InstallationFinalizer.java

  1. /*
  2.  * Copyright (C) 2020-2024 by Savoir-faire Linux
  3.  *
  4.  * This program is free software; you can redistribute it and/or modify
  5.  * it under the terms of the GNU General Public License as published by
  6.  * the Free Software Foundation; either version 3 of the License, or
  7.  * (at your option) any later version.
  8.  *
  9.  * This program is distributed in the hope that it will be useful,
  10.  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  11.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  12.  * GNU General Public License for more details.
  13.  *
  14.  * You should have received a copy of the GNU General Public License
  15.  * along with this program.  If not, see <https://www.gnu.org/licenses/>.
  16.  */
  17. package net.jami.jams.server.core.workflows;

  18. import static net.jami.jams.server.Server.certificateAuthority;
  19. import static net.jami.jams.server.Server.dataStore;
  20. import static net.jami.jams.server.Server.nameServer;
  21. import static net.jami.jams.server.Server.tomcatLauncher;
  22. import static net.jami.jams.server.Server.userAuthenticationModule;

  23. import com.google.gson.Gson;

  24. import lombok.extern.slf4j.Slf4j;

  25. import net.jami.jams.common.authentication.AuthenticationSourceType;
  26. import net.jami.jams.common.objects.roots.X509Fields;
  27. import net.jami.jams.common.objects.system.SystemAccount;
  28. import net.jami.jams.common.objects.system.SystemAccountType;
  29. import net.jami.jams.common.serialization.adapters.GsonFactory;
  30. import net.jami.jams.common.server.ServerSettings;
  31. import net.jami.jams.nameserver.LocalNameServer;
  32. import net.jami.jams.nameserver.PublicNameServer;
  33. import net.jami.jams.server.Server;
  34. import net.jami.jams.server.servlets.api.install.CachedObjects;
  35. import net.jami.jams.server.startup.AuthModuleLoader;

  36. import java.io.File;
  37. import java.io.FileOutputStream;
  38. import java.io.OutputStream;
  39. import java.security.KeyStore;

  40. @Slf4j
  41. public class InstallationFinalizer {

  42.     private boolean useLocalNS = true;
  43.     private final Gson gson = GsonFactory.createGson();

  44.     public boolean finalizeInstallation() {
  45.         // Basically here we build the config and flush it.
  46.         try {
  47.             log.info("Building configuration from submitted variables…");
  48.             ServerSettings serverSettings = new ServerSettings();
  49.             serverSettings.setCaConfiguration(
  50.                     gson.toJson(CachedObjects.certificateAuthorityConfig));
  51.             // TODO: This is a bit of hack, we should fix this someday.
  52.             serverSettings.setServerPublicURI(
  53.                     CachedObjects.certificateAuthorityConfig.getServerDomain());
  54.             if (CachedObjects.activeDirectorySettings != null) {
  55.                 serverSettings.setActiveDirectoryConfiguration(
  56.                         gson.toJson(CachedObjects.activeDirectorySettings));
  57.                 log.info(
  58.                         "Server configured to use Active Directory as the authentication backend.");
  59.             }
  60.             if (CachedObjects.ldapSettings != null) {
  61.                 serverSettings.setLdapConfiguration(gson.toJson(CachedObjects.ldapSettings));
  62.                 log.info("Server configured to use LDAP as the authentication backend.");
  63.             }
  64.             if (CachedObjects.localAuthSettings != null) {
  65.                 serverSettings.setLocalDirectoryConfiguration(
  66.                         gson.toJson(CachedObjects.localAuthSettings));
  67.                 if (CachedObjects.localAuthSettings.getPublicNames()) {
  68.                     useLocalNS = false;
  69.                     nameServer =
  70.                             new PublicNameServer(
  71.                                     CachedObjects.localAuthSettings.getPublicNameServer());
  72.                     log.warn(
  73.                             "Server configured to use {} as the name server for Jami clients.",
  74.                             CachedObjects.localAuthSettings.getPublicNameServer());
  75.                 }
  76.                 log.info("Server is configured to use local authentication engine.");
  77.             }
  78.             // Now flush the server settings.
  79.             OutputStream os = new FileOutputStream(new File("config.json"));
  80.             os.write(gson.toJson(serverSettings).getBytes());
  81.             os.flush();
  82.             os.close();
  83.             log.info("Settings saved succesfully to configuration file.");
  84.             log.info("Attempting to save the CA and generate the OCSP certificate…");
  85.             if (CachedObjects.createCARequest.getFields() != null) {
  86.                 SystemAccount caAccount = new SystemAccount();
  87.                 caAccount.setSystemAccountType(SystemAccountType.CA);
  88.                 caAccount.setX509Fields(CachedObjects.createCARequest.getFields());
  89.                 certificateAuthority.getSignedCertificate(caAccount);
  90.                 dataStore.getSystemDao().storeObject(caAccount);
  91.                 log.info("CA stored successfully.");
  92.                 certificateAuthority.init(serverSettings.getCaConfiguration(), caAccount, null);
  93.                 SystemAccount ocspAccount = new SystemAccount();
  94.                 ocspAccount.setX509Fields(new X509Fields());
  95.                 ocspAccount.getX509Fields().setCommonName("OCSP Server Certificate");
  96.                 ocspAccount.setSystemAccountType(SystemAccountType.OCSP);
  97.                 ocspAccount.getX509Fields().setLifetime(caAccount.getX509Fields().getLifetime());
  98.                 certificateAuthority.getSignedCertificate(ocspAccount);
  99.                 dataStore.getSystemDao().storeObject(ocspAccount);
  100.                 log.info("OCSP certificate created and stored successfully.");
  101.                 certificateAuthority.init(
  102.                         serverSettings.getCaConfiguration(), caAccount, ocspAccount);
  103.                 log.info(
  104.                         "Certificate authority with the appropriate settings inited successfully.");
  105.             }
  106.             log.info("Initializing the selected authentication providers");
  107.             userAuthenticationModule =
  108.                     AuthModuleLoader.loadAuthenticationModule(dataStore, certificateAuthority);
  109.             if (serverSettings.getActiveDirectoryConfiguration() != null)
  110.                 userAuthenticationModule.attachAuthSource(
  111.                         AuthenticationSourceType.AD,
  112.                         serverSettings.getActiveDirectoryConfiguration());
  113.             if (serverSettings.getLdapConfiguration() != null)
  114.                 userAuthenticationModule.attachAuthSource(
  115.                         AuthenticationSourceType.LDAP, serverSettings.getLdapConfiguration());
  116.             if (useLocalNS)
  117.                 nameServer =
  118.                         new LocalNameServer(
  119.                                 dataStore,
  120.                                 userAuthenticationModule,
  121.                                 serverSettings.getServerPublicURI());
  122.             log.info("Building keystore for client auth for Tomcat…");
  123.             KeyStore ks = KeyStore.getInstance("JKS");
  124.             char[] password = "changeit".toCharArray();
  125.             ks.load(null, password);
  126.             ks.setCertificateEntry("jams-ca", certificateAuthority.getCA());
  127.             FileOutputStream fos = new FileOutputStream("keystore.jks");
  128.             ks.store(fos, password);
  129.             fos.close();
  130.             log.info("Keystore for Tomcat built successfully.");
  131.             Server.isInstalled.set(true);
  132.             // fix to swap connectors - this assumes you are running with an SSL certificate
  133.             tomcatLauncher.swapConnectors();
  134.             log.info("The installation completed successfully. JAMS is set up and ready to use.");
  135.         } catch (Exception e) {
  136.             log.error("An error occurred while saving settings to disk: " + e);
  137.             return false;
  138.         }
  139.         return true;
  140.     }
  141. }