]>
git.argeo.org Git - lgpl/argeo-commons.git/blob - org.argeo.cms/src/org/argeo/cms/internal/kernel/FirstInit.java
8bd348f8e5efb147943e90a1f4ea344a341d51c0
1 package org
.argeo
.cms
.internal
.kernel
;
3 import static org
.argeo
.cms
.internal
.kernel
.KernelUtils
.getFrameworkProp
;
6 import java
.io
.FileFilter
;
7 import java
.io
.IOException
;
8 import java
.net
.InetAddress
;
10 import java
.nio
.file
.Files
;
11 import java
.nio
.file
.Path
;
12 import java
.security
.KeyStore
;
13 import java
.util
.ArrayList
;
14 import java
.util
.Arrays
;
15 import java
.util
.Dictionary
;
16 import java
.util
.Hashtable
;
17 import java
.util
.List
;
19 import javax
.security
.auth
.x500
.X500Principal
;
21 import org
.apache
.commons
.io
.FileUtils
;
22 import org
.apache
.commons
.logging
.Log
;
23 import org
.apache
.commons
.logging
.LogFactory
;
24 import org
.argeo
.cms
.CmsException
;
25 import org
.argeo
.cms
.internal
.jcr
.RepoConf
;
26 import org
.argeo
.node
.NodeConstants
;
27 import org
.argeo
.osgi
.useradmin
.UserAdminConf
;
28 import org
.eclipse
.equinox
.http
.jetty
.JettyConstants
;
31 * Interprets framework properties in order to generate the initial deploy
35 private final static Log log
= LogFactory
.getLog(FirstInit
.class);
38 log
.info("## FIRST INIT ##");
41 /** Override the provided config with the framework properties */
42 Dictionary
<String
, Object
> getNodeRepositoryConfig(Dictionary
<String
, Object
> provided
) {
43 Dictionary
<String
, Object
> props
= provided
!= null ? provided
: new Hashtable
<String
, Object
>();
44 for (RepoConf repoConf
: RepoConf
.values()) {
45 Object value
= getFrameworkProp(NodeConstants
.NODE_REPO_PROP_PREFIX
+ repoConf
.name());
47 props
.put(repoConf
.name(), value
);
49 props
.put(NodeConstants
.CN
, NodeConstants
.NODE
);
50 // props.put(NodeConstants.JCR_REPOSITORY_ALIAS, NodeConstants.NODE);
54 /** Override the provided config with the framework properties */
55 Dictionary
<String
, Object
> getHttpServerConfig(Dictionary
<String
, Object
> provided
) {
56 String httpPort
= getFrameworkProp("org.osgi.service.http.port");
57 String httpsPort
= getFrameworkProp("org.osgi.service.http.port.secure");
58 /// TODO make it more generic
59 String httpHost
= getFrameworkProp(JettyConstants
.PROPERTY_PREFIX
+ '.' + JettyConstants
.HTTP_HOST
);
60 String httpsHost
= getFrameworkProp(JettyConstants
.PROPERTY_PREFIX
+ '.' + JettyConstants
.HTTPS_HOST
);
62 final Hashtable
<String
, Object
> props
= new Hashtable
<String
, Object
>();
64 if (httpPort
!= null || httpsPort
!= null) {
65 if (httpPort
!= null) {
66 props
.put(JettyConstants
.HTTP_PORT
, httpPort
);
67 props
.put(JettyConstants
.HTTP_ENABLED
, true);
69 if (httpsPort
!= null) {
70 props
.put(JettyConstants
.HTTPS_PORT
, httpsPort
);
71 props
.put(JettyConstants
.HTTPS_ENABLED
, true);
72 Path keyStorePath
= KernelUtils
.getOsgiInstancePath(KernelConstants
.DEFAULT_KEYSTORE_PATH
);
73 String keyStorePassword
= getFrameworkProp(
74 JettyConstants
.PROPERTY_PREFIX
+ '.' + JettyConstants
.SSL_PASSWORD
);
75 if (keyStorePassword
== null)
76 keyStorePassword
= "changeit";
77 if (!Files
.exists(keyStorePath
))
78 createSelfSignedKeyStore(keyStorePath
);
79 props
.put(JettyConstants
.SSL_KEYSTORETYPE
, "PKCS12");
80 props
.put(JettyConstants
.SSL_KEYSTORE
, keyStorePath
.toString());
81 props
.put(JettyConstants
.SSL_PASSWORD
, keyStorePassword
);
82 props
.put(JettyConstants
.SSL_WANTCLIENTAUTH
, true);
85 props
.put(JettyConstants
.HTTP_HOST
, httpHost
);
86 if (httpsHost
!= null)
87 props
.put(JettyConstants
.HTTPS_HOST
, httpHost
);
89 props
.put(NodeConstants
.CN
, NodeConstants
.DEFAULT
);
94 List
<Dictionary
<String
, Object
>> getUserDirectoryConfigs() {
95 List
<Dictionary
<String
, Object
>> res
= new ArrayList
<>();
96 File nodeBaseDir
= KernelUtils
.getOsgiInstancePath(KernelConstants
.DIR_NODE
).toFile();
97 List
<String
> uris
= new ArrayList
<>();
100 String nodeRolesUri
= getFrameworkProp(NodeConstants
.ROLES_URI
);
101 String baseNodeRoleDn
= NodeConstants
.ROLES_BASEDN
;
102 if (nodeRolesUri
== null) {
103 File nodeRolesFile
= new File(nodeBaseDir
, baseNodeRoleDn
+ ".ldif");
104 if (!nodeRolesFile
.exists())
106 FileUtils
.copyInputStreamToFile(getClass().getResourceAsStream(baseNodeRoleDn
+ ".ldif"),
108 } catch (IOException e
) {
109 throw new CmsException("Cannot copy demo resource", e
);
111 nodeRolesUri
= nodeRolesFile
.toURI().toString();
113 uris
.add(nodeRolesUri
);
116 String userAdminUris
= getFrameworkProp(NodeConstants
.USERADMIN_URIS
);
117 if (userAdminUris
== null) {
118 String kerberosDomain
= Activator
.getCmsSecurity().getKerberosDomain();
119 if (kerberosDomain
!= null) {
120 userAdminUris
= "ipa:///" + kerberosDomain
;
122 String demoBaseDn
= "dc=example,dc=com";
123 File businessRolesFile
= new File(nodeBaseDir
, demoBaseDn
+ ".ldif");
124 if (!businessRolesFile
.exists())
126 FileUtils
.copyInputStreamToFile(getClass().getResourceAsStream(demoBaseDn
+ ".ldif"),
128 } catch (IOException e
) {
129 throw new CmsException("Cannot copy demo resource", e
);
131 userAdminUris
= businessRolesFile
.toURI().toString();
132 log
.warn("## DEV Using dummy base DN " + demoBaseDn
);
133 // TODO downgrade security level
136 for (String userAdminUri
: userAdminUris
.split(" "))
137 uris
.add(userAdminUri
);
140 for (String uri
: uris
) {
144 if (u
.getPath() == null)
145 throw new CmsException("URI " + uri
+ " must have a path in order to determine base DN");
146 if (u
.getScheme() == null) {
147 if (uri
.startsWith("/") || uri
.startsWith("./") || uri
.startsWith("../"))
148 u
= new File(uri
).getCanonicalFile().toURI();
149 else if (!uri
.contains("/")) {
150 u
= KernelUtils
.getOsgiInstanceUri(KernelConstants
.DIR_NODE
+ '/' + uri
);
151 // u = new URI(nodeBaseDir.toURI() + uri);
153 throw new CmsException("Cannot interpret " + uri
+ " as an uri");
154 } else if (u
.getScheme().equals("file")) {
155 u
= new File(u
).getCanonicalFile().toURI();
157 } catch (Exception e
) {
158 throw new CmsException("Cannot interpret " + uri
+ " as an uri", e
);
160 Dictionary
<String
, Object
> properties
= UserAdminConf
.uriAsProperties(u
.toString());
168 * Called before node initialisation, in order populate OSGi instance are
169 * with some files (typically LDIF, etc).
171 static void prepareInstanceArea() {
172 String nodeInit
= getFrameworkProp(NodeConstants
.NODE_INIT
);
173 if (nodeInit
== null)
174 nodeInit
= "../../init";
175 if (nodeInit
.startsWith("http")) {
176 // remoteFirstInit(nodeInit);
180 // TODO use java.nio.file
182 if (nodeInit
.startsWith("."))
183 initDir
= KernelUtils
.getExecutionDir(nodeInit
);
185 initDir
= new File(nodeInit
);
186 // TODO also uncompress archives
187 if (initDir
.exists())
189 FileUtils
.copyDirectory(initDir
, KernelUtils
.getOsgiInstanceDir(), new FileFilter() {
192 public boolean accept(File pathname
) {
193 if (pathname
.getName().equals(".svn") || pathname
.getName().equals(".git"))
198 log
.info("CMS initialized from " + initDir
.getCanonicalPath());
199 } catch (IOException e
) {
200 throw new CmsException("Cannot initialize from " + initDir
, e
);
204 private void createSelfSignedKeyStore(Path keyStorePath
) {
205 // for (Provider provider : Security.getProviders())
206 // System.out.println(provider.getName());
207 File keyStoreFile
= keyStorePath
.toFile();
208 char[] ksPwd
= "changeit".toCharArray();
209 char[] keyPwd
= Arrays
.copyOf(ksPwd
, ksPwd
.length
);
210 if (!keyStoreFile
.exists()) {
212 keyStoreFile
.getParentFile().mkdirs();
213 KeyStore keyStore
= PkiUtils
.getKeyStore(keyStoreFile
, ksPwd
);
214 PkiUtils
.generateSelfSignedCertificate(keyStore
,
215 new X500Principal("CN=" + InetAddress
.getLocalHost().getHostName() + ",OU=UNSECURE,O=UNSECURE"),
217 PkiUtils
.saveKeyStore(keyStoreFile
, ksPwd
, keyStore
);
218 if (log
.isDebugEnabled())
219 log
.debug("Created self-signed unsecure keystore " + keyStoreFile
);
220 } catch (Exception e
) {
221 if (keyStoreFile
.length() == 0)
222 keyStoreFile
.delete();
223 log
.error("Cannot create keystore " + keyStoreFile
, e
);
226 throw new CmsException("Keystore " + keyStorePath
+ " already exists");