/* * * Copyright (c) 1999 - 2011 my-Channels Ltd * Copyright (c) 2012 - 2017 Software AG, Darmstadt, Germany and/or Software AG USA Inc., Reston, VA, USA, and/or its subsidiaries and/or its affiliates and/or their licensors. * * Use, reproduction, transfer, publication or disclosure is prohibited except as specifically provided for in your License Agreement with Software AG. * */ package com.pcbsys.nirvana.nAdminAPI.apps; import com.pcbsys.foundation.utils.fEnvironment; import com.pcbsys.nirvana.client.nSessionAttributes; import com.pcbsys.nirvana.nAdminAPI.nAdminIllegalArgumentException; import com.pcbsys.nirvana.nAdminAPI.nChannelACLEntry; import com.pcbsys.nirvana.nAdminAPI.nContainer; import com.pcbsys.nirvana.nAdminAPI.nLeafNode; import com.pcbsys.nirvana.nAdminAPI.nRealmNode; import java.util.Enumeration; /** * This application can be used to add a new subject to a queue, and assign permissions * for operations performed on the queue. */ public class nAddQueueAclEntry { /** * Private variables used in this application */ private String realm = null; private String name = null; private String host = null; private boolean canListAcl = false; private boolean canModifyAcl = false; private boolean fullPrivileges = false; private boolean canGetLastEid = false; private boolean canPeek = false; private boolean canPush = false; private boolean canPurge = false; private boolean canPop = false; private nSessionAttributes attr = null; private String queueName = null; private nRealmNode node = null; /** * Construct an instance of this class using the command line arguments passed * when it is executed. */ public nAddQueueAclEntry(String args[]) { try { // set the permissions flags from the command line processArgs(args); System.out.println("Connecting to " + realm); // construct the session attributes from the realm attr = new nSessionAttributes(realm); // get the root realm node from the realm admin node = new nRealmNode(attr); if (!node.isAuthorised()) { System.out.println("User not authorised on this node " + realm); return; } // wait for the entire node namespace to be constructed if // the operation is recursive System.out.print("waiting for namepsace construction..... "); node.waitForEntireNameSpace(); System.out.println("finished"); dump(); // begin searching the root realm node searchNode(node); node.close(); } catch (Exception e) { e.printStackTrace(); } } /** * Create the new acl entry and set the permissions on the queue */ public void setQueue(nRealmNode p_node, nLeafNode p_leaf) { try { System.out.println("Creating new entry for " + name + "@" + host); // create a new acl entry with the name and host nChannelACLEntry newEntry = createNewACLEntry(name, host); // add the new entry to the acl p_leaf.addACLEntry(newEntry); System.out.println("~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~"); System.out.println("Added ACL for " + p_leaf.getName() + " in realm " + p_node.getName()); System.out.println("~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~"); dump(newEntry); } catch (Exception e) { e.printStackTrace(); } } /** * search the enumeration of child nodes for other realms and queues */ private void searchNodes(nRealmNode p_node, Enumeration enum1) { while (enum1.hasMoreElements()) { Object obj = enum1.nextElement(); if (obj instanceof nLeafNode) { nLeafNode leaf = (nLeafNode) obj; String fullyQualifiedName = leaf.getAbsolutePath(); System.out.println("Found queue " + fullyQualifiedName); if ((!leaf.isChannel()) && (fullyQualifiedName.equals(queueName))) { // we have found the correct queue, so set the permissions on the queue setQueue(p_node, leaf); } } else if (obj instanceof nRealmNode) { // we have found a realm, so search this realm for instances of the queue searchNode((nRealmNode) obj); } else if (obj instanceof nContainer) { nContainer cont = (nContainer) obj; searchNodes(p_node, cont.getNodes()); } } } /** * Search the children of the realm passed as a paremeter */ private void searchNode(nRealmNode p_node) { try { searchNodes(p_node, p_node.getNodes()); } catch (Exception ex) { ex.printStackTrace(); } } /** * Create a new acl entry and set the permissions based on the permissions flags */ public nChannelACLEntry createNewACLEntry(String p_name, String p_host) { nChannelACLEntry aclEntry = null; try { aclEntry = new nChannelACLEntry(p_name, p_host); this.setPermissions(aclEntry); } catch (nAdminIllegalArgumentException e) { System.out.println(e.getMessage()); } return aclEntry; } /** * If you construct an instance of this class from another class, you can set the name * and host for the subject. */ public void setSubject(String p_name, String p_host) { name = p_name; host = p_host; } /** * Set the permissions on the queue acl entry */ public void setPermissions(nChannelACLEntry aclEntry) { aclEntry.setList(canListAcl); aclEntry.setModify(canModifyAcl); aclEntry.setFullPrivileges(fullPrivileges); aclEntry.setGetLastEID(canGetLastEid); aclEntry.setRead(canPeek); aclEntry.setWrite(canPush); aclEntry.setPurge(canPurge); aclEntry.setPop(canPop); } /** * Output to system.out the permissions that have been set */ public void dump(nChannelACLEntry entry) { System.out.println("~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~"); System.out.println("List ACL : " + entry.canList()); System.out.println("Set ACL : " + entry.canModify()); System.out.println("Full Privileges : " + entry.hasFullPrivileges()); System.out.println("Get Last EID : " + entry.canGetLastEID()); System.out.println("Peek queue : " + entry.canRead()); System.out.println("Push to queue : " + entry.canWrite()); System.out.println("Purge queue : " + entry.canPurge()); System.out.println("Pop queue : " + entry.canPop()); System.out.println("~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~"); } /** * Output to system.out the permissions that will be set */ public void dump() { System.out.println("~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~"); System.out.println("ACL will be set to.... "); System.out.println("~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~"); System.out.println("List ACL : " + canListAcl); System.out.println("Set ACL : " + canModifyAcl); System.out.println("Full Privileges : " + fullPrivileges); System.out.println("Get Last EID : " + canGetLastEid); System.out.println("Peek queue : " + canPeek); System.out.println("Push to queue : " + canPush); System.out.println("Purge queue : " + canPurge); System.out.println("Pop queue : " + canPop); System.out.println("~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~"); } /** * Set the program variables and permissions flags based on command line args */ public void getOptions(String args[]) { realm = System.getProperty("RNAME", null); if (realm == null) { Usage(); System.exit(1); } name = System.getProperty("NAME", null); if (name == null) { Usage(); System.exit(1); } host = System.getProperty("HOST", null); if (host == null) { Usage(); System.exit(1); } queueName = System.getProperty("QUEUE", null); if (queueName == null) { Usage(); System.exit(1); } queueName = makeFullyQualified(queueName); for (int i = 0; i < args.length; i++) { if (args[i].equalsIgnoreCase("list_acl")) { canListAcl = true; } else if (args[i].equalsIgnoreCase("modify_acl")) { canModifyAcl = true; } else if (args[i].equalsIgnoreCase("full")) { fullPrivileges = true; } else if (args[i].equalsIgnoreCase("last_eid")) { canGetLastEid = true; } else if (args[i].equalsIgnoreCase("peek")) { canPeek = true; } else if (args[i].equalsIgnoreCase("push")) { canPush = true; } else if (args[i].equalsIgnoreCase("purge")) { canPurge = true; } else if (args[i].equalsIgnoreCase("pop")) { canPop = true; } } } public String makeFullyQualified(String s) { if (!s.startsWith("/")) { s = '/' + s; } if (s.endsWith("/")) { s = s.substring(0, s.length() - 1); } return s; } private void processArgs(String[] args) { if (args.length == 0) { Usage(); System.exit(1); } switch (args.length) { case 1: if (args[0].equals("-?")) { UsageEnv(); } System.setProperty("QUEUE", args[0]); getOptions(null); break; case 2: System.setProperty("QUEUE", args[0]); System.setProperty("NAME", args[1]); getOptions(null); break; default: System.setProperty("QUEUE", args[0]); System.setProperty("NAME", args[1]); System.setProperty("HOST", args[2]); getOptions(args); } } private static void processEnvironmentVariable(String variable) { String laxVAR = System.getProperty("lax.nl.env." + variable); if (laxVAR != null) { System.setProperty(variable, laxVAR); } } /** * Run this as a command line program passing the command line args. * Or construct one of these classes from another class ensuring you have added : * RNAME * NAME * HOST * QUEUE * as system properties, and pass in a list of permissions in the constructor */ public static void main(String[] args) { //Process Environment Variables processEnvironmentVariable("RNAME"); processEnvironmentVariable("LOGLEVEL"); processEnvironmentVariable("HPROXY"); processEnvironmentVariable("HAUTH"); processEnvironmentVariable("CKEYSTORE"); processEnvironmentVariable("CKEYSTOREPASSWD"); processEnvironmentVariable("CAKEYSTORE"); processEnvironmentVariable("CAKEYSTOREPASSWD"); // Install any proxy server settings fEnvironment.setProxyEnvironments(); // Install JSSE SSL Environement settings fEnvironment.setSSLEnvironments(); nAddQueueAclEntry setAcl = new nAddQueueAclEntry(args); System.exit(0); } /** * Prints the usage message for this class */ private static void Usage() { System.out.println("Usage ...\n"); System.out.println( "naddqueueacl [list_acl] [modify_acl] [full] [peek] [push] [purge] [pop]\n"); System.out.println(" \n"); System.out.println(" - Queue name parameter for the queue to add the ACL entry to"); System.out.println(" - User name parameter for the queue to add the ACL entry to"); System.out.println(" - Host name parameter for the queue to add the ACL entry to"); System.out.println("\n[Optional Arguments] \n"); System.out.println("[list_acl] - Specifies that the list acl permission should be added"); System.out.println("[modify_acl] - Specifies that the modify acl permission should be added"); System.out.println("[full] - Specifies that the full permission should be added"); System.out.println("[peak] - Specifies that the peak permission should be added"); System.out.println("[push] - Specifies that the push permission should be added"); System.out.println("[purge] - Specifies that the purge permission should be added"); System.out.println("[pop] - Specifies that the pop permission should be added"); System.out.println("\n\nNote: -? provides help on environment variables \n"); } private static void UsageEnv() { System.out.println("\n\n(Environment Variables) \n"); System.out.println("(RNAME) - One or more RNAME entries in the form protocol://host:port"); System.out.println(" protocol - Can be one of nsp, nhp, nsps, or nhps, where:"); System.out.println(" nsp - Specifies Nirvana Socket Protocol (nsp)"); System.out.println(" nhp - Specifies Nirvana HTTP Protocol (nhp)"); System.out.println(" nsps - Specifies Nirvana Socket Protocol Secure (nsps), i.e. using SSL/TLS"); System.out.println(" nhps - Specifies Nirvana HTTP Protocol Secure (nhps), i.e. using SSL/TLS"); System.out.println(" port - The port number of the server"); System.out.println( "\nHint: - For multiple RNAME entries, use comma separated values which will be attempted in connection weight order\n"); System.out.println( "(LOGLEVEL) - This determines how much information the nirvana api will output 0 = verbose 7 = quiet\n"); System.out.println("(CKEYSTORE) - If using SSL, the location of the keystore containing the client cert\n"); System.out.println("(CKEYSTOREPASSWD) - If using SSL, the password for the keystore containing the client cert\n"); System.out.println("(CAKEYSTORE) - If using SSL, the location of the ca truststore\n"); System.out.println("(CAKEYSTOREPASSWD) - If using SSL, the password for the ca truststore\n"); System.out.println("(HPROXY) - HTTP Proxy details in the form proxyhost:proxyport, where:"); System.out.println(" proxyhost - The HTTP proxy host"); System.out.println(" proxyport - The HTTP proxy port\n"); System.out.println("(HAUTH) - HTTP Proxy authentication details in the form user:pass, where:"); System.out.println(" user - The HTTP proxy authentication username"); System.out.println(" pass - The HTTP proxy authentication password\n"); System.exit(1); } }