1head:
2    prefix: crrbulk
3    label: I18N_OPENXPKI_UI_WORKFLOW_TYPE_CRR_BULK_LABEL
4    description: I18N_OPENXPKI_UI_WORKFLOW_TYPE_CRR_BULK_DESC
5
6state:
7    INITIAL:
8        action: initialize toarray > CHECK_BATCHMODE
9
10    CHECK_BATCHMODE:
11        autorun: 1
12        action:
13          - global_noop > PENDING  ? !global_is_automated_request
14          - check_authorized_signer > CHECK_AUTHORIZATION ? global_is_signed_request
15
16    CHECK_AUTHORIZATION:
17        autorun: 1
18        action:
19          - global_set_error_signer_not_authorized > FAILURE ? !global_is_signer_authorized !global_is_signer_revoked
20          - global_set_error_signer_expired > FAILURE ? global_is_signer_authorized !global_is_signer_revoked !global_is_signer_validity_ok
21          - global_set_error_signer_revoked > FAILURE ? global_is_signer_revoked global_is_signer_validity_ok
22          - global_noop > APPROVED ? global_is_signer_authorized !global_is_signer_revoked global_is_signer_validity_ok
23
24    PENDING:
25        label: I18N_OPENXPKI_UI_WORKFLOW_STATE_CRR_BULK_PENDING_LABEL
26        description: I18N_OPENXPKI_UI_WORKFLOW_STATE_CRR_BULK_PENDING_DESC
27        action:
28          - approve_crr > APPROVED ? acl_can_approve
29          - reject_crr > REJECTED ? acl_can_reject
30        output:
31          - reason_code
32          - cert_identifier_list
33          - comment
34
35        button:
36          approve_crr:
37            format: expected
38          reject_crr:
39            format: failure
40
41    APPROVED:
42        autorun: 1
43        action: global_create_tmp_queue > HANDLE_REVOCATION_QUEUE
44
45    HANDLE_REVOCATION_QUEUE:
46        autorun: 1
47        action:
48         - global_get_next_cert_identifier > CHECK_CERT_STATUS ? !global_is_tmp_queue_empty
49         - global_noop > SUCCESS ? global_is_tmp_queue_empty
50
51    CHECK_CERT_STATUS:
52        autorun: 1
53        action:
54          - revoke_certificate > HANDLE_REVOCATION_QUEUE ? is_certificate_issued
55          - push_to_failed_queue > HANDLE_REVOCATION_QUEUE ? !is_certificate_issued
56
57    SUCCESS:
58        label: I18N_OPENXPKI_UI_WORKFLOW_STATE_SUCCESS_LABEL
59        description: I18N_OPENXPKI_UI_WORKFLOW_STATE_SUCCESS_DESC
60        output:
61          - reason_code
62          - cert_identifier_list
63          - cert_identifier_ignored
64          - comment
65
66    FAILURE:
67        label: I18N_OPENXPKI_UI_WORKFLOW_STATE_FAILURE_LABEL
68        description: I18N_OPENXPKI_UI_WORKFLOW_STATE_FAILURE_DESC
69        output:
70          - reason_code
71          - cert_identifier_list
72          - cert_identifier_ignored
73          - comment
74
75    REJECTED:
76        label: I18N_OPENXPKI_UI_WORKFLOW_STATE_REJECTED_LABEL
77        description: I18N_OPENXPKI_UI_WORKFLOW_STATE_REJECTED_DESC
78        output:
79          - reason_code
80          - cert_identifier_list
81          - cert_identifier_ignored
82          - comment
83
84action:
85    initialize:
86        class: OpenXPKI::Server::Workflow::Activity::Tools::SetSource
87        label: I18N_OPENXPKI_UI_WORKFLOW_ACTION_CREATE_CRR_LABEL
88        description: I18N_OPENXPKI_UI_WORKFLOW_ACTION_CREATE_CRR_DESC
89        input:
90          - cert_identifier_list
91          - reason_code
92          - comment
93          - server
94          - interface
95          - signer_cert
96
97        validator:
98          - global_reason_code
99
100    check_authorized_signer:
101        class: OpenXPKI::Server::Workflow::Activity::Tools::EvaluateSignerTrust
102        param:
103            _map_rules: "[% context.interface %].[% context.server %].authorized_signer"
104
105    approve_crr:
106        class: OpenXPKI::Server::Workflow::Activity::Tools::Approve
107        label: I18N_OPENXPKI_UI_WORKFLOW_ACTION_APPROVE_CRR_LABEL
108        description: I18N_OPENXPKI_UI_WORKFLOW_ACTION_APPROVE_CRR_DESC
109        param:
110            check_creator: 0
111            multi_role_approval: 0
112
113    reject_crr:
114        class: OpenXPKI::Server::Workflow::Activity::Noop
115        label: I18N_OPENXPKI_UI_WORKFLOW_ACTION_REJECT_CRR_LABEL
116        description: I18N_OPENXPKI_UI_WORKFLOW_ACTION_REJECT_CRR_DESC
117
118    revoke_certificate:
119        class: OpenXPKI::Server::Workflow::Activity::Tools::RevokeCertificate
120        param:
121            workflow: certificate_revocation_request_v2
122            _map_reason_code: $reason_code
123            _map_comment: $comment
124            flag_auto_approval : 1
125            flag_batch_mode: 1
126
127    push_to_failed_queue:
128        class: OpenXPKI::Server::Workflow::Activity::Tools::WFArray
129        param:
130            array_name: cert_identifier_ignored
131            context_key: cert_identifier
132            function: push
133
134    toarray:
135        class: OpenXPKI::Server::Workflow::Activity::Tools::StringToArray
136        param:
137            _map_value: $cert_identifier_list
138            target_key: cert_identifier_list
139
140
141condition:
142
143    acl_can_approve:
144        class: Workflow::Condition::LazyAND
145        param:
146            condition1: global_is_operator
147#           condition2: "!global_is_creator"
148
149    acl_can_reject:
150        class: Workflow::Condition::LazyAND
151        param:
152            condition1: global_is_operator
153#           condition2: "!global_is_creator"
154
155    is_certificate_issued:
156        class: OpenXPKI::Server::Workflow::Condition::CertificateHasStatus
157        param:
158          expected_status: ISSUED
159
160
161field:
162    entity:
163        label: I18N_OPENXPKI_UI_WORKFLOW_FIELD_ENTITY_LABEL
164        name: entity
165        required: 1
166
167    cert_identifier_list:
168        label: I18N_OPENXPKI_UI_WORKFLOW_FIELD_CERTIFICATE_IDENTIFIER_LIST_LABEL
169        name: cert_identifier_list
170        type: uploadarea
171        placeholder: I18N_OPENXPKI_UI_WORKFLOW_FIELD_CERTIFICATE_IDENTIFIER_LIST_PLACEHOLDER
172        format: linklist
173        preamble: Subject / Status / Identifier
174        yaml_template: >
175          [% USE Certificate %]
176          [% FOREACH identifier = value %]
177            - page: certificate!detail!identifier![% identifier %]
178              label: [% IF Certificate.status(identifier) %][% Certificate.dn(identifier, 'CN') %] / [% Certificate.status(identifier) %] / [% identifier %]
179                [% ELSE %]Unknown / Unknown / [% identifier %][% END %]
180          [% END %]
181
182    cert_identifier_ignored:
183        label: I18N_OPENXPKI_UI_WORKFLOW_FIELD_CERTIFICATE_IDENTIFIER_IGNORED_LABEL
184        name: cert_identifier_ignored
185        format: linklist
186        preamble: Subject / Status / Identifier
187        yaml_template: >
188          [% USE Certificate %]
189          [% FOREACH identifier = value %]
190            - page: certificate!detail!identifier![% identifier %]
191              label: [% IF Certificate.status(identifier) %][% Certificate.dn(identifier, 'CN') %] / [% Certificate.status(identifier) %] / [% identifier %]
192                [% ELSE %]Unknown / Unknown / [% identifier %][% END %]
193          [% END %]
194
195acl:
196    CA Operator:
197        creator: any
198
199    RA Operator:
200        creator: any
201        fail: 1
202        resume: 1
203        wakeup: 1
204        history: 1
205        techlog: 1
206        attribute: 1
207        context: 1
208
209    System:
210        creator: any
211        fail: 1
212        resume: 1
213        wakeup: 1
214
215