Skip to content

Commit

Permalink
Clean up and fixes
Browse files Browse the repository at this point in the history
  • Loading branch information
spyrkob committed Oct 29, 2024
1 parent 2106ab7 commit 3158ecd
Show file tree
Hide file tree
Showing 18 changed files with 138 additions and 65 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -84,6 +84,7 @@ public class ModelDescriptionConstants {
public static final String CAPABILITY_REFERENCE = "capability-reference";
public static final String CAPABILITY_REFERENCE_PATTERN_ELEMENTS = "capability-reference-pattern-elements";
public static final String CAPABILITY_REGISTRY = "capability-registry";
public static final String CERTIFICATE_INFO = "certificate-info";
public static final String CHILD_TYPE = "child-type";
public static final String CHILDREN = "children";
public static final String CLASSIFICATION = "classification";
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -25,5 +25,6 @@
<module name="org.jboss.as.domain-http-interface" />
<module name="org.jboss.modules" />
<module name="org.wildfly.security.manager" />
<module name="org.jboss.xnio"/>
</dependencies>
</module>
Original file line number Diff line number Diff line change
Expand Up @@ -7,8 +7,11 @@

import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.ATTACHED_STREAMS;
import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.FILESYSTEM_PATH;
import static org.wildfly.core.instmgr.InstMgrConstants.CERTIFICATE_CONTENT;

import java.io.ByteArrayInputStream;
import java.io.InputStream;
import java.nio.charset.StandardCharsets;
import java.nio.file.Path;

import org.jboss.as.controller.AttributeDefinition;
Expand All @@ -21,23 +24,28 @@
import org.jboss.as.controller.registry.OperationEntry;
import org.jboss.dmr.ModelNode;
import org.jboss.dmr.ModelType;
import org.wildfly.core.instmgr.logging.InstMgrLogger;
import org.wildfly.installationmanager.MavenOptions;
import org.wildfly.installationmanager.spi.InstallationManager;
import org.wildfly.installationmanager.spi.InstallationManagerFactory;

/**
* Operation handler to get the history of the installation manager changes, either artifacts or configuration metadata as
* channel changes.
* Operation handler to import a certificate used to validate components installed during updates.
* The certificate has to be an ASCII-armored PGP public certificate.
*/
public class InstMgrCertificateImportHandler extends InstMgrOperationStepHandler {
public static final String OPERATION_NAME = "certificate-import";

protected static final AttributeDefinition CERT_FILE = SimpleAttributeDefinitionBuilder.create(InstMgrConstants.CERT_FILE, ModelType.INT)
.setStorageRuntime()
.setRequired(true)
.setRequired(false)
.addArbitraryDescriptor(FILESYSTEM_PATH, ModelNode.TRUE)
.addArbitraryDescriptor(ATTACHED_STREAMS, ModelNode.TRUE)
.build();
protected static final AttributeDefinition CERT_CONTENT = SimpleAttributeDefinitionBuilder.create(CERTIFICATE_CONTENT, ModelType.STRING)
.setStorageRuntime()
.setRequired(false)
.build();

public static final OperationDefinition DEFINITION = new SimpleOperationDefinitionBuilder(OPERATION_NAME, InstMgrResolver.RESOLVER)
.withFlags(OperationEntry.Flag.HOST_CONTROLLER_ONLY)
Expand All @@ -61,8 +69,23 @@ public void execute(OperationContext context, ModelNode operation) throws Operat
MavenOptions mavenOptions = new MavenOptions(null, false);
InstallationManager installationManager = imf.create(serverHome, mavenOptions);

try (InputStream is = context.getAttachmentStream(CERT_FILE.resolveModelAttribute(context, operation).asInt())) {
installationManager.acceptTrustedCertificates(is);
final Integer streamIndex = CERT_FILE.resolveModelAttribute(context, operation).asIntOrNull();
final String certificateContent = CERT_CONTENT.resolveModelAttribute(context, operation).asStringOrNull();

if (streamIndex != null && certificateContent != null) {
throw InstMgrLogger.ROOT_LOGGER.mutuallyExclusiveOptions(CERT_FILE.getName(), CERT_CONTENT.getName());
}

if (streamIndex != null) {
try (InputStream is = context.getAttachmentStream(streamIndex)) {
installationManager.acceptTrustedCertificates(is);
}
} else if (certificateContent != null) {
try (InputStream is = new ByteArrayInputStream(certificateContent.getBytes(StandardCharsets.UTF_8))) {
installationManager.acceptTrustedCertificates(is);
}
} else {
// throw exception
}
} catch (OperationFailedException | RuntimeException e) {
throw e;
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -31,8 +31,7 @@
import org.wildfly.installationmanager.spi.InstallationManagerFactory;

/**
* Operation handler to get the history of the installation manager changes, either artifacts or configuration metadata as
* channel changes.
* Operation handler to parse the certificate file and read the certificate information. Expects am ASCII-armored PGP public key.
*/
public class InstMgrCertificateParseHandler extends InstMgrOperationStepHandler {
public static final String OPERATION_NAME = "certificate-parse";
Expand Down Expand Up @@ -67,9 +66,9 @@ public void execute(OperationContext context, ModelNode operation) throws Operat
InstallationManager installationManager = imf.create(serverHome, mavenOptions);

try (InputStream is = context.getAttachmentStream(CERT_FILE.resolveModelAttribute(context, operation).asInt())) {
TrustCertificate tc = installationManager.parseCertificate(is);
final TrustCertificate tc = installationManager.parseCertificate(is);

ModelNode entry = new ModelNode();
final ModelNode entry = new ModelNode();
entry.get(CERT_KEY_ID).set(tc.getKeyID());
entry.get(CERT_FINGERPRINT).set(tc.getFingerprint());
entry.get(CERT_DESCRIPTION).set(tc.getDescription());
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -24,8 +24,9 @@
import org.wildfly.installationmanager.spi.InstallationManagerFactory;

/**
* Operation handler to get the history of the installation manager changes, either artifacts or configuration metadata as
* channel changes.
* Operation handler to remove one of imported component certificates. The certificate is identified by it's ID (in hex format).
* Once the certificate is removed, the user will have to re-import it to apply and updates including a component
* signed by that certificate.
*/
public class InstMgrCertificateRemoveHandler extends InstMgrOperationStepHandler {
public static final String OPERATION_NAME = "certificate-remove";
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,8 @@ public interface InstMgrConstants {
String CERT_KEY_ID = "key-id";
String CERT_STATUS = "status";
String CERT_FILE = "cert-file";
String CERTIFICATE = "certificate";
String CERTIFICATE_CONTENT = "certificate-content";
String CERTIFICATES = "certificates";
String CHANNEL = "channel";
String CHANNELS = "channels";
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -179,8 +179,7 @@ public void handleResult(OperationContext.ResultAction resultAction, OperationCo
} catch (OperationFailedException | RuntimeException e) {
throw e;
} catch (MissingSignatureException e) {
throw new OperationFailedException(String.format("One of the signatures in the update is signed by an unknown public key %s. Please import the key using import operation and try again.",
e.getDescription()), e);
throw InstMgrLogger.ROOT_LOGGER.componentSignedWithUnknownCertificate(e.getDescription(), e);
} catch (Exception e) {
throw new RuntimeException(e);
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -149,8 +149,7 @@ public void execute(OperationContext context, ModelNode operation) throws Operat
} catch (OperationFailedException | RuntimeException e) {
throw e;
} catch (MissingSignatureException e) {
throw new OperationFailedException(String.format("One of the signatures in the update is signed by an unknown public key %s. Please import the key using import operation and try again.",
e.getDescription()), e);
throw InstMgrLogger.ROOT_LOGGER.componentSignedWithUnknownCertificate(e.getDescription(), e);
} catch (Exception e) {
throw new RuntimeException(e);
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -191,8 +191,7 @@ public void execute(OperationContext context, ModelNode operation) throws Operat
} catch (OperationFailedException | RuntimeException e) {
throw e;
} catch (MissingSignatureException e) {
throw new OperationFailedException(String.format("One of the signatures in the update is signed by an unknown public key %s. Please import the key using import operation and try again.",
e.getDescription()), e);
throw InstMgrLogger.ROOT_LOGGER.componentSignedWithUnknownCertificate(e.getDescription(), e);
} catch (Exception e) {
throw new RuntimeException(e);
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -122,8 +122,7 @@ class InstMgrResourceDefinition extends SimpleResourceDefinition {
.setSuffix("channel")
.build();

private static final ObjectTypeAttributeDefinition CERTIFICATE = ObjectTypeAttributeDefinition.create("certificate", KEY_ID)
// .setValidator(new ChannelValidator())
private static final ObjectTypeAttributeDefinition CERTIFICATE = ObjectTypeAttributeDefinition.create(InstMgrConstants.CERTIFICATE, KEY_ID)
.setStorageRuntime()
.setRuntimeServiceNotRequired()
.setRequired(true)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -5,10 +5,18 @@

package org.wildfly.core.instmgr;

import static org.wildfly.core.instmgr.InstMgrConstants.CERT_FILE;
import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.CERTIFICATE_INFO;
import static org.wildfly.core.instmgr.InstMgrConstants.CERTIFICATE_CONTENT;
import static org.wildfly.core.instmgr.InstMgrConstants.CERT_DESCRIPTION;
import static org.wildfly.core.instmgr.InstMgrConstants.CERT_FINGERPRINT;
import static org.wildfly.core.instmgr.InstMgrConstants.CERT_KEY_ID;
import static org.wildfly.core.instmgr.InstMgrConstants.CERT_STATUS;

import java.io.FileOutputStream;
import java.io.BufferedInputStream;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.InputStream;
import java.nio.charset.StandardCharsets;
import java.nio.file.Path;
import java.util.Collection;

Expand All @@ -23,13 +31,13 @@
import org.jboss.dmr.ModelNode;
import org.jboss.dmr.ModelType;
import org.wildfly.installationmanager.MavenOptions;
import org.wildfly.installationmanager.TrustCertificate;
import org.wildfly.installationmanager.spi.InstallationManager;
import org.wildfly.installationmanager.spi.InstallationManagerFactory;
import org.xnio.streams.Streams;

/**
* Operation handler to get the history of the installation manager changes, either artifacts or configuration metadata as
* channel changes.
* Operation handler to get the certificates potentially required by the update or revert operation. Those certificates
* are listed by the channel and may be used to sign the components included in the channel.
*/
public class InstMgrUnacceptedCertificateHandler extends InstMgrOperationStepHandler {
public static final String OPERATION_NAME = "unaccepted-certificates";
Expand Down Expand Up @@ -59,25 +67,38 @@ public void execute(OperationContext context, ModelNode operation) throws Operat
public void execute(OperationContext context, ModelNode operation) throws OperationFailedException {
try {
final Path serverHome = imService.getHomeDir();
final Path controllerTempDir = imService.getControllerTempDir();
final boolean offline = OFFLINE.resolveModelAttribute(context, operation).asBoolean();
final MavenOptions mavenOptions = new MavenOptions(null, offline);
final InstallationManager installationManager = imf.create(serverHome, mavenOptions);

final Collection<InputStream> downloadedCerts = installationManager.downloadRequiredCertificates();

final ModelNode mCertificates = new ModelNode().addEmptyList();
int i=0;
for (InputStream is : downloadedCerts) {
final Path certFile = controllerTempDir.resolve("required-cert-" + i++ + ".crt");
try (FileOutputStream fos = new FileOutputStream(certFile.toFile())) {
Streams.copyStream(is, fos);
is.close();
final ModelNode mCert = new ModelNode();
try (BufferedInputStream bis = new BufferedInputStream(is)) {
ByteArrayOutputStream buf = new ByteArrayOutputStream();
for (int result = bis.read(); result != -1; result = bis.read()) {
buf.write((byte) result);
}

final String certContent = buf.toString(StandardCharsets.UTF_8);
mCert.get(CERTIFICATE_CONTENT).set(certContent);
try (final ByteArrayInputStream bais = new ByteArrayInputStream(certContent.getBytes(StandardCharsets.UTF_8))) {
final TrustCertificate tc = installationManager.parseCertificate(bais);
final ModelNode info = new ModelNode();
info.get(CERT_KEY_ID).set(tc.getKeyID());
info.get(CERT_FINGERPRINT).set(tc.getFingerprint());
info.get(CERT_DESCRIPTION).set(tc.getDescription());
info.get(CERT_STATUS).set(tc.getStatus());
context.getResult().set(info);

mCert.get(CERTIFICATE_INFO).set(info);
}
}

final ModelNode entry = new ModelNode();
entry.get(CERT_FILE).set(certFile.toAbsolutePath().toString());
mCertificates.add(entry);

mCertificates.add(mCert);
}

final ModelNode result = context.getResult();
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -59,7 +59,7 @@ protected Operation buildParseOperation() {
final OperationBuilder operationBuilder = OperationBuilder.create(op);

op.get(OP).set(InstMgrCertificateParseHandler.DEFINITION.getName());
op.get("cert-file").set(0);
op.get(CERT_FILE).set(0);
operationBuilder.addFileAsAttachment(certFile);

return operationBuilder.build();
Expand All @@ -76,15 +76,15 @@ public CommandResult execute(CLICommandInvocation commandInvocation) throws Comm
commandInvocation.println("fingerprint: " + modelNode.get(InstMgrConstants.CERT_FINGERPRINT));
commandInvocation.println("description: " + modelNode.get(InstMgrConstants.CERT_DESCRIPTION));

final String input = commandInvocation.inputLine(new Prompt(String.format("Import this certificate y/N")));
final String input = commandInvocation.inputLine(new Prompt("Import this certificate y/N"));
if (nonInteractive || "y".equals(input)) {
commandInvocation.print("Importing a trusted certificate");

this.executeOp(ctx, this.host);
} else {
commandInvocation.print("Importing canceled.");
}

this.executeOp(ctx, this.host);

return CommandResult.SUCCESS;
}
}
Loading

0 comments on commit 3158ecd

Please sign in to comment.