0.40.0

- Keytool actions now return any output from the corresponding keytool command as an Action Result
- Changing Cert File, Cert File Type, or Cert File Pass will now update the corresponding System property
- At startup, invoke keytool -help to check whether keytool is available. If it isn't, hide the keytool actions
- Added a default dslink.jks keystore file to resources
- If keystore cannot be found or generated, copy the default keystore from resources into the working directory

Author: d-shapiro

.gitignore

@@ -23,7 +23,6 @@
 **.DS_Store
 
 # Runtime files
-**.jks
 **.key
 **nodes.json
 **nodes*.zip

build.gradle

@@ -5,7 +5,7 @@ subprojects {
     apply plugin: 'maven'
 
     group 'org.iot-dsa'
-    version '0.39.0'
+    version '0.40.0'
 
     sourceCompatibility = 1.6
     targetCompatibility = 1.6

dslink-v2/src/main/java/com/acuity/iot/dsa/dslink/sys/cert/KeyToolUtil.java

@@ -6,7 +6,6 @@
 import java.io.InputStreamReader;
 import java.nio.file.Files;
 import java.nio.file.Paths;
-
 import org.iot.dsa.logging.DSLogger;
 import org.iot.dsa.time.DSTime;
 
@@ -40,7 +39,7 @@ private String executeCommand(String[] cmd) {
 		}
 	}
 
-	public static void generateSelfSigned(String keystore, String password) {
+	public static String generateSelfSigned(String keystore, String password) {
 		String[] cmd = new String[]{
                 "keytool",
                 "-genkey",
@@ -50,12 +49,12 @@ public static void generateSelfSigned(String keystore, String password) {
                 "-alias", "dsa",
                 "-keyalg", "RSA",
                 "-validity", "18000",
-                "-dname", "\"CN=dslink-java-v2, O=DSA, C=US\""
+                "-dname", "CN=dslink-java-v2, O=DSA, C=US"
         };
-		inst.executeCommand(cmd);
+		return inst.executeCommand(cmd);
 	}
 
-	public static String generateCSR(String keystore, String password) throws IOException {
+	public static String[] generateCSR(String keystore, String password) throws IOException {
 		String filename = "dsa.csr";
 		String[] cmd = new String[]{
                 "keytool",
@@ -68,11 +67,12 @@ public static String generateCSR(String keystore, String password) throws IOExce
                 "-dname", "\"CN=dslink-java-v2, O=DSA, C=US\"",
                 "-file", filename
         };
-		inst.executeCommand(cmd);
-		return new String(Files.readAllBytes(Paths.get(filename)));
+		String result = inst.executeCommand(cmd);
+		String csr = new String(Files.readAllBytes(Paths.get(filename)));
+		return new String[] {result, csr};
 	}
 
-	public static void importCACert(String keystore, String certStr, String alias, String password) throws IOException {
+	public static String importCACert(String keystore, String certStr, String alias, String password) throws IOException {
 		String filename = DSTime.encodeForFiles(DSTime.getCalendar(System.currentTimeMillis()), new StringBuilder("tempCACert")).toString();
 		Files.write(Paths.get(filename), certStr.getBytes());
 		String[] cmd = new String[]{
@@ -84,12 +84,13 @@ public static void importCACert(String keystore, String certStr, String alias, S
                 "-alias", alias,
                 "-file", filename
         };
-		inst.executeCommand(cmd);
+		String result = inst.executeCommand(cmd);
 
 		new File(filename).delete();
+		return result;
 	}
 
-	public static void importPrimaryCert(String keystore, String certStr, String password) throws IOException {
+	public static String importPrimaryCert(String keystore, String certStr, String password) throws IOException {
 		String filename = DSTime.encodeForFiles(DSTime.getCalendar(System.currentTimeMillis()), new StringBuilder("tempCert")).toString();
 		Files.write(Paths.get(filename), certStr.getBytes());
 		String[] cmd = new String[]{
@@ -101,9 +102,10 @@ public static void importPrimaryCert(String keystore, String certStr, String pas
                 "-alias", "dsa",
                 "-file", filename
         };
-		inst.executeCommand(cmd);
+		String result = inst.executeCommand(cmd);
 
 		new File(filename).delete();
+		return result;
 	}
 
 	public static String getEntry(String keystore, String password) {
@@ -118,15 +120,23 @@ public static String getEntry(String keystore, String password) {
         return inst.executeCommand(cmd);
 	}
 
-	public static void deleteEntry(String keystore, String password) {
+	public static String deleteEntry(String keystore, String password) {
 	    String[] cmd = new String[]{
                 "keytool",
                 "-delete",
                 "-keystore", keystore,
                 "-storepass", password,
                 "-alias", "dsa",
         };
-	    inst.executeCommand(cmd);
+	    return inst.executeCommand(cmd);
+	}
+	
+	public static String help() {
+	    String[] cmd = new String[] {
+	            "keytool",
+	            "-help"
+	    };
+	    return inst.executeCommand(cmd);
 	}
 
 }

dslink-v2/src/main/java/com/acuity/iot/dsa/dslink/sys/cert/SysCertService.java

@@ -2,7 +2,9 @@
 
 import com.acuity.iot.dsa.dslink.sys.cert.HostnameWhitelist.WhitelistValue;
 import java.io.File;
+import java.io.FileOutputStream;
 import java.io.IOException;
+import java.io.InputStream;
 import java.security.cert.CertificateEncodingException;
 import java.security.cert.X509Certificate;
 import javax.net.ssl.HostnameVerifier;
@@ -50,6 +52,7 @@ public class SysCertService extends DSNode {
     private static final String GENERATE_SELF_SIGNED = "Generate Self-Signed Certificate";
     private static final String DELETE_KS_ENTRY = "Delete Keystore Entry";
     private static final String GET_KS_ENTRY = "Get Keystore Entry";
+    private static final String DEFAULT_CERTFILE = "dslink.jks";
 
     // Fields
     // ------
@@ -60,6 +63,12 @@ public class SysCertService extends DSNode {
     private DSInfo keystorePath = getInfo(CERTFILE);
     private DSInfo keystorePass = getInfo(CERTFILE_PASS);
     private DSInfo keystoreType = getInfo(CERTFILE_TYPE);
+    private DSInfo generateCsr = getInfo(GENERATE_CSR);
+    private DSInfo importCaCert = getInfo(IMPORT_CA_CERT);
+    private DSInfo importPrimaryCert = getInfo(IMPORT_PRIMARY_CERT);
+    private DSInfo generateSSCert = getInfo(GENERATE_SELF_SIGNED);
+    private DSInfo getKSEntry = getInfo(GET_KS_ENTRY);
+    private DSInfo deleteKSEntry = getInfo(DELETE_KS_ENTRY);
     private CertCollection localTruststore;
     private CertCollection quarantine;
     private HostnameWhitelist whitelist;
@@ -128,7 +137,7 @@ public void declareDefaults() {
         declareDefault(ALLOW_SERVERS, DSBool.TRUE);
         declareDefault(VERIFY_HOSTNAMES, DSBool.TRUE);
         declareDefault(HOSTNAME_WHITELIST, new HostnameWhitelist());
-        declareDefault(CERTFILE, DSString.valueOf("dslink.jks"));
+        declareDefault(CERTFILE, DSString.valueOf(DEFAULT_CERTFILE));
         declareDefault(CERTFILE_TYPE, DSString.valueOf("JKS"));
         declareDefault(CERTFILE_PASS, DSPasswordAes128.valueOf("dsarocks"));
         declareDefault(LOCAL_TRUSTSTORE, new CertCollection());
@@ -153,17 +162,23 @@ public void prepareParameter(DSInfo info, DSMap parameter) {
 
             @Override
             public ActionResult invoke(DSInfo info, ActionInvocation invocation) {
-                String csr = ((SysCertService) info.getParent()).generateCSR();
-                return csr != null ? new DSActionValues(info.getAction())
-                        .addResult(DSString.valueOf(csr)) : null;
+                String[] results = ((SysCertService) info.getParent()).generateCSR();
+                if (results != null && results.length > 1) {
+                    return new DSActionValues(info.getAction())
+                            .addResult(DSString.valueOf(results[0]))
+                            .addResult(DSString.valueOf(results[1]));
+                } else {
+                    return null;
+                }
             }
         };
         act.setResultType(ResultType.VALUES);
+        act.addValueResult("Result", DSValueType.STRING);
         act.addValueResult("CSR", DSValueType.STRING).setEditor("textarea");
         return act;
     }
 
-    private String generateCSR() {
+    private String[] generateCSR() {
         try {
             return KeyToolUtil.generateCSR(getKeystorePath(), getCertFilePass());
         } catch (IOException e) {
@@ -182,22 +197,25 @@ public void prepareParameter(DSInfo info, DSMap parameter) {
             @Override
             public ActionResult invoke(DSInfo info, ActionInvocation invocation) {
                 DSMap parameters = invocation.getParameters();
-                ((SysCertService) info.getParent()).importCACert(parameters);
-                return null;
+                String result = ((SysCertService) info.getParent()).importCACert(parameters);
+                return new DSActionValues(info.getAction()).addResult(DSString.valueOf(result));
             }
         };
         act.addParameter("Alias", DSValueType.STRING, null);
         act.addParameter("Certificate", DSValueType.STRING, null).setEditor("textarea");
+        act.setResultType(ResultType.VALUES);
+        act.addValueResult("Result", DSValueType.STRING);
         return act;
     }
 
-    private void importCACert(DSMap parameters) {
+    private String importCACert(DSMap parameters) {
         String alias = parameters.getString("Alias");
         String certStr = parameters.getString("Certificate");
         try {
-            KeyToolUtil.importCACert(getKeystorePath(), certStr, alias, getCertFilePass());
+            return KeyToolUtil.importCACert(getKeystorePath(), certStr, alias, getCertFilePass());
         } catch (IOException e) {
             DSException.throwRuntime(e);
+            return null;
         }
     }
 
@@ -211,20 +229,23 @@ public void prepareParameter(DSInfo info, DSMap parameter) {
             @Override
             public ActionResult invoke(DSInfo info, ActionInvocation invocation) {
                 DSMap parameters = invocation.getParameters();
-                ((SysCertService) info.getParent()).importPrimaryCert(parameters);
-                return null;
+                String result = ((SysCertService) info.getParent()).importPrimaryCert(parameters);
+                return new DSActionValues(info.getAction()).addResult(DSString.valueOf(result));
             }
         };
         act.addParameter("Certificate", DSValueType.STRING, null).setEditor("textarea");
+        act.setResultType(ResultType.VALUES);
+        act.addValueResult("Result", DSValueType.STRING);
         return act;
     }
 
-    private void importPrimaryCert(DSMap parameters) {
+    private String importPrimaryCert(DSMap parameters) {
         String certStr = parameters.getString("Certificate");
         try {
-            KeyToolUtil.importPrimaryCert(getKeystorePath(), certStr, getCertFilePass());
+            return KeyToolUtil.importPrimaryCert(getKeystorePath(), certStr, getCertFilePass());
         } catch (IOException e) {
             DSException.throwRuntime(e);
+            return null;
         }
     }
 
@@ -237,10 +258,12 @@ public void prepareParameter(DSInfo info, DSMap parameter) {
 
             @Override
             public ActionResult invoke(DSInfo info, ActionInvocation invocation) {
-                ((SysCertService) info.getParent()).keytoolGenkey();
-                return null;
+                String result = ((SysCertService) info.getParent()).keytoolGenkey();
+                return new DSActionValues(info.getAction()).addResult(DSString.valueOf(result));
             }
         };
+        act.setResultType(ResultType.VALUES);
+        act.addValueResult("Result", DSValueType.STRING);
         return act;
     }
 
@@ -275,15 +298,17 @@ public void prepareParameter(DSInfo info, DSMap parameter) {
 
             @Override
             public ActionResult invoke(DSInfo info, ActionInvocation invocation) {
-                ((SysCertService) info.getParent()).deleteKSEntry();
-                return null;
+                String result = ((SysCertService) info.getParent()).deleteKSEntry();
+                return new DSActionValues(info.getAction()).addResult(DSString.valueOf(result));
             }
         };
+        act.setResultType(ResultType.VALUES);
+        act.addValueResult("Result", DSValueType.STRING);
         return act;
     }
 
-    private void deleteKSEntry() {
-        KeyToolUtil.deleteEntry(getKeystorePath(), getCertFilePass());
+    private String deleteKSEntry() {
+        return KeyToolUtil.deleteEntry(getKeystorePath(), getCertFilePass());
     }
 
     private String getCertFilePass() {
@@ -298,19 +323,66 @@ private String getKeystorePath() {
     /**
      * Executes the java keytool to generate a new self signed cert.
      */
-    private void keytoolGenkey() {
-        KeyToolUtil.generateSelfSigned(getKeystorePath(), getCertFilePass());
+    private String keytoolGenkey() {
+        return KeyToolUtil.generateSelfSigned(getKeystorePath(), getCertFilePass());
+    }
+    
+    private boolean isKeytoolAvailable() {
+        String result = KeyToolUtil.help();
+        return result != null && !result.isEmpty();
     }
 
     @Override
     public void onStarted() {
         inst = this;
         AnonymousTrustFactory.init(this);
-        String keystore = this.keystorePath.getElement().toString();
+        String keystore = getKeystorePath();
         File f = new File(keystore);
-        if (!f.exists()) {
-            keytoolGenkey();
+        if (isKeytoolAvailable()) {
+            if (!f.exists()) {
+                keytoolGenkey();
+            }
+        } else {
+            info("Keytool not available. Disabling keytool functionality and attempting to use existing keystore");
+            if (!f.exists()) {
+                InputStream inpStream = null;
+                FileOutputStream outStream = null;
+                try {
+                    inpStream = SysCertService.class.getResourceAsStream(DEFAULT_CERTFILE);
+                    if (inpStream != null) {
+                        int readBytes;
+                        byte[] buffer = new byte[4096];
+                        outStream = new FileOutputStream(f);
+                        while ((readBytes = inpStream.read(buffer)) > 0) {
+                            outStream.write(buffer, 0, readBytes);
+                        }
+                    }
+                } catch (Exception e) {
+                    debug("", e);
+                } finally {
+                    try {
+                        if (inpStream != null) {
+                            inpStream.close();
+                        }
+                        if (outStream != null) {
+                            outStream.close();
+                        }
+                    } catch (Exception e) {
+                        debug("", e);
+                    }
+                }
+                if (!f.exists()) {
+                    error("Existing keystore not found and new one could not be generated");
+                }
+            }
+            generateCsr.setHidden(true);
+            importCaCert.setHidden(true);
+            importPrimaryCert.setHidden(true);
+            generateSSCert.setHidden(true);
+            getKSEntry.setHidden(true);
+            deleteKSEntry.setHidden(true);
         }
+        
         try {
             System.setProperty("javax.net.ssl.keyStore", keystore);
             System.setProperty("javax.net.ssl.keyStoreType",
@@ -321,6 +393,18 @@ public void onStarted() {
         }
         HttpsURLConnection.setDefaultHostnameVerifier(hostnameVerifier);
     }
+    
+    @Override
+    protected void onChildChanged(DSInfo info) {
+        if (info == keystorePath) {
+            System.setProperty("javax.net.ssl.keyStore", getKeystorePath());
+        } else if (info == keystoreType) {
+            System.setProperty("javax.net.ssl.keyStoreType",
+                    keystoreType.getElement().toString());
+        } else if (info == keystorePass) {
+            System.setProperty("javax.net.ssl.keyStorePassword", getCertFilePass());
+        }
+    }
 
     public boolean isInTrustStore(X509Certificate cert) {
         return getLocalTruststore().containsCertificate(cert);