]>
git.argeo.org Git - lgpl/argeo-commons.git/blob - org.argeo.cms/src/org/argeo/cms/internal/kernel/FirstInit.java
1 package org
.argeo
.cms
.internal
.kernel
;
3 import static org
.argeo
.cms
.internal
.kernel
.KernelUtils
.getFrameworkProp
;
6 import java
.io
.FileFilter
;
7 import java
.io
.IOException
;
8 import java
.net
.InetAddress
;
10 import java
.nio
.file
.Files
;
11 import java
.nio
.file
.Path
;
12 import java
.security
.KeyStore
;
13 import java
.util
.ArrayList
;
14 import java
.util
.Arrays
;
15 import java
.util
.Dictionary
;
16 import java
.util
.Hashtable
;
17 import java
.util
.List
;
19 import javax
.security
.auth
.x500
.X500Principal
;
21 import org
.apache
.commons
.io
.FileUtils
;
22 import org
.apache
.commons
.logging
.Log
;
23 import org
.apache
.commons
.logging
.LogFactory
;
24 import org
.argeo
.cms
.CmsException
;
25 import org
.argeo
.node
.NodeConstants
;
26 import org
.argeo
.osgi
.useradmin
.UserAdminConf
;
27 import org
.eclipse
.equinox
.http
.jetty
.JettyConstants
;
30 * Interprets framework properties in order to generate the initial deploy
34 private final static Log log
= LogFactory
.getLog(FirstInit
.class);
37 log
.info("## FIRST INIT ##");
40 /** Override the provided config with the framework properties */
41 Dictionary
<String
, Object
> getNodeRepositoryConfig(Dictionary
<String
, Object
> provided
) {
42 Dictionary
<String
, Object
> props
= provided
!= null ? provided
: new Hashtable
<String
, Object
>();
43 for (RepoConf repoConf
: RepoConf
.values()) {
44 Object value
= getFrameworkProp(NodeConstants
.NODE_REPO_PROP_PREFIX
+ repoConf
.name());
46 props
.put(repoConf
.name(), value
);
48 props
.put(NodeConstants
.CN
, NodeConstants
.NODE
);
49 // props.put(NodeConstants.JCR_REPOSITORY_ALIAS, NodeConstants.NODE);
53 /** Override the provided config with the framework properties */
54 Dictionary
<String
, Object
> getHttpServerConfig(Dictionary
<String
, Object
> provided
) {
55 String httpPort
= getFrameworkProp("org.osgi.service.http.port");
56 String httpsPort
= getFrameworkProp("org.osgi.service.http.port.secure");
57 /// TODO make it more generic
58 String httpHost
= getFrameworkProp(JettyConstants
.PROPERTY_PREFIX
+ '.' + JettyConstants
.HTTP_HOST
);
59 String httpsHost
= getFrameworkProp(JettyConstants
.PROPERTY_PREFIX
+ '.' + JettyConstants
.HTTPS_HOST
);
61 final Hashtable
<String
, Object
> props
= new Hashtable
<String
, Object
>();
63 if (httpPort
!= null || httpsPort
!= null) {
64 if (httpPort
!= null) {
65 props
.put(JettyConstants
.HTTP_PORT
, httpPort
);
66 props
.put(JettyConstants
.HTTP_ENABLED
, true);
68 if (httpsPort
!= null) {
69 props
.put(JettyConstants
.HTTPS_PORT
, httpsPort
);
70 props
.put(JettyConstants
.HTTPS_ENABLED
, true);
71 Path keyStorePath
= KernelUtils
.getOsgiInstancePath(KernelConstants
.DEFAULT_KEYSTORE_PATH
);
72 String keyStorePassword
= getFrameworkProp(
73 JettyConstants
.PROPERTY_PREFIX
+ '.' + JettyConstants
.SSL_PASSWORD
);
74 if (keyStorePassword
== null)
75 keyStorePassword
= "changeit";
76 if (!Files
.exists(keyStorePath
))
77 createSelfSignedKeyStore(keyStorePath
);
78 props
.put(JettyConstants
.SSL_KEYSTORETYPE
, "PKCS12");
79 props
.put(JettyConstants
.SSL_KEYSTORE
, keyStorePath
.toString());
80 props
.put(JettyConstants
.SSL_PASSWORD
, keyStorePassword
);
81 props
.put(JettyConstants
.SSL_WANTCLIENTAUTH
, true);
84 props
.put(JettyConstants
.HTTP_HOST
, httpHost
);
85 if (httpsHost
!= null)
86 props
.put(JettyConstants
.HTTPS_HOST
, httpHost
);
88 props
.put(NodeConstants
.CN
, NodeConstants
.DEFAULT
);
93 List
<Dictionary
<String
, Object
>> getUserDirectoryConfigs() {
94 List
<Dictionary
<String
, Object
>> res
= new ArrayList
<>();
95 File nodeBaseDir
= KernelUtils
.getOsgiInstancePath(KernelConstants
.DIR_NODE
).toFile();
96 List
<String
> uris
= new ArrayList
<>();
99 String nodeRolesUri
= getFrameworkProp(NodeConstants
.ROLES_URI
);
100 String baseNodeRoleDn
= NodeConstants
.ROLES_BASEDN
;
101 if (nodeRolesUri
== null) {
102 File nodeRolesFile
= new File(nodeBaseDir
, baseNodeRoleDn
+ ".ldif");
103 if (!nodeRolesFile
.exists())
105 FileUtils
.copyInputStreamToFile(getClass().getResourceAsStream(baseNodeRoleDn
+ ".ldif"),
107 } catch (IOException e
) {
108 throw new CmsException("Cannot copy demo resource", e
);
110 nodeRolesUri
= nodeRolesFile
.toURI().toString();
112 uris
.add(nodeRolesUri
);
115 String userAdminUris
= getFrameworkProp(NodeConstants
.USERADMIN_URIS
);
116 if (userAdminUris
== null) {
117 String kerberosDomain
= Activator
.getCmsSecurity().getKerberosDomain();
118 if (kerberosDomain
!= null) {
119 userAdminUris
= "ipa:///" + kerberosDomain
;
121 String demoBaseDn
= "dc=example,dc=com";
122 File businessRolesFile
= new File(nodeBaseDir
, demoBaseDn
+ ".ldif");
123 if (!businessRolesFile
.exists())
125 FileUtils
.copyInputStreamToFile(getClass().getResourceAsStream(demoBaseDn
+ ".ldif"),
127 } catch (IOException e
) {
128 throw new CmsException("Cannot copy demo resource", e
);
130 userAdminUris
= businessRolesFile
.toURI().toString();
131 log
.warn("## DEV Using dummy base DN " + demoBaseDn
);
132 // TODO downgrade security level
135 for (String userAdminUri
: userAdminUris
.split(" "))
136 uris
.add(userAdminUri
);
139 for (String uri
: uris
) {
143 if (u
.getPath() == null)
144 throw new CmsException("URI " + uri
+ " must have a path in order to determine base DN");
145 if (u
.getScheme() == null) {
146 if (uri
.startsWith("/") || uri
.startsWith("./") || uri
.startsWith("../"))
147 u
= new File(uri
).getCanonicalFile().toURI();
148 else if (!uri
.contains("/")) {
149 u
= KernelUtils
.getOsgiInstanceUri(KernelConstants
.DIR_NODE
+ '/' + uri
);
150 // u = new URI(nodeBaseDir.toURI() + uri);
152 throw new CmsException("Cannot interpret " + uri
+ " as an uri");
153 } else if (u
.getScheme().equals("file")) {
154 u
= new File(u
).getCanonicalFile().toURI();
156 } catch (Exception e
) {
157 throw new CmsException("Cannot interpret " + uri
+ " as an uri", e
);
159 Dictionary
<String
, Object
> properties
= UserAdminConf
.uriAsProperties(u
.toString());
167 * Called before node initialisation, in order populate OSGi instance are
168 * with some files (typically LDIF, etc).
170 static void prepareInstanceArea() {
171 String nodeInit
= getFrameworkProp(NodeConstants
.NODE_INIT
);
172 if (nodeInit
== null)
173 nodeInit
= "../../init";
174 if (nodeInit
.startsWith("http")) {
175 // remoteFirstInit(nodeInit);
179 // TODO use java.nio.file
181 if (nodeInit
.startsWith("."))
182 initDir
= KernelUtils
.getExecutionDir(nodeInit
);
184 initDir
= new File(nodeInit
);
185 // TODO also uncompress archives
186 if (initDir
.exists())
188 FileUtils
.copyDirectory(initDir
, KernelUtils
.getOsgiInstanceDir(), new FileFilter() {
191 public boolean accept(File pathname
) {
192 if (pathname
.getName().equals(".svn") || pathname
.getName().equals(".git"))
197 log
.info("CMS initialized from " + initDir
.getCanonicalPath());
198 } catch (IOException e
) {
199 throw new CmsException("Cannot initialize from " + initDir
, e
);
203 private void createSelfSignedKeyStore(Path keyStorePath
) {
204 // for (Provider provider : Security.getProviders())
205 // System.out.println(provider.getName());
206 File keyStoreFile
= keyStorePath
.toFile();
207 char[] ksPwd
= "changeit".toCharArray();
208 char[] keyPwd
= Arrays
.copyOf(ksPwd
, ksPwd
.length
);
209 if (!keyStoreFile
.exists()) {
211 keyStoreFile
.getParentFile().mkdirs();
212 KeyStore keyStore
= PkiUtils
.getKeyStore(keyStoreFile
, ksPwd
);
213 PkiUtils
.generateSelfSignedCertificate(keyStore
,
214 new X500Principal("CN=" + InetAddress
.getLocalHost().getHostName() + ",OU=UNSECURE,O=UNSECURE"),
216 PkiUtils
.saveKeyStore(keyStoreFile
, ksPwd
, keyStore
);
217 if (log
.isDebugEnabled())
218 log
.debug("Created self-signed unsecure keystore " + keyStoreFile
);
219 } catch (Exception e
) {
220 if (keyStoreFile
.length() == 0)
221 keyStoreFile
.delete();
222 log
.error("Cannot create keystore " + keyStoreFile
, e
);
225 throw new CmsException("Keystore " + keyStorePath
+ " already exists");