2 files changed, 143 insertions, 28 deletions

diff --git a/base/server/python/pki/server/__init__.py b/base/server/python/pki/server/__init__.py
index 3eb6b5f97..3c471071f 100644
--- a/base/server/python/pki/server/__init__.py
+++ b/base/server/python/pki/server/__init__.py
@@ -19,41 +19,61 @@
 # All rights reserved.
 #
 
-import re
+from lxml import etree
+import grp
 import os
+import pwd
+import re
+import subprocess
 
 import pki
 
 INSTANCE_BASE_DIR = '/var/lib/pki'
-REGISTRY_DIR = '/etc/sysconfig/pki'
-SUBSYSTEM_TYPES = ['ca', 'kra', 'ocsp', 'tks', 'tps']
+REGISTRY_DIR      = '/etc/sysconfig/pki'
+SUBSYSTEM_TYPES   = ['ca', 'kra', 'ocsp', 'tks', 'tps']
 
 
 class PKISubsystem(object):
 
     def __init__(self, instance, subsystem_name):
+
         self.instance = instance
         self.name = subsystem_name
         self.type = instance.type
+
         if self.type >= 10:
-            self.conf_dir = os.path.join(
-                INSTANCE_BASE_DIR,
-                instance.name, 'conf', subsystem_name)
-            self.base_dir = os.path.join(
-                INSTANCE_BASE_DIR,
-                instance.name, subsystem_name)
+            self.base_dir = os.path.join(self.instance.base_dir, self.name)
+            self.conf_dir = os.path.join(self.base_dir, 'conf')
         else:
-            self.conf_dir = os.path.join(pki.BASE_DIR, instance.name, 'conf')
-            self.base_dir = os.path.join(pki.BASE_DIR, instance.name)
+            self.base_dir = instance.base_dir
+            self.conf_dir = os.path.join(self.base_dir, 'conf')
+
+        self.context_xml_template = os.path.join(
+            pki.SHARE_DIR, self.name, 'conf', 'Catalina', 'localhost', self.name + '.xml')
 
-        self.validate()
+        self.context_xml = os.path.join(
+            instance.conf_dir, 'Catalina', 'localhost', self.name + '.xml')
+
+        self.doc_base = os.path.join(self.base_dir, 'webapps', self.name)
+
+    def is_valid(self):
+        return os.path.exists(self.conf_dir)
 
     def validate(self):
-        if not os.path.exists(self.conf_dir):
+        if not self.is_valid():
             raise pki.PKIException(
                 'Invalid subsystem: ' + self.__repr__(),
                 None, self.instance)
 
+    def is_enabled(self):
+        return self.instance.is_deployed(self.name)
+
+    def enable(self):
+        self.instance.deploy(self.name, self.context_xml_template, self.doc_base)
+
+    def disable(self):
+        self.instance.undeploy(self.name)
+
     def __repr__(self):
         return str(self.instance) + '/' + self.name
 
@@ -61,22 +81,110 @@ class PKISubsystem(object):
 class PKIInstance(object):
 
     def __init__(self, name, instanceType=10):
+
         self.name = name
         self.type = instanceType
+
         if self.type >= 10:
-            self.conf_dir = os.path.join(INSTANCE_BASE_DIR, name, 'conf')
             self.base_dir = os.path.join(INSTANCE_BASE_DIR, name)
+            self.conf_dir = os.path.join(self.base_dir, 'conf')
         else:
-            self.conf_dir = os.path.join(pki.BASE_DIR, name, 'conf')
             self.base_dir = os.path.join(pki.BASE_DIR, name)
+            self.conf_dir = os.path.join(self.base_dir, 'conf')
+
+        self.registry_file = os.path.join(
+            pki.server.REGISTRY_DIR, 'tomcat', self.name, self.name)
 
-        self.validate()
+        self.service_name = 'pki-tomcatd@%s.service' % self.name
+
+        self.user = None
+        self.group = None
+
+    def is_valid(self):
+        return os.path.exists(self.conf_dir)
 
     def validate(self):
-        if not os.path.exists(self.conf_dir):
+        if not self.is_valid():
             raise pki.PKIException(
                 'Invalid instance: ' + self.__repr__(), None)
 
+    def start(self):
+        subprocess.check_call(['systemctl', 'start', self.service_name])
+
+    def stop(self):
+        subprocess.check_call(['systemctl', 'stop', self.service_name])
+
+    def is_active(self):
+        rc = subprocess.call(['systemctl', '--quiet', 'is-active', self.service_name])
+        return rc == 0
+
+    def load(self):
+        with open(self.registry_file, 'r') as registry:
+            lines = registry.readlines()
+
+        for line in lines:
+
+            m = re.search('^PKI_USER=(.*)$', line)
+            if m:
+                self.user = m.group(1)
+
+            m = re.search('^PKI_GROUP=(.*)$', line)
+            if m:
+                self.group = m.group(1)
+
+    def is_deployed(self, webapp_name):
+        context_xml = os.path.join(
+            self.conf_dir, 'Catalina', 'localhost', webapp_name + '.xml')
+        return os.path.exists(context_xml)
+
+    def deploy(self, webapp_name, descriptor, doc_base=None):
+        """
+        Deploy a web application into a Tomcat instance.
+
+        This method will copy the specified deployment descriptor into
+        <instance>/conf/Catalina/localhost/<name>.xml and point the docBase
+        to the specified location. The web application will become available
+        under "/<name>" URL path.
+
+        See also: http://tomcat.apache.org/tomcat-7.0-doc/config/context.html
+
+        :param webapp_name: Web application name.
+        :type webapp_name: str
+        :param descriptor: Path to deployment descriptor (context.xml).
+        :type descriptor: str
+        :param doc_base: Path to web application content.
+        :type doc_base: str
+        """
+
+        context_xml = os.path.join(
+            self.conf_dir, 'Catalina', 'localhost', webapp_name + '.xml')
+
+        # read deployment descriptor
+        parser = etree.XMLParser(remove_blank_text=True)
+        document = etree.parse(descriptor, parser)
+
+        if doc_base:
+            # customize docBase
+            context = document.getroot()
+            context.set('docBase', doc_base)
+
+        # write deployment descriptor
+        with open(context_xml, 'w') as f:
+            f.write(etree.tostring(document, pretty_print=True))
+
+        # find uid and gid
+        uid = pwd.getpwnam(self.user).pw_uid
+        gid = grp.getgrnam(self.group).gr_gid
+
+        # set deployment descriptor ownership and permission
+        os.chown(context_xml, uid, gid)
+        os.chmod(context_xml, 00660)
+
+    def undeploy(self, webapp_name):
+        context_xml = os.path.join(
+            self.conf_dir, 'Catalina', 'localhost', webapp_name + '.xml')
+        os.remove(context_xml)
+
     def __repr__(self):
         if self.type == 9:
             return "Dogtag 9 " + self.name
diff --git a/base/server/python/pki/server/upgrade.py b/base/server/python/pki/server/upgrade.py
index 4cae695d1..db3d968aa 100644
--- a/base/server/python/pki/server/upgrade.py
+++ b/base/server/python/pki/server/upgrade.py
@@ -182,8 +182,9 @@ class PKIServerUpgrader(pki.upgrade.PKIUpgrader):
     def instances(self):
 
         if self.instanceName and self.instanceType:
-            return [pki.server.PKIInstance(
-                self.instanceName, self.instanceType)]
+            instance = pki.server.PKIInstance(self.instanceName, self.instanceType)
+            instance.validate()
+            return [instance]
 
         instance_list = []
 
@@ -192,8 +193,9 @@ class PKIServerUpgrader(pki.upgrade.PKIUpgrader):
                 for instanceName in os.listdir(pki.server.INSTANCE_BASE_DIR):
                     if not self.instanceName or \
                             self.instanceName == instanceName:
-                        instance_list.append(
-                            pki.server.PKIInstance(instanceName))
+                        instance = pki.server.PKIInstance(instanceName)
+                        instance.validate()
+                        instance_list.append(instance)
 
         if not self.instanceType or self.instanceType == 9:
             for s in pki.server.SUBSYSTEM_TYPES:
@@ -202,8 +204,9 @@ class PKIServerUpgrader(pki.upgrade.PKIUpgrader):
                             os.path.join(pki.server.REGISTRY_DIR, s)):
                         if not self.instanceName or \
                                 self.instanceName == instanceName:
-                            instance_list.append(
-                                pki.server.PKIInstance(instanceName, 9))
+                            instance = pki.server.PKIInstance(instanceName, 9)
+                            instance.validate()
+                            instance_list.append(instance)
 
         instance_list.sort()
 
@@ -212,7 +215,9 @@ class PKIServerUpgrader(pki.upgrade.PKIUpgrader):
     def subsystems(self, instance):
 
         if self.subsystemName:
-            return [pki.server.PKISubsystem(instance, self.subsystemName)]
+            subsystem = pki.server.PKISubsystem(instance, self.subsystemName)
+            subsystem.validate()
+            return [subsystem]
 
         subsystem_list = []
 
@@ -222,8 +227,9 @@ class PKIServerUpgrader(pki.upgrade.PKIUpgrader):
                 instance.name)
             for subsystemName in os.listdir(registry_dir):
                 if subsystemName in pki.server.SUBSYSTEM_TYPES:
-                    subsystem_list.append(
-                        pki.server.PKISubsystem(instance, subsystemName))
+                    subsystem = pki.server.PKISubsystem(instance, subsystemName)
+                    subsystem.validate()
+                    subsystem_list.append(subsystem)
         else:
             for subsystemName in pki.server.SUBSYSTEM_TYPES:
                 registry_dir = os.path.join(
@@ -231,8 +237,9 @@ class PKIServerUpgrader(pki.upgrade.PKIUpgrader):
                     subsystemName,
                     instance.name)
                 if os.path.exists(registry_dir):
-                    subsystem_list.append(
-                        pki.server.PKISubsystem(instance, subsystemName))
+                    subsystem = pki.server.PKISubsystem(instance, subsystemName)
+                    subsystem.validate()
+                    subsystem_list.append(subsystem)
 
         subsystem_list.sort()