X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=org.argeo.cms%2Fsrc%2Forg%2Fargeo%2Fcms%2Finternal%2Fruntime%2FCmsStateImpl.java;h=cb806444fc668c3e5508263de895e376b741f924;hb=1d6840195189cbdbf632ca2800b6179d3b6349df;hp=c9109c8561fb2500485998c033cbb4ac4d58a419;hpb=8c6e16aa43d9523e1ec57a41a06b3ceba7d23fdb;p=lgpl%2Fargeo-commons.git diff --git a/org.argeo.cms/src/org/argeo/cms/internal/runtime/CmsStateImpl.java b/org.argeo.cms/src/org/argeo/cms/internal/runtime/CmsStateImpl.java index c9109c856..cb806444f 100644 --- a/org.argeo.cms/src/org/argeo/cms/internal/runtime/CmsStateImpl.java +++ b/org.argeo.cms/src/org/argeo/cms/internal/runtime/CmsStateImpl.java @@ -1,5 +1,6 @@ package org.argeo.cms.internal.runtime; +import java.io.BufferedInputStream; import java.io.IOException; import java.io.Reader; import java.net.InetAddress; @@ -66,19 +67,19 @@ public class CmsStateImpl implements CmsState { deployPropertyDefaults.put(CmsDeployProperty.LOCALE, Locale.getDefault().toString()); // certificates - deployPropertyDefaults.put(CmsDeployProperty.SSL_KEYSTORETYPE, PkiUtils.PKCS12); - deployPropertyDefaults.put(CmsDeployProperty.SSL_PASSWORD, PkiUtils.DEFAULT_KEYSTORE_PASSWORD); - Path keyStorePath = getDataPath(PkiUtils.DEFAULT_KEYSTORE_PATH); + deployPropertyDefaults.put(CmsDeployProperty.SSL_KEYSTORETYPE, KernelConstants.PKCS12); + deployPropertyDefaults.put(CmsDeployProperty.SSL_PASSWORD, KernelConstants.DEFAULT_KEYSTORE_PASSWORD); + Path keyStorePath = getDataPath(KernelConstants.DEFAULT_KEYSTORE_PATH); if (keyStorePath != null) { deployPropertyDefaults.put(CmsDeployProperty.SSL_KEYSTORE, keyStorePath.toAbsolutePath().toString()); } - Path trustStorePath = getDataPath(PkiUtils.DEFAULT_TRUSTSTORE_PATH); + Path trustStorePath = getDataPath(KernelConstants.DEFAULT_TRUSTSTORE_PATH); if (trustStorePath != null) { deployPropertyDefaults.put(CmsDeployProperty.SSL_TRUSTSTORE, trustStorePath.toAbsolutePath().toString()); } - deployPropertyDefaults.put(CmsDeployProperty.SSL_TRUSTSTORETYPE, PkiUtils.PKCS12); - deployPropertyDefaults.put(CmsDeployProperty.SSL_TRUSTSTOREPASSWORD, PkiUtils.DEFAULT_KEYSTORE_PASSWORD); + deployPropertyDefaults.put(CmsDeployProperty.SSL_TRUSTSTORETYPE, KernelConstants.PKCS12); + deployPropertyDefaults.put(CmsDeployProperty.SSL_TRUSTSTOREPASSWORD, KernelConstants.DEFAULT_KEYSTORE_PASSWORD); // SSH Path authorizedKeysPath = getDataPath(KernelConstants.NODE_SSHD_AUTHORIZED_KEYS_PATH); @@ -148,9 +149,10 @@ public class CmsStateImpl implements CmsState { log.debug("## CMS starting... (" + uuid + ")\n" + sb + "\n"); } - Path nodeBase = getDataPath(KernelConstants.DIR_PRIVATE); - if (nodeBase != null && !Files.exists(nodeBase)) {// first init + Path privateBase = getDataPath(KernelConstants.DIR_PRIVATE); + if (privateBase != null && !Files.exists(privateBase)) {// first init firstInit(); + Files.createDirectories(privateBase); } } catch (RuntimeException | IOException e) { @@ -193,8 +195,8 @@ public class CmsStateImpl implements CmsState { private void initCertificates() { // server certificate Path keyStorePath = Paths.get(getDeployProperty(CmsDeployProperty.SSL_KEYSTORE)); - Path pemKeyPath = getDataPath(PkiUtils.DEFAULT_PEM_KEY_PATH); - Path pemCertPath = getDataPath(PkiUtils.DEFAULT_PEM_CERT_PATH); + Path pemKeyPath = getDataPath(KernelConstants.DEFAULT_PEM_KEY_PATH); + Path pemCertPath = getDataPath(KernelConstants.DEFAULT_PEM_CERT_PATH); char[] keyStorePassword = getDeployProperty(CmsDeployProperty.SSL_PASSWORD).toCharArray(); // Keystore @@ -204,7 +206,7 @@ public class CmsStateImpl implements CmsState { KeyStore keyStore = PkiUtils.getKeyStore(keyStorePath, keyStorePassword, getDeployProperty(CmsDeployProperty.SSL_KEYSTORETYPE)); try (Reader key = Files.newBufferedReader(pemKeyPath, StandardCharsets.US_ASCII); - Reader cert = Files.newBufferedReader(pemCertPath, StandardCharsets.US_ASCII);) { + BufferedInputStream cert = new BufferedInputStream(Files.newInputStream(pemCertPath));) { PkiUtils.loadPrivateCertificatePem(keyStore, CmsConstants.NODE, key, keyStorePassword, cert); Files.createDirectories(keyStorePath.getParent()); PkiUtils.saveKeyStore(keyStorePath, keyStorePassword, keyStore); @@ -220,11 +222,11 @@ public class CmsStateImpl implements CmsState { char[] trustStorePassword = getDeployProperty(CmsDeployProperty.SSL_TRUSTSTOREPASSWORD).toCharArray(); // IPA CA - Path ipaCaCertPath = Paths.get(PkiUtils.IPA_PEM_CA_CERT_PATH); + Path ipaCaCertPath = Paths.get(KernelConstants.IPA_PEM_CA_CERT_PATH); if (Files.exists(ipaCaCertPath)) { KeyStore trustStore = PkiUtils.getKeyStore(trustStorePath, trustStorePassword, getDeployProperty(CmsDeployProperty.SSL_TRUSTSTORETYPE)); - try (Reader cert = Files.newBufferedReader(ipaCaCertPath, StandardCharsets.US_ASCII);) { + try (BufferedInputStream cert = new BufferedInputStream(Files.newInputStream(ipaCaCertPath));) { PkiUtils.loadTrustedCertificatePem(trustStore, trustStorePassword, cert); Files.createDirectories(keyStorePath.getParent()); PkiUtils.saveKeyStore(trustStorePath, trustStorePassword, trustStore); @@ -235,16 +237,8 @@ public class CmsStateImpl implements CmsState { } } - if (!Files.exists(keyStorePath)) - PkiUtils.createSelfSignedKeyStore(keyStorePath, keyStorePassword, PkiUtils.PKCS12); -// props.put(JettyHttpConstants.SSL_KEYSTORETYPE, PkiUtils.PKCS12); -// props.put(JettyHttpConstants.SSL_KEYSTORE, keyStorePath.toString()); -// props.put(JettyHttpConstants.SSL_PASSWORD, new String(keyStorePassword)); - -// props.put(InternalHttpConstants.SSL_KEYSTORETYPE, "PKCS11"); -// props.put(InternalHttpConstants.SSL_KEYSTORE, "../../nssdb"); -// props.put(InternalHttpConstants.SSL_PASSWORD, keyStorePassword); - +// if (!Files.exists(keyStorePath)) +// PkiUtils.createSelfSignedKeyStore(keyStorePath, keyStorePassword, PkiUtils.PKCS12); } public void stop() {