Merge branch '20190701_3.4.4' of https://github.internet2.edu/docker/…

…ShibbIdP_noVM_Windows into 20190701_3.4.4
docker · Jul 12, 2019 · 4f509ab · 4f509ab
2 parents 279bab8 + 98faf50
commit 4f509ab
Show file tree

Hide file tree

Showing 9 changed files with 116 additions and 169 deletions.
diff --git a/Dockerfile b/Dockerfile
diff --git a/container_files/Sealer_Key_Rotation_Task.xml b/container_files/Sealer_Key_Rotation_Task.xml
diff --git a/container_files/rotateSealerKey.ps1 b/container_files/rotateSealerKey.ps1
@@ -0,0 +1,77 @@
+#this script reads the sealer key configuration from the IdP's idp.properties file and rotates the sealer key
+Try {
+  $ENABLE_SEALER_KEY_ROTATION = $env:ENABLE_SEALER_KEY_ROTATION
+    }
+Catch {
+  $ENABLE_SEALER_KEY_ROTATION = 'True'
+      }
+
+If ($ENABLE_SEALER_KEY_ROTATION -eq 'True')  {
+ #assure IDP_HOME
+ Try {
+  $IDP_HOME = $env:IDP_HOME
+  If ($IDP_HOME = null$) {
+      $IDP_HOME="c:\opt\shibboleth-idp"
+        }
+    }
+ Catch {
+  $IDP_HOME="c:\opt\shibboleth-idp"
+      }
+ #assure JAVA_HOME
+ Try {
+  $JAVA_HOME = $env:JAVA_HOME
+  If ($JAVA_HOME = null$) {
+      $JAVA_HOME="c:\zulujava\zulu-8"
+        }
+    }
+ Catch {
+  $JAVA_HOME="c:\zulujava\zulu-8"
+      }
+
+ #settings
+ $IDPPROP=$IDP_HOME + "\conf\idp.properties"
+ #item below is only used if you have configured additional hosts to sync your sealer to
+ $SYNC_CRED="domain\user"
+
+ #get config from properties file
+ $storefile = (cat $IDPPROP | where { $_ -match "idp.sealer.storeResource"}).Split("=")[1].Trim().Replace("%{idp.home}", $IDP_HOME).Replace("/","\")
+ $versionfile = (cat $IDPPROP | where { $_ -match "idp.sealer.versionResource"}).Split("=")[1].Trim().Replace("%{idp.home}", $IDP_HOME).Replace("/","\")
+ $storepass = (cat $IDPPROP | where { $_ -match "idp.sealer.storePassword"}).Split("=")[1].Trim().Replace("{","`{").Replace("}","`}")
+ $alias = (cat $IDPPROP | where { $_ -match "idp.sealer.aliasBase"}).Split("=")[1].Trim()
+ try {
+   $count = (cat $IDPPROP | where { $_ -match "idp.sealer._count"}).Split("=")[1].Trim()
+    }
+ catch {
+   $count = 30
+      }
+ try {
+   $sync_hosts = (cat $IDPPROP | where { $_ -match "idp.sealer._sync_hosts"}).Split("=")[1].Trim()
+    }
+ catch {
+   $sync_hosts = $env:COMPUTERNAME
+      }
+
+ #Write-Host "Keystore:" $storefile
+ #Write-Host "Version File:" $versionfile
+ #Write-Host "Store Pass:" $storepass
+ #Write-Host "Alias:" $alias
+ #Write-Host "Count:" $count
+ #Write-Host "Sync Hosts:" $sync_hosts
+
+ #rotate key
+ $cmd = "${IDP_HOME}\bin\runclass.bat net.shibboleth.utilities.java.support.security.BasicKeystoreKeyStrategyTool --storefile $storefile --storepass `$storepass --versionfile $versionfile --alias $alias --count $count"
+ Invoke-Expression $cmd
+
+ #display current/new version
+ Write-Host "Current Key Version:" (cat $versionfile).split("=")[2].Trim()
+
+ #sync to other hosts
+ $sync_hosts.split(" ") | ForEach {
+  If ($_.Trim() = $env:COMPUTERNAME) {Write-Host "***skipping sync to local host"} Else { 
+	Write-Host "Syncing to: $_"
+        $Session = New-PSSession -ComputerName "$_" -Credential $SYNC_CRED
+	Copy-Item $versionfile -Destination $IDP_HOME\credentials -ToSession $Session
+	}
+ }
+
+}
diff --git a/test-compose/getIPs.ps1 b/test-compose/getIPs.ps1
@@ -2,14 +2,14 @@
 $idpcid = docker ps | Select-String 'idp' | ForEach-Object { $_.Line.split(' ')[0] }
 $spcid = docker ps | Select-String 'sp' | ForEach-Object { $_.Line.split(' ')[0] }
 
-$idpip = (docker inspect -f "{{ .NetworkSettings.Networks.nat.IPAddress }}" $idpcid)
-$spip = (docker inspect -f "{{ .NetworkSettings.Networks.nat.IPAddress }}" $spcid)
+If ($idpcid -ne $null) {$idpip = (docker inspect -f "{{ .NetworkSettings.Networks.nat.IPAddress }}" $idpcid)} Else {$idpip = "Not-Found"}
+If ($spcid -ne $null) {$spip = (docker inspect -f "{{ .NetworkSettings.Networks.nat.IPAddress }}" $spcid)} Else {$spip = "Not-Found"}
 
 $msg = $($idpip.Trim()) + ' idp.example.edu' + "`r`n" + $($spip.Trim()) + ' sptest.example.edu'
 
 Set-Clipboard -Value $msg
 
 Write-Host ''
-Write-Host $($msg)
+Write-Host $($msg + "`r`n")
 Write-Host '  **above entries copied to clipboard'
-Write-Host ''
+Write-Host ''
diff --git a/test-compose/idp/compose.ps1 b/test-compose/idp/compose.ps1
@@ -0,0 +1 @@
+docker-compose up --build -d
diff --git a/test-compose/idp/decompose.ps1 b/test-compose/idp/decompose.ps1
@@ -0,0 +1,2 @@
+docker-compose kill
+docker-compose rm
diff --git a/test-compose/idp/docker-compose.yml b/test-compose/idp/docker-compose.yml
@@ -0,0 +1,29 @@
+version: "3.3"
+
+services:
+  idp:
+    build: 
+      context: .
+      args:
+        TOMCFG: ./container_files/config/tomcat
+        TOMCERT: ./container_files/credentials/tomcat
+        TOMWWWROOT: ./container_files/wwwroot
+        SHBCFG: ./container_files/config/shib-idp/conf
+        SHBCREDS: ./container_files/credentials/shib-idp
+        SHBVIEWS: ./container_files/config/shib-idp/views
+        SHBEDWAPP: ./container_files/config/shib-idp/edit-webapp
+        SHBMSGS: ./container_files/config/shib-idp/messages
+        SHBMD: ./container_files/config/shib-idp/metadata
+    expose:
+     - "443"
+    ports:
+     - "443:443"
+    dns:
+     - 8.8.8.8
+     - 4.4.4.4
+
+networks:
+  default:
+    external:
+      name: nat
+
diff --git a/test-compose/sp/compose.ps1 b/test-compose/sp/compose.ps1
@@ -0,0 +1 @@
+docker-compose up --build -d
diff --git a/test-compose/sp/decompose.ps1 b/test-compose/sp/decompose.ps1
@@ -0,0 +1,2 @@
+docker-compose kill
+docker-compose rm