Merge branch 'rest'

.gitignore

@@ -2,15 +2,19 @@
 *.iml
 *.ipr
 *.iws
+*.swp
 build/
 dist/
 autocontainer/downloads/
 autocontainer/gt/
-web/lib/python/
 web/lib/java/
+web/lib/python/cherrypy/
+web/lib/python/django/
+web/lib/python/httplib2/
 web/src/env.sh
 web/src/python/nimbusweb/portal/generated_secrets.py
 web/src/python/nimbusweb/portal/generated_settings.py
 web/var/
 control/var/workspace-control/logs/wclog*
 derby.log
+bin/tmp/

autocommon/src/org/nimbustools/auto_common/ezpz_ca/CertDN.java

@@ -0,0 +1,82 @@
+/*
+ * Copyright 1999-2009 University of Chicago
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not
+ * use this file except in compliance with the License. You may obtain a copy
+ * of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+package org.nimbustools.auto_common.ezpz_ca;
+
+import java.io.File;
+import java.io.IOException;
+import java.io.FileReader;
+import java.security.cert.X509Certificate;
+import java.security.Security;
+
+import org.bouncycastle.openssl.PEMReader;
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
+import org.globus.gsi.CertUtil;
+
+import javax.security.auth.x500.X500Principal;
+
+public class CertDN {
+
+
+    static {
+        Security.addProvider(new BouncyCastleProvider());
+    }
+
+    public static String dnFromPath(String path) throws IOException {
+
+        final File certFile = new File(path);
+        if (!certFile.canRead()) {
+            final String msg = "File '" + path + "' can not be read.";
+            throw new IOException(msg);
+        }
+
+		final FileReader fr = new FileReader(certFile);
+		try {
+			final PEMReader reader =
+					new PEMReader(fr, null, BouncyCastleProvider.PROVIDER_NAME);
+			try {
+				final X509Certificate cert = (X509Certificate) reader.readObject();
+                final X500Principal principal = cert.getSubjectX500Principal();
+                final String DN = principal.getName(X500Principal.RFC2253);
+
+                return CertUtil.toGlobusID(DN, false);
+
+            } finally {
+				reader.close();
+			}
+		} finally {
+			fr.close();
+		}
+    }
+
+
+    public static void main(String[] args) {
+
+        if (args == null || args.length != 1) {
+            System.err.println("Needs these arguments:\n" +
+                    "1 - the certificate file");
+            System.exit(1);
+        }
+
+        try {
+            final String dn = dnFromPath(args[0]);
+            System.out.println(dn);
+        } catch (Throwable t) {
+            System.err.println("Problem: " + t.getMessage());
+			t.printStackTrace();
+            System.exit(1);
+        }
+    }
+}

autocommon/src/org/nimbustools/auto_common/ezpz_ca/KeystoreFromPEM.java

@@ -0,0 +1,105 @@
+/*
+ * Copyright 1999-2010 University of Chicago
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not
+ * use this file except in compliance with the License. You may obtain a copy
+ * of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+package org.nimbustools.auto_common.ezpz_ca;
+
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
+import org.bouncycastle.openssl.PEMReader;
+
+import java.security.cert.Certificate;
+import java.security.cert.X509Certificate;
+import java.security.KeyStore;
+import java.security.PrivateKey;
+import java.security.Security;
+import java.security.KeyPair;
+import java.io.*;
+
+/**
+ * Creates a Java Keystore from PEM encoded cert and private key
+ */
+public class KeystoreFromPEM {
+
+    static {
+        Security.addProvider(new BouncyCastleProvider());
+    }
+
+    public static KeyStore createJavaKeystore(X509Certificate cert, PrivateKey key, String password)
+            throws Exception {
+
+        KeyStore store = KeyStore.getInstance("JKS", "SUN");
+        store.load(null, password.toCharArray());
+        store.setKeyEntry("", key, password.toCharArray(),
+                new Certificate[] {cert});
+
+        return store;
+    }
+
+    public static void createJavaKeystore(File certFile, File keyFile,
+                                          File keystoreFile, String password)
+            throws Exception {
+
+        X509Certificate cert = (X509Certificate) readPemObject(certFile);
+        KeyPair keypair = (KeyPair) readPemObject(keyFile);
+        KeyStore store = createJavaKeystore(cert, keypair.getPrivate(), password);
+        OutputStream outStream = new FileOutputStream(keystoreFile);
+        try {
+            store.store(outStream, password.toCharArray());
+        } finally {
+            outStream.close();
+        }
+    }
+
+    private static Object readPemObject(File file) throws IOException {
+        FileReader reader = new FileReader(file);
+        try {
+            PEMReader pemReader = new PEMReader(reader, null, BouncyCastleProvider.PROVIDER_NAME);
+            return pemReader.readObject();
+        } finally {
+            reader.close();
+        }
+    }
+
+    public static void main(String[] args) {
+
+        if (args == null || args.length != 4) {
+            System.err.println("Needs these arguments:\n" +
+                    "1 - the certificate file\n" +
+                    "2 = the private key file\n" +
+                    "3 - the destination file\n" +
+                    "4 - the keystore password\n"
+            );
+            System.exit(1);
+        }
+
+        try {
+            File certFile = new File(args[0]);
+            File keyFile = new File(args[1]);
+            File keystoreFile = new File(args[2]);
+            String password = args[3];
+
+            if (keystoreFile.exists()) {
+                throw new Exception("keystore file already exists!");
+                //TODO maybe it would be better to add to existing keystore?
+            }
+
+            createJavaKeystore(certFile, keyFile, keystoreFile, password);
+
+        } catch (Throwable t) {
+            System.err.println("Problem: " + t.getMessage());
+			t.printStackTrace();
+            System.exit(1);
+        }
+    }
+}

bin/create-nimbus-home.sh

@@ -0,0 +1,103 @@
+#!/bin/sh
+
+CONTAINER_URL="http://www-unix.globus.org/ftppub/gt4/4.0/4.0.8/ws-core/bin/ws-core-4.0.8-bin.tar.gz"
+CONTAINER_TARNAME="ws-core-4.0.8-bin.tar.gz"
+CONTAINER_UNTARREDNAME="ws-core-4.0.8"
+
+# destination directory inside $NIMBUS_HOME
+CONTAINER_DIRNAME="services"
+
+NIMBUS_SRC_REL="`dirname $0`/.."
+NIMBUS_SRC=`cd $NIMBUS_SRC_REL; pwd`
+
+TMPDIR="$NIMBUS_SRC/bin/tmp"
+
+if [ ! -d $TMPDIR ]; then
+    mkdir $TMPDIR
+    if [ $? -ne 0 ]; then
+        echo "Failed to create temp directory: $TMPDIR"
+        exit 1
+    fi
+fi
+
+if [ "X$1" == "X" ]; then
+    echo ""
+    echo "Usage: $0 destination_dir"
+    echo "    You must specify the destination directory.\n"
+    exit 1
+fi
+
+NIMBUS_HOME=$1
+
+if [ ! -d $NIMBUS_HOME ]; then
+    PARENT_DIR=`dirname $NIMBUS_HOME`
+
+    if [ -d $PARENT_DIR ]; then
+
+        echo "Creating destination directory: $NIMBUS_HOME"
+        mkdir $NIMBUS_HOME
+
+        if [ $? -ne 0 ]; then
+            echo "Failed to create destination directory!"
+            exit 1
+        fi
+    else
+        echo "Parent dir of destination does not exist: $PARENT_DIR"
+        exit 1
+    fi
+fi
+
+echo "Deploying skeleton directory structure.."
+cp -fr $NIMBUS_SRC/home/* $NIMBUS_HOME/
+if [ $? -ne 0 ]; then
+    echo "Failed to copy Nimbus home directory"
+    exit 1
+fi
+
+echo "Deploying web application.."
+cp -r $NIMBUS_SRC/web $NIMBUS_HOME/
+if [ $? -ne 0 ]; then
+    echo "Failed to copy Nimbus web directory"
+    exit 1
+fi
+
+CONTAINER_DIR="$NIMBUS_HOME/$CONTAINER_DIRNAME"
+if [ ! -d $CONTAINER_DIR ]; then
+
+    echo "Downloading and installing service container.."
+
+    # fetch GT container if it doesn't already exist
+    if [ ! -f $TMPDIR/$CONTAINER_TARNAME ]; then
+        wget -c -O $TMPDIR/$CONTAINER_TARNAME $CONTAINER_URL
+
+        if [ $? -ne 0 ]; then
+            echo "Failed to download container tarball"
+            exit 1
+        fi
+    fi
+
+    tar xzf $TMPDIR/$CONTAINER_TARNAME -C $TMPDIR
+    if [ $? -ne 0 ]; then
+        echo "Failed to expand Nimbus tarball"
+        exit 1
+    fi
+
+    mv $TMPDIR/$CONTAINER_UNTARREDNAME $CONTAINER_DIR
+    if [ $? -ne 0 ]; then
+        echo "Failed to move container directory to $CONTAINER_DIR"
+        exit 1
+    fi
+else
+    echo "Service container already exists at $CONTAINER_DIR"
+fi
+
+echo "Building and installing Nimbus to service container.."
+
+GLOBUS_LOCATION=$CONTAINER_DIR
+export GLOBUS_LOCATION
+
+$NIMBUS_SRC/scripts/all-build-and-install.sh
+if [ $? -ne 0 ]; then
+    echo "Build and install FAILED!"
+    exit 1
+fi

bin/install.sh

@@ -0,0 +1,67 @@
+#!/bin/sh
+
+FORCE_FRESH_INSTALL="yes"
+
+NIMBUS_SRC_REL="`dirname $0`/.."
+NIMBUS_SRC=`cd $NIMBUS_SRC_REL; pwd`
+
+if [ "X$1" == "X" ]; then
+    echo ""
+    echo "Usage: $0 destination_dir"
+    echo "    You must specify the destination directory.\n"
+    exit 1
+fi
+
+NIMBUS_HOME=$1
+
+if [ -d $NIMBUS_HOME ] && [ "$(ls -A $NIMBUS_HOME)" ]; then
+    if [ $FORCE_FRESH_INSTALL == "yes" ]; then
+        echo ""
+        echo "The destination directory '$NIMBUS_HOME' exists and is not empty."
+        echo "It is not recommended to reinstall Nimbus into an existing install."
+        echo ""
+        echo "If you are making changes to the services, you can build and install those directly:"
+        echo "    export GLOBUS_LOCATION=$NIMBUS_HOME/services"
+        echo "    scripts/all-build-and-install.sh"
+        echo ""
+        echo "If you know what you are doing and want to reinstall, edit this script:"
+        echo "    $0"
+        echo "and change FORCE_FRESH_INSTALL to \"no\""
+        echo ""
+
+        exit 1
+    fi
+fi
+
+$NIMBUS_SRC/bin/create-nimbus-home.sh $NIMBUS_HOME
+
+if [ $? -ne 0 ]; then
+    echo "Nimbus home creation failed!"
+    exit 1
+fi
+
+CONFIG_SCRIPT="$NIMBUS_HOME/bin/nimbus-configure"
+
+if [ ! -f $CONFIG_SCRIPT ]; then
+    echo "Configuration script could not be found: $CONFIG_SCRIPT"
+    exit 1
+fi
+
+$CONFIG_SCRIPT
+
+if [ $? -ne 0 ]; then
+    echo "Nimbus configuration script failed! You may try running it manually:"
+    echo "    $CONFIG_SCRIPT"
+    exit 1
+fi
+
+echo ""
+echo "Nimbus installation succeeded!"
+echo "However, additional configuration may be necessary."
+echo "Refer to the Administrator Guide for details."
+echo ""
+echo "You can now start/stop Nimbus services with the nimbusctl command. e.g:"
+echo "    $NIMBUS_HOME/bin/nimbusctl start"
+echo ""
+
+exit 0