+
+def get_pass(file_name):
+ try:
+ with open(file_name, 'r') as file_obj:
+ password = file_obj.read().strip()
+ return "'{}'".format(password)
+ except Exception as e:
+ logging.error("Error occurred while fetching password : %s", e)
+ writeCertInstallStatus("NOTOK")
+
+def cleanup():
+ for file in os.listdir(Path):
+ if os.path.isfile(Path + '/' + file):
+ logging.debug("Cleaning up the file %s", Path + '/'+ file)
+ os.remove(Path + '/'+ file)
+
+
+def jks_to_p12(file, password):
+ """Converts jks format into p12"""
+ try:
+ certList = []
+ key = None
+ cert = None
+ if (file.endswith('.jks')):
+ p12_file = file.replace('.jks', '.p12')
+ jks_cmd = 'keytool -importkeystore -srckeystore {src_file} -destkeystore {dest_file} -srcstoretype JKS -srcstorepass {src_pass} -deststoretype PKCS12 -deststorepass {dest_pass}'.format(src_file=file, dest_file=p12_file, src_pass=password, dest_pass=password)
+ logging.debug("Converting %s into p12 format", file)
+ os.system(jks_cmd)
+ file = p12_file
+ return file
+ except Exception as e:
+ logging.error("Error occurred while converting jks to p12 format : %s", e)
+ writeCertInstallStatus("NOTOK")
+
+
+def make_cert_chain(cert_chain, pattern):
+ cert_list = []
+ if cert_chain:
+ cert_chain = cert_chain.decode('utf-8')
+ matches = re.findall(pattern, cert_chain, re.DOTALL | re.MULTILINE)
+ for cert in matches:
+ cert_list.append(cert.strip())
+ return cert_list
+ else:
+ logging.debug(" Certificate Chain empty: %s " % cert_chain)
+
+
+def process_jks_files(count):
+ ca_cert_list = []
+ logging.info("Processing JKS files found in %s directory " % Path)
+ try:
+ if all([os.path.isfile(f) for f in jks_files]):
+ keystore_pass = get_pass(keystore_pass_file)
+ keystore_file_p12 = jks_to_p12(keystore_file, keystore_pass)
+
+ client_key_cmd = 'openssl pkcs12 -in {src_file} -nocerts -nodes -passin pass:{src_pass}'.format(
+ src_file=keystore_file_p12, src_pass=keystore_pass)
+ client_crt_cmd = 'openssl pkcs12 -in {src_file} -clcerts -nokeys -passin pass:{src_pass}'.format(
+ src_file=keystore_file_p12, src_pass=keystore_pass)
+
+ truststore_pass = get_pass(truststore_pass_file)
+ truststore_p12 = jks_to_p12(truststore_file, truststore_pass)
+
+ trust_cert_cmd = 'openssl pkcs12 -in {src_file} -cacerts -nokeys -passin pass:{src_pass} '.format(
+ src_file=truststore_p12, src_pass=truststore_pass)
+
+ key_pattern = r'(?<=-----BEGIN PRIVATE KEY-----).*?(?=-----END PRIVATE KEY-----)'
+ client_key = subprocess.check_output(client_key_cmd, shell=True)
+ if client_key:
+ client_key = make_cert_chain(client_key, key_pattern)[0]
+ logging.debug("Key Ok")
+
+ cert_pattern = r'(?<=-----BEGIN CERTIFICATE-----).*?(?=-----END CERTIFICATE-----)'
+ client_cert = subprocess.check_output(client_crt_cmd, shell=True)
+ if client_cert:
+ client_cert = make_cert_chain(client_cert, cert_pattern)[0]
+ logging.debug("Client Cert Ok")
+
+ ca_cert = subprocess.check_output(trust_cert_cmd, shell=True)
+ if ca_cert:
+ ca_cert_list = make_cert_chain(ca_cert, cert_pattern)
+ logging.debug("CA Cert Ok")
+
+ if client_key and client_cert and ca_cert:
+ post_content(client_key, client_cert, ca_cert_list, count)
+ else:
+ logging.debug("No JKS files found in %s directory" % Path)
+ except subprocess.CalledProcessError as err:
+ print("CalledProcessError Execution of OpenSSL command failed: %s" % err)
+ writeCertInstallStatus("NOTOK")
+ except Exception as e:
+ logging.error("UnExpected Error while processing JKS files at {0}, Caused by: {1}".format(Path, e))
+ writeCertInstallStatus("NOTOK")
+
+def replaceAdminPassword(username, password, newpassword):
+ if newpassword is None:
+ logging.info('Not to replace password for user %s', username)
+ else:
+ logging.info('Replace password for user %s', username)
+ try:
+ jsondata = '{\"password\": \"{newpassword}\"}'.format(newpassword=newpassword)
+ url = '/auth/v1/users/{username}@sdn'.format(username=username)
+ loggin.info("Url %s data $s", url, jsondata)
+ conn = http.client.HTTPConnection("localhost",odl_port)
+ req = conn.request("PUT", url, jsondata, headers=headers)
+ res = conn.getresponse()
+ res.read()
+ httpStatus = res.status
+ if httpStatus == 200:
+ logging.debug("New password provided successfully for user %s", username)
+ else:
+ logging.debug("Password change was not possible. Problem code was: %d", httpStatus)
+ except:
+ logging.error("Cannot execute REST call to set password.")
+ writeCertInstallStatus("NOTOK")
+
+