import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.argeo.cms.CmsException;
-import org.argeo.cms.internal.http.HttpConstants;
+import org.argeo.cms.internal.http.InternalHttpConstants;
import org.argeo.cms.internal.jcr.RepoConf;
import org.argeo.node.NodeConstants;
import org.argeo.osgi.useradmin.UserAdminConf;
String httpPort = getFrameworkProp("org.osgi.service.http.port");
String httpsPort = getFrameworkProp("org.osgi.service.http.port.secure");
/// TODO make it more generic
- String httpHost = getFrameworkProp(HttpConstants.JETTY_PROPERTY_PREFIX + HttpConstants.HTTP_HOST);
- String httpsHost = getFrameworkProp(HttpConstants.JETTY_PROPERTY_PREFIX + HttpConstants.HTTPS_HOST);
+ String httpHost = getFrameworkProp(InternalHttpConstants.JETTY_PROPERTY_PREFIX + InternalHttpConstants.HTTP_HOST);
+ String httpsHost = getFrameworkProp(InternalHttpConstants.JETTY_PROPERTY_PREFIX + InternalHttpConstants.HTTPS_HOST);
+ String webSocketEnabled = getFrameworkProp(
+ InternalHttpConstants.JETTY_PROPERTY_PREFIX + InternalHttpConstants.WEBSOCKET_ENABLED);
final Hashtable<String, Object> props = new Hashtable<String, Object>();
// try {
if (httpPort != null || httpsPort != null) {
- if (httpPort != null) {
- props.put(HttpConstants.HTTP_PORT, httpPort);
- props.put(HttpConstants.HTTP_ENABLED, true);
+ boolean httpEnabled = httpPort != null;
+ props.put(InternalHttpConstants.HTTP_ENABLED, httpEnabled);
+ boolean httpsEnabled = httpsPort != null;
+ props.put(InternalHttpConstants.HTTPS_ENABLED, httpsEnabled);
+
+ if (httpEnabled) {
+ props.put(InternalHttpConstants.HTTP_PORT, httpPort);
+ if (httpHost != null)
+ props.put(InternalHttpConstants.HTTP_HOST, httpHost);
}
- if (httpsPort != null) {
- props.put(HttpConstants.HTTPS_PORT, httpsPort);
- props.put(HttpConstants.HTTPS_ENABLED, true);
+
+ if (httpsEnabled) {
+ props.put(InternalHttpConstants.HTTPS_PORT, httpsPort);
+ if (httpsHost != null)
+ props.put(InternalHttpConstants.HTTPS_HOST, httpsHost);
+
+ // server certificate
Path keyStorePath = KernelUtils.getOsgiInstancePath(KernelConstants.DEFAULT_KEYSTORE_PATH);
String keyStorePassword = getFrameworkProp(
- HttpConstants.JETTY_PROPERTY_PREFIX + HttpConstants.SSL_PASSWORD);
+ InternalHttpConstants.JETTY_PROPERTY_PREFIX + InternalHttpConstants.SSL_PASSWORD);
if (keyStorePassword == null)
keyStorePassword = "changeit";
if (!Files.exists(keyStorePath))
- createSelfSignedKeyStore(keyStorePath, keyStorePassword);
- props.put(HttpConstants.SSL_KEYSTORETYPE, "PKCS12");
- props.put(HttpConstants.SSL_KEYSTORE, keyStorePath.toString());
- props.put(HttpConstants.SSL_PASSWORD, keyStorePassword);
- props.put(HttpConstants.SSL_WANTCLIENTAUTH, true);
+ createSelfSignedKeyStore(keyStorePath, keyStorePassword, PkiUtils.PKCS12);
+ props.put(InternalHttpConstants.SSL_KEYSTORETYPE, PkiUtils.PKCS12);
+ props.put(InternalHttpConstants.SSL_KEYSTORE, keyStorePath.toString());
+ props.put(InternalHttpConstants.SSL_PASSWORD, keyStorePassword);
+
+ // client certificate authentication
+ String wantClientAuth = getFrameworkProp(
+ InternalHttpConstants.JETTY_PROPERTY_PREFIX + InternalHttpConstants.SSL_WANTCLIENTAUTH);
+ if (wantClientAuth != null)
+ props.put(InternalHttpConstants.SSL_WANTCLIENTAUTH, Boolean.parseBoolean(wantClientAuth));
String needClientAuth = getFrameworkProp(
- HttpConstants.JETTY_PROPERTY_PREFIX + HttpConstants.SSL_NEEDCLIENTAUTH);
- if (needClientAuth != null) {
- props.put(HttpConstants.SSL_NEEDCLIENTAUTH, Boolean.parseBoolean(needClientAuth));
- }
+ InternalHttpConstants.JETTY_PROPERTY_PREFIX + InternalHttpConstants.SSL_NEEDCLIENTAUTH);
+ if (needClientAuth != null)
+ props.put(InternalHttpConstants.SSL_NEEDCLIENTAUTH, Boolean.parseBoolean(needClientAuth));
}
- if (httpHost != null)
- props.put(HttpConstants.HTTP_HOST, httpHost);
- if (httpsHost != null)
- props.put(HttpConstants.HTTPS_HOST, httpHost);
+
+ // web socket
+ if (webSocketEnabled != null && webSocketEnabled.equals("true"))
+ props.put(InternalHttpConstants.WEBSOCKET_ENABLED, true);
props.put(NodeConstants.CN, NodeConstants.DEFAULT);
}
String demoBaseDn = "dc=example,dc=com";
userAdminUris = demoBaseDn + ".ldif";
File businessRolesFile = new File(nodeBaseDir, userAdminUris);
+ File systemRolesFile = new File(nodeBaseDir, "ou=roles,ou=node.ldif");
if (!businessRolesFile.exists())
try {
FileUtils.copyInputStreamToFile(InitUtils.class.getResourceAsStream(demoBaseDn + ".ldif"),
businessRolesFile);
+ if (!systemRolesFile.exists())
+ FileUtils.copyInputStreamToFile(
+ InitUtils.class.getResourceAsStream("example-ou=roles,ou=node.ldif"), systemRolesFile);
} catch (IOException e) {
- throw new CmsException("Cannot copy demo resource", e);
+ throw new CmsException("Cannot copy demo resources", e);
}
// userAdminUris = businessRolesFile.toURI().toString();
log.warn("## DEV Using dummy base DN " + demoBaseDn);
}
}
- private static void createSelfSignedKeyStore(Path keyStorePath, String keyStorePassword) {
+ private static void createSelfSignedKeyStore(Path keyStorePath, String keyStorePassword, String keyStoreType) {
// for (Provider provider : Security.getProviders())
// System.out.println(provider.getName());
File keyStoreFile = keyStorePath.toFile();
if (!keyStoreFile.exists()) {
try {
keyStoreFile.getParentFile().mkdirs();
- KeyStore keyStore = PkiUtils.getKeyStore(keyStoreFile, ksPwd);
+ KeyStore keyStore = PkiUtils.getKeyStore(keyStoreFile, ksPwd, keyStoreType);
PkiUtils.generateSelfSignedCertificate(keyStore,
new X500Principal("CN=" + InetAddress.getLocalHost().getHostName() + ",OU=UNSECURE,O=UNSECURE"),
1024, keyPwd);