This repository has been archived by the owner on Sep 23, 2020. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 82
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
110 changed files
with
5,072 additions
and
95 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
82 changes: 82 additions & 0 deletions
82
autocommon/src/org/nimbustools/auto_common/ezpz_ca/CertDN.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,82 @@ | ||
/* | ||
* Copyright 1999-2009 University of Chicago | ||
* | ||
* Licensed under the Apache License, Version 2.0 (the "License"); you may not | ||
* use this file except in compliance with the License. You may obtain a copy | ||
* of the License at | ||
* | ||
* http://www.apache.org/licenses/LICENSE-2.0 | ||
* | ||
* Unless required by applicable law or agreed to in writing, software | ||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT | ||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the | ||
* License for the specific language governing permissions and limitations | ||
* under the License. | ||
*/ | ||
package org.nimbustools.auto_common.ezpz_ca; | ||
|
||
import java.io.File; | ||
import java.io.IOException; | ||
import java.io.FileReader; | ||
import java.security.cert.X509Certificate; | ||
import java.security.Security; | ||
|
||
import org.bouncycastle.openssl.PEMReader; | ||
import org.bouncycastle.jce.provider.BouncyCastleProvider; | ||
import org.globus.gsi.CertUtil; | ||
|
||
import javax.security.auth.x500.X500Principal; | ||
|
||
public class CertDN { | ||
|
||
|
||
static { | ||
Security.addProvider(new BouncyCastleProvider()); | ||
} | ||
|
||
public static String dnFromPath(String path) throws IOException { | ||
|
||
final File certFile = new File(path); | ||
if (!certFile.canRead()) { | ||
final String msg = "File '" + path + "' can not be read."; | ||
throw new IOException(msg); | ||
} | ||
|
||
final FileReader fr = new FileReader(certFile); | ||
try { | ||
final PEMReader reader = | ||
new PEMReader(fr, null, BouncyCastleProvider.PROVIDER_NAME); | ||
try { | ||
final X509Certificate cert = (X509Certificate) reader.readObject(); | ||
final X500Principal principal = cert.getSubjectX500Principal(); | ||
final String DN = principal.getName(X500Principal.RFC2253); | ||
|
||
return CertUtil.toGlobusID(DN, false); | ||
|
||
} finally { | ||
reader.close(); | ||
} | ||
} finally { | ||
fr.close(); | ||
} | ||
} | ||
|
||
|
||
public static void main(String[] args) { | ||
|
||
if (args == null || args.length != 1) { | ||
System.err.println("Needs these arguments:\n" + | ||
"1 - the certificate file"); | ||
System.exit(1); | ||
} | ||
|
||
try { | ||
final String dn = dnFromPath(args[0]); | ||
System.out.println(dn); | ||
} catch (Throwable t) { | ||
System.err.println("Problem: " + t.getMessage()); | ||
t.printStackTrace(); | ||
System.exit(1); | ||
} | ||
} | ||
} |
105 changes: 105 additions & 0 deletions
105
autocommon/src/org/nimbustools/auto_common/ezpz_ca/KeystoreFromPEM.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,105 @@ | ||
/* | ||
* Copyright 1999-2010 University of Chicago | ||
* | ||
* Licensed under the Apache License, Version 2.0 (the "License"); you may not | ||
* use this file except in compliance with the License. You may obtain a copy | ||
* of the License at | ||
* | ||
* http://www.apache.org/licenses/LICENSE-2.0 | ||
* | ||
* Unless required by applicable law or agreed to in writing, software | ||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT | ||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the | ||
* License for the specific language governing permissions and limitations | ||
* under the License. | ||
*/ | ||
package org.nimbustools.auto_common.ezpz_ca; | ||
|
||
import org.bouncycastle.jce.provider.BouncyCastleProvider; | ||
import org.bouncycastle.openssl.PEMReader; | ||
|
||
import java.security.cert.Certificate; | ||
import java.security.cert.X509Certificate; | ||
import java.security.KeyStore; | ||
import java.security.PrivateKey; | ||
import java.security.Security; | ||
import java.security.KeyPair; | ||
import java.io.*; | ||
|
||
/** | ||
* Creates a Java Keystore from PEM encoded cert and private key | ||
*/ | ||
public class KeystoreFromPEM { | ||
|
||
static { | ||
Security.addProvider(new BouncyCastleProvider()); | ||
} | ||
|
||
public static KeyStore createJavaKeystore(X509Certificate cert, PrivateKey key, String password) | ||
throws Exception { | ||
|
||
KeyStore store = KeyStore.getInstance("JKS", "SUN"); | ||
store.load(null, password.toCharArray()); | ||
store.setKeyEntry("", key, password.toCharArray(), | ||
new Certificate[] {cert}); | ||
|
||
return store; | ||
} | ||
|
||
public static void createJavaKeystore(File certFile, File keyFile, | ||
File keystoreFile, String password) | ||
throws Exception { | ||
|
||
X509Certificate cert = (X509Certificate) readPemObject(certFile); | ||
KeyPair keypair = (KeyPair) readPemObject(keyFile); | ||
KeyStore store = createJavaKeystore(cert, keypair.getPrivate(), password); | ||
OutputStream outStream = new FileOutputStream(keystoreFile); | ||
try { | ||
store.store(outStream, password.toCharArray()); | ||
} finally { | ||
outStream.close(); | ||
} | ||
} | ||
|
||
private static Object readPemObject(File file) throws IOException { | ||
FileReader reader = new FileReader(file); | ||
try { | ||
PEMReader pemReader = new PEMReader(reader, null, BouncyCastleProvider.PROVIDER_NAME); | ||
return pemReader.readObject(); | ||
} finally { | ||
reader.close(); | ||
} | ||
} | ||
|
||
public static void main(String[] args) { | ||
|
||
if (args == null || args.length != 4) { | ||
System.err.println("Needs these arguments:\n" + | ||
"1 - the certificate file\n" + | ||
"2 = the private key file\n" + | ||
"3 - the destination file\n" + | ||
"4 - the keystore password\n" | ||
); | ||
System.exit(1); | ||
} | ||
|
||
try { | ||
File certFile = new File(args[0]); | ||
File keyFile = new File(args[1]); | ||
File keystoreFile = new File(args[2]); | ||
String password = args[3]; | ||
|
||
if (keystoreFile.exists()) { | ||
throw new Exception("keystore file already exists!"); | ||
//TODO maybe it would be better to add to existing keystore? | ||
} | ||
|
||
createJavaKeystore(certFile, keyFile, keystoreFile, password); | ||
|
||
} catch (Throwable t) { | ||
System.err.println("Problem: " + t.getMessage()); | ||
t.printStackTrace(); | ||
System.exit(1); | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,103 @@ | ||
#!/bin/sh | ||
|
||
CONTAINER_URL="http://www-unix.globus.org/ftppub/gt4/4.0/4.0.8/ws-core/bin/ws-core-4.0.8-bin.tar.gz" | ||
CONTAINER_TARNAME="ws-core-4.0.8-bin.tar.gz" | ||
CONTAINER_UNTARREDNAME="ws-core-4.0.8" | ||
|
||
# destination directory inside $NIMBUS_HOME | ||
CONTAINER_DIRNAME="services" | ||
|
||
NIMBUS_SRC_REL="`dirname $0`/.." | ||
NIMBUS_SRC=`cd $NIMBUS_SRC_REL; pwd` | ||
|
||
TMPDIR="$NIMBUS_SRC/bin/tmp" | ||
|
||
if [ ! -d $TMPDIR ]; then | ||
mkdir $TMPDIR | ||
if [ $? -ne 0 ]; then | ||
echo "Failed to create temp directory: $TMPDIR" | ||
exit 1 | ||
fi | ||
fi | ||
|
||
if [ "X$1" == "X" ]; then | ||
echo "" | ||
echo "Usage: $0 destination_dir" | ||
echo " You must specify the destination directory.\n" | ||
exit 1 | ||
fi | ||
|
||
NIMBUS_HOME=$1 | ||
|
||
if [ ! -d $NIMBUS_HOME ]; then | ||
PARENT_DIR=`dirname $NIMBUS_HOME` | ||
|
||
if [ -d $PARENT_DIR ]; then | ||
|
||
echo "Creating destination directory: $NIMBUS_HOME" | ||
mkdir $NIMBUS_HOME | ||
|
||
if [ $? -ne 0 ]; then | ||
echo "Failed to create destination directory!" | ||
exit 1 | ||
fi | ||
else | ||
echo "Parent dir of destination does not exist: $PARENT_DIR" | ||
exit 1 | ||
fi | ||
fi | ||
|
||
echo "Deploying skeleton directory structure.." | ||
cp -fr $NIMBUS_SRC/home/* $NIMBUS_HOME/ | ||
if [ $? -ne 0 ]; then | ||
echo "Failed to copy Nimbus home directory" | ||
exit 1 | ||
fi | ||
|
||
echo "Deploying web application.." | ||
cp -r $NIMBUS_SRC/web $NIMBUS_HOME/ | ||
if [ $? -ne 0 ]; then | ||
echo "Failed to copy Nimbus web directory" | ||
exit 1 | ||
fi | ||
|
||
CONTAINER_DIR="$NIMBUS_HOME/$CONTAINER_DIRNAME" | ||
if [ ! -d $CONTAINER_DIR ]; then | ||
|
||
echo "Downloading and installing service container.." | ||
|
||
# fetch GT container if it doesn't already exist | ||
if [ ! -f $TMPDIR/$CONTAINER_TARNAME ]; then | ||
wget -c -O $TMPDIR/$CONTAINER_TARNAME $CONTAINER_URL | ||
|
||
if [ $? -ne 0 ]; then | ||
echo "Failed to download container tarball" | ||
exit 1 | ||
fi | ||
fi | ||
|
||
tar xzf $TMPDIR/$CONTAINER_TARNAME -C $TMPDIR | ||
if [ $? -ne 0 ]; then | ||
echo "Failed to expand Nimbus tarball" | ||
exit 1 | ||
fi | ||
|
||
mv $TMPDIR/$CONTAINER_UNTARREDNAME $CONTAINER_DIR | ||
if [ $? -ne 0 ]; then | ||
echo "Failed to move container directory to $CONTAINER_DIR" | ||
exit 1 | ||
fi | ||
else | ||
echo "Service container already exists at $CONTAINER_DIR" | ||
fi | ||
|
||
echo "Building and installing Nimbus to service container.." | ||
|
||
GLOBUS_LOCATION=$CONTAINER_DIR | ||
export GLOBUS_LOCATION | ||
|
||
$NIMBUS_SRC/scripts/all-build-and-install.sh | ||
if [ $? -ne 0 ]; then | ||
echo "Build and install FAILED!" | ||
exit 1 | ||
fi |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,67 @@ | ||
#!/bin/sh | ||
|
||
FORCE_FRESH_INSTALL="yes" | ||
|
||
NIMBUS_SRC_REL="`dirname $0`/.." | ||
NIMBUS_SRC=`cd $NIMBUS_SRC_REL; pwd` | ||
|
||
if [ "X$1" == "X" ]; then | ||
echo "" | ||
echo "Usage: $0 destination_dir" | ||
echo " You must specify the destination directory.\n" | ||
exit 1 | ||
fi | ||
|
||
NIMBUS_HOME=$1 | ||
|
||
if [ -d $NIMBUS_HOME ] && [ "$(ls -A $NIMBUS_HOME)" ]; then | ||
if [ $FORCE_FRESH_INSTALL == "yes" ]; then | ||
echo "" | ||
echo "The destination directory '$NIMBUS_HOME' exists and is not empty." | ||
echo "It is not recommended to reinstall Nimbus into an existing install." | ||
echo "" | ||
echo "If you are making changes to the services, you can build and install those directly:" | ||
echo " export GLOBUS_LOCATION=$NIMBUS_HOME/services" | ||
echo " scripts/all-build-and-install.sh" | ||
echo "" | ||
echo "If you know what you are doing and want to reinstall, edit this script:" | ||
echo " $0" | ||
echo "and change FORCE_FRESH_INSTALL to \"no\"" | ||
echo "" | ||
|
||
exit 1 | ||
fi | ||
fi | ||
|
||
$NIMBUS_SRC/bin/create-nimbus-home.sh $NIMBUS_HOME | ||
|
||
if [ $? -ne 0 ]; then | ||
echo "Nimbus home creation failed!" | ||
exit 1 | ||
fi | ||
|
||
CONFIG_SCRIPT="$NIMBUS_HOME/bin/nimbus-configure" | ||
|
||
if [ ! -f $CONFIG_SCRIPT ]; then | ||
echo "Configuration script could not be found: $CONFIG_SCRIPT" | ||
exit 1 | ||
fi | ||
|
||
$CONFIG_SCRIPT | ||
|
||
if [ $? -ne 0 ]; then | ||
echo "Nimbus configuration script failed! You may try running it manually:" | ||
echo " $CONFIG_SCRIPT" | ||
exit 1 | ||
fi | ||
|
||
echo "" | ||
echo "Nimbus installation succeeded!" | ||
echo "However, additional configuration may be necessary." | ||
echo "Refer to the Administrator Guide for details." | ||
echo "" | ||
echo "You can now start/stop Nimbus services with the nimbusctl command. e.g:" | ||
echo " $NIMBUS_HOME/bin/nimbusctl start" | ||
echo "" | ||
|
||
exit 0 |
Oops, something went wrong.