Commit 3d5398ff authored by michael.simon's avatar michael.simon
Browse files

add mail support for expired and soon to expire ssh pub keys

parent f5775833
......@@ -31,4 +31,5 @@ public interface SshPubKeyDao extends BaseDao<SshPubKeyEntity, Long> {
List<SshPubKeyEntity> findKeysToExpire(int limit);
List<SshPubKeyEntity> findKeysToExpiryWarning(int limit, int days);
}
......@@ -10,6 +10,8 @@
******************************************************************************/
package edu.kit.scc.webreg.dao.jpa;
import java.time.LocalDateTime;
import java.time.ZoneId;
import java.util.Date;
import java.util.List;
......@@ -78,13 +80,26 @@ public class JpaSshPubKeyDao extends JpaBaseDao<SshPubKeyEntity, Long> implement
@Override
@SuppressWarnings("unchecked")
public List<SshPubKeyEntity> findKeysToExpire(int limit) {
return em.createQuery("select e from SshPubKeyEntity e where e.expiresAt < :dateNow and e.keyStatus != :keyStatus")
return em.createQuery("select e from SshPubKeyEntity e where e.expiresAt < :dateNow and e.keyStatus = :keyStatus")
.setParameter("dateNow", new Date())
.setParameter("keyStatus", SshPubKeyStatus.ACTIVE)
.setMaxResults(limit)
.getResultList();
}
@Override
@SuppressWarnings("unchecked")
public List<SshPubKeyEntity> findKeysToExpiryWarning(int limit, int days) {
Date dateDays = Date.from(LocalDateTime.now().plusDays(days).atZone(ZoneId.systemDefault()).toInstant());
return em.createQuery("select e from SshPubKeyEntity e where e.expireWarningSent = null and "
+ "e.expiresAt > :dateNow and e.expiresAt < :dateDays and e.keyStatus = :keyStatus")
.setParameter("dateNow", new Date())
.setParameter("dateDays", dateDays)
.setParameter("keyStatus", SshPubKeyStatus.ACTIVE)
.setMaxResults(limit)
.getResultList();
}
@Override
public Class<SshPubKeyEntity> getEntityClass() {
return SshPubKeyEntity.class;
......
......@@ -45,6 +45,7 @@ public enum EventType {
SSH_KEY_REGISTRY_DEPLOYED,
SSH_KEY_REGISTRY_DENIED,
SSH_KEY_REGISTRY_DELETED,
SSH_KEY_EXPIRY_WARNING,
/*
* 2FA Events
......
/*******************************************************************************
* Copyright (c) 2014 Michael Simon.
* All rights reserved. This program and the accompanying materials
* are made available under the terms of the GNU Public License v3.0
* which accompanies this distribution, and is available at
* http://www.gnu.org/licenses/gpl.html
*
* Contributors:
* Michael Simon - initial
******************************************************************************/
package edu.kit.scc.webreg.event;
import java.util.HashMap;
import java.util.Map;
import javax.naming.InitialContext;
import javax.naming.NamingException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import edu.kit.scc.webreg.entity.SshPubKeyEntity;
import edu.kit.scc.webreg.service.mail.TemplateMailService;
import edu.kit.scc.webreg.service.ssh.SshPubKeyService;
public class SshPubKeyExpiredSendMailExecutor extends
AbstractEventExecutor<SshPubKeyEvent, SshPubKeyEntity> {
private static final long serialVersionUID = 1L;
public SshPubKeyExpiredSendMailExecutor() {
super();
}
@Override
public void execute() {
Logger logger = LoggerFactory.getLogger(SshPubKeyExpiredSendMailExecutor.class);
logger.debug("Executing");
String templateName = getJobStore().get("mail_template");
if (templateName == null) {
logger.warn("No template configured for SshPubKeyExpiredSendMailExecutor");
return;
}
try {
InitialContext ic = new InitialContext();
TemplateMailService templateMailService = (TemplateMailService) ic.lookup("global/bwreg/bwreg-service/TemplateMailServiceImpl!edu.kit.scc.webreg.service.mail.TemplateMailService");
SshPubKeyService pubKeyService = (SshPubKeyService) ic.lookup("global/bwreg/bwreg-service/SshPubKeyServiceImpl!edu.kit.scc.webreg.service.ssh.SshPubKeyService");
SshPubKeyEntity sshPubKey = getEvent().getEntity();
pubKeyService.keyExpirySent(sshPubKey);
Map<String, Object> context = new HashMap<String, Object>(3);
context.put("sshPubKey", sshPubKey);
context.put("user", sshPubKey.getUser());
context.put("identity", sshPubKey.getIdentity());
templateMailService.sendMail(templateName, context, true);
} catch (NamingException e) {
logger.warn("Could not send email: {}", e);
}
}
}
/*******************************************************************************
* Copyright (c) 2014 Michael Simon.
* All rights reserved. This program and the accompanying materials
* are made available under the terms of the GNU Public License v3.0
* which accompanies this distribution, and is available at
* http://www.gnu.org/licenses/gpl.html
*
* Contributors:
* Michael Simon - initial
******************************************************************************/
package edu.kit.scc.webreg.event;
import java.util.HashMap;
import java.util.Map;
import javax.naming.InitialContext;
import javax.naming.NamingException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import edu.kit.scc.webreg.entity.SshPubKeyEntity;
import edu.kit.scc.webreg.service.mail.TemplateMailService;
import edu.kit.scc.webreg.service.ssh.SshPubKeyService;
public class SshPubKeyExpiryWarningSendMailExecutor extends
AbstractEventExecutor<SshPubKeyEvent, SshPubKeyEntity> {
private static final long serialVersionUID = 1L;
public SshPubKeyExpiryWarningSendMailExecutor() {
super();
}
@Override
public void execute() {
Logger logger = LoggerFactory.getLogger(SshPubKeyExpiryWarningSendMailExecutor.class);
logger.debug("Executing");
String templateName = getJobStore().get("mail_template");
if (templateName == null) {
logger.warn("No template configured for SshPubKeyExpiredSendMailExecutor");
return;
}
try {
InitialContext ic = new InitialContext();
TemplateMailService templateMailService = (TemplateMailService) ic.lookup("global/bwreg/bwreg-service/TemplateMailServiceImpl!edu.kit.scc.webreg.service.mail.TemplateMailService");
SshPubKeyService pubKeyService = (SshPubKeyService) ic.lookup("global/bwreg/bwreg-service/SshPubKeyServiceImpl!edu.kit.scc.webreg.service.ssh.SshPubKeyService");
SshPubKeyEntity sshPubKey = getEvent().getEntity();
pubKeyService.keyExpirySent(sshPubKey);
Map<String, Object> context = new HashMap<String, Object>(3);
context.put("sshPubKey", sshPubKey);
context.put("user", sshPubKey.getUser());
context.put("identity", sshPubKey.getIdentity());
templateMailService.sendMail(templateName, context, true);
} catch (NamingException e) {
logger.warn("Could not send email: {}", e);
}
}
}
......@@ -55,6 +55,7 @@ public class SshPubKeyRegistrySendMailExecutor extends
context.put("registry", sshPubKeyRegistry.getRegistry());
context.put("service", sshPubKeyRegistry.getRegistry().getService());
context.put("user", sshPubKeyRegistry.getSshPubKey().getUser());
context.put("identity", sshPubKeyRegistry.getSshPubKey().getIdentity());
templateMailService.sendMail(templateName, context, true);
......
......@@ -52,6 +52,7 @@ public class SshPubKeySendMailExecutor extends
Map<String, Object> context = new HashMap<String, Object>(3);
context.put("sshPubKey", sshPubKey);
context.put("user", sshPubKey.getUser());
context.put("identity", sshPubKey.getIdentity());
templateMailService.sendMail(templateName, context, true);
......
/*******************************************************************************
* Copyright (c) 2014 Michael Simon.
* All rights reserved. This program and the accompanying materials
* are made available under the terms of the GNU Public License v3.0
* which accompanies this distribution, and is available at
* http://www.gnu.org/licenses/gpl.html
*
* Contributors:
* Michael Simon - initial
******************************************************************************/
package edu.kit.scc.webreg.job;
import java.util.List;
import javax.naming.InitialContext;
import javax.naming.NamingException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import edu.kit.scc.webreg.entity.SshPubKeyEntity;
import edu.kit.scc.webreg.service.ssh.SshPubKeyService;
public class ExpiryWarningSshPubKeys extends AbstractExecutableJob {
private static final long serialVersionUID = 1L;
@Override
public void execute() {
Logger logger = LoggerFactory.getLogger(ExpiryWarningSshPubKeys.class);
try {
logger.debug("Expiry warn Ssh pub keys");
Integer limit, days;
if (getJobStore().containsKey("limit")) {
limit = Integer.parseInt(getJobStore().get("limit"));
}
else {
limit = 1;
}
if (getJobStore().containsKey("days")) {
days = Integer.parseInt(getJobStore().get("days"));
}
else {
days = 7;
}
InitialContext ic = new InitialContext();
SshPubKeyService service = (SshPubKeyService) ic.lookup("global/bwreg/bwreg-service/SshPubKeyServiceImpl!edu.kit.scc.webreg.service.ssh.SshPubKeyService");
List<SshPubKeyEntity> keyList = service.findKeysToExpiryWarning(limit, days);
for (SshPubKeyEntity key : keyList) {
service.expiryWarningKey(key, "ExpiryWarningSshPubKeys-job");
}
logger.debug("Expire done");
} catch (NamingException e) {
logger.warn("Could not expire SSH Keys: {}", e);
}
}
}
......@@ -33,6 +33,15 @@ public interface SshPubKeyService extends BaseService<SshPubKeyEntity, Long> {
List<SshPubKeyEntity> findByIdentityAndStatusWithRegs(Long identityId, SshPubKeyStatus keyStatus);
SshPubKeyEntity expireKey(SshPubKeyEntity entity, String executor);
SshPubKeyEntity expiryWarningKey(SshPubKeyEntity entity, String executor);
List<SshPubKeyEntity> findKeysToExpire(int limit);
SshPubKeyEntity keyExpirySent(SshPubKeyEntity entity);
SshPubKeyEntity keyExpiryWarningSent(SshPubKeyEntity entity);
List<SshPubKeyEntity> findKeysToExpiryWarning(int limit, int days);
}
......@@ -10,6 +10,7 @@
******************************************************************************/
package edu.kit.scc.webreg.service.ssh;
import java.util.Date;
import java.util.List;
import javax.ejb.Stateless;
......@@ -72,13 +73,20 @@ public class SshPubKeyServiceImpl extends BaseServiceImpl<SshPubKeyEntity, Long>
public List<SshPubKeyEntity> findKeysToExpire(int limit) {
return dao.findKeysToExpire(limit);
}
@Override
public List<SshPubKeyEntity> findKeysToExpiryWarning(int limit, int days) {
return dao.findKeysToExpiryWarning(limit, days);
}
@Override
public SshPubKeyEntity expireKey(SshPubKeyEntity entity, String executor) {
entity = dao.merge(entity);
entity.setKeyStatus(SshPubKeyStatus.EXPIRED);
logger.debug("Setting key {} to expired");
for (SshPubKeyRegistryEntity regKey : entity.getSshPubKeyRegistries()) {
logger.debug("Deleting registry connection {} for key {}", regKey.getId(), entity.getId());
sshPubKeyRegistryDao.delete(regKey);
}
......@@ -90,15 +98,45 @@ public class SshPubKeyServiceImpl extends BaseServiceImpl<SshPubKeyEntity, Long>
}
return entity;
}
@Override
public SshPubKeyEntity expiryWarningKey(SshPubKeyEntity entity, String executor) {
entity = dao.merge(entity);
logger.debug("Send expiry warning event for key {}", entity.getId());
SshPubKeyEvent event = new SshPubKeyEvent(entity);
try {
eventSubmitter.submit(event, EventType.SSH_KEY_EXPIRY_WARNING, executor);
} catch (EventSubmitException e) {
logger.warn("Could not submit event", e);
}
return entity;
}
@Override
public SshPubKeyEntity keyExpirySent(SshPubKeyEntity entity) {
entity = dao.merge(entity);
entity.setExpiredSent(new Date());
return entity;
}
@Override
public SshPubKeyEntity keyExpiryWarningSent(SshPubKeyEntity entity) {
entity = dao.merge(entity);
entity.setExpireWarningSent(new Date());
return entity;
}
@Override
public SshPubKeyEntity deleteKey(SshPubKeyEntity entity, String executor) {
entity = dao.merge(entity);
entity.setKeyStatus(SshPubKeyStatus.DELETED);
logger.debug("Setting key {} to deleted");
for (SshPubKeyRegistryEntity regKey : entity.getSshPubKeyRegistries()) {
sshPubKeyRegistryDao.delete(regKey);
logger.debug("Deleting registry connection {} for key {}", regKey.getId(), entity.getId());
SshPubKeyRegistryEvent event = new SshPubKeyRegistryEvent(regKey);
try {
eventSubmitter.submit(event, EventType.SSH_KEY_REGISTRY_DELETED, executor);
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment