Continue adding security

src/main/java/com/bwssystems/HABridge/BridgeSecurity.java

@@ -4,6 +4,7 @@ import java.io.IOException;
 import java.io.UnsupportedEncodingException;
 import java.security.GeneralSecurityException;
 import java.util.Base64;
+import java.util.HashMap;
 
 import javax.crypto.Cipher;
 import javax.crypto.SecretKey;
@@ -63,12 +64,39 @@ public class BridgeSecurity {
 		if(aUser != null) {
 			error = aUser.validate();
 			if(error == null) {
-				User theUser = securityDescriptor.getUsers().get(aUser.getUsername());
-				if(theUser != null) {
-					theUser.setPassword(aUser.getPassword());
-					theUser.setPassword2(null);
+				if(securityDescriptor.getUsers() != null) {
+					User theUser = securityDescriptor.getUsers().get(aUser.getUsername());
+					if(theUser != null) {
+						theUser.setPassword(aUser.getPassword());
+						theUser.setPassword2(null);
+						settingsChanged = true;
+					}
+					else
+						error = "User not found";
+				}
+				else
+					error = "User not found";
+			}
+		}
+		else
+			error = "invalid user object given";
+		
+		return error;
+	}
+
+	public String addUser(User aUser) throws IOException {
+		String error = null;
+		if(aUser != null) {
+			error = aUser.validate();
+			if(error == null) {
+				if(securityDescriptor.getUsers() == null)
+					securityDescriptor.setUsers(new HashMap<String, User>());
+				if(securityDescriptor.getUsers().get(aUser.getUsername()) == null) {
+					securityDescriptor.getUsers().put(aUser.getUsername(), aUser);
 					settingsChanged = true;
 				}
+				else
+					error = "Invalid request";
 			}
 		}
 		else
@@ -101,6 +129,7 @@ public class BridgeSecurity {
 		SecurityInfo theInfo = new SecurityInfo();
 		theInfo.setExecGarden(getExecGarden());
 		theInfo.setUseLinkButton(isUseLinkButton());
+		theInfo.setSecureHueApi(isSecureHueApi());
 		theInfo.setSecure(isSecure());
 		return theInfo;
 	}

src/main/java/com/bwssystems/HABridge/SecurityInfo.java

@@ -3,7 +3,7 @@ package com.bwssystems.HABridge;
 public class SecurityInfo {
 	private boolean useLinkButton;
 	private String execGarden;
-	private boolean seucreHueApi;
+	private boolean secureHueApi;
 	private boolean isSecure;
 	
 	public boolean isUseLinkButton() {
@@ -18,11 +18,11 @@ public class SecurityInfo {
 	public void setExecGarden(String execGarden) {
 		this.execGarden = execGarden;
 	}
-	public boolean isSeucreHueApi() {
-		return seucreHueApi;
+	public boolean isSecureHueApi() {
+		return secureHueApi;
 	}
-	public void setSeucreHueApi(boolean seucreHueApi) {
-		this.seucreHueApi = seucreHueApi;
+	public void setSecureHueApi(boolean secureHueApi) {
+		this.secureHueApi = secureHueApi;
 	}
 	public boolean isSecure() {
 		return isSecure;

src/main/java/com/bwssystems/HABridge/SystemControl.java

@@ -13,6 +13,7 @@ import java.text.DateFormat;
 import java.text.SimpleDateFormat;
 import java.util.Arrays;
 import java.util.Timer;
+import java.util.Base64;
 
 import org.apache.http.HttpStatus;
 import org.slf4j.Logger;
@@ -110,12 +111,70 @@ public class SystemControl extends AuthFramework {
 			return theLogServiceMgr.getConfiguredLoggers();
 	    }, new JsonTransformer());
 
-	    // http://ip_address:port/system/securityinfo gets the security info for the bridge
-    	get (SYSTEM_CONTEXT + "/securityinfo", "application/json", (request, response) -> {
-			log.debug("Get security info");
-			response.status(200);
-			return bridgeSettings.getBridgeSecurity().getSecurityInfo();
-	    }, new JsonTransformer());
+//      http://ip_address:port/system/setpassword CORS request
+	    options(SYSTEM_CONTEXT + "/setpassword", "application/json", (request, response) -> {
+	        response.status(HttpStatus.SC_OK);
+	        response.header("Access-Control-Allow-Origin", request.headers("Origin"));
+	        response.header("Access-Control-Allow-Methods", "GET, POST, PUT");
+	        response.header("Access-Control-Allow-Headers", request.headers("Access-Control-Request-Headers"));
+	        response.header("Content-Type", "text/html; charset=utf-8");
+	    	return "";
+	    });
+//      http://ip_address:port/system/setpassword which sets a password for a given user
+		post(SYSTEM_CONTEXT + "/setpassword", "application/json", (request, response) -> {
+			log.debug("setpassword....");
+			String theDecodedPayload = new String(Base64.getDecoder().decode(request.body()));
+			User theUser = new Gson().fromJson(theDecodedPayload, User.class);
+			String errorMessage = bridgeSettings.getBridgeSecurity().setPassword(theUser);
+			if(errorMessage != null) {
+		        response.status(HttpStatus.SC_BAD_REQUEST);
+		        errorMessage = "{\"message\":\"" + errorMessage + "\"}";
+			}
+			else
+		        response.status(HttpStatus.SC_OK);
+
+            return errorMessage;
+        });
+
+//      http://ip_address:port/system/adduser CORS request
+	    options(SYSTEM_CONTEXT + "/adduser", "application/json", (request, response) -> {
+	        response.status(HttpStatus.SC_OK);
+	        response.header("Access-Control-Allow-Origin", request.headers("Origin"));
+	        response.header("Access-Control-Allow-Methods", "GET, POST, PUT");
+	        response.header("Access-Control-Allow-Headers", request.headers("Access-Control-Request-Headers"));
+	        response.header("Content-Type", "text/html; charset=utf-8");
+	    	return "";
+	    });
+//      http://ip_address:port/system/adduser which adds a new user
+		post(SYSTEM_CONTEXT + "/adduser", "application/json", (request, response) -> {
+			log.debug("adduser....");
+			String theDecodedPayload = new String(Base64.getDecoder().decode(request.body()));
+			User theUser = new Gson().fromJson(theDecodedPayload, User.class);
+			String errorMessage = theUser.validate();
+			if(errorMessage != null) {
+		        response.status(HttpStatus.SC_BAD_REQUEST);
+		        errorMessage = "{\"message\":\"" + errorMessage + "\"}";
+			} else {
+		        response.status(HttpStatus.SC_OK);
+			}
+
+            return errorMessage;
+        });
+
+//      http://ip_address:port/system/login CORS request
+	    options(SYSTEM_CONTEXT + "/login", "application/json", (request, response) -> {
+	        response.status(HttpStatus.SC_OK);
+	        response.header("Access-Control-Allow-Origin", request.headers("Origin"));
+	        response.header("Access-Control-Allow-Methods", "GET, POST, PUT");
+	        response.header("Access-Control-Allow-Headers", request.headers("Access-Control-Request-Headers"));
+	        response.header("Content-Type", "text/html; charset=utf-8");
+	    	return "";
+	    });
+//      http://ip_address:port/system/login validates the login
+		post(SYSTEM_CONTEXT + "/login", "application/json", (request, response) -> {
+			log.debug("login....");
+            return null;
+        }, new JsonTransformer());
 
 //      http://ip_address:port/system/presslinkbutton CORS request
 	    options(SYSTEM_CONTEXT + "/presslinkbutton", "application/json", (request, response) -> {
@@ -135,20 +194,12 @@ public class SystemControl extends AuthFramework {
             return null;
         }, new JsonTransformer());
 
-//      http://ip_address:port/system/setpassword CORS request
-	    options(SYSTEM_CONTEXT + "/setpassword", "application/json", (request, response) -> {
-	        response.status(HttpStatus.SC_OK);
-	        response.header("Access-Control-Allow-Origin", request.headers("Origin"));
-	        response.header("Access-Control-Allow-Methods", "GET, POST, PUT");
-	        response.header("Access-Control-Allow-Headers", request.headers("Access-Control-Request-Headers"));
-	        response.header("Content-Type", "text/html; charset=utf-8");
-	    	return "";
-	    });
-//      http://ip_address:port/system/setpassword which sets a password for a given user
-		post(SYSTEM_CONTEXT + "/setpassword", "application/json", (request, response) -> {
-			log.debug("setpassword....");
-            return null;
-        }, new JsonTransformer());
+	    // http://ip_address:port/system/securityinfo gets the security info for the bridge
+    	get (SYSTEM_CONTEXT + "/securityinfo", "application/json", (request, response) -> {
+			log.debug("Get security info");
+			response.status(200);
+			return bridgeSettings.getBridgeSecurity().getSecurityInfo();
+	    }, new JsonTransformer());
 
 //      http://ip_address:port/system/changesecurityinfo CORS request
 	    options(SYSTEM_CONTEXT + "/changesecurityinfo", "application/json", (request, response) -> {
@@ -166,25 +217,10 @@ public class SystemControl extends AuthFramework {
 			if(theInfo.getExecGarden() != null)
 				bridgeSettings.getBridgeSecurity().setExecGarden(theInfo.getExecGarden());
 			bridgeSettings.getBridgeSecurity().setUseLinkButton(theInfo.isUseLinkButton());
-			bridgeSettings.getBridgeSecurity().setSecureHueApi(theInfo.isSeucreHueApi());
+			bridgeSettings.getBridgeSecurity().setSecureHueApi(theInfo.isSecureHueApi());
             return bridgeSettings.getBridgeSecurity().getSecurityInfo();
         }, new JsonTransformer());
 
-//      http://ip_address:port/system/login CORS request
-	    options(SYSTEM_CONTEXT + "/login", "application/json", (request, response) -> {
-	        response.status(HttpStatus.SC_OK);
-	        response.header("Access-Control-Allow-Origin", request.headers("Origin"));
-	        response.header("Access-Control-Allow-Methods", "GET, POST, PUT");
-	        response.header("Access-Control-Allow-Headers", request.headers("Access-Control-Request-Headers"));
-	        response.header("Content-Type", "text/html; charset=utf-8");
-	    	return "";
-	    });
-//      http://ip_address:port/system/login validates the login
-		post(SYSTEM_CONTEXT + "/login", "application/json", (request, response) -> {
-			log.debug("login....");
-            return null;
-        }, new JsonTransformer());
-
 //      http://ip_address:port/system/logmgmt/update CORS request
 	    options(SYSTEM_CONTEXT + "/logmgmt/update", "application/json", (request, response) -> {
 	        response.status(HttpStatus.SC_OK);