X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=org.argeo.cms%2Fsrc%2Forg%2Fargeo%2Fcms%2Finternal%2Fkernel%2FActivator.java;h=6d50f3dabed2f2c1de6b758c6fb35080a37a7f4c;hb=52a45835da8cd816ac2e2b22ee9b84101fe8fb06;hp=1b21f56635f8885242cef1e26443b87a1708c9ab;hpb=f7944a8accf7b9cfc3cffe6e6f5c611cd48f592c;p=lgpl%2Fargeo-commons.git

diff --git a/org.argeo.cms/src/org/argeo/cms/internal/kernel/Activator.java b/org.argeo.cms/src/org/argeo/cms/internal/kernel/Activator.java
index 1b21f5663..6d50f3dab 100644
--- a/org.argeo.cms/src/org/argeo/cms/internal/kernel/Activator.java
+++ b/org.argeo.cms/src/org/argeo/cms/internal/kernel/Activator.java
@@ -1,65 +1,293 @@
 package org.argeo.cms.internal.kernel;
 
-import java.util.UUID;
+import java.io.IOException;
+import java.net.URL;
+import java.security.AllPermission;
+import java.util.Dictionary;
+import java.util.List;
+import java.util.Locale;
+import java.util.concurrent.ExecutorService;
+import java.util.concurrent.Executors;
+
+import javax.security.auth.login.Configuration;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
-import org.argeo.security.SystemAuthentication;
+import org.argeo.api.ArgeoLogger;
+import org.argeo.api.NodeConstants;
+import org.argeo.api.NodeDeployment;
+import org.argeo.api.NodeInstance;
+import org.argeo.api.NodeState;
+import org.argeo.ident.IdentClient;
+import org.ietf.jgss.GSSCredential;
+import org.osgi.framework.Bundle;
 import org.osgi.framework.BundleActivator;
 import org.osgi.framework.BundleContext;
+import org.osgi.framework.Constants;
+import org.osgi.framework.FrameworkUtil;
+import org.osgi.service.condpermadmin.BundleLocationCondition;
+import org.osgi.service.condpermadmin.ConditionInfo;
+import org.osgi.service.condpermadmin.ConditionalPermissionAdmin;
+import org.osgi.service.condpermadmin.ConditionalPermissionInfo;
+import org.osgi.service.condpermadmin.ConditionalPermissionUpdate;
+import org.osgi.service.log.LogReaderService;
+import org.osgi.service.permissionadmin.PermissionInfo;
+import org.osgi.service.useradmin.UserAdmin;
+import org.osgi.util.tracker.ServiceTracker;
 
 /**
- * Activates the {@link Kernel} from the provided {@link BundleContext}. Gives
- * access to kernel information for the rest of the bundle (and only it)
+ * Activates the kernel. Gives access to kernel information for the rest of the
+ * bundle (and only it)
  */
 public class Activator implements BundleActivator {
-	private final Log log = LogFactory.getLog(Activator.class);
+	private final static Log log = LogFactory.getLog(Activator.class);
+
+	private static Activator instance;
+
+	// TODO make it configurable
+	private boolean hardened = false;
+
+	private static BundleContext bundleContext;
+
+	private LogReaderService logReaderService;
+
+	private NodeLogger logger;
+	private CmsState nodeState;
+	private CmsDeployment nodeDeployment;
+	private CmsInstance nodeInstance;
+
+	private ServiceTracker<UserAdmin, NodeUserAdmin> userAdminSt;
+	private ExecutorService internalExecutorService;
 
-	private final static String systemKey;
 	static {
-		systemKey = UUID.randomUUID().toString();
-		System.setProperty(SystemAuthentication.SYSTEM_KEY_PROPERTY, systemKey);
+		Bundle bundle = FrameworkUtil.getBundle(Activator.class);
+		if (bundle != null) {
+			bundleContext = bundle.getBundleContext();
+		}
 	}
 
-	private static BundleContext bundleContext;
-	private Kernel kernel;
+	void init() {
+		Runtime.getRuntime().addShutdownHook(new CmsShutdown());
+		instance = this;
+//		this.bc = bundleContext;
+		if (bundleContext != null)
+			this.logReaderService = getService(LogReaderService.class);
+		this.internalExecutorService = Executors.newFixedThreadPool(Runtime.getRuntime().availableProcessors());
 
-	@Override
-	public void start(BundleContext context) throws Exception {
-		assert bundleContext == null;
-		assert kernel == null;
-		bundleContext = context;
 		try {
-			kernel = new Kernel();
-			kernel.init();
+			initSecurity();
+			initArgeoLogger();
+			initNode();
+
+			if (log.isTraceEnabled())
+				log.trace("Kernel bundle started");
+		} catch (Throwable e) {
+			log.error("## FATAL: CMS activator failed", e);
+		}
+	}
+
+	void destroy() {
+		try {
+			if (nodeInstance != null)
+				nodeInstance.shutdown();
+			if (nodeDeployment != null)
+				nodeDeployment.shutdown();
+			if (nodeState != null)
+				nodeState.shutdown();
+
+			if (userAdminSt != null)
+				userAdminSt.close();
+
+			internalExecutorService.shutdown();
+			instance = null;
+			bundleContext = null;
+			this.logReaderService = null;
+			// this.configurationAdmin = null;
 		} catch (Exception e) {
-			log.error("Cannot boot kernel", e);
+			log.error("CMS activator shutdown failed", e);
 		}
 	}
 
-	@Override
-	public void stop(BundleContext context) throws Exception {
-		kernel.destroy();
-		kernel = null;
-		bundleContext = null;
+	private void initSecurity() {
+		if (System.getProperty(KernelConstants.JAAS_CONFIG_PROP) == null) {
+			String jaasConfig = KernelConstants.JAAS_CONFIG;
+			URL url = getClass().getResource(jaasConfig);
+			// System.setProperty(KernelConstants.JAAS_CONFIG_PROP,
+			// url.toExternalForm());
+			KernelUtils.setJaasConfiguration(url);
+		}
+		// explicitly load JAAS configuration
+		Configuration.getConfiguration();
+
+		// code-level permissions
+		String osgiSecurity = KernelUtils.getFrameworkProp(Constants.FRAMEWORK_SECURITY);
+		if (osgiSecurity != null && Constants.FRAMEWORK_SECURITY_OSGI.equals(osgiSecurity)) {
+			// TODO rather use a tracker?
+			ConditionalPermissionAdmin permissionAdmin = bundleContext
+					.getService(bundleContext.getServiceReference(ConditionalPermissionAdmin.class));
+			if (!hardened) {
+				// All permissions to all bundles
+				ConditionalPermissionUpdate update = permissionAdmin.newConditionalPermissionUpdate();
+				update.getConditionalPermissionInfos().add(permissionAdmin.newConditionalPermissionInfo(null,
+						new ConditionInfo[] {
+								new ConditionInfo(BundleLocationCondition.class.getName(), new String[] { "*" }) },
+						new PermissionInfo[] { new PermissionInfo(AllPermission.class.getName(), null, null) },
+						ConditionalPermissionInfo.ALLOW));
+				// TODO data admin permission
+//				PermissionInfo dataAdminPerm = new PermissionInfo(AuthPermission.class.getName(),
+//						"createLoginContext." + NodeConstants.LOGIN_CONTEXT_DATA_ADMIN, null);
+//				update.getConditionalPermissionInfos().add(permissionAdmin.newConditionalPermissionInfo(null,
+//						new ConditionInfo[] {
+//								new ConditionInfo(BundleLocationCondition.class.getName(), new String[] { "*" }) },
+//						new PermissionInfo[] { dataAdminPerm }, ConditionalPermissionInfo.DENY));
+//				update.getConditionalPermissionInfos().add(permissionAdmin.newConditionalPermissionInfo(null,
+//						new ConditionInfo[] {
+//								new ConditionInfo(BundleSignerCondition.class.getName(), new String[] { "CN=\"Eclipse.org Foundation, Inc.\", OU=IT, O=\"Eclipse.org Foundation, Inc.\", L=Nepean, ST=Ontario, C=CA" }) },
+//						new PermissionInfo[] { dataAdminPerm }, ConditionalPermissionInfo.ALLOW));
+				update.commit();
+			} else {
+				SecurityProfile securityProfile = new SecurityProfile() {
+				};
+				securityProfile.applySystemPermissions(permissionAdmin);
+			}
+		}
+
 	}
 
-	/**
-	 * Singleton interface to the {@link BundleContext} related to the calling
-	 * thread.
-	 * 
-	 * @BundleScope
+	private void initArgeoLogger() {
+		logger = new NodeLogger(logReaderService);
+		if (bundleContext != null)
+			bundleContext.registerService(ArgeoLogger.class, logger, null);
+	}
+
+	private void initNode() throws IOException {
+		// Node state
+		nodeState = new CmsState();
+		registerService(NodeState.class, nodeState, null);
+
+		// Node deployment
+		nodeDeployment = new CmsDeployment();
+		registerService(NodeDeployment.class, nodeDeployment, null);
+
+		// Node instance
+		nodeInstance = new CmsInstance();
+		registerService(NodeInstance.class, nodeInstance, null);
+	}
+
+	public static <T> void registerService(Class<T> clss, T service, Dictionary<String, ?> properties) {
+		if (bundleContext != null) {
+			bundleContext.registerService(clss, service, properties);
+		}
+
+	}
+
+	public static <T> T getService(Class<T> clss) {
+		if (bundleContext != null) {
+			return bundleContext.getService(bundleContext.getServiceReference(clss));
+		} else {
+			return null;
+		}
+	}
+
+	/*
+	 * OSGi
 	 */
-	public static BundleContext getBundleContext() {
+
+	@Override
+	public void start(BundleContext bc) throws Exception {
+		if (!bc.getBundle().equals(bundleContext.getBundle()))
+			throw new IllegalStateException(
+					"Bundle " + bc.getBundle() + " is not consistent with " + bundleContext.getBundle());
+		init();
+		userAdminSt = new ServiceTracker<>(bundleContext, UserAdmin.class, null);
+		userAdminSt.open();
+	}
+
+	@Override
+	public void stop(BundleContext bc) throws Exception {
+		if (!bc.getBundle().equals(bundleContext.getBundle()))
+			throw new IllegalStateException(
+					"Bundle " + bc.getBundle() + " is not consistent with " + bundleContext.getBundle());
+		destroy();
+	}
+
+//	private <T> T getService(Class<T> clazz) {
+//		ServiceReference<T> sr = bundleContext.getServiceReference(clazz);
+//		if (sr == null)
+//			throw new IllegalStateException("No service available for " + clazz);
+//		return bundleContext.getService(sr);
+//	}
+
+	public static NodeState getNodeState() {
+		return instance.nodeState;
+	}
+
+	public static GSSCredential getAcceptorCredentials() {
+		return getNodeUserAdmin().getAcceptorCredentials();
+	}
+
+	@Deprecated
+	public static boolean isSingleUser() {
+		return getNodeUserAdmin().isSingleUser();
+	}
+
+	public static UserAdmin getUserAdmin() {
+		return (UserAdmin) getNodeUserAdmin();
+	}
+
+	public static String getHttpProxySslHeader() {
+		return KernelUtils.getFrameworkProp(NodeConstants.HTTP_PROXY_SSL_DN);
+	}
+
+	public static IdentClient getIdentClient(String remoteAddr) {
+		if (!IdentClient.isDefaultAuthdPassphraseFileAvailable())
+			return null;
+		// TODO make passphrase more configurable
+		return new IdentClient(remoteAddr);
+	}
+
+	private static NodeUserAdmin getNodeUserAdmin() {
+		NodeUserAdmin res;
+		try {
+			res = instance.userAdminSt.waitForService(60000);
+		} catch (InterruptedException e) {
+			throw new IllegalStateException("Cannot retrieve Node user admin", e);
+		}
+		if (res == null)
+			throw new IllegalStateException("No Node user admin found");
+
+		return res;
+		// ServiceReference<UserAdmin> sr =
+		// instance.bc.getServiceReference(UserAdmin.class);
+		// NodeUserAdmin userAdmin = (NodeUserAdmin) instance.bc.getService(sr);
+		// return userAdmin;
+
+	}
+
+	static ExecutorService getInternalExecutorService() {
+		return instance.internalExecutorService;
+	}
+
+	// static CmsSecurity getCmsSecurity() {
+	// return instance.nodeSecurity;
+	// }
+
+	public String[] getLocales() {
+		// TODO optimize?
+		List<Locale> locales = getNodeState().getLocales();
+		String[] res = new String[locales.size()];
+		for (int i = 0; i < locales.size(); i++)
+			res[i] = locales.get(i).toString();
+		return res;
+	}
+
+	static BundleContext getBundleContext() {
 		return bundleContext;
 	}
 
-	/**
-	 * @return a String which is guaranteed to be unique between and constant
-	 *         within a Java static context (typically a VM launch)
-	 * @BundleScope
-	 */
-	public final static String getSystemKey() {
-		return systemKey;
+	public static void main(String[] args) {
+		instance = new Activator();
+		instance.init();
 	}
+
 }