Add 'security-tools' with 'vespa-tls-env' command line tool

6 files changed, 158 insertions, 0 deletions

diff --git a/security-tools/CMakeLists.txt b/security-tools/CMakeLists.txt
new file mode 100644
index 00000000000..b6a90392927
--- /dev/null
+++ b/security-tools/CMakeLists.txt
@@ -0,0 +1,5 @@
+# Copyright 2019 Oath Inc. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
+install_fat_java_artifact(security-tools)
+
+vespa_install_script(src/main/sh/vespa-tls-env vespa-tls-env bin)
+
diff --git a/security-tools/OWNERS b/security-tools/OWNERS
new file mode 100644
index 00000000000..569bf1cc3a1
--- /dev/null
+++ b/security-tools/OWNERS
@@ -0,0 +1 @@
+bjorncs
diff --git a/security-tools/README.md b/security-tools/README.md
new file mode 100644
index 00000000000..ceee3997a3b
--- /dev/null
+++ b/security-tools/README.md
@@ -0,0 +1,3 @@
+# security-tools
+
+Contains the "vespa-tls-env" command line tool for Vespa.
\ No newline at end of file
diff --git a/security-tools/pom.xml b/security-tools/pom.xml
new file mode 100644
index 00000000000..aa07e96d628
--- /dev/null
+++ b/security-tools/pom.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0"?>
+<!-- Copyright 2019 Oath Inc. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. -->
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+  <modelVersion>4.0.0</modelVersion>
+  <parent>
+    <groupId>com.yahoo.vespa</groupId>
+    <artifactId>parent</artifactId>
+    <version>7-SNAPSHOT</version>
+    <relativePath>../parent/pom.xml</relativePath>
+  </parent>
+  <artifactId>security-tools</artifactId>
+  <packaging>jar</packaging>
+  <version>7-SNAPSHOT</version>
+  <dependencies>
+    <!-- compile scope -->
+    <dependency>
+      <groupId>com.yahoo.vespa</groupId>
+      <artifactId>security-utils</artifactId>
+      <version>${project.version}</version>
+      <scope>compile</scope>
+    </dependency>
+
+    <!-- test scope -->
+    <dependency>
+      <groupId>junit</groupId>
+      <artifactId>junit</artifactId>
+      <scope>test</scope>
+    </dependency>
+    <dependency>
+      <groupId>org.mockito</groupId>
+      <artifactId>mockito-core</artifactId>
+      <scope>test</scope>
+    </dependency>
+  </dependencies>
+  <build>
+    <plugins>
+      <plugin>
+        <groupId>org.apache.maven.plugins</groupId>
+        <artifactId>maven-shade-plugin</artifactId>
+        <configuration>
+          <finalName>${project.artifactId}-jar-with-dependencies</finalName>
+          <filters>
+            <filter>
+              <!-- Don't include signature files from bouncycastle in uber jar.  -->
+              <artifact>*:*</artifact>
+              <excludes>
+                <exclude>META-INF/*.SF</exclude>
+                <exclude>META-INF/*.DSA</exclude>
+                <exclude>META-INF/*.RSA</exclude>
+              </excludes>
+            </filter>
+          </filters>
+        </configuration>
+        <executions>
+          <execution>
+            <phase>package</phase>
+            <goals>
+              <goal>shade</goal>
+            </goals>
+          </execution>
+        </executions>
+      </plugin>
+    </plugins>
+  </build>
+</project>
diff --git a/security-tools/src/main/java/com/yahoo/vespa/security/tool/tlsenv/Main.java b/security-tools/src/main/java/com/yahoo/vespa/security/tool/tlsenv/Main.java
new file mode 100644
index 00000000000..9472a8b636d
--- /dev/null
+++ b/security-tools/src/main/java/com/yahoo/vespa/security/tool/tlsenv/Main.java
@@ -0,0 +1,11 @@
+// Copyright 2019 Oath Inc. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
+package com.yahoo.vespa.security.tool.tlsenv;
+
+/**
+ * @author bjorncs
+ */
+public class Main {
+    public static void main(String[] args) {
+        System.out.println("TODO implementation");
+    }
+}
diff --git a/security-tools/src/main/sh/vespa-tls-env b/security-tools/src/main/sh/vespa-tls-env
new file mode 100644
index 00000000000..19b6ccf4c12
--- /dev/null
+++ b/security-tools/src/main/sh/vespa-tls-env
@@ -0,0 +1,73 @@
+#!/usr/bin/env bash
+# Copyright 2019 Oath Inc. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
+
+# BEGIN environment bootstrap section
+# Do not edit between here and END as this section should stay identical in all scripts
+
+findpath () {
+    myname=${0}
+    mypath=${myname%/*}
+    myname=${myname##*/}
+    if [ "$mypath" ] && [ -d "$mypath" ]; then
+        return
+    fi
+    mypath=$(pwd)
+    if [ -f "${mypath}/${myname}" ]; then
+        return
+    fi
+    echo "FATAL: Could not figure out the path where $myname lives from $0"
+    exit 1
+}
+
+COMMON_ENV=libexec/vespa/common-env.sh
+
+source_common_env () {
+    if [ "$VESPA_HOME" ] && [ -d "$VESPA_HOME" ]; then
+        export VESPA_HOME
+        common_env=$VESPA_HOME/$COMMON_ENV
+        if [ -f "$common_env" ]; then
+            . $common_env
+            return
+        fi
+    fi
+    return 1
+}
+
+findroot () {
+    source_common_env && return
+    if [ "$VESPA_HOME" ]; then
+        echo "FATAL: bad VESPA_HOME value '$VESPA_HOME'"
+        exit 1
+    fi
+    if [ "$ROOT" ] && [ -d "$ROOT" ]; then
+        VESPA_HOME="$ROOT"
+        source_common_env && return
+    fi
+    findpath
+    while [ "$mypath" ]; do
+        VESPA_HOME=${mypath}
+        source_common_env && return
+        mypath=${mypath%/*}
+    done
+    echo "FATAL: missing VESPA_HOME environment variable"
+    echo "Could not locate $COMMON_ENV anywhere"
+    exit 1
+}
+
+findhost () {
+    if [ "${VESPA_HOSTNAME}" = "" ]; then
+        VESPA_HOSTNAME=$(vespa-detect-hostname || hostname -f || hostname || echo "localhost") || exit 1
+    fi
+    validate="${VESPA_HOME}/bin/vespa-validate-hostname"
+    if [ -f "$validate" ]; then
+        "$validate" "${VESPA_HOSTNAME}" || exit 1
+    fi
+    export VESPA_HOSTNAME
+}
+
+findroot
+findhost
+
+# END environment bootstrap section
+
+exec java -Djava.awt.headless=true -cp ${VESPA_HOME}/lib/jars/security-tools-jar-with-dependencies.jar com.yahoo.vespa.security.tool.tlsenv.Main "$@"
\ No newline at end of file