summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSimon Rettberg2017-03-29 10:50:38 +0200
committerSimon Rettberg2017-03-29 10:50:38 +0200
commit5188b15c3c53e0675d1c275c46b31fd265015c55 (patch)
treed6712cecd8fe1e0b96e1e4130f19f9f1f3eb1845
parent[LighttpdHttps] Update script to generate 2048 bit dh params (diff)
downloadtmlite-bwlp-5188b15c3c53e0675d1c275c46b31fd265015c55.tar.gz
tmlite-bwlp-5188b15c3c53e0675d1c275c46b31fd265015c55.tar.xz
tmlite-bwlp-5188b15c3c53e0675d1c275c46b31fd265015c55.zip
[LighttpdHttps] Support setting HTTPS redirection
This implements #3058
-rwxr-xr-xscripts/install-https58
-rw-r--r--src/main/java/org/openslx/taskmanager/tasks/LighttpdHttps.java59
2 files changed, 98 insertions, 19 deletions
diff --git a/scripts/install-https b/scripts/install-https
index ad77a97..121fb0e 100755
--- a/scripts/install-https
+++ b/scripts/install-https
@@ -1,7 +1,8 @@
#!/bin/bash
-CERTFILE="/etc/lighttpd/server.pem"
-CHAINFILE="/etc/lighttpd/chain.pem"
+declare -rg CERTFILE="/etc/lighttpd/server.pem"
+declare -rg CHAINFILE="/etc/lighttpd/chain.pem"
+declare -rg REDIR_FLAG="/etc/lighttpd/redirect.flag"
op_disable ()
{
@@ -76,20 +77,53 @@ generate_dh ()
fi
}
-OP=$1
-shift
+setup_redirect ()
+{
+ if [ -n "$REDIR" ]; then
+ touch "$REDIR_FLAG"
+ else
+ rm -f -- "$REDIR_FLAG"
+ fi
+}
-case "$OP" in
- --random) op_random "$@" ;;
- --test) op_test "$@" ;;
- --import) op_import "$@" ;;
- --disable) op_disable ;;
+RE_ONLY=
+REDIR=
+while true; do
+ case "$1" in
+ --redirect-only)
+ RE_ONLY=tru
+ ;;
+ --redirect)
+ REDIR=truh
+ ;;
*)
- echo "Invalid operation: $1"
- exit 1
+ break
;;
-esac
+ esac
+ shift
+done
+
+setup_redirect
+
+if [ -z "$RE_ONLY" ]; then
+
+ OP=$1
+ shift
+
+ case "$OP" in
+ --random) op_random "$@" ;;
+ --test) op_test "$@" ;;
+ --import) op_import "$@" ;;
+ --disable) op_disable ;;
+ *)
+ echo "Invalid operation: $1"
+ exit 1
+ ;;
+ esac
+
+fi
+sleep .5
systemctl restart lighttpd
exit 0
diff --git a/src/main/java/org/openslx/taskmanager/tasks/LighttpdHttps.java b/src/main/java/org/openslx/taskmanager/tasks/LighttpdHttps.java
index 59f3027..08fac2a 100644
--- a/src/main/java/org/openslx/taskmanager/tasks/LighttpdHttps.java
+++ b/src/main/java/org/openslx/taskmanager/tasks/LighttpdHttps.java
@@ -1,6 +1,9 @@
package org.openslx.taskmanager.tasks;
import java.io.File;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.List;
import org.openslx.satserver.util.Exec;
import org.openslx.satserver.util.Util;
@@ -27,6 +30,13 @@ public class LighttpdHttps extends AbstractTask
@Expose
private String proxyip = null;
+ @Expose
+ private boolean redirect;
+ @Expose
+ private boolean redirectOnly;
+
+ private List<String> baseCmd = Arrays.asList( new String[] { "sudo", "-n", "-u", "root", "/opt/taskmanager/scripts/install-https" } );
+
@Override
protected boolean initTask()
{
@@ -37,6 +47,8 @@ public class LighttpdHttps extends AbstractTask
@Override
protected boolean execute()
{
+ if ( this.redirectOnly )
+ return setRedirect();
if ( this.importcert != null && this.importkey != null && !this.importcert.isEmpty() && !this.importkey.isEmpty() )
return createFromInput();
if ( this.proxyip != null && !this.proxyip.isEmpty() )
@@ -46,7 +58,13 @@ public class LighttpdHttps extends AbstractTask
private boolean createRandom()
{
- int ret = Exec.sync( 15, "sudo", "-n", "-u", "root", "/opt/taskmanager/scripts/install-https", "--random", this.proxyip );
+ List<String> cmd = new ArrayList<>( baseCmd );
+ if ( this.redirect ) {
+ cmd.add( "--redirect" );
+ }
+ cmd.add( "--random" );
+ cmd.add( this.proxyip );
+ int ret = Exec.sync( 45, cmd.toArray( new String[ cmd.size() ] ) );
if ( ret != 0 ) {
status.error = "generator exited with code " + ret;
return false;
@@ -60,6 +78,7 @@ public class LighttpdHttps extends AbstractTask
File tmpKey = null;
File tmpCert = null;
File tmpChain = null;
+ List<String> cmd;
try {
try {
tmpCert = File.createTempFile( "bwlp-", ".pem" );
@@ -75,17 +94,26 @@ public class LighttpdHttps extends AbstractTask
return false;
}
int ret;
- ret = Exec.sync( 15, "/opt/taskmanager/scripts/install-https", "--test", tmpKey.getAbsolutePath(), tmpCert.getAbsolutePath() );
+ cmd = new ArrayList<>( baseCmd );
+ cmd.add( "--test" );
+ cmd.add( tmpKey.getAbsolutePath() );
+ cmd.add( tmpCert.getAbsolutePath() );
+ ret = Exec.sync( 45, cmd.toArray( new String[ cmd.size() ] ) );
if ( ret != 0 ) {
status.error = "Given key and certificate do not match, or have invalid format (exit code: " + ret + ")";
return false;
}
+ cmd = new ArrayList<>( baseCmd );
+ if ( this.redirect ) {
+ cmd.add( "--redirect" );
+ }
+ cmd.add( "--import" );
+ cmd.add( tmpKey.getAbsolutePath() );
+ cmd.add( tmpCert.getAbsolutePath() );
if ( tmpChain != null ) {
- ret = Exec.sync( 15, "sudo", "-n", "-u", "root", "/opt/taskmanager/scripts/install-https", "--import", tmpKey.getAbsolutePath(), tmpCert.getAbsolutePath(),
- tmpChain.getAbsolutePath() );
- } else {
- ret = Exec.sync( 15, "sudo", "-n", "-u", "root", "/opt/taskmanager/scripts/install-https", "--import", tmpKey.getAbsolutePath(), tmpCert.getAbsolutePath() );
+ cmd.add( tmpChain.getAbsolutePath() );
}
+ ret = Exec.sync( 45, cmd.toArray( new String[ cmd.size() ] ) );
if ( ret != 0 ) {
status.error = "import exited with code " + ret;
return false;
@@ -99,9 +127,26 @@ public class LighttpdHttps extends AbstractTask
}
}
+ private boolean setRedirect()
+ {
+ List<String> cmd = new ArrayList<>( baseCmd );
+ cmd.add( "--redirect-only" );
+ if ( this.redirect ) {
+ cmd.add( "--redirect" );
+ }
+ int ret = Exec.sync( 10, cmd.toArray( new String[ cmd.size() ] ) );
+ if ( ret != 0 ) {
+ status.error = "set redirect exited with code " + ret;
+ return false;
+ }
+ return true;
+ }
+
private boolean disableHttps()
{
- int ret = Exec.sync( 15, "sudo", "-n", "-u", "root", "/opt/taskmanager/scripts/install-https", "--disable" );
+ List<String> cmd = new ArrayList<>( baseCmd );
+ cmd.add( "--disable" );
+ int ret = Exec.sync( 10, cmd.toArray( new String[ cmd.size() ] ) );
if ( ret != 0 ) {
status.error = "disable exited with code " + ret;
return false;