Better deal with multiple user directories.

[lgpl/argeo-commons.git] / org.argeo.cms / src / org / argeo / cms / internal / kernel / InitUtils.java
diff --git a/org.argeo.cms/src/org/argeo/cms/internal/kernel/InitUtils.java b/org.argeo.cms/src/org/argeo/cms/internal/kernel/InitUtils.java

index ebb2ef8f7f3934f8652bde4ee3ac9d938d7dd534..011d3856adc01ab15fec341f8700a75557ab6730 100644 (file)
--- a/org.argeo.cms/src/org/argeo/cms/internal/kernel/InitUtils.java
+++ b/org.argeo.cms/src/org/argeo/cms/internal/kernel/InitUtils.java
@@ -7,25 +7,35 @@ import java.io.FileFilter;
  import java.io.IOException;
  import java.net.InetAddress;
  import java.net.URI;
+import java.net.URISyntaxException;
  import java.nio.file.Files;
  import java.nio.file.Path;
  import java.security.KeyStore;
  import java.util.ArrayList;
  import java.util.Arrays;
  import java.util.Dictionary;
+import java.util.HashMap;
  import java.util.Hashtable;
  import java.util.List;
+import java.util.Map;
  
+import javax.jcr.Repository;
+import javax.jcr.RepositoryException;
+import javax.jcr.RepositoryFactory;
  import javax.security.auth.x500.X500Principal;
  
  import org.apache.commons.io.FileUtils;
  import org.apache.commons.logging.Log;
  import org.apache.commons.logging.LogFactory;
-import org.argeo.cms.CmsException;
-import org.argeo.cms.internal.http.HttpConstants;
+import org.argeo.api.NodeConstants;
+import org.argeo.cms.internal.http.InternalHttpConstants;
  import org.argeo.cms.internal.jcr.RepoConf;
-import org.argeo.node.NodeConstants;
+import org.argeo.jackrabbit.client.ClientDavexRepositoryFactory;
+import org.argeo.jcr.JcrException;
+import org.argeo.naming.LdapAttrs;
  import org.argeo.osgi.useradmin.UserAdminConf;
+import org.osgi.framework.BundleContext;
+import org.osgi.framework.Constants;
  
  /**
   * Interprets framework properties in order to generate the initial deploy
@@ -39,22 +49,28 @@ class InitUtils {
                 Dictionary<String, Object> props = provided != null ? provided : new Hashtable<String, Object>();
                 for (RepoConf repoConf : RepoConf.values()) {
                         Object value = getFrameworkProp(NodeConstants.NODE_REPO_PROP_PREFIX + repoConf.name());
-                       if (value != null)
+                       if (value != null) {
                                 props.put(repoConf.name(), value);
+                               if (log.isDebugEnabled())
+                                       log.debug("Set node repo configuration " + repoConf.name() + " to " + value);
+                       }
                 }
-               props.put(NodeConstants.CN, NodeConstants.NODE);
+               props.put(NodeConstants.CN, NodeConstants.NODE_REPOSITORY);
                 return props;
         }
  
         static Dictionary<String, Object> getRepositoryConfig(String dataModelName, Dictionary<String, Object> provided) {
-               if (dataModelName.equals(NodeConstants.NODE) || dataModelName.equals(NodeConstants.HOME))
+               if (dataModelName.equals(NodeConstants.NODE_REPOSITORY) || dataModelName.equals(NodeConstants.EGO_REPOSITORY))
                         throw new IllegalArgumentException("Data model '" + dataModelName + "' is reserved.");
                 Dictionary<String, Object> props = provided != null ? provided : new Hashtable<String, Object>();
                 for (RepoConf repoConf : RepoConf.values()) {
                         Object value = getFrameworkProp(
                                         NodeConstants.NODE_REPOS_PROP_PREFIX + dataModelName + '.' + repoConf.name());
-                       if (value != null)
+                       if (value != null) {
                                 props.put(repoConf.name(), value);
+                               if (log.isDebugEnabled())
+                                       log.debug("Set " + dataModelName + " repo configuration " + repoConf.name() + " to " + value);
+                       }
                 }
                 if (props.size() != 0)
                         props.put(NodeConstants.CN, dataModelName);
@@ -66,46 +82,58 @@ class InitUtils {
                 String httpPort = getFrameworkProp("org.osgi.service.http.port");
                 String httpsPort = getFrameworkProp("org.osgi.service.http.port.secure");
                 /// TODO make it more generic
-               String httpHost = getFrameworkProp(HttpConstants.JETTY_PROPERTY_PREFIX + HttpConstants.HTTP_HOST);
-               String httpsHost = getFrameworkProp(HttpConstants.JETTY_PROPERTY_PREFIX + HttpConstants.HTTPS_HOST);
+               String httpHost = getFrameworkProp(
+                               InternalHttpConstants.JETTY_PROPERTY_PREFIX + InternalHttpConstants.HTTP_HOST);
+               String httpsHost = getFrameworkProp(
+                               InternalHttpConstants.JETTY_PROPERTY_PREFIX + InternalHttpConstants.HTTPS_HOST);
                 String webSocketEnabled = getFrameworkProp(
-                               HttpConstants.JETTY_PROPERTY_PREFIX + HttpConstants.WEB_SOCKET_ENABLED);
+                               InternalHttpConstants.JETTY_PROPERTY_PREFIX + InternalHttpConstants.WEBSOCKET_ENABLED);
  
                 final Hashtable<String, Object> props = new Hashtable<String, Object>();
                 // try {
                 if (httpPort != null || httpsPort != null) {
-                       if (httpPort != null) {
-                               props.put(HttpConstants.HTTP_PORT, httpPort);
-                               props.put(HttpConstants.HTTP_ENABLED, true);
+                       boolean httpEnabled = httpPort != null;
+                       props.put(InternalHttpConstants.HTTP_ENABLED, httpEnabled);
+                       boolean httpsEnabled = httpsPort != null;
+                       props.put(InternalHttpConstants.HTTPS_ENABLED, httpsEnabled);
+
+                       if (httpEnabled) {
+                               props.put(InternalHttpConstants.HTTP_PORT, httpPort);
+                               if (httpHost != null)
+                                       props.put(InternalHttpConstants.HTTP_HOST, httpHost);
                         }
-                       if (httpsPort != null) {
-                               props.put(HttpConstants.HTTPS_PORT, httpsPort);
-                               props.put(HttpConstants.HTTPS_ENABLED, true);
+
+                       if (httpsEnabled) {
+                               props.put(InternalHttpConstants.HTTPS_PORT, httpsPort);
+                               if (httpsHost != null)
+                                       props.put(InternalHttpConstants.HTTPS_HOST, httpsHost);
+
+                               // server certificate
                                 Path keyStorePath = KernelUtils.getOsgiInstancePath(KernelConstants.DEFAULT_KEYSTORE_PATH);
                                 String keyStorePassword = getFrameworkProp(
-                                               HttpConstants.JETTY_PROPERTY_PREFIX + HttpConstants.SSL_PASSWORD);
+                                               InternalHttpConstants.JETTY_PROPERTY_PREFIX + InternalHttpConstants.SSL_PASSWORD);
                                 if (keyStorePassword == null)
                                         keyStorePassword = "changeit";
                                 if (!Files.exists(keyStorePath))
-                                       createSelfSignedKeyStore(keyStorePath, keyStorePassword);
-                               props.put(HttpConstants.SSL_KEYSTORETYPE, "PKCS12");
-                               props.put(HttpConstants.SSL_KEYSTORE, keyStorePath.toString());
-                               props.put(HttpConstants.SSL_PASSWORD, keyStorePassword);
-                               props.put(HttpConstants.SSL_WANTCLIENTAUTH, true);
+                                       createSelfSignedKeyStore(keyStorePath, keyStorePassword, PkiUtils.PKCS12);
+                               props.put(InternalHttpConstants.SSL_KEYSTORETYPE, PkiUtils.PKCS12);
+                               props.put(InternalHttpConstants.SSL_KEYSTORE, keyStorePath.toString());
+                               props.put(InternalHttpConstants.SSL_PASSWORD, keyStorePassword);
+
+                               // client certificate authentication
+                               String wantClientAuth = getFrameworkProp(
+                                               InternalHttpConstants.JETTY_PROPERTY_PREFIX + InternalHttpConstants.SSL_WANTCLIENTAUTH);
+                               if (wantClientAuth != null)
+                                       props.put(InternalHttpConstants.SSL_WANTCLIENTAUTH, Boolean.parseBoolean(wantClientAuth));
                                 String needClientAuth = getFrameworkProp(
-                                               HttpConstants.JETTY_PROPERTY_PREFIX + HttpConstants.SSL_NEEDCLIENTAUTH);
-                               if (needClientAuth != null) {
-                                       props.put(HttpConstants.SSL_NEEDCLIENTAUTH, Boolean.parseBoolean(needClientAuth));
-                               }
+                                               InternalHttpConstants.JETTY_PROPERTY_PREFIX + InternalHttpConstants.SSL_NEEDCLIENTAUTH);
+                               if (needClientAuth != null)
+                                       props.put(InternalHttpConstants.SSL_NEEDCLIENTAUTH, Boolean.parseBoolean(needClientAuth));
                         }
-                       if (httpHost != null)
-                               props.put(HttpConstants.HTTP_HOST, httpHost);
-                       if (httpsHost != null)
-                               props.put(HttpConstants.HTTPS_HOST, httpHost);
  
-                       if (webSocketEnabled != null)
-                               if (webSocketEnabled.equals("true"))
-                                       props.put(HttpConstants.WEB_SOCKET_ENABLED, true);
+                       // web socket
+                       if (webSocketEnabled != null && webSocketEnabled.equals("true"))
+                               props.put(InternalHttpConstants.WEBSOCKET_ENABLED, true);
  
                         props.put(NodeConstants.CN, NodeConstants.DEFAULT);
                 }
@@ -128,7 +156,7 @@ class InitUtils {
                                         FileUtils.copyInputStreamToFile(InitUtils.class.getResourceAsStream(baseNodeRoleDn + ".ldif"),
                                                         nodeRolesFile);
                                 } catch (IOException e) {
-                                       throw new CmsException("Cannot copy demo resource", e);
+                                       throw new RuntimeException("Cannot copy demo resource", e);
                                 }
                         // nodeRolesUri = nodeRolesFile.toURI().toString();
                 }
@@ -139,13 +167,13 @@ class InitUtils {
                 String baseNodeTokensDn = NodeConstants.TOKENS_BASEDN;
                 if (nodeTokensUri == null) {
                         nodeTokensUri = baseNodeTokensDn + ".ldif";
-                       File nodeRolesFile = new File(nodeBaseDir, nodeRolesUri);
-                       if (!nodeRolesFile.exists())
+                       File nodeTokensFile = new File(nodeBaseDir, nodeTokensUri);
+                       if (!nodeTokensFile.exists())
                                 try {
                                         FileUtils.copyInputStreamToFile(InitUtils.class.getResourceAsStream(baseNodeTokensDn + ".ldif"),
-                                                       nodeRolesFile);
+                                                       nodeTokensFile);
                                 } catch (IOException e) {
-                                       throw new CmsException("Cannot copy demo resource", e);
+                                       throw new RuntimeException("Cannot copy demo resource", e);
                                 }
                         // nodeRolesUri = nodeRolesFile.toURI().toString();
                 }
@@ -166,7 +194,7 @@ class InitUtils {
                                                 FileUtils.copyInputStreamToFile(
                                                                 InitUtils.class.getResourceAsStream("example-ou=roles,ou=node.ldif"), systemRolesFile);
                                 } catch (IOException e) {
-                                       throw new CmsException("Cannot copy demo resources", e);
+                                       throw new RuntimeException("Cannot copy demo resources", e);
                                 }
                         // userAdminUris = businessRolesFile.toURI().toString();
                         log.warn("## DEV Using dummy base DN " + demoBaseDn);
@@ -181,7 +209,8 @@ class InitUtils {
                         try {
                                 u = new URI(uri);
                                 if (u.getPath() == null)
-                                       throw new CmsException("URI " + uri + " must have a path in order to determine base DN");
+                                       throw new IllegalArgumentException(
+                                                       "URI " + uri + " must have a path in order to determine base DN");
                                 if (u.getScheme() == null) {
                                         if (uri.startsWith("/") || uri.startsWith("./") || uri.startsWith("../"))
                                                 u = new File(uri).getCanonicalFile().toURI();
@@ -189,12 +218,12 @@ class InitUtils {
                                                 // u = KernelUtils.getOsgiInstanceUri(KernelConstants.DIR_NODE + '/' + uri);
                                                 u = new URI(uri);
                                         } else
-                                               throw new CmsException("Cannot interpret " + uri + " as an uri");
+                                               throw new IllegalArgumentException("Cannot interpret " + uri + " as an uri");
                                 } else if (u.getScheme().equals(UserAdminConf.SCHEME_FILE)) {
                                         u = new File(u).getCanonicalFile().toURI();
                                 }
                         } catch (Exception e) {
-                               throw new CmsException("Cannot interpret " + uri + " as an uri", e);
+                               throw new RuntimeException("Cannot interpret " + uri + " as an uri", e);
                         }
                         Dictionary<String, Object> properties = UserAdminConf.uriAsProperties(u.toString());
                         res.add(properties);
@@ -208,39 +237,68 @@ class InitUtils {
          * some files (typically LDIF, etc).
          */
         static void prepareFirstInitInstanceArea() {
-               String nodeInit = getFrameworkProp(NodeConstants.NODE_INIT);
-               if (nodeInit == null)
-                       nodeInit = "../../init";
-               if (nodeInit.startsWith("http")) {
-                       // remoteFirstInit(nodeInit);
-                       return;
-               }
+               String nodeInits = getFrameworkProp(NodeConstants.NODE_INIT);
+               if (nodeInits == null)
+                       nodeInits = "../../init";
  
-               // TODO use java.nio.file
-               File initDir;
-               if (nodeInit.startsWith("."))
-                       initDir = KernelUtils.getExecutionDir(nodeInit);
-               else
-                       initDir = new File(nodeInit);
-               // TODO also uncompress archives
-               if (initDir.exists())
-                       try {
-                               FileUtils.copyDirectory(initDir, KernelUtils.getOsgiInstanceDir(), new FileFilter() {
+               for (String nodeInit : nodeInits.split(",")) {
  
-                                       @Override
-                                       public boolean accept(File pathname) {
-                                               if (pathname.getName().equals(".svn") || pathname.getName().equals(".git"))
-                                                       return false;
-                                               return true;
+                       if (nodeInit.startsWith("http")) {
+                               registerRemoteInit(nodeInit);
+                       } else {
+
+                               // TODO use java.nio.file
+                               File initDir;
+                               if (nodeInit.startsWith("."))
+                                       initDir = KernelUtils.getExecutionDir(nodeInit);
+                               else
+                                       initDir = new File(nodeInit);
+                               // TODO also uncompress archives
+                               if (initDir.exists())
+                                       try {
+                                               FileUtils.copyDirectory(initDir, KernelUtils.getOsgiInstanceDir(), new FileFilter() {
+
+                                                       @Override
+                                                       public boolean accept(File pathname) {
+                                                               if (pathname.getName().equals(".svn") || pathname.getName().equals(".git"))
+                                                                       return false;
+                                                               return true;
+                                                       }
+                                               });
+                                               log.info("CMS initialized from " + initDir.getCanonicalPath());
+                                       } catch (IOException e) {
+                                               throw new RuntimeException("Cannot initialize from " + initDir, e);
                                         }
-                               });
-                               log.info("CMS initialized from " + initDir.getCanonicalPath());
-                       } catch (IOException e) {
-                               throw new CmsException("Cannot initialize from " + initDir, e);
                         }
+               }
+       }
+
+       private static void registerRemoteInit(String uri) {
+               try {
+                       BundleContext bundleContext = KernelUtils.getBundleContext();
+                       Repository repository = createRemoteRepository(new URI(uri));
+                       Hashtable<String, Object> properties = new Hashtable<>();
+                       properties.put(NodeConstants.CN, NodeConstants.NODE_INIT);
+                       properties.put(LdapAttrs.labeledURI.name(), uri);
+                       properties.put(Constants.SERVICE_RANKING, -1000);
+                       bundleContext.registerService(Repository.class, repository, properties);
+               } catch (RepositoryException e) {
+                       throw new JcrException(e);
+               } catch (URISyntaxException e) {
+                       throw new IllegalArgumentException(e);
+               }
+       }
+
+       private static Repository createRemoteRepository(URI uri) throws RepositoryException {
+               RepositoryFactory repositoryFactory = new ClientDavexRepositoryFactory();
+               Map<String, String> params = new HashMap<String, String>();
+               params.put(ClientDavexRepositoryFactory.JACKRABBIT_DAVEX_URI, uri.toString());
+               // TODO make it configurable
+               params.put(ClientDavexRepositoryFactory.JACKRABBIT_REMOTE_DEFAULT_WORKSPACE, NodeConstants.SYS_WORKSPACE);
+               return repositoryFactory.getRepository(params);
         }
  
-       private static void createSelfSignedKeyStore(Path keyStorePath, String keyStorePassword) {
+       private static void createSelfSignedKeyStore(Path keyStorePath, String keyStorePassword, String keyStoreType) {
                 // for (Provider provider : Security.getProviders())
                 // System.out.println(provider.getName());
                 File keyStoreFile = keyStorePath.toFile();
@@ -249,7 +307,7 @@ class InitUtils {
                 if (!keyStoreFile.exists()) {
                         try {
                                 keyStoreFile.getParentFile().mkdirs();
-                               KeyStore keyStore = PkiUtils.getKeyStore(keyStoreFile, ksPwd);
+                               KeyStore keyStore = PkiUtils.getKeyStore(keyStoreFile, ksPwd, keyStoreType);
                                 PkiUtils.generateSelfSignedCertificate(keyStore,
                                                 new X500Principal("CN=" + InetAddress.getLocalHost().getHostName() + ",OU=UNSECURE,O=UNSECURE"),
                                                 1024, keyPwd);
@@ -262,7 +320,7 @@ class InitUtils {
                                 log.error("Cannot create keystore " + keyStoreFile, e);
                         }
                 } else {
-                       throw new CmsException("Keystore " + keyStorePath + " already exists");
+                       throw new IllegalStateException("Keystore " + keyStorePath + " already exists");
                 }
         }