X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=org.argeo.cms%2Fsrc%2Forg%2Fargeo%2Fcms%2Finternal%2Fkernel%2FNodeSecurity.java;h=bb33daecf0602339a95596dbc8fba7e297b70a41;hb=fc5ccf2c8877e6253bdbebd071b8a6555daf64ec;hp=6714bd6e706c6ca1847e4a97987c889f2f7f6a73;hpb=1928d251fb3a6ce463efbc3405c5337cc59c9dda;p=lgpl%2Fargeo-commons.git diff --git a/org.argeo.cms/src/org/argeo/cms/internal/kernel/NodeSecurity.java b/org.argeo.cms/src/org/argeo/cms/internal/kernel/NodeSecurity.java index 6714bd6e7..bb33daecf 100644 --- a/org.argeo.cms/src/org/argeo/cms/internal/kernel/NodeSecurity.java +++ b/org.argeo.cms/src/org/argeo/cms/internal/kernel/NodeSecurity.java @@ -6,8 +6,6 @@ import java.io.File; import java.io.IOException; import java.net.URL; import java.security.KeyStore; -import java.security.Provider; -import java.security.Security; import java.util.Arrays; import javax.security.auth.Subject; @@ -20,11 +18,8 @@ import javax.security.auth.login.LoginContext; import javax.security.auth.login.LoginException; import javax.security.auth.x500.X500Principal; -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; import org.argeo.cms.CmsException; import org.argeo.cms.auth.AuthConstants; -import org.bouncycastle.jce.provider.BouncyCastleProvider; /** Low-level kernel security */ class NodeSecurity implements KernelConstants { @@ -32,43 +27,34 @@ class NodeSecurity implements KernelConstants { public final static int STAGING = 2; public final static int DEV = 1; - final static String SECURITY_PROVIDER = "BC";// Bouncy Castle - private final boolean firstInit; - private final static Log log; - static { - log = LogFactory.getLog(NodeSecurity.class); - // Make Bouncy Castle the default provider - Provider provider = new BouncyCastleProvider(); - int position = Security.insertProviderAt(provider, 1); - if (position == -1) - log.error("Provider " + provider.getName() - + " already installed and could not be set as default"); - Provider defaultProvider = Security.getProviders()[0]; - if (!defaultProvider.getName().equals(SECURITY_PROVIDER)) - log.error("Provider name is " + defaultProvider.getName() - + " but it should be " + SECURITY_PROVIDER); - } - private final Subject kernelSubject; private int securityLevel = STAGING; + private final File keyStoreFile; + public NodeSecurity() { // Configure JAAS first URL url = getClass().getClassLoader().getResource( KernelConstants.JAAS_CONFIG); System.setProperty("java.security.auth.login.config", url.toExternalForm()); + // log.debug("JASS config: " + url.toExternalForm()); + // disable Jetty autostart + // System.setProperty("org.eclipse.equinox.http.jetty.autostart", + // "false"); firstInit = !new File(getOsgiInstanceDir(), DIR_NODE).exists(); + this.keyStoreFile = new File(KernelUtils.getOsgiInstanceDir(), + "node.p12"); this.kernelSubject = logInKernel(); } private Subject logInKernel() { final Subject kernelSubject = new Subject(); - createKeyStoreIfNeeded(); + // createKeyStoreIfNeeded(); CallbackHandler cbHandler = new CallbackHandler() { @@ -107,7 +93,7 @@ class NodeSecurity implements KernelConstants { throw new CmsException("Cannot log out kernel", e); } - Security.removeProvider(SECURITY_PROVIDER); + // Security.removeProvider(SECURITY_PROVIDER); } public Subject getKernelSubject() { @@ -136,8 +122,6 @@ class NodeSecurity implements KernelConstants { private void createKeyStoreIfNeeded() { char[] ksPwd = "changeit".toCharArray(); char[] keyPwd = Arrays.copyOf(ksPwd, ksPwd.length); - File keyStoreFile = new File(KernelUtils.getOsgiInstanceDir(), - "node.p12"); if (!keyStoreFile.exists()) { try { keyStoreFile.getParentFile().mkdirs(); @@ -151,4 +135,24 @@ class NodeSecurity implements KernelConstants { } } } + + File getHttpServerKeyStore() { + return keyStoreFile; + } + + // private final static String SECURITY_PROVIDER = "BC";// Bouncy Castle + // private final static Log log; + // static { + // log = LogFactory.getLog(NodeSecurity.class); + // // Make Bouncy Castle the default provider + // Provider provider = new BouncyCastleProvider(); + // int position = Security.insertProviderAt(provider, 1); + // if (position == -1) + // log.error("Provider " + provider.getName() + // + " already installed and could not be set as default"); + // Provider defaultProvider = Security.getProviders()[0]; + // if (!defaultProvider.getName().equals(SECURITY_PROVIDER)) + // log.error("Provider name is " + defaultProvider.getName() + // + " but it should be " + SECURITY_PROVIDER); + // } }