summaryrefslogtreecommitdiffstats
path: root/base/deploy/src/scriptlets/pkijython.py
blob: 9c8765a80ba4dcefa94eaa8cac0d2da45a9643b5 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
#!/usr/bin/jython

# System Java Imports
from java.io import BufferedReader
from java.io import ByteArrayInputStream
from java.io import FileReader
from java.io import IOException
from java.lang import String as javastring
from java.lang import System as javasystem
from java.net import URISyntaxException
from java.security import KeyPair
from java.security import NoSuchAlgorithmException
from java.util import ArrayList
from java.util import Collection
from java.util import Iterator
from org.python.core import PyDictionary
import jarray


# System Python Imports
import os
import sys
pki_python_module_path = os.path.join(sys.prefix,
                                      "lib",
                                      "python" + str(sys.version_info[0]) +
                                      "." + str(sys.version_info[1]),
                                      "site-packages",
                                      "pki",
                                      "deployment",
                                      "configuration.jy")
sys.path.append(pki_python_module_path)


# http://www.jython.org/jythonbook/en/1.0/appendixB.html#working-with-classpath
###############################################################################
# from http://forum.java.sun.com/thread.jspa?threadID=300557
#
# Author:   SG Langer Jan 2007 translated the above Java to this Jython class
# Purpose:  Allow runtime additions of new Class/jars either from local files
#           or URL
###############################################################################
class classPathHacker:
    import java.lang.reflect.Method
    import java.io.File
    import java.net.URL
    import java.net.URLClassLoader
    import jarray

    def addFile(self, s):
        ##################################################
        # Purpose:  If adding a file/jar call this first
        #           with s = path_to_jar
        ##################################################

        # make a URL out of 's'
        f = self.java.io.File (s)
        u = f.toURL ()
        a = self.addURL (u)
        return a

    def addURL(self, u):
        ###########################################
        # Purpose:  Call this with u= URL for the
        #           new Class/jar to be loaded
        ###########################################

        parameters = self.jarray.array([self.java.net.URL],
                                       self.java.lang.Class)
        sysloader =  self.java.lang.ClassLoader.getSystemClassLoader()
        sysclass = self.java.net.URLClassLoader
        method = sysclass.getDeclaredMethod("addURL", parameters)
        a = method.setAccessible(1)
        jar_a = self.jarray.array([u], self.java.lang.Object)
        b = method.invoke(sysloader, jar_a)
        return u


# Dynamically Load Additional Java Jars ('append' to existing classpath)
jarLoad = classPathHacker()
#     Webserver Jars
jarLoad.addFile("/usr/share/java/httpcomponents/httpclient.jar")
jarLoad.addFile("/usr/share/java/apache-commons-cli.jar")
#     Resteasy Jars
jarLoad.addFile("/usr/share/java/glassfish-jaxb/jaxb-impl.jar")
jarLoad.addFile("/usr/share/java/resteasy/jaxrs-api.jar")
jarLoad.addFile("/usr/share/java/resteasy/resteasy-jaxb-provider.jar")
jarLoad.addFile("/usr/share/java/resteasy/resteasy-jaxrs.jar")
jarLoad.addFile("/usr/share/java/resteasy/resteasy-jettison-provider.jar")
jarLoad.addFile("/usr/share/java/scannotation.jar")
#     PKI Jars
jarLoad.addFile("/usr/share/java/pki/pki-cms.jar")
jarLoad.addFile("/usr/share/java/pki/pki-cmsutil.jar")
jarLoad.addFile("/usr/share/java/pki/pki-nsutil.jar")
#     JSS JNI Jars
#
#         NOTE:  Always load 64-bit JNI 'jss4.jar'
#                PRIOR to 32-bit JNI 'jss4.jar'
#
jarLoad.addFile("/usr/lib64/java/jss4.jar")
jarLoad.addFile("/usr/lib/java/jss4.jar")


# Apache Commons Java Imports
from org.apache.commons.cli import CommandLine
from org.apache.commons.cli import CommandLineParser
from org.apache.commons.cli import HelpFormatter
from org.apache.commons.cli import Options
from org.apache.commons.cli import ParseException
from org.apache.commons.cli import PosixParser


# JSS Java Imports
from org.mozilla.jss import CryptoManager
from org.mozilla.jss.asn1 import ASN1Util
from org.mozilla.jss.asn1 import BIT_STRING
from org.mozilla.jss.asn1 import INTEGER
from org.mozilla.jss.asn1 import InvalidBERException
from org.mozilla.jss.asn1 import SEQUENCE
from org.mozilla.jss.crypto import AlreadyInitializedException
from org.mozilla.jss.crypto import CryptoToken
from org.mozilla.jss.crypto import KeyPairAlgorithm
from org.mozilla.jss.crypto import KeyPairGenerator
from org.mozilla.jss.crypto import TokenException
from org.mozilla.jss.pkix.crmf import CertReqMsg
from org.mozilla.jss.pkix.crmf import CertRequest
from org.mozilla.jss.pkix.crmf import CertTemplate
from org.mozilla.jss.pkix.crmf import POPOPrivKey
from org.mozilla.jss.pkix.crmf import ProofOfPossession
from org.mozilla.jss.pkix.primitive import Name
from org.mozilla.jss.pkix.primitive import SubjectPublicKeyInfo
from org.mozilla.jss.util import Password


# PKI Java Imports
from com.netscape.cms.servlet.csadmin import ConfigurationRESTClient
from com.netscape.cms.servlet.csadmin.model import CertData
from com.netscape.cms.servlet.csadmin.model import ConfigurationData
from com.netscape.cms.servlet.csadmin.model import ConfigurationResponseData
from com.netscape.cmsutil.util import Utils
from netscape.security.x509 import X500Name


# PKI Python Imports
import pkiconfig as config
import pkimessages as log


# PKI Deployment 'security databases' Class
class security_databases:
    def initialize_token(self, pki_database_path, pki_dry_run_flag, log_level):
        try:
            if log_level >= config.PKI_JYTHON_INFO_LOG_LEVEL:
                print "%s %s '%s'" %\
                      (log.PKI_JYTHON_INDENTATION_2,
                       log.PKI_JYTHON_INITIALIZING_TOKEN,
                       pki_database_path)
            if not pki_dry_run_flag:
                CryptoManager.initialize(pki_database_path)
        except AlreadyInitializedException, e:
            # it is ok if it is already initialized
            pass
        except Exception, e:
            javasystem.out.println("INITIALIZATION ERROR: " + str(e))
            javasystem.exit(1)

    def log_into_token(self, pki_database_path, password_conf,
                       pki_dry_run_flag, log_level):
        try:
            if log_level >= config.PKI_JYTHON_INFO_LOG_LEVEL:
                print "%s %s '%s'" %\
                      (log.PKI_JYTHON_INDENTATION_2,
                       log.PKI_JYTHON_LOG_INTO_TOKEN,
                       pki_database_path)
            if not pki_dry_run_flag:
                manager = CryptoManager.getInstance()
                token = manager.getInternalKeyStorageToken()
                # Retrieve 'token_pwd' from 'password_conf'
                #
                #     NOTE:  For now, ONLY read the first line
                #            (which contains the password)
                #
                fd = open(password_conf, "r")
                token_pwd = fd.readline()
                fd.close
                # Convert 'token_pwd' into a 'java char[]'
                jtoken_pwd = jarray.array(token_pwd, 'c')
                password = Password(jtoken_pwd)
                try:
                    token.login(password)
                except Exception, e:
                    javasystem.out.println("login Exception: " + str(e))
                    if not token.isLoggedIn():
                        token.initPassword(password, password)
        except Exception, e:
            javasystem.out.println("Exception in logging into token: " +\
                                   str(e))
            javasystem.exit(1)

# PKI Deployment Jython Class Instances
security_databases = security_databases()