Merge "Add support for jks cert fomat"

Former-commit-id: ccdfcf82e4804febff7597cf87395be2a0b98a46

1 files changed, 79 insertions, 43 deletions

diff --git a/installation/sdnc/src/main/scripts/installCerts.py b/installation/sdnc/src/main/scripts/installCerts.py
index 42763f4b..8135f600 100644
--- a/installation/sdnc/src/main/scripts/installCerts.py
+++ b/installation/sdnc/src/main/scripts/installCerts.py
@@ -46,7 +46,14 @@ postKeystore= "/restconf/operations/netconf-keystore:add-keystore-entry"
 postPrivateKey= "/restconf/operations/netconf-keystore:add-private-key"
 postTrustedCertificate= "/restconf/operations/netconf-keystore:add-trusted-certificate"
 
-cadi_file = '.pass'
+truststore_pass_file = Path + '/truststore.pass'
+truststore_file = Path + '/truststore.jks'
+
+keystore_pass_file = Path + '/keystore.pass'
+keystore_file = Path + '/keystore.jks'
+
+jks_files = [truststore_pass_file, keystore_pass_file, keystore_file, truststore_file]
+
 odl_port = 8181
 headers = {'Authorization':'Basic %s' % base64.b64encode(username + ":" + password),
            'X-FromAppId': 'csit-sdnc',
@@ -54,6 +61,7 @@ headers = {'Authorization':'Basic %s' % base64.b64encode(username + ":" + passwo
            'Accept':"application/json",
            'Content-type':"application/json"}
 
+
 def readFile(folder, file):
     key = open(Path + "/" + folder + "/" + file, "r")
     fileRead = key.read()
@@ -61,6 +69,7 @@ def readFile(folder, file):
     fileRead = "\n".join(fileRead.splitlines()[1:-1])
     return fileRead
 
+
 def readTrustedCertificate(folder, file):
     listCert = list()
     caPem = ""
@@ -78,8 +87,9 @@ def readTrustedCertificate(folder, file):
             caPem = ""
     return listCert
 
+
 def makeKeystoreKey(clientKey, count):
-    odl_private_key="ODL_private_key_%d" %count
+    odl_private_key = "ODL_private_key_%d" %count
 
     json_keystore_key='{{\"input\": {{ \"key-credential\": {{\"key-id\": \"{odl_private_key}\", \"private-key\" : ' \
                       '\"{clientKey}\",\"passphrase\" : \"\"}}}}}}'.format(
@@ -89,7 +99,6 @@ def makeKeystoreKey(clientKey, count):
     return json_keystore_key
 
 
-
 def makePrivateKey(clientKey, clientCrt, certList, count):
     caPem = ""
     if certList:
@@ -107,6 +116,7 @@ def makePrivateKey(clientKey, clientCrt, certList, count):
 
     return json_private_key
 
+
 def makeTrustedCertificate(certList, count):
     number = 0
     json_cert_format = ""
@@ -132,6 +142,7 @@ def makeRestconfPost(conn, json_file, apiCall):
     else:
         logging.debug("Response :%s Reason :%s ",res.status, res.reason)
 
+
 def extractZipFiles(zipFileList, count):
     for zipFolder in zipFileList:
         with zipfile.ZipFile(Path + "/" + zipFolder.strip(),"r") as zip_ref:
@@ -139,6 +150,7 @@ def extractZipFiles(zipFileList, count):
         folder = zipFolder.rsplit(".")[0]
         processFiles(folder, count)
 
+
 def processFiles(folder, count):
     for file in os.listdir(Path + "/" + folder):
         if os.path.isfile(Path + "/" + folder + "/" + file.strip()):
@@ -153,8 +165,10 @@ def processFiles(folder, count):
     shutil.rmtree(Path + "/" + folder)
     post_content(clientKey, clientCrt, certList, count)
 
+
 def post_content(clientKey, clientCrt, certList, count):
     conn = httplib.HTTPConnection("localhost",odl_port)
+
     if clientKey:
         json_keystore_key = makeKeystoreKey(clientKey, count)
         logging.debug("Posting private key in to ODL keystore")
@@ -200,77 +214,98 @@ def timeIncrement(timePassed):
     timePassed = timePassed + INTERVAL
     return timePassed
 
-def get_cadi_password():
+
+def get_pass(file_name):
     try:
-        with open(Path + '/' + cadi_file , 'r') as file_obj:
-            cadi_pass = file_obj.read().split('=', 1)[1].strip()
-        return cadi_pass
+        with open(file_name , 'r') as file_obj:
+            password = file_obj.read().strip()
+        return password
     except Exception as e:
         logging.error("Error occurred while fetching password : %s", e)
         exit()
 
+
 def cleanup():
     for file in os.listdir(Path):
         if os.path.isfile(Path + '/' + file):
             logging.debug("Cleaning up the file %s", Path + '/'+ file)
             os.remove(Path + '/'+ file)
 
-def extract_content(file, password, count):
+
+def jks_to_p12(file, password):
+    """Converts jks format into p12"""
+    try:
+        p12_file = file.replace('.jks', '.p12')
+        jks_cmd = 'keytool -importkeystore -srckeystore {src_file} -destkeystore {dest_file} -srcstoretype JKS -srcstorepass {src_pass} -deststoretype PKCS12 -deststorepass {dest_pass}'.format(src_file=file, dest_file=p12_file, src_pass=password, dest_pass=password)
+        logging.debug("Converting %s into p12 format", file)
+        os.system(jks_cmd)
+        file = p12_file
+        return file
+    except Exception as e:
+        logging.error("Error occurred while converting jks to p12 format : %s", e)
+
+
+def extract_content():
+    """Extracts client key, certificates, CA certificates."""
     try:
         certList = []
         key = None
         cert = None
-        if (file.endswith('.jks')):
-            p12_file = file.replace('.jks', '.p12')
-            jks_cmd = 'keytool -importkeystore -srckeystore {src_file} -destkeystore {dest_file} -srcstoretype JKS -srcstorepass {src_pass} -deststoretype PKCS12 -deststorepass {dest_pass}'.format(src_file=file, dest_file=p12_file, src_pass=password, dest_pass=password)
-            logging.debug("Converting %s into p12 format", file)
-            os.system(jks_cmd)
-            file = p12_file
-
-        clcrt_cmd = 'openssl pkcs12 -in {src_file} -clcerts -nokeys  -passin pass:{src_pass}'.format(src_file=file, src_pass=password)
-        clkey_cmd = 'openssl pkcs12 -in {src_file}  -nocerts -nodes -passin pass:{src_pass}'.format(src_file=file, src_pass=password)
-        trust_file = file.split('/')[2] + '.trust'
-        trustCerts_cmd = 'openssl pkcs12 -in {src_file} -out {out_file} -cacerts -nokeys -passin pass:{src_pass} '.format(src_file=file, out_file=Path + '/' + trust_file, src_pass=password)
+
+        truststore_pass = get_pass(truststore_pass_file)
+        truststore_file_p12 = jks_to_p12(truststore_file, truststore_pass)
+
+        keystore_pass = get_pass(keystore_pass_file)
+        keystore_file_p12 = jks_to_p12(keystore_file, keystore_pass)
+
+        clcrt_cmd = 'openssl pkcs12 -in {src_file} -clcerts -nokeys  -passin pass:{src_pass}'.format(src_file=keystore_file_p12, src_pass=keystore_pass)
+
+        clkey_cmd = 'openssl pkcs12 -in {src_file}  -nocerts -nodes -passin pass:{src_pass}'.format(src_file=keystore_file_p12, src_pass=keystore_pass)
+        trust_file = truststore_file_p12.split('/')[2] + '.trust'
+
+        trustCerts_cmd = 'openssl pkcs12 -in {src_file} -out {out_file} -cacerts -nokeys -passin pass:{src_pass} '.format(src_file=truststore_file_p12, out_file=Path + '/' + trust_file, src_pass=truststore_pass)
 
         result_key = subprocess.check_output(clkey_cmd , shell=True)
         if result_key:
             key = result_key.split('-----BEGIN PRIVATE KEY-----', 1)[1].lstrip().split('-----END PRIVATE KEY-----')[0]
+            logging.debug("key ok")
 
         os.system(trustCerts_cmd)
         if os.path.exists(Path + '/' + trust_file):
             certList = readTrustedCertificate(Path, trust_file)
+            logging.debug("certList ok")
 
         result_crt = subprocess.check_output(clcrt_cmd , shell=True)
         if result_crt:
             cert = result_crt.split('-----BEGIN CERTIFICATE-----', 1)[1].lstrip().split('-----END CERTIFICATE-----')[0]
-        """
-        To-do: Posting the key, cert, certList might need modification
-        based on how AAF distributes the files.
+            logging.debug("cert ok")
+
+        if key and cert and certList:
+            post_content(key, cert, certList, 0)
+        else:
+            logging.debug("Exiting. Key, cert or key are missing")
+            return
 
-        """
-        post_content(key, cert, certList, count)
     except Exception as e:
-        logging.error("Error occurred while processing the file %s : %s", file,e)
+        logging.error("Error occurred while processing the file: %s", e)
 
-def lookforfiles():
-    count = 0
-    for file in os.listdir(Path):
-        if (file.endswith(('.p12', '.jks'))):
-            if os.path.exists(Path + '/' + cadi_file):
-                cert_password = get_cadi_password()
-                logging.debug("Extracting contents from the file %s", file)
-                extract_content(Path + '/' + file, cert_password, count)
-                count += 1
-            else:
-                logging.error("Cadi password file %s not present under cert directory", cadi_file)
-                exit()
-    if count > 0:
+
+def look_for_jks_files():
+    if all([os.path.isfile(f) for f in jks_files]):
+        extract_content()
         cleanup()
     else:
-        logging.debug("No jks/p12 files found under cert directory %s", Path)
+        logging.debug("Some of the files are missing")
+        return
 
 
 def readCertProperties():
+    '''
+    This function searches for manually copied zip file
+    containing certificates. This is required as part
+    of backward compatibility.
+    If not foud, it searches for jks certificates.
+    '''
     connected = makeHealthcheckCall(headers, timePassed)
 
     if connected:
@@ -285,9 +320,10 @@ def readCertProperties():
                         count += 1
                         del zipFileList[:]
         else:
-            logging.debug("No zipfiles present under cert directory")
+            logging.debug("No zipfiles present in folder " + Path)
+
+        logging.info("Looking for jks files in folder " + Path)
+        look_for_jks_files()
 
-        logging.info("Looking for jks/p12 files under cert directory")
-        lookforfiles()
 
-readCertProperties()
+readCertProperties()
\ No newline at end of file