]> git.argeo.org Git - lgpl/argeo-commons.git/blobdiff - org.argeo.cms/src/org/argeo/cms/internal/runtime/CmsStateImpl.java
Clarify CMS initialisation
[lgpl/argeo-commons.git] / org.argeo.cms / src / org / argeo / cms / internal / runtime / CmsStateImpl.java
index 7928857562e5a54ebc6c1388216afb82ca457ec3..d335b48b191b111ce428ac2bab5dc19beff228e8 100644 (file)
@@ -4,12 +4,11 @@ import java.io.File;
 import java.io.FileFilter;
 import java.io.IOException;
 import java.io.Reader;
-import java.net.InetAddress;
 import java.net.URL;
-import java.net.UnknownHostException;
 import java.nio.charset.StandardCharsets;
 import java.nio.file.Files;
 import java.nio.file.Path;
+import java.nio.file.Paths;
 import java.security.KeyStore;
 import java.util.ArrayList;
 import java.util.Arrays;
@@ -43,7 +42,7 @@ public class CmsStateImpl implements CmsState {
 
        private UUID uuid;
 //     private final boolean cleanState;
-       private String hostname;
+//     private String hostname;
 
        private UuidFactory uuidFactory;
 
@@ -51,9 +50,20 @@ public class CmsStateImpl implements CmsState {
 
        public CmsStateImpl() {
                Map<CmsDeployProperty, String> deployPropertyDefaults = new HashMap<>();
-               deployPropertyDefaults.put(CmsDeployProperty.SSL_KEYSTORETYPE, PkiUtils.PKCS12);
                deployPropertyDefaults.put(CmsDeployProperty.NODE_INIT, "../../init");
                deployPropertyDefaults.put(CmsDeployProperty.LOCALE, Locale.getDefault().toString());
+
+               // certificates
+               deployPropertyDefaults.put(CmsDeployProperty.SSL_KEYSTORETYPE, PkiUtils.PKCS12);
+               deployPropertyDefaults.put(CmsDeployProperty.SSL_PASSWORD, PkiUtils.DEFAULT_KEYSTORE_PASSWORD);
+               Path keyStorePath = getDataPath(PkiUtils.DEFAULT_KEYSTORE_PATH);
+               deployPropertyDefaults.put(CmsDeployProperty.SSL_KEYSTORE, keyStorePath.toAbsolutePath().toString());
+
+               Path trustStorePath = getDataPath(PkiUtils.DEFAULT_TRUSTSTORE_PATH);
+               deployPropertyDefaults.put(CmsDeployProperty.SSL_TRUSTSTORETYPE, PkiUtils.PKCS12);
+               deployPropertyDefaults.put(CmsDeployProperty.SSL_TRUSTSTOREPASSWORD, PkiUtils.DEFAULT_KEYSTORE_PASSWORD);
+               deployPropertyDefaults.put(CmsDeployProperty.SSL_TRUSTSTORE, trustStorePath.toAbsolutePath().toString());
+
                this.deployPropertyDefaults = Collections.unmodifiableMap(deployPropertyDefaults);
        }
 
@@ -71,11 +81,11 @@ public class CmsStateImpl implements CmsState {
 //                     this.uuid = UUID.fromString(stateUuidStr);
                        this.uuid = uuidFactory.timeUUID();
 //             this.cleanState = stateUuid.equals(frameworkUuid);
-                       try {
-                               this.hostname = InetAddress.getLocalHost().getHostName();
-                       } catch (UnknownHostException e) {
-                               log.error("Cannot set hostname: " + e);
-                       }
+//                     try {
+//                             this.hostname = InetAddress.getLocalHost().getHostName();
+//                     } catch (UnknownHostException e) {
+//                             log.error("Cannot set hostname: " + e);
+//                     }
 
                        availableSince = System.currentTimeMillis();
                        if (log.isDebugEnabled()) {
@@ -107,7 +117,7 @@ public class CmsStateImpl implements CmsState {
                        }
 
                } catch (RuntimeException | IOException e) {
-                       log.error("## FATAL: CMS activator failed", e);
+                       log.error("## FATAL: CMS state failed", e);
                }
        }
 
@@ -130,23 +140,21 @@ public class CmsStateImpl implements CmsState {
 
        private void initCertificates() {
                // server certificate
-               Path keyStorePath = getDataPath(PkiUtils.DEFAULT_KEYSTORE_PATH);
+               Path keyStorePath = Paths.get(getDeployProperty(CmsDeployProperty.SSL_KEYSTORE));
                Path pemKeyPath = getDataPath(PkiUtils.DEFAULT_PEM_KEY_PATH);
                Path pemCertPath = getDataPath(PkiUtils.DEFAULT_PEM_CERT_PATH);
-               String keyStorePasswordStr = doGetDeployProperty(CmsDeployProperty.SSL_PASSWORD.getProperty());
-               char[] keyStorePassword;
-               if (keyStorePasswordStr == null)
-                       keyStorePassword = "changeit".toCharArray();
-               else
-                       keyStorePassword = keyStorePasswordStr.toCharArray();
+               char[] keyStorePassword = getDeployProperty(CmsDeployProperty.SSL_PASSWORD).toCharArray();
 
+               // Keystore
                // if PEM files both exists, update the PKCS12 file
                if (Files.exists(pemCertPath) && Files.exists(pemKeyPath)) {
                        // TODO check certificate update time? monitor changes?
-                       KeyStore keyStore = PkiUtils.getKeyStore(keyStorePath, keyStorePassword, PkiUtils.PKCS12);
+                       KeyStore keyStore = PkiUtils.getKeyStore(keyStorePath, keyStorePassword,
+                                       getDeployProperty(CmsDeployProperty.SSL_KEYSTORETYPE));
                        try (Reader key = Files.newBufferedReader(pemKeyPath, StandardCharsets.US_ASCII);
                                        Reader cert = Files.newBufferedReader(pemCertPath, StandardCharsets.US_ASCII);) {
                                PkiUtils.loadPem(keyStore, key, keyStorePassword, cert);
+                               Files.createDirectories(keyStorePath.getParent());
                                PkiUtils.saveKeyStore(keyStorePath, keyStorePassword, keyStore);
                                if (log.isDebugEnabled())
                                        log.debug("PEM certificate stored in " + keyStorePath);
@@ -155,6 +163,26 @@ public class CmsStateImpl implements CmsState {
                        }
                }
 
+               // Truststore
+               Path trustStorePath = Paths.get(getDeployProperty(CmsDeployProperty.SSL_TRUSTSTORE));
+               char[] trustStorePassword = getDeployProperty(CmsDeployProperty.SSL_TRUSTSTOREPASSWORD).toCharArray();
+
+               // IPA CA
+               Path ipaCaCertPath = Paths.get(PkiUtils.IPA_PEM_CA_CERT_PATH);
+               if (Files.exists(ipaCaCertPath)) {
+                       KeyStore trustStore = PkiUtils.getKeyStore(trustStorePath, trustStorePassword,
+                                       getDeployProperty(CmsDeployProperty.SSL_TRUSTSTORETYPE));
+                       try (Reader cert = Files.newBufferedReader(ipaCaCertPath, StandardCharsets.US_ASCII);) {
+                               PkiUtils.loadPem(trustStore, null, trustStorePassword, cert);
+                               Files.createDirectories(keyStorePath.getParent());
+                               PkiUtils.saveKeyStore(trustStorePath, trustStorePassword, trustStore);
+                               if (log.isDebugEnabled())
+                                       log.debug("IPA CA certificate stored in " + trustStorePath);
+                       } catch (IOException e) {
+                               log.error("Cannot trust CA certificate", e);
+                       }
+               }
+
                if (!Files.exists(keyStorePath))
                        PkiUtils.createSelfSignedKeyStore(keyStorePath, keyStorePassword, PkiUtils.PKCS12);
 //             props.put(JettyHttpConstants.SSL_KEYSTORETYPE, PkiUtils.PKCS12);
@@ -244,25 +272,30 @@ public class CmsStateImpl implements CmsState {
                        // try defaults
                        if (deployPropertyDefaults.containsKey(deployProperty)) {
                                value = deployPropertyDefaults.get(deployProperty);
+                               if (deployProperty.isSystemPropertyOnly())
+                                       System.setProperty(deployProperty.getProperty(), value);
                        }
-                       // try legacy properties
-                       String legacyProperty = switch (deployProperty) {
-                       case DIRECTORY -> "argeo.node.useradmin.uris";
-                       case DB_URL -> "argeo.node.dburl";
-                       case DB_USER -> "argeo.node.dbuser";
-                       case DB_PASSWORD -> "argeo.node.dbpassword";
-                       case HTTP_PORT -> "org.osgi.service.http.port";
-                       case HTTPS_PORT -> "org.osgi.service.http.port.secure";
-                       case HOST -> "org.eclipse.equinox.http.jetty.http.host";
-                       case LOCALE -> "argeo.i18n.defaultLocale";
-
-                       default -> null;
-                       };
-                       if (legacyProperty != null) {
-                               value = doGetDeployProperty(legacyProperty);
-                               if (value != null) {
-                                       log.warn("Retrieved deploy property " + deployProperty.getProperty()
-                                                       + " through deprecated property " + legacyProperty);
+
+                       if (value == null) {
+                               // try legacy properties
+                               String legacyProperty = switch (deployProperty) {
+                               case DIRECTORY -> "argeo.node.useradmin.uris";
+                               case DB_URL -> "argeo.node.dburl";
+                               case DB_USER -> "argeo.node.dbuser";
+                               case DB_PASSWORD -> "argeo.node.dbpassword";
+                               case HTTP_PORT -> "org.osgi.service.http.port";
+                               case HTTPS_PORT -> "org.osgi.service.http.port.secure";
+                               case HOST -> "org.eclipse.equinox.http.jetty.http.host";
+                               case LOCALE -> "argeo.i18n.defaultLocale";
+
+                               default -> null;
+                               };
+                               if (legacyProperty != null) {
+                                       value = doGetDeployProperty(legacyProperty);
+                                       if (value != null) {
+                                               log.warn("Retrieved deploy property " + deployProperty.getProperty()
+                                                               + " through deprecated property " + legacyProperty);
+                                       }
                                }
                        }
                }
@@ -302,10 +335,6 @@ public class CmsStateImpl implements CmsState {
        /*
         * ACCESSORS
         */
-       public String getHostname() {
-               return hostname;
-       }
-
        @Override
        public UUID getUuid() {
                return uuid;
@@ -322,6 +351,8 @@ public class CmsStateImpl implements CmsState {
        public static void prepareFirstInitInstanceArea(List<String> nodeInits) {
 
                for (String nodeInit : nodeInits) {
+                       if(nodeInit==null)
+                               continue;
 
                        if (nodeInit.startsWith("http")) {
                                // TODO reconnect it