Newer
Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
/*
************************************************************************
**** C A N A D I A N A S T R O N O M Y D A T A C E N T R E *****
*
* (c) 2010. (c) 2010.
* National Research Council Conseil national de recherches
* Ottawa, Canada, K1A 0R6 Ottawa, Canada, K1A 0R6
* All rights reserved Tous droits reserves
*
* NRC disclaims any warranties Le CNRC denie toute garantie
* expressed, implied, or statu- enoncee, implicite ou legale,
* tory, of any kind with respect de quelque nature que se soit,
* to the software, including concernant le logiciel, y com-
* without limitation any war- pris sans restriction toute
* ranty of merchantability or garantie de valeur marchande
* fitness for a particular pur- ou de pertinence pour un usage
* pose. NRC shall not be liable particulier. Le CNRC ne
* in any event for any damages, pourra en aucun cas etre tenu
* whether direct or indirect, responsable de tout dommage,
* special or general, consequen- direct ou indirect, particul-
* tial or incidental, arising ier ou general, accessoire ou
* from the use of the software. fortuit, resultant de l'utili-
* sation du logiciel.
*
*
* @author adriand
*
* @version $Revision: $
*
*
**** C A N A D I A N A S T R O N O M Y D A T A C E N T R E *****
************************************************************************
*/
package ca.nrc.cadc.cert;
import java.io.IOException;
import javax.security.auth.Subject;
import org.apache.log4j.Logger;
import ca.nrc.cadc.auth.CertCmdArgUtil;
import ca.nrc.cadc.reg.client.RegistryClient;
import ca.nrc.cadc.util.ArgumentMap;
import ca.nrc.cadc.util.LogArgUtil;
/**
* Main class for the CertGenerator Discovery Agent. The DA generates
* certificates for CADC users, signs them with the provided CADC key and
* persists them in the DB.
*/
public class Main
{
private static Logger LOGGER = Logger.getLogger(Main.class);
public static final String ARG_HELP = "help";
public static final String ARG_H = "h";
public static final String ARG_SERVER = "server";
public static final String ARG_DB = "database";
public static final String ARG_SIGNED_CERT = "signingCert";
public static final String ARG_DRYRUN = "dryrun";
public static final String ARG_EXPIRING = "expiring";
public static final String ARG_USERID = "userid";
public static final int STATUS_FAIL = 1; // exit code for failure
public static final int STATUS_OK = 0; // exit code for successful execution
protected static final int DEFAULT_EXPIRE = 30; // Default to 30 days
// authenticated subject
protected static Subject subject;
private ArgumentMap argMap;
public Main()
{
}
/**
* @param args Command arguments.
*/
public static void main(String[] args)
{
int exitCode;
try
{
Main da = new Main();
exitCode = da.doit(args);
}
catch (Exception e)
{
LOGGER.error(e);
exitCode = STATUS_FAIL;
}
System.exit(exitCode);
}
private int doit(final String[] args) throws Exception
{
LogArgUtil.initialize(new String[]{"ca", "net", "com", "org",
"edu"}, args);
this.argMap = new ArgumentMap(args);
if (this.argMap.isSet(ARG_HELP) || this.argMap.isSet(ARG_H))
{
usage();
return STATUS_OK;
}
try
{
subject = CertCmdArgUtil.initSubject(argMap);
}
catch (Exception ex)
{
LOGGER.error(ex.getMessage());
LOGGER.debug("Caused by:", ex);
usage();
return STATUS_FAIL;
}
String credHost = argMap.getValue("cred");
if (credHost != null)
{
System.setProperty(RegistryClient.class.getName() + ".host", credHost);
LOGGER.info("override cred service host: " + credHost);
}
CertGenAction command = null;
try
{
command = new CertGenAction();
if (!command.init(argMap))
{
usage();
return STATUS_FAIL;
}
}
catch (IOException e)
{
msg("Cannot find .dbrc file to connect to the database");
msg("");
return STATUS_FAIL;
}
catch (IllegalArgumentException ex)
{
msg("illegal argument(s): " + ex.getMessage());
msg("");
if (command != null)
{
usage();
}
else
{
usage();
}
return STATUS_FAIL;
}
try
{
Subject.doAs(subject, command);
}
catch (Throwable t)
{
LOGGER.error("unexpected failure", t);
return STATUS_FAIL;
}
return STATUS_OK;
}
/**
* Initializes of the base URL for the service
*
* @param argMap Parsed command arguments map.
*/
static AbstractCertGenAction getCommand(final ArgumentMap argMap)
throws IllegalArgumentException, IOException
{
return new CertGenAction();
}
/**
* Formats the usage message.
*/
public static void usage()
{
//@formatter:off
String[] um = {
"",
"cadc-cert-gen [options] [--dryrun] --expiring=<numDays> --signingCert=<certfile.pem>",
" \"renew certificates that will expire within <numDays>\"",
" --dryrun - only list the expiring certificates",
"",
" OR",
"",
"cadc-cert-gen [options] --userid=<userid> --signingCert=<certfile.pem>",
" \"renew certificate for user with userid <userid>\"",
"",
" WHERE",
" --signingCert: PEM file containing certificate and key use to sign certificates",
"",
" OPTIONS:",
" --server=<server> (default is SYBASE)",
" --database=<database> (default is archive)",
" --cred=<CDP service host> (optional non-production service)",
" IMPORTANT: the --server/--database must specify the back-end persistence used",
" by the CDP service given by the --cred option",
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
" -h --help: show help",
" -v --verbose",
" -d --debug",
"",
" Note: Generated certificates have all a lifetime of 365 days."};
msg(um);
}
private static void msg(String[] s)
{
for (String line : s)
{
msg(line);
}
}
/**
* encapsulate all messages to console here
*/
public static void msg(String s)
{
System.out.println(s);
}
}