add mail support for expired and soon to expire ssh pub keys

3d5398ff · michael.simon · f5775833 · 3d5398ff · 3d5398ff · 3d5398ff
Commit 3d5398ff authored Feb 15, 2021 by michael.simon
--- a/bwreg-jpa/src/main/java/edu/kit/scc/webreg/dao/SshPubKeyDao.java
+++ b/bwreg-jpa/src/main/java/edu/kit/scc/webreg/dao/SshPubKeyDao.java
@@ -31,4 +31,5 @@ public interface SshPubKeyDao extends BaseDao<SshPubKeyEntity, Long> {

 	List<SshPubKeyEntity> findKeysToExpire(int limit);

+	List<SshPubKeyEntity> findKeysToExpiryWarning(int limit, int days);
 }
--- a/bwreg-jpa/src/main/java/edu/kit/scc/webreg/dao/jpa/JpaSshPubKeyDao.java
+++ b/bwreg-jpa/src/main/java/edu/kit/scc/webreg/dao/jpa/JpaSshPubKeyDao.java
@@ -10,6 +10,8 @@
 ******************************************************************************/
 package edu.kit.scc.webreg.dao.jpa;

+import java.time.LocalDateTime;
+import java.time.ZoneId;
 import java.util.Date;
 import java.util.List;

@@ -78,13 +80,26 @@ public class JpaSshPubKeyDao extends JpaBaseDao<SshPubKeyEntity, Long> implement
 	@Override
 	@SuppressWarnings("unchecked")
 	public List<SshPubKeyEntity> findKeysToExpire(int limit) {
-		return em.createQuery("select e from SshPubKeyEntity e where e.expiresAt < :dateNow and e.keyStatus != :keyStatus")
+		return em.createQuery("select e from SshPubKeyEntity e where e.expiresAt < :dateNow and e.keyStatus = :keyStatus")
 				.setParameter("dateNow", new Date())
 				.setParameter("keyStatus", SshPubKeyStatus.ACTIVE)
 				.setMaxResults(limit)
 				.getResultList();	
 	}

+	@Override
+	@SuppressWarnings("unchecked")
+	public List<SshPubKeyEntity> findKeysToExpiryWarning(int limit, int days) {
+		Date dateDays = Date.from(LocalDateTime.now().plusDays(days).atZone(ZoneId.systemDefault()).toInstant());
+		return em.createQuery("select e from SshPubKeyEntity e where e.expireWarningSent = null and "
+				+ "e.expiresAt > :dateNow and e.expiresAt < :dateDays and e.keyStatus = :keyStatus")
+				.setParameter("dateNow", new Date())
+				.setParameter("dateDays", dateDays)
+				.setParameter("keyStatus", SshPubKeyStatus.ACTIVE)
+				.setMaxResults(limit)
+				.getResultList();	
+	}
+
 	@Override
    public Class<SshPubKeyEntity> getEntityClass() {
 		return SshPubKeyEntity.class;

--- a/bwreg-jpa/src/main/java/edu/kit/scc/webreg/entity/EventType.java
+++ b/bwreg-jpa/src/main/java/edu/kit/scc/webreg/entity/EventType.java
@@ -45,6 +45,7 @@ public enum EventType {
 	SSH_KEY_REGISTRY_DEPLOYED,
 	SSH_KEY_REGISTRY_DENIED,
 	SSH_KEY_REGISTRY_DELETED,
+	SSH_KEY_EXPIRY_WARNING,
 	
 	/*
 	 * 2FA Events

--- a/bwreg-service/src/main/java/edu/kit/scc/webreg/event/SshPubKeyExpiredSendMailExecutor.java
+++ b/bwreg-service/src/main/java/edu/kit/scc/webreg/event/SshPubKeyExpiredSendMailExecutor.java
+/*******************************************************************************
+ * Copyright (c) 2014 Michael Simon.
+ * All rights reserved. This program and the accompanying materials
+ * are made available under the terms of the GNU Public License v3.0
+ * which accompanies this distribution, and is available at
+ * http://www.gnu.org/licenses/gpl.html
+ * 
+ * Contributors:
+ *     Michael Simon - initial
+ ******************************************************************************/
+package edu.kit.scc.webreg.event;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import javax.naming.InitialContext;
+import javax.naming.NamingException;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import edu.kit.scc.webreg.entity.SshPubKeyEntity;
+import edu.kit.scc.webreg.service.mail.TemplateMailService;
+import edu.kit.scc.webreg.service.ssh.SshPubKeyService;
+
+public class SshPubKeyExpiredSendMailExecutor extends
+		AbstractEventExecutor<SshPubKeyEvent, SshPubKeyEntity> {
+
+	private static final long serialVersionUID = 1L;
+
+	public SshPubKeyExpiredSendMailExecutor() {
+		super();
+	}
+
+	@Override
+	public void execute() {
+		Logger logger = LoggerFactory.getLogger(SshPubKeyExpiredSendMailExecutor.class);
+		logger.debug("Executing");
+		
+		String templateName = getJobStore().get("mail_template");
+
+		if (templateName == null) {
+			logger.warn("No template configured for SshPubKeyExpiredSendMailExecutor");
+			return;
+		}
+		
+		try {
+			InitialContext ic = new InitialContext();
+			
+			TemplateMailService templateMailService = (TemplateMailService) ic.lookup("global/bwreg/bwreg-service/TemplateMailServiceImpl!edu.kit.scc.webreg.service.mail.TemplateMailService");
+			SshPubKeyService pubKeyService = (SshPubKeyService) ic.lookup("global/bwreg/bwreg-service/SshPubKeyServiceImpl!edu.kit.scc.webreg.service.ssh.SshPubKeyService");
+			
+			SshPubKeyEntity sshPubKey = getEvent().getEntity();
+			
+			pubKeyService.keyExpirySent(sshPubKey);
+			
+			Map<String, Object> context = new HashMap<String, Object>(3);
+			context.put("sshPubKey", sshPubKey);
+			context.put("user", sshPubKey.getUser());
+			context.put("identity", sshPubKey.getIdentity());
+			
+			templateMailService.sendMail(templateName, context, true);
+			
+		} catch (NamingException e) {
+			logger.warn("Could not send email: {}", e);
+		}
+		
+	}
+
+}
--- a/bwreg-service/src/main/java/edu/kit/scc/webreg/event/SshPubKeyExpiryWarningSendMailExecutor.java
+++ b/bwreg-service/src/main/java/edu/kit/scc/webreg/event/SshPubKeyExpiryWarningSendMailExecutor.java
+/*******************************************************************************
+ * Copyright (c) 2014 Michael Simon.
+ * All rights reserved. This program and the accompanying materials
+ * are made available under the terms of the GNU Public License v3.0
+ * which accompanies this distribution, and is available at
+ * http://www.gnu.org/licenses/gpl.html
+ * 
+ * Contributors:
+ *     Michael Simon - initial
+ ******************************************************************************/
+package edu.kit.scc.webreg.event;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import javax.naming.InitialContext;
+import javax.naming.NamingException;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import edu.kit.scc.webreg.entity.SshPubKeyEntity;
+import edu.kit.scc.webreg.service.mail.TemplateMailService;
+import edu.kit.scc.webreg.service.ssh.SshPubKeyService;
+
+public class SshPubKeyExpiryWarningSendMailExecutor extends
+		AbstractEventExecutor<SshPubKeyEvent, SshPubKeyEntity> {
+
+	private static final long serialVersionUID = 1L;
+
+	public SshPubKeyExpiryWarningSendMailExecutor() {
+		super();
+	}
+
+	@Override
+	public void execute() {
+		Logger logger = LoggerFactory.getLogger(SshPubKeyExpiryWarningSendMailExecutor.class);
+		logger.debug("Executing");
+		
+		String templateName = getJobStore().get("mail_template");
+
+		if (templateName == null) {
+			logger.warn("No template configured for SshPubKeyExpiredSendMailExecutor");
+			return;
+		}
+		
+		try {
+			InitialContext ic = new InitialContext();
+			
+			TemplateMailService templateMailService = (TemplateMailService) ic.lookup("global/bwreg/bwreg-service/TemplateMailServiceImpl!edu.kit.scc.webreg.service.mail.TemplateMailService");
+			SshPubKeyService pubKeyService = (SshPubKeyService) ic.lookup("global/bwreg/bwreg-service/SshPubKeyServiceImpl!edu.kit.scc.webreg.service.ssh.SshPubKeyService");
+			
+			SshPubKeyEntity sshPubKey = getEvent().getEntity();
+			
+			pubKeyService.keyExpirySent(sshPubKey);
+			
+			Map<String, Object> context = new HashMap<String, Object>(3);
+			context.put("sshPubKey", sshPubKey);
+			context.put("user", sshPubKey.getUser());
+			context.put("identity", sshPubKey.getIdentity());
+			
+			templateMailService.sendMail(templateName, context, true);
+			
+		} catch (NamingException e) {
+			logger.warn("Could not send email: {}", e);
+		}
+		
+	}
+
+}
--- a/bwreg-service/src/main/java/edu/kit/scc/webreg/event/SshPubKeyRegistrySendMailExecutor.java
+++ b/bwreg-service/src/main/java/edu/kit/scc/webreg/event/SshPubKeyRegistrySendMailExecutor.java
@@ -55,6 +55,7 @@ public class SshPubKeyRegistrySendMailExecutor extends
 			context.put("registry", sshPubKeyRegistry.getRegistry());
 			context.put("service", sshPubKeyRegistry.getRegistry().getService());
 			context.put("user", sshPubKeyRegistry.getSshPubKey().getUser());
+			context.put("identity", sshPubKeyRegistry.getSshPubKey().getIdentity());
 			
 			templateMailService.sendMail(templateName, context, true);
 			

--- a/bwreg-service/src/main/java/edu/kit/scc/webreg/event/SshPubKeySendMailExecutor.java
+++ b/bwreg-service/src/main/java/edu/kit/scc/webreg/event/SshPubKeySendMailExecutor.java
@@ -52,6 +52,7 @@ public class SshPubKeySendMailExecutor extends
 			Map<String, Object> context = new HashMap<String, Object>(3);
 			context.put("sshPubKey", sshPubKey);
 			context.put("user", sshPubKey.getUser());
+			context.put("identity", sshPubKey.getIdentity());
 			
 			templateMailService.sendMail(templateName, context, true);
 			

--- a/bwreg-service/src/main/java/edu/kit/scc/webreg/job/ExpiryWarningSshPubKeys.java
+++ b/bwreg-service/src/main/java/edu/kit/scc/webreg/job/ExpiryWarningSshPubKeys.java
+/*******************************************************************************
+ * Copyright (c) 2014 Michael Simon.
+ * All rights reserved. This program and the accompanying materials
+ * are made available under the terms of the GNU Public License v3.0
+ * which accompanies this distribution, and is available at
+ * http://www.gnu.org/licenses/gpl.html
+ * 
+ * Contributors:
+ *     Michael Simon - initial
+ ******************************************************************************/
+package edu.kit.scc.webreg.job;
+
+import java.util.List;
+
+import javax.naming.InitialContext;
+import javax.naming.NamingException;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import edu.kit.scc.webreg.entity.SshPubKeyEntity;
+import edu.kit.scc.webreg.service.ssh.SshPubKeyService;
+
+
+public class ExpiryWarningSshPubKeys extends AbstractExecutableJob {
+
+	private static final long serialVersionUID = 1L;
+
+	@Override
+	public void execute() {
+		Logger logger = LoggerFactory.getLogger(ExpiryWarningSshPubKeys.class);
+
+		try {
+			logger.debug("Expiry warn Ssh pub keys");
+
+			Integer limit, days;
+			
+			if (getJobStore().containsKey("limit")) {
+				limit = Integer.parseInt(getJobStore().get("limit"));
+			}
+			else {
+				limit = 1;
+			}
+
+			if (getJobStore().containsKey("days")) {
+				days = Integer.parseInt(getJobStore().get("days"));
+			}
+			else {
+				days = 7;
+			}
+
+			InitialContext ic = new InitialContext();
+			
+			SshPubKeyService service = (SshPubKeyService) ic.lookup("global/bwreg/bwreg-service/SshPubKeyServiceImpl!edu.kit.scc.webreg.service.ssh.SshPubKeyService");
+			
+			List<SshPubKeyEntity> keyList = service.findKeysToExpiryWarning(limit, days);
+			
+			for (SshPubKeyEntity key : keyList) {
+				service.expiryWarningKey(key, "ExpiryWarningSshPubKeys-job");
+			}
+			
+			logger.debug("Expire done");
+			
+		} catch (NamingException e) {
+			logger.warn("Could not expire SSH Keys: {}", e);
+		}
+	}
+}
--- a/bwreg-service/src/main/java/edu/kit/scc/webreg/service/ssh/SshPubKeyService.java
+++ b/bwreg-service/src/main/java/edu/kit/scc/webreg/service/ssh/SshPubKeyService.java
@@ -33,6 +33,15 @@ public interface SshPubKeyService extends BaseService<SshPubKeyEntity, Long> {
 	List<SshPubKeyEntity> findByIdentityAndStatusWithRegs(Long identityId, SshPubKeyStatus keyStatus);

 	SshPubKeyEntity expireKey(SshPubKeyEntity entity, String executor);
-	
+
+	SshPubKeyEntity expiryWarningKey(SshPubKeyEntity entity, String executor);
+
 	List<SshPubKeyEntity> findKeysToExpire(int limit);
+
+	SshPubKeyEntity keyExpirySent(SshPubKeyEntity entity);
+
+	SshPubKeyEntity keyExpiryWarningSent(SshPubKeyEntity entity);
+	
+	List<SshPubKeyEntity> findKeysToExpiryWarning(int limit, int days);
+	
 }
--- a/bwreg-service/src/main/java/edu/kit/scc/webreg/service/ssh/SshPubKeyServiceImpl.java
+++ b/bwreg-service/src/main/java/edu/kit/scc/webreg/service/ssh/SshPubKeyServiceImpl.java
@@ -10,6 +10,7 @@
 ******************************************************************************/
 package edu.kit.scc.webreg.service.ssh;

+import java.util.Date;
 import java.util.List;

 import javax.ejb.Stateless;
@@ -72,13 +73,20 @@ public class SshPubKeyServiceImpl extends BaseServiceImpl<SshPubKeyEntity, Long>
 	public List<SshPubKeyEntity> findKeysToExpire(int limit) {
 		return dao.findKeysToExpire(limit);
 	}
+
+	@Override
+	public List<SshPubKeyEntity> findKeysToExpiryWarning(int limit, int days) {
+		return dao.findKeysToExpiryWarning(limit, days);
+	}
 	
 	@Override
 	public SshPubKeyEntity expireKey(SshPubKeyEntity entity, String executor) {
 		entity = dao.merge(entity);
 		entity.setKeyStatus(SshPubKeyStatus.EXPIRED);
+		logger.debug("Setting key {} to expired");

 		for (SshPubKeyRegistryEntity regKey : entity.getSshPubKeyRegistries()) {
+			logger.debug("Deleting registry connection {} for key {}", regKey.getId(), entity.getId());
 			sshPubKeyRegistryDao.delete(regKey);
 		}

@@ -90,15 +98,45 @@ public class SshPubKeyServiceImpl extends BaseServiceImpl<SshPubKeyEntity, Long>
 		}
 		return entity;
 	}
+
+	@Override
+	public SshPubKeyEntity expiryWarningKey(SshPubKeyEntity entity, String executor) {
+		entity = dao.merge(entity);
+		logger.debug("Send expiry warning event for key {}", entity.getId());
+
+		SshPubKeyEvent event = new SshPubKeyEvent(entity);
+		try {
+			eventSubmitter.submit(event, EventType.SSH_KEY_EXPIRY_WARNING, executor);
+		} catch (EventSubmitException e) {
+			logger.warn("Could not submit event", e);
+		}
+		return entity;
+	}
+
+	@Override
+	public SshPubKeyEntity keyExpirySent(SshPubKeyEntity entity) {
+		entity = dao.merge(entity);
+		entity.setExpiredSent(new Date());
+		return entity;
+	}
+	
+	@Override
+	public SshPubKeyEntity keyExpiryWarningSent(SshPubKeyEntity entity) {
+		entity = dao.merge(entity);
+		entity.setExpireWarningSent(new Date());
+		return entity;
+	}
 	
 	@Override
 	public SshPubKeyEntity deleteKey(SshPubKeyEntity entity, String executor) {

 		entity = dao.merge(entity);
 		entity.setKeyStatus(SshPubKeyStatus.DELETED);
+		logger.debug("Setting key {} to deleted");

 		for (SshPubKeyRegistryEntity regKey : entity.getSshPubKeyRegistries()) {
 			sshPubKeyRegistryDao.delete(regKey);
+			logger.debug("Deleting registry connection {} for key {}", regKey.getId(), entity.getId());
 			SshPubKeyRegistryEvent event = new SshPubKeyRegistryEvent(regKey);
 			try {
 				eventSubmitter.submit(event, EventType.SSH_KEY_REGISTRY_DELETED, executor);