From 2c171ca8fafc1d688b9b965d1255a81aba6aa7ee Mon Sep 17 00:00:00 2001
From: Ade Lee <alee@redhat.com>
Date: Thu, 16 Apr 2015 22:26:03 -0400
Subject: Add nuxwdog functionality to Dogtag

This is the first of several commits.  This adds a LifecycleListener
to call init() on the nuxwdog client before any connectors or webapps
start up, and call sendEndInit() once initialization completes.

Code is also added to prompt for and test required passwords on startup.
All that is required to use nuxwdog is to start the server using nuxwdog.
An environment variable will be set that will trigger creation of the
NuxwdogPasswordStore.  We expect tags for the required passwords to be in
cms.passwordList
---
 base/util/src/CMakeLists.txt                       |  10 +-
 .../netscape/cmsutil/http/JssSSLSocketFactory.java |   1 -
 .../netscape/cmsutil/password/IPasswordStore.java  |   2 +-
 .../cmsutil/password/NuxwdogPasswordStore.java     | 103 +++++++++++++++++++++
 .../cmsutil/password/PlainPasswordFile.java        |   4 +-
 5 files changed, 115 insertions(+), 5 deletions(-)
 create mode 100644 base/util/src/com/netscape/cmsutil/password/NuxwdogPasswordStore.java

(limited to 'base/util')

diff --git a/base/util/src/CMakeLists.txt b/base/util/src/CMakeLists.txt
index efef8af53..f374c01de 100644
--- a/base/util/src/CMakeLists.txt
+++ b/base/util/src/CMakeLists.txt
@@ -60,6 +60,14 @@ find_file(XERCES_JAR
         /usr/share/java
 )
 
+find_file(NUXWDOG_JAR
+    NAMES
+        nuxwdog.jar
+    PATHS
+        ${JAVA_LIB_INSTALL_DIR}
+        /usr/share/java
+)
+
 # build pki-nsutil
 javac(pki-nsutil-classes
     SOURCES
@@ -108,7 +116,7 @@ javac(pki-cmsutil-classes
     CLASSPATH
         ${APACHE_COMMONS_LANG_JAR} ${HTTPCORE_JAR} ${HTTPCLIENT_JAR}
         ${LDAPJDK_JAR} ${XALAN_JAR} ${XERCES_JAR}
-        ${JSS_JAR} ${COMMONS_CODEC_JAR}
+        ${JSS_JAR} ${COMMONS_CODEC_JAR} ${NUXWDOG_JAR}
     OUTPUT_DIR
         ${CMAKE_BINARY_DIR}/classes
     DEPENDS
diff --git a/base/util/src/com/netscape/cmsutil/http/JssSSLSocketFactory.java b/base/util/src/com/netscape/cmsutil/http/JssSSLSocketFactory.java
index 2f8a40ca2..166479d5a 100644
--- a/base/util/src/com/netscape/cmsutil/http/JssSSLSocketFactory.java
+++ b/base/util/src/com/netscape/cmsutil/http/JssSSLSocketFactory.java
@@ -19,7 +19,6 @@ package com.netscape.cmsutil.http;
 
 import java.io.IOException;
 import java.net.Socket;
-import java.net.SocketException;
 import java.net.UnknownHostException;
 
 import org.mozilla.jss.CryptoManager;
diff --git a/base/util/src/com/netscape/cmsutil/password/IPasswordStore.java b/base/util/src/com/netscape/cmsutil/password/IPasswordStore.java
index 49b2610fa..00ec4ccdf 100644
--- a/base/util/src/com/netscape/cmsutil/password/IPasswordStore.java
+++ b/base/util/src/com/netscape/cmsutil/password/IPasswordStore.java
@@ -23,7 +23,7 @@ import java.util.Enumeration;
 public interface IPasswordStore {
     public void init(String pwdPath) throws IOException;
 
-    public String getPassword(String tag);
+    public String getPassword(String tag, int iteration);
 
     public Enumeration<String> getTags();
 
diff --git a/base/util/src/com/netscape/cmsutil/password/NuxwdogPasswordStore.java b/base/util/src/com/netscape/cmsutil/password/NuxwdogPasswordStore.java
new file mode 100644
index 000000000..2a22d9ef6
--- /dev/null
+++ b/base/util/src/com/netscape/cmsutil/password/NuxwdogPasswordStore.java
@@ -0,0 +1,103 @@
+package com.netscape.cmsutil.password;
+
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.Enumeration;
+import java.util.Hashtable;
+import java.util.Properties;
+
+import org.apache.commons.lang.StringUtils;
+
+import com.redhat.nuxwdog.WatchdogClient;
+
+public class NuxwdogPasswordStore implements IPasswordStore {
+
+    // Note: pwCache is a temporary construct needed because nuxwdog currently
+    // does not expose a putPassword() method.  When this is added, pwCache will
+    // no longer be needed.
+    private Hashtable<String, String> pwCache = null;
+    private ArrayList<String> tags = null;
+
+    private final String PROMPT_PREFIX = "Please provide the password for ";
+
+    @Override
+    public void init(String confFile) throws IOException {
+        if (!startedByNuxwdog()) {
+            throw new IOException("process not started by nuxwdog");
+        }
+
+        tags = new ArrayList<String>();
+
+        if (confFile != null) {
+            populateTokenTags(confFile);
+        }
+
+        pwCache = new Hashtable<String, String>();
+    }
+
+    private boolean startedByNuxwdog() {
+        // confirm that process was started by nuxwdog
+        String wdPipeName = System.getenv("WD_PIPE_NAME");
+        if (StringUtils.isNotEmpty(wdPipeName)) {
+            return true;
+        }
+        return false;
+
+    }
+
+    private void populateTokenTags(String confFile) throws IOException {
+        Properties props = new Properties();
+        InputStream in = new FileInputStream(confFile);
+        props.load(in);
+
+        tags.add("internal");
+
+        String tokenList = props.getProperty("cms.tokenList");
+        if (StringUtils.isNotEmpty(tokenList)) {
+            for (String token: StringUtils.split(tokenList,',')) {
+                tags.add("hardware-" + token);
+            }
+        }
+    }
+
+    private void addTag(String tag) {
+        if (!tags.contains(tag)) {
+            tags.add(tag);
+        }
+    }
+
+    @Override
+    public String getPassword(String tag, int iteration) {
+        if (pwCache.containsKey(tag)) {
+            return pwCache.get(tag);
+        }
+
+        String prompt = PROMPT_PREFIX + tag + ":";
+        String pwd = WatchdogClient.getPassword(prompt, iteration);
+
+        if (pwd != null) {
+            addTag(tag);
+        }
+        return pwd;
+    }
+
+    @Override
+    public Enumeration<String> getTags() {
+        return  Collections.enumeration(tags);
+    }
+
+    @Override
+    public Object putPassword(String tag, String password) {
+        addTag(tag);
+        return pwCache.put(tag, password);
+    }
+
+    @Override
+    public void commit() throws IOException, ClassCastException, NullPointerException {
+        // Nothing required here
+    }
+
+}
diff --git a/base/util/src/com/netscape/cmsutil/password/PlainPasswordFile.java b/base/util/src/com/netscape/cmsutil/password/PlainPasswordFile.java
index 990d0c156..a3cd598c5 100644
--- a/base/util/src/com/netscape/cmsutil/password/PlainPasswordFile.java
+++ b/base/util/src/com/netscape/cmsutil/password/PlainPasswordFile.java
@@ -30,11 +30,11 @@ public class PlainPasswordFile implements IPasswordStore {
     private static final String PASSWORD_WRITER_HEADER = "";
 
     public PlainPasswordFile() {
+        mPwdStore = new Properties();
     }
 
     public void init(String pwdPath)
             throws IOException {
-        mPwdStore = new Properties();
         // initialize mPwdStore
         mPwdPath = pwdPath;
         FileInputStream file = null;
@@ -48,7 +48,7 @@ public class PlainPasswordFile implements IPasswordStore {
         }
     }
 
-    public String getPassword(String tag) {
+    public String getPassword(String tag, int iteration) {
         return mPwdStore.getProperty(tag);
     }
 
-- 
cgit