forked from AKSarav/SecureTomcatJDBC
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathSecureTomcatJDBC.bat
297 lines (242 loc) · 8.03 KB
/
SecureTomcatJDBC.bat
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
@REM
@REM Author: DeHartB ([email protected])
@REM
@REM
@ECHO OFF
SET BASE_DIR="%cd%"
SET CURRENT_USER=%USERDOMAIN%\%USERNAME%
SET BUILTIN_USERS=BUILTIN\Users
SET LOGFILE=%BASE_DIR%\SecureTomDB-Exec.log
SET INFOFILE=%BASE_DIR%\TomcatInfo.properties
SET JAVA_ENC_FILE=EncDecJDBCPass.java
SET TEMP_JAVA_ENC_FILE=EncDecJDBCPass_temp.java
SET BAK_JAVA_ENC_FILE=EncryptJDBCPassword-Original.java
SET CLASS_ENC_FILE=EncDecJDBCPass.class
SET JAVA_DS_FILE=SecureTomcatDataSourceImpl.java
SET CLASS_DS_FILE=SecureTomcatDataSourceImpl.class
SET JAVA_STJ_FILE=SecureTomcatJDBC.jar
SET LOG_STJ_FILE=SecureTomcatJDBC.log
SET CMD_ENV_FILE=SetEnv.bat
SET SECRET_PHRASE_REPLACE=PHRASETOREPLACE
SET EMPTYSTRING=
@REM Ensure we are always working with a fresh password
SET passwordtoencrypt=
@REM DELETE TEMP FILES
DEL /f /q %INFOFILE%
DEL /f /q %BASE_DIR%\*.class
@REM RUN SETENVBAT FILE FOR ANY PRECONFIGURED VALUES
IF EXIST "%CMD_ENV_FILE%" (
ECHO ADDING PRESET ENVIRONMENT VARIABLES
CALL %CMD_ENV_FILE% %*
)
@REM CHECK FOR PRECONFIGURED CATALINA_HOME, ELSE TAKE INPUT
@REM HANDLE Quotes in CATALINA_HOME
IF "%CATALINA_HOME%"=="" (
SET /p InstanceDir="Enter the Tomcat Instance CATALINA_HOME ( A Parent Directory of conf/ bin/ webapps/): "
SET CATALINA_HOME=%InstanceDir%
@REM remove quotes if exist
) ELSE (
ECHO CATALINA_HOME IS SET TO %CATALINA_HOME%
SET InstanceDir=%CATALINA_HOME%
)
SETLOCAL EnableDelayedExpansion
IF EXIST "%InstanceDir%" (
IF EXIST "%InstanceDir%"\bin\version.bat (
ECHO STARTING VERSION CHECK
SET permission=false
FOR /F "delims=" %%F IN ('ICACLS "%InstanceDir%"\bin\version.bat ^| FINDSTR /ic:"%CURRENT_USER%" /ic:"%BUILTIN_USERS%"') DO (
SET str1=%%F
SET str2=!str1:(F^)=!
SET str3=!str1:(RX^)=!
IF NOT x!str3!==x!str1! (
ECHO User or builtin user has full permissions
SET permission=true
)
IF NOT x!str2!==x!str1! (
ECHO User or builtin user has execute permissions
SET permission=true
)
)
ECHO permission set to !permission!
IF !permission!==true (
CALL "%InstanceDir%"\bin\version.bat > %INFOFILE%
) ELSE (
ECHO ERROR: Execute Permission is not set
EXIT 9
)
) ELSE (
ECHO ERROR: Unable to find the version.bat under %InstanceDir%\bin
EXIT 9
)
)
ENDLOCAL
ECHO Completed version.bat task
CD %BASE_DIR%
IF EXIST %INFOFILE% (
FOR %%A IN (%INFOFILE%) DO IF NOT %%~zA==0 (
FINDSTR /ic:"Server Version" %INFOFILE%
FINDSTR /ic:"JVM Version" %INFOFILE%
FINDSTR /ic:"JAVA" /ic:"JRE" %INFOFILE%
FINDSTR /ic:"CATALINA_HOME" %INFOFILE%
FINDSTR /ic:"CLASSPATH" %INFOFILE%
)
)
@REM IF JAVA_HOME IS NOT DEFINED USE TOMCAT DEFINED JAVA_HOME
IF "%JAVA_HOME%" == "" (
FOR /F "delims=" %%a IN ('FINDSTR /ic:"JAVA" /ic:"JRE" %INFOFILE% ') DO SET JAVA_HOME_TC=%%a
SETLOCAL ENABLEDELAYEDEXPANSION
SET search=USING JRE_HOME:
CALL SET JAVA_HOME_TC=%%JAVA_HOME_TC:%search%=%EMPTYSTRING%%%
SET search=USING JAVA_HOME:
CALL SET JAVA_HOME_TC=%%JAVA_HOME_TC:%search%=%EMPTYSTRING%%%
FOR /f "tokens=* delims= " %%a IN ("%JAVA_HOME_TC%") DO SET JAVA_HOME_TC=%%a
SET JAVA_HOME=%JAVA_HOME_TC%
)
SET JAVA_HOME_VALID=1
IF EXIST %JAVA_HOME%\bin\javac.exe (
IF EXIST %JAVA_HOME%\bin\java.exe (
IF EXIST %JAVA_HOME%\bin\jar.exe (
ECHO INFO: Java Home Validation Successful. Good to Go
) ELSE (
SET JAVA_HOME_VALID=0
)
) ELSE (
SET JAVA_HOME_VALID=0
)
) ELSE (
SET JAVA_HOME_VALID=0
)
IF %JAVA_HOME_VALID% equ 0 (
SET JAVA_HOME_VALID=0
ECHO ERROR: Java Home Does not seem to be having either JAVAC or JAVA or JAR command.
ECHO Trying to Obtain JAVA_HOME during runtime
ECHO Enter the JAVA_HOME:
SET /p JAVA_HOME_IN=
IF EXIST %JAVA_HOME%\bin\javac.exe (
IF EXIST %JAVA_HOME%\bin\java.exe (
IF EXIST %JAVA_HOME%\bin\jar.exe (
ECHO INFO: Java Home Validation Successful - RUNTIME. Good to Go
) ELSE (
SET JAVA_HOME_VALID=0
)
) ELSE (
SET JAVA_HOME_VALID=0
)
) ELSE (
SET JAVA_HOME_VALID=0
)
IF %JAVA_HOME_VALID% equ 0 (
ECHO I am Sorry the Given JAVA_HOME does not seem to having JAVAC or JAVA or JAR command either
ECHO If you feel there is a BUG. Please write email to my author dehartb@battelle
)
)
SET JULI_JAR_LOC="%InstanceDir%"\bin\tomcat-juli.jar
SET JDBC_JAR_LOC="%InstanceDir%"\lib\tomcat-jdbc.jar
ECHO INFO: Vaidating the Tomcat Juli and Tomcat JDBC Jar files availability
IF EXIST %JULI_JAR_LOC% (
IF EXIST %JDBC_JAR_LOC% (
ECHO INFO: Jar files are present. Good to Go
) ELSE (
ECHO ERROR: Unable to find the Jar file %JDBC_JAR_LOC%
EXIT 10
)
) ELSE (
ECHO ERROR: Unable to find the Jar file %JDBC_JAR_LOC%
EXIT 10
)
IF "%passwordtoencrypt%" == "" (
ECHO Enter the Password to Encrypt
SET /p passwordtoencrypt=
) ELSE (
ECHO password to encrypt: %passwordtoencrypt%
)
IF "%secretphrase%" == "" (
ECHO Enter the Secret PassPhrase
SET /p secretphrase=
) ELSE (
ECHO secret passphrase: %secretphrase%
)
xcopy %JAVA_ENC_FILE% %BASE_DIR%\%BAK_JAVA_ENC_FILE%* /y
IF %ERRORLEVEL% NEQ 0 (
ECHO ERROR: failed to take backup of $JAVA_ENC_FILE
)
SET ENTERED_INFO_VALID=1
IF %secretphrase% == "" SET ENTERED_INFO_VALID=0
IF %passwordtoencrypt% == "" SET ENTERED_INFO_VALID=0
IF %ENTERED_INFO_VALID% == 1 (
(FOR /f "delims=" %%i IN (%JAVA_ENC_FILE%) DO (
SET "line=%%i"
SETLOCAL enabledelayedexpansion
SET "line=!line:%SECRET_PHRASE_REPLACE%=%secretphrase%!"
ECHO(!line!
ENDLOCAL
))>"%TEMP_JAVA_ENC_FILE%
XCOPY %TEMP_JAVA_ENC_FILE% %JAVA_ENC_FILE%* /y
DEL %TEMP_JAVA_ENC_FILE%
) ELSE (
ECHO ERROR: Either PassPhrase or the Password is Empty
)
ECHO Creating the JAR module and Compiling the code
%JAVA_HOME%\bin\javac -cp "%CATALINA_HOME%"\lib;%JDBC_JAR_LOC%;%JULI_JAR_LOC%;. %JAVA_ENC_FILE% && %JAVA_HOME%\bin\javac -cp "%CATALINA_HOME%"\lib;%JDBC_JAR_LOC%;%JULI_JAR_LOC%;. %JAVA_DS_FILE%
IF %ERRORLEVEL% EQU 0 (
IF EXIST %CLASS_ENC_FILE% (
IF EXIST %CLASS_DS_FILE% (
ECHO Class files are created. Good to Go
) ELSE (
ECHO ERROR: Classfiles are not Created. Please check manually
)
) ELSE (
ECHO ERROR: Classfiles are not Created. Please check manually
)
) ELSE (
ECHO Class Compilation Errors Found. Please check manually
EXIT 11
)
ECHO INFO: Creating a Jar file %JAVA_STJ_FILE%
%JAVA_HOME%\bin\jar cvef EncDecJDBCPass %JAVA_STJ_FILE% *.class
IF %ERRORLEVEL% EQU 0 (
IF EXIST %JAVA_STJ_FILE% (
ECHO INFO: Jar file Creation Successful. Good to Go
) ELSE (
ECHO ERROR: JAR FILE NOT FOUND
EXIT 12
)
) ELSE (
ECHO ERROR: Jar Creation Failed
EXIT 12
)
FOR /F "delims=" %%a IN ('%JAVA_HOME%\bin\java -jar %JAVA_STJ_FILE% ^| findstr /i usage %LOG_STJ_FILE%') DO SET USAGE_FOUND=%%a
IF NOT "%USAGE_FOUND%" == "" (
ECHO "Password Encryption Begins for %passwordtoencrypt%"
%JAVA_HOME%\bin\java -jar %JAVA_STJ_FILE% %passwordtoencrypt%
FOR /l %%x IN (1, 1, 100) DO (
SETLOCAL EnableDelayedExpansion
SET /p response="Encrypt another password y/n: "
IF /I "!response!" EQU "YES" SET validresponse=1
IF /I "!response!" EQU "Y" SET validresponse=1
IF !validresponse! EQU 1 (
SET /p passwordresponse="Enter the Password to Encrypt: "
ECHO "Password Encryption Begins for !passwordresponse!"
%JAVA_HOME%\bin\java -jar %JAVA_STJ_FILE% !passwordresponse!
) ELSE (
@REM FIND ANOTHER WAY TO BREAK FOR LOOP
ENDLOCAL
GOTO ENDPASSWORD
)
ENDLOCAL
)
) ELSE (
ECHO ERROR: Unable to Encrypt the Password. Sorry. Please report this problem to my Creator at [email protected]
EXIT 13
)
:ENDPASSWORD
ECHO Password Encryption Completed. Your Encrypted Password is displayed above
XCOPY %BAK_JAVA_ENC_FILE% %JAVA_ENC_FILE%* /y
DEL /f /q %BAK_JAVA_ENC_FILE%
DEL /f /q %BASE_DIR%\*.class
ECHO Next Steps:
ECHO 1) Copy the Generated SecureTomcatJDBC.jar into the %InstanceDir%\lib directory
ECHO 2) Replace the Factory element in Context.xml with factory="SecureTomcatDataSourceImpl"
ECHO 3) Replace the Encrypted Password in place of Clear Text Password password="ENCRYPTED PASSWORD"
ECHO For Any Questions about this tool read the product page https://www.middlewareinventory.com/blog/secure-tomcat-jdbc/. Leave a Comment there for any help
ECHO Good Bye. Thanks for using SecureTomcatJDBC Application