private void registerCaCert(String caCert, String caKey, Operation startOp) { OperationSequence.create(createCaCredentials(caCert, caKey), createClientCredentials(caCert, caKey)) .setCompletion((ops, exs) -> { if (exs != null) { startOp.fail(exs.values().iterator().next()); return; } startOp.complete(); }) .sendWith(this); }
private String loadFileContent(String pemFile, boolean isResource) { try (InputStream in = getInputStream(pemFile, isResource)) { if (in == null) { return null; } try (Scanner sc = new Scanner(in, "UTF-8")) { return sc.useDelimiter("\\A").next(); } } catch (IOException e) { Utils.logWarning("Unable to load pem file %s, reason %s", pemFile, e.getMessage()); return null; } }
private void registerCaCertIfNeeded(String caCert, String caKey, Operation startOp) { Operation.createGet(this, ManagementUriParts.AUTH_CREDENTIALS_CA_LINK) .setCompletion((o, e) -> { String cert = caCert; String key = caKey; if (caCert == null || caKey == null) { cert = loadFileContent(CA_CERT_PEM_FILE, true); key = loadFileContent(CA_KEY_PEM_FILE, true); } if (e != null) { registerCaCert(cert, key, startOp); return; } AuthCredentialsServiceState caCred = o .getBody(AuthCredentialsServiceState.class); if (caCred.publicKey.equals(cert)) { registerClientCredIfNeeded(caCred, cert, key, startOp); } else { registerCaCert(cert, key, startOp); } }) .sendWith(this); }
@Override public void handleStart(Operation startOp) { if (!ServiceHost.isServiceCreate(startOp)) { // do not perform bootstrap logic when the post is NOT from direct client, eg: node // restart startOp.complete(); return; } Operation caCertOp = Operation .createGet(getHost(), UriUtils.buildUriPath(ManagementUriParts.CONFIG_PROPS, "default.ca.cert.pem.file")); Operation caKeyOp = Operation .createGet(getHost(), UriUtils.buildUriPath(ManagementUriParts.CONFIG_PROPS, "default.ca.key.pem.file")); OperationSequence.create(caCertOp, caKeyOp) .setCompletion((ops, exs) -> { if (exs == null) { ConfigurationState certBody = ops.get(caCertOp.getId()) .getBody(ConfigurationState.class); ConfigurationState keyBody = ops.get(caKeyOp.getId()) .getBody(ConfigurationState.class); registerCaCertIfNeeded(loadContent(certBody), loadContent(keyBody), startOp); return; } registerCaCertIfNeeded(null, null, startOp); }) .sendWith(this); }
/** * Start all services required to support management of infrastructure and applications. */ protected void startManagementServices() throws Throwable { this.log(Level.INFO, "Management service starting ..."); registerForServiceAvailability(CaSigningCertService.startTask(this), true, CaSigningCertService.FACTORY_LINK); HostInitComputeServicesConfig.startServices(this, false); HostInitComputeBackgroundServicesConfig.startServices(this); HostInitRequestServicesConfig.startServices(this); HostInitImageServicesConfig.startServices(this); HostInitUiServicesConfig.startServices(this); HostInitHarborServices.startServices(this, startMockHostAdapterInstance); HostInitDockerAdapterServiceConfig.startServices(this, startMockHostAdapterInstance); HostInitKubernetesAdapterServiceConfig.startServices(this, startMockHostAdapterInstance); HostInitRegistryAdapterServiceConfig.startServices(this); this.log(Level.INFO, "Management services started."); }
private String loadContent(ConfigurationState state) { if (state.value == null || state.value.isEmpty()) { return null; } Path filePath = Paths.get(state.value); if (filePath.toFile().exists()) { File file = filePath.toFile(); return loadFileContent(file.getAbsolutePath(), false); } return null; }
@Override public void handlePut(Operation put) { if (put.hasPragmaDirective(Operation.PRAGMA_DIRECTIVE_POST_TO_PUT)) { // converted PUT due to IDEMPOTENT_POST option logInfo("CaSigningCertService task has already started. Ignoring converted PUT."); put.complete(); return; } // normal PUT is not supported put.fail(Operation.STATUS_CODE_BAD_METHOD); }
private void registerClientCred(String caCert, String caKey, Operation startOp) { createClientCredentials(caCert, caKey) .setCompletion((o, e) -> { if (e != null) { startOp.fail(e); return; } startOp.complete(); }) .sendWith(this); }
private Operation createClientCredentials(String caCert, String caKey) { X509Certificate caCertificate = CertificateUtil.createCertificate(caCert); KeyPair caKeyPair = CertificateUtil.createKeyPair(caKey); AuthCredentialsServiceState authCredentials = new AuthCredentialsServiceState(); authCredentials.documentSelfLink = ManagementUriParts.AUTH_CREDENTIALS_CLIENT_LINK; authCredentials.type = AuthCredentialsType.PublicKey.name(); authCredentials.userEmail = "core"; CertChainKeyPair signedForClient = CertificateUtil.generateSignedForClient("computeClient", caCertificate, caKeyPair.getPrivate()); authCredentials.publicKey = CertificateUtilExtended.toPEMformat( signedForClient.getCertificate(), getHost()); authCredentials.privateKey = CertificateUtilExtended.toPEMFormat( signedForClient.getPrivateKey(), getHost()); return Operation.createPost(this, AuthCredentialsService.FACTORY_LINK) .addPragmaDirective(Operation.PRAGMA_DIRECTIVE_FORCE_INDEX_UPDATE) .setBody(authCredentials); }
protected void startServices(VerificationHost h) throws Throwable { h.registerForServiceAvailability(CaSigningCertService.startTask(h), true, CaSigningCertService.FACTORY_LINK); HostInitTestDcpServicesConfig.startServices(h); HostInitPhotonModelServiceConfig.startServices(h); HostInitCommonServiceConfig.startServices(h); HostInitComputeServicesConfig.startServices(h, true); HostInitRequestServicesConfig.startServices(h); HostInitDockerAdapterServiceConfig.startServices(h, true); HostInitKubernetesAdapterServiceConfig.startServices(h, true); for (String factoryLink : getFactoryServiceList()) { waitForServiceAvailability(factoryLink); } // Default services: waitForServiceAvailability(h, ResourceNamePrefixService.DEFAULT_RESOURCE_NAME_PREFIX_SELF_LINK); waitForServiceAvailability(h, DEFAULT_GROUP_RESOURCE_POLICY); waitForServiceAvailability(h, SystemContainerDescriptions.AGENT_CONTAINER_DESCRIPTION_LINK); waitForServiceAvailability(h, HostContainerListDataCollection.DEFAULT_HOST_CONTAINER_LIST_DATA_COLLECTION_LINK); waitForServiceAvailability(h, ContainerControlLoopService.CONTROL_LOOP_INFO_LINK); waitForServiceAvailability(ManagementUriParts.AUTH_CREDENTIALS_CA_LINK); waitForInitialBootServiceToBeSelfStopped(ComputeInitialBootService.SELF_LINK); waitForInitialBootServiceToBeSelfStopped(RequestInitialBootService.SELF_LINK); }