diff options
| author | Simon Rettberg | 2015-09-30 11:33:12 +0200 |
|---|---|---|
| committer | Simon Rettberg | 2015-09-30 11:33:12 +0200 |
| commit | 0e97c20b59b7b5f002c6ad81a986789a1d9c4968 (patch) | |
| tree | bd3efce3356101ce7ae6fa4861b54bfbeb2498d6 | |
| parent | [MountVmStore] Increase timeout to 60s (diff) | |
| download | tmlite-bwlp-0e97c20b59b7b5f002c6ad81a986789a1d9c4968.tar.gz tmlite-bwlp-0e97c20b59b7b5f002c6ad81a986789a1d9c4968.tar.xz tmlite-bwlp-0e97c20b59b7b5f002c6ad81a986789a1d9c4968.zip | |
[CreateLdapConfig] Only generate certificates if none exist yet
| -rw-r--r-- | src/main/java/org/openslx/taskmanager/tasks/CreateLdapConfig.java | 20 |
1 files changed, 11 insertions, 9 deletions
diff --git a/src/main/java/org/openslx/taskmanager/tasks/CreateLdapConfig.java b/src/main/java/org/openslx/taskmanager/tasks/CreateLdapConfig.java index 9a5022f..8ec5c19 100644 --- a/src/main/java/org/openslx/taskmanager/tasks/CreateLdapConfig.java +++ b/src/main/java/org/openslx/taskmanager/tasks/CreateLdapConfig.java @@ -68,16 +68,16 @@ public class CreateLdapConfig extends AbstractTask protected boolean execute() { TarArchiveOutputStream outArchive = null; - String keyFile = "/opt/ldadp/configs/" + this.moduleid + ".key.pem"; - String certFile = "/opt/ldadp/configs/" + this.moduleid + ".crt.pem"; + File keyFile = new File( "/opt/ldadp/configs/" + this.moduleid + ".key.pem" ); + File certFile = new File( "/opt/ldadp/configs/" + this.moduleid + ".crt.pem" ); String uri = "ldaps://" + this.proxyip + ":" + this.proxyport + "/"; String cacertPath = "/etc/ldap-proxy.pem"; try { - // Generate keys - { + // Generate keys if not existent + if ( !keyFile.exists() || !certFile.exists() ) { int ret = Exec.sync( 20, "openssl", "req", - "-x509", "-new", "-newkey", "rsa:4096", "-keyout", keyFile, "-out", certFile, "-days", "5000", "-nodes", - "-subj", "/C=DE/ST=Nowhere/L=Springfield/O=Dis/CN=" + this.proxyip ); + "-x509", "-new", "-newkey", "rsa:4096", "-keyout", keyFile.getAbsolutePath(), "-out", certFile.getAbsolutePath(), + "-days", "5000", "-nodes", "-subj", "/C=DE/ST=Nowhere/L=Springfield/O=Dis/CN=" + this.proxyip ); if ( ret == -1 ) { status.error = "openssl process didn't finish in time."; } else if ( ret == -2 ) { @@ -149,7 +149,7 @@ public class CreateLdapConfig extends AbstractTask return false; } // The cert we just created - if ( !Archive.tarAddFile( outArchive, cacertPath, new File( certFile ), 0644 ) ) { + if ( !Archive.tarAddFile( outArchive, cacertPath, certFile, 0644 ) ) { status.error = "Could not add ldap-proxy.pem to module"; return false; } @@ -159,14 +159,16 @@ public class CreateLdapConfig extends AbstractTask return false; } // All the pam.d common-XXXX files - for ( String file : new String[] { "common-auth", "common-account", "common-session", "common-session-noninteractive", "common-password" } ) { + for ( String file : new String[] { "common-auth", "common-account", "common-session", "common-session-noninteractive", + "common-password" } ) { if ( !Archive.tarAddFile( outArchive, "/etc/pam.d/" + file, new File( "./data/ad/" + file ), 0644 ) ) { status.error = "Could not add " + file + " to module"; return false; } } // Home if present - if ( !Archive.tarAddFile( outArchive, "/opt/openslx/scripts/pam_script_mount_persistent", new File( "./data/ad/mountscript" ), 0644 ) ) { + if ( !Archive.tarAddFile( outArchive, "/opt/openslx/scripts/pam_script_mount_persistent", new File( "./data/ad/mountscript" ), + 0644 ) ) { status.error = "Could not add mount script to module"; return false; } |