wildfly · spyrkob · Oct 17, 2024 · Oct 17, 2024
diff --git a/...ation-manager/src/main/java/org/wildfly/core/instmgr/InstMgrCertificateImportHandler.java b/...ation-manager/src/main/java/org/wildfly/core/instmgr/InstMgrCertificateImportHandler.java
@@ -0,0 +1,75 @@
+/*
+ * Copyright The WildFly Authors
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+package org.wildfly.core.instmgr;
+
+import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.ATTACHED_STREAMS;
+import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.FILESYSTEM_PATH;
+
+import java.io.InputStream;
+import java.nio.file.Path;
+
+import org.jboss.as.controller.AttributeDefinition;
+import org.jboss.as.controller.OperationContext;
+import org.jboss.as.controller.OperationDefinition;
+import org.jboss.as.controller.OperationFailedException;
+import org.jboss.as.controller.OperationStepHandler;
+import org.jboss.as.controller.SimpleAttributeDefinitionBuilder;
+import org.jboss.as.controller.SimpleOperationDefinitionBuilder;
+import org.jboss.as.controller.registry.OperationEntry;
+import org.jboss.dmr.ModelNode;
+import org.jboss.dmr.ModelType;
+import org.wildfly.installationmanager.MavenOptions;
+import org.wildfly.installationmanager.spi.InstallationManager;
+import org.wildfly.installationmanager.spi.InstallationManagerFactory;
+
+/**
+ * Operation handler to get the history of the installation manager changes, either artifacts or configuration metadata as
+ * channel changes.
+ */
+public class InstMgrCertificateImportHandler extends InstMgrOperationStepHandler {
+    public static final String OPERATION_NAME = "certificate-import";
+
+    protected static final AttributeDefinition CERT_FILE = SimpleAttributeDefinitionBuilder.create(InstMgrConstants.CERT_FILE, ModelType.INT)
+            .setStorageRuntime()
+            .setRequired(true)
+            .addArbitraryDescriptor(FILESYSTEM_PATH, ModelNode.TRUE)
+            .addArbitraryDescriptor(ATTACHED_STREAMS, ModelNode.TRUE)
+            .build();
+
+    public static final OperationDefinition DEFINITION = new SimpleOperationDefinitionBuilder(OPERATION_NAME, InstMgrResolver.RESOLVER)
+            .withFlags(OperationEntry.Flag.HOST_CONTROLLER_ONLY)
+            .setReplyType(ModelType.OBJECT)
+            .setRuntimeOnly()
+            .setReplyValueType(ModelType.OBJECT)
+            .addParameter(CERT_FILE)
+            .build();
+
+    InstMgrCertificateImportHandler(InstMgrService imService, InstallationManagerFactory imf) {
+        super(imService, imf);
+    }
+
+    @Override
+    public void execute(OperationContext context, ModelNode operation) throws OperationFailedException {
+        context.addStep(new OperationStepHandler() {
+            @Override
+            public void execute(OperationContext context, ModelNode operation) throws OperationFailedException {
+                try {
+                    Path serverHome = imService.getHomeDir();
+                    MavenOptions mavenOptions = new MavenOptions(null, false);
+                    InstallationManager installationManager = imf.create(serverHome, mavenOptions);
+
+                    try (InputStream is = context.getAttachmentStream(CERT_FILE.resolveModelAttribute(context, operation).asInt())) {
+                        installationManager.acceptTrustedCertificates(is);
+                    }
+                } catch (OperationFailedException | RuntimeException e) {
+                    throw e;
+                } catch (Exception e) {
+                    throw new RuntimeException(e);
+                }
+            }
+        }, OperationContext.Stage.RUNTIME);
+    }
+}
diff --git a/...lation-manager/src/main/java/org/wildfly/core/instmgr/InstMgrCertificateParseHandler.java b/...lation-manager/src/main/java/org/wildfly/core/instmgr/InstMgrCertificateParseHandler.java
@@ -0,0 +1,87 @@
+/*
+ * Copyright The WildFly Authors
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+package org.wildfly.core.instmgr;
+
+import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.ATTACHED_STREAMS;
+import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.FILESYSTEM_PATH;
+import static org.wildfly.core.instmgr.InstMgrConstants.CERT_DESCRIPTION;
+import static org.wildfly.core.instmgr.InstMgrConstants.CERT_FINGERPRINT;
+import static org.wildfly.core.instmgr.InstMgrConstants.CERT_KEY_ID;
+import static org.wildfly.core.instmgr.InstMgrConstants.CERT_STATUS;
+
+import java.io.InputStream;
+import java.nio.file.Path;
+
+import org.jboss.as.controller.AttributeDefinition;
+import org.jboss.as.controller.OperationContext;
+import org.jboss.as.controller.OperationDefinition;
+import org.jboss.as.controller.OperationFailedException;
+import org.jboss.as.controller.OperationStepHandler;
+import org.jboss.as.controller.SimpleAttributeDefinitionBuilder;
+import org.jboss.as.controller.SimpleOperationDefinitionBuilder;
+import org.jboss.as.controller.registry.OperationEntry;
+import org.jboss.dmr.ModelNode;
+import org.jboss.dmr.ModelType;
+import org.wildfly.installationmanager.MavenOptions;
+import org.wildfly.installationmanager.TrustCertificate;
+import org.wildfly.installationmanager.spi.InstallationManager;
+import org.wildfly.installationmanager.spi.InstallationManagerFactory;
+
+/**
+ * Operation handler to get the history of the installation manager changes, either artifacts or configuration metadata as
+ * channel changes.
+ */
+public class InstMgrCertificateParseHandler extends InstMgrOperationStepHandler {
+    public static final String OPERATION_NAME = "certificate-parse";
+
+    protected static final AttributeDefinition CERT_FILE = SimpleAttributeDefinitionBuilder.create(InstMgrConstants.CERT_FILE, ModelType.INT)
+            .setStorageRuntime()
+            .setRequired(true)
+            .addArbitraryDescriptor(FILESYSTEM_PATH, ModelNode.TRUE)
+            .addArbitraryDescriptor(ATTACHED_STREAMS, ModelNode.TRUE)
+            .build();
+
+    public static final OperationDefinition DEFINITION = new SimpleOperationDefinitionBuilder(OPERATION_NAME, InstMgrResolver.RESOLVER)
+            .withFlags(OperationEntry.Flag.HOST_CONTROLLER_ONLY)
+            .setReplyType(ModelType.OBJECT)
+            .setRuntimeOnly()
+            .setReplyValueType(ModelType.OBJECT)
+            .addParameter(CERT_FILE)
+            .build();
+
+    InstMgrCertificateParseHandler(InstMgrService imService, InstallationManagerFactory imf) {
+        super(imService, imf);
+    }
+
+    @Override
+    public void execute(OperationContext context, ModelNode operation) throws OperationFailedException {
+        context.addStep(new OperationStepHandler() {
+            @Override
+            public void execute(OperationContext context, ModelNode operation) throws OperationFailedException {
+                try {
+                    Path serverHome = imService.getHomeDir();
+                    MavenOptions mavenOptions = new MavenOptions(null, false);
+                    InstallationManager installationManager = imf.create(serverHome, mavenOptions);
+
+                    try (InputStream is = context.getAttachmentStream(CERT_FILE.resolveModelAttribute(context, operation).asInt())) {
+                        TrustCertificate tc = installationManager.parseCA(is);
+
+                        ModelNode entry = new ModelNode();
+                        entry.get(CERT_KEY_ID).set(tc.getKeyID());
+                        entry.get(CERT_FINGERPRINT).set(tc.getFingerprint());
+                        entry.get(CERT_DESCRIPTION).set(tc.getDescription());
+                        entry.get(CERT_STATUS).set(tc.getStatus());
+                        context.getResult().set(entry);
+                    }
+                } catch (OperationFailedException | RuntimeException e) {
+                    throw e;
+                } catch (Exception e) {
+                    throw new RuntimeException(e);
+                }
+            }
+        }, OperationContext.Stage.RUNTIME);
+    }
+}
diff --git a/...ation-manager/src/main/java/org/wildfly/core/instmgr/InstMgrCertificateRemoveHandler.java b/...ation-manager/src/main/java/org/wildfly/core/instmgr/InstMgrCertificateRemoveHandler.java
@@ -0,0 +1,70 @@
+/*
+ * Copyright The WildFly Authors
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+package org.wildfly.core.instmgr;
+
+import static org.wildfly.core.instmgr.InstMgrConstants.CERT_KEY_ID;
+
+import java.nio.file.Path;
+
+import org.jboss.as.controller.AttributeDefinition;
+import org.jboss.as.controller.OperationContext;
+import org.jboss.as.controller.OperationDefinition;
+import org.jboss.as.controller.OperationFailedException;
+import org.jboss.as.controller.OperationStepHandler;
+import org.jboss.as.controller.SimpleAttributeDefinitionBuilder;
+import org.jboss.as.controller.SimpleOperationDefinitionBuilder;
+import org.jboss.as.controller.registry.OperationEntry;
+import org.jboss.dmr.ModelNode;
+import org.jboss.dmr.ModelType;
+import org.wildfly.installationmanager.MavenOptions;
+import org.wildfly.installationmanager.spi.InstallationManager;
+import org.wildfly.installationmanager.spi.InstallationManagerFactory;
+
+/**
+ * Operation handler to get the history of the installation manager changes, either artifacts or configuration metadata as
+ * channel changes.
+ */
+public class InstMgrCertificateRemoveHandler extends InstMgrOperationStepHandler {
+    public static final String OPERATION_NAME = "certificate-remove";
+
+    protected static final AttributeDefinition KEY_ID = SimpleAttributeDefinitionBuilder.create(CERT_KEY_ID, ModelType.STRING)
+            .setStorageRuntime()
+            .setRequired(true)
+            .build();
+
+    public static final OperationDefinition DEFINITION = new SimpleOperationDefinitionBuilder(OPERATION_NAME, InstMgrResolver.RESOLVER)
+            .withFlags(OperationEntry.Flag.HOST_CONTROLLER_ONLY)
+            .setReplyType(ModelType.OBJECT)
+            .setRuntimeOnly()
+            .setReplyValueType(ModelType.OBJECT)
+            .addParameter(KEY_ID)
+            .build();
+
+    InstMgrCertificateRemoveHandler(InstMgrService imService, InstallationManagerFactory imf) {
+        super(imService, imf);
+    }
+
+    @Override
+    public void execute(OperationContext context, ModelNode operation) throws OperationFailedException {
+        final String keyId = KEY_ID.resolveModelAttribute(context, operation).asString();
+        context.addStep(new OperationStepHandler() {
+            @Override
+            public void execute(OperationContext context, ModelNode operation) throws OperationFailedException {
+                try {
+                    Path serverHome = imService.getHomeDir();
+                    MavenOptions mavenOptions = new MavenOptions(null, false);
+                    InstallationManager installationManager = imf.create(serverHome, mavenOptions);
+
+                    installationManager.revokeTrustedCertificate(keyId);
+                } catch (OperationFailedException | RuntimeException e) {
+                    throw e;
+                } catch (Exception e) {
+                    throw new RuntimeException(e);
+                }
+            }
+        }, OperationContext.Stage.RUNTIME);
+    }
+}
diff --git a/installation-manager/src/main/java/org/wildfly/core/instmgr/InstMgrConstants.java b/installation-manager/src/main/java/org/wildfly/core/instmgr/InstMgrConstants.java
@@ -15,6 +15,12 @@ public interface InstMgrConstants {
     Path PREPARED_SERVER_SUBPATH = Paths.get("installation-manager")
             .resolve("prepared-server");
 
+    String CERT_DESCRIPTION = "description";
+    String CERT_FINGERPRINT = "fingerprint";
+    String CERT_KEY_ID = "key-id";
+    String CERT_STATUS = "status";
+    String CERT_FILE = "cert-file";
+    String CERTIFICATES = "certificates";
     String CHANNEL = "channel";
     String CHANNELS = "channels";
     String CHANNEL_NAME = "name";

diff --git a/installation-manager/src/main/java/org/wildfly/core/instmgr/InstMgrListUpdatesHandler.java b/installation-manager/src/main/java/org/wildfly/core/instmgr/InstMgrListUpdatesHandler.java
@@ -27,6 +27,7 @@
 import org.wildfly.core.instmgr.logging.InstMgrLogger;
 import org.wildfly.installationmanager.ArtifactChange;
 import org.wildfly.installationmanager.MavenOptions;
+import org.wildfly.installationmanager.MissingSignatureException;
 import org.wildfly.installationmanager.Repository;
 import org.wildfly.installationmanager.spi.InstallationManager;
 import org.wildfly.installationmanager.spi.InstallationManagerFactory;
@@ -177,6 +178,9 @@ public void handleResult(OperationContext.ResultAction resultAction, OperationCo
                     throw new OperationFailedException(e.getLocalizedMessage());
                 } catch (OperationFailedException | RuntimeException e) {
                     throw e;
+                } catch (MissingSignatureException e) {
+                    throw new OperationFailedException(String.format("One of the signatures in the update is signed by an unknown public key %s. Please import the key using import operation and try again.",
+                            e.getDescription()), e);
                 } catch (Exception e) {
                     throw new RuntimeException(e);
                 }

diff --git a/installation-manager/src/main/java/org/wildfly/core/instmgr/InstMgrPrepareRevertHandler.java b/installation-manager/src/main/java/org/wildfly/core/instmgr/InstMgrPrepareRevertHandler.java
@@ -26,6 +26,7 @@
 import org.jboss.dmr.ModelType;
 import org.wildfly.core.instmgr.logging.InstMgrLogger;
 import org.wildfly.installationmanager.MavenOptions;
+import org.wildfly.installationmanager.MissingSignatureException;
 import org.wildfly.installationmanager.Repository;
 import org.wildfly.installationmanager.spi.InstallationManager;
 import org.wildfly.installationmanager.spi.InstallationManagerFactory;
@@ -147,6 +148,9 @@ public void execute(OperationContext context, ModelNode operation) throws Operat
                     throw new OperationFailedException(e.getLocalizedMessage());
                 } catch (OperationFailedException | RuntimeException e) {
                     throw e;
+                } catch (MissingSignatureException e) {
+                    throw new OperationFailedException(String.format("One of the signatures in the update is signed by an unknown public key %s. Please import the key using import operation and try again.",
+                            e.getDescription()), e);
                 } catch (Exception e) {
                     throw new RuntimeException(e);
                 }

diff --git a/installation-manager/src/main/java/org/wildfly/core/instmgr/InstMgrPrepareUpdateHandler.java b/installation-manager/src/main/java/org/wildfly/core/instmgr/InstMgrPrepareUpdateHandler.java
@@ -29,6 +29,7 @@
 import org.jboss.dmr.ModelType;
 import org.wildfly.core.instmgr.logging.InstMgrLogger;
 import org.wildfly.installationmanager.MavenOptions;
+import org.wildfly.installationmanager.MissingSignatureException;
 import org.wildfly.installationmanager.Repository;
 import org.wildfly.installationmanager.spi.InstallationManager;
 import org.wildfly.installationmanager.spi.InstallationManagerFactory;
@@ -189,6 +190,9 @@ public void execute(OperationContext context, ModelNode operation) throws Operat
                     throw new OperationFailedException(e.getLocalizedMessage());
                 } catch (OperationFailedException | RuntimeException e) {
                     throw e;
+                } catch (MissingSignatureException e) {
+                    throw new OperationFailedException(String.format("One of the signatures in the update is signed by an unknown public key %s. Please import the key using import operation and try again.",
+                            e.getDescription()), e);
                 } catch (Exception e) {
                     throw new RuntimeException(e);
                 }