import java.io.File;
import java.io.FileFilter;
import java.io.IOException;
+import java.io.Reader;
import java.net.InetAddress;
import java.net.URI;
-import java.net.URISyntaxException;
+import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.Path;
import java.security.KeyStore;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Dictionary;
-import java.util.HashMap;
import java.util.Hashtable;
import java.util.List;
-import java.util.Map;
-import javax.jcr.Repository;
-import javax.jcr.RepositoryException;
-import javax.jcr.RepositoryFactory;
import javax.security.auth.x500.X500Principal;
import org.apache.commons.io.FileUtils;
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-import org.argeo.api.NodeConstants;
+import org.argeo.api.cms.CmsConstants;
+import org.argeo.api.cms.CmsLog;
import org.argeo.cms.internal.http.InternalHttpConstants;
-import org.argeo.cms.internal.jcr.RepoConf;
-import org.argeo.jackrabbit.client.ClientDavexRepositoryFactory;
-import org.argeo.jcr.JcrException;
-import org.argeo.naming.LdapAttrs;
import org.argeo.osgi.useradmin.UserAdminConf;
-import org.osgi.framework.BundleContext;
-import org.osgi.framework.Constants;
/**
* Interprets framework properties in order to generate the initial deploy
* configuration.
*/
class InitUtils {
- private final static Log log = LogFactory.getLog(InitUtils.class);
+ private final static CmsLog log = CmsLog.getLog(InitUtils.class);
- /** Override the provided config with the framework properties */
- static Dictionary<String, Object> getNodeRepositoryConfig(Dictionary<String, Object> provided) {
- Dictionary<String, Object> props = provided != null ? provided : new Hashtable<String, Object>();
- for (RepoConf repoConf : RepoConf.values()) {
- Object value = getFrameworkProp(NodeConstants.NODE_REPO_PROP_PREFIX + repoConf.name());
- if (value != null) {
- props.put(repoConf.name(), value);
- if (log.isDebugEnabled())
- log.debug("Set node repo configuration " + repoConf.name() + " to " + value);
- }
- }
- props.put(NodeConstants.CN, NodeConstants.NODE_REPOSITORY);
- return props;
- }
-
- static Dictionary<String, Object> getRepositoryConfig(String dataModelName, Dictionary<String, Object> provided) {
- if (dataModelName.equals(NodeConstants.NODE_REPOSITORY) || dataModelName.equals(NodeConstants.EGO_REPOSITORY))
- throw new IllegalArgumentException("Data model '" + dataModelName + "' is reserved.");
- Dictionary<String, Object> props = provided != null ? provided : new Hashtable<String, Object>();
- for (RepoConf repoConf : RepoConf.values()) {
- Object value = getFrameworkProp(
- NodeConstants.NODE_REPOS_PROP_PREFIX + dataModelName + '.' + repoConf.name());
- if (value != null) {
- props.put(repoConf.name(), value);
- if (log.isDebugEnabled())
- log.debug("Set " + dataModelName + " repo configuration " + repoConf.name() + " to " + value);
- }
- }
- if (props.size() != 0)
- props.put(NodeConstants.CN, dataModelName);
- return props;
- }
/** Override the provided config with the framework properties */
static Dictionary<String, Object> getHttpServerConfig(Dictionary<String, Object> provided) {
// server certificate
Path keyStorePath = KernelUtils.getOsgiInstancePath(KernelConstants.DEFAULT_KEYSTORE_PATH);
- String keyStorePassword = getFrameworkProp(
+ Path pemKeyPath = KernelUtils.getOsgiInstancePath(KernelConstants.DEFAULT_PEM_KEY_PATH);
+ Path pemCertPath = KernelUtils.getOsgiInstancePath(KernelConstants.DEFAULT_PEM_CERT_PATH);
+ String keyStorePasswordStr = getFrameworkProp(
InternalHttpConstants.JETTY_PROPERTY_PREFIX + InternalHttpConstants.SSL_PASSWORD);
- if (keyStorePassword == null)
- keyStorePassword = "changeit";
+ char[] keyStorePassword;
+ if (keyStorePasswordStr == null)
+ keyStorePassword = "changeit".toCharArray();
+ else
+ keyStorePassword = keyStorePasswordStr.toCharArray();
+
+ // if PEM files both exists, update the PKCS12 file
+ if (Files.exists(pemCertPath) && Files.exists(pemKeyPath)) {
+ // TODO check certificate update time? monitor changes?
+ KeyStore keyStore = PkiUtils.getKeyStore(keyStorePath, keyStorePassword, PkiUtils.PKCS12);
+ try (Reader key = Files.newBufferedReader(pemKeyPath, StandardCharsets.US_ASCII);
+ Reader cert = Files.newBufferedReader(pemCertPath, StandardCharsets.US_ASCII);) {
+ PkiUtils.loadPem(keyStore, key, keyStorePassword, cert);
+ PkiUtils.saveKeyStore(keyStorePath, keyStorePassword, keyStore);
+ if (log.isDebugEnabled())
+ log.debug("PEM certificate stored in " + keyStorePath);
+ } catch (IOException e) {
+ log.error("Cannot read PEM files " + pemKeyPath + " and " + pemCertPath, e);
+ }
+ }
+
if (!Files.exists(keyStorePath))
createSelfSignedKeyStore(keyStorePath, keyStorePassword, PkiUtils.PKCS12);
props.put(InternalHttpConstants.SSL_KEYSTORETYPE, PkiUtils.PKCS12);
props.put(InternalHttpConstants.SSL_KEYSTORE, keyStorePath.toString());
- props.put(InternalHttpConstants.SSL_PASSWORD, keyStorePassword);
+ props.put(InternalHttpConstants.SSL_PASSWORD, new String(keyStorePassword));
+
+// props.put(InternalHttpConstants.SSL_KEYSTORETYPE, "PKCS11");
+// props.put(InternalHttpConstants.SSL_KEYSTORE, "../../nssdb");
+// props.put(InternalHttpConstants.SSL_PASSWORD, keyStorePassword);
// client certificate authentication
String wantClientAuth = getFrameworkProp(
if (webSocketEnabled != null && webSocketEnabled.equals("true"))
props.put(InternalHttpConstants.WEBSOCKET_ENABLED, true);
- props.put(NodeConstants.CN, NodeConstants.DEFAULT);
+ props.put(CmsConstants.CN, CmsConstants.DEFAULT);
}
return props;
}
List<String> uris = new ArrayList<>();
// node roles
- String nodeRolesUri = getFrameworkProp(NodeConstants.ROLES_URI);
- String baseNodeRoleDn = NodeConstants.ROLES_BASEDN;
+ String nodeRolesUri = getFrameworkProp(CmsConstants.ROLES_URI);
+ String baseNodeRoleDn = CmsConstants.ROLES_BASEDN;
if (nodeRolesUri == null) {
nodeRolesUri = baseNodeRoleDn + ".ldif";
File nodeRolesFile = new File(nodeBaseDir, nodeRolesUri);
uris.add(nodeRolesUri);
// node tokens
- String nodeTokensUri = getFrameworkProp(NodeConstants.TOKENS_URI);
- String baseNodeTokensDn = NodeConstants.TOKENS_BASEDN;
+ String nodeTokensUri = getFrameworkProp(CmsConstants.TOKENS_URI);
+ String baseNodeTokensDn = CmsConstants.TOKENS_BASEDN;
if (nodeTokensUri == null) {
nodeTokensUri = baseNodeTokensDn + ".ldif";
- File nodeRolesFile = new File(nodeBaseDir, nodeRolesUri);
- if (!nodeRolesFile.exists())
+ File nodeTokensFile = new File(nodeBaseDir, nodeTokensUri);
+ if (!nodeTokensFile.exists())
try {
FileUtils.copyInputStreamToFile(InitUtils.class.getResourceAsStream(baseNodeTokensDn + ".ldif"),
- nodeRolesFile);
+ nodeTokensFile);
} catch (IOException e) {
throw new RuntimeException("Cannot copy demo resource", e);
}
uris.add(nodeTokensUri);
// Business roles
- String userAdminUris = getFrameworkProp(NodeConstants.USERADMIN_URIS);
+ String userAdminUris = getFrameworkProp(CmsConstants.USERADMIN_URIS);
if (userAdminUris == null) {
String demoBaseDn = "dc=example,dc=com";
userAdminUris = demoBaseDn + ".ldif";
* some files (typically LDIF, etc).
*/
static void prepareFirstInitInstanceArea() {
- String nodeInits = getFrameworkProp(NodeConstants.NODE_INIT);
+ String nodeInits = getFrameworkProp(CmsConstants.NODE_INIT);
if (nodeInits == null)
nodeInits = "../../init";
for (String nodeInit : nodeInits.split(",")) {
if (nodeInit.startsWith("http")) {
- registerRemoteInit(nodeInit);
+ // TODO reconnect it
+ //registerRemoteInit(nodeInit);
} else {
// TODO use java.nio.file
}
}
- private static void registerRemoteInit(String uri) {
- try {
- BundleContext bundleContext = KernelUtils.getBundleContext();
- Repository repository = createRemoteRepository(new URI(uri));
- Hashtable<String, Object> properties = new Hashtable<>();
- properties.put(NodeConstants.CN, NodeConstants.NODE_INIT);
- properties.put(LdapAttrs.labeledURI.name(), uri);
- properties.put(Constants.SERVICE_RANKING, -1000);
- bundleContext.registerService(Repository.class, repository, properties);
- } catch (RepositoryException e) {
- throw new JcrException(e);
- } catch (URISyntaxException e) {
- throw new IllegalArgumentException(e);
- }
- }
-
- private static Repository createRemoteRepository(URI uri) throws RepositoryException {
- RepositoryFactory repositoryFactory = new ClientDavexRepositoryFactory();
- Map<String, String> params = new HashMap<String, String>();
- params.put(ClientDavexRepositoryFactory.JACKRABBIT_DAVEX_URI, uri.toString());
- // TODO make it configurable
- params.put(ClientDavexRepositoryFactory.JACKRABBIT_REMOTE_DEFAULT_WORKSPACE, NodeConstants.SYS_WORKSPACE);
- return repositoryFactory.getRepository(params);
- }
-
- private static void createSelfSignedKeyStore(Path keyStorePath, String keyStorePassword, String keyStoreType) {
+ private static void createSelfSignedKeyStore(Path keyStorePath, char[] keyStorePassword, String keyStoreType) {
// for (Provider provider : Security.getProviders())
// System.out.println(provider.getName());
- File keyStoreFile = keyStorePath.toFile();
- char[] ksPwd = keyStorePassword.toCharArray();
- char[] keyPwd = Arrays.copyOf(ksPwd, ksPwd.length);
- if (!keyStoreFile.exists()) {
+// File keyStoreFile = keyStorePath.toFile();
+ char[] keyPwd = Arrays.copyOf(keyStorePassword, keyStorePassword.length);
+ if (!Files.exists(keyStorePath)) {
try {
- keyStoreFile.getParentFile().mkdirs();
- KeyStore keyStore = PkiUtils.getKeyStore(keyStoreFile, ksPwd, keyStoreType);
+ Files.createDirectories(keyStorePath.getParent());
+ KeyStore keyStore = PkiUtils.getKeyStore(keyStorePath, keyStorePassword, keyStoreType);
PkiUtils.generateSelfSignedCertificate(keyStore,
new X500Principal("CN=" + InetAddress.getLocalHost().getHostName() + ",OU=UNSECURE,O=UNSECURE"),
1024, keyPwd);
- PkiUtils.saveKeyStore(keyStoreFile, ksPwd, keyStore);
+ PkiUtils.saveKeyStore(keyStorePath, keyStorePassword, keyStore);
if (log.isDebugEnabled())
- log.debug("Created self-signed unsecure keystore " + keyStoreFile);
+ log.debug("Created self-signed unsecure keystore " + keyStorePath);
} catch (Exception e) {
- if (keyStoreFile.length() == 0)
- keyStoreFile.delete();
- log.error("Cannot create keystore " + keyStoreFile, e);
+ try {
+ if (Files.size(keyStorePath) == 0)
+ Files.delete(keyStorePath);
+ } catch (IOException e1) {
+ // silent
+ }
+ log.error("Cannot create keystore " + keyStorePath, e);
}
} else {
throw new IllegalStateException("Keystore " + keyStorePath + " already exists");