]> git.argeo.org Git - lgpl/argeo-commons.git/blob - org.argeo.cms/src/org/argeo/cms/internal/kernel/FirstInit.java
projects / lgpl / argeo-commons.git / blob
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Change files path
[lgpl/argeo-commons.git] / org.argeo.cms / src / org / argeo / cms / internal / kernel / FirstInit.java
1 package org.argeo.cms.internal.kernel;
2
3 import static org.argeo.cms.internal.kernel.KernelUtils.getFrameworkProp;
4
5 import java.io.File;
6 import java.io.FileFilter;
7 import java.io.IOException;
8 import java.net.InetAddress;
9 import java.net.URI;
10 import java.nio.file.Files;
11 import java.nio.file.Path;
12 import java.security.KeyStore;
13 import java.util.ArrayList;
14 import java.util.Arrays;
15 import java.util.Dictionary;
16 import java.util.Hashtable;
17 import java.util.List;
18
19 import javax.security.auth.x500.X500Principal;
20
21 import org.apache.commons.io.FileUtils;
22 import org.apache.commons.logging.Log;
23 import org.apache.commons.logging.LogFactory;
24 import org.argeo.cms.CmsException;
25 import org.argeo.node.NodeConstants;
26 import org.argeo.osgi.useradmin.UserAdminConf;
27 import org.eclipse.equinox.http.jetty.JettyConstants;
28
29 /**
30 * Interprets framework properties in order to generate the initial deploy
31 * configuration.
32 */
33 class FirstInit {
34 private final static Log log = LogFactory.getLog(FirstInit.class);
35
36 public FirstInit() {
37 log.info("## FIRST INIT ##");
38 }
39
40 /** Override the provided config with the framework properties */
41 Dictionary<String, Object> getNodeRepositoryConfig(Dictionary<String, Object> provided) {
42 Dictionary<String, Object> props = provided != null ? provided : new Hashtable<String, Object>();
43 for (RepoConf repoConf : RepoConf.values()) {
44 Object value = getFrameworkProp(NodeConstants.NODE_REPO_PROP_PREFIX + repoConf.name());
45 if (value != null)
46 props.put(repoConf.name(), value);
47 }
48 props.put(NodeConstants.CN, NodeConstants.NODE);
49 // props.put(NodeConstants.JCR_REPOSITORY_ALIAS, NodeConstants.NODE);
50 return props;
51 }
52
53 /** Override the provided config with the framework properties */
54 Dictionary<String, Object> getHttpServerConfig(Dictionary<String, Object> provided) {
55 String httpPort = getFrameworkProp("org.osgi.service.http.port");
56 String httpsPort = getFrameworkProp("org.osgi.service.http.port.secure");
57 /// TODO make it more generic
58 String httpHost = getFrameworkProp(JettyConstants.PROPERTY_PREFIX + '.' + JettyConstants.HTTP_HOST);
59 String httpsHost = getFrameworkProp(JettyConstants.PROPERTY_PREFIX + '.' + JettyConstants.HTTPS_HOST);
60
61 final Hashtable<String, Object> props = new Hashtable<String, Object>();
62 // try {
63 if (httpPort != null || httpsPort != null) {
64 if (httpPort != null) {
65 props.put(JettyConstants.HTTP_PORT, httpPort);
66 props.put(JettyConstants.HTTP_ENABLED, true);
67 }
68 if (httpsPort != null) {
69 props.put(JettyConstants.HTTPS_PORT, httpsPort);
70 props.put(JettyConstants.HTTPS_ENABLED, true);
71 Path keyStorePath = KernelUtils.getOsgiInstancePath(KernelConstants.DEFAULT_KEYSTORE_PATH);
72 String keyStorePassword = getFrameworkProp(
73 JettyConstants.PROPERTY_PREFIX + '.' + JettyConstants.SSL_PASSWORD);
74 if (keyStorePassword == null)
75 keyStorePassword = "changeit";
76 if (!Files.exists(keyStorePath))
77 createSelfSignedKeyStore(keyStorePath);
78 props.put(JettyConstants.SSL_KEYSTORETYPE, "PKCS12");
79 props.put(JettyConstants.SSL_KEYSTORE, keyStorePath.toString());
80 props.put(JettyConstants.SSL_PASSWORD, keyStorePassword);
81 props.put(JettyConstants.SSL_WANTCLIENTAUTH, true);
82 }
83 if (httpHost != null)
84 props.put(JettyConstants.HTTP_HOST, httpHost);
85 if (httpsHost != null)
86 props.put(JettyConstants.HTTPS_HOST, httpHost);
87
88 props.put(NodeConstants.CN, NodeConstants.DEFAULT);
89 }
90 return props;
91 }
92
93 List<Dictionary<String, Object>> getUserDirectoryConfigs() {
94 List<Dictionary<String, Object>> res = new ArrayList<>();
95 File nodeBaseDir = KernelUtils.getOsgiInstancePath(KernelConstants.DIR_NODE).toFile();
96 List<String> uris = new ArrayList<>();
97
98 // node roles
99 String nodeRolesUri = getFrameworkProp(NodeConstants.ROLES_URI);
100 String baseNodeRoleDn = NodeConstants.ROLES_BASEDN;
101 if (nodeRolesUri == null) {
102 File nodeRolesFile = new File(nodeBaseDir, baseNodeRoleDn + ".ldif");
103 if (!nodeRolesFile.exists())
104 try {
105 FileUtils.copyInputStreamToFile(getClass().getResourceAsStream(baseNodeRoleDn + ".ldif"),
106 nodeRolesFile);
107 } catch (IOException e) {
108 throw new CmsException("Cannot copy demo resource", e);
109 }
110 nodeRolesUri = nodeRolesFile.toURI().toString();
111 }
112 uris.add(nodeRolesUri);
113
114 // Business roles
115 String userAdminUris = getFrameworkProp(NodeConstants.USERADMIN_URIS);
116 if (userAdminUris == null) {
117 String kerberosDomain = Activator.getCmsSecurity().getKerberosDomain();
118 if (kerberosDomain != null) {
119 userAdminUris = "ipa:///" + kerberosDomain;
120 } else {
121 String demoBaseDn = "dc=example,dc=com";
122 File businessRolesFile = new File(nodeBaseDir, demoBaseDn + ".ldif");
123 if (!businessRolesFile.exists())
124 try {
125 FileUtils.copyInputStreamToFile(getClass().getResourceAsStream(demoBaseDn + ".ldif"),
126 businessRolesFile);
127 } catch (IOException e) {
128 throw new CmsException("Cannot copy demo resource", e);
129 }
130 userAdminUris = businessRolesFile.toURI().toString();
131 log.warn("## DEV Using dummy base DN " + demoBaseDn);
132 // TODO downgrade security level
133 }
134 }
135 for (String userAdminUri : userAdminUris.split(" "))
136 uris.add(userAdminUri);
137
138 // Interprets URIs
139 for (String uri : uris) {
140 URI u;
141 try {
142 u = new URI(uri);
143 if (u.getPath() == null)
144 throw new CmsException("URI " + uri + " must have a path in order to determine base DN");
145 if (u.getScheme() == null) {
146 if (uri.startsWith("/") || uri.startsWith("./") || uri.startsWith("../"))
147 u = new File(uri).getCanonicalFile().toURI();
148 else if (!uri.contains("/")) {
149 u = KernelUtils.getOsgiInstanceUri(KernelConstants.DIR_NODE + '/' + uri);
150 // u = new URI(nodeBaseDir.toURI() + uri);
151 } else
152 throw new CmsException("Cannot interpret " + uri + " as an uri");
153 } else if (u.getScheme().equals("file")) {
154 u = new File(u).getCanonicalFile().toURI();
155 }
156 } catch (Exception e) {
157 throw new CmsException("Cannot interpret " + uri + " as an uri", e);
158 }
159 Dictionary<String, Object> properties = UserAdminConf.uriAsProperties(u.toString());
160 res.add(properties);
161 }
162
163 return res;
164 }
165
166 /**
167 * Called before node initialisation, in order populate OSGi instance are
168 * with some files (typically LDIF, etc).
169 */
170 static void prepareInstanceArea() {
171 String nodeInit = getFrameworkProp(NodeConstants.NODE_INIT);
172 if (nodeInit == null)
173 nodeInit = "../../init";
174 if (nodeInit.startsWith("http")) {
175 // remoteFirstInit(nodeInit);
176 return;
177 }
178
179 // TODO use java.nio.file
180 File initDir;
181 if (nodeInit.startsWith("."))
182 initDir = KernelUtils.getExecutionDir(nodeInit);
183 else
184 initDir = new File(nodeInit);
185 // TODO also uncompress archives
186 if (initDir.exists())
187 try {
188 FileUtils.copyDirectory(initDir, KernelUtils.getOsgiInstanceDir(), new FileFilter() {
189
190 @Override
191 public boolean accept(File pathname) {
192 if (pathname.getName().equals(".svn") || pathname.getName().equals(".git"))
193 return false;
194 return true;
195 }
196 });
197 log.info("CMS initialized from " + initDir.getCanonicalPath());
198 } catch (IOException e) {
199 throw new CmsException("Cannot initialize from " + initDir, e);
200 }
201 }
202
203 private void createSelfSignedKeyStore(Path keyStorePath) {
204 // for (Provider provider : Security.getProviders())
205 // System.out.println(provider.getName());
206 File keyStoreFile = keyStorePath.toFile();
207 char[] ksPwd = "changeit".toCharArray();
208 char[] keyPwd = Arrays.copyOf(ksPwd, ksPwd.length);
209 if (!keyStoreFile.exists()) {
210 try {
211 keyStoreFile.getParentFile().mkdirs();
212 KeyStore keyStore = PkiUtils.getKeyStore(keyStoreFile, ksPwd);
213 PkiUtils.generateSelfSignedCertificate(keyStore,
214 new X500Principal("CN=" + InetAddress.getLocalHost().getHostName() + ",OU=UNSECURE,O=UNSECURE"),
215 1024, keyPwd);
216 PkiUtils.saveKeyStore(keyStoreFile, ksPwd, keyStore);
217 if (log.isDebugEnabled())
218 log.debug("Created self-signed unsecure keystore " + keyStoreFile);
219 } catch (Exception e) {
220 if (keyStoreFile.length() == 0)
221 keyStoreFile.delete();
222 log.error("Cannot create keystore " + keyStoreFile, e);
223 }
224 } else {
225 throw new CmsException("Keystore " + keyStorePath + " already exists");
226 }
227 }
228
229 }
Argeo Commons - Lightweight integration framework in pure Java/OSGi