<?php
       
//------------------------------------------------------------------------------
//  Licensed Materials - Property of IBM
//  (c) Copyright IBM Corporation 2001,2002 All Rights Reserved.
//  US Government Users Restricted Rights - Use, duplication or disclosure 
//  restricted by GSA ADP Schedule Contract with IBM Corp.
//------------------------------------------------------------------------------
//  Set Logical Library Encryption
//  
//  Filename:  ml_loglib_encryption_set.htm
//
//  This file displays handles logical library delete requests.
//
//  When a POST is received, POST data is retrieved and the appropriate
//  extension is called.  Return information is sent via a POST (form_out). 
//
//  Input:  POST data
//      url             original request page
//      libGuid         lib guid  
//
//  Ouput:  POST ('form_out')
//
//      url             original request page
//      errorCode       result of operation
//      returnMessage   text information about the operation results 
//      
//  Change History:
//      
//  Date        Defect  Changed By  Description of Change
//  ----        ------  ----------  ---------------------
//  08/10/2005          rwinston    File Created
//  07/12/2012  1756    dagalleg    Primary or secondary address can be entered as either ipv4,ipv6, or hostname. 
//  09/24/2012  1829    dagalleg    Add SNMP audit logging.  
//
//------------------------------------------------------------------------------  
include('common_admin_inc.htm');

include('main_inc.htm');

class ServerAddress
{
   var $ip;
   var $port;

   function ServerAddress($ip_in, $port_in)
   {
      $this->ip = $ip_in;
      $this->port = $port_in;
   }
}


   class Encryption
   {
       var $libGuid;
       var $method;
       var $policy;
       var $density;
       var $key_path;
       var $method_not_used;
       var $policy_not_used;
       var $fips_mode;

       function Encryption($libGuid,  
                           $method, 
                           $policy,  
                           $density, 
                           $key_path,
                           $method_not_used,
                           $policy_not_used,
			   $fips_mode)
       {
           $this->libGuid  = $libGuid;
           $this->method   = $method;
           $this->policy   = $policy;
           $this->density  = $density;
           $this->key_path = $key_path;

           $this->method_not_used = $method_not_used;
           $this->policy_not_used = $policy_not_used;
	   $this->fips_mode = $fips_mode;
       }
   }
   
   class EKM
   {
       var $primaryIP;
       var $primaryPort;
       var $secondaryIP;
       var $secondaryPort;
       var $useSSL;
   
       function EKM($primaryIP,   
                    $primaryPort, 
                    $secondaryIP,  
                    $secondaryPort,
                    $useSSL)
       {
           $this->primaryIP     = $primaryIP;   
           $this->primaryPort   = $primaryPort; 
           $this->secondaryIP   = $secondaryIP; 
           $this->secondaryPort = $secondaryPort;
           $this->useSSL = $useSSL;
       }
   }


   //initialize variables
   $errorCode     = 0;
   $returnMessage = " ";
   $url           = " " ;
   

    if ($_SERVER['REQUEST_METHOD'] == "POST")
    {

       $url           = $_REQUEST['url'];

       $primaryIP     = split(";",$_REQUEST['primaryIP']);        
       $primaryPort   = split(";",$_REQUEST['primaryPort']);     
       $secondaryIP   = split(";",$_REQUEST['secondaryIP']);  
       $secondaryPort = split(";",$_REQUEST['secondaryPort']); 
       $useSSL = split(";",$_REQUEST['useSSL']);

       $libGuids = split(":", $_REQUEST['libGuid']);
       $libNames = split(":", $_REQUEST['libNames']);
       $method   = split(";", $_REQUEST['method']);
       $serverType   = split(";", $_REQUEST['serverType']);
       $policy   = split(";", $_REQUEST['policy']);
       $density  = split(";", $_REQUEST['density']);
       $key_path = split(";", $_REQUEST['key_path']);

       $method_not_used   = split(";", $_REQUEST['method_not_used']);
       $policy_not_used   = split(";", $_REQUEST['policy_not_used']);

      
       error_log("Logical libraries being updated and new encryption values:");
       error_log("----------------------------------------------------------"); 
       error_log("libNames: ".print_r($libNames,true));
       error_log("primaryIP: ".print_r($primaryIP,true));
       error_log("primaryPort: ".print_r($primaryPort,true));
       error_log("secondaryIP: ".print_r($secondaryIP,true));
       error_log("secondaryPort: ".print_r($secondaryPort,true));
       error_log("useSSL: ".print_r($useSSL,true));
       error_log("serverType: ".print_r($serverType,true));
       error_log("----------------------------------------------------------"); 
       
       $numGuids = count($libGuids);        

              
       for ($l = 0; $l < $numGuids; $l++)
       {                                       
       	   $configEKM = 0;
       	   
           if ((int)$method[$l]==4) 
           {
               $configEKM = 1;
           }

           $AMEencryptionData = new Encryption($libGuids[$l], 3, -1, -1, -1, -1,-1, 0);
           $encryptionData = new Encryption($libGuids[$l], (int)$method[$l], (int)$policy[$l], (int)$density[$l], (int)$key_path[$l], (int)$method_not_used[$l],(int)$policy_not_used[$l], 0);
           $currentEKMdata = get_ekm_by_library($user, $libGuids[$l]);
           $currentPartitionEncryptionData=get_partition_enryption($user,$libGuids[$l]);
           error_log("Current EKM data for library: ".print_r($currentKEMdata,true));
           error_log("Current Encrypiton data for library: ".print_r($currentPartitionEncryptionData,true));
           
           error_log("******libGuid:".$libGuids[$l]."set_partion_encryption data = ". print_r($encryptionData, true));

           
           // only one global encryption type for LME is allowed, if the serverType is different than the global update the global type
           // for LME partitions otherwise do not update the global type

           $globalType=get_ekm_type($user);
           if ( $globalType != (int)$serverType[$l])
           {
              error_log("Globle encrytion server type does not match the logical library type, updating.");
              if ((int)$method[$l] == 4) // LME
              {
                 if ((int)$serverType[$l] == 4)  // KMIP 
                 {
                   //set the partition to AME before trying to switch to KMIP LME incase a drive has been set to NONE
                   set_partition_enryption($user, $AMEencryptionData);  
                 } 
                 error_log("Updating global encryption type: ".$serverType[$l]);
                 set_ekm_type($user,(int)$serverType[$l]);
                 set_partition_enryption($user, $encryptionData);  
              }
              else  // Not LME, AME, System managed or None
              {
                 set_ekm_type($user,1);  // temporarily update this value to correctly configure the drives for these methods.
                 set_partition_enryption($user, $encryptionData);  
                 set_ekm_type($user,$globalType); // reset the ekm global value so LME paritions function correctly
              }
           }
           else
           {
              error_log("Globle encrytion server type matches the logical library type.");
              if (((int)$currentEKMdata->serverType == 1) && ((int)$serverType[$l] == 4))  // Going from EKM to KMIP
              {
                 //set the partition to AME before trying to switch to KMIP LME when going from EKM to KMIP
                 set_ekm_type($user,1);
                 set_partition_enryption($user, $AMEencryptionData);  
                 set_ekm_type($user,$globalType);
              }
              elseif (((int)$currentPartitionEncryptionData->method != 4) && ((int)$serverType[$l] == 4))  // Partition was not LME, but goingn to KMIP and LME 
              {
                 //set the partition to AME before trying to switch to KMIP LME when going from EKM to KMIP
                 set_ekm_type($user,1);
                 set_partition_enryption($user, $AMEencryptionData);  
                 set_ekm_type($user,$globalType);
              }
              else 
                 error_log("No special drive processing needed.");
                 
              set_partition_enryption($user, $encryptionData);  
           }
           
           
       	   if(get_snmp_audit_logging_enabled($user) == '1')
           {
   		        error_log("send_snmp_audit_logging_partition_config_changed_trap");
       	   		send_snmp_audit_logging_partition_config_changed_trap($user, $libNames[$l], "A logical library configuration setting has been changed from the Web UI");
           }

           
           $encryptData = get_partition_enryption($user, $libGuids[$l]);
           error_log("******results of get_partition_encryption: ".print_r($encryptData, true)); 
           error_log("******".$encryptData->libGuid." ".$encryptData->method." ".$encryptData->policy." ".$encryptData->density." ".$encryptData->key_path." ".$encryptData->method_not_used." ".$encryptData->policy_not_used);
           

           if ($numGuids > 1)
           {
               if ($l == 0)
               {
                   $returnMessage = "The encryption settings for the following logical libraries have been successfully updated:";
                   $returnMessage = $returnMessage."<li>".$libNames[$l];
               }
               else
               {
                   $returnMessage = $returnMessage."<li>".$libNames[$l];
               }
           }
           else
           {             
               $returnMessage = "The encryption settings for ".$libNames[$l]." have been successfully updated.";
           }


           if ($configEKM == 1) 
           { 
               if (($secondaryIP[$l] == "0.0.0.0") || ($secondaryIP[$l] == "") || ($secondaryIP[$l] == "0") )
               {
                   $secondaryIP[$l]   = "0.0.0.0";
                   $secondaryPort[$l] = "0";
               }
               $ekm = new EKM($primaryIP[$l],(int)$primaryPort[$l],$secondaryIP[$l],(int)$secondaryPort[$l],$useSSL[$l]);
               error_log("set_ekm data:".print_r($ekm,true));
            
               if ($ekm->useSSL != 1)
               {
                   $ekm->useSSL = FALSE;
               }
               error_log("server type: ".(int)$serverType[$l]." library index: ".$l);
               set_ekm_by_library($user, $libGuids[$l], $ekm,(int)$serverType[$l]);

               $ekm = get_ekm_by_library($user, $libGuids[$l]);
               error_log("results of get_ekm: ".print_r($ekm,true));
               if ((int)$ekm->serverType == 4)
               {
                   // Collect manager info
                   $manager = new ServerAddress($ekm->primaryIP, (int)$ekm->primaryPort);
                   error_log("Adding manager: ".print_r($manager, true));
                   $managers[]=$manager;
                   $manager = new ServerAddress($ekm->secondaryIP, (int)$ekm->secondaryPort);
                   error_log("Adding manager: ".print_r($manager, true));
                   $managers[]=$manager;
                   error_log("managers ".print_r($managers,true));
                   set_ekm_multi($user, $managers, (int)$serverType[$l], true);
                   $kmipDefaults = get_ekm_multi($user, 4);
                   error_log("kmip defaults: ".print_r($kmipDefaults,true));
              }
           }
           else
           { 
               error_log("Partition is NOT in LME mode.  No ekm setup necessary.");
           }

       } 
                 

   }
    // reset the global serverType to EKM if no more LME partitions
    $loglibs = get_logical_libraries($user, $sortCriteria);
    $atLeastOneLME=0;
    foreach( $loglibs as $loglib)
    {
        error_log("loglib ".print_r($loglib->name,true)." method: ".print_r($loglib->method,true));
        if ((int)$loglib->method == 4)
           $atLeastOneLME=1;
    }
    if ($atLeastOneLME == 0)
    {
       error_log("No LME partitions, make sure global encryption server type is EKM.");
       set_ekm_type($user,1);
    }


?>

<!doctype html >
  <html dir="LTR" lang="en-us">
  <head>
    <title>Set Logical Library Encryption</title>
    <meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
    <link href="css/3576.css" rel="stylesheet" type="text/css">

    <script type="text/javascript">

    function doWork()
    {
       
       // doWork is executed after all the php has completed and the work
       // (call to the extension) has been done, so submit the outgoing form
       // to the url passed in to this page (this is the return url)

       window.parent.stopTimer('<?=$returnMessage;?>','<?=$url;?>');
       document.form_out.submit(); 

       return;

    }
    </script>

    
  </head>                       
    
    <body dir="LTR" onload="javascript:doWork();" id="main">
    
     
      <form dir="ltr" id="form_out" method="POST" name="form_out" action="main_complete.htm" target="pretitlebar">
        <input id="errorCode"     name="errorCode"     type="hidden" value="<?=$errorCode;?>">
        <input id="url"           name="url"           type="hidden" value="<?=$url;?>">
        <input id="returnMessage" name="returnMessage" type="hidden" value="<?=$returnMessage;?>">
      </form>  

    </body>

</html>