X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=org.argeo.cms%2Fsrc%2Forg%2Fargeo%2Fcms%2Finternal%2Fruntime%2FCmsStateImpl.java;h=c1f92deb40b3ea7743098bcb0c8e4bbdacc028af;hb=a4e2def61f587de89a03037aec2b95c54732ec55;hp=c9109c8561fb2500485998c033cbb4ac4d58a419;hpb=8c6e16aa43d9523e1ec57a41a06b3ceba7d23fdb;p=lgpl%2Fargeo-commons.git diff --git a/org.argeo.cms/src/org/argeo/cms/internal/runtime/CmsStateImpl.java b/org.argeo.cms/src/org/argeo/cms/internal/runtime/CmsStateImpl.java index c9109c856..c1f92deb4 100644 --- a/org.argeo.cms/src/org/argeo/cms/internal/runtime/CmsStateImpl.java +++ b/org.argeo.cms/src/org/argeo/cms/internal/runtime/CmsStateImpl.java @@ -1,5 +1,6 @@ package org.argeo.cms.internal.runtime; +import java.io.BufferedInputStream; import java.io.IOException; import java.io.Reader; import java.net.InetAddress; @@ -37,7 +38,8 @@ import org.argeo.api.cms.CmsState; import org.argeo.api.uuid.UuidFactory; import org.argeo.cms.CmsDeployProperty; import org.argeo.cms.auth.ident.IdentClient; -import org.argeo.util.FsUtils; +import org.argeo.cms.util.FsUtils; +import org.argeo.cms.util.OS; /** * Implementation of a {@link CmsState}, initialising the required services. @@ -66,19 +68,19 @@ public class CmsStateImpl implements CmsState { deployPropertyDefaults.put(CmsDeployProperty.LOCALE, Locale.getDefault().toString()); // certificates - deployPropertyDefaults.put(CmsDeployProperty.SSL_KEYSTORETYPE, PkiUtils.PKCS12); - deployPropertyDefaults.put(CmsDeployProperty.SSL_PASSWORD, PkiUtils.DEFAULT_KEYSTORE_PASSWORD); - Path keyStorePath = getDataPath(PkiUtils.DEFAULT_KEYSTORE_PATH); + deployPropertyDefaults.put(CmsDeployProperty.SSL_KEYSTORETYPE, KernelConstants.PKCS12); + deployPropertyDefaults.put(CmsDeployProperty.SSL_PASSWORD, KernelConstants.DEFAULT_KEYSTORE_PASSWORD); + Path keyStorePath = getDataPath(KernelConstants.DEFAULT_KEYSTORE_PATH); if (keyStorePath != null) { deployPropertyDefaults.put(CmsDeployProperty.SSL_KEYSTORE, keyStorePath.toAbsolutePath().toString()); } - Path trustStorePath = getDataPath(PkiUtils.DEFAULT_TRUSTSTORE_PATH); + Path trustStorePath = getDataPath(KernelConstants.DEFAULT_TRUSTSTORE_PATH); if (trustStorePath != null) { deployPropertyDefaults.put(CmsDeployProperty.SSL_TRUSTSTORE, trustStorePath.toAbsolutePath().toString()); } - deployPropertyDefaults.put(CmsDeployProperty.SSL_TRUSTSTORETYPE, PkiUtils.PKCS12); - deployPropertyDefaults.put(CmsDeployProperty.SSL_TRUSTSTOREPASSWORD, PkiUtils.DEFAULT_KEYSTORE_PASSWORD); + deployPropertyDefaults.put(CmsDeployProperty.SSL_TRUSTSTORETYPE, KernelConstants.PKCS12); + deployPropertyDefaults.put(CmsDeployProperty.SSL_TRUSTSTOREPASSWORD, KernelConstants.DEFAULT_KEYSTORE_PASSWORD); // SSH Path authorizedKeysPath = getDataPath(KernelConstants.NODE_SSHD_AUTHORIZED_KEYS_PATH); @@ -90,19 +92,21 @@ public class CmsStateImpl implements CmsState { } public void start() { -// Runtime.getRuntime().addShutdownHook(new CmsShutdown()); - try { + // First init check + Path privateBase = getDataPath(KernelConstants.DIR_PRIVATE); + if (privateBase != null && !Files.exists(privateBase)) {// first init + firstInit(); + Files.createDirectories(privateBase); + } + initSecurity(); // initArgeoLogger(); if (log.isTraceEnabled()) log.trace("CMS State started"); -// String stateUuidStr = KernelUtils.getFrameworkProp(Constants.FRAMEWORK_UUID); -// this.uuid = UUID.fromString(stateUuidStr); this.uuid = uuidFactory.timeUUID(); -// this.cleanState = stateUuid.equals(frameworkUuid); // hostname this.hostname = getDeployProperty(CmsDeployProperty.HOST); @@ -148,11 +152,6 @@ public class CmsStateImpl implements CmsState { log.debug("## CMS starting... (" + uuid + ")\n" + sb + "\n"); } - Path nodeBase = getDataPath(KernelConstants.DIR_PRIVATE); - if (nodeBase != null && !Files.exists(nodeBase)) {// first init - firstInit(); - } - } catch (RuntimeException | IOException e) { log.error("## FATAL: CMS state failed", e); } @@ -160,7 +159,7 @@ public class CmsStateImpl implements CmsState { private void initSecurity() { // private directory permissions - Path privateDir = KernelUtils.getOsgiInstancePath(KernelConstants.DIR_PRIVATE); + Path privateDir = getDataPath(KernelConstants.DIR_PRIVATE); if (privateDir != null) { // TODO rather check whether we can read and write Set posixPermissions = new HashSet<>(); @@ -168,9 +167,12 @@ public class CmsStateImpl implements CmsState { posixPermissions.add(PosixFilePermission.OWNER_WRITE); posixPermissions.add(PosixFilePermission.OWNER_EXECUTE); try { - Files.setPosixFilePermissions(privateDir, posixPermissions); + if (!Files.exists(privateDir)) + Files.createDirectories(privateDir); + if (!OS.LOCAL.isMSWindows()) + Files.setPosixFilePermissions(privateDir, posixPermissions); } catch (IOException e) { - log.error("Cannot set permissions on " + privateDir); + log.error("Cannot set permissions on " + privateDir, e); } } @@ -193,8 +195,8 @@ public class CmsStateImpl implements CmsState { private void initCertificates() { // server certificate Path keyStorePath = Paths.get(getDeployProperty(CmsDeployProperty.SSL_KEYSTORE)); - Path pemKeyPath = getDataPath(PkiUtils.DEFAULT_PEM_KEY_PATH); - Path pemCertPath = getDataPath(PkiUtils.DEFAULT_PEM_CERT_PATH); + Path pemKeyPath = getDataPath(KernelConstants.DEFAULT_PEM_KEY_PATH); + Path pemCertPath = getDataPath(KernelConstants.DEFAULT_PEM_CERT_PATH); char[] keyStorePassword = getDeployProperty(CmsDeployProperty.SSL_PASSWORD).toCharArray(); // Keystore @@ -204,7 +206,7 @@ public class CmsStateImpl implements CmsState { KeyStore keyStore = PkiUtils.getKeyStore(keyStorePath, keyStorePassword, getDeployProperty(CmsDeployProperty.SSL_KEYSTORETYPE)); try (Reader key = Files.newBufferedReader(pemKeyPath, StandardCharsets.US_ASCII); - Reader cert = Files.newBufferedReader(pemCertPath, StandardCharsets.US_ASCII);) { + BufferedInputStream cert = new BufferedInputStream(Files.newInputStream(pemCertPath));) { PkiUtils.loadPrivateCertificatePem(keyStore, CmsConstants.NODE, key, keyStorePassword, cert); Files.createDirectories(keyStorePath.getParent()); PkiUtils.saveKeyStore(keyStorePath, keyStorePassword, keyStore); @@ -220,11 +222,11 @@ public class CmsStateImpl implements CmsState { char[] trustStorePassword = getDeployProperty(CmsDeployProperty.SSL_TRUSTSTOREPASSWORD).toCharArray(); // IPA CA - Path ipaCaCertPath = Paths.get(PkiUtils.IPA_PEM_CA_CERT_PATH); + Path ipaCaCertPath = Paths.get(KernelConstants.IPA_PEM_CA_CERT_PATH); if (Files.exists(ipaCaCertPath)) { KeyStore trustStore = PkiUtils.getKeyStore(trustStorePath, trustStorePassword, getDeployProperty(CmsDeployProperty.SSL_TRUSTSTORETYPE)); - try (Reader cert = Files.newBufferedReader(ipaCaCertPath, StandardCharsets.US_ASCII);) { + try (BufferedInputStream cert = new BufferedInputStream(Files.newInputStream(ipaCaCertPath));) { PkiUtils.loadTrustedCertificatePem(trustStore, trustStorePassword, cert); Files.createDirectories(keyStorePath.getParent()); PkiUtils.saveKeyStore(trustStorePath, trustStorePassword, trustStore); @@ -235,16 +237,8 @@ public class CmsStateImpl implements CmsState { } } - if (!Files.exists(keyStorePath)) - PkiUtils.createSelfSignedKeyStore(keyStorePath, keyStorePassword, PkiUtils.PKCS12); -// props.put(JettyHttpConstants.SSL_KEYSTORETYPE, PkiUtils.PKCS12); -// props.put(JettyHttpConstants.SSL_KEYSTORE, keyStorePath.toString()); -// props.put(JettyHttpConstants.SSL_PASSWORD, new String(keyStorePassword)); - -// props.put(InternalHttpConstants.SSL_KEYSTORETYPE, "PKCS11"); -// props.put(InternalHttpConstants.SSL_KEYSTORE, "../../nssdb"); -// props.put(InternalHttpConstants.SSL_PASSWORD, keyStorePassword); - +// if (!Files.exists(keyStorePath)) +// PkiUtils.createSelfSignedKeyStore(keyStorePath, keyStorePassword, PkiUtils.PKCS12); } public void stop() {