google-nomulus/java/google/registry/ui/soy/registrar/SecuritySettings.soy

// Copyright 2016 The Nomulus Authors. All Rights Reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//     http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

{namespace registry.soy.registrar.security autoescape="strict"}


/** Registrar security settings page for view and edit. */
{template .settings}
  {@param ipAddressWhitelist: list<string>}
  {@param phonePasscode: string}
  {@param? clientCertificate: string}
  {@param? clientCertificateHash: string}
  {@param? failoverClientCertificate: string}
  {@param readonly: bool}
  <form name="item" class="{css item} {css registrar}">
    <h1>Security settings</h1>
    {if $readonly}
      <p>Use the 'Edit' button above to switch to enable editing the information below.
    {/if}
    <table>
      <tr class="{css kd-settings-pane-section}">
        <td>
          <label class="{css setting-label}">Web console access</label>
        <td class="{css setting}">
          <p>Your web console account is managed through&nbsp;
            <a href="https://www.google.com/accounts"
               target="_blank" rel="noopener">Google account settings</a>.

      <tr class="{css kd-settings-pane-section}">
        <td>
          <label class="{css setting-label}">IP whitelist</label>
          <span class="{css description}">Restrict access to EPP
            production servers to the following IP/IPv6 addresses, or
            ranges like 1.1.1.1/24</span>
        </td>
        <td class="{css setting}">
          <div class="{css info} {css summary}">
            <div id="ips">
              {foreach $ip in $ipAddressWhitelist}
                {call .ip}
                  {param name: 'ipAddressWhitelist[' + index($ip) + ']' /}
                  {param ip: $ip /}
                {/call}
              {/foreach}
            </div>
            <div class="{css hidden}">
              <input id="newIp" value="" placeholder="Enter IP address..."/>
              <button id="btn-add-ip" type="button"
                      class="{css kd-button} {css btn-add}">Add</button>
            </div>
          </div>
        </td>

      <tr class="{css kd-settings-pane-section}">
        <td>
          <label class="{css setting-label}">Telephone passcode</label>
          <span class="{css description}">Use this for support calls to the Registry.</span>
        </td>
        <td class="{css setting}">
          <div id="domain-registrar-phone-passcode">
            {if isNonnull($phonePasscode)}
              <input id="phonePasscode"
                     name="phonePasscode"
                     value="{$phonePasscode}" readonly>
            {else}
              <p><em>Your phone passcode is pending allocation.</em>
            {/if}
          </div>
        </td>

      <tr class="{css kd-settings-pane-section}">
        <td>
          <label class="{css setting-label}">SSL Certificate</label>
          <span class="{css description}">X.509 PEM certificate for EPP production access.</span>
        </td>
        <td class="{css setting}">
          {if isNonnull($clientCertificate)}
            <textarea
               name="clientCertificate"
               rows="16"
               cols="64"
               {if $readonly}readonly{/if}>{$clientCertificate}</textarea>
          {elseif isNonnull($clientCertificateHash)}
            {if $readonly}
              <p>
                You submitted your SSL certificate before full certificates
                were stored.  Currently only the hash of your certificate may
                be viewed.  Please re-submit or update your certificate by
                using the Edit button on the top of this page.

              <p class="{css certhash}">
                <span class="{css description}">Existing certificate SHA256 base64 hash:</span>
                {$clientCertificateHash}
            {else}
              <textarea name="clientCertificate" rows="16" cols="64"></textarea>
            {/if}
          {else}
            {if $readonly}
              <p>No certificate on file.  Use the Edit button on the top of this page to add one.
            {else}
              <p>No certificate on file.  Please enter your certificate below.
              <textarea id="clientCertificate"
                        name="clientCertificate"
                        rows="16" cols="64"></textarea>
              <div class="{css description}">
                Example format:
                <textarea id="exampleCert" rows="17" cols="64" readonly>
                  -----BEGIN CERTIFICATE-----{\n}
                  MIIDvTCCAqWgAwIBAgIJAK/PgPT0jTwRMA0GCSqGSIb3DQEBCwUAMHUxCzAJBgNV{\n}
                  BAYTAlVTMREwDwYDVQQIDAhOZXcgWW9yazERMA8GA1UEBwwITmV3IFlvcmsxDzAN{\n}
                  BgNVBAoMBkdvb2dsZTEdMBsGA1UECwwUZG9tYWluLXJlZ2lzdHJ5LXRlc3QxEDAO{\n}
                  BgNVBAMMB2NsaWVudDEwHhcNMTUwODI2MTkxODA4WhcNNDMwMTExMTkxODA4WjB1{\n}
                  MQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsxETAPBgNVBAcMCE5ldyBZ{\n}
                  b3JrMQ8wDQYDVQQKDAZHb29nbGUxHTAbBgNVBAsMFGRvbWFpbi1yZWdpc3RyeS10{\n}
                  ZXN0MRAwDgYDVQQDDAdjbGllbnQxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB{\n}
                  CgKCAQEAvoE/IoFJyzb0dU4NFhL8FYgy+B/GnUd5aA66CMx5xKRMbEAtIgxU8TTO{\n}
                  W+9jdTsE00Grk3Ct4KdY73CYW+6IFXL4O0K/m5S+uajh+I2UMVZJV38RAIqNxue0{\n}
                  Egv9M4haSsCVIPcX9b+6McywfYSF1bzPb2Gb2FAQO7Jb0BjlPhPMIROCrbG40qPg{\n}
                  LWrl33dz+O52kO+DyZEzHqI55xH6au77sMITsJe+X23lzQcMFUUm8moiOw0EKrj/{\n}
                  GaMTZLHP46BCRoJDAPTNx55seIwgAHbKA2VVtqrvmA2XYJQA6ipdhfKRoJFy8Z8H{\n}
                  DYsorGtazQL2HhF/5uJD25z1m5eQHQIDAQABo1AwTjAdBgNVHQ4EFgQUParEmiSR{\n}
                  U/Oqy8hr7k+MBKhZwVkwHwYDVR0jBBgwFoAUParEmiSRU/Oqy8hr7k+MBKhZwVkw{\n}
                  DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAojsUhF6PtZrStnHBFWNR{\n}
                  ryzvANB8krZlYeX9Hkqn8zIVfAkpbVmL8aZQ7yj17jSpw47PQh3x5gwA9yc/SS0G{\n}
                  E1rGuxYH02UGbua8G0+vviSQfLtskPQzK7EIR63WNhHEo/Q9umLJkZ0LguWEBf3L{\n}
                  q8CoXv2i/RNvqVPcTNp/zCKXJZAa8wAjNRJs834AZj4k5xwyYZ3F8D5PGz+YMOmV{\n}
                  M9Qd+NdXSC/Qn7HQzFhE8p5elBV35P8oX5dXEfn0S7zOXDenp5JvvLoggOWOcKsq{\n}
                  KiWDQrsT+TMKmHL94/h4t7FghtQLMzY5SGYJsYTv/LG8tewrz6KRb/Wj3JNojyEw{\n}
                  Ug=={\n}
                  -----END CERTIFICATE-----
                </textarea>
              </div>
            {/if}
          {/if}
        </td>

      <tr class="{css kd-settings-pane-section}">
        <td>
          <label class="{css setting-label}">
            Failover SSL Certificate
          </label>
          <span class="{css description}">
            X.509 PEM backup certificate for EPP Production Access.
          </span>
        <td class="{css setting}">
          {if $readonly and not isNonnull($failoverClientCertificate)}
            <p>No failover certificate on file.
          {else}
            <textarea id="failoverClientCertificate"
                      name="failoverClientCertificate"
                      rows="16"
                      cols="64"
                      {if $readonly}readonly{/if}>
              {$failoverClientCertificate ?: ''}
            </textarea>
          {/if}

    </table>
  </form>
{/template}


/** IP address form input. */
{template .ip}
  {@param name: string}
  {@param ip: string}
  <div class="{css ip}">
    <button type="button" class="{css kd-button} {css btn-remove} {css hidden}">
      <i class="{css icon-remove} {css edit}">x</i>
    </button>
    <input name="{$name}" value="{$ip}" readonly>
  </div>
{/template}