fix SQL generation to explicitly use provided database name; re-org DB related...

package ca.nrc.cadc.cert;

import ca.nrc.cadc.auth.HttpPrincipal;

import java.io.File;

import java.io.IOException;

import java.net.URI;

import ca.nrc.cadc.util.ArgumentMap;

import ca.nrc.cadc.util.StringUtil;

import javax.security.auth.x500.X500Principal;

public abstract class AbstractCertGenAction implements PrivilegedAction<Object>

{

    static final File SERVOPS_PEM_FILE =

            new File(System.getProperty("user.home") + "/.pub/proxy.pem");

    private static Logger LOGGER = Logger.getLogger(AbstractCertGenAction.class);

    private static Logger LOGGER = Logger

            .getLogger(AbstractCertGenAction.class);

    public static final URI CRED_SERVICE_ID =

            URI.create("ivo://cadc.nrc.ca/cred");

    protected String server = "SYBASE"; // default server

    protected String database = "archive"; // default database

    public static final URI CRED_SERVICE_ID = URI.create("ivo://cadc.nrc.ca/cred");

    protected int expiring;

    protected String userid;

        return true;

    }

    abstract protected X500Principal[] getExpiring(int expire);

    abstract protected X500Principal getCertificateDN(HttpPrincipal userId);

    private int parseExpire(ArgumentMap argMap)

    {

import org.bouncycastle.openssl.PEMReader;

import org.bouncycastle.x509.X509V3CertificateGenerator;

import org.bouncycastle.x509.extension.AuthorityKeyIdentifierStructure;

import org.springframework.jdbc.core.JdbcTemplate;

import ca.nrc.cadc.auth.AuthenticationUtil;

import ca.nrc.cadc.auth.HttpPrincipal;

import ca.nrc.cadc.net.ResourceNotFoundException;

import ca.nrc.cadc.util.ArgumentMap;

/**

 * Generates a new certificate using CDP client API.

 * 

 * @author pdowler

 */

public class CertGenAction extends DbCertGenAction

{

    private static final Logger LOGGER = Logger.getLogger(CertGenAction.class);

        {

            // create a cert for a single user

            HttpPrincipal useridPrincipal = new HttpPrincipal(userid);

            X500Principal userDN = super.getCADCUserDN(useridPrincipal);

            X500Principal userDN = super.getCertificateDN(useridPrincipal);

            LOGGER.debug("About to create certificate for user " + userid + " with DN " + userDN.toString());

            generateCertificate(userDN);

            msg("New user DN: " + userDN.toString());

        {

            // renew certs for all users who's are about to expire

            int count = 0;

            X500Principal[] userDNs = getExpiringCADC(super.expiring);

            X500Principal[] userDNs = getExpiring(super.expiring);

            if (dryRun)

            {

                for (X500Principal userDN : userDNs)

        msg("Generated certificate for " + noWhitespaceDN);

    }

    private X500Principal[] getExpiringCADC(int expire)

    {

        // @formatter:off

        String query = "select canon_dn"

                       + " from "

                       + "     archive.dbo.x509_certificates "

                       + " where "

                       + "     canon_dn like 'cn=%&____,ou=cadc,o=hia,c=ca' escape '&' "

                       + "     and datediff(dd, current_date(), exp_date) < ? ";

        // @formatter:on

        JdbcTemplate jdbc = new JdbcTemplate(ds);

        @SuppressWarnings("unchecked")

        List<String> rsList = (List<String>) jdbc.queryForList(query,

                                                               new Object[]{

                                                                       expire}, String.class);

        X500Principal[] result = new X500Principal[rsList.size()];

        Iterator<String> it = rsList.iterator();

        for (int i = 0; i < result.length; i++)

        {

            result[i] = new X500Principal(it.next());

        }

        return result;

    }

}

import ca.nrc.cadc.db.DBConfig;

import ca.nrc.cadc.db.DBUtil;

import ca.nrc.cadc.util.ArgumentMap;

import java.util.Iterator;

import java.util.List;

/**

 * Represents a AbstractCertGenAction that needs DB connections

 * 

 * @author pdowler

 */

public abstract class DbCertGenAction extends AbstractCertGenAction

{

    private static Logger LOGGER = Logger

            .getLogger(DbCertGenAction.class);

    private static Logger LOGGER = Logger.getLogger(DbCertGenAction.class);

    protected String server = "SYBASE"; // default server

    protected String database = "archive"; // default database

    // datasource to the database

    protected DataSource ds;

    protected static final String TMP_TABLE = "#tmptable";

    public static final String GENERATE_DN_Q = "select dbo.genDN(?)";

    //public static final String GENERATE_DN_Q = "select dbo.genDN(?)";

    @Override

    public boolean init(final ArgumentMap argMap) throws IOException

        return true;

    }

    /**

     * Returns DN of a cadc user

     *

     * @param userId The HTTP Principal to get the DN for.

     * @return X500Principal, or null.

     */

    protected X500Principal getCADCUserDN(HttpPrincipal userId)

    {

        final JdbcTemplate jdbc = new JdbcTemplate(ds);

        @SuppressWarnings("unchecked")

        final String userDN = (String) jdbc.queryForObject(GENERATE_DN_Q,

                                                           new Object[]{

                                                                   userId.getName()}, String.class);

        return (userDN == null) ? null : new X500Principal(userDN);

    }

    private void initDbConnection(ArgumentMap argMap) throws IOException

    {

        if (argMap.getValue(Main.ARG_DB) != null)

        LOGGER.debug("ds=" + ds);

    }

    /**

     * Returns DN of a cadc user

     *

     * @param userId The HTTP Principal to get the DN for.

     * @return X500Principal, or null.

     */

    @Override

    protected X500Principal getCertificateDN(HttpPrincipal userId)

    {

        final JdbcTemplate jdbc = new JdbcTemplate(ds);

        @SuppressWarnings("unchecked")

        StringBuilder sb = new StringBuilder();

        sb.append("SELECT " ).append(database).append(".dbo.genDN(?)");

        String sql = sb.toString();

        LOGGER.debug("getCertificateDN: " + sql);

        final String userDN = (String) jdbc.queryForObject(sql, new Object[]{ userId.getName()}, String.class);

        X500Principal ret = null;

        if (userDN != null)

            ret = new X500Principal(userDN);

        LOGGER.debug("getCertificateDN: " + userId + " -> " + ret);

        return ret;

    }

    @Override

    protected X500Principal[] getExpiring(int expire)

    {

        // @formatter:off

        StringBuilder sb = new StringBuilder();

        sb.append("SELECT canon_dn" + " FROM ").append(database).append(".dbo.x509_certificates");

        sb.append(" WHERE canon_dn like 'cn=%&____,ou=cadc,o=hia,c=ca' escape '&'");

        sb.append(" AND datediff(dd, current_date(), exp_date) < ? ");

        String query = sb.toString();

        LOGGER.debug("getExpiringCADC: " + query);

        // @formatter:on

        JdbcTemplate jdbc = new JdbcTemplate(ds);

        @SuppressWarnings(value = "unchecked")

        List<String> rsList = (List<String>) jdbc.queryForList(query, new Object[]{expire}, String.class);

        X500Principal[] result = new X500Principal[rsList.size()];

        Iterator<String> it = rsList.iterator();

        for (int i = 0; i < result.length; i++)

        {

            result[i] = new X500Principal(it.next());

        }

        return result;

    }

}

    private int doit(final String[] args) throws Exception

    {

        LogArgUtil.initialize(new String[]{"ca", "net", "com", "org",

                                           "edu"}, args);

        LogArgUtil.initialize(new String[]

        {

            "ca.nrc.cadc.cert",

            "ca.nrc.cadc.cred",

            "ca.nrc.cadc.net"

        }, args);

        this.argMap = new ArgumentMap(args);

        if (this.argMap.isSet(ARG_HELP) || this.argMap.isSet(ARG_H))

        {