From 3ab1a06db6364173001269843e973457343ad90e Mon Sep 17 00:00:00 2001
From: Ross Nicoll <jrn@jrn.me.uk>
Date: Tue, 19 Dec 2017 12:47:54 +0000
Subject: [PATCH] Improve run instructions for the HSM doorman (#190)

* Add more detail to HSM doorman outputs
* Remove duplicate display of defaults, add default value where it was only set in text, and show the actual names of the authentication modes.
* Add instructions for getting command line help
* Change error display to use System.err
---
 network-management/Readme.md                   |  6 +++++-
 .../com/r3/corda/networkmanage/hsm/Main.kt     |  2 +-
 .../hsm/authentication/Authenticator.kt        | 10 +++++++---
 .../hsm/configuration/Configuration.kt         | 18 +++++++++---------
 4 files changed, 22 insertions(+), 14 deletions(-)

diff --git a/network-management/Readme.md b/network-management/Readme.md
index 29ca9b2074..8030d34427 100644
--- a/network-management/Readme.md
+++ b/network-management/Readme.md
@@ -28,9 +28,13 @@ To run the HSM signing server:
 
 ```
 cd network-management
-java -jar capsule-hsm/build/libs/hsm-3.0-NETWORKMAP-20171204.134345-6-capsule.jar --configFile hsm.conf
+java -jar capsule-hsm/build/libs/hsm-3.0-NETWORKMAP-20171204.134345-6.jar --configFile hsm.conf
 ```
 
+For a list of options the HSM signing server takes, run with the `--help` option:
+
+java -jar capsule-hsm/build/libs/hsm-3.0-NETWORKMAP-20171204.134345-6.jar --help
+
 #Configuring network management service
 ### Local signing
 
diff --git a/network-management/src/main/kotlin/com/r3/corda/networkmanage/hsm/Main.kt b/network-management/src/main/kotlin/com/r3/corda/networkmanage/hsm/Main.kt
index 4b881005cc..4e25900f68 100644
--- a/network-management/src/main/kotlin/com/r3/corda/networkmanage/hsm/Main.kt
+++ b/network-management/src/main/kotlin/com/r3/corda/networkmanage/hsm/Main.kt
@@ -110,7 +110,7 @@ fun run(parameters: Parameters) {
 
 private fun processError(exception: Exception) {
     val processed = mapCryptoServerException(exception)
-    println("An error occured: ${processed.message}")
+    System.err.println("An error occurred: ${processed.message}")
 }
 
 private fun confirmedSign(selectedItems: List<ApprovedCertificateRequestData>): Boolean {
diff --git a/network-management/src/main/kotlin/com/r3/corda/networkmanage/hsm/authentication/Authenticator.kt b/network-management/src/main/kotlin/com/r3/corda/networkmanage/hsm/authentication/Authenticator.kt
index 65921ab418..90d626e4c8 100644
--- a/network-management/src/main/kotlin/com/r3/corda/networkmanage/hsm/authentication/Authenticator.kt
+++ b/network-management/src/main/kotlin/com/r3/corda/networkmanage/hsm/authentication/Authenticator.kt
@@ -43,12 +43,15 @@ class Authenticator(private val provider: CryptoServerProvider,
                     autoUsername
                 }
                 when (mode) {
-                    AuthMode.CARD_READER -> provider.loginSign(user, ":cs2:cyb:USB0", null)
+                    AuthMode.CARD_READER -> {
+                        println("Authenticating using card reader")
+                        provider.loginSign(user, ":cs2:cyb:USB0", null)
+                    }
                     AuthMode.KEY_FILE -> {
-                        println("Authenticating using preconfigured key file")
+                        println("Authenticating using preconfigured key file $authKeyFilePath")
                         val password = if (authKeyFilePass == null) {
                             val input = readPassword("Enter key file password (or Q to quit): ")
-                            if ("q" == input.toLowerCase()) {
+                            if ("q" == input.toLowerCase().trim()) {
                                 authenticated.clear()
                                 break@loop
                             } else {
@@ -60,6 +63,7 @@ class Authenticator(private val provider: CryptoServerProvider,
                         provider.loginSign(user, authKeyFilePath.toString(), password)
                     }
                     AuthMode.PASSWORD -> {
+                        println("Authenticating using password")
                         val password = readPassword("Enter password (or Q to quit): ")
                         if ("q" == password.toLowerCase()) {
                             authenticated.clear()
diff --git a/network-management/src/main/kotlin/com/r3/corda/networkmanage/hsm/configuration/Configuration.kt b/network-management/src/main/kotlin/com/r3/corda/networkmanage/hsm/configuration/Configuration.kt
index 020b937ac4..ddc34ff44c 100644
--- a/network-management/src/main/kotlin/com/r3/corda/networkmanage/hsm/configuration/Configuration.kt
+++ b/network-management/src/main/kotlin/com/r3/corda/networkmanage/hsm/configuration/Configuration.kt
@@ -68,22 +68,22 @@ data class Parameters(val dataSourceProperties: Properties,
 fun parseParameters(vararg args: String): Parameters {
     val argConfig = args.toConfigWithOptions {
         accepts("basedir", "Overriding configuration filepath, default to current directory.").withRequiredArg().defaultsTo(".").describedAs("filepath")
-        accepts("configFile", "Overriding configuration file. (default: <<current directory>>/node.conf)").withRequiredArg().describedAs("filepath")
-        accepts("device", "CryptoServer device address (default: $DEFAULT_DEVICE)").withRequiredArg()
+        accepts("configFile", "Overriding configuration file.").withRequiredArg().defaultsTo("node.conf").describedAs("filepath")
+        accepts("device", "CryptoServer device address").withRequiredArg().defaultsTo(DEFAULT_DEVICE)
         accepts("keyGroup", "CryptoServer key group").withRequiredArg()
-        accepts("keySpecifier", "CryptoServer key specifier (default: $DEFAULT_KEY_SPECIFIER)").withRequiredArg().ofType(Int::class.java).defaultsTo(DEFAULT_KEY_SPECIFIER)
+        accepts("keySpecifier", "CryptoServer key specifier").withRequiredArg().ofType(Int::class.java).defaultsTo(DEFAULT_KEY_SPECIFIER)
         accepts("rootPrivateKeyPassword", "Password for the root certificate private key").withRequiredArg().describedAs("password")
         accepts("csrPrivateKeyPassword", "Password for the CSR signing certificate private key").withRequiredArg().describedAs("password")
-        accepts("keyGenAuthThreshold", "Authentication strength threshold for the HSM key generation (default: $DEFAULT_KEY_GEN_AUTH_THRESHOLD)").withRequiredArg().ofType(Int::class.java).defaultsTo(DEFAULT_KEY_GEN_AUTH_THRESHOLD)
-        accepts("signAuthThreshold", "Authentication strength threshold for the HSM CSR signing (default: $DEFAULT_SIGN_AUTH_THRESHOLD)").withRequiredArg().ofType(Int::class.java).defaultsTo(DEFAULT_SIGN_AUTH_THRESHOLD)
-        accepts("authMode", "Authentication mode. Allowed values: ${AuthMode.values()} (default: $DEFAULT_AUTH_MODE)").withRequiredArg().defaultsTo(DEFAULT_AUTH_MODE.name)
+        accepts("keyGenAuthThreshold", "Authentication strength threshold for the HSM key generation").withRequiredArg().ofType(Int::class.java).defaultsTo(DEFAULT_KEY_GEN_AUTH_THRESHOLD)
+        accepts("signAuthThreshold", "Authentication strength threshold for the HSM CSR signing").withRequiredArg().ofType(Int::class.java).defaultsTo(DEFAULT_SIGN_AUTH_THRESHOLD)
+        accepts("authMode", "Authentication mode. Allowed values: ${AuthMode.values().map(AuthMode::name)})").withRequiredArg().defaultsTo(DEFAULT_AUTH_MODE.name)
         accepts("authKeyFilePath", "Key file path when authentication is based on a key file (i.e. authMode=${AuthMode.KEY_FILE.name})").withRequiredArg().describedAs("filepath")
         accepts("authKeyFilePassword", "Key file password when authentication is based on a key file (i.e. authMode=${AuthMode.KEY_FILE.name})").withRequiredArg()
         accepts("autoUsername", "Username to be used for certificate signing (if not specified it will be prompted for input)").withRequiredArg()
-        accepts("csrCertificateName", "Name of the certificate to be used by this CA to sign CSR (default: $DEFAULT_CSR_CERTIFICATE_NAME)").withRequiredArg().defaultsTo(DEFAULT_CSR_CERTIFICATE_NAME)
-        accepts("rootCertificateName", "Name of the root certificate to be used by this CA (default: $DEFAULT_ROOT_CERTIFICATE_NAME)").withRequiredArg().defaultsTo(DEFAULT_ROOT_CERTIFICATE_NAME)
+        accepts("csrCertificateName", "Name of the certificate to be used by this CA to sign CSR").withRequiredArg().defaultsTo(DEFAULT_CSR_CERTIFICATE_NAME)
+        accepts("rootCertificateName", "Name of the root certificate to be used by this CA").withRequiredArg().defaultsTo(DEFAULT_ROOT_CERTIFICATE_NAME)
         accepts("validDays", "Validity duration in days").withRequiredArg().ofType(Int::class.java)
-        accepts("signInterval", "Time interval (in seconds) in which network map is signed (default: $DEFAULT_SIGN_INTERVAL)").withRequiredArg().ofType(Long::class.java).defaultsTo(DEFAULT_SIGN_INTERVAL)
+        accepts("signInterval", "Time interval (in seconds) in which network map is signed").withRequiredArg().ofType(Long::class.java).defaultsTo(DEFAULT_SIGN_INTERVAL)
     }
 
     val configFile = if (argConfig.hasPath("configFile")) {