Commit 7165704e authored by michael.simon's avatar michael.simon
Browse files

Add job for ssh pub key expiration

parent bcb97739
......@@ -29,4 +29,6 @@ public interface SshPubKeyDao extends BaseDao<SshPubKeyEntity, Long> {
List<SshPubKeyEntity> findByIdentity(Long identityId);
List<SshPubKeyEntity> findKeysToExpire(int limit);
}
......@@ -10,6 +10,7 @@
******************************************************************************/
package edu.kit.scc.webreg.dao.jpa;
import java.util.Date;
import java.util.List;
import javax.enterprise.context.ApplicationScoped;
......@@ -74,6 +75,16 @@ public class JpaSshPubKeyDao extends JpaBaseDao<SshPubKeyEntity, Long> implement
.getResultList();
}
@Override
@SuppressWarnings("unchecked")
public List<SshPubKeyEntity> findKeysToExpire(int limit) {
return em.createQuery("select e from SshPubKeyEntity e where e.expiresAt < :dateNow and e.keyStatus != :keyStatus")
.setParameter("dateNow", new Date())
.setParameter("keyStatus", SshPubKeyStatus.ACTIVE)
.setMaxResults(limit)
.getResultList();
}
@Override
public Class<SshPubKeyEntity> getEntityClass() {
return SshPubKeyEntity.class;
......
......@@ -40,6 +40,7 @@ public enum EventType {
*/
SSH_KEY_DEPLOYED,
SSH_KEY_DELETED,
SSH_KEY_EXPIRED,
SSH_KEY_REGISTRY_APPROVAL,
SSH_KEY_REGISTRY_DEPLOYED,
SSH_KEY_REGISTRY_DENIED,
......
......@@ -51,6 +51,12 @@ public class SshPubKeyEntity extends AbstractBaseEntity {
@Column(name = "expires_at")
private Date expiresAt;
@Column(name = "expires_warn_sent_at")
private Date expireWarningSent;
@Column(name = "expired_sent_at")
private Date expiredSent;
public UserEntity getUser() {
return user;
}
......@@ -122,4 +128,20 @@ public class SshPubKeyEntity extends AbstractBaseEntity {
public void setIdentity(IdentityEntity identity) {
this.identity = identity;
}
public Date getExpireWarningSent() {
return expireWarningSent;
}
public void setExpireWarningSent(Date expireWarningSent) {
this.expireWarningSent = expireWarningSent;
}
public Date getExpiredSent() {
return expiredSent;
}
public void setExpiredSent(Date expiredSent) {
this.expiredSent = expiredSent;
}
}
......@@ -14,5 +14,6 @@ public enum SshPubKeyStatus {
ACTIVE,
DELETED,
EXPIRED,
}
/*******************************************************************************
* Copyright (c) 2014 Michael Simon.
* All rights reserved. This program and the accompanying materials
* are made available under the terms of the GNU Public License v3.0
* which accompanies this distribution, and is available at
* http://www.gnu.org/licenses/gpl.html
*
* Contributors:
* Michael Simon - initial
******************************************************************************/
package edu.kit.scc.webreg.job;
import java.util.List;
import javax.naming.InitialContext;
import javax.naming.NamingException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import edu.kit.scc.webreg.entity.SshPubKeyEntity;
import edu.kit.scc.webreg.service.ssh.SshPubKeyService;
public class ExpireSshPubKeys extends AbstractExecutableJob {
private static final long serialVersionUID = 1L;
@Override
public void execute() {
Logger logger = LoggerFactory.getLogger(ExpireSshPubKeys.class);
try {
logger.debug("Expire Ssh pub keys");
Integer limit;
if (getJobStore().containsKey("limit")) {
limit = Integer.parseInt(getJobStore().get("limit"));
}
else {
limit = 1;
}
InitialContext ic = new InitialContext();
SshPubKeyService service = (SshPubKeyService) ic.lookup("global/bwreg/bwreg-service/SshPubKeyServiceImpl!edu.kit.scc.webreg.service.ssh.SshPubKeyService");
List<SshPubKeyEntity> keyList = service.findKeysToExpire(limit);
for (SshPubKeyEntity key : keyList) {
service.expireKey(key, "ExpireSshPubKeys-job");
}
logger.debug("Expire done");
} catch (NamingException e) {
logger.warn("Could not expire SSH Keys: {}", e);
}
}
}
......@@ -32,4 +32,7 @@ public interface SshPubKeyService extends BaseService<SshPubKeyEntity, Long> {
List<SshPubKeyEntity> findByIdentityAndStatusWithRegs(Long identityId, SshPubKeyStatus keyStatus);
SshPubKeyEntity expireKey(SshPubKeyEntity entity, String executor);
List<SshPubKeyEntity> findKeysToExpire(int limit);
}
......@@ -67,6 +67,29 @@ public class SshPubKeyServiceImpl extends BaseServiceImpl<SshPubKeyEntity, Long>
public List<SshPubKeyEntity> findByIdentityAndStatusWithRegs(Long identityId, SshPubKeyStatus keyStatus) {
return dao.findByIdentityAndStatusWithRegs(identityId, keyStatus);
}
@Override
public List<SshPubKeyEntity> findKeysToExpire(int limit) {
return dao.findKeysToExpire(limit);
}
@Override
public SshPubKeyEntity expireKey(SshPubKeyEntity entity, String executor) {
entity = dao.merge(entity);
entity.setKeyStatus(SshPubKeyStatus.EXPIRED);
for (SshPubKeyRegistryEntity regKey : entity.getSshPubKeyRegistries()) {
sshPubKeyRegistryDao.delete(regKey);
}
SshPubKeyEvent event = new SshPubKeyEvent(entity);
try {
eventSubmitter.submit(event, EventType.SSH_KEY_EXPIRED, executor);
} catch (EventSubmitException e) {
logger.warn("Could not submit event", e);
}
return entity;
}
@Override
public SshPubKeyEntity deleteKey(SshPubKeyEntity entity, String executor) {
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment