This repository has been archived by the owner on May 31, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 4
/
CertificateActivator.scala
77 lines (63 loc) · 2.86 KB
/
CertificateActivator.scala
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
package blended.security.ssl.internal
import blended.container.context.api.ContainerIdentifierService
import blended.domino.TypesafeConfigWatching
import blended.security.ssl.{CertificateManager, CertificateProvider, SelfSignedCertificateProvider, SelfSignedConfig}
import blended.util.config.Implicits._
import blended.util.logging.Logger
import com.typesafe.config.Config
import domino.DominoActivator
import javax.management.{MBeanServer, ObjectName}
import javax.net.ssl.SSLContext
class CertificateActivator extends DominoActivator with TypesafeConfigWatching {
private[this] val log = Logger[CertificateActivator]
private[this] def setupSelfSignedProvider(cfg: Config, idSvc: ContainerIdentifierService) : Unit = {
// Should we provide a CertifacteProvider with a self-signed certificate?
cfg.getConfigOption("selfsigned") match {
case Some(selfCfg) =>
val selfSignedProvider = new SelfSignedCertificateProvider(SelfSignedConfig.fromConfig(selfCfg, idSvc))
selfSignedProvider.providesService[CertificateProvider](Map(
"provider" -> "default"
))
case None =>
log.warn("No config entry 'selfsigned' found. Skipping provision of SelfSignedCertificateProvider")
}
}
private[this] def setupCertificateManager(
mgrConfig: CertificateManagerConfig
) : Unit = {
def waitForProvider(providerNames: List[String], provider: Map[String, CertificateProvider]) : Unit = {
providerNames match {
case Nil =>
val mgr = new CertificateManagerImpl(bundleContext, capsuleContext, mgrConfig, provider)
mgr.providesService[CertificateManager]
addCapsule(mgr)
case head :: tail =>
log.info(s"Waiting for certificate provider [$head]")
whenAdvancedServicePresent[CertificateProvider](s"(provider=$head)") { p =>
log.info(s"Certificate provider [$head] available.")
waitForProvider(tail, provider + (head -> p))
}
}
}
val distinctProviderNames : List[String] = mgrConfig.certConfigs.map(_.provider).distinct
waitForProvider(distinctProviderNames, Map.empty)
}
whenBundleActive {
whenTypesafeConfigAvailable { (cfg, idSvc) =>
val mgrConfig = CertificateManagerConfig.fromConfig(cfg, new PasswordHasher(idSvc.uuid), idSvc)
setupSelfSignedProvider(cfg, idSvc)
setupCertificateManager(mgrConfig)
whenAdvancedServicePresent[SSLContext]("(type=server)") { ctxt =>
val info = new SslContextInfo(ctxt, mgrConfig.validCypherSuites)
info.providesService[blended.security.ssl.SslContextInfo]
whenServicePresent[MBeanServer] { server =>
val objName: ObjectName = new ObjectName("blended:type=SslContext,name=server")
server.registerMBean(info, objName)
onStop {
server.unregisterMBean(objName)
}
}
}
}
}
}