+ public void start(BundleContext bundleContext) throws Exception {
+ Runtime.getRuntime().addShutdownHook(new CmsShutdown());
+ instance = this;
+ this.bc = bundleContext;
+ this.logReaderService = getService(LogReaderService.class);
+
+ try {
+ initSecurity();
+ initArgeoLogger();
+ initNode();
+
+ userAdminSt = new ServiceTracker<>(instance.bc, UserAdmin.class, null);
+ userAdminSt.open();
+ if (log.isTraceEnabled())
+ log.trace("Kernel bundle started");
+ } catch (Throwable e) {
+ log.error("## FATAL: CMS activator failed", e);
+ }
+ }
+
+ private void initSecurity() {
+ if (System.getProperty(KernelConstants.JAAS_CONFIG_PROP) == null) {
+ String jaasConfig = KernelConstants.JAAS_CONFIG;
+ URL url = getClass().getClassLoader().getResource(jaasConfig);
+ // System.setProperty(KernelConstants.JAAS_CONFIG_PROP,
+ // url.toExternalForm());
+ KernelUtils.setJaasConfiguration(url);
+ }
+ // explicitly load JAAS configuration
+ Configuration.getConfiguration();
+
+ // code-level permissions
+ String osgiSecurity = KernelUtils.getFrameworkProp(Constants.FRAMEWORK_SECURITY);
+ if (osgiSecurity != null && Constants.FRAMEWORK_SECURITY_OSGI.equals(osgiSecurity)) {
+ // TODO rather use a tracker?
+ ConditionalPermissionAdmin permissionAdmin = bc
+ .getService(bc.getServiceReference(ConditionalPermissionAdmin.class));
+ if (!hardened) {
+ // All permissions to all bundles
+ ConditionalPermissionUpdate update = permissionAdmin.newConditionalPermissionUpdate();
+ update.getConditionalPermissionInfos().add(permissionAdmin.newConditionalPermissionInfo(null,
+ new ConditionInfo[] {
+ new ConditionInfo(BundleLocationCondition.class.getName(), new String[] { "*" }) },
+ new PermissionInfo[] { new PermissionInfo(AllPermission.class.getName(), null, null) },
+ ConditionalPermissionInfo.ALLOW));
+ // TODO data admin permission
+// PermissionInfo dataAdminPerm = new PermissionInfo(AuthPermission.class.getName(),
+// "createLoginContext." + NodeConstants.LOGIN_CONTEXT_DATA_ADMIN, null);
+// update.getConditionalPermissionInfos().add(permissionAdmin.newConditionalPermissionInfo(null,
+// new ConditionInfo[] {
+// new ConditionInfo(BundleLocationCondition.class.getName(), new String[] { "*" }) },
+// new PermissionInfo[] { dataAdminPerm }, ConditionalPermissionInfo.DENY));
+// update.getConditionalPermissionInfos().add(permissionAdmin.newConditionalPermissionInfo(null,
+// new ConditionInfo[] {
+// new ConditionInfo(BundleSignerCondition.class.getName(), new String[] { "CN=\"Eclipse.org Foundation, Inc.\", OU=IT, O=\"Eclipse.org Foundation, Inc.\", L=Nepean, ST=Ontario, C=CA" }) },
+// new PermissionInfo[] { dataAdminPerm }, ConditionalPermissionInfo.ALLOW));
+ update.commit();
+ } else {
+ SecurityProfile securityProfile = new SecurityProfile() {
+ };
+ securityProfile.applySystemPermissions(permissionAdmin);
+ }
+ }
+
+ }
+
+ private void initArgeoLogger() {
+ logger = new NodeLogger(logReaderService);
+ bc.registerService(ArgeoLogger.class, logger, null);
+ }
+
+ private void initNode() throws IOException {
+ // Node state
+ Path stateUuidPath = bc.getDataFile("stateUuid").toPath();
+ String stateUuid;
+ if (Files.exists(stateUuidPath)) {
+ stateUuid = Files.readAllLines(stateUuidPath).get(0);
+ } else {
+ stateUuid = bc.getProperty(Constants.FRAMEWORK_UUID);
+ Files.write(stateUuidPath, stateUuid.getBytes());
+ }
+ nodeState = new CmsState(stateUuid);
+ Dictionary<String, Object> regProps = LangUtils.dico(Constants.SERVICE_PID, NodeConstants.NODE_STATE_PID);
+ regProps.put(NodeConstants.CN, stateUuid);
+ bc.registerService(NodeState.class, nodeState, regProps);
+
+ // Node deployment
+ nodeDeployment = new CmsDeployment();
+ bc.registerService(NodeDeployment.class, nodeDeployment, null);
+
+ // Node instance
+ nodeInstance = new CmsInstance();
+ bc.registerService(NodeInstance.class, nodeInstance, null);