From b9373bb18870248e6e7d199d6ec510c6d26f69dd Mon Sep 17 00:00:00 2001 From: Juan Carlos Luciani Date: Fri, 20 Apr 2007 21:45:29 +0000 Subject: [PATCH] Created utilities for modifying the connector entry in the server.xml Tomcat configuration file to easily allow a user to change the ATS to start using a different keystore for SSL communications. --- .../Svc/linux/CasaTomcatConnectorEditor.sh | 37 ++ .../server-java/Svc/linux/Makefile.am | 16 +- .../server-java/Svc/manifest/Makefile.am | 3 +- .../Svc/manifest/TomcatConnectorEditor.txt | 2 + .../com/novell/casa/authtoksvc/AuthToken.java | 22 +- .../novell/casa/authtoksvc/Authenticate.java | 2 +- .../novell/casa/authtoksvc/Base64Coder.java | 19 + .../casa/authtoksvc/CasaIdentityToken.java | 18 +- .../novell/casa/authtoksvc/GetAuthToken.java | 2 +- .../com/novell/casa/authtoksvc/Makefile.am | 3 +- .../casa/authtoksvc/PwdAuthenticate.java | 2 +- .../novell/casa/authtoksvc/SessionToken.java | 22 +- .../authtoksvc/TomcatConnectorEditor.java | 387 ++++++++++++++++++ .../package/linux/CASA_auth_token_svc.changes | 10 + .../package/linux/CASA_auth_token_svc.spec.in | 6 + .../linux/CASA_auth_token_svc_4zen.spec.in | 6 + 16 files changed, 521 insertions(+), 36 deletions(-) create mode 100644 CASA-auth-token/server-java/Svc/linux/CasaTomcatConnectorEditor.sh create mode 100644 CASA-auth-token/server-java/Svc/manifest/TomcatConnectorEditor.txt create mode 100644 CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/TomcatConnectorEditor.java diff --git a/CASA-auth-token/server-java/Svc/linux/CasaTomcatConnectorEditor.sh b/CASA-auth-token/server-java/Svc/linux/CasaTomcatConnectorEditor.sh new file mode 100644 index 00000000..ebf1fec9 --- /dev/null +++ b/CASA-auth-token/server-java/Svc/linux/CasaTomcatConnectorEditor.sh @@ -0,0 +1,37 @@ +#!/bin/sh +######################################################################## +# +# Copyright (C) 2006 Novell, Inc. All Rights Reserved. +# +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; version 2.1 +# of the License. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Library Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library; if not, Novell, Inc. +# +# To contact Novell about this file by physical or electronic mail, +# you may find current contact information at www.novell.com. +# +# Author: Juan Carlos Luciani +# +######################################################################## + +######################################################################## +# +# Script for editing svc.settings files +# +######################################################################## + +# Source our environment variables file +. /etc/CASA/authtoken/svc/envvars + +# Perform the operation requested +$JAVA_HOME/bin/java -jar /usr/share/java/CASA/authtoken/bin/CasaTomcatConnectorEditor.jar $* + diff --git a/CASA-auth-token/server-java/Svc/linux/Makefile.am b/CASA-auth-token/server-java/Svc/linux/Makefile.am index 70b28c0a..49b2f4ac 100644 --- a/CASA-auth-token/server-java/Svc/linux/Makefile.am +++ b/CASA-auth-token/server-java/Svc/linux/Makefile.am @@ -36,6 +36,7 @@ EXTRA_DIST = CasaAuthtokenSvcD \ CasaAuthTokenSettingsEditor.sh \ CasaIdenTokenSettingsEditor.sh \ CasaSvcSettingsEditor.sh \ + CasaTomcatConnectorEditor.sh \ log4j.properties ROOT = ../.. @@ -58,6 +59,7 @@ AUTH_TOKEN_SETTINGS_EDITOR_MODULE_NAME = CasaAuthTokenSettingsEditor IDEN_TOKEN_SETTINGS_EDITOR_MODULE_NAME = CasaIdenTokenSettingsEditor SVC_SETTINGS_EDITOR_MODULE_NAME = CasaSvcSettingsEditor AUTH_POLICY_EDITOR_MODULE_NAME = CasaAuthPolicyEditor +TOMCAT_CONNECTOR_EDITOR_MODULE_NAME = CasaTomcatConnectorEditor JAVAFILES = ../src/com/novell/casa/authtoksvc/ProtoDefs.java \ ../src/com/novell/casa/authtoksvc/AuthMechConfig.java \ @@ -92,7 +94,8 @@ JAVAFILES = ../src/com/novell/casa/authtoksvc/ProtoDefs.java \ ../src/com/novell/casa/authtoksvc/IdenTokenSettingsEditor.java \ ../src/com/novell/casa/authtoksvc/RealmsInfo.java \ ../src/com/novell/casa/authtoksvc/SecureTokenUtil.java \ - ../src/com/novell/casa/authtoksvc/SvcSettingsEditor.java + ../src/com/novell/casa/authtoksvc/SvcSettingsEditor.java \ + ../src/com/novell/casa/authtoksvc/TomcatConnectorEditor.java BUILDDIR = ../build @@ -115,6 +118,8 @@ SVC_SETTINGS_EDITOR_FILES = -C $(BUILDDIR)/webapp/WEB-INF/classes com/novell/cas AUTH_POLICY_EDITOR_FILES = -C $(BUILDDIR)/webapp/WEB-INF/classes com/novell/casa/authtoksvc/AuthPolicyEditor.class +TOMCAT_CONNECTOR_EDITOR_FILES = -C $(BUILDDIR)/webapp/WEB-INF/classes com/novell/casa/authtoksvc/TomcatConnectorEditor.class + WEBAPP = $(WEBAPP_NAME).$(WEBAPP_EXT) AUTH_TOKEN_SETTINGS_EDITOR = $(AUTH_TOKEN_SETTINGS_EDITOR_MODULE_NAME).$(MODULE_EXT) @@ -125,6 +130,8 @@ SVC_SETTINGS_EDITOR = $(SVC_SETTINGS_EDITOR_MODULE_NAME).$(MODULE_EXT) AUTH_POLICY_EDITOR = $(AUTH_POLICY_EDITOR_MODULE_NAME).$(MODULE_EXT) +TOMCAT_CONNECTOR_EDITOR = $(TOMCAT_CONNECTOR_EDITOR_MODULE_NAME).$(MODULE_EXT) + CLASSES = $(addprefix $(BUILDDIR)/, $(JAVAFILES:%.java=%.class)) XMLSEC_LIBS = $(XMLSEC_JARS_DIR)/xmlsec-1.4.0.jar @@ -134,7 +141,7 @@ CLASSPATH = $(XMLSEC_LIBS):$(IDENT_ABSTRACTION_DIR)/identity-abstraction.jar:$(I CUR_DIR := $(shell pwd) -all: $(BUILDDIR)/$(WEBAPP) $(BUILDDIR)/$(MODULE_NAME).$(MODULE_EXT) $(BUILDDIR)/$(AUTH_TOKEN_SETTINGS_EDITOR) $(BUILDDIR)/$(IDEN_TOKEN_SETTINGS_EDITOR) $(BUILDDIR)/$(SVC_SETTINGS_EDITOR) $(BUILDDIR)/$(AUTH_POLICY_EDITOR) +all: $(BUILDDIR)/$(WEBAPP) $(BUILDDIR)/$(MODULE_NAME).$(MODULE_EXT) $(BUILDDIR)/$(AUTH_TOKEN_SETTINGS_EDITOR) $(BUILDDIR)/$(IDEN_TOKEN_SETTINGS_EDITOR) $(BUILDDIR)/$(SVC_SETTINGS_EDITOR) $(BUILDDIR)/$(AUTH_POLICY_EDITOR) $(BUILDDIR)/$(TOMCAT_CONNECTOR_EDITOR) $(BUILDDIR)/%.class: %.java @echo [======== Compiling $@ ========] @@ -184,6 +191,11 @@ $(BUILDDIR)/$(AUTH_POLICY_EDITOR): $(BUILDDIR) $(CLASSES) jar cvmf $(MANIFEST_DIR)/AuthPolicyEditor.txt $(BUILDDIR)/$(AUTH_POLICY_EDITOR) $(AUTH_POLICY_EDITOR_FILES) cp $(BUILDDIR)/$(AUTH_POLICY_EDITOR) $(LIBDIR)/java/ +$(BUILDDIR)/$(TOMCAT_CONNECTOR_EDITOR): $(BUILDDIR) $(CLASSES) + @echo [======== Jarring $@ ========] + jar cvmf $(MANIFEST_DIR)/TomcatConnectorEditor.txt $(BUILDDIR)/$(TOMCAT_CONNECTOR_EDITOR) $(TOMCAT_CONNECTOR_EDITOR_FILES) + cp $(BUILDDIR)/$(TOMCAT_CONNECTOR_EDITOR) $(LIBDIR)/java/ + $(BUILDDIR): [ -d $(BUILDDIR) ] || mkdir -p $(BUILDDIR) [ -d $(BUILDDIR)/webapp ] || mkdir -p $(BUILDDIR)/webapp diff --git a/CASA-auth-token/server-java/Svc/manifest/Makefile.am b/CASA-auth-token/server-java/Svc/manifest/Makefile.am index dd9e5a55..4c3b1e52 100644 --- a/CASA-auth-token/server-java/Svc/manifest/Makefile.am +++ b/CASA-auth-token/server-java/Svc/manifest/Makefile.am @@ -29,7 +29,8 @@ CFILES = EXTRA_DIST = AuthPolicyEditor.txt \ AuthTokenSettingsEditor.txt \ IdenTokenSettingsEditor.txt \ - SvcSettingsEditor.txt + SvcSettingsEditor.txt \ + TomcatConnectorEditor.txt .PHONY: package package-clean package-install package-uninstall package package-clean package-install package-uninstall: diff --git a/CASA-auth-token/server-java/Svc/manifest/TomcatConnectorEditor.txt b/CASA-auth-token/server-java/Svc/manifest/TomcatConnectorEditor.txt new file mode 100644 index 00000000..d9fa5882 --- /dev/null +++ b/CASA-auth-token/server-java/Svc/manifest/TomcatConnectorEditor.txt @@ -0,0 +1,2 @@ +Main-Class: com.novell.casa.authtoksvc.TomcatConnectorEditor + diff --git a/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/AuthToken.java b/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/AuthToken.java index 2b36ccb0..ba26fee5 100644 --- a/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/AuthToken.java +++ b/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/AuthToken.java @@ -139,14 +139,14 @@ public final class AuthToken secTokenUtil.secure(tokenDoc, Integer.valueOf(m_lifetime).intValue()); // Now save the token as a string - OutputStream outStream = null; + ByteArrayOutputStream outStream = null; try { outStream = new ByteArrayOutputStream(); OutputFormat format = new OutputFormat(tokenDoc); XMLSerializer serializer = new XMLSerializer(outStream, format); serializer.serialize(tokenDoc.getDocumentElement()); - m_token = outStream.toString(); + m_token = new String(outStream.toByteArray(), "UTF-8"); } finally { @@ -196,23 +196,24 @@ public final class AuthToken public AuthToken(String token, boolean encodedToken) throws Exception { + Reader tokenReader = null; InputStream inStream = null; try { // Decode the token string if necessary if (encodedToken) - m_token = Base64Coder.decode(token); + m_token = Base64Coder.decodeUTF8(token); else m_token = token; // Now instantiate token document with the token string - inStream = new ByteArrayInputStream(m_token.getBytes()); + tokenReader = new StringReader(m_token); Constants.setSignatureSpecNSprefix(""); DOMParser parser = new DOMParser(); parser.setFeature("http://xml.org/sax/features/namespaces", true); - parser.parse(new InputSource(inStream)); + parser.parse(new InputSource(tokenReader)); Document tokenDoc = parser.getDocument(); // Obtain secure token util object @@ -299,11 +300,11 @@ public final class AuthToken } finally { - if (inStream != null) + if (tokenReader != null) { try { - inStream.close(); + tokenReader.close(); } catch (IOException e) { @@ -365,13 +366,14 @@ public final class AuthToken } /** - * Returns a string containing the Base64 encode token. + * Returns a string representing the authentication token. * * @return Authentication token string. + * @throws Exception */ - public final String toString() + public final String serialize() throws Exception { - return Base64Coder.encode(m_token); + return Base64Coder.encodeUTF8(m_token); } /** diff --git a/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/Authenticate.java b/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/Authenticate.java index f09d8f5f..7f26e477 100644 --- a/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/Authenticate.java +++ b/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/Authenticate.java @@ -353,7 +353,7 @@ public final class Authenticate implements RpcMethod - Integer.valueOf(m_svcConfig.getSetting(SvcConfig.LifetimeShorter)).intValue()); AuthRespMsg authRespMsg = new AuthRespMsg(ProtoDefs.httpOkStatusMsg, ProtoDefs.httpOkStatusCode, - sessionToken.toString(), + sessionToken.serialize(), respLifetime); out.println(authRespMsg.toString()); diff --git a/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/Base64Coder.java b/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/Base64Coder.java index 89f45be0..9a47e0e4 100644 --- a/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/Base64Coder.java +++ b/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/Base64Coder.java @@ -49,6 +49,16 @@ private static final byte[] map2 = new byte[128]; public static String encode (String s) { return new String(encode(s.getBytes())); } +/** +* Encodes a UTF8 string into Base64 format. +* No blanks or line breaks are inserted. +* @param s String to be encoded. +* @return String with the Base64 encoded data. +* @throws Exception +*/ +public static String encodeUTF8 (String s) throws Exception { + return new String(encode(s.getBytes("UTF-8"))); } + /** * Encodes a byte array into Base64 format. * No blanks or line breaks are inserted. @@ -85,6 +95,15 @@ public static char[] encode (byte[] in) { public static String decode (String s) { return new String(decode(s.toCharArray())); } +/** +* Decodes a Base64 UTF-8 string. +* @param s a Base64 UTF-8 String to be decoded. +* @return A String containing the decoded data. +* @throws Exception +*/ +public static String decodeUTF8 (String s) throws Exception { + return new String(decode(s.toCharArray()), "UTF-8"); } + /** * Decodes Base64 data. * No blanks or line breaks are allowed within the Base64 encoded data. diff --git a/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/CasaIdentityToken.java b/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/CasaIdentityToken.java index 007843b0..9e67743a 100644 --- a/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/CasaIdentityToken.java +++ b/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/CasaIdentityToken.java @@ -26,6 +26,8 @@ package com.novell.casa.authtoksvc; import java.io.ByteArrayInputStream; import java.io.IOException; +import java.io.Reader; +import java.io.StringReader; import java.util.Hashtable; import javax.naming.Context; @@ -822,7 +824,7 @@ public final class CasaIdentityToken implements IdentityToken } /** - * Initialize the token object with an ecoded token string. + * Initialize the token object with an encoded token string. * * @param encodedToken Encoded identity token string. * @throws Exception @@ -830,10 +832,10 @@ public final class CasaIdentityToken implements IdentityToken public final void initialize (String encodedToken) throws Exception { // Save copy of the token - m_token = Base64Coder.decode(encodedToken); + m_token = Base64Coder.decodeUTF8(encodedToken); // Now parse the token into its elements - ByteArrayInputStream inStream = null; + Reader tokenReader = null; try { // Parse the AuthReqMsg @@ -842,8 +844,8 @@ public final class CasaIdentityToken implements IdentityToken xr.setContentHandler(handler); xr.setErrorHandler(handler); - inStream = new ByteArrayInputStream(m_token.getBytes()); - InputSource source = new InputSource(inStream); + tokenReader = new StringReader(m_token); + InputSource source = new InputSource(tokenReader); xr.parse(source); } catch (SAXException e) @@ -853,11 +855,11 @@ public final class CasaIdentityToken implements IdentityToken } finally { - if (inStream != null) + if (tokenReader != null) { try { - inStream.close(); + tokenReader.close(); } catch (IOException e) { @@ -880,7 +882,7 @@ public final class CasaIdentityToken implements IdentityToken { if (m_token != null) { - return Base64Coder.encode(m_token); + return Base64Coder.encodeUTF8(m_token); } else { diff --git a/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/GetAuthToken.java b/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/GetAuthToken.java index f593e518..915425d5 100644 --- a/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/GetAuthToken.java +++ b/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/GetAuthToken.java @@ -107,7 +107,7 @@ public final class GetAuthToken implements RpcMethod // Write out the response GetAuthTokRespMsg getAuthTokRespMsg = new GetAuthTokRespMsg(ProtoDefs.httpOkStatusMsg, ProtoDefs.httpOkStatusCode, - authToken.toString(), + authToken.serialize(), authToken.getLifetime()); out.println(getAuthTokRespMsg.toString()); m_trace.info("GetAuthToken Rpc, Host=" + getAuthTokReqMsg.getHostName() diff --git a/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/Makefile.am b/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/Makefile.am index 13ce86fd..c5a4521e 100644 --- a/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/Makefile.am +++ b/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/Makefile.am @@ -57,7 +57,8 @@ JAVAFILES = ProtoDefs.java \ SettingsFileSAXHandler.java \ RealmsInfo.java \ SvcSettingsEditor.java \ - SecureTokenUtil.java + SecureTokenUtil.java \ + TomcatConnectorEditor.java EXTRA_DIST = $(JAVAFILES) \ Krb5_mechanism.settings \ diff --git a/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/PwdAuthenticate.java b/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/PwdAuthenticate.java index d7da27a3..e3e92455 100644 --- a/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/PwdAuthenticate.java +++ b/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/PwdAuthenticate.java @@ -87,7 +87,7 @@ public final class PwdAuthenticate implements AuthMechanism, Serializable // Unfortunately the password has to be passed to JNDI as a String. Given this, // we are going to go ahead and convert the token to a String to facilitate // the parsing operation.. - String token = new String(Base64Coder.decode(encodedToken)); + String token = new String(Base64Coder.decode(encodedToken), "UTF-8"); tokenReader = new BufferedReader(new StringReader(token)); // The first line contains the "username" diff --git a/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/SessionToken.java b/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/SessionToken.java index 028c2f59..aee7b730 100644 --- a/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/SessionToken.java +++ b/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/SessionToken.java @@ -106,14 +106,14 @@ public final class SessionToken secTokenUtil.secure(tokenDoc, Integer.valueOf(lifetime).intValue()); // Now save the token as a string - OutputStream outStream = null; + ByteArrayOutputStream outStream = null; try { outStream = new ByteArrayOutputStream(); OutputFormat format = new OutputFormat(tokenDoc); XMLSerializer serializer = new XMLSerializer(outStream, format); serializer.serialize(tokenDoc.getDocumentElement()); - m_token = outStream.toString(); + m_token = new String(outStream.toByteArray(), "UTF-8"); } finally { @@ -155,20 +155,20 @@ public final class SessionToken */ public SessionToken(String token) throws Exception { - InputStream inStream = null; + Reader tokenReader = null; try { // Decode the token string - m_token = Base64Coder.decode(token); + m_token = Base64Coder.decodeUTF8(token); // Now instantiate token document with the token string - inStream = new ByteArrayInputStream(m_token.getBytes()); + tokenReader = new StringReader(m_token); Constants.setSignatureSpecNSprefix(""); DOMParser parser = new DOMParser(); parser.setFeature("http://xml.org/sax/features/namespaces", true); - parser.parse(new InputSource(inStream)); + parser.parse(new InputSource(tokenReader)); Document tokenDoc = parser.getDocument(); // Obtain secure token util object @@ -243,11 +243,11 @@ public final class SessionToken } finally { - if (inStream != null) + if (tokenReader != null) { try { - inStream.close(); + tokenReader.close(); } catch (IOException e) { @@ -284,13 +284,13 @@ public final class SessionToken } /** - * Returns a string containing the session token. + * Returns a string representing the session token. * * @return Session token string. */ - public String toString() + public String serialize() throws Exception { - return Base64Coder.encode(m_token); + return Base64Coder.encodeUTF8(m_token); } /** diff --git a/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/TomcatConnectorEditor.java b/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/TomcatConnectorEditor.java new file mode 100644 index 00000000..355ac406 --- /dev/null +++ b/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/TomcatConnectorEditor.java @@ -0,0 +1,387 @@ +/*********************************************************************** + * + * Copyright (C) 2006 Novell, Inc. All Rights Reserved. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; version 2.1 + * of the License. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Library Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, Novell, Inc. + * + * To contact Novell about this file by physical or electronic mail, + * you may find current contact information at www.novell.com. + * + * Author: Juan Carlos Luciani + * + ***********************************************************************/ + +package com.novell.casa.authtoksvc; + +import org.w3c.dom.Node; +import org.w3c.dom.NamedNodeMap; +import org.w3c.dom.Document; +import org.apache.xerces.parsers.DOMParser; +import org.apache.xml.serialize.XMLSerializer; +import org.apache.xml.serialize.OutputFormat; +import org.xml.sax.InputSource; + +import java.io.File; +import java.io.InputStream; +import java.io.FileInputStream; +import java.io.FileOutputStream; +import java.util.Properties; + +/** + * + * Class for editing the connector settings in the Tomcat server.xml file. + * + */ +public final class TomcatConnectorEditor +{ + private static final String usage = + "usage: TomcatConnectorEditor -file propertiesFilePath\n\n" + + " where:\n" + + " -file - Path the the properties file\n" + + " The following properties must be present in the file:\n" + + " KEYSTORE_PATH - Location of keystore that should be used by connector.\n" + + " KEYSTORE_PASS - Password for keystore specified via KEYSTORE_PATH.\n" + + " KEYSTORE_ALG - Algorithm (SunX509 or IbmX509) for keystore specified via KEYSTORE_PATH.\n"; + + // Required properties + final static String KEYSTORE_PATH_PROPERTY = "KEYSTORE_PATH"; + final static String KEYSTORE_PASS_PROPERTY = "KEYSTORE_PASS"; + final static String KEYSTORE_ALG_PROPERTY = "KEYSTORE_ALG"; + + final static String[] m_requiredProperties = { + KEYSTORE_PATH_PROPERTY, + KEYSTORE_PASS_PROPERTY, + KEYSTORE_ALG_PROPERTY}; + + // Configured properties + private static Properties m_properties = null; + + + /** + * Verify that the properties required have been specified. + * + * @return Return code (0 == Success). + */ + static private int verifyRequiredPropertiesSpecified() + { + int rc = 0; + + for (int i = 0; i < m_requiredProperties.length; i++) + { + if (!m_properties.containsKey(m_requiredProperties[i])) + { + System.err.println("TomcatConnectorEditor.verifyRequiredPropertiesSpecified()- Required property " + m_requiredProperties[i] + " missing"); + rc = -1; + break; + } + } + + return rc; + } + + /** + * Process properties. + * + * @return Return code (0 == Success). + */ + static private int processProperties(String configFilePath) + { + int rc = 0; + + // Obtain configuration properties from config file + InputStream in = null; + try + { + File fileProperties = new File(configFilePath); + + // Make sure the properties file can be found + if (!fileProperties.exists()) + { + System.err.println("TomcatConnectorEditor.processProperties()- Properties file " + configFilePath + " does not exist"); + rc = -1; + } + else + { + // Read the properties from the file + in = new FileInputStream(fileProperties); + m_properties = new Properties(); + m_properties.load(in); + } + } + catch (Exception e) + { + System.err.println("TomcatConnectorEditor.processProperties()- Error reading properties"); + rc = -1; + } + finally + { + try + { + if (in != null) + in.close(); + } + catch (Exception e) + { + // Do nothing + } + } + + // Continue if no errors detected + if (rc == 0) + { + // Validate that we have the required properties + rc = verifyRequiredPropertiesSpecified(); + } + + return rc; + } + + /** + * Find first child node with matching node name. + * + * @param parentNode Parent node. + * @param nodeName Name of node. + * @return Child node found or null. + */ + static private Node findChildNode(Node parentNode, String nodeName) + { + Node retNode = null; + Node childNode; + Node nextNode = parentNode.getFirstChild(); + while ((childNode = nextNode) != null) + { + // Set next before we change anything + nextNode = childNode.getNextSibling(); + + // Handle child by node type + if (childNode.getNodeType() == Node.ELEMENT_NODE) + { + // Check if this is the element node wanted + if (childNode.getNodeName().equalsIgnoreCase(nodeName)) + { + // Found the node + retNode = childNode; + break; + } + } + } + + return retNode; + } + + /** + * Update the Setup all of the needed relocatable files. + * + * @return Return code (0 == Success). + */ + static private int updateTomcatServerXML() + { + int rc = 0; + + // We have all of the information necessary to update the connector in the server.xml + // file, proceed. + FileInputStream inStream = null; + FileOutputStream outStream = null; + try + { + File serverXmlFile = new File("/srv/www/casaats/conf/server.xml"); + inStream = new FileInputStream(serverXmlFile); + + // Pull the server.xml file into a DOM + DOMParser parser = new DOMParser(); + parser.parse(new InputSource(inStream)); + Document doc = parser.getDocument(); + + Node docElement = doc.getDocumentElement(); + if (docElement != null) + { + Node serviceElement = findChildNode(docElement, "service"); + if (serviceElement != null) + { + Node connectorElement = findChildNode(serviceElement, "connector"); + if (connectorElement != null) + { + NamedNodeMap connectorAttributesMap = connectorElement.getAttributes(); + if (connectorAttributesMap != null) + { + int attributeSetFailures = 0; + + Node keystoreFileAttributeNode = connectorAttributesMap.getNamedItem("keystoreFile"); + if (keystoreFileAttributeNode != null) + { + keystoreFileAttributeNode.setNodeValue((String) m_properties.get(KEYSTORE_PATH_PROPERTY)); + } + else + { + System.err.println("TomcatConnectorEditor.updateTomcatServerXML()- keystoreFile attribute not configured for connector"); + attributeSetFailures ++; + rc = -1; + } + + Node keystorePassAttributeNode = connectorAttributesMap.getNamedItem("keystorePass"); + if (keystorePassAttributeNode != null) + { + keystorePassAttributeNode.setNodeValue((String) m_properties.get(KEYSTORE_PASS_PROPERTY)); + } + else + { + System.err.println("TomcatConnectorEditor.updateTomcatServerXML()- keystorePass attribute not configured for connector"); + attributeSetFailures ++; + rc = -1; + } + + Node algorithmAttributeNode = connectorAttributesMap.getNamedItem("algorithm"); + if (algorithmAttributeNode != null) + { + algorithmAttributeNode.setNodeValue((String) m_properties.get(KEYSTORE_ALG_PROPERTY)); + } + else + { + System.err.println("TomcatConnectorEditor.updateTomcatServerXML()- algorithm attribute not configured for connector"); + attributeSetFailures ++; + rc = -1; + } + + if (attributeSetFailures == 0) + { + outStream = new FileOutputStream(serverXmlFile); + OutputFormat format = new OutputFormat(doc); + XMLSerializer serializer = new XMLSerializer(outStream, format); + serializer.serialize(doc.getDocumentElement()); + } + } + else + { + System.err.println("TomcatConnectorEditor.updateTomcatServerXML()- Failed to obtain connector attributes map"); + rc = -1; + } + } + else + { + System.err.println("TomcatConnectorEditor.updateTomcatServerXML()- Failed to obtain connector node"); + rc = -1; + } + } + else + { + System.err.println("TomcatConnectorEditor.updateTomcatServerXML()- Failed to obtain service node"); + rc = -1; + } + } + else + { + System.err.println("TomcatConnectorEditor.updateTomcatServerXML()- Failed to obtain document element"); + rc = -1; + } + } + catch (Exception e) + { + System.err.println("TomcatConnectorEditor.updateTomcatServerXML()- Exception: " + e.getMessage()); + rc = -1; + } + finally + { + try + { + // Close input stream if necessary + if (inStream != null) + inStream.close(); + + // Flush and close output stream if necessary + if (outStream != null) + { + outStream.flush(); + outStream.close(); + } + } + catch (Exception e) + { + // Do nothing + } + } + + return rc; + } + + /** + * Applications Entry Point + * + * @param args Argument. + */ + public static void main(String[] args) + { + boolean argumentsError = false; + boolean opPerformed = false; + String filePath = null; + + // Process the command line arguments + for (int i = 0; i < args.length; i++) + { + // Proceed based on the command + if (args[i].equalsIgnoreCase("-file")) + { + // The next argument should contain the filepath + if (args.length > (i + 1)) + { + filePath = args[i + 1]; + i++; + } + else + { + argumentsError = true; + break; + } + } + else + { + argumentsError = true; + } + } + + // Proceed based on the specified parameters + if (argumentsError == false) + { + if (filePath != null) + { + System.out.println("Dealing with properties file: " + filePath); + + // Process the properties + if (processProperties(filePath) == 0) + { + // The properties were successfully processed, now update the + // server.xml file. + if (updateTomcatServerXML() == 0) + { + opPerformed = true; + } + } + } + else + { + argumentsError = true; + } + } + + // Display the usage string if we encountered an error with the + // command line arguments. + if (argumentsError) + System.out.print(usage); + + // Set the exit code appropriatedly + if (opPerformed) + System.exit(0); + else + System.exit(1); + } +} diff --git a/CASA-auth-token/server-java/package/linux/CASA_auth_token_svc.changes b/CASA-auth-token/server-java/package/linux/CASA_auth_token_svc.changes index c1faab27..9ee49070 100644 --- a/CASA-auth-token/server-java/package/linux/CASA_auth_token_svc.changes +++ b/CASA-auth-token/server-java/package/linux/CASA_auth_token_svc.changes @@ -1,3 +1,13 @@ +------------------------------------------------------------------- +Fri Apr 20 15:40:01 MDT 2007 - jluciani@novell.com + +- Created utilities for editing the connector entry for the + server.xml Tomcat configuration file so that it can be + easily modified so that the Tomcat instance utilized by + the ATS use a different Keystore and be able to leverage + Certificate/Keys installed for other products. This is + the first step in the resolution of BUG242891. + ------------------------------------------------------------------- Wed Apr 18 16:43:48 MDT 2007 - jluciani@novell.com diff --git a/CASA-auth-token/server-java/package/linux/CASA_auth_token_svc.spec.in b/CASA-auth-token/server-java/package/linux/CASA_auth_token_svc.spec.in index 0f699b53..320f2b90 100644 --- a/CASA-auth-token/server-java/package/linux/CASA_auth_token_svc.spec.in +++ b/CASA-auth-token/server-java/package/linux/CASA_auth_token_svc.spec.in @@ -146,6 +146,7 @@ install -m 755 %{_lib}/java/CasaAuthTokenSettingsEditor.jar %{buildroot}%{prefix install -m 755 %{_lib}/java/CasaIdenTokenSettingsEditor.jar %{buildroot}%{prefix}/share/java/CASA/authtoken/bin/CasaIdenTokenSettingsEditor-%{bldno}.jar install -m 755 %{_lib}/java/CasaSvcSettingsEditor.jar %{buildroot}%{prefix}/share/java/CASA/authtoken/bin/CasaSvcSettingsEditor-%{bldno}.jar install -m 755 %{_lib}/java/CasaAuthPolicyEditor.jar %{buildroot}%{prefix}/share/java/CASA/authtoken/bin/CasaAuthPolicyEditor-%{bldno}.jar +install -m 755 %{_lib}/java/CasaTomcatConnectorEditor.jar %{buildroot}%{prefix}/share/java/CASA/authtoken/bin/CasaTomcatConnectorEditor-%{bldno}.jar # Symbolic Links ln -sf CasaAuthTokenSvc-%{bldno}.war %{buildroot}%{prefix}/share/java/CASA/authtoken/CasaAuthTokenSvc.war @@ -153,6 +154,7 @@ ln -sf CasaAuthTokenSettingsEditor-%{bldno}.jar %{buildroot}%{prefix}/share/java ln -sf CasaIdenTokenSettingsEditor-%{bldno}.jar %{buildroot}%{prefix}/share/java/CASA/authtoken/bin/CasaIdenTokenSettingsEditor.jar ln -sf CasaSvcSettingsEditor-%{bldno}.jar %{buildroot}%{prefix}/share/java/CASA/authtoken/bin/CasaSvcSettingsEditor.jar ln -sf CasaAuthPolicyEditor-%{bldno}.jar %{buildroot}%{prefix}/share/java/CASA/authtoken/bin/CasaAuthPolicyEditor.jar +ln -sf CasaTomcatConnectorEditor-%{bldno}.jar %{buildroot}%{prefix}/share/java/CASA/authtoken/bin/CasaTomcatConnectorEditor.jar # Settings and configuration files install -m 600 Svc/templates/svc.settings %{buildroot}/etc/CASA/authtoken/svc/templates/svc.settings @@ -170,6 +172,7 @@ install -m 700 Svc/linux/log4j.properties %{buildroot}/etc/CASA/authtoken/svc/lo install -m 700 Svc/linux/server_keystore_setup.sh %{buildroot}%{prefix}/share/java/CASA/authtoken/bin/server_keystore_setup.sh install -m 700 Svc/linux/CasaBasicATSSetup.sh %{buildroot}%{prefix}/share/java/CASA/authtoken/bin/CasaBasicATSSetup.sh install -m 700 Svc/linux/CasaAuthPolicyEditor.sh %{buildroot}%{prefix}/share/java/CASA/authtoken/bin/CasaAuthPolicyEditor.sh +install -m 700 Svc/linux/CasaTomcatConnectorEditor.sh %{buildroot}%{prefix}/share/java/CASA/authtoken/bin/CasaTomcatConnectorEditor.sh install -m 700 Svc/linux/CasaAuthTokenSettingsEditor.sh %{buildroot}%{prefix}/share/java/CASA/authtoken/bin/CasaAuthTokenSettingsEditor.sh install -m 700 Svc/linux/CasaIdenTokenSettingsEditor.sh %{buildroot}%{prefix}/share/java/CASA/authtoken/bin/CasaIdenTokenSettingsEditor.sh install -m 700 Svc/linux/CasaSvcSettingsEditor.sh %{buildroot}%{prefix}/share/java/CASA/authtoken/bin/CasaSvcSettingsEditor.sh @@ -256,6 +259,7 @@ rm -f /srv/www/casaats/conf/server.xml %{prefix}/share/java/CASA/authtoken/bin/server_keystore_setup.sh %{prefix}/share/java/CASA/authtoken/bin/CasaBasicATSSetup.sh %{prefix}/share/java/CASA/authtoken/bin/CasaAuthPolicyEditor.sh +%{prefix}/share/java/CASA/authtoken/bin/CasaTomcatConnectorEditor.sh %{prefix}/share/java/CASA/authtoken/bin/CasaAuthTokenSettingsEditor.sh %{prefix}/share/java/CASA/authtoken/bin/CasaIdenTokenSettingsEditor.sh %{prefix}/share/java/CASA/authtoken/bin/CasaSvcSettingsEditor.sh @@ -267,6 +271,8 @@ rm -f /srv/www/casaats/conf/server.xml %{prefix}/share/java/CASA/authtoken/bin/CasaSvcSettingsEditor.jar %{prefix}/share/java/CASA/authtoken/bin/CasaAuthPolicyEditor-%{bldno}.jar %{prefix}/share/java/CASA/authtoken/bin/CasaAuthPolicyEditor.jar +%{prefix}/share/java/CASA/authtoken/bin/CasaTomcatConnectorEditor-%{bldno}.jar +%{prefix}/share/java/CASA/authtoken/bin/CasaTomcatConnectorEditor.jar /etc/init.d/casa_atsd %defattr(-,casaatsd,casaauth) %dir /srv/www/casaats diff --git a/CASA-auth-token/server-java/package/linux/CASA_auth_token_svc_4zen.spec.in b/CASA-auth-token/server-java/package/linux/CASA_auth_token_svc_4zen.spec.in index d187f692..0970d760 100644 --- a/CASA-auth-token/server-java/package/linux/CASA_auth_token_svc_4zen.spec.in +++ b/CASA-auth-token/server-java/package/linux/CASA_auth_token_svc_4zen.spec.in @@ -146,6 +146,7 @@ install -m 755 %{_lib}/java/CasaAuthTokenSettingsEditor.jar %{buildroot}%{prefix install -m 755 %{_lib}/java/CasaIdenTokenSettingsEditor.jar %{buildroot}%{prefix}/share/java/CASA/authtoken/bin/CasaIdenTokenSettingsEditor-%{bldno}.jar install -m 755 %{_lib}/java/CasaSvcSettingsEditor.jar %{buildroot}%{prefix}/share/java/CASA/authtoken/bin/CasaSvcSettingsEditor-%{bldno}.jar install -m 755 %{_lib}/java/CasaAuthPolicyEditor.jar %{buildroot}%{prefix}/share/java/CASA/authtoken/bin/CasaAuthPolicyEditor-%{bldno}.jar +install -m 755 %{_lib}/java/CasaTomcatConnectorEditor.jar %{buildroot}%{prefix}/share/java/CASA/authtoken/bin/CasaTomcatConnectorEditor-%{bldno}.jar # Symbolic Links ln -sf CasaAuthTokenSvc-%{bldno}.war %{buildroot}%{prefix}/share/java/CASA/authtoken/CasaAuthTokenSvc.war @@ -153,6 +154,7 @@ ln -sf CasaAuthTokenSettingsEditor-%{bldno}.jar %{buildroot}%{prefix}/share/java ln -sf CasaIdenTokenSettingsEditor-%{bldno}.jar %{buildroot}%{prefix}/share/java/CASA/authtoken/bin/CasaIdenTokenSettingsEditor.jar ln -sf CasaSvcSettingsEditor-%{bldno}.jar %{buildroot}%{prefix}/share/java/CASA/authtoken/bin/CasaSvcSettingsEditor.jar ln -sf CasaAuthPolicyEditor-%{bldno}.jar %{buildroot}%{prefix}/share/java/CASA/authtoken/bin/CasaAuthPolicyEditor.jar +ln -sf CasaTomcatConnectorEditor-%{bldno}.jar %{buildroot}%{prefix}/share/java/CASA/authtoken/bin/CasaTomcatConnectorEditor.jar # Settings and configuration files install -m 600 Svc/templates/svc.settings %{buildroot}/etc/CASA/authtoken/svc/templates/svc.settings @@ -170,6 +172,7 @@ install -m 700 Svc/linux/log4j.properties %{buildroot}/etc/CASA/authtoken/svc/lo install -m 700 Svc/linux/server_keystore_setup.sh %{buildroot}%{prefix}/share/java/CASA/authtoken/bin/server_keystore_setup.sh install -m 700 Svc/linux/CasaBasicATSSetup.sh %{buildroot}%{prefix}/share/java/CASA/authtoken/bin/CasaBasicATSSetup.sh install -m 700 Svc/linux/CasaAuthPolicyEditor.sh %{buildroot}%{prefix}/share/java/CASA/authtoken/bin/CasaAuthPolicyEditor.sh +install -m 700 Svc/linux/CasaTomcatConnectorEditor.sh %{buildroot}%{prefix}/share/java/CASA/authtoken/bin/CasaTomcatConnectorEditor.sh install -m 700 Svc/linux/CasaAuthTokenSettingsEditor.sh %{buildroot}%{prefix}/share/java/CASA/authtoken/bin/CasaAuthTokenSettingsEditor.sh install -m 700 Svc/linux/CasaIdenTokenSettingsEditor.sh %{buildroot}%{prefix}/share/java/CASA/authtoken/bin/CasaIdenTokenSettingsEditor.sh install -m 700 Svc/linux/CasaSvcSettingsEditor.sh %{buildroot}%{prefix}/share/java/CASA/authtoken/bin/CasaSvcSettingsEditor.sh @@ -256,6 +259,7 @@ rm -f /srv/www/casaats/conf/server.xml %{prefix}/share/java/CASA/authtoken/bin/server_keystore_setup.sh %{prefix}/share/java/CASA/authtoken/bin/CasaBasicATSSetup.sh %{prefix}/share/java/CASA/authtoken/bin/CasaAuthPolicyEditor.sh +%{prefix}/share/java/CASA/authtoken/bin/CasaTomcatConnectorEditor.sh %{prefix}/share/java/CASA/authtoken/bin/CasaAuthTokenSettingsEditor.sh %{prefix}/share/java/CASA/authtoken/bin/CasaIdenTokenSettingsEditor.sh %{prefix}/share/java/CASA/authtoken/bin/CasaSvcSettingsEditor.sh @@ -267,6 +271,8 @@ rm -f /srv/www/casaats/conf/server.xml %{prefix}/share/java/CASA/authtoken/bin/CasaSvcSettingsEditor.jar %{prefix}/share/java/CASA/authtoken/bin/CasaAuthPolicyEditor-%{bldno}.jar %{prefix}/share/java/CASA/authtoken/bin/CasaAuthPolicyEditor.jar +%{prefix}/share/java/CASA/authtoken/bin/CasaTomcatConnectorEditor-%{bldno}.jar +%{prefix}/share/java/CASA/authtoken/bin/CasaTomcatConnectorEditor.jar /etc/init.d/casa_atsd %defattr(-,casaatsd,casaauth) %dir /srv/www/casaats