]> git.argeo.org Git - lgpl/argeo-commons.git/blob - org.argeo.cms/src/org/argeo/cms/internal/runtime/CmsStateImpl.java
projects / lgpl / argeo-commons.git / blob
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Remove static default UUID factory
[lgpl/argeo-commons.git] / org.argeo.cms / src / org / argeo / cms / internal / runtime / CmsStateImpl.java
1 package org.argeo.cms.internal.runtime;
2
3 import java.io.IOException;
4 import java.io.Reader;
5 import java.net.InetAddress;
6 import java.net.URL;
7 import java.net.UnknownHostException;
8 import java.nio.charset.StandardCharsets;
9 import java.nio.file.Files;
10 import java.nio.file.Path;
11 import java.nio.file.Paths;
12 import java.nio.file.attribute.PosixFilePermission;
13 import java.security.KeyStore;
14 import java.util.ArrayList;
15 import java.util.Arrays;
16 import java.util.Collections;
17 import java.util.HashMap;
18 import java.util.HashSet;
19 import java.util.List;
20 import java.util.Locale;
21 import java.util.Map;
22 import java.util.Objects;
23 import java.util.Set;
24 import java.util.StringJoiner;
25 import java.util.UUID;
26 import java.util.concurrent.ExecutionException;
27 import java.util.concurrent.ForkJoinPool;
28 import java.util.concurrent.ForkJoinTask;
29 import java.util.concurrent.TimeUnit;
30 import java.util.concurrent.TimeoutException;
31
32 import javax.security.auth.login.Configuration;
33
34 import org.argeo.api.cms.CmsConstants;
35 import org.argeo.api.cms.CmsLog;
36 import org.argeo.api.cms.CmsState;
37 import org.argeo.api.uuid.UuidFactory;
38 import org.argeo.cms.CmsDeployProperty;
39 import org.argeo.cms.auth.ident.IdentClient;
40 import org.argeo.util.FsUtils;
41
42 /**
43 * Implementation of a {@link CmsState}, initialising the required services.
44 */
45 public class CmsStateImpl implements CmsState {
46 private final static CmsLog log = CmsLog.getLog(CmsStateImpl.class);
47
48 // REFERENCES
49 private Long availableSince;
50
51 private UUID uuid;
52 // private final boolean cleanState;
53 private String hostname;
54
55 private UuidFactory uuidFactory;
56
57 private final Map<CmsDeployProperty, String> deployPropertyDefaults;
58
59 public CmsStateImpl() {
60 this.deployPropertyDefaults = Collections.unmodifiableMap(createDeployPropertiesDefaults());
61 }
62
63 protected Map<CmsDeployProperty, String> createDeployPropertiesDefaults() {
64 Map<CmsDeployProperty, String> deployPropertyDefaults = new HashMap<>();
65 deployPropertyDefaults.put(CmsDeployProperty.NODE_INIT, "../../init");
66 deployPropertyDefaults.put(CmsDeployProperty.LOCALE, Locale.getDefault().toString());
67
68 // certificates
69 deployPropertyDefaults.put(CmsDeployProperty.SSL_KEYSTORETYPE, PkiUtils.PKCS12);
70 deployPropertyDefaults.put(CmsDeployProperty.SSL_PASSWORD, PkiUtils.DEFAULT_KEYSTORE_PASSWORD);
71 Path keyStorePath = getDataPath(PkiUtils.DEFAULT_KEYSTORE_PATH);
72 if (keyStorePath != null) {
73 deployPropertyDefaults.put(CmsDeployProperty.SSL_KEYSTORE, keyStorePath.toAbsolutePath().toString());
74 }
75
76 Path trustStorePath = getDataPath(PkiUtils.DEFAULT_TRUSTSTORE_PATH);
77 if (trustStorePath != null) {
78 deployPropertyDefaults.put(CmsDeployProperty.SSL_TRUSTSTORE, trustStorePath.toAbsolutePath().toString());
79 }
80 deployPropertyDefaults.put(CmsDeployProperty.SSL_TRUSTSTORETYPE, PkiUtils.PKCS12);
81 deployPropertyDefaults.put(CmsDeployProperty.SSL_TRUSTSTOREPASSWORD, PkiUtils.DEFAULT_KEYSTORE_PASSWORD);
82
83 // SSH
84 Path authorizedKeysPath = getDataPath(KernelConstants.NODE_SSHD_AUTHORIZED_KEYS_PATH);
85 if (authorizedKeysPath != null) {
86 deployPropertyDefaults.put(CmsDeployProperty.SSHD_AUTHORIZEDKEYS,
87 authorizedKeysPath.toAbsolutePath().toString());
88 }
89 return deployPropertyDefaults;
90 }
91
92 public void start() {
93 // Runtime.getRuntime().addShutdownHook(new CmsShutdown());
94
95 try {
96 initSecurity();
97 // initArgeoLogger();
98
99 if (log.isTraceEnabled())
100 log.trace("CMS State started");
101
102 // String stateUuidStr = KernelUtils.getFrameworkProp(Constants.FRAMEWORK_UUID);
103 // this.uuid = UUID.fromString(stateUuidStr);
104 this.uuid = uuidFactory.timeUUID();
105 // this.cleanState = stateUuid.equals(frameworkUuid);
106
107 // hostname
108 this.hostname = getDeployProperty(CmsDeployProperty.HOST);
109 // TODO verify we have access to the IP address
110 if (hostname == null) {
111 final String LOCALHOST_IP = "::1";
112 ForkJoinTask<String> hostnameFJT = ForkJoinPool.commonPool().submit(() -> {
113 try {
114 String hostname = InetAddress.getLocalHost().getHostName();
115 return hostname;
116 } catch (UnknownHostException e) {
117 throw new IllegalStateException("Cannot get local hostname", e);
118 }
119 });
120 try {
121 this.hostname = hostnameFJT.get(5, TimeUnit.SECONDS);
122 } catch (InterruptedException | ExecutionException | TimeoutException e) {
123 this.hostname = LOCALHOST_IP;
124 log.warn("Could not get local hostname, using " + this.hostname);
125 }
126 }
127
128 availableSince = System.currentTimeMillis();
129 if (log.isDebugEnabled()) {
130 // log.debug("## CMS starting... stateUuid=" + this.stateUuid + (cleanState ? "
131 // (clean state) " : " "));
132 StringJoiner sb = new StringJoiner("\n");
133 CmsDeployProperty[] deployProperties = CmsDeployProperty.values();
134 Arrays.sort(deployProperties, (o1, o2) -> o1.name().compareTo(o2.name()));
135 for (CmsDeployProperty deployProperty : deployProperties) {
136 List<String> values = getDeployProperties(deployProperty);
137 for (int i = 0; i < values.size(); i++) {
138 String value = values.get(i);
139 if (value != null) {
140 boolean isDefault = deployPropertyDefaults.containsKey(deployProperty)
141 && value.equals(deployPropertyDefaults.get(deployProperty));
142 String line = deployProperty.getProperty() + (i == 0 ? "" : "." + i) + "=" + value
143 + (isDefault ? " (default)" : "");
144 sb.add(line);
145 }
146 }
147 }
148 log.debug("## CMS starting... (" + uuid + ")\n" + sb + "\n");
149 }
150
151 Path nodeBase = getDataPath(KernelConstants.DIR_PRIVATE);
152 if (nodeBase != null && !Files.exists(nodeBase)) {// first init
153 firstInit();
154 }
155
156 } catch (RuntimeException | IOException e) {
157 log.error("## FATAL: CMS state failed", e);
158 }
159 }
160
161 private void initSecurity() {
162 // private directory permissions
163 Path privateDir = KernelUtils.getOsgiInstancePath(KernelConstants.DIR_PRIVATE);
164 if (privateDir != null) {
165 // TODO rather check whether we can read and write
166 Set<PosixFilePermission> posixPermissions = new HashSet<>();
167 posixPermissions.add(PosixFilePermission.OWNER_READ);
168 posixPermissions.add(PosixFilePermission.OWNER_WRITE);
169 posixPermissions.add(PosixFilePermission.OWNER_EXECUTE);
170 try {
171 Files.setPosixFilePermissions(privateDir, posixPermissions);
172 } catch (IOException e) {
173 log.error("Cannot set permissions on " + privateDir);
174 }
175 }
176
177 if (getDeployProperty(CmsDeployProperty.JAVA_LOGIN_CONFIG) == null) {
178 String jaasConfig = KernelConstants.JAAS_CONFIG;
179 URL url = getClass().getResource(jaasConfig);
180 // System.setProperty(KernelConstants.JAAS_CONFIG_PROP,
181 // url.toExternalForm());
182 KernelUtils.setJaasConfiguration(url);
183 }
184 // explicitly load JAAS configuration
185 Configuration.getConfiguration();
186
187 boolean initSsl = getDeployProperty(CmsDeployProperty.HTTPS_PORT) != null;
188 if (initSsl) {
189 initCertificates();
190 }
191 }
192
193 private void initCertificates() {
194 // server certificate
195 Path keyStorePath = Paths.get(getDeployProperty(CmsDeployProperty.SSL_KEYSTORE));
196 Path pemKeyPath = getDataPath(PkiUtils.DEFAULT_PEM_KEY_PATH);
197 Path pemCertPath = getDataPath(PkiUtils.DEFAULT_PEM_CERT_PATH);
198 char[] keyStorePassword = getDeployProperty(CmsDeployProperty.SSL_PASSWORD).toCharArray();
199
200 // Keystore
201 // if PEM files both exists, update the PKCS12 file
202 if (Files.exists(pemCertPath) && Files.exists(pemKeyPath)) {
203 // TODO check certificate update time? monitor changes?
204 KeyStore keyStore = PkiUtils.getKeyStore(keyStorePath, keyStorePassword,
205 getDeployProperty(CmsDeployProperty.SSL_KEYSTORETYPE));
206 try (Reader key = Files.newBufferedReader(pemKeyPath, StandardCharsets.US_ASCII);
207 Reader cert = Files.newBufferedReader(pemCertPath, StandardCharsets.US_ASCII);) {
208 PkiUtils.loadPrivateCertificatePem(keyStore, CmsConstants.NODE, key, keyStorePassword, cert);
209 Files.createDirectories(keyStorePath.getParent());
210 PkiUtils.saveKeyStore(keyStorePath, keyStorePassword, keyStore);
211 if (log.isDebugEnabled())
212 log.debug("PEM certificate stored in " + keyStorePath);
213 } catch (IOException e) {
214 log.error("Cannot read PEM files " + pemKeyPath + " and " + pemCertPath, e);
215 }
216 }
217
218 // Truststore
219 Path trustStorePath = Paths.get(getDeployProperty(CmsDeployProperty.SSL_TRUSTSTORE));
220 char[] trustStorePassword = getDeployProperty(CmsDeployProperty.SSL_TRUSTSTOREPASSWORD).toCharArray();
221
222 // IPA CA
223 Path ipaCaCertPath = Paths.get(PkiUtils.IPA_PEM_CA_CERT_PATH);
224 if (Files.exists(ipaCaCertPath)) {
225 KeyStore trustStore = PkiUtils.getKeyStore(trustStorePath, trustStorePassword,
226 getDeployProperty(CmsDeployProperty.SSL_TRUSTSTORETYPE));
227 try (Reader cert = Files.newBufferedReader(ipaCaCertPath, StandardCharsets.US_ASCII);) {
228 PkiUtils.loadTrustedCertificatePem(trustStore, trustStorePassword, cert);
229 Files.createDirectories(keyStorePath.getParent());
230 PkiUtils.saveKeyStore(trustStorePath, trustStorePassword, trustStore);
231 if (log.isDebugEnabled())
232 log.debug("IPA CA certificate stored in " + trustStorePath);
233 } catch (IOException e) {
234 log.error("Cannot trust CA certificate", e);
235 }
236 }
237
238 if (!Files.exists(keyStorePath))
239 PkiUtils.createSelfSignedKeyStore(keyStorePath, keyStorePassword, PkiUtils.PKCS12);
240 // props.put(JettyHttpConstants.SSL_KEYSTORETYPE, PkiUtils.PKCS12);
241 // props.put(JettyHttpConstants.SSL_KEYSTORE, keyStorePath.toString());
242 // props.put(JettyHttpConstants.SSL_PASSWORD, new String(keyStorePassword));
243
244 // props.put(InternalHttpConstants.SSL_KEYSTORETYPE, "PKCS11");
245 // props.put(InternalHttpConstants.SSL_KEYSTORE, "../../nssdb");
246 // props.put(InternalHttpConstants.SSL_PASSWORD, keyStorePassword);
247
248 }
249
250 public void stop() {
251 if (log.isDebugEnabled())
252 log.debug("CMS stopping... (" + this.uuid + ")");
253
254 long duration = ((System.currentTimeMillis() - availableSince) / 1000) / 60;
255 log.info("## ARGEO CMS STOPPED after " + (duration / 60) + "h " + (duration % 60) + "min uptime ##");
256 }
257
258 private void firstInit() throws IOException {
259 log.info("## FIRST INIT ##");
260 List<String> nodeInits = getDeployProperties(CmsDeployProperty.NODE_INIT);
261 // if (nodeInits == null)
262 // nodeInits = "../../init";
263 CmsStateImpl.prepareFirstInitInstanceArea(nodeInits);
264 }
265
266 @Override
267 public String getDeployProperty(String property) {
268 CmsDeployProperty deployProperty = CmsDeployProperty.find(property);
269 if (deployProperty == null) {
270 // legacy
271 if (property.startsWith("argeo.node.")) {
272 return doGetDeployProperty(property);
273 }
274 if (property.equals("argeo.i18n.locales")) {
275 String value = doGetDeployProperty(property);
276 if (value != null) {
277 log.warn("Property " + property + " was ignored (value=" + value + ")");
278
279 }
280 return null;
281 }
282 throw new IllegalArgumentException("Unsupported deploy property " + property);
283 }
284 int index = CmsDeployProperty.getPropertyIndex(property);
285 return getDeployProperty(deployProperty, index);
286 }
287
288 @Override
289 public List<String> getDeployProperties(String property) {
290 CmsDeployProperty deployProperty = CmsDeployProperty.find(property);
291 if (deployProperty == null)
292 return new ArrayList<>();
293 return getDeployProperties(deployProperty);
294 }
295
296 public static List<String> getDeployProperties(CmsState cmsState, CmsDeployProperty deployProperty) {
297 return ((CmsStateImpl) cmsState).getDeployProperties(deployProperty);
298 }
299
300 public List<String> getDeployProperties(CmsDeployProperty deployProperty) {
301 List<String> res = new ArrayList<>(deployProperty.getMaxCount());
302 for (int i = 0; i < deployProperty.getMaxCount(); i++) {
303 // String propertyName = i == 0 ? deployProperty.getProperty() :
304 // deployProperty.getProperty() + "." + i;
305 String value = getDeployProperty(deployProperty, i);
306 res.add(i, value);
307 }
308 return res;
309 }
310
311 public static String getDeployProperty(CmsState cmsState, CmsDeployProperty deployProperty) {
312 return ((CmsStateImpl) cmsState).getDeployProperty(deployProperty);
313 }
314
315 public String getDeployProperty(CmsDeployProperty deployProperty) {
316 String value = getDeployProperty(deployProperty, 0);
317 return value;
318 }
319
320 public String getDeployProperty(CmsDeployProperty deployProperty, int index) {
321 String propertyName = deployProperty.getProperty() + (index == 0 ? "" : "." + index);
322 String value = doGetDeployProperty(propertyName);
323 if (value == null && index == 0) {
324 // try defaults
325 if (deployPropertyDefaults.containsKey(deployProperty)) {
326 value = deployPropertyDefaults.get(deployProperty);
327 if (deployProperty.isSystemPropertyOnly())
328 System.setProperty(deployProperty.getProperty(), value);
329 }
330
331 if (value == null) {
332 // try legacy properties
333 String legacyProperty = switch (deployProperty) {
334 case DIRECTORY -> "argeo.node.useradmin.uris";
335 case DB_URL -> "argeo.node.dburl";
336 case DB_USER -> "argeo.node.dbuser";
337 case DB_PASSWORD -> "argeo.node.dbpassword";
338 case HTTP_PORT -> "org.osgi.service.http.port";
339 case HTTPS_PORT -> "org.osgi.service.http.port.secure";
340 case HOST -> "org.eclipse.equinox.http.jetty.http.host";
341 case LOCALE -> "argeo.i18n.defaultLocale";
342
343 default -> null;
344 };
345 if (legacyProperty != null) {
346 value = doGetDeployProperty(legacyProperty);
347 if (value != null) {
348 log.warn("Retrieved deploy property " + deployProperty.getProperty()
349 + " through deprecated property " + legacyProperty);
350 }
351 }
352 }
353 }
354 if (index == 0 && deployProperty.isSystemPropertyOnly()) {
355 String systemPropertyValue = System.getProperty(deployProperty.getProperty());
356 if (!Objects.equals(value, systemPropertyValue))
357 throw new IllegalStateException(
358 "Property " + deployProperty + " must be a ssystem property, but its value is " + value
359 + ", while the system property value is " + systemPropertyValue);
360 }
361 return value != null ? value.toString() : null;
362 }
363
364 protected String getLegacyProperty(String legacyProperty, CmsDeployProperty deployProperty) {
365 String value = doGetDeployProperty(legacyProperty);
366 if (value != null) {
367 log.warn("Retrieved deploy property " + deployProperty.getProperty() + " through deprecated property "
368 + legacyProperty + ".");
369 }
370 return value;
371 }
372
373 protected String doGetDeployProperty(String property) {
374 return KernelUtils.getFrameworkProp(property);
375 }
376
377 @Override
378 public Path getDataPath(String relativePath) {
379 return KernelUtils.getOsgiInstancePath(relativePath);
380 }
381
382 @Override
383 public Long getAvailableSince() {
384 return availableSince;
385 }
386
387 /*
388 * ACCESSORS
389 */
390 @Override
391 public UUID getUuid() {
392 return uuid;
393 }
394
395 public void setUuidFactory(UuidFactory uuidFactory) {
396 this.uuidFactory = uuidFactory;
397 }
398
399 public String getHostname() {
400 return hostname;
401 }
402
403 /**
404 * Called before node initialisation, in order populate OSGi instance are with
405 * some files (typically LDIF, etc).
406 */
407 public static void prepareFirstInitInstanceArea(List<String> nodeInits) {
408
409 for (String nodeInit : nodeInits) {
410 if (nodeInit == null)
411 continue;
412
413 if (nodeInit.startsWith("http")) {
414 // TODO reconnect it
415 // registerRemoteInit(nodeInit);
416 } else {
417
418 // TODO use java.nio.file
419 Path initDir;
420 if (nodeInit.startsWith("."))
421 initDir = KernelUtils.getExecutionDir(nodeInit);
422 else
423 initDir = Paths.get(nodeInit);
424 // TODO also uncompress archives
425 if (Files.exists(initDir)) {
426 Path dataPath = KernelUtils.getOsgiInstancePath("");
427 FsUtils.copyDirectory(initDir, dataPath);
428 log.info("CMS initialized from " + initDir);
429 }
430 }
431 }
432 }
433
434 /*
435 * STATIC
436 */
437 public static IdentClient getIdentClient(String remoteAddr) {
438 if (!IdentClient.isDefaultAuthdPassphraseFileAvailable())
439 return null;
440 // TODO make passphrase more configurable
441 return new IdentClient(remoteAddr);
442 }
443 }
Argeo Commons - Lightweight integration framework in pure Java/OSGi