/kura/org.eclipse.kura.web2/src/main/java/org/eclipse/kura/web/client/ui/firewall/FirewallPanelUi.ui.xml @@ -2,7 +2,7 @@ + + + + + + + .important { + font-weight: bold; + } + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/kura/org.eclipse.kura.web2/src/main/java/org/eclipse/kura/web/client/ui/firewall/NatTabUi.java b/kura/org.eclipse.kura.web2/src/main/java/org/eclipse/kura/web/client/ui/firewall/NatTabUi.java index b863b286241..7cbf49debd9 100644 --- a/kura/org.eclipse.kura.web2/src/main/java/org/eclipse/kura/web/client/ui/firewall/NatTabUi.java +++ b/kura/org.eclipse.kura.web2/src/main/java/org/eclipse/kura/web/client/ui/firewall/NatTabUi.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright (c) 2011, 2022 Eurotech and/or its affiliates and others + * Copyright (c) 2011, 2023 Eurotech and/or its affiliates and others * * This program and the accompanying materials are made * available under the terms of the Eclipse Public License 2.0 @@ -612,7 +612,7 @@ private Validator newSourceValidator() { public List validate(Editor editor, String value) { List result = new ArrayList<>(); if (!NatTabUi.this.source.getText().trim().isEmpty() - && !NatTabUi.this.source.getText().trim().matches(FieldType.NETWORK.getRegex())) { + && !NatTabUi.this.source.getText().trim().matches(FieldType.IPV4_CIDR_NOTATION.getRegex())) { result.add(new BasicEditorError(NatTabUi.this.source, value, MSGS.firewallNatFormSourceNetworkErrorMessage())); } @@ -633,7 +633,7 @@ private Validator newDestinationValidator() { public List validate(Editor editor, String value) { List result = new ArrayList<>(); if (!NatTabUi.this.destination.getText().trim().isEmpty() - && !NatTabUi.this.destination.getText().trim().matches(FieldType.NETWORK.getRegex())) { + && !NatTabUi.this.destination.getText().trim().matches(FieldType.IPV4_CIDR_NOTATION.getRegex())) { result.add(new BasicEditorError(NatTabUi.this.destination, value, MSGS.firewallNatFormDestinationNetworkErrorMessage())); } diff --git a/kura/org.eclipse.kura.web2/src/main/java/org/eclipse/kura/web/client/ui/firewall/OpenPortsIPv6TabUi.java b/kura/org.eclipse.kura.web2/src/main/java/org/eclipse/kura/web/client/ui/firewall/OpenPortsIPv6TabUi.java new file mode 100644 index 00000000000..41fc28afbc5 --- /dev/null +++ b/kura/org.eclipse.kura.web2/src/main/java/org/eclipse/kura/web/client/ui/firewall/OpenPortsIPv6TabUi.java @@ -0,0 +1,899 @@ +/******************************************************************************* + * Copyright (c) 2011, 2023 Eurotech and/or its affiliates and others + * + * This program and the accompanying materials are made + * available under the terms of the Eclipse Public License 2.0 + * which is available at https://www.eclipse.org/legal/epl-2.0/ + * + * SPDX-License-Identifier: EPL-2.0 + * + * Contributors: + * Eurotech + *******************************************************************************/ +package org.eclipse.kura.web.client.ui.firewall; + +import java.util.ArrayList; +import java.util.Collections; +import java.util.List; +import java.util.Map; + +import org.eclipse.kura.web.client.messages.Messages; +import org.eclipse.kura.web.client.ui.AlertDialog; +import org.eclipse.kura.web.client.ui.EntryClassUi; +import org.eclipse.kura.web.client.ui.Tab; +import org.eclipse.kura.web.client.util.FailureHandler; +import org.eclipse.kura.web.client.util.TextFieldValidator.FieldType; +import org.eclipse.kura.web.shared.model.GwtFirewallOpenPortEntry; +import org.eclipse.kura.web.shared.model.GwtNetProtocol; +import org.eclipse.kura.web.shared.model.GwtXSRFToken; +import org.eclipse.kura.web.shared.service.GwtNetworkService; +import org.eclipse.kura.web.shared.service.GwtNetworkServiceAsync; +import org.eclipse.kura.web.shared.service.GwtSecurityTokenService; +import org.eclipse.kura.web.shared.service.GwtSecurityTokenServiceAsync; +import org.gwtbootstrap3.client.shared.event.ModalHideHandler; +import org.gwtbootstrap3.client.ui.Alert; +import org.gwtbootstrap3.client.ui.Button; +import org.gwtbootstrap3.client.ui.FormGroup; +import org.gwtbootstrap3.client.ui.FormLabel; +import org.gwtbootstrap3.client.ui.ListBox; +import org.gwtbootstrap3.client.ui.Modal; +import org.gwtbootstrap3.client.ui.TextBox; +import org.gwtbootstrap3.client.ui.Tooltip; +import org.gwtbootstrap3.client.ui.constants.ValidationState; +import org.gwtbootstrap3.client.ui.form.error.BasicEditorError; +import org.gwtbootstrap3.client.ui.form.validator.Validator; +import org.gwtbootstrap3.client.ui.gwt.CellTable; + +import com.google.gwt.core.client.GWT; +import com.google.gwt.editor.client.Editor; +import com.google.gwt.editor.client.EditorError; +import com.google.gwt.uibinder.client.UiBinder; +import com.google.gwt.uibinder.client.UiField; +import com.google.gwt.user.cellview.client.TextColumn; +import com.google.gwt.user.client.rpc.AsyncCallback; +import com.google.gwt.user.client.ui.Composite; +import com.google.gwt.user.client.ui.Widget; +import com.google.gwt.view.client.ListDataProvider; +import com.google.gwt.view.client.SingleSelectionModel; +import com.google.web.bindery.event.shared.HandlerRegistration; + +public class OpenPortsIPv6TabUi extends Composite implements Tab, ButtonBar.Listener { + + private static final String STATUS_TABLE_ROW = "status-table-row"; + + private static OpenPortsTabUiUiBinder uiBinder = GWT.create(OpenPortsTabUiUiBinder.class); + + private final GwtSecurityTokenServiceAsync gwtXSRFService = GWT.create(GwtSecurityTokenService.class); + private final GwtNetworkServiceAsync gwtNetworkService = GWT.create(GwtNetworkService.class); + + private static final Messages MSGS = GWT.create(Messages.class); + + interface OpenPortsTabUiUiBinder extends UiBinder { + } + + private final ListDataProvider openPortsDataProvider = new ListDataProvider<>(); + private final SingleSelectionModel selectionModel = new SingleSelectionModel<>(); + + private boolean dirty; + + GwtFirewallOpenPortEntry editOpenPortEntry; + GwtFirewallOpenPortEntry newOpenPortEntry; + GwtFirewallOpenPortEntry openPortEntry; + + @UiField + ButtonBar buttonBar; + @UiField + Alert notification; + + @UiField + AlertDialog alertDialog; + + @UiField + Modal openPortsForm; + + @UiField + FormGroup groupPort; + @UiField + FormGroup groupPermittedNw; + @UiField + FormGroup groupPermittedI; + @UiField + FormGroup groupUnpermittedI; + @UiField + FormGroup groupPermittedMac; + @UiField + FormGroup groupSource; + + @UiField + FormLabel labelPort; + @UiField + FormLabel labelProtocol; + @UiField + FormLabel labelPermitttedNw; + @UiField + FormLabel labelPermitttedI; + @UiField + FormLabel labelUnPermitttedI; + @UiField + FormLabel labelPermitttedMac; + @UiField + FormLabel labelSource; + + @UiField + TextBox port; + @UiField + TextBox permittedNw; + @UiField + TextBox permittedI; + @UiField + TextBox unpermittedI; + @UiField + TextBox permittedMac; + @UiField + TextBox source; + + @UiField + Tooltip tooltipPort; + @UiField + Tooltip tooltipProtocol; + @UiField + Tooltip tooltipPermittedNw; + @UiField + Tooltip tooltipPermittedI; + @UiField + Tooltip tooltipUnpermittedI; + @UiField + Tooltip tooltipPermittedMac; + @UiField + Tooltip tooltipSource; + + @UiField + Button submit; + @UiField + Button cancel; + + @UiField + Modal existingRule; + @UiField + Button close; + + @UiField + ListBox protocol; + + private HandlerRegistration modalHideHandlerRegistration; + + @UiField + CellTable openPortsGrid = new CellTable<>(); + + public OpenPortsIPv6TabUi() { + initWidget(uiBinder.createAndBindUi(this)); + this.selectionModel.addSelectionChangeHandler(event -> OpenPortsIPv6TabUi.this.buttonBar + .setEditDeleteButtonsDirty(OpenPortsIPv6TabUi.this.selectionModel.getSelectedObject() != null)); + this.openPortsGrid.setSelectionModel(this.selectionModel); + + initTable(); + initNewRuleModal(); + initDuplicateRuleModal(); + this.buttonBar.setListener(this); + + // Initialize fixed fields for modal + setModalFieldsLabels(); + setModalFieldsTooltips(); + setModalFieldsHandlers(); + } + + private void initDuplicateRuleModal() { + this.close.addClickHandler(event -> this.existingRule.hide()); + } + + // + // Public methods + // + @Override + public void refresh() { + EntryClassUi.showWaitModal(); + clear(); + this.notification.setVisible(false); + this.gwtXSRFService.generateSecurityToken(new AsyncCallback() { + + @Override + public void onFailure(Throwable ex) { + EntryClassUi.hideWaitModal(); + FailureHandler.handle(ex); + } + + @Override + public void onSuccess(GwtXSRFToken token) { + OpenPortsIPv6TabUi.this.setDirty(false); + OpenPortsIPv6TabUi.this.gwtNetworkService.findDeviceFirewallOpenPortsIPv6(token, + new AsyncCallback>() { + + @Override + public void onFailure(Throwable caught) { + EntryClassUi.hideWaitModal(); + FailureHandler.handle(caught, + OpenPortsIPv6TabUi.this.gwtNetworkService.getClass().getSimpleName()); + } + + @Override + public void onSuccess(List result) { + for (GwtFirewallOpenPortEntry pair : result) { + OpenPortsIPv6TabUi.this.openPortsDataProvider.getList().add(pair); + } + refreshTable(); + setVisibility(); + EntryClassUi.hideWaitModal(); + } + }); + } + + }); + + } + + @Override + public boolean isDirty() { + return this.dirty; + } + + @Override + public void setDirty(boolean b) { + this.dirty = b; + } + + @Override + public boolean isValid() { + return true; + } + + @Override + public void clear() { + this.openPortsDataProvider.getList().clear(); + OpenPortsIPv6TabUi.this.buttonBar.setApplyResetButtonsDirty(false); + OpenPortsIPv6TabUi.this.buttonBar.setEditDeleteButtonsDirty(false); + setVisibility(); + refreshTable(); + } + + // + // Private methods + // + private void initTable() { + + TextColumn col1 = new TextColumn() { + + @Override + public String getValue(GwtFirewallOpenPortEntry object) { + if (object.getPortRange() != null) { + return String.valueOf(object.getPortRange()); + } else { + return ""; + } + } + }; + col1.setCellStyleNames(STATUS_TABLE_ROW); + this.openPortsGrid.addColumn(col1, MSGS.firewallOpenPort()); + + TextColumn col2 = new TextColumn() { + + @Override + public String getValue(GwtFirewallOpenPortEntry object) { + if (object.getProtocol() != null) { + return String.valueOf(object.getProtocol()); + } else { + return ""; + } + } + }; + col2.setCellStyleNames(STATUS_TABLE_ROW); + this.openPortsGrid.addColumn(col2, MSGS.firewallOpenPortProtocol()); + + TextColumn col3 = new TextColumn() { + + @Override + public String getValue(GwtFirewallOpenPortEntry object) { + if (object.getPermittedNetwork() != null) { + return String.valueOf(object.getPermittedNetwork()); + } else { + return ""; + } + } + }; + col3.setCellStyleNames(STATUS_TABLE_ROW); + this.openPortsGrid.addColumn(col3, MSGS.firewallOpenPortPermittedNetwork()); + + TextColumn col4 = new TextColumn() { + + @Override + public String getValue(GwtFirewallOpenPortEntry object) { + if (object.getPermittedInterfaceName() != null) { + return String.valueOf(object.getPermittedInterfaceName()); + } else { + return ""; + } + } + }; + col4.setCellStyleNames(STATUS_TABLE_ROW); + this.openPortsGrid.addColumn(col4, MSGS.firewallOpenPortPermittedInterfaceName()); + + TextColumn col5 = new TextColumn() { + + @Override + public String getValue(GwtFirewallOpenPortEntry object) { + if (object.getUnpermittedInterfaceName() != null) { + return String.valueOf(object.getUnpermittedInterfaceName()); + } else { + return ""; + } + } + }; + col5.setCellStyleNames(STATUS_TABLE_ROW); + this.openPortsGrid.addColumn(col5, MSGS.firewallOpenPortUnpermittedInterfaceName()); + + TextColumn col6 = new TextColumn() { + + @Override + public String getValue(GwtFirewallOpenPortEntry object) { + if (object.getPermittedMAC() != null) { + return String.valueOf(object.getPermittedMAC()); + } else { + return ""; + } + } + }; + col6.setCellStyleNames(STATUS_TABLE_ROW); + this.openPortsGrid.addColumn(col6, MSGS.firewallOpenPortPermittedMac()); + + TextColumn col7 = new TextColumn() { + + @Override + public String getValue(GwtFirewallOpenPortEntry object) { + if (object.getSourcePortRange() != null) { + return String.valueOf(object.getSourcePortRange()); + } else { + return ""; + } + } + }; + col7.setCellStyleNames(STATUS_TABLE_ROW); + this.openPortsGrid.addColumn(col7, MSGS.firewallOpenPortSourcePortRange()); + + this.openPortsDataProvider.addDataDisplay(this.openPortsGrid); + } + + private void refreshTable() { + Collections.sort(OpenPortsIPv6TabUi.this.openPortsDataProvider.getList(), new FirewallPanelUtils.PortSorting()); + int size = this.openPortsDataProvider.getList().size(); + this.openPortsGrid.setVisibleRange(0, size); + this.openPortsDataProvider.flush(); + this.openPortsGrid.redraw(); + this.selectionModel.setSelected(this.selectionModel.getSelectedObject(), false); + } + + @Override + public void onApply() { + List intermediateList = OpenPortsIPv6TabUi.this.openPortsDataProvider.getList(); + final List updatedOpenPortConf = new ArrayList<>(); + for (GwtFirewallOpenPortEntry entry : intermediateList) { + updatedOpenPortConf.add(entry); + } + + EntryClassUi.showWaitModal(); + OpenPortsIPv6TabUi.this.gwtXSRFService.generateSecurityToken(new AsyncCallback() { + + @Override + public void onFailure(Throwable ex) { + EntryClassUi.hideWaitModal(); + FailureHandler.handle(ex, OpenPortsIPv6TabUi.this.gwtXSRFService.getClass().getName()); + } + + @Override + public void onSuccess(GwtXSRFToken token) { + OpenPortsIPv6TabUi.this.gwtNetworkService.updateDeviceFirewallOpenPortsIPv6(token, updatedOpenPortConf, + new AsyncCallback() { + + @Override + public void onFailure(Throwable caught) { + EntryClassUi.hideWaitModal(); + FailureHandler.handle(caught, + OpenPortsIPv6TabUi.this.gwtNetworkService.getClass().getSimpleName()); + } + + @Override + public void onSuccess(Void result) { + OpenPortsIPv6TabUi.this.buttonBar.setApplyResetButtonsDirty(false); + EntryClassUi.hideWaitModal(); + setDirty(false); + } + }); + } + }); + + } + + @Override + public void onCancel() { + OpenPortsIPv6TabUi.this.alertDialog.show(MSGS.deviceConfigDirty(), OpenPortsIPv6TabUi.this::refresh); + } + + @Override + public void onCreate() { + replaceModalHideHandler(evt -> { + if (OpenPortsIPv6TabUi.this.newOpenPortEntry != null) { + // Avoid duplicates + OpenPortsIPv6TabUi.this.openPortsDataProvider.getList() + .remove(OpenPortsIPv6TabUi.this.newOpenPortEntry); + if (!duplicateEntry(OpenPortsIPv6TabUi.this.newOpenPortEntry)) { + OpenPortsIPv6TabUi.this.openPortsDataProvider.getList() + .add(OpenPortsIPv6TabUi.this.newOpenPortEntry); + setVisibility(); + refreshTable(); + OpenPortsIPv6TabUi.this.buttonBar.setApplyResetButtonsDirty(true); + } else { + this.existingRule.show(); + } + } + resetFields(); + }); + showModal(null); + } + + @Override + public void onEdit() { + GwtFirewallOpenPortEntry selection = OpenPortsIPv6TabUi.this.selectionModel.getSelectedObject(); + + if (selection == null) { + return; + } + + replaceModalHideHandler(evt -> { + if (OpenPortsIPv6TabUi.this.editOpenPortEntry != null) { + GwtFirewallOpenPortEntry oldEntry = OpenPortsIPv6TabUi.this.selectionModel.getSelectedObject(); + OpenPortsIPv6TabUi.this.openPortsDataProvider.getList().remove(oldEntry); + refreshTable(); + if (!duplicateEntry(OpenPortsIPv6TabUi.this.editOpenPortEntry)) { + OpenPortsIPv6TabUi.this.openPortsDataProvider.getList() + .add(OpenPortsIPv6TabUi.this.editOpenPortEntry); + OpenPortsIPv6TabUi.this.openPortsDataProvider.flush(); + OpenPortsIPv6TabUi.this.buttonBar.setApplyResetButtonsDirty(true); + OpenPortsIPv6TabUi.this.editOpenPortEntry = null; + setVisibility(); + } else { + this.existingRule.show(); + OpenPortsIPv6TabUi.this.openPortsDataProvider.getList().add(oldEntry); + OpenPortsIPv6TabUi.this.openPortsDataProvider.flush(); + } + refreshTable(); + OpenPortsIPv6TabUi.this.buttonBar.setEditDeleteButtonsDirty(false); + OpenPortsIPv6TabUi.this.selectionModel.setSelected(selection, false); + } + resetFields(); + }); + final AlertDialog.ConfirmListener listener = () -> showModal( + OpenPortsIPv6TabUi.this.selectionModel.getSelectedObject()); + if (selection.getPortRange().equals("22")) { + // show warning + OpenPortsIPv6TabUi.this.alertDialog.show(MSGS.firewallOpenPorts22(), listener); + } else if (selection.getPortRange().equals("80")) { + // show warning + OpenPortsIPv6TabUi.this.alertDialog.show(MSGS.firewallOpenPorts80(), listener); + } else { + showModal(selection); + } + + } + + @Override + public void onDelete() { + GwtFirewallOpenPortEntry selection = OpenPortsIPv6TabUi.this.selectionModel.getSelectedObject(); + if (selection != null) { + OpenPortsIPv6TabUi.this.alertDialog + .show(MSGS.firewallOpenPortDeleteConfirmation(String.valueOf(selection.getPortRange())), () -> { + OpenPortsIPv6TabUi.this.openPortsDataProvider.getList().remove(selection); + OpenPortsIPv6TabUi.this.buttonBar.setApplyResetButtonsDirty(true); + OpenPortsIPv6TabUi.this.buttonBar.setEditDeleteButtonsDirty(false); + OpenPortsIPv6TabUi.this.selectionModel.setSelected(selection, false); + setVisibility(); + refreshTable(); + + setDirty(true); + }); + } + } + + private void initNewRuleModal() { + this.cancel.setText(MSGS.cancelButton()); + this.cancel.addClickHandler(event -> { + this.openPortsForm.hide(); + resetFields(); + }); + + this.submit.setText(MSGS.submitButton()); + this.submit.addClickHandler(event -> { + + if (!checkEntries()) { + return; + } + + // create a new entry + this.openPortEntry = new GwtFirewallOpenPortEntry(); + this.openPortEntry.setPortRange(this.port.getText().trim()); + this.openPortEntry.setProtocol(this.protocol.getSelectedItemText()); + + this.openPortEntry.setPermittedNetwork(validOrDefault(this.permittedNw.getText(), "::/0")); + this.openPortEntry.setPermittedInterfaceName(validOrDefault(this.permittedI.getText(), null)); + this.openPortEntry.setUnpermittedInterfaceName(validOrDefault(this.unpermittedI.getText(), null)); + this.openPortEntry.setPermittedMAC(validOrDefault(this.permittedMac.getText(), null)); + this.openPortEntry.setSourcePortRange(validOrDefault(this.source.getText().trim(), null)); + + if (OpenPortsIPv6TabUi.this.submit.getId().equals("new")) { + OpenPortsIPv6TabUi.this.newOpenPortEntry = OpenPortsIPv6TabUi.this.openPortEntry; + OpenPortsIPv6TabUi.this.editOpenPortEntry = null; + } else if (OpenPortsIPv6TabUi.this.submit.getId().equals("edit")) { + OpenPortsIPv6TabUi.this.editOpenPortEntry = OpenPortsIPv6TabUi.this.openPortEntry; + OpenPortsIPv6TabUi.this.newOpenPortEntry = null; + } + + setDirty(true); + + this.openPortsForm.hide(); + }); + } + + private static String validOrDefault(final String str, final String defaultValue) { + if (str == null || str.trim().isEmpty()) { + return defaultValue; + } + return str; + } + + private void showModal(final GwtFirewallOpenPortEntry existingEntry) { + resetValidationStates(); + + if (existingEntry == null) { + // new + this.openPortsForm.setTitle(MSGS.firewallOpenPortFormInformation()); + } else { + // edit existing entry + this.openPortsForm.setTitle(MSGS.firewallOpenPortFormUpdate(String.valueOf(existingEntry.getPortRange()))); + } + + setModalFieldsValues(existingEntry); + + if (existingEntry == null) { + this.submit.setId("new"); + } else { + setEnableUnpermittedInterface(); + setEnablePermittedInterface(); + + this.submit.setId("edit"); + } + + this.openPortsForm.show(); + } + + private void setEnablePermittedInterface() { + if (!OpenPortsIPv6TabUi.this.unpermittedI.getText().trim().isEmpty()) { + OpenPortsIPv6TabUi.this.permittedI.clear(); + OpenPortsIPv6TabUi.this.permittedI.setEnabled(false); + } else { + OpenPortsIPv6TabUi.this.permittedI.setEnabled(true); + } + } + + private void setEnableUnpermittedInterface() { + if (!OpenPortsIPv6TabUi.this.permittedI.getText().trim().isEmpty()) { + OpenPortsIPv6TabUi.this.unpermittedI.clear(); + OpenPortsIPv6TabUi.this.unpermittedI.setEnabled(false); + } else { + OpenPortsIPv6TabUi.this.unpermittedI.setEnabled(true); + } + } + + private void resetValidationStates() { + OpenPortsIPv6TabUi.this.groupPort.setValidationState(ValidationState.NONE); + OpenPortsIPv6TabUi.this.groupPermittedNw.setValidationState(ValidationState.NONE); + OpenPortsIPv6TabUi.this.groupPermittedI.setValidationState(ValidationState.NONE); + OpenPortsIPv6TabUi.this.groupPermittedI.setValidationState(ValidationState.NONE); + OpenPortsIPv6TabUi.this.groupUnpermittedI.setValidationState(ValidationState.NONE); + OpenPortsIPv6TabUi.this.groupPermittedMac.setValidationState(ValidationState.NONE); + OpenPortsIPv6TabUi.this.groupSource.setValidationState(ValidationState.NONE); + } + + private void setModalFieldsHandlers() { + this.permittedI.addChangeHandler(event -> setEnableUnpermittedInterface()); + + this.unpermittedI.addChangeHandler(event -> setEnablePermittedInterface()); + + // set up validation + this.port.addValidator(newPortValidator()); + this.port.addBlurHandler(event -> this.port.validate()); + + this.permittedNw.addValidator(newPermittedNwValidator()); + this.permittedNw.addBlurHandler(event -> this.permittedNw.validate()); + + this.permittedI.addValidator(newPermittedIValidator()); + this.permittedI.addBlurHandler(event -> this.permittedI.validate()); + + this.unpermittedI.addValidator(newUnpermittedIValidator()); + this.unpermittedI.addBlurHandler(event -> this.unpermittedI.validate()); + + this.permittedMac.addValidator(newPermittedMacValidator()); + this.permittedMac.addBlurHandler(event -> this.permittedMac.validate()); + + this.source.addValidator(newSourceValidator()); + this.source.addBlurHandler(event -> this.source.validate()); + } + + private Validator newSourceValidator() { + return new Validator() { + + @Override + public List validate(Editor editor, String value) { + List result = new ArrayList<>(); + if (OpenPortsIPv6TabUi.this.source.getText().trim().length() > 0 && (!(FirewallPanelUtils + .checkPortRegex(OpenPortsIPv6TabUi.this.source.getText().trim()) + || FirewallPanelUtils.checkPortRangeRegex(OpenPortsIPv6TabUi.this.source.getText().trim())) + || !FirewallPanelUtils.isPortInRange(OpenPortsIPv6TabUi.this.source.getText().trim()))) { + result.add(new BasicEditorError(OpenPortsIPv6TabUi.this.source, value, + MSGS.firewallOpenPortFormSourcePortRangeErrorMessage())); + } + return result; + } + + @Override + public int getPriority() { + return 0; + } + }; + } + + private Validator newPermittedMacValidator() { + return new Validator() { + + @Override + public List validate(Editor editor, String value) { + List result = new ArrayList<>(); + if (!OpenPortsIPv6TabUi.this.permittedMac.getText().trim().matches(FieldType.MAC_ADDRESS.getRegex()) + && OpenPortsIPv6TabUi.this.permittedMac.getText().trim().length() > 0) { + result.add(new BasicEditorError(OpenPortsIPv6TabUi.this.permittedMac, value, + MSGS.firewallOpenPortFormPermittedMacAddressErrorMessage())); + } + return result; + } + + @Override + public int getPriority() { + return 0; + } + }; + } + + private Validator newUnpermittedIValidator() { + return new Validator() { + + @Override + public List validate(Editor editor, String value) { + List result = new ArrayList<>(); + if (!OpenPortsIPv6TabUi.this.unpermittedI.getText().trim().matches(FieldType.ALPHANUMERIC.getRegex()) + && OpenPortsIPv6TabUi.this.unpermittedI.getText().trim().length() > 0 + || OpenPortsIPv6TabUi.this.unpermittedI.getText().trim() + .length() > FirewallPanelUtils.INTERFACE_NAME_MAX_LENGTH) { + result.add(new BasicEditorError(OpenPortsIPv6TabUi.this.unpermittedI, value, + MSGS.firewallOpenPortFormUnpermittedInterfaceErrorMessage())); + } + return result; + } + + @Override + public int getPriority() { + return 0; + } + }; + } + + private Validator newPermittedIValidator() { + return new Validator() { + + @Override + public List validate(Editor editor, String value) { + List result = new ArrayList<>(); + if (!OpenPortsIPv6TabUi.this.permittedI.getText().trim().matches(FieldType.ALPHANUMERIC.getRegex()) + && OpenPortsIPv6TabUi.this.permittedI.getText().trim().length() > 0 + || OpenPortsIPv6TabUi.this.permittedI.getText().trim() + .length() > FirewallPanelUtils.INTERFACE_NAME_MAX_LENGTH) { + result.add(new BasicEditorError(OpenPortsIPv6TabUi.this.permittedI, value, + MSGS.firewallOpenPortFormPermittedInterfaceErrorMessage())); + } + return result; + } + + @Override + public int getPriority() { + return 0; + } + }; + } + + private Validator newPermittedNwValidator() { + return new Validator() { + + @Override + public List validate(Editor editor, String value) { + List result = new ArrayList<>(); + if (!OpenPortsIPv6TabUi.this.permittedNw.getText().trim().matches(FieldType.IPV6_CIDR_NOTATION.getRegex()) + && OpenPortsIPv6TabUi.this.permittedNw.getText().trim().length() > 0) { + result.add(new BasicEditorError(OpenPortsIPv6TabUi.this.permittedNw, value, + MSGS.firewallOpenPortFormPermittedNetworkIPv6ErrorMessage())); + } + return result; + } + + @Override + public int getPriority() { + return 0; + } + }; + } + + private Validator newPortValidator() { + return new Validator() { + + @Override + public List validate(Editor editor, String value) { + List result = new ArrayList<>(); + if (OpenPortsIPv6TabUi.this.port.getText() == null + || "".equals(OpenPortsIPv6TabUi.this.port.getText().trim()) + || OpenPortsIPv6TabUi.this.port.getText().trim().length() == 0 + || !(FirewallPanelUtils.checkPortRegex(OpenPortsIPv6TabUi.this.port.getText().trim()) + || FirewallPanelUtils + .checkPortRangeRegex(OpenPortsIPv6TabUi.this.port.getText().trim())) + || !FirewallPanelUtils.isPortInRange(OpenPortsIPv6TabUi.this.port.getText().trim())) { + result.add(new BasicEditorError(OpenPortsIPv6TabUi.this.port, value, + MSGS.firewallOpenPortFormPortErrorMessage())); + } + return result; + } + + @Override + public int getPriority() { + return 0; + } + }; + } + + private void setModalFieldsTooltips() { + // Port config + this.tooltipPort.setTitle(MSGS.firewallOpenPortFormPortToolTip()); + this.tooltipPort.reconfigure(); + + // Protocol config + this.tooltipProtocol.setTitle(MSGS.firewallOpenPortFormProtocolToolTip()); + this.tooltipProtocol.reconfigure(); + + // Permitted Network config + this.tooltipPermittedNw.setTitle(MSGS.firewallOpenPortFormPermittedNetworkIPv6ToolTip()); + this.tooltipPermittedNw.reconfigure(); + + // Permitted Interface config + this.tooltipPermittedI.setTitle(MSGS.firewallOpenPortFormPermittedInterfaceToolTip()); + this.tooltipPermittedI.reconfigure(); + + // UnPermitted Interface config + this.tooltipUnpermittedI.setTitle(MSGS.firewallOpenPortFormUnpermittedInterfaceToolTip()); + this.tooltipUnpermittedI.reconfigure(); + + // Permitted Mac Address config + this.tooltipPermittedMac.setTitle(MSGS.firewallOpenPortFormPermittedMacAddressToolTip()); + this.tooltipPermittedMac.reconfigure(); + + // Source config + this.tooltipSource.setTitle(MSGS.firewallOpenPortFormSourcePortRangeToolTip()); + this.tooltipSource.reconfigure(); + } + + private void setModalFieldsValues(final GwtFirewallOpenPortEntry existingEntry) { + // populate existing values + if (existingEntry != null) { + this.port.setText(String.valueOf(existingEntry.getPortRange())); + this.protocol.setSelectedIndex(existingEntry.getProtocol().equals(GwtNetProtocol.tcp.name()) ? 0 : 1); + + this.permittedNw.setText(existingEntry.getPermittedNetwork()); + this.permittedI.setText(existingEntry.getPermittedInterfaceName()); + this.unpermittedI.setText(existingEntry.getUnpermittedInterfaceName()); + this.permittedMac.setText(existingEntry.getPermittedMAC()); + this.source.setText(existingEntry.getSourcePortRange()); + } else { + this.port.setText(""); + this.protocol.setSelectedIndex(0); + + this.permittedNw.setText(""); + this.permittedI.setText(""); + this.permittedI.setEnabled(true); + this.unpermittedI.setText(""); + this.unpermittedI.setEnabled(true); + this.permittedMac.setText(""); + this.source.setText(""); + } + } + + private void setModalFieldsLabels() { + // set Labels + this.labelPort.setText(MSGS.firewallOpenPortFormPort() + "*"); + this.labelProtocol.setText(MSGS.firewallOpenPortFormProtocol()); + this.protocol.clear(); + this.protocol.addItem(GwtNetProtocol.tcp.name()); + this.protocol.addItem(GwtNetProtocol.udp.name()); + this.labelPermitttedNw.setText(MSGS.firewallOpenPortFormPermittedIPv6Network()); + this.labelPermitttedI.setText(MSGS.firewallOpenPortFormPermittedInterfaceName()); + this.labelUnPermitttedI.setText(MSGS.firewallOpenPortFormUnpermittedInterfaceName()); + this.labelPermitttedMac.setText(MSGS.firewallOpenPortFormPermittedMac()); + this.labelSource.setText(MSGS.firewallOpenPortFormSourcePortRange()); + } + + private boolean duplicateEntry(GwtFirewallOpenPortEntry openPortEntry) { + List entries = this.openPortsDataProvider.getList(); + if (entries != null && openPortEntry != null) { + for (GwtFirewallOpenPortEntry entry : entries) { + Map savedEntry = entry.getProperties(); + Map newEntry = openPortEntry.getProperties(); + + if (newEntry.equals(savedEntry)) { + return true; + } + } + } + return false; + } + + private void setVisibility() { + if (this.openPortsDataProvider.getList().isEmpty()) { + this.openPortsGrid.setVisible(false); + this.notification.setVisible(true); + this.notification.setText(MSGS.firewallOpenPortTableNoPorts()); + } else { + this.openPortsGrid.setVisible(true); + this.notification.setVisible(false); + } + } + + private void replaceModalHideHandler(ModalHideHandler hideHandler) { + if (this.modalHideHandlerRegistration != null) { + this.modalHideHandlerRegistration.removeHandler(); + } + this.modalHideHandlerRegistration = this.openPortsForm.addHideHandler(hideHandler); + } + + private void resetFields() { + this.openPortEntry = null; + this.editOpenPortEntry = null; + this.newOpenPortEntry = null; + this.port.clear(); + this.permittedNw.clear(); + this.permittedI.clear(); + this.unpermittedI.clear(); + this.permittedMac.clear(); + this.source.clear(); + } + + private boolean checkEntries() { + boolean valid = true; + + if (this.groupPort.getValidationState() == ValidationState.ERROR || this.port.getText() == null + || "".equals(this.port.getText().trim())) { + this.groupPort.setValidationState(ValidationState.ERROR); + valid = false; + } + + if (this.groupPermittedNw.getValidationState() == ValidationState.ERROR + || this.groupPermittedI.getValidationState() == ValidationState.ERROR + || this.groupUnpermittedI.getValidationState() == ValidationState.ERROR + || this.groupPermittedMac.getValidationState() == ValidationState.ERROR + || this.groupSource.getValidationState() == ValidationState.ERROR) { + valid = false; + } + + return valid; + } + +} diff --git a/kura/org.eclipse.kura.web2/src/main/java/org/eclipse/kura/web/client/ui/firewall/OpenPortsIPv6TabUi.ui.xml b/kura/org.eclipse.kura.web2/src/main/java/org/eclipse/kura/web/client/ui/firewall/OpenPortsIPv6TabUi.ui.xml new file mode 100644 index 00000000000..b65afe4f5b1 --- /dev/null +++ b/kura/org.eclipse.kura.web2/src/main/java/org/eclipse/kura/web/client/ui/firewall/OpenPortsIPv6TabUi.ui.xml @@ -0,0 +1,137 @@ + + + + + + + + + + .important { + font-weight: bold; + } + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/kura/org.eclipse.kura.web2/src/main/java/org/eclipse/kura/web/client/ui/firewall/OpenPortsTabUi.java b/kura/org.eclipse.kura.web2/src/main/java/org/eclipse/kura/web/client/ui/firewall/OpenPortsTabUi.java index 98c5f134f68..667afe12377 100644 --- a/kura/org.eclipse.kura.web2/src/main/java/org/eclipse/kura/web/client/ui/firewall/OpenPortsTabUi.java +++ b/kura/org.eclipse.kura.web2/src/main/java/org/eclipse/kura/web/client/ui/firewall/OpenPortsTabUi.java @@ -718,7 +718,7 @@ private Validator newPermittedNwValidator() { @Override public List validate(Editor editor, String value) { List result = new ArrayList<>(); - if (!OpenPortsTabUi.this.permittedNw.getText().trim().matches(FieldType.NETWORK.getRegex()) + if (!OpenPortsTabUi.this.permittedNw.getText().trim().matches(FieldType.IPV4_CIDR_NOTATION.getRegex()) && OpenPortsTabUi.this.permittedNw.getText().trim().length() > 0) { result.add(new BasicEditorError(OpenPortsTabUi.this.permittedNw, value, MSGS.firewallOpenPortFormPermittedNetworkErrorMessage())); diff --git a/kura/org.eclipse.kura.web2/src/main/java/org/eclipse/kura/web/client/ui/firewall/PortForwardingIPv6TabUi.java b/kura/org.eclipse.kura.web2/src/main/java/org/eclipse/kura/web/client/ui/firewall/PortForwardingIPv6TabUi.java new file mode 100644 index 00000000000..1ff57e42210 --- /dev/null +++ b/kura/org.eclipse.kura.web2/src/main/java/org/eclipse/kura/web/client/ui/firewall/PortForwardingIPv6TabUi.java @@ -0,0 +1,1059 @@ +/******************************************************************************* + * Copyright (c) 2011, 2023 Eurotech and/or its affiliates and others + * + * This program and the accompanying materials are made + * available under the terms of the Eclipse Public License 2.0 + * which is available at https://www.eclipse.org/legal/epl-2.0/ + * + * SPDX-License-Identifier: EPL-2.0 + * + * Contributors: + * Eurotech + *******************************************************************************/ +package org.eclipse.kura.web.client.ui.firewall; + +import java.util.ArrayList; +import java.util.List; + +import org.eclipse.kura.web.client.messages.Messages; +import org.eclipse.kura.web.client.ui.AlertDialog; +import org.eclipse.kura.web.client.ui.AlertDialog.ConfirmListener; +import org.eclipse.kura.web.client.ui.EntryClassUi; +import org.eclipse.kura.web.client.ui.Tab; +import org.eclipse.kura.web.client.util.FailureHandler; +import org.eclipse.kura.web.client.util.TextFieldValidator.FieldType; +import org.eclipse.kura.web.shared.model.GwtFirewallNatMasquerade; +import org.eclipse.kura.web.shared.model.GwtFirewallPortForwardEntry; +import org.eclipse.kura.web.shared.model.GwtNetProtocol; +import org.eclipse.kura.web.shared.model.GwtXSRFToken; +import org.eclipse.kura.web.shared.service.GwtNetworkService; +import org.eclipse.kura.web.shared.service.GwtNetworkServiceAsync; +import org.eclipse.kura.web.shared.service.GwtSecurityTokenService; +import org.eclipse.kura.web.shared.service.GwtSecurityTokenServiceAsync; +import org.gwtbootstrap3.client.shared.event.ModalHideHandler; +import org.gwtbootstrap3.client.ui.Alert; +import org.gwtbootstrap3.client.ui.Button; +import org.gwtbootstrap3.client.ui.FormGroup; +import org.gwtbootstrap3.client.ui.FormLabel; +import org.gwtbootstrap3.client.ui.ListBox; +import org.gwtbootstrap3.client.ui.Modal; +import org.gwtbootstrap3.client.ui.TextBox; +import org.gwtbootstrap3.client.ui.Tooltip; +import org.gwtbootstrap3.client.ui.constants.ValidationState; +import org.gwtbootstrap3.client.ui.form.error.BasicEditorError; +import org.gwtbootstrap3.client.ui.form.validator.Validator; +import org.gwtbootstrap3.client.ui.gwt.CellTable; + +import com.google.gwt.core.client.GWT; +import com.google.gwt.editor.client.Editor; +import com.google.gwt.editor.client.EditorError; +import com.google.gwt.uibinder.client.UiBinder; +import com.google.gwt.uibinder.client.UiField; +import com.google.gwt.user.cellview.client.TextColumn; +import com.google.gwt.user.client.rpc.AsyncCallback; +import com.google.gwt.user.client.ui.Composite; +import com.google.gwt.user.client.ui.Widget; +import com.google.gwt.view.client.ListDataProvider; +import com.google.gwt.view.client.SingleSelectionModel; +import com.google.web.bindery.event.shared.HandlerRegistration; + +public class PortForwardingIPv6TabUi extends Composite implements Tab, ButtonBar.Listener { + + private static final String STATUS_TABLE_ROW = "status-table-row"; + + private static PortForwardingTabUiUiBinder uiBinder = GWT.create(PortForwardingTabUiUiBinder.class); + + interface PortForwardingTabUiUiBinder extends UiBinder { + } + + private static final Messages MSGS = GWT.create(Messages.class); + + private final GwtSecurityTokenServiceAsync gwtXSRFService = GWT.create(GwtSecurityTokenService.class); + private final GwtNetworkServiceAsync gwtNetworkService = GWT.create(GwtNetworkService.class); + + private final ListDataProvider portForwardDataProvider = new ListDataProvider<>(); + private final SingleSelectionModel selectionModel = new SingleSelectionModel<>(); + + private GwtFirewallPortForwardEntry newPortForwardEntry; + private GwtFirewallPortForwardEntry editPortForwardEntry; + + private boolean dirty; + + @UiField + ButtonBar buttonBar; + @UiField + Alert notification; + @UiField + CellTable portForwardGrid = new CellTable<>(); + + @UiField + AlertDialog alertDialog; + + @UiField + Modal portForwardingForm; + + @UiField + FormLabel labelInput; + @UiField + FormLabel labelOutput; + @UiField + FormLabel labelLan; + @UiField + FormLabel labelProtocol; + @UiField + FormLabel labelExternal; + @UiField + FormLabel labelInternal; + @UiField + FormLabel labelEnable; + @UiField + FormLabel labelPermitttedNw; + @UiField + FormLabel labelPermitttedMac; + @UiField + FormLabel labelSource; + + @UiField + FormGroup groupInput; + @UiField + FormGroup groupOutput; + @UiField + FormGroup groupLan; + @UiField + FormGroup groupExternal; + @UiField + FormGroup groupInternal; + @UiField + FormGroup groupPermittedNw; + @UiField + FormGroup groupPermittedMac; + @UiField + FormGroup groupSource; + + @UiField + Tooltip tooltipInput; + @UiField + Tooltip tooltipOutput; + @UiField + Tooltip tooltipLan; + @UiField + Tooltip tooltipProtocol; + @UiField + Tooltip tooltipExternal; + @UiField + Tooltip tooltipInternal; + @UiField + Tooltip tooltipEnable; + @UiField + Tooltip tooltipPermittedNw; + @UiField + Tooltip tooltipPermittedMac; + @UiField + Tooltip tooltipSource; + + @UiField + TextBox input; + @UiField + TextBox output; + @UiField + TextBox lan; + @UiField + TextBox external; + @UiField + TextBox internal; + @UiField + TextBox permittedNw; + @UiField + TextBox permittedMac; + @UiField + TextBox source; + + @UiField + ListBox protocol; + @UiField + ListBox enable; + + @UiField + Button submit; + @UiField + Button cancel; + + @UiField + Modal existingRule; + @UiField + Button close; + + private HandlerRegistration modalHideHandlerRegistration; + + public PortForwardingIPv6TabUi() { + initWidget(uiBinder.createAndBindUi(this)); + this.selectionModel.addSelectionChangeHandler(event -> PortForwardingIPv6TabUi.this.buttonBar + .setEditDeleteButtonsDirty(PortForwardingIPv6TabUi.this.selectionModel.getSelectedObject() != null)); + this.portForwardGrid.setSelectionModel(this.selectionModel); + + this.buttonBar.setListener(this); + + // Initialize fixed fields for modal + setModalFieldsLabels(); + setModalFieldsTooltips(); + setModalFieldsHandlers(); + + initTable(); + initModal(); + initDuplicateRuleModal(); + + } + + private void initDuplicateRuleModal() { + this.close.addClickHandler(event -> this.existingRule.hide()); + } + + // + // Public methods + // + @Override + public void refresh() { + EntryClassUi.showWaitModal(); + clear(); + this.notification.setVisible(false); + + this.gwtXSRFService.generateSecurityToken(new AsyncCallback() { + + @Override + public void onFailure(Throwable ex) { + EntryClassUi.hideWaitModal(); + FailureHandler.handle(ex); + } + + @Override + public void onSuccess(GwtXSRFToken token) { + PortForwardingIPv6TabUi.this.setDirty(false); + PortForwardingIPv6TabUi.this.gwtNetworkService.findDeviceFirewallPortForwardsIPv6(token, + new AsyncCallback>() { + + @Override + public void onFailure(Throwable caught) { + EntryClassUi.hideWaitModal(); + FailureHandler.handle(caught, + PortForwardingIPv6TabUi.this.gwtNetworkService.getClass().getSimpleName()); + } + + @Override + public void onSuccess(List result) { + for (GwtFirewallPortForwardEntry pair : result) { + PortForwardingIPv6TabUi.this.portForwardDataProvider.getList().add(pair); + } + setVisibility(); + refreshTable(); + EntryClassUi.hideWaitModal(); + } + }); + } + + }); + } + + @Override + public boolean isDirty() { + return this.dirty; + } + + @Override + public void setDirty(boolean b) { + this.dirty = b; + } + + @Override + public boolean isValid() { + return true; + } + + @Override + public void clear() { + this.portForwardDataProvider.getList().clear(); + PortForwardingIPv6TabUi.this.buttonBar.setApplyResetButtonsDirty(false); + PortForwardingIPv6TabUi.this.buttonBar.setEditDeleteButtonsDirty(false); + setVisibility(); + refreshTable(); + } + + // + // Private methods + // + private void initTable() { + + TextColumn col1 = new TextColumn() { + + @Override + public String getValue(GwtFirewallPortForwardEntry object) { + if (object.getInboundInterface() != null) { + return String.valueOf(object.getInboundInterface()); + } else { + return ""; + } + } + }; + col1.setCellStyleNames(STATUS_TABLE_ROW); + this.portForwardGrid.addColumn(col1, MSGS.firewallPortForwardInboundInterface()); + + TextColumn col2 = new TextColumn() { + + @Override + public String getValue(GwtFirewallPortForwardEntry object) { + if (object.getOutboundInterface() != null) { + return String.valueOf(object.getOutboundInterface()); + } else { + return ""; + } + } + }; + col2.setCellStyleNames(STATUS_TABLE_ROW); + this.portForwardGrid.addColumn(col2, MSGS.firewallPortForwardOutboundInterface()); + + TextColumn col3 = new TextColumn() { + + @Override + public String getValue(GwtFirewallPortForwardEntry object) { + if (object.getAddress() != null) { + return String.valueOf(object.getAddress()); + } else { + return ""; + } + } + }; + col3.setCellStyleNames(STATUS_TABLE_ROW); + this.portForwardGrid.addColumn(col3, MSGS.firewallPortForwardAddress()); + + TextColumn col4 = new TextColumn() { + + @Override + public String getValue(GwtFirewallPortForwardEntry object) { + if (object.getProtocol() != null) { + return String.valueOf(object.getProtocol()); + } else { + return ""; + } + } + }; + col4.setCellStyleNames(STATUS_TABLE_ROW); + this.portForwardGrid.addColumn(col4, MSGS.firewallPortForwardProtocol()); + + TextColumn col5 = new TextColumn() { + + @Override + public String getValue(GwtFirewallPortForwardEntry object) { + if (object.getOutPort() != null) { + return String.valueOf(object.getOutPort()); + } else { + return ""; + } + } + }; + col5.setCellStyleNames(STATUS_TABLE_ROW); + this.portForwardGrid.addColumn(col5, MSGS.firewallPortForwardOutPort()); + + TextColumn col6 = new TextColumn() { + + @Override + public String getValue(GwtFirewallPortForwardEntry object) { + if (object.getInPort() != null) { + return String.valueOf(object.getInPort()); + } else { + return ""; + } + } + }; + col6.setCellStyleNames(STATUS_TABLE_ROW); + this.portForwardGrid.addColumn(col6, MSGS.firewallPortForwardInPort()); + + TextColumn col7 = new TextColumn() { + + @Override + public String getValue(GwtFirewallPortForwardEntry object) { + if (object.getMasquerade() != null) { + return String.valueOf(object.getMasquerade()); + } else { + return ""; + } + } + }; + col7.setCellStyleNames(STATUS_TABLE_ROW); + this.portForwardGrid.addColumn(col7, MSGS.firewallPortForwardMasquerade()); + + TextColumn col8 = new TextColumn() { + + @Override + public String getValue(GwtFirewallPortForwardEntry object) { + if (object.getPermittedNetwork() != null) { + return String.valueOf(object.getPermittedNetwork()); + } else { + return ""; + } + } + }; + col8.setCellStyleNames(STATUS_TABLE_ROW); + this.portForwardGrid.addColumn(col8, MSGS.firewallPortForwardPermittedNetwork()); + + TextColumn col9 = new TextColumn() { + + @Override + public String getValue(GwtFirewallPortForwardEntry object) { + if (object.getPermittedMAC() != null) { + return String.valueOf(object.getPermittedMAC()); + } else { + return ""; + } + } + }; + col9.setCellStyleNames(STATUS_TABLE_ROW); + this.portForwardGrid.addColumn(col9, MSGS.firewallPortForwardPermittedMac()); + + TextColumn col10 = new TextColumn() { + + @Override + public String getValue(GwtFirewallPortForwardEntry object) { + if (object.getSourcePortRange() != null) { + return String.valueOf(object.getSourcePortRange()); + } else { + return ""; + } + } + }; + col10.setCellStyleNames(STATUS_TABLE_ROW); + this.portForwardGrid.addColumn(col10, MSGS.firewallPortForwardSourcePortRange()); + + this.portForwardDataProvider.addDataDisplay(this.portForwardGrid); + } + + private void refreshTable() { + int size = this.portForwardDataProvider.getList().size(); + this.portForwardGrid.setVisibleRange(0, size); + this.portForwardDataProvider.flush(); + this.portForwardGrid.redraw(); + this.selectionModel.setSelected(this.selectionModel.getSelectedObject(), false); + } + + @Override + public void onApply() { + List intermediateList = PortForwardingIPv6TabUi.this.portForwardDataProvider + .getList(); + + final List updatedPortForwardConf = new ArrayList<>(); + for (GwtFirewallPortForwardEntry entry : intermediateList) { + updatedPortForwardConf.add(entry); + } + + EntryClassUi.showWaitModal(); + PortForwardingIPv6TabUi.this.gwtXSRFService.generateSecurityToken(new AsyncCallback() { + + @Override + public void onFailure(Throwable ex) { + EntryClassUi.hideWaitModal(); + FailureHandler.handle(ex); + } + + @Override + public void onSuccess(GwtXSRFToken token) { + PortForwardingIPv6TabUi.this.gwtNetworkService.updateDeviceFirewallPortForwardsIPv6(token, + updatedPortForwardConf, new AsyncCallback() { + + @Override + public void onFailure(Throwable ex) { + FailureHandler.handle(ex); + EntryClassUi.hideWaitModal(); + } + + @Override + public void onSuccess(Void result) { + PortForwardingIPv6TabUi.this.buttonBar.setApplyResetButtonsDirty(false); + EntryClassUi.hideWaitModal(); + + setDirty(false); + } + }); + } + }); + + } + + @Override + public void onCancel() { + PortForwardingIPv6TabUi.this.alertDialog.show(MSGS.deviceConfigDirty(), PortForwardingIPv6TabUi.this::refresh); + } + + @Override + public void onCreate() { + replaceModalHideHandler(evt -> { + if (PortForwardingIPv6TabUi.this.newPortForwardEntry != null) { + // Avoid duplicates + if (!duplicateEntry(PortForwardingIPv6TabUi.this.newPortForwardEntry)) { + PortForwardingIPv6TabUi.this.portForwardDataProvider.getList() + .add(PortForwardingIPv6TabUi.this.newPortForwardEntry); + setVisibility(); + refreshTable(); + PortForwardingIPv6TabUi.this.buttonBar.setApplyResetButtonsDirty(true); + PortForwardingIPv6TabUi.this.newPortForwardEntry = null; + } else { + this.existingRule.show(); + } + } + resetFields(); + }); + showModal(null); + } + + @Override + public void onEdit() { + + GwtFirewallPortForwardEntry selection = PortForwardingIPv6TabUi.this.selectionModel.getSelectedObject(); + + if (selection == null) { + return; + } + + replaceModalHideHandler(evt -> { + if (PortForwardingIPv6TabUi.this.editPortForwardEntry != null) { + GwtFirewallPortForwardEntry oldEntry = PortForwardingIPv6TabUi.this.selectionModel.getSelectedObject(); + PortForwardingIPv6TabUi.this.portForwardDataProvider.getList().remove(oldEntry); + refreshTable(); + if (!duplicateEntry(PortForwardingIPv6TabUi.this.editPortForwardEntry)) { + PortForwardingIPv6TabUi.this.portForwardDataProvider.getList() + .add(PortForwardingIPv6TabUi.this.editPortForwardEntry); + PortForwardingIPv6TabUi.this.portForwardDataProvider.flush(); + PortForwardingIPv6TabUi.this.buttonBar.setApplyResetButtonsDirty(true); + PortForwardingIPv6TabUi.this.editPortForwardEntry = null; + setVisibility(); + } else { // end duplicate + this.existingRule.show(); + PortForwardingIPv6TabUi.this.portForwardDataProvider.getList().add(oldEntry); + PortForwardingIPv6TabUi.this.portForwardDataProvider.flush(); + } + refreshTable(); + PortForwardingIPv6TabUi.this.buttonBar.setEditDeleteButtonsDirty(false); + PortForwardingIPv6TabUi.this.selectionModel.setSelected(selection, false); + } + resetFields(); + }); + + showModal(selection); + } + + @Override + public void onDelete() { + GwtFirewallPortForwardEntry selection = PortForwardingIPv6TabUi.this.selectionModel.getSelectedObject(); + if (selection != null) { + PortForwardingIPv6TabUi.this.alertDialog + .show(MSGS.firewallOpenPortDeleteConfirmation(String.valueOf(selection.getInPort())), () -> { + PortForwardingIPv6TabUi.this.portForwardDataProvider.getList().remove(selection); + PortForwardingIPv6TabUi.this.buttonBar.setApplyResetButtonsDirty(true); + PortForwardingIPv6TabUi.this.buttonBar.setEditDeleteButtonsDirty(false); + PortForwardingIPv6TabUi.this.selectionModel.setSelected(selection, false); + setVisibility(); + refreshTable(); + + setDirty(true); + }); + } + } + + private void initModal() { + + // handle buttons + this.cancel.setText(MSGS.cancelButton()); + this.cancel.addClickHandler(event -> { + PortForwardingIPv6TabUi.this.portForwardingForm.hide(); + resetFields(); + }); + + this.submit.setText(MSGS.submitButton()); + this.submit.addClickHandler(event -> { + + if (!checkEntries()) { + return; + } + + final GwtFirewallPortForwardEntry portForwardEntry = new GwtFirewallPortForwardEntry(); + portForwardEntry.setInboundInterface(PortForwardingIPv6TabUi.this.input.getText()); + portForwardEntry.setOutboundInterface(PortForwardingIPv6TabUi.this.output.getText()); + portForwardEntry.setAddress(PortForwardingIPv6TabUi.this.lan.getText()); + portForwardEntry.setProtocol(PortForwardingIPv6TabUi.this.protocol.getSelectedItemText()); + portForwardEntry.setOutPort(Integer.parseInt(PortForwardingIPv6TabUi.this.internal.getText())); + portForwardEntry.setInPort(Integer.parseInt(PortForwardingIPv6TabUi.this.external.getText())); + portForwardEntry.setMasquerade(PortForwardingIPv6TabUi.this.enable.getSelectedItemText()); + if (PortForwardingIPv6TabUi.this.permittedNw.getText() != null + && !"".equals(PortForwardingIPv6TabUi.this.permittedNw.getText().trim())) { + portForwardEntry.setPermittedNetwork(PortForwardingIPv6TabUi.this.permittedNw.getText()); + } else { + portForwardEntry.setPermittedNetwork("::/0"); + } + if (PortForwardingIPv6TabUi.this.permittedMac.getText() != null + && !"".equals(PortForwardingIPv6TabUi.this.permittedMac.getText().trim())) { + portForwardEntry.setPermittedMAC(PortForwardingIPv6TabUi.this.permittedMac.getText()); + PortForwardingIPv6TabUi.this.alertDialog.setTitle(MSGS.warning()); + PortForwardingIPv6TabUi.this.alertDialog.show(MSGS.firewallPortForwardFormNotificationMacFiltering(), + (ConfirmListener) null); + } + if (PortForwardingIPv6TabUi.this.source.getText() != null + && !"".equals(PortForwardingIPv6TabUi.this.source.getText().trim())) { + portForwardEntry.setSourcePortRange(PortForwardingIPv6TabUi.this.source.getText()); + } + + if (PortForwardingIPv6TabUi.this.submit.getId().equals("new")) { + PortForwardingIPv6TabUi.this.newPortForwardEntry = portForwardEntry; + PortForwardingIPv6TabUi.this.editPortForwardEntry = null; + } else if (PortForwardingIPv6TabUi.this.submit.getId().equals("edit")) { + PortForwardingIPv6TabUi.this.editPortForwardEntry = portForwardEntry; + PortForwardingIPv6TabUi.this.newPortForwardEntry = null; + } + + setDirty(true); + + PortForwardingIPv6TabUi.this.portForwardingForm.hide(); + });// end submit click handler + } + + private void showModal(final GwtFirewallPortForwardEntry existingEntry) { + resetValidationStates(); + + if (existingEntry == null) { + // new + this.portForwardingForm.setTitle(MSGS.firewallPortForwardFormInformation()); + } else { + // edit existing entry + this.portForwardingForm + .setTitle(MSGS.firewallPortForwardFormUpdate(String.valueOf(existingEntry.getInPort()))); + } + + setModalFieldsValues(existingEntry); + + if (existingEntry == null) { + this.submit.setId("new"); + } else { + this.submit.setId("edit"); + } + + this.portForwardingForm.show(); + }// end initModal + + private void resetValidationStates() { + PortForwardingIPv6TabUi.this.groupInput.setValidationState(ValidationState.NONE); + PortForwardingIPv6TabUi.this.groupOutput.setValidationState(ValidationState.NONE); + PortForwardingIPv6TabUi.this.groupLan.setValidationState(ValidationState.NONE); + PortForwardingIPv6TabUi.this.groupInternal.setValidationState(ValidationState.NONE); + PortForwardingIPv6TabUi.this.groupExternal.setValidationState(ValidationState.NONE); + PortForwardingIPv6TabUi.this.groupPermittedNw.setValidationState(ValidationState.NONE); + PortForwardingIPv6TabUi.this.groupPermittedMac.setValidationState(ValidationState.NONE); + PortForwardingIPv6TabUi.this.groupSource.setValidationState(ValidationState.NONE); + } + + private void setModalFieldsHandlers() { + // Set validations + this.input.addValidator(newInputValidator()); + this.input.addBlurHandler(event -> this.input.validate()); + + this.output.addValidator(newOutputValidator()); + this.output.addBlurHandler(event -> this.output.validate()); + + this.lan.addValidator(newLanValidator()); + this.lan.addBlurHandler(event -> this.lan.validate()); + + this.internal.addValidator(newInternalValidator()); + this.internal.addBlurHandler(event -> this.internal.validate()); + + this.external.addValidator(newExternalValidator()); + this.external.addBlurHandler(event -> this.external.validate()); + + this.permittedNw.addValidator(newPermittedNwValidator()); + this.permittedNw.addBlurHandler(event -> this.permittedNw.validate()); + + this.permittedMac.addValidator(newPermittedMacValidator()); + this.permittedMac.addBlurHandler(event -> this.permittedMac.validate()); + + this.source.addValidator(newSourceValidator()); + this.source.addBlurHandler(event -> this.source.validate()); + } + + private Validator newInputValidator() { + return new Validator() { + + @Override + public List validate(Editor editor, String value) { + List result = new ArrayList<>(); + if (PortForwardingIPv6TabUi.this.input.getText().trim().isEmpty() + || !PortForwardingIPv6TabUi.this.input.getText().trim() + .matches(FieldType.ALPHANUMERIC.getRegex()) + || PortForwardingIPv6TabUi.this.input.getText().trim() + .length() > FirewallPanelUtils.INTERFACE_NAME_MAX_LENGTH) { + result.add(new BasicEditorError(PortForwardingIPv6TabUi.this.input, value, + MSGS.firewallPortForwardFormInboundInterfaceErrorMessage())); + } + return result; + } + + @Override + public int getPriority() { + return 0; + } + }; + } + + private Validator newOutputValidator() { + return new Validator() { + + @Override + public List validate(Editor editor, String value) { + List result = new ArrayList<>(); + if (PortForwardingIPv6TabUi.this.output.getText().trim().isEmpty() + || !PortForwardingIPv6TabUi.this.output.getText().trim() + .matches(FieldType.ALPHANUMERIC.getRegex()) + || PortForwardingIPv6TabUi.this.output.getText().trim() + .length() > FirewallPanelUtils.INTERFACE_NAME_MAX_LENGTH) { + result.add(new BasicEditorError(PortForwardingIPv6TabUi.this.output, value, + MSGS.firewallPortForwardFormOutboundInterfaceErrorMessage())); + } + return result; + } + + @Override + public int getPriority() { + return 0; + } + }; + } + + private Validator newLanValidator() { + return new Validator() { + + @Override + public List validate(Editor editor, String value) { + List result = new ArrayList<>(); + if (PortForwardingIPv6TabUi.this.lan.getText().trim().isEmpty() || !PortForwardingIPv6TabUi.this.lan + .getText().trim().matches(FieldType.IPV6_ADDRESS.getRegex())) { + result.add(new BasicEditorError(PortForwardingIPv6TabUi.this.lan, value, + MSGS.firewallPortForwardFormLanAddressErrorMessage())); + } + return result; + } + + @Override + public int getPriority() { + return 0; + } + }; + } + + private Validator newInternalValidator() { + return new Validator() { + + @Override + public List validate(Editor editor, String value) { + List result = new ArrayList<>(); + if (PortForwardingIPv6TabUi.this.internal.getText().trim().isEmpty() + || !FirewallPanelUtils.checkPortRegex(PortForwardingIPv6TabUi.this.internal.getText()) + || !FirewallPanelUtils.isPortInRange(PortForwardingIPv6TabUi.this.internal.getText())) { + result.add(new BasicEditorError(PortForwardingIPv6TabUi.this.internal, value, + MSGS.firewallPortForwardFormInternalPortErrorMessage())); + } + return result; + } + + @Override + public int getPriority() { + return 0; + } + }; + } + + private Validator newExternalValidator() { + return new Validator() { + + @Override + public List validate(Editor editor, String value) { + List result = new ArrayList<>(); + if (PortForwardingIPv6TabUi.this.external.getText().trim().isEmpty() + || !FirewallPanelUtils.checkPortRegex(PortForwardingIPv6TabUi.this.external.getText()) + || !FirewallPanelUtils.isPortInRange(PortForwardingIPv6TabUi.this.external.getText())) { + result.add(new BasicEditorError(PortForwardingIPv6TabUi.this.external, value, + MSGS.firewallPortForwardFormExternalPortErrorMessage())); + } + return result; + } + + @Override + public int getPriority() { + return 0; + } + }; + } + + private Validator newPermittedNwValidator() { + return new Validator() { + + @Override + public List validate(Editor editor, String value) { + List result = new ArrayList<>(); + if (!PortForwardingIPv6TabUi.this.permittedNw.getText().trim().isEmpty() + && !PortForwardingIPv6TabUi.this.permittedNw.getText().trim() + .matches(FieldType.IPV6_CIDR_NOTATION.getRegex())) { + result.add(new BasicEditorError(PortForwardingIPv6TabUi.this.permittedNw, value, + MSGS.firewallPortForwardFormPermittedNetworkIPv6ErrorMessage())); + } + return result; + } + + @Override + public int getPriority() { + return 0; + } + }; + } + + private Validator newPermittedMacValidator() { + return new Validator() { + + @Override + public List validate(Editor editor, String value) { + List result = new ArrayList<>(); + if (!PortForwardingIPv6TabUi.this.permittedMac.getText().trim().isEmpty() + && !PortForwardingIPv6TabUi.this.permittedMac.getText().trim() + .matches(FieldType.MAC_ADDRESS.getRegex())) { + result.add(new BasicEditorError(PortForwardingIPv6TabUi.this.permittedMac, value, + MSGS.firewallPortForwardFormPermittedMacAddressErrorMessage())); + } + return result; + } + + @Override + public int getPriority() { + return 0; + } + }; + } + + private Validator newSourceValidator() { + return new Validator() { + + @Override + public List validate(Editor editor, String value) { + List result = new ArrayList<>(); + if (!PortForwardingIPv6TabUi.this.source.getText().trim().isEmpty() && (!(FirewallPanelUtils + .checkPortRegex(PortForwardingIPv6TabUi.this.source.getText()) + || FirewallPanelUtils.checkPortRangeRegex(PortForwardingIPv6TabUi.this.source.getText())) + || !FirewallPanelUtils.isPortInRange(PortForwardingIPv6TabUi.this.source.getText()))) { + result.add(new BasicEditorError(PortForwardingIPv6TabUi.this.source, value, + MSGS.firewallPortForwardFormSourcePortRangeErrorMessage())); + } + return result; + } + + @Override + public int getPriority() { + return 0; + } + }; + } + + private void setModalFieldsValues(final GwtFirewallPortForwardEntry existingEntry) { + // set ListBoxes + this.protocol.clear(); + for (GwtNetProtocol prot : GwtNetProtocol.values()) { + this.protocol.addItem(prot.name()); + } + this.enable.clear(); + for (GwtFirewallNatMasquerade masquerade : GwtFirewallNatMasquerade.values()) { + this.enable.addItem(masquerade.name()); + } + + // populate Existing Values + if (existingEntry != null) { + this.input.setText(existingEntry.getInboundInterface()); + this.output.setText(existingEntry.getOutboundInterface()); + this.lan.setText(existingEntry.getAddress()); + this.external.setText(String.valueOf(existingEntry.getInPort())); + this.internal.setText(String.valueOf(existingEntry.getOutPort())); + this.permittedNw.setText(existingEntry.getPermittedNetwork()); + this.permittedMac.setText(existingEntry.getPermittedMAC()); + this.source.setText(existingEntry.getSourcePortRange()); + + for (int i = 0; i < this.protocol.getItemCount(); i++) { + if (existingEntry.getProtocol().equals(this.protocol.getItemText(i))) { + this.protocol.setSelectedIndex(i); + break; + } + } + + for (int i = 0; i < this.enable.getItemCount(); i++) { + if (existingEntry.getMasquerade().equals(this.enable.getItemText(i))) { + this.enable.setSelectedIndex(i); + break; + } + } + } else { + this.input.reset(); + this.output.reset(); + this.lan.reset(); + this.external.reset(); + this.internal.reset(); + this.permittedNw.reset(); + this.permittedMac.reset(); + this.source.reset(); + + this.protocol.setSelectedIndex(0); + this.enable.setSelectedIndex(0); + } + } + + private void setModalFieldsTooltips() { + // set Tooltips + this.tooltipInput.setTitle(MSGS.firewallPortForwardFormInboundInterfaceToolTip()); + this.tooltipOutput.setTitle(MSGS.firewallPortForwardFormOutboundInterfaceToolTip()); + this.tooltipLan.setTitle(MSGS.firewallPortForwardFormLanAddressToolTip()); + this.tooltipProtocol.setTitle(MSGS.firewallPortForwardFormProtocolToolTip()); + this.tooltipInternal.setTitle(MSGS.firewallPortForwardFormInternalPortToolTip()); + this.tooltipExternal.setTitle(MSGS.firewallPortForwardFormExternalPortToolTip()); + this.tooltipEnable.setTitle(MSGS.firewallPortForwardFormMasqueradingToolTip()); + this.tooltipPermittedNw.setTitle(MSGS.firewallPortForwardFormPermittedNetworkIPv6ToolTip()); + this.tooltipPermittedMac.setTitle(MSGS.firewallPortForwardFormPermittedMacAddressToolTip()); + this.tooltipSource.setTitle(MSGS.firewallPortForwardFormSourcePortRangeToolTip()); + this.tooltipInput.reconfigure(); + this.tooltipOutput.reconfigure(); + this.tooltipLan.reconfigure(); + this.tooltipProtocol.reconfigure(); + this.tooltipExternal.reconfigure(); + this.tooltipInternal.reconfigure(); + this.tooltipEnable.reconfigure(); + this.tooltipPermittedNw.reconfigure(); + this.tooltipPermittedMac.reconfigure(); + this.tooltipSource.reconfigure(); + } + + private void setModalFieldsLabels() { + // setLabels + this.labelInput.setText(MSGS.firewallPortForwardFormInboundInterface() + "*"); + this.labelOutput.setText(MSGS.firewallPortForwardFormOutboundInterface() + "*"); + this.labelLan.setText(MSGS.firewallPortForwardFormAddress() + "*"); + this.labelProtocol.setText(MSGS.firewallPortForwardFormProtocol()); + this.labelExternal.setText(MSGS.firewallPortForwardFormInPort() + "*"); + this.labelInternal.setText(MSGS.firewallPortForwardFormOutPort() + "*"); + this.labelEnable.setText(MSGS.firewallNatFormMasquerade()); + this.labelPermitttedNw.setText(MSGS.firewallPortForwardFormPermittedIPv6Network()); + this.labelPermitttedMac.setText(MSGS.firewallPortForwardFormPermittedMac()); + this.labelSource.setText(MSGS.firewallPortForwardFormSourcePortRange()); + } + + private boolean duplicateEntry(GwtFirewallPortForwardEntry portForwardEntry) { + boolean isDuplicateEntry = false; + List entries = this.portForwardDataProvider.getList(); + if (entries != null && portForwardEntry != null) { + for (GwtFirewallPortForwardEntry entry : entries) { + if (entry.getInboundInterface().equals(portForwardEntry.getInboundInterface()) + && entry.getOutboundInterface().equals(portForwardEntry.getOutboundInterface()) + && entry.getAddress().equals(portForwardEntry.getAddress()) + && entry.getProtocol().equals(portForwardEntry.getProtocol()) + && entry.getOutPort().equals(portForwardEntry.getOutPort()) + && entry.getInPort().equals(portForwardEntry.getInPort())) { + + String permittedNetwork = entry.getPermittedNetwork() != null ? entry.getPermittedNetwork() + : "0.0.0.0/0"; + String newPermittedNetwork = portForwardEntry.getPermittedNetwork() != null + ? portForwardEntry.getPermittedNetwork() + : "0.0.0.0/0"; + String permittedMAC = entry.getPermittedMAC() != null ? entry.getPermittedMAC().toUpperCase() : ""; + String newPermittedMAC = portForwardEntry.getPermittedMAC() != null + ? portForwardEntry.getPermittedMAC().toUpperCase() + : ""; + String sourcePortRange = entry.getSourcePortRange() != null ? entry.getSourcePortRange() : ""; + String newSourcePortRange = portForwardEntry.getSourcePortRange() != null + ? portForwardEntry.getSourcePortRange() + : ""; + + if (permittedNetwork.equals(newPermittedNetwork) && permittedMAC.equals(newPermittedMAC) + && sourcePortRange.equals(newSourcePortRange)) { + isDuplicateEntry = true; + break; + } + } + } + } + return isDuplicateEntry; + } + + private void setVisibility() { + if (this.portForwardDataProvider.getList().isEmpty()) { + this.portForwardGrid.setVisible(false); + this.notification.setVisible(true); + this.notification.setText(MSGS.firewallPortForwardTableNoPorts()); + } else { + this.portForwardGrid.setVisible(true); + this.notification.setVisible(false); + } + } + + private void replaceModalHideHandler(ModalHideHandler hideHandler) { + if (this.modalHideHandlerRegistration != null) { + this.modalHideHandlerRegistration.removeHandler(); + } + this.modalHideHandlerRegistration = this.portForwardingForm.addHideHandler(hideHandler); + } + + private void resetFields() { + PortForwardingIPv6TabUi.this.newPortForwardEntry = null; + PortForwardingIPv6TabUi.this.editPortForwardEntry = null; + PortForwardingIPv6TabUi.this.input.clear(); + PortForwardingIPv6TabUi.this.output.clear(); + PortForwardingIPv6TabUi.this.lan.clear(); + PortForwardingIPv6TabUi.this.external.clear(); + PortForwardingIPv6TabUi.this.internal.clear(); + PortForwardingIPv6TabUi.this.permittedNw.clear(); + PortForwardingIPv6TabUi.this.permittedMac.clear(); + PortForwardingIPv6TabUi.this.source.clear(); + } + + private boolean checkEntries() { + boolean valid = true; + + if (PortForwardingIPv6TabUi.this.groupInput.getValidationState().equals(ValidationState.ERROR) + || PortForwardingIPv6TabUi.this.input.getText() == null + || "".equals(PortForwardingIPv6TabUi.this.input.getText().trim())) { + PortForwardingIPv6TabUi.this.groupInput.setValidationState(ValidationState.ERROR); + valid = false; + } + + if (PortForwardingIPv6TabUi.this.groupOutput.getValidationState().equals(ValidationState.ERROR) + || PortForwardingIPv6TabUi.this.output.getText() == null + || "".equals(PortForwardingIPv6TabUi.this.output.getText().trim())) { + PortForwardingIPv6TabUi.this.groupOutput.setValidationState(ValidationState.ERROR); + valid = false; + } + + if (PortForwardingIPv6TabUi.this.groupLan.getValidationState().equals(ValidationState.ERROR) + || PortForwardingIPv6TabUi.this.lan.getText() == null + || "".equals(PortForwardingIPv6TabUi.this.lan.getText().trim())) { + PortForwardingIPv6TabUi.this.groupLan.setValidationState(ValidationState.ERROR); + valid = false; + } + + if (PortForwardingIPv6TabUi.this.groupInternal.getValidationState().equals(ValidationState.ERROR) + || PortForwardingIPv6TabUi.this.internal.getText() == null + || "".equals(PortForwardingIPv6TabUi.this.internal.getText().trim())) { + PortForwardingIPv6TabUi.this.groupInternal.setValidationState(ValidationState.ERROR); + valid = false; + } + + if (PortForwardingIPv6TabUi.this.groupExternal.getValidationState().equals(ValidationState.ERROR) + || PortForwardingIPv6TabUi.this.external.getText() == null + || "".equals(PortForwardingIPv6TabUi.this.external.getText().trim())) { + PortForwardingIPv6TabUi.this.groupExternal.setValidationState(ValidationState.ERROR); + valid = false; + } + + if (PortForwardingIPv6TabUi.this.groupPermittedNw.getValidationState().equals(ValidationState.ERROR) + || PortForwardingIPv6TabUi.this.groupPermittedMac.getValidationState().equals(ValidationState.ERROR) + || PortForwardingIPv6TabUi.this.groupSource.getValidationState().equals(ValidationState.ERROR)) { + valid = false; + } + + return valid; + } + +} \ No newline at end of file diff --git a/kura/org.eclipse.kura.web2/src/main/java/org/eclipse/kura/web/client/ui/firewall/PortForwardingIPv6TabUi.ui.xml b/kura/org.eclipse.kura.web2/src/main/java/org/eclipse/kura/web/client/ui/firewall/PortForwardingIPv6TabUi.ui.xml new file mode 100644 index 00000000000..c3ba5e92b29 --- /dev/null +++ b/kura/org.eclipse.kura.web2/src/main/java/org/eclipse/kura/web/client/ui/firewall/PortForwardingIPv6TabUi.ui.xml @@ -0,0 +1,176 @@ + + + + + + + + + + .important { + font-weight: bold; + } + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/kura/org.eclipse.kura.web2/src/main/java/org/eclipse/kura/web/client/ui/firewall/PortForwardingTabUi.java b/kura/org.eclipse.kura.web2/src/main/java/org/eclipse/kura/web/client/ui/firewall/PortForwardingTabUi.java index 6f0ddfb46c0..f835577511f 100644 --- a/kura/org.eclipse.kura.web2/src/main/java/org/eclipse/kura/web/client/ui/firewall/PortForwardingTabUi.java +++ b/kura/org.eclipse.kura.web2/src/main/java/org/eclipse/kura/web/client/ui/firewall/PortForwardingTabUi.java @@ -725,7 +725,7 @@ private Validator newLanValidator() { public List validate(Editor editor, String value) { List result = new ArrayList<>(); if (PortForwardingTabUi.this.lan.getText().trim().isEmpty() - || !PortForwardingTabUi.this.lan.getText().trim().matches(FieldType.IPv4_ADDRESS.getRegex())) { + || !PortForwardingTabUi.this.lan.getText().trim().matches(FieldType.IPV4_ADDRESS.getRegex())) { result.add(new BasicEditorError(PortForwardingTabUi.this.lan, value, MSGS.firewallPortForwardFormLanAddressErrorMessage())); } @@ -791,7 +791,7 @@ public List validate(Editor editor, String value) { List result = new ArrayList<>(); if (!PortForwardingTabUi.this.permittedNw.getText().trim().isEmpty() && !PortForwardingTabUi.this.permittedNw.getText().trim() - .matches(FieldType.NETWORK.getRegex())) { + .matches(FieldType.IPV4_CIDR_NOTATION.getRegex())) { result.add(new BasicEditorError(PortForwardingTabUi.this.permittedNw, value, MSGS.firewallPortForwardFormPermittedNetworkErrorMessage())); } diff --git a/kura/org.eclipse.kura.web2/src/main/java/org/eclipse/kura/web/client/ui/network/TabIp4Ui.java b/kura/org.eclipse.kura.web2/src/main/java/org/eclipse/kura/web/client/ui/network/TabIp4Ui.java index 6f05ef3a848..547981098bc 100644 --- a/kura/org.eclipse.kura.web2/src/main/java/org/eclipse/kura/web/client/ui/network/TabIp4Ui.java +++ b/kura/org.eclipse.kura.web2/src/main/java/org/eclipse/kura/web/client/ui/network/TabIp4Ui.java @@ -483,8 +483,8 @@ public void onFailure(Throwable ex) { @Override public void onSuccess(GwtXSRFToken token) { - TabIp4Ui.this.gwtNetworkService.renewDhcpLease(token, - TabIp4Ui.this.selectedNetIfConfig.getName(), new AsyncCallback() { + TabIp4Ui.this.gwtNetworkService.renewDhcpLease(token, TabIp4Ui.this.selectedNetIfConfig.getName(), + new AsyncCallback() { @Override public void onFailure(Throwable ex) { @@ -539,7 +539,7 @@ private void initDnsServersField() { } for (String dnsEntry : aDnsServers) { - if (dnsEntry.trim().length() >= 0 && !dnsEntry.trim().matches(FieldType.IPv4_ADDRESS.getRegex())) { + if (dnsEntry.trim().length() >= 0 && !dnsEntry.trim().matches(FieldType.IPV4_ADDRESS.getRegex())) { validDnsList = false; break; } @@ -564,7 +564,7 @@ private void initGatewayField() { this.gateway.addMouseOutHandler(event -> resetHelp()); this.gateway.addValueChangeHandler(event -> { setDirty(true); - if (!TabIp4Ui.this.gateway.getText().trim().matches(FieldType.IPv4_ADDRESS.getRegex()) + if (!TabIp4Ui.this.gateway.getText().trim().matches(FieldType.IPV4_ADDRESS.getRegex()) && TabIp4Ui.this.gateway.getText().trim().length() > 0) { TabIp4Ui.this.groupGateway.setValidationState(ValidationState.ERROR); TabIp4Ui.this.helpGateway.setText(MSGS.netIPv4InvalidAddress()); @@ -585,7 +585,7 @@ private void initSubnetMaskField() { this.subnet.addMouseOutHandler(event -> resetHelp()); this.subnet.addValueChangeHandler(event -> { setDirty(true); - if (!TabIp4Ui.this.subnet.getText().trim().matches(FieldType.IPv4_ADDRESS.getRegex()) + if (!TabIp4Ui.this.subnet.getText().trim().matches(FieldType.IPV4_ADDRESS.getRegex()) && TabIp4Ui.this.subnet.getText().trim().length() > 0) { TabIp4Ui.this.groupSubnet.setValidationState(ValidationState.ERROR); TabIp4Ui.this.helpSubnet.setText(MSGS.netIPv4InvalidAddress()); @@ -606,7 +606,7 @@ private void initIpAddressField() { this.ip.addMouseOutHandler(event -> resetHelp()); this.ip.addValueChangeHandler(event -> { setDirty(true); - if (!TabIp4Ui.this.ip.getText().trim().matches(FieldType.IPv4_ADDRESS.getRegex()) + if (!TabIp4Ui.this.ip.getText().trim().matches(FieldType.IPV4_ADDRESS.getRegex()) || TabIp4Ui.this.ip.getText().trim().length() <= 0) { TabIp4Ui.this.groupIp.setValidationState(ValidationState.ERROR); TabIp4Ui.this.helpIp.setText(MSGS.netIPv4InvalidAddress()); diff --git a/kura/org.eclipse.kura.web2/src/main/java/org/eclipse/kura/web/client/util/TextFieldValidator.java b/kura/org.eclipse.kura.web2/src/main/java/org/eclipse/kura/web/client/util/TextFieldValidator.java index 0fdc5b00b72..f2d4f02a369 100644 --- a/kura/org.eclipse.kura.web2/src/main/java/org/eclipse/kura/web/client/util/TextFieldValidator.java +++ b/kura/org.eclipse.kura.web2/src/main/java/org/eclipse/kura/web/client/util/TextFieldValidator.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright (c) 2011, 2020 Eurotech and/or its affiliates and others + * Copyright (c) 2011, 2023 Eurotech and/or its affiliates and others * * This program and the accompanying materials are made * available under the terms of the Eclipse Public License 2.0 @@ -25,6 +25,8 @@ public class TextFieldValidator { + private static final String IPV4_ADDRESS_REGEX = "\\b(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\b"; + private static final String IPV6_ADDRESS_REGEX = "(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))"; private static final ValidationMessages MSGS = GWT.create(ValidationMessages.class); TextBox Tbox; @@ -70,43 +72,46 @@ public enum FieldType { NAME_SPACE("name_space", "^[a-zA-Z0-9\\ \\_\\-]{3,}$"), PASSWORD("password", "^.*(?=.{6,})(?=.*\\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[@#$%^&+=!\\~\\|]).*$"), EMAIL("email", "^(\\w+)([-+.][\\w]+)*@(\\w[-\\w]*\\.){1,5}([A-Za-z]){2,4}$"), - PHONE("phone", "^(?:(?:\\+?1\\s*(?:[.-]\\s*)?)?(?:\\(\\s*([2-9]1[02-9]|[2-9][02-8]1|[2-9][02-8][02-9])\\s*\\)|([2-9]1[02-9]|[2-9][02-8]1|[2-9][02-8][02-9]))\\s*(?:[.-]\\s*)?)?([2-9]1[02-9]|[2-9][02-9]1|[2-9][02-9]{2})\\s*(?:[.-]\\s*)?([0-9]{4})(?:\\s*(?:#|x\\.?|ext\\.?|extension)\\s*(\\d+))?$"), + PHONE("phone", + "^(?:(?:\\+?1\\s*(?:[.-]\\s*)?)?(?:\\(\\s*([2-9]1[02-9]|[2-9][02-8]1|[2-9][02-8][02-9])\\s*\\)|([2-9]1[02-9]|[2-9][02-8]1|[2-9][02-8][02-9]))\\s*(?:[.-]\\s*)?)?([2-9]1[02-9]|[2-9][02-9]1|[2-9][02-9]{2})\\s*(?:[.-]\\s*)?([0-9]{4})(?:\\s*(?:#|x\\.?|ext\\.?|extension)\\s*(\\d+))?$"), ALPHABET("alphabet", "^[a-zA-Z_]+$"), ALPHANUMERIC("alphanumeric", "^[a-zA-Z0-9_]+$"), NUMERIC("numeric", "^[+0-9.]+$"), - NETWORK("network", "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,3})"), - IPv4_ADDRESS("ipv4_address", "\\b(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\b"), + IPV4_ADDRESS("ipv4_address", IPV4_ADDRESS_REGEX), + IPV6_ADDRESS("ipv6_address", IPV6_ADDRESS_REGEX), + IPV4_CIDR_NOTATION("ipv4_network", IPV4_ADDRESS_REGEX + "\\/(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\b"), + IPV6_CIDR_NOTATION("ipv6_network", IPV6_ADDRESS_REGEX + "\\/(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)"), PORT("port", "^[0-9]*$"), PORT_RANGE("port_range", "^[0-9]+:[0-9]+$"), MAC_ADDRESS("mac_address", "^([0-9a-fA-F]{2}:){5}([0-9a-fA-F]{2})$"), NIC_NAME("nic_name", "^[a-zA-Z0-9_]+\\.?[a-zA-Z0-9_]+$"); - private final String m_name; - private final String m_regex; - private final String m_regexMsg; - private final String m_toolTipMsg; - private final String m_requiredMsg; + private final String name; + private final String regex; + private final String regexMsg; + private final String toolTipMsg; + private final String requiredMsg; FieldType(String name, String regex) { - this.m_name = name; - this.m_regex = regex; - this.m_regexMsg = name + "RegexMsg"; - this.m_toolTipMsg = name + "ToolTipMsg"; - this.m_requiredMsg = name + "RequiredMsg"; + this.name = name; + this.regex = regex; + this.regexMsg = name + "RegexMsg"; + this.toolTipMsg = name + "ToolTipMsg"; + this.requiredMsg = name + "RequiredMsg"; } public String getName() { - return this.m_name; + return this.name; } public String getRegex() { - return this.m_regex; + return this.regex; } public String getRegexMessage() { try { - return MSGS.getString(this.m_regexMsg); + return MSGS.getString(this.regexMsg); } catch (MissingResourceException mre) { return null; } @@ -114,7 +119,7 @@ public String getRegexMessage() { public String getToolTipMessage() { try { - return MSGS.getString(this.m_toolTipMsg); + return MSGS.getString(this.toolTipMsg); } catch (MissingResourceException mre) { return null; } @@ -122,7 +127,7 @@ public String getToolTipMessage() { public String getRequiredMessage() { try { - return MSGS.getString(this.m_requiredMsg); + return MSGS.getString(this.requiredMsg); } catch (MissingResourceException mre) { return null; } diff --git a/kura/org.eclipse.kura.web2/src/main/java/org/eclipse/kura/web/server/GwtNetworkServiceImplFacade.java b/kura/org.eclipse.kura.web2/src/main/java/org/eclipse/kura/web/server/GwtNetworkServiceImplFacade.java index 55fe97b31b6..6111704b4f3 100644 --- a/kura/org.eclipse.kura.web2/src/main/java/org/eclipse/kura/web/server/GwtNetworkServiceImplFacade.java +++ b/kura/org.eclipse.kura.web2/src/main/java/org/eclipse/kura/web/server/GwtNetworkServiceImplFacade.java @@ -17,6 +17,7 @@ import org.eclipse.kura.net.NetworkAdminService; import org.eclipse.kura.web.server.util.ServiceLocator; +import org.eclipse.kura.web.shared.GwtKuraErrorCode; import org.eclipse.kura.web.shared.GwtKuraException; import org.eclipse.kura.web.shared.model.GwtFirewallNatEntry; import org.eclipse.kura.web.shared.model.GwtFirewallOpenPortEntry; @@ -56,19 +57,6 @@ public void updateNetInterfaceConfigurations(GwtXSRFToken xsrfToken, GwtNetInter } } - @Override - public ArrayList findDeviceFirewallOpenPorts(GwtXSRFToken xsrfToken) - throws GwtKuraException { - checkXSRFToken(xsrfToken); - - if (isNet2()) { - return (ArrayList) org.eclipse.kura.web.server.net2.GwtNetworkServiceImpl - .findDeviceFirewallOpenPorts(); - } else { - return org.eclipse.kura.web.server.net.GwtNetworkServiceImpl.findDeviceFirewallOpenPorts(); - } - } - @Override public ArrayList findWifiHotspots(GwtXSRFToken xsrfToken, String interfaceName, String wirelessSsid, boolean recompute) throws GwtKuraException { @@ -110,109 +98,189 @@ public boolean verifyWifiCredentials(GwtXSRFToken xsrfToken, String interfaceNam } @Override - public ArrayList findDeviceFirewallPortForwards(GwtXSRFToken xsrfToken) - throws GwtKuraException { + public void renewDhcpLease(GwtXSRFToken xsrfToken, String interfaceName) throws GwtKuraException { checkXSRFToken(xsrfToken); if (isNet2()) { - return (ArrayList) org.eclipse.kura.web.server.net2.GwtNetworkServiceImpl - .findDeviceFirewallPortForwards(); + // TODO } else { - return org.eclipse.kura.web.server.net.GwtNetworkServiceImpl.findDeviceFirewallPortForwards(); + org.eclipse.kura.web.server.net.GwtNetworkServiceImpl.renewDhcpLease(interfaceName); + } + } + + @Override + public List findFrequencies(GwtXSRFToken xsrfToken, String interfaceName, + GwtWifiRadioMode radioMode) throws GwtKuraException { + checkXSRFToken(xsrfToken); + + if (isNet2()) { + return org.eclipse.kura.web.server.net2.GwtNetworkServiceImpl.findFrequencies(interfaceName, radioMode); + } else { + return org.eclipse.kura.web.server.net.GwtNetworkServiceImpl.findFrequencies(interfaceName, radioMode); } } @Override - public ArrayList findDeviceFirewallNATs(GwtXSRFToken xsrfToken) throws GwtKuraException { + public String getWifiCountryCode(GwtXSRFToken xsrfToken) throws GwtKuraException { checkXSRFToken(xsrfToken); if (isNet2()) { - return (ArrayList) org.eclipse.kura.web.server.net2.GwtNetworkServiceImpl - .findDeviceFirewallNATs(); + return org.eclipse.kura.web.server.net2.GwtNetworkServiceImpl.getWifiCountryCode(); } else { - return org.eclipse.kura.web.server.net.GwtNetworkServiceImpl.findDeviceFirewallNATs(); + return org.eclipse.kura.web.server.net.GwtNetworkServiceImpl.getWifiCountryCode(); } } @Override - public void updateDeviceFirewallOpenPorts(GwtXSRFToken xsrfToken, List entries) + public boolean isIEEE80211ACSupported(GwtXSRFToken xsrfToken, String ifaceName) throws GwtKuraException { + checkXSRFToken(xsrfToken); + + if (isNet2()) { + // TODO + return true; + } else { + return org.eclipse.kura.web.server.net.GwtNetworkServiceImpl.isIEEE80211ACSupported(ifaceName); + } + } + + @Override + public List getDhcpLeases(GwtXSRFToken xsrfToken) throws GwtKuraException { + checkXSRFToken(xsrfToken); + + if (isNet2()) { + // TODO + return new ArrayList<>(); + } else { + return org.eclipse.kura.web.server.net.GwtNetworkServiceImpl.getDhcpLeases(); + } + } + + @Override + public List findDeviceFirewallOpenPorts(GwtXSRFToken xsrfToken) throws GwtKuraException { + checkXSRFToken(xsrfToken); + + if (isNet2()) { + return org.eclipse.kura.web.server.net2.GwtNetworkServiceImpl.findDeviceFirewallOpenPorts(); + } else { + return org.eclipse.kura.web.server.net.GwtNetworkServiceImpl.findDeviceFirewallOpenPorts(); + } + } + + @Override + public List findDeviceFirewallOpenPortsIPv6(GwtXSRFToken xsrfToken) throws GwtKuraException { checkXSRFToken(xsrfToken); - org.eclipse.kura.web.server.net.GwtNetworkServiceImpl.updateDeviceFirewallOpenPorts(entries); + if (isNet2()) { + return org.eclipse.kura.web.server.net2.GwtNetworkServiceImpl.findDeviceFirewallOpenPortsIPv6(); + } else { + throw new GwtKuraException(GwtKuraErrorCode.OPERATION_NOT_SUPPORTED); + } } @Override - public void updateDeviceFirewallPortForwards(GwtXSRFToken xsrfToken, List entries) + public List findDeviceFirewallPortForwards(GwtXSRFToken xsrfToken) throws GwtKuraException { checkXSRFToken(xsrfToken); - org.eclipse.kura.web.server.net.GwtNetworkServiceImpl.updateDeviceFirewallPortForwards(entries); + if (isNet2()) { + return org.eclipse.kura.web.server.net2.GwtNetworkServiceImpl.findDeviceFirewallPortForwards(); + } else { + return org.eclipse.kura.web.server.net.GwtNetworkServiceImpl.findDeviceFirewallPortForwards(); + } } @Override - public void updateDeviceFirewallNATs(GwtXSRFToken xsrfToken, List entries) + public List findDeviceFirewallPortForwardsIPv6(GwtXSRFToken xsrfToken) throws GwtKuraException { checkXSRFToken(xsrfToken); - org.eclipse.kura.web.server.net.GwtNetworkServiceImpl.updateDeviceFirewallNATs(entries); + if (isNet2()) { + return org.eclipse.kura.web.server.net2.GwtNetworkServiceImpl.findDeviceFirewallPortForwardsIPv6(); + } else { + throw new GwtKuraException(GwtKuraErrorCode.OPERATION_NOT_SUPPORTED); + } } @Override - public void renewDhcpLease(GwtXSRFToken xsrfToken, String interfaceName) throws GwtKuraException { + public List findDeviceFirewallNATs(GwtXSRFToken xsrfToken) throws GwtKuraException { checkXSRFToken(xsrfToken); if (isNet2()) { - // TODO + return org.eclipse.kura.web.server.net2.GwtNetworkServiceImpl.findDeviceFirewallNATs(); } else { - org.eclipse.kura.web.server.net.GwtNetworkServiceImpl.renewDhcpLease(interfaceName); + return org.eclipse.kura.web.server.net.GwtNetworkServiceImpl.findDeviceFirewallNATs(); } } @Override - public List findFrequencies(GwtXSRFToken xsrfToken, String interfaceName, - GwtWifiRadioMode radioMode) throws GwtKuraException { + public List findDeviceFirewallNATsIPv6(GwtXSRFToken xsrfToken) throws GwtKuraException { checkXSRFToken(xsrfToken); if (isNet2()) { - return org.eclipse.kura.web.server.net2.GwtNetworkServiceImpl.findFrequencies(interfaceName, radioMode); + return org.eclipse.kura.web.server.net2.GwtNetworkServiceImpl.findDeviceFirewallNATsIPv6(); } else { - return org.eclipse.kura.web.server.net.GwtNetworkServiceImpl.findFrequencies(interfaceName, radioMode); + throw new GwtKuraException(GwtKuraErrorCode.OPERATION_NOT_SUPPORTED); } } @Override - public String getWifiCountryCode(GwtXSRFToken xsrfToken) throws GwtKuraException { + public void updateDeviceFirewallOpenPorts(GwtXSRFToken xsrfToken, List entries) + throws GwtKuraException { + checkXSRFToken(xsrfToken); + + org.eclipse.kura.web.server.net.GwtNetworkServiceImpl.updateDeviceFirewallOpenPorts(entries); + } + + @Override + public void updateDeviceFirewallOpenPortsIPv6(GwtXSRFToken xsrfToken, List entries) + throws GwtKuraException { checkXSRFToken(xsrfToken); if (isNet2()) { - return org.eclipse.kura.web.server.net2.GwtNetworkServiceImpl.getWifiCountryCode(); + org.eclipse.kura.web.server.net2.GwtNetworkServiceImpl.updateDeviceFirewallOpenPortsIPv6(entries); } else { - return org.eclipse.kura.web.server.net.GwtNetworkServiceImpl.getWifiCountryCode(); + throw new GwtKuraException(GwtKuraErrorCode.OPERATION_NOT_SUPPORTED); } } @Override - public boolean isIEEE80211ACSupported(GwtXSRFToken xsrfToken, String ifaceName) throws GwtKuraException { + public void updateDeviceFirewallPortForwards(GwtXSRFToken xsrfToken, List entries) + throws GwtKuraException { + checkXSRFToken(xsrfToken); + + org.eclipse.kura.web.server.net.GwtNetworkServiceImpl.updateDeviceFirewallPortForwards(entries); + } + + @Override + public void updateDeviceFirewallPortForwardsIPv6(GwtXSRFToken xsrfToken, List entries) + throws GwtKuraException { checkXSRFToken(xsrfToken); if (isNet2()) { - // TODO - return true; + org.eclipse.kura.web.server.net2.GwtNetworkServiceImpl.updateDeviceFirewallPortForwardsIPv6(entries); } else { - return org.eclipse.kura.web.server.net.GwtNetworkServiceImpl.isIEEE80211ACSupported(ifaceName); + throw new GwtKuraException(GwtKuraErrorCode.OPERATION_NOT_SUPPORTED); } } @Override - public List getDhcpLeases(GwtXSRFToken xsrfToken) throws GwtKuraException { + public void updateDeviceFirewallNATs(GwtXSRFToken xsrfToken, List entries) + throws GwtKuraException { + checkXSRFToken(xsrfToken); + + org.eclipse.kura.web.server.net.GwtNetworkServiceImpl.updateDeviceFirewallNATs(entries); + } + + @Override + public void updateDeviceFirewallNATsIPv6(GwtXSRFToken xsrfToken, List entries) + throws GwtKuraException { checkXSRFToken(xsrfToken); if (isNet2()) { - // TODO - return new ArrayList<>(); + org.eclipse.kura.web.server.net2.GwtNetworkServiceImpl.updateDeviceFirewallNATsIPv6(entries); } else { - return org.eclipse.kura.web.server.net.GwtNetworkServiceImpl.getDhcpLeases(); + throw new GwtKuraException(GwtKuraErrorCode.OPERATION_NOT_SUPPORTED); } } diff --git a/kura/org.eclipse.kura.web2/src/main/java/org/eclipse/kura/web/server/net2/GwtNetworkServiceImpl.java b/kura/org.eclipse.kura.web2/src/main/java/org/eclipse/kura/web/server/net2/GwtNetworkServiceImpl.java index 97b0e10a1bb..a748fd1d122 100644 --- a/kura/org.eclipse.kura.web2/src/main/java/org/eclipse/kura/web/server/net2/GwtNetworkServiceImpl.java +++ b/kura/org.eclipse.kura.web2/src/main/java/org/eclipse/kura/web/server/net2/GwtNetworkServiceImpl.java @@ -12,17 +12,28 @@ *******************************************************************************/ package org.eclipse.kura.web.server.net2; +import java.net.UnknownHostException; import java.util.ArrayList; +import java.util.HashMap; import java.util.LinkedList; import java.util.List; +import java.util.Map; import java.util.Optional; import org.eclipse.kura.KuraException; +import org.eclipse.kura.configuration.ConfigurationService; +import org.eclipse.kura.net.IP6Address; +import org.eclipse.kura.net.IPAddress; import org.eclipse.kura.net.NetConfig; import org.eclipse.kura.net.admin.FirewallConfigurationService; +import org.eclipse.kura.net.admin.ipv6.FirewallConfigurationServiceIPv6; import org.eclipse.kura.net.firewall.FirewallNatConfig; +import org.eclipse.kura.net.firewall.FirewallOpenPortConfigIP; import org.eclipse.kura.net.firewall.FirewallOpenPortConfigIP4; +import org.eclipse.kura.net.firewall.FirewallOpenPortConfigIP6; +import org.eclipse.kura.net.firewall.FirewallPortForwardConfigIP; import org.eclipse.kura.net.firewall.FirewallPortForwardConfigIP4; +import org.eclipse.kura.net.firewall.FirewallPortForwardConfigIP6; import org.eclipse.kura.net.status.NetworkInterfaceType; import org.eclipse.kura.web.server.net2.configuration.NetworkConfigurationServiceAdapter; import org.eclipse.kura.web.server.net2.status.NetworkStatusServiceAdapter; @@ -42,6 +53,10 @@ public class GwtNetworkServiceImpl { + private static final String FIREWALL_CONFIGURATION_SERVICE_PID = "org.eclipse.kura.net.admin.ipv6.FirewallConfigurationServiceIPv6"; + private static final String UNKNOWN_NETWORK_SHORT = "::/0"; + private static final String UNKNOWN_NETWORK_LONG = "0:0:0:0:0:0:0:0/0"; + private GwtNetworkServiceImpl() { } @@ -99,6 +114,81 @@ public static void updateNetInterfaceConfigurations(GwtNetInterfaceConfig config } } + public static List findDeviceFirewallOpenPorts() throws GwtKuraException { + FirewallConfigurationService fcs = ServiceLocator.getInstance().getService(FirewallConfigurationService.class); + List gwtOpenPortEntries = new ArrayList<>(); + + try { + List firewallConfigs = fcs.getFirewallConfiguration().getConfigs(); + if (firewallConfigs == null || firewallConfigs.isEmpty()) { + return new ArrayList<>(); + } + for (NetConfig netConfig : firewallConfigs) { + if (!(netConfig instanceof FirewallOpenPortConfigIP4)) { + continue; + } + FirewallOpenPortConfigIP4 firewallOpenPortConfigIP4 = (FirewallOpenPortConfigIP4) netConfig; + logger.debug("findDeviceFirewallOpenPorts() :: adding new Open Port Entry: {}", + firewallOpenPortConfigIP4.getPort()); + gwtOpenPortEntries.add(convertToGwtFirewallOpenPortEntry(firewallOpenPortConfigIP4)); + } + + return new ArrayList<>(gwtOpenPortEntries); + + } catch (KuraException e) { + throw new GwtKuraException(GwtKuraErrorCode.INTERNAL_ERROR, e); + } + } + + public static List findDeviceFirewallOpenPortsIPv6() throws GwtKuraException { + Optional fcs = Optional + .ofNullable(ServiceLocator.getInstance().getService(FirewallConfigurationServiceIPv6.class)); + List gwtOpenPortEntries = new ArrayList<>(); + + if (!fcs.isPresent()) { + return new ArrayList<>(); + } + try { + List firewallConfigs = fcs.get().getFirewallConfiguration().getConfigs(); + if (firewallConfigs == null || firewallConfigs.isEmpty()) { + return new ArrayList<>(); + } + for (NetConfig netConfig : firewallConfigs) { + if (!(netConfig instanceof FirewallOpenPortConfigIP6)) { + continue; + } + FirewallOpenPortConfigIP6 firewallOpenPortConfigIP6 = (FirewallOpenPortConfigIP6) netConfig; + logger.debug("findDeviceFirewallOpenPorts() :: adding new Open Port Entry: {}", + firewallOpenPortConfigIP6.getPort()); + gwtOpenPortEntries.add(convertToGwtFirewallOpenPortEntry(firewallOpenPortConfigIP6)); + } + } catch (KuraException e) { + throw new GwtKuraException(GwtKuraErrorCode.INTERNAL_ERROR, e); + } + return new ArrayList<>(gwtOpenPortEntries); + } + + private static GwtFirewallOpenPortEntry convertToGwtFirewallOpenPortEntry( + FirewallOpenPortConfigIP firewallOpenPortConfigIP) { + GwtFirewallOpenPortEntry entry = new GwtFirewallOpenPortEntry(); + if (firewallOpenPortConfigIP.getPortRange() != null) { + entry.setPortRange(firewallOpenPortConfigIP.getPortRange()); + } else { + entry.setPortRange(String.valueOf(firewallOpenPortConfigIP.getPort())); + } + entry.setProtocol(firewallOpenPortConfigIP.getProtocol().toString()); + entry.setPermittedNetwork(firewallOpenPortConfigIP.getPermittedNetwork() + .getIpAddress().getHostAddress() + "/" + + firewallOpenPortConfigIP.getPermittedNetwork().getPrefix()); + entry.setPermittedInterfaceName( + firewallOpenPortConfigIP.getPermittedInterfaceName()); + entry.setUnpermittedInterfaceName( + firewallOpenPortConfigIP.getUnpermittedInterfaceName()); + entry.setPermittedMAC(firewallOpenPortConfigIP.getPermittedMac()); + entry.setSourcePortRange(firewallOpenPortConfigIP.getSourcePortRange()); + return entry; + } + public static List findDeviceFirewallPortForwards() throws GwtKuraException { FirewallConfigurationService fcs = ServiceLocator.getInstance().getService(FirewallConfigurationService.class); List gwtPortForwardEntries = new ArrayList<>(); @@ -109,21 +199,8 @@ public static List findDeviceFirewallPortForwards() for (NetConfig netConfig : firewallConfigs) { if (netConfig instanceof FirewallPortForwardConfigIP4) { logger.debug("findDeviceFirewallPortForwards() :: adding new Port Forward Entry"); - GwtFirewallPortForwardEntry entry = new GwtFirewallPortForwardEntry(); - entry.setInboundInterface(((FirewallPortForwardConfigIP4) netConfig).getInboundInterface()); - entry.setOutboundInterface(((FirewallPortForwardConfigIP4) netConfig).getOutboundInterface()); - entry.setAddress(((FirewallPortForwardConfigIP4) netConfig).getAddress().getHostAddress()); - entry.setProtocol(((FirewallPortForwardConfigIP4) netConfig).getProtocol().toString()); - entry.setInPort(((FirewallPortForwardConfigIP4) netConfig).getInPort()); - entry.setOutPort(((FirewallPortForwardConfigIP4) netConfig).getOutPort()); - String masquerade = ((FirewallPortForwardConfigIP4) netConfig).isMasquerade() ? "yes" : "no"; - entry.setMasquerade(masquerade); - entry.setPermittedNetwork( - ((FirewallPortForwardConfigIP4) netConfig).getPermittedNetwork().toString()); - entry.setPermittedMAC(((FirewallPortForwardConfigIP4) netConfig).getPermittedMac()); - entry.setSourcePortRange(((FirewallPortForwardConfigIP4) netConfig).getSourcePortRange()); - - gwtPortForwardEntries.add(entry); + FirewallPortForwardConfigIP4 firewallPortForwardConfigIP4 = (FirewallPortForwardConfigIP4) netConfig; + gwtPortForwardEntries.add(convertToGwtFirewallPortForwardEntry(firewallPortForwardConfigIP4)); } } } @@ -135,7 +212,50 @@ public static List findDeviceFirewallPortForwards() } } - public static ArrayList findDeviceFirewallNATs() throws GwtKuraException { + public static List findDeviceFirewallPortForwardsIPv6() throws GwtKuraException { + Optional fcs = Optional + .ofNullable(ServiceLocator.getInstance().getService(FirewallConfigurationServiceIPv6.class)); + List gwtPortForwardEntries = new ArrayList<>(); + + if (fcs.isPresent()) { + try { + List firewallConfigs = fcs.get().getFirewallConfiguration().getConfigs(); + if (firewallConfigs != null && !firewallConfigs.isEmpty()) { + for (NetConfig netConfig : firewallConfigs) { + if (netConfig instanceof FirewallPortForwardConfigIP6) { + logger.debug("findDeviceFirewallPortForwards() :: adding new Port Forward Entry"); + FirewallPortForwardConfigIP6 firewallPortForwardConfigIP6 = (FirewallPortForwardConfigIP6) netConfig; + gwtPortForwardEntries + .add(convertToGwtFirewallPortForwardEntry(firewallPortForwardConfigIP6)); + } + } + } + } catch (KuraException e) { + throw new GwtKuraException(GwtKuraErrorCode.INTERNAL_ERROR, e); + } + } + return new ArrayList<>(gwtPortForwardEntries); + } + + private static GwtFirewallPortForwardEntry convertToGwtFirewallPortForwardEntry( + FirewallPortForwardConfigIP firewallPortForwardConfigIP) { + GwtFirewallPortForwardEntry entry = new GwtFirewallPortForwardEntry(); + entry.setInboundInterface(firewallPortForwardConfigIP.getInboundInterface()); + entry.setOutboundInterface(firewallPortForwardConfigIP.getOutboundInterface()); + entry.setAddress(firewallPortForwardConfigIP.getIPAddress().getHostAddress()); + entry.setProtocol(firewallPortForwardConfigIP.getProtocol().toString()); + entry.setInPort(firewallPortForwardConfigIP.getInPort()); + entry.setOutPort(firewallPortForwardConfigIP.getOutPort()); + String masquerade = firewallPortForwardConfigIP.isMasquerade() ? "yes" : "no"; + entry.setMasquerade(masquerade); + entry.setPermittedNetwork( + firewallPortForwardConfigIP.getPermittedNetwork().toString()); + entry.setPermittedMAC(firewallPortForwardConfigIP.getPermittedMac()); + entry.setSourcePortRange(firewallPortForwardConfigIP.getSourcePortRange()); + return entry; + } + + public static List findDeviceFirewallNATs() throws GwtKuraException { FirewallConfigurationService fcs = ServiceLocator.getInstance().getService(FirewallConfigurationService.class); List gwtNatEntries = new ArrayList<>(); @@ -145,15 +265,8 @@ public static ArrayList findDeviceFirewallNATs() throws Gwt for (NetConfig netConfig : firewallConfigs) { if (netConfig instanceof FirewallNatConfig) { logger.debug("findDeviceFirewallNATs() :: adding new NAT Entry"); - GwtFirewallNatEntry entry = new GwtFirewallNatEntry(); - entry.setInInterface(((FirewallNatConfig) netConfig).getSourceInterface()); - entry.setOutInterface(((FirewallNatConfig) netConfig).getDestinationInterface()); - entry.setProtocol(((FirewallNatConfig) netConfig).getProtocol()); - entry.setSourceNetwork(((FirewallNatConfig) netConfig).getSource()); - entry.setDestinationNetwork(((FirewallNatConfig) netConfig).getDestination()); - String masquerade = ((FirewallNatConfig) netConfig).isMasquerade() ? "yes" : "no"; - entry.setMasquerade(masquerade); - gwtNatEntries.add(entry); + FirewallNatConfig firewallNatConfig = (FirewallNatConfig) netConfig; + gwtNatEntries.add(convertToGwtFirewallNatEntry(firewallNatConfig)); } } } @@ -165,42 +278,163 @@ public static ArrayList findDeviceFirewallNATs() throws Gwt } } - public static List findDeviceFirewallOpenPorts() throws GwtKuraException { - FirewallConfigurationService fcs = ServiceLocator.getInstance().getService(FirewallConfigurationService.class); - List gwtOpenPortEntries = new ArrayList<>(); + public static List findDeviceFirewallNATsIPv6() throws GwtKuraException { + Optional fcs = Optional + .ofNullable(ServiceLocator.getInstance().getService(FirewallConfigurationServiceIPv6.class)); + List gwtNatEntries = new ArrayList<>(); - try { - List firewallConfigs = fcs.getFirewallConfiguration().getConfigs(); - if (firewallConfigs != null && !firewallConfigs.isEmpty()) { - for (NetConfig netConfig : firewallConfigs) { - if (netConfig instanceof FirewallOpenPortConfigIP4) { - logger.debug("findDeviceFirewallOpenPorts() :: adding new Open Port Entry: {}", - ((FirewallOpenPortConfigIP4) netConfig).getPort()); - GwtFirewallOpenPortEntry entry = new GwtFirewallOpenPortEntry(); - if (((FirewallOpenPortConfigIP4) netConfig).getPortRange() != null) { - entry.setPortRange(((FirewallOpenPortConfigIP4) netConfig).getPortRange()); - } else { - entry.setPortRange(String.valueOf(((FirewallOpenPortConfigIP4) netConfig).getPort())); + if (fcs.isPresent()) { + try { + List firewallConfigs = fcs.get().getFirewallConfiguration().getConfigs(); + if (firewallConfigs != null && !firewallConfigs.isEmpty()) { + for (NetConfig netConfig : firewallConfigs) { + if (netConfig instanceof FirewallNatConfig) { + logger.debug("findDeviceFirewallNATs() :: adding new NAT Entry"); + FirewallNatConfig firewallNatConfig = (FirewallNatConfig) netConfig; + gwtNatEntries.add(convertToGwtFirewallNatEntry(firewallNatConfig)); } - entry.setProtocol(((FirewallOpenPortConfigIP4) netConfig).getProtocol().toString()); - entry.setPermittedNetwork(((FirewallOpenPortConfigIP4) netConfig).getPermittedNetwork() - .getIpAddress().getHostAddress() + "/" - + ((FirewallOpenPortConfigIP4) netConfig).getPermittedNetwork().getPrefix()); - entry.setPermittedInterfaceName( - ((FirewallOpenPortConfigIP4) netConfig).getPermittedInterfaceName()); - entry.setUnpermittedInterfaceName( - ((FirewallOpenPortConfigIP4) netConfig).getUnpermittedInterfaceName()); - entry.setPermittedMAC(((FirewallOpenPortConfigIP4) netConfig).getPermittedMac()); - entry.setSourcePortRange(((FirewallOpenPortConfigIP4) netConfig).getSourcePortRange()); - - gwtOpenPortEntries.add(entry); } } + } catch (KuraException e) { + throw new GwtKuraException(GwtKuraErrorCode.INTERNAL_ERROR, e); } + } + return new ArrayList<>(gwtNatEntries); + } - return new ArrayList<>(gwtOpenPortEntries); + private static GwtFirewallNatEntry convertToGwtFirewallNatEntry(FirewallNatConfig firewallNatConfig) { + GwtFirewallNatEntry entry = new GwtFirewallNatEntry(); + entry.setInInterface(firewallNatConfig.getSourceInterface()); + entry.setOutInterface(firewallNatConfig.getDestinationInterface()); + entry.setProtocol(firewallNatConfig.getProtocol()); + entry.setSourceNetwork(firewallNatConfig.getSource()); + entry.setDestinationNetwork(firewallNatConfig.getDestination()); + String masquerade = firewallNatConfig.isMasquerade() ? "yes" : "no"; + entry.setMasquerade(masquerade); + return entry; + } - } catch (KuraException e) { + public static void updateDeviceFirewallOpenPortsIPv6(List entries) + throws GwtKuraException { + ConfigurationService configurationService = ServiceLocator.getInstance().getService(ConfigurationService.class); + Map properties = new HashMap<>(); + String openPortsPropName = "firewall.ipv6.open.ports"; + StringBuilder openPorts = new StringBuilder(); + + try { + for (GwtFirewallOpenPortEntry entry : entries) { + openPorts.append(entry.getPortRange()).append(","); + openPorts.append(entry.getProtocol()).append(","); + if (entry.getPermittedNetwork() == null || entry.getPermittedNetwork().equals(UNKNOWN_NETWORK_LONG)) { + openPorts.append(UNKNOWN_NETWORK_SHORT); + } else { + appendNetwork(entry.getPermittedNetwork(), openPorts); + } + openPorts.append(","); + if (entry.getPermittedInterfaceName() != null) { + openPorts.append(entry.getPermittedInterfaceName()); + } + openPorts.append(","); + if (entry.getUnpermittedInterfaceName() != null) { + openPorts.append(entry.getUnpermittedInterfaceName()); + } + openPorts.append(","); + if (entry.getPermittedMAC() != null) { + openPorts.append(entry.getPermittedMAC()); + } + openPorts.append(","); + if (entry.getSourcePortRange() != null) { + openPorts.append(entry.getSourcePortRange()); + } + openPorts.append(",").append("#").append(";"); + } + + properties.put(openPortsPropName, openPorts.toString()); + configurationService.updateConfiguration(FIREWALL_CONFIGURATION_SERVICE_PID, properties, true); + } catch (KuraException | UnknownHostException e) { + throw new GwtKuraException(GwtKuraErrorCode.INTERNAL_ERROR, e); + } + } + + public static void updateDeviceFirewallPortForwardsIPv6(List entries) + throws GwtKuraException { + ConfigurationService configurationService = ServiceLocator.getInstance().getService(ConfigurationService.class); + Map properties = new HashMap<>(); + String portForwardingPropName = "firewall.ipv6.port.forwarding"; + StringBuilder portForwarding = new StringBuilder(); + + try { + for (GwtFirewallPortForwardEntry entry : entries) { + portForwarding.append(entry.getInboundInterface()).append(","); + portForwarding.append(entry.getOutboundInterface()).append(","); + portForwarding.append(((IP6Address) IPAddress.parseHostAddress(entry.getAddress())).getHostAddress()) + .append(","); + portForwarding.append(entry.getProtocol()).append(","); + portForwarding.append(entry.getInPort()).append(","); + portForwarding.append(entry.getOutPort()).append(","); + if (entry.getMasquerade().equals("yes")) { + portForwarding.append("true"); + } else { + portForwarding.append("false"); + } + portForwarding.append(","); + if (entry.getPermittedNetwork() == null || entry.getPermittedNetwork().equals(UNKNOWN_NETWORK_LONG)) { + portForwarding.append(UNKNOWN_NETWORK_SHORT); + } else { + appendNetwork(entry.getPermittedNetwork(), portForwarding); + } + portForwarding.append(","); + if (entry.getPermittedMAC() != null) { + portForwarding.append(entry.getPermittedMAC()); + } + portForwarding.append(","); + if (entry.getSourcePortRange() != null) { + portForwarding.append(entry.getSourcePortRange()); + } + portForwarding.append(",").append("#").append(";"); + } + + properties.put(portForwardingPropName, portForwarding.toString()); + configurationService.updateConfiguration(FIREWALL_CONFIGURATION_SERVICE_PID, properties, true); + } catch (KuraException | UnknownHostException e) { + throw new GwtKuraException(GwtKuraErrorCode.INTERNAL_ERROR, e); + } + } + + public static void updateDeviceFirewallNATsIPv6(List entries) throws GwtKuraException { + ConfigurationService configurationService = ServiceLocator.getInstance().getService(ConfigurationService.class); + Map properties = new HashMap<>(); + String natPropName = "firewall.ipv6.nat"; + StringBuilder nat = new StringBuilder(); + + try { + for (GwtFirewallNatEntry entry : entries) { + nat.append(entry.getInInterface()).append(","); + nat.append(entry.getOutInterface()).append(","); + nat.append(entry.getProtocol()).append(","); + if (UNKNOWN_NETWORK_LONG.equals(entry.getSourceNetwork())) { + nat.append(UNKNOWN_NETWORK_SHORT); + } else { + appendNetwork(entry.getSourceNetwork(), nat); + } + nat.append(","); + if (UNKNOWN_NETWORK_LONG.equals(entry.getDestinationNetwork())) { + nat.append(UNKNOWN_NETWORK_SHORT); + } else { + appendNetwork(entry.getDestinationNetwork(), nat); + } + nat.append(","); + if (entry.getMasquerade().equals("yes")) { + nat.append("true"); + } else { + nat.append("false"); + } + nat.append(",").append("#").append(";"); + } + + properties.put(natPropName, nat.toString()); + configurationService.updateConfiguration(FIREWALL_CONFIGURATION_SERVICE_PID, properties, true); + } catch (KuraException | UnknownHostException e) { throw new GwtKuraException(GwtKuraErrorCode.INTERNAL_ERROR, e); } } @@ -260,4 +494,12 @@ public static List findWifiHotspots(String interfaceName, b } } + private static void appendNetwork(String address, StringBuilder stringBuilder) throws UnknownHostException { + String[] networkAddress = address.split("/"); + if (networkAddress.length >= 2) { + stringBuilder.append(((IP6Address) IPAddress.parseHostAddress(networkAddress[0])).getHostAddress()) + .append("/").append(networkAddress[1]); + } + } + } diff --git a/kura/org.eclipse.kura.web2/src/main/java/org/eclipse/kura/web/shared/service/GwtNetworkService.java b/kura/org.eclipse.kura.web2/src/main/java/org/eclipse/kura/web/shared/service/GwtNetworkService.java index e6acaefd38a..17179722aef 100644 --- a/kura/org.eclipse.kura.web2/src/main/java/org/eclipse/kura/web/shared/service/GwtNetworkService.java +++ b/kura/org.eclipse.kura.web2/src/main/java/org/eclipse/kura/web/shared/service/GwtNetworkService.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright (c) 2011, 2022 Eurotech and/or its affiliates and others + * Copyright (c) 2011, 2023 Eurotech and/or its affiliates and others * * This program and the accompanying materials are made * available under the terms of the Eclipse Public License 2.0 @@ -44,23 +44,43 @@ public void updateNetInterfaceConfigurations(GwtXSRFToken xsrfToken, GwtNetInter public List findDeviceFirewallOpenPorts(GwtXSRFToken xsrfToken) throws GwtKuraException; - @Audit(componentName = "UI Network", description = "Update firewall open ports") - public void updateDeviceFirewallOpenPorts(GwtXSRFToken xsrfToken, List entries) + public List findDeviceFirewallOpenPortsIPv6(GwtXSRFToken xsrfToken) throws GwtKuraException; public List findDeviceFirewallPortForwards(GwtXSRFToken xsrfToken) throws GwtKuraException; + public List findDeviceFirewallPortForwardsIPv6(GwtXSRFToken xsrfToken) + throws GwtKuraException; + public List findDeviceFirewallNATs(GwtXSRFToken xsrfToken) throws GwtKuraException; + public List findDeviceFirewallNATsIPv6(GwtXSRFToken xsrfToken) throws GwtKuraException; + + @Audit(componentName = "UI Network", description = "Update firewall open ports") + public void updateDeviceFirewallOpenPorts(GwtXSRFToken xsrfToken, List entries) + throws GwtKuraException; + + @Audit(componentName = "UI Network", description = "Update firewall open ports IPv6") + public void updateDeviceFirewallOpenPortsIPv6(GwtXSRFToken xsrfToken, List entries) + throws GwtKuraException; + @Audit(componentName = "UI Network", description = "Update firewall open ports") public void updateDeviceFirewallPortForwards(GwtXSRFToken xsrfToken, List entries) throws GwtKuraException; + @Audit(componentName = "UI Network", description = "Update firewall open ports IPv6") + public void updateDeviceFirewallPortForwardsIPv6(GwtXSRFToken xsrfToken, List entries) + throws GwtKuraException; + @Audit(componentName = "UI Network", description = "Update firewall NAT configuration") public void updateDeviceFirewallNATs(GwtXSRFToken xsrfToken, List entries) throws GwtKuraException; + @Audit(componentName = "UI Network", description = "Update firewall NAT configuration IPv6") + public void updateDeviceFirewallNATsIPv6(GwtXSRFToken xsrfToken, List entries) + throws GwtKuraException; + @Audit(componentName = "UI Network", description = "Renew DHCP lease") public void renewDhcpLease(GwtXSRFToken xsrfToken, String interfaceName) throws GwtKuraException; diff --git a/kura/org.eclipse.kura.web2/src/main/resources/org/eclipse/kura/web/client/messages/Messages.properties b/kura/org.eclipse.kura.web2/src/main/resources/org/eclipse/kura/web/client/messages/Messages.properties index 6f330445c70..9f8f038642f 100644 --- a/kura/org.eclipse.kura.web2/src/main/resources/org/eclipse/kura/web/client/messages/Messages.properties +++ b/kura/org.eclipse.kura.web2/src/main/resources/org/eclipse/kura/web/client/messages/Messages.properties @@ -372,9 +372,9 @@ netIPv6ToolTipDns=List of DNS servers.

Servers MUST be separated by a spa netIPv6ToolTipPrivacy=Configure IPv6 Privacy Extensions for SLAAC, described in RFC4941. If enabled, it makes the kernel generate a temporary IPv6 address in addition to the public one generated from MAC address via modified EUI-64. Note that this setting is distinct from the Stable Privacy addresses that can be enabled with the Address Generation Mode property as another way of avoiding host tracking with IPv6 addresses firewallIntro=Enable ports to be opened and port forwarding -firewallOpenPorts=Open Ports -firewallPortForwarding=Port Forwarding +firewallOpenPorts=Open Ports IPv4 +firewallOpenPortsIPv6=Open Ports IPv6 firewallOpenPort=Port or Port Range firewallOpenPortProtocol=Protocol firewallOpenPortPermittedNetwork=Permitted Network @@ -393,11 +393,13 @@ firewallOpenPorts22=Port 22 is used for ssh (remote shell) access. Use caution w firewallOpenPorts80=Port 80 is used for http (remote web configuration) access. Use caution when modifying this rule. Improper configuration could lead to not being able to access the device remotely. firewallOpenPortFormNew=New Open Port Entry +firewallOpenPortFormIPv6New=New IPv6 Open Port Entry firewallOpenPortFormUpdate=Update Open Port Entry: {0} firewallOpenPortFormInformation=Open Port Entry Information firewallOpenPortFormPort=Port or Port Range firewallOpenPortFormProtocol=Protocol firewallOpenPortFormPermittedNetwork=Permitted Network +firewallOpenPortFormPermittedIPv6Network=Permitted IPv6 Network firewallOpenPortFormPermittedInterfaceName=Permitted Interface Name firewallOpenPortFormUnpermittedInterfaceName=Unpermitted Interface Name firewallOpenPortFormPermittedMac=Permitted MAC Address @@ -408,6 +410,7 @@ firewallOpenPortFormDuplicate=Duplicate Entry - Not adding to the list of Open P firewallOpenPortFormPortToolTip=Specify port or range of ports (i.e. 3040:3050) to be opened for inbound connections firewallOpenPortFormProtocolToolTip=Specify the protocol of the rule to check. firewallOpenPortFormPermittedNetworkToolTip=Specify permitted network (i.e. 192.168.1.0/24) to which the rule will be applied. Default value is 0.0.0.0/0 +firewallOpenPortFormPermittedNetworkIPv6ToolTip=Specify permitted network (i.e. 2001:db8::/32) to which the rule will be applied. Default value is ::/0 firewallOpenPortFormPermittedInterfaceToolTip=Specify an interface to which the rule will be applied. An entry in this field will disable the unpermitted interface field. firewallOpenPortFormUnpermittedInterfaceToolTip=Specify an interface to which the rule will be blocked. All other interface will allow this rule. An entry in this field will disable the permitted interface field. firewallOpenPortFormPermittedMacAddressToolTip=Specify permitted MAC address to which the rule will be applied @@ -415,11 +418,14 @@ firewallOpenPortFormSourcePortRangeToolTip=Specify a source port or range of sou firewallOpenPortFormPortErrorMessage=Invalid parameter. Specify port or range of ports (i.e. 3040:3050) to be opened for inbound connections firewallOpenPortFormPermittedNetworkErrorMessage=Invalid parameter. Specify permitted network (i.e. 192.168.1.0/24) to which the rule will be applied. Default value is 0.0.0.0/0 +firewallOpenPortFormPermittedNetworkIPv6ErrorMessage=Invalid parameter. Specify permitted network (i.e. 2001:db8::/32) to which the rule will be applied. Default value is ::/0 firewallOpenPortFormPermittedInterfaceErrorMessage=Invalid parameter. Specify an interface to which the rule will be applied. An entry in this field will disable the unpermitted interface field. firewallOpenPortFormUnpermittedInterfaceErrorMessage=Invalid parameter. Specify an interface to which the rule will be blocked. All other interface will allow this rule. An entry in this field will disable the permitted interface field. firewallOpenPortFormPermittedMacAddressErrorMessage=Invalid parameter. Specify permitted MAC address to which the rule will be applied firewallOpenPortFormSourcePortRangeErrorMessage=Invalid parameter. Specify a source port or range of source ports (i.e. 10100:20200) permitted +firewallPortForwarding=Port Forwarding IPv4 +firewallPortForwardingIPv6=Port Forwarding IPv6 firewallPortForwardInboundInterface=Input Interface firewallPortForwardOutboundInterface=Output Interface firewallPortForwardAddress=LAN Address @@ -428,6 +434,7 @@ firewallPortForwardInPort=External Port firewallPortForwardOutPort=Internal Port firewallPortForwardMasquerade=Masquerade? firewallPortForwardPermittedNetwork=Permitted Network +firewallPortForwardPermittedIPv6Network=Permitted IPv6 Network firewallPortForwardPermittedNetworkMask=Permitted Network Prefix firewallPortForwardPermittedMac=Permitted MAC Address firewallPortForwardSourcePortRange=Source Port or Port Range @@ -445,6 +452,7 @@ firewallPortForwardFormInPort=External Port firewallPortForwardFormOutPort=Internal Port firewallPortForwardFormMasquerade=Enable Masquerading firewallPortForwardFormPermittedNetwork=Permitted Network +firewallPortForwardFormPermittedIPv6Network=Permitted IPv6 Network firewallPortForwardFormPermittedMac=Permitted MAC Address firewallPortForwardFormSourcePortRange=Source Port or Port Range firewallPortForwardFormError=Error @@ -459,6 +467,7 @@ firewallPortForwardFormProtocolToolTip=Specify the protocol of the rule to check firewallPortForwardFormExternalPortToolTip=Specify external destination port (a port on a gateway unit). firewallPortForwardFormInternalPortToolTip=Specify internal destination port (a port on a destination host). firewallPortForwardFormPermittedNetworkToolTip=Specify source network or host name (dotted decimal with /mask). Will be set to 0.0.0.0/0 if left empty. +firewallPortForwardFormPermittedNetworkIPv6ToolTip=Specify source network or host name (i.e. 2001:db8::/32). Will be set to ::/0 if left empty. firewallPortForwardFormPermittedMacAddressToolTip=Specify MAC address of a source host permitted. firewallPortForwardFormSourcePortRangeToolTip=Specify a source port or range of source ports (i.e. 10100:20200) permitted. firewallPortForwardFormMasqueradingToolTip=If set to 'yes', all forwarded packets will appear to come from the masquerading host. Needed if destination host does not have a default route pointing back at the gateway. @@ -469,10 +478,12 @@ firewallPortForwardFormLanAddressErrorMessage=Invalid parameter. Specify IP addr firewallPortForwardFormExternalPortErrorMessage=Invalid parameter. Specify external destination port (a port on a gateway unit). firewallPortForwardFormInternalPortErrorMessage=Invalid parameter. Specify internal destination port (a port on a destination host). firewallPortForwardFormPermittedNetworkErrorMessage=Invalid parameter. Specify source network or host name (dotted decimal with /mask). Will be set to 0.0.0.0/0 if left empty. +firewallPortForwardFormPermittedNetworkIPv6ErrorMessage=Invalid parameter. Specify source network or host name (i.e. 2001:db8::/32). Will be set to ::/0 if left empty. firewallPortForwardFormPermittedMacAddressErrorMessage=Invalid parameter. Specify MAC address of a source host permitted. firewallPortForwardFormSourcePortRangeErrorMessage=Invalid parameter. Specify a source port or range of source ports (i.e. 10100:20200) permitted. -firewallNat=IP Forwarding/Masquerading +firewallNat=IP Forwarding/Masquerading IPv4 +firewallNatIPv6=IP Forwarding/Masquerading IPv6 firewallNatInInterface=Input Interface firewallNatOutInterface=Output Interface firewallNatProtocol=Protocol @@ -496,12 +507,16 @@ firewallNatFormInputInterfaceToolTip=Specify an interface via which a packet is firewallNatFormOutputInterfaceToolTip=Specify an interface via which a packet is going to be sent. firewallNatFormProtocolToolTip=Specify the protocol of the rule to check. firewallNatFormSourceNetworkToolTip=Specify source network or host name (dotted decimal with /mask). Will be set to 0.0.0.0/0 if left empty. +firewallNatFormSourceNetworkIPv6ToolTip=Specify source network or host name (i.e. 2001:db8::/32). Will be set to ::/0 if left empty. firewallNatFormDestinationNetworkToolTip=Specify destination network or host name (dotted decimal with /mask). Will be set to 0.0.0.0/0 if left empty. +firewallNatFormDestinationNetworkIPv6ToolTip=Specify destination network or host name (i.e. 2001:db8::/32). Will be set to ::/0 if left empty. firewallNatFormMasqueradingToolTip=Select 'yes' if you want to use IP Masquerading (1:Many NAT). firewallNatFormInputInterfaceErrorMessage=Invalid parameter. Specify an interface via which a packet is going to be received. firewallNatFormOutputInterfaceErrorMessage=Invalid parameter. Specify an interface via which a packet is going to be sent. firewallNatFormSourceNetworkErrorMessage=Invalid parameter. Specify source network or host name (dotted decimal with /mask). Will be set to 0.0.0.0/0 if left empty. +firewallNatFormSourceNetworkIPv6ErrorMessage=Invalid parameter. Specify source network or host name (i.e. 2001:db8::/32). Will be set to ::/0 if left empty. firewallNatFormDestinationNetworkErrorMessage=Invalid parameter. Specify destination network or host name (dotted decimal with /mask). Will be set to 0.0.0.0/0 if left empty. +firewallNatFormDestinationNetworkIPv6ErrorMessage=Invalid parameter. Specify destination network or host name (i.e. 2001:db8::/32). Will be set to ::/0 if left empty. firewallApply=Apply submitButton=Submit diff --git a/kura/org.eclipse.kura.web2/src/main/resources/org/eclipse/kura/web/client/messages/Messages_ja.properties b/kura/org.eclipse.kura.web2/src/main/resources/org/eclipse/kura/web/client/messages/Messages_ja.properties index b03e320864d..577767db79a 100644 --- a/kura/org.eclipse.kura.web2/src/main/resources/org/eclipse/kura/web/client/messages/Messages_ja.properties +++ b/kura/org.eclipse.kura.web2/src/main/resources/org/eclipse/kura/web/client/messages/Messages_ja.properties @@ -360,9 +360,9 @@ netIPv6ToolTipDns=DNS サーバーのリスト。

サーバーはスペ netIPv6ToolTipPrivacy=RFC4941 で説明されているように、SLAAC の IPv6 プライバシー拡張機能を構成します。 有効にすると、カーネルは、修正された EUI-64 を介して MAC アドレスから生成されるパブリック アドレスに加えて、一時的な IPv6 アドレスを生成します。 この設定は、IPv6 アドレスによるホスト追跡を回避する別の方法として [アドレス生成モード] プロパティで有効にできる安定したプライバシー アドレスとは異なることに注意してください。 firewallIntro=ポートの開放とポート転送を有効にする -firewallOpenPorts=オープンポート -firewallPortForwarding=ポートフォワーディング +firewallOpenPorts=オープンポートIPv4 +firewallOpenPortsIPv6=オープンポートIPv6 firewallOpenPort=ポートまたはポート範囲 firewallOpenPortProtocol=プロトコル firewallOpenPortPermittedNetwork=許諾されたネットワーク @@ -381,6 +381,7 @@ firewallOpenPorts22=ポート22はSSH(リモートシェル)アクセスの firewallOpenPorts80=ポート80はHTTP(リモートウェブ環境設定)アクセスのために使用されています。適切でない環境設定を行った場合、デバイスへのリモートアクセスができなくなる場合があります。 firewallOpenPortFormNew=新しいオープンポートエントリ +firewallOpenPortFormIPv6New=新しいオープンポートエントリIPv6 firewallOpenPortFormUpdate=オープンポートエントリのアップデート:{0} firewallOpenPortFormInformation=オープンポートエントリのインフォメーション firewallOpenPortFormPort=ポートまたはポート範囲 @@ -396,6 +397,7 @@ firewallOpenPortFormDuplicate=エントリ重複 - オープンポートのリ firewallOpenPortFormPortToolTip=インバウンド接続を開くためにポートまたはポート範囲(i.e. 3040:3050)を指定してください。 firewallOpenPortFormProtocolToolTip=チェックを行う規約のプロトコルを指定してください。 firewallOpenPortFormPermittedNetworkToolTip=ルールを適用したい許諾されたネットワーク(i.e. 192.168.1.0/24)を指定してください。初期値は0.0.0.0/0です。 +firewallOpenPortFormPermittedNetworkIPv6ToolTip=ルールを適用したい許諾されたネットワーク(i.e. 2001:db8::/32)を指定してください。初期値は::/0です。 firewallOpenPortFormPermittedInterfaceToolTip=ルールを適用したいインターフェースを指定してください。このフィールドの入力内容によっては、許諾されていないインターフェースフィールドが無効になる場合があります。 firewallOpenPortFormUnpermittedInterfaceToolTip=ルールによってブロックしたいインターフェースを指定してください。そのほか全てのインターフェースはこの規約を許可します。このフィールドの入力内容によっては、許諾されたインターフェースフィールドが無効になる場合があります。 firewallOpenPortFormPermittedMacAddressToolTip=ルールを適用したい許諾されたMACアドレスを指定してください。 @@ -403,11 +405,14 @@ firewallOpenPortFormSourcePortRangeToolTip=許諾された送信元ポートま firewallOpenPortFormPortErrorMessage=無効なパラメータです。インバウンド接続を開くためにポートまたはポート範囲(i.e. 3040:3050)を指定してください。 firewallOpenPortFormPermittedNetworkErrorMessage=無効なパラメータです。規約を適用したい許諾されたネットワーク(i.e. 192.168.1.0/24)を指定してください。初期値は0.0.0.0/0です。 +firewallOpenPortFormPermittedNetworkIPv6ErrorMessage=無効なパラメータです。規約を適用したい許諾されたネットワーク(i.e. 2001:db8::/32)を指定してください。初期値は::/0です。 firewallOpenPortFormPermittedInterfaceErrorMessage=無効なパラメータです。規約を適用したいインターフェースを指定してください。このフィールドの入力内容によっては、許諾されていないインターフェースフィールドが無効になる場合があります。 firewallOpenPortFormUnpermittedInterfaceErrorMessage=無効なパラメータです。規約によってブロックしたいインターフェースを指定してください。そのほか全てのインターフェースはこの規約を許可します。このフィールドの入力内容によっては、許諾されたインターフェースフィールドが無効になる場合があります。 firewallOpenPortFormPermittedMacAddressErrorMessage=無効なパラメータです。規約を適用したい許諾されたMACアドレスを指定してください。 firewallOpenPortFormSourcePortRangeErrorMessage=無効なパラメータです。許諾された送信元ポートまたは送信元ポート範囲(i.e. 10100:20200)を指定してください。 +firewallPortForwarding=ポートフォワーディングIPv4 +firewallPortForwardingIPv6=ポートフォワーディングIPv6 firewallPortForwardInboundInterface=インプットインターフェース firewallPortForwardOutboundInterface=アウトプットインターフェース firewallPortForwardAddress=LANアドレス @@ -416,6 +421,7 @@ firewallPortForwardInPort=外部ポート firewallPortForwardOutPort=内部ポート firewallPortForwardMasquerade=マスカレード? firewallPortForwardPermittedNetwork=許諾されたネットワーク +firewallPortForwardPermittedIPv6Network=許諾されたネットワークIPv6 firewallPortForwardPermittedNetworkMask=許諾されたネットワークプレフィックス firewallPortForwardPermittedMac=許諾されたMACアドレス firewallPortForwardSourcePortRange=送信元ポートまたはポート範囲 @@ -433,6 +439,7 @@ firewallPortForwardFormInPort=外部ポート firewallPortForwardFormOutPort=内部ポート firewallPortForwardFormMasquerade=マスカレードを有効化 firewallPortForwardFormPermittedNetwork=許諾されたネットワーク +firewallPortForwardFormPermittedIPv6Network=許諾されたネットワークIPv6 firewallPortForwardFormPermittedMac=許諾されたMACアドレス firewallPortForwardFormSourcePortRange=送信元ポートまたはポート範囲 firewallPortForwardFormError=エラー @@ -447,6 +454,7 @@ firewallPortForwardFormProtocolToolTip=チェックを行う規約のプロト firewallPortForwardFormExternalPortToolTip=外部のデスティネーションポート(ゲートウェイユニットのポート)を指定してください。 firewallPortForwardFormInternalPortToolTip=内部のデスティネーションポート(デスティネーションホストのポート)を指定してください。 firewallPortForwardFormPermittedNetworkToolTip=ソースネットワークまたはホストの名称(小数点数値/マスク)を指定してください。空欄の場合は0.0.0.0/0がセットされます +firewallPortForwardFormPermittedNetworkIPv6ToolTip=ソースネットワークまたはホストの名称(i.e. 2001:db8::/32)を指定してください。空欄の場合は::/0がセットされます firewallPortForwardFormPermittedMacAddressToolTip=許諾されたソースホストのMACアドレスを指定してください。 firewallPortForwardFormSourcePortRangeToolTip=許諾された送信元ポートまたは送信元ポート範囲(i.e. 10100:20200)を指定してください。 firewallPortForwardFormMasqueradingToolTip=「はい」を選択した場合、全てのパケットはマスカレードされたホストから転送されたように表示されます。デスティネーションホストが、ゲートウェイに対するルートの初期設定を持たない場合に必要となります。 @@ -457,10 +465,12 @@ firewallPortForwardFormLanAddressErrorMessage=無効なパラメータです。 firewallPortForwardFormExternalPortErrorMessage=無効なパラメータです。外部のデスティネーションポート(ゲートウェイユニットのポート)を指定してください。 firewallPortForwardFormInternalPortErrorMessage=無効なパラメータです。内部のデスティネーションポート(デスティネーションホストのポート)を指定してください。 firewallPortForwardFormPermittedNetworkErrorMessage=無効なパラメータです。ソースネットワークまたはホストの名称(小数点数値/マスク)を指定してください。空欄の場合は0.0.0.0/0がセットされます +firewallPortForwardFormPermittedNetworkIPv6ErrorMessage=無効なパラメータです。ソースネットワークまたはホストの名称(i.e. 2001:db8::/32)を指定してください。空欄の場合は::/0がセットされます firewallPortForwardFormPermittedMacAddressErrorMessage=無効なパラメータです。許諾されたソースホストのMACアドレスを指定してください。 firewallPortForwardFormSourcePortRangeErrorMessage=無効なパラメータです。許諾された送信元ポートまたは送信元ポート範囲(i.e. 10100:20200)を指定してください。 -firewallNat=IPフォワーディング/マスカレード化 +firewallNat=IPフォワーディング/マスカレード化IPv4 +firewallNatIPv6=IPフォワーディング/マスカレード化IPv6 firewallNatInInterface=インプットインターフェース firewallNatOutInterface=アウトプットインターフェース firewallNatProtocol=プロトコル @@ -484,12 +494,16 @@ firewallNatFormInputInterfaceToolTip=パケットの受け取りを行うイン firewallNatFormOutputInterfaceToolTip=パケットの送信を行うインターフェースを指定してください。 firewallNatFormProtocolToolTip=チェックを行う規約のプロトコルを指定してください。 firewallNatFormSourceNetworkToolTip=ソースネットワークまたはホストの名称(小数点数値/マスク)を指定してください。空欄の場合は0.0.0.0/0がセットされます +firewallNatFormSourceNetworkIPv6ToolTip=ソースネットワークまたはホストの名称(i.e. 2001:db8::/32)を指定してください。空欄の場合は::/0がセットされます firewallNatFormDestinationNetworkToolTip=デスティネーションネットワークまたはホストの名称(小数点数値/マスク)を指定してください。空欄の場合は0.0.0.0/0がセットされます +firewallNatFormDestinationNetworkIPv6ToolTip=デスティネーションネットワークまたはホストの名称(i.e. 2001:db8::/32)を指定してください。空欄の場合は::/0がセットされます firewallNatFormMasqueradingToolTip=IPマスカレーディング(1対多NAT)を行いたい場合は「はい」を選択してください。 firewallNatFormInputInterfaceErrorMessage=無効なパラメータです。パケットの受け取りを行うインターフェースを指定してください。 firewallNatFormOutputInterfaceErrorMessage=無効なパラメータです。パケットの送信を行うインターフェースを指定してください。 firewallNatFormSourceNetworkErrorMessage=無効なパラメータです。ソースネットワークまたはホストの名称(小数点数値/マスク)を指定してください。空欄の場合は0.0.0.0/0がセットされます +firewallNatFormSourceNetworkIPv6ErrorMessage=無効なパラメータです。ソースネットワークまたはホストの名称(i.e. 2001:db8::/32)を指定してください。空欄の場合は::/0がセットされます firewallNatFormDestinationNetworkErrorMessage=無効なパラメータです。デスティネーションネットワークまたはホストの名称(小数点数値/マスク)を指定してください。空欄の場合は0.0.0.0/0がセットされます +firewallNatFormDestinationNetworkIPv6ErrorMessage=無効なパラメータです。デスティネーションネットワークまたはホストの名称(i.e. 2001:db8::/32)を指定してください。空欄の場合は:;/0がセットされます firewallApply=適用 submitButton=提出 diff --git a/kura/test/org.eclipse.kura.linux.net.test/src/test/java/org/eclipse/kura/linux/net/iptables/IpTablesConfigTest.java b/kura/test/org.eclipse.kura.linux.net.test/src/test/java/org/eclipse/kura/linux/net/iptables/IpTablesConfigTest.java index d73fe76e560..3c32f2538ee 100644 --- a/kura/test/org.eclipse.kura.linux.net.test/src/test/java/org/eclipse/kura/linux/net/iptables/IpTablesConfigTest.java +++ b/kura/test/org.eclipse.kura.linux.net.test/src/test/java/org/eclipse/kura/linux/net/iptables/IpTablesConfigTest.java @@ -113,7 +113,7 @@ public void saveKuraChainsTest() throws KuraException, IOException { Set portForwardRules = new LinkedHashSet<>(); PortForwardRule portForwardRule = new PortForwardRule().inboundIface("eth0").outboundIface("eth1") - .address("172.16.0.1").protocol("tcp").inPort(3040).outPort(4050).masquerade(true) + .address("172.16.0.1").addressMask(32).protocol("tcp").inPort(3040).outPort(4050).masquerade(true) .permittedNetwork("172.16.0.100").permittedNetworkMask(32).permittedMAC("00:11:22:33:44:55:66") .sourcePortRange("10100:10200"); portForwardRules.add(portForwardRule); diff --git a/kura/test/org.eclipse.kura.linux.net.test/src/test/java/org/eclipse/kura/linux/net/iptables/LinuxFirewallTest.java b/kura/test/org.eclipse.kura.linux.net.test/src/test/java/org/eclipse/kura/linux/net/iptables/LinuxFirewallTest.java index acbabf1e46d..1e41f6fe52b 100644 --- a/kura/test/org.eclipse.kura.linux.net.test/src/test/java/org/eclipse/kura/linux/net/iptables/LinuxFirewallTest.java +++ b/kura/test/org.eclipse.kura.linux.net.test/src/test/java/org/eclipse/kura/linux/net/iptables/LinuxFirewallTest.java @@ -18,6 +18,7 @@ import java.net.UnknownHostException; import java.util.ArrayList; +import java.util.Arrays; import java.util.List; import org.eclipse.kura.KuraException; @@ -35,8 +36,11 @@ public void addLocalRuleTest() throws KuraException { setUpMock(); LinuxFirewall linuxFirewall = LinuxFirewall.getInstance(executorServiceMock); try { - linuxFirewall.addLocalRule(5400, "tcp", null, null, "eth0", null, "00:11:22:33:44:55:66", "10100:10200"); - } catch (KuraIOException e) { + LocalRule localRule = new LocalRule(5400, "tcp", + new NetworkPair(IP4Address.getDefaultAddress(), (short) 0), "eth0", null, + "00:11:22:33:44:55:66", "10100:10200"); + linuxFirewall.addLocalRules(Arrays.asList(localRule)); + } catch (KuraIOException | UnknownHostException e) { // do nothing... } @@ -53,8 +57,11 @@ public void addLocalRuleSourceSinglePortTest() throws KuraException { setUpMock(); LinuxFirewall linuxFirewall = LinuxFirewall.getInstance(executorServiceMock); try { - linuxFirewall.addLocalRule(5400, "tcp", null, null, "eth0", null, "00:11:22:33:44:55:66", "10100"); - } catch (KuraIOException e) { + LocalRule localRule = new LocalRule(5400, "tcp", + new NetworkPair(IP4Address.getDefaultAddress(), (short) 0), "eth0", null, + "00:11:22:33:44:55:66", "10100"); + linuxFirewall.addLocalRules(Arrays.asList(localRule)); + } catch (KuraIOException | UnknownHostException e) { // do nothing... } @@ -102,8 +109,11 @@ public void addPortForwardSourceRangeTest() throws KuraException { setUpMock(); LinuxFirewall linuxFirewall = LinuxFirewall.getInstance(executorServiceMock); try { - linuxFirewall.addPortForwardRule("eth0", "eth1", "172.16.0.1", "tcp", 3040, 4050, true, "172.16.0.100", - "32", "00:11:22:33:44:55:66", "10100:10200"); + PortForwardRule portForwardingRule = new PortForwardRule(); + portForwardingRule.inboundIface("eth0").outboundIface("eth1").address("172.16.0.1").addressMask(32) + .protocol("tcp").inPort(3040).outPort(4050).masquerade(true).permittedNetwork("172.16.0.100") + .permittedNetworkMask(32).permittedMAC("00:11:22:33:44:55:66").sourcePortRange("10100:10200"); + linuxFirewall.addPortForwardRules(Arrays.asList(portForwardingRule)); } catch (KuraIOException e) { // do nothing... } @@ -123,8 +133,11 @@ public void addPortForwardSourceSinglePortTest() throws KuraException { setUpMock(); LinuxFirewall linuxFirewall = LinuxFirewall.getInstance(executorServiceMock); try { - linuxFirewall.addPortForwardRule("eth0", "eth1", "172.16.0.1", "tcp", 3040, 4050, true, "172.16.0.100", - "32", "00:11:22:33:44:55:66", "10100"); + PortForwardRule portForwardingRule = new PortForwardRule(); + portForwardingRule.inboundIface("eth0").outboundIface("eth1").address("172.16.0.1").addressMask(32) + .protocol("tcp").inPort(3040).outPort(4050).masquerade(true).permittedNetwork("172.16.0.100") + .permittedNetworkMask(32).permittedMAC("00:11:22:33:44:55:66").sourcePortRange("10100"); + linuxFirewall.addPortForwardRules(Arrays.asList(portForwardingRule)); } catch (KuraIOException e) { // do nothing... } @@ -146,11 +159,11 @@ public void addPortForwardRulesTest() throws KuraException { List rules = new ArrayList<>(); try { PortForwardRule portForwardRule = new PortForwardRule().inboundIface("eth0").outboundIface("eth1") - .address("172.16.0.1").protocol("tcp").inPort(3040).outPort(4050).masquerade(true) + .address("172.16.0.1").addressMask(32).protocol("tcp").inPort(3040).outPort(4050).masquerade(true) .permittedNetwork("172.16.0.100").permittedNetworkMask(32).permittedMAC("00:11:22:33:44:55:66") .sourcePortRange("10100:10200"); PortForwardRule portForwardRule2 = new PortForwardRule().inboundIface("eth0").outboundIface("eth1") - .address("172.16.0.1").protocol("tcp").inPort(3040).outPort(4050).masquerade(true) + .address("172.16.0.1").addressMask(32).protocol("tcp").inPort(3040).outPort(4050).masquerade(true) .permittedNetwork("172.16.0.100").permittedNetworkMask(32).permittedMAC("00:11:22:33:44:55:66") .sourcePortRange("10100"); rules.add(portForwardRule); @@ -183,7 +196,8 @@ public void addAutoNatRuleTest() throws KuraException { setUpMock(); LinuxFirewall linuxFirewall = LinuxFirewall.getInstance(executorServiceMock); try { - linuxFirewall.addNatRule("eth0", "eth1", true, RuleType.GENERIC); + NATRule natRule = new NATRule("eth0", "eth1", null, null, null, true, RuleType.GENERIC); + linuxFirewall.addAutoNatRules(Arrays.asList(natRule)); } catch (KuraIOException e) { // do nothing... } @@ -195,128 +209,115 @@ public void addAutoNatRuleTest() throws KuraException { } @Test - public void addAutoNatRulesTest() throws KuraException { + public void addNatRuleTest() throws KuraException { setUpMock(); LinuxFirewall linuxFirewall = LinuxFirewall.getInstance(executorServiceMock); - List rules = new ArrayList<>(); try { - rules.add(new NATRule("eth0", "eth1", true, RuleType.GENERIC)); - linuxFirewall.addAutoNatRules(rules); + NATRule natRule = new NATRule("eth0", "eth1", "tcp", "172.16.0.1/32", "172.16.0.2/32", true, + RuleType.IP_FORWARDING); + linuxFirewall.addNatRules(Arrays.asList(natRule)); } catch (KuraIOException e) { // do nothing... } - assertTrue(linuxFirewall.getAutoNatRules().stream().anyMatch(rule -> { + assertTrue(linuxFirewall.getNatRules().stream().anyMatch(rule -> { return rule.getSourceInterface().equals("eth0") && rule.getDestinationInterface().equals("eth1") + && rule.getSource().equals("172.16.0.1/32") && rule.getDestination().equals("172.16.0.2/32") && rule.isMasquerade(); })); } @Test - public void addNatRuleTest() throws KuraException { + public void deleteLocalRuleTest() throws KuraException, UnknownHostException { setUpMock(); LinuxFirewall linuxFirewall = LinuxFirewall.getInstance(executorServiceMock); + LocalRule localRule = new LocalRule(5400, "tcp", + new NetworkPair(IP4Address.getDefaultAddress(), (short) 0), "eth0", null, + "00:11:22:33:44:55:66", "10100:10200"); try { - linuxFirewall.addNatRule("eth0", "eth1", "tcp", "172.16.0.1/32", "172.16.0.2/32", true, - RuleType.IP_FORWARDING); + linuxFirewall.addLocalRules(Arrays.asList(localRule)); } catch (KuraIOException e) { // do nothing... } - assertTrue(linuxFirewall.getNatRules().stream().anyMatch(rule -> { - return rule.getSourceInterface().equals("eth0") && rule.getDestinationInterface().equals("eth1") - && rule.getSource().equals("172.16.0.1/32") && rule.getDestination().equals("172.16.0.2/32") - && rule.isMasquerade(); - })); - } + assertFalse(linuxFirewall.getLocalRules().isEmpty()); + int size = linuxFirewall.getLocalRules().size(); - @Test - public void addNatRulesTest() throws KuraException { - setUpMock(); - LinuxFirewall linuxFirewall = LinuxFirewall.getInstance(executorServiceMock); - List rules = new ArrayList<>(); try { - rules.add( - new NATRule("eth0", "eth1", "tcp", "172.16.0.1/32", "172.16.0.2/32", true, RuleType.IP_FORWARDING)); - linuxFirewall.addNatRules(rules); + linuxFirewall.deleteLocalRule(localRule); } catch (KuraIOException e) { // do nothing... } - assertTrue(linuxFirewall.getNatRules().stream().anyMatch(rule -> { - return rule.getSourceInterface().equals("eth0") && rule.getDestinationInterface().equals("eth1") - && rule.getSource().equals("172.16.0.1/32") && rule.getDestination().equals("172.16.0.2/32") - && rule.isMasquerade(); - })); + assertEquals(size - 1, linuxFirewall.getLocalRules().size()); } @Test - public void deleteLocalRuleTest() throws KuraException, UnknownHostException { + public void deletePortForwardRuleTest() throws KuraException, UnknownHostException { setUpMock(); LinuxFirewall linuxFirewall = LinuxFirewall.getInstance(executorServiceMock); + PortForwardRule portForwardingRule = new PortForwardRule(); + portForwardingRule.inboundIface("eth0").outboundIface("eth1").address("172.16.0.1").addressMask(32) + .protocol("tcp").inPort(3040).outPort(4050).masquerade(true).permittedNetwork("172.16.0.100") + .permittedNetworkMask(32).permittedMAC("00:11:22:33:44:55:66").sourcePortRange("10100:10200"); try { - linuxFirewall.addLocalRule(5400, "tcp", null, null, "eth0", null, "00:11:22:33:44:55:66", "10100:10200"); + linuxFirewall.addPortForwardRules(Arrays.asList(portForwardingRule)); } catch (KuraIOException e) { // do nothing... } - assertFalse(linuxFirewall.getLocalRules().isEmpty()); - int size = linuxFirewall.getLocalRules().size(); + assertFalse(linuxFirewall.getPortForwardRules().isEmpty()); + int size = linuxFirewall.getPortForwardRules().size(); - LocalRule rule = new LocalRule(5400, "tcp", - new NetworkPair<>((IP4Address) IPAddress.parseHostAddress("0.0.0.0"), (short) 0), "eth0", null, - "00:11:22:33:44:55:66", "10100:10200"); try { - linuxFirewall.deleteLocalRule(rule); + linuxFirewall.deletePortForwardRule(portForwardingRule); } catch (KuraIOException e) { // do nothing... } - assertEquals(size - 1, linuxFirewall.getLocalRules().size()); + assertEquals(size - 1, linuxFirewall.getPortForwardRules().size()); } @Test - public void deletePortForwardRuleTest() throws KuraException, UnknownHostException { + public void deleteAutoNatRuleTest() throws KuraException, UnknownHostException { setUpMock(); LinuxFirewall linuxFirewall = LinuxFirewall.getInstance(executorServiceMock); + NATRule natRule = new NATRule("eth0", "eth1", null, null, null, true, RuleType.GENERIC); try { - linuxFirewall.addPortForwardRule("eth0", "eth1", "172.16.0.1", "tcp", 3040, 4050, true, "172.16.0.100", - "32", "00:11:22:33:44:55:66", "10100:10200"); + linuxFirewall.addAutoNatRules(Arrays.asList(natRule)); } catch (KuraIOException e) { // do nothing... } - assertFalse(linuxFirewall.getPortForwardRules().isEmpty()); - int size = linuxFirewall.getPortForwardRules().size(); + assertFalse(linuxFirewall.getAutoNatRules().isEmpty()); + int size = linuxFirewall.getAutoNatRules().size(); - PortForwardRule rule = new PortForwardRule().inboundIface("eth0").outboundIface("eth1").address("172.16.0.1") - .protocol("tcp").inPort(3040).outPort(4050).masquerade(true).permittedNetwork("172.16.0.100") - .permittedNetworkMask(32).permittedMAC("00:11:22:33:44:55:66").sourcePortRange("10100:10200"); try { - linuxFirewall.deletePortForwardRule(rule); + linuxFirewall.deleteAutoNatRule(natRule); } catch (KuraIOException e) { // do nothing... } - assertEquals(size - 1, linuxFirewall.getPortForwardRules().size()); + assertEquals(size - 1, linuxFirewall.getAutoNatRules().size()); } @Test - public void deleteAutoNatRuleTest() throws KuraException, UnknownHostException { + public void deleteNatRuleTest() throws KuraException, UnknownHostException { setUpMock(); LinuxFirewall linuxFirewall = LinuxFirewall.getInstance(executorServiceMock); + NATRule natRule = new NATRule("eth0", "eth1", "tcp", "172.16.0.1/32", "172.16.0.2/32", true, + RuleType.IP_FORWARDING); try { - linuxFirewall.addNatRule("eth0", "eth1", true, RuleType.GENERIC); + linuxFirewall.addNatRules(Arrays.asList(natRule)); } catch (KuraIOException e) { // do nothing... } - assertFalse(linuxFirewall.getAutoNatRules().isEmpty()); - int size = linuxFirewall.getAutoNatRules().size(); + assertFalse(linuxFirewall.getNatRules().isEmpty()); + int size = linuxFirewall.getNatRules().size(); - NATRule rule = new NATRule("eth0", "eth1", true, RuleType.GENERIC); try { - linuxFirewall.deleteAutoNatRule(rule); + linuxFirewall.deleteNatRule(natRule); } catch (KuraIOException e) { // do nothing... } @@ -329,7 +330,10 @@ public void deleteAllLocalRuleTest() throws KuraException, UnknownHostException setUpMock(); LinuxFirewall linuxFirewall = LinuxFirewall.getInstance(executorServiceMock); try { - linuxFirewall.addLocalRule(5400, "tcp", null, null, "eth0", null, "00:11:22:33:44:55:66", "10100:10200"); + LocalRule localRule = new LocalRule(5400, "tcp", + new NetworkPair(IP4Address.getDefaultAddress(), (short) 0), "eth0", null, + "00:11:22:33:44:55:66", "10100:10200"); + linuxFirewall.addLocalRules(Arrays.asList(localRule)); } catch (KuraIOException e) { // do nothing... } @@ -348,8 +352,11 @@ public void deleteAllPortForwardRuleTest() throws KuraException, UnknownHostExce setUpMock(); LinuxFirewall linuxFirewall = LinuxFirewall.getInstance(executorServiceMock); try { - linuxFirewall.addPortForwardRule("eth0", "eth1", "172.16.0.1", "tcp", 3040, 4050, true, "172.16.0.100", - "32", "00:11:22:33:44:55:66", "10100:10200"); + PortForwardRule portForwardingRule = new PortForwardRule(); + portForwardingRule.inboundIface("eth0").outboundIface("eth1").address("172.16.0.1").addressMask(32) + .protocol("tcp").inPort(3040).outPort(4050).masquerade(true).permittedNetwork("172.16.0.100") + .permittedNetworkMask(32).permittedMAC("00:11:22:33:44:55:66").sourcePortRange("10100:10200"); + linuxFirewall.addPortForwardRules(Arrays.asList(portForwardingRule)); } catch (KuraIOException e) { // do nothing... } @@ -368,7 +375,8 @@ public void deleteAllAutoNatRuleTest() throws KuraException, UnknownHostExceptio setUpMock(); LinuxFirewall linuxFirewall = LinuxFirewall.getInstance(executorServiceMock); try { - linuxFirewall.addNatRule("eth0", "eth1", true, RuleType.GENERIC); + NATRule natRule = new NATRule("eth0", "eth1", null, null, null, true, RuleType.GENERIC); + linuxFirewall.addAutoNatRules(Arrays.asList(natRule)); } catch (KuraIOException e) { // do nothing... } @@ -387,8 +395,9 @@ public void deleteAllNatRuleTest() throws KuraException, UnknownHostException { setUpMock(); LinuxFirewall linuxFirewall = LinuxFirewall.getInstance(executorServiceMock); try { - linuxFirewall.addNatRule("eth0", "eth1", "tcp", "172.16.0.1/32", "172.16.0.2/32", true, + NATRule natRule = new NATRule("eth0", "eth1", "tcp", "172.16.0.1/32", "172.16.0.2/32", true, RuleType.IP_FORWARDING); + linuxFirewall.addNatRules(Arrays.asList(natRule)); } catch (KuraIOException e) { // do nothing... }