update readme for cws/creds 600 and 700

README.md

@@ -34,19 +34,20 @@ See the [wiki](https://github.com/NASA-AMMOS/common-workflow-service/wiki) for m
 - **Logstash 8.8.0+**: Download Logstash for your platform. Uncompress it (only if it is a .tar.gz) and then ZIP back it up with the filename 'logstash-8.8.0.zip' and place in `install/logging/`. This is a temporary workaround while we clean up our installation process. You can find the zip download [here](https://www.elastic.co/downloads/logstash).
 - **Elasticsearch 8.8.0+**: CWS requires an externally-configured elasticsearch cluster to be set up. You can use an SSL Secure Elasticsearch with or without authentication, or an Insecure HTTP Elasticsearch.
   - The "Elasticsearch Setup" instruction below provides a contained Dockerized way of running Elasticsearch. This serves as an alternative to installing Elasticsearch.
-- Tomcat **keystore, truststore, storepass files** (needed for CWS web console to work properly):
+- Tomcat **keystore, truststore, storepass files** (needed for CWS web console to work properly). To generate an open-source **.keystore** and **cws_truststore.jks** use the script `./generate-certs.sh` [here](https://github.com/NASA-AMMOS/common-workflow-service/tree/develop/cws-certs)
     - You will need to add your own Tomcat keystore file to this path: `install/.keystore`
     - You will need to add your own truststore file to this path: `install/tomcat_lib/cws_truststore.jks`
-    - You will need to add your own creds file, which carries the keystore password, to this path: `~/.cws/creds`
-      - The **~/.cws/** directory and **creds** file must have the read/write/execute permission set to Owner-Only, *'700'* or *'-rwx------'* at maximum
-        - `chmod 700 creds`
     - See: https://tomcat.apache.org/tomcat-9.0-doc/ssl-howto.html
-    - **Java 11 JDK**: CWS only runs on JDK 11 now, but planning for JDK 17 soon.
-      - For Homebrew users:
-        - Install OpenJDK 11 using: `brew install openjdk@11`
-        - Check the exact version installed using `/usr/libexec/java_home -V`
-        - Add to your Shell startup (e.g. .zprofile): `export JAVA_HOME=$(/usr/libexec/java_home -v X.X.X)`
-          - Replace the X.X.X version above with the OpenJDK 11 output from the `/usr/libexec/java_home -V` command.
+- **Store Your Keystore Password**: You will need to add your own creds file, which carries the keystore password, to this path: `~/.cws/creds`
+    - Set the permissions for the **~/.cws/** directory and **creds** file as Owner-Only.
+      - **~/.cws/** directory: `chmod 700 ~/.cws/`
+      - **~/.cws/creds** file: `chmod 600 ~/.cws/creds`
+- **Java 11 JDK**: CWS only runs on JDK 11 now, but planning for JDK 17 soon.
+  - For Homebrew users:
+    - Install OpenJDK 11 using: `brew install openjdk@11`
+    - Check the exact version installed using `/usr/libexec/java_home -V`
+    - Add to your Shell startup (e.g. .zprofile): `export JAVA_HOME=$(/usr/libexec/java_home -v X.X.X)`
+      - Replace the X.X.X version above with the OpenJDK 11 output from the `/usr/libexec/java_home -V` command.
 
 
 ### **Development Environment Configuration**

cws-installer/src/main/java/jpl/cws/task/CwsInstaller.java

@@ -1064,37 +1064,40 @@ private static void setupLimitToRemoveAbandonedWorkersByDays() {
 
 
 	private static void getKeystorePassword() {
+
         cws_keystore_storepass = getPreset("default_cws_keystore_storepass");
 
 		if (cws_keystore_storepass == null) {
-	        Path filePath;
-    		filePath = Paths.get("~/.cws/creds");
-    		String storepassFilePath = filePath.toString();
-    		storepassFilePath = storepassFilePath.replaceFirst("^~", System.getProperty("user.home"));
-    		File storepassReadFile = new File(storepassFilePath);
-    		boolean fileExists = storepassReadFile.exists();
-
-    		if (fileExists == true) {
-    			if (!storepassReadFile.canRead()) {
-    				print("ERROR: creds in path '" + "~/.cws/creds" + "' is NOT readable by system user.");
-    				print("     ");
-    				print("WARNING:  Read and fulfill the Keystore/Truststore prerequisites before continuing installation: ");
-    				print("          https://github.com/NASA-AMMOS/common-workflow-service?tab=readme-ov-file#prerequisites");
-    				exit(1);
-    			}
-    		} else {
-    			print("ERROR: creds does NOT exist in path '" + "~/.cws/creds" + "' ");
-    			print("     ");
-    			print("WARNING:  Make sure to place creds in the correct path and satisfy the following Keystore/Truststore prerequisites: ");
-    			print("          https://github.com/NASA-AMMOS/common-workflow-service?tab=readme-ov-file#prerequisites");
-    			exit(1);
-    		}
-
-    		try {
-    			cws_keystore_storepass = Files.readString(Paths.get(storepassFilePath)).trim();
-    		} catch (IOException e) {
-    			e.printStackTrace();
-    		}
+
+			Path filePath;
+			filePath = Paths.get("~/.cws/creds");
+			String storepassFilePath = filePath.toString();
+			storepassFilePath = storepassFilePath.replaceFirst("^~", System.getProperty("user.home"));
+			File storepassReadFile = new File(storepassFilePath);
+			boolean fileExists = storepassReadFile.exists();
+
+			if (fileExists == true) {
+				if (!storepassReadFile.canRead()) {
+					print("ERROR: creds in path '" + "~/.cws/creds" + "' is NOT readable by system user.");
+					print("     ");
+					print("WARNING:  Read and fulfill the Keystore/Truststore prerequisites before continuing installation: ");
+					print("          https://github.com/NASA-AMMOS/common-workflow-service?tab=readme-ov-file#prerequisites");
+					exit(1);
+				}
+			} else {
+				print("ERROR: creds does NOT exist in path '" + "~/.cws/creds" + "' ");
+				print("     ");
+				print("WARNING:  Make sure to place creds in the correct path and satisfy the following Keystore/Truststore prerequisites: ");
+				print("          https://github.com/NASA-AMMOS/common-workflow-service?tab=readme-ov-file#prerequisites");
+				exit(1);
+			}
+
+			try {
+				cws_keystore_storepass = Files.readString(Paths.get(storepassFilePath)).trim();
+			} catch (IOException e) {
+				e.printStackTrace();
+			}
+
 		}
 	}
 
@@ -2432,7 +2435,7 @@ private static int validateKeystoreTruststore() {
 		Path filePath;
 		filePath = Paths.get(cws_tomcat_conf + SEP + ".keystore");
 		String keystoreFilePath = filePath.toString();
-		long ONE_DAY_MS  = 24 * 60 * 60 * 1000;	// 24 hours
+		long ONE_DAY_MS  = 24 * 60 * 60 * 1000;	// 24 hours or 1 day
 		try {
 			KeyStore ks = KeyStore.getInstance("JKS");
 			ks.load(new FileInputStream(keystoreFilePath), cws_keystore_storepass.toCharArray());