X-Git-Url: http://git.argeo.org/?a=blobdiff_plain;f=org.argeo.cms%2Fsrc%2Forg%2Fargeo%2Fcms%2Finternal%2Fkernel%2FInitUtils.java;h=5e18ee6764da150afdc285e591168dec9f09eb3a;hb=e7dc62c485696931a3e048d9102a7c86f9323b92;hp=045130ecbc63da7501eca8df75416fca06029d86;hpb=d9ff37f84e799028a1a0300850eccae77ced2024;p=lgpl%2Fargeo-commons.git

diff --git a/org.argeo.cms/src/org/argeo/cms/internal/kernel/InitUtils.java b/org.argeo.cms/src/org/argeo/cms/internal/kernel/InitUtils.java
index 045130ecb..5e18ee676 100644
--- a/org.argeo.cms/src/org/argeo/cms/internal/kernel/InitUtils.java
+++ b/org.argeo.cms/src/org/argeo/cms/internal/kernel/InitUtils.java
@@ -21,10 +21,10 @@ import javax.security.auth.x500.X500Principal;
 import org.apache.commons.io.FileUtils;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+import org.argeo.api.NodeConstants;
 import org.argeo.cms.CmsException;
-import org.argeo.cms.internal.http.HttpConstants;
+import org.argeo.cms.internal.http.InternalHttpConstants;
 import org.argeo.cms.internal.jcr.RepoConf;
-import org.argeo.node.NodeConstants;
 import org.argeo.osgi.useradmin.UserAdminConf;
 
 /**
@@ -42,12 +42,12 @@ class InitUtils {
 			if (value != null)
 				props.put(repoConf.name(), value);
 		}
-		props.put(NodeConstants.CN, NodeConstants.NODE);
+		props.put(NodeConstants.CN, NodeConstants.NODE_REPOSITORY);
 		return props;
 	}
 
 	static Dictionary<String, Object> getRepositoryConfig(String dataModelName, Dictionary<String, Object> provided) {
-		if (dataModelName.equals(NodeConstants.NODE) || dataModelName.equals(NodeConstants.HOME))
+		if (dataModelName.equals(NodeConstants.NODE_REPOSITORY) || dataModelName.equals(NodeConstants.EGO_REPOSITORY))
 			throw new IllegalArgumentException("Data model '" + dataModelName + "' is reserved.");
 		Dictionary<String, Object> props = provided != null ? provided : new Hashtable<String, Object>();
 		for (RepoConf repoConf : RepoConf.values()) {
@@ -66,46 +66,56 @@ class InitUtils {
 		String httpPort = getFrameworkProp("org.osgi.service.http.port");
 		String httpsPort = getFrameworkProp("org.osgi.service.http.port.secure");
 		/// TODO make it more generic
-		String httpHost = getFrameworkProp(HttpConstants.JETTY_PROPERTY_PREFIX + HttpConstants.HTTP_HOST);
-		String httpsHost = getFrameworkProp(HttpConstants.JETTY_PROPERTY_PREFIX + HttpConstants.HTTPS_HOST);
+		String httpHost = getFrameworkProp(InternalHttpConstants.JETTY_PROPERTY_PREFIX + InternalHttpConstants.HTTP_HOST);
+		String httpsHost = getFrameworkProp(InternalHttpConstants.JETTY_PROPERTY_PREFIX + InternalHttpConstants.HTTPS_HOST);
 		String webSocketEnabled = getFrameworkProp(
-				HttpConstants.JETTY_PROPERTY_PREFIX + HttpConstants.WEB_SOCKET_ENABLED);
+				InternalHttpConstants.JETTY_PROPERTY_PREFIX + InternalHttpConstants.WEBSOCKET_ENABLED);
 
 		final Hashtable<String, Object> props = new Hashtable<String, Object>();
 		// try {
 		if (httpPort != null || httpsPort != null) {
-			if (httpPort != null) {
-				props.put(HttpConstants.HTTP_PORT, httpPort);
-				props.put(HttpConstants.HTTP_ENABLED, true);
+			boolean httpEnabled = httpPort != null;
+			props.put(InternalHttpConstants.HTTP_ENABLED, httpEnabled);
+			boolean httpsEnabled = httpsPort != null;
+			props.put(InternalHttpConstants.HTTPS_ENABLED, httpsEnabled);
+
+			if (httpEnabled) {
+				props.put(InternalHttpConstants.HTTP_PORT, httpPort);
+				if (httpHost != null)
+					props.put(InternalHttpConstants.HTTP_HOST, httpHost);
 			}
-			if (httpsPort != null) {
-				props.put(HttpConstants.HTTPS_PORT, httpsPort);
-				props.put(HttpConstants.HTTPS_ENABLED, true);
+
+			if (httpsEnabled) {
+				props.put(InternalHttpConstants.HTTPS_PORT, httpsPort);
+				if (httpsHost != null)
+					props.put(InternalHttpConstants.HTTPS_HOST, httpsHost);
+
+				// server certificate
 				Path keyStorePath = KernelUtils.getOsgiInstancePath(KernelConstants.DEFAULT_KEYSTORE_PATH);
 				String keyStorePassword = getFrameworkProp(
-						HttpConstants.JETTY_PROPERTY_PREFIX + HttpConstants.SSL_PASSWORD);
+						InternalHttpConstants.JETTY_PROPERTY_PREFIX + InternalHttpConstants.SSL_PASSWORD);
 				if (keyStorePassword == null)
 					keyStorePassword = "changeit";
 				if (!Files.exists(keyStorePath))
-					createSelfSignedKeyStore(keyStorePath, keyStorePassword);
-				props.put(HttpConstants.SSL_KEYSTORETYPE, "PKCS12");
-				props.put(HttpConstants.SSL_KEYSTORE, keyStorePath.toString());
-				props.put(HttpConstants.SSL_PASSWORD, keyStorePassword);
-				props.put(HttpConstants.SSL_WANTCLIENTAUTH, true);
+					createSelfSignedKeyStore(keyStorePath, keyStorePassword, PkiUtils.PKCS12);
+				props.put(InternalHttpConstants.SSL_KEYSTORETYPE, PkiUtils.PKCS12);
+				props.put(InternalHttpConstants.SSL_KEYSTORE, keyStorePath.toString());
+				props.put(InternalHttpConstants.SSL_PASSWORD, keyStorePassword);
+
+				// client certificate authentication
+				String wantClientAuth = getFrameworkProp(
+						InternalHttpConstants.JETTY_PROPERTY_PREFIX + InternalHttpConstants.SSL_WANTCLIENTAUTH);
+				if (wantClientAuth != null)
+					props.put(InternalHttpConstants.SSL_WANTCLIENTAUTH, Boolean.parseBoolean(wantClientAuth));
 				String needClientAuth = getFrameworkProp(
-						HttpConstants.JETTY_PROPERTY_PREFIX + HttpConstants.SSL_NEEDCLIENTAUTH);
-				if (needClientAuth != null) {
-					props.put(HttpConstants.SSL_NEEDCLIENTAUTH, Boolean.parseBoolean(needClientAuth));
-				}
+						InternalHttpConstants.JETTY_PROPERTY_PREFIX + InternalHttpConstants.SSL_NEEDCLIENTAUTH);
+				if (needClientAuth != null)
+					props.put(InternalHttpConstants.SSL_NEEDCLIENTAUTH, Boolean.parseBoolean(needClientAuth));
 			}
-			if (httpHost != null)
-				props.put(HttpConstants.HTTP_HOST, httpHost);
-			if (httpsHost != null)
-				props.put(HttpConstants.HTTPS_HOST, httpHost);
 
-			if (webSocketEnabled != null)
-				if (webSocketEnabled.equals("true"))
-					props.put(HttpConstants.WEB_SOCKET_ENABLED, true);
+			// web socket
+			if (webSocketEnabled != null && webSocketEnabled.equals("true"))
+				props.put(InternalHttpConstants.WEBSOCKET_ENABLED, true);
 
 			props.put(NodeConstants.CN, NodeConstants.DEFAULT);
 		}
@@ -157,12 +167,16 @@ class InitUtils {
 			String demoBaseDn = "dc=example,dc=com";
 			userAdminUris = demoBaseDn + ".ldif";
 			File businessRolesFile = new File(nodeBaseDir, userAdminUris);
+			File systemRolesFile = new File(nodeBaseDir, "ou=roles,ou=node.ldif");
 			if (!businessRolesFile.exists())
 				try {
 					FileUtils.copyInputStreamToFile(InitUtils.class.getResourceAsStream(demoBaseDn + ".ldif"),
 							businessRolesFile);
+					if (!systemRolesFile.exists())
+						FileUtils.copyInputStreamToFile(
+								InitUtils.class.getResourceAsStream("example-ou=roles,ou=node.ldif"), systemRolesFile);
 				} catch (IOException e) {
-					throw new CmsException("Cannot copy demo resource", e);
+					throw new CmsException("Cannot copy demo resources", e);
 				}
 			// userAdminUris = businessRolesFile.toURI().toString();
 			log.warn("## DEV Using dummy base DN " + demoBaseDn);
@@ -236,7 +250,7 @@ class InitUtils {
 			}
 	}
 
-	private static void createSelfSignedKeyStore(Path keyStorePath, String keyStorePassword) {
+	private static void createSelfSignedKeyStore(Path keyStorePath, String keyStorePassword, String keyStoreType) {
 		// for (Provider provider : Security.getProviders())
 		// System.out.println(provider.getName());
 		File keyStoreFile = keyStorePath.toFile();
@@ -245,7 +259,7 @@ class InitUtils {
 		if (!keyStoreFile.exists()) {
 			try {
 				keyStoreFile.getParentFile().mkdirs();
-				KeyStore keyStore = PkiUtils.getKeyStore(keyStoreFile, ksPwd);
+				KeyStore keyStore = PkiUtils.getKeyStore(keyStoreFile, ksPwd, keyStoreType);
 				PkiUtils.generateSelfSignedCertificate(keyStore,
 						new X500Principal("CN=" + InetAddress.getLocalHost().getHostName() + ",OU=UNSECURE,O=UNSECURE"),
 						1024, keyPwd);