X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;ds=sidebyside;f=org.argeo.cms%2Fsrc%2Forg%2Fargeo%2Fcms%2Finternal%2Fruntime%2FCmsStateImpl.java;h=5c3838a0a3134a4a6e24e202ecd20e0c992e8711;hb=84914c5224fe7d441cc10f30b8418bf4ac4b0a0f;hp=c9109c8561fb2500485998c033cbb4ac4d58a419;hpb=8c6e16aa43d9523e1ec57a41a06b3ceba7d23fdb;p=lgpl%2Fargeo-commons.git

diff --git a/org.argeo.cms/src/org/argeo/cms/internal/runtime/CmsStateImpl.java b/org.argeo.cms/src/org/argeo/cms/internal/runtime/CmsStateImpl.java
index c9109c856..5c3838a0a 100644
--- a/org.argeo.cms/src/org/argeo/cms/internal/runtime/CmsStateImpl.java
+++ b/org.argeo.cms/src/org/argeo/cms/internal/runtime/CmsStateImpl.java
@@ -1,5 +1,6 @@
 package org.argeo.cms.internal.runtime;
 
+import java.io.BufferedInputStream;
 import java.io.IOException;
 import java.io.Reader;
 import java.net.InetAddress;
@@ -37,7 +38,7 @@ import org.argeo.api.cms.CmsState;
 import org.argeo.api.uuid.UuidFactory;
 import org.argeo.cms.CmsDeployProperty;
 import org.argeo.cms.auth.ident.IdentClient;
-import org.argeo.util.FsUtils;
+import org.argeo.cms.util.FsUtils;
 
 /**
  * Implementation of a {@link CmsState}, initialising the required services.
@@ -66,19 +67,19 @@ public class CmsStateImpl implements CmsState {
 		deployPropertyDefaults.put(CmsDeployProperty.LOCALE, Locale.getDefault().toString());
 
 		// certificates
-		deployPropertyDefaults.put(CmsDeployProperty.SSL_KEYSTORETYPE, PkiUtils.PKCS12);
-		deployPropertyDefaults.put(CmsDeployProperty.SSL_PASSWORD, PkiUtils.DEFAULT_KEYSTORE_PASSWORD);
-		Path keyStorePath = getDataPath(PkiUtils.DEFAULT_KEYSTORE_PATH);
+		deployPropertyDefaults.put(CmsDeployProperty.SSL_KEYSTORETYPE, KernelConstants.PKCS12);
+		deployPropertyDefaults.put(CmsDeployProperty.SSL_PASSWORD, KernelConstants.DEFAULT_KEYSTORE_PASSWORD);
+		Path keyStorePath = getDataPath(KernelConstants.DEFAULT_KEYSTORE_PATH);
 		if (keyStorePath != null) {
 			deployPropertyDefaults.put(CmsDeployProperty.SSL_KEYSTORE, keyStorePath.toAbsolutePath().toString());
 		}
 
-		Path trustStorePath = getDataPath(PkiUtils.DEFAULT_TRUSTSTORE_PATH);
+		Path trustStorePath = getDataPath(KernelConstants.DEFAULT_TRUSTSTORE_PATH);
 		if (trustStorePath != null) {
 			deployPropertyDefaults.put(CmsDeployProperty.SSL_TRUSTSTORE, trustStorePath.toAbsolutePath().toString());
 		}
-		deployPropertyDefaults.put(CmsDeployProperty.SSL_TRUSTSTORETYPE, PkiUtils.PKCS12);
-		deployPropertyDefaults.put(CmsDeployProperty.SSL_TRUSTSTOREPASSWORD, PkiUtils.DEFAULT_KEYSTORE_PASSWORD);
+		deployPropertyDefaults.put(CmsDeployProperty.SSL_TRUSTSTORETYPE, KernelConstants.PKCS12);
+		deployPropertyDefaults.put(CmsDeployProperty.SSL_TRUSTSTOREPASSWORD, KernelConstants.DEFAULT_KEYSTORE_PASSWORD);
 
 		// SSH
 		Path authorizedKeysPath = getDataPath(KernelConstants.NODE_SSHD_AUTHORIZED_KEYS_PATH);
@@ -148,9 +149,10 @@ public class CmsStateImpl implements CmsState {
 				log.debug("## CMS starting... (" + uuid + ")\n" + sb + "\n");
 			}
 
-			Path nodeBase = getDataPath(KernelConstants.DIR_PRIVATE);
-			if (nodeBase != null && !Files.exists(nodeBase)) {// first init
+			Path privateBase = getDataPath(KernelConstants.DIR_PRIVATE);
+			if (privateBase != null && !Files.exists(privateBase)) {// first init
 				firstInit();
+				Files.createDirectories(privateBase);
 			}
 
 		} catch (RuntimeException | IOException e) {
@@ -168,9 +170,11 @@ public class CmsStateImpl implements CmsState {
 			posixPermissions.add(PosixFilePermission.OWNER_WRITE);
 			posixPermissions.add(PosixFilePermission.OWNER_EXECUTE);
 			try {
+				if (!Files.exists(privateDir))
+					Files.createDirectories(privateDir);
 				Files.setPosixFilePermissions(privateDir, posixPermissions);
 			} catch (IOException e) {
-				log.error("Cannot set permissions on " + privateDir);
+				log.error("Cannot set permissions on " + privateDir, e);
 			}
 		}
 
@@ -193,8 +197,8 @@ public class CmsStateImpl implements CmsState {
 	private void initCertificates() {
 		// server certificate
 		Path keyStorePath = Paths.get(getDeployProperty(CmsDeployProperty.SSL_KEYSTORE));
-		Path pemKeyPath = getDataPath(PkiUtils.DEFAULT_PEM_KEY_PATH);
-		Path pemCertPath = getDataPath(PkiUtils.DEFAULT_PEM_CERT_PATH);
+		Path pemKeyPath = getDataPath(KernelConstants.DEFAULT_PEM_KEY_PATH);
+		Path pemCertPath = getDataPath(KernelConstants.DEFAULT_PEM_CERT_PATH);
 		char[] keyStorePassword = getDeployProperty(CmsDeployProperty.SSL_PASSWORD).toCharArray();
 
 		// Keystore
@@ -204,7 +208,7 @@ public class CmsStateImpl implements CmsState {
 			KeyStore keyStore = PkiUtils.getKeyStore(keyStorePath, keyStorePassword,
 					getDeployProperty(CmsDeployProperty.SSL_KEYSTORETYPE));
 			try (Reader key = Files.newBufferedReader(pemKeyPath, StandardCharsets.US_ASCII);
-					Reader cert = Files.newBufferedReader(pemCertPath, StandardCharsets.US_ASCII);) {
+					BufferedInputStream cert = new BufferedInputStream(Files.newInputStream(pemCertPath));) {
 				PkiUtils.loadPrivateCertificatePem(keyStore, CmsConstants.NODE, key, keyStorePassword, cert);
 				Files.createDirectories(keyStorePath.getParent());
 				PkiUtils.saveKeyStore(keyStorePath, keyStorePassword, keyStore);
@@ -220,11 +224,11 @@ public class CmsStateImpl implements CmsState {
 		char[] trustStorePassword = getDeployProperty(CmsDeployProperty.SSL_TRUSTSTOREPASSWORD).toCharArray();
 
 		// IPA CA
-		Path ipaCaCertPath = Paths.get(PkiUtils.IPA_PEM_CA_CERT_PATH);
+		Path ipaCaCertPath = Paths.get(KernelConstants.IPA_PEM_CA_CERT_PATH);
 		if (Files.exists(ipaCaCertPath)) {
 			KeyStore trustStore = PkiUtils.getKeyStore(trustStorePath, trustStorePassword,
 					getDeployProperty(CmsDeployProperty.SSL_TRUSTSTORETYPE));
-			try (Reader cert = Files.newBufferedReader(ipaCaCertPath, StandardCharsets.US_ASCII);) {
+			try (BufferedInputStream cert = new BufferedInputStream(Files.newInputStream(ipaCaCertPath));) {
 				PkiUtils.loadTrustedCertificatePem(trustStore, trustStorePassword, cert);
 				Files.createDirectories(keyStorePath.getParent());
 				PkiUtils.saveKeyStore(trustStorePath, trustStorePassword, trustStore);
@@ -235,16 +239,8 @@ public class CmsStateImpl implements CmsState {
 			}
 		}
 
-		if (!Files.exists(keyStorePath))
-			PkiUtils.createSelfSignedKeyStore(keyStorePath, keyStorePassword, PkiUtils.PKCS12);
-//		props.put(JettyHttpConstants.SSL_KEYSTORETYPE, PkiUtils.PKCS12);
-//		props.put(JettyHttpConstants.SSL_KEYSTORE, keyStorePath.toString());
-//		props.put(JettyHttpConstants.SSL_PASSWORD, new String(keyStorePassword));
-
-//		props.put(InternalHttpConstants.SSL_KEYSTORETYPE, "PKCS11");
-//		props.put(InternalHttpConstants.SSL_KEYSTORE, "../../nssdb");
-//		props.put(InternalHttpConstants.SSL_PASSWORD, keyStorePassword);
-
+//		if (!Files.exists(keyStorePath))
+//			PkiUtils.createSelfSignedKeyStore(keyStorePath, keyStorePassword, PkiUtils.PKCS12);
 	}
 
 	public void stop() {