Can the Secure+ PARMFILE be read for auditing?

Technote (FAQ)


Question

Can Connect:Direct z/OS produce a Secure+ audit report.?

Cause

Interactive screens via SpAdmin require too much manual effort. Auditors periodically require this to be verified.

Answer

This can be accomplished using Control Center by issuing a Secure+ Nodes Report if your Control Center is running Configuration Management.
A better method is to use a sample Application Interface for Java program (the old JAI) that provides the
information required. It has the advantage that each client can tailor to there requirements and style.


Here is the sample Java program:

package com.secureplus.sample;

import java.io.BufferedReader;
import java.io.InputStreamReader;
import java.util.Set;
import java.util.TreeMap;

import com.sterlingcommerce.cd.sdk.CDSecureNode;
import com.sterlingcommerce.cd.sdk.ConnectionException;
import com.sterlingcommerce.cd.sdk.KQVException;
import com.sterlingcommerce.cd.sdk.LogonException;
import com.sterlingcommerce.cd.sdk.MediatorEnum;
import com.sterlingcommerce.cd.sdk.MsgException;
import com.sterlingcommerce.cd.sdk.Node;
import com.sterlingcommerce.cd.sdk.Version;

public class SecurePlusSample {

static String LOCALNODE = "";
static String LOCALNODEAPIPORT = "";
static String LOCALNODEUSERID = "";
static String LOCALNODEPASSWORD = "";

static String Z_LOCALNODE = "ip.zos.addr.com";
static String Z_LOCALNODEAPIPORT = "1363";
static String Z_LOCALNODEUSERID = "USER1";
static String Z_LOCALNODEPASSWORD = "PASSWORD1";

static String U_LOCALNODE = "ip.unix.addr.com";
static String U_LOCALNODEAPIPORT = "1363";
static String U_LOCALNODEUSERID = "USER2";
static String U_LOCALNODEPASSWORD = "PASSWORD2";

static String W_LOCALNODE = "ip.win.addr.com";
static String W_LOCALNODEAPIPORT = "1363";
static String W_LOCALNODEUSERID = "USER3";
static String W_LOCALNODEPASSWORD = "PASSWORD3";

public static void main(String[] args) {

Node cdNode = null;
boolean showDefaultToLocal = false;

try {

System.out.println("Enter Windows(W), UNIX(U) or z/OS(Z)?");
BufferedReader bufferRead = new BufferedReader(
new InputStreamReader(System.in));
String s = bufferRead.readLine();
if (s.equalsIgnoreCase("W")) {
LOCALNODE = W_LOCALNODE;
LOCALNODEAPIPORT = W_LOCALNODEAPIPORT;
LOCALNODEUSERID = W_LOCALNODEUSERID;
LOCALNODEPASSWORD = W_LOCALNODEPASSWORD;
} else if (s.equalsIgnoreCase("U")) {
LOCALNODE = U_LOCALNODE;
LOCALNODEAPIPORT = U_LOCALNODEAPIPORT;
LOCALNODEUSERID = U_LOCALNODEUSERID;
LOCALNODEPASSWORD = U_LOCALNODEPASSWORD;
} else if (s.equalsIgnoreCase("Z")) {
LOCALNODE = Z_LOCALNODE;
LOCALNODEAPIPORT = Z_LOCALNODEAPIPORT;
LOCALNODEUSERID = Z_LOCALNODEUSERID;
LOCALNODEPASSWORD = Z_LOCALNODEPASSWORD;
} else {
System.out.println("Only W, U or Z are accepted.");
System.exit(1);
}
System.out
.println("Show only nodes with defined ciper suites, Y|N? [Y]");
s = bufferRead.readLine();
if (s == null || s.equals("")) {
// default ok
} else if (s.equalsIgnoreCase("Y")) {
// default ok
} else if (s.equalsIgnoreCase("N")) {
showDefaultToLocal = true;
} else {
System.out.println("Only Y or N are accepted.");
System.exit(2);
}
/**
* To signon to a Connect:Direct server a Node object must
* successfully be instantiated.
*
* To do so the following items must be specified: - the ip address,
* or host name, followed by the port value - a valid Connect:Direct
* user id - the password associated with that id - "TCPIP" for a
* non-secure connection ("SSL" and "TLS" are also valid)
*
*/

// Specify the location and password for the JSSE truststore
// Note: If S+CMD.ENFORCE.SECURE.CONNECTION=Y specified on node
// a secure connection is required.
System.setProperty("javax.net.ssl.trustStore", "C:\\temp\\keystore");
System.setProperty("javax.net.ssl.trustStorePassword", "changeit");

// System.setProperty("javax.net.debug", "all");

// Ask the user for connection information
// getConnectionInformation();

System.out.println("Connecting to Connect:Direct server");
cdNode = new Node(LOCALNODE + ";" + LOCALNODEAPIPORT,
LOCALNODEUSERID, LOCALNODEPASSWORD.toCharArray(), "TCPIP", // "TLS" if secure connection required
"SecurePlusSample", java.util.Locale.getDefault());

/**
* To see what is going back and forth to the Connect:Direct server
* turn traces on by uncommenting the line below.
*
* Output is written to System.out.
*/

if (cdNode.getConnectionInfo() == null) {
System.out
.println("************** cdNode.getConnectionInfo() is null even though we got connected!!!!!!!!");
}

// cdNode.getConnectionInfo().setTraceOn();
// cdNode.getConnectionInfo().setTraceOff();

System.out.println("ConnectionInfo.Port="
+ cdNode.getConnectionInfo().getPort());

/**
* Retrieve the name and type of the server the program just
* connected to and display them.
*/
String localNode = cdNode.getConnectionInfo().getNodeName();
String osType = cdNode.getConnectionInfo().getOSType();
int version = cdNode.getConnectionInfo().getNodeVersion();
int securePlusVersion = cdNode.getConnectionInfo()
.getSecurePlusVersion();
System.out.println("Signed on to Connect:Direct for " + osType
+ ", " + "Version = " + version + ", " + "Server name = "
+ localNode);
System.out.println("UTC delta = "
+ cdNode.getConnectionInfo().getGmtOffset());
Version v = new com.sterlingcommerce.cd.sdk.Version();
System.out.println("Jai version - " + v.getBuildInfo());
System.out.println("Supports Set APKey = "
+ cdNode.getConnectionInfo().getAPKeySetSupport());
System.out.println("Secure+ version = " + securePlusVersion);

cdNode.setLimit(20000);
// cdNode.getConnectionInfo().setTraceOn();

String cmd = "select s+node";
MediatorEnum results = cdNode.execute(cmd);
String lclNode = "";
String lclCipherSuites = "";
TreeMap<String, CDSecureNode> tm = new TreeMap<String, CDSecureNode>();
while (results.hasMoreElements()) {
CDSecureNode res = (CDSecureNode) results.getNextElement();
tm.put(res.getNodename(), res);
if (res.getNodetype().equals("L")) {
lclNode = res.getNodename();
lclCipherSuites = res.getCipherSuites();
}
// System.out.println(res);
// System.out.println("BaseName= "+res.getBaseNodename());
// System.out.println("NodeType= "+res.getNodetype());
// System.out.println("CipherSuites="+res.getCipherSuites());
}

lclCipherSuites = lclCipherSuites.replaceAll(",",
"\\\r\\\n\\\t\\\t\\\t");
// System.out.println("LocalNode=\t\t"+lclNode);
// System.out.println("CipherSuites=\t\t"+lclCipherSuites);

System.out.println();
System.out.printf("%-20s%-60s%n", "LocalNode", lclNode);
CDSecureNode nd = tm.get(lclNode);

System.out.printf("%-20s%-60s%n", "Overrides",
"\t" + nd.getOverride());
System.out.printf("%-20s%-60s%n", "CipherSuites", "\t"
+ lclCipherSuites);

Set<String> ks = tm.keySet();

// Now go through all the remote nodes
System.out.println();
for (String node : ks) {
CDSecureNode cdn = tm.get(node);
if (cdn.getNodetype().equals("R")) {
String cs = cdn.getCipherSuites();
if (cs == null || cs.equals("")) {
cs = "*defaults to local node";
if (!showDefaultToLocal) {
continue;
}
}
System.out.printf("%-20s%-60s%n", "RemoteNode", node);
cs = cs.replaceAll(",", "\\\r\\\n\\\t\\\t\\\t");
System.out
.printf("%-20s%-60s%n", "CipherSuites", "\t" + cs);
}
}

// Now go through all the alias nodes
System.out.println();
for (String node : ks) {
CDSecureNode cdn = tm.get(node);
if (cdn.getNodetype().equals("A")) {
String cs = cdn.getCipherSuites();
if (cs == null || cs.equals("")) {
cs = "*defaults to local node";
if (!showDefaultToLocal) {
continue;
}
}
System.out.printf("%-20s%-60s%n", "AliasNode", node);
String bn = cdn.getBaseNodename();
System.out.printf("%-20s%-60s%n", "BaseNode", bn);
CDSecureNode cdnb = tm.get(bn);
cs = cs.replaceAll(",", "\\\r\\\n\\\t\\\t\\\t");
System.out
.printf("%-20s%-60s%n", "CipherSuites", "\t" + cs);
}
}

} catch (ConnectionException ce) {
/**
* The method below will display the contents of the
* ConnectionException thrown by the attempt to connect/signon to
* the specified Connect:Direct server.
*
* ConnectionExceptions are typically thrown when invalid location
* information (ip address and/or port) are provided in the Node
* constructor.
*/
showErrorDetails(ce);
} catch (LogonException le) {
/**
* The method below will display the contents of the LogonException
* thrown by the attempt to connect/signon to the specified
* Connect:Direct server.
*
* LogonExceptions are typically thrown when invalid logon
* information (userid and/or passwords) are provided in the Node
* constructor.
*/
showErrorDetails(le);
} catch (KQVException ke) {
showErrorDetails(ke);
} catch (MsgException me) {
/**
* The method below will display the contents of the MsgException
* thrown by the attempt to perform the command above.
*/
showErrorDetails(me);
} catch (Exception ex) {
/**
* This exception should not occur. If it does a stack trace will be
* outputted.
*/
ex.printStackTrace();
} finally {
/**
* Before terminating, if a connection with a Connect:Direct server
* was successfully established attempt to terminate that
* connection.
*/
try {
if (cdNode != null) {
System.out.println();
System.out
.println("Disconnecting from Connect:Direct server");
cdNode.closeNode();
}
} catch (Exception ignored) {
}
}
}

/**
* Display the contents of a MsgException.
*
* @param me
*/
static void showErrorDetails(MsgException me) {
/**
* MsgExceptions may be caused by multiple errors, each of which are
* provided in the elements contained by the MsgException object. The
* logic below goes through each element and displays the error they
* contain.
*/
// System.out.println("ShowErrorDetails("+me+")");
// System.out.println(" Exception message = |"+me.getMessage()+"|");
// Enumeration errorEnum = me.elements();
// while (errorEnum.hasMoreElements()) {
// System.out.println(" " + errorEnum.nextElement());
// }
System.out.println("Howdy from show Error details");
System.out.println(Util.extractExceptionText(me));
}
}


Rate this page:

(0 users)Average rating

Add comments

Document information


More support for:

Sterling Connect:Direct
Extensions

Software version:

5.0, 5.1

Operating system(s):

z/OS

Reference #:

1625639

Modified date:

2013-02-18

Translate my page

Machine Translation

Content navigation