projects / lgpl / argeo-commons.git / blobdiff
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Massive Argeo APIs refactoring
[lgpl/argeo-commons.git] / org.argeo.cms / src / org / argeo / cms / internal / kernel / InitUtils.java
diff --git a/org.argeo.cms/src/org/argeo/cms/internal/kernel/InitUtils.java b/org.argeo.cms/src/org/argeo/cms/internal/kernel/InitUtils.java
index 011d3856adc01ab15fec341f8700a75557ab6730..a2006a7049e306018c57902fb86c636e417fc904 100644 (file)
--- a/org.argeo.cms/src/org/argeo/cms/internal/kernel/InitUtils.java
+++ b/org.argeo.cms/src/org/argeo/cms/internal/kernel/InitUtils.java
@@ -5,77 +5,34 @@ import static org.argeo.cms.internal.kernel.KernelUtils.getFrameworkProp;
 import java.io.File;
 import java.io.FileFilter;
 import java.io.IOException;
+import java.io.Reader;
 import java.net.InetAddress;
 import java.net.URI;
-import java.net.URISyntaxException;
+import java.nio.charset.StandardCharsets;
 import java.nio.file.Files;
 import java.nio.file.Path;
 import java.security.KeyStore;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Dictionary;
-import java.util.HashMap;
 import java.util.Hashtable;
 import java.util.List;
-import java.util.Map;
 
-import javax.jcr.Repository;
-import javax.jcr.RepositoryException;
-import javax.jcr.RepositoryFactory;
 import javax.security.auth.x500.X500Principal;
 
 import org.apache.commons.io.FileUtils;
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-import org.argeo.api.NodeConstants;
+import org.argeo.api.cms.CmsConstants;
+import org.argeo.api.cms.CmsLog;
 import org.argeo.cms.internal.http.InternalHttpConstants;
-import org.argeo.cms.internal.jcr.RepoConf;
-import org.argeo.jackrabbit.client.ClientDavexRepositoryFactory;
-import org.argeo.jcr.JcrException;
-import org.argeo.naming.LdapAttrs;
 import org.argeo.osgi.useradmin.UserAdminConf;
-import org.osgi.framework.BundleContext;
-import org.osgi.framework.Constants;
 
 /**
  * Interprets framework properties in order to generate the initial deploy
  * configuration.
  */
 class InitUtils {
-       private final static Log log = LogFactory.getLog(InitUtils.class);
+       private final static CmsLog log = CmsLog.getLog(InitUtils.class);
 
-       /** Override the provided config with the framework properties */
-       static Dictionary<String, Object> getNodeRepositoryConfig(Dictionary<String, Object> provided) {
-               Dictionary<String, Object> props = provided != null ? provided : new Hashtable<String, Object>();
-               for (RepoConf repoConf : RepoConf.values()) {
-                       Object value = getFrameworkProp(NodeConstants.NODE_REPO_PROP_PREFIX + repoConf.name());
-                       if (value != null) {
-                               props.put(repoConf.name(), value);
-                               if (log.isDebugEnabled())
-                                       log.debug("Set node repo configuration " + repoConf.name() + " to " + value);
-                       }
-               }
-               props.put(NodeConstants.CN, NodeConstants.NODE_REPOSITORY);
-               return props;
-       }
-
-       static Dictionary<String, Object> getRepositoryConfig(String dataModelName, Dictionary<String, Object> provided) {
-               if (dataModelName.equals(NodeConstants.NODE_REPOSITORY) || dataModelName.equals(NodeConstants.EGO_REPOSITORY))
-                       throw new IllegalArgumentException("Data model '" + dataModelName + "' is reserved.");
-               Dictionary<String, Object> props = provided != null ? provided : new Hashtable<String, Object>();
-               for (RepoConf repoConf : RepoConf.values()) {
-                       Object value = getFrameworkProp(
-                                       NodeConstants.NODE_REPOS_PROP_PREFIX + dataModelName + '.' + repoConf.name());
-                       if (value != null) {
-                               props.put(repoConf.name(), value);
-                               if (log.isDebugEnabled())
-                                       log.debug("Set " + dataModelName + " repo configuration " + repoConf.name() + " to " + value);
-                       }
-               }
-               if (props.size() != 0)
-                       props.put(NodeConstants.CN, dataModelName);
-               return props;
-       }
 
        /** Override the provided config with the framework properties */
        static Dictionary<String, Object> getHttpServerConfig(Dictionary<String, Object> provided) {
@@ -110,15 +67,40 @@ class InitUtils {
 
                                // server certificate
                                Path keyStorePath = KernelUtils.getOsgiInstancePath(KernelConstants.DEFAULT_KEYSTORE_PATH);
-                               String keyStorePassword = getFrameworkProp(
+                               Path pemKeyPath = KernelUtils.getOsgiInstancePath(KernelConstants.DEFAULT_PEM_KEY_PATH);
+                               Path pemCertPath = KernelUtils.getOsgiInstancePath(KernelConstants.DEFAULT_PEM_CERT_PATH);
+                               String keyStorePasswordStr = getFrameworkProp(
                                                InternalHttpConstants.JETTY_PROPERTY_PREFIX + InternalHttpConstants.SSL_PASSWORD);
-                               if (keyStorePassword == null)
-                                       keyStorePassword = "changeit";
+                               char[] keyStorePassword;
+                               if (keyStorePasswordStr == null)
+                                       keyStorePassword = "changeit".toCharArray();
+                               else
+                                       keyStorePassword = keyStorePasswordStr.toCharArray();
+
+                               // if PEM files both exists, update the PKCS12 file
+                               if (Files.exists(pemCertPath) && Files.exists(pemKeyPath)) {
+                                       // TODO check certificate update time? monitor changes?
+                                       KeyStore keyStore = PkiUtils.getKeyStore(keyStorePath, keyStorePassword, PkiUtils.PKCS12);
+                                       try (Reader key = Files.newBufferedReader(pemKeyPath, StandardCharsets.US_ASCII);
+                                                       Reader cert = Files.newBufferedReader(pemCertPath, StandardCharsets.US_ASCII);) {
+                                               PkiUtils.loadPem(keyStore, key, keyStorePassword, cert);
+                                               PkiUtils.saveKeyStore(keyStorePath, keyStorePassword, keyStore);
+                                               if (log.isDebugEnabled())
+                                                       log.debug("PEM certificate stored in " + keyStorePath);
+                                       } catch (IOException e) {
+                                               log.error("Cannot read PEM files " + pemKeyPath + " and " + pemCertPath, e);
+                                       }
+                               }
+
                                if (!Files.exists(keyStorePath))
                                        createSelfSignedKeyStore(keyStorePath, keyStorePassword, PkiUtils.PKCS12);
                                props.put(InternalHttpConstants.SSL_KEYSTORETYPE, PkiUtils.PKCS12);
                                props.put(InternalHttpConstants.SSL_KEYSTORE, keyStorePath.toString());
-                               props.put(InternalHttpConstants.SSL_PASSWORD, keyStorePassword);
+                               props.put(InternalHttpConstants.SSL_PASSWORD, new String(keyStorePassword));
+
+//                             props.put(InternalHttpConstants.SSL_KEYSTORETYPE, "PKCS11");
+//                             props.put(InternalHttpConstants.SSL_KEYSTORE, "../../nssdb");
+//                             props.put(InternalHttpConstants.SSL_PASSWORD, keyStorePassword);
 
                                // client certificate authentication
                                String wantClientAuth = getFrameworkProp(
@@ -135,7 +117,7 @@ class InitUtils {
                        if (webSocketEnabled != null && webSocketEnabled.equals("true"))
                                props.put(InternalHttpConstants.WEBSOCKET_ENABLED, true);
 
-                       props.put(NodeConstants.CN, NodeConstants.DEFAULT);
+                       props.put(CmsConstants.CN, CmsConstants.DEFAULT);
                }
                return props;
        }
@@ -146,8 +128,8 @@ class InitUtils {
                List<String> uris = new ArrayList<>();
 
                // node roles
-               String nodeRolesUri = getFrameworkProp(NodeConstants.ROLES_URI);
-               String baseNodeRoleDn = NodeConstants.ROLES_BASEDN;
+               String nodeRolesUri = getFrameworkProp(CmsConstants.ROLES_URI);
+               String baseNodeRoleDn = CmsConstants.ROLES_BASEDN;
                if (nodeRolesUri == null) {
                        nodeRolesUri = baseNodeRoleDn + ".ldif";
                        File nodeRolesFile = new File(nodeBaseDir, nodeRolesUri);
@@ -163,8 +145,8 @@ class InitUtils {
                uris.add(nodeRolesUri);
 
                // node tokens
-               String nodeTokensUri = getFrameworkProp(NodeConstants.TOKENS_URI);
-               String baseNodeTokensDn = NodeConstants.TOKENS_BASEDN;
+               String nodeTokensUri = getFrameworkProp(CmsConstants.TOKENS_URI);
+               String baseNodeTokensDn = CmsConstants.TOKENS_BASEDN;
                if (nodeTokensUri == null) {
                        nodeTokensUri = baseNodeTokensDn + ".ldif";
                        File nodeTokensFile = new File(nodeBaseDir, nodeTokensUri);
@@ -180,7 +162,7 @@ class InitUtils {
                uris.add(nodeTokensUri);
 
                // Business roles
-               String userAdminUris = getFrameworkProp(NodeConstants.USERADMIN_URIS);
+               String userAdminUris = getFrameworkProp(CmsConstants.USERADMIN_URIS);
                if (userAdminUris == null) {
                        String demoBaseDn = "dc=example,dc=com";
                        userAdminUris = demoBaseDn + ".ldif";
@@ -237,14 +219,15 @@ class InitUtils {
         * some files (typically LDIF, etc).
         */
        static void prepareFirstInitInstanceArea() {
-               String nodeInits = getFrameworkProp(NodeConstants.NODE_INIT);
+               String nodeInits = getFrameworkProp(CmsConstants.NODE_INIT);
                if (nodeInits == null)
                        nodeInits = "../../init";
 
                for (String nodeInit : nodeInits.split(",")) {
 
                        if (nodeInit.startsWith("http")) {
-                               registerRemoteInit(nodeInit);
+                               // TODO reconnect it
+                               //registerRemoteInit(nodeInit);
                        } else {
 
                                // TODO use java.nio.file
@@ -273,51 +256,29 @@ class InitUtils {
                }
        }
 
-       private static void registerRemoteInit(String uri) {
-               try {
-                       BundleContext bundleContext = KernelUtils.getBundleContext();
-                       Repository repository = createRemoteRepository(new URI(uri));
-                       Hashtable<String, Object> properties = new Hashtable<>();
-                       properties.put(NodeConstants.CN, NodeConstants.NODE_INIT);
-                       properties.put(LdapAttrs.labeledURI.name(), uri);
-                       properties.put(Constants.SERVICE_RANKING, -1000);
-                       bundleContext.registerService(Repository.class, repository, properties);
-               } catch (RepositoryException e) {
-                       throw new JcrException(e);
-               } catch (URISyntaxException e) {
-                       throw new IllegalArgumentException(e);
-               }
-       }
-
-       private static Repository createRemoteRepository(URI uri) throws RepositoryException {
-               RepositoryFactory repositoryFactory = new ClientDavexRepositoryFactory();
-               Map<String, String> params = new HashMap<String, String>();
-               params.put(ClientDavexRepositoryFactory.JACKRABBIT_DAVEX_URI, uri.toString());
-               // TODO make it configurable
-               params.put(ClientDavexRepositoryFactory.JACKRABBIT_REMOTE_DEFAULT_WORKSPACE, NodeConstants.SYS_WORKSPACE);
-               return repositoryFactory.getRepository(params);
-       }
-
-       private static void createSelfSignedKeyStore(Path keyStorePath, String keyStorePassword, String keyStoreType) {
+       private static void createSelfSignedKeyStore(Path keyStorePath, char[] keyStorePassword, String keyStoreType) {
                // for (Provider provider : Security.getProviders())
                // System.out.println(provider.getName());
-               File keyStoreFile = keyStorePath.toFile();
-               char[] ksPwd = keyStorePassword.toCharArray();
-               char[] keyPwd = Arrays.copyOf(ksPwd, ksPwd.length);
-               if (!keyStoreFile.exists()) {
+//             File keyStoreFile = keyStorePath.toFile();
+               char[] keyPwd = Arrays.copyOf(keyStorePassword, keyStorePassword.length);
+               if (!Files.exists(keyStorePath)) {
                        try {
-                               keyStoreFile.getParentFile().mkdirs();
-                               KeyStore keyStore = PkiUtils.getKeyStore(keyStoreFile, ksPwd, keyStoreType);
+                               Files.createDirectories(keyStorePath.getParent());
+                               KeyStore keyStore = PkiUtils.getKeyStore(keyStorePath, keyStorePassword, keyStoreType);
                                PkiUtils.generateSelfSignedCertificate(keyStore,
                                                new X500Principal("CN=" + InetAddress.getLocalHost().getHostName() + ",OU=UNSECURE,O=UNSECURE"),
                                                1024, keyPwd);
-                               PkiUtils.saveKeyStore(keyStoreFile, ksPwd, keyStore);
+                               PkiUtils.saveKeyStore(keyStorePath, keyStorePassword, keyStore);
                                if (log.isDebugEnabled())
-                                       log.debug("Created self-signed unsecure keystore " + keyStoreFile);
+                                       log.debug("Created self-signed unsecure keystore " + keyStorePath);
                        } catch (Exception e) {
-                               if (keyStoreFile.length() == 0)
-                                       keyStoreFile.delete();
-                               log.error("Cannot create keystore " + keyStoreFile, e);
+                               try {
+                                       if (Files.size(keyStorePath) == 0)
+                                               Files.delete(keyStorePath);
+                               } catch (IOException e1) {
+                                       // silent
+                               }
+                               log.error("Cannot create keystore " + keyStorePath, e);
                        }
                } else {
                        throw new IllegalStateException("Keystore " + keyStorePath + " already exists");
Argeo Commons - Lightweight integration framework in pure Java/OSGi