X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=org.argeo.cms%2Fsrc%2Forg%2Fargeo%2Fcms%2Finternal%2Fkernel%2FInitUtils.java;h=011d3856adc01ab15fec341f8700a75557ab6730;hb=9ec85110269f8be5c83ea26e283359bb451a67b7;hp=ebb2ef8f7f3934f8652bde4ee3ac9d938d7dd534;hpb=581f2d67cac937fcbcd11c7af0c7256499b7195a;p=lgpl%2Fargeo-commons.git

diff --git a/org.argeo.cms/src/org/argeo/cms/internal/kernel/InitUtils.java b/org.argeo.cms/src/org/argeo/cms/internal/kernel/InitUtils.java
index ebb2ef8f7..011d3856a 100644
--- a/org.argeo.cms/src/org/argeo/cms/internal/kernel/InitUtils.java
+++ b/org.argeo.cms/src/org/argeo/cms/internal/kernel/InitUtils.java
@@ -7,25 +7,35 @@ import java.io.FileFilter;
 import java.io.IOException;
 import java.net.InetAddress;
 import java.net.URI;
+import java.net.URISyntaxException;
 import java.nio.file.Files;
 import java.nio.file.Path;
 import java.security.KeyStore;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Dictionary;
+import java.util.HashMap;
 import java.util.Hashtable;
 import java.util.List;
+import java.util.Map;
 
+import javax.jcr.Repository;
+import javax.jcr.RepositoryException;
+import javax.jcr.RepositoryFactory;
 import javax.security.auth.x500.X500Principal;
 
 import org.apache.commons.io.FileUtils;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
-import org.argeo.cms.CmsException;
-import org.argeo.cms.internal.http.HttpConstants;
+import org.argeo.api.NodeConstants;
+import org.argeo.cms.internal.http.InternalHttpConstants;
 import org.argeo.cms.internal.jcr.RepoConf;
-import org.argeo.node.NodeConstants;
+import org.argeo.jackrabbit.client.ClientDavexRepositoryFactory;
+import org.argeo.jcr.JcrException;
+import org.argeo.naming.LdapAttrs;
 import org.argeo.osgi.useradmin.UserAdminConf;
+import org.osgi.framework.BundleContext;
+import org.osgi.framework.Constants;
 
 /**
  * Interprets framework properties in order to generate the initial deploy
@@ -39,22 +49,28 @@ class InitUtils {
 		Dictionary<String, Object> props = provided != null ? provided : new Hashtable<String, Object>();
 		for (RepoConf repoConf : RepoConf.values()) {
 			Object value = getFrameworkProp(NodeConstants.NODE_REPO_PROP_PREFIX + repoConf.name());
-			if (value != null)
+			if (value != null) {
 				props.put(repoConf.name(), value);
+				if (log.isDebugEnabled())
+					log.debug("Set node repo configuration " + repoConf.name() + " to " + value);
+			}
 		}
-		props.put(NodeConstants.CN, NodeConstants.NODE);
+		props.put(NodeConstants.CN, NodeConstants.NODE_REPOSITORY);
 		return props;
 	}
 
 	static Dictionary<String, Object> getRepositoryConfig(String dataModelName, Dictionary<String, Object> provided) {
-		if (dataModelName.equals(NodeConstants.NODE) || dataModelName.equals(NodeConstants.HOME))
+		if (dataModelName.equals(NodeConstants.NODE_REPOSITORY) || dataModelName.equals(NodeConstants.EGO_REPOSITORY))
 			throw new IllegalArgumentException("Data model '" + dataModelName + "' is reserved.");
 		Dictionary<String, Object> props = provided != null ? provided : new Hashtable<String, Object>();
 		for (RepoConf repoConf : RepoConf.values()) {
 			Object value = getFrameworkProp(
 					NodeConstants.NODE_REPOS_PROP_PREFIX + dataModelName + '.' + repoConf.name());
-			if (value != null)
+			if (value != null) {
 				props.put(repoConf.name(), value);
+				if (log.isDebugEnabled())
+					log.debug("Set " + dataModelName + " repo configuration " + repoConf.name() + " to " + value);
+			}
 		}
 		if (props.size() != 0)
 			props.put(NodeConstants.CN, dataModelName);
@@ -66,46 +82,58 @@ class InitUtils {
 		String httpPort = getFrameworkProp("org.osgi.service.http.port");
 		String httpsPort = getFrameworkProp("org.osgi.service.http.port.secure");
 		/// TODO make it more generic
-		String httpHost = getFrameworkProp(HttpConstants.JETTY_PROPERTY_PREFIX + HttpConstants.HTTP_HOST);
-		String httpsHost = getFrameworkProp(HttpConstants.JETTY_PROPERTY_PREFIX + HttpConstants.HTTPS_HOST);
+		String httpHost = getFrameworkProp(
+				InternalHttpConstants.JETTY_PROPERTY_PREFIX + InternalHttpConstants.HTTP_HOST);
+		String httpsHost = getFrameworkProp(
+				InternalHttpConstants.JETTY_PROPERTY_PREFIX + InternalHttpConstants.HTTPS_HOST);
 		String webSocketEnabled = getFrameworkProp(
-				HttpConstants.JETTY_PROPERTY_PREFIX + HttpConstants.WEB_SOCKET_ENABLED);
+				InternalHttpConstants.JETTY_PROPERTY_PREFIX + InternalHttpConstants.WEBSOCKET_ENABLED);
 
 		final Hashtable<String, Object> props = new Hashtable<String, Object>();
 		// try {
 		if (httpPort != null || httpsPort != null) {
-			if (httpPort != null) {
-				props.put(HttpConstants.HTTP_PORT, httpPort);
-				props.put(HttpConstants.HTTP_ENABLED, true);
+			boolean httpEnabled = httpPort != null;
+			props.put(InternalHttpConstants.HTTP_ENABLED, httpEnabled);
+			boolean httpsEnabled = httpsPort != null;
+			props.put(InternalHttpConstants.HTTPS_ENABLED, httpsEnabled);
+
+			if (httpEnabled) {
+				props.put(InternalHttpConstants.HTTP_PORT, httpPort);
+				if (httpHost != null)
+					props.put(InternalHttpConstants.HTTP_HOST, httpHost);
 			}
-			if (httpsPort != null) {
-				props.put(HttpConstants.HTTPS_PORT, httpsPort);
-				props.put(HttpConstants.HTTPS_ENABLED, true);
+
+			if (httpsEnabled) {
+				props.put(InternalHttpConstants.HTTPS_PORT, httpsPort);
+				if (httpsHost != null)
+					props.put(InternalHttpConstants.HTTPS_HOST, httpsHost);
+
+				// server certificate
 				Path keyStorePath = KernelUtils.getOsgiInstancePath(KernelConstants.DEFAULT_KEYSTORE_PATH);
 				String keyStorePassword = getFrameworkProp(
-						HttpConstants.JETTY_PROPERTY_PREFIX + HttpConstants.SSL_PASSWORD);
+						InternalHttpConstants.JETTY_PROPERTY_PREFIX + InternalHttpConstants.SSL_PASSWORD);
 				if (keyStorePassword == null)
 					keyStorePassword = "changeit";
 				if (!Files.exists(keyStorePath))
-					createSelfSignedKeyStore(keyStorePath, keyStorePassword);
-				props.put(HttpConstants.SSL_KEYSTORETYPE, "PKCS12");
-				props.put(HttpConstants.SSL_KEYSTORE, keyStorePath.toString());
-				props.put(HttpConstants.SSL_PASSWORD, keyStorePassword);
-				props.put(HttpConstants.SSL_WANTCLIENTAUTH, true);
+					createSelfSignedKeyStore(keyStorePath, keyStorePassword, PkiUtils.PKCS12);
+				props.put(InternalHttpConstants.SSL_KEYSTORETYPE, PkiUtils.PKCS12);
+				props.put(InternalHttpConstants.SSL_KEYSTORE, keyStorePath.toString());
+				props.put(InternalHttpConstants.SSL_PASSWORD, keyStorePassword);
+
+				// client certificate authentication
+				String wantClientAuth = getFrameworkProp(
+						InternalHttpConstants.JETTY_PROPERTY_PREFIX + InternalHttpConstants.SSL_WANTCLIENTAUTH);
+				if (wantClientAuth != null)
+					props.put(InternalHttpConstants.SSL_WANTCLIENTAUTH, Boolean.parseBoolean(wantClientAuth));
 				String needClientAuth = getFrameworkProp(
-						HttpConstants.JETTY_PROPERTY_PREFIX + HttpConstants.SSL_NEEDCLIENTAUTH);
-				if (needClientAuth != null) {
-					props.put(HttpConstants.SSL_NEEDCLIENTAUTH, Boolean.parseBoolean(needClientAuth));
-				}
+						InternalHttpConstants.JETTY_PROPERTY_PREFIX + InternalHttpConstants.SSL_NEEDCLIENTAUTH);
+				if (needClientAuth != null)
+					props.put(InternalHttpConstants.SSL_NEEDCLIENTAUTH, Boolean.parseBoolean(needClientAuth));
 			}
-			if (httpHost != null)
-				props.put(HttpConstants.HTTP_HOST, httpHost);
-			if (httpsHost != null)
-				props.put(HttpConstants.HTTPS_HOST, httpHost);
 
-			if (webSocketEnabled != null)
-				if (webSocketEnabled.equals("true"))
-					props.put(HttpConstants.WEB_SOCKET_ENABLED, true);
+			// web socket
+			if (webSocketEnabled != null && webSocketEnabled.equals("true"))
+				props.put(InternalHttpConstants.WEBSOCKET_ENABLED, true);
 
 			props.put(NodeConstants.CN, NodeConstants.DEFAULT);
 		}
@@ -128,7 +156,7 @@ class InitUtils {
 					FileUtils.copyInputStreamToFile(InitUtils.class.getResourceAsStream(baseNodeRoleDn + ".ldif"),
 							nodeRolesFile);
 				} catch (IOException e) {
-					throw new CmsException("Cannot copy demo resource", e);
+					throw new RuntimeException("Cannot copy demo resource", e);
 				}
 			// nodeRolesUri = nodeRolesFile.toURI().toString();
 		}
@@ -139,13 +167,13 @@ class InitUtils {
 		String baseNodeTokensDn = NodeConstants.TOKENS_BASEDN;
 		if (nodeTokensUri == null) {
 			nodeTokensUri = baseNodeTokensDn + ".ldif";
-			File nodeRolesFile = new File(nodeBaseDir, nodeRolesUri);
-			if (!nodeRolesFile.exists())
+			File nodeTokensFile = new File(nodeBaseDir, nodeTokensUri);
+			if (!nodeTokensFile.exists())
 				try {
 					FileUtils.copyInputStreamToFile(InitUtils.class.getResourceAsStream(baseNodeTokensDn + ".ldif"),
-							nodeRolesFile);
+							nodeTokensFile);
 				} catch (IOException e) {
-					throw new CmsException("Cannot copy demo resource", e);
+					throw new RuntimeException("Cannot copy demo resource", e);
 				}
 			// nodeRolesUri = nodeRolesFile.toURI().toString();
 		}
@@ -166,7 +194,7 @@ class InitUtils {
 						FileUtils.copyInputStreamToFile(
 								InitUtils.class.getResourceAsStream("example-ou=roles,ou=node.ldif"), systemRolesFile);
 				} catch (IOException e) {
-					throw new CmsException("Cannot copy demo resources", e);
+					throw new RuntimeException("Cannot copy demo resources", e);
 				}
 			// userAdminUris = businessRolesFile.toURI().toString();
 			log.warn("## DEV Using dummy base DN " + demoBaseDn);
@@ -181,7 +209,8 @@ class InitUtils {
 			try {
 				u = new URI(uri);
 				if (u.getPath() == null)
-					throw new CmsException("URI " + uri + " must have a path in order to determine base DN");
+					throw new IllegalArgumentException(
+							"URI " + uri + " must have a path in order to determine base DN");
 				if (u.getScheme() == null) {
 					if (uri.startsWith("/") || uri.startsWith("./") || uri.startsWith("../"))
 						u = new File(uri).getCanonicalFile().toURI();
@@ -189,12 +218,12 @@ class InitUtils {
 						// u = KernelUtils.getOsgiInstanceUri(KernelConstants.DIR_NODE + '/' + uri);
 						u = new URI(uri);
 					} else
-						throw new CmsException("Cannot interpret " + uri + " as an uri");
+						throw new IllegalArgumentException("Cannot interpret " + uri + " as an uri");
 				} else if (u.getScheme().equals(UserAdminConf.SCHEME_FILE)) {
 					u = new File(u).getCanonicalFile().toURI();
 				}
 			} catch (Exception e) {
-				throw new CmsException("Cannot interpret " + uri + " as an uri", e);
+				throw new RuntimeException("Cannot interpret " + uri + " as an uri", e);
 			}
 			Dictionary<String, Object> properties = UserAdminConf.uriAsProperties(u.toString());
 			res.add(properties);
@@ -208,39 +237,68 @@ class InitUtils {
 	 * some files (typically LDIF, etc).
 	 */
 	static void prepareFirstInitInstanceArea() {
-		String nodeInit = getFrameworkProp(NodeConstants.NODE_INIT);
-		if (nodeInit == null)
-			nodeInit = "../../init";
-		if (nodeInit.startsWith("http")) {
-			// remoteFirstInit(nodeInit);
-			return;
-		}
+		String nodeInits = getFrameworkProp(NodeConstants.NODE_INIT);
+		if (nodeInits == null)
+			nodeInits = "../../init";
 
-		// TODO use java.nio.file
-		File initDir;
-		if (nodeInit.startsWith("."))
-			initDir = KernelUtils.getExecutionDir(nodeInit);
-		else
-			initDir = new File(nodeInit);
-		// TODO also uncompress archives
-		if (initDir.exists())
-			try {
-				FileUtils.copyDirectory(initDir, KernelUtils.getOsgiInstanceDir(), new FileFilter() {
+		for (String nodeInit : nodeInits.split(",")) {
 
-					@Override
-					public boolean accept(File pathname) {
-						if (pathname.getName().equals(".svn") || pathname.getName().equals(".git"))
-							return false;
-						return true;
+			if (nodeInit.startsWith("http")) {
+				registerRemoteInit(nodeInit);
+			} else {
+
+				// TODO use java.nio.file
+				File initDir;
+				if (nodeInit.startsWith("."))
+					initDir = KernelUtils.getExecutionDir(nodeInit);
+				else
+					initDir = new File(nodeInit);
+				// TODO also uncompress archives
+				if (initDir.exists())
+					try {
+						FileUtils.copyDirectory(initDir, KernelUtils.getOsgiInstanceDir(), new FileFilter() {
+
+							@Override
+							public boolean accept(File pathname) {
+								if (pathname.getName().equals(".svn") || pathname.getName().equals(".git"))
+									return false;
+								return true;
+							}
+						});
+						log.info("CMS initialized from " + initDir.getCanonicalPath());
+					} catch (IOException e) {
+						throw new RuntimeException("Cannot initialize from " + initDir, e);
 					}
-				});
-				log.info("CMS initialized from " + initDir.getCanonicalPath());
-			} catch (IOException e) {
-				throw new CmsException("Cannot initialize from " + initDir, e);
 			}
+		}
+	}
+
+	private static void registerRemoteInit(String uri) {
+		try {
+			BundleContext bundleContext = KernelUtils.getBundleContext();
+			Repository repository = createRemoteRepository(new URI(uri));
+			Hashtable<String, Object> properties = new Hashtable<>();
+			properties.put(NodeConstants.CN, NodeConstants.NODE_INIT);
+			properties.put(LdapAttrs.labeledURI.name(), uri);
+			properties.put(Constants.SERVICE_RANKING, -1000);
+			bundleContext.registerService(Repository.class, repository, properties);
+		} catch (RepositoryException e) {
+			throw new JcrException(e);
+		} catch (URISyntaxException e) {
+			throw new IllegalArgumentException(e);
+		}
+	}
+
+	private static Repository createRemoteRepository(URI uri) throws RepositoryException {
+		RepositoryFactory repositoryFactory = new ClientDavexRepositoryFactory();
+		Map<String, String> params = new HashMap<String, String>();
+		params.put(ClientDavexRepositoryFactory.JACKRABBIT_DAVEX_URI, uri.toString());
+		// TODO make it configurable
+		params.put(ClientDavexRepositoryFactory.JACKRABBIT_REMOTE_DEFAULT_WORKSPACE, NodeConstants.SYS_WORKSPACE);
+		return repositoryFactory.getRepository(params);
 	}
 
-	private static void createSelfSignedKeyStore(Path keyStorePath, String keyStorePassword) {
+	private static void createSelfSignedKeyStore(Path keyStorePath, String keyStorePassword, String keyStoreType) {
 		// for (Provider provider : Security.getProviders())
 		// System.out.println(provider.getName());
 		File keyStoreFile = keyStorePath.toFile();
@@ -249,7 +307,7 @@ class InitUtils {
 		if (!keyStoreFile.exists()) {
 			try {
 				keyStoreFile.getParentFile().mkdirs();
-				KeyStore keyStore = PkiUtils.getKeyStore(keyStoreFile, ksPwd);
+				KeyStore keyStore = PkiUtils.getKeyStore(keyStoreFile, ksPwd, keyStoreType);
 				PkiUtils.generateSelfSignedCertificate(keyStore,
 						new X500Principal("CN=" + InetAddress.getLocalHost().getHostName() + ",OU=UNSECURE,O=UNSECURE"),
 						1024, keyPwd);
@@ -262,7 +320,7 @@ class InitUtils {
 				log.error("Cannot create keystore " + keyStoreFile, e);
 			}
 		} else {
-			throw new CmsException("Keystore " + keyStorePath + " already exists");
+			throw new IllegalStateException("Keystore " + keyStorePath + " already exists");
 		}
 	}