]> git.argeo.org Git - lgpl/argeo-commons.git/blob - org.argeo.cms/src/org/argeo/cms/internal/runtime/CmsStateImpl.java
projects / lgpl / argeo-commons.git / blob
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Merge tag 'v2.3.23' into testing
[lgpl/argeo-commons.git] / org.argeo.cms / src / org / argeo / cms / internal / runtime / CmsStateImpl.java
1 package org.argeo.cms.internal.runtime;
2
3 import java.io.BufferedInputStream;
4 import java.io.IOException;
5 import java.io.Reader;
6 import java.net.InetAddress;
7 import java.net.URL;
8 import java.net.UnknownHostException;
9 import java.nio.charset.Charset;
10 import java.nio.charset.StandardCharsets;
11 import java.nio.file.Files;
12 import java.nio.file.Path;
13 import java.nio.file.Paths;
14 import java.nio.file.attribute.PosixFilePermission;
15 import java.security.KeyStore;
16 import java.util.ArrayList;
17 import java.util.Arrays;
18 import java.util.Collections;
19 import java.util.HashMap;
20 import java.util.HashSet;
21 import java.util.List;
22 import java.util.Locale;
23 import java.util.Map;
24 import java.util.Objects;
25 import java.util.Set;
26 import java.util.StringJoiner;
27 import java.util.TreeMap;
28 import java.util.UUID;
29 import java.util.concurrent.ExecutionException;
30 import java.util.concurrent.ForkJoinPool;
31 import java.util.concurrent.ForkJoinTask;
32 import java.util.concurrent.TimeUnit;
33 import java.util.concurrent.TimeoutException;
34
35 import javax.security.auth.login.Configuration;
36
37 import org.argeo.api.cms.CmsConstants;
38 import org.argeo.api.cms.CmsLog;
39 import org.argeo.api.cms.CmsState;
40 import org.argeo.api.uuid.UuidFactory;
41 import org.argeo.cms.CmsDeployProperty;
42 import org.argeo.cms.auth.ident.IdentClient;
43 import org.argeo.cms.util.FsUtils;
44 import org.argeo.cms.util.OS;
45
46 /**
47 * Implementation of a {@link CmsState}, initialising the required services.
48 */
49 public class CmsStateImpl implements CmsState {
50 private final static CmsLog log = CmsLog.getLog(CmsStateImpl.class);
51
52 // REFERENCES
53 private Long availableSince;
54
55 private UUID uuid;
56 // private final boolean cleanState;
57 private String hostname;
58
59 private UuidFactory uuidFactory;
60
61 private final Map<CmsDeployProperty, String> deployPropertyDefaults;
62
63 public CmsStateImpl() {
64 this.deployPropertyDefaults = Collections.unmodifiableMap(createDeployPropertiesDefaults());
65 }
66
67 protected Map<CmsDeployProperty, String> createDeployPropertiesDefaults() {
68 Map<CmsDeployProperty, String> deployPropertyDefaults = new HashMap<>();
69 deployPropertyDefaults.put(CmsDeployProperty.NODE_INIT, "../../init");
70 deployPropertyDefaults.put(CmsDeployProperty.LOCALE, Locale.getDefault().toString());
71
72 // certificates
73 deployPropertyDefaults.put(CmsDeployProperty.SSL_KEYSTORETYPE, KernelConstants.PKCS12);
74 deployPropertyDefaults.put(CmsDeployProperty.SSL_PASSWORD, KernelConstants.DEFAULT_KEYSTORE_PASSWORD);
75 Path keyStorePath = getDataPath(KernelConstants.DEFAULT_KEYSTORE_PATH);
76 if (keyStorePath != null) {
77 deployPropertyDefaults.put(CmsDeployProperty.SSL_KEYSTORE, keyStorePath.toAbsolutePath().toString());
78 }
79
80 Path trustStorePath = getDataPath(KernelConstants.DEFAULT_TRUSTSTORE_PATH);
81 if (trustStorePath != null) {
82 deployPropertyDefaults.put(CmsDeployProperty.SSL_TRUSTSTORE, trustStorePath.toAbsolutePath().toString());
83 }
84 deployPropertyDefaults.put(CmsDeployProperty.SSL_TRUSTSTORETYPE, KernelConstants.PKCS12);
85 deployPropertyDefaults.put(CmsDeployProperty.SSL_TRUSTSTOREPASSWORD, KernelConstants.DEFAULT_KEYSTORE_PASSWORD);
86
87 // SSH
88 Path authorizedKeysPath = getDataPath(KernelConstants.NODE_SSHD_AUTHORIZED_KEYS_PATH);
89 if (authorizedKeysPath != null) {
90 deployPropertyDefaults.put(CmsDeployProperty.SSHD_AUTHORIZEDKEYS,
91 authorizedKeysPath.toAbsolutePath().toString());
92 }
93 return deployPropertyDefaults;
94 }
95
96 public void start() {
97 Charset defaultCharset = Charset.defaultCharset();
98 if (!StandardCharsets.UTF_8.equals(defaultCharset))
99 log.error("Default JVM charset is " + defaultCharset + " and not " + StandardCharsets.UTF_8);
100 try {
101 // First init check
102 Path privateBase = getDataPath(KernelConstants.DIR_PRIVATE);
103 if (privateBase != null && !Files.exists(privateBase)) {// first init
104 firstInit();
105 Files.createDirectories(privateBase);
106 }
107
108 initSecurity();
109 // initArgeoLogger();
110
111 if (log.isTraceEnabled())
112 log.trace("CMS State started");
113
114 this.uuid = uuidFactory.timeUUID();
115
116 // hostname
117 this.hostname = getDeployProperty(CmsDeployProperty.HOST);
118 // TODO verify we have access to the IP address
119 if (hostname == null) {
120 final String LOCALHOST_IP = "::1";
121 ForkJoinTask<String> hostnameFJT = ForkJoinPool.commonPool().submit(() -> {
122 try {
123 String hostname = InetAddress.getLocalHost().getHostName();
124 return hostname;
125 } catch (UnknownHostException e) {
126 throw new IllegalStateException("Cannot get local hostname", e);
127 }
128 });
129 try {
130 this.hostname = hostnameFJT.get(5, TimeUnit.SECONDS);
131 } catch (InterruptedException | ExecutionException | TimeoutException e) {
132 this.hostname = LOCALHOST_IP;
133 log.warn("Could not get local hostname, using " + this.hostname);
134 }
135 }
136
137 availableSince = System.currentTimeMillis();
138 if (log.isDebugEnabled()) {
139 // log.debug("## CMS starting... stateUuid=" + this.stateUuid + (cleanState ? "
140 // (clean state) " : " "));
141 StringJoiner sb = new StringJoiner("\n");
142 CmsDeployProperty[] deployProperties = CmsDeployProperty.values();
143 Arrays.sort(deployProperties, (o1, o2) -> o1.name().compareTo(o2.name()));
144 for (CmsDeployProperty deployProperty : deployProperties) {
145 List<String> values = getDeployProperties(deployProperty);
146 for (int i = 0; i < values.size(); i++) {
147 String value = values.get(i);
148 if (value != null) {
149 boolean isDefault = deployPropertyDefaults.containsKey(deployProperty)
150 && value.equals(deployPropertyDefaults.get(deployProperty));
151 String line = deployProperty.getProperty() + (i == 0 ? "" : "." + i) + "=" + value
152 + (isDefault ? " (default)" : "");
153 sb.add(line);
154 }
155 }
156 }
157 log.debug("## CMS starting... (" + uuid + ")\n" + sb + "\n");
158 }
159
160 if (log.isTraceEnabled()) {
161 // print system properties
162 StringJoiner sb = new StringJoiner("\n");
163 for (Object key : new TreeMap<>(System.getProperties()).keySet()) {
164 sb.add(key + "=" + System.getProperty(key.toString()));
165 }
166 log.trace("System properties:\n" + sb + "\n");
167
168 }
169
170 } catch (RuntimeException | IOException e) {
171 log.error("## FATAL: CMS state failed", e);
172 }
173 }
174
175 private void initSecurity() {
176 // private directory permissions
177 Path privateDir = getDataPath(KernelConstants.DIR_PRIVATE);
178 if (privateDir != null) {
179 // TODO rather check whether we can read and write
180 Set<PosixFilePermission> posixPermissions = new HashSet<>();
181 posixPermissions.add(PosixFilePermission.OWNER_READ);
182 posixPermissions.add(PosixFilePermission.OWNER_WRITE);
183 posixPermissions.add(PosixFilePermission.OWNER_EXECUTE);
184 try {
185 if (!Files.exists(privateDir))
186 Files.createDirectories(privateDir);
187 if (!OS.LOCAL.isMSWindows())
188 Files.setPosixFilePermissions(privateDir, posixPermissions);
189 } catch (IOException e) {
190 log.error("Cannot set permissions on " + privateDir, e);
191 }
192 }
193
194 if (getDeployProperty(CmsDeployProperty.JAVA_LOGIN_CONFIG) == null) {
195 String jaasConfig = KernelConstants.JAAS_CONFIG;
196 URL url = getClass().getResource(jaasConfig);
197 // System.setProperty(KernelConstants.JAAS_CONFIG_PROP,
198 // url.toExternalForm());
199 KernelUtils.setJaasConfiguration(url);
200 }
201 // explicitly load JAAS configuration
202 Configuration.getConfiguration();
203
204 boolean initCertificates = (getDeployProperty(CmsDeployProperty.HTTPS_PORT) != null)
205 || (getDeployProperty(CmsDeployProperty.SSHD_PORT) != null);
206 if (initCertificates) {
207 initCertificates();
208 }
209 }
210
211 private void initCertificates() {
212 // server certificate
213 Path keyStorePath = Paths.get(getDeployProperty(CmsDeployProperty.SSL_KEYSTORE));
214 Path pemKeyPath = getDataPath(KernelConstants.DEFAULT_PEM_KEY_PATH);
215 Path pemCertPath = getDataPath(KernelConstants.DEFAULT_PEM_CERT_PATH);
216 char[] keyStorePassword = getDeployProperty(CmsDeployProperty.SSL_PASSWORD).toCharArray();
217
218 // Keystore
219 // if PEM files both exists, update the PKCS12 file
220 if (Files.exists(pemCertPath) && Files.exists(pemKeyPath)) {
221 // TODO check certificate update time? monitor changes?
222 KeyStore keyStore = PkiUtils.getKeyStore(keyStorePath, keyStorePassword,
223 getDeployProperty(CmsDeployProperty.SSL_KEYSTORETYPE));
224 try (Reader key = Files.newBufferedReader(pemKeyPath, StandardCharsets.US_ASCII);
225 BufferedInputStream cert = new BufferedInputStream(Files.newInputStream(pemCertPath));) {
226 PkiUtils.loadPrivateCertificatePem(keyStore, CmsConstants.NODE, key, keyStorePassword, cert);
227 Files.createDirectories(keyStorePath.getParent());
228 PkiUtils.saveKeyStore(keyStorePath, keyStorePassword, keyStore);
229 if (log.isDebugEnabled())
230 log.debug("PEM certificate stored in " + keyStorePath);
231 } catch (IOException e) {
232 log.error("Cannot read PEM files " + pemKeyPath + " and " + pemCertPath, e);
233 }
234 }
235
236 // Truststore
237 Path trustStorePath = Paths.get(getDeployProperty(CmsDeployProperty.SSL_TRUSTSTORE));
238 char[] trustStorePassword = getDeployProperty(CmsDeployProperty.SSL_TRUSTSTOREPASSWORD).toCharArray();
239
240 // IPA CA
241 Path ipaCaCertPath = Paths.get(KernelConstants.IPA_PEM_CA_CERT_PATH);
242 if (Files.exists(ipaCaCertPath)) {
243 KeyStore trustStore = PkiUtils.getKeyStore(trustStorePath, trustStorePassword,
244 getDeployProperty(CmsDeployProperty.SSL_TRUSTSTORETYPE));
245 try (BufferedInputStream cert = new BufferedInputStream(Files.newInputStream(ipaCaCertPath));) {
246 PkiUtils.loadTrustedCertificatePem(trustStore, trustStorePassword, cert);
247 Files.createDirectories(keyStorePath.getParent());
248 PkiUtils.saveKeyStore(trustStorePath, trustStorePassword, trustStore);
249 if (log.isDebugEnabled())
250 log.debug("IPA CA certificate stored in " + trustStorePath);
251 } catch (IOException e) {
252 log.error("Cannot trust CA certificate", e);
253 }
254 }
255 }
256
257 public void stop() {
258 if (log.isDebugEnabled())
259 log.debug("CMS stopping... (" + this.uuid + ")");
260
261 long duration = ((System.currentTimeMillis() - availableSince) / 1000) / 60;
262 log.info("## ARGEO CMS STOPPED after " + (duration / 60) + "h " + (duration % 60) + "min uptime ##");
263 }
264
265 private void firstInit() throws IOException {
266 log.info("## FIRST INIT ##");
267 List<String> nodeInits = getDeployProperties(CmsDeployProperty.NODE_INIT);
268 // if (nodeInits == null)
269 // nodeInits = "../../init";
270 CmsStateImpl.prepareFirstInitInstanceArea(nodeInits);
271 }
272
273 @Override
274 public String getDeployProperty(String property) {
275 CmsDeployProperty deployProperty = CmsDeployProperty.find(property);
276 if (deployProperty == null) {
277 // legacy
278 if (property.startsWith("argeo.node.")) {
279 return doGetDeployProperty(property);
280 }
281 if (property.equals("argeo.i18n.locales")) {
282 String value = doGetDeployProperty(property);
283 if (value != null) {
284 log.warn("Property " + property + " was ignored (value=" + value + ")");
285
286 }
287 return null;
288 }
289 throw new IllegalArgumentException("Unsupported deploy property " + property);
290 }
291 int index = CmsDeployProperty.getPropertyIndex(property);
292 return getDeployProperty(deployProperty, index);
293 }
294
295 @Override
296 public List<String> getDeployProperties(String property) {
297 CmsDeployProperty deployProperty = CmsDeployProperty.find(property);
298 if (deployProperty == null)
299 return new ArrayList<>();
300 return getDeployProperties(deployProperty);
301 }
302
303 public static List<String> getDeployProperties(CmsState cmsState, CmsDeployProperty deployProperty) {
304 return ((CmsStateImpl) cmsState).getDeployProperties(deployProperty);
305 }
306
307 public List<String> getDeployProperties(CmsDeployProperty deployProperty) {
308 List<String> res = new ArrayList<>(deployProperty.getMaxCount());
309 for (int i = 0; i < deployProperty.getMaxCount(); i++) {
310 // String propertyName = i == 0 ? deployProperty.getProperty() :
311 // deployProperty.getProperty() + "." + i;
312 String value = getDeployProperty(deployProperty, i);
313 res.add(i, value);
314 }
315 return res;
316 }
317
318 public static String getDeployProperty(CmsState cmsState, CmsDeployProperty deployProperty) {
319 return ((CmsStateImpl) cmsState).getDeployProperty(deployProperty);
320 }
321
322 public String getDeployProperty(CmsDeployProperty deployProperty) {
323 String value = getDeployProperty(deployProperty, 0);
324 return value;
325 }
326
327 public String getDeployProperty(CmsDeployProperty deployProperty, int index) {
328 String propertyName = deployProperty.getProperty() + (index == 0 ? "" : "." + index);
329 String value = doGetDeployProperty(propertyName);
330 if (value == null && index == 0) {
331 // try defaults
332 if (deployPropertyDefaults.containsKey(deployProperty)) {
333 value = deployPropertyDefaults.get(deployProperty);
334 if (deployProperty.isSystemPropertyOnly())
335 System.setProperty(deployProperty.getProperty(), value);
336 }
337
338 if (value == null) {
339 // try legacy properties
340 String legacyProperty = switch (deployProperty) {
341 case DIRECTORY -> "argeo.node.useradmin.uris";
342 case DB_URL -> "argeo.node.dburl";
343 case DB_USER -> "argeo.node.dbuser";
344 case DB_PASSWORD -> "argeo.node.dbpassword";
345 case HTTP_PORT -> "org.osgi.service.http.port";
346 case HTTPS_PORT -> "org.osgi.service.http.port.secure";
347 case HOST -> "org.eclipse.equinox.http.jetty.http.host";
348 case LOCALE -> "argeo.i18n.defaultLocale";
349
350 default -> null;
351 };
352 if (legacyProperty != null) {
353 value = doGetDeployProperty(legacyProperty);
354 if (value != null) {
355 log.warn("Retrieved deploy property " + deployProperty.getProperty()
356 + " through deprecated property " + legacyProperty);
357 }
358 }
359 }
360 }
361 if (index == 0 && deployProperty.isSystemPropertyOnly()) {
362 String systemPropertyValue = System.getProperty(deployProperty.getProperty());
363 if (!Objects.equals(value, systemPropertyValue))
364 throw new IllegalStateException(
365 "Property " + deployProperty + " must be a ssystem property, but its value is " + value
366 + ", while the system property value is " + systemPropertyValue);
367 }
368 return value != null ? value.toString() : null;
369 }
370
371 protected String getLegacyProperty(String legacyProperty, CmsDeployProperty deployProperty) {
372 String value = doGetDeployProperty(legacyProperty);
373 if (value != null) {
374 log.warn("Retrieved deploy property " + deployProperty.getProperty() + " through deprecated property "
375 + legacyProperty + ".");
376 }
377 return value;
378 }
379
380 protected String doGetDeployProperty(String property) {
381 return KernelUtils.getFrameworkProp(property);
382 }
383
384 @Override
385 public Path getDataPath(String relativePath) {
386 return KernelUtils.getOsgiInstancePath(relativePath);
387 }
388
389 @Override
390 public Path getStatePath(String relativePath) {
391 return KernelUtils.getOsgiConfigurationPath(relativePath);
392 }
393
394 @Override
395 public Long getAvailableSince() {
396 return availableSince;
397 }
398
399 /*
400 * ACCESSORS
401 */
402 @Override
403 public UUID getUuid() {
404 return uuid;
405 }
406
407 public void setUuidFactory(UuidFactory uuidFactory) {
408 this.uuidFactory = uuidFactory;
409 }
410
411 public String getHostname() {
412 return hostname;
413 }
414
415 /**
416 * Called before node initialisation, in order populate OSGi instance are with
417 * some files (typically LDIF, etc).
418 */
419 public static void prepareFirstInitInstanceArea(List<String> nodeInits) {
420
421 for (String nodeInit : nodeInits) {
422 if (nodeInit == null)
423 continue;
424
425 if (nodeInit.startsWith("http")) {
426 // TODO reconnect it
427 // registerRemoteInit(nodeInit);
428 } else {
429
430 // TODO use java.nio.file
431 Path initDir;
432 if (nodeInit.startsWith("."))
433 initDir = KernelUtils.getExecutionDir(nodeInit);
434 else
435 initDir = Paths.get(nodeInit);
436 // TODO also uncompress archives
437 if (Files.exists(initDir)) {
438 Path dataPath = KernelUtils.getOsgiInstancePath("");
439 FsUtils.copyDirectory(initDir, dataPath);
440 log.info("CMS initialized from " + initDir);
441 }
442 }
443 }
444 }
445
446 /*
447 * STATIC
448 */
449 public static IdentClient getIdentClient(String remoteAddr) {
450 if (!IdentClient.isDefaultAuthdPassphraseFileAvailable())
451 return null;
452 // TODO make passphrase more configurable
453 return new IdentClient(remoteAddr);
454 }
455 }
Argeo Commons - Lightweight integration framework in pure Java/OSGi