import java.io.FileFilter;
import java.io.IOException;
import java.io.Reader;
-import java.net.InetAddress;
import java.net.URL;
-import java.net.UnknownHostException;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.Path;
+import java.nio.file.Paths;
import java.security.KeyStore;
import java.util.ArrayList;
import java.util.Arrays;
private UUID uuid;
// private final boolean cleanState;
- private String hostname;
+// private String hostname;
private UuidFactory uuidFactory;
public CmsStateImpl() {
Map<CmsDeployProperty, String> deployPropertyDefaults = new HashMap<>();
- deployPropertyDefaults.put(CmsDeployProperty.SSL_KEYSTORETYPE, PkiUtils.PKCS12);
deployPropertyDefaults.put(CmsDeployProperty.NODE_INIT, "../../init");
deployPropertyDefaults.put(CmsDeployProperty.LOCALE, Locale.getDefault().toString());
+
+ // certificates
+ deployPropertyDefaults.put(CmsDeployProperty.SSL_KEYSTORETYPE, PkiUtils.PKCS12);
+ deployPropertyDefaults.put(CmsDeployProperty.SSL_PASSWORD, PkiUtils.DEFAULT_KEYSTORE_PASSWORD);
+ Path keyStorePath = getDataPath(PkiUtils.DEFAULT_KEYSTORE_PATH);
+ deployPropertyDefaults.put(CmsDeployProperty.SSL_KEYSTORE, keyStorePath.toAbsolutePath().toString());
+
+ Path trustStorePath = getDataPath(PkiUtils.DEFAULT_TRUSTSTORE_PATH);
+ deployPropertyDefaults.put(CmsDeployProperty.SSL_TRUSTSTORETYPE, PkiUtils.PKCS12);
+ deployPropertyDefaults.put(CmsDeployProperty.SSL_TRUSTSTOREPASSWORD, PkiUtils.DEFAULT_KEYSTORE_PASSWORD);
+ deployPropertyDefaults.put(CmsDeployProperty.SSL_TRUSTSTORE, trustStorePath.toAbsolutePath().toString());
+
this.deployPropertyDefaults = Collections.unmodifiableMap(deployPropertyDefaults);
}
// this.uuid = UUID.fromString(stateUuidStr);
this.uuid = uuidFactory.timeUUID();
// this.cleanState = stateUuid.equals(frameworkUuid);
- try {
- this.hostname = InetAddress.getLocalHost().getHostName();
- } catch (UnknownHostException e) {
- log.error("Cannot set hostname: " + e);
- }
+// try {
+// this.hostname = InetAddress.getLocalHost().getHostName();
+// } catch (UnknownHostException e) {
+// log.error("Cannot set hostname: " + e);
+// }
availableSince = System.currentTimeMillis();
if (log.isDebugEnabled()) {
}
} catch (RuntimeException | IOException e) {
- log.error("## FATAL: CMS activator failed", e);
+ log.error("## FATAL: CMS state failed", e);
}
}
private void initCertificates() {
// server certificate
- Path keyStorePath = getDataPath(PkiUtils.DEFAULT_KEYSTORE_PATH);
+ Path keyStorePath = Paths.get(getDeployProperty(CmsDeployProperty.SSL_KEYSTORE));
Path pemKeyPath = getDataPath(PkiUtils.DEFAULT_PEM_KEY_PATH);
Path pemCertPath = getDataPath(PkiUtils.DEFAULT_PEM_CERT_PATH);
- String keyStorePasswordStr = doGetDeployProperty(CmsDeployProperty.SSL_PASSWORD.getProperty());
- char[] keyStorePassword;
- if (keyStorePasswordStr == null)
- keyStorePassword = "changeit".toCharArray();
- else
- keyStorePassword = keyStorePasswordStr.toCharArray();
+ char[] keyStorePassword = getDeployProperty(CmsDeployProperty.SSL_PASSWORD).toCharArray();
+ // Keystore
// if PEM files both exists, update the PKCS12 file
if (Files.exists(pemCertPath) && Files.exists(pemKeyPath)) {
// TODO check certificate update time? monitor changes?
- KeyStore keyStore = PkiUtils.getKeyStore(keyStorePath, keyStorePassword, PkiUtils.PKCS12);
+ KeyStore keyStore = PkiUtils.getKeyStore(keyStorePath, keyStorePassword,
+ getDeployProperty(CmsDeployProperty.SSL_KEYSTORETYPE));
try (Reader key = Files.newBufferedReader(pemKeyPath, StandardCharsets.US_ASCII);
Reader cert = Files.newBufferedReader(pemCertPath, StandardCharsets.US_ASCII);) {
PkiUtils.loadPem(keyStore, key, keyStorePassword, cert);
+ Files.createDirectories(keyStorePath.getParent());
PkiUtils.saveKeyStore(keyStorePath, keyStorePassword, keyStore);
if (log.isDebugEnabled())
log.debug("PEM certificate stored in " + keyStorePath);
}
}
+ // Truststore
+ Path trustStorePath = Paths.get(getDeployProperty(CmsDeployProperty.SSL_TRUSTSTORE));
+ char[] trustStorePassword = getDeployProperty(CmsDeployProperty.SSL_TRUSTSTOREPASSWORD).toCharArray();
+
+ // IPA CA
+ Path ipaCaCertPath = Paths.get(PkiUtils.IPA_PEM_CA_CERT_PATH);
+ if (Files.exists(ipaCaCertPath)) {
+ KeyStore trustStore = PkiUtils.getKeyStore(trustStorePath, trustStorePassword,
+ getDeployProperty(CmsDeployProperty.SSL_TRUSTSTORETYPE));
+ try (Reader cert = Files.newBufferedReader(ipaCaCertPath, StandardCharsets.US_ASCII);) {
+ PkiUtils.loadPem(trustStore, null, trustStorePassword, cert);
+ Files.createDirectories(keyStorePath.getParent());
+ PkiUtils.saveKeyStore(trustStorePath, trustStorePassword, trustStore);
+ if (log.isDebugEnabled())
+ log.debug("IPA CA certificate stored in " + trustStorePath);
+ } catch (IOException e) {
+ log.error("Cannot trust CA certificate", e);
+ }
+ }
+
if (!Files.exists(keyStorePath))
PkiUtils.createSelfSignedKeyStore(keyStorePath, keyStorePassword, PkiUtils.PKCS12);
// props.put(JettyHttpConstants.SSL_KEYSTORETYPE, PkiUtils.PKCS12);
// try defaults
if (deployPropertyDefaults.containsKey(deployProperty)) {
value = deployPropertyDefaults.get(deployProperty);
+ if (deployProperty.isSystemPropertyOnly())
+ System.setProperty(deployProperty.getProperty(), value);
}
- // try legacy properties
- String legacyProperty = switch (deployProperty) {
- case DIRECTORY -> "argeo.node.useradmin.uris";
- case DB_URL -> "argeo.node.dburl";
- case DB_USER -> "argeo.node.dbuser";
- case DB_PASSWORD -> "argeo.node.dbpassword";
- case HTTP_PORT -> "org.osgi.service.http.port";
- case HTTPS_PORT -> "org.osgi.service.http.port.secure";
- case HOST -> "org.eclipse.equinox.http.jetty.http.host";
- case LOCALE -> "argeo.i18n.defaultLocale";
-
- default -> null;
- };
- if (legacyProperty != null) {
- value = doGetDeployProperty(legacyProperty);
- if (value != null) {
- log.warn("Retrieved deploy property " + deployProperty.getProperty()
- + " through deprecated property " + legacyProperty);
+
+ if (value == null) {
+ // try legacy properties
+ String legacyProperty = switch (deployProperty) {
+ case DIRECTORY -> "argeo.node.useradmin.uris";
+ case DB_URL -> "argeo.node.dburl";
+ case DB_USER -> "argeo.node.dbuser";
+ case DB_PASSWORD -> "argeo.node.dbpassword";
+ case HTTP_PORT -> "org.osgi.service.http.port";
+ case HTTPS_PORT -> "org.osgi.service.http.port.secure";
+ case HOST -> "org.eclipse.equinox.http.jetty.http.host";
+ case LOCALE -> "argeo.i18n.defaultLocale";
+
+ default -> null;
+ };
+ if (legacyProperty != null) {
+ value = doGetDeployProperty(legacyProperty);
+ if (value != null) {
+ log.warn("Retrieved deploy property " + deployProperty.getProperty()
+ + " through deprecated property " + legacyProperty);
+ }
}
}
}
/*
* ACCESSORS
*/
- public String getHostname() {
- return hostname;
- }
-
@Override
public UUID getUuid() {
return uuid;
public static void prepareFirstInitInstanceArea(List<String> nodeInits) {
for (String nodeInit : nodeInits) {
+ if(nodeInit==null)
+ continue;
if (nodeInit.startsWith("http")) {
// TODO reconnect it
projects / lgpl / argeo-commons.git / blobdiff