From 42277f431b82e60396e9afc86cce2974d08ae180 Mon Sep 17 00:00:00 2001
From: deaflynx <deaflynx@gmail.com>
Date: Fri, 24 Mar 2023 13:33:28 +0200
Subject: [PATCH 1/2] Device profile provision - fix for X509 provision
 strategy in provisionConfigurationFormGroup: - added resetFormControls() to
 reset redundant form controls; - allowCreateNewDevicesByX509Certificate added
 required validator;

---
 ...ofile-provision-configuration.component.ts | 19 +++++++++++++------
 1 file changed, 13 insertions(+), 6 deletions(-)

diff --git a/ui-ngx/src/app/modules/home/components/profile/device-profile-provision-configuration.component.ts b/ui-ngx/src/app/modules/home/components/profile/device-profile-provision-configuration.component.ts
index 465588fa24..caebc701d2 100644
--- a/ui-ngx/src/app/modules/home/components/profile/device-profile-provision-configuration.component.ts
+++ b/ui-ngx/src/app/modules/home/components/profile/device-profile-provision-configuration.component.ts
@@ -90,7 +90,7 @@ export class DeviceProfileProvisionConfigurationComponent implements ControlValu
       provisionDeviceKey: [{value: null, disabled: true}, Validators.required],
       certificateValue: [{value: null, disabled: true}, Validators.required],
       certificateRegExPattern: [{value: null, disabled: true}, Validators.required],
-      allowCreateNewDevicesByX509Certificate: [{value: null, disabled: true}]
+      allowCreateNewDevicesByX509Certificate: [{value: null, disabled: true}, Validators.required]
     });
     this.provisionConfigurationFormGroup.get('type').valueChanges.subscribe((type) => {
       if (type === DeviceProvisionType.DISABLED) {
@@ -117,8 +117,6 @@ export class DeviceProfileProvisionConfigurationComponent implements ControlValu
         this.provisionConfigurationFormGroup.get('certificateValue').enable({emitEvent: false});
         this.provisionConfigurationFormGroup.get('certificateRegExPattern').enable({emitEvent: false});
         this.provisionConfigurationFormGroup.get('allowCreateNewDevicesByX509Certificate').enable({emitEvent: false});
-        this.provisionConfigurationFormGroup.get('provisionDeviceSecret').disable({emitEvent: false});
-        this.provisionConfigurationFormGroup.get('provisionDeviceKey').disable({emitEvent: false});
       } else {
         const provisionDeviceSecret: string = this.provisionConfigurationFormGroup.get('provisionDeviceSecret').value;
         if (!provisionDeviceSecret || !provisionDeviceSecret.length) {
@@ -130,9 +128,6 @@ export class DeviceProfileProvisionConfigurationComponent implements ControlValu
         }
         this.provisionConfigurationFormGroup.get('provisionDeviceSecret').enable({emitEvent: false});
         this.provisionConfigurationFormGroup.get('provisionDeviceKey').enable({emitEvent: false});
-        this.provisionConfigurationFormGroup.get('certificateValue').disable({emitEvent: false});
-        this.provisionConfigurationFormGroup.get('certificateRegExPattern').disable({emitEvent: false});
-        this.provisionConfigurationFormGroup.get('allowCreateNewDevicesByX509Certificate').disable({emitEvent: false});
       }
     });
     this.provisionConfigurationFormGroup.valueChanges.subscribe(() => {
@@ -178,6 +173,7 @@ export class DeviceProfileProvisionConfigurationComponent implements ControlValu
 
   private updateModel(): void {
     let deviceProvisionConfiguration: DeviceProvisionConfiguration = null;
+    this.resetFormControls(this.provisionConfigurationFormGroup.value);
     if (this.provisionConfigurationFormGroup.valid) {
       deviceProvisionConfiguration = this.provisionConfigurationFormGroup.getRawValue();
     }
@@ -194,4 +190,15 @@ export class DeviceProfileProvisionConfigurationComponent implements ControlValu
         horizontalPosition: 'right'
       }));
   }
+
+  private resetFormControls(value: DeviceProvisionConfiguration) {
+    if (value.type === DeviceProvisionType.CHECK_PRE_PROVISIONED_DEVICES || value.type === DeviceProvisionType.ALLOW_CREATE_NEW_DEVICES) {
+      this.provisionConfigurationFormGroup.get('certificateValue').reset({value: null, disabled: true}, {emitEvent: false});
+      this.provisionConfigurationFormGroup.get('certificateRegExPattern').reset({value: null, disabled: true}, {emitEvent: false});
+      this.provisionConfigurationFormGroup.get('allowCreateNewDevicesByX509Certificate').reset({value: null, disabled: true}, {emitEvent: false});
+    } else if (value.type === DeviceProvisionType.X509_CERTIFICATE_CHAIN) {
+      this.provisionConfigurationFormGroup.get('provisionDeviceSecret').reset({value: null, disabled: true}, {emitEvent: false});
+      this.provisionConfigurationFormGroup.get('provisionDeviceKey').reset({value: null, disabled: true}, {emitEvent: false});
+    }
+  }
 }

From be826687eb9bee9b29b969f4d7d366f3f3c89745 Mon Sep 17 00:00:00 2001
From: deaflynx <deaflynx@gmail.com>
Date: Fri, 24 Mar 2023 14:42:01 +0200
Subject: [PATCH 2/2] Device profile provision strategy X509: updated hint
 locale hint-allow-create-new-devices

---
 ui-ngx/src/assets/locale/locale.constant-en_US.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ui-ngx/src/assets/locale/locale.constant-en_US.json b/ui-ngx/src/assets/locale/locale.constant-en_US.json
index e9e839ce8b..3dceb760ef 100644
--- a/ui-ngx/src/assets/locale/locale.constant-en_US.json
+++ b/ui-ngx/src/assets/locale/locale.constant-en_US.json
@@ -1501,7 +1501,7 @@
             "certificate-chain": "X509 Certificates Chain",
             "hint-certificate-chain": "X.509 certificates strategy is used to provision devices by client certificates in two-way TLS communication. This strategy can check for pre-provisioned devices, update X.509 device credentials, or create new devices. The user uploads X.509 certificate to the device profile and sets a regular expression to fetch the device name from Common Name (CN).<br><br>Client certificates must be signed by X.509 certificate, pre-uploaded for this device profile to provision devices by the strategy. The client must establish a TLS connection using the entire chain of certificates (this chain must include device profile X.509 certificate on the last level). If a device already exists with outdated X.509 credentials, this strategy automatically updates it with the device certificate's credentials from the chain. <br><br><b>Important:</b> Uploaded certificates should be neither root nor intermediate certificates that are provided by a well-known Certificate Authority (CA).",
             "allow-create-new-devices": "Create new devices",
-            "hint-allow-create-new-devices": "Hint: if selected new devices will be created with correct device credentials from client certificate.",
+            "hint-allow-create-new-devices": "Hint: if selected new devices will be created and client certificate will be used as device credentials.",
             "certificate-value": "Certificate in PEM format",
             "certificate-value-required": "Certificate in PEM format is required",
             "cn-regex-variable": "CN Regular Expression variable",