Produced by Araxis Merge on 9/25/2018 2:13:12 PM Central Daylight Time. See www.araxis.com for information about Merge. This report uses XHTML and CSS2, and is best viewed with a modern standards-compliant browser. For optimum results when printing this report, use landscape orientation and enable printing of background images and colours in your browser.
# | Location | File | Last Modified |
---|---|---|---|
1 | build 3.zip\build 3\MHLTH_YS_137_Source\JavaScript\resources\javaJDF-1.8.0\src\sun\management\jmxremote | ConnectorBootstrap.java | Mon Jan 22 14:46:54 2018 UTC |
2 | build 3.zip\build 3\MHLTH_YS_137_Source\JavaScript\resources\javaJDF-1.8.0\src\sun\management\jmxremote | ConnectorBootstrap.java | Wed Sep 12 17:43:14 2018 UTC |
Description | Between Files 1 and 2 |
|
---|---|---|
Text Blocks | Lines | |
Unchanged | 2 | 2040 |
Changed | 1 | 2 |
Inserted | 0 | 0 |
Removed | 0 | 0 |
Whitespace | |
---|---|
Character case | Differences in character case are significant |
Line endings | Differences in line endings (CR and LF characters) are ignored |
CR/LF characters | Not shown in the comparison detail |
No regular expressions were active.
1 | /* | |
2 | * Copyrig ht (c) 200 3, 2017, O racle and/ or its aff iliates. A ll rights reserved. | |
3 | * DO NOT ALTER OR R EMOVE COPY RIGHT NOTI CES OR THI S FILE HEA DER. | |
4 | * | |
5 | * This co de is free software; you can r edistribut e it and/o r modify i t | |
6 | * under t he terms o f the GNU General Pu blic Licen se version 2 only, a s | |
7 | * publish ed by the Free Softw are Founda tion. Ora cle design ates this | |
8 | * particu lar file a s subject to the "Cl asspath" e xception a s provided | |
9 | * by Orac le in the LICENSE fi le that ac companied this code. | |
10 | * | |
11 | * This co de is dist ributed in the hope that it wi ll be usef ul, but WI THOUT | |
12 | * ANY WAR RANTY; wit hout even the implie d warranty of MERCHA NTABILITY or | |
13 | * FITNESS FOR A PAR TICULAR PU RPOSE. Se e the GNU General Pu blic Licen se | |
14 | * version 2 for mor e details (a copy is included in the LIC ENSE file that | |
15 | * accompa nied this code). | |
16 | * | |
17 | * You sho uld have r eceived a copy of th e GNU Gene ral Public License v ersion | |
18 | * 2 along with this work; if not, write to the Fr ee Softwar e Foundati on, | |
19 | * Inc., 5 1 Franklin St, Fifth Floor, Bo ston, MA 0 2110-1301 USA. | |
20 | * | |
21 | * Please contact Or acle, 500 Oracle Par kway, Redw ood Shores , CA 94065 USA | |
22 | * or visi t www.orac le.com if you need a dditional informatio n or have any | |
23 | * questio ns. | |
24 | */ | |
25 | ||
26 | package su n.manageme nt.jmxremo te; | |
27 | ||
28 | import jav a.io.Buffe redInputSt ream; | |
29 | import jav a.io.File; | |
30 | import jav a.io.FileI nputStream ; | |
31 | import jav a.io.IOExc eption; | |
32 | import jav a.io.Input Stream; | |
33 | import sun .misc.Obje ctInputFil ter; | |
34 | import jav a.lang.man agement.Ma nagementFa ctory; | |
35 | import jav a.net.Inet Address; | |
36 | import jav a.net.Malf ormedURLEx ception; | |
37 | import jav a.net.Sock et; | |
38 | import jav a.net.Serv erSocket; | |
39 | import jav a.net.Unkn ownHostExc eption; | |
40 | import jav a.rmi.NoSu chObjectEx ception; | |
41 | import jav a.rmi.Remo te; | |
42 | import jav a.rmi.Remo teExceptio n; | |
43 | import jav a.rmi.regi stry.Regis try; | |
44 | import jav a.rmi.serv er.RMIClie ntSocketFa ctory; | |
45 | import jav a.rmi.serv er.RMIServ erSocketFa ctory; | |
46 | import jav a.rmi.serv er.RemoteO bject; | |
47 | import jav a.rmi.serv er.Unicast RemoteObje ct; | |
48 | import jav a.security .KeyStore; | |
49 | import jav a.security .Principal ; | |
50 | import jav a.util.Has hMap; | |
51 | import jav a.util.Has hSet; | |
52 | import jav a.util.Map ; | |
53 | import jav a.util.Pro perties; | |
54 | import jav a.util.Set ; | |
55 | import jav a.util.Str ingTokeniz er; | |
56 | ||
57 | import jav ax.managem ent.MBeanS erver; | |
58 | import jav ax.managem ent.remote .JMXAuthen ticator; | |
59 | import jav ax.managem ent.remote .JMXConnec torServer; | |
60 | import jav ax.managem ent.remote .JMXConnec torServerF actory; | |
61 | import jav ax.managem ent.remote .JMXServic eURL; | |
62 | import jav ax.managem ent.remote .rmi.RMICo nnectorSer ver; | |
63 | import jav ax.net.ssl .KeyManage rFactory; | |
64 | import jav ax.net.ssl .SSLContex t; | |
65 | import jav ax.net.ssl .SSLSocket ; | |
66 | import jav ax.net.ssl .SSLSocket Factory; | |
67 | import jav ax.net.ssl .TrustMana gerFactory ; | |
68 | import jav ax.rmi.ssl .SslRMICli entSocketF actory; | |
69 | import jav ax.rmi.ssl .SslRMISer verSocketF actory; | |
70 | import jav ax.securit y.auth.Sub ject; | |
71 | ||
72 | import com .sun.jmx.r emote.inte rnal.RMIEx porter; | |
73 | import com .sun.jmx.r emote.secu rity.JMXPl uggableAut henticator ; | |
74 | import com .sun.jmx.r emote.util .ClassLogg er; | |
75 | import com .sun.jmx.r emote.util .EnvHelp; | |
76 | ||
77 | import sun .managemen t.Agent; | |
78 | import sun .managemen t.AgentCon figuration Error; | |
79 | import sta tic sun.ma nagement.A gentConfig urationErr or.*; | |
80 | import sun .managemen t.Connecto rAddressLi nk; | |
81 | import sun .managemen t.FileSyst em; | |
82 | import sun .rmi.serve r.UnicastR ef; | |
83 | import sun .rmi.serve r.UnicastS erverRef; | |
84 | import sun .rmi.serve r.UnicastS erverRef2; | |
85 | import sun .rmi.trans port.LiveR ef; | |
86 | ||
87 | /** | |
88 | * This cl ass initia lizes and starts the RMIConnec torServer for JSR 16 3 | |
89 | * JMX Mon itoring. | |
90 | **/ | |
91 | public fin al class C onnectorBo otstrap { | |
92 | ||
93 | /** | |
94 | * Def ault value s for JMX configurat ion proper ties. | |
95 | **/ | |
96 | public static in terface De faultValue s { | |
97 | ||
98 | pu blic stati c final St ring PORT = "0"; | |
99 | pu blic stati c final St ring CONFI G_FILE_NAM E = "manag ement.prop erties"; | |
100 | pu blic stati c final St ring USE_S SL = "true "; | |
101 | pu blic stati c final St ring USE_L OCAL_ONLY = "true"; | |
102 | pu blic stati c final St ring USE_R EGISTRY_SS L = "false "; | |
103 | pu blic stati c final St ring USE_A UTHENTICAT ION = "tru e"; | |
104 | pu blic stati c final St ring PASSW ORD_FILE_N AME = "jmx remote.pas sword"; | |
105 | pu blic stati c final St ring ACCES S_FILE_NAM E = "jmxre mote.acces s"; | |
106 | pu blic stati c final St ring SSL_N EED_CLIENT _AUTH = "f alse"; | |
107 | } | |
108 | ||
109 | /** | |
110 | * Nam es of JMX configurat ion proper ties. | |
111 | **/ | |
112 | public static in terface Pr opertyName s { | |
113 | ||
114 | pu blic stati c final St ring PORT = | |
115 | "com .sun.manag ement.jmxr emote.port "; | |
116 | pu blic stati c final St ring HOST = | |
117 | "com .sun.manag ement.jmxr emote.host "; | |
118 | pu blic stati c final St ring RMI_P ORT = | |
119 | "com .sun.manag ement.jmxr emote.rmi. port"; | |
120 | pu blic stati c final St ring CONFI G_FILE_NAM E = | |
121 | "com .sun.manag ement.conf ig.file"; | |
122 | pu blic stati c final St ring USE_L OCAL_ONLY = | |
123 | "com .sun.manag ement.jmxr emote.loca l.only"; | |
124 | pu blic stati c final St ring USE_S SL = | |
125 | "com .sun.manag ement.jmxr emote.ssl" ; | |
126 | pu blic stati c final St ring USE_R EGISTRY_SS L = | |
127 | "com .sun.manag ement.jmxr emote.regi stry.ssl"; | |
128 | pu blic stati c final St ring USE_A UTHENTICAT ION = | |
129 | "com .sun.manag ement.jmxr emote.auth enticate"; | |
130 | pu blic stati c final St ring PASSW ORD_FILE_N AME = | |
131 | "com .sun.manag ement.jmxr emote.pass word.file" ; | |
132 | pu blic stati c final St ring ACCES S_FILE_NAM E = | |
133 | "com .sun.manag ement.jmxr emote.acce ss.file"; | |
134 | pu blic stati c final St ring LOGIN _CONFIG_NA ME = | |
135 | "com .sun.manag ement.jmxr emote.logi n.config"; | |
136 | pu blic stati c final St ring SSL_E NABLED_CIP HER_SUITES = | |
137 | "com .sun.manag ement.jmxr emote.ssl. enabled.ci pher.suite s"; | |
138 | pu blic stati c final St ring SSL_E NABLED_PRO TOCOLS = | |
139 | "com .sun.manag ement.jmxr emote.ssl. enabled.pr otocols"; | |
140 | pu blic stati c final St ring SSL_N EED_CLIENT _AUTH = | |
141 | "com .sun.manag ement.jmxr emote.ssl. need.clien t.auth"; | |
142 | pu blic stati c final St ring SSL_C ONFIG_FILE _NAME = | |
143 | "com .sun.manag ement.jmxr emote.ssl. config.fil e"; | |
144 | pu blic stati c final St ring SERIA L_FILTER_P ATTERN = | |
145 | "com .sun.manag ement.jmxr emote.seri al.filter. pattern"; | |
146 | } | |
147 | ||
148 | /** | |
149 | * JMX ConnectorS erver asso ciated dat a. | |
150 | */ | |
151 | privat e static c lass JMXCo nnectorSer verData { | |
152 | ||
153 | pu blic JMXCo nnectorSer verData( | |
154 | JMXC onnectorSe rver jmxCo nnectorSer ver, | |
155 | JMXS erviceURL jmxRemoteU RL) { | |
156 | this.jmx ConnectorS erver = jm xConnector Server; | |
157 | this.jmx RemoteURL = jmxRemot eURL; | |
158 | } | |
159 | JM XConnector Server jmx ConnectorS erver; | |
160 | JM XServiceUR L jmxRemot eURL; | |
161 | } | |
162 | ||
163 | /** | |
164 | * <p> Prevents o ur RMI ser ver object s from kee ping the J VM alive.< /p> | |
165 | * | |
166 | * <p> We use a p rivate int erface in Sun's JMX Remote API implement ation | |
167 | * tha t allows u s to speci fy how to export RMI objects. We do so using | |
168 | * Uni castServer Ref, a cla ss in Sun' s RMI impl ementation . This is all | |
169 | * non -portable, of course , so this is only va lid becaus e we are i nside | |
170 | * Sun 's JRE.</p > | |
171 | * | |
172 | * <p> Objects ar e exported using {@l ink | |
173 | * Uni castServer Ref#export Object(Rem ote, Objec t, boolean )}. The | |
174 | * boo lean param eter is ca lled <code >permanent </code> an d means | |
175 | * bot h that the object is not eligi ble for Di stributed Garbage | |
176 | * Col lection, a nd that it s continue d existenc e will not prevent | |
177 | * the JVM from exiting. It is the latter sem antics we want (we | |
178 | * alr eady have the former because o f the way the JMX Re mote API | |
179 | * wor ks). Henc e the some what misle ading name of this c lass.</p> | |
180 | */ | |
181 | privat e static c lass Perma nentExport er impleme nts RMIExp orter { | |
182 | ||
183 | pu blic Remot e exportOb ject(Remot e obj, | |
184 | int port, | |
185 | RMIC lientSocke tFactory c sf, | |
186 | RMIS erverSocke tFactory s sf, | |
187 | Obje ctInputFil ter filter ) | |
188 | thro ws RemoteE xception { | |
189 | ||
190 | synchron ized (this ) { | |
191 | if ( firstExpor ted == nul l) { | |
192 | firstExpor ted = obj; | |
193 | } | |
194 | } | |
195 | ||
196 | final Un icastServe rRef ref; | |
197 | if (csf == null && ssf == nu ll) { | |
198 | ref = new Unic astServerR ef(new Liv eRef(port) , filter); | |
199 | } else { | |
200 | ref = new Unic astServerR ef2(port, csf, ssf, filter); | |
201 | } | |
202 | return r ef.exportO bject(obj, null, tru e); | |
203 | } | |
204 | ||
205 | // Nothing s pecial to be done fo r this cas e | |
206 | pu blic boole an unexpor tObject(Re mote obj, boolean fo rce) | |
207 | thro ws NoSuchO bjectExcep tion { | |
208 | return U nicastRemo teObject.u nexportObj ect(obj, f orce); | |
209 | } | |
210 | Re mote first Exported; | |
211 | } | |
212 | ||
213 | /** | |
214 | * Thi s JMXAuthe nticator w raps the J MXPluggabl eAuthentic ator and v erifies | |
215 | * tha t at least one of th e principa l names co ntained in the authe nticated | |
216 | * Sub ject is pr esent in t he access file. | |
217 | */ | |
218 | privat e static c lass Acces sFileCheck erAuthenti cator | |
219 | implemen ts JMXAuth enticator { | |
220 | ||
221 | pu blic Acces sFileCheck erAuthenti cator(Map< String, Ob ject> env) throws IO Exception { | |
222 | environm ent = env; | |
223 | accessFi le = (Stri ng) env.ge t("jmx.rem ote.x.acce ss.file"); | |
224 | properti es = prope rtiesFromF ile(access File); | |
225 | } | |
226 | ||
227 | pu blic Subje ct authent icate(Obje ct credent ials) { | |
228 | final JM XAuthentic ator authe nticator = | |
229 | new JMXPlu ggableAuth enticator( environmen t); | |
230 | final Su bject subj ect = auth enticator. authentica te(credent ials); | |
231 | checkAcc essFileEnt ries(subje ct); | |
232 | return s ubject; | |
233 | } | |
234 | ||
235 | pr ivate void checkAcce ssFileEntr ies(Subjec t subject) { | |
236 | if (subj ect == nul l) { | |
237 | thro w new Secu rityExcept ion( | |
238 | "Acces s denied! No matchin g entries found in " + | |
239 | "the a ccess file [" + acce ssFile + " ] as the " + | |
240 | "authe nticated S ubject is null"); | |
241 | } | |
242 | final Se t<Principa l> princip als = subj ect.getPri ncipals(); | |
243 | for (Pri ncipal p1: principal s) { | |
244 | if ( properties .containsK ey(p1.getN ame())) { | |
245 | return; | |
246 | } | |
247 | } | |
248 | ||
249 | final Se t<String> principals Str = new HashSet<>( ); | |
250 | for (Pri ncipal p2: principal s) { | |
251 | prin cipalsStr. add(p2.get Name()); | |
252 | } | |
253 | throw ne w Security Exception( | |
254 | "Access de nied! No e ntries fou nd in the access fil e [" + | |
255 | accessFile + "] for any of the authentic ated ident ities " + | |
256 | principals Str); | |
257 | } | |
258 | ||
259 | pr ivate stat ic Propert ies proper tiesFromFi le(String fname) | |
260 | thro ws IOExcep tion { | |
261 | Properti es p = new Propertie s(); | |
262 | if (fnam e == null) { | |
263 | retu rn p; | |
264 | } | |
265 | try (Fil eInputStre am fin = n ew FileInp utStream(f name)) { | |
266 | p.lo ad(fin); | |
267 | } | |
268 | return p ; | |
269 | } | |
270 | pr ivate fina l Map<Stri ng, Object > environm ent; | |
271 | pr ivate fina l Properti es propert ies; | |
272 | pr ivate fina l String a ccessFile; | |
273 | } | |
274 | ||
275 | // The variable below is h ere to sup port stop functional ity | |
276 | // It would be o verriten i f you call startRemo teCommecti onServer s econd | |
277 | // tim e. It's OK for now a s logic in Agent.jav a forbids mutiple ag ents | |
278 | privat e static R egistry re gistry = n ull; | |
279 | ||
280 | public static vo id unexpor tRegistry( ) { | |
281 | // Remove th e entry fr om registr y | |
282 | tr y { | |
283 | if (regi stry != nu ll) { | |
284 | Unic astRemoteO bject.unex portObject (registry, true); | |
285 | regi stry = nul l; | |
286 | } | |
287 | } catch(NoSu chObjectEx ception ex ) { | |
288 | // This exception can appear s only if we attempt | |
289 | // to un exportRegi stry secon d time. So it's safe | |
290 | // to ig nore it wi thout addi tional mes sages. | |
291 | } | |
292 | } | |
293 | ||
294 | /** | |
295 | * In itializes and starts the JMX C onnector S erver. | |
296 | * If the com.s un.managem ent.jmxrem ote.port p roperty is not defin ed, | |
297 | * si mply retur n. Otherwi se, attemp ts to load the confi g file, an d | |
298 | * th en calls { @link #sta rtRemoteCo nnectorSer ver | |
299 | * (java .lang.Stri ng, java.u til.Proper ties)}. | |
300 | * | |
301 | * Th is method is used by some jtre g tests. | |
302 | **/ | |
303 | publ ic static synchroniz ed JMXConn ectorServe r initiali ze() { | |
304 | ||
305 | / / Load a n ew managem ent proper ties | |
306 | f inal Prope rties prop s = Agent. loadManage mentProper ties(); | |
307 | i f (props = = null) { | |
308 | return null; | |
309 | } | |
310 | ||
311 | f inal Strin g portStr = props.ge tProperty( PropertyNa mes.PORT); | |
312 | r eturn star tRemoteCon nectorServ er(portStr , props); | |
313 | } | |
314 | ||
315 | /** | |
316 | * Thi s method i s used by some jtreg tests. | |
317 | * | |
318 | * @se e #startRe moteConnec torServer | |
319 | * ( String por tStr, Prop erties pro ps) | |
320 | */ | |
321 | public static sy nchronized JMXConnec torServer initialize (String po rtStr, Pro perties pr ops) { | |
322 | r eturn star tRemoteCon nectorServ er(portStr , props); | |
323 | } | |
324 | ||
325 | /** | |
326 | * Ini tializes a nd starts a JMX Conn ector Serv er for rem ote | |
327 | * mon itoring an d manageme nt. | |
328 | **/ | |
329 | public static sy nchronized JMXConnec torServer startRemot eConnector Server(Str ing portSt r, Propert ies props) { | |
330 | ||
331 | // Get port number | |
332 | fi nal int po rt; | |
333 | tr y { | |
334 | port = I nteger.par seInt(port Str); | |
335 | } catch (Num berFormatE xception x ) { | |
336 | throw ne w AgentCon figuration Error(INVA LID_JMXREM OTE_PORT, x, portStr ); | |
337 | } | |
338 | if (port < 0 ) { | |
339 | throw ne w AgentCon figuration Error(INVA LID_JMXREM OTE_PORT, portStr); | |
340 | } | |
341 | ||
342 | // User can specify a port to be used to e xport rmi object, | |
343 | // in order to simplif y firewall rules | |
344 | // if port i s not spec ified rand om one wil l be alloc ated. | |
345 | int rmiP ORT
|
|
346 | St ring rmiPo rtStr = pr ops.getPro perty(Prop ertyNames. RMI_PORT); | |
347 | tr y { | |
348 | if (rmiP ortStr != null) { | |
349 | rmiPo rt = Integ er.parseIn t(rmiPortS tr); | |
350 | } | |
351 | } catch (Num berFormatE xception x ) { | |
352 | throw ne w AgentCon figuration Error(INVA LID_JMXREM OTE_RMI_PO RT, x, rmi PortStr); | |
353 | } | |
354 | if (rmiPort < 0) { | |
355 | throw ne w AgentCon figuration Error(INVA LID_JMXREM OTE_RMI_PO RT, rmiPor tStr); | |
356 | } | |
357 | ||
358 | // Do we use authentic ation? | |
359 | fi nal String useAuthen ticationSt r = | |
360 | prop s.getPrope rty(Proper tyNames.US E_AUTHENTI CATION, | |
361 | Defa ultValues. USE_AUTHEN TICATION); | |
362 | fi nal boolea n useAuthe ntication = | |
363 | Bool ean.valueO f(useAuthe nticationS tr).boolea nValue(); | |
364 | ||
365 | // Do we use SSL? | |
366 | fi nal String useSslStr = | |
367 | prop s.getPrope rty(Proper tyNames.US E_SSL, | |
368 | Defa ultValues. USE_SSL); | |
369 | fi nal boolea n useSsl = | |
370 | Bool ean.valueO f(useSslSt r).boolean Value(); | |
371 | ||
372 | // Do we use RMI Regis try SSL? | |
373 | fi nal String useRegist rySslStr = | |
374 | prop s.getPrope rty(Proper tyNames.US E_REGISTRY _SSL, | |
375 | Defa ultValues. USE_REGIST RY_SSL); | |
376 | fi nal boolea n useRegis trySsl = | |
377 | Bool ean.valueO f(useRegis trySslStr) .booleanVa lue(); | |
378 | ||
379 | fi nal String enabledCi pherSuites = | |
380 | prop s.getPrope rty(Proper tyNames.SS L_ENABLED_ CIPHER_SUI TES); | |
381 | St ring enabl edCipherSu itesList[] = null; | |
382 | if (enabledC ipherSuite s != null) { | |
383 | StringTo kenizer st = new Str ingTokeniz er(enabled CipherSuit es, ","); | |
384 | int toke ns = st.co untTokens( ); | |
385 | enabledC ipherSuite sList = ne w String[t okens]; | |
386 | for (int i = 0; i < tokens; i++) { | |
387 | enab ledCipherS uitesList[ i] = st.ne xtToken(); | |
388 | } | |
389 | } | |
390 | ||
391 | fi nal String enabledPr otocols = | |
392 | prop s.getPrope rty(Proper tyNames.SS L_ENABLED_ PROTOCOLS) ; | |
393 | St ring enabl edProtocol sList[] = null; | |
394 | if (enabledP rotocols ! = null) { | |
395 | StringTo kenizer st = new Str ingTokeniz er(enabled Protocols, ","); | |
396 | int toke ns = st.co untTokens( ); | |
397 | enabledP rotocolsLi st = new S tring[toke ns]; | |
398 | for (int i = 0; i < tokens; i++) { | |
399 | enab ledProtoco lsList[i] = st.nextT oken(); | |
400 | } | |
401 | } | |
402 | ||
403 | fi nal String sslNeedCl ientAuthSt r = | |
404 | prop s.getPrope rty(Proper tyNames.SS L_NEED_CLI ENT_AUTH, | |
405 | Defa ultValues. SSL_NEED_C LIENT_AUTH ); | |
406 | fi nal boolea n sslNeedC lientAuth = | |
407 | Bool ean.valueO f(sslNeedC lientAuthS tr).boolea nValue(); | |
408 | ||
409 | // Read SSL config fil e name | |
410 | fi nal String sslConfig FileName = | |
411 | prop s.getPrope rty(Proper tyNames.SS L_CONFIG_F ILE_NAME); | |
412 | ||
413 | St ring login ConfigName = null; | |
414 | St ring passw ordFileNam e = null; | |
415 | St ring acces sFileName = null; | |
416 | ||
417 | // Initializ e settings when auth entication is active | |
418 | if (useAuthe ntication) { | |
419 | ||
420 | // Get n on-default login con figuration | |
421 | loginCon figName = | |
422 | props.getP roperty(Pr opertyName s.LOGIN_CO NFIG_NAME) ; | |
423 | ||
424 | if (logi nConfigNam e == null) { | |
425 | // G et passwor d file | |
426 | pass wordFileNa me = | |
427 | props. getPropert y(Property Names.PASS WORD_FILE_ NAME, | |
428 | getDef aultFileNa me(Default Values.PAS SWORD_FILE _NAME)); | |
429 | chec kPasswordF ile(passwo rdFileName ); | |
430 | } | |
431 | ||
432 | // Get a ccess file | |
433 | accessFi leName = p rops.getPr operty(Pro pertyNames .ACCESS_FI LE_NAME, | |
434 | getDefault FileName(D efaultValu es.ACCESS_ FILE_NAME) ); | |
435 | checkAcc essFile(ac cessFileNa me); | |
436 | } | |
437 | ||
438 | fi nal String bindAddre ss = | |
439 | prop s.getPrope rty(Proper tyNames.HO ST); | |
440 | fi nal String jmxRmiFil ter = prop s.getPrope rty(Proper tyNames.SE RIAL_FILTE R_PATTERN) ; | |
441 | ||
442 | if (log.debu gOn()) { | |
443 | log.debu g("startRe moteConnec torServer" , | |
444 | Agent.getT ext("jmxre mote.Conne ctorBootst rap.starti ng") + | |
445 | "\n\t" + P ropertyNam es.PORT + "=" + port + | |
446 | (bindAddre ss == null ? "" : "\ n\t" + Pro pertyNames .HOST + "= " + bindAd dress) + | |
447 | "\n\t" + P ropertyNam es.RMI_POR T + "=" + rmiPort + | |
448 | "\n\t" + P ropertyNam es.USE_SSL + "=" + u seSsl + | |
449 | "\n\t" + P ropertyNam es.USE_REG ISTRY_SSL + "=" + us eRegistryS sl + | |
450 | "\n\t" + P ropertyNam es.SSL_CON FIG_FILE_N AME + "=" + sslConfi gFileName + | |
451 | "\n\t" + P ropertyNam es.SSL_ENA BLED_CIPHE R_SUITES + "=" + | |
452 | enabledCip herSuites + | |
453 | "\n\t" + P ropertyNam es.SSL_ENA BLED_PROTO COLS + "=" + | |
454 | enabledPro tocols + | |
455 | "\n\t" + P ropertyNam es.SSL_NEE D_CLIENT_A UTH + "=" + | |
456 | sslNeedCli entAuth + | |
457 | "\n\t" + P ropertyNam es.USE_AUT HENTICATIO N + "=" + | |
458 | useAuthent ication + | |
459 | (useAuthen tication ? (loginCon figName == null ? (" \n\t" + Pr opertyName s.PASSWORD _FILE_NAME + "=" + | |
460 | passwordFi leName) : ("\n\t" + PropertyNa mes.LOGIN_ CONFIG_NAM E + "=" + | |
461 | loginConfi gName)) : "\n\t" + | |
462 | Agent.getT ext("jmxre mote.Conne ctorBootst rap.noAuth entication ")) + | |
463 | (useAuthen tication ? ("\n\t" + PropertyN ames.ACCES S_FILE_NAM E + "=" + | |
464 | accessFile Name) : "" ) + | |
465 | ""); | |
466 | } | |
467 | ||
468 | fi nal MBeanS erver mbs = Manageme ntFactory. getPlatfor mMBeanServ er(); | |
469 | JM XConnector Server cs = null; | |
470 | JM XServiceUR L url = nu ll; | |
471 | tr y { | |
472 | final JM XConnector ServerData data = ex portMBeanS erver( | |
473 | mbs, port, rmiPort, useSsl, us eRegistryS sl, | |
474 | sslConfigF ileName, e nabledCiph erSuitesLi st, | |
475 | enabledPro tocolsList , sslNeedC lientAuth, | |
476 | useAuthent ication, l oginConfig Name, | |
477 | passwordFi leName, ac cessFileNa me, bindAd dress, jmx RmiFilter) ; | |
478 | cs = dat a.jmxConne ctorServer ; | |
479 | url = da ta.jmxRemo teURL; | |
480 | log.conf ig("startR emoteConne ctorServer ", | |
481 | Agent.getT ext("jmxre mote.Conne ctorBootst rap.ready" , | |
482 | url.toStri ng())); | |
483 | } catch (Exc eption e) { | |
484 | throw ne w AgentCon figuration Error(AGEN T_EXCEPTIO N, e, e.to String()); | |
485 | } | |
486 | tr y { | |
487 | // Expor t remote c onnector a ddress and associate d configur ation | |
488 | // prope rties to t he instrum entation b uffer. | |
489 | Map<Stri ng, String > properti es = new H ashMap<>() ; | |
490 | properti es.put("re moteAddres s", url.to String()); | |
491 | properti es.put("au thenticate ", useAuth entication Str); | |
492 | properti es.put("ss l", useSsl Str); | |
493 | properti es.put("ss lRegistry" , useRegis trySslStr) ; | |
494 | properti es.put("ss lNeedClien tAuth", ss lNeedClien tAuthStr); | |
495 | Connecto rAddressLi nk.exportR emote(prop erties); | |
496 | } catch (Exc eption e) { | |
497 | // Remot e connecto r server s tarted but unable to export re mote | |
498 | // conne ctor addre ss and ass ociated co nfiguratio n properti es to | |
499 | // the i nstrumenta tion buffe r - non-fa tal error. | |
500 | log.debu g("startRe moteConnec torServer" , e); | |
501 | } | |
502 | re turn cs; | |
503 | } | |
504 | ||
505 | /* | |
506 | * Cre ates and s tarts a RM I Connecto r Server f or "local" monitorin g | |
507 | * and managemen t. | |
508 | */ | |
509 | public static JM XConnector Server sta rtLocalCon nectorServ er() { | |
510 | // Ensure cr yptographi cally stro ng random number gen erater use d | |
511 | // to choose the objec t number - see java. rmi.server .ObjID | |
512 | Sy stem.setPr operty("ja va.rmi.ser ver.random IDs", "tru e"); | |
513 | ||
514 | // This RMI server sho uld not ke ep the VM alive | |
515 | Ma p<String, Object> en v = new Ha shMap<>(); | |
516 | en v.put(RMIE xporter.EX PORTER_ATT RIBUTE, ne w Permanen tExporter( )); | |
517 | en v.put(EnvH elp.CREDEN TIALS_FILT ER_PATTERN , String.c lass.getNa me() + ";! *"); | |
518 | ||
519 | // The local connector server ne ed only be available via the | |
520 | // loopback connection . | |
521 | St ring local host = "lo calhost"; | |
522 | In etAddress lh = null; | |
523 | tr y { | |
524 | lh = Ine tAddress.g etByName(l ocalhost); | |
525 | localhos t = lh.get HostAddres s(); | |
526 | } catch (Unk nownHostEx ception x) { | |
527 | } | |
528 | ||
529 | // localhost unknown o r (somehow ) didn't r esolve to | |
530 | // a loopbac k address. | |
531 | if (lh == nu ll || !lh. isLoopback Address()) { | |
532 | localhos t = "127.0 .0.1"; | |
533 | } | |
534 | ||
535 | MB eanServer mbs = Mana gementFact ory.getPla tformMBean Server(); | |
536 | tr y { | |
537 | JMXServi ceURL url = new JMXS erviceURL( "rmi", loc alhost, 0) ; | |
538 | // Do we accept co nnections from local interface s only? | |
539 | Properti es props = Agent.get Management Properties (); | |
540 | if (prop s == null ) { | |
541 | prop s = new Pr operties() ; | |
542 | } | |
543 | String u seLocalOnl yStr = pro ps.getProp erty( | |
544 | PropertyNa mes.USE_LO CAL_ONLY, DefaultVal ues.USE_LO CAL_ONLY); | |
545 | boolean useLocalOn ly = Boole an.valueOf (useLocalO nlyStr).bo oleanValue (); | |
546 | if (useL ocalOnly) { | |
547 | env. put(RMICon nectorServ er.RMI_SER VER_SOCKET _FACTORY_A TTRIBUTE, | |
548 | new Lo calRMIServ erSocketFa ctory()); | |
549 | } | |
550 | JMXConne ctorServer server = | |
551 | JMXConnect orServerFa ctory.newJ MXConnecto rServer(ur l, env, mb s); | |
552 | server.s tart(); | |
553 | return s erver; | |
554 | } catch (Exc eption e) { | |
555 | throw ne w AgentCon figuration Error(AGEN T_EXCEPTIO N, e, e.to String()); | |
556 | } | |
557 | } | |
558 | ||
559 | privat e static v oid checkP asswordFil e(String p asswordFil eName) { | |
560 | if (password FileName = = null || passwordFi leName.len gth() == 0 ) { | |
561 | throw ne w AgentCon figuration Error(PASS WORD_FILE_ NOT_SET); | |
562 | } | |
563 | Fi le file = new File(p asswordFil eName); | |
564 | if (!file.ex ists()) { | |
565 | throw ne w AgentCon figuration Error(PASS WORD_FILE_ NOT_FOUND, passwordF ileName); | |
566 | } | |
567 | ||
568 | if (!file.ca nRead()) { | |
569 | throw ne w AgentCon figuration Error(PASS WORD_FILE_ NOT_READAB LE, passwo rdFileName ); | |
570 | } | |
571 | ||
572 | Fi leSystem f s = FileSy stem.open( ); | |
573 | tr y { | |
574 | if (fs.s upportsFil eSecurity( file)) { | |
575 | if ( !fs.isAcce ssUserOnly (file)) { | |
576 | final Stri ng msg = A gent.getTe xt("jmxrem ote.Connec torBootstr ap.passwor d.readonly ", | |
577 | pa sswordFile Name); | |
578 | log.config ("startRem oteConnect orServer", msg); | |
579 | throw new AgentConfi gurationEr ror(PASSWO RD_FILE_AC CESS_NOT_R ESTRICTED, | |
580 | pa sswordFile Name); | |
581 | } | |
582 | } | |
583 | } catch (IOE xception e ) { | |
584 | throw ne w AgentCon figuration Error(PASS WORD_FILE_ READ_FAILE D, | |
585 | e, passwor dFileName) ; | |
586 | } | |
587 | } | |
588 | ||
589 | privat e static v oid checkA ccessFile( String acc essFileNam e) { | |
590 | if (accessFi leName == null || ac cessFileNa me.length( ) == 0) { | |
591 | throw ne w AgentCon figuration Error(ACCE SS_FILE_NO T_SET); | |
592 | } | |
593 | Fi le file = new File(a ccessFileN ame); | |
594 | if (!file.ex ists()) { | |
595 | throw ne w AgentCon figuration Error(ACCE SS_FILE_NO T_FOUND, a ccessFileN ame); | |
596 | } | |
597 | ||
598 | if (!file.ca nRead()) { | |
599 | throw ne w AgentCon figuration Error(ACCE SS_FILE_NO T_READABLE , accessFi leName); | |
600 | } | |
601 | } | |
602 | ||
603 | privat e static v oid checkR estrictedF ile(String restricte dFileName) { | |
604 | if (restrict edFileName == null | | restrict edFileName .length() == 0) { | |
605 | throw ne w AgentCon figuration Error(FILE _NOT_SET); | |
606 | } | |
607 | Fi le file = new File(r estrictedF ileName); | |
608 | if (!file.ex ists()) { | |
609 | throw ne w AgentCon figuration Error(FILE _NOT_FOUND , restrict edFileName ); | |
610 | } | |
611 | if (!file.ca nRead()) { | |
612 | throw ne w AgentCon figuration Error(FILE _NOT_READA BLE, restr ictedFileN ame); | |
613 | } | |
614 | Fi leSystem f s = FileSy stem.open( ); | |
615 | tr y { | |
616 | if (fs.s upportsFil eSecurity( file)) { | |
617 | if ( !fs.isAcce ssUserOnly (file)) { | |
618 | final Stri ng msg = A gent.getTe xt( | |
619 | "j mxremote.C onnectorBo otstrap.fi le.readonl y", | |
620 | re strictedFi leName); | |
621 | log.config ("startRem oteConnect orServer", msg); | |
622 | throw new AgentConfi gurationEr ror( | |
623 | FI LE_ACCESS_ NOT_RESTRI CTED, rest rictedFile Name); | |
624 | } | |
625 | } | |
626 | } catch (IOE xception e ) { | |
627 | throw ne w AgentCon figuration Error( | |
628 | FILE_READ_ FAILED, e, restricte dFileName) ; | |
629 | } | |
630 | } | |
631 | ||
632 | /** | |
633 | * Com pute the f ull path n ame for a default fi le. | |
634 | * @pa ram basena me basenam e (with ex tension) o f the defa ult file. | |
635 | * @re turn ${JRE }/lib/mana gement/${b asename} | |
636 | **/ | |
637 | privat e static S tring getD efaultFile Name(Strin g basename ) { | |
638 | fi nal String fileSepar ator = Fil e.separato r; | |
639 | re turn Syste m.getPrope rty("java. home") + f ileSeparat or + "lib" + | |
640 | file Separator + "managem ent" + fil eSeparator + | |
641 | base name; | |
642 | } | |
643 | ||
644 | privat e static S slRMIServe rSocketFac tory creat eSslRMISer verSocketF actory( | |
645 | String s slConfigFi leName, | |
646 | String[] enabledCi pherSuites , | |
647 | String[] enabledPr otocols, | |
648 | boolean sslNeedCli entAuth, | |
649 | String b indAddress ) { | |
650 | if (sslConfi gFileName == null) { | |
651 | return n ew HostAwa reSslSocke tFactory( | |
652 | enabledCip herSuites, | |
653 | enabledPro tocols, | |
654 | sslNeedCli entAuth, b indAddress ); | |
655 | } else { | |
656 | checkRes trictedFil e(sslConfi gFileName) ; | |
657 | try { | |
658 | // L oad the SS L keystore propertie s from the config fi le | |
659 | Prop erties p = new Prope rties(); | |
660 | try (InputStre am in = ne w FileInpu tStream(ss lConfigFil eName)) { | |
661 | BufferedIn putStream bin = new BufferedIn putStream( in); | |
662 | p.load(bin ); | |
663 | } | |
664 | Stri ng keyStor e = | |
665 | p.getP roperty("j avax.net.s sl.keyStor e"); | |
666 | Stri ng keyStor ePassword = | |
667 | p.getP roperty("j avax.net.s sl.keyStor ePassword" , ""); | |
668 | Stri ng trustSt ore = | |
669 | p.getP roperty("j avax.net.s sl.trustSt ore"); | |
670 | Stri ng trustSt orePasswor d = | |
671 | p.getP roperty("j avax.net.s sl.trustSt orePasswor d", ""); | |
672 | ||
673 | char [] keyStor ePasswd = null; | |
674 | if ( keyStorePa ssword.len gth() != 0 ) { | |
675 | keyStorePa sswd = key StorePassw ord.toChar Array(); | |
676 | } | |
677 | ||
678 | char [] trustSt orePasswd = null; | |
679 | if ( trustStore Password.l ength() != 0) { | |
680 | trustStore Passwd = t rustStoreP assword.to CharArray( ); | |
681 | } | |
682 | ||
683 | KeyS tore ks = null; | |
684 | if ( keyStore ! = null) { | |
685 | ks = KeySt ore.getIns tance(KeyS tore.getDe faultType( )); | |
686 | try (FileI nputStream ksfis = n ew FileInp utStream(k eyStore)) { | |
687 | ks.loa d(ksfis, k eyStorePas swd); | |
688 | } | |
689 | } | |
690 | KeyM anagerFact ory kmf = KeyManager Factory.ge tInstance( | |
691 | KeyMan agerFactor y.getDefau ltAlgorith m()); | |
692 | kmf. init(ks, k eyStorePas swd); | |
693 | ||
694 | KeyS tore ts = null; | |
695 | if ( trustStore != null) { | |
696 | ts = KeySt ore.getIns tance(KeyS tore.getDe faultType( )); | |
697 | try (FileI nputStream tsfis = n ew FileInp utStream(t rustStore) ) { | |
698 | ts.loa d(tsfis, t rustStoreP asswd); | |
699 | } | |
700 | } | |
701 | Trus tManagerFa ctory tmf = TrustMan agerFactor y.getInsta nce( | |
702 | TrustM anagerFact ory.getDef aultAlgori thm()); | |
703 | tmf. init(ts); | |
704 | ||
705 | SSLC ontext ctx = SSLCont ext.getIns tance("SSL "); | |
706 | ctx. init(kmf.g etKeyManag ers(), tmf .getTrustM anagers(), null); | |
707 | ||
708 | retu rn new Hos tAwareSslS ocketFacto ry( | |
709 | ctx, | |
710 | enable dCipherSui tes, | |
711 | enable dProtocols , | |
712 | sslNee dClientAut h, bindAdd ress); | |
713 | } catch (Exception e) { | |
714 | thro w new Agen tConfigura tionError( AGENT_EXCE PTION, e, e.toString ()); | |
715 | } | |
716 | } | |
717 | } | |
718 | ||
719 | privat e static J MXConnecto rServerDat a exportMB eanServer( | |
720 | MBeanSer ver mbs, | |
721 | int port , | |
722 | int rmiP ort, | |
723 | boolean useSsl, | |
724 | boolean useRegistr ySsl, | |
725 | String s slConfigFi leName, | |
726 | String[] enabledCi pherSuites , | |
727 | String[] enabledPr otocols, | |
728 | boolean sslNeedCli entAuth, | |
729 | boolean useAuthent ication, | |
730 | String l oginConfig Name, | |
731 | String p asswordFil eName, | |
732 | String a ccessFileN ame, | |
733 | String b indAddress , | |
734 | String j mxRmiFilte r) | |
735 | throws I OException , Malforme dURLExcept ion { | |
736 | ||
737 | /* Make sure we use no n-guessabl e RMI obje ct IDs. O therwise | |
738 | * attackers could hij ack open c onnections by guessi ng their | |
739 | * IDs. */ | |
740 | Sy stem.setPr operty("ja va.rmi.ser ver.random IDs", "tru e"); | |
741 | ||
742 | JM XServiceUR L url = ne w JMXServi ceURL("rmi ", bindAdd ress, rmiP ort); | |
743 | ||
744 | Ma p<String, Object> en v = new Ha shMap<>(); | |
745 | ||
746 | Pe rmanentExp orter expo rter = new Permanent Exporter() ; | |
747 | ||
748 | en v.put(RMIE xporter.EX PORTER_ATT RIBUTE, ex porter); | |
749 | en v.put(EnvH elp.CREDEN TIALS_FILT ER_PATTERN , String.c lass.getNa me() + ";! *"); | |
750 | ||
751 | if (jmxRmiFil ter != nul l && !jmxR miFilter.i sEmpty()) { | |
752 | env.put( EnvHelp.SE RIAL_FILTE R_PATTERN, jmxRmiFil ter); | |
753 | } | |
754 | ||
755 | bo olean useS ocketFacto ry = bindA ddress != null && !u seSsl; | |
756 | ||
757 | if (useAuthe ntication) { | |
758 | if (logi nConfigNam e != null) { | |
759 | env. put("jmx.r emote.x.lo gin.config ", loginCo nfigName); | |
760 | } | |
761 | if (pass wordFileNa me != null ) { | |
762 | env. put("jmx.r emote.x.pa ssword.fil e", passwo rdFileName ); | |
763 | } | |
764 | ||
765 | env.put( "jmx.remot e.x.access .file", ac cessFileNa me); | |
766 | ||
767 | if (env. get("jmx.r emote.x.pa ssword.fil e") != nul l || | |
768 | env.get("j mx.remote. x.login.co nfig") != null) { | |
769 | env. put(JMXCon nectorServ er.AUTHENT ICATOR, | |
770 | new Ac cessFileCh eckerAuthe nticator(e nv)); | |
771 | } | |
772 | } | |
773 | ||
774 | RM IClientSoc ketFactory csf = nul l; | |
775 | RM IServerSoc ketFactory ssf = nul l; | |
776 | ||
777 | if (useSsl | | useRegis trySsl) { | |
778 | csf = ne w SslRMICl ientSocket Factory(); | |
779 | ssf = cr eateSslRMI ServerSock etFactory( | |
780 | sslConfigF ileName, e nabledCiph erSuites, | |
781 | enabledPro tocols, ss lNeedClien tAuth, bin dAddress); | |
782 | } | |
783 | ||
784 | if (useSsl) { | |
785 | env.put( RMIConnect orServer.R MI_CLIENT_ SOCKET_FAC TORY_ATTRI BUTE, | |
786 | csf); | |
787 | env.put( RMIConnect orServer.R MI_SERVER_ SOCKET_FAC TORY_ATTRI BUTE, | |
788 | ssf); | |
789 | } | |
790 | ||
791 | if (useSocke tFactory) { | |
792 | ssf = ne w HostAwar eSocketFac tory(bindA ddress); | |
793 | env.put( RMIConnect orServer.R MI_SERVER_ SOCKET_FAC TORY_ATTRI BUTE, | |
794 | ssf); | |
795 | } | |
796 | ||
797 | JM XConnector Server con nServer = null; | |
798 | tr y { | |
799 | connServ er = | |
800 | JMXConnect orServerFa ctory.newJ MXConnecto rServer(ur l, env, mb s); | |
801 | connServ er.start() ; | |
802 | } catch (IOE xception e ) { | |
803 | if (conn Server == null || co nnServer.g etAddress( ) == null) { | |
804 | thro w new Agen tConfigura tionError( CONNECTOR_ SERVER_IO_ ERROR, | |
805 | e, url .toString( )); | |
806 | } else { | |
807 | thro w new Agen tConfigura tionError( CONNECTOR_ SERVER_IO_ ERROR, | |
808 | e, con nServer.ge tAddress() .toString( )); | |
809 | } | |
810 | } | |
811 | ||
812 | if (useRegis trySsl) { | |
813 | registry = | |
814 | new Single EntryRegis try(port, csf, ssf, | |
815 | "jmxrmi", exporter.f irstExport ed); | |
816 | } else if (u seSocketFa ctory) { | |
817 | registry = | |
818 | new Single EntryRegis try(port, csf, ssf, | |
819 | "jmxrmi", exporter.f irstExport ed); | |
820 | } else { | |
821 | registry = | |
822 | new Single EntryRegis try(port, | |
823 | "jmxrmi", exporter.f irstExport ed); | |
824 | } | |
825 | ||
826 | ||
827 | in t registry Port = | |
828 | ((Unicas tRef) ((Re moteObject ) registry ).getRef() ).getLiveR ef().getPo rt(); | |
829 | St ring jmxUr lStr = St ring.forma t("service :jmx:rmi:/ //jndi/rmi ://%s:%d/j mxrmi", | |
830 | url.get Host(), re gistryPort ); | |
831 | JM XServiceUR L remoteUR L = new JM XServiceUR L(jmxUrlSt r); | |
832 | ||
833 | /* Our expor ter rememb ers the fi rst object it was as ked to | |
834 | ex port, whic h will be an RMIServ erImpl app ropriate f or | |
835 | pu blication in our spe cial regis try. We c ould | |
836 | al ternativel y have con structed t he RMIServ erImpl exp licitly | |
837 | an d then con structed a n RMIConne ctorServer passing i t as a | |
838 | pa rameter, b ut that's quite a bi t more ver bose and p ulls in | |
839 | lo ts of know ledge of t he RMI con nector. * / | |
840 | ||
841 | re turn new J MXConnecto rServerDat a(connServ er, remote URL); | |
842 | } | |
843 | ||
844 | /** | |
845 | * Thi s class ca nnot be in stantiated . | |
846 | **/ | |
847 | privat e Connecto rBootstrap () { | |
848 | } | |
849 | ||
850 | privat e static f inal Class Logger log = | |
851 | ne w ClassLog ger(Connec torBootstr ap.class.g etPackage( ).getName( ), | |
852 | "Conne ctorBootst rap"); | |
853 | ||
854 | privat e static c lass HostA wareSocket Factory im plements R MIServerSo cketFactor y { | |
855 | ||
856 | pr ivate fina l String b indAddress ; | |
857 | ||
858 | pr ivate Host AwareSocke tFactory(S tring bind Address) { | |
859 | this.bi ndAddress = bindAddr ess; | |
860 | } | |
861 | ||
862 | @O verride | |
863 | pu blic Serve rSocket cr eateServer Socket(int port) thr ows IOExce ption { | |
864 | if (bind Address == null) { | |
865 | retu rn new Ser verSocket( port); | |
866 | } else { | |
867 | try { | |
868 | InetAddres s addr = I netAddress .getByName (bindAddre ss); | |
869 | return new ServerSoc ket(port, 0, addr); | |
870 | } ca tch (Unkno wnHostExce ption e) { | |
871 | return new ServerSoc ket(port); | |
872 | } | |
873 | } | |
874 | } | |
875 | } | |
876 | ||
877 | privat e static c lass HostA wareSslSoc ketFactory extends S slRMIServe rSocketFac tory { | |
878 | ||
879 | pr ivate fina l String b indAddress ; | |
880 | pr ivate fina l String[] enabledCi pherSuites ; | |
881 | pr ivate fina l String[] enabledPr otocols; | |
882 | pr ivate fina l boolean needClient Auth; | |
883 | pr ivate fina l SSLConte xt context ; | |
884 | ||
885 | pr ivate Host AwareSslSo cketFactor y(String[] enabledCi pherSuites , | |
886 | String[] enabledPr otocols, | |
887 | boolean sslNeedCli entAuth, | |
888 | String b indAddress ) throws I llegalArgu mentExcept ion { | |
889 | this(nul l, enabled CipherSuit es, enable dProtocols , sslNeedC lientAuth, bindAddre ss); | |
890 | } | |
891 | ||
892 | pr ivate Host AwareSslSo cketFactor y(SSLConte xt ctx, | |
893 | String[] enabledCi pherSuites , | |
894 | String[] enabledPr otocols, | |
895 | boolean sslNeedCli entAuth, | |
896 | String b indAddress ) throws I llegalArgu mentExcept ion { | |
897 | this.con text = ctx ; | |
898 | this.bin dAddress = bindAddre ss; | |
899 | this.ena bledProtoc ols = enab ledProtoco ls; | |
900 | this.ena bledCipher Suites = e nabledCiph erSuites; | |
901 | this.nee dClientAut h = sslNee dClientAut h; | |
902 | checkVal ues(ctx, e nabledCiph erSuites, enabledPro tocols); | |
903 | } | |
904 | ||
905 | @O verride | |
906 | pu blic Serve rSocket cr eateServer Socket(int port) thr ows IOExce ption { | |
907 | if (bind Address != null) { | |
908 | try { | |
909 | InetAddres s addr = I netAddress .getByName (bindAddre ss); | |
910 | return new SslServer Socket(por t, 0, addr , context, | |
911 | ena bledCipher Suites, en abledProto cols, need ClientAuth ); | |
912 | } ca tch (Unkno wnHostExce ption e) { | |
913 | return new SslServer Socket(por t, context , | |
914 | ena bledCipher Suites, en abledProto cols, need ClientAuth ); | |
915 | } | |
916 | } else { | |
917 | retu rn new Ssl ServerSock et(port, c ontext, | |
918 | enabled CipherSuit es, enable dProtocols , needClie ntAuth); | |
919 | } | |
920 | } | |
921 | ||
922 | pr ivate stat ic void ch eckValues( SSLContext context, | |
923 | String[] e nabledCiph erSuites, | |
924 | String[] e nabledProt ocols) thr ows Illega lArgumentE xception { | |
925 | // Force the initi alization of the def ault at co nstruction time, | |
926 | // rathe r than del aying it t o the firs t time cre ateServerS ocket() | |
927 | // is ca lled. | |
928 | // | |
929 | final SS LSocketFac tory sslSo cketFactor y = | |
930 | context == null ? | |
931 | (SSLSo cketFactor y)SSLSocke tFactory.g etDefault( ) : contex t.getSocke tFactory() ; | |
932 | SSLSocke t sslSocke t = null; | |
933 | if (enab ledCipherS uites != n ull || ena bledProtoc ols != nul l) { | |
934 | try { | |
935 | sslSocket = (SSLSock et) sslSoc ketFactory .createSoc ket(); | |
936 | } ca tch (Excep tion e) { | |
937 | final Stri ng msg = " Unable to check if t he cipher suites " + | |
938 | "a nd protoco ls to enab le are sup ported"; | |
939 | throw (Ill egalArgume ntExceptio n) | |
940 | new Illega lArgumentE xception(m sg).initCa use(e); | |
941 | } | |
942 | } | |
943 | ||
944 | // Check if all th e cipher s uites and protocol v ersions to enable | |
945 | // are s upported b y the unde rlying SSL /TLS imple mentation and if | |
946 | // true create lis ts from ar rays. | |
947 | // | |
948 | if (enab ledCipherS uites != n ull) { | |
949 | sslS ocket.setE nabledCiph erSuites(e nabledCiph erSuites); | |
950 | } | |
951 | if (enab ledProtoco ls != null ) { | |
952 | sslS ocket.setE nabledProt ocols(enab ledProtoco ls); | |
953 | } | |
954 | } | |
955 | } | |
956 | ||
957 | privat e static c lass SslSe rverSocket extends S erverSocke t { | |
958 | ||
959 | pr ivate stat ic SSLSock etFactory defaultSSL SocketFact ory; | |
960 | pr ivate fina l String[] enabledCi pherSuites ; | |
961 | pr ivate fina l String[] enabledPr otocols; | |
962 | pr ivate fina l boolean needClient Auth; | |
963 | pr ivate fina l SSLConte xt context ; | |
964 | ||
965 | pr ivate SslS erverSocke t(int port , | |
966 | SSLConte xt ctx, | |
967 | String[] enabledCi pherSuites , | |
968 | String[] enabledPr otocols, | |
969 | boolean needClient Auth) thro ws IOExcep tion { | |
970 | super(po rt); | |
971 | this.ena bledProtoc ols = enab ledProtoco ls; | |
972 | this.ena bledCipher Suites = e nabledCiph erSuites; | |
973 | this.nee dClientAut h = needCl ientAuth; | |
974 | this.con text = ctx ; | |
975 | } | |
976 | ||
977 | pr ivate SslS erverSocke t(int port , | |
978 | int back log, | |
979 | InetAddr ess bindAd dr, | |
980 | SSLConte xt ctx, | |
981 | String[] enabledCi pherSuites , | |
982 | String[] enabledPr otocols, | |
983 | boolean needClient Auth) thro ws IOExcep tion { | |
984 | super(po rt, backlo g, bindAdd r); | |
985 | this.ena bledProtoc ols = enab ledProtoco ls; | |
986 | this.ena bledCipher Suites = e nabledCiph erSuites; | |
987 | this.nee dClientAut h = needCl ientAuth; | |
988 | this.con text = ctx ; | |
989 | } | |
990 | ||
991 | @O verride | |
992 | pu blic Socke t accept() throws IO Exception { | |
993 | final SS LSocketFac tory sslSo cketFactor y = | |
994 | context == null ? | |
995 | getDef aultSSLSoc ketFactory () : conte xt.getSock etFactory( ); | |
996 | Socket s ocket = su per.accept (); | |
997 | SSLSocke t sslSocke t = (SSLSo cket) sslS ocketFacto ry.createS ocket( | |
998 | socket, so cket.getIn etAddress( ).getHostN ame(), | |
999 | socket.get Port(), tr ue); | |
1000 | sslSocke t.setUseCl ientMode(f alse); | |
1001 | if (enab ledCipherS uites != n ull) { | |
1002 | sslS ocket.setE nabledCiph erSuites(e nabledCiph erSuites); | |
1003 | } | |
1004 | if (enab ledProtoco ls != null ) { | |
1005 | sslS ocket.setE nabledProt ocols(enab ledProtoco ls); | |
1006 | } | |
1007 | sslSocke t.setNeedC lientAuth( needClient Auth); | |
1008 | return s slSocket; | |
1009 | } | |
1010 | ||
1011 | pr ivate stat ic synchro nized SSLS ocketFacto ry getDefa ultSSLSock etFactory( ) { | |
1012 | if (defa ultSSLSock etFactory == null) { | |
1013 | defa ultSSLSock etFactory = (SSLSock etFactory) SSLSocketF actory.get Default(); | |
1014 | retu rn default SSLSocketF actory; | |
1015 | } else { | |
1016 | retu rn default SSLSocketF actory; | |
1017 | } | |
1018 | } | |
1019 | ||
1020 | } | |
1021 | } |
Araxis Merge (but not the data content of this report) is Copyright © 1993-2016 Araxis Ltd (www.araxis.com). All rights reserved.