diff options
Diffstat (limited to 'base/deploy/src/scriptlets')
-rw-r--r-- | base/deploy/src/scriptlets/configuration.py | 4 | ||||
-rw-r--r-- | base/deploy/src/scriptlets/pkiconfig.py | 14 | ||||
-rw-r--r-- | base/deploy/src/scriptlets/pkihelper.py | 58 | ||||
-rw-r--r-- | base/deploy/src/scriptlets/pkijython.py | 81 | ||||
-rw-r--r-- | base/deploy/src/scriptlets/pkimessages.py | 3 | ||||
-rw-r--r-- | base/deploy/src/scriptlets/pkiparser.py | 17 |
6 files changed, 60 insertions, 117 deletions
diff --git a/base/deploy/src/scriptlets/configuration.py b/base/deploy/src/scriptlets/configuration.py index 16b63122f..d105590a2 100644 --- a/base/deploy/src/scriptlets/configuration.py +++ b/base/deploy/src/scriptlets/configuration.py @@ -92,7 +92,9 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): util.systemd.restart() # Pass control to the Java servlet via Jython 2.2 'configuration.jy' - util.jython.invoke(master['pki_jython_configuration_scriptlet']) + util.jython.invoke( + master['pki_jython_configuration_scriptlet'], + master['RESTEASY_LIB']) return self.rv def respawn(self): diff --git a/base/deploy/src/scriptlets/pkiconfig.py b/base/deploy/src/scriptlets/pkiconfig.py index 4bbf92e91..7b20e474a 100644 --- a/base/deploy/src/scriptlets/pkiconfig.py +++ b/base/deploy/src/scriptlets/pkiconfig.py @@ -20,16 +20,6 @@ # import re -def is_rhel(): - try: - f = open("/etc/redhat-release") - for line in f: - if re.search("Red Hat Enterprise Linux", line): - return True - except IOError, e: - pass - return False - # PKI Deployment Constants PKI_DEPLOYMENT_DEFAULT_CLIENT_DIR_PERMISSIONS = 00755 PKI_DEPLOYMENT_DEFAULT_DIR_PERMISSIONS = 00770 @@ -71,10 +61,6 @@ PKI_DEPLOYMENT_JAR_SOURCE_ROOT = "/usr/share/java" PKI_DEPLOYMENT_HTTPCOMPONENTS_JAR_SOURCE_ROOT = "/usr/share/java/httpcomponents" PKI_DEPLOYMENT_PKI_JAR_SOURCE_ROOT = "/usr/share/java/pki" -PKI_DEPLOYMENT_RESTEASY_JAR_SOURCE_ROOT = "/usr/share/java/resteasy" -if is_rhel(): - PKI_DEPLOYMENT_RESTEASY_JAR_SOURCE_ROOT = "/usr/share/java/resteasy-base" - PKI_DEPLOYMENT_SOURCE_ROOT = "/usr/share/pki" PKI_DEPLOYMENT_SYSTEMD_ROOT = "/lib/systemd/system" PKI_DEPLOYMENT_SYSTEMD_CONFIGURATION_ROOT = "/etc/systemd/system" diff --git a/base/deploy/src/scriptlets/pkihelper.py b/base/deploy/src/scriptlets/pkihelper.py index 5d89a1201..1eb7b51e6 100644 --- a/base/deploy/src/scriptlets/pkihelper.py +++ b/base/deploy/src/scriptlets/pkihelper.py @@ -2522,33 +2522,63 @@ class systemd: # PKI Deployment 'jython' Class class jython: - def invoke(self, scriptlet, critical_failure=True): + def invoke(self, scriptlet, resteasy_lib, critical_failure=True): try: + # JSS JNI Jars + # + # NOTE: Always load 64-bit JNI 'jss4.jar' + # PRIOR to 32-bit JNI 'jss4.jar' + # + classpath = "/usr/lib64/java/jss4.jar" +\ + ":/usr/lib/java/jss4.jar" +\ + ":/usr/share/java/httpcomponents/httpclient.jar" +\ + ":/usr/share/java/httpcomponents/httpcore.jar" +\ + ":/usr/share/java/apache-commons-cli.jar" +\ + ":/usr/share/java/apache-commons-codec.jar" +\ + ":/usr/share/java/apache-commons-logging.jar" +\ + ":/usr/share/java/istack-commons-runtime.jar" +\ + ":/usr/share/java/glassfish-jaxb/jaxb-impl.jar" +\ + ":/usr/share/java/scannotation.jar" + + # RESTEasy Jars + classpath = classpath +\ + ":" + resteasy_lib + "/jaxrs-api.jar" +\ + ":" + resteasy_lib + "/resteasy-atom-provider.jar" +\ + ":" + resteasy_lib + "/resteasy-jaxb-provider.jar" +\ + ":" + resteasy_lib + "/resteasy-jaxrs.jar" +\ + ":" + resteasy_lib + "/resteasy-jettison-provider.jar" + + # PKI Jars + classpath = classpath +\ + ":/usr/share/java/pki/pki-certsrv.jar" +\ + ":/usr/share/java/pki/pki-client.jar" +\ + ":/usr/share/java/pki/pki-cmsutil.jar" +\ + ":/usr/share/java/pki/pki-nsutil.jar" + + properties = "" + # From 'http://www.jython.org/archive/22/userfaq.html': # Setting this to false will allow Jython to provide access to # non-public fields, methods, and constructors of Java objects. - property = "-Dpython.security.respectJavaAccessibility=false" - # comment the next line out to use the "property" defined above - property = "" + # properties = properties + " -Dpython.security.respectJavaAccessibility=false" + # Compose this "jython" command data = pickle.dumps(master) - ld_library_path = "LD_LIBRARY_PATH" if master['pki_architecture'] == 64: - ld_library_path = ld_library_path + "=" +\ - "/usr/lib64/jss:/usr/lib64:/lib64:" +\ + ld_library_path = "/usr/lib64/jss:/usr/lib64:/lib64:" +\ "/usr/lib/jss:/usr/lib:/lib" else: - ld_library_path = ld_library_path + "=" +\ - "/usr/lib/jss:/usr/lib:/lib" - command = "export" + " " + ld_library_path + ";" + "jython" + " " +\ - property + " " + scriptlet + " " + "\"" + data + "\"" + ld_library_path = "/usr/lib/jss:/usr/lib:/lib" + command = "export LD_LIBRARY_PATH=" + ld_library_path +\ + ";export CLASSPATH=" + classpath +\ + ";jython " + properties + " " + scriptlet # Display this "jython" command config.pki_log.info( - log.PKIHELPER_INVOKE_JYTHON_3, - ld_library_path, property, scriptlet, + log.PKIHELPER_INVOKE_JYTHON_1, + command, extra=config.PKI_INDENTATION_LEVEL_2) # Invoke this "jython" command - subprocess.call(command, shell=True) + subprocess.call(command + " \"" + data + "\"", shell=True) except subprocess.CalledProcessError as exc: config.pki_log.error(log.PKI_SUBPROCESS_ERROR_1, exc, extra=config.PKI_INDENTATION_LEVEL_2) diff --git a/base/deploy/src/scriptlets/pkijython.py b/base/deploy/src/scriptlets/pkijython.py index b832abac8..e6a4a915e 100644 --- a/base/deploy/src/scriptlets/pkijython.py +++ b/base/deploy/src/scriptlets/pkijython.py @@ -35,89 +35,10 @@ pki_python_module_path = os.path.join(sys.prefix, sys.path.append(pki_python_module_path) -# http://www.jython.org/jythonbook/en/1.0/appendixB.html#working-with-classpath -############################################################################### -# from http://forum.java.sun.com/thread.jspa?threadID=300557 -# -# Author: SG Langer Jan 2007 translated the above Java to this Jython class -# Purpose: Allow runtime additions of new Class/jars either from local files -# or URL -############################################################################### -class classPathHacker: - import java.lang.reflect.Method - import java.io.File - import java.net.URL - import java.net.URLClassLoader - import jarray - - def addFile(self, s): - ################################################## - # Purpose: If adding a file/jar call this first - # with s = path_to_jar - ################################################## - - # make a URL out of 's' - f = self.java.io.File (s) - u = f.toURL () - a = self.addURL (u) - return a - - def addURL(self, u): - ########################################### - # Purpose: Call this with u= URL for the - # new Class/jar to be loaded - ########################################### - - parameters = self.jarray.array([self.java.net.URL], - self.java.lang.Class) - sysloader = self.java.lang.ClassLoader.getSystemClassLoader() - sysclass = self.java.net.URLClassLoader - method = sysclass.getDeclaredMethod("addURL", parameters) - a = method.setAccessible(1) - jar_a = self.jarray.array([u], self.java.lang.Object) - b = method.invoke(sysloader, jar_a) - return u - # PKI Python Imports import pkiconfig as config import pkimessages as log -# Dynamically Load Additional Java Jars ('append' to existing classpath) -jarLoad = classPathHacker() -# Webserver Jars -jarLoad.addFile("/usr/share/java/httpcomponents/httpclient.jar") -jarLoad.addFile("/usr/share/java/httpcomponents/httpcore.jar") -jarLoad.addFile("/usr/share/java/apache-commons-cli.jar") -jarLoad.addFile("/usr/share/java/apache-commons-codec.jar") -jarLoad.addFile("/usr/share/java/apache-commons-logging.jar") -jarLoad.addFile("/usr/share/java/istack-commons-runtime.jar") - -# Resteasy Jars -RESTEASY_ROOT = "resteasy" -if config.is_rhel(): - RESTEASY_ROOT = "resteasy-base" - -jarLoad.addFile("/usr/share/java/glassfish-jaxb/jaxb-impl.jar") -jarLoad.addFile("/usr/share/java/" + RESTEASY_ROOT + "/jaxrs-api.jar") -jarLoad.addFile("/usr/share/java/" + RESTEASY_ROOT + "/resteasy-atom-provider.jar") -jarLoad.addFile("/usr/share/java/" + RESTEASY_ROOT + "/resteasy-jaxb-provider.jar") -jarLoad.addFile("/usr/share/java/" + RESTEASY_ROOT + "/resteasy-jaxrs.jar") -jarLoad.addFile("/usr/share/java/" + RESTEASY_ROOT + "/resteasy-jettison-provider.jar") -jarLoad.addFile("/usr/share/java/scannotation.jar") -# PKI Jars -jarLoad.addFile("/usr/share/java/pki/pki-certsrv.jar") -jarLoad.addFile("/usr/share/java/pki/pki-client.jar") -jarLoad.addFile("/usr/share/java/pki/pki-cmsutil.jar") -jarLoad.addFile("/usr/share/java/pki/pki-nsutil.jar") -# JSS JNI Jars -# -# NOTE: Always load 64-bit JNI 'jss4.jar' -# PRIOR to 32-bit JNI 'jss4.jar' -# -jarLoad.addFile("/usr/lib64/java/jss4.jar") -jarLoad.addFile("/usr/lib/java/jss4.jar") - - # Apache Commons Java Imports from org.apache.commons.cli import CommandLine from org.apache.commons.cli import CommandLineParser @@ -126,7 +47,6 @@ from org.apache.commons.cli import Options from org.apache.commons.cli import ParseException from org.apache.commons.cli import PosixParser - # JSS Java Imports from org.mozilla.jss import CryptoManager from org.mozilla.jss.asn1 import ASN1Util @@ -148,7 +68,6 @@ from org.mozilla.jss.pkix.primitive import Name from org.mozilla.jss.pkix.primitive import SubjectPublicKeyInfo from org.mozilla.jss.util import Password - # PKI Java Imports from com.netscape.certsrv.system import SystemConfigClient from com.netscape.certsrv.system import SystemCertData diff --git a/base/deploy/src/scriptlets/pkimessages.py b/base/deploy/src/scriptlets/pkimessages.py index 7b0d02c78..5b1448f65 100644 --- a/base/deploy/src/scriptlets/pkimessages.py +++ b/base/deploy/src/scriptlets/pkimessages.py @@ -189,8 +189,7 @@ PKIHELPER_GROUP_ADD_GID_KEYERROR_1 = "KeyError: pki_gid %s" PKIHELPER_GROUP_ADD_KEYERROR_1 = "KeyError: pki_group %s" PKIHELPER_INVALID_SELINUX_CONTEXT_FOR_PORT = "port %s has invalid selinux "\ "context %s" -PKIHELPER_INVOKE_JYTHON_3 = "executing 'export %s;"\ - "jython %s %s <master_dictionary>'" +PKIHELPER_INVOKE_JYTHON_1 = "executing '%s'" PKIHELPER_IS_A_DIRECTORY_1 = "'%s' is a directory" PKIHELPER_IS_A_FILE_1 = "'%s' is a file" PKIHELPER_IS_A_SYMLINK_1 = "'%s' is a symlink" diff --git a/base/deploy/src/scriptlets/pkiparser.py b/base/deploy/src/scriptlets/pkiparser.py index 0a77a4985..558873ded 100644 --- a/base/deploy/src/scriptlets/pkiparser.py +++ b/base/deploy/src/scriptlets/pkiparser.py @@ -26,6 +26,7 @@ import logging import os import random import string +import subprocess import sys import time @@ -270,6 +271,12 @@ class PKIConfigParser: config.pki_master_dict.update(config.pki_subsystem_dict) config.pki_master_dict.update(__name__="PKI Master Dictionary") + # RESTEasy + config.pki_master_dict['RESTEASY_LIB'] =\ + subprocess.check_output( + 'source /etc/pki/pki.conf && echo $RESTEASY_LIB', + shell=True).strip() + # IMPORTANT: A "PKI instance" no longer corresponds to a single # pki subystem, but rather to a unique # "Tomcat web instance" or a unique "Apache web instance". @@ -618,7 +625,7 @@ class PKIConfigParser: os.path.join(config.PKI_DEPLOYMENT_JAR_SOURCE_ROOT, "javassist.jar") config.pki_master_dict['pki_resteasy_jaxrs_api_jar'] =\ - os.path.join(config.PKI_DEPLOYMENT_RESTEASY_JAR_SOURCE_ROOT, + os.path.join(config.pki_master_dict['RESTEASY_LIB'], "jaxrs-api.jar") config.pki_master_dict['pki_jettison_jar'] =\ os.path.join(config.PKI_DEPLOYMENT_JAR_SOURCE_ROOT, @@ -648,16 +655,16 @@ class PKIConfigParser: os.path.join(config.PKI_DEPLOYMENT_PKI_JAR_SOURCE_ROOT, "pki-tomcat.jar") config.pki_master_dict['pki_resteasy_atom_provider_jar'] =\ - os.path.join(config.PKI_DEPLOYMENT_RESTEASY_JAR_SOURCE_ROOT, + os.path.join(config.pki_master_dict['RESTEASY_LIB'], "resteasy-atom-provider.jar") config.pki_master_dict['pki_resteasy_jaxb_provider_jar'] =\ - os.path.join(config.PKI_DEPLOYMENT_RESTEASY_JAR_SOURCE_ROOT, + os.path.join(config.pki_master_dict['RESTEASY_LIB'], "resteasy-jaxb-provider.jar") config.pki_master_dict['pki_resteasy_jaxrs_jar'] =\ - os.path.join(config.PKI_DEPLOYMENT_RESTEASY_JAR_SOURCE_ROOT, + os.path.join(config.pki_master_dict['RESTEASY_LIB'], "resteasy-jaxrs.jar") config.pki_master_dict['pki_resteasy_jettison_provider_jar'] =\ - os.path.join(config.PKI_DEPLOYMENT_RESTEASY_JAR_SOURCE_ROOT, + os.path.join(config.pki_master_dict['RESTEASY_LIB'], "resteasy-jettison-provider.jar") config.pki_master_dict['pki_scannotation_jar'] =\ os.path.join(config.PKI_DEPLOYMENT_JAR_SOURCE_ROOT, |