start rework to use IBMi5OSKeyStore (#28)

* start rework to use IBMi5OSKeyStore

* fixup

* optimize `dcmexportcert` if format is pkcs12

* fix `dcmrenew`

* fixup

* code fix per comment in issue #22

Co-authored-by: Jesse Gorzinski <[email protected]>

Makefile

@@ -1,8 +1,8 @@
 
 
 
-target/dcmtools.jar: FORCE /QOpenSys/pkgs/bin/mvn /QOpenSys/pkgs/bin/trust /QOpenSys/pkgs/lib/jvm/openjdk-11/bin/java
-	JAVA_HOME=/QOpenSys/pkgs/lib/jvm/openjdk-11 /QOpenSys/pkgs/bin/mvn package
+target/dcmtools.jar: FORCE /QOpenSys/pkgs/bin/mvn /QOpenSys/pkgs/bin/trust /QOpenSys/pkgs/bin/install
+	JAVA_HOME=/QOpenSys/QIBM/ProdData/JavaVM/jdk80/64bit /QOpenSys/pkgs/bin/mvn package
 	cp target/*-with-dependencies.jar target/dcmtools.jar
 
 FORCE:
@@ -18,12 +18,12 @@ clean:
 /QOpenSys/pkgs/bin/mvn:
 	/QOpenSys/pkgs/bin/yum install maven
 
-/QOpenSys/pkgs/lib/jvm/openjdk-11/bin/java:
-	/QOpenSys/pkgs/bin/yum install openjdk-11
-
 /QOpenSys/pkgs/bin/trust:
 	/QOpenSys/pkgs/bin/yum install /QOpenSys/pkgs/bin/trust
 
+/QOpenSys/pkgs/bin/install:
+	/QOpenSys/pkgs/bin/yum install /QOpenSys/pkgs/bin/install
+
 install: scripts/dcmimport scripts/dcmexport target/dcmtools.jar 
 	install -m 755 -o qsys -D -d ${INSTALL_ROOT}/QOpenSys/pkgs/bin ${INSTALL_ROOT}/QOpenSys/pkgs/lib/dcmtools
 	install -m 555 -o qsys scripts/* ${INSTALL_ROOT}/QOpenSys/pkgs/bin/

src/main/java/com/github/ibmioss/dcmtools/CertFileImporter.java

@@ -133,7 +133,6 @@ public void doImport(final AppLogger _logger, final ImportOptions _opts, final D
 
         // Convert the KeyStore object to a file in the format needed by the DCM API
         final String dcmImportFile = new KeyStoreLoader(keyStore).saveToDcmApiFormatFile(TempFileManager.TEMP_KEYSTORE_PWD);
-        ;
 
         // .... and... call the DCM API to do the import!
         try (DcmApiCaller caller = new DcmApiCaller(isYesMode)) {

src/main/java/com/github/ibmioss/dcmtools/CertRenewer.java

@@ -1,6 +1,7 @@
 package com.github.ibmioss.dcmtools;
 
 import java.beans.PropertyVetoException;
+import java.io.File;
 import java.io.FileNotFoundException;
 import java.io.FileOutputStream;
 import java.io.IOException;
@@ -14,6 +15,7 @@
 import java.util.LinkedList;
 import java.util.List;
 
+import com.github.ibmioss.dcmtools.utils.DcmApiCaller;
 import com.github.ibmioss.dcmtools.utils.KeyStoreLoader;
 import com.github.ibmioss.dcmtools.utils.TempFileManager;
 import com.github.theprez.jcmdutils.AppLogger;
@@ -39,13 +41,16 @@ public void doRenew(final AppLogger _logger, final DcmUserOpts _opts) throws Key
         final KeyStore keyStore = new KeyStoreLoader(null, m_fileNames, null, null, false).getKeyStore();
 
         for (final String alias : Collections.list(keyStore.aliases())) {
-            renewCert(keyStore.getCertificate(alias));
+            renewCert(_logger, keyStore.getCertificate(alias),_opts);
         }
     }
 
-    private void renewCert(final Certificate _cert) throws CertificateEncodingException, FileNotFoundException, IOException {
-        try (FileOutputStream fos = new FileOutputStream(TempFileManager.createTempFile())) {
+    private void renewCert(final AppLogger _logger, final Certificate _cert, final DcmUserOpts _opts) throws CertificateEncodingException, FileNotFoundException, IOException, PropertyVetoException, AS400SecurityException, ErrorCompletingRequestException, InterruptedException, ObjectDoesNotExistException {
+        File tmpFile = TempFileManager.createTempFile();
+        try (FileOutputStream fos = new FileOutputStream(tmpFile)) {
             fos.write(_cert.getEncoded());
         }
+        new DcmApiCaller(_opts.isYesMode()).callQycdRenewCertificate_RNWC0300(_logger, tmpFile.getAbsolutePath());
+        tmpFile.delete();
     }
 }

src/main/java/com/github/ibmioss/dcmtools/DcmChangePwCmd.java

@@ -1,11 +1,10 @@
 package com.github.ibmioss.dcmtools;
 
-import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileOutputStream;
+import java.security.KeyStore;
 
-import com.github.ibmioss.dcmtools.CertFileExporter.ExportOptions;
-import com.github.ibmioss.dcmtools.utils.CertUtils;
-import com.github.ibmioss.dcmtools.utils.DcmApiCaller;
-import com.github.ibmioss.dcmtools.utils.FileUtils;
+import com.github.ibmioss.dcmtools.DcmExportCmd.ExportOptions;
 import com.github.ibmioss.dcmtools.utils.TempFileManager;
 import com.github.theprez.jcmdutils.AppLogger;
 import com.github.theprez.jcmdutils.StringUtils;
@@ -19,7 +18,7 @@
 public class DcmChangePwCmd {
 
     public static void main(final String... _args) {
-        final ExportOptions opts = new CertFileExporter.ExportOptions();
+        final ExportOptions opts = new DcmExportCmd.ExportOptions();
         opts.setDcmStore(null);
         opts.setPasswordProtected(true);
         for (final String arg : _args) {
@@ -47,19 +46,15 @@ public static void main(final String... _args) {
         }
         final AppLogger logger = AppLogger.getSingleton(opts.isVerbose());
         try {
-            final File tmpFileOld = TempFileManager.createTempFile();
-            FileUtils.delete(tmpFileOld);
-            CertUtils.exportDcmStore(logger, opts.isYesMode(), opts.getDcmStore(), opts.getDcmPassword(), tmpFileOld.getAbsolutePath());
-            // At this point, we've exported to a temp file with the temp file password. Import that into a new temp DCM store
-            // .... and now we import that into a NEW temp file that has the new password
-            final File tmpFileNew = TempFileManager.createTempFile();
-            FileUtils.delete(tmpFileNew);
-            try (DcmApiCaller caller = new DcmApiCaller(opts.isYesMode())) {
-                caller.callQykmImportKeyStore(logger, tmpFileNew.getAbsolutePath(), new String(opts.getPasswordOrThrow()), tmpFileOld.getAbsolutePath(), TempFileManager.TEMP_KEYSTORE_PWD);
-            }
+
 
-            // now, replace the original
-            FileUtils.moveToWithBackup(tmpFileNew.getAbsolutePath(), opts.getDcmStore(), true);
+            KeyStore ks = KeyStore.getInstance("IBMi5OSKeyStore");
+            try (FileInputStream fis = new FileInputStream(opts.getDcmStore())) {
+                ks.load(fis, opts.getDcmPassword().toCharArray());
+            }
+            try (FileOutputStream fos = new FileOutputStream(opts.getDcmStore())) {
+                ks.store(fos, opts.getPasswordOrThrow());
+            }
 
             logger.println_success("SUCCESS!!!");
         } catch (final Exception e) {

src/main/java/com/github/ibmioss/dcmtools/DcmExportCertCmd.java

@@ -1,19 +1,16 @@
 package com.github.ibmioss.dcmtools;
 
 import java.io.BufferedWriter;
-import java.io.File;
 import java.io.FileOutputStream;
 import java.io.IOException;
 import java.io.OutputStreamWriter;
 import java.security.KeyStore;
 import java.security.cert.Certificate;
 import java.security.cert.X509Certificate;
-import java.util.Arrays;
 import java.util.Base64;
 import java.util.Base64.Encoder;
 
 import com.github.ibmioss.dcmtools.utils.CertUtils;
-import com.github.ibmioss.dcmtools.utils.KeyStoreLoader;
 import com.github.ibmioss.dcmtools.utils.TempFileManager;
 import com.github.theprez.jcmdutils.AppLogger;
 import com.github.theprez.jcmdutils.ConsoleQuestionAsker;
@@ -113,10 +110,8 @@ public static void main(final String... _args) {
             printUsageAndExit();
         }
         try {
-            final File dcmStore = CertUtils.exportDcmStore(logger, opts.isYesMode(), opts.getDcmStore(), opts.getDcmPassword(), null);
-            final KeyStoreLoader loader = new KeyStoreLoader(null, Arrays.asList(dcmStore.getAbsolutePath()), TempFileManager.TEMP_KEYSTORE_PWD, opts.getLabel(), false);
-            final KeyStore keyStore = loader.getKeyStore();
-            final Certificate cert = keyStore.getCertificate(opts.getLabel());
+            KeyStore ks = CertUtils.exportDcmStoreToKeystoreObj(logger, opts.isYesMode(), opts.getDcmStore(), opts.getDcmPassword());
+            final Certificate cert = ks.getCertificate(opts.getLabel());
 
             if (ExportCertOptions.OutputFormat.PEM == opts.getFormat()) {
                 try (BufferedWriter bw = new BufferedWriter(new OutputStreamWriter(new FileOutputStream(file), "UTF-8"))) {

src/main/java/com/github/ibmioss/dcmtools/DcmExportCmd.java

@@ -1,8 +1,18 @@
 package com.github.ibmioss.dcmtools;
 
-import com.github.ibmioss.dcmtools.CertFileExporter.ExportOptions;
+import java.io.FileOutputStream;
+import java.io.IOException;
+import java.security.KeyStore;
+import java.security.cert.Certificate;
+import java.security.cert.X509Certificate;
+import java.util.Collections;
+
+import javax.security.auth.x500.X500Principal;
+
+import com.github.ibmioss.dcmtools.utils.CertUtils;
 import com.github.ibmioss.dcmtools.utils.TempFileManager;
 import com.github.theprez.jcmdutils.AppLogger;
+import com.github.theprez.jcmdutils.ConsoleQuestionAsker;
 import com.github.theprez.jcmdutils.StringUtils;
 import com.github.theprez.jcmdutils.StringUtils.TerminalColor;
 
@@ -56,7 +66,25 @@ public static void main(final String... _args) {
             printUsageAndExit();
         }
         try {
-            new CertFileExporter(file).doExport(logger, opts);
+            if("pkcs12".equalsIgnoreCase(opts.getOutputFileFormat())) {
+                CertUtils.exportDcmStore(logger, opts.isYesMode(), opts.getDcmStore(), opts.getDcmPassword(), file, opts.getPasswordOrThrow());
+                return;
+            }
+            final KeyStore sourceKs = CertUtils.exportDcmStoreToKeystoreObj(logger, opts.isYesMode(), opts.getDcmStore(), opts.getDcmPassword());
+            final KeyStore destKs = KeyStore.getInstance(opts.outputFileFormat);
+            destKs.load(null, null);
+            for (final String alias : Collections.list(sourceKs.aliases())) {
+                final Certificate cert = sourceKs.getCertificate(alias);
+                if (cert instanceof X509Certificate) {
+                    logger.println("    " + alias + ": " + StringUtils.colorizeForTerminal(((X509Certificate) cert).getIssuerX500Principal().getName(X500Principal.RFC1779), TerminalColor.CYAN));
+                } else {
+                    logger.println_err("    " + alias + ": " + StringUtils.colorizeForTerminal("<unknown CN>", TerminalColor.BRIGHT_RED));
+                }
+                destKs.setCertificateEntry(alias, cert);
+            }
+            try (FileOutputStream out = new FileOutputStream(file)) {
+                destKs.store(out, opts.getPasswordOrThrow());
+            }
             logger.println_success("SUCCESS!!!");
         } catch (final Exception e) {
             logger.printExceptionStack_verbose(e);
@@ -88,4 +116,53 @@ private static void printUsageAndExit() {
         System.err.println(usage);
         System.exit(-1);
     }
+
+    public static class ExportOptions extends DcmUserOpts {
+        public boolean isPasswordProtected = false;
+        public String outputFileFormat = "pkcs12";
+        public char[] password = null;
+
+        public String getOutputFileFormat() {
+            return outputFileFormat;
+        }
+
+        public char[] getPasswordOrNull() throws IOException {
+            if (!isPasswordProtected) {
+                return null;
+            }
+            if (StringUtils.isEmpty(password) && !isYesMode()) {
+                final String resp = ConsoleQuestionAsker.get().askUserForPwd("Enter output file password: ");
+                return password = resp.toCharArray();
+            } else {
+                return password;
+            }
+        }
+
+        public char[] getPasswordOrThrow() throws IOException {
+            if (null != password) {
+                return password;
+            }
+            if (StringUtils.isEmpty(password) && !isYesMode()) {
+                final String resp = ConsoleQuestionAsker.get().askUserForPwd("Enter output file password: ");
+                return password = resp.toCharArray();
+            }
+            throw new IOException("ERROR: Password is required");
+        }
+
+        public boolean isPasswordProtected() {
+            return isPasswordProtected;
+        }
+
+        public void setOutputFileFormat(final String outputFileFormat) {
+            this.outputFileFormat = outputFileFormat;
+        }
+
+        public void setPassword(final String password) {
+            this.password = password.toCharArray();
+        }
+
+        public void setPasswordProtected(final boolean isPasswordProtected) {
+            this.isPasswordProtected = isPasswordProtected;
+        }
+    }
 }