Replaced Tomcat's random number generator.

By default Tomcat relies on /dev/random as a random number generator
to generate the session ID's. Under certain conditions /dev/random
may block, which will block Tomcat as well. To solve the problem all
webapps in Tomcat have been configured to use the random number
generator provided by JSS.

Ticket #524

7 files changed, 69 insertions, 6 deletions

diff --git a/base/ca/shared/webapps/ca/META-INF/context.xml b/base/ca/shared/webapps/ca/META-INF/context.xml
index 975ecabf1..032fd14c9 100644
--- a/base/ca/shared/webapps/ca/META-INF/context.xml
+++ b/base/ca/shared/webapps/ca/META-INF/context.xml
@@ -24,7 +24,11 @@
 -->
 <Context crossContext="true" allowLinking="true">
 
-    <Valve className="com.netscape.cms.tomcat.SSLAuthenticatorWithFallback" />
+    <Manager
+        secureRandomProvider="Mozilla-JSS" secureRandomAlgorithm="pkcs11prng"/>
+
+    <Valve className="com.netscape.cms.tomcat.SSLAuthenticatorWithFallback"
+        secureRandomProvider="Mozilla-JSS" secureRandomAlgorithm="pkcs11prng"/>
 
     <Realm className="com.netscape.cms.tomcat.ProxyRealm" />
 
diff --git a/base/common/shared/webapps/ROOT/META-INF/context.xml b/base/common/shared/webapps/ROOT/META-INF/context.xml
index c29b4586e..ce98bfa4e 100644
--- a/base/common/shared/webapps/ROOT/META-INF/context.xml
+++ b/base/common/shared/webapps/ROOT/META-INF/context.xml
@@ -24,4 +24,7 @@
 -->
 <Context crossContext="true" allowLinking="true">
 
+    <Manager
+        secureRandomProvider="Mozilla-JSS" secureRandomAlgorithm="pkcs11prng"/>
+
 </Context>
diff --git a/base/common/shared/webapps/pki/META-INF/context.xml b/base/common/shared/webapps/pki/META-INF/context.xml
new file mode 100644
index 000000000..ce98bfa4e
--- /dev/null
+++ b/base/common/shared/webapps/pki/META-INF/context.xml
@@ -0,0 +1,30 @@
+<?xml version='1.0' encoding='utf-8'?>
+<!-- BEGIN COPYRIGHT BLOCK
+     Copyright (C) 2012 Red Hat, Inc.
+     All rights reserved.
+     Modifications: configuration parameters
+     END COPYRIGHT BLOCK
+-->
+
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one or more
+  contributor license agreements.  See the NOTICE file distributed with
+  this work for additional information regarding copyright ownership.
+  The ASF licenses this file to You under the Apache License, Version 2.0
+  (the "License"); you may not use this file except in compliance with
+  the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+-->
+<Context crossContext="true" allowLinking="true">
+
+    <Manager
+        secureRandomProvider="Mozilla-JSS" secureRandomAlgorithm="pkcs11prng"/>
+
+</Context>
diff --git a/base/deploy/src/scriptlets/webapp_deployment.py b/base/deploy/src/scriptlets/webapp_deployment.py
index 4948babbb..e72752ee8 100644
--- a/base/deploy/src/scriptlets/webapp_deployment.py
+++ b/base/deploy/src/scriptlets/webapp_deployment.py
@@ -57,19 +57,19 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
                 master['pki_tomcat_webapps_root_path'],
                 overwrite_flag=True)
 
+            util.directory.create(master['pki_tomcat_webapps_common_path'])
+
             # If desired and available,
             # copy selected server theme
             # to <instance>/webapps/pki
             if config.str2bool(master['pki_theme_enable']) and\
                os.path.exists(master['pki_theme_server_dir']):
-                util.directory.create(master['pki_tomcat_webapps_common_path'])
                 util.directory.copy(master['pki_theme_server_dir'],
                                     master['pki_tomcat_webapps_common_path'],
                                     overwrite_flag=True)
 
             # Copy /usr/share/pki/server/webapps/pki/js
             # to <instance>/webapps/pki/js
-            util.directory.create(master['pki_tomcat_webapps_subsystem_path'])
             util.directory.copy(
                 os.path.join(
                     config.PKI_DEPLOYMENT_SOURCE_ROOT,
@@ -82,6 +82,20 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
                     "js"),
                 overwrite_flag=True)
 
+            # Copy /usr/share/pki/server/webapps/pki/META-INF
+            # to <instance>/webapps/pki/META-INF
+            util.directory.copy(
+                os.path.join(
+                    config.PKI_DEPLOYMENT_SOURCE_ROOT,
+                    "server",
+                    "webapps",
+                    "pki",
+                    "META-INF"),
+                os.path.join(
+                    master['pki_tomcat_webapps_common_path'],
+                    "META-INF"),
+                overwrite_flag=True)
+
             # Copy /usr/share/pki/server/webapps/pki/admin
             # to <instance>/webapps/<subsystem>/admin
             # TODO: common templates should be deployed in common webapp
diff --git a/base/kra/shared/webapps/kra/META-INF/context.xml b/base/kra/shared/webapps/kra/META-INF/context.xml
index 975ecabf1..032fd14c9 100644
--- a/base/kra/shared/webapps/kra/META-INF/context.xml
+++ b/base/kra/shared/webapps/kra/META-INF/context.xml
@@ -24,7 +24,11 @@
 -->
 <Context crossContext="true" allowLinking="true">
 
-    <Valve className="com.netscape.cms.tomcat.SSLAuthenticatorWithFallback" />
+    <Manager
+        secureRandomProvider="Mozilla-JSS" secureRandomAlgorithm="pkcs11prng"/>
+
+    <Valve className="com.netscape.cms.tomcat.SSLAuthenticatorWithFallback"
+        secureRandomProvider="Mozilla-JSS" secureRandomAlgorithm="pkcs11prng"/>
 
     <Realm className="com.netscape.cms.tomcat.ProxyRealm" />
 
diff --git a/base/ocsp/shared/webapps/ocsp/META-INF/context.xml b/base/ocsp/shared/webapps/ocsp/META-INF/context.xml
index 975ecabf1..032fd14c9 100644
--- a/base/ocsp/shared/webapps/ocsp/META-INF/context.xml
+++ b/base/ocsp/shared/webapps/ocsp/META-INF/context.xml
@@ -24,7 +24,11 @@
 -->
 <Context crossContext="true" allowLinking="true">
 
-    <Valve className="com.netscape.cms.tomcat.SSLAuthenticatorWithFallback" />
+    <Manager
+        secureRandomProvider="Mozilla-JSS" secureRandomAlgorithm="pkcs11prng"/>
+
+    <Valve className="com.netscape.cms.tomcat.SSLAuthenticatorWithFallback"
+        secureRandomProvider="Mozilla-JSS" secureRandomAlgorithm="pkcs11prng"/>
 
     <Realm className="com.netscape.cms.tomcat.ProxyRealm" />
 
diff --git a/base/tks/shared/webapps/tks/META-INF/context.xml b/base/tks/shared/webapps/tks/META-INF/context.xml
index 975ecabf1..032fd14c9 100644
--- a/base/tks/shared/webapps/tks/META-INF/context.xml
+++ b/base/tks/shared/webapps/tks/META-INF/context.xml
@@ -24,7 +24,11 @@
 -->
 <Context crossContext="true" allowLinking="true">
 
-    <Valve className="com.netscape.cms.tomcat.SSLAuthenticatorWithFallback" />
+    <Manager
+        secureRandomProvider="Mozilla-JSS" secureRandomAlgorithm="pkcs11prng"/>
+
+    <Valve className="com.netscape.cms.tomcat.SSLAuthenticatorWithFallback"
+        secureRandomProvider="Mozilla-JSS" secureRandomAlgorithm="pkcs11prng"/>
 
     <Realm className="com.netscape.cms.tomcat.ProxyRealm" />