Add nuxwdog functionality to Dogtag

This is the first of several commits. This adds a LifecycleListener to call init() on the nuxwdog client before any connectors or webapps start up, and call sendEndInit() once initialization completes. Code is also added to prompt for and test required passwords on startup. All that is required to use nuxwdog is to start the server using nuxwdog. An environment variable will be set that will trigger creation of the NuxwdogPasswordStore. We expect tags for the required passwords to be in cms.passwordList
author: Ade Lee <alee@redhat.com> 2015-04-16 22:26:03 -0400
committer: Ade Lee <alee@redhat.com> 2015-04-22 00:01:47 -0400
commit: 2c171ca8fafc1d688b9b965d1255a81aba6aa7ee (patch)
tree: 52ba5ee52e94789e7d9aebe690ee5e9e96a4f1bd /base/util
parent: 922e237279fcf8ce9827f0e3cbed904758ad5123 (diff)
download: pki-2c171ca8fafc1d688b9b965d1255a81aba6aa7ee.tar.gz
pki-2c171ca8fafc1d688b9b965d1255a81aba6aa7ee.tar.xz
pki-2c171ca8fafc1d688b9b965d1255a81aba6aa7ee.zip
5 files changed, 115 insertions, 5 deletions
diff --git a/base/util/src/CMakeLists.txt b/base/util/src/CMakeLists.txt
index efef8af53..f374c01de 100644
--- a/base/util/src/CMakeLists.txt
+++ b/base/util/src/CMakeLists.txt
@@ -60,6 +60,14 @@ find_file(XERCES_JAR
         /usr/share/java
 )
 
+find_file(NUXWDOG_JAR
+    NAMES
+        nuxwdog.jar
+    PATHS
+        ${JAVA_LIB_INSTALL_DIR}
+        /usr/share/java
+)
+
 # build pki-nsutil
 javac(pki-nsutil-classes
     SOURCES
@@ -108,7 +116,7 @@ javac(pki-cmsutil-classes
     CLASSPATH
         ${APACHE_COMMONS_LANG_JAR} ${HTTPCORE_JAR} ${HTTPCLIENT_JAR}
         ${LDAPJDK_JAR} ${XALAN_JAR} ${XERCES_JAR}
-        ${JSS_JAR} ${COMMONS_CODEC_JAR}
+        ${JSS_JAR} ${COMMONS_CODEC_JAR} ${NUXWDOG_JAR}
     OUTPUT_DIR
         ${CMAKE_BINARY_DIR}/classes
     DEPENDS
diff --git a/base/util/src/com/netscape/cmsutil/http/JssSSLSocketFactory.java b/base/util/src/com/netscape/cmsutil/http/JssSSLSocketFactory.java
index 2f8a40ca2..166479d5a 100644
--- a/base/util/src/com/netscape/cmsutil/http/JssSSLSocketFactory.java
+++ b/base/util/src/com/netscape/cmsutil/http/JssSSLSocketFactory.java
@@ -19,7 +19,6 @@ package com.netscape.cmsutil.http;
 
 import java.io.IOException;
 import java.net.Socket;
-import java.net.SocketException;
 import java.net.UnknownHostException;
 
 import org.mozilla.jss.CryptoManager;
diff --git a/base/util/src/com/netscape/cmsutil/password/IPasswordStore.java b/base/util/src/com/netscape/cmsutil/password/IPasswordStore.java
index 49b2610fa..00ec4ccdf 100644
--- a/base/util/src/com/netscape/cmsutil/password/IPasswordStore.java
+++ b/base/util/src/com/netscape/cmsutil/password/IPasswordStore.java
@@ -23,7 +23,7 @@ import java.util.Enumeration;
 public interface IPasswordStore {
     public void init(String pwdPath) throws IOException;
 
-    public String getPassword(String tag);
+    public String getPassword(String tag, int iteration);
 
     public Enumeration<String> getTags();
 
diff --git a/base/util/src/com/netscape/cmsutil/password/NuxwdogPasswordStore.java b/base/util/src/com/netscape/cmsutil/password/NuxwdogPasswordStore.java
new file mode 100644
index 000000000..2a22d9ef6
--- /dev/null
+++ b/base/util/src/com/netscape/cmsutil/password/NuxwdogPasswordStore.java
@@ -0,0 +1,103 @@
+package com.netscape.cmsutil.password;
+
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.Enumeration;
+import java.util.Hashtable;
+import java.util.Properties;
+
+import org.apache.commons.lang.StringUtils;
+
+import com.redhat.nuxwdog.WatchdogClient;
+
+public class NuxwdogPasswordStore implements IPasswordStore {
+
+    // Note: pwCache is a temporary construct needed because nuxwdog currently
+    // does not expose a putPassword() method.  When this is added, pwCache will
+    // no longer be needed.
+    private Hashtable<String, String> pwCache = null;
+    private ArrayList<String> tags = null;
+
+    private final String PROMPT_PREFIX = "Please provide the password for ";
+
+    @Override
+    public void init(String confFile) throws IOException {
+        if (!startedByNuxwdog()) {
+            throw new IOException("process not started by nuxwdog");
+        }
+
+        tags = new ArrayList<String>();
+
+        if (confFile != null) {
+            populateTokenTags(confFile);
+        }
+
+        pwCache = new Hashtable<String, String>();
+    }
+
+    private boolean startedByNuxwdog() {
+        // confirm that process was started by nuxwdog
+        String wdPipeName = System.getenv("WD_PIPE_NAME");
+        if (StringUtils.isNotEmpty(wdPipeName)) {
+            return true;
+        }
+        return false;
+
+    }
+
+    private void populateTokenTags(String confFile) throws IOException {
+        Properties props = new Properties();
+        InputStream in = new FileInputStream(confFile);
+        props.load(in);
+
+        tags.add("internal");
+
+        String tokenList = props.getProperty("cms.tokenList");
+        if (StringUtils.isNotEmpty(tokenList)) {
+            for (String token: StringUtils.split(tokenList,',')) {
+                tags.add("hardware-" + token);
+            }
+        }
+    }
+
+    private void addTag(String tag) {
+        if (!tags.contains(tag)) {
+            tags.add(tag);
+        }
+    }
+
+    @Override
+    public String getPassword(String tag, int iteration) {
+        if (pwCache.containsKey(tag)) {
+            return pwCache.get(tag);
+        }
+
+        String prompt = PROMPT_PREFIX + tag + ":";
+        String pwd = WatchdogClient.getPassword(prompt, iteration);
+
+        if (pwd != null) {
+            addTag(tag);
+        }
+        return pwd;
+    }
+
+    @Override
+    public Enumeration<String> getTags() {
+        return  Collections.enumeration(tags);
+    }
+
+    @Override
+    public Object putPassword(String tag, String password) {
+        addTag(tag);
+        return pwCache.put(tag, password);
+    }
+
+    @Override
+    public void commit() throws IOException, ClassCastException, NullPointerException {
+        // Nothing required here
+    }
+
+}
diff --git a/base/util/src/com/netscape/cmsutil/password/PlainPasswordFile.java b/base/util/src/com/netscape/cmsutil/password/PlainPasswordFile.java
index 990d0c156..a3cd598c5 100644
--- a/base/util/src/com/netscape/cmsutil/password/PlainPasswordFile.java
+++ b/base/util/src/com/netscape/cmsutil/password/PlainPasswordFile.java
@@ -30,11 +30,11 @@ public class PlainPasswordFile implements IPasswordStore {
     private static final String PASSWORD_WRITER_HEADER = "";
 
     public PlainPasswordFile() {
+        mPwdStore = new Properties();
     }
 
     public void init(String pwdPath)
             throws IOException {
-        mPwdStore = new Properties();
         // initialize mPwdStore
         mPwdPath = pwdPath;
         FileInputStream file = null;
@@ -48,7 +48,7 @@ public class PlainPasswordFile implements IPasswordStore {
         }
     }
 
-    public String getPassword(String tag) {
+    public String getPassword(String tag, int iteration) {
         return mPwdStore.getProperty(tag);
     }
author	Ade Lee <alee@redhat.com>	2015-04-16 22:26:03 -0400
committer	Ade Lee <alee@redhat.com>	2015-04-22 00:01:47 -0400
commit	2c171ca8fafc1d688b9b965d1255a81aba6aa7ee (patch)
tree	52ba5ee52e94789e7d9aebe690ee5e9e96a4f1bd /base/util
parent	922e237279fcf8ce9827f0e3cbed904758ad5123 (diff)
download	pki-2c171ca8fafc1d688b9b965d1255a81aba6aa7ee.tar.gz pki-2c171ca8fafc1d688b9b965d1255a81aba6aa7ee.tar.xz pki-2c171ca8fafc1d688b9b965d1255a81aba6aa7ee.zip