X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=org.argeo.cms%2Fsrc%2Forg%2Fargeo%2Fcms%2Finternal%2Fkernel%2FNodeSecurity.java;h=eeb2b18b468c37a6fc61ce900aded1eab349c4cb;hb=7bc9403c96bbae11358978358cc902e3f2c6e508;hp=b43a9fdf5c393b5aef084b8eb9e5b3df35e808ee;hpb=0a7d938324d33848ac7dc4ef4007c73a714171ee;p=lgpl%2Fargeo-commons.git diff --git a/org.argeo.cms/src/org/argeo/cms/internal/kernel/NodeSecurity.java b/org.argeo.cms/src/org/argeo/cms/internal/kernel/NodeSecurity.java index b43a9fdf5..eeb2b18b4 100644 --- a/org.argeo.cms/src/org/argeo/cms/internal/kernel/NodeSecurity.java +++ b/org.argeo.cms/src/org/argeo/cms/internal/kernel/NodeSecurity.java @@ -1,5 +1,7 @@ package org.argeo.cms.internal.kernel; +import static org.argeo.cms.internal.kernel.KernelUtils.getOsgiInstanceDir; + import java.io.File; import java.io.IOException; import java.net.URL; @@ -25,38 +27,33 @@ import org.argeo.cms.auth.AuthConstants; import org.bouncycastle.jce.provider.BouncyCastleProvider; /** Low-level kernel security */ -class NodeSecurity { +class NodeSecurity implements KernelConstants { public final static int HARDENED = 3; public final static int STAGING = 2; public final static int DEV = 1; - final static String SECURITY_PROVIDER = "BC";// Bouncy Castle - - private final static Log log; - static { - log = LogFactory.getLog(NodeSecurity.class); - // Make Bouncy Castle the default provider - Provider provider = new BouncyCastleProvider(); - int position = Security.insertProviderAt(provider, 1); - if (position == -1) - log.error("Provider " + provider.getName() - + " already installed and could not be set as default"); - Provider defaultProvider = Security.getProviders()[0]; - if (!defaultProvider.getName().equals(SECURITY_PROVIDER)) - log.error("Provider name is " + defaultProvider.getName() - + " but it should be " + SECURITY_PROVIDER); - } + private final boolean firstInit; private final Subject kernelSubject; private int securityLevel = STAGING; + private final File keyStoreFile; + public NodeSecurity() { // Configure JAAS first URL url = getClass().getClassLoader().getResource( KernelConstants.JAAS_CONFIG); System.setProperty("java.security.auth.login.config", url.toExternalForm()); + // log.debug("JASS config: " + url.toExternalForm()); + // disable Jetty autostart + // System.setProperty("org.eclipse.equinox.http.jetty.autostart", + // "false"); + + firstInit = !new File(getOsgiInstanceDir(), DIR_NODE).exists(); + this.keyStoreFile = new File(KernelUtils.getOsgiInstanceDir(), + "node.p12"); this.kernelSubject = logInKernel(); } @@ -112,6 +109,10 @@ class NodeSecurity { return securityLevel; } + public boolean isFirstInit() { + return firstInit; + } + public void setSecurityLevel(int newValue) { if (newValue != STAGING || newValue != DEV) throw new CmsException("Invalid value for security level " @@ -126,8 +127,6 @@ class NodeSecurity { private void createKeyStoreIfNeeded() { char[] ksPwd = "changeit".toCharArray(); char[] keyPwd = Arrays.copyOf(ksPwd, ksPwd.length); - File keyStoreFile = new File(KernelUtils.getOsgiInstanceDir(), - "node.p12"); if (!keyStoreFile.exists()) { try { keyStoreFile.getParentFile().mkdirs(); @@ -141,4 +140,24 @@ class NodeSecurity { } } } + + File getHttpServerKeyStore() { + return keyStoreFile; + } + + private final static String SECURITY_PROVIDER = "BC";// Bouncy Castle + private final static Log log; + static { + log = LogFactory.getLog(NodeSecurity.class); + // Make Bouncy Castle the default provider + Provider provider = new BouncyCastleProvider(); + int position = Security.insertProviderAt(provider, 1); + if (position == -1) + log.error("Provider " + provider.getName() + + " already installed and could not be set as default"); + Provider defaultProvider = Security.getProviders()[0]; + if (!defaultProvider.getName().equals(SECURITY_PROVIDER)) + log.error("Provider name is " + defaultProvider.getName() + + " but it should be " + SECURITY_PROVIDER); + } }