ID-55: support multiple base directories for certs

Author: mlookaxw

CHANGELOG.adoc

@@ -1,10 +1,19 @@
 = Changelog
 
+== Version 1.2.0
+[cols="1,2,<10a", options="header"]
+|===
+|ID|Type|Description
+|https://github.com/Axway-API-Management-Plus/apigw-maven-plugin/issues/55[#55]
+|Enhancement
+|Add support for multiple base directories for certificates.
+|===
+
 == Version 1.1.0
 [cols="1,2,<10a", options="header"]
 |===
 |ID|Type|Description
-|https://github.com/Axway-API-Management-Plus/apigw-maven-plugin/pull/53[#53]
+|https://github.com/Axway-API-Management-Plus/apigw-maven-plugin/issues/53[#53]
 |Enhancement
 |The property configuration now supports JSON boolean values.
 

doc/manual/_config-tool.adoc

@@ -57,7 +57,7 @@ Options:
                         Passphrase for output archive files [optional]
   -s, --simulate        Enable simulation mode [optional]
   -b DIRECTORY, --base-dir=DIRECTORY
-                        Base directory for certificate files [optional]
+                        Base directory for certificate files [multiple]
   --secrets-file=FILEPATH
                         Path of JSON file containing confidential propertiers
                         [optional]
@@ -154,7 +154,11 @@ To avoid errors due to incompatible types (e.g. placeholder string used for an i
 
 |-b, --base-dir
 |Base directory for certificate files.
-If specified relative path to certificate files is based on this directory.
+
+Multiple directories can be specified by adding the parameter multiple times.
+
+If specified, the given directories are scanned for certificate files.
+If multiple certificate files exists the first one will be used.
 
 |--secrets-file
 |Path of JSON file containing confidential properties.

doc/manual/_reference.adoc

@@ -413,9 +413,12 @@ The plugin can also be configured in the `pom.xml` via the <configuration> eleme
     </configPropertFiles>
 
     <configCertsBaseDir>${basedir}/src/main/axwgw/certs</configCertsBaseDir> <!--5-->
-
-    <configSecretsFile>${basedir}/src/main/axwgw/gateway.crypt.json</configSecretsFile> <!--6-->
-    <configSecretsKey>${user.home}/secrets.key</configSecretsKey> <!--7-->
+    <configCertsBaseDirs>
+      <configCertsBaseDir>${basedir}/src/main/axwgw/certs/common</configCertsBaseDir> <!--6-->
+      <configCertsBaseDir>${basedir}/src/main/axwgw/certs/ca</configCertsBaseDir>
+    </configCertsBaseDirs>
+    <configSecretsFile>${basedir}/src/main/axwgw/gateway.crypt.json</configSecretsFile> <!--7-->
+    <configSecretsKey>${user.home}/secrets.key</configSecretsKey> <!--8-->
   </configuration>
 </plugin>
 <!- ... ->
@@ -425,5 +428,6 @@ The plugin can also be configured in the `pom.xml` via the <configuration> eleme
 <3> Location of a configuration file for properties.
 <4> Location of a list of configuration files for properties.
 <5> Base directory for certificate files.
-<6> Path to secrets file.
-<7> Key file to decrypt/encrypt values of secrets file.
+<6> Additional base directories for certificate files supported.
+<7> Path to secrets file.
+<8> Key file to decrypt/encrypt values of secrets file.

…fig-tool/config/certs/staged-root-ca.crt …l/config/certs/common/staged-root-ca.crtexample/config-tool/config/certs/staged-root-ca.crt renamed to example/config-tool/config/certs/common/staged-root-ca.crt example/config-tool/config/certs/staged-root-ca.crt renamed to example/config-tool/config/certs/common/staged-root-ca.crt

@@ -8,5 +8,5 @@ REM Define environment variables for field value and password configuration
 SET INFO_NAME=Demo
 SET NEW_SERVER_PASSWORD=changeme
 
-CALL %BUILDFED% -v -e src\gateway.env -p src\gateway.pol -c config\gateway.config.json --cert=config\gateway.certs.json --prop=config\gateway.props.json --secrets-file=config\gateway.crypt.json --secrets-key=key.binary -D artifact:demo-1.0.0 -F info.descr:config\description.txt --output-fed=gateway.fed --passphrase-in=changeme --passphrase-out=changed --base-dir=config/certs
+CALL %BUILDFED% -v -e src\gateway.env -p src\gateway.pol -c config\gateway.config.json --cert=config\gateway.certs.json --prop=config\gateway.props.json --secrets-file=config\gateway.crypt.json --secrets-key=key.binary -D artifact:demo-1.0.0 -F info.descr:config\description.txt --output-fed=gateway.fed --passphrase-in=changeme --passphrase-out=changed --base-dir=config/certs/common --base-dir=config/certs
 ENDLOCAL

example/config-tool/run.cmd

@@ -98,7 +98,10 @@ public abstract class AbstractGatewayMojo extends AbstractMojo {
 
 	@Parameter(property = "axway.config.certs.basedir", required = false)
 	protected File configCertsBaseDir = null;
-	
+
+	@Parameter(property = "axway.config.certs.basedirs", required = false)
+	protected File[] configCertsBaseDirs = null;
+
 	@Parameter(property = "axway.tools.cfg.cert.expirationDays", required = false)
 	protected int certExpirationDays = 10;
 
@@ -308,4 +311,17 @@ protected Map<String, String> buildPolicyProperties() throws MojoExecutionExcept
 
 		return polProps;
 	}
+	
+	protected List<File> getCertificateBaseDirs() {
+		ArrayList<File> baseDirs = new ArrayList<>();
+		if (this.configCertsBaseDir != null) {
+			baseDirs.add(this.configCertsBaseDir);
+		}
+		if (this.configCertsBaseDirs != null) {
+			for (File f : this.configCertsBaseDirs) {
+				baseDirs.add(f);
+			}
+		}
+		return baseDirs;
+	}
 }

src/main/java/com/axway/maven/apigw/AbstractGatewayMojo.java

@@ -160,7 +160,7 @@ private void buildFedArchive(File targetDir, File srcPolFile, File srcEnvFile, F
 			fedBuilder.setCertificatesFile(this.configCertsFile);
 			fedBuilder.setCertificateExpirationDays(this.certExpirationDays);
 			fedBuilder.enableCertificateConfigFileUpdate(this.updateCertConfigFile);
-			fedBuilder.setCertificatesBasePath(this.configCertsBaseDir);
+			fedBuilder.setCertificatesBasePath(getCertificateBaseDirs());
 		}
 		if (this.configSecretsFile != null) {
 			if (this.configSecretsKey == null)

src/main/java/com/axway/maven/apigw/DeploymentArchiveMojo.java

@@ -137,7 +137,7 @@ private File configFed(File pol, File env, File info) throws MojoExecutionExcept
 			fb.setCertificatesFile(this.configCertsFile);
 			fb.setCertificateExpirationDays(this.certExpirationDays);
 			fb.enableCertificateConfigFileUpdate(this.updateCertConfigFile);
-			fb.setCertificatesBasePath(this.configCertsBaseDir);
+			fb.setCertificatesBasePath(getCertificateBaseDirs());
 		}
 		if (this.configSecretsFile != null) {
 			if (this.configSecretsKey == null)

src/main/java/com/axway/maven/apigw/DeploymentMojo.java

@@ -20,7 +20,7 @@ public class FedBuilder {
 
 	private final List<File> propertyFiles = new ArrayList<File>();
 	private File certsFile = null;
-	private File certsBaseDir = null;
+	private List<File> certsBaseDirs = null;
 
 	private int certExpirationDays = -1;
 
@@ -69,8 +69,8 @@ public void setCertificatesFile(File certsFile) {
 		this.certsFile = certsFile;
 	}
 
-	public void setCertificatesBasePath(File baseDir) {
-		this.certsBaseDir = baseDir;
+	public void setCertificatesBasePath(List<File> baseDirs) {
+		this.certsBaseDirs = baseDirs;
 	}
 
 	public void setCertificateExpirationDays(int days) {
@@ -130,9 +130,11 @@ public int execute(File targetFed, Map<String, String> props) throws MojoExecuti
 				if (this.updateCertConfigFile) {
 					args.add("--cert-config-update");
 				}
-				if (this.certsBaseDir != null) {
-					args.add("--base-dir");
-					args.add(this.certsBaseDir.getAbsolutePath());
+				if (this.certsBaseDirs != null) {
+					for (File bd : this.certsBaseDirs) {
+						args.add("--base-dir");
+						args.add(bd.getAbsolutePath());
+					}
 				}
 			}
 			if (this.secretsFile != null) {

src/main/java/com/axway/maven/apigw/utils/FedBuilder.java

@@ -31,7 +31,7 @@ def parse_cli_property(cli_prop):
 
 def main():
     prog = sys.argv[0]
-    version = "%prog 1.2.0"
+    version = "%prog 1.3.0"
     usage = "%prog OPTIONS"
     epilog = "Build configured .fed package."
 
@@ -51,7 +51,7 @@ def main():
     parser.add_option("--passphrase-in", dest="passphrase_in", help="Passphrase of input archive files [optional]", metavar="PASSPHRASE")
     parser.add_option("--passphrase-out", dest="passphrase_out", help="Passphrase for output archive files [optional]", metavar="PASSPHRASE")
     parser.add_option("-s", "--simulate", dest="simulate", help="Enable simulation mode [optional]", action="store_true")
-    parser.add_option("-b", "--base-dir", dest="base_dir", help="Base directory for certificate files [optional]", metavar="DIRECTORY")
+    parser.add_option("-b", "--base-dir", dest="base_dirs", help="Base directory for certificate files [multiple]", metavar="DIRECTORY", action="append")
     parser.add_option("--secrets-file", dest="secrets_file", help="Path of JSON file containing confidential properties [optional]", metavar="FILEPATH")
     parser.add_option("--secrets-key", dest="secrets_key_file", help="Path to key file to decrypt confidential properties [optional]", metavar="FILEPATH")
 
@@ -115,8 +115,8 @@ def main():
 
         # Setup configuration
         fed_config = FedConfigurator(options.pol_file_path, options.env_file_path, options.config_file_path, options.cert_file_path, properties, passphrase_in, secrets)
-        if options.base_dir:
-            fed_config.set_base_dir(options.base_dir)
+        if options.base_dirs:
+            fed_config.set_base_dirs(options.base_dirs)
 
         if options.simulate:
             fed_config.enable_simulation_mode()