switch from storepass to .cws creds

.github/workflows/camunda.yml

@@ -46,6 +46,12 @@ jobs:
           chmod +x generate-certs.sh
           ./generate-certs.sh
 
+      - name: Set up Keystore storepass
+        run: |
+          mkdir ~/.cws/
+          echo ${{ secrets.KEYSTORE_PASSWORD }} > ~/.cws/creds
+          chmod 700 ~/.cws/creds
+
       - name: Download Logstash
         uses: carlosperate/download-file-action@v1
         with:

.github/workflows/ldap.yml

@@ -46,6 +46,12 @@ jobs:
           chmod +x generate-certs.sh
           ./generate-certs.sh
 
+      - name: Set up Keystore storepass
+        run: |
+          mkdir ~/.cws/
+          echo ${{ secrets.KEYSTORE_PASSWORD }} > ~/.cws/creds
+          chmod 700 ~/.cws/creds
+
       - name: Download Logstash
         uses: carlosperate/download-file-action@v1
         with:

.gitignore

@@ -14,7 +14,6 @@ cws-service/src/main/resources/camunda/bpmn/*.bpmn
 
 .keystore
 cws_truststore.jks
-.storepass
 cws.crt
 
 cookies.txt
@@ -35,4 +34,4 @@ install/logging/logstash-*.zip
 /jacoco-reports
 /test-screenshots
 
-*.cnf
+*.cnf

README.md

@@ -37,9 +37,9 @@ See the [wiki](https://github.com/NASA-AMMOS/common-workflow-service/wiki) for m
 - Tomcat **keystore, truststore, storepass files** (needed for CWS web console to work properly):
     - You will need to add your own Tomcat keystore file to this path: `install/.keystore`
     - You will need to add your own truststore file to this path: `install/tomcat_lib/cws_truststore.jks`
-    - You will need to add your own .storepass file, which carries the keystore password, to this path: `install/tomcat_lib/.storepass`
-      - The **.storepass** file must have the read/write permission set to Owner-Only, *'600'* or *'-rw-------'* at maximum
-        - `chmod 600 .storepass`
+    - You will need to add your own creds file, which carries the keystore password, to this path: `~/.cws/creds`
+      - The **~/.cws/** directory and **creds** file must have the read/write/execute permission set to Owner-Only, *'700'* or *'-rwx------'* at maximum
+        - `chmod 700 creds`
     - See: https://tomcat.apache.org/tomcat-9.0-doc/ssl-howto.html
     - **Java 11 JDK**: CWS only runs on JDK 11 now, but planning for JDK 17 soon.
       - For Homebrew users:

create_server_dist.sh

@@ -96,7 +96,6 @@ TOMCAT_CONF_DIR=${CWS_TOMCAT_ROOT}/conf
 print 'Installing key and trust store to Tomcat...'
 cp ${INSTALL_DIR}/.keystore ${CWS_TOMCAT_ROOT}/conf/.keystore
 cp ${INSTALL_DIR}/tomcat_lib/cws_truststore.jks ${TOMCAT_LIB_DIR}
-cp ${INSTALL_DIR}/tomcat_lib/.storepass ${TOMCAT_LIB_DIR}
 
 # ___________________________________________________________________
 # MAKE TOMCAT ROOT POINT TO cws-ui AND REMOVE DEFAULT TOMCAT ROOT APP

cws-installer/src/main/java/jpl/cws/task/CwsInstaller.java

@@ -1064,32 +1064,37 @@ private static void setupLimitToRemoveAbandonedWorkersByDays() {
 
 
 	private static void getKeystorePassword() {
-		Path filePath;
-		filePath = Paths.get(cws_tomcat_lib + SEP + ".storepass");
-		String storepassFilePath = filePath.toString();
-		File storepassReadFile = new File(storepassFilePath);
-
-		boolean fileExists = storepassReadFile.exists();
-		if (fileExists == true) {
-			if (!storepassReadFile.canRead()) {
-				print("ERROR: .storepass in path '" + cws_tomcat_lib + SEP + "' is NOT readable by system user.");
-				print("     ");
-				print("WARNING:  Read and fulfill the Keystore/Truststore prerequisites before continuing installation: ");
-				print("          https://github.com/NASA-AMMOS/common-workflow-service?tab=readme-ov-file#prerequisites");
-				exit(1);
-			}
-		} else {
-			print("ERROR: .storepass does NOT exist in path '" + cws_tomcat_lib + SEP + "' ");
-			print("     ");
-			print("WARNING:  Make sure to place .storepass in the correct path and satisfy the following Keystore/Truststore prerequisites: ");
-			print("          https://github.com/NASA-AMMOS/common-workflow-service?tab=readme-ov-file#prerequisites");
-			exit(1);
-		}
-
-		try {
-			cws_keystore_storepass = Files.readString(Paths.get(storepassFilePath)).trim();
-		} catch (IOException e) {
-			e.printStackTrace();
+        cws_keystore_storepass = getPreset("default_cws_keystore_storepass");
+
+		if (cws_keystore_storepass == null) {
+	        Path filePath;
+    		filePath = Paths.get("~/.cws/creds");
+    		String storepassFilePath = filePath.toString();
+    		storepassFilePath = storepassFilePath.replaceFirst("^~", System.getProperty("user.home"));
+    		File storepassReadFile = new File(storepassFilePath);
+    		boolean fileExists = storepassReadFile.exists();
+
+    		if (fileExists == true) {
+    			if (!storepassReadFile.canRead()) {
+    				print("ERROR: creds in path '" + "~/.cws/creds" + "' is NOT readable by system user.");
+    				print("     ");
+    				print("WARNING:  Read and fulfill the Keystore/Truststore prerequisites before continuing installation: ");
+    				print("          https://github.com/NASA-AMMOS/common-workflow-service?tab=readme-ov-file#prerequisites");
+    				exit(1);
+    			}
+    		} else {
+    			print("ERROR: creds does NOT exist in path '" + "~/.cws/creds" + "' ");
+    			print("     ");
+    			print("WARNING:  Make sure to place creds in the correct path and satisfy the following Keystore/Truststore prerequisites: ");
+    			print("          https://github.com/NASA-AMMOS/common-workflow-service?tab=readme-ov-file#prerequisites");
+    			exit(1);
+    		}
+
+    		try {
+    			cws_keystore_storepass = Files.readString(Paths.get(storepassFilePath)).trim();
+    		} catch (IOException e) {
+    			e.printStackTrace();
+    		}
 		}
 	}
 
@@ -3345,4 +3350,4 @@ private static void setPreset(String key, String value) {
 		}
 	}
 
-}
+}