View Javadoc

1   /*
2    * AbstractWebCommand.java
3    *
4    * Created on November 4, 2004, 10:07 AM
5    */
6   package gov.bnl.gums.command;
7   
8   import gov.bnl.gums.CertToolkit;
9   import gov.bnl.gums.admin.*;
10  
11  import java.security.cert.X509Certificate;
12  import java.net.ConnectException;
13  
14  import javax.net.ssl.X509KeyManager;
15  
16  import org.apache.axis.AxisFault;
17  import org.apache.commons.cli.*;
18  import org.apache.log4j.Logger;
19  import org.apache.log4j.Level;
20  
21  import org.glite.security.trustmanager.ContextWrapper;
22  import org.glite.security.voms.VOMSValidator;
23  import org.glite.security.voms.BasicVOMSTrustStore;
24  import org.glite.security.util.DirectoryList;
25  
26  /**
27   * Class to provide general command line utilities such as
28   * argument parsing and authentication
29   * 
30   * @author Gabriele Carcassi, Jay Packard
31   */
32  public abstract class AbstractCommand {
33  	static protected AbstractCommand command;
34  
35  	/*static {
36  		String vomsdir;
37  		Logger.getLogger(org.glite.security.trustmanager.CRLFileTrustManager.class.getName()).setLevel(Level.ERROR);
38  		Logger.getLogger("org.glite.security.trustmanager.axis.AXISSocketFactory").setLevel(Level.OFF);
39  		Logger.getLogger("org.glite.security.util.DirectoryList").setLevel(Level.OFF);
40  		VOMSValidator.setTrustStore(new BasicVOMSTrustStore(System.getProperty("sslCAFiles"), 12*3600*1000));
41  	}*/
42  	
43      static public void main(String[] args) {
44          command.execute(args);
45      }
46      
47  	private Logger log = Logger.getLogger(AbstractCommand.class);
48      private String clientDN;
49      private boolean usingProxy;
50      protected String commandName;
51      protected String syntax;
52      protected String description;
53      protected boolean failOnArguments;
54      
55      /**
56       * Creates a new AbstractWebCommand object.
57       */
58      public AbstractCommand() {
59          String className = getClass().getName();
60  
61          commandName = CommandLineToolkit.getCommandName(className);
62      }
63      
64      /**
65       * Extracting the client DN
66       */
67      private void initClientCred() {
68          // If DN is already found, no need to find it again...
69          if (clientDN != null) return;
70          
71          log.trace("Retrieving client credentials");
72          
73          try {
74              ContextWrapper wrapper = new ContextWrapper(System.getProperties());
75              X509KeyManager manager = wrapper.getKeyManager();
76              String[] aliases = manager.getClientAliases("RSA", null);
77              
78              if ((aliases == null) || (aliases.length == 0)) {
79                  System.err.println("\nThe user credentials loading failed");
80                  System.exit(-1);
81              }
82              
83              X509Certificate[] chain = manager.getCertificateChain(aliases[0]);
84              
85              X509Certificate cert = chain[0];
86              log.trace("Certificate retrieved: " + cert);
87              clientDN = CertToolkit.getUserDN(cert);
88              String commaDN = cert.getSubjectX500Principal().toString();
89              String certDN = CertToolkit.convertDN(commaDN);
90              log.trace("Certificate subject: " + certDN);
91              log.trace("Client DN: " + clientDN);
92              if (!clientDN.equals(certDN)) {
93                  log.trace("Using proxy");
94                  usingProxy = true;
95              } else {
96                  log.trace("Not using proxy");
97                  usingProxy = false;
98              }
99          } catch (Exception e) {
100             log.error("Couldn't retrieve client credentials", e);
101             return;
102         }
103     }
104     
105     protected abstract Options buildOptions();
106 
107     protected abstract void execute(CommandLine cmd) throws Exception;
108 
109     protected void execute(String[] args) {
110         Options options = buildOptions();
111         Option help = OptionBuilder.withLongOpt("help")
112                                    .withDescription("print this message")
113                                    .create();
114 
115         //new Option("?", "help",false,"print this message");
116         options.addOption(help);
117 
118         CommandLine cmd = parse(options, args);
119 
120         try {
121             execute(cmd);
122         } catch (AxisFault e) {
123             if (e.getCause() != null) {
124                 log.info("An error ocurred when connecting to GUMS", e);
125 
126                 if (e.getCause() instanceof ConnectException) {
127                     System.err.println(
128                         "Couldn't connect to the GUMS server. " +
129                         "Check that your gums-client.properties configuration is pointing to the correct server, " +
130                         "that there are no firewall or network problem, and that the server is up.");
131                     System.err.println(
132                         "[Error message: " +
133                         e.getCause().getMessage() + "]");
134                 } else if (e.getCause() instanceof java.security.cert.CertificateExpiredException) {
135                     System.err.println("Please renew your proxy, or renew your certificate if expired.");
136                     System.err.println(
137                         "[Error message: " +
138                         e.getCause().getMessage() + "]");
139                 } else if ((e.getCause() instanceof java.security.cert.CertificateException) && 
140                            (e.getCause().getMessage().indexOf("(No such file or directory)") != -1) &&
141                            (e.getCause().getMessage().indexOf("/tmp/x509up_u") != -1)) {
142                     System.err.println("Couldn't find your proxy: please generate your proxy");
143                     System.err.println(
144                         "[Error message: " +
145                         e.getCause().getMessage() + "]");
146                 } else if ((e.getCause() instanceof java.security.cert.CertificateException) &&
147                            (e.getCause().getMessage().indexOf("(Permission denied)") != -1) &&
148                            (e.getCause().getMessage().indexOf("key.pem") != -1)) {
149                     System.err.println("Couldn't read the private key: check that you are running as the correct user and check private key file ownership");
150                     System.err.println(
151                         "[Error message: " +
152                         e.getCause().getMessage() + "]");
153                 } else {
154                     System.err.println(
155                         "An error occurred when connecting to GUMS: " +
156                         e.getCause().getMessage());
157                 }
158                 
159             } else {
160                 if (e.getFaultString().indexOf("(0)null") != -1) {
161                     System.err.println("There was a problem connecting to the GUMS server.");
162                     System.err.println("Try using an old-style proxy (i.e. 'grid-proxy-init -old').");
163                     System.err.println(
164                         "[Error message: " +
165                         e.getMessage() + "]");
166                 } else {
167                     System.err.println(
168                         "An error occurred when connecting to GUMS: " +
169                         e.getMessage());
170                     log.info("An error occurred when connecting to GUMS", e);
171                 }
172             }
173             System.exit(-1);
174         } catch (Exception e) {
175             System.out.println("Unexpected error: " + e.getMessage());
176             System.out.println("Full stack trace follows (give it to support):");
177             System.out.println("-------------------------");
178             e.printStackTrace(System.out);
179             log.error("Unexpected error", e);
180             System.exit(-1);
181         }
182     }
183 
184     protected void failForWrongParameters(String message) {
185         System.out.println(message);
186         System.out.println("Try `gums " + commandName +
187             " --help' for more information.");
188         System.exit(-1);
189     }
190 
191     protected String getClientDN() {
192         initClientCred();
193         return clientDN;
194     }
195 
196     protected abstract GUMSAPI getGums(String gumsUrl);
197     
198     protected boolean isUsingProxy() {
199         initClientCred();
200         return usingProxy;
201     }
202 
203     protected CommandLine parse(Options options, String[] args) {
204         CommandLineParser parser = new BasicParser();
205         CommandLine commands = null;
206 
207         try {
208             commands = parser.parse(options, args);
209 
210             if (commands.hasOption("help")) {
211                 printHelp(options);
212                 System.exit(0);
213             }
214 
215             if (failOnArguments && (commands.getArgs() != null) &&
216                     (commands.getArgs().length > 0)) {
217                 System.out.println("The command doesn't accept arguments");
218                 printHelp(options);
219                 System.exit(-1);
220             }
221         } catch (UnrecognizedOptionException e) {
222             System.out.println(e.getMessage());
223             printHelp(options);
224             log.debug("Bogus option", e);
225             System.exit(-1);
226         } catch (ParseException pe) {
227             System.out.println("Command line error:" + pe.getMessage());
228             printHelp(options);
229             log.info("Command line error", pe);
230             System.exit(-1);
231         }
232 
233         return commands;
234     }
235 
236     protected void printHelp(Options options) {
237         HelpFormatter formatter = new HelpFormatter();
238 
239         formatter.printHelp("gums " + commandName + " " + syntax,
240             description + "\n\nOptions:", options, "");
241     }
242 }