@Override
public String[] getEnableableProtocols(SSLContext context) {
String[] requestedProtocols = endpoint.getSslEnabledProtocolsArray();
if ((requestedProtocols == null) || (requestedProtocols.length == 0)) {
return defaultServerProtocols;
}
List<String> protocols = new ArrayList<String>(Arrays.asList(requestedProtocols));
protocols.retainAll(Arrays.asList(context.getSupportedSSLParameters().getProtocols()));
if (protocols.isEmpty()) {
log.warn(
sm.getString(
"jsse.requested_protocols_not_supported", Arrays.asList(requestedProtocols)));
}
if (log.isDebugEnabled()) {
log.debug(sm.getString("jsse.enableable_protocols", protocols));
if (protocols.size() != requestedProtocols.length) {
List<String> skipped = new ArrayList<String>(Arrays.asList(requestedProtocols));
skipped.removeAll(protocols);
log.debug(sm.getString("jsse.unsupported_protocols", skipped));
}
}
return protocols.toArray(new String[protocols.size()]);
}
@Override
public String[] getEnableableCiphers(SSLContext context) {
String requestedCiphersStr = endpoint.getCiphers();
if (ALLOW_ALL_SUPPORTED_CIPHERS.equals(requestedCiphersStr)) {
return context.getSupportedSSLParameters().getCipherSuites();
}
if ((requestedCiphersStr == null) || (requestedCiphersStr.trim().length() == 0)) {
return defaultServerCipherSuites;
}
List<String> requestedCiphers = new ArrayList<String>();
for (String rc : requestedCiphersStr.split(",")) {
final String cipher = rc.trim();
if (cipher.length() > 0) {
requestedCiphers.add(cipher);
}
}
if (requestedCiphers.isEmpty()) {
return defaultServerCipherSuites;
}
List<String> ciphers = new ArrayList<String>(requestedCiphers);
ciphers.retainAll(Arrays.asList(context.getSupportedSSLParameters().getCipherSuites()));
if (ciphers.isEmpty()) {
log.warn(sm.getString("jsse.requested_ciphers_not_supported", requestedCiphersStr));
}
if (log.isDebugEnabled()) {
log.debug(sm.getString("jsse.enableable_ciphers", ciphers));
if (ciphers.size() != requestedCiphers.size()) {
List<String> skipped = new ArrayList<String>(requestedCiphers);
skipped.removeAll(ciphers);
log.debug(sm.getString("jsse.unsupported_ciphers", skipped));
}
}
return ciphers.toArray(new String[ciphers.size()]);
}
protected void logSupportedParameters() {
if (LOGGED.compareAndSet(false, true)) {
try {
final SSLContext context = SSLContext.getDefault();
final String[] protocols = context.getSupportedSSLParameters().getProtocols();
final SSLSocketFactory factory = context.getSocketFactory();
final String[] cipherSuites = factory.getSupportedCipherSuites();
LOGGER.info("Supported protocols: {}", Arrays.toString(protocols));
LOGGER.info("Supported cipher suites: {}", Arrays.toString(cipherSuites));
} catch (NoSuchAlgorithmException ignored) {
}
}
}
@Override
public List<Attribute> getMonitorData() {
ArrayList<Attribute> attrs = new ArrayList<>(13);
attrs.add(createAttribute("javaVersion", System.getProperty("java.version")));
attrs.add(createAttribute("javaVendor", System.getProperty("java.vendor")));
attrs.add(createAttribute("jvmVersion", System.getProperty("java.vm.version")));
attrs.add(createAttribute("jvmVendor", System.getProperty("java.vm.vendor")));
attrs.add(createAttribute("javaHome", System.getProperty("java.home")));
attrs.add(createAttribute("classPath", System.getProperty("java.class.path")));
attrs.add(createAttribute("workingDirectory", System.getProperty("user.dir")));
String osInfo =
System.getProperty("os.name")
+ " "
+ System.getProperty("os.version")
+ " "
+ System.getProperty("os.arch");
attrs.add(createAttribute("operatingSystem", osInfo));
String sunOsArchDataModel = System.getProperty("sun.arch.data.model");
if (sunOsArchDataModel != null) {
String jvmArch = sunOsArchDataModel;
if (!sunOsArchDataModel.toLowerCase().equals("unknown")) {
jvmArch += "-bit";
}
attrs.add(createAttribute("jvmArchitecture", jvmArch));
} else {
attrs.add(createAttribute("jvmArchitecture", "unknown"));
}
try {
attrs.add(createAttribute("systemName", InetAddress.getLocalHost().getCanonicalHostName()));
} catch (Exception e) {
logger.traceException(e);
}
Runtime runtime = Runtime.getRuntime();
attrs.add(createAttribute("availableCPUs", runtime.availableProcessors()));
attrs.add(createAttribute("maxMemory", runtime.maxMemory()));
attrs.add(createAttribute("usedMemory", runtime.totalMemory()));
attrs.add(createAttribute("freeUsedMemory", runtime.freeMemory()));
String installPath = DirectoryServer.getServerRoot();
if (installPath != null) {
attrs.add(createAttribute("installPath", installPath));
}
String instancePath = DirectoryServer.getInstanceRoot();
if (instancePath != null) {
attrs.add(createAttribute("instancePath", instancePath));
}
// Get the JVM input arguments.
RuntimeMXBean rtBean = ManagementFactory.getRuntimeMXBean();
List<String> jvmArguments = rtBean.getInputArguments();
if (jvmArguments != null && !jvmArguments.isEmpty()) {
StringBuilder argList = new StringBuilder();
for (String jvmArg : jvmArguments) {
if (argList.length() > 0) {
argList.append(" ");
}
argList.append("\"");
argList.append(jvmArg);
argList.append("\"");
}
attrs.add(createAttribute("jvmArguments", argList.toString()));
}
// Get the list of supported SSL protocols and ciphers.
Collection<String> supportedTlsProtocols;
Collection<String> supportedTlsCiphers;
try {
final SSLContext context = SSLContext.getDefault();
final SSLParameters parameters = context.getSupportedSSLParameters();
supportedTlsProtocols = Arrays.asList(parameters.getProtocols());
supportedTlsCiphers = Arrays.asList(parameters.getCipherSuites());
} catch (Exception e) {
// A default SSL context should always be available.
supportedTlsProtocols = Collections.emptyList();
supportedTlsCiphers = Collections.emptyList();
}
addAttribute(attrs, ATTR_SUPPORTED_TLS_PROTOCOLS, supportedTlsProtocols);
addAttribute(attrs, ATTR_SUPPORTED_TLS_CIPHERS, supportedTlsCiphers);
return attrs;
}
