HIRS/package/win/aca/aca_common.ps1
5B96790E3664F40075A67E6ADF737EDB15B4408DBC91A81228B31537B0CE3E26 2ab1e548ce
V3 json file platform (#631)
* Look for Component Class json on Windows. Update aca-windows

* Removed TPM from the ACA on Rocky image, changed container detection

* Change healthcheck function on windows.

* Remove commented code lines from aca_bootRun.ps1

* Added SWTPM to v3 ACA images. 

* Add build arg to the aca-windows Dockerfile to select base image tag

* Make ACA accessible from localhost
2023-12-06 10:20:56 -05:00

225 lines
9.8 KiB
PowerShell

# Globally set options
# HIRS System directories, if installed via MSI
# C:\Program Files\hirs # Executables
# bin
# HIRS_AttestationCA_Portal.war
# scripts
# See HIRS Relative directories description below
# HIRS Data directories, installed by these scripts
# C:\ProgramData\hirs # Configuration Files, Logs
# aca
# certificates
# HIRS
# ecc_512_sha384_certs
# rsa_3k_sha384_certs
# json
# log
# Other files needed:
# C:/MariaDB 11.1/data/my.ini
# If mysql is installed somewhere else, update DB_CONF below.
$global:HIRS_SYS_HOME=(Join-Path $Env:ProgramFiles "hirs")
$global:HIRS_INSTALL_SCRIPTS_DIR=(Join-Path $Env:ProgramFiles "scripts")
$global:HIRS_INSTALL_SCRIPTS_DB_DIR=(Join-Path $Env:ProgramFiles "db")
$global:HIRS_DATA_DIR=(Join-Path $Env:ProgramData "hirs")
$global:HIRS_CONF_DIR=(Join-Path $global:HIRS_DATA_DIR "aca")
$global:HIRS_DATA_ACA_PROPERTIES_FILE=(Join-Path $global:HIRS_CONF_DIR 'aca.properties')
$global:HIRS_DATA_SPRING_PROP_FILE=(Join-Path $global:HIRS_CONF_DIR 'application.win.properties')
$global:HIRS_DATA_CERTIFICATES_DIR=(Join-Path $global:HIRS_DATA_DIR "certificates")
$global:HIRS_DATA_CERTIFICATES_HIRS_DIR=(Join-Path $global:HIRS_DATA_CERTIFICATES_DIR "HIRS")
$global:HIRS_DATA_CERTIFICATES_HIRS_RSA_PATH=(Join-Path $HIRS_DATA_CERTIFICATES_HIRS_DIR "rsa_3k_sha384_certs")
$global:HIRS_DATA_CERTIFICATES_HIRS_ECC_PATH=(Join-Path $HIRS_DATA_CERTIFICATES_HIRS_DIR "ecc_512_sha384_certs")
$global:HIRS_DATA_LOG_DIR=(Join-Path $global:HIRS_DATA_DIR "log")
$global:HIRS_DATA_INSTALL_LOG_NAME=(Join-Path $global:HIRS_DATA_LOG_DIR ("hirs_aca_install_"+(Get-Date -Format "yyyy-MM-dd")+'.log'))
$global:HIRS_CONF_DEFAULT_PROPERTIES_DIR=(Join-Path $global:HIRS_CONF_DIR "default-properties")
# Db Configuration files
$global:DB_CONF=(Join-Path $Env:ProgramFiles 'MariaDB 11.1' 'data' 'my.ini')
# Default Server Side Certificates
$global:SSL_DB_SRV_CHAIN=(Join-Path $global:HIRS_DATA_CERTIFICATES_HIRS_RSA_PATH 'HIRS_rsa_3k_sha384_Cert_Chain.pem')
$global:SSL_DB_SRV_CERT=(Join-Path $global:HIRS_DATA_CERTIFICATES_HIRS_RSA_PATH 'HIRS_db_srv_rsa_3k_sha384.pem')
$global:SSL_DB_SRV_KEY=(Join-Path $global:HIRS_DATA_CERTIFICATES_HIRS_RSA_PATH 'HIRS_db_srv_rsa_3k_sha384.key')
# Default Client Side Certificates
$global:SSL_DB_CLIENT_CHAIN=(Join-Path $global:HIRS_DATA_CERTIFICATES_HIRS_RSA_PATH 'HIRS_rsa_3k_sha384_Cert_Chain.pem')
$global:SSL_DB_CLIENT_CERT=(Join-Path $global:HIRS_DATA_CERTIFICATES_HIRS_RSA_PATH 'HIRS_db_client_rsa_3k_sha384.pem')
$global:SSL_DB_CLIENT_KEY=(Join-Path $global:HIRS_DATA_CERTIFICATES_HIRS_RSA_PATH 'HIRS_db_client_rsa_3k_sha384.key')
# HIRS Relative directories assumed structure
# package
# scripts
# aca
# db
# db_create.sql
# secure_mysql.sql
# pki
# ca.conf
# win
# aca
# aca_bootRun.ps1
# aca_common.ps1 # This script. You are here.
# aca_setup.ps1
# aca_win_config.ps1
# db
# db_create.ps1
# mysql_util.ps1
# pki
# pki_chain_gen.ps1
# pki_setup.ps1
$global:HIRS_REL_WIN_ACA_HOME=(Split-Path -parent $PSCommandPath)
$global:HIRS_REL_WIN_HOME=(Join-Path -Resolve $global:HIRS_REL_WIN_ACA_HOME ..)
$global:HIRS_REL_PACKAGE_HOME=(Join-Path -Resolve $global:HIRS_REL_WIN_HOME ..)
$global:HIRS_REL_SCRIPTS_HOME=(Join-Path -Resolve $global:HIRS_REL_PACKAGE_HOME 'scripts')
$global:HIRS_REL_SCRIPTS_ACA_HOME=(Join-Path -Resolve $global:HIRS_REL_SCRIPTS_HOME 'aca')
$global:HIRS_REL_SCRIPTS_DB_HOME=(Join-Path -Resolve $global:HIRS_REL_SCRIPTS_HOME 'db')
$global:HIRS_REL_SCRIPTS_DB_CREATE_SQL=(Join-Path -Resolve $global:HIRS_REL_SCRIPTS_DB_HOME 'db_create.sql')
$global:HIRS_REL_SCRIPTS_DB_SECURE_MYSQL_SQL=(Join-Path -Resolve $global:HIRS_REL_SCRIPTS_DB_HOME 'secure_mysql.sql')
$global:HIRS_REL_SCRIPTS_PKI_HOME=(Join-Path -Resolve $global:HIRS_REL_SCRIPTS_HOME 'pki')
$global:HIRS_REL_SCRIPTS_PKI_CA_CONF=(Join-Path -Resolve $global:HIRS_REL_SCRIPTS_PKI_HOME 'ca.conf')
$global:HIRS_REL_WIN_ACA_BOOTRUN=(Join-Path -Resolve $global:HIRS_REL_WIN_ACA_HOME 'aca_bootRun.ps1')
$global:HIRS_REL_WIN_ACA_COMMON=(Join-Path -Resolve $global:HIRS_REL_WIN_ACA_HOME 'aca_common.ps1')
$global:HIRS_REL_WIN_ACA_SETUP=(Join-Path -Resolve $global:HIRS_REL_WIN_ACA_HOME 'aca_setup.ps1')
$global:HIRS_REL_WIN_ACA_SETUP=(Join-Path -Resolve $global:HIRS_REL_WIN_ACA_HOME 'aca_win_config.ps1')
$global:HIRS_REL_WIN_DB_HOME=(Join-Path -Resolve $global:HIRS_REL_WIN_HOME 'db')
$global:HIRS_REL_WIN_DB_CREATE=(Join-Path -Resolve $global:HIRS_REL_WIN_DB_HOME 'db_create.ps1')
$global:HIRS_REL_WIN_DB_MYSQL_UTIL=(Join-Path -Resolve $global:HIRS_REL_WIN_DB_HOME 'mysql_util.ps1')
$global:HIRS_REL_WIN_PKI_HOME=(Join-Path -Resolve $global:HIRS_REL_WIN_HOME 'pki')
$global:HIRS_REL_WIN_PKI_CHAIN_GEN=(Join-Path -Resolve $global:HIRS_REL_WIN_PKI_HOME 'pki_chain_gen.ps1')
$global:HIRS_REL_WIN_PKI_SETUP=(Join-Path -Resolve $global:HIRS_REL_WIN_PKI_HOME 'pki_setup.ps1')
# Saved values
# $Env:HIRS_MYSQL_ROOT_PWD
# $Env:HIRS_PKI_PWD
$global:ACA_PROPERTIES=$null
$global:SPRING_PROPERTIES=$null
# Common utility functions
Function read_aca_properties () {
# This converts the ACA properties file into a hash table
# Values are accessed by key like this: $propertyValue=$global:ACA_PROPERTIES.'example.property.key'
param (
[string]$file = $null
)
if (!$global:ACA_PROPERTIES -and $file -and [System.IO.File]::Exists($file)) {
$file_content=(Get-Content $file -Raw)
if ($file_content) { # File is not empty
# $file_content=([Regex]::Escape($file_content) -replace "(\\r)?\\n",[Environment]::NewLine)
# $global:ACA_PROPERTIES=(ConvertFrom-StringData($file_content))
$global:ACA_PROPERTIES=(Get-Content -Path $file -Raw | ConvertFrom-StringData)
} else { # File is empty
# Initialize empty hash table
$global:ACA_PROPERTIES=@{}
}
} elseif ($file -and ![System.IO.File]::Exists($file)) {
$msg="Warning: ACA properties file not found. The path provided was: $file"
if ($global:LOG_FILE) {
echo "$msg" | WriteAndLog
} else {
Write-Host "$msg"
}
}
}
Function add_new_aca_property () {
param (
[string]$file = $null,
[string]$newKeyAndValue = $null
)
if ($global:ACA_PROPERTIES -and $file -and $newKeyAndValue -and [System.IO.File]::Exists($file)) {
$msg="Writing KeyValue pair to $file"
if ($global:LOG_FILE) {
echo "$msg" | WriteAndLog
} else {
Write-Host "$msg"
}
Write-Host "NOT LOGGED: KeyValue pair: $newKeyAndValue to file $file"
echo "$newKeyAndValue" >> $file
$global:ACA_PROPERTIES=$null
read_aca_properties $file
}
}
Function read_spring_properties () {
# This converts the application properties file into a hash table
# Values are accessed by key like this: $propertyValue=$global:SPRING_PROPERTIES.'example.property.key'
param (
[string]$file = $null
)
if (!$global:SPRING_PROPERTIES -and $file -and [System.IO.File]::Exists($file)) {
$file_content=(Get-Content $file -Raw)
if ($file_content) { # File is not empty
#$file_content=([Regex]::Escape($file_content) -replace "(\\r)?\\n",[Environment]::NewLine)
#$global:SPRING_PROPERTIES=(ConvertFrom-StringData($file_content))
$global:SPRING_PROPERTIES=(Get-Content -Path $file -Raw | ConvertFrom-StringData)
} else { # File is empty
# Initialize empty hash table
$global:SPRING_PROPERTIES=@{}
}
} elseif ($file -and ![System.IO.File]::Exists($file)) {
$msg="Warning: Spring properties file not found. The path provided was: $file"
if ($global:LOG_FILE) {
echo "$msg" | WriteAndLog
} else {
Write-Host "$msg"
}
}
}
Function add_new_spring_property () {
param (
[string]$file = $null,
[string]$newKeyAndValue = $null
)
if ($global:SPRING_PROPERTIES -and $file -and $newKeyAndValue -and [System.IO.File]::Exists($file)) {
$msg="Writing KeyValue pair to $file"
if ($global:LOG_FILE) {
echo "$msg" | WriteAndLog
} else {
Write-Host "$msg"
}
Write-Host "NOT LOGGED: KeyValue pair: $newKeyAndValue to file $file"
echo "$newKeyAndValue" >> $file
$global:SPRING_PROPERTIES=$null
read_spring_properties $file
}
}
Function create_random () {
return (1..100 | % { Get-Random } | sha512sum | tr -dc 'a-zA-Z0-9')
}
Function set_up_log () {
if (![System.IO.Directory]::Exists($global:HIRS_DATA_LOG_DIR)) {
mkdir -p $global:HIRS_DATA_LOG_DIR 2>&1 > $null
}
$global:LOG_FILE=$global:HIRS_DATA_INSTALL_LOG_NAME
touch $global:LOG_FILE
}
Function print_all_variables () {
# intended for debugging
# this will print all variables and their values in the current context
Get-Variable | Out-String
}
Function WriteAndLog () {
param(
[Parameter(Mandatory = $true, ValueFromPipeline = $true, Position=0)]
[string]$msg
)
# EXPECTS set_up_log() to be run and $global:LOG_FILE to be defined
Write-Host "$msg"
"$msg" >> "$global:LOG_FILE"
}
Function ChangeBackslashToForwardSlash () {
param(
[Parameter(Mandatory = $true, ValueFromPipeline = $true, Position=0)]
[string]$msg
)
echo ($msg -replace "\\","/")
}
Function ChangeFileBackslashToForwardSlash () {
param(
[string]$file = $null
)
(Get-Content $file) -replace "\\","/" | Set-Content $file
}