[LighttpdHttps] Support setting HTTPS redirection

This implements #3058

2 files changed, 98 insertions, 19 deletions

diff --git a/scripts/install-https b/scripts/install-https
index ad77a97..121fb0e 100755
--- a/scripts/install-https
+++ b/scripts/install-https
@@ -1,7 +1,8 @@
 #!/bin/bash
 
-CERTFILE="/etc/lighttpd/server.pem"
-CHAINFILE="/etc/lighttpd/chain.pem"
+declare -rg CERTFILE="/etc/lighttpd/server.pem"
+declare -rg CHAINFILE="/etc/lighttpd/chain.pem"
+declare -rg REDIR_FLAG="/etc/lighttpd/redirect.flag"
 
 op_disable ()
 {
@@ -76,20 +77,53 @@ generate_dh ()
 	fi
 }
 
-OP=$1
-shift
+setup_redirect ()
+{
+	if [ -n "$REDIR" ]; then
+		touch "$REDIR_FLAG"
+	else
+		rm -f -- "$REDIR_FLAG"
+	fi
+}
 
-case "$OP" in
-	--random) op_random "$@" ;;
-	--test) op_test "$@" ;;
-	--import) op_import "$@" ;;
-	--disable) op_disable ;;
+RE_ONLY=
+REDIR=
+while true; do
+	case "$1" in
+	--redirect-only)
+		RE_ONLY=tru
+		;;
+	--redirect)
+		REDIR=truh
+		;;
 	*)
-		echo "Invalid operation: $1"
-		exit 1
+		break
 		;;
-esac
+	esac
+	shift
+done
+
+setup_redirect
+
+if [ -z "$RE_ONLY" ]; then
+
+	OP=$1
+	shift
+
+	case "$OP" in
+		--random) op_random "$@" ;;
+		--test) op_test "$@" ;;
+		--import) op_import "$@" ;;
+		--disable) op_disable ;;
+		*)
+			echo "Invalid operation: $1"
+			exit 1
+			;;
+	esac
+
+fi
 
+sleep .5
 systemctl restart lighttpd
 
 exit 0
diff --git a/src/main/java/org/openslx/taskmanager/tasks/LighttpdHttps.java b/src/main/java/org/openslx/taskmanager/tasks/LighttpdHttps.java
index 59f3027..08fac2a 100644
--- a/src/main/java/org/openslx/taskmanager/tasks/LighttpdHttps.java
+++ b/src/main/java/org/openslx/taskmanager/tasks/LighttpdHttps.java
@@ -1,6 +1,9 @@
 package org.openslx.taskmanager.tasks;
 
 import java.io.File;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.List;
 
 import org.openslx.satserver.util.Exec;
 import org.openslx.satserver.util.Util;
@@ -27,6 +30,13 @@ public class LighttpdHttps extends AbstractTask
 	@Expose
 	private String proxyip = null;
 
+	@Expose
+	private boolean redirect;
+	@Expose
+	private boolean redirectOnly;
+
+	private List<String> baseCmd = Arrays.asList( new String[] { "sudo", "-n", "-u", "root", "/opt/taskmanager/scripts/install-https" } );
+
 	@Override
 	protected boolean initTask()
 	{
@@ -37,6 +47,8 @@ public class LighttpdHttps extends AbstractTask
 	@Override
 	protected boolean execute()
 	{
+		if ( this.redirectOnly )
+			return setRedirect();
 		if ( this.importcert != null && this.importkey != null && !this.importcert.isEmpty() && !this.importkey.isEmpty() )
 			return createFromInput();
 		if ( this.proxyip != null && !this.proxyip.isEmpty() )
@@ -46,7 +58,13 @@ public class LighttpdHttps extends AbstractTask
 
 	private boolean createRandom()
 	{
-		int ret = Exec.sync( 15, "sudo", "-n", "-u", "root", "/opt/taskmanager/scripts/install-https", "--random", this.proxyip );
+		List<String> cmd = new ArrayList<>( baseCmd );
+		if ( this.redirect ) {
+			cmd.add( "--redirect" );
+		}
+		cmd.add( "--random" );
+		cmd.add( this.proxyip );
+		int ret = Exec.sync( 45, cmd.toArray( new String[ cmd.size() ] ) );
 		if ( ret != 0 ) {
 			status.error = "generator exited with code " + ret;
 			return false;
@@ -60,6 +78,7 @@ public class LighttpdHttps extends AbstractTask
 		File tmpKey = null;
 		File tmpCert = null;
 		File tmpChain = null;
+		List<String> cmd;
 		try {
 			try {
 				tmpCert = File.createTempFile( "bwlp-", ".pem" );
@@ -75,17 +94,26 @@ public class LighttpdHttps extends AbstractTask
 				return false;
 			}
 			int ret;
-			ret = Exec.sync( 15, "/opt/taskmanager/scripts/install-https", "--test", tmpKey.getAbsolutePath(), tmpCert.getAbsolutePath() );
+			cmd = new ArrayList<>( baseCmd );
+			cmd.add( "--test" );
+			cmd.add( tmpKey.getAbsolutePath() );
+			cmd.add( tmpCert.getAbsolutePath() );
+			ret = Exec.sync( 45, cmd.toArray( new String[ cmd.size() ] ) );
 			if ( ret != 0 ) {
 				status.error = "Given key and certificate do not match, or have invalid format (exit code: " + ret + ")";
 				return false;
 			}
+			cmd = new ArrayList<>( baseCmd );
+			if ( this.redirect ) {
+				cmd.add( "--redirect" );
+			}
+			cmd.add( "--import" );
+			cmd.add( tmpKey.getAbsolutePath() );
+			cmd.add( tmpCert.getAbsolutePath() );
 			if ( tmpChain != null ) {
-				ret = Exec.sync( 15, "sudo", "-n", "-u", "root", "/opt/taskmanager/scripts/install-https", "--import", tmpKey.getAbsolutePath(), tmpCert.getAbsolutePath(),
-						tmpChain.getAbsolutePath() );
-			} else {
-				ret = Exec.sync( 15, "sudo", "-n", "-u", "root", "/opt/taskmanager/scripts/install-https", "--import", tmpKey.getAbsolutePath(), tmpCert.getAbsolutePath() );
+				cmd.add( tmpChain.getAbsolutePath() );
 			}
+			ret = Exec.sync( 45, cmd.toArray( new String[ cmd.size() ] ) );
 			if ( ret != 0 ) {
 				status.error = "import exited with code " + ret;
 				return false;
@@ -99,9 +127,26 @@ public class LighttpdHttps extends AbstractTask
 		}
 	}
 
+	private boolean setRedirect()
+	{
+		List<String> cmd = new ArrayList<>( baseCmd );
+		cmd.add( "--redirect-only" );
+		if ( this.redirect ) {
+			cmd.add( "--redirect" );
+		}
+		int ret = Exec.sync( 10, cmd.toArray( new String[ cmd.size() ] ) );
+		if ( ret != 0 ) {
+			status.error = "set redirect exited with code " + ret;
+			return false;
+		}
+		return true;
+	}
+
 	private boolean disableHttps()
 	{
-		int ret = Exec.sync( 15, "sudo", "-n", "-u", "root", "/opt/taskmanager/scripts/install-https", "--disable" );
+		List<String> cmd = new ArrayList<>( baseCmd );
+		cmd.add( "--disable" );
+		int ret = Exec.sync( 10, cmd.toArray( new String[ cmd.size() ] ) );
 		if ( ret != 0 ) {
 			status.error = "disable exited with code " + ret;
 			return false;