abapPM
diff --git a/‎abaplint.json
Lines changed: 23 additions & 1 deletion b/‎abaplint.json
Lines changed: 23 additions & 1 deletion
diff --git a/‎src/z_strust_installer.prog.abap
Lines changed: 175 additions & 0 deletions b/‎src/z_strust_installer.prog.abap
Lines changed: 175 additions & 0 deletions
diff --git a/‎src/z_strust_installer.prog.xml
Lines changed: 81 additions & 0 deletions b/‎src/z_strust_installer.prog.xml
Lines changed: 81 additions & 0 deletions
@@ -13,8 +13,23 @@
     {
       "files": "/src/**/*.*",
       "folder": "/deps3",
+      "url": "https://github.com/abapPM/ABAP-HTTP"
+    },
+    {
+      "files": "/src/**/*.*",
+      "folder": "/deps4",
       "url": "https://github.com/abapPM/ABAP-Distinguished-Name"
     },
+    {
+      "files": "/src/**/*.*",
+      "folder": "/deps5",
+      "url": "https://github.com/sbcgua/ajson"
+    },
+    {
+      "files": "/src/**/*.*",
+      "folder": "/deps6",
+      "url": "https://github.com/sbcgua/abap-string-map"
+    }
   ],
   "global": {
     "exclude": [],
@@ -118,7 +133,14 @@
     "implement_methods": true,
     "implicit_start_of_selection": true,
     "in_statement_indentation": false,
-    "indentation": true,
+    "indentation": {
+      "ignoreExceptions": true,
+      "alignTryCatch": false,
+      "selectionScreenBlockIndentation": true,
+      "globalClassSkipFirst": false,
+      "ignoreGlobalClassDefinition": false,
+      "ignoreGlobalInterface": false
+    },
     "inline_data_old_versions": true,
     "intf_referencing_clas": true,
     "invalid_table_index": true,
 
@@ -0,0 +1,175 @@
+REPORT z_strust_installer LINE-SIZE 255.
+
+************************************************************************
+* Trust Management: Certificate Installer
+*
+* Copyright 2025 apm.to Inc. <https://apm.to>
+* SPDX-License-Identifier: MIT
+************************************************************************
+
+SELECTION-SCREEN BEGIN OF BLOCK b1 WITH FRAME TITLE TEXT-t01.
+  PARAMETERS:
+    p_cont TYPE psecontext DEFAULT 'SSLC' OBLIGATORY,
+    p_appl TYPE ssfappl DEFAULT 'ANONYM' OBLIGATORY.
+SELECTION-SCREEN END OF BLOCK b1.
+
+SELECTION-SCREEN BEGIN OF BLOCK b2 WITH FRAME TITLE TEXT-t02.
+  PARAMETERS p_domain TYPE string OBLIGATORY LOWER CASE.
+SELECTION-SCREEN END OF BLOCK b2.
+
+SELECTION-SCREEN BEGIN OF BLOCK b3 WITH FRAME TITLE TEXT-t03.
+  PARAMETERS:
+    p_passwd TYPE string LOWER CASE,
+    p_root   AS CHECKBOX DEFAULT abap_false,
+    p_test   AS CHECKBOX DEFAULT abap_true.
+SELECTION-SCREEN END OF BLOCK b3.
+
+CONSTANTS c_api TYPE string VALUE 'https://tools.abappm.com/api/v1/certificates'.
+
+INITIALIZATION.
+
+  DATA(subrc) = cl_abap_pse=>authority_check( iv_activity = '01' )
+    + cl_abap_pse=>authority_check( iv_activity = '02' )
+    + cl_abap_pse=>authority_check( iv_activity = '06' ).
+  IF subrc <> 0.
+    MESSAGE 'You are not authorized to update certificates' TYPE 'E'.
+    STOP.
+  ENDIF.
+
+START-OF-SELECTION.
+
+  CALL FUNCTION 'SSFPSE_PARAMETER'
+    EXPORTING
+      context       = p_cont
+      applic        = p_appl
+    EXCEPTIONS
+      pse_not_found = 1
+      OTHERS        = 2.
+  IF sy-subrc <> 0.
+    MESSAGE 'PSE not found' TYPE 'E'.
+    STOP.
+  ENDIF.
+
+  TRY.
+      DATA(strust) = zcl_strust2=>create(
+        context     = p_cont
+        application = p_appl
+        password    = p_passwd ).
+    CATCH zcx_error INTO DATA(error).
+      MESSAGE error TYPE 'E'.
+      STOP.
+  ENDTRY.
+
+
+  WRITE: /'Domain:', p_domain COLOR COL_POSITIVE.
+  SKIP.
+
+  " We can't query wildcard domains so we try with "api" sub-domain
+  " TODO: if this fails, loop over a couple other common sub-domains
+  DATA(query) = replace( val = p_domain sub = '*' with = 'api' ).
+  query = cl_abap_dyn_prg=>escape_xss_url( query ).
+
+  " Get certificate data from tools.abappm.com
+  DATA(agent) = zcl_http_agent=>create( ).
+
+  agent->global_headers( )->set(
+    iv_key = zif_http_agent=>c_header-accept
+    iv_val = zif_http_agent=>c_content_type-json ).
+
+  DATA(response) = agent->request( |{ c_api }?domain={ query }| ).
+
+  IF response->is_ok( ) = abap_false.
+    WRITE: / 'Error getting certificates from API:' COLOR COL_NEGATIVE, response->error( ).
+    STOP.
+  ENDIF.
+
+  TRY.
+      DATA(ajson) = zcl_ajson=>parse( response->cdata( ) ).
+    CATCH zcx_ajson_error INTO DATA(ajson_error).
+      WRITE: / 'Error parsing API response:' COLOR COL_NEGATIVE, ajson_error->get_text( ).
+      STOP.
+  ENDTRY.
+
+  IF ajson->get( '/error' ) IS NOT INITIAL.
+    WRITE: / 'Error getting certificates from API:' COLOR COL_NEGATIVE, ajson->get( '/error' ).
+    STOP.
+  ENDIF.
+
+  " Keep fingers crossed that the response matches what we need for the update
+  DATA(cert_domain) = ajson->get( '/domain' ).
+
+  IF cert_domain <> p_domain AND p_domain NA '*'.
+    WRITE: / 'Certificates domain does not match request:' COLOR COL_TOTAL, cert_domain.
+    STOP.
+  ENDIF.
+
+  " We finally have a certificate that can be used for the update, yay!
+  TRY.
+      " Root and intermediate certificates
+      IF p_root = abap_true.
+
+        LOOP AT ajson->members( '/intermediateCertificates' ) INTO DATA(member).
+
+          DATA(inter_pem)       = ajson->get( '/intermediateCertificates/' && member && '/pem' ).
+          DATA(inter_date_from) = ajson->get( '/intermediateCertificates/' && member && '/validFrom' ).
+          DATA(inter_date_to)   = ajson->get( '/intermediateCertificates/' && member && '/validTo' ).
+          DATA(inter_subject)   = 'CN=' && ajson->get( '/intermediateCertificates/' && member && '/subject/CN' ).
+          IF inter_subject = 'CN='.
+            inter_subject = 'O=' && ajson->get( '/intermediateCertificates/' && member && '/subject/O' ).
+          ENDIF.
+          IF strlen( inter_subject ) > 78.
+            inter_subject = inter_subject(75) && '...'.
+          ENDIF.
+
+          IF p_test = abap_false.
+            strust->add_pem( inter_pem ).
+          ENDIF.
+
+          WRITE: /10 'Root/intermediate certificate added:' COLOR COL_POSITIVE,
+            AT 50 inter_subject,
+            AT 130 inter_date_from(10),
+            AT 145 inter_date_to(10),
+            AT 158 ''.
+
+        ENDLOOP.
+        SKIP.
+
+      ENDIF.
+
+      " Main certificate
+      DATA(peer_pem)       = ajson->get( '/peerCertificate/pem' ).
+      DATA(peer_date_from) = ajson->get( '/peerCertificate/validFrom' ).
+      DATA(peer_date_to)   = ajson->get( '/peerCertificate/validTo' ).
+      DATA(peer_subject)   = 'CN=' && ajson->get( '/peerCertificate/subject/CN' ).
+      IF peer_subject = 'CN='.
+        peer_subject = 'O=' && ajson->get( '/peerCertificate/subject/O' ).
+      ENDIF.
+      IF strlen( peer_subject ) > 78.
+        peer_subject = peer_subject(75) && '...'.
+      ENDIF.
+
+      IF p_test = abap_false.
+        strust->add_pem( peer_pem ).
+      ENDIF.
+
+      WRITE: /10 'New certificate added:' COLOR COL_POSITIVE,
+        AT 50 peer_subject,
+        AT 130 peer_date_from(10),
+        AT 145 peer_date_to(10),
+        AT 158 ''.
+
+      ULINE.
+
+      IF p_test = abap_true.
+        WRITE: / 'Test run' COLOR COL_TOTAL, '(changes were not saved)'.
+        STOP.
+      ENDIF.
+
+      " Save changes
+      strust->update( ).
+
+      WRITE / 'Certificates saved' COLOR COL_POSITIVE.
+
+    CATCH zcx_error INTO error.
+      WRITE: / 'Error updating certificate:' COLOR COL_NEGATIVE, error->get_text( ).
+  ENDTRY.
@@ -0,0 +1,81 @@
+<?xml version="1.0" encoding="utf-8"?>
+<abapGit version="v1.0.0" serializer="LCL_OBJECT_PROG" serializer_version="v1.0.0">
+ <asx:abap xmlns:asx="http://www.sap.com/abapxml" version="1.0">
+  <asx:values>
+   <PROGDIR>
+    <NAME>Z_STRUST_INSTALLER</NAME>
+    <SUBC>1</SUBC>
+    <RLOAD>E</RLOAD>
+    <FIXPT>X</FIXPT>
+    <UCCHECK>X</UCCHECK>
+   </PROGDIR>
+   <TPOOL>
+    <item>
+     <ID>H</ID>
+     <KEY>001</KEY>
+     <ENTRY>Subject                                                                                                                          Valid From     Valid to</ENTRY>
+     <LENGTH>152</LENGTH>
+    </item>
+    <item>
+     <ID>I</ID>
+     <KEY>T01</KEY>
+     <ENTRY>Category</ENTRY>
+     <LENGTH>50</LENGTH>
+    </item>
+    <item>
+     <ID>I</ID>
+     <KEY>T02</KEY>
+     <ENTRY>Certificate</ENTRY>
+     <LENGTH>50</LENGTH>
+    </item>
+    <item>
+     <ID>I</ID>
+     <KEY>T03</KEY>
+     <ENTRY>Options</ENTRY>
+     <LENGTH>50</LENGTH>
+    </item>
+    <item>
+     <ID>R</ID>
+     <ENTRY>Trust Management: Certificate Installer</ENTRY>
+     <LENGTH>39</LENGTH>
+    </item>
+    <item>
+     <ID>S</ID>
+     <KEY>P_APPL</KEY>
+     <ENTRY>Application</ENTRY>
+     <LENGTH>19</LENGTH>
+    </item>
+    <item>
+     <ID>S</ID>
+     <KEY>P_CONT</KEY>
+     <ENTRY>Context</ENTRY>
+     <LENGTH>15</LENGTH>
+    </item>
+    <item>
+     <ID>S</ID>
+     <KEY>P_DOMAIN</KEY>
+     <ENTRY>Domain</ENTRY>
+     <LENGTH>14</LENGTH>
+    </item>
+    <item>
+     <ID>S</ID>
+     <KEY>P_PASSWD</KEY>
+     <ENTRY>Password</ENTRY>
+     <LENGTH>16</LENGTH>
+    </item>
+    <item>
+     <ID>S</ID>
+     <KEY>P_ROOT</KEY>
+     <ENTRY>Add root/intermediate certs</ENTRY>
+     <LENGTH>38</LENGTH>
+    </item>
+    <item>
+     <ID>S</ID>
+     <KEY>P_TEST</KEY>
+     <ENTRY>Test run</ENTRY>
+     <LENGTH>16</LENGTH>
+    </item>
+   </TPOOL>
+  </asx:values>
+ </asx:abap>
+</abapGit>