We have indeed automated 90% of all APi Gateway functionnalities, developing a shell framework.
Here's the injection code for the automated private key creation 'create Private Key' on the Policy Manager.
function createPrivateKey {
TEMP=`getopt -o s:e:c --long size:,expirydays:,cacapable -n 'createPrivateKey' -- "$@"`
if [ $? != 0 ] ; then echo "Terminating..." >&2 ; return 0 ; fi
eval set -- "$TEMP"
local rsaKeySize="2048"
local expiryDays="365"
local caCapable="false"
while true; do
case "$1" in
-s | --size) rsaKeySize="$2"; shift 2 ;;
-e | --expirydays) expirydays="$2"; shift 2 ;;
-c | --cacapable) caCapable="true"; shift ;;
--) shift; break ;;
*) break ;;
esac
done
local keyAlias="$1"
getPrivateKeys
local keyCount=$(getXPathCount "/l7:List/l7:Item[l7:Name='${keyAlias}']")
if [[ "${keyCount}" == "0" ]]; then
local xml="\
<l7:PrivateKeyCreationContext xmlns:l7='http://ns.l7tech.com/2010/04/gateway-management'> \
<l7:Dn>CN=${keyAlias}</l7:Dn> \
<l7:Properties> \
<l7:Property key='caCapable'> \
<l7:BooleanValue>${caCapable}</l7:BooleanValue> \
</l7:Property> \
<l7:Property key='daysUntilExpiry'> \
<l7:IntegerValue>${expiryDays}</l7:IntegerValue> \
</l7:Property> \
<!-- <l7:Property key='ecName'> \
<l7:StringValue>secp384r1</l7:StringValue> \
</l7:Property> --> \
<l7:Property key='rsaKeySize'> \
<l7:IntegerValue>${rsaKeySize}</l7:IntegerValue> \
</l7:Property> \
<l7:Property key='signatureHashAlgorithm'> \
<l7:StringValue>SHA512</l7:StringValue> \
</l7:Property> \
</l7:Properties> \
</l7:PrivateKeyCreationContext>"
callPOSTService "${IDENTPROV}/privateKeys/00000000000000000000000000000002:${keyAlias}" "${xml}"
local retKeyId=`getXPathValue "/l7:Item/l7:Id/text()"`
if [[ "${retKeyId}" != "" ]]; then
[ -n "${DEBUG}" ] && echo " -> Private key '${keyAlias}' created" >&2
return 1
fi
else
echo "Error private key '${keyAlias}' already exists"
return 0
fi
}
function getPrivateKeys {
local keyName="$1"
if [ -z "${keyName}" ]; then
callGETService "/privateKeys"
else
callGETService "/privateKeys?alias=${keyName}"
fi
local c=`getXPathCount "/l7:List/l7:Item/l7:Name"`
return ${c}
}
If you want now to insert a user's Public key into its account information so that he can log in using it's own Certificate, use this:
function setUserCertificate {
TEMP=`getopt -o d --long delete -n 'setUserCertificate' -- "$@"`
if [ $? != 0 ] ; then echo "Terminating..." >&2 ; return 0 ; fi
eval set -- "$TEMP"
local deleteCert=0
while true; do
case "$1" in
-d | --delete) deleteCert=1; shift ;;
--) shift; break ;;
*) break ;;
esac
done
local userName=$1
local certPEM=$2
local userId=$(getUserId "${userName}")
if [ -n "${userId}" ]; then
[ $deleteCert == 1 ] && removeUserCertificate "${userName}"
local xml="\
<l7:CertificateData xmlns:l7='http://ns.l7tech.com/2010/04/gateway-management'> \
<l7:Encoded>${certPEM}</l7:Encoded> \
</l7:CertificateData>"
callPUTService "${IDENTPROV}/users/${userId}/certificate" "${xml}"
local c=`getXPathCount "/l7:Item/l7:Name"`
return ${c}
fi
return 0
}
You can surely figure out missing functions we developed, nothing extraordinary here.
Tricky functions might be getXPathCount and getXPathText though (hint: xml_grep is a must have).