X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=installation%2Fsdnc%2Fsrc%2Fmain%2Fscripts%2FinstallCerts.py;h=a8133d5f0cc8c9000672fa0875c04fd1e273b74a;hb=2be9f6358e5ba9c07cd9e826429169b238124d4b;hp=4afc4b6ec648a25ef42dbb68460e3bbfcf075281;hpb=2ebd71570b4b28df1206a9057ef0cb1fd01c6f0a;p=sdnc%2Foam.git diff --git a/installation/sdnc/src/main/scripts/installCerts.py b/installation/sdnc/src/main/scripts/installCerts.py index 4afc4b6e..a8133d5f 100644 --- a/installation/sdnc/src/main/scripts/installCerts.py +++ b/installation/sdnc/src/main/scripts/installCerts.py @@ -25,8 +25,18 @@ import base64 import time import zipfile import shutil +import subprocess +import logging -Path = os.environ['ODL_CERT_DIR'] + +log_file = '/opt/opendaylight/data/log/installCerts.log' +with open(os.path.join('/opt/opendaylight/data/log', 'installCerts.log'), 'w') as fp: + pass + +log_format = "%(asctime)s - %(name)s - %(levelname)s - %(message)s" +logging.basicConfig(filename=log_file,level=logging.DEBUG,filemode='w',format=log_format) + +Path = "/tmp" zipFileList = [] @@ -40,13 +50,22 @@ postKeystore= "/restconf/operations/netconf-keystore:add-keystore-entry" postPrivateKey= "/restconf/operations/netconf-keystore:add-private-key" postTrustedCertificate= "/restconf/operations/netconf-keystore:add-trusted-certificate" +truststore_pass_file = Path + '/truststore.pass' +truststore_file = Path + '/truststore.jks' +keystore_pass_file = Path + '/keystore.pass' +keystore_file = Path + '/keystore.jks' + +jks_files = [truststore_pass_file, keystore_pass_file, keystore_file, truststore_file] + +odl_port = 8181 headers = {'Authorization':'Basic %s' % base64.b64encode(username + ":" + password), 'X-FromAppId': 'csit-sdnc', 'X-TransactionId': 'csit-sdnc', 'Accept':"application/json", 'Content-type':"application/json"} + def readFile(folder, file): key = open(Path + "/" + folder + "/" + file, "r") fileRead = key.read() @@ -54,11 +73,12 @@ def readFile(folder, file): fileRead = "\n".join(fileRead.splitlines()[1:-1]) return fileRead + def readTrustedCertificate(folder, file): listCert = list() caPem = "" startCa = False - key = open(Path + "/" + folder + "/" + file, "r") + key = open(folder + "/" + file, "r") lines = key.readlines() for line in lines: if not "BEGIN CERTIFICATE" in line and not "END CERTIFICATE" in line and startCa: @@ -71,8 +91,9 @@ def readTrustedCertificate(folder, file): caPem = "" return listCert + def makeKeystoreKey(clientKey, count): - odl_private_key="ODL_private_key_%d" %count + odl_private_key = "ODL_private_key_%d" %count json_keystore_key='{{\"input\": {{ \"key-credential\": {{\"key-id\": \"{odl_private_key}\", \"private-key\" : ' \ '\"{clientKey}\",\"passphrase\" : \"\"}}}}}}'.format( @@ -82,13 +103,12 @@ def makeKeystoreKey(clientKey, count): return json_keystore_key - def makePrivateKey(clientKey, clientCrt, certList, count): caPem = "" - for cert in certList: - caPem += '\"%s\",' % cert - - caPem = caPem.rsplit(',', 1)[0] + if certList: + for cert in certList: + caPem += '\"%s\",' % cert + caPem = caPem.rsplit(',', 1)[0] odl_private_key="ODL_private_key_%d" %count json_private_key='{{\"input\": {{ \"private-key\":{{\"name\": \"{odl_private_key}\", \"data\" : ' \ @@ -100,6 +120,7 @@ def makePrivateKey(clientKey, clientCrt, certList, count): return json_private_key + def makeTrustedCertificate(certList, count): number = 0 json_cert_format = "" @@ -121,9 +142,10 @@ def makeRestconfPost(conn, json_file, apiCall): res = conn.getresponse() res.read() if res.status != 200: - print "Error here, response back wasnt 200: Response was : %d , %s" % (res.status, res.reason) + logging.error("Error here, response back wasnt 200: Response was : %d , %s" % (res.status, res.reason)) else: - print res.status, res.reason + logging.debug("Response :%s Reason :%s ",res.status, res.reason) + def extractZipFiles(zipFileList, count): for zipFolder in zipFileList: @@ -132,48 +154,62 @@ def extractZipFiles(zipFileList, count): folder = zipFolder.rsplit(".")[0] processFiles(folder, count) + def processFiles(folder, count): - conn = httplib.HTTPConnection("localhost",8181) for file in os.listdir(Path + "/" + folder): if os.path.isfile(Path + "/" + folder + "/" + file.strip()): if ".key" in file: clientKey = readFile(folder, file.strip()) elif "trustedCertificate" in file: - certList = readTrustedCertificate(folder, file.strip()) + certList = readTrustedCertificate(Path + "/" + folder, file.strip()) elif ".crt" in file: clientCrt = readFile(folder, file.strip()) else: - print "Could not find file %s" % file.strip() + logging.error("Could not find file %s" % file.strip()) shutil.rmtree(Path + "/" + folder) - json_keystore_key = makeKeystoreKey(clientKey, count) - json_private_key = makePrivateKey(clientKey, clientCrt, certList, count) - json_trusted_cert = makeTrustedCertificate(certList, count) + post_content(clientKey, clientCrt, certList, count) + + +def post_content(clientKey, clientCrt, certList, count): + conn = httplib.HTTPConnection("localhost",odl_port) + + if clientKey: + json_keystore_key = makeKeystoreKey(clientKey, count) + logging.debug("Posting private key in to ODL keystore") + makeRestconfPost(conn, json_keystore_key, postKeystore) + + if certList: + json_trusted_cert = makeTrustedCertificate(certList, count) + logging.debug("Posting trusted cert list in to ODL") + makeRestconfPost(conn, json_trusted_cert, postTrustedCertificate) + + if clientKey and clientCrt and certList: + json_private_key = makePrivateKey(clientKey, clientCrt, certList, count) + logging.debug("Posting the cert in to ODL") + makeRestconfPost(conn, json_private_key, postPrivateKey) - makeRestconfPost(conn, json_keystore_key, postKeystore) - makeRestconfPost(conn, json_private_key, postPrivateKey) - makeRestconfPost(conn, json_trusted_cert, postTrustedCertificate) def makeHealthcheckCall(headers, timePassed): connected = False # WAIT 10 minutes maximum and test every 30 seconds if HealthCheck API is returning 200 while timePassed < TIMEOUT: try: - conn = httplib.HTTPConnection("localhost",8181) + conn = httplib.HTTPConnection("localhost",odl_port) req = conn.request("POST", "/restconf/operations/SLI-API:healthcheck",headers=headers) res = conn.getresponse() res.read() if res.status == 200: - print ("Healthcheck Passed in %d seconds." %timePassed) + logging.debug("Healthcheck Passed in %d seconds." %timePassed) connected = True break else: - print ("Sleep: %d seconds before testing if Healthcheck worked. Total wait time up now is: %d seconds. Timeout is: %d seconds" %(INTERVAL, timePassed, TIMEOUT)) + logging.debug("Sleep: %d seconds before testing if Healthcheck worked. Total wait time up now is: %d seconds. Timeout is: %d seconds" %(INTERVAL, timePassed, TIMEOUT)) except: - print ("Cannot execute REST call. Sleep: %d seconds before testing if Healthcheck worked. Total wait time up now is: %d seconds. Timeout is: %d seconds" %(INTERVAL, timePassed, TIMEOUT)) + logging.error("Cannot execute REST call. Sleep: %d seconds before testing if Healthcheck worked. Total wait time up now is: %d seconds. Timeout is: %d seconds" %(INTERVAL, timePassed, TIMEOUT)) timePassed = timeIncrement(timePassed) if timePassed > TIMEOUT: - print ("TIME OUT: Healthcheck not passed in %d seconds... Could cause problems for testing activities..." %TIMEOUT) + logging.error("TIME OUT: Healthcheck not passed in %d seconds... Could cause problems for testing activities..." %TIMEOUT) return connected @@ -182,7 +218,98 @@ def timeIncrement(timePassed): timePassed = timePassed + INTERVAL return timePassed + +def get_pass(file_name): + try: + with open(file_name , 'r') as file_obj: + password = file_obj.read().strip() + return password + except Exception as e: + logging.error("Error occurred while fetching password : %s", e) + exit() + + +def cleanup(): + for file in jks_files: + if os.path.isfile(file): + logging.debug("Cleaning up the file %s", file) + os.remove(file) + + +def jks_to_p12(file, password): + """Converts jks format into p12""" + try: + p12_file = file.replace('.jks', '.p12') + jks_cmd = 'keytool -importkeystore -srckeystore {src_file} -destkeystore {dest_file} -srcstoretype JKS -srcstorepass {src_pass} -deststoretype PKCS12 -deststorepass {dest_pass}'.format(src_file=file, dest_file=p12_file, src_pass=password, dest_pass=password) + logging.debug("Converting %s into p12 format", file) + os.system(jks_cmd) + file = p12_file + return file + except Exception as e: + logging.error("Error occurred while converting jks to p12 format : %s", e) + + +def extract_content(): + """Extracts client key, certificates, CA certificates.""" + try: + certList = [] + key = None + cert = None + + truststore_pass = get_pass(truststore_pass_file) + truststore_file_p12 = jks_to_p12(truststore_file, truststore_pass) + + keystore_pass = get_pass(keystore_pass_file) + keystore_file_p12 = jks_to_p12(keystore_file, keystore_pass) + + clcrt_cmd = 'openssl pkcs12 -in {src_file} -clcerts -nokeys -passin pass:{src_pass}'.format(src_file=keystore_file_p12, src_pass=keystore_pass) + + clkey_cmd = 'openssl pkcs12 -in {src_file} -nocerts -nodes -passin pass:{src_pass}'.format(src_file=keystore_file_p12, src_pass=keystore_pass) + trust_file = truststore_file_p12.split('/')[2] + '.trust' + + trustCerts_cmd = 'openssl pkcs12 -in {src_file} -out {out_file} -cacerts -nokeys -passin pass:{src_pass} '.format(src_file=truststore_file_p12, out_file=Path + '/' + trust_file, src_pass=truststore_pass) + + result_key = subprocess.check_output(clkey_cmd , shell=True) + if result_key: + key = result_key.split('-----BEGIN PRIVATE KEY-----', 1)[1].lstrip().split('-----END PRIVATE KEY-----')[0] + logging.debug("key ok") + + os.system(trustCerts_cmd) + if os.path.exists(Path + '/' + trust_file): + certList = readTrustedCertificate(Path, trust_file) + logging.debug("certList ok") + + result_crt = subprocess.check_output(clcrt_cmd , shell=True) + if result_crt: + cert = result_crt.split('-----BEGIN CERTIFICATE-----', 1)[1].lstrip().split('-----END CERTIFICATE-----')[0] + logging.debug("cert ok") + + if key and cert and certList: + post_content(key, cert, certList, 0) + else: + logging.debug("Exiting. Key, cert or key are missing") + return + + except Exception as e: + logging.error("Error occurred while processing the file: %s", e) + + +def look_for_jks_files(): + if all([os.path.isfile(f) for f in jks_files]): + extract_content() + cleanup() + else: + logging.debug("Some of the files are missing") + return + + def readCertProperties(): + ''' + This function searches for manually copied zip file + containing certificates. This is required as part + of backward compatibility. + If not foud, it searches for jks certificates. + ''' connected = makeHealthcheckCall(headers, timePassed) if connected: @@ -197,6 +324,10 @@ def readCertProperties(): count += 1 del zipFileList[:] else: - print "Error: File not found in path entered" + logging.debug("No zipfiles present in folder " + Path) + + logging.info("Looking for jks files in folder " + Path) + look_for_jks_files() + -readCertProperties() +readCertProperties() \ No newline at end of file