+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.cm;\r
-\r
-import java.io.File;\r
-import java.io.FileInputStream;\r
-import java.io.FileOutputStream;\r
-import java.net.InetAddress;\r
-import java.net.UnknownHostException;\r
-import java.security.KeyStore;\r
-import java.security.cert.X509Certificate;\r
-import java.util.ArrayDeque;\r
-import java.util.Deque;\r
-import java.util.GregorianCalendar;\r
-import java.util.HashMap;\r
-import java.util.Iterator;\r
-import java.util.Map;\r
-import java.util.Map.Entry;\r
-\r
-import org.onap.aaf.cadi.PropAccess;\r
-import org.onap.aaf.cadi.Symm;\r
-import org.onap.aaf.cadi.aaf.client.ErrMessage;\r
-import org.onap.aaf.cadi.aaf.v2_0.AAFCon;\r
-import org.onap.aaf.cadi.aaf.v2_0.AAFConHttp;\r
-import org.onap.aaf.cadi.client.Future;\r
-import org.onap.aaf.cadi.config.Config;\r
-import org.onap.aaf.cadi.http.HBasicAuthSS;\r
-import org.onap.aaf.cadi.sso.AAFSSO;\r
-\r
-import java.util.Properties;\r
-\r
-import org.onap.aaf.inno.env.Data.TYPE;\r
-import org.onap.aaf.inno.env.Env;\r
-import org.onap.aaf.inno.env.TimeTaken;\r
-import org.onap.aaf.inno.env.Trans;\r
-import org.onap.aaf.inno.env.util.Chrono;\r
-import org.onap.aaf.inno.env.util.Split;\r
-import org.onap.aaf.rosetta.env.RosettaDF;\r
-import org.onap.aaf.rosetta.env.RosettaEnv;\r
-\r
-import certman.v1_0.Artifacts;\r
-import certman.v1_0.Artifacts.Artifact;\r
-import certman.v1_0.CertInfo;\r
-import certman.v1_0.CertificateRequest;\r
-\r
-public class CmAgent {\r
- private static final String PRINT = "print";\r
- private static final String FILE = "file";\r
- private static final String PKCS12 = "pkcs12";\r
- private static final String JKS = "jks";\r
- private static final String SCRIPT="script";\r
- \r
- private static final String CM_VER = "1.0";\r
- public static final int PASS_SIZE = 24;\r
- private static int TIMEOUT;\r
- \r
- private static RosettaDF<CertificateRequest> reqDF;\r
- private static RosettaDF<CertInfo> certDF;\r
- private static RosettaDF<Artifacts> artifactsDF;\r
- private static ErrMessage errMsg;\r
- private static Map<String,PlaceArtifact> placeArtifact;\r
- private static RosettaEnv env;\r
-\r
- public static void main(String[] args) {\r
- int exitCode = 0;\r
- try {\r
- AAFSSO aafsso = new AAFSSO(args);\r
- if(aafsso.loginOnly()) {\r
- aafsso.setLogDefault();\r
- aafsso.writeFiles();\r
- System.out.println("AAF SSO information created in ~/.aaf");\r
- } else {\r
- PropAccess access = aafsso.access();\r
- env = new RosettaEnv(access.getProperties());\r
- Deque<String> cmds = new ArrayDeque<String>();\r
- for(String p : args) {\r
- if(p.indexOf('=')<0) {\r
- cmds.add(p);\r
- }\r
- }\r
- \r
- if(cmds.size()==0) {\r
- aafsso.setLogDefault();\r
- System.out.println("Usage: java -jar <cadi-aaf-*-full.jar> cmd [<tag=value>]*");\r
- System.out.println(" create <mechID> [<machine>]");\r
- System.out.println(" read <mechID> [<machine>]");\r
- System.out.println(" update <mechID> [<machine>]");\r
- System.out.println(" delete <mechID> [<machine>]");\r
- System.out.println(" copy <mechID> <machine> <newmachine>[,<newmachine>]*");\r
- System.out.println(" place <mechID> [<machine>]");\r
- System.out.println(" showpass <mechID> [<machine>]");\r
- System.out.println(" check <mechID> [<machine>]");\r
- System.exit(1);\r
- }\r
- \r
- TIMEOUT = Integer.parseInt(env.getProperty(Config.AAF_CONN_TIMEOUT, "5000"));\r
- \r
- reqDF = env.newDataFactory(CertificateRequest.class);\r
- artifactsDF = env.newDataFactory(Artifacts.class);\r
- certDF = env.newDataFactory(CertInfo.class);\r
- errMsg = new ErrMessage(env);\r
- \r
- placeArtifact = new HashMap<String,PlaceArtifact>();\r
- placeArtifact.put(JKS, new PlaceArtifactInKeystore(JKS));\r
- placeArtifact.put(PKCS12, new PlaceArtifactInKeystore(PKCS12));\r
- placeArtifact.put(FILE, new PlaceArtifactInFiles());\r
- placeArtifact.put(PRINT, new PlaceArtifactOnStream(System.out));\r
- placeArtifact.put(SCRIPT, new PlaceArtifactScripts());\r
- \r
- Trans trans = env.newTrans();\r
- try {\r
- // show Std out again\r
- aafsso.setLogDefault();\r
- aafsso.setStdErrDefault();\r
- \r
- // if CM_URL can be obtained, add to sso.props, if written\r
- String cm_url = getProperty(access,env,false, Config.CM_URL,Config.CM_URL+": ");\r
- if(cm_url!=null) {\r
- aafsso.addProp(Config.CM_URL, cm_url);\r
- }\r
- aafsso.writeFiles();\r
-\r
- AAFCon<?> aafcon = new AAFConHttp(access,Config.CM_URL);\r
-\r
- String cmd = cmds.removeFirst();\r
- if("place".equals(cmd)) {\r
- placeCerts(trans,aafcon,cmds);\r
- } else if("create".equals(cmd)) {\r
- createArtifact(trans, aafcon,cmds);\r
- } else if("read".equals(cmd)) {\r
- readArtifact(trans, aafcon, cmds);\r
- } else if("copy".equals(cmd)) {\r
- copyArtifact(trans, aafcon, cmds);\r
- } else if("update".equals(cmd)) {\r
- updateArtifact(trans, aafcon, cmds);\r
- } else if("delete".equals(cmd)) {\r
- deleteArtifact(trans, aafcon, cmds);\r
- } else if("showpass".equals(cmd)) {\r
- showPass(trans,aafcon,cmds);\r
- } else if("check".equals(cmd)) {\r
- try {\r
- exitCode = check(trans,aafcon,cmds);\r
- } catch (Exception e) {\r
- exitCode = 1;\r
- throw e;\r
- }\r
- } else {\r
- AAFSSO.cons.printf("Unknown command \"%s\"\n", cmd);\r
- }\r
- } finally {\r
- StringBuilder sb = new StringBuilder();\r
- trans.auditTrail(4, sb, Trans.REMOTE);\r
- if(sb.length()>0) {\r
- trans.info().log("Trans Info\n",sb);\r
- }\r
- }\r
- aafsso.close();\r
- }\r
- } catch (Exception e) {\r
- e.printStackTrace();\r
- }\r
- if(exitCode!=0) {\r
- System.exit(exitCode);\r
- }\r
- }\r
-\r
- private static String getProperty(PropAccess pa, Env env, boolean secure, String tag, String prompt, Object ... def) {\r
- String value;\r
- if((value=pa.getProperty(tag))==null) {\r
- if(secure) {\r
- value = new String(AAFSSO.cons.readPassword(prompt, def));\r
- } else {\r
- value = AAFSSO.cons.readLine(prompt,def).trim();\r
- }\r
- if(value!=null) {\r
- if(value.length()>0) {\r
- pa.setProperty(tag,value);\r
- env.setProperty(tag,value);\r
- } else if(def.length==1) {\r
- value=def[0].toString();\r
- pa.setProperty(tag,value);\r
- env.setProperty(tag,value);\r
- }\r
- }\r
- }\r
- return value;\r
- }\r
-\r
- private static String mechID(Deque<String> cmds) {\r
- if(cmds.size()<1) {\r
- String alias = env.getProperty(Config.CADI_ALIAS);\r
- return alias!=null?alias:AAFSSO.cons.readLine("MechID: ");\r
- }\r
- return cmds.removeFirst(); \r
- }\r
-\r
- private static String machine(Deque<String> cmds) throws UnknownHostException {\r
- if(cmds.size()>0) {\r
- return cmds.removeFirst();\r
- } else {\r
- String mach = env.getProperty(Config.HOSTNAME);\r
- return mach!=null?mach:InetAddress.getLocalHost().getHostName();\r
- }\r
- }\r
-\r
- private static String[] machines(Deque<String> cmds) {\r
- String machines;\r
- if(cmds.size()>0) {\r
- machines = cmds.removeFirst();\r
- } else {\r
- machines = AAFSSO.cons.readLine("Machines (sep by ','): ");\r
- }\r
- return Split.split(',', machines);\r
- }\r
-\r
- private static void createArtifact(Trans trans, AAFCon<?> aafcon, Deque<String> cmds) throws Exception {\r
- String mechID = mechID(cmds);\r
- String machine = machine(cmds);\r
-\r
- Artifacts artifacts = new Artifacts();\r
- Artifact arti = new Artifact();\r
- artifacts.getArtifact().add(arti);\r
- arti.setMechid(mechID!=null?mechID:AAFSSO.cons.readLine("MechID: "));\r
- arti.setMachine(machine!=null?machine:AAFSSO.cons.readLine("Machine (%s): ",InetAddress.getLocalHost().getHostName()));\r
- arti.setCa(AAFSSO.cons.readLine("CA: (%s): ","aaf"));\r
- \r
- String resp = AAFSSO.cons.readLine("Types [file,jks,script] (%s): ", "jks");\r
- for(String s : Split.splitTrim(',', resp)) {\r
- arti.getType().add(s);\r
- }\r
- // Always do Script\r
- if(!resp.contains(SCRIPT)) {\r
- arti.getType().add(SCRIPT);\r
- }\r
-\r
- // Note: Sponsor is set on Creation by CM\r
- String configRootName = AAFCon.reverseDomain(arti.getMechid());\r
- arti.setAppName(AAFSSO.cons.readLine("Namespace (%s): ",configRootName));\r
- arti.setDir(AAFSSO.cons.readLine("Directory (%s): ", System.getProperty("user.dir")));\r
- arti.setOsUser(AAFSSO.cons.readLine("OS User (%s): ", System.getProperty("user.name")));\r
- arti.setRenewDays(Integer.parseInt(AAFSSO.cons.readLine("Renewal Days (%s):", "30")));\r
- arti.setNotification(toNotification(AAFSSO.cons.readLine("Notification (mailto owner):", "")));\r
- \r
- TimeTaken tt = trans.start("Create Artifact", Env.REMOTE);\r
- try {\r
- Future<Artifacts> future = aafcon.client(CM_VER).create("/cert/artifacts", artifactsDF, artifacts);\r
- if(future.get(TIMEOUT)) {\r
- trans.info().printf("Call to AAF Certman successful %s, %s",arti.getMechid(), arti.getMachine());\r
- } else {\r
- trans.error().printf("Call to AAF Certman failed, %s",\r
- errMsg.toMsg(future));\r
- }\r
- } finally {\r
- tt.done();\r
- }\r
- }\r
-\r
- private static String toNotification(String notification) {\r
- if(notification==null) {\r
- notification="";\r
- } else if(notification.length()>0) {\r
- if(notification.indexOf(':')<0) {\r
- notification = "mailto:" + notification;\r
- }\r
- }\r
- return notification;\r
- }\r
- \r
-\r
- private static void readArtifact(Trans trans, AAFCon<?> aafcon, Deque<String> cmds) throws Exception {\r
- String mechID = mechID(cmds);\r
- String machine = machine(cmds);\r
-\r
- TimeTaken tt = trans.start("Read Artifact", Env.SUB);\r
- try {\r
- Future<Artifacts> future = aafcon.client(CM_VER)\r
- .read("/cert/artifacts/"+mechID+'/'+machine, artifactsDF);\r
- \r
- if(future.get(TIMEOUT)) {\r
- boolean printed = false;\r
- for(Artifact a : future.value.getArtifact()) {\r
- AAFSSO.cons.printf("MechID: %s\n",a.getMechid()); \r
- AAFSSO.cons.printf(" Sponsor: %s\n",a.getSponsor()); \r
- AAFSSO.cons.printf("Machine: %s\n",a.getMachine()); \r
- AAFSSO.cons.printf("CA: %s\n",a.getCa()); \r
- StringBuilder sb = new StringBuilder();\r
- boolean first = true;\r
- for(String t : a.getType()) {\r
- if(first) {first=false;}\r
- else{sb.append(',');}\r
- sb.append(t);\r
- }\r
- AAFSSO.cons.printf("Types: %s\n",sb);\r
- AAFSSO.cons.printf("Namespace: %s\n",a.getAppName()); \r
- AAFSSO.cons.printf("Directory: %s\n",a.getDir());\r
- AAFSSO.cons.printf("O/S User: %s\n",a.getOsUser());\r
- AAFSSO.cons.printf("Renew Days: %d\n",a.getRenewDays());\r
- AAFSSO.cons.printf("Notification %s\n",a.getNotification());\r
- printed = true;\r
- }\r
- if(!printed) {\r
- AAFSSO.cons.printf("Artifact for %s %s does not exist", mechID, machine);\r
- }\r
- } else {\r
- trans.error().log(errMsg.toMsg(future));\r
- }\r
- } finally {\r
- tt.done();\r
- }\r
- }\r
- \r
- private static void copyArtifact(Trans trans, AAFCon<?> aafcon, Deque<String> cmds) throws Exception {\r
- String mechID = mechID(cmds);\r
- String machine = machine(cmds);\r
- String[] newmachs = machines(cmds);\r
- if(newmachs==null || newmachs == null) {\r
- trans.error().log("No machines listed to copy to");\r
- } else {\r
- TimeTaken tt = trans.start("Copy Artifact", Env.REMOTE);\r
- try {\r
- Future<Artifacts> future = aafcon.client(CM_VER)\r
- .read("/cert/artifacts/"+mechID+'/'+machine, artifactsDF);\r
- \r
- if(future.get(TIMEOUT)) {\r
- boolean printed = false;\r
- for(Artifact a : future.value.getArtifact()) {\r
- for(String m : newmachs) {\r
- a.setMachine(m);\r
- Future<Artifacts> fup = aafcon.client(CM_VER).update("/cert/artifacts", artifactsDF, future.value);\r
- if(fup.get(TIMEOUT)) {\r
- trans.info().printf("Copy of %s %s successful to %s",mechID,machine,m);\r
- } else {\r
- trans.error().printf("Call to AAF Certman failed, %s",\r
- errMsg.toMsg(fup));\r
- }\r
- \r
- printed = true;\r
- }\r
- }\r
- if(!printed) {\r
- AAFSSO.cons.printf("Artifact for %s %s does not exist", mechID, machine);\r
- }\r
- } else {\r
- trans.error().log(errMsg.toMsg(future));\r
- }\r
- } finally {\r
- tt.done();\r
- }\r
- }\r
- }\r
-\r
- private static void updateArtifact(Trans trans, AAFCon<?> aafcon, Deque<String> cmds) throws Exception {\r
- String mechID = mechID(cmds);\r
- String machine = machine(cmds);\r
-\r
- TimeTaken tt = trans.start("Update Artifact", Env.REMOTE);\r
- try {\r
- Future<Artifacts> fread = aafcon.client(CM_VER)\r
- .read("/cert/artifacts/"+mechID+'/'+machine, artifactsDF);\r
- \r
- if(fread.get(TIMEOUT)) {\r
- Artifacts artifacts = new Artifacts();\r
- for(Artifact a : fread.value.getArtifact()) {\r
- Artifact arti = new Artifact();\r
- artifacts.getArtifact().add(arti);\r
- \r
- AAFSSO.cons.printf("For %s on %s\n", a.getMechid(),a.getMachine());\r
- arti.setMechid(a.getMechid());\r
- arti.setMachine(a.getMachine());\r
- arti.setCa(AAFSSO.cons.readLine("CA: (%s): ",a.getCa()));\r
- StringBuilder sb = new StringBuilder();\r
- boolean first = true;\r
- for(String t : a.getType()) {\r
- if(first) {first=false;}\r
- else{sb.append(',');}\r
- sb.append(t);\r
- }\r
- \r
- String resp = AAFSSO.cons.readLine("Types [file,jks,pkcs12] (%s): ", sb);\r
- for(String s : Split.splitTrim(',', resp)) {\r
- arti.getType().add(s);\r
- }\r
- // Always do Script\r
- if(!resp.contains(SCRIPT)) {\r
- arti.getType().add(SCRIPT);\r
- }\r
-\r
- // Note: Sponsor is set on Creation by CM\r
- arti.setAppName(AAFSSO.cons.readLine("Namespace (%s): ",a.getAppName()));\r
- arti.setDir(AAFSSO.cons.readLine("Directory (%s): ", a.getDir()));\r
- arti.setOsUser(AAFSSO.cons.readLine("OS User (%s): ", a.getOsUser()));\r
- arti.setRenewDays(Integer.parseInt(AAFSSO.cons.readLine("Renew Days (%s):", a.getRenewDays())));\r
- arti.setNotification(toNotification(AAFSSO.cons.readLine("Notification (%s):", a.getNotification())));\r
- \r
- }\r
- if(artifacts.getArtifact().size()==0) {\r
- AAFSSO.cons.printf("Artifact for %s %s does not exist", mechID, machine);\r
- } else {\r
- Future<Artifacts> fup = aafcon.client(CM_VER).update("/cert/artifacts", artifactsDF, artifacts);\r
- if(fup.get(TIMEOUT)) {\r
- trans.info().printf("Call to AAF Certman successful %s, %s",mechID,machine);\r
- } else {\r
- trans.error().printf("Call to AAF Certman failed, %s",\r
- errMsg.toMsg(fup));\r
- }\r
- }\r
- } else {\r
- trans.error().printf("Call to AAF Certman failed, %s %s, %s",\r
- errMsg.toMsg(fread),mechID,machine);\r
- }\r
- } finally {\r
- tt.done();\r
- }\r
- }\r
- \r
- private static void deleteArtifact(Trans trans, AAFCon<?> aafcon, Deque<String> cmds) throws Exception {\r
- String mechid = mechID(cmds);\r
- String machine = machine(cmds);\r
- \r
- TimeTaken tt = trans.start("Delete Artifact", Env.REMOTE);\r
- try {\r
- Future<Void> future = aafcon.client(CM_VER)\r
- .delete("/cert/artifacts/"+mechid+"/"+machine,"application/json" );\r
- \r
- if(future.get(TIMEOUT)) {\r
- trans.info().printf("Call to AAF Certman successful %s, %s",mechid,machine);\r
- } else {\r
- trans.error().printf("Call to AAF Certman failed, %s %s, %s",\r
- errMsg.toMsg(future),mechid,machine);\r
- }\r
- } finally {\r
- tt.done();\r
- }\r
- }\r
-\r
- \r
-\r
- private static boolean placeCerts(Trans trans, AAFCon<?> aafcon, Deque<String> cmds) throws Exception {\r
- boolean rv = false;\r
- String mechID = mechID(cmds);\r
- String machine = machine(cmds);\r
- \r
- TimeTaken tt = trans.start("Place Artifact", Env.REMOTE);\r
- try {\r
- Future<Artifacts> acf = aafcon.client(CM_VER)\r
- .read("/cert/artifacts/"+mechID+'/'+machine, artifactsDF);\r
- if(acf.get(TIMEOUT)) {\r
- // Have to wait for JDK 1.7 source...\r
- //switch(artifact.getType()) {\r
- if(acf.value.getArtifact()==null || acf.value.getArtifact().isEmpty()) {\r
- AAFSSO.cons.printf("===> There are no artifacts for %s %s", mechID, machine);\r
- } else {\r
- for(Artifact a : acf.value.getArtifact()) {\r
- String osID = System.getProperty("user.name");\r
- if(a.getOsUser().equals(osID)) {\r
- CertificateRequest cr = new CertificateRequest();\r
- cr.setMechid(a.getMechid());\r
- cr.setSponsor(a.getSponsor());\r
- cr.getFqdns().add(a.getMachine());\r
- Future<String> f = aafcon.client(CM_VER)\r
- .setQueryParams("withTrust")\r
- .updateRespondString("/cert/" + a.getCa(),reqDF, cr);\r
- if(f.get(TIMEOUT)) {\r
- CertInfo capi = certDF.newData().in(TYPE.JSON).load(f.body()).asObject();\r
- for(String type : a.getType()) {\r
- PlaceArtifact pa = placeArtifact.get(type);\r
- if(pa!=null) {\r
- if(rv = pa.place(trans, capi, a)) {\r
- notifyPlaced(a,rv);\r
- }\r
- }\r
- }\r
- // Cover for the above multiple pass possibilities with some static Data, then clear per Artifact\r
- } else {\r
- trans.error().log(errMsg.toMsg(f));\r
- }\r
- } else {\r
- trans.error().log("You must be OS User \"" + a.getOsUser() +"\" to place Certificates on this box");\r
- }\r
- }\r
- }\r
- } else {\r
- trans.error().log(errMsg.toMsg(acf));\r
- }\r
- } finally {\r
- tt.done();\r
- }\r
- return rv;\r
- }\r
- \r
- private static void notifyPlaced(Artifact a, boolean rv) {\r
- \r
- \r
- }\r
-\r
- private static void showPass(Trans trans, AAFCon<?> aafcon, Deque<String> cmds) throws Exception {\r
- String mechID = mechID(cmds);\r
- String machine = machine(cmds);\r
-\r
- TimeTaken tt = trans.start("Show Password", Env.REMOTE);\r
- try {\r
- Future<Artifacts> acf = aafcon.client(CM_VER)\r
- .read("/cert/artifacts/"+mechID+'/'+machine, artifactsDF);\r
- if(acf.get(TIMEOUT)) {\r
- // Have to wait for JDK 1.7 source...\r
- //switch(artifact.getType()) {\r
- if(acf.value.getArtifact()==null || acf.value.getArtifact().isEmpty()) {\r
- AAFSSO.cons.printf("No Artifacts found for %s on %s", mechID, machine);\r
- } else {\r
- String id = aafcon.defID();\r
- boolean allowed;\r
- for(Artifact a : acf.value.getArtifact()) {\r
- allowed = id!=null && (id.equals(a.getSponsor()) ||\r
- (id.equals(a.getMechid()) \r
- && aafcon.securityInfo().defSS.getClass().isAssignableFrom(HBasicAuthSS.class)));\r
- if(!allowed) {\r
- Future<String> pf = aafcon.client(CM_VER).read("/cert/may/" + \r
- a.getAppName() + ".certman|"+a.getCa()+"|showpass","*/*");\r
- if(pf.get(TIMEOUT)) {\r
- allowed = true;\r
- } else {\r
- trans.error().log(errMsg.toMsg(pf));\r
- }\r
- }\r
- if(allowed) {\r
- File dir = new File(a.getDir());\r
- Properties props = new Properties();\r
- FileInputStream fis = new FileInputStream(new File(dir,a.getAppName()+".props"));\r
- try {\r
- props.load(fis);\r
- fis.close();\r
- fis = new FileInputStream(new File(dir,a.getAppName()+".chal"));\r
- props.load(fis);\r
- } finally {\r
- fis.close();\r
- }\r
- \r
- File f = new File(dir,a.getAppName()+".keyfile");\r
- if(f.exists()) {\r
- Symm symm = Symm.obtain(f);\r
- \r
- for(Iterator<Entry<Object,Object>> iter = props.entrySet().iterator(); iter.hasNext();) {\r
- Entry<Object,Object> en = iter.next();\r
- if(en.getValue().toString().startsWith("enc:???")) {\r
- System.out.printf("%s=%s\n", en.getKey(), symm.depass(en.getValue().toString()));\r
- }\r
- }\r
- } else {\r
- trans.error().printf("%s.keyfile must exist to read passwords for %s on %s",\r
- f.getAbsolutePath(),a.getMechid(), a.getMachine());\r
- }\r
- }\r
- }\r
- }\r
- } else {\r
- trans.error().log(errMsg.toMsg(acf));\r
- }\r
- } finally {\r
- tt.done();\r
- }\r
-\r
- }\r
- \r
-\r
- /**\r
- * Check returns Error Codes, so that Scripts can know what to do\r
- * \r
- * 0 - Check Complete, nothing to do\r
- * 1 - General Error\r
- * 2 - Error for specific Artifact - read check.msg\r
- * 10 - Certificate Updated - check.msg is email content\r
- * \r
- * @param trans\r
- * @param aafcon\r
- * @param cmds\r
- * @return\r
- * @throws Exception\r
- */\r
- private static int check(Trans trans, AAFCon<?> aafcon, Deque<String> cmds) throws Exception {\r
- int exitCode=1;\r
- String mechID = mechID(cmds);\r
- String machine = machine(cmds);\r
- \r
- TimeTaken tt = trans.start("Check Certificate", Env.REMOTE);\r
- try {\r
- \r
- Future<Artifacts> acf = aafcon.client(CM_VER)\r
- .read("/cert/artifacts/"+mechID+'/'+machine, artifactsDF);\r
- if(acf.get(TIMEOUT)) {\r
- // Have to wait for JDK 1.7 source...\r
- //switch(artifact.getType()) {\r
- if(acf.value.getArtifact()==null || acf.value.getArtifact().isEmpty()) {\r
- AAFSSO.cons.printf("No Artifacts found for %s on %s", mechID, machine);\r
- } else {\r
- String id = aafcon.defID();\r
- GregorianCalendar now = new GregorianCalendar();\r
- for(Artifact a : acf.value.getArtifact()) {\r
- if(id.equals(a.getMechid())) {\r
- File dir = new File(a.getDir());\r
- Properties props = new Properties();\r
- FileInputStream fis = new FileInputStream(new File(dir,a.getAppName()+".props"));\r
- try {\r
- props.load(fis);\r
- } finally {\r
- fis.close();\r
- }\r
- \r
- String prop; \r
- File f;\r
- \r
- if((prop=props.getProperty(Config.CADI_KEYFILE))==null ||\r
- !(f=new File(prop)).exists()) {\r
- trans.error().printf("Keyfile must exist to check Certificates for %s on %s",\r
- a.getMechid(), a.getMachine());\r
- } else {\r
- String ksf = props.getProperty(Config.CADI_KEYSTORE);\r
- String ksps = props.getProperty(Config.CADI_KEYSTORE_PASSWORD);\r
- if(ksf==null || ksps == null) {\r
- trans.error().printf("Properties %s and %s must exist to check Certificates for %s on %s",\r
- Config.CADI_KEYSTORE, Config.CADI_KEYSTORE_PASSWORD,a.getMechid(), a.getMachine());\r
- } else {\r
- KeyStore ks = KeyStore.getInstance("JKS");\r
- Symm symm = Symm.obtain(f);\r
- \r
- fis = new FileInputStream(ksf);\r
- try {\r
- ks.load(fis,symm.depass(ksps).toCharArray());\r
- } finally {\r
- fis.close();\r
- }\r
- X509Certificate cert = (X509Certificate)ks.getCertificate(mechID);\r
- String msg = null;\r
-\r
- if(cert==null) {\r
- msg = String.format("X509Certificate does not exist for %s on %s in %s",\r
- a.getMechid(), a.getMachine(), ksf);\r
- trans.error().log(msg);\r
- exitCode = 2;\r
- } else {\r
- GregorianCalendar renew = new GregorianCalendar();\r
- renew.setTime(cert.getNotAfter());\r
- renew.add(GregorianCalendar.DAY_OF_MONTH,-1*a.getRenewDays());\r
- if(renew.after(now)) {\r
- msg = String.format("X509Certificate for %s on %s has been checked on %s. It expires on %s; it will not be renewed until %s.\n", \r
- a.getMechid(), a.getMachine(),Chrono.dateOnlyStamp(now),cert.getNotAfter(),Chrono.dateOnlyStamp(renew));\r
- trans.info().log(msg);\r
- exitCode = 0; // OK\r
- } else {\r
- trans.info().printf("X509Certificate for %s on %s expiration, %s, needs Renewal.\n", \r
- a.getMechid(), a.getMachine(),cert.getNotAfter());\r
- cmds.offerLast(mechID);\r
- cmds.offerLast(machine);\r
- if(placeCerts(trans,aafcon,cmds)) {\r
- msg = String.format("X509Certificate for %s on %s has been renewed. Ensure services using are refreshed.\n", \r
- a.getMechid(), a.getMachine());\r
- exitCode = 10; // Refreshed\r
- } else {\r
- msg = String.format("X509Certificate for %s on %s attempted renewal, but failed. Immediate Investigation is required!\n", \r
- a.getMechid(), a.getMachine());\r
- exitCode = 1; // Error Renewing\r
- }\r
- }\r
- }\r
- if(msg!=null) {\r
- FileOutputStream fos = new FileOutputStream(a.getDir()+'/'+a.getAppName()+".msg");\r
- try {\r
- fos.write(msg.getBytes());\r
- } finally {\r
- fos.close();\r
- }\r
- }\r
- }\r
- \r
- }\r
- }\r
- }\r
- }\r
- } else {\r
- trans.error().log(errMsg.toMsg(acf));\r
- exitCode=1;\r
- }\r
- } finally {\r
- tt.done();\r
- }\r
- return exitCode;\r
- }\r
-\r
-}\r
- \r
- \r
-\r
-\r
Code Review / aaf / cadi.git / blobdiff