]> git.argeo.org Git - lgpl/argeo-commons.git/blobdiff - org.argeo.cms/src/org/argeo/cms/internal/runtime/InitUtils.java
projects / lgpl / argeo-commons.git / blobdiff
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Disable OSGi configuration admin and LDIF-based deploy config.
[lgpl/argeo-commons.git] / org.argeo.cms / src / org / argeo / cms / internal / runtime / InitUtils.java
diff --git a/org.argeo.cms/src/org/argeo/cms/internal/runtime/InitUtils.java b/org.argeo.cms/src/org/argeo/cms/internal/runtime/InitUtils.java
index 70ea9ec486e6838f526c5de3b6733eb0a93a5364..f634e43b524b67a33d43837448a47f9a13f68f4b 100644 (file)
--- a/org.argeo.cms/src/org/argeo/cms/internal/runtime/InitUtils.java
+++ b/org.argeo.cms/src/org/argeo/cms/internal/runtime/InitUtils.java
@@ -5,26 +5,15 @@ import static org.argeo.cms.internal.runtime.KernelUtils.getFrameworkProp;
 import java.io.File;
 import java.io.FileFilter;
 import java.io.IOException;
-import java.io.Reader;
-import java.net.InetAddress;
 import java.net.URI;
-import java.nio.charset.StandardCharsets;
-import java.nio.file.Files;
-import java.nio.file.Path;
-import java.security.KeyStore;
 import java.util.ArrayList;
-import java.util.Arrays;
 import java.util.Dictionary;
-import java.util.Hashtable;
 import java.util.List;
 
-import javax.security.auth.x500.X500Principal;
-
 import org.apache.commons.io.FileUtils;
 import org.argeo.api.cms.CmsConstants;
 import org.argeo.api.cms.CmsLog;
-import org.argeo.cms.internal.http.InternalHttpConstants;
-import org.argeo.osgi.useradmin.UserAdminConf;
+import org.argeo.util.directory.DirectoryConf;
 
 /**
  * Interprets framework properties in order to generate the initial deploy
@@ -34,92 +23,92 @@ public class InitUtils {
        private final static CmsLog log = CmsLog.getLog(InitUtils.class);
 
        /** Override the provided config with the framework properties */
-       public static Dictionary<String, Object> getHttpServerConfig(Dictionary<String, Object> provided) {
-               String httpPort = getFrameworkProp("org.osgi.service.http.port");
-               String httpsPort = getFrameworkProp("org.osgi.service.http.port.secure");
-               /// TODO make it more generic
-               String httpHost = getFrameworkProp(
-                               InternalHttpConstants.JETTY_PROPERTY_PREFIX + InternalHttpConstants.HTTP_HOST);
-               String httpsHost = getFrameworkProp(
-                               InternalHttpConstants.JETTY_PROPERTY_PREFIX + InternalHttpConstants.HTTPS_HOST);
-               String webSocketEnabled = getFrameworkProp(
-                               InternalHttpConstants.JETTY_PROPERTY_PREFIX + InternalHttpConstants.WEBSOCKET_ENABLED);
-
-               final Hashtable<String, Object> props = new Hashtable<String, Object>();
-               // try {
-               if (httpPort != null || httpsPort != null) {
-                       boolean httpEnabled = httpPort != null;
-                       props.put(InternalHttpConstants.HTTP_ENABLED, httpEnabled);
-                       boolean httpsEnabled = httpsPort != null;
-                       props.put(InternalHttpConstants.HTTPS_ENABLED, httpsEnabled);
-
-                       if (httpEnabled) {
-                               props.put(InternalHttpConstants.HTTP_PORT, httpPort);
-                               if (httpHost != null)
-                                       props.put(InternalHttpConstants.HTTP_HOST, httpHost);
-                       }
-
-                       if (httpsEnabled) {
-                               props.put(InternalHttpConstants.HTTPS_PORT, httpsPort);
-                               if (httpsHost != null)
-                                       props.put(InternalHttpConstants.HTTPS_HOST, httpsHost);
-
-                               // server certificate
-                               Path keyStorePath = KernelUtils.getOsgiInstancePath(KernelConstants.DEFAULT_KEYSTORE_PATH);
-                               Path pemKeyPath = KernelUtils.getOsgiInstancePath(KernelConstants.DEFAULT_PEM_KEY_PATH);
-                               Path pemCertPath = KernelUtils.getOsgiInstancePath(KernelConstants.DEFAULT_PEM_CERT_PATH);
-                               String keyStorePasswordStr = getFrameworkProp(
-                                               InternalHttpConstants.JETTY_PROPERTY_PREFIX + InternalHttpConstants.SSL_PASSWORD);
-                               char[] keyStorePassword;
-                               if (keyStorePasswordStr == null)
-                                       keyStorePassword = "changeit".toCharArray();
-                               else
-                                       keyStorePassword = keyStorePasswordStr.toCharArray();
-
-                               // if PEM files both exists, update the PKCS12 file
-                               if (Files.exists(pemCertPath) && Files.exists(pemKeyPath)) {
-                                       // TODO check certificate update time? monitor changes?
-                                       KeyStore keyStore = PkiUtils.getKeyStore(keyStorePath, keyStorePassword, PkiUtils.PKCS12);
-                                       try (Reader key = Files.newBufferedReader(pemKeyPath, StandardCharsets.US_ASCII);
-                                                       Reader cert = Files.newBufferedReader(pemCertPath, StandardCharsets.US_ASCII);) {
-                                               PkiUtils.loadPem(keyStore, key, keyStorePassword, cert);
-                                               PkiUtils.saveKeyStore(keyStorePath, keyStorePassword, keyStore);
-                                               if (log.isDebugEnabled())
-                                                       log.debug("PEM certificate stored in " + keyStorePath);
-                                       } catch (IOException e) {
-                                               log.error("Cannot read PEM files " + pemKeyPath + " and " + pemCertPath, e);
-                                       }
-                               }
-
-                               if (!Files.exists(keyStorePath))
-                                       createSelfSignedKeyStore(keyStorePath, keyStorePassword, PkiUtils.PKCS12);
-                               props.put(InternalHttpConstants.SSL_KEYSTORETYPE, PkiUtils.PKCS12);
-                               props.put(InternalHttpConstants.SSL_KEYSTORE, keyStorePath.toString());
-                               props.put(InternalHttpConstants.SSL_PASSWORD, new String(keyStorePassword));
-
-//                             props.put(InternalHttpConstants.SSL_KEYSTORETYPE, "PKCS11");
-//                             props.put(InternalHttpConstants.SSL_KEYSTORE, "../../nssdb");
-//                             props.put(InternalHttpConstants.SSL_PASSWORD, keyStorePassword);
-
-                               // client certificate authentication
-                               String wantClientAuth = getFrameworkProp(
-                                               InternalHttpConstants.JETTY_PROPERTY_PREFIX + InternalHttpConstants.SSL_WANTCLIENTAUTH);
-                               if (wantClientAuth != null)
-                                       props.put(InternalHttpConstants.SSL_WANTCLIENTAUTH, Boolean.parseBoolean(wantClientAuth));
-                               String needClientAuth = getFrameworkProp(
-                                               InternalHttpConstants.JETTY_PROPERTY_PREFIX + InternalHttpConstants.SSL_NEEDCLIENTAUTH);
-                               if (needClientAuth != null)
-                                       props.put(InternalHttpConstants.SSL_NEEDCLIENTAUTH, Boolean.parseBoolean(needClientAuth));
-                       }
-
-                       // web socket
-                       if (webSocketEnabled != null && webSocketEnabled.equals("true"))
-                               props.put(InternalHttpConstants.WEBSOCKET_ENABLED, true);
-
-                       props.put(CmsConstants.CN, CmsConstants.DEFAULT);
-               }
-               return props;
-       }
+//     public static Dictionary<String, Object> getHttpServerConfig(Dictionary<String, Object> provided) {
+//             String httpPort = getFrameworkProp("org.osgi.service.http.port");
+//             String httpsPort = getFrameworkProp("org.osgi.service.http.port.secure");
+//             /// TODO make it more generic
+//             String httpHost = getFrameworkProp(
+//                             InternalHttpConstants.JETTY_PROPERTY_PREFIX + InternalHttpConstants.HTTP_HOST);
+//             String httpsHost = getFrameworkProp(
+//                             InternalHttpConstants.JETTY_PROPERTY_PREFIX + InternalHttpConstants.HTTPS_HOST);
+//             String webSocketEnabled = getFrameworkProp(
+//                             InternalHttpConstants.JETTY_PROPERTY_PREFIX + InternalHttpConstants.WEBSOCKET_ENABLED);
+//
+//             final Hashtable<String, Object> props = new Hashtable<String, Object>();
+//             // try {
+//             if (httpPort != null || httpsPort != null) {
+//                     boolean httpEnabled = httpPort != null;
+//                     props.put(InternalHttpConstants.HTTP_ENABLED, httpEnabled);
+//                     boolean httpsEnabled = httpsPort != null;
+//                     props.put(InternalHttpConstants.HTTPS_ENABLED, httpsEnabled);
+//
+//                     if (httpEnabled) {
+//                             props.put(InternalHttpConstants.HTTP_PORT, httpPort);
+//                             if (httpHost != null)
+//                                     props.put(InternalHttpConstants.HTTP_HOST, httpHost);
+//                     }
+//
+//                     if (httpsEnabled) {
+//                             props.put(InternalHttpConstants.HTTPS_PORT, httpsPort);
+//                             if (httpsHost != null)
+//                                     props.put(InternalHttpConstants.HTTPS_HOST, httpsHost);
+//
+//                             // server certificate
+//                             Path keyStorePath = KernelUtils.getOsgiInstancePath(KernelConstants.DEFAULT_KEYSTORE_PATH);
+//                             Path pemKeyPath = KernelUtils.getOsgiInstancePath(KernelConstants.DEFAULT_PEM_KEY_PATH);
+//                             Path pemCertPath = KernelUtils.getOsgiInstancePath(KernelConstants.DEFAULT_PEM_CERT_PATH);
+//                             String keyStorePasswordStr = getFrameworkProp(
+//                                             InternalHttpConstants.JETTY_PROPERTY_PREFIX + InternalHttpConstants.SSL_PASSWORD);
+//                             char[] keyStorePassword;
+//                             if (keyStorePasswordStr == null)
+//                                     keyStorePassword = "changeit".toCharArray();
+//                             else
+//                                     keyStorePassword = keyStorePasswordStr.toCharArray();
+//
+//                             // if PEM files both exists, update the PKCS12 file
+//                             if (Files.exists(pemCertPath) && Files.exists(pemKeyPath)) {
+//                                     // TODO check certificate update time? monitor changes?
+//                                     KeyStore keyStore = PkiUtils.getKeyStore(keyStorePath, keyStorePassword, PkiUtils.PKCS12);
+//                                     try (Reader key = Files.newBufferedReader(pemKeyPath, StandardCharsets.US_ASCII);
+//                                                     Reader cert = Files.newBufferedReader(pemCertPath, StandardCharsets.US_ASCII);) {
+//                                             PkiUtils.loadPem(keyStore, key, keyStorePassword, cert);
+//                                             PkiUtils.saveKeyStore(keyStorePath, keyStorePassword, keyStore);
+//                                             if (log.isDebugEnabled())
+//                                                     log.debug("PEM certificate stored in " + keyStorePath);
+//                                     } catch (IOException e) {
+//                                             log.error("Cannot read PEM files " + pemKeyPath + " and " + pemCertPath, e);
+//                                     }
+//                             }
+//
+//                             if (!Files.exists(keyStorePath))
+//                                     createSelfSignedKeyStore(keyStorePath, keyStorePassword, PkiUtils.PKCS12);
+//                             props.put(InternalHttpConstants.SSL_KEYSTORETYPE, PkiUtils.PKCS12);
+//                             props.put(InternalHttpConstants.SSL_KEYSTORE, keyStorePath.toString());
+//                             props.put(InternalHttpConstants.SSL_PASSWORD, new String(keyStorePassword));
+//
+////                           props.put(InternalHttpConstants.SSL_KEYSTORETYPE, "PKCS11");
+////                           props.put(InternalHttpConstants.SSL_KEYSTORE, "../../nssdb");
+////                           props.put(InternalHttpConstants.SSL_PASSWORD, keyStorePassword);
+//
+//                             // client certificate authentication
+//                             String wantClientAuth = getFrameworkProp(
+//                                             InternalHttpConstants.JETTY_PROPERTY_PREFIX + InternalHttpConstants.SSL_WANTCLIENTAUTH);
+//                             if (wantClientAuth != null)
+//                                     props.put(InternalHttpConstants.SSL_WANTCLIENTAUTH, Boolean.parseBoolean(wantClientAuth));
+//                             String needClientAuth = getFrameworkProp(
+//                                             InternalHttpConstants.JETTY_PROPERTY_PREFIX + InternalHttpConstants.SSL_NEEDCLIENTAUTH);
+//                             if (needClientAuth != null)
+//                                     props.put(InternalHttpConstants.SSL_NEEDCLIENTAUTH, Boolean.parseBoolean(needClientAuth));
+//                     }
+//
+//                     // web socket
+//                     if (webSocketEnabled != null && webSocketEnabled.equals("true"))
+//                             props.put(InternalHttpConstants.WEBSOCKET_ENABLED, true);
+//
+//                     props.put(CmsConstants.CN, CmsConstants.DEFAULT);
+//             }
+//             return props;
+//     }
 
        public static List<Dictionary<String, Object>> getUserDirectoryConfigs() {
                List<Dictionary<String, Object>> res = new ArrayList<>();
@@ -182,7 +171,8 @@ public class InitUtils {
                        // TODO downgrade security level
                }
                for (String userAdminUri : userAdminUris.split(" "))
-                       uris.add(userAdminUri);
+                       if (!userAdminUri.trim().equals(""))
+                               uris.add(userAdminUri);
 
                // Interprets URIs
                for (String uri : uris) {
@@ -200,13 +190,13 @@ public class InitUtils {
                                                u = new URI(uri);
                                        } else
                                                throw new IllegalArgumentException("Cannot interpret " + uri + " as an uri");
-                               } else if (u.getScheme().equals(UserAdminConf.SCHEME_FILE)) {
+                               } else if (u.getScheme().equals(DirectoryConf.SCHEME_FILE)) {
                                        u = new File(u).getCanonicalFile().toURI();
                                }
                        } catch (Exception e) {
                                throw new RuntimeException("Cannot interpret " + uri + " as an uri", e);
                        }
-                       Dictionary<String, Object> properties = UserAdminConf.uriAsProperties(u.toString());
+                       Dictionary<String, Object> properties = DirectoryConf.uriAsProperties(u.toString());
                        res.add(properties);
                }
 
@@ -238,15 +228,17 @@ public class InitUtils {
                                // TODO also uncompress archives
                                if (initDir.exists())
                                        try {
-                                               FileUtils.copyDirectory(initDir, KernelUtils.getOsgiInstanceDir(), new FileFilter() {
-
-                                                       @Override
-                                                       public boolean accept(File pathname) {
-                                                               if (pathname.getName().equals(".svn") || pathname.getName().equals(".git"))
-                                                                       return false;
-                                                               return true;
-                                                       }
-                                               });
+                                               // TODO use NIO utilities
+                                               FileUtils.copyDirectory(initDir, KernelUtils.getOsgiInstancePath("").toFile(),
+                                                               new FileFilter() {
+
+                                                                       @Override
+                                                                       public boolean accept(File pathname) {
+                                                                               if (pathname.getName().equals(".svn") || pathname.getName().equals(".git"))
+                                                                                       return false;
+                                                                               return true;
+                                                                       }
+                                                               });
                                                log.info("CMS initialized from " + initDir.getCanonicalPath());
                                        } catch (IOException e) {
                                                throw new RuntimeException("Cannot initialize from " + initDir, e);
@@ -255,33 +247,4 @@ public class InitUtils {
                }
        }
 
-       private static void createSelfSignedKeyStore(Path keyStorePath, char[] keyStorePassword, String keyStoreType) {
-               // for (Provider provider : Security.getProviders())
-               // System.out.println(provider.getName());
-//             File keyStoreFile = keyStorePath.toFile();
-               char[] keyPwd = Arrays.copyOf(keyStorePassword, keyStorePassword.length);
-               if (!Files.exists(keyStorePath)) {
-                       try {
-                               Files.createDirectories(keyStorePath.getParent());
-                               KeyStore keyStore = PkiUtils.getKeyStore(keyStorePath, keyStorePassword, keyStoreType);
-                               PkiUtils.generateSelfSignedCertificate(keyStore,
-                                               new X500Principal("CN=" + InetAddress.getLocalHost().getHostName() + ",OU=UNSECURE,O=UNSECURE"),
-                                               1024, keyPwd);
-                               PkiUtils.saveKeyStore(keyStorePath, keyStorePassword, keyStore);
-                               if (log.isDebugEnabled())
-                                       log.debug("Created self-signed unsecure keystore " + keyStorePath);
-                       } catch (Exception e) {
-                               try {
-                                       if (Files.size(keyStorePath) == 0)
-                                               Files.delete(keyStorePath);
-                               } catch (IOException e1) {
-                                       // silent
-                               }
-                               log.error("Cannot create keystore " + keyStorePath, e);
-                       }
-               } else {
-                       throw new IllegalStateException("Keystore " + keyStorePath + " already exists");
-               }
-       }
-
 }
Argeo Commons - Lightweight integration framework in pure Java/OSGi