1 package org
.argeo
.cms
.internal
.kernel
;
3 import java
.io
.IOException
;
5 import java
.security
.AllPermission
;
6 import java
.util
.Dictionary
;
8 import java
.util
.Locale
;
9 import java
.util
.concurrent
.ExecutorService
;
10 import java
.util
.concurrent
.Executors
;
12 import javax
.security
.auth
.login
.Configuration
;
14 import org
.apache
.commons
.logging
.Log
;
15 import org
.apache
.commons
.logging
.LogFactory
;
16 import org
.argeo
.api
.ArgeoLogger
;
17 import org
.argeo
.api
.NodeConstants
;
18 import org
.argeo
.api
.NodeDeployment
;
19 import org
.argeo
.api
.NodeInstance
;
20 import org
.argeo
.api
.NodeState
;
21 import org
.argeo
.ident
.IdentClient
;
22 import org
.ietf
.jgss
.GSSCredential
;
23 import org
.osgi
.framework
.Bundle
;
24 import org
.osgi
.framework
.BundleActivator
;
25 import org
.osgi
.framework
.BundleContext
;
26 import org
.osgi
.framework
.Constants
;
27 import org
.osgi
.framework
.FrameworkUtil
;
28 import org
.osgi
.service
.condpermadmin
.BundleLocationCondition
;
29 import org
.osgi
.service
.condpermadmin
.ConditionInfo
;
30 import org
.osgi
.service
.condpermadmin
.ConditionalPermissionAdmin
;
31 import org
.osgi
.service
.condpermadmin
.ConditionalPermissionInfo
;
32 import org
.osgi
.service
.condpermadmin
.ConditionalPermissionUpdate
;
33 import org
.osgi
.service
.log
.LogReaderService
;
34 import org
.osgi
.service
.permissionadmin
.PermissionInfo
;
35 import org
.osgi
.service
.useradmin
.UserAdmin
;
36 import org
.osgi
.util
.tracker
.ServiceTracker
;
39 * Activates the kernel. Gives access to kernel information for the rest of the
40 * bundle (and only it)
42 public class Activator
implements BundleActivator
{
43 private final static Log log
= LogFactory
.getLog(Activator
.class);
45 private static Activator instance
;
47 // TODO make it configurable
48 private boolean hardened
= false;
50 private static BundleContext bundleContext
;
52 private LogReaderService logReaderService
;
54 private NodeLogger logger
;
55 private CmsState nodeState
;
56 private CmsDeployment nodeDeployment
;
57 private CmsInstance nodeInstance
;
59 private ServiceTracker
<UserAdmin
, NodeUserAdmin
> userAdminSt
;
60 private ExecutorService internalExecutorService
;
63 Bundle bundle
= FrameworkUtil
.getBundle(Activator
.class);
65 bundleContext
= bundle
.getBundleContext();
70 Runtime
.getRuntime().addShutdownHook(new CmsShutdown());
72 // this.bc = bundleContext;
73 if (bundleContext
!= null)
74 this.logReaderService
= getService(LogReaderService
.class);
75 this.internalExecutorService
= Executors
.newFixedThreadPool(Runtime
.getRuntime().availableProcessors());
82 if (log
.isTraceEnabled())
83 log
.trace("Kernel bundle started");
84 } catch (Throwable e
) {
85 log
.error("## FATAL: CMS activator failed", e
);
91 if (nodeInstance
!= null)
92 nodeInstance
.shutdown();
93 if (nodeDeployment
!= null)
94 nodeDeployment
.shutdown();
95 if (nodeState
!= null)
98 if (userAdminSt
!= null)
101 internalExecutorService
.shutdown();
103 bundleContext
= null;
104 this.logReaderService
= null;
105 // this.configurationAdmin = null;
106 } catch (Exception e
) {
107 log
.error("CMS activator shutdown failed", e
);
111 private void initSecurity() {
112 if (System
.getProperty(KernelConstants
.JAAS_CONFIG_PROP
) == null) {
113 String jaasConfig
= KernelConstants
.JAAS_CONFIG
;
114 URL url
= getClass().getResource(jaasConfig
);
115 // System.setProperty(KernelConstants.JAAS_CONFIG_PROP,
116 // url.toExternalForm());
117 KernelUtils
.setJaasConfiguration(url
);
119 // explicitly load JAAS configuration
120 Configuration
.getConfiguration();
122 // code-level permissions
123 String osgiSecurity
= KernelUtils
.getFrameworkProp(Constants
.FRAMEWORK_SECURITY
);
124 if (osgiSecurity
!= null && Constants
.FRAMEWORK_SECURITY_OSGI
.equals(osgiSecurity
)) {
125 // TODO rather use a tracker?
126 ConditionalPermissionAdmin permissionAdmin
= bundleContext
127 .getService(bundleContext
.getServiceReference(ConditionalPermissionAdmin
.class));
129 // All permissions to all bundles
130 ConditionalPermissionUpdate update
= permissionAdmin
.newConditionalPermissionUpdate();
131 update
.getConditionalPermissionInfos().add(permissionAdmin
.newConditionalPermissionInfo(null,
132 new ConditionInfo
[] {
133 new ConditionInfo(BundleLocationCondition
.class.getName(), new String
[] { "*" }) },
134 new PermissionInfo
[] { new PermissionInfo(AllPermission
.class.getName(), null, null) },
135 ConditionalPermissionInfo
.ALLOW
));
136 // TODO data admin permission
137 // PermissionInfo dataAdminPerm = new PermissionInfo(AuthPermission.class.getName(),
138 // "createLoginContext." + NodeConstants.LOGIN_CONTEXT_DATA_ADMIN, null);
139 // update.getConditionalPermissionInfos().add(permissionAdmin.newConditionalPermissionInfo(null,
140 // new ConditionInfo[] {
141 // new ConditionInfo(BundleLocationCondition.class.getName(), new String[] { "*" }) },
142 // new PermissionInfo[] { dataAdminPerm }, ConditionalPermissionInfo.DENY));
143 // update.getConditionalPermissionInfos().add(permissionAdmin.newConditionalPermissionInfo(null,
144 // new ConditionInfo[] {
145 // new ConditionInfo(BundleSignerCondition.class.getName(), new String[] { "CN=\"Eclipse.org Foundation, Inc.\", OU=IT, O=\"Eclipse.org Foundation, Inc.\", L=Nepean, ST=Ontario, C=CA" }) },
146 // new PermissionInfo[] { dataAdminPerm }, ConditionalPermissionInfo.ALLOW));
149 SecurityProfile securityProfile
= new SecurityProfile() {
151 securityProfile
.applySystemPermissions(permissionAdmin
);
157 private void initArgeoLogger() {
158 logger
= new NodeLogger(logReaderService
);
159 if (bundleContext
!= null)
160 bundleContext
.registerService(ArgeoLogger
.class, logger
, null);
163 private void initNode() throws IOException
{
165 nodeState
= new CmsState();
166 registerService(NodeState
.class, nodeState
, null);
169 nodeDeployment
= new CmsDeployment();
170 // registerService(NodeDeployment.class, nodeDeployment, null);
173 nodeInstance
= new CmsInstance();
174 registerService(NodeInstance
.class, nodeInstance
, null);
177 public static <T
> void registerService(Class
<T
> clss
, T service
, Dictionary
<String
, ?
> properties
) {
178 if (bundleContext
!= null) {
179 bundleContext
.registerService(clss
, service
, properties
);
184 public static <T
> T
getService(Class
<T
> clss
) {
185 if (bundleContext
!= null) {
186 return bundleContext
.getService(bundleContext
.getServiceReference(clss
));
197 public void start(BundleContext bc
) throws Exception
{
198 if (!bc
.getBundle().equals(bundleContext
.getBundle()))
199 throw new IllegalStateException(
200 "Bundle " + bc
.getBundle() + " is not consistent with " + bundleContext
.getBundle());
202 userAdminSt
= new ServiceTracker
<>(bundleContext
, UserAdmin
.class, null);
207 public void stop(BundleContext bc
) throws Exception
{
208 if (!bc
.getBundle().equals(bundleContext
.getBundle()))
209 throw new IllegalStateException(
210 "Bundle " + bc
.getBundle() + " is not consistent with " + bundleContext
.getBundle());
214 // private <T> T getService(Class<T> clazz) {
215 // ServiceReference<T> sr = bundleContext.getServiceReference(clazz);
217 // throw new IllegalStateException("No service available for " + clazz);
218 // return bundleContext.getService(sr);
221 public static NodeState
getNodeState() {
222 return instance
.nodeState
;
225 public static GSSCredential
getAcceptorCredentials() {
226 return getNodeUserAdmin().getAcceptorCredentials();
230 public static boolean isSingleUser() {
231 return getNodeUserAdmin().isSingleUser();
234 public static UserAdmin
getUserAdmin() {
235 return (UserAdmin
) getNodeUserAdmin();
238 public static String
getHttpProxySslHeader() {
239 return KernelUtils
.getFrameworkProp(NodeConstants
.HTTP_PROXY_SSL_DN
);
242 public static IdentClient
getIdentClient(String remoteAddr
) {
243 if (!IdentClient
.isDefaultAuthdPassphraseFileAvailable())
245 // TODO make passphrase more configurable
246 return new IdentClient(remoteAddr
);
249 private static NodeUserAdmin
getNodeUserAdmin() {
252 res
= instance
.userAdminSt
.waitForService(60000);
253 } catch (InterruptedException e
) {
254 throw new IllegalStateException("Cannot retrieve Node user admin", e
);
257 throw new IllegalStateException("No Node user admin found");
260 // ServiceReference<UserAdmin> sr =
261 // instance.bc.getServiceReference(UserAdmin.class);
262 // NodeUserAdmin userAdmin = (NodeUserAdmin) instance.bc.getService(sr);
267 static ExecutorService
getInternalExecutorService() {
268 return instance
.internalExecutorService
;
271 // static CmsSecurity getCmsSecurity() {
272 // return instance.nodeSecurity;
275 public String
[] getLocales() {
277 List
<Locale
> locales
= getNodeState().getLocales();
278 String
[] res
= new String
[locales
.size()];
279 for (int i
= 0; i
< locales
.size(); i
++)
280 res
[i
] = locales
.get(i
).toString();
284 static BundleContext
getBundleContext() {
285 return bundleContext
;
288 public static void main(String
[] args
) {
289 instance
= new Activator();