]> git.argeo.org Git - lgpl/argeo-commons.git/blob - FirstInit.java
projects / lgpl / argeo-commons.git / blob


8bd348f8e5efb147943e90a1f4ea344a341d51c0
[lgpl/argeo-commons.git] / FirstInit.java
1 package org.argeo.cms.internal.kernel;
2
3 import static org.argeo.cms.internal.kernel.KernelUtils.getFrameworkProp;
4
5 import java.io.File;
6 import java.io.FileFilter;
7 import java.io.IOException;
8 import java.net.InetAddress;
9 import java.net.URI;
10 import java.nio.file.Files;
11 import java.nio.file.Path;
12 import java.security.KeyStore;
13 import java.util.ArrayList;
14 import java.util.Arrays;
15 import java.util.Dictionary;
16 import java.util.Hashtable;
17 import java.util.List;
18
19 import javax.security.auth.x500.X500Principal;
20
21 import org.apache.commons.io.FileUtils;
22 import org.apache.commons.logging.Log;
23 import org.apache.commons.logging.LogFactory;
24 import org.argeo.cms.CmsException;
25 import org.argeo.cms.internal.jcr.RepoConf;
26 import org.argeo.node.NodeConstants;
27 import org.argeo.osgi.useradmin.UserAdminConf;
28 import org.eclipse.equinox.http.jetty.JettyConstants;
29
30 /**
31 * Interprets framework properties in order to generate the initial deploy
32 * configuration.
33 */
34 class FirstInit {
35 private final static Log log = LogFactory.getLog(FirstInit.class);
36
37 public FirstInit() {
38 log.info("## FIRST INIT ##");
39 }
40
41 /** Override the provided config with the framework properties */
42 Dictionary<String, Object> getNodeRepositoryConfig(Dictionary<String, Object> provided) {
43 Dictionary<String, Object> props = provided != null ? provided : new Hashtable<String, Object>();
44 for (RepoConf repoConf : RepoConf.values()) {
45 Object value = getFrameworkProp(NodeConstants.NODE_REPO_PROP_PREFIX + repoConf.name());
46 if (value != null)
47 props.put(repoConf.name(), value);
48 }
49 props.put(NodeConstants.CN, NodeConstants.NODE);
50 // props.put(NodeConstants.JCR_REPOSITORY_ALIAS, NodeConstants.NODE);
51 return props;
52 }
53
54 /** Override the provided config with the framework properties */
55 Dictionary<String, Object> getHttpServerConfig(Dictionary<String, Object> provided) {
56 String httpPort = getFrameworkProp("org.osgi.service.http.port");
57 String httpsPort = getFrameworkProp("org.osgi.service.http.port.secure");
58 /// TODO make it more generic
59 String httpHost = getFrameworkProp(JettyConstants.PROPERTY_PREFIX + '.' + JettyConstants.HTTP_HOST);
60 String httpsHost = getFrameworkProp(JettyConstants.PROPERTY_PREFIX + '.' + JettyConstants.HTTPS_HOST);
61
62 final Hashtable<String, Object> props = new Hashtable<String, Object>();
63 // try {
64 if (httpPort != null || httpsPort != null) {
65 if (httpPort != null) {
66 props.put(JettyConstants.HTTP_PORT, httpPort);
67 props.put(JettyConstants.HTTP_ENABLED, true);
68 }
69 if (httpsPort != null) {
70 props.put(JettyConstants.HTTPS_PORT, httpsPort);
71 props.put(JettyConstants.HTTPS_ENABLED, true);
72 Path keyStorePath = KernelUtils.getOsgiInstancePath(KernelConstants.DEFAULT_KEYSTORE_PATH);
73 String keyStorePassword = getFrameworkProp(
74 JettyConstants.PROPERTY_PREFIX + '.' + JettyConstants.SSL_PASSWORD);
75 if (keyStorePassword == null)
76 keyStorePassword = "changeit";
77 if (!Files.exists(keyStorePath))
78 createSelfSignedKeyStore(keyStorePath);
79 props.put(JettyConstants.SSL_KEYSTORETYPE, "PKCS12");
80 props.put(JettyConstants.SSL_KEYSTORE, keyStorePath.toString());
81 props.put(JettyConstants.SSL_PASSWORD, keyStorePassword);
82 props.put(JettyConstants.SSL_WANTCLIENTAUTH, true);
83 }
84 if (httpHost != null)
85 props.put(JettyConstants.HTTP_HOST, httpHost);
86 if (httpsHost != null)
87 props.put(JettyConstants.HTTPS_HOST, httpHost);
88
89 props.put(NodeConstants.CN, NodeConstants.DEFAULT);
90 }
91 return props;
92 }
93
94 List<Dictionary<String, Object>> getUserDirectoryConfigs() {
95 List<Dictionary<String, Object>> res = new ArrayList<>();
96 File nodeBaseDir = KernelUtils.getOsgiInstancePath(KernelConstants.DIR_NODE).toFile();
97 List<String> uris = new ArrayList<>();
98
99 // node roles
100 String nodeRolesUri = getFrameworkProp(NodeConstants.ROLES_URI);
101 String baseNodeRoleDn = NodeConstants.ROLES_BASEDN;
102 if (nodeRolesUri == null) {
103 File nodeRolesFile = new File(nodeBaseDir, baseNodeRoleDn + ".ldif");
104 if (!nodeRolesFile.exists())
105 try {
106 FileUtils.copyInputStreamToFile(getClass().getResourceAsStream(baseNodeRoleDn + ".ldif"),
107 nodeRolesFile);
108 } catch (IOException e) {
109 throw new CmsException("Cannot copy demo resource", e);
110 }
111 nodeRolesUri = nodeRolesFile.toURI().toString();
112 }
113 uris.add(nodeRolesUri);
114
115 // Business roles
116 String userAdminUris = getFrameworkProp(NodeConstants.USERADMIN_URIS);
117 if (userAdminUris == null) {
118 String kerberosDomain = Activator.getCmsSecurity().getKerberosDomain();
119 if (kerberosDomain != null) {
120 userAdminUris = "ipa:///" + kerberosDomain;
121 } else {
122 String demoBaseDn = "dc=example,dc=com";
123 File businessRolesFile = new File(nodeBaseDir, demoBaseDn + ".ldif");
124 if (!businessRolesFile.exists())
125 try {
126 FileUtils.copyInputStreamToFile(getClass().getResourceAsStream(demoBaseDn + ".ldif"),
127 businessRolesFile);
128 } catch (IOException e) {
129 throw new CmsException("Cannot copy demo resource", e);
130 }
131 userAdminUris = businessRolesFile.toURI().toString();
132 log.warn("## DEV Using dummy base DN " + demoBaseDn);
133 // TODO downgrade security level
134 }
135 }
136 for (String userAdminUri : userAdminUris.split(" "))
137 uris.add(userAdminUri);
138
139 // Interprets URIs
140 for (String uri : uris) {
141 URI u;
142 try {
143 u = new URI(uri);
144 if (u.getPath() == null)
145 throw new CmsException("URI " + uri + " must have a path in order to determine base DN");
146 if (u.getScheme() == null) {
147 if (uri.startsWith("/") || uri.startsWith("./") || uri.startsWith("../"))
148 u = new File(uri).getCanonicalFile().toURI();
149 else if (!uri.contains("/")) {
150 u = KernelUtils.getOsgiInstanceUri(KernelConstants.DIR_NODE + '/' + uri);
151 // u = new URI(nodeBaseDir.toURI() + uri);
152 } else
153 throw new CmsException("Cannot interpret " + uri + " as an uri");
154 } else if (u.getScheme().equals("file")) {
155 u = new File(u).getCanonicalFile().toURI();
156 }
157 } catch (Exception e) {
158 throw new CmsException("Cannot interpret " + uri + " as an uri", e);
159 }
160 Dictionary<String, Object> properties = UserAdminConf.uriAsProperties(u.toString());
161 res.add(properties);
162 }
163
164 return res;
165 }
166
167 /**
168 * Called before node initialisation, in order populate OSGi instance are
169 * with some files (typically LDIF, etc).
170 */
171 static void prepareInstanceArea() {
172 String nodeInit = getFrameworkProp(NodeConstants.NODE_INIT);
173 if (nodeInit == null)
174 nodeInit = "../../init";
175 if (nodeInit.startsWith("http")) {
176 // remoteFirstInit(nodeInit);
177 return;
178 }
179
180 // TODO use java.nio.file
181 File initDir;
182 if (nodeInit.startsWith("."))
183 initDir = KernelUtils.getExecutionDir(nodeInit);
184 else
185 initDir = new File(nodeInit);
186 // TODO also uncompress archives
187 if (initDir.exists())
188 try {
189 FileUtils.copyDirectory(initDir, KernelUtils.getOsgiInstanceDir(), new FileFilter() {
190
191 @Override
192 public boolean accept(File pathname) {
193 if (pathname.getName().equals(".svn") || pathname.getName().equals(".git"))
194 return false;
195 return true;
196 }
197 });
198 log.info("CMS initialized from " + initDir.getCanonicalPath());
199 } catch (IOException e) {
200 throw new CmsException("Cannot initialize from " + initDir, e);
201 }
202 }
203
204 private void createSelfSignedKeyStore(Path keyStorePath) {
205 // for (Provider provider : Security.getProviders())
206 // System.out.println(provider.getName());
207 File keyStoreFile = keyStorePath.toFile();
208 char[] ksPwd = "changeit".toCharArray();
209 char[] keyPwd = Arrays.copyOf(ksPwd, ksPwd.length);
210 if (!keyStoreFile.exists()) {
211 try {
212 keyStoreFile.getParentFile().mkdirs();
213 KeyStore keyStore = PkiUtils.getKeyStore(keyStoreFile, ksPwd);
214 PkiUtils.generateSelfSignedCertificate(keyStore,
215 new X500Principal("CN=" + InetAddress.getLocalHost().getHostName() + ",OU=UNSECURE,O=UNSECURE"),
216 1024, keyPwd);
217 PkiUtils.saveKeyStore(keyStoreFile, ksPwd, keyStore);
218 if (log.isDebugEnabled())
219 log.debug("Created self-signed unsecure keystore " + keyStoreFile);
220 } catch (Exception e) {
221 if (keyStoreFile.length() == 0)
222 keyStoreFile.delete();
223 log.error("Cannot create keystore " + keyStoreFile, e);
224 }
225 } else {
226 throw new CmsException("Keystore " + keyStorePath + " already exists");
227 }
228 }
229
230 }
Argeo Commons - Lightweight integration framework in pure Java/OSGi