X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=org.argeo.cms%2Fsrc%2Forg%2Fargeo%2Fcms%2Finternal%2Fkernel%2FInitUtils.java;h=b09e009ed6564a3b752dfc30168579a8cb7c08a0;hb=1b09095425a7c067c097eb91bed5b4a4a33f0dc8;hp=2d193fe7da84106a318e39d34362589d16e56c2f;hpb=d623e462cfdd03e5d3569d42e969a6c2b8fb442c;p=lgpl%2Fargeo-commons.git diff --git a/org.argeo.cms/src/org/argeo/cms/internal/kernel/InitUtils.java b/org.argeo.cms/src/org/argeo/cms/internal/kernel/InitUtils.java index 2d193fe7d..b09e009ed 100644 --- a/org.argeo.cms/src/org/argeo/cms/internal/kernel/InitUtils.java +++ b/org.argeo.cms/src/org/argeo/cms/internal/kernel/InitUtils.java @@ -22,7 +22,7 @@ import org.apache.commons.io.FileUtils; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.argeo.cms.CmsException; -import org.argeo.cms.internal.http.HttpConstants; +import org.argeo.cms.internal.http.InternalHttpConstants; import org.argeo.cms.internal.jcr.RepoConf; import org.argeo.node.NodeConstants; import org.argeo.osgi.useradmin.UserAdminConf; @@ -66,46 +66,56 @@ class InitUtils { String httpPort = getFrameworkProp("org.osgi.service.http.port"); String httpsPort = getFrameworkProp("org.osgi.service.http.port.secure"); /// TODO make it more generic - String httpHost = getFrameworkProp(HttpConstants.JETTY_PROPERTY_PREFIX + HttpConstants.HTTP_HOST); - String httpsHost = getFrameworkProp(HttpConstants.JETTY_PROPERTY_PREFIX + HttpConstants.HTTPS_HOST); + String httpHost = getFrameworkProp(InternalHttpConstants.JETTY_PROPERTY_PREFIX + InternalHttpConstants.HTTP_HOST); + String httpsHost = getFrameworkProp(InternalHttpConstants.JETTY_PROPERTY_PREFIX + InternalHttpConstants.HTTPS_HOST); String webSocketEnabled = getFrameworkProp( - HttpConstants.JETTY_PROPERTY_PREFIX + HttpConstants.WEB_SOCKET_ENABLED); + InternalHttpConstants.JETTY_PROPERTY_PREFIX + InternalHttpConstants.WEBSOCKET_ENABLED); final Hashtable props = new Hashtable(); // try { if (httpPort != null || httpsPort != null) { - if (httpPort != null) { - props.put(HttpConstants.HTTP_PORT, httpPort); - props.put(HttpConstants.HTTP_ENABLED, true); + boolean httpEnabled = httpPort != null; + props.put(InternalHttpConstants.HTTP_ENABLED, httpEnabled); + boolean httpsEnabled = httpsPort != null; + props.put(InternalHttpConstants.HTTPS_ENABLED, httpsEnabled); + + if (httpEnabled) { + props.put(InternalHttpConstants.HTTP_PORT, httpPort); + if (httpHost != null) + props.put(InternalHttpConstants.HTTP_HOST, httpHost); } - if (httpsPort != null) { - props.put(HttpConstants.HTTPS_PORT, httpsPort); - props.put(HttpConstants.HTTPS_ENABLED, true); + + if (httpsEnabled) { + props.put(InternalHttpConstants.HTTPS_PORT, httpsPort); + if (httpsHost != null) + props.put(InternalHttpConstants.HTTPS_HOST, httpsHost); + + // server certificate Path keyStorePath = KernelUtils.getOsgiInstancePath(KernelConstants.DEFAULT_KEYSTORE_PATH); String keyStorePassword = getFrameworkProp( - HttpConstants.JETTY_PROPERTY_PREFIX + HttpConstants.SSL_PASSWORD); + InternalHttpConstants.JETTY_PROPERTY_PREFIX + InternalHttpConstants.SSL_PASSWORD); if (keyStorePassword == null) keyStorePassword = "changeit"; if (!Files.exists(keyStorePath)) - createSelfSignedKeyStore(keyStorePath, keyStorePassword); - props.put(HttpConstants.SSL_KEYSTORETYPE, "PKCS12"); - props.put(HttpConstants.SSL_KEYSTORE, keyStorePath.toString()); - props.put(HttpConstants.SSL_PASSWORD, keyStorePassword); - props.put(HttpConstants.SSL_WANTCLIENTAUTH, true); + createSelfSignedKeyStore(keyStorePath, keyStorePassword, PkiUtils.PKCS12); + props.put(InternalHttpConstants.SSL_KEYSTORETYPE, PkiUtils.PKCS12); + props.put(InternalHttpConstants.SSL_KEYSTORE, keyStorePath.toString()); + props.put(InternalHttpConstants.SSL_PASSWORD, keyStorePassword); + + // client certificate authentication + String wantClientAuth = getFrameworkProp( + InternalHttpConstants.JETTY_PROPERTY_PREFIX + InternalHttpConstants.SSL_WANTCLIENTAUTH); + if (wantClientAuth != null) + props.put(InternalHttpConstants.SSL_WANTCLIENTAUTH, Boolean.parseBoolean(wantClientAuth)); String needClientAuth = getFrameworkProp( - HttpConstants.JETTY_PROPERTY_PREFIX + HttpConstants.SSL_NEEDCLIENTAUTH); - if (needClientAuth != null) { - props.put(HttpConstants.SSL_NEEDCLIENTAUTH, Boolean.parseBoolean(needClientAuth)); - } + InternalHttpConstants.JETTY_PROPERTY_PREFIX + InternalHttpConstants.SSL_NEEDCLIENTAUTH); + if (needClientAuth != null) + props.put(InternalHttpConstants.SSL_NEEDCLIENTAUTH, Boolean.parseBoolean(needClientAuth)); } - if (httpHost != null) - props.put(HttpConstants.HTTP_HOST, httpHost); - if (httpsHost != null) - props.put(HttpConstants.HTTPS_HOST, httpsHost); - if (webSocketEnabled != null) - if (webSocketEnabled.equals("true")) - props.put(HttpConstants.WEB_SOCKET_ENABLED, true); + // web socket + if (webSocketEnabled != null && webSocketEnabled.equals("true")) + props.put(InternalHttpConstants.WEBSOCKET_ENABLED, true); props.put(NodeConstants.CN, NodeConstants.DEFAULT); } @@ -240,7 +250,7 @@ class InitUtils { } } - private static void createSelfSignedKeyStore(Path keyStorePath, String keyStorePassword) { + private static void createSelfSignedKeyStore(Path keyStorePath, String keyStorePassword, String keyStoreType) { // for (Provider provider : Security.getProviders()) // System.out.println(provider.getName()); File keyStoreFile = keyStorePath.toFile(); @@ -249,7 +259,7 @@ class InitUtils { if (!keyStoreFile.exists()) { try { keyStoreFile.getParentFile().mkdirs(); - KeyStore keyStore = PkiUtils.getKeyStore(keyStoreFile, ksPwd); + KeyStore keyStore = PkiUtils.getKeyStore(keyStoreFile, ksPwd, keyStoreType); PkiUtils.generateSelfSignedCertificate(keyStore, new X500Principal("CN=" + InetAddress.getLocalHost().getHostName() + ",OU=UNSECURE,O=UNSECURE"), 1024, keyPwd);