All Downloads are FREE. Search and download functionalities are using the official Maven repository.

com.sun.enterprise.security.admin.cli.SecureAdminUpgradeHelper Maven / Gradle / Ivy

There is a newer version: 7.2024.1.Alpha1
Show newest version
/*
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
 * 
 * Copyright (c) 2011-2012 Oracle and/or its affiliates. All rights reserved.
 * 
 * The contents of this file are subject to the terms of either the GNU
 * General Public License Version 2 only ("GPL") or the Common Development
 * and Distribution License("CDDL") (collectively, the "License").  You
 * may not use this file except in compliance with the License.  You can
 * obtain a copy of the License at
 * https://glassfish.dev.java.net/public/CDDL+GPL_1_1.html
 * or packager/legal/LICENSE.txt.  See the License for the specific
 * language governing permissions and limitations under the License.
 * 
 * When distributing the software, include this License Header Notice in each
 * file and include the License file at packager/legal/LICENSE.txt.
 * 
 * GPL Classpath Exception:
 * Oracle designates this particular file as subject to the "Classpath"
 * exception as provided by Oracle in the GPL Version 2 section of the License
 * file that accompanied this code.
 * 
 * Modifications:
 * If applicable, add the following below the License Header, with the fields
 * enclosed by brackets [] replaced by your own identifying information:
 * "Portions Copyright [year] [name of copyright owner]"
 * 
 * Contributor(s):
 * If you wish your version of this file to be governed by only the CDDL or
 * only the GPL Version 2, indicate your decision by adding "[Contributor]
 * elects to include this software in this distribution under the [CDDL or GPL
 * Version 2] license."  If you don't indicate a single choice of license, a
 * recipient has the option to distribute your version of this file under
 * either the CDDL, the GPL Version 2 or to extend the choice of license to
 * its licensees as provided above.  However, if you add GPL Version 2 code
 * and therefore, elected the GPL Version 2 license, then the option applies
 * only if the new code is made subject to such option by the copyright
 * holder.
 */
package com.sun.enterprise.security.admin.cli;

import com.sun.enterprise.config.serverbeans.Config;
import com.sun.enterprise.config.serverbeans.Domain;
import com.sun.enterprise.config.serverbeans.SecureAdmin;
import com.sun.enterprise.config.serverbeans.SecureAdminHelper;
import com.sun.enterprise.config.serverbeans.SecureAdminPrincipal;
import com.sun.enterprise.module.bootstrap.StartupContext;
import com.sun.enterprise.security.admin.cli.SecureAdminCommand.ConfigLevelContext;
import com.sun.enterprise.security.admin.cli.SecureAdminCommand.TopLevelContext;
import com.sun.enterprise.security.admin.cli.SecureAdminCommand.Work;
import com.sun.enterprise.security.ssl.SSLUtils;
import java.io.IOException;
import java.security.KeyStoreException;
import java.util.Iterator;
import java.util.Properties;
import java.util.UUID;
import org.glassfish.grizzly.config.dom.NetworkConfig;
import org.glassfish.grizzly.config.dom.Protocol;
import jakarta.inject.Inject;

import org.jvnet.hk2.annotations.Service;
import org.glassfish.hk2.api.PerLookup;
import org.glassfish.hk2.api.ServiceLocator;
import org.jvnet.hk2.config.RetryableException;
import org.jvnet.hk2.config.Transaction;
import org.jvnet.hk2.config.TransactionFailure;

/**
 * Common logic for formal upgrade (i.e., start-domain --upgrade) and
 * silent upgrade (starting a newer version of GlassFish using an older version's
 * domain.xml).
 * 
 * @author Tim Quinn
 */
@Service
@PerLookup
public class SecureAdminUpgradeHelper {
    
    protected final static String DAS_CONFIG_NAME = "server-config";
    
    @Inject
    protected Domain domain;
    
    @Inject
    protected ServiceLocator habitat;
    
    @Inject
    protected StartupContext startupContext;
    
    private Transaction t = null;
    
    private SecureAdmin secureAdmin = null;
    
    private TopLevelContext topLevelContext = null;
    private SecureAdminHelper secureAdminHelper = null;
    private SSLUtils sslUtils = null;
    
    private Properties startupArgs = null;
    
    
    final protected Transaction transaction() {
        if (t == null) {
            t = new Transaction();
        }
        return t;
    }
    
    private TopLevelContext topLevelContext() {
        if (topLevelContext == null) {
            topLevelContext = new TopLevelContext(transaction(), domain);
        }
        return topLevelContext;
    }
    
    final protected void commit() throws RetryableException, TransactionFailure {
        if (t != null) { 
            t.commit();
        }
    }
    
    final protected void rollback() {
        if (t != null) {
            t.rollback();
        }
    }
    
    final protected String specialAdminIndicator() {
        final UUID uuid = UUID.randomUUID();
        return uuid.toString();
    }
    
    final protected SecureAdmin secureAdmin() throws TransactionFailure {
        if (secureAdmin == null) {
            secureAdmin = domain.getSecureAdmin();
            if (secureAdmin == null) {
                secureAdmin = /* topLevelContext(). */writableSecureAdmin(); 
                secureAdmin.setSpecialAdminIndicator(specialAdminIndicator());
            }
        }
        return secureAdmin;
    }
    
    final protected Domain writableDomain() throws TransactionFailure {
        return topLevelContext().writableDomain();
    }
    
    final protected SecureAdmin writableSecureAdmin() throws TransactionFailure {
        return topLevelContext().writableSecureAdmin();
    }
    
    final protected SecureAdminHelper secureAdminHelper() {
        if (secureAdminHelper == null) {
            secureAdminHelper = habitat.getService(SecureAdminHelper.class);
        }
        return secureAdminHelper;
    }
    
    final protected SSLUtils sslUtils() {
        if (sslUtils == null) {
            sslUtils = habitat.getService(SSLUtils.class);
        }
        return sslUtils;
    }
    
    final protected void ensureSecureAdminReady() throws TransactionFailure, IOException, KeyStoreException {
        if (secureAdmin().getSpecialAdminIndicator().isEmpty()) {
            /*
             * Set the indicator to a unique value so we can distinguish
             * one domain from another.
             */
            writableSecureAdmin().setSpecialAdminIndicator(specialAdminIndicator());
        }
        if (secureAdmin().getSecureAdminPrincipal().isEmpty() &&
            secureAdmin().getSecureAdminInternalUser().isEmpty()) {
            /*
             * Add principal(s) for the aliases.
             */
            addPrincipalForAlias(secureAdmin().dasAlias());
            addPrincipalForAlias(secureAdmin().instanceAlias());
        }
    }

    final protected String startupArg(final String argName) {
        if (startupArgs == null) {
            if (startupContext != null) {
                startupArgs = startupContext.getArguments();
            } else {
                startupArgs = new Properties(); // shouldn't happen
            }
        }
        return startupArgs.getProperty(argName);
    }
    
    private void addPrincipalForAlias(final String alias) throws IOException, KeyStoreException, TransactionFailure {
        final SecureAdminPrincipal p = writableSecureAdmin().createChild(SecureAdminPrincipal.class);
        p.setDn(secureAdminHelper().getDN(alias, true));
        writableSecureAdmin().getSecureAdminPrincipal().add(p);
    }
    
    final protected void ensureNonDASConfigsReady() throws TransactionFailure {
        for (Config c : domain.getConfigs().getConfig()) {
            if ( ! c.getName().equals(SecureAdminCommand.DAS_CONFIG_NAME)) {
                if (!ensureConfigReady(c)) {
                    break;
                }
            }
        }
    }
    
    final protected void ensureDASConfigReady() {
        
    }
    
    private boolean ensureConfigReady(final Config c) throws TransactionFailure {
        /*
         * See if this config is already set up for secure admin.
         */
        final NetworkConfig nc = c.getNetworkConfig();
        if (nc == null) {
            /*
             * If there is no network config for this configuration then it is
             * probably a test configuration of some sort.  In any case, there
             * is no lower-level network protocols to verify so declare this
             * config to be OK.
             */
            return true;
        }
        Protocol secAdminProtocol = nc.getProtocols().findProtocol(SecureAdminCommand.SEC_ADMIN_LISTENER_PROTOCOL_NAME);
        if (secAdminProtocol != null) {
            return true;
        }
        final EnableSecureAdminCommand enableCmd = new EnableSecureAdminCommand();
        final Config c_w = transaction().enroll(c);
        ConfigLevelContext configLevelContext = 
                new ConfigLevelContext(topLevelContext(), c_w);
        for (Iterator> it = enableCmd.perConfigSteps(); it.hasNext();) {
            final Work step = it.next();
            if ( ! step.run(configLevelContext)) {
                rollback();
                return false;
            }
        }
        return true;
    }
}




© 2015 - 2024 Weber Informatics LLC | Privacy Policy