From 0e97c20b59b7b5f002c6ad81a986789a1d9c4968 Mon Sep 17 00:00:00 2001
From: Simon Rettberg
Date: Wed, 30 Sep 2015 11:33:12 +0200
Subject: [CreateLdapConfig] Only generate certificates if none exist yet

---
 .../openslx/taskmanager/tasks/CreateLdapConfig.java  | 20 +++++++++++---------
 1 file changed, 11 insertions(+), 9 deletions(-)

diff --git a/src/main/java/org/openslx/taskmanager/tasks/CreateLdapConfig.java b/src/main/java/org/openslx/taskmanager/tasks/CreateLdapConfig.java
index 9a5022f..8ec5c19 100644
--- a/src/main/java/org/openslx/taskmanager/tasks/CreateLdapConfig.java
+++ b/src/main/java/org/openslx/taskmanager/tasks/CreateLdapConfig.java
@@ -68,16 +68,16 @@ public class CreateLdapConfig extends AbstractTask
 	protected boolean execute()
 	{
 		TarArchiveOutputStream outArchive = null;
-		String keyFile = "/opt/ldadp/configs/" + this.moduleid + ".key.pem";
-		String certFile = "/opt/ldadp/configs/" + this.moduleid + ".crt.pem";
+		File keyFile = new File( "/opt/ldadp/configs/" + this.moduleid + ".key.pem" );
+		File certFile = new File( "/opt/ldadp/configs/" + this.moduleid + ".crt.pem" );
 		String uri = "ldaps://" + this.proxyip + ":" + this.proxyport + "/";
 		String cacertPath = "/etc/ldap-proxy.pem";
 		try {
-			// Generate keys
-			{
+			// Generate keys if not existent
+			if ( !keyFile.exists() || !certFile.exists() ) {
 				int ret = Exec.sync( 20, "openssl", "req",
-						"-x509", "-new", "-newkey", "rsa:4096", "-keyout", keyFile, "-out", certFile, "-days", "5000", "-nodes",
-						"-subj", "/C=DE/ST=Nowhere/L=Springfield/O=Dis/CN=" + this.proxyip );
+						"-x509", "-new", "-newkey", "rsa:4096", "-keyout", keyFile.getAbsolutePath(), "-out", certFile.getAbsolutePath(),
+						"-days", "5000", "-nodes", "-subj", "/C=DE/ST=Nowhere/L=Springfield/O=Dis/CN=" + this.proxyip );
 				if ( ret == -1 ) {
 					status.error = "openssl process didn't finish in time.";
 				} else if ( ret == -2 ) {
@@ -149,7 +149,7 @@ public class CreateLdapConfig extends AbstractTask
 				return false;
 			}
 			// The cert we just created
-			if ( !Archive.tarAddFile( outArchive, cacertPath, new File( certFile ), 0644 ) ) {
+			if ( !Archive.tarAddFile( outArchive, cacertPath, certFile, 0644 ) ) {
 				status.error = "Could not add ldap-proxy.pem to module";
 				return false;
 			}
@@ -159,14 +159,16 @@ public class CreateLdapConfig extends AbstractTask
 				return false;
 			}
 			// All the pam.d common-XXXX files
-			for ( String file : new String[] { "common-auth", "common-account", "common-session", "common-session-noninteractive", "common-password" } ) {
+			for ( String file : new String[] { "common-auth", "common-account", "common-session", "common-session-noninteractive",
+					"common-password" } ) {
 				if ( !Archive.tarAddFile( outArchive, "/etc/pam.d/" + file, new File( "./data/ad/" + file ), 0644 ) ) {
 					status.error = "Could not add " + file + " to module";
 					return false;
 				}
 			}
 			// Home if present
-			if ( !Archive.tarAddFile( outArchive, "/opt/openslx/scripts/pam_script_mount_persistent", new File( "./data/ad/mountscript" ), 0644 ) ) {
+			if ( !Archive.tarAddFile( outArchive, "/opt/openslx/scripts/pam_script_mount_persistent", new File( "./data/ad/mountscript" ),
+					0644 ) ) {
 				status.error = "Could not add mount script to module";
 				return false;
 			}
-- 
cgit v1.2.3-55-g7522