package org.argeo.cms.internal.kernel;
+import static org.argeo.cms.internal.kernel.KernelUtils.getOsgiInstanceDir;
+
import java.io.File;
import java.io.IOException;
import java.net.URL;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
/** Low-level kernel security */
-class NodeSecurity {
+class NodeSecurity implements KernelConstants {
public final static int HARDENED = 3;
public final static int STAGING = 2;
public final static int DEV = 1;
- final static String SECURITY_PROVIDER = "BC";// Bouncy Castle
-
- private final static Log log;
- static {
- log = LogFactory.getLog(NodeSecurity.class);
- // Make Bouncy Castle the default provider
- Provider provider = new BouncyCastleProvider();
- int position = Security.insertProviderAt(provider, 1);
- if (position == -1)
- log.error("Provider " + provider.getName()
- + " already installed and could not be set as default");
- Provider defaultProvider = Security.getProviders()[0];
- if (!defaultProvider.getName().equals(SECURITY_PROVIDER))
- log.error("Provider name is " + defaultProvider.getName()
- + " but it should be " + SECURITY_PROVIDER);
- }
+ private final boolean firstInit;
private final Subject kernelSubject;
private int securityLevel = STAGING;
+ private final File keyStoreFile;
+
public NodeSecurity() {
// Configure JAAS first
URL url = getClass().getClassLoader().getResource(
KernelConstants.JAAS_CONFIG);
System.setProperty("java.security.auth.login.config",
url.toExternalForm());
+ // log.debug("JASS config: " + url.toExternalForm());
+ // disable Jetty autostart
+ // System.setProperty("org.eclipse.equinox.http.jetty.autostart",
+ // "false");
+
+ firstInit = !new File(getOsgiInstanceDir(), DIR_NODE).exists();
+ this.keyStoreFile = new File(KernelUtils.getOsgiInstanceDir(),
+ "node.p12");
this.kernelSubject = logInKernel();
}
return securityLevel;
}
+ public boolean isFirstInit() {
+ return firstInit;
+ }
+
public void setSecurityLevel(int newValue) {
if (newValue != STAGING || newValue != DEV)
throw new CmsException("Invalid value for security level "
private void createKeyStoreIfNeeded() {
char[] ksPwd = "changeit".toCharArray();
char[] keyPwd = Arrays.copyOf(ksPwd, ksPwd.length);
- File keyStoreFile = new File(KernelUtils.getOsgiInstanceDir(),
- "node.p12");
if (!keyStoreFile.exists()) {
try {
keyStoreFile.getParentFile().mkdirs();
}
}
}
+
+ File getHttpServerKeyStore() {
+ return keyStoreFile;
+ }
+
+ private final static String SECURITY_PROVIDER = "BC";// Bouncy Castle
+ private final static Log log;
+ static {
+ log = LogFactory.getLog(NodeSecurity.class);
+ // Make Bouncy Castle the default provider
+ Provider provider = new BouncyCastleProvider();
+ int position = Security.insertProviderAt(provider, 1);
+ if (position == -1)
+ log.error("Provider " + provider.getName()
+ + " already installed and could not be set as default");
+ Provider defaultProvider = Security.getProviders()[0];
+ if (!defaultProvider.getName().equals(SECURITY_PROVIDER))
+ log.error("Provider name is " + defaultProvider.getName()
+ + " but it should be " + SECURITY_PROVIDER);
+ }
}
projects / lgpl / argeo-commons.git / blobdiff