#!/bin/bash # Copyright: 2023 Virtuozzo International GmbH # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # http://www.apache.org/licenses/LICENSE-2.0 # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. [ -n "${GLASSFISHSSLLIB_VERSION:-}" ] && return 0; GLASSFISHSSLLIB_VERSION="0.1"; [ -e /etc/jelastic/metainf.conf ] && source /etc/jelastic/metainf.conf $PROGRAM 'sed'; _ASADMIN="/opt/glassfish3/bin/asadmin"; PASS_FILE="/var/lib/jelastic/glalssfish/gfpass"; DAS_PASS="/var/lib/jelastic/glalssfish/daspassword"; OLD_SCRIPT="/root/scripts/manage.sh"; ADMIN_USER="jelastic"; SSL_PORT="8743"; DEFAULT_DOMAIN="jelastic"; CLUSTER_ROLE_FILE="/root/scripts/role"; JAVA_HOME=$(readlink -f /usr/bin/java | sed "s:bin/java::"); _KEYTOOL="${JAVA_HOME}/bin/keytool"; GF_KEYSTORE="/opt/glassfish${COMPUTE_TYPE_VERSION}/glassfish/domains/domain1/config/keystore.jks"; GF_KEYSTORE_ORIG="/opt/glassfish${COMPUTE_TYPE_VERSION}/glassfish/domains/domain1/config/keystore.jks.orig"; DAS_MAIN_CONFIG="/opt/glassfish${COMPUTE_TYPE_VERSION}/glassfish/domains/domain1/config/domain.xml" function runAsadminCmd(){ local cmd=$@; [ -f "$PASS_FILE" ] && { local temp_file=$(mktemp /tmp/pass.XXXXXXX); echo -n "AS_ADMIN_PASSWORD=" > "$temp_file"; cat "$PASS_FILE" >> "$temp_file"; $_ASADMIN -u "$ADMIN_USER" -W "$temp_file" ${cmd} > /dev/null 2>&1; rm "$temp_file"; } || { exit 2; }; } function mergeGFKeystore(){ [ -f "$GF_KEYSTORE" ] && rm "$GF_KEYSTORE" && cp "$GF_KEYSTORE_ORIG" "$GF_KEYSTORE"; [ -f "$GF_KEYSTORE" ] && $_KEYTOOL -importkeystore -noprompt -srckeystore "$SSL_CONFIG_DIR/${DEFAULT_DOMAIN}.jks" -destkeystore "$GF_KEYSTORE" -srcstorepass "changeit" -deststorepass "changeit" > /dev/null 2>&1; } function setModificationDate(){ local date=$(date); echo "" >> $DAS_MAIN_CONFIG; } function enableSSL(){ [ ! -f "$PASS_FILE" ] && return 0; [ ! -f "$GF_KEYSTORE_ORIG" ] && cp "$GF_KEYSTORE" "$GF_KEYSTORE_ORIG"; local msg msg=$(doAction keystore install 2>&1); local result=$?; [ -z "$msg" ] || echo "$msg" | $SED -re 's|.*result.*message\":||' -e 's|\}||' >>$ACTIONS_LOG; [ "$result" -ne 0 ] && return $result; mergeGFKeystore; chown "$DATA_OWNER" "$GF_KEYSTORE" "$GF_KEYSTORE_ORIG" 2>>"$JEM_CALLS_LOG"; local ip_bind="0.0.0.0"; runAsadminCmd create-http-listener --listeneraddress $ip_bind --listenerport "$SSL_PORT" --defaultvs server --securityenabled=true --enabled=true --target gfcluster http-listener-ssl-${DEFAULT_DOMAIN}; runAsadminCmd create-ssl --type http-listener --certname "${DEFAULT_DOMAIN}" --target gfcluster http-listener-ssl-${DEFAULT_DOMAIN}; setModificationDate; reloadService "$SERVICE" > /dev/null 2>&1; } function disableSSL(){ [ ! -f "$PASS_FILE" ] && return 0; local msg=$(doAction keystore remove); runAsadminCmd delete-http-listener --target gfcluster http-listener-ssl-${DEFAULT_DOMAIN}; [ -f "$GF_KEYSTORE_ORIG" ] && cp "$GF_KEYSTORE_ORIG" "$GF_KEYSTORE"; chown "$DATA_OWNER" "$GF_KEYSTORE" "$GF_KEYSTORE_ORIG" 2>>"$JEM_CALLS_LOG"; setModificationDate; reloadServiceSilent "$SERVICE"; }