TagCreateMtWilsonClient.java

/*
 * Copyright (C) 2013 Intel Corporation
 * All rights reserved.
 */
package com.intel.mtwilson.tag.setup.cmd;

import com.intel.dcsg.cpg.crypto.RsaCredentialX509;
import com.intel.mtwilson.tag.setup.TagCommand;
import com.intel.dcsg.cpg.io.UUID;
import com.intel.mtwilson.My;
import com.intel.mtwilson.tag.dao.TagJdbi;
import com.intel.mtwilson.tag.dao.jdbi.FileDAO;
import com.intel.mtwilson.tag.model.File;
import com.intel.dcsg.cpg.crypto.SimpleKeystore;
import com.intel.dcsg.cpg.extensions.Extensions;
import com.intel.dcsg.cpg.io.ByteArrayResource;
import com.intel.mtwilson.datatypes.ApiClientUpdateRequest;
import com.intel.mtwilson.ms.business.ApiClientBO;
import com.intel.mtwilson.tls.policy.factory.TlsPolicyCreator;
import com.intel.mtwilson.v2.client.MwClientUtil;
import java.net.URL;
import java.util.Locale;
import java.util.Properties;
import org.apache.commons.codec.binary.Hex;
import org.apache.commons.configuration.MapConfiguration;
import org.apache.commons.lang.RandomStringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/**
 * This command exports a file from the database to the filesystem
 * @author jbuhacoff
 */
public class TagCreateMtWilsonClient extends TagCommand {
    private static Logger log = LoggerFactory.getLogger(TagCreateMtWilsonClient.class);
    public static final String KEYSTORE_FILE = "mtwilson-client-keystore";
    
    @Override
    public void execute(String[] args) throws Exception {
        // file name, and either outfile or stdout
//        if( args.length < 1 ) { throw new IllegalArgumentException("Usage: create-mtwilson-client [--username=username] [--password=password] [--url=https://mtwilson.com]"); } // on Windows especially do not use single quotes around the argument because it will be a part of it

        // check if username/password is provided on command line or already configured ...
        String mtwilsonUrl = null, mtwilsonClientKeystoreUsername = null, mtwilsonClientKeystorePassword = null;
        if( getOptions().containsKey("url") ) {
            mtwilsonUrl = getOptions().getString("url", "");
        }
        if( getOptions().containsKey("username") ) {
            mtwilsonClientKeystoreUsername = getOptions().getString("username", "");
        }
        if( getOptions().containsKey("password") ) {
            mtwilsonClientKeystorePassword = getOptions().getString("password", "");
        }
        
        // already configured
        if( mtwilsonUrl == null || mtwilsonUrl.isEmpty() ) {
            mtwilsonUrl = My.configuration().getAssetTagServerString(); //My.configuration().getMtWilsonURL().toString(); // Global.configuration().getMtWilsonURL();
        }
        if( mtwilsonClientKeystoreUsername == null || mtwilsonClientKeystoreUsername.isEmpty() ) {
            mtwilsonClientKeystoreUsername = My.configuration().getTagKeystoreUsername(); // Global.configuration().getMtWilsonClientKeystoreUsername();
        }
        if( mtwilsonClientKeystorePassword == null || mtwilsonClientKeystorePassword.isEmpty() ) {
            mtwilsonClientKeystorePassword = My.configuration().getTagKeystorePassword(); //Global.configuration().getMtWilsonClientKeystorePassword();
        }
        
        // defaults:  username=asset-tag-prov-svc and password=random-16-chars 
        if( mtwilsonUrl == null || mtwilsonUrl.isEmpty() ) {
            mtwilsonUrl = "https://127.0.0.1:8181";
        }
        if( mtwilsonClientKeystoreUsername == null || mtwilsonClientKeystoreUsername.isEmpty() ) {
            mtwilsonClientKeystoreUsername = "tagservice";
        }
        if( mtwilsonClientKeystorePassword == null || mtwilsonClientKeystorePassword.isEmpty() ) {
            mtwilsonClientKeystorePassword = RandomStringUtils.randomAlphanumeric(16);
        }

        URL url = new URL(mtwilsonUrl);

        
        ByteArrayResource keystoreResource = new ByteArrayResource();
        
        try (FileDAO fileDao = TagJdbi.fileDao()) {
            File keystoreFile = fileDao.findByName(KEYSTORE_FILE);
            if (keystoreFile != null) {
                System.out.println(String.format("%s keystore and user login certificate already exist", mtwilsonClientKeystoreUsername));
                return;
            }
        }

        //set properties
        Properties properties = My.configuration().getClientProperties();
        properties.setProperty("mtwilson.api.url", mtwilsonUrl);

        //create keystore and users
        Extensions.register(TlsPolicyCreator.class, com.intel.mtwilson.tls.policy.creator.impl.CertificateDigestTlsPolicyCreator.class);
        SimpleKeystore keystore = MwClientUtil.createUserInResourceV2(keystoreResource, mtwilsonClientKeystoreUsername, mtwilsonClientKeystorePassword,
                url, properties, "tagservice user for asset tag functionality", Locale.ENGLISH, "TLS");
        keystore.save();

        //approve users
        RsaCredentialX509 rsaCredentialX509 = keystore.getRsaCredentialX509(mtwilsonClientKeystoreUsername, mtwilsonClientKeystorePassword);
        String[] roles = new String[]{"Attestation", "Report", "Whitelist", "AssetTagManagement"};
        try {
            ApiClientUpdateRequest updateRequest = new ApiClientUpdateRequest();
            updateRequest.enabled = true;
            updateRequest.fingerprint = rsaCredentialX509.identity();
            updateRequest.roles = roles;
            updateRequest.status = "APPROVED";
            ApiClientBO apiClientBO = new ApiClientBO();
            apiClientBO.updateV2(updateRequest);
            System.out.println(String.format("Approved %s [fingerprint %s]", mtwilsonClientKeystoreUsername, Hex.encodeHexString(rsaCredentialX509.identity())));   
        } catch (Exception e) {
            System.err.println(String.format("Failed to approve %s [fingerprint %s]: %s", mtwilsonClientKeystoreUsername, Hex.encodeHexString(rsaCredentialX509.identity()), e.getMessage()));
            throw new IllegalStateException(String.format("Failed to approve %s [fingerprint %s]: %s", mtwilsonClientKeystoreUsername, Hex.encodeHexString(rsaCredentialX509.identity()), e.getMessage()));
        }
        
        try (FileDAO fileDao = TagJdbi.fileDao()) {
            fileDao.insert(new UUID(), KEYSTORE_FILE, "application/x-java-keystore", keystoreResource.toByteArray());
            System.out.println(String.format("Saved %s keystore to database", mtwilsonClientKeystoreUsername));
        }
    }
    
    /***** UNUSED
    private void approveMtWilsonClient(byte[] fingerprint) {
        try {
            System.out.println(String.format("Searching for client by fingerprint: %s", Hex.encodeHexString(fingerprint)));
            ApiClientX509JpaController x509jpaController = My.jpa().mwApiClientX509();
            ApiClientX509 client = x509jpaController.findApiClientX509ByFingerprint(fingerprint);
            if( client == null ) {
                log.error("Cannot find client record with fingerprint {}", Hex.encodeHexString(fingerprint));
                throw new IllegalStateException("Cannot find client record with fingerprint "+Hex.encodeHexString(fingerprint));
            }
            client.setStatus("Approved");
            client.setEnabled(true);
            x509jpaController.edit(client);
        }
        catch(IOException | IllegalStateException | IllegalOrphanException | NonexistentEntityException | MSDataException e) {
            throw new SetupException("Cannot update API Client record: "+e.getMessage(), e);
        }
    }
        
    private void approveUserLoginCertificate(LoginDAO loginDAO, String username) {
        UserLoginCertificate userLoginCertificate = loginDAO.findUserLoginCertificateByUsername(username);
        loginDAO.updateUserLoginCertificateById(userLoginCertificate.getId(), true, Status.APPROVED, "");        
    }*/
            
    
    
    public static void main(String args[]) throws Exception {
        TagCreateMtWilsonClient cmd = new TagCreateMtWilsonClient();
        cmd.setOptions(new MapConfiguration(new Properties()));
        cmd.execute(new String[] { });
        
    }    
    
}