File f = new File(dir,arti.getAppName()+".props"); if(f.exists()) { if(first) { f = new File(dir,arti.getAppName()+".chal"); if(f.exists()) { f.delete();
@Override public boolean _place(Trans trans, CertInfo certInfo, Artifact arti) throws CadiException { File fks = new File(dir,arti.getAppName()+'.'+kst); try { KeyStore jks = KeyStore.getInstance(kst); addProperty(Config.CADI_KEYFILE,arti.getDir()+'/'+arti.getAppName() + ".keyfile"); addProperty(Config.CADI_ALIAS, arti.getMechid()); jks.setEntry(arti.getMechid(), pkEntry, protParam); fks = new File(dir,arti.getAppName()+".trust."+kst); jks = KeyStore.getInstance(kst); jks.setCertificateEntry("cadi_root_" + arti.getCa() + '_' + i, certs[i]);
boolean allowed; for(Artifact a : acf.value.getArtifact()) { allowed = id!=null && (id.equals(a.getSponsor()) || (id.equals(a.getMechid()) && aafcon.securityInfo().defSS.getClass().isAssignableFrom(HBasicAuthSS.class))); if(!allowed) { Future<String> pf = aafcon.client(CM_VER).read("/cert/may/" + a.getAppName() + ".certman|"+a.getCa()+"|showpass","*/*"); if(pf.get(TIMEOUT)) { allowed = true; File dir = new File(a.getDir()); Properties props = new Properties(); FileInputStream fis = new FileInputStream(new File(dir,a.getAppName()+".props")); try { props.load(fis); fis.close(); fis = new FileInputStream(new File(dir,a.getAppName()+".chal")); props.load(fis); } finally { File f = new File(dir,a.getAppName()+".keyfile"); if(f.exists()) { Symm symm = Symm.obtain(f); f.getAbsolutePath(),a.getMechid(), a.getMachine());
GregorianCalendar now = new GregorianCalendar(); for(Artifact a : acf.value.getArtifact()) { if(id.equals(a.getMechid())) { File dir = new File(a.getDir()); Properties props = new Properties(); FileInputStream fis = new FileInputStream(new File(dir,a.getAppName()+".props")); try { props.load(fis); !(f=new File(prop)).exists()) { trans.error().printf("Keyfile must exist to check Certificates for %s on %s", a.getMechid(), a.getMachine()); } else { String ksf = props.getProperty(Config.CADI_KEYSTORE); if(ksf==null || ksps == null) { trans.error().printf("Properties %s and %s must exist to check Certificates for %s on %s", Config.CADI_KEYSTORE, Config.CADI_KEYSTORE_PASSWORD,a.getMechid(), a.getMachine()); } else { KeyStore ks = KeyStore.getInstance("JKS"); a.getMechid(), a.getMachine(), ksf); trans.error().log(msg); exitCode = 2; GregorianCalendar renew = new GregorianCalendar(); renew.setTime(cert.getNotAfter()); renew.add(GregorianCalendar.DAY_OF_MONTH,-1*a.getRenewDays()); if(renew.after(now)) {
GregorianCalendar now = new GregorianCalendar(); for(Artifact a : acf.value.getArtifact()) { if(id.equals(a.getMechid())) { File dir = new File(a.getDir()); Properties props = new Properties(); FileInputStream fis = new FileInputStream(new File(dir,a.getAppName()+".props")); try { props.load(fis); !(f=new File(prop)).exists()) { trans.error().printf("Keyfile must exist to check Certificates for %s on %s", a.getMechid(), a.getMachine()); } else { String ksf = props.getProperty(Config.CADI_KEYSTORE); if(ksf==null || ksps == null) { trans.error().printf("Properties %s and %s must exist to check Certificates for %s on %s", Config.CADI_KEYSTORE, Config.CADI_KEYSTORE_PASSWORD,a.getMechid(), a.getMachine()); } else { KeyStore ks = KeyStore.getInstance("JKS"); a.getMechid(), a.getMachine(), ksf); trans.error().log(msg); exitCode = 2; GregorianCalendar renew = new GregorianCalendar(); renew.setTime(cert.getNotAfter()); renew.add(GregorianCalendar.DAY_OF_MONTH,-1*a.getRenewDays()); if(renew.after(now)) {
File f = new File(dir,arti.getAppName()+".props"); if(f.exists()) { if(first) { f = new File(dir,arti.getAppName()+".chal"); if(f.exists()) { f.delete();
dir = new File(arti.getDir()); if(processed.get("dir")==null) { if(!dir.exists()) { addProperty(Config.HOSTNAME,arti.getMachine()); if(symm==null) { File f = new File(dir,arti.getAppName() + ".keyfile"); if(!f.exists()) { write(f,Chmod.to400,Symm.baseCrypt().keygen());
try { String filename = arti.getAppName()+".check.sh"; File f1 = new File(dir,filename); String email = arti.getNotification() + '\n'; if(email.startsWith("mailto:")) { email=email.substring(7); } else { email=arti.getOsUser() + '\n'; "# Check on Certificate, and renew if needed.\n", "# Generated by Certificate Manager " + Chrono.timeStamp()+'\n', "DIR="+arti.getDir()+'\n', "APP="+arti.getAppName()+'\n', "EMAIL="+email, "CP=\""+classpath.toString()+"\"\n", File f2 = new File(dir,arti.getAppName()+".crontab.sh"); write(f2,Chmod.to644, "#!/bin/bash " + f1.getCanonicalPath()+'\n', "# Generated by Certificate Manager " + Chrono.timeStamp()+'\n', "TFILE=\"/tmp/cmcron$$.temp\"\n", "DIR=\""+arti.getDir()+"\"\n", "CF=\""+arti.getAppName()+" Certificate Check Script\"\n", "SCRIPT=\""+f1.getCanonicalPath()+"\"\n", cronScript
@Override public boolean _place(Trans trans, CertInfo certInfo, Artifact arti) throws CadiException { File fks = new File(dir,arti.getAppName()+'.'+kst); try { KeyStore jks = KeyStore.getInstance(kst); addProperty(Config.CADI_KEYFILE,arti.getDir()+'/'+arti.getAppName() + ".keyfile"); addProperty(Config.CADI_ALIAS, arti.getMechid()); jks.setEntry(arti.getMechid(), pkEntry, protParam); fks = new File(dir,arti.getAppName()+".trust."+kst); jks = KeyStore.getInstance(kst); jks.setCertificateEntry("cadi_root_" + arti.getCa() + '_' + i, certs[i]);
for(Artifact a : acf.value.getArtifact()) { String osID = System.getProperty("user.name"); if(a.getOsUser().equals(osID)) { CertificateRequest cr = new CertificateRequest(); cr.setMechid(a.getMechid()); cr.setSponsor(a.getSponsor()); cr.getFqdns().add(a.getMachine()); Future<String> f = aafcon.client(CM_VER) .setQueryParams("withTrust") .updateRespondString("/cert/" + a.getCa(),reqDF, cr); if(f.get(TIMEOUT)) { CertInfo capi = certDF.newData().in(TYPE.JSON).load(f.body()).asObject(); for(String type : a.getType()) { PlaceArtifact pa = placeArtifact.get(type); if(pa!=null) { trans.error().log("You must be OS User \"" + a.getOsUser() +"\" to place Certificates on this box");
for(Artifact a : acf.value.getArtifact()) { String osID = System.getProperty("user.name"); if(a.getOsUser().equals(osID)) { CertificateRequest cr = new CertificateRequest(); cr.setMechid(a.getMechid()); cr.setSponsor(a.getSponsor()); cr.getFqdns().add(a.getMachine()); Future<String> f = aafcon.client(CM_VER) .setQueryParams("withTrust") .updateRespondString("/cert/" + a.getCa(),reqDF, cr); if(f.get(TIMEOUT)) { CertInfo capi = certDF.newData().in(TYPE.JSON).load(f.body()).asObject(); for(String type : a.getType()) { PlaceArtifact pa = placeArtifact.get(type); if(pa!=null) { trans.error().log("You must be OS User \"" + a.getOsUser() +"\" to place Certificates on this box");
boolean allowed; for(Artifact a : acf.value.getArtifact()) { allowed = id!=null && (id.equals(a.getSponsor()) || (id.equals(a.getMechid()) && aafcon.securityInfo().defSS.getClass().isAssignableFrom(HBasicAuthSS.class))); if(!allowed) { Future<String> pf = aafcon.client(CM_VER).read("/cert/may/" + a.getAppName() + ".certman|"+a.getCa()+"|showpass","*/*"); if(pf.get(TIMEOUT)) { allowed = true; File dir = new File(a.getDir()); Properties props = new Properties(); FileInputStream fis = new FileInputStream(new File(dir,a.getAppName()+".props")); try { props.load(fis); fis.close(); fis = new FileInputStream(new File(dir,a.getAppName()+".chal")); props.load(fis); } finally { File f = new File(dir,a.getAppName()+".keyfile"); if(f.exists()) { Symm symm = Symm.obtain(f); f.getAbsolutePath(),a.getMechid(), a.getMachine());
Artifacts artifacts = new Artifacts(); for(Artifact a : fread.value.getArtifact()) { Artifact arti = new Artifact(); artifacts.getArtifact().add(arti); AAFSSO.cons.printf("For %s on %s\n", a.getMechid(),a.getMachine()); arti.setMechid(a.getMechid()); arti.setMachine(a.getMachine()); arti.setCa(AAFSSO.cons.readLine("CA: (%s): ",a.getCa())); StringBuilder sb = new StringBuilder(); boolean first = true; for(String t : a.getType()) { if(first) {first=false;} else{sb.append(',');} arti.getType().add(s); arti.getType().add(SCRIPT); arti.setAppName(AAFSSO.cons.readLine("Namespace (%s): ",a.getAppName())); arti.setDir(AAFSSO.cons.readLine("Directory (%s): ", a.getDir())); arti.setOsUser(AAFSSO.cons.readLine("OS User (%s): ", a.getOsUser())); arti.setRenewDays(Integer.parseInt(AAFSSO.cons.readLine("Renew Days (%s):", a.getRenewDays()))); arti.setNotification(toNotification(AAFSSO.cons.readLine("Notification (%s):", a.getNotification())));
Artifacts artifacts = new Artifacts(); for(Artifact a : fread.value.getArtifact()) { Artifact arti = new Artifact(); artifacts.getArtifact().add(arti); AAFSSO.cons.printf("For %s on %s\n", a.getMechid(),a.getMachine()); arti.setMechid(a.getMechid()); arti.setMachine(a.getMachine()); arti.setCa(AAFSSO.cons.readLine("CA: (%s): ",a.getCa())); StringBuilder sb = new StringBuilder(); boolean first = true; for(String t : a.getType()) { if(first) {first=false;} else{sb.append(',');} arti.getType().add(s); arti.getType().add(SCRIPT); arti.setAppName(AAFSSO.cons.readLine("Namespace (%s): ",a.getAppName())); arti.setDir(AAFSSO.cons.readLine("Directory (%s): ", a.getDir())); arti.setOsUser(AAFSSO.cons.readLine("OS User (%s): ", a.getOsUser())); arti.setRenewDays(Integer.parseInt(AAFSSO.cons.readLine("Renew Days (%s):", a.getRenewDays()))); arti.setNotification(toNotification(AAFSSO.cons.readLine("Notification (%s):", a.getNotification())));
dir = new File(arti.getDir()); if(processed.get("dir")==null) { if(!dir.exists()) { addProperty(Config.HOSTNAME,arti.getMachine()); if(symm==null) { File f = new File(dir,arti.getAppName() + ".keyfile"); if(!f.exists()) { write(f,Chmod.to400,Symm.baseCrypt().keygen());
try { String filename = arti.getAppName()+".check.sh"; File f1 = new File(dir,filename); String email = arti.getNotification() + '\n'; if(email.startsWith("mailto:")) { email=email.substring(7); } else { email=arti.getOsUser() + '\n'; "# Check on Certificate, and renew if needed.\n", "# Generated by Certificate Manager " + Chrono.timeStamp()+'\n', "DIR="+arti.getDir()+'\n', "APP="+arti.getAppName()+'\n', "EMAIL="+email, "CP=\""+classpath.toString()+"\"\n", File f2 = new File(dir,arti.getAppName()+".crontab.sh"); write(f2,Chmod.to644, "#!/bin/bash " + f1.getCanonicalPath()+'\n', "# Generated by Certificate Manager " + Chrono.timeStamp()+'\n', "TFILE=\"/tmp/cmcron$$.temp\"\n", "DIR=\""+arti.getDir()+"\"\n", "CF=\""+arti.getAppName()+" Certificate Check Script\"\n", "SCRIPT=\""+f1.getCanonicalPath()+"\"\n", cronScript
Artifact arti = new Artifact(); artifacts.getArtifact().add(arti); arti.setMechid(mechID!=null?mechID:AAFSSO.cons.readLine("MechID: ")); arti.setMachine(machine!=null?machine:AAFSSO.cons.readLine("Machine (%s): ",InetAddress.getLocalHost().getHostName())); arti.setCa(AAFSSO.cons.readLine("CA: (%s): ","aaf")); arti.getType().add(s); arti.getType().add(SCRIPT); String configRootName = AAFCon.reverseDomain(arti.getMechid()); arti.setAppName(AAFSSO.cons.readLine("Namespace (%s): ",configRootName)); arti.setDir(AAFSSO.cons.readLine("Directory (%s): ", System.getProperty("user.dir"))); arti.setOsUser(AAFSSO.cons.readLine("OS User (%s): ", System.getProperty("user.name"))); arti.setRenewDays(Integer.parseInt(AAFSSO.cons.readLine("Renewal Days (%s):", "30"))); arti.setNotification(toNotification(AAFSSO.cons.readLine("Notification (mailto owner):", ""))); Future<Artifacts> future = aafcon.client(CM_VER).create("/cert/artifacts", artifactsDF, artifacts); if(future.get(TIMEOUT)) { trans.info().printf("Call to AAF Certman successful %s, %s",arti.getMechid(), arti.getMachine()); } else { trans.error().printf("Call to AAF Certman failed, %s",
Artifact arti = new Artifact(); artifacts.getArtifact().add(arti); arti.setMechid(mechID!=null?mechID:AAFSSO.cons.readLine("MechID: ")); arti.setMachine(machine!=null?machine:AAFSSO.cons.readLine("Machine (%s): ",InetAddress.getLocalHost().getHostName())); arti.setCa(AAFSSO.cons.readLine("CA: (%s): ","aaf")); arti.getType().add(s); arti.getType().add(SCRIPT); String configRootName = AAFCon.reverseDomain(arti.getMechid()); arti.setAppName(AAFSSO.cons.readLine("Namespace (%s): ",configRootName)); arti.setDir(AAFSSO.cons.readLine("Directory (%s): ", System.getProperty("user.dir"))); arti.setOsUser(AAFSSO.cons.readLine("OS User (%s): ", System.getProperty("user.name"))); arti.setRenewDays(Integer.parseInt(AAFSSO.cons.readLine("Renewal Days (%s):", "30"))); arti.setNotification(toNotification(AAFSSO.cons.readLine("Notification (mailto owner):", ""))); Future<Artifacts> future = aafcon.client(CM_VER).create("/cert/artifacts", artifactsDF, artifacts); if(future.get(TIMEOUT)) { trans.info().printf("Call to AAF Certman successful %s, %s",arti.getMechid(), arti.getMachine()); } else { trans.error().printf("Call to AAF Certman failed, %s",
boolean printed = false; for(Artifact a : future.value.getArtifact()) { AAFSSO.cons.printf("MechID: %s\n",a.getMechid()); AAFSSO.cons.printf(" Sponsor: %s\n",a.getSponsor()); AAFSSO.cons.printf("Machine: %s\n",a.getMachine()); AAFSSO.cons.printf("CA: %s\n",a.getCa()); StringBuilder sb = new StringBuilder(); boolean first = true; for(String t : a.getType()) { if(first) {first=false;} else{sb.append(',');} AAFSSO.cons.printf("Namespace: %s\n",a.getAppName()); AAFSSO.cons.printf("Directory: %s\n",a.getDir()); AAFSSO.cons.printf("O/S User: %s\n",a.getOsUser()); AAFSSO.cons.printf("Renew Days: %d\n",a.getRenewDays()); AAFSSO.cons.printf("Notification %s\n",a.getNotification()); printed = true;
boolean printed = false; for(Artifact a : future.value.getArtifact()) { AAFSSO.cons.printf("MechID: %s\n",a.getMechid()); AAFSSO.cons.printf(" Sponsor: %s\n",a.getSponsor()); AAFSSO.cons.printf("Machine: %s\n",a.getMachine()); AAFSSO.cons.printf("CA: %s\n",a.getCa()); StringBuilder sb = new StringBuilder(); boolean first = true; for(String t : a.getType()) { if(first) {first=false;} else{sb.append(',');} AAFSSO.cons.printf("Namespace: %s\n",a.getAppName()); AAFSSO.cons.printf("Directory: %s\n",a.getDir()); AAFSSO.cons.printf("O/S User: %s\n",a.getOsUser()); AAFSSO.cons.printf("Renew Days: %d\n",a.getRenewDays()); AAFSSO.cons.printf("Notification %s\n",a.getNotification()); printed = true;