Windows service install upgrades (#242)

* Add Java 17 to the CI/CD testing. * Enhance the windows service installer to account for file permissions. Update the documentation for windows service install. * Update the maven project support libraries to latest * Remove any quotes around the JAVA env var to avoid failures in the script * Set new version number. * New release notes * New SHA256 certs for testing * Upgrade commons-daemon * Enhance documentation on installing windows service * Remove invalid character * Implement a simpler but moreeffective script to find the installed Java version. * Updated packages * Standardise the ay the resend retry counts are tracked * Make it possible to check the version of OpenAS2 from the command line. * Fix the broken parts of the script. * Fix spelling errors * Java finder script for sharing across other scripts. * Use the common script to find Java * NIX version of find_java * Try to update the cacerts for Maven repo certificate issues * Copy cacwrts to JDK install to overcome Maven repo issues * Fix the use of multiple run statements * Fix windows stuff * More windows shell command fixes * Support searchingfor cacert due to variations on location from JDK to JDK Co-authored-by: Christopher Broderick <chris@umed.org>
OpenAS2 · Oct 25, 2021 · 299966a · 299966a
1 parent 1882f1d
commit 299966a
Show file tree

Hide file tree

Showing 30 changed files with 889 additions and 1,081 deletions.
diff --git a/.github/workflows/.actions.yml.swp b/.github/workflows/.actions.yml.swp
diff --git a/.github/workflows/actions.yml b/.github/workflows/actions.yml
@@ -6,7 +6,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        java_version: [12, 13, 14, 15, 16]
+        java_version: [8, 11, 13, 17]
         os: [windows-latest, ubuntu-latest]
     steps:
       - name: Checkout
@@ -16,9 +16,21 @@ jobs:
         with:
           java-version: ${{ matrix.java_version }}
           distribution: 'adopt'
-      - name: Make Maven Wrapper executable
+      - name: Make Maven Wrapper and Java finder executable. Copy cacerts
         if: contains(matrix.os, 'win') == false
-        run: chmod +x ./mvnw
+        run: |
+             chmod +x ./mvnw
+             chmod +x ./Server/src/bin/find_java
+             . ./Server/src/bin/find_java
+             cert_file=$(find -L $JAVA_HOME -name cacerts)
+             cp -f cacerts $cert_file
+             echo "File at: $cert_file"
+      - name: Update the cacerts in the JDK being used because of Maven repo issues
+        if: contains(matrix.os, 'win') == true
+        run: |
+             .\Server\src\bin\find_java.bat
+             $ENV:cert_file=gci -Path $ENV:JAVA_HOME -Filter cacerts -File -Recurse  -ErrorAction SilentlyContinue | %{$_.FullName}
+             copy cacerts "$ENV:cert_file"
       - name: Build with Maven
         run: ./mvnw test --file pom.xml --log-file maven.log
       - name: Archive logs

diff --git a/RELEASE-NOTES.md b/RELEASE-NOTES.md
@@ -1,38 +1,35 @@
 #              OpenAS2 Server
-#              Version 2.12.0
+#              Version 2.13.0
 #              RELEASE NOTES
 -----
-The OpenAS2 project is pleased to announce the release of OpenAS2 2.12.0
+The OpenAS2 project is pleased to announce the release of OpenAS2 2.13.0
 
 The release download file is: OpenAS2Server-2.12.0.zip
 
 The zip file contains a PDF document (OpenAS2HowTo.pdf) providing information on installing and using the application.
-## NOTE: Testing covers Java 12 to 16. The application should work for older versions down to Java 7 but they are not tested working.
+## NOTE: Testing covers Java 12 to 17. The application should work for older versions down to Java 7 but they are not tested as part of the CI/CD pipeline.
 
-Version 2.12.0 - 2020-10-15
-This is a minor enhancement release and bugfix with library upgrades:
+Version 2.13.0 - 2021-10-21
+This is a minor enhancement release and windows bat files bugfix:
        **IMPORTANT NOTE**: Please review upgrade notes below if you are upgrading
 
-  1. Fix resend tracking in the tracking DB and add missing columns (https://github.com/OpenAS2/OpenAs2App/issues/195)
-  2. Changed error message to info message and support not rendering the error message when an invalid HTTP request is detected.
-  3. Support overriding the "remove_http_header_folding" property at partnership level. See OpenAS2HowTo section on "Header Folding" for details. (contributed by Claudio Degioanni claudio.degioanni@bmeweb.it)
-  4. Fix HTTP timeout configuration - the timeout configuration was  not correctly reading any user specific setting.
-  5. Enhance documentation based on user feedback.
-  6. Register successfully sent MDN in DB tracking.
-  7. Add a helper script to import certificates from a source keystore to a target keystore (import_alias_from_keystore.sh)
-  8. Change the way the receiver handler finds the private key. backwards compatibility was maintained through the use of a partnership attribute or system property (use_new_certificate_lookup_mode). It defaults to new mode but setting to false reverts the behaviour.
+  1. Enhance the directory polling module to use the NIO library.
+  2. Fix the startup.bat file for Windows where in newer versions of Java the JAVA environment variable is set with quotes surrounding it.
+  3. Fix the windows service installer bat file so that it reliably installs a service that can start.
 
 
 ##Upgrade Notes
  See the openAS2HowTo appendix for the general process on upgrading OpenAS2.
-      A change to the way the private key is looked up in the receiver handler means that if you have duplicated a certificate in the keystore, some partnerships may start top fail. This fix may fix other strange certificate issues when receiving messages. To fix partnership failures that occur after the upgrade, find the duplicates and remove them making sure the one you leave behind is the one with the correct private key. Alternatively, use the **use_new_certificate_lookup_mode** attribute at partnership level set to **false** and the old mechanism will be used but this is not advised as a long term solution as it will eventually be removed in a future version.
+
+ There are no specific notes for this upgrade.
 
  Below are some specific things to focus on depending on which version you are upgrading from.
 
  **You must review all notes for the relevant intermediate versions from your version to this release version.**
 
 ### If upgrading from versions older than 2.12.0:
       1. If you are using the DB tracking module with the default H2 database then you will need to follow the DB upgrade steps "Appendix: Updating database structure" defined in the OpenAS2HowTo.pdf to ensure you do not lose your existing data because the new H2 version has issues with old databases.
+      2. A change to the way the private key is looked up in the receiver handler means that if you have duplicated a certificate in the keystore, some partnerships may start to fail. This fix may fix other strange certificate issues when receiving messages. To fix partnership failures that occur after the upgrade, find the duplicates and remove them making sure the one you leave behind is the one with the correct private key. Alternatively, use the **use_new_certificate_lookup_mode** attribute at partnership level set to **false** and the old mechanism will be used but this is not advised as a long term solution as it will eventually be removed in a future version.
 
 
 ### If you have been passing the password for the certificate file on the command line in a shell script (no change to the Windows .bat file):

diff --git a/Remote/pom.xml b/Remote/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <groupId>net.sf.openas2</groupId>
         <artifactId>OpenAS2</artifactId>
-        <version>2.12.0</version>
+        <version>2.13.0</version>
     </parent>
 
     <modelVersion>4.0.0</modelVersion>

diff --git a/Server/pom.xml b/Server/pom.xml
@@ -7,7 +7,7 @@
         <!-- DO NOT CHANGE THIS "groupId" WITHOUT CHANGING XMLSession.getManifestAttributes.MANIFEST_VENDOR_ID_ATTRIB -->
         <groupId>net.sf.openas2</groupId>
         <artifactId>OpenAS2</artifactId>
-        <version>2.12.0</version>
+        <version>2.13.0</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 

diff --git a/Server/src/bin/commons-daemon/NOTICE.txt b/Server/src/bin/commons-daemon/NOTICE.txt
@@ -1,5 +1,5 @@
 Apache Commons Daemon
-Copyright 1999-2017 The Apache Software Foundation
+Copyright 1999-2021 The Apache Software Foundation
 
 This product includes software developed by
 The Apache Software Foundation (http://www.apache.org/).
diff --git a/Server/src/bin/commons-daemon/OpenAS2Server.exe b/Server/src/bin/commons-daemon/OpenAS2Server.exe
diff --git a/Server/src/bin/commons-daemon/RELEASE-NOTES.txt b/Server/src/bin/commons-daemon/RELEASE-NOTES.txt
@@ -15,39 +15,45 @@
   limitations under the License.
 ================================================================================
 
-                   Apache Commons Daemon 1.1
+                   Apache Commons Daemon 1.2.4
                          Release Notes
 
 This document contains the release notes for this version of the
-Apache Commons Daemon package, and highlights new features compared
-to the 1.0 releases.
+Apache Commons Daemon package, and highlights new features in the 1.2
+releases compared to the 1.1 releases.
 
 
 New Features
 ------------
 
- - The minimum required Java version has been increased from Java
-   1.3 to Java 6
- - Explicit support has been added for Java 9
+ - Improved JRE/JDK detection to support increased range of both JVM
+   versions and vendors
+
  - The minimum target platform for Windows has been increased to
-   Windows XP
+   Windows 7 / Server 2008 SP2
+
+ - The default Windows service user has changed from LocalSystem to
+  'NT Authority\LocalService'
+
+Note: The minimum Java version remains unchanged at 1.6.
 
 
 Bug Fixes
 ---------
 
  - Please see the change log
-   http://commons.apache.org/proper/commons-daemon/changes-report.html
+   https://commons.apache.org/proper/commons-daemon/changes-report.html
+
 
 Feedback
 --------
 Open source works best when you give feedback:
-http://commons.apache.org/daemon/
+https://commons.apache.org/daemon/
 
 Please direct all bug reports to JIRA
 https://issues.apache.org/jira/browse/DAEMON
 
 Or subscribe to the commons-user mailing list (prefix emails by [daemon])
-http://commons.apache.org/mail-lists.html
+https://commons.apache.org/mail-lists.html
 
 The Apache Commons Daemon Team
diff --git a/Server/src/bin/commons-daemon/amd64/prunsrv.exe b/Server/src/bin/commons-daemon/amd64/prunsrv.exe
diff --git a/Server/src/bin/commons-daemon/prunsrv.exe b/Server/src/bin/commons-daemon/prunsrv.exe
diff --git a/Server/src/bin/find_java b/Server/src/bin/find_java
@@ -0,0 +1,87 @@
+#!/bin/sh
+# ----------------------------------------------------------------------------
+#!/bin/sh
+# OS specific support.  $var _must_ be set to either true or false.
+darwin=false;
+case "`uname`" in
+  Darwin*) darwin=true
+           #
+           # Look for the Apple JDKs first to preserve the existing behaviour, and then look
+           # for the new JDKs provided by Oracle.
+           # 
+           if [ -z "$JAVA_HOME" ] && [ -L /System/Library/Frameworks/JavaVM.framework/Versions/CurrentJDK ] ; then
+             #
+             # Apple JDKs
+             #
+             export JAVA_HOME=/System/Library/Frameworks/JavaVM.framework/Versions/CurrentJDK/Home
+           fi
+
+           if [ -z "$JAVA_HOME" ] && [ -L /System/Library/Java/JavaVirtualMachines/CurrentJDK ] ; then
+             #
+             # Apple JDKs
+             #
+             export JAVA_HOME=/System/Library/Java/JavaVirtualMachines/CurrentJDK/Contents/Home
+           fi
+
+           if [ -z "$JAVA_HOME" ] && [ -L "/Library/Java/JavaVirtualMachines/CurrentJDK" ] ; then
+             #
+             # Oracle JDKs
+             #
+             export JAVA_HOME=/Library/Java/JavaVirtualMachines/CurrentJDK/Contents/Home
+           fi           
+
+           if [ -z "$JAVA_HOME" ] && [ -x "/usr/libexec/java_home" ]; then
+             #
+             # Apple JDKs
+             #
+             export JAVA_HOME=`/usr/libexec/java_home`
+           fi
+           ;;
+esac
+
+if [ -z "$JAVA_HOME" ] ; then
+  if [ -r /etc/gentoo-release ] ; then
+    JAVA_HOME=`java-config --jre-home`
+  fi
+fi
+
+if [ -z "$JAVA_HOME" ]; then
+  javaExecutable="`which javac`"
+  if [ -n "$javaExecutable" ] && ! [ "`expr \"$javaExecutable\" : '\([^ ]*\)'`" = "no" ]; then
+    # readlink(1) is not available as standard on Solaris 10.
+    readLink=`which readlink`
+    if [ ! `expr "$readLink" : '\([^ ]*\)'` = "no" ]; then
+      if $darwin ; then
+        javaHome="`dirname \"$javaExecutable\"`"
+        javaExecutable="`cd \"$javaHome\" && pwd -P`/javac"
+      else
+        javaExecutable="`readlink -f \"$javaExecutable\"`"
+      fi
+      javaHome="`dirname \"$javaExecutable\"`"
+      javaHome=`expr "$javaHome" : '\(.*\)/bin'`
+      JAVA_HOME="$javaHome"
+      export JAVA_HOME
+    fi
+  fi
+fi
+
+if [ -z "$JAVACMD" ] ; then
+  if [ -n "$JAVA_HOME"  ] ; then
+    JAVACMD="$JAVA_HOME/bin/java"
+  else
+    JAVACMD="`which java`"
+  fi
+fi
+
+if [ ! -x "$JAVACMD" ] ; then
+  echo "Error: JAVA_HOME is not defined correctly." >&2
+  echo "  We cannot execute $JAVACMD" >&2
+  exit 1
+fi
+
+if [ -z "$JAVA_HOME" ] ; then
+  echo "Warning: JAVA_HOME environment variable is not set."
+  exit 1
+fi
+export JAVA_HOME
+export JAVA=$JAVACMD
diff --git a/Server/src/bin/find_java.bat b/Server/src/bin/find_java.bat
@@ -0,0 +1,50 @@
+@echo off
+rem Purpose:  Find a version of Java to run
+rem Use a relatively simplistic but highly effective way by assuming the Java install is in the standard location
+rem Change the below env var if Java is in a different standard location
+set JavaBaseInstallFolder=%ProgramFiles%\Java
+
+rem Find Java Virtual Machine
+rem Remove any quotes around the JAVA env var if it already is set to avoid failures in the script
+if not "%JAVA%" == "" set JAVA=%JAVA:"=%
+if not "%JAVA%" == "" (
+  echo The JAVA var is already set to: %JAVA%  Clear the variable if you want this script to find a different Java
+  exit /B 0
+)
+if not "%JAVA_HOME%" == "" (
+  echo The JAVA_HOME var is already set to: %JAVA_HOME%  Clear the variable if you want this script to find a different Java home
+  goto :JavaHomeFound
+)
+rem Prevent early expansion of the batch variables so that we can accumulate information in the loop
+rem setlocal EnableDelayedExpansion
+set java_list=
+set found_count=0
+rem Find all folders off the Java folder in program files
+for /d %%i in ("%JavaBaseInstallFolder%\*") do (
+  set /A found_count+=1
+  call set "java_list[%%found_count%%]=%%i"
+)
+if %found_count% GTR 1 (
+  echo.
+  echo More than 1 Java install found:
+  for /L %%n in (1,1,%found_count%) do (
+    call echo %%n: %%java_list[%%n]%%
+  )
+  echo.
+  echo Set JAVA_HOME to one of the above.
+  exit /B 1
+)
+if %found_count% EQU 0 goto JavaNotFound
+echo Java install found: %java_list[1]%
+set JAVA_HOME=%java_list[1]%
+:JavaHomeFound
+set JAVA=%JAVA_HOME%\bin\java
+echo Set JAVA to: %JAVA%
+echo Set JAVA_HOME to: %JAVA_HOME%
+exit /B 0
+
+:JavaNotFound
+echo No Java install found in %JavaBaseInstallFolder%
+echo If you are using a 32-bit system you may want to change %ProgramFiles% to "%ProgramFiles(x86)%" and try again.
+echo If you have installed Java in a non-standard location then set the JAVA_HOME environment variable before running this script.
+exit /B 2
diff --git a/Server/src/bin/gen_p12_key_par.bat b/Server/src/bin/gen_p12_key_par.bat
@@ -7,58 +7,11 @@ set sigAlg="%3%withRSA"
 
 set dName=%4%
 
-echo DNAM = %dName%
-
-set CertValidDays=3650
+set CertValidDays=2900
 
 rem Setup the Java Virtual Machine
-if not "%JAVA%" == "" goto :Check_JAVA_END
-    if not "%JAVA_HOME%" == "" goto :TryJDKEnd
-        call :warn JAVA_HOME not set; results may vary
-:TryWOWJRE
-    FOR /F "usebackq tokens=3*" %%A IN (`REG QUERY "HKLM\Software\WOW6432NODE\JavaSoft\Java Runtime Environment" /s /v CurrentVersion ^| find "CurrentVersion"`) DO (
-       set JAVA_VERSION=%%A
-    )
-    FOR /F "usebackq tokens=3*" %%A IN (`REG QUERY "HKLM\Software\WOW6432NODE\JavaSoft\Java Runtime Environment\%JAVA_VERSION%" /s /v JavaHome ^| find "JavaHome"`) DO (
-       set JAVA_HOME=%%A %%B
-    )
-    if not exist "%JAVA_HOME%" goto :TryWOWJDK
-    goto TryJDKEnd
-:TryWOWJDK
-    FOR /F "usebackq tokens=3*" %%A IN (`REG QUERY "HKLM\Software\WOW6432NODE\JavaSoft\Java Development Kit" /s /v CurrentVersion  ^| find "CurrentVersion"`) DO (
-       set JAVA_VERSION=%%A
-    )
-    FOR /F "usebackq tokens=3*" %%A IN (`REG QUERY "HKLM\Software\WOW6432NODE\JavaSoft\Java Development Kit\%JAVA_VERSION%" /s /v JavaHome ^| find "JavaHome"`) DO (
-       set JAVA_HOME=%%A %%B
-    )
-    if not exist "%JAVA_HOME%" goto :TryJRE
-    goto TryJDKEnd
-:TryJRE
-    FOR /F "usebackq tokens=3*" %%A IN (`REG QUERY "HKLM\Software\JavaSoft\Java Runtime Environment" /s /v CurrentVersion  ^| find "CurrentVersion"`) DO (
-       set JAVA_VERSION=%%A
-    )
-    FOR /F "usebackq tokens=3*" %%A IN (`REG QUERY "HKLM\Software\JavaSoft\Java Runtime Environment\%JAVA_VERSION%" /s /v JavaHome ^| find "JavaHome"`) DO (
-       set JAVA_HOME=%%A %%B
-    )
-    if not exist "%JAVA_HOME%" goto :TryJDK
-    goto TryJDKEnd
-:TryJDK
-    FOR /F "usebackq tokens=3*" %%A IN (`REG QUERY "HKLM\Software\JavaSoft\Java Development Kit" /s /v CurrentVersion  ^| find "CurrentVersion"`) DO (
-       set JAVA_VERSION=%%A
-    )
-    FOR /F "usebackq tokens=3*" %%A IN (`REG QUERY "HKLM\Software\JavaSoft\Java Development Kit\%JAVA_VERSION%" /s /v JavaHome ^| find "JavaHome"`) DO (
-       set JAVA_HOME=%%A %%B
-    )
-    if not exist "%JAVA_HOME%" (
-       call :warn Unable to retrieve JAVA_HOME from Registry
-    )
-:TryJDKEnd
-    if not exist "%JAVA_HOME%" (
-        call :warn JAVA_HOME is not valid: "%JAVA_HOME%"
-        goto END
-    )
-    set JAVA=%JAVA_HOME%\bin\java
-:Check_JAVA_END
+call "%OPENAS2_BASE_DIR%\bin\find_java.bat"
+if %ERRORLEVEL% NEQ 0 exit /B 1
 
 echo        Generate a certificate to a PKCS12 key store.
 echo        Generating certificate:  using alias %certAlias% to %tgtStore%.p12"
@@ -90,15 +43,15 @@ echo.
 goto :END
 
 :Usage
-    echo maGenerate a certificate to a PKCS12 key store.
+  echo Generate a certificate to a PKCS12 key store.
   echo You must supply a target key store without the extension (extension will be added as .p12) and an alias for generated certificate.
-  echo usage: gen_p12_key_par <target keystore> <cert alias> <sigalg> <distinguished name>
+  echo usage: gen_p12_key_par ^<target keystore^> ^<cert alias^> ^<sigalg^> ^<distinguished name^>
   echo             WHERE
   echo                target keystore = name of the target keystore file without .p12 extension
   echo                cert alias = alias name for the digital certificate
   echo                sigalg = signing algorithm for the digital certificate ... SHA256, MD5 etc
   echo                distinguished name = a string in the format:
-  echo                                        CN=<cName>, OU=<orgUnit>, O=<org>, L=<city>, S=<state>, C=<countryCode>
+  echo                                        CN=^<cName^>, OU=^<orgUnit^>, O=^<org^>, L=^<city^>, S=^<state^>, C=^<countryCode^>
 
   echo. 
   echo        eg. gen_p12_key_par as2_certs partnera SHA256 "CN=PartnerA Testing, OU=QA, O=PartnerA, L=New York, S=New York, C=US"