package org.openslx.taskmanager.tasks; import java.io.File; import java.util.ArrayList; import java.util.Arrays; import java.util.List; import org.openslx.satserver.util.Exec; import org.openslx.satserver.util.Util; import org.openslx.taskmanager.api.AbstractTask; import com.google.gson.annotations.Expose; /** * Task for enabling or disabling https support in lighttpd. * Can greate a self-signed cert on the fly, or use a supplied one. */ public class LighttpdHttps extends AbstractTask { private Output status = new Output(); @Expose private String importcert = null; @Expose private String importkey = null; @Expose private String importchain = null; @Expose private String proxyip = null; @Expose private boolean redirect; @Expose private boolean redirectOnly; private List baseCmd = Arrays.asList( new String[] { "sudo", "-n", "-u", "root", "/opt/taskmanager/scripts/install-https" } ); @Override protected boolean initTask() { this.setStatusObject( this.status ); return true; } @Override protected boolean execute() { if ( this.redirectOnly ) return setRedirect(); if ( this.importcert != null && this.importkey != null && !this.importcert.isEmpty() && !this.importkey.isEmpty() ) return createFromInput(); if ( this.proxyip != null && !this.proxyip.isEmpty() ) return createRandom(); return disableHttps(); } private boolean createRandom() { List cmd = new ArrayList<>( baseCmd ); if ( this.redirect ) { cmd.add( "--redirect" ); } cmd.add( "--random" ); cmd.add( this.proxyip ); int ret = Exec.sync( 45, cmd.toArray( new String[ cmd.size() ] ) ); if ( ret != 0 ) { status.error = "generator exited with code " + ret; return false; } return true; } private boolean createFromInput() { // Import supplied certificate and key. Test if they are valid first File tmpKey = null; File tmpCert = null; File tmpChain = null; List cmd; try { try { tmpCert = File.createTempFile( "bwlp-", ".pem" ); tmpKey = File.createTempFile( "bwlp-", ".pem" ); Util.writeStringToFile( tmpCert, this.importcert ); Util.writeStringToFile( tmpKey, this.importkey ); if ( this.importchain != null && !this.importchain.isEmpty() ) { tmpChain = File.createTempFile( "bwlp-", ".pem" ); Util.writeStringToFile( tmpChain, this.importchain ); } } catch ( Exception e ) { status.error = "Could not create temporary files: " + e.getMessage(); return false; } int ret; cmd = new ArrayList<>( baseCmd ); cmd.add( "--test" ); cmd.add( tmpKey.getAbsolutePath() ); cmd.add( tmpCert.getAbsolutePath() ); ret = Exec.sync( 45, cmd.toArray( new String[ cmd.size() ] ) ); if ( ret != 0 ) { status.error = "Given key and certificate do not match, or have invalid format (exit code: " + ret + ")"; return false; } cmd = new ArrayList<>( baseCmd ); if ( this.redirect ) { cmd.add( "--redirect" ); } cmd.add( "--import" ); cmd.add( tmpKey.getAbsolutePath() ); cmd.add( tmpCert.getAbsolutePath() ); if ( tmpChain != null ) { cmd.add( tmpChain.getAbsolutePath() ); } ret = Exec.sync( 45, cmd.toArray( new String[ cmd.size() ] ) ); if ( ret != 0 ) { status.error = "import exited with code " + ret; return false; } return true; } finally { if ( tmpKey != null ) tmpKey.delete(); if ( tmpCert != null ) tmpCert.delete(); } } private boolean setRedirect() { List cmd = new ArrayList<>( baseCmd ); cmd.add( "--redirect-only" ); if ( this.redirect ) { cmd.add( "--redirect" ); } int ret = Exec.sync( 10, cmd.toArray( new String[ cmd.size() ] ) ); if ( ret != 0 ) { status.error = "set redirect exited with code " + ret; return false; } return true; } private boolean disableHttps() { List cmd = new ArrayList<>( baseCmd ); cmd.add( "--disable" ); int ret = Exec.sync( 10, cmd.toArray( new String[ cmd.size() ] ) ); if ( ret != 0 ) { status.error = "disable exited with code " + ret; return false; } return true; } /** * Output - contains additional status data of this task */ @SuppressWarnings( "unused" ) private static class Output { protected String error = null; } }