X-Git-Url: http://git.argeo.org/?a=blobdiff_plain;f=org.argeo.cms%2Fsrc%2Forg%2Fargeo%2Fcms%2Finternal%2Fruntime%2FCmsStateImpl.java;h=902fe793b7a28ea98b377d65fb717c19d41f1274;hb=76a8481ee26616efa0fa59838a93bcad937b2692;hp=47a4b1ff6c3c61301fdf7839d8072eb780dcf5f6;hpb=36c0ba6709ae9a3974c1d1dce01ebe47c5aec24e;p=lgpl%2Fargeo-commons.git

diff --git a/org.argeo.cms/src/org/argeo/cms/internal/runtime/CmsStateImpl.java b/org.argeo.cms/src/org/argeo/cms/internal/runtime/CmsStateImpl.java
index 47a4b1ff6..902fe793b 100644
--- a/org.argeo.cms/src/org/argeo/cms/internal/runtime/CmsStateImpl.java
+++ b/org.argeo.cms/src/org/argeo/cms/internal/runtime/CmsStateImpl.java
@@ -1,37 +1,36 @@
 package org.argeo.cms.internal.runtime;
 
-import java.io.File;
-import java.io.FileFilter;
 import java.io.IOException;
 import java.io.Reader;
-import java.net.InetAddress;
 import java.net.URL;
-import java.net.UnknownHostException;
 import java.nio.charset.StandardCharsets;
 import java.nio.file.Files;
 import java.nio.file.Path;
 import java.nio.file.Paths;
+import java.nio.file.attribute.PosixFilePermission;
 import java.security.KeyStore;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Collections;
 import java.util.HashMap;
+import java.util.HashSet;
 import java.util.List;
 import java.util.Locale;
 import java.util.Map;
 import java.util.Objects;
+import java.util.Set;
 import java.util.StringJoiner;
 import java.util.UUID;
 
 import javax.security.auth.login.Configuration;
 
-import org.apache.commons.io.FileUtils;
 import org.argeo.api.cms.CmsConstants;
 import org.argeo.api.cms.CmsLog;
 import org.argeo.api.cms.CmsState;
 import org.argeo.api.uuid.UuidFactory;
 import org.argeo.cms.CmsDeployProperty;
 import org.argeo.cms.auth.ident.IdentClient;
+import org.argeo.util.FsUtils;
 
 /**
  * Implementation of a {@link CmsState}, initialising the required services.
@@ -44,13 +43,17 @@ public class CmsStateImpl implements CmsState {
 
 	private UUID uuid;
 //	private final boolean cleanState;
-	private String hostname;
+//	private String hostname;
 
 	private UuidFactory uuidFactory;
 
 	private final Map<CmsDeployProperty, String> deployPropertyDefaults;
 
 	public CmsStateImpl() {
+		this.deployPropertyDefaults = Collections.unmodifiableMap(createDeployPropertiesDefaults());
+	}
+
+	protected Map<CmsDeployProperty, String> createDeployPropertiesDefaults() {
 		Map<CmsDeployProperty, String> deployPropertyDefaults = new HashMap<>();
 		deployPropertyDefaults.put(CmsDeployProperty.NODE_INIT, "../../init");
 		deployPropertyDefaults.put(CmsDeployProperty.LOCALE, Locale.getDefault().toString());
@@ -59,14 +62,24 @@ public class CmsStateImpl implements CmsState {
 		deployPropertyDefaults.put(CmsDeployProperty.SSL_KEYSTORETYPE, PkiUtils.PKCS12);
 		deployPropertyDefaults.put(CmsDeployProperty.SSL_PASSWORD, PkiUtils.DEFAULT_KEYSTORE_PASSWORD);
 		Path keyStorePath = getDataPath(PkiUtils.DEFAULT_KEYSTORE_PATH);
-		deployPropertyDefaults.put(CmsDeployProperty.SSL_KEYSTORE, keyStorePath.toAbsolutePath().toString());
+		if (keyStorePath != null) {
+			deployPropertyDefaults.put(CmsDeployProperty.SSL_KEYSTORE, keyStorePath.toAbsolutePath().toString());
+		}
 
 		Path trustStorePath = getDataPath(PkiUtils.DEFAULT_TRUSTSTORE_PATH);
+		if (trustStorePath != null) {
+			deployPropertyDefaults.put(CmsDeployProperty.SSL_TRUSTSTORE, trustStorePath.toAbsolutePath().toString());
+		}
 		deployPropertyDefaults.put(CmsDeployProperty.SSL_TRUSTSTORETYPE, PkiUtils.PKCS12);
 		deployPropertyDefaults.put(CmsDeployProperty.SSL_TRUSTSTOREPASSWORD, PkiUtils.DEFAULT_KEYSTORE_PASSWORD);
-		deployPropertyDefaults.put(CmsDeployProperty.SSL_TRUSTSTORE, trustStorePath.toAbsolutePath().toString());
 
-		this.deployPropertyDefaults = Collections.unmodifiableMap(deployPropertyDefaults);
+		// SSH
+		Path authorizedKeysPath = getDataPath(KernelConstants.NODE_SSHD_AUTHORIZED_KEYS_PATH);
+		if (authorizedKeysPath != null) {
+			deployPropertyDefaults.put(CmsDeployProperty.SSHD_AUTHORIZEDKEYS,
+					authorizedKeysPath.toAbsolutePath().toString());
+		}
+		return deployPropertyDefaults;
 	}
 
 	public void start() {
@@ -83,11 +96,11 @@ public class CmsStateImpl implements CmsState {
 //			this.uuid = UUID.fromString(stateUuidStr);
 			this.uuid = uuidFactory.timeUUID();
 //		this.cleanState = stateUuid.equals(frameworkUuid);
-			try {
-				this.hostname = InetAddress.getLocalHost().getHostName();
-			} catch (UnknownHostException e) {
-				log.error("Cannot set hostname: " + e);
-			}
+//			try {
+//				this.hostname = InetAddress.getLocalHost().getHostName();
+//			} catch (UnknownHostException e) {
+//				log.error("Cannot set hostname: " + e);
+//			}
 
 			availableSince = System.currentTimeMillis();
 			if (log.isDebugEnabled()) {
@@ -112,18 +125,32 @@ public class CmsStateImpl implements CmsState {
 				log.debug("## CMS starting... (" + uuid + ")\n" + sb + "\n");
 			}
 
-//		initI18n();
-//		initServices();
-			if (!Files.exists(getDataPath(CmsConstants.NODE))) {// first init
+			Path nodeBase = getDataPath(KernelConstants.DIR_PRIVATE);
+			if (nodeBase != null && !Files.exists(nodeBase)) {// first init
 				firstInit();
 			}
 
 		} catch (RuntimeException | IOException e) {
-			log.error("## FATAL: CMS activator failed", e);
+			log.error("## FATAL: CMS state failed", e);
 		}
 	}
 
 	private void initSecurity() {
+		// private directory permissions
+		Path privateDir = KernelUtils.getOsgiInstancePath(KernelConstants.DIR_PRIVATE);
+		if (privateDir != null) {
+			// TODO rather check whether we can read and write
+			Set<PosixFilePermission> posixPermissions = new HashSet<>();
+			posixPermissions.add(PosixFilePermission.OWNER_READ);
+			posixPermissions.add(PosixFilePermission.OWNER_WRITE);
+			posixPermissions.add(PosixFilePermission.OWNER_EXECUTE);
+			try {
+				Files.setPosixFilePermissions(privateDir, posixPermissions);
+			} catch (IOException e) {
+				log.error("Cannot set permissions on " + privateDir);
+			}
+		}
+
 		if (getDeployProperty(CmsDeployProperty.JAVA_LOGIN_CONFIG) == null) {
 			String jaasConfig = KernelConstants.JAAS_CONFIG;
 			URL url = getClass().getResource(jaasConfig);
@@ -155,7 +182,8 @@ public class CmsStateImpl implements CmsState {
 					getDeployProperty(CmsDeployProperty.SSL_KEYSTORETYPE));
 			try (Reader key = Files.newBufferedReader(pemKeyPath, StandardCharsets.US_ASCII);
 					Reader cert = Files.newBufferedReader(pemCertPath, StandardCharsets.US_ASCII);) {
-				PkiUtils.loadPem(keyStore, key, keyStorePassword, cert);
+				PkiUtils.loadPrivateCertificatePem(keyStore, CmsConstants.NODE, key, keyStorePassword, cert);
+				Files.createDirectories(keyStorePath.getParent());
 				PkiUtils.saveKeyStore(keyStorePath, keyStorePassword, keyStore);
 				if (log.isDebugEnabled())
 					log.debug("PEM certificate stored in " + keyStorePath);
@@ -174,7 +202,8 @@ public class CmsStateImpl implements CmsState {
 			KeyStore trustStore = PkiUtils.getKeyStore(trustStorePath, trustStorePassword,
 					getDeployProperty(CmsDeployProperty.SSL_TRUSTSTORETYPE));
 			try (Reader cert = Files.newBufferedReader(ipaCaCertPath, StandardCharsets.US_ASCII);) {
-				PkiUtils.loadPem(trustStore, null, trustStorePassword, cert);
+				PkiUtils.loadTrustedCertificatePem(trustStore, trustStorePassword, cert);
+				Files.createDirectories(keyStorePath.getParent());
 				PkiUtils.saveKeyStore(trustStorePath, trustStorePassword, trustStore);
 				if (log.isDebugEnabled())
 					log.debug("IPA CA certificate stored in " + trustStorePath);
@@ -335,10 +364,6 @@ public class CmsStateImpl implements CmsState {
 	/*
 	 * ACCESSORS
 	 */
-	public String getHostname() {
-		return hostname;
-	}
-
 	@Override
 	public UUID getUuid() {
 		return uuid;
@@ -355,7 +380,7 @@ public class CmsStateImpl implements CmsState {
 	public static void prepareFirstInitInstanceArea(List<String> nodeInits) {
 
 		for (String nodeInit : nodeInits) {
-			if(nodeInit==null)
+			if (nodeInit == null)
 				continue;
 
 			if (nodeInit.startsWith("http")) {
@@ -364,29 +389,17 @@ public class CmsStateImpl implements CmsState {
 			} else {
 
 				// TODO use java.nio.file
-				File initDir;
+				Path initDir;
 				if (nodeInit.startsWith("."))
 					initDir = KernelUtils.getExecutionDir(nodeInit);
 				else
-					initDir = new File(nodeInit);
+					initDir = Paths.get(nodeInit);
 				// TODO also uncompress archives
-				if (initDir.exists())
-					try {
-						// TODO use NIO utilities
-						FileUtils.copyDirectory(initDir, KernelUtils.getOsgiInstancePath("").toFile(),
-								new FileFilter() {
-
-									@Override
-									public boolean accept(File pathname) {
-										if (pathname.getName().equals(".svn") || pathname.getName().equals(".git"))
-											return false;
-										return true;
-									}
-								});
-						log.info("CMS initialized from " + initDir.getCanonicalPath());
-					} catch (IOException e) {
-						throw new RuntimeException("Cannot initialize from " + initDir, e);
-					}
+				if (Files.exists(initDir)) {
+					Path dataPath = KernelUtils.getOsgiInstancePath("");
+					FsUtils.copyDirectory(initDir, dataPath);
+					log.info("CMS initialized from " + initDir);
+				}
 			}
 		}
 	}