diff options
author | Ade Lee <alee@redhat.com> | 2015-04-16 22:26:03 -0400 |
---|---|---|
committer | Ade Lee <alee@redhat.com> | 2015-04-22 00:01:47 -0400 |
commit | 2c171ca8fafc1d688b9b965d1255a81aba6aa7ee (patch) | |
tree | 52ba5ee52e94789e7d9aebe690ee5e9e96a4f1bd /base/server/tomcat/src/com/netscape | |
parent | 922e237279fcf8ce9827f0e3cbed904758ad5123 (diff) | |
download | pki-2c171ca8fafc1d688b9b965d1255a81aba6aa7ee.tar.gz pki-2c171ca8fafc1d688b9b965d1255a81aba6aa7ee.tar.xz pki-2c171ca8fafc1d688b9b965d1255a81aba6aa7ee.zip |
Add nuxwdog functionality to Dogtag
This is the first of several commits. This adds a LifecycleListener
to call init() on the nuxwdog client before any connectors or webapps
start up, and call sendEndInit() once initialization completes.
Code is also added to prompt for and test required passwords on startup.
All that is required to use nuxwdog is to start the server using nuxwdog.
An environment variable will be set that will trigger creation of the
NuxwdogPasswordStore. We expect tags for the required passwords to be in
cms.passwordList
Diffstat (limited to 'base/server/tomcat/src/com/netscape')
-rw-r--r-- | base/server/tomcat/src/com/netscape/cms/tomcat/NuxwdogPasswordStore.java | 104 | ||||
-rw-r--r-- | base/server/tomcat/src/com/netscape/cms/tomcat/NuxwdogPasswordStoreInitializer.java | 33 |
2 files changed, 137 insertions, 0 deletions
diff --git a/base/server/tomcat/src/com/netscape/cms/tomcat/NuxwdogPasswordStore.java b/base/server/tomcat/src/com/netscape/cms/tomcat/NuxwdogPasswordStore.java new file mode 100644 index 000000000..4a4f6ccfb --- /dev/null +++ b/base/server/tomcat/src/com/netscape/cms/tomcat/NuxwdogPasswordStore.java @@ -0,0 +1,104 @@ +package com.netscape.cms.tomcat; + +import java.io.FileInputStream; +import java.io.IOException; +import java.io.InputStream; +import java.util.ArrayList; +import java.util.Collections; +import java.util.Enumeration; +import java.util.Hashtable; +import java.util.Properties; + +import org.apache.commons.lang.StringUtils; + +import com.redhat.nuxwdog.WatchdogClient; + + +public class NuxwdogPasswordStore implements org.apache.tomcat.util.net.jss.IPasswordStore { + + // Note: pwCache is a temporary construct needed because nuxwdog currently + // does not expose a putPassword() method. When this is added, pwCache will + // no longer be needed. + private Hashtable<String, String> pwCache = null; + private ArrayList<String> tags = null; + + private final String PROMPT_PREFIX = "Please provide the password for "; + + @Override + public void init(String confFile) throws IOException { + if (!startedByNuxwdog()) { + throw new IOException("process not started by nuxwdog"); + } + + tags = new ArrayList<String>(); + + if (confFile != null) { + populateTokenTags(confFile); + } + + pwCache = new Hashtable<String, String>(); + } + + private boolean startedByNuxwdog() { + // confirm that process was started by nuxwdog + String wdPipeName = System.getenv("WD_PIPE_NAME"); + if (StringUtils.isNotEmpty(wdPipeName)) { + return true; + } + return false; + + } + + private void populateTokenTags(String confFile) throws IOException { + Properties props = new Properties(); + InputStream in = new FileInputStream(confFile); + props.load(in); + + tags.add("internal"); + + String tokenList = props.getProperty("cms.tokenList"); + if (StringUtils.isNotEmpty(tokenList)) { + for (String token: StringUtils.split(tokenList,',')) { + tags.add("hardware-" + token); + } + } + } + + private void addTag(String tag) { + if (!tags.contains(tag)) { + tags.add(tag); + } + } + + @Override + public String getPassword(String tag, int iteration) { + if (pwCache.containsKey(tag)) { + return pwCache.get(tag); + } + + String prompt = PROMPT_PREFIX + tag + ":"; + String pwd = WatchdogClient.getPassword(prompt, iteration); + + if (pwd != null) { + addTag(tag); + } + return pwd; + } + + @Override + public Enumeration<String> getTags() { + return Collections.enumeration(tags); + } + + @Override + public Object putPassword(String tag, String password) { + addTag(tag); + return pwCache.put(tag, password); + } + + @Override + public void commit() throws IOException, ClassCastException, NullPointerException { + // Nothing required here + } + +} diff --git a/base/server/tomcat/src/com/netscape/cms/tomcat/NuxwdogPasswordStoreInitializer.java b/base/server/tomcat/src/com/netscape/cms/tomcat/NuxwdogPasswordStoreInitializer.java new file mode 100644 index 000000000..a4c25306d --- /dev/null +++ b/base/server/tomcat/src/com/netscape/cms/tomcat/NuxwdogPasswordStoreInitializer.java @@ -0,0 +1,33 @@ +package com.netscape.cms.tomcat; +import org.apache.catalina.Lifecycle; +import org.apache.catalina.LifecycleEvent; +import org.apache.catalina.LifecycleListener; +import org.apache.commons.lang.StringUtils; + +import com.redhat.nuxwdog.WatchdogClient; + +public class NuxwdogPasswordStoreInitializer implements LifecycleListener { + + private boolean startedByWD = false; + + @Override + public void lifecycleEvent(LifecycleEvent event) { + String method = "NuxwdogReader:lifecycleEvent"; + if (event.getType().equals(Lifecycle.BEFORE_INIT_EVENT)) { + System.out.println(method + ": before init event"); + String wdPipeName = System.getenv("WD_PIPE_NAME"); + if (StringUtils.isNotEmpty(wdPipeName)) { + startedByWD = true; + System.out.println(method + ": Initializing the watchdog"); + WatchdogClient.init(); + } + } else if (event.getType().equals(Lifecycle.AFTER_START_EVENT)) { + System.out.println(method + "After start event"); + if (startedByWD) { + System.out.println(method + ": Sending endInit to the Watchdog"); + WatchdogClient.sendEndInit(0); + } + } + } + +} |