X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=org.argeo.cms%2Fsrc%2Forg%2Fargeo%2Fcms%2Finternal%2Fruntime%2FInitUtils.java;h=f634e43b524b67a33d43837448a47f9a13f68f4b;hb=336930c69f0cd3e1242e518479624c6366541275;hp=986f7914d03a7d56edbaea56d6edb31fe5e295b4;hpb=7e464c3cedfa41ece64811fb55ddc9ce740a1050;p=lgpl%2Fargeo-commons.git

diff --git a/org.argeo.cms/src/org/argeo/cms/internal/runtime/InitUtils.java b/org.argeo.cms/src/org/argeo/cms/internal/runtime/InitUtils.java
index 986f7914d..f634e43b5 100644
--- a/org.argeo.cms/src/org/argeo/cms/internal/runtime/InitUtils.java
+++ b/org.argeo.cms/src/org/argeo/cms/internal/runtime/InitUtils.java
@@ -5,25 +5,14 @@ import static org.argeo.cms.internal.runtime.KernelUtils.getFrameworkProp;
 import java.io.File;
 import java.io.FileFilter;
 import java.io.IOException;
-import java.io.Reader;
-import java.net.InetAddress;
 import java.net.URI;
-import java.nio.charset.StandardCharsets;
-import java.nio.file.Files;
-import java.nio.file.Path;
-import java.security.KeyStore;
 import java.util.ArrayList;
-import java.util.Arrays;
 import java.util.Dictionary;
-import java.util.Hashtable;
 import java.util.List;
 
-import javax.security.auth.x500.X500Principal;
-
 import org.apache.commons.io.FileUtils;
 import org.argeo.api.cms.CmsConstants;
 import org.argeo.api.cms.CmsLog;
-import org.argeo.cms.internal.http.InternalHttpConstants;
 import org.argeo.util.directory.DirectoryConf;
 
 /**
@@ -34,92 +23,92 @@ public class InitUtils {
 	private final static CmsLog log = CmsLog.getLog(InitUtils.class);
 
 	/** Override the provided config with the framework properties */
-	public static Dictionary<String, Object> getHttpServerConfig(Dictionary<String, Object> provided) {
-		String httpPort = getFrameworkProp("org.osgi.service.http.port");
-		String httpsPort = getFrameworkProp("org.osgi.service.http.port.secure");
-		/// TODO make it more generic
-		String httpHost = getFrameworkProp(
-				InternalHttpConstants.JETTY_PROPERTY_PREFIX + InternalHttpConstants.HTTP_HOST);
-		String httpsHost = getFrameworkProp(
-				InternalHttpConstants.JETTY_PROPERTY_PREFIX + InternalHttpConstants.HTTPS_HOST);
-		String webSocketEnabled = getFrameworkProp(
-				InternalHttpConstants.JETTY_PROPERTY_PREFIX + InternalHttpConstants.WEBSOCKET_ENABLED);
-
-		final Hashtable<String, Object> props = new Hashtable<String, Object>();
-		// try {
-		if (httpPort != null || httpsPort != null) {
-			boolean httpEnabled = httpPort != null;
-			props.put(InternalHttpConstants.HTTP_ENABLED, httpEnabled);
-			boolean httpsEnabled = httpsPort != null;
-			props.put(InternalHttpConstants.HTTPS_ENABLED, httpsEnabled);
-
-			if (httpEnabled) {
-				props.put(InternalHttpConstants.HTTP_PORT, httpPort);
-				if (httpHost != null)
-					props.put(InternalHttpConstants.HTTP_HOST, httpHost);
-			}
-
-			if (httpsEnabled) {
-				props.put(InternalHttpConstants.HTTPS_PORT, httpsPort);
-				if (httpsHost != null)
-					props.put(InternalHttpConstants.HTTPS_HOST, httpsHost);
-
-				// server certificate
-				Path keyStorePath = KernelUtils.getOsgiInstancePath(KernelConstants.DEFAULT_KEYSTORE_PATH);
-				Path pemKeyPath = KernelUtils.getOsgiInstancePath(KernelConstants.DEFAULT_PEM_KEY_PATH);
-				Path pemCertPath = KernelUtils.getOsgiInstancePath(KernelConstants.DEFAULT_PEM_CERT_PATH);
-				String keyStorePasswordStr = getFrameworkProp(
-						InternalHttpConstants.JETTY_PROPERTY_PREFIX + InternalHttpConstants.SSL_PASSWORD);
-				char[] keyStorePassword;
-				if (keyStorePasswordStr == null)
-					keyStorePassword = "changeit".toCharArray();
-				else
-					keyStorePassword = keyStorePasswordStr.toCharArray();
-
-				// if PEM files both exists, update the PKCS12 file
-				if (Files.exists(pemCertPath) && Files.exists(pemKeyPath)) {
-					// TODO check certificate update time? monitor changes?
-					KeyStore keyStore = PkiUtils.getKeyStore(keyStorePath, keyStorePassword, PkiUtils.PKCS12);
-					try (Reader key = Files.newBufferedReader(pemKeyPath, StandardCharsets.US_ASCII);
-							Reader cert = Files.newBufferedReader(pemCertPath, StandardCharsets.US_ASCII);) {
-						PkiUtils.loadPem(keyStore, key, keyStorePassword, cert);
-						PkiUtils.saveKeyStore(keyStorePath, keyStorePassword, keyStore);
-						if (log.isDebugEnabled())
-							log.debug("PEM certificate stored in " + keyStorePath);
-					} catch (IOException e) {
-						log.error("Cannot read PEM files " + pemKeyPath + " and " + pemCertPath, e);
-					}
-				}
-
-				if (!Files.exists(keyStorePath))
-					createSelfSignedKeyStore(keyStorePath, keyStorePassword, PkiUtils.PKCS12);
-				props.put(InternalHttpConstants.SSL_KEYSTORETYPE, PkiUtils.PKCS12);
-				props.put(InternalHttpConstants.SSL_KEYSTORE, keyStorePath.toString());
-				props.put(InternalHttpConstants.SSL_PASSWORD, new String(keyStorePassword));
-
-//				props.put(InternalHttpConstants.SSL_KEYSTORETYPE, "PKCS11");
-//				props.put(InternalHttpConstants.SSL_KEYSTORE, "../../nssdb");
-//				props.put(InternalHttpConstants.SSL_PASSWORD, keyStorePassword);
-
-				// client certificate authentication
-				String wantClientAuth = getFrameworkProp(
-						InternalHttpConstants.JETTY_PROPERTY_PREFIX + InternalHttpConstants.SSL_WANTCLIENTAUTH);
-				if (wantClientAuth != null)
-					props.put(InternalHttpConstants.SSL_WANTCLIENTAUTH, Boolean.parseBoolean(wantClientAuth));
-				String needClientAuth = getFrameworkProp(
-						InternalHttpConstants.JETTY_PROPERTY_PREFIX + InternalHttpConstants.SSL_NEEDCLIENTAUTH);
-				if (needClientAuth != null)
-					props.put(InternalHttpConstants.SSL_NEEDCLIENTAUTH, Boolean.parseBoolean(needClientAuth));
-			}
-
-			// web socket
-			if (webSocketEnabled != null && webSocketEnabled.equals("true"))
-				props.put(InternalHttpConstants.WEBSOCKET_ENABLED, true);
-
-			props.put(CmsConstants.CN, CmsConstants.DEFAULT);
-		}
-		return props;
-	}
+//	public static Dictionary<String, Object> getHttpServerConfig(Dictionary<String, Object> provided) {
+//		String httpPort = getFrameworkProp("org.osgi.service.http.port");
+//		String httpsPort = getFrameworkProp("org.osgi.service.http.port.secure");
+//		/// TODO make it more generic
+//		String httpHost = getFrameworkProp(
+//				InternalHttpConstants.JETTY_PROPERTY_PREFIX + InternalHttpConstants.HTTP_HOST);
+//		String httpsHost = getFrameworkProp(
+//				InternalHttpConstants.JETTY_PROPERTY_PREFIX + InternalHttpConstants.HTTPS_HOST);
+//		String webSocketEnabled = getFrameworkProp(
+//				InternalHttpConstants.JETTY_PROPERTY_PREFIX + InternalHttpConstants.WEBSOCKET_ENABLED);
+//
+//		final Hashtable<String, Object> props = new Hashtable<String, Object>();
+//		// try {
+//		if (httpPort != null || httpsPort != null) {
+//			boolean httpEnabled = httpPort != null;
+//			props.put(InternalHttpConstants.HTTP_ENABLED, httpEnabled);
+//			boolean httpsEnabled = httpsPort != null;
+//			props.put(InternalHttpConstants.HTTPS_ENABLED, httpsEnabled);
+//
+//			if (httpEnabled) {
+//				props.put(InternalHttpConstants.HTTP_PORT, httpPort);
+//				if (httpHost != null)
+//					props.put(InternalHttpConstants.HTTP_HOST, httpHost);
+//			}
+//
+//			if (httpsEnabled) {
+//				props.put(InternalHttpConstants.HTTPS_PORT, httpsPort);
+//				if (httpsHost != null)
+//					props.put(InternalHttpConstants.HTTPS_HOST, httpsHost);
+//
+//				// server certificate
+//				Path keyStorePath = KernelUtils.getOsgiInstancePath(KernelConstants.DEFAULT_KEYSTORE_PATH);
+//				Path pemKeyPath = KernelUtils.getOsgiInstancePath(KernelConstants.DEFAULT_PEM_KEY_PATH);
+//				Path pemCertPath = KernelUtils.getOsgiInstancePath(KernelConstants.DEFAULT_PEM_CERT_PATH);
+//				String keyStorePasswordStr = getFrameworkProp(
+//						InternalHttpConstants.JETTY_PROPERTY_PREFIX + InternalHttpConstants.SSL_PASSWORD);
+//				char[] keyStorePassword;
+//				if (keyStorePasswordStr == null)
+//					keyStorePassword = "changeit".toCharArray();
+//				else
+//					keyStorePassword = keyStorePasswordStr.toCharArray();
+//
+//				// if PEM files both exists, update the PKCS12 file
+//				if (Files.exists(pemCertPath) && Files.exists(pemKeyPath)) {
+//					// TODO check certificate update time? monitor changes?
+//					KeyStore keyStore = PkiUtils.getKeyStore(keyStorePath, keyStorePassword, PkiUtils.PKCS12);
+//					try (Reader key = Files.newBufferedReader(pemKeyPath, StandardCharsets.US_ASCII);
+//							Reader cert = Files.newBufferedReader(pemCertPath, StandardCharsets.US_ASCII);) {
+//						PkiUtils.loadPem(keyStore, key, keyStorePassword, cert);
+//						PkiUtils.saveKeyStore(keyStorePath, keyStorePassword, keyStore);
+//						if (log.isDebugEnabled())
+//							log.debug("PEM certificate stored in " + keyStorePath);
+//					} catch (IOException e) {
+//						log.error("Cannot read PEM files " + pemKeyPath + " and " + pemCertPath, e);
+//					}
+//				}
+//
+//				if (!Files.exists(keyStorePath))
+//					createSelfSignedKeyStore(keyStorePath, keyStorePassword, PkiUtils.PKCS12);
+//				props.put(InternalHttpConstants.SSL_KEYSTORETYPE, PkiUtils.PKCS12);
+//				props.put(InternalHttpConstants.SSL_KEYSTORE, keyStorePath.toString());
+//				props.put(InternalHttpConstants.SSL_PASSWORD, new String(keyStorePassword));
+//
+////				props.put(InternalHttpConstants.SSL_KEYSTORETYPE, "PKCS11");
+////				props.put(InternalHttpConstants.SSL_KEYSTORE, "../../nssdb");
+////				props.put(InternalHttpConstants.SSL_PASSWORD, keyStorePassword);
+//
+//				// client certificate authentication
+//				String wantClientAuth = getFrameworkProp(
+//						InternalHttpConstants.JETTY_PROPERTY_PREFIX + InternalHttpConstants.SSL_WANTCLIENTAUTH);
+//				if (wantClientAuth != null)
+//					props.put(InternalHttpConstants.SSL_WANTCLIENTAUTH, Boolean.parseBoolean(wantClientAuth));
+//				String needClientAuth = getFrameworkProp(
+//						InternalHttpConstants.JETTY_PROPERTY_PREFIX + InternalHttpConstants.SSL_NEEDCLIENTAUTH);
+//				if (needClientAuth != null)
+//					props.put(InternalHttpConstants.SSL_NEEDCLIENTAUTH, Boolean.parseBoolean(needClientAuth));
+//			}
+//
+//			// web socket
+//			if (webSocketEnabled != null && webSocketEnabled.equals("true"))
+//				props.put(InternalHttpConstants.WEBSOCKET_ENABLED, true);
+//
+//			props.put(CmsConstants.CN, CmsConstants.DEFAULT);
+//		}
+//		return props;
+//	}
 
 	public static List<Dictionary<String, Object>> getUserDirectoryConfigs() {
 		List<Dictionary<String, Object>> res = new ArrayList<>();
@@ -258,33 +247,4 @@ public class InitUtils {
 		}
 	}
 
-	private static void createSelfSignedKeyStore(Path keyStorePath, char[] keyStorePassword, String keyStoreType) {
-		// for (Provider provider : Security.getProviders())
-		// System.out.println(provider.getName());
-//		File keyStoreFile = keyStorePath.toFile();
-		char[] keyPwd = Arrays.copyOf(keyStorePassword, keyStorePassword.length);
-		if (!Files.exists(keyStorePath)) {
-			try {
-				Files.createDirectories(keyStorePath.getParent());
-				KeyStore keyStore = PkiUtils.getKeyStore(keyStorePath, keyStorePassword, keyStoreType);
-				PkiUtils.generateSelfSignedCertificate(keyStore,
-						new X500Principal("CN=" + InetAddress.getLocalHost().getHostName() + ",OU=UNSECURE,O=UNSECURE"),
-						1024, keyPwd);
-				PkiUtils.saveKeyStore(keyStorePath, keyStorePassword, keyStore);
-				if (log.isDebugEnabled())
-					log.debug("Created self-signed unsecure keystore " + keyStorePath);
-			} catch (Exception e) {
-				try {
-					if (Files.size(keyStorePath) == 0)
-						Files.delete(keyStorePath);
-				} catch (IOException e1) {
-					// silent
-				}
-				log.error("Cannot create keystore " + keyStorePath, e);
-			}
-		} else {
-			throw new IllegalStateException("Keystore " + keyStorePath + " already exists");
-		}
-	}
-
 }