From 5f645bcb73537836ac0af82b7635866fa6ae0710 Mon Sep 17 00:00:00 2001
From: Marco Fargetta <mfargett@redhat.com>
Date: Mon, 23 Sep 2024 18:15:27 +0200
Subject: [PATCH] Remove setup from Postgresql realm authentication

The realm should not modify the user database but it has to be provided
and configured in advance.
However, if a file is provided it is used during the initialisation and
not during the authentication.
---
 base/est/shared/realm/postgresql/create.sql   | 23 +++++++++++++++++++
 .../realm/{ => postgresql}/statements.conf    |  0
 .../cms/realm/PKIPostgreSQLRealm.java         | 17 ++++++++++----
 3 files changed, 36 insertions(+), 4 deletions(-)
 create mode 100644 base/est/shared/realm/postgresql/create.sql
 rename base/est/shared/realm/{ => postgresql}/statements.conf (100%)

diff --git a/base/est/shared/realm/postgresql/create.sql b/base/est/shared/realm/postgresql/create.sql
new file mode 100644
index 00000000000..c1e20e94bc9
--- /dev/null
+++ b/base/est/shared/realm/postgresql/create.sql
@@ -0,0 +1,23 @@
+CREATE TABLE "users" (
+    "id"               VARCHAR PRIMARY KEY,
+    "full_name"        VARCHAR,
+    "password"         VARCHAR
+);
+
+CREATE TABLE "user_certs" (
+    "user_id"          VARCHAR NOT NULL,
+    "cert_id"          VARCHAR NOT NULL,
+    "data"             BYTEA,
+    PRIMARY KEY ("user_id", "cert_id")
+);
+
+CREATE TABLE "groups" (
+    "id"               VARCHAR PRIMARY KEY,
+    "description"      VARCHAR
+);
+
+CREATE TABLE "group_members" (
+    "group_id"         VARCHAR NOT NULL,
+    "user_id"          VARCHAR NOT NULL,
+    PRIMARY KEY ("group_id", "user_id")
+);
diff --git a/base/est/shared/realm/statements.conf b/base/est/shared/realm/postgresql/statements.conf
similarity index 100%
rename from base/est/shared/realm/statements.conf
rename to base/est/shared/realm/postgresql/statements.conf
diff --git a/base/server/src/main/java/com/netscape/cms/realm/PKIPostgreSQLRealm.java b/base/server/src/main/java/com/netscape/cms/realm/PKIPostgreSQLRealm.java
index 379191d8d85..12240856e59 100644
--- a/base/server/src/main/java/com/netscape/cms/realm/PKIPostgreSQLRealm.java
+++ b/base/server/src/main/java/com/netscape/cms/realm/PKIPostgreSQLRealm.java
@@ -119,17 +119,27 @@ public void initInternal () throws LifecycleException {
         if (saltLength != null) {
             handler.setSaltLength(Integer.parseInt(saltLength));
         }
+
+        String createFile = info.getProperty("dbcreate.file");
+        if (createFile != null) {
+            try{
+                connect();
+                setup(createFile);
+            } catch (Exception e) {
+                throw new LifecycleException("DB creation failed. Creation file: " + createFile, e);
+            }
+        }
+        
     }
 
     /**
      * This method will create the tables if they do not exist.
      */
-    public void setup() throws Exception {
+    public void setup(String createFile) throws Exception {
 
         logger.info("Setting up PostgreSQL realm");
 
-        String filename = "/usr/share/pki/acme/realm/postgresql/create.sql";
-        String content = new String(Files.readAllBytes(Paths.get(filename)));
+        String content = new String(Files.readAllBytes(Paths.get(createFile)));
 
         String[] stats = content.split(";");
         for (String sql : stats) {
@@ -169,7 +179,6 @@ public void connect() throws Exception {
         if (connection == null) { // create the initial connection
             logger.info("Connecting to " + url);
             connection = DriverManager.getConnection(url, info);
-            setup();
             return;
         }