X-Git-Url: http://git.argeo.org/?a=blobdiff_plain;f=org.argeo.cms%2Fsrc%2Forg%2Fargeo%2Fcms%2Finternal%2Fkernel%2FKernel.java;h=08697503916bfca8c38f154d76d65915c3970e0a;hb=50911fdcc6df5cd35e71a0a4ecddf03f98f742a2;hp=f0c2d90d1f99758a1adc4e9238afa93e3324c3f3;hpb=9b498d3407a628c8815d13f462962e2dd6c27b46;p=lgpl%2Fargeo-commons.git diff --git a/org.argeo.cms/src/org/argeo/cms/internal/kernel/Kernel.java b/org.argeo.cms/src/org/argeo/cms/internal/kernel/Kernel.java index f0c2d90d1..086975039 100644 --- a/org.argeo.cms/src/org/argeo/cms/internal/kernel/Kernel.java +++ b/org.argeo.cms/src/org/argeo/cms/internal/kernel/Kernel.java @@ -1,18 +1,38 @@ package org.argeo.cms.internal.kernel; +import java.io.File; +import java.io.IOException; import java.lang.management.ManagementFactory; +import java.net.URL; +import java.security.KeyStore; +import java.security.PrivilegedAction; +import java.security.cert.X509Certificate; +import java.util.Arrays; +import java.util.HashMap; +import java.util.Map; import javax.jcr.Repository; import javax.jcr.RepositoryFactory; +import javax.security.auth.Subject; +import javax.security.auth.callback.Callback; +import javax.security.auth.callback.CallbackHandler; +import javax.security.auth.callback.NameCallback; +import javax.security.auth.callback.PasswordCallback; +import javax.security.auth.callback.UnsupportedCallbackException; +import javax.security.auth.login.LoginContext; +import javax.security.auth.login.LoginException; +import javax.security.auth.x500.X500Principal; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.apache.jackrabbit.util.TransientFileFactory; import org.argeo.ArgeoException; import org.argeo.cms.CmsException; +import org.argeo.cms.KernelHeader; import org.argeo.jackrabbit.OsgiJackrabbitRepositoryFactory; import org.argeo.jcr.ArgeoJcrConstants; import org.argeo.security.core.InternalAuthentication; +import org.argeo.security.crypto.PkiUtils; import org.eclipse.equinox.http.servlet.ExtendedHttpService; import org.osgi.framework.BundleContext; import org.osgi.framework.ServiceEvent; @@ -33,51 +53,96 @@ import org.springframework.security.core.context.SecurityContextHolder; * */ final class Kernel implements ServiceListener { + private final static Log log = LogFactory.getLog(Kernel.class); - private final BundleContext bundleContext; - private final ThreadGroup threadGroup = new ThreadGroup("Argeo CMS Kernel"); + private final BundleContext bundleContext = Activator.getBundleContext(); + + ThreadGroup threadGroup = new ThreadGroup(Kernel.class.getSimpleName()); + JackrabbitNode node; + OsgiJackrabbitRepositoryFactory repositoryFactory; + NodeSecurity nodeSecurity; + NodeHttp nodeHttp; + private KernelThread kernelThread; + + private final Subject kernelSubject = new Subject(); + + public Kernel() { + URL url = getClass().getClassLoader().getResource( + KernelConstants.JAAS_CONFIG); + System.setProperty("java.security.auth.login.config", + url.toExternalForm()); + createKeyStoreIfNeeded(); - private JackrabbitNode node; - private RepositoryFactory repositoryFactory; - private NodeSecurity nodeSecurity; - private NodeHttp nodeHttp; + CallbackHandler cbHandler = new CallbackHandler() { - Kernel(BundleContext bundleContext) { - this.bundleContext = bundleContext; + @Override + public void handle(Callback[] callbacks) throws IOException, + UnsupportedCallbackException { + // alias + ((NameCallback) callbacks[1]).setName(KernelHeader.ROLE_KERNEL); + // store pwd + ((PasswordCallback) callbacks[2]).setPassword("changeit" + .toCharArray()); + // key pwd + ((PasswordCallback) callbacks[3]).setPassword("changeit" + .toCharArray()); + } + }; + try { + LoginContext kernelLc = new LoginContext( + KernelConstants.LOGIN_CONTEXT_KERNEL, kernelSubject, + cbHandler); + kernelLc.login(); + } catch (LoginException e) { + throw new CmsException("Cannot log in kernel", e); + } } - void init() { - new Thread(threadGroup, "init") { + final void init() { + Subject.doAs(kernelSubject, new PrivilegedAction() { + @Override - public void run() { - // CMS bundle classloader used during initialisation - Thread.currentThread().setContextClassLoader( - Kernel.class.getClassLoader()); + public Void run() { doInit(); + return null; } - }.start(); + + }); } - /** Run asynchronously */ - protected void doInit() { + private void doInit() { + ClassLoader currentContextCl = Thread.currentThread() + .getContextClassLoader(); + Thread.currentThread().setContextClassLoader( + Kernel.class.getClassLoader()); long begin = System.currentTimeMillis(); InternalAuthentication initAuth = new InternalAuthentication( KernelConstants.DEFAULT_SECURITY_KEY); SecurityContextHolder.getContext().setAuthentication(initAuth); try { + // Jackrabbit node node = new JackrabbitNode(bundleContext); + + // JCR repository factory repositoryFactory = new OsgiJackrabbitRepositoryFactory(); + + // Authentication nodeSecurity = new NodeSecurity(bundleContext, node); // Equinox dependency ExtendedHttpService httpService = waitForHttpService(); nodeHttp = new NodeHttp(httpService, node, nodeSecurity); + // Kernel thread + kernelThread = new KernelThread(this); + kernelThread.setContextClassLoader(Kernel.class.getClassLoader()); + kernelThread.start(); + // Publish services to OSGi nodeSecurity.publish(); - node.publish(); + node.publish(repositoryFactory); bundleContext.registerService(RepositoryFactory.class, repositoryFactory, null); @@ -85,6 +150,8 @@ final class Kernel implements ServiceListener { } catch (Exception e) { log.error("Cannot initialize Argeo CMS", e); throw new ArgeoException("Cannot initialize", e); + } finally { + Thread.currentThread().setContextClassLoader(currentContextCl); } long jvmUptime = ManagementFactory.getRuntimeMXBean().getUptime(); @@ -99,6 +166,8 @@ final class Kernel implements ServiceListener { void destroy() { long begin = System.currentTimeMillis(); + kernelThread.destroyAndJoin(); + if (nodeHttp != null) nodeHttp.destroy(); if (nodeSecurity != null) @@ -111,6 +180,14 @@ final class Kernel implements ServiceListener { // Clean hanging threads from Jackrabbit TransientFileFactory.shutdown(); + try { + LoginContext kernelLc = new LoginContext( + KernelConstants.LOGIN_CONTEXT_KERNEL, kernelSubject); + kernelLc.logout(); + } catch (LoginException e) { + throw new CmsException("Cannot log in kernel", e); + } + long duration = System.currentTimeMillis() - begin; log.info("## ARGEO CMS DOWN in " + (duration / 1000) + "." + (duration % 1000) + "s ##"); @@ -124,42 +201,25 @@ final class Kernel implements ServiceListener { if (jcrRepoAlias != null) {// JCR repository String alias = jcrRepoAlias.toString(); Repository repository = (Repository) bundleContext.getService(sr); + Map props = new HashMap(); + for (String key : sr.getPropertyKeys()) + props.put(key, sr.getProperty(key)); if (ServiceEvent.REGISTERED == event.getType()) { try { - nodeHttp.registerWebdavServlet(alias, repository, true); - nodeHttp.registerWebdavServlet(alias, repository, false); - nodeHttp.registerRemotingServlet(alias, repository, true); - nodeHttp.registerRemotingServlet(alias, repository, false); + repositoryFactory.register(repository, props); + nodeHttp.registerRepositoryServlets(alias, repository); } catch (Exception e) { throw new CmsException("Could not publish JCR repository " + alias, e); } } else if (ServiceEvent.UNREGISTERING == event.getType()) { + repositoryFactory.unregister(repository, props); + nodeHttp.unregisterRepositoryServlets(alias); } } } - final private static void directorsCut(long initDuration) { - // final long ms = 128l + (long) (Math.random() * 128d); - long ms = initDuration / 10; - log.info("Spend " + ms + "ms" - + " reflecting on the progress brought to mankind" - + " by Free Software..."); - long beginNano = System.nanoTime(); - try { - Thread.sleep(ms, 0); - } catch (InterruptedException e) { - // silent - } - long durationNano = System.nanoTime() - beginNano; - final double M = 1000d * 1000d; - double sleepAccuracy = ((double) durationNano) / (ms * M); - if (log.isTraceEnabled()) - log.trace("Sleep accuracy: " - + String.format("%.2f", sleepAccuracy * 100) + " %"); - } - private ExtendedHttpService waitForHttpService() { final ServiceTracker st = new ServiceTracker( bundleContext, ExtendedHttpService.class, null); @@ -176,4 +236,44 @@ final class Kernel implements ServiceListener { + ExtendedHttpService.class + " service."); return httpService; } -} + + private void createKeyStoreIfNeeded() { + char[] ksPwd = "changeit".toCharArray(); + char[] keyPwd = Arrays.copyOf(ksPwd, ksPwd.length); + File keyStoreFile = KernelUtils.getOsgiConfigurationFile("node.p12"); + if (!keyStoreFile.exists()) { + try { + KeyStore keyStore = PkiUtils.getKeyStore(keyStoreFile, ksPwd); + X509Certificate cert = PkiUtils.generateSelfSignedCertificate( + keyStore, new X500Principal(KernelHeader.ROLE_KERNEL), + keyPwd); + PkiUtils.saveKeyStore(keyStoreFile, ksPwd, keyStore); + + } catch (Exception e) { + throw new CmsException("Cannot create key store " + + keyStoreFile, e); + } + } + } + + final private static void directorsCut(long initDuration) { + // final long ms = 128l + (long) (Math.random() * 128d); + long ms = initDuration / 100; + log.info("Spend " + ms + "ms" + + " reflecting on the progress brought to mankind" + + " by Free Software..."); + long beginNano = System.nanoTime(); + try { + Thread.sleep(ms, 0); + } catch (InterruptedException e) { + // silent + } + long durationNano = System.nanoTime() - beginNano; + final double M = 1000d * 1000d; + double sleepAccuracy = ((double) durationNano) / (ms * M); + if (log.isDebugEnabled()) + log.debug("Sleep accuracy: " + + String.format("%.2f", 100 - (sleepAccuracy * 100 - 100)) + + " %"); + } +} \ No newline at end of file