package org.argeo.cms.internal.runtime;
-import java.io.File;
-import java.io.FileFilter;
import java.io.IOException;
import java.io.Reader;
-import java.net.InetAddress;
import java.net.URL;
-import java.net.UnknownHostException;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.Path;
+import java.nio.file.Paths;
import java.security.KeyStore;
import java.util.ArrayList;
import java.util.Arrays;
import javax.security.auth.login.Configuration;
-import org.apache.commons.io.FileUtils;
import org.argeo.api.cms.CmsConstants;
import org.argeo.api.cms.CmsLog;
import org.argeo.api.cms.CmsState;
import org.argeo.api.uuid.UuidFactory;
import org.argeo.cms.CmsDeployProperty;
import org.argeo.cms.auth.ident.IdentClient;
+import org.argeo.util.FsUtils;
/**
* Implementation of a {@link CmsState}, initialising the required services.
private UUID uuid;
// private final boolean cleanState;
- private String hostname;
+// private String hostname;
private UuidFactory uuidFactory;
public CmsStateImpl() {
Map<CmsDeployProperty, String> deployPropertyDefaults = new HashMap<>();
- deployPropertyDefaults.put(CmsDeployProperty.SSL_KEYSTORETYPE, PkiUtils.PKCS12);
deployPropertyDefaults.put(CmsDeployProperty.NODE_INIT, "../../init");
deployPropertyDefaults.put(CmsDeployProperty.LOCALE, Locale.getDefault().toString());
+
+ // certificates
+ deployPropertyDefaults.put(CmsDeployProperty.SSL_KEYSTORETYPE, PkiUtils.PKCS12);
+ deployPropertyDefaults.put(CmsDeployProperty.SSL_PASSWORD, PkiUtils.DEFAULT_KEYSTORE_PASSWORD);
+ Path keyStorePath = getDataPath(PkiUtils.DEFAULT_KEYSTORE_PATH);
+ if (keyStorePath != null) {
+ deployPropertyDefaults.put(CmsDeployProperty.SSL_KEYSTORE, keyStorePath.toAbsolutePath().toString());
+ }
+
+ Path trustStorePath = getDataPath(PkiUtils.DEFAULT_TRUSTSTORE_PATH);
+ if (trustStorePath != null) {
+ deployPropertyDefaults.put(CmsDeployProperty.SSL_TRUSTSTORE, trustStorePath.toAbsolutePath().toString());
+ }
+ deployPropertyDefaults.put(CmsDeployProperty.SSL_TRUSTSTORETYPE, PkiUtils.PKCS12);
+ deployPropertyDefaults.put(CmsDeployProperty.SSL_TRUSTSTOREPASSWORD, PkiUtils.DEFAULT_KEYSTORE_PASSWORD);
+
this.deployPropertyDefaults = Collections.unmodifiableMap(deployPropertyDefaults);
}
// this.uuid = UUID.fromString(stateUuidStr);
this.uuid = uuidFactory.timeUUID();
// this.cleanState = stateUuid.equals(frameworkUuid);
- try {
- this.hostname = InetAddress.getLocalHost().getHostName();
- } catch (UnknownHostException e) {
- log.error("Cannot set hostname: " + e);
- }
+// try {
+// this.hostname = InetAddress.getLocalHost().getHostName();
+// } catch (UnknownHostException e) {
+// log.error("Cannot set hostname: " + e);
+// }
availableSince = System.currentTimeMillis();
if (log.isDebugEnabled()) {
log.debug("## CMS starting... (" + uuid + ")\n" + sb + "\n");
}
-// initI18n();
-// initServices();
- if (!Files.exists(getDataPath(CmsConstants.NODE))) {// first init
+ Path nodeBase = getDataPath(CmsConstants.NODE);
+ if (nodeBase != null && !Files.exists(nodeBase)) {// first init
firstInit();
}
} catch (RuntimeException | IOException e) {
- log.error("## FATAL: CMS activator failed", e);
+ log.error("## FATAL: CMS state failed", e);
}
}
private void initCertificates() {
// server certificate
- Path keyStorePath = getDataPath(PkiUtils.DEFAULT_KEYSTORE_PATH);
+ Path keyStorePath = Paths.get(getDeployProperty(CmsDeployProperty.SSL_KEYSTORE));
Path pemKeyPath = getDataPath(PkiUtils.DEFAULT_PEM_KEY_PATH);
Path pemCertPath = getDataPath(PkiUtils.DEFAULT_PEM_CERT_PATH);
- String keyStorePasswordStr = doGetDeployProperty(CmsDeployProperty.SSL_PASSWORD.getProperty());
- char[] keyStorePassword;
- if (keyStorePasswordStr == null)
- keyStorePassword = "changeit".toCharArray();
- else
- keyStorePassword = keyStorePasswordStr.toCharArray();
+ char[] keyStorePassword = getDeployProperty(CmsDeployProperty.SSL_PASSWORD).toCharArray();
+ // Keystore
// if PEM files both exists, update the PKCS12 file
if (Files.exists(pemCertPath) && Files.exists(pemKeyPath)) {
// TODO check certificate update time? monitor changes?
- KeyStore keyStore = PkiUtils.getKeyStore(keyStorePath, keyStorePassword, PkiUtils.PKCS12);
+ KeyStore keyStore = PkiUtils.getKeyStore(keyStorePath, keyStorePassword,
+ getDeployProperty(CmsDeployProperty.SSL_KEYSTORETYPE));
try (Reader key = Files.newBufferedReader(pemKeyPath, StandardCharsets.US_ASCII);
Reader cert = Files.newBufferedReader(pemCertPath, StandardCharsets.US_ASCII);) {
PkiUtils.loadPem(keyStore, key, keyStorePassword, cert);
+ Files.createDirectories(keyStorePath.getParent());
PkiUtils.saveKeyStore(keyStorePath, keyStorePassword, keyStore);
if (log.isDebugEnabled())
log.debug("PEM certificate stored in " + keyStorePath);
}
}
+ // Truststore
+ Path trustStorePath = Paths.get(getDeployProperty(CmsDeployProperty.SSL_TRUSTSTORE));
+ char[] trustStorePassword = getDeployProperty(CmsDeployProperty.SSL_TRUSTSTOREPASSWORD).toCharArray();
+
+ // IPA CA
+ Path ipaCaCertPath = Paths.get(PkiUtils.IPA_PEM_CA_CERT_PATH);
+ if (Files.exists(ipaCaCertPath)) {
+ KeyStore trustStore = PkiUtils.getKeyStore(trustStorePath, trustStorePassword,
+ getDeployProperty(CmsDeployProperty.SSL_TRUSTSTORETYPE));
+ try (Reader cert = Files.newBufferedReader(ipaCaCertPath, StandardCharsets.US_ASCII);) {
+ PkiUtils.loadPem(trustStore, null, trustStorePassword, cert);
+ Files.createDirectories(keyStorePath.getParent());
+ PkiUtils.saveKeyStore(trustStorePath, trustStorePassword, trustStore);
+ if (log.isDebugEnabled())
+ log.debug("IPA CA certificate stored in " + trustStorePath);
+ } catch (IOException e) {
+ log.error("Cannot trust CA certificate", e);
+ }
+ }
+
if (!Files.exists(keyStorePath))
PkiUtils.createSelfSignedKeyStore(keyStorePath, keyStorePassword, PkiUtils.PKCS12);
// props.put(JettyHttpConstants.SSL_KEYSTORETYPE, PkiUtils.PKCS12);
// try defaults
if (deployPropertyDefaults.containsKey(deployProperty)) {
value = deployPropertyDefaults.get(deployProperty);
+ if (deployProperty.isSystemPropertyOnly())
+ System.setProperty(deployProperty.getProperty(), value);
}
- // try legacy properties
- String legacyProperty = switch (deployProperty) {
- case DIRECTORY -> "argeo.node.useradmin.uris";
- case DB_URL -> "argeo.node.dburl";
- case DB_USER -> "argeo.node.dbuser";
- case DB_PASSWORD -> "argeo.node.dbpassword";
- case HTTP_PORT -> "org.osgi.service.http.port";
- case HTTPS_PORT -> "org.osgi.service.http.port.secure";
- case HOST -> "org.eclipse.equinox.http.jetty.http.host";
- case LOCALE -> "argeo.i18n.defaultLocale";
-
- default -> null;
- };
- if (legacyProperty != null) {
- value = doGetDeployProperty(legacyProperty);
- if (value != null) {
- log.warn("Retrieved deploy property " + deployProperty.getProperty()
- + " through deprecated property " + legacyProperty);
+
+ if (value == null) {
+ // try legacy properties
+ String legacyProperty = switch (deployProperty) {
+ case DIRECTORY -> "argeo.node.useradmin.uris";
+ case DB_URL -> "argeo.node.dburl";
+ case DB_USER -> "argeo.node.dbuser";
+ case DB_PASSWORD -> "argeo.node.dbpassword";
+ case HTTP_PORT -> "org.osgi.service.http.port";
+ case HTTPS_PORT -> "org.osgi.service.http.port.secure";
+ case HOST -> "org.eclipse.equinox.http.jetty.http.host";
+ case LOCALE -> "argeo.i18n.defaultLocale";
+
+ default -> null;
+ };
+ if (legacyProperty != null) {
+ value = doGetDeployProperty(legacyProperty);
+ if (value != null) {
+ log.warn("Retrieved deploy property " + deployProperty.getProperty()
+ + " through deprecated property " + legacyProperty);
+ }
}
}
}
/*
* ACCESSORS
*/
- public String getHostname() {
- return hostname;
- }
-
@Override
public UUID getUuid() {
return uuid;
public static void prepareFirstInitInstanceArea(List<String> nodeInits) {
for (String nodeInit : nodeInits) {
+ if (nodeInit == null)
+ continue;
if (nodeInit.startsWith("http")) {
// TODO reconnect it
} else {
// TODO use java.nio.file
- File initDir;
+ Path initDir;
if (nodeInit.startsWith("."))
initDir = KernelUtils.getExecutionDir(nodeInit);
else
- initDir = new File(nodeInit);
+ initDir = Paths.get(nodeInit);
// TODO also uncompress archives
- if (initDir.exists())
- try {
- // TODO use NIO utilities
- FileUtils.copyDirectory(initDir, KernelUtils.getOsgiInstancePath("").toFile(),
- new FileFilter() {
-
- @Override
- public boolean accept(File pathname) {
- if (pathname.getName().equals(".svn") || pathname.getName().equals(".git"))
- return false;
- return true;
- }
- });
- log.info("CMS initialized from " + initDir.getCanonicalPath());
- } catch (IOException e) {
- throw new RuntimeException("Cannot initialize from " + initDir, e);
- }
+ if (Files.exists(initDir)) {
+ Path dataPath = KernelUtils.getOsgiInstancePath("");
+ FsUtils.copyDirectory(initDir, dataPath);
+ log.info("CMS initialized from " + initDir);
+ }
}
}
}